From 7db14a07c5fb1bfd83c1299830ea033c0925019e Mon Sep 17 00:00:00 2001 From: bol-van Date: Mon, 7 Jul 2025 15:33:02 +0300 Subject: [PATCH] tpws: openbsd no more inits /dev/pf by default --- docs/changes.txt | 1 + tpws/tpws.c | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index d366ef6..5beea0a 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -524,3 +524,4 @@ nfqws: apply udp desync to replayed packets with non-zero reasm offset (except f blockcheck: display curl version and kernel version install_bin: stop if no binaries found. display help text. winws: increase buffers for port filter +tpws: tpws no more opens /dev/pf in OpenBSD by default. requires --enable-pf like in FreeBSD. this is migration from rdr-to to divert-to redirection scheme. diff --git a/tpws/tpws.c b/tpws/tpws.c index 893e433..4d86ee2 100644 --- a/tpws/tpws.c +++ b/tpws/tpws.c @@ -216,7 +216,7 @@ static void exithelp(void) " --pidfile=\t\t\t; write pid to file\n" " --user=\t\t\t; drop root privs\n" " --uid=uid[:gid1,gid2,...]\t\t; drop root privs\n" -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__OpenBSD__) " --enable-pf\t\t\t\t; enable PF redirector support. required in FreeBSD when used with PF firewall.\n" #endif #if defined(__linux__) @@ -711,7 +711,7 @@ enum opt_indices { IDX_IPSET_EXCLUDE, IDX_IPSET_EXCLUDE_IP, -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__OpenBSD__) IDX_ENABLE_PF, #elif defined(__APPLE__) IDX_LOCAL_TCP_USER_TIMEOUT, @@ -804,7 +804,7 @@ static const struct option long_options[] = { [IDX_IPSET_EXCLUDE] = {"ipset-exclude", required_argument, 0, 0}, [IDX_IPSET_EXCLUDE_IP] = {"ipset-exclude-ip", required_argument, 0, 0}, -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__OpenBSD__) [IDX_ENABLE_PF] = {"enable-pf", no_argument, 0, 0}, #elif defined(__APPLE__) [IDX_LOCAL_TCP_USER_TIMEOUT] = {"local-tcp-user-timeout", required_argument, 0, 0}, @@ -840,7 +840,7 @@ void parse_params(int argc, char *argv[]) params.tcp_user_timeout_remote = DEFAULT_TCP_USER_TIMEOUT_REMOTE; #endif -#if defined(__OpenBSD__) || defined(__APPLE__) +#if defined(__APPLE__) params.pf_enable = true; // OpenBSD and MacOS have no other choice #endif @@ -1554,7 +1554,7 @@ void parse_params(int argc, char *argv[]) params.tamper = true; break; -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__OpenBSD__) case IDX_ENABLE_PF: params.pf_enable = true; break;