Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FreeBSD: use libpfctl #671

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

FreeBSD: use libpfctl #671

wants to merge 1 commit into from

Conversation

kprovost
Copy link

FreeBSD 15 has removed several ioctl calls (such as DIOCGETSTATUS and DIOCGETRULE) and replaced them. The easiest way to cope with that is to use the provided libpfctl library.

NOTE: This version of the patch will break use on OpenBSD or NetBSD and is intended to serve as a basis for discussing the best approach to cope with these differences.

Sponsored by: Rubicon Communications, LLC ("Netgate")

@miniupnp miniupnp self-assigned this Nov 11, 2023
@miniupnp
Copy link
Owner

I think we should #define USE_LIBPFCTL in configure and use some #ifdef in the code...

@kprovost
Copy link
Author

kprovost commented Nov 14, 2023
edited

Something like this then.

I've added an 'r' pointer in most functions because it avoids a lot of ifdef USE_LIBPFCTL then rule.... #else pr.rule.... #endif all over the place.

miniupnp
miniupnp reviewed Nov 14, 2023
View reviewed changes
miniupnpd/configure Outdated Show resolved Hide resolved
@miniupnp miniupnp added miniupnpd pf BSD BSD Rocks :=) labels Nov 14, 2023
@miniupnp
Copy link
Owner

It looks great !

miniupnp added a commit that referenced this pull request Nov 14, 2023
@miniupnp
obsdrdr.c: struct pf_rule *r = &pr.rule;
69bc3c9 
to prepare the use of libpfctl

see #671
@kprovost
use libpfctl
6fd6cdb 
FreeBSD 15 has removed several ioctl calls (such as DIOCGETSTATUS and
DIOCGETRULE) and replaced them. The easiest way to cope with that is to
use the provided libpfctl library.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
@miniupnp
Copy link
Owner

@kprovost libpfctl will only be available starting with FreeBSD 15, right ?

@kprovost
Copy link
Author

@kprovost libpfctl will only be available starting with FreeBSD 15, right ?

No, it's available on all support FreeBSD versions, 12.4, 13.2 and 14.0. The DIOCGETRULE ioctl no longer exists in 15, so there you either use libpfctl or implement the new nvlist-based ioctl (don't do that, it's likely to go away and be replaced as well).

miniupnp added a commit that referenced this pull request Nov 16, 2023
@miniupnp
configure: --uselibpfctl / USE_LIBPFCTL
0a3475c 
see #671
@miniupnp
Copy link
Owner

shouldn't pfctl_get_rules_info() be used instead of DIOCGETRULES ?

@kprovost
Copy link
Author

We can, and in due course should, but it's not required on FreeBSD 15.
The DIOCGETRULES ioctl hasn't been removed (yet).

I think I'd prefer to keep this patch as small as possible to fix the immediate problem (of not actually working with FreeBSD 15). We can continue other cleanup work in separate patches.

miniupnp added a commit that referenced this pull request May 13, 2024
@miniupnp
configure: --uselibpfctl / USE_LIBPFCTL
175a7cd 
see #671
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miniupnp miniupnp miniupnp left review comments

Assignees

@miniupnp miniupnp

Labels
BSD BSD Rocks :=) miniupnpd pf
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kprovost @miniupnp