From owner-freebsd-pf@FreeBSD.ORG Sun Dec 19 04:55:00 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2896216A4CE for ; Sun, 19 Dec 2004 04:55:00 +0000 (GMT) Received: from smtp02.net-yan.com (smtp02.hgcbroadband.com [210.0.255.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EFCE43D46 for ; Sun, 19 Dec 2004 04:54:59 +0000 (GMT) (envelope-from sam.wun@authtec.com) Received: (qmail 9315 invoked from network); 19 Dec 2004 04:54:57 -0000 Received: from unknown (HELO [192.168.4.70]) (samwun@hgcbroadband.com@[221.126.236.217]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 19 Dec 2004 04:54:57 -0000 Message-ID: <41C5097B.5020606@authtec.com> Date: Sun, 19 Dec 2004 12:54:19 +0800 From: sam wun User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> <41C3BA23.5070207@authtec.com> <200412181714.51674.max@love2party.net> In-Reply-To: <200412181714.51674.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-pf@freebsd.org Subject: DIOCCHANGERULE may be used in PF? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Dec 2004 04:55:00 -0000 Hi, I m not sure whether ssp_pf.c file should use DIOCADDADDR instead of DIOCCHANGERULE. As I looked into authpf.c file in function add_pool(), authpf only use DIOCADDADDR for adding new rule to PF. I also want to find out where does DIOCCHANGERULE used in PF, but nothing is found except in the man page: # cd src/contrib/pf # grep -r DIOCCHANGERULE * man/pf.4:for subsequent DIOCADDADDR, DIOCADDRULE and DIOCCHANGERULE calls. man/pf.4:DIOCADDRULE or DIOCCHANGERULE call. man/pf.4:.It Dv DIOCCHANGERULE Fa "struct pfioc_rule" DIOCCHANGERULE may not be used. If I want to add new rule in PF, I may be need to use DIOCADDADDR rather than DIOCCHANGERULE. Any comment? Thanks Sam Max Laier wrote: >On Saturday 18 December 2004 06:03, sam wun wrote: > > >>Thanks for the sugestion. I use pfctl -ss found some Established state, >>the sample code works great. >>I would like to write a C program add rule to PF base on based on user >>defined anchor and tables. Where can I find more inforamtion and >>guideline about doing that? >> >> > >Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is >quite readable and it should be easy to determine what to hand to the various >ioctls. In most of the cases you don't really need to write your own C code. >Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to >it. Take a look at the spamd port (mail/spamd) which does just that. You >might need a fdescfs(5) in order to drop root privs and use the -p option. >But that should all be obvious from the spamd code. > > >