[Bug 262622] [pf][patch] fix showing rules in (some) nested anchors
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 262622] [pf][patch] fix showing rules in (some) nested anchors"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 17 Mar 2022 18:02:46 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262622
--- Comment #8 from Matteo Riondato <matteo@FreeBSD.org> ---
To give you an idea of what would be necessary, but not sufficient, to solve
the issue in bug #262590, you need something like the following patch (to be
applied on top of the patch you posted in #5
This patch solves a subset of the issue outlined in bug #262590, in that at
least now rules directly inside an anchor included in pf.conf with "anchor
myanchor/*" are printed (but nested anchors are still not printed).
To solve the real issue there, one likely needs to get the DIOCGETRULESETS
ioctl involved, IMHO.
diff -u pfctl.c pfctl.c.mine
--- pfctl.c 2022-03-17 13:57:58.290678000 -0400
+++ pfctl.c.mine 2022-03-17 13:57:11.836505000 -0400
@@ -1251,10 +1251,20 @@
*(--p) == '/')) || (opts & PF_OPT_RECURSE))) {
brace++;
if ((p = strrchr(anchor_call, '/')) !=
- NULL)
+ NULL && path[0] &&
+ strnstr(anchor_call, path, p -
anchor_call))
p++;
- else
+ else {
+ int aclen = strlen(anchor_call);
+ if (anchor_call[aclen - 1] == '*') {
+ int idx = aclen - 2;
+ if (! (idx >= 0 &&
+ anchor_call[idx] == '/'))
+ idx = 0;
+ anchor_call[idx] = '\0';
+ }
p = &anchor_call[0];
+ }
} else
p = &anchor_call[0];
--
You are receiving this mail because:
You are the assignee for the bug.