The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b84666f798e872efd356c5743640e3683ab82f9d
commit b84666f798e872efd356c5743640e3683ab82f9d Author: Kristof Provost <[email protected]> AuthorDate: 2025-08-28 16:49:06 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2025-09-25 12:41:11 +0000 pf: export expiration time as time_t time_t has a different size on different platforms (i.e. 32-bit on i386, 64-bit on others). Rather than always exporting it as 64-bits use the platform-native size. This means we can safely write directly into a time_t variable, which we can't do on i386 eif we export 64 bits. Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 2 +- sys/netlink/netlink_message_writer.h | 6 ++++++ sys/netlink/netlink_snl.h | 11 +++++++++++ sys/netpfil/pf/pf_nl.c | 2 +- sys/netpfil/pf/pf_nl.h | 2 +- 5 files changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index e38469643571..4b579de38ad0 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1699,7 +1699,7 @@ static struct snl_attr_parser ap_getrule[] = { { .type = PF_RT_MAX_PKT_SIZE, .off =_OUT(r.max_pkt_size), .cb = snl_attr_get_uint16 }, { .type = PF_RT_TYPE_2, .off = _OUT(r.type), .cb = snl_attr_get_uint16 }, { .type = PF_RT_CODE_2, .off = _OUT(r.code), .cb = snl_attr_get_uint16 }, - { .type = PF_RT_EXPTIME, .off = _OUT(r.exptime), .cb = snl_attr_get_uint64 }, + { .type = PF_RT_EXPTIME, .off = _OUT(r.exptime), .cb = snl_attr_get_time_t }, }; #undef _OUT SNL_DECLARE_PARSER(getrule_parser, struct genlmsghdr, snl_f_p_empty, ap_getrule); diff --git a/sys/netlink/netlink_message_writer.h b/sys/netlink/netlink_message_writer.h index 83f925e8d93d..ad2099a4d636 100644 --- a/sys/netlink/netlink_message_writer.h +++ b/sys/netlink/netlink_message_writer.h @@ -283,6 +283,12 @@ nlattr_add_s64(struct nl_writer *nw, uint16_t attrtype, int64_t value) return (nlattr_add(nw, attrtype, sizeof(int64_t), &value)); } +static inline bool +nlattr_add_time_t(struct nl_writer *nw, uint16_t attrtype, time_t value) +{ + return (nlattr_add(nw, attrtype, sizeof(time_t), &value)); +} + static inline bool nlattr_add_flag(struct nl_writer *nw, uint16_t attrtype) { diff --git a/sys/netlink/netlink_snl.h b/sys/netlink/netlink_snl.h index 586716776bc5..6dd8a9cbdb35 100644 --- a/sys/netlink/netlink_snl.h +++ b/sys/netlink/netlink_snl.h @@ -630,6 +630,17 @@ snl_attr_get_int64(struct snl_state *ss, struct nlattr *nla, const void *arg, return (snl_attr_get_uint64(ss, nla, arg, target)); } +static inline bool +snl_attr_get_time_t(struct snl_state *ss __unused, struct nlattr *nla, + const void *arg __unused, void *target) +{ + if (NLA_DATA_LEN(nla) == sizeof(time_t)) { + memcpy(target, NLA_DATA_CONST(nla), sizeof(time_t)); + return (true); + } + return (false); +} + static inline bool snl_attr_get_string(struct snl_state *ss __unused, struct nlattr *nla, const void *arg __unused, void *target) diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index ff3edd43e3a5..082b9b565153 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -1025,7 +1025,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt) nlattr_add_u64(nw, PF_RT_SRC_NODES_NAT, counter_u64_fetch(rule->src_nodes[PF_SN_NAT])); nlattr_add_u64(nw, PF_RT_SRC_NODES_ROUTE, counter_u64_fetch(rule->src_nodes[PF_SN_ROUTE])); nlattr_add_pf_threshold(nw, PF_RT_PKTRATE, &rule->pktrate); - nlattr_add_u64(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime)); + nlattr_add_time_t(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime)); error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call)); MPASS(error == 0); diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h index 38891339450e..c46c8f2b2592 100644 --- a/sys/netpfil/pf/pf_nl.h +++ b/sys/netpfil/pf/pf_nl.h @@ -285,7 +285,7 @@ enum pf_rule_type_t { PF_RT_MAX_PKT_SIZE = 83, /* u16 */ PF_RT_TYPE_2 = 84, /* u16 */ PF_RT_CODE_2 = 85, /* u16 */ - PF_RT_EXPTIME = 86, /* u64 */ + PF_RT_EXPTIME = 86, /* time_t */ }; enum pf_addrule_type_t {
