The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1e7665e36860af87cae24cbeb1a65a97ad9a0efb
commit 1e7665e36860af87cae24cbeb1a65a97ad9a0efb Author: Kristof Provost <[email protected]> AuthorDate: 2026-02-12 09:39:05 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2026-02-12 16:05:16 +0000 libpfctl: verify all parsers List all currently defined parsers in 'all_parsers', and pass them to SNL_VERIFY_PARSERS(). This will detect incorrect odering in parsers, which will help us detect otherwise subtle bugs. Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 52 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 4f4a7fe57002..9025b94249ce 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -69,12 +69,15 @@ const char* PFCTL_SYNCOOKIES_MODE_NAMES[] = { static int _pfctl_clear_states(int , const struct pfctl_kill *, unsigned int *, uint64_t); +static void _pfctl_verify_parsers(void); struct pfctl_handle * pfctl_open(const char *pf_device) { struct pfctl_handle *h; + _pfctl_verify_parsers(); + h = calloc(1, sizeof(struct pfctl_handle)); h->fd = open(pf_device, O_RDWR); @@ -397,10 +400,6 @@ static const struct snl_attr_parser ap_getstatus[] = { SNL_DECLARE_PARSER(getstatus_parser, struct genlmsghdr, snl_f_p_empty, ap_getstatus); #undef _OUT -static const struct snl_hdr_parser *stat_parser[] = { - &getstatus_parser, -}; - struct pfctl_status * pfctl_get_status_h(struct pfctl_handle *h) { @@ -411,8 +410,6 @@ pfctl_get_status_h(struct pfctl_handle *h) uint32_t seq_id; int family_id; - SNL_VERIFY_PARSERS(stat_parser); - family_id = snl_get_genl_family(&h->ss, PFNL_FAMILY_NAME); if (family_id == 0) return (NULL); @@ -1971,15 +1968,9 @@ static struct snl_attr_parser ap_state[] = { #undef _OUT SNL_DECLARE_PARSER(state_parser, struct genlmsghdr, snl_f_p_empty, ap_state); -static const struct snl_hdr_parser *all_parsers[] = { - &state_parser, &skey_parser, &speer_parser, - &creator_parser, &getrules_parser -}; - int pfctl_get_states_h(struct pfctl_handle *h, struct pfctl_state_filter *filter, pfctl_get_state_fn f, void *arg) { - SNL_VERIFY_PARSERS(all_parsers); int family_id = snl_get_genl_family(&h->ss, PFNL_FAMILY_NAME); int ret; @@ -4239,3 +4230,40 @@ pfctl_source_clear(struct pfctl_handle *h, struct pfctl_source_clear *kill) return (e.error); } +static const struct snl_hdr_parser *all_parsers[] = { + &begin_addrs_parser, + &clear_states_parser, + &clr_addrs_parser, + &creator_parser, + &get_addr_parser, + &get_addrs_parser, + &get_limit_parser, + &get_timeout_parser, + &getrule_parser, + &getrules_parser, + &getstatus_parser, + &nadd_parser, + &natlook_parser, + &ndel_parser, + &ruleset_parser, + &skey_parser, + &source_parser, + &sourcelim_parser, + &speer_parser, + &srcnode_parser, + &state_parser, + &statelim_parser, + &table_add_addr_parser, + &table_astats_parser, + &table_del_addr_parser, + &table_get_addr_parser, + &table_set_addr_parser, + &tstats_clr_parser, + &tstats_parser, +}; + +static void +_pfctl_verify_parsers(void) +{ + SNL_VERIFY_PARSERS(all_parsers); +}
