Date: Wed, 10 Sep 2025 19:52:24 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 7aac81a639b4 - main - pfctl: support recusive printing of tables Message-ID: <202509101952.58AJqOm0095300@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=7aac81a639b49849e9ce1f59f538a2f491395037 commit 7aac81a639b49849e9ce1f59f538a2f491395037 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-08-20 12:41:57 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-09-10 19:51:39 +0000 pfctl: support recusive printing of tables Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows rules found in every anchor. This commit introduces the same behavior for tables. Command 'pfctl -a "*" -sT' prints all tables attached to every anchor loaded to pf(4). Inconsistency has been noticed by Klemens (kn@). OK @bluhm, OK @kn Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 3898e3532e Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 25 ++++++++++++++++++++----- sbin/pfctl/pfctl_parser.h | 1 + sbin/pfctl/pfctl_table.c | 18 +++++++++--------- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 36bdd9705830..10a833ea4850 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -137,6 +137,7 @@ int pfctl_recurse(int, int, const char *, int pfctl_call_clearrules(int, int, struct pfr_anchoritem *); int pfctl_call_cleartables(int, int, struct pfr_anchoritem *); int pfctl_call_clearanchors(int, int, struct pfr_anchoritem *); +int pfctl_call_showtables(int, int, struct pfr_anchoritem *); static struct pfctl_anchor_global pf_anchors; struct pfctl_anchor pf_main_anchor; @@ -3056,6 +3057,13 @@ pfctl_call_clearanchors(int dev, int opts, struct pfr_anchoritem *pfra) return (rv); } +int +pfctl_call_showtables(int dev, int opts, struct pfr_anchoritem *pfra) +{ + pfctl_show_tables(pfra->pfra_anchorname, opts); + return (0); +} + int pfctl_recurse(int dev, int opts, const char *anchorname, int(*walkf)(int, int, struct pfr_anchoritem *)) @@ -3070,11 +3078,13 @@ pfctl_recurse(int dev, int opts, const char *anchorname, * so that failures on one anchor do not prevent clearing others. */ opts |= PF_OPT_IGNFAIL; - printf("Removing:\n"); + if ((opts & PF_OPT_CALLSHOW) == 0) + printf("Removing:\n"); SLIST_FOREACH_SAFE(pfra, anchors, pfra_sle, pfra_save) { - printf(" %s\n", - (*pfra->pfra_anchorname == '\0') ? "/" : - pfra->pfra_anchorname); + if ((opts & PF_OPT_CALLSHOW) == 0) + printf(" %s\n", + (*pfra->pfra_anchorname == '\0') ? "/" : + pfra->pfra_anchorname); rv |= walkf(dev, opts, pfra); SLIST_REMOVE(anchors, pfra, pfr_anchoritem, pfra_sle); free(pfra->pfra_anchorname); @@ -3477,7 +3487,12 @@ main(int argc, char *argv[]) pfctl_show_fingerprints(opts); break; case 'T': - pfctl_show_tables(anchorname, opts); + if (opts & PF_OPT_RECURSE) { + opts |= PF_OPT_CALLSHOW; + pfctl_recurse(dev, opts, anchorname, + pfctl_call_showtables); + } else + pfctl_show_tables(anchorname, opts); break; case 'o': pfctl_load_fingerprints(dev, opts); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 721950967661..58d3abc36691 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -56,6 +56,7 @@ #define PF_OPT_KILLMATCH 0x08000 #define PF_OPT_NODNS 0x10000 #define PF_OPT_IGNFAIL 0x20000 +#define PF_OPT_CALLSHOW 0x40000 #define PF_NAT_PROXY_PORT_LOW 50001 #define PF_NAT_PROXY_PORT_HIGH 65535 diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c index f583f5ef8e79..0845f765a063 100644 --- a/sbin/pfctl/pfctl_table.c +++ b/sbin/pfctl/pfctl_table.c @@ -417,21 +417,21 @@ print_table(const struct pfr_table *ta, int verbose, int debug) { if (!debug && !(ta->pfrt_flags & PFR_TFLAG_ACTIVE)) return; - if (verbose) { - printf("%c%c%c%c%c%c%c\t%s", + if (verbose) + printf("%c%c%c%c%c%c%c\t", (ta->pfrt_flags & PFR_TFLAG_CONST) ? 'c' : '-', (ta->pfrt_flags & PFR_TFLAG_PERSIST) ? 'p' : '-', (ta->pfrt_flags & PFR_TFLAG_ACTIVE) ? 'a' : '-', (ta->pfrt_flags & PFR_TFLAG_INACTIVE) ? 'i' : '-', (ta->pfrt_flags & PFR_TFLAG_REFERENCED) ? 'r' : '-', (ta->pfrt_flags & PFR_TFLAG_REFDANCHOR) ? 'h' : '-', - (ta->pfrt_flags & PFR_TFLAG_COUNTERS) ? 'C' : '-', - ta->pfrt_name); - if (ta->pfrt_anchor[0]) - printf("\t%s", ta->pfrt_anchor); - puts(""); - } else - puts(ta->pfrt_name); + (ta->pfrt_flags & PFR_TFLAG_COUNTERS) ? 'C' : '-'); + + printf("%s", ta->pfrt_name); + if (ta->pfrt_anchor[0] != '\0') + printf("@%s", ta->pfrt_anchor); + + printf("\n"); } int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509101952.58AJqOm0095300>