From nobody Wed Jan 14 08:06:01 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4drdwV6TRGz6PKpm
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Wed, 14 Jan 2026 08:06:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4drdwT6Dhrz3KM3
	for <dev-commits-src-all@FreeBSD.org>; Wed, 14 Jan 2026 08:06:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1768377961;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=C0NLK1FKw4FmS/bvK1fBReqmDh5hz/mVmPePreZ3zp0=;
	b=KsaKAtamudjJJ2SPGq1JjDgvh5LvQMZHuiB5JTOl7wWlTQn6mWufhUpskzQXkj6P54sgtt
	hHfq6bMpnWvYbyy1ArZF4VNeDckfzT0UJOVcFW3iscgM8Tu2Nx1YjZgCraVQB0ZDdvvbv6
	D0fZAM9vR4AL30g2+kFBQkqR/UH80bipQmmyBvQez8nEERIS3V2TE6TUpwIomw3QoBtZoj
	o6/uinDVRU6G8/43g+K813pgD35Q+a4vF6M6C6USzpGed4WHf65wvOQWhtL/GEtKckFqLW
	Wx6eG/6LtqBxcNijWhBa35FGIGe30veUxSrKzwIKKhEwp3T6Ic0p74qUI7cBzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1768377961;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=C0NLK1FKw4FmS/bvK1fBReqmDh5hz/mVmPePreZ3zp0=;
	b=qO/JZSofT2DGAnp+jPE7QwoNS0GVjdxRBpwUKuIRDYpBLttyXpahJ7mpM7jFay74yVihkp
	boSc/doZYnS5EVrXKnkUCLwZLIxf92TTs5Ko8HEWaxYLuCU1R/d5MaZ4yZ7mP7S+NJSfz5
	jcMmyNNwO0lf0M+nZ4Iw1PY3zwmd/j5psZtYn07lJPX3WGcYt0iZ+Q2XJonnm+0DJEepb8
	ZJ0QB6ANZ8yVbzqAVlSfGJrMdxm6lxtjI6auoQ9+XtEAiAnp1CmYrj8dbTlgsmuwF7s3Ip
	+yMjVeqj0rH3K15KD4eGZ+OO6ZCv2aYsAJ6Ww9UwIsVGK0WGzqUVm+Lt6TVAhw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1768377961; a=rsa-sha256; cv=none;
	b=GnbV76fqNsNbMShTDheIafZo7HxESwyDv+hWkk/mFcPvuf/j1oBzlJJZoD39QYbDIvXQyb
	5um03t6a1juBWE87UBPZSQ5X9W52hbshZvOXVBm18lYDkEPyjX0zjuIW++SNZ5MKVodi2w
	9eo6nfOKbD+PYZlG+RdTcT/xnMRUtCIjJEimpWrMLQClVhckmluxO8/PCjZYCeFN1jmIfr
	+YABLMpmE4TdSnNlZ/OK72caGyhxWsBHP4ZqSN2ehGUwgTLMwpavn3tOsoOKZlH3niEM9Q
	R+B2mBRI27sMCRv9+sNfWUuwGjpLJkZokKemVwk2FJnxEcUeVeMVTOqxZlDmMg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4drdwT5fFszpnM
	for <dev-commits-src-all@FreeBSD.org>; Wed, 14 Jan 2026 08:06:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id ca13
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Wed, 14 Jan 2026 08:06:01 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 63d5d1b0b37e - main - pfctl: improve limiters printing
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 63d5d1b0b37e56deef2bed395928fcf52449ad94
Auto-Submitted: auto-generated
Date: Wed, 14 Jan 2026 08:06:01 +0000
Message-Id: <69674e69.ca13.9625ade@gitrepo.freebsd.org>

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=63d5d1b0b37e56deef2bed395928fcf52449ad94

commit 63d5d1b0b37e56deef2bed395928fcf52449ad94
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-01-06 15:57:18 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-01-14 06:44:39 +0000

    pfctl: improve limiters printing
    
    Deviate a little from the OpenBSD code, to avoid unexpected output
    changes.
    
    Don't print limiter information when we show the rules (or labels).
    Do include the source and state limiters in the 'all' (pfctl -sa) output
    and give them their own titles.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index fb08d6300f23..ee1b2202cc1d 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -105,7 +105,7 @@ int	 pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int,
 	    const char *, int);
 void	 pfctl_print_eth_rule_counters(struct pfctl_eth_rule *, int);
 void	 pfctl_print_rule_counters(struct pfctl_rule *, int);
-int	 pfctl_show_statelims(int, enum pfctl_show);
+int	 pfctl_show_statelims(int, enum pfctl_show, int);
 int	 pfctl_show_sourcelims(int, enum pfctl_show, int, const char *);
 int	 pfctl_show_eth_rules(int, char *, int, enum pfctl_show, char *, int, int);
 int	 pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int, int);
@@ -1258,12 +1258,15 @@ pfctl_print_title(char *title)
 }
 
 int
-pfctl_show_statelims(int dev, enum pfctl_show format)
+pfctl_show_statelims(int dev, enum pfctl_show format, int opts)
 {
 	struct pfctl_state_lim stlim;
 	uint32_t id = PF_STATELIM_ID_MIN;
 	int error;
 
+	if (opts & PF_OPT_SHOWALL)
+		pfctl_print_title("STATE LIMITERS:");
+
 	if (format == PFCTL_SHOW_LABELS) {
 		printf("%3s %8s/%-8s %5s/%-5s %8s %8s %8s\n", "ID", "USE",
 		    "LIMIT", "RATE", "SECS", "ADMIT", "HARDLIM", "RATELIM");
@@ -1380,6 +1383,9 @@ pfctl_show_sourcelims(int dev, enum pfctl_show format, int opts,
 			errx(1, "source limiter id: %s", errstr);
 	}
 
+	if (opts & PF_OPT_SHOWALL)
+		pfctl_print_title("SOURCE LIMITERS:");
+
 	if (format == PFCTL_SHOW_LABELS) {
 		printf("%3s %8s/%-8s %5s %5s/%-5s %8s %8s %8s %8s\n", "ID",
 		    "USE", "ADDRS", "LIMIT", "RATE", "SECS", "ADMIT", "ADDRLIM",
@@ -1612,15 +1618,6 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 	int len = strlen(path), ret = 0;
 	char *npath, *p;
 
-	if (anchorname[0] == '\0') {
-		ret = pfctl_show_statelims(dev, format);
-		if (ret != 0)
-			goto error;
-		ret = pfctl_show_sourcelims(dev, format, opts, NULL);
-		if (ret != 0)
-			goto error;
-	}
-
 	/*
 	 * Truncate a trailing / and * on an anchorname before searching for
 	 * the ruleset, this is syntactic sugar that doesn't actually make it
@@ -3961,6 +3958,8 @@ main(int argc, char *argv[])
 		    0, 0);
 		pfctl_show_timeouts(dev, opts);
 		pfctl_show_limits(dev, opts);
+		pfctl_show_statelims(dev, PFCTL_SHOW_LABELS, opts);
+		pfctl_show_sourcelims(dev, PFCTL_SHOW_LABELS, opts, idopt);
 		pfctl_show_tables(anchorname, opts);
 		pfctl_show_fingerprints(opts);
 		break;
@@ -3983,7 +3982,7 @@ main(int argc, char *argv[])
 		pfctl_show_creators(opts);
 		break;
 	case SHOWOPT_STATELIMS:
-		pfctl_show_statelims(dev, PFCTL_SHOW_LABELS);
+		pfctl_show_statelims(dev, PFCTL_SHOW_LABELS, opts);
 		break;
 	case SHOWOPT_SOURCELIMS:
 		pfctl_show_sourcelims(dev, PFCTL_SHOW_LABELS, opts, idopt);