From b28479dfe2b344764dddb58a31df37c21423cfde Mon Sep 17 00:00:00 2001
From: mlaier <mlaier@FreeBSD.org>
Date: Tue, 3 May 2005 16:55:20 +0000
Subject: Resolve conflicts created during the import of pf 3.7 Some features
 are missing and will be implemented in a second step.  This is functional as
 is.

Tested by:	freebsd-pf, pfsense.org
Obtained from:	OpenBSD
---
 contrib/pf/pflogd/pflogd.c  | 37 ++++++++++++++++++++++++++++++-------
 contrib/pf/pflogd/privsep.c | 18 +++++++++++-------
 2 files changed, 41 insertions(+), 14 deletions(-)

(limited to 'contrib/pf/pflogd')

diff --git a/contrib/pf/pflogd/pflogd.c b/contrib/pf/pflogd/pflogd.c
index a8c3863..84a9c94 100644
--- a/contrib/pf/pflogd/pflogd.c
+++ b/contrib/pf/pflogd/pflogd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pflogd.c,v 1.27 2004/02/13 19:01:57 otto Exp $	*/
+/*	$OpenBSD: pflogd.c,v 1.33 2005/02/09 12:09:30 henning Exp $	*/
 
 /*
  * Copyright (c) 2001 Theo de Raadt
@@ -271,16 +271,19 @@ reset_dump(void)
 	fp = fdopen(fd, "a+");
 
 	if (fp == NULL) {
+		close(fd);
 		logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno));
 		return (1);
 	}
 	if (fstat(fileno(fp), &st) == -1) {
+		fclose(fp);
 		logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno));
 		return (1);
 	}
 
 	/* set FILE unbuffered, we do our own buffering */
 	if (setvbuf(fp, NULL, _IONBF, 0)) {
+		fclose(fp);
 		logmsg(LOG_ERR, "Failed to set output buffers");
 		return (1);
 	}
@@ -291,6 +294,7 @@ reset_dump(void)
 		if (snaplen != cur_snaplen) {
 			logmsg(LOG_NOTICE, "Using snaplen %d", snaplen);
 			if (set_snaplen(snaplen)) {
+				fclose(fp);
 				logmsg(LOG_WARNING,
 				    "Failed, using old settings");
 			}
@@ -418,8 +422,9 @@ dump_packet_nobuf(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 #else
 	if (fwrite((char *)h, sizeof(*h), 1, f) != 1) {
 #endif
-		/* try to undo header to prevent corruption */
 		off_t pos = ftello(f);
+
+		/* try to undo header to prevent corruption */
 #ifdef __FreeBSD__
 		if (pos < sizeof(sh) ||
 		    ftruncate(fileno(f), pos - sizeof(sh))) {
@@ -554,6 +559,7 @@ main(int argc, char **argv)
 	struct pcap_stat pstat;
 	int ch, np, Xflag = 0;
 	pcap_handler phandler = dump_packet;
+	char *errstr = NULL;
 
 #ifdef __FreeBSD__
 	/* another ?paranoid? safety measure we do not have */
@@ -567,19 +573,35 @@ main(int argc, char **argv)
 			Debug = 1;
 			break;
 		case 'd':
-			delay = atoi(optarg);
-			if (delay < 5 || delay > 60*60)
+#ifdef __OpenBSD__
+			delay = strtonum(optarg, 5, 60*60, &errstr);
+			if (errstr)
+#else
+			delay = strtol(optarg, &errstr, 10);
+			if ((delay < 5) || (delay > 60*60) ||
+			    ((errstr != NULL) && (*errstr != '\0')))
+#endif
 				usage();
 			break;
 		case 'f':
 			filename = optarg;
 			break;
 		case 's':
-			snaplen = atoi(optarg);
+#ifdef __OpenBSD__
+			snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
+			    &errstr);
+			if (snaplen <= 0)
+				snaplen = DEF_SNAPLEN;
+			if (errstr)
+				snaplen = PFLOGD_MAXSNAPLEN;
+#else
+			snaplen = strtol(optarg, &errstr, 10);
 			if (snaplen <= 0)
 				snaplen = DEF_SNAPLEN;
-			if (snaplen > PFLOGD_MAXSNAPLEN)
+			if ((snaplen > PFLOGD_MAXSNAPLEN) ||
+			    ((errstr != NULL) && (*errstr != '\0')))
 				snaplen = PFLOGD_MAXSNAPLEN;
+#endif
 			break;
 		case 'x':
 			Xflag++;
@@ -603,6 +625,7 @@ main(int argc, char **argv)
 		pidfile(NULL);
 	}
 
+	tzset();
 	(void)umask(S_IRWXG | S_IRWXO);
 
 	/* filter will be used by the privileged process */
@@ -655,7 +678,7 @@ main(int argc, char **argv)
 
 	while (1) {
 		np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
-		    dump_packet, (u_char *)dpcap);
+		    phandler, (u_char *)dpcap);
 		if (np < 0) {
 #ifdef __FreeBSD__
 			if (errno == ENXIO) {
diff --git a/contrib/pf/pflogd/privsep.c b/contrib/pf/pflogd/privsep.c
index 3dfba32..ac64ebe 100644
--- a/contrib/pf/pflogd/privsep.c
+++ b/contrib/pf/pflogd/privsep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep.c,v 1.8 2004/03/14 19:17:05 otto Exp $	*/
+/*	$OpenBSD: privsep.c,v 1.13 2004/12/22 09:21:02 otto Exp $	*/
 
 /*
  * Copyright (c) 2003 Can Erkin Acar
@@ -69,7 +69,7 @@ int
 priv_init(void)
 {
 	int i, fd, socks[2], cmd;
-	int snaplen, ret;
+	int snaplen, ret, olderrno;
 	struct passwd *pw;
 
 #ifdef __FreeBSD__
@@ -118,10 +118,12 @@ priv_init(void)
 	}
 
 	/* Father */
-	/* Pass ALRM/TERM/HUP through to child, and accept CHLD */
+	/* Pass ALRM/TERM/HUP/INT/QUIT through to child, and accept CHLD */
 	signal(SIGALRM, sig_pass_to_chld);
 	signal(SIGTERM, sig_pass_to_chld);
 	signal(SIGHUP,  sig_pass_to_chld);
+	signal(SIGINT,  sig_pass_to_chld);
+	signal(SIGQUIT,  sig_pass_to_chld);
 	signal(SIGCHLD, sig_chld);
 
 	setproctitle("[priv]");
@@ -153,12 +155,14 @@ priv_init(void)
 			fd = open(filename,
 			    O_RDWR|O_CREAT|O_APPEND|O_NONBLOCK|O_NOFOLLOW,
 			    0600);
+			olderrno = errno;
+			send_fd(socks[0], fd);
 			if (fd < 0)
 				logmsg(LOG_NOTICE,
 				    "[priv]: failed to open %s: %s",
-				    filename, strerror(errno));
-			send_fd(socks[0], fd);
-			close(fd);
+				    filename, strerror(olderrno));
+			else
+				close(fd);
 			break;
 
 		default:
@@ -217,7 +221,7 @@ priv_open_log(void)
 	int cmd, fd;
 
 	if (priv_fd < 0)
-		errx(1, "%s: called from privileged portion\n", __func__);
+		errx(1, "%s: called from privileged portion", __func__);
 
 	cmd = PRIV_OPEN_LOG;
 	must_write(priv_fd, &cmd, sizeof(int));
-- 
cgit v1.1