[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r7009: Only open /dev/pf once. (in tor/trunk: . src/or)
Author: nickm
Date: 2006-08-10 05:01:54 -0400 (Thu, 10 Aug 2006)
New Revision: 7009
Modified:
tor/trunk/
tor/trunk/src/or/connection_edge.c
Log:
r7301@Kushana: nickm | 2006-08-10 01:41:27 -0700
Only open /dev/pf once.
Property changes on: tor/trunk
___________________________________________________________________
Name: svk:merge
- 17f730b7-d419-0410-b50f-85ee4b70197a:/local/or/tor/trunk:8245
1f724f9b-111a-0410-b636-93f1a77c1813:/local/or/tor/trunk:8207
96637b51-b116-0410-a10e-9941ebb49b64:/tor/branches/spec:7005
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/eventdns:7014
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/mmap:7030
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/oo-connections:6950
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/trans-ap:7300
+ 17f730b7-d419-0410-b50f-85ee4b70197a:/local/or/tor/trunk:8245
1f724f9b-111a-0410-b636-93f1a77c1813:/local/or/tor/trunk:8207
96637b51-b116-0410-a10e-9941ebb49b64:/tor/branches/spec:7005
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/eventdns:7014
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/mmap:7030
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/oo-connections:6950
c95137ef-5f19-0410-b913-86e773d04f59:/tor/branches/trans-ap:7301
Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c 2006-08-10 09:01:46 UTC (rev 7008)
+++ tor/trunk/src/or/connection_edge.c 2006-08-10 09:01:54 UTC (rev 7009)
@@ -1236,6 +1236,33 @@
return 0; /* unreached but keeps the compiler happy */
}
+#ifdef TRANS_PF
+static int pf_socket = -1;
+static int
+get_pf_socket(void)
+{
+ int pf;
+ /* Ideally, this should be opened before dropping privs. */
+ if (pf_socket >= 0)
+ return pf_socket;
+
+#ifdef OPENBSD
+ /* only works on OpenBSD */
+ pf = open("/dev/pf", O_RDONLY);
+#else
+ /* works on NetBSD and FreeBSD */
+ pf = open("/dev/pf", O_RDWR);
+#endif
+
+ if (pf < 0) {
+ log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
+ return -1;
+ }
+
+ pf_socket = pf;
+}
+#endif
+
/** Fetch the original destination address and port from a
* system-specific interface and put them into a
* socks_request_t as if they came from a socks request.
@@ -1287,29 +1314,15 @@
pnl.sport = htons(conn->_base.port);
pnl.daddr.v4.s_addr = proxy_addr.sin_addr.s_addr;
pnl.dport = proxy_addr.sin_port;
-
- /* XXX We should open the /dev/pf device once and close it at cleanup time
- * instead of reopening it for every connection. Ideally, it should be
- * opened before dropping privs. */
-#ifdef OPENBSD
- /* only works on OpenBSD */
- pf = open("/dev/pf", O_RDONLY);
-#else
- /* works on NetBSD and FreeBSD */
- pf = open("/dev/pf", O_RDWR);
-#endif
-
- if (pf < 0) {
- log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
+
+ pf = get_pf_socket();
+ if (pf<0)
return -1;
- }
if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {
log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno));
- close(pf);
return -1;
}
- close(pf);
tor_inet_ntoa(&pnl.rdaddr.v4, tmpbuf, sizeof(tmpbuf));
strlcpy(req->address, tmpbuf, sizeof(req->address));