diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-12-29 22:02:47 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-12-29 22:02:47 +0000 |
| commit | 6fabbc9b026a232404262cb8d52a47145e979a22 (patch) | |
| tree | e943194c997cb7cdece229872b0b200597c0a5ec /sbin/pfctl | |
| parent | 8133110e91556d06e0b8dc32ee7c2a503c151608 (diff) | |
Make pfctl -a name -sr/-sn show all rules of all rulesets within the
anchor. From discussion with Michael Lucas. ok henning@
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/pfctl.c | 62 |
1 files changed, 61 insertions, 1 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index bf74fe4a7f1..a387e67bdbd 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.111 2002/12/25 16:05:23 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.112 2002/12/29 22:02:46 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -487,6 +487,36 @@ pfctl_show_rules(int dev, int opts, int format) struct pfioc_rule pr; u_int32_t nr, mnr; + if (*anchorname && !*rulesetname) { + struct pfioc_ruleset pr; + int r; + + memset(&pr, 0, sizeof(pr)); + memcpy(pr.anchor, anchorname, sizeof(pr.anchor)); + if (ioctl(dev, DIOCGETRULESETS, &pr)) { + if (errno == EINVAL) + fprintf(stderr, "No rulesets in anchor '%s'.\n", + anchorname); + else + warn("DIOCGETRULESETS"); + return (-1); + } + mnr = pr.nr; + for (nr = 0; nr < mnr; ++nr) { + pr.nr = nr; + if (ioctl(dev, DIOCGETRULESET, &pr)) { + warn("DIOCGETRULESET"); + return (-1); + } + memcpy(rulesetname, pr.name, sizeof(rulesetname)); + r = pfctl_show_rules(dev, opts, format); + memset(rulesetname, 0, sizeof(rulesetname)); + if (r) + return (r); + } + return (0); + } + memset(&pr, 0, sizeof(pr)); memcpy(pr.anchor, anchorname, sizeof(pr.anchor)); memcpy(pr.ruleset, rulesetname, sizeof(pr.ruleset)); @@ -565,6 +595,36 @@ pfctl_show_nat(int dev, int opts) struct pfioc_rule pr; u_int32_t mnr, nr; + if (*anchorname && !*rulesetname) { + struct pfioc_ruleset pr; + int r; + + memset(&pr, 0, sizeof(pr)); + memcpy(pr.anchor, anchorname, sizeof(pr.anchor)); + if (ioctl(dev, DIOCGETRULESETS, &pr)) { + if (errno == EINVAL) + fprintf(stderr, "No rulesets in anchor '%s'.\n", + anchorname); + else + warn("DIOCGETRULESETS"); + return (-1); + } + mnr = pr.nr; + for (nr = 0; nr < mnr; ++nr) { + pr.nr = nr; + if (ioctl(dev, DIOCGETRULESET, &pr)) { + warn("DIOCGETRULESET"); + return (-1); + } + memcpy(rulesetname, pr.name, sizeof(rulesetname)); + r = pfctl_show_nat(dev, opts); + memset(rulesetname, 0, sizeof(rulesetname)); + if (r) + return (r); + } + return (0); + } + memset(&pr, 0, sizeof(pr)); memcpy(pr.anchor, anchorname, sizeof(pr.anchor)); memcpy(pr.ruleset, rulesetname, sizeof(pr.ruleset)); |