system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 10:48:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

pf: mark netlink commands as requiring NETINET_PF privileges

Browse source 
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2023-12-22 17:40:52 +01:00
parent d281fece43
commit e774c1ef27
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sys/netpfil/pf/pf_nl.c
View file

@ -30,6 +30,7 @@
#include <sys/param.h> #include <sys/param.h>
#include <sys/malloc.h> #include <sys/malloc.h>
#include <sys/mbuf.h> #include <sys/mbuf.h>
#include <sys/priv.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/ucred.h> #include <sys/ucred.h>
@ -712,36 +713,42 @@ static const struct genl_cmd pf_cmds[] = {
.cmd_name = "GETSTATES", .cmd_name = "GETSTATES",
.cmd_cb = pf_handle_getstates, .cmd_cb = pf_handle_getstates,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
.cmd_priv = PRIV_NETINET_PF,
}, },
{ {
.cmd_num = PFNL_CMD_GETCREATORS, .cmd_num = PFNL_CMD_GETCREATORS,
.cmd_name = "GETCREATORS", .cmd_name = "GETCREATORS",
.cmd_cb = pf_handle_getcreators, .cmd_cb = pf_handle_getcreators,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
.cmd_priv = PRIV_NETINET_PF,
}, },
{ {
.cmd_num = PFNL_CMD_START, .cmd_num = PFNL_CMD_START,
.cmd_name = "START", .cmd_name = "START",
.cmd_cb = pf_handle_start, .cmd_cb = pf_handle_start,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
.cmd_priv = PRIV_NETINET_PF,
}, },
{ {
.cmd_num = PFNL_CMD_STOP, .cmd_num = PFNL_CMD_STOP,
.cmd_name = "STOP", .cmd_name = "STOP",
.cmd_cb = pf_handle_stop, .cmd_cb = pf_handle_stop,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
.cmd_priv = PRIV_NETINET_PF,
}, },
{ {
.cmd_num = PFNL_CMD_ADDRULE, .cmd_num = PFNL_CMD_ADDRULE,
.cmd_name = "ADDRULE", .cmd_name = "ADDRULE",
.cmd_cb = pf_handle_addrule, .cmd_cb = pf_handle_addrule,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
.cmd_priv = PRIV_NETINET_PF,
}, },
{ {
.cmd_num = PFNL_CMD_GETRULES, .cmd_num = PFNL_CMD_GETRULES,
.cmd_name = "GETRULES", .cmd_name = "GETRULES",
.cmd_cb = pf_handle_getrules, .cmd_cb = pf_handle_getrules,
.cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
.cmd_priv = PRIV_NETINET_PF,
}, },
}; };