diff options
Diffstat (limited to 'contrib/pf/ftp-proxy/filter.c')
| -rw-r--r-- | contrib/pf/ftp-proxy/filter.c | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c index 612e35c4ac6e..3bad5feb4be4 100644 --- a/contrib/pf/ftp-proxy/filter.c +++ b/contrib/pf/ftp-proxy/filter.c @@ -57,7 +57,7 @@ static uint32_t pfticket; static uint32_t pfpool_ticket; static struct pfioc_trans pft; static struct pfioc_trans_e pfte[TRANS_SIZE]; -static int dev, rule_log; +static int rule_log; static struct pfctl_handle *pfh = NULL; static const char *qname, *tagname; @@ -104,7 +104,7 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, &satosin6(nat)->sin6_addr.s6_addr, 16); memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16); } - if (ioctl(dev, DIOCADDADDR, &pfp) == -1) + if (ioctl(pfctl_fd(pfh), DIOCADDADDR, &pfp) == -1) return (-1); pfrule.rpool.proxy_port[0] = nat_range_low; @@ -138,7 +138,7 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, &satosin6(rdr)->sin6_addr.s6_addr, 16); memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16); } - if (ioctl(dev, DIOCADDADDR, &pfp) == -1) + if (ioctl(pfctl_fd(pfh), DIOCADDADDR, &pfp) == -1) return (-1); pfrule.rpool.proxy_port[0] = rdr_port; @@ -152,7 +152,7 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, int do_commit(void) { - if (ioctl(dev, DIOCXCOMMIT, &pft) == -1) + if (ioctl(pfctl_fd(pfh), DIOCXCOMMIT, &pft) == -1) return (-1); return (0); @@ -161,7 +161,7 @@ do_commit(void) int do_rollback(void) { - if (ioctl(dev, DIOCXROLLBACK, &pft) == -1) + if (ioctl(pfctl_fd(pfh), DIOCXROLLBACK, &pft) == -1) return (-1); return (0); @@ -180,13 +180,10 @@ init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose) else if (opt_verbose == 2) rule_log = PF_LOG_ALL; - dev = open("/dev/pf", O_RDWR); - if (dev == -1) - err(1, "open /dev/pf"); pfh = pfctl_open(PF_DEVICE); if (pfh == NULL) err(1, "pfctl_open"); - status = pfctl_get_status(dev); + status = pfctl_get_status(pfctl_fd(pfh)); if (status == NULL) err(1, "DIOCGETSTATUS"); if (!status->running) @@ -227,7 +224,7 @@ prepare_commit(u_int32_t id) } } - if (ioctl(dev, DIOCXBEGIN, &pft) == -1) + if (ioctl(pfctl_fd(pfh), DIOCXBEGIN, &pft) == -1) return (-1); return (0); @@ -266,7 +263,7 @@ prepare_rule(u_int32_t id, int rs_num, struct sockaddr *src, errno = EINVAL; return (-1); } - if (ioctl(dev, DIOCBEGINADDRS, &pfp) == -1) + if (ioctl(pfctl_fd(pfh), DIOCBEGINADDRS, &pfp) == -1) return (-1); pfpool_ticket = pfp.ticket; @@ -366,7 +363,7 @@ server_lookup4(struct sockaddr_in *client, struct sockaddr_in *proxy, pnl.sport = client->sin_port; pnl.dport = proxy->sin_port; - if (ioctl(dev, DIOCNATLOOK, &pnl) == -1) + if (ioctl(pfctl_fd(pfh), DIOCNATLOOK, &pnl) == -1) return (-1); memset(server, 0, sizeof(struct sockaddr_in)); @@ -394,7 +391,7 @@ server_lookup6(struct sockaddr_in6 *client, struct sockaddr_in6 *proxy, pnl.sport = client->sin6_port; pnl.dport = proxy->sin6_port; - if (ioctl(dev, DIOCNATLOOK, &pnl) == -1) + if (ioctl(pfctl_fd(pfh), DIOCNATLOOK, &pnl) == -1) return (-1); memset(server, 0, sizeof(struct sockaddr_in6)); |