git: cface4d97af3 - main - pf: Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX.

Wed, 09 Jul 2025 01:59:19 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=cface4d97af3a84b7c4caa1ccd9090afcafe4a66

commit cface4d97af3a84b7c4caa1ccd9090afcafe4a66
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-03 09:26:37 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-09 08:57:48 +0000

    pf: Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX.
    
    This is clearer and more consistent with the rest of the kernel.
    OK deraadt@ sashan@
    
    Obtained from:  OpenBSD, millert <mill...@openbsd.org>, d04cdf616e
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/if_pflog.c | 2 +-
 sys/netpfil/pf/pf.c       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 6a87ea2471cb..0a84f9d680ac 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -289,7 +289,7 @@ pflog_packet(uint8_t action, u_int8_t reason,
        if (pd->lookup.done > 0)
                hdr.uid = pd->lookup.uid;
        else
-               hdr.uid = UID_MAX;
+               hdr.uid = -1;
        hdr.pid = NO_PID;
        hdr.rule_uid = rm->cuid;
        hdr.rule_pid = rm->cpid;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 127b29320acb..d5f01e5c4956 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4579,7 +4579,7 @@ pf_match_port(u_int8_t op, u_int16_t a1, u_int16_t a2, 
u_int16_t p)
 static int
 pf_match_uid(u_int8_t op, uid_t a1, uid_t a2, uid_t u)
 {
-       if (u == UID_MAX && op != PF_OP_EQ && op != PF_OP_NE)
+       if (u == -1 && op != PF_OP_EQ && op != PF_OP_NE)
                return (0);
        return (pf_match(op, a1, a2, u));
 }
@@ -4587,7 +4587,7 @@ pf_match_uid(u_int8_t op, uid_t a1, uid_t a2, uid_t u)
 static int
 pf_match_gid(u_int8_t op, gid_t a1, gid_t a2, gid_t g)
 {
-       if (g == GID_MAX && op != PF_OP_EQ && op != PF_OP_NE)
+       if (g == -1 && op != PF_OP_EQ && op != PF_OP_NE)
                return (0);
        return (pf_match(op, a1, a2, g));
 }
@@ -4914,8 +4914,8 @@ pf_socket_lookup(struct pf_pdesc *pd)
        struct inpcbinfo        *pi;
        struct inpcb            *inp;
 
-       pd->lookup.uid = UID_MAX;
-       pd->lookup.gid = GID_MAX;
+       pd->lookup.uid = -1;
+       pd->lookup.gid = -1;
 
        switch (pd->proto) {
        case IPPROTO_TCP:

Reply via email to