git: 945ba658d803 - main - pfctl: Error out on missing table command, zap internal wrapper function
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Jul 2025 09:22:45 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=945ba658d8036102729e3ae7809c56879bf1e259
commit 945ba658d8036102729e3ae7809c56879bf1e259
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-01 09:41:12 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-04 08:31:13 +0000
pfctl: Error out on missing table command, zap internal wrapper function
Table name and table command require each other as reflected in the
synopsis [-t table -T command [address ...]], so print usage and exit if
only one of them is given.
By moving the inter-dependence check right after option parsing is done,
we can bail out even before opening pf(4) and drop the internal wrapper
pfctl_command_tables() as unneeded indirection with now duplicate checks.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, 97699edbc9
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl.c | 5 ++++-
sbin/pfctl/pfctl.h | 2 +-
sbin/pfctl/pfctl_table.c | 11 -----------
3 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 8c6497b4d1ee..38d74aceba80 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -3175,6 +3175,9 @@ main(int argc, char *argv[])
}
}
+ if (tblcmdopt == NULL ^ tableopt == NULL)
+ usage();
+
if (tblcmdopt != NULL) {
argc -= optind;
argv += optind;
@@ -3400,7 +3403,7 @@ main(int argc, char *argv[])
pfctl_kill_src_nodes(dev, ifaceopt, opts);
if (tblcmdopt != NULL) {
- error = pfctl_command_tables(argc, argv, tableopt,
+ error = pfctl_table(argc, argv, tableopt,
tblcmdopt, rulesopt, anchorname, opts);
rulesopt = NULL;
}
diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h
index 5abd5ddcdf8f..08d48695709e 100644
--- a/sbin/pfctl/pfctl.h
+++ b/sbin/pfctl/pfctl.h
@@ -83,7 +83,7 @@ int pfi_clr_istats(const char *, int *, int);
void pfctl_print_title(char *);
void pfctl_do_clear_tables(const char *, int);
void pfctl_show_tables(const char *, int);
-int pfctl_command_tables(int, char *[], char *, const char *, char *,
+int pfctl_table(int, char *[], char *, const char *, char *,
const char *, int);
int pfctl_show_altq(int, const char *, int, int);
void warn_namespace_collision(const char *);
diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index abe22a3258de..53abea3e1ae1 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -55,8 +55,6 @@
#include "pfctl.h"
extern void usage(void);
-static int pfctl_table(int, char *[], char *, const char *, char *,
- const char *, int);
static void print_table(const struct pfr_table *, int, int);
static int print_tstats(const struct pfr_tstats *, int);
static int load_addr(struct pfr_buffer *, int, char *[], char *, int, int);
@@ -118,15 +116,6 @@ pfctl_show_tables(const char *anchor, int opts)
exit(1);
}
-int
-pfctl_command_tables(int argc, char *argv[], char *tname,
- const char *command, char *file, const char *anchor, int opts)
-{
- if (tname == NULL || command == NULL)
- usage();
- return pfctl_table(argc, argv, tname, command, file, anchor, opts);
-}
-
int
pfctl_table(int argc, char *argv[], char *tname, const char *command,
char *file, const char *anchor, int opts)