pf plugin: add nat and rdr rules

diff --git a/pfutils45.c b/pfutils45.c
index c7efb39..f8ca6e2 100644 (file)
--- a/pfutils45.c
+++ b/pfutils45.c
@@ -992,4 +992,61 @@ found:
        return (buf);
 }
 
+int
+pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
+    u_int32_t ticket, int r_action, char *anchorname)
+{
+       struct pfioc_pooladdr pp;
+       struct pf_pooladdr *pa;
+       u_int32_t pnr, mpnr;
+
+       memset(&pp, 0, sizeof(pp));
+       memcpy(pp.anchor, anchorname, sizeof(pp.anchor));
+       pp.r_action = r_action;
+       pp.r_num = nr;
+       pp.ticket = ticket;
+       if (ioctl(dev, DIOCGETADDRS, &pp)) {
+               warn("DIOCGETADDRS");
+               return (-1);
+       }
+       mpnr = pp.nr;
+       TAILQ_INIT(&pool->list);
+       for (pnr = 0; pnr < mpnr; ++pnr) {
+               pp.nr = pnr;
+               if (ioctl(dev, DIOCGETADDR, &pp)) {
+                       warn("DIOCGETADDR");
+                       return (-1);
+               }
+               pa = calloc(1, sizeof(struct pf_pooladdr));
+               if (pa == NULL)
+                       err(1, "calloc");
+               bcopy(&pp.addr, pa, sizeof(struct pf_pooladdr));
+               TAILQ_INSERT_TAIL(&pool->list, pa, entries);
+       }
+
+       return (0);
+}
+
+void
+pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst)
+{
+       struct pf_pooladdr *pa;
+
+       while ((pa = TAILQ_FIRST(&src->list)) != NULL) {
+               TAILQ_REMOVE(&src->list, pa, entries);
+               TAILQ_INSERT_TAIL(&dst->list, pa, entries);
+       }
+}
+
+void
+pfctl_clear_pool(struct pf_pool *pool)
+{
+       struct pf_pooladdr *pa;
+
+       while ((pa = TAILQ_FIRST(&pool->list)) != NULL) {
+               TAILQ_REMOVE(&pool->list, pa, entries);
+               free(pa);
+       }
+}
+
 

diff --git a/pfutils45.h b/pfutils45.h
index 5294737..411471d 100644 (file)
--- a/pfutils45.h
+++ b/pfutils45.h
@@ -1,5 +1,9 @@
-void   print_rule(struct pf_rule *, const char *, int);
-void   print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
+void    print_rule(struct pf_rule *, const char *, int);
+void    print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
+int     pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int,
+           char *);
+void    pfctl_clear_pool(struct pf_pool *);
+
 
 #define PF_NAT_PROXY_PORT_LOW  50001
 #define PF_NAT_PROXY_PORT_HIGH 65535

diff --git a/src/pf.c b/src/pf.c
index 9b69fec..976b32f 100644 (file)
--- a/src/pf.c
+++ b/src/pf.c
@@ -48,14 +48,14 @@ pf_init(void)
 {
        struct pf_status        status;
 
-       if ((pfdev = open(PF_SOCKET, O_RDWR)) == -1) {
+       if ((dev = open(PF_SOCKET, O_RDWR)) == -1) {
                return (-1);
        }
-       if (ioctl(pfdev, DIOCGETSTATUS, &status) == -1) {
+       if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
                return (-1);
        }
 
-       close(pfdev);
+       close(dev);
        if (!status.running)
                return (-1);
 
@@ -72,14 +72,14 @@ pf_read(void)
        char            *lnames[] = LCNT_NAMES;
        char            *names[] = { "searches", "inserts", "removals" };
 
-       if ((pfdev = open(PF_SOCKET, O_RDWR)) == -1) {
+       if ((dev = open(PF_SOCKET, O_RDWR)) == -1) {
                return (-1);
        }
-       if (ioctl(pfdev, DIOCGETSTATUS, &status) == -1) {
+       if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
                return (-1);
        }
 
-       close(pfdev);
+       close(dev);
        for (i = 0; i < PFRES_MAX; i++)
                submit_counter("pf_counters", cnames[i], status.counters[i]);
        for (i = 0; i < LCNT_MAX; i++)