[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf application



No worries Jeff, im currently tearing apart source code
myself as you suggested. 
Thanks 'everyone' for the help so far, my original issue was resolved by
zeroing out the structs which I had forgotten to do! (thanks Jeff ;))
I have the code working now, adding a rule. 
I do now however have another problem. I need to add to the active
ruleset. 
At present i am  adding to the inactive and then substituting the inactive
for the active. 
The substitution completely replaces the active ruleset rather than
appending my new rule(s) to it (bah). 
also, I can add 'a' new rule to an anchor but only 'one' rule!! 
If i want to append to the active ruleset I think I need DIOCCHANGERULE
but im still in the process of understanding that one (keep getting
 -EINVAL)
Can anybody tell me if i need to add a new pool address if i want append
to the active ruleset???
I am aware that there has been some changes to the implementation in 
-current. Thing is, am low on bandwidth and money so sticking with 3.3
at present. 
Thanks everyone for your patience in this matter, im still trying to
grok the pf implementation etc but your comments and suggestions
are proving to be invaluable and helping my progress in leaps and bounds. 
I will post the code when I get it working to my spec in the hope that it will
prove to be beneficial to someone in a similar situ as myself 
ciao for now
Chris
On Sat, Aug 07, 2004 at 03:10:37PM -0500, Jeff Wilson wrote:
## Yikes.  I was way off.  
## 
## I have some code that deals with radix tables.  The elements I was trying 
## to recall ... pfioc_table.pfrio_esize == Size of each element ... and 
## pfioc_table.pfrio_size == total number of elements ... geez, sorry to add 
## to the confusion, that was pretty bad.  Apparently that has nothing to do 
## with what you're trying to do ... sorry!
## 
## The way I finally slugged through my own code was to tear apart the source 
## of SRC/sys/net/pf_ioctl.c ... I found DIOCADDRULE on line 884 ... several 
## EINVAL error conditions exist in that case clause.  Hope that helps, sorry 
## for my previous incoherence.
## 
##       jw
## 
## 
## > On Thu, 5 Aug 2004, Christopher Keeley wrote:
## > 
## > > Hello everybody.
## > > 
## > > I am currently writing a program in C that at certain points needs to
## > > add a rule to the current firewall set.
## > > 
## > > Here is a copy of the code i have so far for the function that will add
## > > the rule: 
## > > 
## > 
## 
## -- 
## 
## Jeff Wilson                     Senior Analyst/Programmer
## Baylor University                  Network Services Group
## Waco, TX                  Information Technology Services
##                                            (254) 710 4615
---end quoted text---
-- 
-----------------------------------------------
Chris Keeley 
http://www.zero1-net.com
public key: pgp.mit.edu (search string: crizza)

Attachment: pgp00101.pgp
Description: PGP signature