git: 7153a62d2978 - main - pfctl: Unify error message for nonexisting anchors

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Sat, 12 Jul 2025 13:38:49 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=7153a62d29784780fdc1d61aebd92c76fb158627

commit 7153a62d29784780fdc1d61aebd92c76fb158627
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-07 06:45:04 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-12 09:57:50 +0000

    pfctl: Unify error message for nonexisting anchors
    
    pf(4) returns EINVAL for DIOCGETRULE, DIOCGETRULES and DIOCGETRULESET if
    the specified anchor does not exist.
    
    Extend and rename {pfr -> pf}_strerror() to make error message more
    consistent.
    
    There are other occasions as well but those need additional tweaks;
    that's stuff for another diff.
    
    OK and rename from sashan
    
    Obtained from:  OpenBSD, kn <kn@openbsd.org>, e5c920154c
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.c          | 24 +++++++++++++++++++-----
 sbin/pfctl/pfctl_optimize.c |  8 ++++----
 sbin/pfctl/pfctl_radix.c    | 13 -------------
 3 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 8d2b556d7085..b4453c850de4 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1350,7 +1350,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 
 		for (nr = 0; nr < mnr; ++nr) {
 			if ((ret = pfctl_get_ruleset(pfh, npath, nr, &prs)) != 0)
-				errc(1, ret, "DIOCGETRULESET");
+				errx(1, "%s", pfr_strerror(ret));
 			INDENT(depth, !(opts & PF_OPT_VERBOSE));
 			printf("anchor \"%s\" all {\n", prs.name);
 			pfctl_show_rules(dev, npath, opts,
@@ -1365,14 +1365,14 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 	if (opts & PF_OPT_SHOWALL) {
 		ret = pfctl_get_rules_info_h(pfh, &ri, PF_PASS, path);
 		if (ret != 0) {
-			warnc(ret, "DIOCGETRULES");
+			warnx("%s", pfr_strerror(ret));
 			goto error;
 		}
 		header++;
 	}
 	ret = pfctl_get_rules_info_h(pfh, &ri, PF_SCRUB, path);
 	if (ret != 0) {
-		warnc(ret, "DIOCGETRULES");
+		warnx("%s", pfr_strerror(ret));
 		goto error;
 	}
 	if (opts & PF_OPT_SHOWALL) {
@@ -1565,12 +1565,12 @@ pfctl_show_nat(int dev, const char *path, int opts, char *anchorname, int depth,
 				fprintf(stderr, "NAT anchor '%s' "
 				    "not found.\n", anchorname);
 			else
-				errc(1, ret, "DIOCGETRULESETS");
+				errx(1, "%s", pfr_strerror(ret));
 		}
 
 		for (nr = 0; nr < mnr; ++nr) {
 			if ((ret = pfctl_get_ruleset(pfh, npath, nr, &prs)) != 0)
-				errc(1, ret, "DIOCGETRULESET");
+				errx(1, "%s", pfr_strerror(ret));
 			INDENT(depth, !(opts & PF_OPT_VERBOSE));
 			printf("nat-anchor \"%s\" all {\n", prs.name);
 			pfctl_show_nat(dev, npath, opts,
@@ -3643,3 +3643,17 @@ main(int argc, char *argv[])
 
 	exit(exit_val);
 }
+
+char *
+pfr_strerror(int errnum)
+{
+	switch (errnum) {
+	case ESRCH:
+		return "Table does not exist";
+	case EINVAL:
+	case ENOENT:
+		return "Anchor does not exist";
+	default:
+		return strerror(errnum);
+	}
+}
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index e727324bbf40..24b774bc66be 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -903,13 +903,13 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 	struct pf_opt_queue queue;
 	struct pfctl_rules_info rules;
 	struct pfctl_rule a, b, rule;
-	int nr, mnr;
+	int nr, mnr, ret;
 
 	TAILQ_INIT(&queue);
 	TAILQ_INIT(&prof_superblocks);
 
-	if (pfctl_get_rules_info_h(pf->h, &rules, PF_PASS, "")) {
-		warn("DIOCGETRULES");
+	if ((ret = pfctl_get_rules_info_h(pf->h, &rules, PF_PASS, "")) != 0) {
+		warnx("%s", pfr_strerror(ret));
 		return (1);
 	}
 	mnr = rules.nr;
@@ -924,7 +924,7 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 
 		if (pfctl_get_rule_h(pf->h, nr, rules.ticket, "", PF_PASS,
 		    &rule, anchor_call)) {
-			warn("DIOCGETRULENV");
+			warnx("%s", pfr_strerror(ret));
 			free(por);
 			return (1);
 		}
diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c
index 5f9f121bc81c..00e4207d377b 100644
--- a/sbin/pfctl/pfctl_radix.c
+++ b/sbin/pfctl/pfctl_radix.c
@@ -461,16 +461,3 @@ pfr_next_token(char buf[BUF_SIZE], FILE *fp)
 	buf[i] = '\0';
 	return (1);
 }
-
-char *
-pfr_strerror(int errnum)
-{
-	switch (errnum) {
-	case ESRCH:
-		return "Table does not exist";
-	case ENOENT:
-		return "Anchor does not exist";
-	default:
-		return strerror(errnum);
-	}
-}