From 497ccc21ef9378f92e30867fa2b473759fd64b45 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Mon, 6 Nov 2023 11:57:35 +0100 Subject: [PATCH] libpfctl: handle the 'pfctl' netlink family not being supported If we fail to find the pfctl family we should not attempt to make the call. That means that either pf is not loaded, or it's a very old (i.e. pre-netlink) version. Reported by: manu Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 1554b81acf5..12b7c1df7ee 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -189,6 +189,8 @@ pfctl_startstop(int start) snl_init(&ss, NETLINK_GENERIC); family_id = snl_get_genl_family(&ss, PFNL_FAMILY_NAME); + if (family_id == 0) + return (ENOTSUP); snl_init_writer(&ss, &nw); hdr = snl_create_genl_msg_request(&nw, family_id, @@ -1077,6 +1079,8 @@ pfctl_add_rule(int dev __unused, const struct pfctl_rule *r, const char *anchor, snl_init(&ss, NETLINK_GENERIC); family_id = snl_get_genl_family(&ss, PFNL_FAMILY_NAME); + if (family_id == 0) + return (ENOTSUP); snl_init_writer(&ss, &nw); hdr = snl_create_genl_msg_request(&nw, family_id, PFNL_CMD_ADDRULE); @@ -1213,6 +1217,9 @@ pfctl_get_creators_nl(struct snl_state *ss, uint32_t *creators, size_t *len) struct nlmsghdr *hdr; struct snl_writer nw; + if (family_id == 0) + return (ENOTSUP); + snl_init_writer(ss, &nw); hdr = snl_create_genl_msg_request(&nw, family_id, PFNL_CMD_GETCREATORS); hdr->nlmsg_flags |= NLM_F_DUMP; @@ -1363,6 +1370,9 @@ pfctl_get_states_nl(struct pfctl_state_filter *filter, struct snl_state *ss, pfc struct nlmsghdr *hdr; struct snl_writer nw; + if (family_id == 0) + return (ENOTSUP); + snl_init_writer(ss, &nw); hdr = snl_create_genl_msg_request(&nw, family_id, PFNL_CMD_GETSTATES); hdr->nlmsg_flags |= NLM_F_DUMP;