On Sat, Mar 04, 2006 at 04:04:23PM +0100, Sven Ingebrigt Ulland wrote:
> What exactly does pfctl_get_pool() do, and why is it there? I did not
> get much smarter by looking at the function and trying to figure out
> what it does. It runs DIOCGETADDRS to get the ticket, and then
> DIOCGETADDR, both of which can fail (for reasons I'm unable to figure
> out).
It downloads a pool (a set, a list) of addresses associated with the
rule from the kernel, and stores it in the structure.
See print pfctl_parser.c print_rule() and print_pool().
Filter rules can have a pool of addresses as parameters for the
'route/reply/dup-to' options, as in
pass ... route-to { ( xl0 10.1.2.3 ), ( xl1 10.2.3.4 ) } ...
Translation rules can have a pool of replacement addresses, as in
nat ... -> { 10.1.2.3, 10.2.3.4 } round-robin
Even when such rules only use a single address as parameter, we still
call it a pool (one that just contains a single address), and
pfctl_get_pool() fetches that.
If you don't need to do anything with the pool addresses (i.e. you don't
want to show them), there's no need to fetch them. pfctl -sr prints
them, so it has to fetch them.
Daniel
