1*0e59fe4aSbluhm /* $OpenBSD: pfioctl2.c,v 1.3 2022/02/26 20:14:06 bluhm Exp $ */
20ed871a7Sbenno /*
327281ab2Sbenno * Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org>
40ed871a7Sbenno *
50ed871a7Sbenno * Permission to use, copy, modify, and distribute this software for any
60ed871a7Sbenno * purpose with or without fee is hereby granted, provided that the above
70ed871a7Sbenno * copyright notice and this permission notice appear in all copies.
80ed871a7Sbenno *
90ed871a7Sbenno * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
100ed871a7Sbenno * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
110ed871a7Sbenno * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
120ed871a7Sbenno * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
130ed871a7Sbenno * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
140ed871a7Sbenno * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
150ed871a7Sbenno * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
160ed871a7Sbenno */
170ed871a7Sbenno
180ed871a7Sbenno #include <sys/types.h>
190ed871a7Sbenno #include <sys/socket.h>
200ed871a7Sbenno #include <sys/ioctl.h>
210ed871a7Sbenno #include <net/if.h>
220ed871a7Sbenno #include <net/pfvar.h>
230ed871a7Sbenno
240ed871a7Sbenno #include <err.h>
250ed871a7Sbenno #include <errno.h>
260ed871a7Sbenno #include <fcntl.h>
270ed871a7Sbenno #include <stdio.h>
280ed871a7Sbenno #include <stdlib.h>
290ed871a7Sbenno #include <unistd.h>
300ed871a7Sbenno
310ed871a7Sbenno #define PF_SOCKET "/dev/pf"
320ed871a7Sbenno
330ed871a7Sbenno int test_pf_status(int);
340ed871a7Sbenno
350ed871a7Sbenno int
test_pf_status(int s)360ed871a7Sbenno test_pf_status(int s)
370ed871a7Sbenno {
380ed871a7Sbenno struct pf_status status;
390ed871a7Sbenno int ret = 0;
400ed871a7Sbenno
410ed871a7Sbenno if (ioctl(s, DIOCGETSTATUS, &status) == -1)
420ed871a7Sbenno err(1, "%s: DIOCGETSTATUS", __func__);
430ed871a7Sbenno if (!status.running)
44*0e59fe4aSbluhm warnx("%s: pf is disabled", __func__);
450ed871a7Sbenno
460ed871a7Sbenno return (ret);
470ed871a7Sbenno }
480ed871a7Sbenno
490ed871a7Sbenno
500ed871a7Sbenno int
main(int argc,char * argv[])510ed871a7Sbenno main(int argc, char *argv[])
520ed871a7Sbenno {
530ed871a7Sbenno int s;
540ed871a7Sbenno
550ed871a7Sbenno printf("pf ioctl with file opened after pledge fails\n");
560ed871a7Sbenno if (pledge("stdio pf", NULL) == -1)
57*0e59fe4aSbluhm err(1, "pledge");
580ed871a7Sbenno
590ed871a7Sbenno /* this fd is not fdpledged, test should fail */
600ed871a7Sbenno if ((s = open(PF_SOCKET, O_RDWR)) == -1) {
610ed871a7Sbenno err(1, "%s: cannot open pf socket", __func__);
620ed871a7Sbenno }
630ed871a7Sbenno
640ed871a7Sbenno test_pf_status(s);
650ed871a7Sbenno close(s);
660ed871a7Sbenno exit(0);
670ed871a7Sbenno }
68