diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2024-01-15 07:23:33 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2024-01-15 07:23:33 +0000 |
| commit | 41e22ba41a25e25f7201d6a462d74fac7b9f7d57 (patch) | |
| tree | 7f7d3ca7b209f28e3a9873441f39a36001abf801 | |
| parent | dcb7ddde72f750fc2646b8f246850f8793ed713d (diff) | |
Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows
rules found in every anchor. This commit introduces the same behavior
for tables. Command 'pfctl -a "*" -sT' prints all tables attached to
every anchor loaded to pf(4).
Inconsistency has been noticed by Klemens (kn@).
OK @bluhm, OK @kn
| -rw-r--r-- | sbin/pfctl/pfctl.c | 25 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.h | 3 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_table.c | 20 |
3 files changed, 32 insertions, 16 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index f4ff345a49a..ece39d2105c 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.392 2023/10/26 16:26:01 deraadt Exp $ */ +/* $OpenBSD: pfctl.c,v 1.393 2024/01/15 07:23:32 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -118,6 +118,7 @@ int pfctl_recurse(int, int, const char *, int pfctl_call_clearrules(int, int, struct pfr_anchoritem *); int pfctl_call_cleartables(int, int, struct pfr_anchoritem *); int pfctl_call_clearanchors(int, int, struct pfr_anchoritem *); +int pfctl_call_showtables(int, int, struct pfr_anchoritem *); const char *clearopt; char *rulesopt; @@ -2301,6 +2302,13 @@ pfctl_call_clearrules(int dev, int opts, struct pfr_anchoritem *pfra) } int +pfctl_call_showtables(int dev, int opts, struct pfr_anchoritem *pfra) +{ + pfctl_show_tables(pfra->pfra_anchorname, opts); + return (0); +} + +int pfctl_call_clearanchors(int dev, int opts, struct pfr_anchoritem *pfra) { int rv = 0; @@ -2325,10 +2333,12 @@ pfctl_recurse(int dev, int opts, const char *anchorname, * so that failures on one anchor do not prevent clearing others. */ opts |= PF_OPT_IGNFAIL; - printf("Removing:\n"); + if ((opts & PF_OPT_CALLSHOW) == 0) + printf("Removing:\n"); SLIST_FOREACH_SAFE(pfra, anchors, pfra_sle, pfra_save) { - printf(" %s\n", (*pfra->pfra_anchorname == '\0') ? - "/" : pfra->pfra_anchorname); + if ((opts & PF_OPT_CALLSHOW) == 0) + printf(" %s\n", (*pfra->pfra_anchorname == '\0') ? + "/" : pfra->pfra_anchorname); rv |= walkf(dev, opts, pfra); SLIST_REMOVE(anchors, pfra, pfr_anchoritem, pfra_sle); free(pfra->pfra_anchorname); @@ -2747,7 +2757,12 @@ main(int argc, char *argv[]) pfctl_show_fingerprints(opts); break; case 'T': - pfctl_show_tables(anchorname, opts); + if (opts & PF_OPT_RECURSE) { + opts |= PF_OPT_CALLSHOW; + pfctl_recurse(dev, opts, anchorname, + pfctl_call_showtables); + } else + pfctl_show_tables(anchorname, opts); break; case 'o': pfctl_load_fingerprints(dev, opts); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 01a61a49d01..146580db2b8 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.h,v 1.118 2021/10/25 14:50:29 sashan Exp $ */ +/* $OpenBSD: pfctl_parser.h,v 1.119 2024/01/15 07:23:32 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -52,6 +52,7 @@ #define PF_OPT_RECURSE 0x04000 #define PF_OPT_PORTNAMES 0x08000 #define PF_OPT_IGNFAIL 0x10000 +#define PF_OPT_CALLSHOW 0x20000 #define PF_TH_ALL 0xFF diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c index d041b15d568..ba21402943d 100644 --- a/sbin/pfctl/pfctl_table.c +++ b/sbin/pfctl/pfctl_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_table.c,v 1.86 2023/10/26 16:26:01 deraadt Exp $ */ +/* $OpenBSD: pfctl_table.c,v 1.87 2024/01/15 07:23:32 sashan Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -369,21 +369,21 @@ print_table(struct pfr_table *ta, int verbose, int debug) { if (!debug && !(ta->pfrt_flags & PFR_TFLAG_ACTIVE)) return; - if (verbose) { - printf("%c%c%c%c%c%c%c\t%s", + if (verbose) + printf("%c%c%c%c%c%c%c\t", (ta->pfrt_flags & PFR_TFLAG_CONST) ? 'c' : '-', (ta->pfrt_flags & PFR_TFLAG_PERSIST) ? 'p' : '-', (ta->pfrt_flags & PFR_TFLAG_ACTIVE) ? 'a' : '-', (ta->pfrt_flags & PFR_TFLAG_INACTIVE) ? 'i' : '-', (ta->pfrt_flags & PFR_TFLAG_REFERENCED) ? 'r' : '-', (ta->pfrt_flags & PFR_TFLAG_REFDANCHOR) ? 'h' : '-', - (ta->pfrt_flags & PFR_TFLAG_COUNTERS) ? 'C' : '-', - ta->pfrt_name); - if (ta->pfrt_anchor[0]) - printf("\t%s", ta->pfrt_anchor); - puts(""); - } else - puts(ta->pfrt_name); + (ta->pfrt_flags & PFR_TFLAG_COUNTERS) ? 'C' : '-'); + + printf("%s", ta->pfrt_name); + if (ta->pfrt_anchor[0] != '\0') + printf("@%s", ta->pfrt_anchor); + + printf("\n"); } void |