1 /* $OpenBSD: pfioctl1.c,v 1.3 2022/02/26 20:14:06 bluhm Exp $ */ 2 /* 3 * Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/types.h> 19 #include <sys/socket.h> 20 #include <sys/ioctl.h> 21 #include <net/if.h> 22 #include <net/pfvar.h> 23 24 #include <err.h> 25 #include <errno.h> 26 #include <fcntl.h> 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <unistd.h> 30 31 #define PF_SOCKET "/dev/pf" 32 33 int test_pf_status(int); 34 35 int 36 test_pf_status(int s) 37 { 38 struct pf_status status; 39 int ret = 0; 40 41 if (ioctl(s, DIOCGETSTATUS, &status) == -1) 42 err(1, "%s: DIOCGETSTATUS", __func__); 43 if (!status.running) 44 warnx("%s: pf is disabled", __func__); 45 46 return (ret); 47 } 48 49 50 int 51 main(int argc, char *argv[]) 52 { 53 int s; 54 55 /* a file opened before pledge (!fdpledged) can be used for ioctls */ 56 if ((s = open(PF_SOCKET, O_RDWR)) == -1) { 57 err(1, "%s: cannot open pf socket", __func__); 58 } 59 printf("pf ioctl with file opened before pledge succeeds (1)\n"); 60 test_pf_status(s); 61 62 if (pledge("stdio pf", NULL) == -1) 63 err(1, "pledge"); 64 65 printf("pf ioctl with file opened before pledge succeeds (2)\n"); 66 test_pf_status(s); 67 close(s); 68 exit(0); 69 } 70