The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=95be9288f01f30a50440ea56d11468a2c6e18fed
commit 95be9288f01f30a50440ea56d11468a2c6e18fed
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2021-03-29 12:03:39 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2021-04-10 09:16:02 +0000
(t)ftp-proxy: use libpfctl
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29641
---
contrib/pf/ftp-proxy/filter.c | 16 +++++++++++-----
contrib/pf/tftp-proxy/filter.c | 10 +++++++---
libexec/tftp-proxy/Makefile | 3 +++
usr.sbin/ftp-proxy/Makefile | 3 ++-
4 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c
index f575db1c69cc..db3735565dac 100644
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@@ -28,6 +28,7 @@
#include <err.h>
#include <errno.h>
+#include <libpfctl.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
@@ -68,7 +69,8 @@ add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
return (-1);
pfr.rule.direction = dir;
- if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
return (0);
@@ -97,12 +99,14 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr
*dst,
&satosin6(nat)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
- if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
pfr.rule.rpool.proxy_port[0] = nat_range_low;
pfr.rule.rpool.proxy_port[1] = nat_range_high;
- if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
return (0);
@@ -130,11 +134,13 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct
sockaddr *dst,
&satosin6(rdr)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
- if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
pfr.rule.rpool.proxy_port[0] = rdr_port;
- if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
return (0);
diff --git a/contrib/pf/tftp-proxy/filter.c b/contrib/pf/tftp-proxy/filter.c
index e5a769a62a54..0b87d568809f 100644
--- a/contrib/pf/tftp-proxy/filter.c
+++ b/contrib/pf/tftp-proxy/filter.c
@@ -32,6 +32,7 @@
#include <err.h>
#include <errno.h>
#include <fcntl.h>
+#include <libpfctl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -72,7 +73,8 @@ add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
return (-1);
pfr.rule.direction = dir;
- if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
return (0);
@@ -106,7 +108,8 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr
*dst,
pfr.rule.rpool.proxy_port[0] = nat_range_low;
pfr.rule.rpool.proxy_port[1] = nat_range_high;
- if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
return (0);
@@ -138,7 +141,8 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr
*dst,
return (-1);
pfr.rule.rpool.proxy_port[0] = rdr_port;
- if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+ pfr.ticket, pfr.pool_ticket))
return (-1);
return (0);
diff --git a/libexec/tftp-proxy/Makefile b/libexec/tftp-proxy/Makefile
index 596ca26cb61c..353e72007734 100644
--- a/libexec/tftp-proxy/Makefile
+++ b/libexec/tftp-proxy/Makefile
@@ -6,6 +6,9 @@ PROG= tftp-proxy
SRCS= tftp-proxy.c filter.c
MAN= tftp-proxy.8
+CFLAGS+= -I${SRCTOP}/lib/libpfctl -I${OBJTOP}/lib/libpfctl
+LIBADD= pfctl
+
WARNS?= 3
.include <bsd.prog.mk>
diff --git a/usr.sbin/ftp-proxy/Makefile b/usr.sbin/ftp-proxy/Makefile
index 7d05aa9bf624..768901f99131 100644
--- a/usr.sbin/ftp-proxy/Makefile
+++ b/usr.sbin/ftp-proxy/Makefile
@@ -8,8 +8,9 @@ MAN= ftp-proxy.8
SRCS= ftp-proxy.c filter.c
CFLAGS+=-I${SRCTOP}/contrib/pf/libevent
+CFLAGS+= -I${SRCTOP}/lib/libpfctl -I${OBJTOP}/lib/libpfctl
-LIBADD= event1
+LIBADD= event1 pfctl
WARNS?= 3
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
