src - OpenBSD base system

diff options


context:
space:
mode:

author	Ryan Thomas McBride <mcbride@cvs.openbsd.org>	2004-01-29 01:25:14 +0000
committer	Ryan Thomas McBride <mcbride@cvs.openbsd.org>	2004-01-29 01:25:14 +0000
commit	ff7c23cd9c21fb734bc32bea72d363e1bf1062f4 (patch)
tree	d3a6958a7fa65e3183123a23096da321de878f26 /sbin/pfctl
parent	7457a320f6802dfe7a4512de256878ea2bea673b (diff)

Clean up 'pfctl -s all' output.

ok deraadt@ henning@

Diffstat (limited to 'sbin/pfctl')

-rw-r--r--

sbin/pfctl/pfctl.c

-rw-r--r--

sbin/pfctl/pfctl.h

-rw-r--r--

sbin/pfctl/pfctl_osfp.c

-rw-r--r--

sbin/pfctl/pfctl_parser.h

-rw-r--r--

sbin/pfctl/pfctl_qstats.c

-rw-r--r--

sbin/pfctl/pfctl_table.c

106

6 files changed, 146 insertions, 70 deletions

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 304a4396ae2..baffc12a67a 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl.c,v 1.198 2003/12/31 22:14:41 deraadt Exp $ */

+/* $OpenBSD: pfctl.c,v 1.199 2004/01/29 01:25:13 mcbride Exp $ */

@@ -72,8 +72,8 @@ int pfctl_show_nat(int, int, char *, char *);

int pfctl_show_src_nodes(int, int);

int pfctl_show_states(int, u_int8_t, int);

int pfctl_show_status(int, int);

-int pfctl_show_timeouts(int);

-int pfctl_show_limits(int);

+int pfctl_show_timeouts(int, int);

+int pfctl_show_limits(int, int);

int pfctl_debug(int, u_int32_t, int);

int pfctl_clear_rule_counters(int, int);

int pfctl_test_altqsupport(int, int);

@@ -93,6 +93,8 @@ int loadopt;

int altqsupport;

int dev = -1;

+int first_title = 1;

+int labels = 0;

const char *infile;

@@ -549,12 +551,21 @@ pfctl_print_rule_counters(struct pf_rule *rule, int opts)

rule->bytes, rule->states);

}

+void

+pfctl_print_title(char *title)

+ if (!first_title)

+ printf("\n");

+ first_title = 0;

+ printf("%s\n", title);

int

pfctl_show_rules(int dev, int opts, int format, char *anchorname,

char *rulesetname)

{

struct pfioc_rule pr;

- u_int32_t nr, mnr;

+ u_int32_t nr, mnr, header = 0;

int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);

if (*anchorname && !*rulesetname) {

@@ -571,6 +582,8 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,

err(1, "DIOCGETRULESETS");

return (-1);

}

+ if (opts & PF_OPT_SHOWALL && pr.nr)

+ pfctl_print_title("FILTER RULES:");

mnr = pr.nr;

for (nr = 0; nr < mnr; ++nr) {

pr.nr = nr;

@@ -587,11 +600,25 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,

memset(&pr, 0, sizeof(pr));

memcpy(pr.anchor, anchorname, sizeof(pr.anchor));

memcpy(pr.ruleset, rulesetname, sizeof(pr.ruleset));

+ if (opts & PF_OPT_SHOWALL) {

+ pr.rule.action = PF_PASS;

+ if (ioctl(dev, DIOCGETRULES, &pr)) {

+ warn("DIOCGETRULES");

+ return (-1);

+ }

+ header++;

+ }

pr.rule.action = PF_SCRUB;

if (ioctl(dev, DIOCGETRULES, &pr)) {

warn("DIOCGETRULES");

return (-1);

}

+ if (opts & PF_OPT_SHOWALL) {

+ if (format == 0 && (pr.nr > 0 || header))

+ pfctl_print_title("FILTER RULES:");

+ else if (format == 1 && labels)

+ pfctl_print_title("LABEL COUNTERS:");

+ }

mnr = pr.nr;

for (nr = 0; nr < mnr; ++nr) {

pr.nr = nr;

@@ -614,6 +641,8 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,

}

break;

default:

+ if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))

+ labels = 1;

print_rule(&pr.rule, rule_numbers);

pfctl_print_rule_counters(&pr.rule, opts);

}

@@ -646,6 +675,8 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,

}

break;

default:

+ if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))

+ labels = 1;

print_rule(&pr.rule, rule_numbers);

pfctl_print_rule_counters(&pr.rule, opts);

}

@@ -691,6 +722,19 @@ pfctl_show_nat(int dev, int opts, char *anchorname, char *rulesetname)

memset(&pr, 0, sizeof(pr));

memcpy(pr.anchor, anchorname, sizeof(pr.anchor));

memcpy(pr.ruleset, rulesetname, sizeof(pr.ruleset));

+ if (opts & PF_OPT_SHOWALL) {

+ for (i = 0; i < 3; i++) {

+ pr.rule.action = nattype[i];

+ if (ioctl(dev, DIOCGETRULES, &pr)) {

+ warn("DIOCGETRULES");

+ return (-1);

+ }

+ if (pr.nr > 0) {

+ pfctl_print_title("TRANSLATION RULES:");

+ break;

+ }

for (i = 0; i < 3; i++) {

pr.rule.action = nattype[i];

if (ioctl(dev, DIOCGETRULES, &pr)) {

@@ -746,6 +790,8 @@ pfctl_show_src_nodes(int dev, int opts)

len = psn.psn_len;

if (psn.psn_len == 0)

return (0); /* no src_nodes */

+ else if (opts & PF_OPT_SHOWALL)

+ pfctl_print_title("SOURCE TRACKING NODES:");

len *= 2;

}

p = psn.psn_src_nodes;

@@ -786,6 +832,8 @@ pfctl_show_states(int dev, u_int8_t proto, int opts)

len = ps.ps_len;

if (ps.ps_len == 0)

return (0); /* no states */

+ else if (opts && PF_OPT_SHOWALL)

+ pfctl_print_title("STATES:");

len *= 2;

}

p = ps.ps_states;

@@ -806,16 +854,20 @@ pfctl_show_status(int dev, int opts)

warn("DIOCGETSTATUS");

return (-1);

}

+ if (opts && PF_OPT_SHOWALL)

+ pfctl_print_title("INFO:");

print_status(&status, opts);

return (0);

}

int

-pfctl_show_timeouts(int dev)

+pfctl_show_timeouts(int dev, int opts)

{

struct pfioc_tm pt;

int i;

+ if (opts && PF_OPT_SHOWALL)

+ pfctl_print_title("TIMEOUTS:");

memset(&pt, 0, sizeof(pt));

for (i = 0; pf_timeouts[i].name; i++) {

pt.timeout = pf_timeouts[i].timeout;

@@ -833,11 +885,13 @@ pfctl_show_timeouts(int dev)

}

int

-pfctl_show_limits(int dev)

+pfctl_show_limits(int dev, int opts)

{

struct pfioc_limit pl;

int i;

+ if (opts & PF_OPT_SHOWALL)

+ pfctl_print_title("LIMITS:");

memset(&pl, 0, sizeof(pl));

for (i = 0; pf_limits[i].name; i++) {

pl.index = i;

@@ -1594,24 +1648,25 @@ main(int argc, char *argv[])

pfctl_show_status(dev, opts);

break;

case 't':

- pfctl_show_timeouts(dev);

+ pfctl_show_timeouts(dev, opts);

break;

case 'm':

- pfctl_show_limits(dev);

+ pfctl_show_limits(dev, opts);

break;

case 'a':

+ opts |= PF_OPT_SHOWALL;

pfctl_load_fingerprints(dev, opts);

+ pfctl_show_nat(dev, opts, anchorname, rulesetname);

pfctl_show_rules(dev, opts, 0, anchorname,

rulesetname);

- pfctl_show_nat(dev, opts, anchorname, rulesetname);

pfctl_show_altq(dev, opts, 0);

pfctl_show_states(dev, 0, opts);

pfctl_show_src_nodes(dev, opts);

pfctl_show_status(dev, opts);

pfctl_show_rules(dev, opts, 1, anchorname, rulesetname);

- pfctl_show_timeouts(dev);

- pfctl_show_limits(dev);

+ pfctl_show_timeouts(dev, opts);

+ pfctl_show_limits(dev, opts);

pfctl_show_tables(anchorname, rulesetname, opts);

pfctl_show_fingerprints(opts);

pfctl_show_ifaces(opts);

diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h
index d3a0eaa3b04..9267d4c5183 100644
--- a/sbin/pfctl/pfctl.h
+++ b/sbin/pfctl/pfctl.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl.h,v 1.29 2003/12/31 11:18:24 cedric Exp $ */

+/* $OpenBSD: pfctl.h,v 1.30 2004/01/29 01:25:13 mcbride Exp $ */

@@ -78,6 +78,7 @@ char *pfr_strerror(int);

int pfi_get_ifaces(const char *, struct pfi_if *, int *, int);

int pfi_clr_istats(const char *, int *, int);

+void pfctl_print_title(char *);

int pfctl_clear_tables(const char *, const char *, int);

int pfctl_show_tables(const char *, const char *, int);

int pfctl_command_tables(int, char *[], char *, const char *, char *,

diff --git a/sbin/pfctl/pfctl_osfp.c b/sbin/pfctl/pfctl_osfp.c
index 958531450a1..ca19ecaa956 100644
--- a/sbin/pfctl/pfctl_osfp.c
+++ b/sbin/pfctl/pfctl_osfp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl_osfp.c,v 1.4 2003/08/27 17:42:00 frantzen Exp $ */

+/* $OpenBSD: pfctl_osfp.c,v 1.5 2004/01/29 01:25:13 mcbride Exp $ */

@@ -31,6 +31,7 @@

#include <string.h>

#include "pfctl_parser.h"

+#include "pfctl.h"

#ifndef MIN

# define MIN(a,b) (((a) < (b)) ? (a) : (b))

@@ -308,11 +309,15 @@ pfctl_load_fingerprints(int dev, int opts)

void

pfctl_show_fingerprints(int opts)

{

- printf("Passive OS Fingerprints:\n");

- printf("\tClass\tVersion\tSubtype(subversion)\n");

- printf("\t-----\t-------\t-------------------\n");

- sort_name_list(opts, &classes);

- print_name_list(opts, &classes, "\t");

+ if (LIST_FIRST(&classes) != NULL) {

+ if (opts & PF_OPT_SHOWALL)

+ pfctl_print_title("OS FINGERPRINTS:");

+ printf("Class\tVersion\tSubtype(subversion)\n");

+ printf("-----\t-------\t-------------------\n");

+ sort_name_list(opts, &classes);

+ print_name_list(opts, &classes, "");

+ }

}

/* Lookup a fingerprint */

diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 7eab2419d15..57b8fef8b19 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl_parser.h,v 1.72 2003/12/31 11:18:24 cedric Exp $ */

+/* $OpenBSD: pfctl_parser.h,v 1.73 2004/01/29 01:25:13 mcbride Exp $ */

@@ -45,6 +45,7 @@

#define PF_OPT_VERBOSE2 0x0080

#define PF_OPT_DUMMYACTION 0x0100

#define PF_OPT_DEBUG 0x0200

+#define PF_OPT_SHOWALL 0x0400

#define PF_TH_ALL 0xFF

diff --git a/sbin/pfctl/pfctl_qstats.c b/sbin/pfctl/pfctl_qstats.c
index 23c431ea1fd..0517fcdd248 100644
--- a/sbin/pfctl/pfctl_qstats.c
+++ b/sbin/pfctl/pfctl_qstats.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl_qstats.c,v 1.24 2003/07/31 09:46:08 kjc Exp $ */

+/* $OpenBSD: pfctl_qstats.c,v 1.25 2004/01/29 01:25:13 mcbride Exp $ */

* Copyright (c) Henning Brauer <henning@openbsd.org>

@@ -84,9 +84,13 @@ int

pfctl_show_altq(int dev, int opts, int verbose2)

{

struct pf_altq_node *root = NULL, *node;

+ int nodes;

- if (pfctl_update_qstats(dev, &root))

+ if ((nodes = pfctl_update_qstats(dev, &root)) < 0)

return (-1);

+ if (opts & PF_OPT_SHOWALL && nodes > 0)

+ pfctl_print_title("ALTQ:");

for (node = root; node != NULL; node = node->next)

pfctl_print_altq_node(dev, node, 0, opts);

@@ -155,7 +159,7 @@ pfctl_update_qstats(int dev, struct pf_altq_node **root)

}

- return (0);

+ return (mnr);

}

void

diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index d7ee37685af..ae490901eac 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl_table.c,v 1.52 2003/12/31 22:14:41 deraadt Exp $ */

+/* $OpenBSD: pfctl_table.c,v 1.53 2004/01/29 01:25:13 mcbride Exp $ */

@@ -156,6 +156,7 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

RVTEST(pfr_clr_tables(&table, &ndel, flags));

xprintf(opts, "%d tables deleted", ndel);

} else if (!strcmp(command, "-s")) {

+ int i = 0;

b.pfrb_type = (opts & PF_OPT_VERBOSE2) ?

PFRB_TSTATS : PFRB_TABLES;

if (argc || file != NULL)

@@ -168,16 +169,21 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

b.pfrb_caddr, &b.pfrb_size, flags));

else

RVTEST(pfr_get_tables(&table,

- b.pfrb_caddr, &b.pfrb_size, flags));

+ b.pfrb_caddr, &b.pfrb_size, flags));

if (b.pfrb_size <= b.pfrb_msize)

break;

+ i++;

}

+ if (opts & PF_OPT_SHOWALL && i > 0)

+ pfctl_print_title("TABLES:");

PFRB_FOREACH(p, &b)

if (opts & PF_OPT_VERBOSE2)

print_tstats(p, opts & PF_OPT_DEBUG);

else

print_table(p, opts & PF_OPT_VERBOSE,

- opts & PF_OPT_DEBUG);

+ opts & PF_OPT_DEBUG);

} else if (!strcmp(command, "kill")) {

if (argc || file != NULL)

usage();

@@ -196,13 +202,13 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

if (opts & PF_OPT_VERBOSE)

flags |= PFR_FLAG_FEEDBACK;

RVTEST(pfr_add_addrs(&table, b.pfrb_caddr, b.pfrb_size,

- &nadd, flags));

+ &nadd, flags));

xprintf(opts, "%d/%d addresses added", nadd, b.pfrb_size);

if (opts & PF_OPT_VERBOSE)

PFRB_FOREACH(a, &b)

if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)

print_addrx(a, NULL,

- opts & PF_OPT_USEDNS);

+ opts & PF_OPT_USEDNS);

} else if (!strcmp(command, "delete")) {

b.pfrb_type = PFRB_ADDRS;

if (load_addr(&b, argc, argv, file, 0))

@@ -210,13 +216,13 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

if (opts & PF_OPT_VERBOSE)

flags |= PFR_FLAG_FEEDBACK;

RVTEST(pfr_del_addrs(&table, b.pfrb_caddr, b.pfrb_size,

- &ndel, flags));

+ &ndel, flags));

xprintf(opts, "%d/%d addresses deleted", ndel, b.pfrb_size);

if (opts & PF_OPT_VERBOSE)

PFRB_FOREACH(a, &b)

if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)

print_addrx(a, NULL,

- opts & PF_OPT_USEDNS);

+ opts & PF_OPT_USEDNS);

} else if (!strcmp(command, "replace")) {

b.pfrb_type = PFRB_ADDRS;

if (load_addr(&b, argc, argv, file, 0))

@@ -228,7 +234,7 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

int sz2 = b.pfrb_msize;

RVTEST(pfr_set_addrs(&table, b.pfrb_caddr, b.pfrb_size,

- &sz2, &nadd, &ndel, &nchange, flags));

+ &sz2, &nadd, &ndel, &nchange, flags));

if (sz2 <= b.pfrb_msize) {

b.pfrb_size = sz2;

break;

@@ -247,10 +253,10 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

PFRB_FOREACH(a, &b)

if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)

print_addrx(a, NULL,

- opts & PF_OPT_USEDNS);

+ opts & PF_OPT_USEDNS);

} else if (!strcmp(command, "show")) {

b.pfrb_type = (opts & PF_OPT_VERBOSE) ?

- PFRB_ASTATS : PFRB_ADDRS;

+ PFRB_ASTATS : PFRB_ADDRS;

if (argc || file != NULL)

usage();

for (;;) {

@@ -258,10 +264,10 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

b.pfrb_size = b.pfrb_msize;

if (opts & PF_OPT_VERBOSE)

RVTEST(pfr_get_astats(&table, b.pfrb_caddr,

- &b.pfrb_size, flags));

+ &b.pfrb_size, flags));

else

RVTEST(pfr_get_addrs(&table, b.pfrb_caddr,

- &b.pfrb_size, flags));

+ &b.pfrb_size, flags));

if (b.pfrb_size <= b.pfrb_msize)

break;

}

@@ -283,13 +289,13 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,

err(1, "duplicate buffer");

}

RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size,

- &nmatch, flags));

+ &nmatch, flags));

xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size);

if (opts & PF_OPT_VERBOSE && !(opts & PF_OPT_VERBOSE2))

PFRB_FOREACH(a, &b)

if (a->pfra_fback == PFR_FB_MATCH)

print_addrx(a, NULL,

- opts & PF_OPT_USEDNS);

+ opts & PF_OPT_USEDNS);

if (opts & PF_OPT_VERBOSE2) {

a2 = NULL;

PFRB_FOREACH(a, &b) {

@@ -317,30 +323,30 @@ _cleanup:

return (rv);

}

-void

+ void

print_table(struct pfr_table *ta, int verbose, int debug)

{

if (!debug && !(ta->pfrt_flags & PFR_TFLAG_ACTIVE))

return;

if (verbose) {

printf("%c%c%c%c%c%c\t%s",

- (ta->pfrt_flags & PFR_TFLAG_CONST) ? 'c' : '-',

- (ta->pfrt_flags & PFR_TFLAG_PERSIST) ? 'p' : '-',

- (ta->pfrt_flags & PFR_TFLAG_ACTIVE) ? 'a' : '-',

- (ta->pfrt_flags & PFR_TFLAG_INACTIVE) ? 'i' : '-',

- (ta->pfrt_flags & PFR_TFLAG_REFERENCED) ? 'r' : '-',

- (ta->pfrt_flags & PFR_TFLAG_REFDANCHOR) ? 'h' : '-',

- ta->pfrt_name);

+ (ta->pfrt_flags & PFR_TFLAG_CONST) ? 'c' : '-',

+ (ta->pfrt_flags & PFR_TFLAG_PERSIST) ? 'p' : '-',

+ (ta->pfrt_flags & PFR_TFLAG_ACTIVE) ? 'a' : '-',

+ (ta->pfrt_flags & PFR_TFLAG_INACTIVE) ? 'i' : '-',

+ (ta->pfrt_flags & PFR_TFLAG_REFERENCED) ? 'r' : '-',

+ (ta->pfrt_flags & PFR_TFLAG_REFDANCHOR) ? 'h' : '-',

+ ta->pfrt_name);

if (ta->pfrt_anchor[0])

- printf("\t%s", ta->pfrt_anchor);

+ printf("\t%s", ta->pfrt_anchor);

if (ta->pfrt_ruleset[0])

- printf(":%s", ta->pfrt_ruleset);

+ printf(":%s", ta->pfrt_ruleset);

puts("");

} else

puts(ta->pfrt_name);

}

-void

+ void

print_tstats(struct pfr_tstats *ts, int debug)

{

time_t time = ts->pfrts_tzero;

@@ -352,21 +358,21 @@ print_tstats(struct pfr_tstats *ts, int debug)

printf("\tAddresses: %d\n", ts->pfrts_cnt);

printf("\tCleared: %s", ctime(&time));

printf("\tReferences: [ Anchors: %-18d Rules: %-18d ]\n",

- ts->pfrts_refcnt[PFR_REFCNT_ANCHOR],

- ts->pfrts_refcnt[PFR_REFCNT_RULE]);

+ ts->pfrts_refcnt[PFR_REFCNT_ANCHOR],

+ ts->pfrts_refcnt[PFR_REFCNT_RULE]);

printf("\tEvaluations: [ NoMatch: %-18llu Match: %-18llu ]\n",

- ts->pfrts_nomatch, ts->pfrts_match);

+ ts->pfrts_nomatch, ts->pfrts_match);

for (dir = 0; dir < PFR_DIR_MAX; dir++)

for (op = 0; op < PFR_OP_TABLE_MAX; op++)

printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",

- stats_text[dir][op],

- ts->pfrts_packets[dir][op],

- ts->pfrts_bytes[dir][op]);

+ stats_text[dir][op],

+ ts->pfrts_packets[dir][op],

+ ts->pfrts_bytes[dir][op]);

}

int

load_addr(struct pfr_buffer *b, int argc, char *argv[], char *file,

- int nonetwork)

+ int nonetwork)

{

while (argc--)

if (append_addr(b, *argv++, nonetwork)) {

@@ -381,7 +387,7 @@ load_addr(struct pfr_buffer *b, int argc, char *argv[], char *file,

return (0);

}

-void

+ void

print_addrx(struct pfr_addr *ad, struct pfr_addr *rad, int dns)

{

char ch, buf[256] = "{error}";

@@ -420,13 +426,13 @@ print_addrx(struct pfr_addr *ad, struct pfr_addr *rad, int dns)

sa.sin6.sin6_addr = ad->pfra_ip6addr;

}

if (getnameinfo(&sa.sa, sa.sa.sa_len, host, sizeof(host),

- NULL, 0, NI_NAMEREQD) == 0)

+ NULL, 0, NI_NAMEREQD) == 0)

printf("\t(%s)", host);

}

printf("\n");

}

-void

+ void

print_astats(struct pfr_astats *as, int dns)

{

time_t time = as->pfras_tzero;

@@ -437,12 +443,12 @@ print_astats(struct pfr_astats *as, int dns)

for (dir = 0; dir < PFR_DIR_MAX; dir++)

for (op = 0; op < PFR_OP_ADDR_MAX; op++)

printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",

- stats_text[dir][op],

- as->pfras_packets[dir][op],

- as->pfras_bytes[dir][op]);

+ stats_text[dir][op],

+ as->pfras_packets[dir][op],

+ as->pfras_bytes[dir][op]);

}

-void

+ void

radix_perror(void)

{

extern char *__progname;

@@ -451,25 +457,25 @@ radix_perror(void)

int

pfctl_define_table(char *name, int flags, int addrs, const char *anchor,

- const char *ruleset, struct pfr_buffer *ab, u_int32_t ticket)

+ const char *ruleset, struct pfr_buffer *ab, u_int32_t ticket)

{

struct pfr_table tbl;

bzero(&tbl, sizeof(tbl));

if (strlcpy(tbl.pfrt_name, name,

- sizeof(tbl.pfrt_name)) >= sizeof(tbl.pfrt_name) ||

- strlcpy(tbl.pfrt_anchor, anchor,

- sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor) ||

- strlcpy(tbl.pfrt_ruleset, ruleset,

- sizeof(tbl.pfrt_ruleset)) >= sizeof(tbl.pfrt_ruleset))

+ sizeof(tbl.pfrt_name)) >= sizeof(tbl.pfrt_name) ||

+ strlcpy(tbl.pfrt_anchor, anchor,

+ sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor) ||

+ strlcpy(tbl.pfrt_ruleset, ruleset,

+ sizeof(tbl.pfrt_ruleset)) >= sizeof(tbl.pfrt_ruleset))

errx(1, "pfctl_define_table: strlcpy");

tbl.pfrt_flags = flags;

return pfr_ina_define(&tbl, ab->pfrb_caddr, ab->pfrb_size, NULL,

- NULL, ticket, addrs ? PFR_FLAG_ADDRSTOO : 0);

+ NULL, ticket, addrs ? PFR_FLAG_ADDRSTOO : 0);

}

-void

+ void

warn_namespace_collision(const char *filter)

{

struct pfr_buffer b;

@@ -484,7 +490,7 @@ warn_namespace_collision(const char *filter)

b.pfrb_size = b.pfrb_msize;

if (pfr_get_tables(NULL, b.pfrb_caddr,

&b.pfrb_size, PFR_FLAG_ALLRSETS))

- err(1, "pfr_get_tables");

+ err(1, "pfr_get_tables");

if (b.pfrb_size <= b.pfrb_msize)

break;

}

@@ -538,6 +544,7 @@ pfctl_show_ifaces(int opts)

{

struct pfr_buffer b;

struct pfi_if *p;

+ int i = 0;

bzero(&b, sizeof(b));

b.pfrb_type = PFRB_IFACES;

@@ -551,7 +558,10 @@ pfctl_show_ifaces(int opts)

}

if (b.pfrb_size <= b.pfrb_msize)

break;

+ i++;

}

+ if (opts & PF_OPT_SHOWALL)

+ pfctl_print_title("INTERFACES:");

PFRB_FOREACH(p, &b)

print_iface(p, opts);

return (0);