Index: filter.c =================================================================== RCS file: /cvs/src/usr.sbin/ftp-proxy/filter.c,v retrieving revision 1.5 diff -u -r1.5 filter.c --- filter.c 1 Dec 2006 07:31:21 -0000 1.5 +++ filter.c 31 Jul 2007 18:18:55 -0000 @@ -53,7 +53,7 @@ static struct pfioc_trans pft; static struct pfioc_trans_e pfte[TRANS_SIZE]; static int dev, rule_log; -static char *qname; +static char *qname, *tagname; int add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src, @@ -159,11 +159,12 @@ } void -init_filter(char *opt_qname, int opt_verbose) +init_filter(char *opt_qname, char *opt_tagname, int opt_verbose) { struct pf_status status; qname = opt_qname; + tagname = opt_tagname; if (opt_verbose == 1) rule_log = PF_LOG; @@ -276,6 +277,8 @@ } pfr.rule.dst.port_op = PF_OP_EQ; pfr.rule.dst.port[0] = htons(d_port); + if (tagname != NULL) + strlcpy(pfr.rule.tagname, tagname, sizeof pfr.rule.tagname); switch (rs_num) { case PF_RULESET_FILTER: Index: filter.h =================================================================== RCS file: /cvs/src/usr.sbin/ftp-proxy/filter.h,v retrieving revision 1.3 diff -u -r1.3 filter.h --- filter.h 7 Jun 2005 14:12:07 -0000 1.3 +++ filter.h 31 Jul 2007 18:19:17 -0000 @@ -26,6 +26,6 @@ struct sockaddr *, u_int16_t); int do_commit(void); int do_rollback(void); -void init_filter(char *, int); +void init_filter(char *, char *, int); int prepare_commit(u_int32_t); int server_lookup(struct sockaddr *, struct sockaddr *, struct sockaddr *); Index: ftp-proxy.8 =================================================================== RCS file: /cvs/src/usr.sbin/ftp-proxy/ftp-proxy.8,v retrieving revision 1.8 diff -u -r1.8 ftp-proxy.8 --- ftp-proxy.8 31 May 2007 19:20:23 -0000 1.8 +++ ftp-proxy.8 31 Jul 2007 19:05:48 -0000 @@ -32,6 +32,7 @@ .Op Fl q Ar queue .Op Fl R Ar address .Op Fl t Ar timeout +.Op Fl T Ar tag .Sh DESCRIPTION .Nm is a proxy for the Internet File Transfer Protocol. @@ -134,6 +135,10 @@ The maximum is 86400 seconds, which is also the default. Do not set this too low, because the control connection is usually idle when large data transfers are taking place. +.It Fl T Ar tag +Automatically tag packets passing through the +.Xr pf 4 +rule with the name supplied. .It Fl v Set the 'log' flag on pf rules committed by .Nm . Index: ftp-proxy.c =================================================================== RCS file: /cvs/src/usr.sbin/ftp-proxy/ftp-proxy.c,v retrieving revision 1.13 diff -u -r1.13 ftp-proxy.c --- ftp-proxy.c 30 Dec 2006 13:24:00 -0000 1.13 +++ ftp-proxy.c 31 Jul 2007 18:38:25 -0000 @@ -113,7 +113,7 @@ struct sockaddr_storage fixed_server_ss, fixed_proxy_ss; char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port, - *qname; + *qname, *tagname; int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions, rfc_mode, session_count, timeout, verbose; extern char *__progname; @@ -588,6 +588,7 @@ max_sessions = 100; qname = NULL; rfc_mode = 0; + tagname = NULL; timeout = 24 * 3600; verbose = 0; @@ -595,7 +596,7 @@ id_count = 1; session_count = 0; - while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rt:v")) != -1) { + while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) { switch (ch) { case '6': ipv6_mode = 1; @@ -640,6 +641,11 @@ case 'r': rfc_mode = 1; break; + case 'T': + if (strlen(optarg) >= PF_TAG_NAME_SIZE) + errx(1, "tagname too long"); + tagname = optarg; + break; case 't': timeout = strtonum(optarg, 0, 86400, &errstr); if (errstr) @@ -720,7 +726,7 @@ freeaddrinfo(res); /* Initialize pf. */ - init_filter(qname, verbose); + init_filter(qname, tagname, verbose); if (daemonize) { if (daemon(0, 0) == -1) @@ -1088,6 +1094,6 @@ { fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]" " [-D level] [-m maxsessions]\n [-P port]" - " [-p port] [-q queue] [-R address] [-t timeout]\n", __progname); + " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname); exit(1); }