git: 50eccf98b27d - stable/14 - pf (t)ftp-proxy: use libpfctl instead of DIOCGETSTATUS

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Sat, 09 Sep 2023 11:51:15 UTC
The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=50eccf98b27dcf027f2afb7f8838ca750a076f05

commit 50eccf98b27dcf027f2afb7f8838ca750a076f05
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-08-29 15:00:44 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-09-09 09:05:50 +0000

    pf (t)ftp-proxy: use libpfctl instead of DIOCGETSTATUS
    
    Prefer libpfctl functions over direct access to the ioctl whenever
    possible. This will allow subsequent removal of DIOCGETSTATUS (in 15) as
    there already is an nvlist-based alternative.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D41647
    
    (cherry picked from commit ddd08375c85576b49fb9a34968ba2c2f4f8d56cf)
---
 contrib/pf/ftp-proxy/filter.c  | 9 ++++++---
 contrib/pf/tftp-proxy/filter.c | 9 ++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c
index e4787985e99f..4277e079f3be 100644
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@@ -169,7 +169,7 @@ do_rollback(void)
 void
 init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
 {
-	struct pf_status status;
+	struct pfctl_status *status;
 
 	qname = opt_qname;
 	tagname = opt_tagname;
@@ -182,10 +182,13 @@ init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
 	dev = open("/dev/pf", O_RDWR);	
 	if (dev == -1)
 		err(1, "open /dev/pf");
-	if (ioctl(dev, DIOCGETSTATUS, &status) == -1)
+	status = pfctl_get_status(dev);
+	if (status == NULL)
 		err(1, "DIOCGETSTATUS");
-	if (!status.running)
+	if (!status->running)
 		errx(1, "pf is disabled");
+
+	pfctl_free_status(status);
 }
 
 int
diff --git a/contrib/pf/tftp-proxy/filter.c b/contrib/pf/tftp-proxy/filter.c
index 1689d3465fd3..966628464d28 100644
--- a/contrib/pf/tftp-proxy/filter.c
+++ b/contrib/pf/tftp-proxy/filter.c
@@ -173,7 +173,7 @@ do_rollback(void)
 void
 init_filter(char *opt_qname, int opt_verbose)
 {
-	struct pf_status status;
+	struct pfctl_status *status;
 
 	qname = opt_qname;
 
@@ -187,14 +187,17 @@ init_filter(char *opt_qname, int opt_verbose)
 		syslog(LOG_ERR, "can't open /dev/pf");
 		exit(1);
 	}
-	if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
+	status = pfctl_get_status(dev);
+	if (status == NULL) {
 		syslog(LOG_ERR, "DIOCGETSTATUS");
 		exit(1);
 	}
-	if (!status.running) {
+	if (!status->running) {
 		syslog(LOG_ERR, "pf is disabled");
 		exit(1);
 	}
+
+	pfctl_free_status(status);
 }
 
 int