Date: Sun, 19 Dec 2004 12:54:19 +0800 From: sam wun <sam.wun@authtec.com> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: DIOCCHANGERULE may be used in PF? Message-ID: <41C5097B.5020606@authtec.com> In-Reply-To: <200412181714.51674.max@love2party.net> References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> <41C3BA23.5070207@authtec.com> <200412181714.51674.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I m not sure whether ssp_pf.c file should use DIOCADDADDR instead of DIOCCHANGERULE. As I looked into authpf.c file in function add_pool(), authpf only use DIOCADDADDR for adding new rule to PF. I also want to find out where does DIOCCHANGERULE used in PF, but nothing is found except in the man page: # cd src/contrib/pf # grep -r DIOCCHANGERULE * man/pf.4:for subsequent DIOCADDADDR, DIOCADDRULE and DIOCCHANGERULE calls. man/pf.4:DIOCADDRULE or DIOCCHANGERULE call. man/pf.4:.It Dv DIOCCHANGERULE Fa "struct pfioc_rule" DIOCCHANGERULE may not be used. If I want to add new rule in PF, I may be need to use DIOCADDADDR rather than DIOCCHANGERULE. Any comment? Thanks Sam Max Laier wrote: >On Saturday 18 December 2004 06:03, sam wun wrote: > > >>Thanks for the sugestion. I use pfctl -ss found some Established state, >>the sample code works great. >>I would like to write a C program add rule to PF base on based on user >>defined anchor and tables. Where can I find more inforamtion and >>guideline about doing that? >> >> > >Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is >quite readable and it should be easy to determine what to hand to the various >ioctls. In most of the cases you don't really need to write your own C code. >Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to >it. Take a look at the spamd port (mail/spamd) which does just that. You >might need a fdescfs(5) in order to drop root privs and use the -p option. >But that should all be obvious from the spamd code. > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C5097B.5020606>