[pf4freebsd] Re: pfflowd port

Pyun YongHyeon yongari at kt-is.co.kr
Wed Sep 15 21:02:18 PDT 2004 

On Tue, Feb 24, 2004 at 02:29:47PM +1300, Andrew Thompson wrote:
 > On Tue, Feb 24, 2004 at 01:35:55AM +0100, Max Laier wrote:
 > > On Tuesday 24 February 2004 01:15, Andrew Thompson wrote:
 > > > Hi all,
 > > >
 > > > I have created a port for pfflowd and thought i'd get feedback before
 > > > submitting a PR.
 > > >
 > > > It can be found @
 > > >
 > > > http://www.fud.org.nz/pfflowd-port.tar.gz
 > > 
 > > Okay, some feedback:
 > > 1) You copied from security/pf (which is okay), but you should update the 
 > > pkg-descr.
 > 
 > oops, my bad.
 > 
 > > 2) pkg-plist is empty, but should contain:
 > > sbin/pfflowd
 > > etc/rc.d/pfflowd.sh.sample
 > 
 > oops again :)
 > 
 > > 3) Not sure what the patch for pfflowd.c should do. What is wrong with the 
 > > check for invalid ports?
 > 
 > It generated a gcc warning, as addr->sin_port is a uint16_t which cant
 > be negative or >65536. -Werror made this fatal.
 > 
How about this?

 parse_hostport(const char *s, struct sockaddr_in *addr)
 {
 	char *host, *port;
+#if defined(__FreeBSD__)
+	int val;
+#endif
 
 	if ((host = strdup(s)) == NULL) {
 		fprintf(stderr, "Out of memory\n");
@@ -197,12 +204,22 @@
 	}
 	*(port - 1) = '\0';
 	addr->sin_family = AF_INET;
+#if defined(__FreeBSD__)
+	val = atoi(port);
+	if (val <= 0 || val >= 65536) {
+		fprintf(stderr, "Invalid -n port.\n");
+		usage();
+		exit(1);
+	}
+	addr->sin_port = (in_port_t)val;
+#else
 	addr->sin_port = atoi(port);
 	if (addr->sin_port <= 0 || addr->sin_port >= 65536) {
 		fprintf(stderr, "Invalid -n port.\n");
 		usage();
 		exit(1);
 	}
+#endif
 	addr->sin_port = htons(addr->sin_port);
 	if (inet_aton(host, &addr->sin_addr) == 0) {
 		fprintf(stderr, "Invalid -n host.\n");

Memeber sin_port is 'u_int16_t' type. So checking with <=0
or >= 65536 does not work at all.

 > > 4) Maybe get the pidfile.{c,h} from us (include/support/) and add them 
 > > instead of just removing <util.h> and pidfile support.
 > 
 > Thanks, I wasnt sure where pidfile() came from.
 > 
 > 
 > Andy
 > 

Regards,
Pyun YongHyeon
-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>

More information about the freebsd-pf mailing list