git: 8923ea6c867f - main - ftp-proxy: Revert incorrect migration to libpfctl
Kristof Provost
kp at FreeBSD.org
Thu Jul 1 19:35:21 UTC 2021
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=8923ea6c867fd75b08b76883ec122c429a4018f9
commit 8923ea6c867fd75b08b76883ec122c429a4018f9
Author: Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-07-01 15:16:10 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-07-01 19:34:40 +0000
ftp-proxy: Revert incorrect migration to libpfctl
libpfctl supports creating rules, but not (yet) adding addresses to a
pool. Adding addresses certainly does not work through adding a rule.
PR: 256917
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
contrib/pf/ftp-proxy/filter.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c
index dad6324808bc..e4787985e99f 100644
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@@ -103,8 +103,7 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
&satosin6(nat)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
- if (pfctl_add_rule(dev, &pfrule, pfanchor, pfanchor_call,
- pfticket, pfpool_ticket))
+ if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
return (-1);
pfrule.rpool.proxy_port[0] = nat_range_low;
@@ -138,8 +137,7 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
&satosin6(rdr)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
- if (pfctl_add_rule(dev, &pfrule, pfanchor, pfanchor_call,
- pfticket, pfpool_ticket))
+ if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
return (-1);
pfrule.rpool.proxy_port[0] = rdr_port;
More information about the dev-commits-src-all
mailing list