summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/parse.y90
-rw-r--r--sbin/pfctl/pfctl.c345
-rw-r--r--sbin/pfctl/pfctl.h12
-rw-r--r--sbin/pfctl/pfctl_parser.c23
-rw-r--r--sbin/pfctl/pfctl_parser.h12
-rw-r--r--sbin/pfctl/pfctl_table.c32
6 files changed, 157 insertions, 357 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index daf3f0f8bf0..4b40d40a607 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.452 2004/04/24 23:22:54 cedric Exp $ */
+/* $OpenBSD: parse.y,v 1.453 2004/05/19 17:50:50 dhartmei Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -263,7 +263,8 @@ void expand_label(char *, size_t, const char *, u_int8_t, struct node_host *,
void expand_rule(struct pf_rule *, struct node_if *, struct node_host *,
struct node_proto *, struct node_os*, struct node_host *,
struct node_port *, struct node_host *, struct node_port *,
- struct node_uid *, struct node_gid *, struct node_icmp *);
+ struct node_uid *, struct node_gid *, struct node_icmp *,
+ const char *);
int expand_altq(struct pf_altq *, struct node_if *, struct node_queue *,
struct node_queue_bw bwspec, struct node_queue_opt *);
int expand_queue(struct pf_altq *, struct node_if *, struct node_queue *,
@@ -373,18 +374,6 @@ typedef struct {
int lineno;
} YYSTYPE;
-#define PREPARE_ANCHOR_RULE(r, a) \
- do { \
- memset(&(r), 0, sizeof(r)); \
- if (strlcpy(r.anchorname, (a), \
- sizeof(r.anchorname)) >= \
- sizeof(r.anchorname)) { \
- yyerror("anchor name '%s' too long", \
- (a)); \
- YYERROR; \
- } \
- } while (0)
-
#define DYNIF_MULTIADDR(addr) ((addr).type == PF_ADDR_DYNIFTL && \
(!((addr).iflags & PFI_AFLAG_NOALIAS) || \
!isdigit((addr).v.ifname[strlen((addr).v.ifname)-1])))
@@ -602,7 +591,7 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
YYERROR;
}
- PREPARE_ANCHOR_RULE(r, $2);
+ memset(&r, 0, sizeof(r));
r.direction = $3;
r.af = $5;
r.prob = $8.prob;
@@ -621,7 +610,8 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
expand_rule(&r, $4, NULL, $6, $7.src_os,
$7.src.host, $7.src.port, $7.dst.host, $7.dst.port,
- 0, 0, 0);
+ 0, 0, 0, $2);
+ free($2);
}
| NATANCHOR string interface af proto fromto {
struct pf_rule r;
@@ -631,8 +621,7 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
YYERROR;
}
- PREPARE_ANCHOR_RULE(r, $2);
- free($2);
+ memset(&r, 0, sizeof(r));
r.action = PF_NAT;
r.af = $4;
@@ -641,7 +630,8 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
expand_rule(&r, $3, NULL, $5, $6.src_os,
$6.src.host, $6.src.port, $6.dst.host, $6.dst.port,
- 0, 0, 0);
+ 0, 0, 0, $2);
+ free($2);
}
| RDRANCHOR string interface af proto fromto {
struct pf_rule r;
@@ -651,8 +641,7 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
YYERROR;
}
- PREPARE_ANCHOR_RULE(r, $2);
- free($2);
+ memset(&r, 0, sizeof(r));
r.action = PF_RDR;
r.af = $4;
@@ -682,7 +671,8 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
expand_rule(&r, $3, NULL, $5, $6.src_os,
$6.src.host, $6.src.port, $6.dst.host, $6.dst.port,
- 0, 0, 0);
+ 0, 0, 0, $2);
+ free($2);
}
| BINATANCHOR string interface af proto fromto {
struct pf_rule r;
@@ -692,8 +682,7 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
YYERROR;
}
- PREPARE_ANCHOR_RULE(r, $2);
- free($2);
+ memset(&r, 0, sizeof(r));
r.action = PF_BINAT;
r.af = $4;
if ($5 != NULL) {
@@ -716,39 +705,24 @@ anchorrule : ANCHOR string dir interface af proto fromto filter_opts {
decide_address_family($6.src.host, &r.af);
decide_address_family($6.dst.host, &r.af);
- pfctl_add_rule(pf, &r);
+ pfctl_add_rule(pf, &r, $2);
+ free($2);
}
;
loadrule : LOAD ANCHOR string FROM string {
- char *t;
struct loadanchors *loadanchor;
- t = strsep(&$3, ":");
- if (*t == '\0' || $3 == NULL || *$3 == '\0') {
- yyerror("anchor '%s' invalid\n", $3);
- free(t);
- YYERROR;
- }
- if (strlen(t) >= PF_ANCHOR_NAME_SIZE) {
+ if (strlen($3) >= MAXPATHLEN) {
yyerror("anchorname %s too long, max %u\n",
- t, PF_ANCHOR_NAME_SIZE - 1);
- free(t);
- YYERROR;
- }
- if (strlen($3) >= PF_RULESET_NAME_SIZE) {
- yyerror("rulesetname %s too long, max %u\n",
- $3, PF_RULESET_NAME_SIZE - 1);
- free(t);
+ $3, MAXPATHLEN - 1);
+ free($3);
YYERROR;
}
-
loadanchor = calloc(1, sizeof(struct loadanchors));
if (loadanchor == NULL)
err(1, "loadrule: calloc");
- if ((loadanchor->anchorname = strdup(t)) == NULL)
- err(1, "loadrule: strdup");
- if ((loadanchor->rulesetname = strdup($3)) == NULL)
+ if ((loadanchor->anchorname = strdup($3)) == NULL)
err(1, "loadrule: strdup");
if ((loadanchor->filename = strdup($5)) == NULL)
err(1, "loadrule: strdup");
@@ -756,7 +730,7 @@ loadrule : LOAD ANCHOR string FROM string {
TAILQ_INSERT_TAIL(&loadanchorshead, loadanchor,
entries);
- free(t); /* not $3 */
+ free($3);
free($5);
};
@@ -800,7 +774,7 @@ scrubrule : SCRUB dir logquick interface af proto fromto scrub_opts
expand_rule(&r, $4, NULL, $6, $7.src_os,
$7.src.host, $7.src.port, $7.dst.host, $7.dst.port,
- NULL, NULL, NULL);
+ NULL, NULL, NULL, "");
}
;
@@ -938,7 +912,8 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
if (h != NULL)
expand_rule(&r, j, NULL, NULL, NULL, h,
- NULL, NULL, NULL, NULL, NULL, NULL);
+ NULL, NULL, NULL, NULL, NULL,
+ NULL, "");
if ((i->ifa_flags & IFF_LOOPBACK) == 0) {
bzero(&r, sizeof(r));
@@ -957,7 +932,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
if (h != NULL)
expand_rule(&r, NULL, NULL,
NULL, NULL, h, NULL, NULL,
- NULL, NULL, NULL, NULL);
+ NULL, NULL, NULL, NULL, "");
} else
free(hh);
}
@@ -1735,7 +1710,7 @@ pfrule : action dir logquick interface route af proto fromto
expand_rule(&r, $4, $5.host, $7, $8.src_os,
$8.src.host, $8.src.port, $8.dst.host, $8.dst.port,
- $9.uid, $9.gid, $9.icmpspec);
+ $9.uid, $9.gid, $9.icmpspec, "");
}
;
@@ -3205,7 +3180,7 @@ natrule : nataction interface af proto fromto tag redirpool pool_opts
expand_rule(&r, $2, $7 == NULL ? NULL : $7->host, $4,
$5.src_os, $5.src.host, $5.src.port, $5.dst.host,
- $5.dst.port, 0, 0, 0);
+ $5.dst.port, 0, 0, 0, "");
free($7);
}
;
@@ -3353,7 +3328,7 @@ binatrule : no BINAT natpass interface af proto FROM host TO ipspec tag
free($12);
}
- pfctl_add_rule(pf, &binat);
+ pfctl_add_rule(pf, &binat, "");
}
;
@@ -3616,7 +3591,7 @@ filter_consistent(struct pf_rule *r)
problems++;
}
if ((r->tagname[0] || r->match_tagname[0]) && !r->keep_state &&
- r->action == PF_PASS && !r->anchorname[0]) {
+ r->action == PF_PASS) {
yyerror("tags cannot be used without keep state");
problems++;
}
@@ -3687,7 +3662,7 @@ process_tabledef(char *name, struct table_opts *opts)
&opts->init_nodes);
if (!(pf->opts & PF_OPT_NOACTION) &&
pfctl_define_table(name, opts->flags, opts->init_addr,
- pf->anchor, pf->ruleset, &ab, pf->tticket)) {
+ pf->anchor, &ab, pf->tticket)) {
yyerror("cannot define table %s: %s", name,
pfr_strerror(errno));
goto _error;
@@ -4153,7 +4128,8 @@ expand_rule(struct pf_rule *r,
struct node_proto *protos, struct node_os *src_oses,
struct node_host *src_hosts, struct node_port *src_ports,
struct node_host *dst_hosts, struct node_port *dst_ports,
- struct node_uid *uids, struct node_gid *gids, struct node_icmp *icmp_types)
+ struct node_uid *uids, struct node_gid *gids, struct node_icmp *icmp_types,
+ const char *anchor_call)
{
sa_family_t af = r->af;
int added = 0, error = 0;
@@ -4305,7 +4281,7 @@ expand_rule(struct pf_rule *r,
yyerror("skipping rule due to errors");
else {
r->nr = pf->rule_nr++;
- pfctl_add_rule(pf, r);
+ pfctl_add_rule(pf, r, anchor_call);
added++;
}
@@ -4958,7 +4934,7 @@ pfctl_load_anchors(int dev, int opts, struct pfr_buffer *trans)
fprintf(stderr, "\nLoading anchor %s:%s from %s\n",
la->anchorname, la->rulesetname, la->filename);
if (pfctl_rules(dev, la->filename, opts, la->anchorname,
- la->rulesetname, trans) == -1)
+ trans) == -1)
return (-1);
}
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index b135525d4bf..c6b6f09157f 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.c,v 1.215 2004/05/05 23:16:03 frantzen Exp $ */
+/* $OpenBSD: pfctl.c,v 1.216 2004/05/19 17:50:51 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -59,17 +59,17 @@ void usage(void);
int pfctl_enable(int, int);
int pfctl_disable(int, int);
int pfctl_clear_stats(int, int);
-int pfctl_clear_rules(int, int, char *, char *);
-int pfctl_clear_nat(int, int, char *, char *);
+int pfctl_clear_rules(int, int, char *);
+int pfctl_clear_nat(int, int, char *);
int pfctl_clear_altq(int, int);
int pfctl_clear_src_nodes(int, int);
int pfctl_clear_states(int, const char *, int);
int pfctl_kill_states(int, const char *, int);
int pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int,
- char *, char *);
+ char *);
void pfctl_print_rule_counters(struct pf_rule *, int);
-int pfctl_show_rules(int, int, int, char *, char *);
-int pfctl_show_nat(int, int, char *, char *);
+int pfctl_show_rules(int, int, int, char *);
+int pfctl_show_nat(int, int, char *);
int pfctl_show_src_nodes(int, int);
int pfctl_show_states(int, const char *, int);
int pfctl_show_status(int, int);
@@ -254,42 +254,14 @@ pfctl_clear_stats(int dev, int opts)
}
int
-pfctl_clear_rules(int dev, int opts, char *anchorname, char *rulesetname)
+pfctl_clear_rules(int dev, int opts, char *anchorname)
{
struct pfr_buffer t;
- if (*anchorname && !*rulesetname) {
- struct pfioc_ruleset pr;
- int mnr, nr, r;
-
- memset(&pr, 0, sizeof(pr));
- memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- if (ioctl(dev, DIOCGETRULESETS, &pr)) {
- if (errno == EINVAL)
- fprintf(stderr, "No rulesets in anchor '%s'.\n",
- anchorname);
- else
- err(1, "DIOCGETRULESETS");
- return (-1);
- }
- mnr = pr.nr;
- for (nr = mnr - 1; nr >= 0; --nr) {
- pr.nr = nr;
- if (ioctl(dev, DIOCGETRULESET, &pr))
- err(1, "DIOCGETRULESET");
- r = pfctl_clear_rules(dev, opts | PF_OPT_QUIET,
- anchorname, pr.name);
- if (r)
- return (r);
- }
- if ((opts & PF_OPT_QUIET) == 0)
- fprintf(stderr, "rules cleared\n");
- return (0);
- }
memset(&t, 0, sizeof(t));
t.pfrb_type = PFRB_TRANS;
- if (pfctl_add_trans(&t, PF_RULESET_SCRUB, anchorname, rulesetname) ||
- pfctl_add_trans(&t, PF_RULESET_FILTER, anchorname, rulesetname) ||
+ if (pfctl_add_trans(&t, PF_RULESET_SCRUB, anchorname) ||
+ pfctl_add_trans(&t, PF_RULESET_FILTER, anchorname) ||
pfctl_trans(dev, &t, DIOCXBEGIN, 0) ||
pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
err(1, "pfctl_clear_rules");
@@ -299,43 +271,15 @@ pfctl_clear_rules(int dev, int opts, char *anchorname, char *rulesetname)
}
int
-pfctl_clear_nat(int dev, int opts, char *anchorname, char *rulesetname)
+pfctl_clear_nat(int dev, int opts, char *anchorname)
{
struct pfr_buffer t;
- if (*anchorname && !*rulesetname) {
- struct pfioc_ruleset pr;
- int mnr, nr, r;
-
- memset(&pr, 0, sizeof(pr));
- memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- if (ioctl(dev, DIOCGETRULESETS, &pr)) {
- if (errno == EINVAL)
- fprintf(stderr, "No rulesets in anchor '%s'.\n",
- anchorname);
- else
- err(1, "DIOCGETRULESETS");
- return (-1);
- }
- mnr = pr.nr;
- for (nr = mnr - 1; nr >= 0; --nr) {
- pr.nr = nr;
- if (ioctl(dev, DIOCGETRULESET, &pr))
- err(1, "DIOCGETRULESET");
- r = pfctl_clear_nat(dev, opts | PF_OPT_QUIET,
- anchorname, pr.name);
- if (r)
- return (r);
- }
- if ((opts & PF_OPT_QUIET) == 0)
- fprintf(stderr, "nat cleared\n");
- return (0);
- }
memset(&t, 0, sizeof(t));
t.pfrb_type = PFRB_TRANS;
- if (pfctl_add_trans(&t, PF_RULESET_NAT, anchorname, rulesetname) ||
- pfctl_add_trans(&t, PF_RULESET_BINAT, anchorname, rulesetname) ||
- pfctl_add_trans(&t, PF_RULESET_RDR, anchorname, rulesetname) ||
+ if (pfctl_add_trans(&t, PF_RULESET_NAT, anchorname) ||
+ pfctl_add_trans(&t, PF_RULESET_BINAT, anchorname) ||
+ pfctl_add_trans(&t, PF_RULESET_RDR, anchorname) ||
pfctl_trans(dev, &t, DIOCXBEGIN, 0) ||
pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
err(1, "pfctl_clear_nat");
@@ -353,7 +297,7 @@ pfctl_clear_altq(int dev, int opts)
return (-1);
memset(&t, 0, sizeof(t));
t.pfrb_type = PFRB_TRANS;
- if (pfctl_add_trans(&t, PF_RULESET_ALTQ, "", "") ||
+ if (pfctl_add_trans(&t, PF_RULESET_ALTQ, "") ||
pfctl_trans(dev, &t, DIOCXBEGIN, 0) ||
pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
err(1, "pfctl_clear_altq");
@@ -497,7 +441,7 @@ pfctl_kill_states(int dev, const char *iface, int opts)
int
pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
- u_int32_t ticket, int r_action, char *anchorname, char *rulesetname)
+ u_int32_t ticket, int r_action, char *anchorname)
{
struct pfioc_pooladdr pp;
struct pf_pooladdr *pa;
@@ -505,7 +449,6 @@ pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
memset(&pp, 0, sizeof(pp));
memcpy(pp.anchor, anchorname, sizeof(pp.anchor));
- memcpy(pp.ruleset, rulesetname, sizeof(pp.ruleset));
pp.r_action = r_action;
pp.r_num = nr;
pp.ticket = ticket;
@@ -583,45 +526,14 @@ pfctl_print_title(char *title)
}
int
-pfctl_show_rules(int dev, int opts, int format, char *anchorname,
- char *rulesetname)
+pfctl_show_rules(int dev, int opts, int format, char *anchorname)
{
struct pfioc_rule pr;
u_int32_t nr, mnr, header = 0;
int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
- if (*anchorname && !*rulesetname) {
- struct pfioc_ruleset pr;
- int r;
-
- memset(&pr, 0, sizeof(pr));
- memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- if (ioctl(dev, DIOCGETRULESETS, &pr)) {
- if (errno == EINVAL)
- fprintf(stderr, "No rulesets in anchor '%s'.\n",
- anchorname);
- else
- err(1, "DIOCGETRULESETS");
- return (-1);
- }
- if (opts & PF_OPT_SHOWALL && pr.nr)
- pfctl_print_title("FILTER RULES:");
- mnr = pr.nr;
- for (nr = 0; nr < mnr; ++nr) {
- pr.nr = nr;
- if (ioctl(dev, DIOCGETRULESET, &pr))
- err(1, "DIOCGETRULESET");
- r = pfctl_show_rules(dev, opts, format, anchorname,
- pr.name);
- if (r)
- return (r);
- }
- return (0);
- }
-
memset(&pr, 0, sizeof(pr));
memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- memcpy(pr.ruleset, rulesetname, sizeof(pr.ruleset));
if (opts & PF_OPT_SHOWALL) {
pr.rule.action = PF_PASS;
if (ioctl(dev, DIOCGETRULES, &pr)) {
@@ -650,7 +562,7 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,
}
if (pfctl_get_pool(dev, &pr.rule.rpool,
- nr, pr.ticket, PF_SCRUB, anchorname, rulesetname) != 0)
+ nr, pr.ticket, PF_SCRUB, anchorname) != 0)
return (-1);
switch (format) {
@@ -666,7 +578,7 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,
default:
if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
labels = 1;
- print_rule(&pr.rule, rule_numbers);
+ print_rule(&pr.rule, pr.anchor_call, rule_numbers);
pfctl_print_rule_counters(&pr.rule, opts);
}
pfctl_clear_pool(&pr.rule.rpool);
@@ -685,7 +597,7 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,
}
if (pfctl_get_pool(dev, &pr.rule.rpool,
- nr, pr.ticket, PF_PASS, anchorname, rulesetname) != 0)
+ nr, pr.ticket, PF_PASS, anchorname) != 0)
return (-1);
switch (format) {
@@ -701,7 +613,7 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,
default:
if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
labels = 1;
- print_rule(&pr.rule, rule_numbers);
+ print_rule(&pr.rule, pr.anchor_call, rule_numbers);
pfctl_print_rule_counters(&pr.rule, opts);
}
pfctl_clear_pool(&pr.rule.rpool);
@@ -710,42 +622,15 @@ pfctl_show_rules(int dev, int opts, int format, char *anchorname,
}
int
-pfctl_show_nat(int dev, int opts, char *anchorname, char *rulesetname)
+pfctl_show_nat(int dev, int opts, char *anchorname)
{
struct pfioc_rule pr;
u_int32_t mnr, nr;
static int nattype[3] = { PF_NAT, PF_RDR, PF_BINAT };
int i, dotitle = opts & PF_OPT_SHOWALL;
- if (*anchorname && !*rulesetname) {
- struct pfioc_ruleset pr;
- int r;
-
- memset(&pr, 0, sizeof(pr));
- memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- if (ioctl(dev, DIOCGETRULESETS, &pr)) {
- if (errno == EINVAL)
- fprintf(stderr, "No rulesets in anchor '%s'.\n",
- anchorname);
- else
- err(1, "DIOCGETRULESETS");
- return (-1);
- }
- mnr = pr.nr;
- for (nr = 0; nr < mnr; ++nr) {
- pr.nr = nr;
- if (ioctl(dev, DIOCGETRULESET, &pr))
- err(1, "DIOCGETRULESET");
- r = pfctl_show_nat(dev, opts, anchorname, pr.name);
- if (r)
- return (r);
- }
- return (0);
- }
-
memset(&pr, 0, sizeof(pr));
memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- memcpy(pr.ruleset, rulesetname, sizeof(pr.ruleset));
for (i = 0; i < 3; i++) {
pr.rule.action = nattype[i];
if (ioctl(dev, DIOCGETRULES, &pr)) {
@@ -760,14 +645,14 @@ pfctl_show_nat(int dev, int opts, char *anchorname, char *rulesetname)
return (-1);
}
if (pfctl_get_pool(dev, &pr.rule.rpool, nr,
- pr.ticket, nattype[i], anchorname,
- rulesetname) != 0)
+ pr.ticket, nattype[i], anchorname) != 0)
return (-1);
if (dotitle) {
pfctl_print_title("TRANSLATION RULES:");
dotitle = 0;
}
- print_rule(&pr.rule, opts & PF_OPT_VERBOSE2);
+ print_rule(&pr.rule, pr.anchor_call,
+ opts & PF_OPT_VERBOSE2);
pfctl_print_rule_counters(&pr.rule, opts);
pfctl_clear_pool(&pr.rule.rpool);
}
@@ -946,7 +831,7 @@ pfctl_add_pool(struct pfctl *pf, struct pf_pool *p, sa_family_t af)
}
int
-pfctl_add_rule(struct pfctl *pf, struct pf_rule *r)
+pfctl_add_rule(struct pfctl *pf, struct pf_rule *r, const char *anchor_call)
{
u_int8_t rs_num;
struct pfioc_rule pr;
@@ -982,28 +867,26 @@ pfctl_add_rule(struct pfctl *pf, struct pf_rule *r)
rs_num = PF_RULESET_BINAT;
break;
default:
- errx(1, "Invalid rule type");
+ errx(1, "Invalid rule type %d", r->action);
break;
}
if ((pf->opts & PF_OPT_NOACTION) == 0) {
bzero(&pr, sizeof(pr));
if (strlcpy(pr.anchor, pf->anchor, sizeof(pr.anchor)) >=
- sizeof(pr.anchor) ||
- strlcpy(pr.ruleset, pf->ruleset, sizeof(pr.ruleset)) >=
- sizeof(pr.ruleset))
+ sizeof(pr.anchor))
errx(1, "pfctl_add_rule: strlcpy");
if (pfctl_add_pool(pf, &r->rpool, r->af))
return (1);
- pr.ticket = pfctl_get_ticket(pf->trans, rs_num, pf->anchor,
- pf->ruleset);
+ pr.ticket = pfctl_get_ticket(pf->trans, rs_num, pf->anchor);
pr.pool_ticket = pf->paddr.ticket;
memcpy(&pr.rule, r, sizeof(pr.rule));
+ strlcpy(pr.anchor_call, anchor_call, sizeof(pr.anchor_call));
if (ioctl(pf->dev, DIOCADDRULE, &pr))
err(1, "DIOCADDRULE");
}
if (pf->opts & PF_OPT_VERBOSE)
- print_rule(r, pf->opts & PF_OPT_VERBOSE2);
+ print_rule(r, anchor_call, pf->opts & PF_OPT_VERBOSE2);
pfctl_clear_pool(&r->rpool);
return (0);
}
@@ -1032,7 +915,7 @@ pfctl_add_altq(struct pfctl *pf, struct pf_altq *a)
int
pfctl_rules(int dev, char *filename, int opts, char *anchorname,
- char *rulesetname, struct pfr_buffer *trans)
+ struct pfr_buffer *trans)
{
#define ERR(x) do { warn(x); goto _error; } while(0)
#define ERRX(x) do { warnx(x); goto _error; } while(0)
@@ -1058,9 +941,7 @@ pfctl_rules(int dev, char *filename, int opts, char *anchorname,
memset(&pf, 0, sizeof(pf));
memset(&trs, 0, sizeof(trs));
if (strlcpy(trs.pfrt_anchor, anchorname,
- sizeof(trs.pfrt_anchor)) >= sizeof(trs.pfrt_anchor) ||
- strlcpy(trs.pfrt_ruleset, rulesetname,
- sizeof(trs.pfrt_ruleset)) >= sizeof(trs.pfrt_ruleset))
+ sizeof(trs.pfrt_anchor)) >= sizeof(trs.pfrt_anchor))
ERRX("pfctl_rules: strlcpy");
if (strcmp(filename, "-") == 0) {
fin = stdin;
@@ -1081,43 +962,35 @@ pfctl_rules(int dev, char *filename, int opts, char *anchorname,
pf.trans = t;
pf.rule_nr = 0;
pf.anchor = anchorname;
- pf.ruleset = rulesetname;
if ((opts & PF_OPT_NOACTION) == 0) {
if ((pf.loadopt & PFCTL_FLAG_NAT) != 0) {
- if (pfctl_add_trans(t, PF_RULESET_NAT, anchorname,
- rulesetname) ||
- pfctl_add_trans(t, PF_RULESET_BINAT, anchorname,
- rulesetname) ||
- pfctl_add_trans(t, PF_RULESET_RDR, anchorname,
- rulesetname))
+ if (pfctl_add_trans(t, PF_RULESET_NAT, anchorname) ||
+ pfctl_add_trans(t, PF_RULESET_BINAT, anchorname) ||
+ pfctl_add_trans(t, PF_RULESET_RDR, anchorname))
ERR("pfctl_rules");
}
if (((altqsupport && (pf.loadopt & PFCTL_FLAG_ALTQ) != 0))) {
- if (pfctl_add_trans(t, PF_RULESET_ALTQ, anchorname,
- rulesetname))
+ if (pfctl_add_trans(t, PF_RULESET_ALTQ, anchorname))
ERR("pfctl_rules");
}
if ((pf.loadopt & PFCTL_FLAG_FILTER) != 0) {
- if (pfctl_add_trans(t, PF_RULESET_SCRUB, anchorname,
- rulesetname) ||
- pfctl_add_trans(t, PF_RULESET_FILTER, anchorname,
- rulesetname))
+ if (pfctl_add_trans(t, PF_RULESET_SCRUB, anchorname) ||
+ pfctl_add_trans(t, PF_RULESET_FILTER, anchorname))
ERR("pfctl_rules");
}
if (pf.loadopt & PFCTL_FLAG_TABLE) {
- if (pfctl_add_trans(t, PF_RULESET_TABLE, anchorname,
- rulesetname))
+ if (pfctl_add_trans(t, PF_RULESET_TABLE, anchorname))
ERR("pfctl_rules");
}
if (pfctl_trans(dev, t, DIOCXBEGIN, osize))
ERR("DIOCXBEGIN");
if (altqsupport && (pf.loadopt & PFCTL_FLAG_ALTQ))
pa.ticket = pfctl_get_ticket(t, PF_RULESET_ALTQ,
- anchorname, rulesetname);
+ anchorname);
if (pf.loadopt & PFCTL_FLAG_TABLE)
pf.tticket = pfctl_get_ticket(t, PF_RULESET_TABLE,
- anchorname, rulesetname);
+ anchorname);
}
if (parse_rules(fin, &pf) < 0) {
if ((opts & PF_OPT_NOACTION) == 0)
@@ -1133,7 +1006,7 @@ pfctl_rules(int dev, char *filename, int opts, char *anchorname,
fclose(fin);
/* process "load anchor" directives */
- if (!anchorname[0] && !rulesetname[0])
+ if (!anchorname[0])
if (pfctl_load_anchors(dev, opts, t) == -1)
ERRX("load anchors");
@@ -1414,48 +1287,37 @@ pfctl_test_altqsupport(int dev, int opts)
int
pfctl_show_anchors(int dev, int opts, char *anchorname)
{
- u_int32_t nr, mnr;
+ struct pfioc_ruleset pr;
+ u_int32_t mnr, nr;
- if (!*anchorname) {
- struct pfioc_anchor pa;
+ memset(&pr, 0, sizeof(pr));
+ memcpy(pr.path, anchorname, sizeof(pr.path));
+ if (ioctl(dev, DIOCGETRULESETS, &pr)) {
+ if (errno == EINVAL)
+ fprintf(stderr, "Anchor '%s' not found.\n",
+ anchorname);
+ else
+ err(1, "DIOCGETRULESETS");
+ return (-1);
+ }
+ mnr = pr.nr;
+ for (nr = 0; nr < mnr; ++nr) {
+ char sub[MAXPATHLEN];
- memset(&pa, 0, sizeof(pa));
- if (ioctl(dev, DIOCGETANCHORS, &pa)) {
- warn("DIOCGETANCHORS");
- return (-1);
- }
- mnr = pa.nr;
- for (nr = 0; nr < mnr; ++nr) {
- pa.nr = nr;
- if (ioctl(dev, DIOCGETANCHOR, &pa)) {
- warn("DIOCGETANCHOR");
- return (-1);
- }
- if (!(opts & PF_OPT_VERBOSE) &&
- !strcmp(pa.name, PF_RESERVED_ANCHOR))
- continue;
- printf(" %s\n", pa.name);
+ pr.nr = nr;
+ if (ioctl(dev, DIOCGETRULESET, &pr))
+ err(1, "DIOCGETRULESET");
+ if (!strcmp(pr.name, PF_RESERVED_ANCHOR))
+ continue;
+ sub[0] = 0;
+ if (pr.path[0]) {
+ strlcat(sub, pr.path, sizeof(sub));
+ strlcat(sub, ":", sizeof(sub));
}
- } else {
- struct pfioc_ruleset pr;
-
- memset(&pr, 0, sizeof(pr));
- memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
- if (ioctl(dev, DIOCGETRULESETS, &pr)) {
- if (errno == EINVAL)
- fprintf(stderr, "No rulesets in anchor '%s'.\n",
- anchorname);
- else
- err(1, "DIOCGETRULESETS");
+ strlcat(sub, pr.name, sizeof(sub));
+ printf(" %s\n", sub);
+ if (opts & PF_OPT_VERBOSE && pfctl_show_anchors(dev, opts, sub))
return (-1);
- }
- mnr = pr.nr;
- for (nr = 0; nr < mnr; ++nr) {
- pr.nr = nr;
- if (ioctl(dev, DIOCGETRULESET, &pr))
- err(1, "DIOCGETRULESET");
- printf(" %s:%s\n", pr.anchor, pr.name);
- }
}
return (0);
}
@@ -1477,8 +1339,7 @@ main(int argc, char *argv[])
int ch;
int mode = O_RDONLY;
int opts = 0;
- char anchorname[PF_ANCHOR_NAME_SIZE];
- char rulesetname[PF_RULESET_NAME_SIZE];
+ char anchorname[MAXPATHLEN];
if (argc < 2)
usage();
@@ -1613,31 +1474,11 @@ main(int argc, char *argv[])
loadopt = ~0;
memset(anchorname, 0, sizeof(anchorname));
- memset(rulesetname, 0, sizeof(rulesetname));
if (anchoropt != NULL) {
- char *t;
-
- if ((t = strchr(anchoropt, ':')) == NULL) {
- if (strlcpy(anchorname, anchoropt,
- sizeof(anchorname)) >= sizeof(anchorname))
- errx(1, "anchor name '%s' too long",
- anchoropt);
- } else {
- char *p;
-
- if ((p = strdup(anchoropt)) == NULL)
- err(1, "anchoropt: strdup");
- t = strsep(&p, ":");
- if (*t == '\0' || *p == '\0')
- errx(1, "anchor '%s' invalid", anchoropt);
- if (strlcpy(anchorname, t, sizeof(anchorname)) >=
- sizeof(anchorname))
- errx(1, "anchor name '%s' too long", t);
- if (strlcpy(rulesetname, p, sizeof(rulesetname)) >=
- sizeof(rulesetname))
- errx(1, "ruleset name '%s' too long", p);
- free(t); /* not p */
- }
+ if (strlcpy(anchorname, anchoropt,
+ sizeof(anchorname)) >= sizeof(anchorname))
+ errx(1, "anchor name '%s' too long",
+ anchoropt);
loadopt &= PFCTL_FLAG_FILTER|PFCTL_FLAG_NAT|PFCTL_FLAG_TABLE;
}
@@ -1667,17 +1508,15 @@ main(int argc, char *argv[])
break;
case 'r':
pfctl_load_fingerprints(dev, opts);
- pfctl_show_rules(dev, opts, 0, anchorname,
- rulesetname);
+ pfctl_show_rules(dev, opts, 0, anchorname);
break;
case 'l':
pfctl_load_fingerprints(dev, opts);
- pfctl_show_rules(dev, opts, 1, anchorname,
- rulesetname);
+ pfctl_show_rules(dev, opts, 1, anchorname);
break;
case 'n':
pfctl_load_fingerprints(dev, opts);
- pfctl_show_nat(dev, opts, anchorname, rulesetname);
+ pfctl_show_nat(dev, opts, anchorname);
break;
case 'q':
pfctl_show_altq(dev, ifaceopt, opts,
@@ -1702,21 +1541,20 @@ main(int argc, char *argv[])
opts |= PF_OPT_SHOWALL;
pfctl_load_fingerprints(dev, opts);
- pfctl_show_nat(dev, opts, anchorname, rulesetname);
- pfctl_show_rules(dev, opts, 0, anchorname,
- rulesetname);
+ pfctl_show_nat(dev, opts, anchorname);
+ pfctl_show_rules(dev, opts, 0, anchorname);
pfctl_show_altq(dev, ifaceopt, opts, 0);
pfctl_show_states(dev, ifaceopt, opts);
pfctl_show_src_nodes(dev, opts);
pfctl_show_status(dev, opts);
- pfctl_show_rules(dev, opts, 1, anchorname, rulesetname);
+ pfctl_show_rules(dev, opts, 1, anchorname);
pfctl_show_timeouts(dev, opts);
pfctl_show_limits(dev, opts);
- pfctl_show_tables(anchorname, rulesetname, opts);
+ pfctl_show_tables(anchorname, opts);
pfctl_show_fingerprints(opts);
break;
case 'T':
- pfctl_show_tables(anchorname, rulesetname, opts);
+ pfctl_show_tables(anchorname, opts);
break;
case 'o':
pfctl_load_fingerprints(dev, opts);
@@ -1731,10 +1569,10 @@ main(int argc, char *argv[])
if (clearopt != NULL) {
switch (*clearopt) {
case 'r':
- pfctl_clear_rules(dev, opts, anchorname, rulesetname);
+ pfctl_clear_rules(dev, opts, anchorname);
break;
case 'n':
- pfctl_clear_nat(dev, opts, anchorname, rulesetname);
+ pfctl_clear_nat(dev, opts, anchorname);
break;
case 'q':
pfctl_clear_altq(dev, opts);
@@ -1749,10 +1587,10 @@ main(int argc, char *argv[])
pfctl_clear_stats(dev, opts);
break;
case 'a':
- pfctl_clear_rules(dev, opts, anchorname, rulesetname);
- pfctl_clear_nat(dev, opts, anchorname, rulesetname);
- pfctl_clear_tables(anchorname, rulesetname, opts);
- if (!*anchorname && !*rulesetname) {
+ pfctl_clear_rules(dev, opts, anchorname);
+ pfctl_clear_nat(dev, opts, anchorname);
+ pfctl_clear_tables(anchorname, opts);
+ if (!*anchorname) {
pfctl_clear_altq(dev, opts);
pfctl_clear_states(dev, ifaceopt, opts);
pfctl_clear_src_nodes(dev, opts);
@@ -1764,7 +1602,7 @@ main(int argc, char *argv[])
pfctl_clear_fingerprints(dev, opts);
break;
case 'T':
- pfctl_clear_tables(anchorname, rulesetname, opts);
+ pfctl_clear_tables(anchorname, opts);
break;
}
}
@@ -1773,7 +1611,7 @@ main(int argc, char *argv[])
if (tblcmdopt != NULL) {
error = pfctl_command_tables(argc, argv, tableopt,
- tblcmdopt, rulesopt, anchorname, rulesetname, opts);
+ tblcmdopt, rulesopt, anchorname, opts);
rulesopt = NULL;
}
@@ -1782,8 +1620,7 @@ main(int argc, char *argv[])
error = 1;
if (rulesopt != NULL) {
- if (pfctl_rules(dev, rulesopt, opts, anchorname, rulesetname,
- NULL))
+ if (pfctl_rules(dev, rulesopt, opts, anchorname, NULL))
error = 1;
else if (!(opts & PF_OPT_NOACTION) &&
(loadopt & PFCTL_FLAG_TABLE))
diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h
index 998fd2b5cb5..4c345f49563 100644
--- a/sbin/pfctl/pfctl.h
+++ b/sbin/pfctl/pfctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.h,v 1.34 2004/04/09 12:42:06 cedric Exp $ */
+/* $OpenBSD: pfctl.h,v 1.35 2004/05/19 17:50:51 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -79,10 +79,10 @@ int pfi_get_ifaces(const char *, struct pfi_if *, int *, int);
int pfi_clr_istats(const char *, int *, int);
void pfctl_print_title(char *);
-int pfctl_clear_tables(const char *, const char *, int);
-int pfctl_show_tables(const char *, const char *, int);
+int pfctl_clear_tables(const char *, int);
+int pfctl_show_tables(const char *, int);
int pfctl_command_tables(int, char *[], char *, const char *, char *,
- const char *, const char *, int);
+ const char *, int);
int pfctl_show_altq(int, const char *, int, int);
void warn_namespace_collision(const char *);
int pfctl_show_ifaces(const char *, int);
@@ -117,9 +117,9 @@ void print_state(struct pf_state *, int);
int unmask(struct pf_addr *, sa_family_t);
int pfctl_cmdline_symset(char *);
-int pfctl_add_trans(struct pfr_buffer *, int, const char *, const char *);
+int pfctl_add_trans(struct pfr_buffer *, int, const char *);
u_int32_t
- pfctl_get_ticket(struct pfr_buffer *, int, const char *, const char *);
+ pfctl_get_ticket(struct pfr_buffer *, int, const char *);
int pfctl_trans(int, struct pfr_buffer *, u_long, int);
#endif /* _PFCTL_H_ */
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 79549bd3c46..47230181db7 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.198 2004/05/07 16:54:20 henning Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.199 2004/05/19 17:50:51 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -626,7 +626,7 @@ print_src_node(struct pf_src_node *sn, int opts)
}
void
-print_rule(struct pf_rule *r, int verbose)
+print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
{
static const char *actiontypes[] = { "pass", "block", "scrub", "nat",
"no nat", "binat", "no binat", "rdr", "no rdr" };
@@ -639,8 +639,8 @@ print_rule(struct pf_rule *r, int verbose)
printf("@%d ", r->nr);
if (r->action > PF_NORDR)
printf("action(%d)", r->action);
- else if (r->anchorname[0])
- printf("%s %s", anchortypes[r->action], r->anchorname);
+ else if (anchor_call[0])
+ printf("%s %s", anchortypes[r->action], anchor_call);
else {
printf("%s", actiontypes[r->action]);
if (r->natpass)
@@ -899,7 +899,7 @@ print_rule(struct pf_rule *r, int verbose)
printf(" !");
printf(" tagged %s", r->match_tagname);
}
- if (!r->anchorname[0] && (r->action == PF_NAT ||
+ if (!anchor_call[0] && (r->action == PF_NAT ||
r->action == PF_BINAT || r->action == PF_RDR)) {
printf(" -> ");
print_pool(&r->rpool, r->rpool.proxy_port[0],
@@ -1569,31 +1569,26 @@ append_addr_host(struct pfr_buffer *b, struct node_host *n, int test, int not)
}
int
-pfctl_add_trans(struct pfr_buffer *buf, int rs_num, const char *anchor,
- const char *ruleset)
+pfctl_add_trans(struct pfr_buffer *buf, int rs_num, const char *anchor)
{
struct pfioc_trans_e trans;
bzero(&trans, sizeof(trans));
trans.rs_num = rs_num;
if (strlcpy(trans.anchor, anchor,
- sizeof(trans.anchor)) >= sizeof(trans.anchor) ||
- strlcpy(trans.ruleset, ruleset,
- sizeof(trans.ruleset)) >= sizeof(trans.ruleset))
+ sizeof(trans.anchor)) >= sizeof(trans.anchor))
errx(1, "pfctl_add_trans: strlcpy");
return pfr_buf_add(buf, &trans);
}
u_int32_t
-pfctl_get_ticket(struct pfr_buffer *buf, int rs_num, const char *anchor,
- const char *ruleset)
+pfctl_get_ticket(struct pfr_buffer *buf, int rs_num, const char *anchor)
{
struct pfioc_trans_e *p;
PFRB_FOREACH(p, buf)
- if (rs_num == p->rs_num && !strcmp(anchor, p->anchor) &&
- !strcmp(ruleset, p->ruleset))
+ if (rs_num == p->rs_num && !strcmp(anchor, p->anchor))
return (p->ticket);
errx(1, "pfctl_get_ticket: assertion failed");
}
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 52de11f5b3d..d16abc4d599 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.h,v 1.75 2004/04/14 11:16:43 cedric Exp $ */
+/* $OpenBSD: pfctl_parser.h,v 1.76 2004/05/19 17:50:51 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -144,9 +144,9 @@ struct node_tinit { /* table initializer */
struct pfr_buffer; /* forward definition */
-int pfctl_rules(int, char *, int, char *, char *, struct pfr_buffer *);
+int pfctl_rules(int, char *, int, char *, struct pfr_buffer *);
-int pfctl_add_rule(struct pfctl *, struct pf_rule *);
+int pfctl_add_rule(struct pfctl *, struct pf_rule *, const char *);
int pfctl_add_altq(struct pfctl *, struct pf_altq *);
int pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t);
void pfctl_clear_pool(struct pf_pool *);
@@ -164,7 +164,7 @@ int pfctl_load_anchors(int, int, struct pfr_buffer *);
void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
void print_src_node(struct pf_src_node *, int);
-void print_rule(struct pf_rule *, int);
+void print_rule(struct pf_rule *, const char *, int);
void print_tabledef(const char *, int, int, struct node_tinithead *);
void print_status(struct pf_status *, int);
@@ -178,8 +178,8 @@ void print_altq(const struct pf_altq *, unsigned, struct node_queue_bw *,
void print_queue(const struct pf_altq *, unsigned, struct node_queue_bw *,
int, struct node_queue_opt *);
-int pfctl_define_table(char *, int, int, const char *, const char *,
- struct pfr_buffer *, u_int32_t);
+int pfctl_define_table(char *, int, int, const char *, struct pfr_buffer *,
+ u_int32_t);
void pfctl_clear_fingerprints(int, int);
int pfctl_file_fingerprints(int, int, const char *);
diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index 5d4c3d9f511..def22571f69 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_table.c,v 1.59 2004/03/15 15:25:44 dhartmei Exp $ */
+/* $OpenBSD: pfctl_table.c,v 1.60 2004/05/19 17:50:51 dhartmei Exp $ */
/*
* Copyright (c) 2002 Cedric Berger
@@ -53,7 +53,7 @@
extern void usage(void);
static int pfctl_table(int, char *[], char *, const char *, char *,
- const char *, const char *, int);
+ const char *, int);
static void print_table(struct pfr_table *, int, int);
static void print_tstats(struct pfr_tstats *, int);
static int load_addr(struct pfr_buffer *, int, char *[], char *, int);
@@ -96,31 +96,29 @@ static const char *istats_text[2][2][2] = {
} while(0)
int
-pfctl_clear_tables(const char *anchor, const char *ruleset, int opts)
+pfctl_clear_tables(const char *anchor, int opts)
{
- return pfctl_table(0, NULL, NULL, "-F", NULL, anchor, ruleset, opts);
+ return pfctl_table(0, NULL, NULL, "-F", NULL, anchor, opts);
}
int
-pfctl_show_tables(const char *anchor, const char *ruleset, int opts)
+pfctl_show_tables(const char *anchor, int opts)
{
- return pfctl_table(0, NULL, NULL, "-s", NULL, anchor, ruleset, opts);
+ return pfctl_table(0, NULL, NULL, "-s", NULL, anchor, opts);
}
int
pfctl_command_tables(int argc, char *argv[], char *tname,
- const char *command, char *file, const char *anchor, const char *ruleset,
- int opts)
+ const char *command, char *file, const char *anchor, int opts)
{
if (tname == NULL || command == NULL)
usage();
- return pfctl_table(argc, argv, tname, command, file, anchor, ruleset,
- opts);
+ return pfctl_table(argc, argv, tname, command, file, anchor, opts);
}
int
pfctl_table(int argc, char *argv[], char *tname, const char *command,
- char *file, const char *anchor, const char *ruleset, int opts)
+ char *file, const char *anchor, int opts)
{
struct pfr_table table;
struct pfr_buffer b, b2;
@@ -145,9 +143,7 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,
errx(1, "pfctl_table: strlcpy");
}
if (strlcpy(table.pfrt_anchor, anchor,
- sizeof(table.pfrt_anchor)) >= sizeof(table.pfrt_anchor) ||
- strlcpy(table.pfrt_ruleset, ruleset,
- sizeof(table.pfrt_ruleset)) >= sizeof(table.pfrt_ruleset))
+ sizeof(table.pfrt_anchor)) >= sizeof(table.pfrt_anchor))
errx(1, "pfctl_table: strlcpy");
if (!strcmp(command, "-F")) {
@@ -337,8 +333,6 @@ print_table(struct pfr_table *ta, int verbose, int debug)
ta->pfrt_name);
if (ta->pfrt_anchor[0])
printf("\t%s", ta->pfrt_anchor);
- if (ta->pfrt_ruleset[0])
- printf(":%s", ta->pfrt_ruleset);
puts("");
} else
puts(ta->pfrt_name);
@@ -456,16 +450,14 @@ radix_perror(void)
int
pfctl_define_table(char *name, int flags, int addrs, const char *anchor,
- const char *ruleset, struct pfr_buffer *ab, u_int32_t ticket)
+ struct pfr_buffer *ab, u_int32_t ticket)
{
struct pfr_table tbl;
bzero(&tbl, sizeof(tbl));
if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >=
sizeof(tbl.pfrt_name) || strlcpy(tbl.pfrt_anchor, anchor,
- sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor) ||
- strlcpy(tbl.pfrt_ruleset, ruleset, sizeof(tbl.pfrt_ruleset)) >=
- sizeof(tbl.pfrt_ruleset))
+ sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor))
errx(1, "pfctl_define_table: strlcpy");
tbl.pfrt_flags = flags;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-04 15:19:13 +0000