Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Mar 2022 13:14:40 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 837aa87ff4f0 - stable/12 - pfctl: fix retrieving nested nat-anchors
Message-ID:  <202203241314.22ODEeNI032073@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=837aa87ff4f0957b8a7151b31cfb04a1a7f21bbb

commit 837aa87ff4f0957b8a7151b31cfb04a1a7f21bbb
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-03-17 17:31:37 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-03-24 09:44:48 +0000

    pfctl: fix retrieving nested nat-anchors
    
    When retrieving nat rules in anchors we need to set the path just like
    we do for regular rules.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit a632d9e3601272c0157dce6633fc9a23ad6ae45b)
---
 sbin/pfctl/pfctl.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 17bd61fbccb2..eccfe319207e 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1187,10 +1187,16 @@ pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth)
 	static int nattype[3] = { PF_NAT, PF_RDR, PF_BINAT };
 	int i, dotitle = opts & PF_OPT_SHOWALL;
 	int brace, ret;
+	int len = strlen(path);
 	char *p;
 
+	if (path[0])
+		snprintf(&path[len], MAXPATHLEN - len, "/%s", anchorname);
+	else
+		snprintf(&path[len], MAXPATHLEN - len, "%s", anchorname);
+
 	for (i = 0; i < 3; i++) {
-		ret = pfctl_get_rules_info(dev, &ri, nattype[i], anchorname);
+		ret = pfctl_get_rules_info(dev, &ri, nattype[i], path);
 		if (ret != 0) {
 			warn("DIOCGETRULES");
 			return (-1);
@@ -1199,13 +1205,13 @@ pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth)
 			brace = 0;
 			INDENT(depth, !(opts & PF_OPT_VERBOSE));
 
-			if (pfctl_get_rule(dev, nr, ri.ticket, anchorname,
+			if (pfctl_get_rule(dev, nr, ri.ticket, path,
 			    nattype[i], &rule, anchor_call)) {
 				warn("DIOCGETRULE");
 				return (-1);
 			}
 			if (pfctl_get_pool(dev, &rule.rpool, nr,
-			    ri.ticket, nattype[i], anchorname) != 0)
+			    ri.ticket, nattype[i], path) != 0)
 				return (-1);
 
 			if (anchor_call[0] &&

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203241314.22ODEeNI032073>