Date: Thu, 12 Sep 2024 22:41:52 GMT From: Vladimir Druzenko <vvd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: f53752043e6e - main - net/miniupnpd: Update 2.3.6 =?utf-8?Q?=E2=86=92?= 2.3.7 Message-ID: <202409122241.48CMfqBi083126@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by vvd: URL: https://cgit.FreeBSD.org/ports/commit/?id=f53752043e6e503140cbde418d09dcd0ff1e8874 commit f53752043e6e503140cbde418d09dcd0ff1e8874 Author: martin <martin@sugioarto.com> AuthorDate: 2024-09-12 22:36:35 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-09-12 22:36:35 +0000 net/miniupnpd: Update 2.3.6 → 2.3.7 Changelog: - FreeBSD: use libpfctl (FreeBSD 15+ or --libpfctl) - default NOTIFY interval of 900s minus a random value - ipv6: prefer globally routable addresses http://miniupnp.free.fr/files/changelog.php?file=miniupnpd-2.3.7.tar.gz Port improvements: - use release tarball from upstream instead of USE_GITHUB; - replace spaces with tabs; - sort options in USES and in PLIST_FILES; - use PORTNAME variable in USE_RC_SUBR; - pet portclippy. PR: 281099 Approved by: squat@squat.no (maintainer, timeout > 14 days) --- net/miniupnpd/Makefile | 23 +- net/miniupnpd/distinfo | 6 +- net/miniupnpd/files/patch-pf_obsdrdr.c | 458 ------------------------------- net/miniupnpd/files/patch-pf_pfpinhole.c | 210 -------------- 4 files changed, 12 insertions(+), 685 deletions(-) diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 988168b9802b..fafefa0ad735 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -1,7 +1,9 @@ PORTNAME= miniupnpd -DISTVERSION= 2.3.6 +DISTVERSION= 2.3.7 PORTEPOCH= 1 CATEGORIES= net +MASTER_SITES= http://miniupnp.free.fr/files/ \ + https://github.com/miniupnp/miniupnp/releases/download/${PORTNAME}_${DISTVERSION:S|.|_|g}/ MAINTAINER= squat@squat.no COMMENT= Lightweight UPnP IGD & PCP/NAT-PMP daemon which uses pf @@ -9,33 +11,26 @@ WWW= http://miniupnp.free.fr/ LICENSE= BSD3CLAUSE -LIB_DEPENDS= libpfctl.so:net/libpfctl +LIB_DEPENDS= libpfctl.so:net/libpfctl -USES= cpe ssl localbase:ldflags +USES= cpe localbase:ldflags ssl CPE_VENDOR= miniupnp_project -USE_GITHUB= yes -GH_ACCOUNT= miniupnp -GH_PROJECT= miniupnp -GH_TAGNAME= miniupnpd_2_3_6 - -USE_RC_SUBR= miniupnpd +USE_RC_SUBR= ${PORTNAME} HAS_CONFIGURE= yes +# unconditionally use pf, ipfw does not work on FreeBSD +CONFIGURE_ARGS= --firewall=pf --libpfctl + MAKE_JOBS_UNSAFE= yes CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -lpfctl -WRKSRC_SUBDIR= miniupnpd - PLIST_FILES= etc/miniupnpd.conf.sample \ share/man/man8/miniupnpd.8.gz \ sbin/miniupnpd -# unconditionally use pf, ipfw does not work on FreeBSD -CONFIGURE_ARGS= --firewall=pf - OPTIONS_DEFINE= CHECK_PORTINUSE IPV6 LEASEFILE UPNP_IGDV2 \ UPNP_STRICT CHECK_PORTINUSE_DESC= Check if ports are in use diff --git a/net/miniupnpd/distinfo b/net/miniupnpd/distinfo index 1d7be071d12b..587e74fc7dfd 100644 --- a/net/miniupnpd/distinfo +++ b/net/miniupnpd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1715155832 -SHA256 (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 6e5ee2239030486675f558cc840d154e5e2db9517efc96c5b0ab2b2c34c1a128 -SIZE (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 462607 +TIMESTAMP = 1726178413 +SHA256 (miniupnpd-2.3.7.tar.gz) = fbdd5501039730f04a8420ea2f8f54b7df63f9f04cde2dc67fa7371e80477bbe +SIZE (miniupnpd-2.3.7.tar.gz) = 265329 diff --git a/net/miniupnpd/files/patch-pf_obsdrdr.c b/net/miniupnpd/files/patch-pf_obsdrdr.c deleted file mode 100644 index a13e3888ed46..000000000000 --- a/net/miniupnpd/files/patch-pf_obsdrdr.c +++ /dev/null @@ -1,458 +0,0 @@ ---- pf/obsdrdr.c.orig 2024-03-19 23:41:25 UTC -+++ pf/obsdrdr.c -@@ -64,6 +64,8 @@ - #include <stdio.h> - #include <stdlib.h> - -+#include <libpfctl.h> -+ - #include "../macros.h" - #include "config.h" - #include "obsdrdr.h" -@@ -155,7 +157,7 @@ init_redirect(void) - int - init_redirect(void) - { -- struct pf_status status; -+ struct pfctl_status *status; - if(dev>=0) - shutdown_redirect(); - dev = open("/dev/pf", O_RDWR); -@@ -163,14 +165,16 @@ init_redirect(void) - syslog(LOG_ERR, "open(\"/dev/pf\"): %m"); - return -1; - } -- if(ioctl(dev, DIOCGETSTATUS, &status)<0) { -+ if ((status = pfctl_get_status(dev)) == NULL) { - syslog(LOG_ERR, "DIOCGETSTATUS: %m"); - return -1; - } -- if(!status.running) { -+ if(!status->running) { -+ pfctl_free_status(status); - syslog(LOG_ERR, "pf is disabled"); - return -1; - } -+ pfctl_free_status(status); - return 0; - } - -@@ -471,6 +475,7 @@ delete_nat_rule(const char * ifname, unsigned short ip - int i, n, r; - unsigned int tnum; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - UNUSED(ifname); - if(dev<0) { - syslog(LOG_ERR, "pf device is not open"); -@@ -486,7 +491,7 @@ delete_nat_rule(const char * ifname, unsigned short ip - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -497,7 +502,7 @@ delete_nat_rule(const char * ifname, unsigned short ip - for(i=0; i<n; i++) - { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_NAT, &rule, pr.anchor_call) != 0) - { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - r = -1; -@@ -505,12 +510,12 @@ delete_nat_rule(const char * ifname, unsigned short ip - } - #ifdef TEST - syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x %8x", -- i, ntohs(pr.rule.src.port[0]), pr.rule.proto, -- pr.rule.src.addr.v.a.addr.v4.s_addr, iaddr); -+ i, ntohs(rule.src.port[0]), rule.proto, -+ rule.src.addr.v.a.addr.v4.s_addr, iaddr); - #endif /* TEST */ -- if(iport == ntohs(pr.rule.src.port[0]) -- && pr.rule.proto == proto -- && iaddr == pr.rule.src.addr.v.a.addr.v4.s_addr) -+ if(iport == ntohs(rule.src.port[0]) -+ && rule.proto == proto -+ && iaddr == rule.src.addr.v.a.addr.v4.s_addr) - { - pr.action = PF_CHANGE_GET_TICKET; - if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) -@@ -842,7 +847,7 @@ get_redirect_rule_count(const char * ifname) - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - release_ticket(dev, pr.ticket); -@@ -863,7 +868,9 @@ get_redirect_rule(const char * ifname, unsigned short - { - int i, n, r; - unsigned int tnum; -- struct pfioc_rule pr; -+ struct pfctl_rules_info info; -+ struct pfctl_rule rule; -+ char anchor_call[MAXPATHLEN]; - #ifndef PF_NEWSTYLE - struct pfioc_pooladdr pp; - #endif -@@ -873,63 +880,57 @@ get_redirect_rule(const char * ifname, unsigned short - syslog(LOG_ERR, "pf device is not open"); - return -1; - } -- memset(&pr, 0, sizeof(pr)); -- strlcpy(pr.anchor, anchor_name, MAXPATHLEN); --#ifndef PF_NEWSTYLE -- pr.rule.action = PF_RDR; --#endif -- if(ioctl(dev, DIOCGETRULES, &pr) < 0) -+ if (pfctl_get_rules_info(dev, &info, PF_RDR, anchor_name) != 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } -- n = pr.nr; -+ n = info.nr; - #ifdef PF_RELEASETICKETS -- tnum = pr.ticket; -+ tnum = info.ticket; - #endif /* PF_RELEASETICKETS */ - r = -2; - for(i=0; i<n; i++) - { -- pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, info.ticket, anchor_name, PF_RDR, &rule, anchor_call) != 0) - { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - r = -1; - break; - } - #ifdef __APPLE__ -- if( (eport == ntohs(pr.rule.dst.xport.range.port[0])) -- && (eport == ntohs(pr.rule.dst.xport.range.port[1])) -+ if( (eport == ntohs(rule.dst.xport.range.port[0])) -+ && (eport == ntohs(rule.dst.xport.range.port[1])) - #else -- if( (eport == ntohs(pr.rule.dst.port[0])) -- && (eport == ntohs(pr.rule.dst.port[1])) -+ if( (eport == ntohs(rule.dst.port[0])) -+ && (eport == ntohs(rule.dst.port[1])) - #endif -- && (pr.rule.proto == proto) ) -+ && (rule.proto == proto) ) - { - #ifndef PF_NEWSTYLE -- *iport = pr.rule.rpool.proxy_port[0]; -+ *iport = rule.rpool.proxy_port[0]; - #else -- *iport = pr.rule.rdr.proxy_port[0]; -+ *iport = rule.rdr.proxy_port[0]; - #endif - if(desc) -- strlcpy(desc, pr.rule.label, desclen); -+ strlcpy(desc, rule.label[0], desclen); - #ifdef PFRULE_INOUT_COUNTS - if(packets) -- *packets = pr.rule.packets[0] + pr.rule.packets[1]; -+ *packets = rule.packets[0] + rule.packets[1]; - if(bytes) -- *bytes = pr.rule.bytes[0] + pr.rule.bytes[1]; -+ *bytes = rule.bytes[0] + rule.bytes[1]; - #else - if(packets) -- *packets = pr.rule.packets; -+ *packets = rule.packets; - if(bytes) -- *bytes = pr.rule.bytes; -+ *bytes = rule.bytes; - #endif - #ifndef PF_NEWSTYLE - memset(&pp, 0, sizeof(pp)); - strlcpy(pp.anchor, anchor_name, MAXPATHLEN); - pp.r_action = PF_RDR; - pp.r_num = i; -- pp.ticket = pr.ticket; -+ pp.ticket = info.ticket; - if(ioctl(dev, DIOCGETADDRS, &pp) < 0) - { - syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m"); -@@ -957,15 +958,15 @@ get_redirect_rule(const char * ifname, unsigned short - iaddr, iaddrlen); - #endif - #else -- inet_ntop(AF_INET, &pr.rule.rdr.addr.v.a.addr.v4.s_addr, -+ inet_ntop(AF_INET, &rule.rdr.addr.v.a.addr.v4.s_addr, - iaddr, iaddrlen); - #endif - if(rhost && rhostlen > 0) - { - #ifdef PFVAR_NEW_STYLE -- if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0) -+ if (rule.src.addr.v.a.addr.v4addr.s_addr == 0) - #else -- if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0) -+ if (rule.src.addr.v.a.addr.v4.s_addr == 0) - #endif - { - rhost[0] = '\0'; /* empty string */ -@@ -973,10 +974,10 @@ get_redirect_rule(const char * ifname, unsigned short - else - { - #ifdef PFVAR_NEW_STYLE -- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr, -+ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr, - rhost, rhostlen); - #else -- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, -+ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr, - rhost, rhostlen); - #endif - } -@@ -1010,6 +1011,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna - int i, n, r; - unsigned int tnum; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - UNUSED(ifname); - - if(dev<0) { -@@ -1023,7 +1025,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -1034,24 +1036,24 @@ priv_delete_redirect_rule_check_desc(const char * ifna - for(i=0; i<n; i++) - { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0) - { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - r = -1; - break; - } - #ifdef __APPLE__ -- if( (eport == ntohs(pr.rule.dst.xport.range.port[0])) -- && (eport == ntohs(pr.rule.dst.xport.range.port[1])) -+ if( (eport == ntohs(rule.dst.xport.range.port[0])) -+ && (eport == ntohs(rule.dst.xport.range.port[1])) - #else -- if( (eport == ntohs(pr.rule.dst.port[0])) -- && (eport == ntohs(pr.rule.dst.port[1])) -+ if( (eport == ntohs(rule.dst.port[0])) -+ && (eport == ntohs(rule.dst.port[1])) - #endif -- && (pr.rule.proto == proto) ) -+ && (rule.proto == proto) ) - { - /* retrieve iport in order to remove filter rule */ - #ifndef PF_NEWSTYLE -- if(iport) *iport = pr.rule.rpool.proxy_port[0]; -+ if(iport) *iport = rule.rpool.proxy_port[0]; - if(iaddr) - { - /* retrieve internal address */ -@@ -1087,33 +1089,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna - #endif - } - #else -- if(iport) *iport = pr.rule.rdr.proxy_port[0]; -+ if(iport) *iport = rule.rdr.proxy_port[0]; - if(iaddr) - { - /* retrieve internal address */ -- *iaddr = pr.rule.rdr.addr.v.a.addr.v4.s_addr; -+ *iaddr = rule.rdr.addr.v.a.addr.v4.s_addr; - } - #endif - if(rhost && rhostlen > 0) - { - #ifdef PFVAR_NEW_STYLE -- if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0) -+ if (rule.src.addr.v.a.addr.v4addr.s_addr == 0) - #else -- if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0) -+ if (rule.src.addr.v.a.addr.v4.s_addr == 0) - #endif - rhost[0] = '\0'; /* empty string */ - else - #ifdef PFVAR_NEW_STYLE -- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr, -+ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr, - rhost, rhostlen); - #else -- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, -+ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr, - rhost, rhostlen); - #endif - } - if(check_desc) { -- if((desc == NULL && pr.rule.label[0] == '\0') || -- (desc && 0 == strcmp(desc, pr.rule.label))) { -+ if((desc == NULL && rule.label[0][0] == '\0') || -+ (desc && 0 == strcmp(desc, rule.label[0]))) { - r = 1; - break; - } -@@ -1175,7 +1177,7 @@ priv_delete_filter_rule(const char * ifname, unsigned - pr.rule.action = PF_PASS; - if(ioctl(dev, DIOCGETRULES, &pr) < 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -1275,6 +1277,7 @@ get_redirect_rule_by_index(int index, - int n, r; - unsigned int tnum; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - #ifndef PF_NEWSTYLE - struct pfioc_pooladdr pp; - #endif -@@ -1291,7 +1294,7 @@ get_redirect_rule_by_index(int index, - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -1302,36 +1305,36 @@ get_redirect_rule_by_index(int index, - if(index >= n) - goto error; - pr.nr = index; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0) - { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - goto error; - } -- *proto = pr.rule.proto; -+ *proto = rule.proto; - #ifdef __APPLE__ -- *eport = ntohs(pr.rule.dst.xport.range.port[0]); -+ *eport = ntohs(rule.dst.xport.range.port[0]); - #else -- *eport = ntohs(pr.rule.dst.port[0]); -+ *eport = ntohs(rule.dst.port[0]); - #endif - #ifndef PF_NEWSTYLE -- *iport = pr.rule.rpool.proxy_port[0]; -+ *iport = rule.rpool.proxy_port[0]; - #else -- *iport = pr.rule.rdr.proxy_port[0]; -+ *iport = rule.rdr.proxy_port[0]; - #endif - if(ifname) -- strlcpy(ifname, pr.rule.ifname, IFNAMSIZ); -+ strlcpy(ifname, rule.ifname, IFNAMSIZ); - if(desc) -- strlcpy(desc, pr.rule.label, desclen); -+ strlcpy(desc, rule.label[0], desclen); - #ifdef PFRULE_INOUT_COUNTS - if(packets) -- *packets = pr.rule.packets[0] + pr.rule.packets[1]; -+ *packets = rule.packets[0] + rule.packets[1]; - if(bytes) -- *bytes = pr.rule.bytes[0] + pr.rule.bytes[1]; -+ *bytes = rule.bytes[0] + rule.bytes[1]; - #else - if(packets) -- *packets = pr.rule.packets; -+ *packets = rule.packets; - if(bytes) -- *bytes = pr.rule.bytes; -+ *bytes = rule.bytes; - #endif - #ifndef PF_NEWSTYLE - memset(&pp, 0, sizeof(pp)); -@@ -1363,15 +1366,15 @@ get_redirect_rule_by_index(int index, - iaddr, iaddrlen); - #endif - #else -- inet_ntop(AF_INET, &pr.rule.rdr.addr.v.a.addr.v4.s_addr, -+ inet_ntop(AF_INET, &rule.rdr.addr.v.a.addr.v4.s_addr, - iaddr, iaddrlen); - #endif - if(rhost && rhostlen > 0) - { - #ifdef PFVAR_NEW_STYLE -- if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0) -+ if (rule.src.addr.v.a.addr.v4addr.s_addr == 0) - #else -- if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0) -+ if (rule.src.addr.v.a.addr.v4.s_addr == 0) - #endif - { - rhost[0] = '\0'; /* empty string */ -@@ -1379,10 +1382,10 @@ get_redirect_rule_by_index(int index, - else - { - #ifdef PFVAR_NEW_STYLE -- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr, -+ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr, - rhost, rhostlen); - #else -- inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, -+ inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr, - rhost, rhostlen); - #endif - } -@@ -1406,6 +1409,7 @@ get_portmappings_in_range(unsigned short startport, un - int i, n; - unsigned short eport; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - - *number = 0; - if(dev<0) { -@@ -1426,7 +1430,7 @@ get_portmappings_in_range(unsigned short startport, un - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) - { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - free(array); - return NULL; - } -@@ -1437,19 +1441,19 @@ get_portmappings_in_range(unsigned short startport, un - for(i=0; i<n; i++) - { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0) - { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - continue; - } - #ifdef __APPLE__ -- eport = ntohs(pr.rule.dst.xport.range.port[0]); -- if( (eport == ntohs(pr.rule.dst.xport.range.port[1])) -+ eport = ntohs(rule.dst.xport.range.port[0]); -+ if( (eport == ntohs(rule.dst.xport.range.port[1])) - #else -- eport = ntohs(pr.rule.dst.port[0]); -- if( (eport == ntohs(pr.rule.dst.port[1])) -+ eport = ntohs(rule.dst.port[0]); -+ if( (eport == ntohs(rule.dst.port[1])) - #endif -- && (pr.rule.proto == proto) -+ && (rule.proto == proto) - && (startport <= eport) && (eport <= endport) ) - { - if(*number >= capacity) diff --git a/net/miniupnpd/files/patch-pf_pfpinhole.c b/net/miniupnpd/files/patch-pf_pfpinhole.c deleted file mode 100644 index 9c62bd94fdd4..000000000000 --- a/net/miniupnpd/files/patch-pf_pfpinhole.c +++ /dev/null @@ -1,210 +0,0 @@ ---- pf/pfpinhole.c.orig 2024-03-19 23:41:25 UTC -+++ pf/pfpinhole.c -@@ -28,6 +28,7 @@ - #include <syslog.h> - #include <stdio.h> - #include <stdlib.h> -+#include <libpfctl.h> - - #include "config.h" - #include "pfpinhole.h" -@@ -171,6 +172,7 @@ int find_pinhole(const char * ifname, - unsigned int ts, tnum; - int i, n; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - struct in6_addr saddr; - struct in6_addr daddr; - UNUSED(ifname); -@@ -191,7 +193,7 @@ int find_pinhole(const char * ifname, - pr.rule.action = PF_PASS; - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -200,22 +202,22 @@ int find_pinhole(const char * ifname, - #endif /* PF_RELEASETICKETS */ - for(i=0; i<n; i++) { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - release_ticket(dev, tnum); - return -1; - } -- if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0])) -- && (0 == memcmp(&saddr, &pr.rule.src.addr.v.a.addr.v6, sizeof(struct in6_addr))) -- && (int_port == ntohs(pr.rule.dst.port[0])) && -- (0 == memcmp(&daddr, &pr.rule.dst.addr.v.a.addr.v6, sizeof(struct in6_addr)))) { -- if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { -- syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", pr.rule.label); -+ if((proto == rule.proto) && (rem_port == ntohs(rule.src.port[0])) -+ && (0 == memcmp(&saddr, &rule.src.addr.v.a.addr.v6, sizeof(struct in6_addr))) -+ && (int_port == ntohs(rule.dst.port[0])) && -+ (0 == memcmp(&daddr, &rule.dst.addr.v.a.addr.v6, sizeof(struct in6_addr)))) { -+ if(sscanf(rule.label[0], PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { -+ syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", rule.label[0]); - continue; - } - if(timestamp) *timestamp = ts; - if(desc) { -- char * p = strchr(pr.rule.label, ':'); -+ char * p = strchr(rule.label[0], ':'); - if(p) { - p += 2; - strlcpy(desc, p, desc_len); -@@ -234,6 +236,7 @@ int delete_pinhole(unsigned short uid) - int i, n; - unsigned int tnum; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - char label_start[PF_RULE_LABEL_SIZE]; - char tmp_label[PF_RULE_LABEL_SIZE]; - -@@ -249,7 +252,7 @@ int delete_pinhole(unsigned short uid) - pr.rule.action = PF_PASS; - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -258,11 +261,11 @@ int delete_pinhole(unsigned short uid) - #endif - for(i=0; i<n; i++) { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - return -1; - } -- strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label)); -+ strlcpy(tmp_label, rule.label[0], sizeof(tmp_label)); - strtok(tmp_label, " "); - if(0 == strcmp(tmp_label, label_start)) { - pr.action = PF_CHANGE_GET_TICKET; -@@ -298,6 +301,7 @@ get_pinhole_info(unsigned short uid, - int i, n; - unsigned int tnum; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - char label_start[PF_RULE_LABEL_SIZE]; - char tmp_label[PF_RULE_LABEL_SIZE]; - char * p; -@@ -314,7 +318,7 @@ get_pinhole_info(unsigned short uid, - pr.rule.action = PF_PASS; - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - n = pr.nr; -@@ -323,29 +327,29 @@ get_pinhole_info(unsigned short uid, - #endif - for(i=0; i<n; i++) { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - release_ticket(dev, tnum); - return -1; - } -- strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label)); -+ strlcpy(tmp_label, rule.label[0], sizeof(tmp_label)); - p = tmp_label; - strsep(&p, " "); - if(0 == strcmp(tmp_label, label_start)) { -- if(rem_host && (inet_ntop(AF_INET6, &pr.rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) { -+ if(rem_host && (inet_ntop(AF_INET6, &rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) { - release_ticket(dev, tnum); - return -1; - } - if(rem_port) -- *rem_port = ntohs(pr.rule.src.port[0]); -- if(int_client && (inet_ntop(AF_INET6, &pr.rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) { -+ *rem_port = ntohs(rule.src.port[0]); -+ if(int_client && (inet_ntop(AF_INET6, &rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) { - release_ticket(dev, tnum); - return -1; - } - if(int_port) -- *int_port = ntohs(pr.rule.dst.port[0]); -+ *int_port = ntohs(rule.dst.port[0]); - if(proto) -- *proto = pr.rule.proto; -+ *proto = rule.proto; - if(timestamp) - sscanf(p, "ts-%u", timestamp); - if(desc) { -@@ -358,14 +362,14 @@ get_pinhole_info(unsigned short uid, - } - #ifdef PFRULE_INOUT_COUNTS - if(packets) -- *packets = pr.rule.packets[0] + pr.rule.packets[1]; -+ *packets = rule.packets[0] + rule.packets[1]; - if(bytes) -- *bytes = pr.rule.bytes[0] + pr.rule.bytes[1]; -+ *bytes = rule.bytes[0] + rule.bytes[1]; - #else - if(packets) -- *packets = pr.rule.packets; -+ *packets = rule.packets; - if(bytes) -- *bytes = pr.rule.bytes; -+ *bytes = rule.bytes; - #endif - release_ticket(dev, tnum); - return 0; -@@ -393,6 +397,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) - { - int i; - struct pfioc_rule pr; -+ struct pfctl_rule rule; - time_t current_time; - unsigned int ts, tnum; - int uid; -@@ -411,7 +416,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) - pr.rule.action = PF_PASS; - #endif - if(ioctl(dev, DIOCGETRULES, &pr) < 0) { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - #ifdef PF_RELEASETICKETS -@@ -419,17 +424,17 @@ int clean_pinhole_list(unsigned int * next_timestamp) - #endif - for(i = pr.nr - 1; i >= 0; i--) { - pr.nr = i; -- if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { - syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - release_ticket(dev, tnum); - return -1; - } -- if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { -- syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", pr.rule.label); -+ if(sscanf(rule.label[0], PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { -+ syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", rule.label[0]); - continue; - } - if(ts <= (unsigned int)current_time) { -- syslog(LOG_INFO, "removing expired pinhole '%s'", pr.rule.label); -+ syslog(LOG_INFO, "removing expired pinhole '%s'", rule.label[0]); - pr.action = PF_CHANGE_GET_TICKET; - if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) { - syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m"); -@@ -449,7 +454,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) - #endif - release_ticket(dev, tnum); - if(ioctl(dev, DIOCGETRULES, &pr) < 0) { -- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); -+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); - return -1; - } - #ifdef PF_RELEASETICKETS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409122241.48CMfqBi083126>