summaryrefslogtreecommitdiff
path: root/share/man/man4/pf.4
diff options
context:
space:
mode:
authorChristopher Pascoe <pascoe@cvs.openbsd.org>2007-12-02 12:08:05 +0000
committerChristopher Pascoe <pascoe@cvs.openbsd.org>2007-12-02 12:08:05 +0000
commit01af70933ca5884a8ddb19ca7b1ae534d5640cfb (patch)
tree9b7e49268045be8f23d6b5f3a8b38b951717bab1 /share/man/man4/pf.4
parente75d5e43f89cf35042d62d475afae7936d8cfd6d (diff)
DIOC{GET,ADD}STATE incorrectly use a user provided pointer without using
copyin/out. Change the API so that the state is included in the ioctl argument, so the ioctl wrappers take care of copying memory as appropriate. Also change the DIOCGETSTATE API to be more useful. Instead of getting an arbitrarily "numbered" state (using numbering that can change between calls), instead search based on id and creatorid. If you want to monitor only a particular state, you can now use the bulk functions first to find the appropriate id/creatorid and then fetch it directly from then on. ok dlg@ henning@
Diffstat (limited to 'share/man/man4/pf.4')
-rw-r--r--share/man/man4/pf.417
1 files changed, 10 insertions, 7 deletions
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4
index 114f2037f06..e8ea3bfd1a3 100644
--- a/share/man/man4/pf.4
+++ b/share/man/man4/pf.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $
+.\" $OpenBSD: pf.4,v 1.60 2007/12/02 12:08:04 pascoe Exp $
.\"
.\" Copyright (C) 2001, Kjell Wooding. All rights reserved.
.\"
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: December 2 2007 $
.Dt PF 4
.Os
.Sh NAME
@@ -292,14 +292,17 @@ if another process is concurrently updating a ruleset.
Add a state entry.
.Bd -literal
struct pfioc_state {
- u_int32_t nr;
- struct pf_state state;
+ struct pfsync_state state;
};
.Ed
.It Dv DIOCGETSTATE Fa "struct pfioc_state *ps"
-Extract the entry with the specified number
-.Va nr
-from the state table.
+Extract the entry identified by the
+.Va id
+and
+.Va creatorid
+fields of the
+.Va state
+structure from the state table.
.It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk"
Remove matching entries from the state table.
This ioctl returns the number of killed states in