Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Dec 2004 12:54:19 +0800
From:      sam wun <sam.wun@authtec.com>
To:        Max Laier <max@love2party.net>
Cc:        freebsd-pf@freebsd.org
Subject:   DIOCCHANGERULE may be used in PF?
Message-ID:  <41C5097B.5020606@authtec.com>
In-Reply-To: <200412181714.51674.max@love2party.net>
References:  <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> <41C3BA23.5070207@authtec.com> <200412181714.51674.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

I m not sure whether ssp_pf.c file should use DIOCADDADDR instead of 
DIOCCHANGERULE.

As I looked into authpf.c file in function add_pool(), authpf only use 
DIOCADDADDR for adding new rule to PF.

I also want to find out where does DIOCCHANGERULE used in PF, but 
nothing is found except in the man page:
# cd src/contrib/pf
# grep -r DIOCCHANGERULE *
man/pf.4:for subsequent DIOCADDADDR, DIOCADDRULE and DIOCCHANGERULE calls.
man/pf.4:DIOCADDRULE or DIOCCHANGERULE call.
man/pf.4:.It Dv DIOCCHANGERULE  Fa "struct pfioc_rule"

DIOCCHANGERULE may not be used. If I want to add new rule in PF, I may 
be need to use DIOCADDADDR rather than DIOCCHANGERULE.

Any comment?

Thanks
Sam

Max Laier wrote:

>On Saturday 18 December 2004 06:03, sam wun wrote:
>  
>
>>Thanks for the sugestion. I use pfctl -ss found some Established state,
>>the sample code works great.
>>I would like to write a C program add rule to PF base on based on user
>>defined anchor and tables. Where can I find more inforamtion and
>>guideline about doing that?
>>    
>>
>
>Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is 
>quite readable and it should be easy to determine what to hand to the various 
>ioctls. In most of the cases you don't really need to write your own C code. 
>Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to 
>it. Take a look at the spamd port (mail/spamd) which does just that. You 
>might need a fdescfs(5) in order to drop root privs and use the -p option. 
>But that should all be obvious from the spamd code.
>
>  
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C5097B.5020606>