From nobody Thu Jul 03 12:01:15 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bXwMv3tN1z60qZc; Thu, 03 Jul 2025 12:01:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bXwMv25xRz3n0g; Thu, 03 Jul 2025 12:01:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751544075; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=E6rD9Zqu+pL20VddDXOlka6kmbrnGbCzwLf0HC7K73s=; b=jJk7dE7PLxdX4AXSl5E95YrtDabhLud9Zv7/aA7J5ZZtmQlhGHMdLzUW0IBGS/5jxVZub9 SeSlE06SQYgtoc1yTq7M0fkwDmwZU0irVX1CoZV6I1vQ2eJwu6rMoCgF22OL+tcUIyJLEs E2k9v3MK5oZP6Nqheb+ZP6yhvSItWWCmb6vcwSqkS2fz/alYxlvHvvXtlN4P/b7mXYb+Rf 6K33MxLpgBck7G1C48nNcJEH1SvwafDguzrHdQnv2iRyzpIkbbu66BO1wjPvyk4SUCSFDg fqcPXAKG5zgoyOhk0JhG5DgSOAhIB4wQMPqT7dfHHuT8s5RoYyXeyVg7SJt/XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751544075; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=E6rD9Zqu+pL20VddDXOlka6kmbrnGbCzwLf0HC7K73s=; b=Ua9sgfiKdXz7kRKKgngYj7XY4XT/8L9+6lq06Lm8iXvX9zMntuEPKZDvpF9zAXPhtOZ6o0 iYdEU47gjXSq5LhVQocTYpqH4AqSm/Igj2FHlXTDmRE8ICaFb/LFULQX1IC51l5VUqNY3r 5sITrb5vRVABs7e4qZ3QCjcggvwRx5ik31SeOhDCiE+P8P7McD6TV1mx52fHP/Sia8PX7J Q4SagI9ThjpSKIO27WAkG3czlcXmoR1mXUKPo/QlUy60MPBK8uxu2zQWVGe/qnehKz6hka cgIWiz2i4iurLVCqgQAMv4Oj36MiC7l9nccmdUQnsHQGie+g5ypQsXICVVsVGA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751544075; a=rsa-sha256; cv=none; b=Efw7wNhEgwJcIJQpAMeiR2M6kxlqNbyQNBlMRsysQl+AykuA5qTh7X72SKSM/YsZyoAnqt nph/nFjQghRu2J0HQST0GZgIFmsYK4X+Ti7U1hpgxo5zsAF4h4ONlpm4P82Hz9iw8+L0Cp fsE1tHIAdCeI451hq+/cfv27qBDl4s6bwnrnyJYRnlk6/pj0Rg13Uz903hXkK7ZVhHL4sX s7jkLtWG7ClKRpIh9twKz43S2GM+cksJkLi0b/yYuMZAEAIbT+JZtg8niNGknaN9OqxZ8q 4FKLvaHcWOIAx2rWGVrTgKOusfisrNKJFxoAE4y9IlL4LT5KM9N1462XImWBCw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bXwMv1fn0z143T; Thu, 03 Jul 2025 12:01:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 563C1FwS052179; Thu, 3 Jul 2025 12:01:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 563C1FK8052176; Thu, 3 Jul 2025 12:01:15 GMT (envelope-from git) Date: Thu, 3 Jul 2025 12:01:15 GMT Message-Id: <202507031201.563C1FK8052176@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 2927a5981b34 - main - pfctl: fix table commands under anchors List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2927a5981b3400cb5147d13580318419ecd1f91c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2927a5981b3400cb5147d13580318419ecd1f91c commit 2927a5981b3400cb5147d13580318419ecd1f91c Author: Kristof Provost AuthorDate: 2025-06-30 09:34:35 +0000 Commit: Kristof Provost CommitDate: 2025-07-03 07:16:15 +0000 pfctl: fix table commands under anchors With r1.358 I simplified anchor handling but also broke semantics with regard to tables: # pfctl -a aname -t tname -T show pfctl: anchors apply to -f, -F and -s only Unbreak this by checking for table commands as well. OK bluhm Obtained from: OpenBSD, kn , 0e2b7406a2 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.8 | 5 +++-- sbin/pfctl/pfctl.c | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 0a4b8952ef74..5238c53f709d 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 29, 2025 +.Dd June 30, 2025 .Dt PFCTL 8 .Os .Sh NAME @@ -114,8 +114,9 @@ Other rules and options are ignored. Apply flags .Fl f , .Fl F , +.Fl s , and -.Fl s +.Fl T only to the rules in the specified .Ar anchor . In addition to the main ruleset, diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 21befd3ca697..8c6497b4d1ee 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -3196,11 +3196,11 @@ main(int argc, char *argv[]) if (anchoropt != NULL) { int len = strlen(anchoropt); - if (mode == O_RDONLY && showopt == NULL) { - warnx("anchors apply to -f, -F and -s only"); + if (mode == O_RDONLY && showopt == NULL && tblcmdopt == NULL) { + warnx("anchors apply to -f, -F, -s, and -T only"); usage(); } - if (mode == O_RDWR && + if (mode == O_RDWR && tblcmdopt == NULL && (anchoropt[0] == '_' || strstr(anchoropt, "/_") != NULL)) errx(1, "anchor names beginning with '_' cannot " "be modified from the command line");