diff options
| author |   sthen <sthen@openbsd.org> | 2011-05-20 22:50:44 +0000 |
|---|---|---|
| committer | sthen <sthen@openbsd.org> | 2011-05-20 22:50:44 +0000 |
| commit | 02794fcc905fd6be5e08682fccbd280f19ea7f9c (patch) | |
| tree | f3386834c7b0c0523d1d9c648241bdc8e1a98969 /sys/net/pf_if.c | |
| parent | save errno dance in wrterror() and malloc_dump(); prompted by and ok deraadt@ (diff) | |
| download | wireguard-openbsd-02794fcc905fd6be5e08682fccbd280f19ea7f9c.tar.xz wireguard-openbsd-02794fcc905fd6be5e08682fccbd280f19ea7f9c.zip | |
Change 'set skip on <...>' to work with interface groups.
Feedback from various people, ok henning@
Previously if an interface type (without number), e.g. "set skip on vlan"
or "set skip on em" was used, it would have the undocumented behaviour of
matching any interface of that type.
Now it will only match an interface which is a member of the named group.
This results in some changed behaviour:
If you currently use "set skip" with a physical interface type (e.g.
"set skip on ix") you will need to add the interface to a group of that
name: 'ifconfig ix0 group ix' or add 'group ix' to hostname.ix0.
Interfaces cloned at runtime (e.g. lo, trunk, vlan, pppoe, carp, gif,
mpe and others) default to being in a group named after the interface type,
so for these interfaces there will be no change in behaviour unless you
have deliberately changed groups, e.g. 'ifconfig carp456 -group carp'.
Diffstat (limited to 'sys/net/pf_if.c')
| -rw-r--r-- | sys/net/pf_if.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index b96ba8d1150..a46302557ed 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.61 2010/06/28 23:21:41 mcbride Exp $ */ +/* $OpenBSD: pf_if.c,v 1.62 2011/05/20 22:50:44 sthen Exp $ */ /* * Copyright 2005 Henning Brauer <henning@openbsd.org> @@ -714,7 +714,8 @@ pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size) int pfi_skip_if(const char *filter, struct pfi_kif *p) { - int n; + struct ifg_list *i; + int n; if (filter == NULL || !*filter) return (0); @@ -724,10 +725,12 @@ pfi_skip_if(const char *filter, struct pfi_kif *p) if (n < 1 || n >= IFNAMSIZ) return (1); /* sanity check */ if (filter[n-1] >= '0' && filter[n-1] <= '9') - return (1); /* only do exact match in that case */ - if (strncmp(p->pfik_name, filter, n)) - return (1); /* prefix doesn't match */ - return (p->pfik_name[n] < '0' || p->pfik_name[n] > '9'); + return (1); /* group names may not end in a digit */ + if (p->pfik_ifp != NULL) + TAILQ_FOREACH(i, &p->pfik_ifp->if_groups, ifgl_next) + if (!strncmp(i->ifgl_group->ifg_group, filter, n)) + return (0); /* iface is in group "filter" */ + return (1); } int |