Pf ioctl interface

hamigor.devost · Aug 7, 2010, 5:21 PM

Hello,

I'm working on PF and I use the pf ioctl interface. Unfortunately I am getting an error while I'm calling DIOCGETRULES: Operation not supported by device. I have tested the same test program on a generic FreeBSD 8.0 kernel and it's working without problems.

The problem occurs on PfSense 2 (Beta3 and the latest Beta4).

Is there anyone who could help me to resolve this problem or explain me why it's not working?


/* A lot of includes but I'm working on a more
 * complex program... */
#include <stddef.h>#include <stdio.h>#include <stdlib.h>#include <sys types.h="">#include <sys socket.h="">#include <netinet in.h="">#include <errno.h>#include <string.h>#include <unistd.h>#include <netinet ip.h="">#include <arpa inet.h="">#include <stdbool.h>#include <netinet udp.h="">#include <netinet tcp.h="">#include <sys time.h="">#include <time.h>#include <stdarg.h>#include <netinet in.h="">#include <net if.h="">#include <arpa inet.h="">#include <sys ioctl.h="">#include <fcntl.h>#include <net pfvar.h="">#define PFDEVICE "/dev/pf"

int
main(void)
{
  struct pfioc_rule pr;
  struct pfioc_state ps;
  int ret;
  int dev;
  errno = 0;

  memset(&pr, 0x00, sizeof pr);
  memset(&ps, 0x00, sizeof ps);

  /* It's ok, I get a file descriptor */ 
  if ((dev = open(PFDEVICE, O_RDWR)) == -1)
    perror("Open: ");

  /* Here the error: Operation not supported by device */
  if ((ret = ioctl(dev, DIOCGETRULES, &pr)) == -1)
    perror("DIOCGETRULES: ");

  return 0;
}</net></fcntl.h></sys></arpa></net></netinet></stdarg.h></time.h></sys></netinet></netinet></stdbool.h></arpa></netinet></unistd.h></string.h></errno.h></netinet></sys></sys></stdlib.h></stdio.h></stddef.h>

Thank you

cmb · Aug 7, 2010, 8:58 PM

Our pf is different, check patches in tools repo at rcs.pfsense.org.