diff options
author | Kristof Provost <kp@FreeBSD.org> | 2023-12-22 16:40:52 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2023-12-22 16:43:30 +0000 |
commit | e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10 (patch) | |
tree | ddec1fda9fe01f931efeb3c56621a2f194acc57a | |
parent | d281fece432f97b4424b852f23dfe1f974b9e30d (diff) | |
download | src-e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10.tar.gz src-e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10.zip |
pf: mark netlink commands as requiring NETINET_PF privileges
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | sys/netpfil/pf/pf_nl.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 8fe12f3762b9..4cda42404400 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -30,6 +30,7 @@ #include <sys/param.h> #include <sys/malloc.h> #include <sys/mbuf.h> +#include <sys/priv.h> #include <sys/socket.h> #include <sys/ucred.h> @@ -712,36 +713,42 @@ static const struct genl_cmd pf_cmds[] = { .cmd_name = "GETSTATES", .cmd_cb = pf_handle_getstates, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, + .cmd_priv = PRIV_NETINET_PF, }, { .cmd_num = PFNL_CMD_GETCREATORS, .cmd_name = "GETCREATORS", .cmd_cb = pf_handle_getcreators, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, + .cmd_priv = PRIV_NETINET_PF, }, { .cmd_num = PFNL_CMD_START, .cmd_name = "START", .cmd_cb = pf_handle_start, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL, + .cmd_priv = PRIV_NETINET_PF, }, { .cmd_num = PFNL_CMD_STOP, .cmd_name = "STOP", .cmd_cb = pf_handle_stop, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL, + .cmd_priv = PRIV_NETINET_PF, }, { .cmd_num = PFNL_CMD_ADDRULE, .cmd_name = "ADDRULE", .cmd_cb = pf_handle_addrule, .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, + .cmd_priv = PRIV_NETINET_PF, }, { .cmd_num = PFNL_CMD_GETRULES, .cmd_name = "GETRULES", .cmd_cb = pf_handle_getrules, .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL, + .cmd_priv = PRIV_NETINET_PF, }, }; |