I am upgrading my cmd counter measures daemon to 3.3 current. cmd listens on pflog0 and modifies pf rules through the pf device using ioctl calls (yes I know, dynamic firewalls are disbutable and open doors to all kind of DoS attacks...).
Is it correct that DIOCCHANGERULE now needs a ticket for every operation (in earlier releases I didn't need a ticket for adding a rule at the tail)?
Is this a one time ticket or do I need some sort of "commit" ioctl call?
Is the following code path approx. correct? First I get the ticket, secondly I add a rule at the tail (code is - off course - stripped down to the max...):
struct pfioc_rule cm; ... memset(&cm, 0, sizeof(cm)); cm.action = PF_CHANGE_GET_TICKET; ioctl(dev, DIOCCHANGERULE, &cm); ... cm.action = PF_CHANGE_ADD_TAIL; ioctl(dev, DIOCCHANGERULE, &cm); ...
Is there an ioctl which informs me of "third party" rule changes? I.e. a possibility to register a callback which gets called when something else changes a rule?
Regards, Marc
