svn commit: r346746 - stable/12/sbin/pfctl

[Kristof Provost]

Author: kp
Date: Fri Apr 26 14:15:58 2019
New Revision: 346746
URL: https://svnweb.freebsd.org/changeset/base/346746

Log:
  MFC r346370:
  
  pfctl: Fix ifgroup check
  
  We cannot just assume that any name which ends with a letter is a group
  That's not been true since we allowed renaming of network interfaces. It's also
  not true for things like epair0a.
  
  Try to retrieve the group members for the name to check, since we'll get ENOENT
  if the group doesn't exist.

Modified:
  stable/12/sbin/pfctl/pfctl_optimize.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sbin/pfctl/pfctl_optimize.c
==============================================================================
--- stable/12/sbin/pfctl/pfctl_optimize.c	Fri Apr 26 13:49:06 2019	(r346745)
+++ stable/12/sbin/pfctl/pfctl_optimize.c	Fri Apr 26 14:15:58 2019	(r346746)
@@ -1500,14 +1500,24 @@ superblock_inclusive(struct superblock *block, struct 
 int
 interface_group(const char *ifname)
 {
+	int			s;
+	struct ifgroupreq	ifgr;
+
 	if (ifname == NULL || !ifname[0])
 		return (0);
 
-	/* Real interfaces must end in a number, interface groups do not */
-	if (isdigit(ifname[strlen(ifname) - 1]))
-		return (0);
-	else
-		return (1);
+	s = get_query_socket();
+
+	memset(&ifgr, 0, sizeof(ifgr));
+	strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ);
+	if (ioctl(s, SIOCGIFGMEMB, (caddr_t)&ifgr) == -1) {
+		if (errno == ENOENT)
+			return (0);
+		else
+			err(1, "SIOCGIFGMEMB");
+	}
+
+	return (1);
 }