diff options
author | bz <bz@FreeBSD.org> | 2014-08-16 13:20:44 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2014-08-16 13:20:44 +0000 |
commit | f57b2f8c40a02efd21fa3715c5a67d2d20ee6025 (patch) | |
tree | 1aa51c1ccae4bbadb85f212b4553618e08047ded /sbin/pfctl | |
parent | 7aec0e65a0caaa4a6c2bcdd958f1186e716dd80b (diff) | |
download | FreeBSD-src-f57b2f8c40a02efd21fa3715c5a67d2d20ee6025.zip FreeBSD-src-f57b2f8c40a02efd21fa3715c5a67d2d20ee6025.tar.gz |
MFC r259916:
Use feature_present(3) to determine whether to open an INET or an
INET6 socket when needed to allow pfctl to work on noinet and noinet6
kernels (and try to provide a fallback using AF_LINK as best effort).
Adjust the Makefile to also respect relevant src.conf(5) options
for compile time decisions on INET and INET6 support.
Reviewed by: glebius (no objections)
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/Makefile | 10 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_altq.c | 4 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 24 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.h | 1 |
4 files changed, 35 insertions, 4 deletions
diff --git a/sbin/pfctl/Makefile b/sbin/pfctl/Makefile index 26c2258..5b3735c 100644 --- a/sbin/pfctl/Makefile +++ b/sbin/pfctl/Makefile @@ -1,5 +1,7 @@ # $FreeBSD$ +.include <bsd.own.mk> + # pf_ruleset.c is shared between kernel and pfctl .PATH: ${.CURDIR}/../../sys/netpfil/pf @@ -16,6 +18,14 @@ CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized CFLAGS+= -Wstrict-prototypes CFLAGS+= -DENABLE_ALTQ -I${.CURDIR} +# Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords +.if ${MK_INET6_SUPPORT} != "no" +CFLAGS+= -DWITH_INET6 +.endif +.if ${MK_INET_SUPPORT} != "no" +CFLAGS+= -DWITH_INET +.endif + YFLAGS= LDADD+= -lm -lmd diff --git a/sbin/pfctl/pfctl_altq.c b/sbin/pfctl/pfctl_altq.c index 40e11d5..ae566f8 100644 --- a/sbin/pfctl/pfctl_altq.c +++ b/sbin/pfctl/pfctl_altq.c @@ -1122,7 +1122,7 @@ getifspeed(char *ifname) struct ifreq ifr; struct if_data ifrdat; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0) err(1, "socket"); bzero(&ifr, sizeof(ifr)); if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >= @@ -1143,7 +1143,7 @@ getifmtu(char *ifname) int s; struct ifreq ifr; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0) err(1, "socket"); bzero(&ifr, sizeof(ifr)); if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >= diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index f248995..1f4375a 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1231,6 +1231,26 @@ ifa_load(void) freeifaddrs(ifap); } +int +get_socket_domain(void) +{ + int sdom; + + sdom = AF_UNSPEC; +#ifdef WITH_INET6 + if (sdom == AF_UNSPEC && feature_present("inet6")) + sdom = AF_INET6; +#endif +#ifdef WITH_INET + if (sdom == AF_UNSPEC && feature_present("inet")) + sdom = AF_INET; +#endif + if (sdom == AF_UNSPEC) + sdom = AF_LINK; + + return (sdom); +} + struct node_host * ifa_exists(const char *ifa_name) { @@ -1242,7 +1262,7 @@ ifa_exists(const char *ifa_name) ifa_load(); /* check wether this is a group */ - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1) err(1, "socket"); bzero(&ifgr, sizeof(ifgr)); strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name)); @@ -1273,7 +1293,7 @@ ifa_grouplookup(const char *ifa_name, int flags) int s, len; struct node_host *n, *h = NULL; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1) err(1, "socket"); bzero(&ifgr, sizeof(ifgr)); strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name)); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 4560d66..5c909e9 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -294,6 +294,7 @@ void set_ipmask(struct node_host *, u_int8_t); int check_netmask(struct node_host *, sa_family_t); int unmask(struct pf_addr *, sa_family_t); void ifa_load(void); +int get_socket_domain(void); struct node_host *ifa_exists(const char *); struct node_host *ifa_lookup(const char *, int); struct node_host *host(const char *); |