mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
pf: mark netlink commands as requiring NETINET_PF privileges
Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
parent
d281fece43
commit
e774c1ef27
|
@ -30,6 +30,7 @@
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <sys/malloc.h>
|
#include <sys/malloc.h>
|
||||||
#include <sys/mbuf.h>
|
#include <sys/mbuf.h>
|
||||||
|
#include <sys/priv.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <sys/ucred.h>
|
#include <sys/ucred.h>
|
||||||
|
|
||||||
|
@ -712,36 +713,42 @@ static const struct genl_cmd pf_cmds[] = {
|
||||||
.cmd_name = "GETSTATES",
|
.cmd_name = "GETSTATES",
|
||||||
.cmd_cb = pf_handle_getstates,
|
.cmd_cb = pf_handle_getstates,
|
||||||
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
||||||
|
.cmd_priv = PRIV_NETINET_PF,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = PFNL_CMD_GETCREATORS,
|
.cmd_num = PFNL_CMD_GETCREATORS,
|
||||||
.cmd_name = "GETCREATORS",
|
.cmd_name = "GETCREATORS",
|
||||||
.cmd_cb = pf_handle_getcreators,
|
.cmd_cb = pf_handle_getcreators,
|
||||||
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
||||||
|
.cmd_priv = PRIV_NETINET_PF,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = PFNL_CMD_START,
|
.cmd_num = PFNL_CMD_START,
|
||||||
.cmd_name = "START",
|
.cmd_name = "START",
|
||||||
.cmd_cb = pf_handle_start,
|
.cmd_cb = pf_handle_start,
|
||||||
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
|
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
|
||||||
|
.cmd_priv = PRIV_NETINET_PF,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = PFNL_CMD_STOP,
|
.cmd_num = PFNL_CMD_STOP,
|
||||||
.cmd_name = "STOP",
|
.cmd_name = "STOP",
|
||||||
.cmd_cb = pf_handle_stop,
|
.cmd_cb = pf_handle_stop,
|
||||||
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
|
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
|
||||||
|
.cmd_priv = PRIV_NETINET_PF,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = PFNL_CMD_ADDRULE,
|
.cmd_num = PFNL_CMD_ADDRULE,
|
||||||
.cmd_name = "ADDRULE",
|
.cmd_name = "ADDRULE",
|
||||||
.cmd_cb = pf_handle_addrule,
|
.cmd_cb = pf_handle_addrule,
|
||||||
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
||||||
|
.cmd_priv = PRIV_NETINET_PF,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.cmd_num = PFNL_CMD_GETRULES,
|
.cmd_num = PFNL_CMD_GETRULES,
|
||||||
.cmd_name = "GETRULES",
|
.cmd_name = "GETRULES",
|
||||||
.cmd_cb = pf_handle_getrules,
|
.cmd_cb = pf_handle_getrules,
|
||||||
.cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
.cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
|
||||||
|
.cmd_priv = PRIV_NETINET_PF,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue