[Bug 262622] [pf][patch] fix showing rules in (some) nested anchors

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 262622] [pf][patch] fix showing rules in (some) nested anchors"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 17 Mar 2022 16:56:55 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262622

--- Comment #5 from Kristof Provost <kp@freebsd.org> ---
Can you try this: 

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 8f064594260b..884431aa73fc 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -894,7 +894,7 @@ pfctl_add_rule(int dev, const struct pfctl_rule *r, const
char *anchor,

 int
 pfctl_get_rules_info(int dev, struct pfctl_rules_info *rules, uint32_t
ruleset,
-    const char *path)
+    const char *path, char *anchor_call)
 {
        struct pfioc_rule pr;
        int ret;
@@ -911,6 +911,9 @@ pfctl_get_rules_info(int dev, struct pfctl_rules_info
*rules, uint32_t ruleset,
        rules->nr = pr.nr;
        rules->ticket = pr.ticket;

+       if (anchor_call)
+               strlcpy(anchor_call, pr.anchor_call, MAXPATHLEN);
+
        return (0);
 }

diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index b7f703b64def..536377c38404 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -364,7 +364,7 @@ int pfctl_get_eth_rule(int dev, uint32_t nr, uint32_t
ticket,
 int    pfctl_add_eth_rule(int dev, const struct pfctl_eth_rule *r,
            const char *anchor, const char *anchor_call, uint32_t ticket);
 int    pfctl_get_rules_info(int dev, struct pfctl_rules_info *rules,
-           uint32_t ruleset, const char *path);
+           uint32_t ruleset, const char *path, char *anchor_call);
 int    pfctl_get_rule(int dev, uint32_t nr, uint32_t ticket,
            const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
            char *anchor_call);
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index ffd978b304cb..6b0ed98aeb77 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1150,14 +1150,16 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
                snprintf(&path[len], MAXPATHLEN - len, "%s", anchorname);

        if (opts & PF_OPT_SHOWALL) {
-               ret = pfctl_get_rules_info(dev, &ri, PF_PASS, anchorname);
+               ret = pfctl_get_rules_info(dev, &ri, PF_PASS, path,
+                   anchor_call);
                if (ret != 0) {
                        warn("DIOCGETRULES");
                        goto error;
                }
                header++;
        }
-       ret = pfctl_get_rules_info(dev, &ri, PF_SCRUB, anchorname);
+       ret = pfctl_get_rules_info(dev, &ri, PF_SCRUB, path,
+           anchor_call);
        if (ret != 0) {
                warn("DIOCGETRULES");
                goto error;
@@ -1195,7 +1197,8 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
                }
                pfctl_clear_pool(&rule.rpool);
        }
-       ret = pfctl_get_rules_info(dev, &ri, PF_PASS, anchorname);
+       ret = pfctl_get_rules_info(dev, &ri, PF_PASS, path,
+           anchor_call);
        if (ret != 0) {
                warn("DIOCGETRULES");
                goto error;
@@ -1294,7 +1297,8 @@ pfctl_show_nat(int dev, char *path, int opts, char
*anchorname, int depth)
        char *p;

        for (i = 0; i < 3; i++) {
-               ret = pfctl_get_rules_info(dev, &ri, nattype[i], anchorname);
+               ret = pfctl_get_rules_info(dev, &ri, nattype[i], anchorname,
+                   anchor_call);
                if (ret != 0) {
                        warn("DIOCGETRULES");
                        return (-1);

That should restore the previous behaviour, and appears to be working for me.

-- 
You are receiving this mail because:
You are the assignee for the bug.