On Tue, May 3, 2011 at 9:56 AM, Stuart Henderson <[email protected]> wrote: > On 2011/05/02 22:28, Lawrence Teo wrote: >> The DIOCNATLOOK example program at the end of the pf(4) man page >> uses memset(3), but string.h is not included. The following diff >> fixes this. Any thoughts? > > That change is correct but I'm not sure about keeping this example > code at all. We've had divert-to since OpenBSD 4.4 - when this is used > instead of rdr-to the destination address is preserved, so it can be > fetched with getsockname() without the DIOCNATLOOK dance. > > As a result the code becomes much less complicated, so we don't > really need an example any more, also another big advantage is that > there's no need for access to the privileged /dev/pf device. > > How about this? >
i'm in favor of this change, so ok mikeb
