pf (t)ftp-proxy: use libpfctl instead of DIOCGETSTATUS

Prefer libpfctl functions over direct access to the ioctl whenever possible. This will allow subsequent removal of DIOCGETSTATUS (in 15) as there already is an nvlist-based alternative. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41647
2024-07-22 18:56:38 +00:00 · 2023-08-29 17:00:44 +02:00 · 2023-08-29 17:00:44 +02:00 · ddd08375c8
parent 8c1274138a
commit ddd08375c8
2 changed files with 12 additions and 6 deletions
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@ -169,7 +169,7 @@ do_rollback(void)
 void
 init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
 {
-	struct pf_status status;
+	struct pfctl_status *status;

 	qname = opt_qname;
 	tagname = opt_tagname;
@ -182,10 +182,13 @@ init_filter(const char *opt_qname, const char *opt_tagname, int opt_verbose)
 	dev = open("/dev/pf", O_RDWR);	
 	if (dev == -1)
 		err(1, "open /dev/pf");
-	if (ioctl(dev, DIOCGETSTATUS, &status) == -1)
+	status = pfctl_get_status(dev);
+	if (status == NULL)
 		err(1, "DIOCGETSTATUS");
-	if (!status.running)
+	if (!status->running)
 		errx(1, "pf is disabled");
+
+	pfctl_free_status(status);
 }

 int
--- a/contrib/pf/tftp-proxy/filter.c
+++ b/contrib/pf/tftp-proxy/filter.c
@ -173,7 +173,7 @@ do_rollback(void)
 void
 init_filter(char *opt_qname, int opt_verbose)
 {
-	struct pf_status status;
+	struct pfctl_status *status;

 	qname = opt_qname;

@ -187,14 +187,17 @@ init_filter(char *opt_qname, int opt_verbose)
 		syslog(LOG_ERR, "can't open /dev/pf");
 		exit(1);
 	}
-	if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
+	status = pfctl_get_status(dev);
+	if (status == NULL) {
 		syslog(LOG_ERR, "DIOCGETSTATUS");
 		exit(1);
 	}
-	if (!status.running) {
+	if (!status->running) {
 		syslog(LOG_ERR, "pf is disabled");
 		exit(1);
 	}
+
+	pfctl_free_status(status);
 }

 int