authpf: Start using libpfctl

Use pfctl_kill_states() rather than the DIOCKILLSTATES ioctl directly. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30057
freebsd · May 7, 2021 · 2b2ed4a · 2b2ed4a
1 parent 2a00c4d
commit 2b2ed4a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 18 deletions.
diff --git a/contrib/pf/authpf/authpf.c b/contrib/pf/authpf/authpf.c
@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
 #ifdef __FreeBSD__
 #include <inttypes.h>
 #endif
+#include <libpfctl.h>
 #include <login_cap.h>
 #include <pwd.h>
 #include <grp.h>
@@ -889,37 +890,37 @@ change_table(int add, const char *ip_src)
 static void
 authpf_kill_states(void)
 {
-	struct pfioc_state_kill	psk;
+	struct pfctl_kill kill;
 	struct pf_addr target;
 
-	memset(&psk, 0, sizeof(psk));
+	memset(&kill, 0, sizeof(kill));
 	memset(&target, 0, sizeof(target));
 
 	if (inet_pton(AF_INET, ipsrc, &target.v4) == 1)
-		psk.psk_af = AF_INET;
+		kill.af = AF_INET;
 	else if (inet_pton(AF_INET6, ipsrc, &target.v6) == 1)
-		psk.psk_af = AF_INET6;
+		kill.af = AF_INET6;
 	else {
 		syslog(LOG_ERR, "inet_pton(%s) failed", ipsrc);
 		return;
 	}
 
 	/* Kill all states from ipsrc */
-	memcpy(&psk.psk_src.addr.v.a.addr, &target,
-	    sizeof(psk.psk_src.addr.v.a.addr));
-	memset(&psk.psk_src.addr.v.a.mask, 0xff,
-	    sizeof(psk.psk_src.addr.v.a.mask));
-	if (ioctl(dev, DIOCKILLSTATES, &psk))
-		syslog(LOG_ERR, "DIOCKILLSTATES failed (%m)");
+	memcpy(&kill.src.addr.v.a.addr, &target,
+	    sizeof(kill.src.addr.v.a.addr));
+	memset(&kill.src.addr.v.a.mask, 0xff,
+	    sizeof(kill.src.addr.v.a.mask));
+	if (pfctl_kill_states(dev, &kill, NULL))
+		syslog(LOG_ERR, "pfctl_kill_states() failed (%m)");
 
 	/* Kill all states to ipsrc */
-	memset(&psk.psk_src, 0, sizeof(psk.psk_src));
-	memcpy(&psk.psk_dst.addr.v.a.addr, &target,
-	    sizeof(psk.psk_dst.addr.v.a.addr));
-	memset(&psk.psk_dst.addr.v.a.mask, 0xff,
-	    sizeof(psk.psk_dst.addr.v.a.mask));
-	if (ioctl(dev, DIOCKILLSTATES, &psk))
-		syslog(LOG_ERR, "DIOCKILLSTATES failed (%m)");
+	memset(&kill.src, 0, sizeof(kill.src));
+	memcpy(&kill.dst.addr.v.a.addr, &target,
+	    sizeof(kill.dst.addr.v.a.addr));
+	memset(&kill.dst.addr.v.a.mask, 0xff,
+	    sizeof(kill.dst.addr.v.a.mask));
+	if (pfctl_kill_states(dev, &kill, NULL))
+		syslog(LOG_ERR, "pfctl_kill_states() failed (%m)");
 }
 
 /* signal handler that makes us go away properly */

diff --git a/usr.sbin/authpf/Makefile b/usr.sbin/authpf/Makefile
@@ -12,8 +12,9 @@ SRCS=   authpf.c
 
 # XXX ALTQ:
 CFLAGS+= -DENABLE_ALTQ
+CFLAGS+= -I${SRCTOP}/lib/libpfctl -I${OBJTOP}/lib/libpfctl
 
-LIBADD=	m util
+LIBADD=	m util pfctl
 
 WARNS?=	3