diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2014-02-28 22:18:24 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2014-02-28 22:18:24 +0000 |
| commit | dee6c9a316dc60c62a1443231b78ff70aec64b66 (patch) | |
| tree | 0168738a1807482c92f1c0d3e19843e1f35fae9e /sbin/pfctl/pfctl.c | |
| parent | 9dd3b8003ba71907e0f3644f4582c136c7ba6e47 (diff) | |
Bring back the code removed in rev1.317 used to print anchors with
wildcard path ("ftp-proxy/*"), but make sure to call it after we're
done with the ruleset for the current anchor. On one hand this
repairs printing content of such anchors and on the other it allows
to use a wildcard on the command line for anchors that were not
initially specified with a wildcard. Makes pfctl regress happy
again. OK henning, deraadt
Diffstat (limited to 'sbin/pfctl/pfctl.c')
| -rw-r--r-- | sbin/pfctl/pfctl.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index e23b1177a36..51e747299bf 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.322 2014/02/17 04:52:25 lteo Exp $ */ +/* $OpenBSD: pfctl.c,v 1.323 2014/02/28 22:18:23 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -829,6 +829,10 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, goto error; } + /* anchor is the same for all rules in it */ + if (pr.rule.anchor_wildcard == 0) + wildcard = 0; + switch (format) { case PFCTL_SHOW_LABELS: if (pr.rule.label[0]) { @@ -880,6 +884,40 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, } } + /* + * If this anchor was called with a wildcard path, go through + * the rulesets in the anchor rather than the rules. + */ + if (wildcard && (opts & PF_OPT_RECURSE)) { + struct pfioc_ruleset prs; + u_int32_t mnr, nr; + + memset(&prs, 0, sizeof(prs)); + memcpy(prs.path, npath, sizeof(prs.path)); + if (ioctl(dev, DIOCGETRULESETS, &prs)) { + if (errno == EINVAL) + fprintf(stderr, "Anchor '%s' " + "not found.\n", anchorname); + else + err(1, "DIOCGETRULESETS"); + } + mnr = prs.nr; + + for (nr = 0; nr < mnr; ++nr) { + prs.nr = nr; + if (ioctl(dev, DIOCGETRULESET, &prs)) + err(1, "DIOCGETRULESET"); + INDENT(depth, !(opts & PF_OPT_VERBOSE)); + printf("anchor \"%s\" all {\n", prs.name); + pfctl_show_rules(dev, npath, opts, + format, prs.name, depth + 1, 0, shownr); + INDENT(depth, !(opts & PF_OPT_VERBOSE)); + printf("}\n"); + } + path[len] = '\0'; + return (0); + } + error: if (path != npath) free(npath); |