git: 99560fe98c76 - main - pfctl: Do not warn if there is no Ethernet anchor

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jose Luis Duran <jlduran_at_FreeBSD.org>
Date: Tue, 28 Oct 2025 11:49:25 UTC
The branch main has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=99560fe98c76371d7f0807c2088c78790ca9f943

commit 99560fe98c76371d7f0807c2088c78790ca9f943
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-26 12:38:00 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-28 11:31:20 +0000

    pfctl: Do not warn if there is no Ethernet anchor
    
    Avoid emitting a warning if there is no Ethernet anchor.  If the anchor
    --regardless of its type-- is nonexistent, should be caught earlier.
    
    This can be misleading when there is a layer 3 anchor but not an
    Ethernet anchor, giving the user the impression that there is no layer 3
    anchor with that name.
    
    PR:             280516
    Approved by:    kp
    MFC after:      2 days
    Differential Revision:  https://reviews.freebsd.org/D53360
---
 sbin/pfctl/pfctl.c             | 5 +----
 tests/sys/netpfil/pf/anchor.sh | 4 ++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index ed317495c2e0..3d2632c1cf74 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -3167,10 +3167,7 @@ pfctl_show_eth_anchors(int dev, int opts, char *anchorname)
 	int ret;
 
 	if ((ret = pfctl_get_eth_rulesets_info(dev, &ri, anchorname)) != 0) {
-		if (ret == ENOENT)
-			fprintf(stderr, "Anchor '%s' not found.\n",
-			    anchorname);
-		else
+		if (ret != ENOENT)
 			errc(1, ret, "DIOCGETETHRULESETS");
 		return (-1);
 	}
diff --git a/tests/sys/netpfil/pf/anchor.sh b/tests/sys/netpfil/pf/anchor.sh
index 034fe0d3d574..f321c742788e 100644
--- a/tests/sys/netpfil/pf/anchor.sh
+++ b/tests/sys/netpfil/pf/anchor.sh
@@ -157,10 +157,10 @@ deeply_nested_body()
 
 	atf_check -s exit:0 -o \
 	    inline:"  foo\n  foo/bar\n  foo/bar/foobar\n  foo/bar/quux\n  foo/baz\n  foo/qux\n" \
-	    -e ignore jexec alcatraz pfctl -sA
+	    jexec alcatraz pfctl -sA
 
 	atf_check -s exit:0 -o inline:"  foo/bar/foobar\n  foo/bar/quux\n" \
-	    -e ignore jexec alcatraz pfctl -a foo/bar -sA
+	    jexec alcatraz pfctl -a foo/bar -sA
 }
 
 deeply_nested_cleanup()