Date: Wed, 29 May 2024 15:02:47 GMT From: Baptiste Daroussin <bapt@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 81eb1a733dac - main - net/miniupnpd: update to 2.3.6 Message-ID: <202405291502.44TF2lKW048139@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bapt: URL: https://cgit.FreeBSD.org/ports/commit/?id=81eb1a733dacc201a8264908cc0bb7053fdaa8e3 commit 81eb1a733dacc201a8264908cc0bb7053fdaa8e3 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-05-08 08:39:08 +0000 Commit: Baptiste Daroussin <bapt@FreeBSD.org> CommitDate: 2024-05-29 15:02:08 +0000 net/miniupnpd: update to 2.3.6 PR: 273207 PR: https://redmine.pfsense.org/issues/15470 Sponsored by: Rubicon Communications, LLC ("Netgate") --- net/miniupnpd/Makefile | 5 +- net/miniupnpd/distinfo | 6 +- net/miniupnpd/files/patch-pf_obsdrdr.c | 164 ++++++++++++++++++++++++------- net/miniupnpd/files/patch-pf_pfpinhole.c | 88 +++++++++++++---- 4 files changed, 201 insertions(+), 62 deletions(-) diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 5a4fbb0bdcf4..cce1a2539cb1 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -1,6 +1,5 @@ PORTNAME= miniupnpd -DISTVERSION= 2.3.3 -PORTREVISION= 3 +DISTVERSION= 2.3.6 PORTEPOCH= 1 CATEGORIES= net @@ -18,7 +17,7 @@ CPE_VENDOR= miniupnp_project USE_GITHUB= yes GH_ACCOUNT= miniupnp GH_PROJECT= miniupnp -GH_TAGNAME= e439318 +GH_TAGNAME= miniupnpd_2_3_6 USE_RC_SUBR= miniupnpd diff --git a/net/miniupnpd/distinfo b/net/miniupnpd/distinfo index 5dea730d0c4b..1d7be071d12b 100644 --- a/net/miniupnpd/distinfo +++ b/net/miniupnpd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1683175217 -SHA256 (miniupnp-miniupnp-2.3.3-e439318_GH0.tar.gz) = 9324cd00db2d203f0f09e15d8556ff63b40de09bfa755b2b9a64856e146b3b44 -SIZE (miniupnp-miniupnp-2.3.3-e439318_GH0.tar.gz) = 454838 +TIMESTAMP = 1715155832 +SHA256 (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 6e5ee2239030486675f558cc840d154e5e2db9517efc96c5b0ab2b2c34c1a128 +SIZE (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 462607 diff --git a/net/miniupnpd/files/patch-pf_obsdrdr.c b/net/miniupnpd/files/patch-pf_obsdrdr.c index 0f245db26a1b..a13e3888ed46 100644 --- a/net/miniupnpd/files/patch-pf_obsdrdr.c +++ b/net/miniupnpd/files/patch-pf_obsdrdr.c @@ -1,4 +1,4 @@ ---- pf/obsdrdr.c.orig 2023-02-17 03:09:33 UTC +--- pf/obsdrdr.c.orig 2024-03-19 23:41:25 UTC +++ pf/obsdrdr.c @@ -64,6 +64,8 @@ #include <stdio.h> @@ -9,7 +9,7 @@ #include "../macros.h" #include "config.h" #include "obsdrdr.h" -@@ -154,7 +156,7 @@ init_redirect(void) +@@ -155,7 +157,7 @@ init_redirect(void) int init_redirect(void) { @@ -18,7 +18,7 @@ if(dev>=0) shutdown_redirect(); dev = open("/dev/pf", O_RDWR); -@@ -162,14 +164,16 @@ init_redirect(void) +@@ -163,14 +165,16 @@ init_redirect(void) syslog(LOG_ERR, "open(\"/dev/pf\"): %m"); return -1; } @@ -37,23 +37,33 @@ return 0; } -@@ -464,6 +468,7 @@ delete_nat_rule(const char * ifname, unsigned short ip - { - int i, n; +@@ -471,6 +475,7 @@ delete_nat_rule(const char * ifname, unsigned short ip + int i, n, r; + unsigned int tnum; struct pfioc_rule pr; + struct pfctl_rule rule; UNUSED(ifname); if(dev<0) { syslog(LOG_ERR, "pf device is not open"); -@@ -486,19 +491,19 @@ delete_nat_rule(const char * ifname, unsigned short ip +@@ -486,7 +491,7 @@ delete_nat_rule(const char * ifname, unsigned short ip + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } + n = pr.nr; +@@ -497,7 +502,7 @@ delete_nat_rule(const char * ifname, unsigned short ip for(i=0; i<n; i++) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_NAT, &rule, pr.anchor_call) != 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - goto error; + r = -1; +@@ -505,12 +510,12 @@ delete_nat_rule(const char * ifname, unsigned short ip } #ifdef TEST syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x %8x", @@ -71,23 +81,58 @@ { pr.action = PF_CHANGE_GET_TICKET; if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) -@@ -843,6 +848,7 @@ get_redirect_rule(const char * ifname, unsigned short +@@ -842,7 +847,7 @@ get_redirect_rule_count(const char * ifname) + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } + release_ticket(dev, pr.ticket); +@@ -863,7 +868,9 @@ get_redirect_rule(const char * ifname, unsigned short { - int i, n; - struct pfioc_rule pr; + int i, n, r; + unsigned int tnum; +- struct pfioc_rule pr; ++ struct pfctl_rules_info info; + struct pfctl_rule rule; ++ char anchor_call[MAXPATHLEN]; #ifndef PF_NEWSTYLE struct pfioc_pooladdr pp; #endif -@@ -866,37 +872,37 @@ get_redirect_rule(const char * ifname, unsigned short +@@ -873,63 +880,57 @@ get_redirect_rule(const char * ifname, unsigned short + syslog(LOG_ERR, "pf device is not open"); + return -1; + } +- memset(&pr, 0, sizeof(pr)); +- strlcpy(pr.anchor, anchor_name, MAXPATHLEN); +-#ifndef PF_NEWSTYLE +- pr.rule.action = PF_RDR; +-#endif +- if(ioctl(dev, DIOCGETRULES, &pr) < 0) ++ if (pfctl_get_rules_info(dev, &info, PF_RDR, anchor_name) != 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } +- n = pr.nr; ++ n = info.nr; + #ifdef PF_RELEASETICKETS +- tnum = pr.ticket; ++ tnum = info.ticket; + #endif /* PF_RELEASETICKETS */ + r = -2; for(i=0; i<n; i++) { - pr.nr = i; +- pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) ++ if (pfctl_get_rule(dev, i, info.ticket, anchor_name, PF_RDR, &rule, anchor_call) != 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - goto error; + r = -1; + break; } #ifdef __APPLE__ - if( (eport == ntohs(pr.rule.dst.xport.range.port[0])) @@ -130,7 +175,15 @@ #endif #ifndef PF_NEWSTYLE memset(&pp, 0, sizeof(pp)); -@@ -928,15 +934,15 @@ get_redirect_rule(const char * ifname, unsigned short + strlcpy(pp.anchor, anchor_name, MAXPATHLEN); + pp.r_action = PF_RDR; + pp.r_num = i; +- pp.ticket = pr.ticket; ++ pp.ticket = info.ticket; + if(ioctl(dev, DIOCGETADDRS, &pp) < 0) + { + syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m"); +@@ -957,15 +958,15 @@ get_redirect_rule(const char * ifname, unsigned short iaddr, iaddrlen); #endif #else @@ -149,7 +202,7 @@ #endif { rhost[0] = '\0'; /* empty string */ -@@ -944,10 +950,10 @@ get_redirect_rule(const char * ifname, unsigned short +@@ -973,10 +974,10 @@ get_redirect_rule(const char * ifname, unsigned short else { #ifdef PFVAR_NEW_STYLE @@ -162,23 +215,33 @@ rhost, rhostlen); #endif } -@@ -978,6 +984,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna - { - int i, n; +@@ -1010,6 +1011,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna + int i, n, r; + unsigned int tnum; struct pfioc_rule pr; + struct pfctl_rule rule; UNUSED(ifname); if(dev<0) { -@@ -998,23 +1005,23 @@ priv_delete_redirect_rule_check_desc(const char * ifna +@@ -1023,7 +1025,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } + n = pr.nr; +@@ -1034,24 +1036,24 @@ priv_delete_redirect_rule_check_desc(const char * ifna for(i=0; i<n; i++) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); - goto error; + r = -1; + break; } #ifdef __APPLE__ - if( (eport == ntohs(pr.rule.dst.xport.range.port[0])) @@ -201,7 +264,7 @@ if(iaddr) { /* retrieve internal address */ -@@ -1047,33 +1054,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna +@@ -1087,33 +1089,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna #endif } #else @@ -240,23 +303,41 @@ - (desc && 0 == strcmp(desc, pr.rule.label))) { + if((desc == NULL && rule.label[0][0] == '\0') || + (desc && 0 == strcmp(desc, rule.label[0]))) { - return 1; + r = 1; + break; } - } -@@ -1208,6 +1215,7 @@ get_redirect_rule_by_index(int index, - { - int n; +@@ -1175,7 +1177,7 @@ priv_delete_filter_rule(const char * ifname, unsigned + pr.rule.action = PF_PASS; + if(ioctl(dev, DIOCGETRULES, &pr) < 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } + n = pr.nr; +@@ -1275,6 +1277,7 @@ get_redirect_rule_by_index(int index, + int n, r; + unsigned int tnum; struct pfioc_rule pr; + struct pfctl_rule rule; #ifndef PF_NEWSTYLE struct pfioc_pooladdr pp; #endif -@@ -1231,36 +1239,36 @@ get_redirect_rule_by_index(int index, +@@ -1291,7 +1294,7 @@ get_redirect_rule_by_index(int index, + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } + n = pr.nr; +@@ -1302,36 +1305,36 @@ get_redirect_rule_by_index(int index, if(index >= n) goto error; pr.nr = index; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) ++ if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); goto error; @@ -300,7 +381,7 @@ #endif #ifndef PF_NEWSTYLE memset(&pp, 0, sizeof(pp)); -@@ -1292,15 +1300,15 @@ get_redirect_rule_by_index(int index, +@@ -1363,15 +1366,15 @@ get_redirect_rule_by_index(int index, iaddr, iaddrlen); #endif #else @@ -319,7 +400,7 @@ #endif { rhost[0] = '\0'; /* empty string */ -@@ -1308,10 +1316,10 @@ get_redirect_rule_by_index(int index, +@@ -1379,10 +1382,10 @@ get_redirect_rule_by_index(int index, else { #ifdef PFVAR_NEW_STYLE @@ -332,7 +413,7 @@ rhost, rhostlen); #endif } -@@ -1334,6 +1342,7 @@ get_portmappings_in_range(unsigned short startport, un +@@ -1406,6 +1409,7 @@ get_portmappings_in_range(unsigned short startport, un int i, n; unsigned short eport; struct pfioc_rule pr; @@ -340,12 +421,21 @@ *number = 0; if(dev<0) { -@@ -1362,19 +1371,19 @@ get_portmappings_in_range(unsigned short startport, un +@@ -1426,7 +1430,7 @@ get_portmappings_in_range(unsigned short startport, un + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) + { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + free(array); + return NULL; + } +@@ -1437,19 +1441,19 @@ get_portmappings_in_range(unsigned short startport, un for(i=0; i<n; i++) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); continue; diff --git a/net/miniupnpd/files/patch-pf_pfpinhole.c b/net/miniupnpd/files/patch-pf_pfpinhole.c index 9605ab3fd4a7..9c62bd94fdd4 100644 --- a/net/miniupnpd/files/patch-pf_pfpinhole.c +++ b/net/miniupnpd/files/patch-pf_pfpinhole.c @@ -1,4 +1,4 @@ ---- pf/pfpinhole.c.orig 2023-10-30 16:24:29 UTC +--- pf/pfpinhole.c.orig 2024-03-19 23:41:25 UTC +++ pf/pfpinhole.c @@ -28,6 +28,7 @@ #include <syslog.h> @@ -8,21 +8,31 @@ #include "config.h" #include "pfpinhole.h" -@@ -170,6 +171,7 @@ int find_pinhole(const char * ifname, - unsigned int ts; +@@ -171,6 +172,7 @@ int find_pinhole(const char * ifname, + unsigned int ts, tnum; int i, n; struct pfioc_rule pr; + struct pfctl_rule rule; struct in6_addr saddr; struct in6_addr daddr; UNUSED(ifname); -@@ -196,21 +198,21 @@ int find_pinhole(const char * ifname, +@@ -191,7 +193,7 @@ int find_pinhole(const char * ifname, + pr.rule.action = PF_PASS; + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } n = pr.nr; +@@ -200,22 +202,22 @@ int find_pinhole(const char * ifname, + #endif /* PF_RELEASETICKETS */ for(i=0; i<n; i++) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) { ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); + release_ticket(dev, tnum); return -1; } - if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0])) @@ -46,20 +56,29 @@ if(p) { p += 2; strlcpy(desc, p, desc_len); -@@ -226,6 +228,7 @@ int delete_pinhole(unsigned short uid) - { +@@ -234,6 +236,7 @@ int delete_pinhole(unsigned short uid) int i, n; + unsigned int tnum; struct pfioc_rule pr; + struct pfctl_rule rule; char label_start[PF_RULE_LABEL_SIZE]; char tmp_label[PF_RULE_LABEL_SIZE]; -@@ -247,11 +250,11 @@ int delete_pinhole(unsigned short uid) +@@ -249,7 +252,7 @@ int delete_pinhole(unsigned short uid) + pr.rule.action = PF_PASS; + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } n = pr.nr; +@@ -258,11 +261,11 @@ int delete_pinhole(unsigned short uid) + #endif for(i=0; i<n; i++) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) { ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); return -1; } @@ -68,21 +87,31 @@ strtok(tmp_label, " "); if(0 == strcmp(tmp_label, label_start)) { pr.action = PF_CHANGE_GET_TICKET; -@@ -282,6 +285,7 @@ get_pinhole_info(unsigned short uid, - { +@@ -298,6 +301,7 @@ get_pinhole_info(unsigned short uid, int i, n; + unsigned int tnum; struct pfioc_rule pr; + struct pfctl_rule rule; char label_start[PF_RULE_LABEL_SIZE]; char tmp_label[PF_RULE_LABEL_SIZE]; char * p; -@@ -304,26 +308,26 @@ get_pinhole_info(unsigned short uid, +@@ -314,7 +318,7 @@ get_pinhole_info(unsigned short uid, + pr.rule.action = PF_PASS; + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } n = pr.nr; +@@ -323,29 +327,29 @@ get_pinhole_info(unsigned short uid, + #endif for(i=0; i<n; i++) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) { ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); + release_ticket(dev, tnum); return -1; } - strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label)); @@ -92,6 +121,7 @@ if(0 == strcmp(tmp_label, label_start)) { - if(rem_host && (inet_ntop(AF_INET6, &pr.rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) { + if(rem_host && (inet_ntop(AF_INET6, &rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) { + release_ticket(dev, tnum); return -1; } if(rem_port) @@ -99,6 +129,7 @@ - if(int_client && (inet_ntop(AF_INET6, &pr.rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) { + *rem_port = ntohs(rule.src.port[0]); + if(int_client && (inet_ntop(AF_INET6, &rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) { + release_ticket(dev, tnum); return -1; } if(int_port) @@ -110,7 +141,7 @@ if(timestamp) sscanf(p, "ts-%u", timestamp); if(desc) { -@@ -336,14 +340,14 @@ get_pinhole_info(unsigned short uid, +@@ -358,14 +362,14 @@ get_pinhole_info(unsigned short uid, } #ifdef PFRULE_INOUT_COUNTS if(packets) @@ -127,23 +158,33 @@ - *bytes = pr.rule.bytes; + *bytes = rule.bytes; #endif + release_ticket(dev, tnum); return 0; - } -@@ -369,6 +373,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) +@@ -393,6 +397,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) { int i; struct pfioc_rule pr; + struct pfctl_rule rule; time_t current_time; - unsigned int ts; + unsigned int ts, tnum; int uid; -@@ -392,16 +397,16 @@ int clean_pinhole_list(unsigned int * next_timestamp) +@@ -411,7 +416,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) + pr.rule.action = PF_PASS; + #endif + if(ioctl(dev, DIOCGETRULES, &pr) < 0) { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; } + #ifdef PF_RELEASETICKETS +@@ -419,17 +424,17 @@ int clean_pinhole_list(unsigned int * next_timestamp) + #endif for(i = pr.nr - 1; i >= 0; i--) { pr.nr = i; - if(ioctl(dev, DIOCGETRULE, &pr) < 0) { -+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) { ++ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) { syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); + release_ticket(dev, tnum); return -1; } - if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) { @@ -158,3 +199,12 @@ pr.action = PF_CHANGE_GET_TICKET; if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) { syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m"); +@@ -449,7 +454,7 @@ int clean_pinhole_list(unsigned int * next_timestamp) + #endif + release_ticket(dev, tnum); + if(ioctl(dev, DIOCGETRULES, &pr) < 0) { +- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m"); ++ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__); + return -1; + } + #ifdef PF_RELEASETICKETS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405291502.44TF2lKW048139>