svn commit: r259916 - head/sbin/pfctl

Thu Dec 26 15:51:15 UTC 2013

Author: bz
Date: Thu Dec 26 15:51:14 2013
New Revision: 259916
URL: http://svnweb.freebsd.org/changeset/base/259916

Log:
  Use feature_present(3) to determine whether to open an INET or an
  INET6 socket when needed to allow pfctl to work on noinet and noinet6
  kernels (and try to provide a fallback using AF_LINK as best effort).
  Adjust the Makefile to also respect relevant src.conf(5) options
  for compile time decisions on INET and INET6 support.
  
  Reviewed by:	glebius (no objections)
  MFC after:	1 week

Modified:
  head/sbin/pfctl/Makefile
  head/sbin/pfctl/pfctl_altq.c
  head/sbin/pfctl/pfctl_parser.c
  head/sbin/pfctl/pfctl_parser.h

Modified: head/sbin/pfctl/Makefile
==============================================================================

--- head/sbin/pfctl/Makefile	Thu Dec 26 14:25:37 2013	(r259915)
+++ head/sbin/pfctl/Makefile	Thu Dec 26 15:51:14 2013	(r259916)
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+.include <bsd.own.mk>
+
 # pf_ruleset.c is shared between kernel and pfctl
 .PATH: ${.CURDIR}/../../sys/netpfil/pf
 
@@ -16,6 +18,14 @@ CFLAGS+= -Wall -Wmissing-prototypes -Wno
 CFLAGS+= -Wstrict-prototypes
 CFLAGS+= -DENABLE_ALTQ -I${.CURDIR}
 
+# Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords
+.if ${MK_INET6_SUPPORT} != "no"
+CFLAGS+= -DWITH_INET6
+.endif
+.if ${MK_INET_SUPPORT} != "no"
+CFLAGS+= -DWITH_INET
+.endif
+
 YFLAGS=
 
 LDADD+=	-lm -lmd

Modified: head/sbin/pfctl/pfctl_altq.c
==============================================================================
--- head/sbin/pfctl/pfctl_altq.c	Thu Dec 26 14:25:37 2013	(r259915)
+++ head/sbin/pfctl/pfctl_altq.c	Thu Dec 26 15:51:14 2013	(r259916)
@@ -1122,7 +1122,7 @@ getifspeed(char *ifname)
 	struct ifreq	ifr;
 	struct if_data	ifrdat;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0)
 		err(1, "socket");
 	bzero(&ifr, sizeof(ifr));
 	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=
@@ -1143,7 +1143,7 @@ getifmtu(char *ifname)
 	int		s;
 	struct ifreq	ifr;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0)
 		err(1, "socket");
 	bzero(&ifr, sizeof(ifr));
 	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=

Modified: head/sbin/pfctl/pfctl_parser.c
==============================================================================
--- head/sbin/pfctl/pfctl_parser.c	Thu Dec 26 14:25:37 2013	(r259915)
+++ head/sbin/pfctl/pfctl_parser.c	Thu Dec 26 15:51:14 2013	(r259916)
@@ -1231,6 +1231,26 @@ ifa_load(void)
 	freeifaddrs(ifap);
 }
 
+int
+get_socket_domain(void)
+{
+	int sdom;
+
+	sdom = AF_UNSPEC;
+#ifdef WITH_INET6
+	if (sdom == AF_UNSPEC && feature_present("inet6"))
+		sdom = AF_INET6;
+#endif
+#ifdef WITH_INET
+	if (sdom == AF_UNSPEC && feature_present("inet"))
+		sdom = AF_INET;
+#endif
+	if (sdom == AF_UNSPEC)
+		sdom = AF_LINK;
+
+	return (sdom);
+}
+
 struct node_host *
 ifa_exists(const char *ifa_name)
 {
@@ -1242,7 +1262,7 @@ ifa_exists(const char *ifa_name)
 		ifa_load();
 
 	/* check wether this is a group */
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1)
 		err(1, "socket");
 	bzero(&ifgr, sizeof(ifgr));
 	strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name));
@@ -1273,7 +1293,7 @@ ifa_grouplookup(const char *ifa_name, in
 	int			 s, len;
 	struct node_host	*n, *h = NULL;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1)
 		err(1, "socket");
 	bzero(&ifgr, sizeof(ifgr));
 	strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name));

Modified: head/sbin/pfctl/pfctl_parser.h
==============================================================================
--- head/sbin/pfctl/pfctl_parser.h	Thu Dec 26 14:25:37 2013	(r259915)
+++ head/sbin/pfctl/pfctl_parser.h	Thu Dec 26 15:51:14 2013	(r259916)
@@ -294,6 +294,7 @@ void			 set_ipmask(struct node_host *, u
 int			 check_netmask(struct node_host *, sa_family_t);
 int			 unmask(struct pf_addr *, sa_family_t);
 void			 ifa_load(void);
+int			 get_socket_domain(void);
 struct node_host	*ifa_exists(const char *);
 struct node_host	*ifa_lookup(const char *, int);
 struct node_host	*host(const char *);
