svn commit: r346370 - head/sbin/pfctl

[Kristof Provost]

Author: kp
Date: Fri Apr 19 10:52:54 2019
New Revision: 346370
URL: https://svnweb.freebsd.org/changeset/base/346370

Log:
  pfctl: Fix ifgroup check
  
  We cannot just assume that any name which ends with a letter is a group
  That's not been true since we allowed renaming of network interfaces. It's also
  not true for things like epair0a.
  
  Try to retrieve the group members for the name to check, since we'll get ENOENT
  if the group doesn't exist.
  
  MFC after:	1 week
  Event:		Aberdeen hackathon 2019

Modified:
  head/sbin/pfctl/pfctl_optimize.c

Modified: head/sbin/pfctl/pfctl_optimize.c
==============================================================================
--- head/sbin/pfctl/pfctl_optimize.c	Fri Apr 19 06:49:46 2019	(r346369)
+++ head/sbin/pfctl/pfctl_optimize.c	Fri Apr 19 10:52:54 2019	(r346370)
@@ -1500,14 +1500,24 @@ superblock_inclusive(struct superblock *block, struct 
 int
 interface_group(const char *ifname)
 {
+	int			s;
+	struct ifgroupreq	ifgr;
+
 	if (ifname == NULL || !ifname[0])
 		return (0);
 
-	/* Real interfaces must end in a number, interface groups do not */
-	if (isdigit(ifname[strlen(ifname) - 1]))
-		return (0);
-	else
-		return (1);
+	s = get_query_socket();
+
+	memset(&ifgr, 0, sizeof(ifgr));
+	strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ);
+	if (ioctl(s, SIOCGIFGMEMB, (caddr_t)&ifgr) == -1) {
+		if (errno == ENOENT)
+			return (0);
+		else
+			err(1, "SIOCGIFGMEMB");
+	}
+
+	return (1);
 }