svn commit: r270047 - stable/10/sbin/pfctl

Sat Aug 16 13:20:46 UTC 2014

Author: bz
Date: Sat Aug 16 13:20:44 2014
New Revision: 270047
URL: http://svnweb.freebsd.org/changeset/base/270047

Log:
  MFC r259916:
  
   Use feature_present(3) to determine whether to open an INET or an
   INET6 socket when needed to allow pfctl to work on noinet and noinet6
   kernels (and try to provide a fallback using AF_LINK as best effort).
   Adjust the Makefile to also respect relevant src.conf(5) options
   for compile time decisions on INET and INET6 support.
  
   Reviewed by:	glebius (no objections)

Modified:
  stable/10/sbin/pfctl/Makefile
  stable/10/sbin/pfctl/pfctl_altq.c
  stable/10/sbin/pfctl/pfctl_parser.c
  stable/10/sbin/pfctl/pfctl_parser.h
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sbin/pfctl/Makefile
==============================================================================

--- stable/10/sbin/pfctl/Makefile	Sat Aug 16 13:13:17 2014	(r270046)
+++ stable/10/sbin/pfctl/Makefile	Sat Aug 16 13:20:44 2014	(r270047)
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+.include <bsd.own.mk>
+
 # pf_ruleset.c is shared between kernel and pfctl
 .PATH: ${.CURDIR}/../../sys/netpfil/pf
 
@@ -16,6 +18,14 @@ CFLAGS+= -Wall -Wmissing-prototypes -Wno
 CFLAGS+= -Wstrict-prototypes
 CFLAGS+= -DENABLE_ALTQ -I${.CURDIR}
 
+# Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords
+.if ${MK_INET6_SUPPORT} != "no"
+CFLAGS+= -DWITH_INET6
+.endif
+.if ${MK_INET_SUPPORT} != "no"
+CFLAGS+= -DWITH_INET
+.endif
+
 YFLAGS=
 
 LDADD+=	-lm -lmd

Modified: stable/10/sbin/pfctl/pfctl_altq.c
==============================================================================
--- stable/10/sbin/pfctl/pfctl_altq.c	Sat Aug 16 13:13:17 2014	(r270046)
+++ stable/10/sbin/pfctl/pfctl_altq.c	Sat Aug 16 13:20:44 2014	(r270047)
@@ -1122,7 +1122,7 @@ getifspeed(char *ifname)
 	struct ifreq	ifr;
 	struct if_data	ifrdat;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0)
 		err(1, "socket");
 	bzero(&ifr, sizeof(ifr));
 	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=
@@ -1143,7 +1143,7 @@ getifmtu(char *ifname)
 	int		s;
 	struct ifreq	ifr;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0)
 		err(1, "socket");
 	bzero(&ifr, sizeof(ifr));
 	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=

Modified: stable/10/sbin/pfctl/pfctl_parser.c
==============================================================================
--- stable/10/sbin/pfctl/pfctl_parser.c	Sat Aug 16 13:13:17 2014	(r270046)
+++ stable/10/sbin/pfctl/pfctl_parser.c	Sat Aug 16 13:20:44 2014	(r270047)
@@ -1231,6 +1231,26 @@ ifa_load(void)
 	freeifaddrs(ifap);
 }
 
+int
+get_socket_domain(void)
+{
+	int sdom;
+
+	sdom = AF_UNSPEC;
+#ifdef WITH_INET6
+	if (sdom == AF_UNSPEC && feature_present("inet6"))
+		sdom = AF_INET6;
+#endif
+#ifdef WITH_INET
+	if (sdom == AF_UNSPEC && feature_present("inet"))
+		sdom = AF_INET;
+#endif
+	if (sdom == AF_UNSPEC)
+		sdom = AF_LINK;
+
+	return (sdom);
+}
+
 struct node_host *
 ifa_exists(const char *ifa_name)
 {
@@ -1242,7 +1262,7 @@ ifa_exists(const char *ifa_name)
 		ifa_load();
 
 	/* check wether this is a group */
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1)
 		err(1, "socket");
 	bzero(&ifgr, sizeof(ifgr));
 	strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name));
@@ -1273,7 +1293,7 @@ ifa_grouplookup(const char *ifa_name, in
 	int			 s, len;
 	struct node_host	*n, *h = NULL;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1)
 		err(1, "socket");
 	bzero(&ifgr, sizeof(ifgr));
 	strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name));

Modified: stable/10/sbin/pfctl/pfctl_parser.h
==============================================================================
--- stable/10/sbin/pfctl/pfctl_parser.h	Sat Aug 16 13:13:17 2014	(r270046)
+++ stable/10/sbin/pfctl/pfctl_parser.h	Sat Aug 16 13:20:44 2014	(r270047)
@@ -294,6 +294,7 @@ void			 set_ipmask(struct node_host *, u
 int			 check_netmask(struct node_host *, sa_family_t);
 int			 unmask(struct pf_addr *, sa_family_t);
 void			 ifa_load(void);
+int			 get_socket_domain(void);
 struct node_host	*ifa_exists(const char *);
 struct node_host	*ifa_lookup(const char *, int);
 struct node_host	*host(const char *);
