From owner-dev-commits-src-branches@freebsd.org Fri May 14 13:06:53 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 61E6D647714; Fri, 14 May 2021 13:06:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FhTM05vwyz3ksv; Fri, 14 May 2021 13:06:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D45DF12C47; Fri, 14 May 2021 13:06:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14ED6pCa052628; Fri, 14 May 2021 13:06:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14ED6pwc052627; Fri, 14 May 2021 13:06:51 GMT (envelope-from git) Date: Fri, 14 May 2021 13:06:51 GMT Message-Id: <202105141306.14ED6pwc052627@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: c505bdcc4e88 - stable/13 - authpf: Start using libpfctl MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c505bdcc4e8856975920b67f8e070f944331c921 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2021 13:06:55 -0000 The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=c505bdcc4e8856975920b67f8e070f944331c921 commit c505bdcc4e8856975920b67f8e070f944331c921 Author: Kristof Provost AuthorDate: 2021-04-30 08:26:52 +0000 Commit: Kristof Provost CommitDate: 2021-05-14 08:40:12 +0000 authpf: Start using libpfctl Use pfctl_kill_states() rather than the DIOCKILLSTATES ioctl directly. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30057 (cherry picked from commit 2b2ed4a69730be72f792179d57dedf2945b3d1aa) --- contrib/pf/authpf/authpf.c | 35 ++++++++++++++++++----------------- usr.sbin/authpf/Makefile | 3 ++- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/contrib/pf/authpf/authpf.c b/contrib/pf/authpf/authpf.c index ac5d85b21cbc..4032efb27895 100644 --- a/contrib/pf/authpf/authpf.c +++ b/contrib/pf/authpf/authpf.c @@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$"); #ifdef __FreeBSD__ #include #endif +#include #include #include #include @@ -889,37 +890,37 @@ change_table(int add, const char *ip_src) static void authpf_kill_states(void) { - struct pfioc_state_kill psk; + struct pfctl_kill kill; struct pf_addr target; - memset(&psk, 0, sizeof(psk)); + memset(&kill, 0, sizeof(kill)); memset(&target, 0, sizeof(target)); if (inet_pton(AF_INET, ipsrc, &target.v4) == 1) - psk.psk_af = AF_INET; + kill.af = AF_INET; else if (inet_pton(AF_INET6, ipsrc, &target.v6) == 1) - psk.psk_af = AF_INET6; + kill.af = AF_INET6; else { syslog(LOG_ERR, "inet_pton(%s) failed", ipsrc); return; } /* Kill all states from ipsrc */ - memcpy(&psk.psk_src.addr.v.a.addr, &target, - sizeof(psk.psk_src.addr.v.a.addr)); - memset(&psk.psk_src.addr.v.a.mask, 0xff, - sizeof(psk.psk_src.addr.v.a.mask)); - if (ioctl(dev, DIOCKILLSTATES, &psk)) - syslog(LOG_ERR, "DIOCKILLSTATES failed (%m)"); + memcpy(&kill.src.addr.v.a.addr, &target, + sizeof(kill.src.addr.v.a.addr)); + memset(&kill.src.addr.v.a.mask, 0xff, + sizeof(kill.src.addr.v.a.mask)); + if (pfctl_kill_states(dev, &kill, NULL)) + syslog(LOG_ERR, "pfctl_kill_states() failed (%m)"); /* Kill all states to ipsrc */ - memset(&psk.psk_src, 0, sizeof(psk.psk_src)); - memcpy(&psk.psk_dst.addr.v.a.addr, &target, - sizeof(psk.psk_dst.addr.v.a.addr)); - memset(&psk.psk_dst.addr.v.a.mask, 0xff, - sizeof(psk.psk_dst.addr.v.a.mask)); - if (ioctl(dev, DIOCKILLSTATES, &psk)) - syslog(LOG_ERR, "DIOCKILLSTATES failed (%m)"); + memset(&kill.src, 0, sizeof(kill.src)); + memcpy(&kill.dst.addr.v.a.addr, &target, + sizeof(kill.dst.addr.v.a.addr)); + memset(&kill.dst.addr.v.a.mask, 0xff, + sizeof(kill.dst.addr.v.a.mask)); + if (pfctl_kill_states(dev, &kill, NULL)) + syslog(LOG_ERR, "pfctl_kill_states() failed (%m)"); } /* signal handler that makes us go away properly */ diff --git a/usr.sbin/authpf/Makefile b/usr.sbin/authpf/Makefile index 19fd66b47b3d..62fe84086c16 100644 --- a/usr.sbin/authpf/Makefile +++ b/usr.sbin/authpf/Makefile @@ -12,8 +12,9 @@ SRCS= authpf.c # XXX ALTQ: CFLAGS+= -DENABLE_ALTQ +CFLAGS+= -I${SRCTOP}/lib/libpfctl -I${OBJTOP}/lib/libpfctl -LIBADD= m util +LIBADD= m util pfctl WARNS?= 3