On Sat, Mar 04, 2006 at 04:04:23PM +0100, Sven Ingebrigt Ulland wrote: > What exactly does pfctl_get_pool() do, and why is it there? I did not > get much smarter by looking at the function and trying to figure out > what it does. It runs DIOCGETADDRS to get the ticket, and then > DIOCGETADDR, both of which can fail (for reasons I'm unable to figure > out).
It downloads a pool (a set, a list) of addresses associated with the rule from the kernel, and stores it in the structure. See print pfctl_parser.c print_rule() and print_pool(). Filter rules can have a pool of addresses as parameters for the 'route/reply/dup-to' options, as in pass ... route-to { ( xl0 10.1.2.3 ), ( xl1 10.2.3.4 ) } ... Translation rules can have a pool of replacement addresses, as in nat ... -> { 10.1.2.3, 10.2.3.4 } round-robin Even when such rules only use a single address as parameter, we still call it a pool (one that just contains a single address), and pfctl_get_pool() fetches that. If you don't need to do anything with the pool addresses (i.e. you don't want to show them), there's no need to fetch them. pfctl -sr prints them, so it has to fetch them. Daniel