The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10
commit e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2023-12-22 16:40:52 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2023-12-22 16:43:30 +0000
pf: mark netlink commands as requiring NETINET_PF privileges
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_nl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 8fe12f3762b9..4cda42404400 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -30,6 +30,7 @@
#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/ucred.h>
@@ -712,36 +713,42 @@ static const struct genl_cmd pf_cmds[] = {
.cmd_name = "GETSTATES",
.cmd_cb = pf_handle_getstates,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP |
GENL_CMD_CAP_HASPOL,
+ .cmd_priv = PRIV_NETINET_PF,
},
{
.cmd_num = PFNL_CMD_GETCREATORS,
.cmd_name = "GETCREATORS",
.cmd_cb = pf_handle_getcreators,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP |
GENL_CMD_CAP_HASPOL,
+ .cmd_priv = PRIV_NETINET_PF,
},
{
.cmd_num = PFNL_CMD_START,
.cmd_name = "START",
.cmd_cb = pf_handle_start,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
+ .cmd_priv = PRIV_NETINET_PF,
},
{
.cmd_num = PFNL_CMD_STOP,
.cmd_name = "STOP",
.cmd_cb = pf_handle_stop,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
+ .cmd_priv = PRIV_NETINET_PF,
},
{
.cmd_num = PFNL_CMD_ADDRULE,
.cmd_name = "ADDRULE",
.cmd_cb = pf_handle_addrule,
.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP |
GENL_CMD_CAP_HASPOL,
+ .cmd_priv = PRIV_NETINET_PF,
},
{
.cmd_num = PFNL_CMD_GETRULES,
.cmd_name = "GETRULES",
.cmd_cb = pf_handle_getrules,
.cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
+ .cmd_priv = PRIV_NETINET_PF,
},
};
