git: c32cd18055c0 - main - pfctl: print ethernet rules when called with '-n'

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 02 Mar 2022 16:01:09 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=c32cd18055c01f2460950351accfe79f87a24c43

commit c32cd18055c01f2460950351accfe79f87a24c43
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-01-21 15:37:21 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-03-02 16:00:08 +0000

    pfctl: print ethernet rules when called with '-n'
    
    Just as pfctl already does for other rules we print the ethernet rules
    we would have loaded if '-n' is specified.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/parse.y        | 3 +++
 sbin/pfctl/pfctl.c        | 9 ++++++++-
 sbin/pfctl/pfctl_parser.h | 1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 346ec9d9a587..8a0aa4279337 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -5749,9 +5749,11 @@ expand_eth_rule(struct pfctl_eth_rule *r,
 		bcopy(src->mac, r->src.addr, ETHER_ADDR_LEN);
 		bcopy(src->mask, r->src.mask, ETHER_ADDR_LEN);
 		r->src.neg = src->neg;
+		r->src.isset = src->isset;
 		bcopy(dst->mac, r->dst.addr, ETHER_ADDR_LEN);
 		bcopy(dst->mask, r->dst.mask, ETHER_ADDR_LEN);
 		r->dst.neg = dst->neg;
+		r->dst.isset = dst->isset;
 		r->nr = pf->eastack[pf->asd]->match++;
 
 		pfctl_append_eth_rule(pf, r, anchor_call);
@@ -6926,6 +6928,7 @@ node_mac_from_string(const char *str)
 	}
 
 	memset(m->mask, 0xff, ETHER_ADDR_LEN);
+	m->isset = true;
 	m->next = NULL;
 	m->tail = m;
 
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 89b546a1b9e2..4ff1bd25e0eb 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1698,7 +1698,8 @@ pfctl_load_eth_ruleset(struct pfctl *pf, char *path,
 			if ((error = pfctl_load_eth_ruleset(pf, path,
 			    &r->anchor->ruleset, depth + 1)))
 				return (error);
-		}
+		} else if (pf->opts & PF_OPT_VERBOSE)
+			printf("\n");
 		free(r);
 	}
 	if (brace && pf->opts & PF_OPT_VERBOSE) {
@@ -1743,6 +1744,12 @@ pfctl_load_eth_rule(struct pfctl *pf, char *path, struct pfctl_eth_rule *r,
 		    pf->eth_ticket))
 			err(1, "DIOCADDETHRULENV");
 
+	if (pf->opts & PF_OPT_VERBOSE) {
+		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
+		print_eth_rule(r, r->anchor ? r->anchor->name : "",
+		    pf->opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG));
+	}
+
 	path[len] = '\0';
 
 	return (0);
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 60bbae7a3fcd..13151cc33829 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -140,6 +140,7 @@ struct node_mac {
 	u_int8_t	 mac[ETHER_ADDR_LEN];
 	u_int8_t	 mask[ETHER_ADDR_LEN];
 	bool		 neg;
+	bool		 isset;
 	struct node_mac	*next;
 	struct node_mac	*tail;
 };