git: c1526a55d363 - stable/12 - (t)ftp-proxy: use libpfctl

Kristof Provost kp at FreeBSD.org
Fri May 7 15:25:47 UTC 2021 

The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=c1526a55d363f451e3579581c9be94ab859312c6

commit c1526a55d363f451e3579581c9be94ab859312c6
Author:     Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-03-29 12:03:39 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-05-07 08:16:01 +0000

    (t)ftp-proxy: use libpfctl
    
    Reviewed by:    glebius
    MFC after:      4 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D29641
    
    (cherry picked from commit 95be9288f01f30a50440ea56d11468a2c6e18fed)
---
 contrib/pf/ftp-proxy/filter.c  | 16 +++++++++++-----
 contrib/pf/tftp-proxy/filter.c | 10 +++++++---
 libexec/tftp-proxy/Makefile    |  3 +++
 usr.sbin/ftp-proxy/Makefile    |  3 ++-
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c
index f575db1c69cc..db3735565dac 100644
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@@ -28,6 +28,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <libpfctl.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <string.h>
@@ -68,7 +69,8 @@ add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
 		return (-1);
 
 	pfr.rule.direction = dir;
-	if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	return (0);
@@ -97,12 +99,14 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
 		    &satosin6(nat)->sin6_addr.s6_addr, 16);
 		memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
 	}
-	if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	pfr.rule.rpool.proxy_port[0] = nat_range_low;
 	pfr.rule.rpool.proxy_port[1] = nat_range_high;
-	if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	return (0);
@@ -130,11 +134,13 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
 		    &satosin6(rdr)->sin6_addr.s6_addr, 16);
 		memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
 	}
-	if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	pfr.rule.rpool.proxy_port[0] = rdr_port;
-	if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	return (0);
diff --git a/contrib/pf/tftp-proxy/filter.c b/contrib/pf/tftp-proxy/filter.c
index e5a769a62a54..0b87d568809f 100644
--- a/contrib/pf/tftp-proxy/filter.c
+++ b/contrib/pf/tftp-proxy/filter.c
@@ -32,6 +32,7 @@
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <libpfctl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -72,7 +73,8 @@ add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
 		return (-1);
 
 	pfr.rule.direction = dir;
-	if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	return (0);
@@ -106,7 +108,8 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
 
 	pfr.rule.rpool.proxy_port[0] = nat_range_low;
 	pfr.rule.rpool.proxy_port[1] = nat_range_high;
-	if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	return (0);
@@ -138,7 +141,8 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
 		return (-1);
 
 	pfr.rule.rpool.proxy_port[0] = rdr_port;
-	if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+	if (pfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
+	    pfr.ticket, pfr.pool_ticket))
 		return (-1);
 
 	return (0);
diff --git a/libexec/tftp-proxy/Makefile b/libexec/tftp-proxy/Makefile
index 596ca26cb61c..353e72007734 100644
--- a/libexec/tftp-proxy/Makefile
+++ b/libexec/tftp-proxy/Makefile
@@ -6,6 +6,9 @@ PROG=	tftp-proxy
 SRCS=	tftp-proxy.c filter.c
 MAN=	tftp-proxy.8
 
+CFLAGS+= -I${SRCTOP}/lib/libpfctl -I${OBJTOP}/lib/libpfctl
+LIBADD= pfctl
+
 WARNS?=	3
 
 .include <bsd.prog.mk>
diff --git a/usr.sbin/ftp-proxy/Makefile b/usr.sbin/ftp-proxy/Makefile
index 443db1c00a2d..a7b2ba6b43d5 100644
--- a/usr.sbin/ftp-proxy/Makefile
+++ b/usr.sbin/ftp-proxy/Makefile
@@ -8,8 +8,9 @@ MAN=	ftp-proxy.8
 SRCS=	ftp-proxy.c filter.c
 
 CFLAGS+=-I${SRCTOP}/contrib/pf/libevent
+CFLAGS+= -I${SRCTOP}/lib/libpfctl -I${OBJTOP}/lib/libpfctl
 
-LIBADD=	event
+LIBADD=	event pfctl
 
 WARNS?=	3

More information about the dev-commits-src-all mailing list