From nobody Mon Nov 13 09:39:50 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4STPXk4vQxz50qmV; Mon, 13 Nov 2023 09:39:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4STPXk4hRsz3d6T; Mon, 13 Nov 2023 09:39:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699868390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lyZ6AgcQiaTNPQGFYYnIOQeStaWZAakEmdGcrspIAaI=; b=EB0qpFXaPAsvDYjf3t3+FO1eYpack4oW2htp+Buhzbsn8iDJm/140o/mZwJbGAINwnHIT7 B9IsYqVyKuGS8fLfydOlk7qS9jhu8sYiGyLFAxgrYHQHECBHG5bLmvwXw5saRsVX7yd+AA mOIkPhOz7oJuWLLjRBLEZfcR3Mjwj7USB4viHQsugunJCUK8UZIzqp97fKJbhsfPsEtW9d E821Poy8i+qKDHQCOzb4N/k1zxse/w69lddk0q+0qK5NE6W+vlI0jKVHIxeoqJYUDPdRZf TCu1hoZMNVmrvMUvUBGBUn7jBEkn4+n68t01/ZxsBKwnkvVqC8aFOGjsispwZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699868390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lyZ6AgcQiaTNPQGFYYnIOQeStaWZAakEmdGcrspIAaI=; b=qmp7sgD2qyYkL3pfknvjEIP/jZZGWieCuujnWZ7pIB5WCwNrDcfIwNymv+F/20zuyMzRy5 S89uHXgD85s5anqZu0VD4g+IaVBfmx8rIibTnlU6C1Bus7lBLmmtIPSMF8OXdsSBuN9/W1 rs43Hczc+jrcyP/lchBaWSGBxKBuCZsELfL09qVVmwFKhlfIWikfsCCtk2jYY8/6zayea9 bakP6yiNlylf0XDknqVfVvxsM4XOchPbT9Ts4kCt2QbmdjHXgrxLcNJ3RXyZJGyUlcCi3J xyIs1bkpWpAlS9sd9IP2XczjI7U0qCr0I2lGvtbCvDfSqLfBL5qddOZvJi8GDg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699868390; a=rsa-sha256; cv=none; b=u4zpWpbKOshcaiS+PFCoJoO5ZsfxD881AO4keg062d2ltgz8pBrDOnOg3NLPkNvQR0dT+T gdtz4Cj+dI1eqP4xmwbuFRnx8PXBT//Nnmp3ziTNL8Cz4Dx1nrd2CJidr2FhOVHxWTnn27 pXjqmlZBSanQnm5B4x4lub9ZHc+XP9ebBi2R1aGl1oYWMv/FgAlfCLzhC6dkjowKJl9689 qaxAuGLrfBvu2nHvb/fNqluEZxGIy8mooWIGqP9R6w/yecIWS9o0FrB/PYFDY+1WIO1z6M HcnvF1hA6qKPGHeUSBbhQlho/5C7/g4uRjIQ7d701Ei8wq4sRCptagzx0BiUZw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4STPXk3m2Dz10bQ; Mon, 13 Nov 2023 09:39:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AD9doR9076679; Mon, 13 Nov 2023 09:39:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AD9do6h076676; Mon, 13 Nov 2023 09:39:50 GMT (envelope-from git) Date: Mon, 13 Nov 2023 09:39:50 GMT Message-Id: <202311130939.3AD9do6h076676@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Kristof Provost Subject: git: 81e8bb983432 - main - net/miniupnpd: use libpfctl List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 81e8bb983432251d47c3447bf6c1572fa0a84501 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/ports/commit/?id=81e8bb983432251d47c3447bf6c1572fa0a84501 commit 81e8bb983432251d47c3447bf6c1572fa0a84501 Author: Kristof Provost AuthorDate: 2023-10-30 16:23:10 +0000 Commit: Kristof Provost CommitDate: 2023-11-13 09:39:43 +0000 net/miniupnpd: use libpfctl Start using libpfctl to replace the removed ioctl calls (DIOCGETSTATUS, DIOCGETRULE). PR: 274819 Approved by: maintainer timeout Sponsored by: Rubicon Communications, LLC ("Netgate") --- net/miniupnpd/Makefile | 8 +- net/miniupnpd/files/patch-pf_obsdrdr.c | 368 +++++++++++++++++++++++++++++++ net/miniupnpd/files/patch-pf_pfpinhole.c | 160 ++++++++++++++ 3 files changed, 533 insertions(+), 3 deletions(-) diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 1c9e6e87aebd..4c9a2ea1e505 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -1,6 +1,6 @@ PORTNAME= miniupnpd DISTVERSION= 2.3.3 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= net @@ -10,7 +10,9 @@ WWW= http://miniupnp.free.fr/ LICENSE= BSD3CLAUSE -USES= cpe ssl +LIB_DEPENDS= libpfctl.so:net/libpfctl + +USES= cpe ssl localbase:ldflags CPE_VENDOR= miniupnp_project USE_GITHUB= yes @@ -24,7 +26,7 @@ HAS_CONFIGURE= yes MAKE_JOBS_UNSAFE= yes CFLAGS+= -I${OPENSSLINC} -LDFLAGS+= -L${OPENSSLLIB} +LDFLAGS+= -L${OPENSSLLIB} -lpfctl WRKSRC_SUBDIR= miniupnpd diff --git a/net/miniupnpd/files/patch-pf_obsdrdr.c b/net/miniupnpd/files/patch-pf_obsdrdr.c new file mode 100644 index 000000000000..0f245db26a1b --- /dev/null +++ b/net/miniupnpd/files/patch-pf_obsdrdr.c @@ -0,0 +1,368 @@ +--- pf/obsdrdr.c.orig 2023-02-17 03:09:33 UTC ++++ pf/obsdrdr.c +@@ -64,6 +64,8 @@ + #include + #include + ++#include ++ + #include "../macros.h" + #include "config.h" + #include "obsdrdr.h" +@@ -154,7 +156,7 @@ init_redirect(void) + int + init_redirect(void) + { +- struct pf_status status; ++ struct pfctl_status *status; + if(dev>=0) + shutdown_redirect(); + dev = open("/dev/pf", O_RDWR); +@@ -162,14 +164,16 @@ init_redirect(void) + syslog(LOG_ERR, "open(\"/dev/pf\"): %m"); + return -1; + } +- if(ioctl(dev, DIOCGETSTATUS, &status)<0) { ++ if ((status = pfctl_get_status(dev)) == NULL) { + syslog(LOG_ERR, "DIOCGETSTATUS: %m"); + return -1; + } +- if(!status.running) { ++ if(!status->running) { ++ pfctl_free_status(status); + syslog(LOG_ERR, "pf is disabled"); + return -1; + } ++ pfctl_free_status(status); + return 0; + } + +@@ -464,6 +468,7 @@ delete_nat_rule(const char * ifname, unsigned short ip + { + int i, n; + struct pfioc_rule pr; ++ struct pfctl_rule rule; + UNUSED(ifname); + if(dev<0) { + syslog(LOG_ERR, "pf device is not open"); +@@ -486,19 +491,19 @@ delete_nat_rule(const char * ifname, unsigned short ip + for(i=0; i 0) + { + #ifdef PFVAR_NEW_STYLE +- if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0) ++ if (rule.src.addr.v.a.addr.v4addr.s_addr == 0) + #else +- if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0) ++ if (rule.src.addr.v.a.addr.v4.s_addr == 0) + #endif + { + rhost[0] = '\0'; /* empty string */ +@@ -944,10 +950,10 @@ get_redirect_rule(const char * ifname, unsigned short + else + { + #ifdef PFVAR_NEW_STYLE +- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr, ++ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr, + rhost, rhostlen); + #else +- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, ++ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr, + rhost, rhostlen); + #endif + } +@@ -978,6 +984,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna + { + int i, n; + struct pfioc_rule pr; ++ struct pfctl_rule rule; + UNUSED(ifname); + + if(dev<0) { +@@ -998,23 +1005,23 @@ priv_delete_redirect_rule_check_desc(const char * ifna + for(i=0; i 0) + { + #ifdef PFVAR_NEW_STYLE +- if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0) ++ if (rule.src.addr.v.a.addr.v4addr.s_addr == 0) + #else +- if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0) ++ if (rule.src.addr.v.a.addr.v4.s_addr == 0) + #endif + rhost[0] = '\0'; /* empty string */ + else + #ifdef PFVAR_NEW_STYLE +- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr, ++ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr, + rhost, rhostlen); + #else +- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, ++ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr, + rhost, rhostlen); + #endif + } + if(check_desc) { +- if((desc == NULL && pr.rule.label[0] == '\0') || +- (desc && 0 == strcmp(desc, pr.rule.label))) { ++ if((desc == NULL && rule.label[0][0] == '\0') || ++ (desc && 0 == strcmp(desc, rule.label[0]))) { + return 1; + } + } +@@ -1208,6 +1215,7 @@ get_redirect_rule_by_index(int index, + { + int n; + struct pfioc_rule pr; ++ struct pfctl_rule rule; + #ifndef PF_NEWSTYLE + struct pfioc_pooladdr pp; + #endif +@@ -1231,36 +1239,36 @@ get_redirect_rule_by_index(int index, + if(index >= n) + goto error; + pr.nr = index; +- if(ioctl(dev, DIOCGETRULE, &pr) < 0) ++ if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) + { + syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); + goto error; + } +- *proto = pr.rule.proto; ++ *proto = rule.proto; + #ifdef __APPLE__ +- *eport = ntohs(pr.rule.dst.xport.range.port[0]); ++ *eport = ntohs(rule.dst.xport.range.port[0]); + #else +- *eport = ntohs(pr.rule.dst.port[0]); ++ *eport = ntohs(rule.dst.port[0]); + #endif + #ifndef PF_NEWSTYLE +- *iport = pr.rule.rpool.proxy_port[0]; ++ *iport = rule.rpool.proxy_port[0]; + #else +- *iport = pr.rule.rdr.proxy_port[0]; ++ *iport = rule.rdr.proxy_port[0]; + #endif + if(ifname) +- strlcpy(ifname, pr.rule.ifname, IFNAMSIZ); ++ strlcpy(ifname, rule.ifname, IFNAMSIZ); + if(desc) +- strlcpy(desc, pr.rule.label, desclen); ++ strlcpy(desc, rule.label[0], desclen); + #ifdef PFRULE_INOUT_COUNTS + if(packets) +- *packets = pr.rule.packets[0] + pr.rule.packets[1]; ++ *packets = rule.packets[0] + rule.packets[1]; + if(bytes) +- *bytes = pr.rule.bytes[0] + pr.rule.bytes[1]; ++ *bytes = rule.bytes[0] + rule.bytes[1]; + #else + if(packets) +- *packets = pr.rule.packets; ++ *packets = rule.packets; + if(bytes) +- *bytes = pr.rule.bytes; ++ *bytes = rule.bytes; + #endif + #ifndef PF_NEWSTYLE + memset(&pp, 0, sizeof(pp)); +@@ -1292,15 +1300,15 @@ get_redirect_rule_by_index(int index, + iaddr, iaddrlen); + #endif + #else +- inet_ntop(AF_INET, &pr.rule.rdr.addr.v.a.addr.v4.s_addr, ++ inet_ntop(AF_INET, &rule.rdr.addr.v.a.addr.v4.s_addr, + iaddr, iaddrlen); + #endif + if(rhost && rhostlen > 0) + { + #ifdef PFVAR_NEW_STYLE +- if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0) ++ if (rule.src.addr.v.a.addr.v4addr.s_addr == 0) + #else +- if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0) ++ if (rule.src.addr.v.a.addr.v4.s_addr == 0) + #endif + { + rhost[0] = '\0'; /* empty string */ +@@ -1308,10 +1316,10 @@ get_redirect_rule_by_index(int index, + else + { + #ifdef PFVAR_NEW_STYLE +- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr, ++ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr, + rhost, rhostlen); + #else +- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, ++ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr, + rhost, rhostlen); + #endif + } +@@ -1334,6 +1342,7 @@ get_portmappings_in_range(unsigned short startport, un + int i, n; + unsigned short eport; + struct pfioc_rule pr; ++ struct pfctl_rule rule; + + *number = 0; + if(dev<0) { +@@ -1362,19 +1371,19 @@ get_portmappings_in_range(unsigned short startport, un + for(i=0; i= capacity) diff --git a/net/miniupnpd/files/patch-pf_pfpinhole.c b/net/miniupnpd/files/patch-pf_pfpinhole.c new file mode 100644 index 000000000000..9605ab3fd4a7 --- /dev/null +++ b/net/miniupnpd/files/patch-pf_pfpinhole.c @@ -0,0 +1,160 @@ +--- pf/pfpinhole.c.orig 2023-10-30 16:24:29 UTC ++++ pf/pfpinhole.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + #include "config.h" + #include "pfpinhole.h" +@@ -170,6 +171,7 @@ int find_pinhole(const char * ifname, + unsigned int ts; + int i, n; + struct pfioc_rule pr; ++ struct pfctl_rule rule; + struct in6_addr saddr; + struct in6_addr daddr; + UNUSED(ifname); +@@ -196,21 +198,21 @@ int find_pinhole(const char * ifname, + n = pr.nr; + for(i=0; i= 0; i--) { + pr.nr = i; +- if(ioctl(dev, DIOCGETRULE, &pr) < 0) { ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) { + syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); + return -1; + } +- if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { +- syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", pr.rule.label); ++ if(sscanf(rule.label[0], PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { ++ syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", rule.label[0]); + continue; + } + if(ts <= (unsigned int)current_time) { +- syslog(LOG_INFO, "removing expired pinhole '%s'", pr.rule.label); ++ syslog(LOG_INFO, "removing expired pinhole '%s'", rule.label[0]); + pr.action = PF_CHANGE_GET_TICKET; + if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) { + syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");