Attachment #251015 for bug #277226

View | Details | Raw Unified | Return to bug 277226
Collapse All | Expand All

Lines 1-6 Link Here

(-)b/net/miniupnpd/Makefile (-3 / +2 lines)
1	PORTNAME= miniupnpd	1	PORTNAME= miniupnpd
2	DISTVERSION= 2.3.3	2	DISTVERSION= 2.3.6
3	PORTREVISION= 3
4	PORTEPOCH= 1	3	PORTEPOCH= 1
5	CATEGORIES= net	4	CATEGORIES= net
6		5
Lines 18-24 CPE_VENDOR= miniupnp_project Link Here
18	USE_GITHUB= yes	17	USE_GITHUB= yes
19	GH_ACCOUNT= miniupnp	18	GH_ACCOUNT= miniupnp
20	GH_PROJECT= miniupnp	19	GH_PROJECT= miniupnp
21	GH_TAGNAME= e439318	20	GH_TAGNAME= miniupnpd_2_3_6
22		21
23	USE_RC_SUBR= miniupnpd	22	USE_RC_SUBR= miniupnpd
24		23

Lines 1-3 Link Here

(-)b/net/miniupnpd/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1683175217	1	TIMESTAMP = 1715155832
2	SHA256 (miniupnp-miniupnp-2.3.3-e439318_GH0.tar.gz) = 9324cd00db2d203f0f09e15d8556ff63b40de09bfa755b2b9a64856e146b3b44	2	SHA256 (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 6e5ee2239030486675f558cc840d154e5e2db9517efc96c5b0ab2b2c34c1a128
3	SIZE (miniupnp-miniupnp-2.3.3-e439318_GH0.tar.gz) = 454838	3	SIZE (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 462607




--- pf/obsdrdr.c.orig	2024-03-19 23:41:25 UTC
+++ pf/obsdrdr.c
@@ -64,6 +64,8 @@
 #include <stdio.h>

 #include "../macros.h"
 #include "config.h"
 #include "obsdrdr.h"
@@ -155,7 +157,7 @@ init_redirect(void)
 int
 init_redirect(void)
 {

 	if(dev>=0)
 		shutdown_redirect();
 	dev = open("/dev/pf", O_RDWR);
@@ -163,14 +165,16 @@ init_redirect(void)
 		syslog(LOG_ERR, "open(\"/dev/pf\"): %m");
 		return -1;
 	}

 	return 0;
 }
 
@@ -471,6 +475,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
 	int i, n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
+	struct pfctl_rule rule;
 	UNUSED(ifname);
 	if(dev<0) {
 		syslog(LOG_ERR, "pf device is not open");
@@ -486,7 +491,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
 #endif
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		return -1;
 	}
 	n = pr.nr;
@@ -497,7 +502,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
-		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_NAT, &rule, pr.anchor_call) != 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
 			r = -1;
@@ -505,12 +510,12 @@ delete_nat_rule(const char * ifname, unsigned short ip
 		}
 #ifdef TEST
 		syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x    %8x",

 		{
 			pr.action = PF_CHANGE_GET_TICKET;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
@@ -842,7 +847,7 @@ get_redirect_rule_count(const char * ifname)
 #endif
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		return -1;
 	}
 	release_ticket(dev, pr.ticket);
@@ -863,7 +868,9 @@ get_redirect_rule(const char * ifname, unsigned short 
 {
 	int i, n, r;
 	unsigned int tnum;
-	struct pfioc_rule pr;
+	struct pfctl_rules_info info;
+	struct pfctl_rule rule;
+	char anchor_call[MAXPATHLEN];
 #ifndef PF_NEWSTYLE
 	struct pfioc_pooladdr pp;
 #endif
@@ -873,63 +880,57 @@ get_redirect_rule(const char * ifname, unsigned short 
 		syslog(LOG_ERR, "pf device is not open");
 		return -1;
 	}
-	memset(&pr, 0, sizeof(pr));
-	strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
-#ifndef PF_NEWSTYLE
-	pr.rule.action = PF_RDR;
-#endif
-	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
+	if (pfctl_get_rules_info(dev, &info, PF_RDR, anchor_name) != 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		return -1;
 	}
-	n = pr.nr;
+	n = info.nr;
 #ifdef PF_RELEASETICKETS
-	tnum = pr.ticket;
+	tnum = info.ticket;
 #endif /* PF_RELEASETICKETS */
 	r = -2;
 	for(i=0; i<n; i++)
 	{
-		pr.nr = i;
-		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
+		if (pfctl_get_rule(dev, i, info.ticket, anchor_name, PF_RDR, &rule, anchor_call) != 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
 			r = -1;
 			break;
 		}
 #ifdef __APPLE__
-		if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))

 #endif
 #ifndef PF_NEWSTYLE
 			memset(&pp, 0, sizeof(pp));
 			strlcpy(pp.anchor, anchor_name, MAXPATHLEN);
 			pp.r_action = PF_RDR;
 			pp.r_num = i;
-			pp.ticket = pr.ticket;
+			pp.ticket = info.ticket;
 			if(ioctl(dev, DIOCGETADDRS, &pp) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m");
@@ -957,15 +958,15 @@ get_redirect_rule(const char * ifname, unsigned short 
 			          iaddr, iaddrlen);
 #endif
 #else

 #endif
 				{
 					rhost[0] = '\0'; /* empty string */
@@ -973,10 +974,10 @@ get_redirect_rule(const char * ifname, unsigned short 
 				else
 				{
 #ifdef PFVAR_NEW_STYLE

 					          rhost, rhostlen);
 #endif
 				}
@@ -1010,6 +1011,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna
 	int i, n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
+	struct pfctl_rule rule;
 	UNUSED(ifname);
 
 	if(dev<0) {
@@ -1023,7 +1025,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna
 #endif
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		return -1;
 	}
 	n = pr.nr;
@@ -1034,24 +1036,24 @@ priv_delete_redirect_rule_check_desc(const char * ifna
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
-		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
 			r = -1;
 			break;
 		}
 #ifdef __APPLE__
-		if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))

 			if(iaddr)
 			{
 				/* retrieve internal address */
@@ -1087,33 +1089,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna
 #endif
 			}
 #else

-				   (desc && 0 == strcmp(desc, pr.rule.label))) {
+				if((desc == NULL && rule.label[0][0] == '\0') ||
+				   (desc && 0 == strcmp(desc, rule.label[0]))) {
 					r = 1;
 					break;
 				}
@@ -1175,7 +1177,7 @@ priv_delete_filter_rule(const char * ifname, unsigned 
 	pr.rule.action = PF_PASS;
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		return -1;
 	}
 	n = pr.nr;
@@ -1275,6 +1277,7 @@ get_redirect_rule_by_index(int index,
 	int n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
+	struct pfctl_rule rule;
 #ifndef PF_NEWSTYLE
 	struct pfioc_pooladdr pp;
 #endif
@@ -1291,7 +1294,7 @@ get_redirect_rule_by_index(int index,
 #endif
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		return -1;
 	}
 	n = pr.nr;
@@ -1302,36 +1305,36 @@ get_redirect_rule_by_index(int index,
 	if(index >= n)
 		goto error;
 	pr.nr = index;
-	if(ioctl(dev, DIOCGETRULE, &pr) < 0)
+	if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
 		goto error;

 #endif
 #ifndef PF_NEWSTYLE
 	memset(&pp, 0, sizeof(pp));
@@ -1363,15 +1366,15 @@ get_redirect_rule_by_index(int index,
 	          iaddr, iaddrlen);
 #endif
 #else

 #endif
 		{
 			rhost[0] = '\0'; /* empty string */
@@ -1379,10 +1382,10 @@ get_redirect_rule_by_index(int index,
 		else
 		{
 #ifdef PFVAR_NEW_STYLE

 			          rhost, rhostlen);
 #endif
 		}
@@ -1406,6 +1409,7 @@ get_portmappings_in_range(unsigned short startport, un
 	int i, n;
 	unsigned short eport;
 	struct pfioc_rule pr;

 
 	*number = 0;
 	if(dev<0) {
@@ -1426,7 +1430,7 @@ get_portmappings_in_range(unsigned short startport, un
 #endif
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
-		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
 		free(array);
 		return NULL;
 	}
@@ -1437,19 +1441,19 @@ get_portmappings_in_range(unsigned short startport, un
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
-		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
 			continue;

Lines 1-4 Link Here

(-)b/net/miniupnpd/files/patch-pf_pfpinhole.c (-19 / +69 lines)
1	--- pf/pfpinhole.c.orig 2023-10-30 16:24:29 UTC	1	--- pf/pfpinhole.c.orig 2024-03-19 23:41:25 UTC
2	+++ pf/pfpinhole.c	2	+++ pf/pfpinhole.c
3	@@ -28,6 +28,7 @@	3	@@ -28,6 +28,7 @@
4	#include <syslog.h>	4	#include <syslog.h>
Lines 8-28 Link Here
8		8
9	#include "config.h"	9	#include "config.h"
10	#include "pfpinhole.h"	10	#include "pfpinhole.h"
11	@@ -170,6 +171,7 @@ int find_pinhole(const char * ifname,	11	@@ -171,6 +172,7 @@ int find_pinhole(const char * ifname,
12	unsigned int ts;	12	unsigned int ts, tnum;
13	int i, n;	13	int i, n;
14	struct pfioc_rule pr;	14	struct pfioc_rule pr;
15	+ struct pfctl_rule rule;	15	+ struct pfctl_rule rule;
16	struct in6_addr saddr;	16	struct in6_addr saddr;
17	struct in6_addr daddr;	17	struct in6_addr daddr;
18	UNUSED(ifname);	18	UNUSED(ifname);
19	@@ -196,21 +198,21 @@ int find_pinhole(const char * ifname,	19	@@ -191,7 +193,7 @@ int find_pinhole(const char * ifname,
		20	pr.rule.action = PF_PASS;
		21	#endif
		22	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
		23	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		24	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		25	return -1;
		26	}
20	n = pr.nr;	27	n = pr.nr;
		28	@@ -200,22 +202,22 @@ int find_pinhole(const char * ifname,
		29	#endif /* PF_RELEASETICKETS */
21	for(i=0; i<n; i++) {	30	for(i=0; i<n; i++) {
22	pr.nr = i;	31	pr.nr = i;
23	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {	32	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
24	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) {	33	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
25	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	34	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
		35	release_ticket(dev, tnum);
26	return -1;	36	return -1;
27	}	37	}
28	- if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0]))	38	- if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0]))
Lines 46-65 Link Here
46	if(p) {	56	if(p) {
47	p += 2;	57	p += 2;
48	strlcpy(desc, p, desc_len);	58	strlcpy(desc, p, desc_len);
49	@@ -226,6 +228,7 @@ int delete_pinhole(unsigned short uid)	59	@@ -234,6 +236,7 @@ int delete_pinhole(unsigned short uid)
50	{
51	int i, n;	60	int i, n;
		61	unsigned int tnum;
52	struct pfioc_rule pr;	62	struct pfioc_rule pr;
53	+ struct pfctl_rule rule;	63	+ struct pfctl_rule rule;
54	char label_start[PF_RULE_LABEL_SIZE];	64	char label_start[PF_RULE_LABEL_SIZE];
55	char tmp_label[PF_RULE_LABEL_SIZE];	65	char tmp_label[PF_RULE_LABEL_SIZE];
56		66
57	@@ -247,11 +250,11 @@ int delete_pinhole(unsigned short uid)	67	@@ -249,7 +252,7 @@ int delete_pinhole(unsigned short uid)
		68	pr.rule.action = PF_PASS;
		69	#endif
		70	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
		71	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		72	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		73	return -1;
		74	}
58	n = pr.nr;	75	n = pr.nr;
		76	@@ -258,11 +261,11 @@ int delete_pinhole(unsigned short uid)
		77	#endif
59	for(i=0; i<n; i++) {	78	for(i=0; i<n; i++) {
60	pr.nr = i;	79	pr.nr = i;
61	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {	80	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
62	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) {	81	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
63	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	82	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
64	return -1;	83	return -1;
65	}	84	}
Lines 68-88 Link Here
68	strtok(tmp_label, " ");	87	strtok(tmp_label, " ");
69	if(0 == strcmp(tmp_label, label_start)) {	88	if(0 == strcmp(tmp_label, label_start)) {
70	pr.action = PF_CHANGE_GET_TICKET;	89	pr.action = PF_CHANGE_GET_TICKET;
71	@@ -282,6 +285,7 @@ get_pinhole_info(unsigned short uid,	90	@@ -298,6 +301,7 @@ get_pinhole_info(unsigned short uid,
72	{
73	int i, n;	91	int i, n;
		92	unsigned int tnum;
74	struct pfioc_rule pr;	93	struct pfioc_rule pr;
75	+ struct pfctl_rule rule;	94	+ struct pfctl_rule rule;
76	char label_start[PF_RULE_LABEL_SIZE];	95	char label_start[PF_RULE_LABEL_SIZE];
77	char tmp_label[PF_RULE_LABEL_SIZE];	96	char tmp_label[PF_RULE_LABEL_SIZE];
78	char * p;	97	char * p;
79	@@ -304,26 +308,26 @@ get_pinhole_info(unsigned short uid,	98	@@ -314,7 +318,7 @@ get_pinhole_info(unsigned short uid,
		99	pr.rule.action = PF_PASS;
		100	#endif
		101	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
		102	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		103	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		104	return -1;
		105	}
80	n = pr.nr;	106	n = pr.nr;
		107	@@ -323,29 +327,29 @@ get_pinhole_info(unsigned short uid,
		108	#endif
81	for(i=0; i<n; i++) {	109	for(i=0; i<n; i++) {
82	pr.nr = i;	110	pr.nr = i;
83	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {	111	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
84	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) {	112	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
85	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	113	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
		114	release_ticket(dev, tnum);
86	return -1;	115	return -1;
87	}	116	}
88	- strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label));	117	- strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label));
Lines 92-97 Link Here
92	if(0 == strcmp(tmp_label, label_start)) {	121	if(0 == strcmp(tmp_label, label_start)) {
93	- if(rem_host && (inet_ntop(AF_INET6, &pr.rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {	122	- if(rem_host && (inet_ntop(AF_INET6, &pr.rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {
94	+ if(rem_host && (inet_ntop(AF_INET6, &rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {	123	+ if(rem_host && (inet_ntop(AF_INET6, &rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {
		124	release_ticket(dev, tnum);
95	return -1;	125	return -1;
96	}	126	}
97	if(rem_port)	127	if(rem_port)
Lines 99-104 Link Here
99	- if(int_client && (inet_ntop(AF_INET6, &pr.rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {	129	- if(int_client && (inet_ntop(AF_INET6, &pr.rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {
100	+ *rem_port = ntohs(rule.src.port[0]);	130	+ *rem_port = ntohs(rule.src.port[0]);
101	+ if(int_client && (inet_ntop(AF_INET6, &rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {	131	+ if(int_client && (inet_ntop(AF_INET6, &rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {
		132	release_ticket(dev, tnum);
102	return -1;	133	return -1;
103	}	134	}
104	if(int_port)	135	if(int_port)
Lines 110-116 Link Here
110	if(timestamp)	141	if(timestamp)
111	sscanf(p, "ts-%u", timestamp);	142	sscanf(p, "ts-%u", timestamp);
112	if(desc) {	143	if(desc) {
113	@@ -336,14 +340,14 @@ get_pinhole_info(unsigned short uid,	144	@@ -358,14 +362,14 @@ get_pinhole_info(unsigned short uid,
114	}	145	}
115	#ifdef PFRULE_INOUT_COUNTS	146	#ifdef PFRULE_INOUT_COUNTS
116	if(packets)	147	if(packets)
Lines 127-149 Link Here
127	- *bytes = pr.rule.bytes;	158	- *bytes = pr.rule.bytes;
128	+ *bytes = rule.bytes;	159	+ *bytes = rule.bytes;
129	#endif	160	#endif
		161	release_ticket(dev, tnum);
130	return 0;	162	return 0;
131	}	163	@@ -393,6 +397,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
132	@@ -369,6 +373,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
133	{	164	{
134	int i;	165	int i;
135	struct pfioc_rule pr;	166	struct pfioc_rule pr;
136	+ struct pfctl_rule rule;	167	+ struct pfctl_rule rule;
137	time_t current_time;	168	time_t current_time;
138	unsigned int ts;	169	unsigned int ts, tnum;
139	int uid;	170	int uid;
140	@@ -392,16 +397,16 @@ int clean_pinhole_list(unsigned int * next_timestamp)	171	@@ -411,7 +416,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
		172	pr.rule.action = PF_PASS;
		173	#endif
		174	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
		175	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		176	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		177	return -1;
141	}	178	}
		179	#ifdef PF_RELEASETICKETS
		180	@@ -419,17 +424,17 @@ int clean_pinhole_list(unsigned int * next_timestamp)
		181	#endif
142	for(i = pr.nr - 1; i >= 0; i--) {	182	for(i = pr.nr - 1; i >= 0; i--) {
143	pr.nr = i;	183	pr.nr = i;
144	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {	184	- if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
145	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0) {	185	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
146	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	186	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
		187	release_ticket(dev, tnum);
147	return -1;	188	return -1;
148	}	189	}
149	- if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {	190	- if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
Lines 158-160 Link Here
158	pr.action = PF_CHANGE_GET_TICKET;	199	pr.action = PF_CHANGE_GET_TICKET;
159	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {	200	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {
160	syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");	201	syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
		202	@@ -449,7 +454,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
		203	#endif
		204	release_ticket(dev, tnum);
		205	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
		206	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		207	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		208	return -1;
		209	}
		210	#ifdef PF_RELEASETICKETS

Return to bug 277226

Lines 1-4 Link Here

(-)b/net/miniupnpd/files/patch-pf_obsdrdr.c (-37 / +127 lines)
1	--- pf/obsdrdr.c.orig 2023-02-17 03:09:33 UTC	1	--- pf/obsdrdr.c.orig 2024-03-19 23:41:25 UTC
2	+++ pf/obsdrdr.c	2	+++ pf/obsdrdr.c
3	@@ -64,6 +64,8 @@	3	@@ -64,6 +64,8 @@
4	#include <stdio.h>	4	#include <stdio.h>
Lines 9-15 Link Here
9	#include "../macros.h"	9	#include "../macros.h"
10	#include "config.h"	10	#include "config.h"
11	#include "obsdrdr.h"	11	#include "obsdrdr.h"
12	@@ -154,7 +156,7 @@ init_redirect(void)	12	@@ -155,7 +157,7 @@ init_redirect(void)
13	int	13	int
14	init_redirect(void)	14	init_redirect(void)
15	{	15	{
Lines 18-24 Link Here
18	if(dev>=0)	18	if(dev>=0)
19	shutdown_redirect();	19	shutdown_redirect();
20	dev = open("/dev/pf", O_RDWR);	20	dev = open("/dev/pf", O_RDWR);
21	@@ -162,14 +164,16 @@ init_redirect(void)	21	@@ -163,14 +165,16 @@ init_redirect(void)
22	syslog(LOG_ERR, "open(\"/dev/pf\"): %m");	22	syslog(LOG_ERR, "open(\"/dev/pf\"): %m");
23	return -1;	23	return -1;
24	}	24	}
Lines 37-59 Link Here
37	return 0;	37	return 0;
38	}	38	}
39		39
40	@@ -464,6 +468,7 @@ delete_nat_rule(const char * ifname, unsigned short ip	40	@@ -471,6 +475,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
41	{	41	int i, n, r;
42	int i, n;	42	unsigned int tnum;
43	struct pfioc_rule pr;	43	struct pfioc_rule pr;
44	+ struct pfctl_rule rule;	44	+ struct pfctl_rule rule;
45	UNUSED(ifname);	45	UNUSED(ifname);
46	if(dev<0) {	46	if(dev<0) {
47	syslog(LOG_ERR, "pf device is not open");	47	syslog(LOG_ERR, "pf device is not open");
48	@@ -486,19 +491,19 @@ delete_nat_rule(const char * ifname, unsigned short ip	48	@@ -486,7 +491,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
		49	#endif
		50	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
		51	{
		52	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		53	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		54	return -1;
		55	}
		56	n = pr.nr;
		57	@@ -497,7 +502,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
49	for(i=0; i<n; i++)	58	for(i=0; i<n; i++)
50	{	59	{
51	pr.nr = i;	60	pr.nr = i;
52	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)	61	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)
53	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0)	62	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_NAT, &rule, pr.anchor_call) != 0)
54	{	63	{
55	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	64	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
56	goto error;	65	r = -1;
		66	@@ -505,12 +510,12 @@ delete_nat_rule(const char * ifname, unsigned short ip
57	}	67	}
58	#ifdef TEST	68	#ifdef TEST
59	syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x %8x",	69	syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x %8x",
Lines 71-93 Link Here
71	{	81	{
72	pr.action = PF_CHANGE_GET_TICKET;	82	pr.action = PF_CHANGE_GET_TICKET;
73	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)	83	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
74	@@ -843,6 +848,7 @@ get_redirect_rule(const char * ifname, unsigned short	84	@@ -842,7 +847,7 @@ get_redirect_rule_count(const char * ifname)
		85	#endif
		86	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
		87	{
		88	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		89	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		90	return -1;
		91	}
		92	release_ticket(dev, pr.ticket);
		93	@@ -863,7 +868,9 @@ get_redirect_rule(const char * ifname, unsigned short
75	{	94	{
76	int i, n;	95	int i, n, r;
77	struct pfioc_rule pr;	96	unsigned int tnum;
		97	- struct pfioc_rule pr;
		98	+ struct pfctl_rules_info info;
78	+ struct pfctl_rule rule;	99	+ struct pfctl_rule rule;
		100	+ char anchor_call[MAXPATHLEN];
79	#ifndef PF_NEWSTYLE	101	#ifndef PF_NEWSTYLE
80	struct pfioc_pooladdr pp;	102	struct pfioc_pooladdr pp;
81	#endif	103	#endif
82	@@ -866,37 +872,37 @@ get_redirect_rule(const char * ifname, unsigned short	104	@@ -873,63 +880,57 @@ get_redirect_rule(const char * ifname, unsigned short
		105	syslog(LOG_ERR, "pf device is not open");
		106	return -1;
		107	}
		108	- memset(&pr, 0, sizeof(pr));
		109	- strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
		110	-#ifndef PF_NEWSTYLE
		111	- pr.rule.action = PF_RDR;
		112	-#endif
		113	- if(ioctl(dev, DIOCGETRULES, &pr) < 0)
		114	+ if (pfctl_get_rules_info(dev, &info, PF_RDR, anchor_name) != 0)
		115	{
		116	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		117	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		118	return -1;
		119	}
		120	- n = pr.nr;
		121	+ n = info.nr;
		122	#ifdef PF_RELEASETICKETS
		123	- tnum = pr.ticket;
		124	+ tnum = info.ticket;
		125	#endif /* PF_RELEASETICKETS */
		126	r = -2;
83	for(i=0; i<n; i++)	127	for(i=0; i<n; i++)
84	{	128	{
85	pr.nr = i;	129	- pr.nr = i;
86	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)	130	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)
87	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0)	131	+ if (pfctl_get_rule(dev, i, info.ticket, anchor_name, PF_RDR, &rule, anchor_call) != 0)
88	{	132	{
89	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	133	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
90	goto error;	134	r = -1;
		135	break;
91	}	136	}
92	#ifdef __APPLE__	137	#ifdef __APPLE__
93	- if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))	138	- if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
Lines 130-136 Link Here
130	#endif	175	#endif
131	#ifndef PF_NEWSTYLE	176	#ifndef PF_NEWSTYLE
132	memset(&pp, 0, sizeof(pp));	177	memset(&pp, 0, sizeof(pp));
133	@@ -928,15 +934,15 @@ get_redirect_rule(const char * ifname, unsigned short	178	strlcpy(pp.anchor, anchor_name, MAXPATHLEN);
		179	pp.r_action = PF_RDR;
		180	pp.r_num = i;
		181	- pp.ticket = pr.ticket;
		182	+ pp.ticket = info.ticket;
		183	if(ioctl(dev, DIOCGETADDRS, &pp) < 0)
		184	{
		185	syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m");
		186	@@ -957,15 +958,15 @@ get_redirect_rule(const char * ifname, unsigned short
134	iaddr, iaddrlen);	187	iaddr, iaddrlen);
135	#endif	188	#endif
136	#else	189	#else
Lines 149-155 Link Here
149	#endif	202	#endif
150	{	203	{
151	rhost[0] = '\0'; /* empty string */	204	rhost[0] = '\0'; /* empty string */
152	@@ -944,10 +950,10 @@ get_redirect_rule(const char * ifname, unsigned short	205	@@ -973,10 +974,10 @@ get_redirect_rule(const char * ifname, unsigned short
153	else	206	else
154	{	207	{
155	#ifdef PFVAR_NEW_STYLE	208	#ifdef PFVAR_NEW_STYLE
Lines 162-184 Link Here
162	rhost, rhostlen);	215	rhost, rhostlen);
163	#endif	216	#endif
164	}	217	}
165	@@ -978,6 +984,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna	218	@@ -1010,6 +1011,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna
166	{	219	int i, n, r;
167	int i, n;	220	unsigned int tnum;
168	struct pfioc_rule pr;	221	struct pfioc_rule pr;
169	+ struct pfctl_rule rule;	222	+ struct pfctl_rule rule;
170	UNUSED(ifname);	223	UNUSED(ifname);
171		224
172	if(dev<0) {	225	if(dev<0) {
173	@@ -998,23 +1005,23 @@ priv_delete_redirect_rule_check_desc(const char * ifna	226	@@ -1023,7 +1025,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna
		227	#endif
		228	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
		229	{
		230	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		231	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		232	return -1;
		233	}
		234	n = pr.nr;
		235	@@ -1034,24 +1036,24 @@ priv_delete_redirect_rule_check_desc(const char * ifna
174	for(i=0; i<n; i++)	236	for(i=0; i<n; i++)
175	{	237	{
176	pr.nr = i;	238	pr.nr = i;
177	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)	239	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)
178	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0)	240	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
179	{	241	{
180	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	242	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
181	goto error;	243	r = -1;
		244	break;
182	}	245	}
183	#ifdef __APPLE__	246	#ifdef __APPLE__
184	- if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))	247	- if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
Lines 201-207 Link Here
201	if(iaddr)	264	if(iaddr)
202	{	265	{
203	/* retrieve internal address */	266	/* retrieve internal address */
204	@@ -1047,33 +1054,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna	267	@@ -1087,33 +1089,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna
205	#endif	268	#endif
206	}	269	}
207	#else	270	#else
Lines 240-262 Link Here
240	- (desc && 0 == strcmp(desc, pr.rule.label))) {	303	- (desc && 0 == strcmp(desc, pr.rule.label))) {
241	+ if((desc == NULL && rule.label[0][0] == '\0') \|\|	304	+ if((desc == NULL && rule.label[0][0] == '\0') \|\|
242	+ (desc && 0 == strcmp(desc, rule.label[0]))) {	305	+ (desc && 0 == strcmp(desc, rule.label[0]))) {
243	return 1;	306	r = 1;
		307	break;
244	}	308	}
245	}	309	@@ -1175,7 +1177,7 @@ priv_delete_filter_rule(const char * ifname, unsigned
246	@@ -1208,6 +1215,7 @@ get_redirect_rule_by_index(int index,	310	pr.rule.action = PF_PASS;
247	{	311	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
248	int n;	312	{
		313	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		314	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		315	return -1;
		316	}
		317	n = pr.nr;
		318	@@ -1275,6 +1277,7 @@ get_redirect_rule_by_index(int index,
		319	int n, r;
		320	unsigned int tnum;
249	struct pfioc_rule pr;	321	struct pfioc_rule pr;
250	+ struct pfctl_rule rule;	322	+ struct pfctl_rule rule;
251	#ifndef PF_NEWSTYLE	323	#ifndef PF_NEWSTYLE
252	struct pfioc_pooladdr pp;	324	struct pfioc_pooladdr pp;
253	#endif	325	#endif
254	@@ -1231,36 +1239,36 @@ get_redirect_rule_by_index(int index,	326	@@ -1291,7 +1294,7 @@ get_redirect_rule_by_index(int index,
		327	#endif
		328	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
		329	{
		330	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		331	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		332	return -1;
		333	}
		334	n = pr.nr;
		335	@@ -1302,36 +1305,36 @@ get_redirect_rule_by_index(int index,
255	if(index >= n)	336	if(index >= n)
256	goto error;	337	goto error;
257	pr.nr = index;	338	pr.nr = index;
258	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)	339	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)
259	+ if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0)	340	+ if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
260	{	341	{
261	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	342	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
262	goto error;	343	goto error;
Lines 300-306 Link Here
300	#endif	381	#endif
301	#ifndef PF_NEWSTYLE	382	#ifndef PF_NEWSTYLE
302	memset(&pp, 0, sizeof(pp));	383	memset(&pp, 0, sizeof(pp));
303	@@ -1292,15 +1300,15 @@ get_redirect_rule_by_index(int index,	384	@@ -1363,15 +1366,15 @@ get_redirect_rule_by_index(int index,
304	iaddr, iaddrlen);	385	iaddr, iaddrlen);
305	#endif	386	#endif
306	#else	387	#else
Lines 319-325 Link Here
319	#endif	400	#endif
320	{	401	{
321	rhost[0] = '\0'; /* empty string */	402	rhost[0] = '\0'; /* empty string */
322	@@ -1308,10 +1316,10 @@ get_redirect_rule_by_index(int index,	403	@@ -1379,10 +1382,10 @@ get_redirect_rule_by_index(int index,
323	else	404	else
324	{	405	{
325	#ifdef PFVAR_NEW_STYLE	406	#ifdef PFVAR_NEW_STYLE
Lines 332-338 Link Here
332	rhost, rhostlen);	413	rhost, rhostlen);
333	#endif	414	#endif
334	}	415	}
335	@@ -1334,6 +1342,7 @@ get_portmappings_in_range(unsigned short startport, un	416	@@ -1406,6 +1409,7 @@ get_portmappings_in_range(unsigned short startport, un
336	int i, n;	417	int i, n;
337	unsigned short eport;	418	unsigned short eport;
338	struct pfioc_rule pr;	419	struct pfioc_rule pr;
Lines 340-351 Link Here
340		421
341	*number = 0;	422	*number = 0;
342	if(dev<0) {	423	if(dev<0) {
343	@@ -1362,19 +1371,19 @@ get_portmappings_in_range(unsigned short startport, un	424	@@ -1426,7 +1430,7 @@ get_portmappings_in_range(unsigned short startport, un
		425	#endif
		426	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
		427	{
		428	- syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
		429	+ syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
		430	free(array);
		431	return NULL;
		432	}
		433	@@ -1437,19 +1441,19 @@ get_portmappings_in_range(unsigned short startport, un
344	for(i=0; i<n; i++)	434	for(i=0; i<n; i++)
345	{	435	{
346	pr.nr = i;	436	pr.nr = i;
347	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)	437	- if(ioctl(dev, DIOCGETRULE, &pr) < 0)
348	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, pr.action, &rule, pr.anchor_call) < 0)	438	+ if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
349	{	439	{
350	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");	440	syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
351	continue;	441	continue;