+++ /dev/null
-From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Sat, 13 Aug 2016 22:34:11 +0100
-Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright
- violation.
-
----
- src/tables.c | 90 +++++++++++++++++++++---------------------------------------
- 1 file changed, 32 insertions(+), 58 deletions(-)
-
-diff --git a/src/tables.c b/src/tables.c
-index aae1252..4fa3487 100644
---- a/src/tables.c
-+++ b/src/tables.c
-@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum)
- }
- }
-
--static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
--{
-- struct pfioc_table io;
--
-- if (size < 0 || (size && tbl == NULL))
-- {
-- errno = EINVAL;
-- return (-1);
-- }
-- bzero(&io, sizeof io);
-- io.pfrio_flags = flags;
-- io.pfrio_buffer = tbl;
-- io.pfrio_esize = sizeof(*tbl);
-- io.pfrio_size = size;
-- if (ioctl(dev, DIOCRADDTABLES, &io))
-- return (-1);
-- if (nadd != NULL)
-- *nadd = io.pfrio_nadd;
-- return (0);
--}
--
--static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) {
-- if ( !addr || !ipaddr)
-- {
-- my_syslog(LOG_ERR, _("error: fill_addr missused"));
-- return -1;
-- }
-- bzero(addr, sizeof(*addr));
--#ifdef HAVE_IPV6
-- if (flags & F_IPV6)
-- {
-- addr->pfra_af = AF_INET6;
-- addr->pfra_net = 0x80;
-- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
-- }
-- else
--#endif
-- {
-- addr->pfra_af = AF_INET;
-- addr->pfra_net = 0x20;
-- addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
-- }
-- return 1;
--}
--
--/*****************************************************************************/
-
- void ipset_init(void)
- {
-@@ -111,14 +65,13 @@ void ipset_init(void)
- }
-
- int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
-- int flags, int remove)
-+ int flags, int remove)
- {
- struct pfr_addr addr;
- struct pfioc_table io;
- struct pfr_table table;
-- int n = 0, rc = 0;
-
-- if ( dev == -1 )
-+ if (dev == -1)
- {
- my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device);
- return -1;
-@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
-
- bzero(&table, sizeof(struct pfr_table));
- table.pfrt_flags |= PFR_TFLAG_PERSIST;
-- if ( strlen(setname) >= PF_TABLE_NAME_SIZE )
-+ if (strlen(setname) >= PF_TABLE_NAME_SIZE)
- {
- my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname);
- errno = ENAMETOOLONG;
- return -1;
- }
-
-- if ( strlcpy(table.pfrt_name, setname,
-- sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
-+ if (strlcpy(table.pfrt_name, setname,
-+ sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
- {
- my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname);
- return -1;
- }
-
-- if ((rc = pfr_add_tables(&table, 1, &n, 0)))
-+ bzero(&io, sizeof io);
-+ io.pfrio_flags = 0;
-+ io.pfrio_buffer = &table;
-+ io.pfrio_esize = sizeof(table);
-+ io.pfrio_size = 1;
-+ if (ioctl(dev, DIOCRADDTABLES, &io))
- {
-- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"),
-- pfr_strerror(errno),rc);
-+ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno));
-+
- return -1;
- }
-+
- table.pfrt_flags &= ~PFR_TFLAG_PERSIST;
-- if (n)
-+ if (io.pfrio_nadd)
- my_syslog(LOG_INFO, _("info: table created"));
--
-- fill_addr(ipaddr,flags,&addr);
-+
-+ bzero(&addr, sizeof(addr));
-+#ifdef HAVE_IPV6
-+ if (flags & F_IPV6)
-+ {
-+ addr.pfra_af = AF_INET6;
-+ addr.pfra_net = 0x80;
-+ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
-+ }
-+ else
-+#endif
-+ {
-+ addr.pfra_af = AF_INET;
-+ addr.pfra_net = 0x20;
-+ addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
-+ }
-+
- bzero(&io, sizeof(io));
- io.pfrio_flags = 0;
- io.pfrio_table = table;
---
-2.9.3
-