#pf-rs
A crate which provides userspace interface to FreeBSD port of the OpendBSD's PF (Packet Filter) which allows to control PF directly without executing pfctl(8) every time when it is required to block network host or to check the list.
- This crate i.e code is NOT an Open Source software. This is a FREE (gratis) software and follows the principle of Sources Available/Disclosed software which should be fairly used.
- It is published under FSF/OSI approved licenses however author does not follow/share/respect OSI and FSF principles and phylosophy.
- License is subject to be changed in further versions without warning.
- If you are using code in non-free (in terms of gratis) software you MUST NEVER demand a development of any features which are missing and needed for your business if you are not sponsoring/contributing those changes.
- Access to the code can be limited by author to specific entities due to the local laws (not my bad or fault)(despite what is said in the license).
- AI generated sloppy code is prohibited. AI generates slop "a priori" (anyway).
- Licenses (thank you OSS sectarians ) do not anyhow limit AI training, but f^ck you all - ChatGPT, Co
ckPilot, especially Claude and rest unidentified cr@p. - It is strongly discouraged from using the AI based tools to write or enhance the code. AI slope would 100% violate the license by introducing the 3rd party licensed code.
The pull requests are now supported because the repository was moved to Codeberg. The alternative way is to send patches over the email to patch[at]4neko.org.
In case if you would like to contribute the code, please use pull request. Your pull request should include:
-
Description of changes and why it is needed.
-
Test the pull request.
In case of you prefer email and patch files please consider the following:
-
For each feature or fix, please send patches separatly.
-
Please write what your patch is implementing or fixing.
-
I can read the code and I am able to understand it, so don't write a poem or essay in the description to the patches.
-
Please test your patch.
Version
V 0.2.3 - updated to support FREEBSD 14.0-RELEASE.
License:
Sources are available under: BSD-2-Clause
Issues tracker:
The project has moved to Codeberg.
This is experimental crate and is used in "aienma" project.
At the moment the following is supported:
- Add, Remove, Test commands on tables (a list of hosts: IP/IPv6/DNS at the moment)
- Add, Remove, Test commands on tables from file (a list of hosts: IP/IPv6/DNS at the moment)
- Kill state by source IP or by source IP and dest IP
- Flush table
Prioritiesed ToDo list:
- Add tables reload command (requires config parser)
- Add full reaload command (requires config parser)
- Add config test command (requires config parser)
- Consifer to use safe list type for the c-linked lists if it is not passed to PF kernel module in such manner.
Code safity.
This crate uses a lot of unsafe code because it is using a lot of C-structures.
Probably some approaches like std::mem::zeroed() can be dodgy but it is true only on some cases.
So, below is a list of which code-approaches were used and why it is considered safe enough.
std::mem::zeroed() on structure initialization
In most cases, all structures required to be initialized with zeroes. Also it is usefull because it may contain fixed string buffer where in C, string is always null-terminated and pointers which are required to be pointed to NULL in some cases.
This method can be used on structires which does not contain references!
Working with pointers
When working with raw pointers it is better to keep track when any C code is initializing memory on its side and deallocate it with either
free()or specially provided function.
Padding
In some cases rust may leave structure padded not to n^2 but for example to 44 when C will pad it to 48.
Example