[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r7009: Only open /dev/pf once. (in tor/trunk: . src/or)



Author: nickm
Date: 2006-08-10 05:01:54 -0400 (Thu, 10 Aug 2006)
New Revision: 7009

Modified:
   tor/trunk/
   tor/trunk/src/or/connection_edge.c
Log:
 r7301@Kushana:  nickm | 2006-08-10 01:41:27 -0700
 Only open /dev/pf once.



Property changes on: tor/trunk
___________________________________________________________________
Name: svk:merge
   - 17f730b7-d419-0410-b50f-85ee4b70197a:/local/or/tor/trunk:8245
1f724f9b-111a-0410-b636-93f1a77c1813:/local/or/tor/trunk:8207
96637b51-b116-0410-a10e-9941ebb49b64:/tor/branches/spec:7005
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/eventdns:7014
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/mmap:7030
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/oo-connections:6950
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/trans-ap:7300
   + 17f730b7-d419-0410-b50f-85ee4b70197a:/local/or/tor/trunk:8245
1f724f9b-111a-0410-b636-93f1a77c1813:/local/or/tor/trunk:8207
96637b51-b116-0410-a10e-9941ebb49b64:/tor/branches/spec:7005
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/eventdns:7014
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/mmap:7030
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/oo-connections:6950
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/trans-ap:7301

Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c	2006-08-10 09:01:46 UTC (rev 7008)
+++ tor/trunk/src/or/connection_edge.c	2006-08-10 09:01:54 UTC (rev 7009)
@@ -1236,6 +1236,33 @@
   return 0; /* unreached but keeps the compiler happy */
 }
 
+#ifdef TRANS_PF
+static int pf_socket = -1;
+static int
+get_pf_socket(void)
+{
+  int pf;
+  /*  Ideally, this should be opened before dropping privs. */
+  if (pf_socket >= 0)
+    return pf_socket;
+
+#ifdef OPENBSD
+  /* only works on OpenBSD */
+  pf = open("/dev/pf", O_RDONLY);
+#else
+  /* works on NetBSD and FreeBSD */
+  pf = open("/dev/pf", O_RDWR);
+#endif
+
+  if (pf < 0) {
+    log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
+    return -1;
+  }
+
+  pf_socket = pf;
+}
+#endif
+
 /** Fetch the original destination address and port from a
  * system-specific interface and put them into a
  * socks_request_t as if they came from a socks request.
@@ -1287,29 +1314,15 @@
   pnl.sport           = htons(conn->_base.port);
   pnl.daddr.v4.s_addr = proxy_addr.sin_addr.s_addr;
   pnl.dport           = proxy_addr.sin_port;
-
-  /* XXX We should open the /dev/pf device once and close it at cleanup time
-   * instead of reopening it for every connection. Ideally, it should be
-   * opened before dropping privs. */
-#ifdef OPENBSD
-  /* only works on OpenBSD */
-  pf = open("/dev/pf", O_RDONLY);
-#else
-  /* works on NetBSD and FreeBSD */
-  pf = open("/dev/pf", O_RDWR);
-#endif
-
-  if (pf < 0) {
-    log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
+  
+  pf = get_pf_socket();
+  if (pf<0)
     return -1;
-  }
 
   if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {
     log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno));
-    close(pf);
     return -1;
   }
-  close(pf);
 
   tor_inet_ntoa(&pnl.rdaddr.v4, tmpbuf, sizeof(tmpbuf));
   strlcpy(req->address, tmpbuf, sizeof(req->address));