From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 7 Jul 2008 04:58:26 +0000 (+1200)
Subject: Author: Brad Smith <brad@comstyle.com>
X-Git-Tag: SQUID_3_1_0_1~49^2~165
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d14c6ef2b422ccc4b87dc6f85317ad666ecb3302;p=thirdparty%2Fsquid.git

Author: Brad Smith <brad@comstyle.com>
Bug 2396: Correct the opening of the PF device file.

The PF device file is supposed to be opened read-only as of quite a number of
releases ago.
---

diff --git a/src/IPInterception.cc b/src/IPInterception.cc
index c2e612cb4b..2533594115 100644
--- a/src/IPInterception.cc
+++ b/src/IPInterception.cc
@@ -365,7 +365,7 @@ IPIntercept::NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAdd
     if( !peer.IsIPv4() ) return -1;
 
     if (pffd < 0)
-        pffd = open("/dev/pf", O_RDWR);
+        pffd = open("/dev/pf", O_RDONLY);
 
     if (pffd < 0)
     {