-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable on OpenBSD and FreeBSD #103
base: main
Are you sure you want to change the base?
Conversation
6c25733
to
afa29f7
Compare
Allows to be built on other platforms like FreeBSD. Needs to stick to nix 0.26 because nix >= 0.27 requires Rust >= 1.65.
afa29f7
to
da881c0
Compare
Thanks for wanting to contribute! Can you please try to minimize changes to If this supposedly works for integrating to the FreeBSD version of PF then I think we should have CI tests for that. Does Github actions support that? If we don't have tests it will inevitably break without us noticing. Could you look into adding such tests maybe? |
Would it make sense to try to upstream FreeBSD support to |
Also set up the script to generate bindings from OpenBSD and FreeBSD.
Hey, thanks for checking out my PR and apologies for not replying ASAP. I hyperfocused into trying to make this crate actually work on OpenBSD and then FreeBSD after. I just discovered that they are way too different now. (after 20 years of divergence obviously) For example; OpenBSD doesn't use pool addresses (pf_pool is just wired funny), and FreeBSD doesn't have types for port ranges. I'm changing this PR to reflect that. I'm developing on OpenBSD 7.5 and FreeBSD 14.1. If anyone knows where to find pf(4) manual page for macOS Sonoma or closer please lemme know! I need it to cross-reference and Apple loves being a PITA.
I manually modified Cargo.toml for the exact same reason of trying to get rid of random churn (but failed). error-chain is somehow bringing other dependencies along the way. I suggest getting rid of Cargo.lock altogether like other libraries, and only using major versions in the Cargo.toml. Plus getting rid of error-chain would be a great bonus too. Perhaps this work will justify bumping this crate to 0.5? I can also try to 'pre-expand' the macros so we can drop the ioctl macro dependency altogether. I can either put that in this crate or create 'pf-sys' containing the bindings and the ioctl calls. The caveat with that is that it might be a bit hard to read/maintain and could be a non-singular point of failure.
Right now, I've added tests for the 2 BSDs using VM on ubuntu-latest. I've also modified the generate-bindings.sh to be able to generate bindings for those BSDs. Plus some initial (non-compiling) work for OpenBSD done already. (Also, sorry for the random commits lol, I'll squash them once everything's done.)
I'll try that once I'm done with this one. Judging by the last update date, I don't reckon the maintainers are active enough, plus I want a working ioctl wrapper right now. |
Just realised that anchors = pf_ruleset on BSDs
2ac9af7
to
c7922d5
Compare
Replaces the ioctl-sys with the ioctl macros from nix crate.
The nix crate allows this library to be built on other platforms like FreeBSD.
Passes all tests until the states test, although the main branch fails as well for literally the same reasons. Tested on macOS Sonoma 14.5 on an M1 Pro MacBook. Done FreeBSD tests through cross-rs with the same result.
Pending full testing on macOS and FreeBSD.
Edit:
Currently passing on macOS test runs: https://github.com/striczkof/pfctl-rs/actions/runs/9457974825.
Fails anchors test on FreeBSD and OpenBSD: https://github.com/striczkof/pfctl-rs/actions/runs/9458110537.
This change is