Allow recursive anchors (anchors within anchors, up to 64

levels deep). More work required, but this is already
functional. authpf users will need to adjust their anchor
calls, but this will change again soon. ok beck@, cedric@,
henning@, mcbride@

1 files changed, 12 insertions, 20 deletions

diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index 5d4c3d9f511..def22571f69 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_table.c,v 1.59 2004/03/15 15:25:44 dhartmei Exp $ */
+/*	$OpenBSD: pfctl_table.c,v 1.60 2004/05/19 17:50:51 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2002 Cedric Berger
@@ -53,7 +53,7 @@
 
 extern void	usage(void);
 static int	pfctl_table(int, char *[], char *, const char *, char *,
-		    const char *, const char *, int);
+		    const char *, int);
 static void	print_table(struct pfr_table *, int, int);
 static void	print_tstats(struct pfr_tstats *, int);
 static int	load_addr(struct pfr_buffer *, int, char *[], char *, int);
@@ -96,31 +96,29 @@ static const char	*istats_text[2][2][2] = {
 	} while(0)
 
 int
-pfctl_clear_tables(const char *anchor, const char *ruleset, int opts)
+pfctl_clear_tables(const char *anchor, int opts)
 {
-	return pfctl_table(0, NULL, NULL, "-F", NULL, anchor, ruleset, opts);
+	return pfctl_table(0, NULL, NULL, "-F", NULL, anchor, opts);
 }
 
 int
-pfctl_show_tables(const char *anchor, const char *ruleset, int opts)
+pfctl_show_tables(const char *anchor, int opts)
 {
-	return pfctl_table(0, NULL, NULL, "-s", NULL, anchor, ruleset, opts);
+	return pfctl_table(0, NULL, NULL, "-s", NULL, anchor, opts);
 }
 
 int
 pfctl_command_tables(int argc, char *argv[], char *tname,
-    const char *command, char *file, const char *anchor, const char *ruleset,
-    int opts)
+    const char *command, char *file, const char *anchor, int opts)
 {
 	if (tname == NULL || command == NULL)
 		usage();
-	return pfctl_table(argc, argv, tname, command, file, anchor, ruleset,
-	    opts);
+	return pfctl_table(argc, argv, tname, command, file, anchor, opts);
 }
 
 int
 pfctl_table(int argc, char *argv[], char *tname, const char *command,
-    char *file, const char *anchor, const char *ruleset, int opts)
+    char *file, const char *anchor, int opts)
 {
 	struct pfr_table	 table;
 	struct pfr_buffer	 b, b2;
@@ -145,9 +143,7 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,
 			errx(1, "pfctl_table: strlcpy");
 	}
 	if (strlcpy(table.pfrt_anchor, anchor,
-	    sizeof(table.pfrt_anchor)) >= sizeof(table.pfrt_anchor) ||
-	    strlcpy(table.pfrt_ruleset, ruleset,
-	    sizeof(table.pfrt_ruleset)) >= sizeof(table.pfrt_ruleset))
+	    sizeof(table.pfrt_anchor)) >= sizeof(table.pfrt_anchor))
 		errx(1, "pfctl_table: strlcpy");
 
 	if (!strcmp(command, "-F")) {
@@ -337,8 +333,6 @@ print_table(struct pfr_table *ta, int verbose, int debug)
 		    ta->pfrt_name);
 		if (ta->pfrt_anchor[0])
 			printf("\t%s", ta->pfrt_anchor);
-		if (ta->pfrt_ruleset[0])
-			printf(":%s", ta->pfrt_ruleset);
 		puts("");
 	} else
 		puts(ta->pfrt_name);
@@ -456,16 +450,14 @@ radix_perror(void)
 
 int
 pfctl_define_table(char *name, int flags, int addrs, const char *anchor,
-    const char *ruleset, struct pfr_buffer *ab, u_int32_t ticket)
+    struct pfr_buffer *ab, u_int32_t ticket)
 {
 	struct pfr_table tbl;
 
 	bzero(&tbl, sizeof(tbl));
 	if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >=
 	    sizeof(tbl.pfrt_name) || strlcpy(tbl.pfrt_anchor, anchor,
-	    sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor) ||
-	    strlcpy(tbl.pfrt_ruleset, ruleset, sizeof(tbl.pfrt_ruleset)) >=
-	    sizeof(tbl.pfrt_ruleset))
+	    sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor))
 		errx(1, "pfctl_define_table: strlcpy");
 	tbl.pfrt_flags = flags;