pf (t)ftp-proxy: use libpfctl instead of DIOCGETSTATUS

Prefer libpfctl functions over direct access to the ioctl whenever possible. This will allow subsequent removal of DIOCGETSTATUS (in 15) as there already is an nvlist-based alternative. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41647 (cherry picked from commit ddd08375c8)
2024-10-04 15:40:44 +00:00 · 2023-08-29 17:00:44 +02:00 · 2023-08-29 17:00:44 +02:00 · c34ca43649
parent 27968aa022
commit c34ca43649
2 changed files with 12 additions and 6 deletions
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@ -169,7 +169,7 @@ do_rollback(void)
 void
 init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
 {
-	struct pf_status status;
+	struct pfctl_status *status;

 	qname = opt_qname;
 	tagname = opt_tagname;
@ -182,10 +182,13 @@ init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
 	dev = open("/dev/pf", O_RDWR);	
 	if (dev == -1)
 		err(1, "open /dev/pf");
-	if (ioctl(dev, DIOCGETSTATUS, &status) == -1)
+	status = pfctl_get_status(dev);
+	if (status == NULL)
 		err(1, "DIOCGETSTATUS");
-	if (!status.running)
+	if (!status->running)
 		errx(1, "pf is disabled");
+
+	pfctl_free_status(status);
 }

 int
--- a/contrib/pf/tftp-proxy/filter.c
+++ b/contrib/pf/tftp-proxy/filter.c
@ -173,7 +173,7 @@ do_rollback(void)
 void
 init_filter(char *opt_qname, int opt_verbose)
 {
-	struct pf_status status;
+	struct pfctl_status *status;

 	qname = opt_qname;

@ -187,14 +187,17 @@ init_filter(char *opt_qname, int opt_verbose)
 		syslog(LOG_ERR, "can't open /dev/pf");
 		exit(1);
 	}
-	if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
+	status = pfctl_get_status(dev);
+	if (status == NULL) {
 		syslog(LOG_ERR, "DIOCGETSTATUS");
 		exit(1);
 	}
-	if (!status.running) {
+	if (!status->running) {
 		syslog(LOG_ERR, "pf is disabled");
 		exit(1);
 	}
+
+	pfctl_free_status(status);
 }

 int