pf (t)ftp-proxy: use libpfctl instead of DIOCGETSTATUS
Prefer libpfctl functions over direct access to the ioctl whenever
possible. This will allow subsequent removal of DIOCGETSTATUS (in 15) as
there already is an nvlist-based alternative.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41647
This commit is contained in:
@@ -169,7 +169,7 @@ do_rollback(void)
|
||||
void
|
||||
init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
|
||||
{
|
||||
struct pf_status status;
|
||||
struct pfctl_status *status;
|
||||
|
||||
qname = opt_qname;
|
||||
tagname = opt_tagname;
|
||||
@@ -182,10 +182,13 @@ init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
|
||||
dev = open("/dev/pf", O_RDWR);
|
||||
if (dev == -1)
|
||||
err(1, "open /dev/pf");
|
||||
if (ioctl(dev, DIOCGETSTATUS, &status) == -1)
|
||||
status = pfctl_get_status(dev);
|
||||
if (status == NULL)
|
||||
err(1, "DIOCGETSTATUS");
|
||||
if (!status.running)
|
||||
if (!status->running)
|
||||
errx(1, "pf is disabled");
|
||||
|
||||
pfctl_free_status(status);
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
@@ -173,7 +173,7 @@ do_rollback(void)
|
||||
void
|
||||
init_filter(char *opt_qname, int opt_verbose)
|
||||
{
|
||||
struct pf_status status;
|
||||
struct pfctl_status *status;
|
||||
|
||||
qname = opt_qname;
|
||||
|
||||
@@ -187,14 +187,17 @@ init_filter(char *opt_qname, int opt_verbose)
|
||||
syslog(LOG_ERR, "can't open /dev/pf");
|
||||
exit(1);
|
||||
}
|
||||
if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
|
||||
status = pfctl_get_status(dev);
|
||||
if (status == NULL) {
|
||||
syslog(LOG_ERR, "DIOCGETSTATUS");
|
||||
exit(1);
|
||||
}
|
||||
if (!status.running) {
|
||||
if (!status->running) {
|
||||
syslog(LOG_ERR, "pf is disabled");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
pfctl_free_status(status);
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
Reference in New Issue
Block a user