PF's DIOCNATLOOK system call can not obtain correct return data in OpenBSD
7.3-7.5, but this call was normal before OpenBSD 7.3. I tested it on
OpenBSD 7.2 and OpenBSD 6.9 and both returned correct data.
The test code is at the end of the report (from man page of PF with a
little modification), an
for transparent proxies is to use "divert-to" and then,
> for TCP, getsockname(2), or for UDP, IP_RECVDSTADDR/IPV6_RECVDSTPORT
> etc. In particular this is safer because you don't need access to
> /dev/pf.
>
> On 2024/05/11 01:12, cut wave wrote:
> > PF's D
ended any more anyway - the
> preferred option for transparent proxies is to use "divert-to" and then,
> for TCP, getsockname(2), or for UDP, IP_RECVDSTADDR/IPV6_RECVDSTPORT
> etc. In particular this is safer because you don't need access to
> /dev/pf.
>
> On 2024/05
