Re: [squid-users] squid trying access PF devices (freebsd)

From: SM <sm@dont-contact.us>
Date: Sun, 20 Jan 2008 09:27:34 -0800

At 00:50 19-01-2008, Amos Jeffries wrote:
>Alexandre Correa wrote:
>>maresia# ls -l /dev/pf
>>crw------- 1 root wheel 0, 74 Jan 10 11:18 /dev/pf
>
>Looks like all you need to do is start squid properly as root user
>and let it do the permissions dropping properly itself.

Even when permissions are dropped, Squid still needs to read
/dev/pf. The above permissions will cause an error. When
PF_TRANSPARENT is defined, the GID of /dev/pf has to be changed to be
accessible by Squid.

Currently, Squid 2.6.x opens /dev/pf in read/write mode. There was
an OpenBSD patch to src/client_side.c to open /dev/pf in read-only mode .

--- client_side.c.orig Mon Sep 3 06:13:36 2007
+++ client_side.c Sun Jan 20 09:14:37 2008
@@ -4441,7 +4441,7 @@
      static int pffd = -1;
      static time_t last_reported = 0;
      if (pffd < 0) {
- pffd = open("/dev/pf", O_RDWR);
+ pffd = open("/dev/pf", O_RDONLY);
         if (pffd >= 0)
             commSetCloseOnExec(pffd);
      }

Regards,
-sm
Received on Sun Jan 20 2008 - 10:28:12 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST