pf: export expiration time as time_t

time_t has a different size on different platforms (i.e. 32-bit on i386, 64-bit
on others). Rather than always exporting it as 64-bits use the platform-native
size.
This means we can safely write directly into a time_t variable, which we can't
do on i386 eif we export 64 bits.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

5 files changed, 20 insertions, 3 deletions

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index e38469643571..4b579de38ad0 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -1699,7 +1699,7 @@ static struct snl_attr_parser ap_getrule[] = {
 	{ .type = PF_RT_MAX_PKT_SIZE, .off =_OUT(r.max_pkt_size), .cb = snl_attr_get_uint16 },
 	{ .type = PF_RT_TYPE_2, .off = _OUT(r.type), .cb = snl_attr_get_uint16 },
 	{ .type = PF_RT_CODE_2, .off = _OUT(r.code), .cb = snl_attr_get_uint16 },
-	{ .type = PF_RT_EXPTIME, .off = _OUT(r.exptime), .cb = snl_attr_get_uint64 },
+	{ .type = PF_RT_EXPTIME, .off = _OUT(r.exptime), .cb = snl_attr_get_time_t },
 };
 #undef _OUT
 SNL_DECLARE_PARSER(getrule_parser, struct genlmsghdr, snl_f_p_empty, ap_getrule);
diff --git a/sys/netlink/netlink_message_writer.h b/sys/netlink/netlink_message_writer.h
index 83f925e8d93d..ad2099a4d636 100644
--- a/sys/netlink/netlink_message_writer.h
+++ b/sys/netlink/netlink_message_writer.h
@@ -284,6 +284,12 @@ nlattr_add_s64(struct nl_writer *nw, uint16_t attrtype, int64_t value)
 }
 
 static inline bool
+nlattr_add_time_t(struct nl_writer *nw, uint16_t attrtype, time_t value)
+{
+	return (nlattr_add(nw, attrtype, sizeof(time_t), &value));
+}
+
+static inline bool
 nlattr_add_flag(struct nl_writer *nw, uint16_t attrtype)
 {
 	return (nlattr_add(nw, attrtype, 0, NULL));
diff --git a/sys/netlink/netlink_snl.h b/sys/netlink/netlink_snl.h
index 586716776bc5..6dd8a9cbdb35 100644
--- a/sys/netlink/netlink_snl.h
+++ b/sys/netlink/netlink_snl.h
@@ -631,6 +631,17 @@ snl_attr_get_int64(struct snl_state *ss, struct nlattr *nla, const void *arg,
 }
 
 static inline bool
+snl_attr_get_time_t(struct snl_state *ss __unused, struct nlattr *nla,
+    const void *arg __unused, void *target)
+{
+	if (NLA_DATA_LEN(nla) == sizeof(time_t)) {
+		memcpy(target, NLA_DATA_CONST(nla), sizeof(time_t));
+		return (true);
+	}
+	return (false);
+}
+
+static inline bool
 snl_attr_get_string(struct snl_state *ss __unused, struct nlattr *nla,
     const void *arg __unused, void *target)
 {
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index ff3edd43e3a5..082b9b565153 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -1025,7 +1025,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt)
 	nlattr_add_u64(nw, PF_RT_SRC_NODES_NAT, counter_u64_fetch(rule->src_nodes[PF_SN_NAT]));
 	nlattr_add_u64(nw, PF_RT_SRC_NODES_ROUTE, counter_u64_fetch(rule->src_nodes[PF_SN_ROUTE]));
 	nlattr_add_pf_threshold(nw, PF_RT_PKTRATE, &rule->pktrate);
-	nlattr_add_u64(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime));
+	nlattr_add_time_t(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime));
 
 	error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call));
 	MPASS(error == 0);
diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h
index 38891339450e..c46c8f2b2592 100644
--- a/sys/netpfil/pf/pf_nl.h
+++ b/sys/netpfil/pf/pf_nl.h
@@ -285,7 +285,7 @@ enum pf_rule_type_t {
 	PF_RT_MAX_PKT_SIZE	= 83, /* u16 */
 	PF_RT_TYPE_2		= 84, /* u16 */
 	PF_RT_CODE_2		= 85, /* u16 */
-	PF_RT_EXPTIME		= 86, /* u64 */
+	PF_RT_EXPTIME		= 86, /* time_t */
 };
 
 enum pf_addrule_type_t {