CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2018/07/11 12:06:25
Modified files:
sbin/pfctl : parse.y
Log message:
Prevent invalid interface specifiers on queue rules
pf.conf(5) states that queues attach to actual interfaces only, yet the
following parses:
# echo queue eq on egress bandwidth 1G default | pfctl -f-
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
# echo queue rq on rdomain 0 bandwidth 1G default | pfctl -vf-
queue rq bandwidth 1G default
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
On rdomains, ifa_exists() returns NULL.
On interface groups, ifa_exists() returns non-NULL but af is never set
to AF_LINK.
OK henning sashan
