Download raw body.
ifa_load() pfctl parser should adhere interface flags
On Sun, Nov 30, 2025 at 11:57:57AM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> ping. any objections here? any OKs?
OK claudio@
> thanks and
> regards
> sashan
>
> On Tue, Nov 25, 2025 at 09:24:53AM +0100, Alexandr Nedvedicky wrote:
> > Hello,
> >
> > the issue has been pointed by claudio@ off-list.
> >
> > the ifa_load9() function does not distinct between
> > broadcast address and peer address when it processes
> > interface item (`ifa`) obtained by getifaddrs(3) from
> > kernel.
> >
> > as I understand it the IFF_BROADCAST and IFF_POINTOPOINT
> > flags are mutually exclusive so ifa_load() should use
> > the address either as brodacst or as peer (when dealing
> > with ppp interface).
> >
> > the change makes code more correct. I could not spot
> > any change on pfctl behavior.
> >
> > this is interface list on machine where I test the change;
> </snip>
> >
> > --------8<---------------8<---------------8<------------------8<--------
> > diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
> > index 3a7cc6885b3..eb29edb900a 100644
> > --- a/sbin/pfctl/pfctl_parser.c
> > +++ b/sbin/pfctl/pfctl_parser.c
> > @@ -1459,13 +1459,14 @@ ifa_load(void)
> > copy_satopfaddr(&n->addr.v.a.addr, ifa->ifa_addr);
> > ifa->ifa_netmask->sa_family = ifa->ifa_addr->sa_family;
> > copy_satopfaddr(&n->addr.v.a.mask, ifa->ifa_netmask);
> > - if (ifa->ifa_broadaddr != NULL &&
> > + if (ifa->ifa_flags & IFF_BROADCAST &&
> > + ifa->ifa_broadaddr != NULL &&
> > ifa->ifa_broadaddr->sa_len != 0) {
> > ifa->ifa_broadaddr->sa_family =
> > ifa->ifa_addr->sa_family;
> > copy_satopfaddr(&n->bcast, ifa->ifa_broadaddr);
> > - }
> > - if (ifa->ifa_dstaddr != NULL &&
> > + } else if (ifa->ifa_flags & IFF_POINTOPOINT &&
> > + ifa->ifa_dstaddr != NULL &&
> > ifa->ifa_dstaddr->sa_len != 0) {
> > ifa->ifa_dstaddr->sa_family =
> > ifa->ifa_addr->sa_family;
> >
>
--
:wq Claudio
ifa_load() pfctl parser should adhere interface flags