The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=a632d9e3601272c0157dce6633fc9a23ad6ae45b
commit a632d9e3601272c0157dce6633fc9a23ad6ae45b
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2022-03-17 17:31:37 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2022-03-17 21:37:06 +0000
pfctl: fix retrieving nested nat-anchors
When retrieving nat rules in anchors we need to set the path just like
we do for regular rules.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 4632d2dc3946..88a96bd303a0 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1291,10 +1291,16 @@ pfctl_show_nat(int dev, char *path, int opts, char
*anchorname, int depth)
static int nattype[3] = { PF_NAT, PF_RDR, PF_BINAT };
int i, dotitle = opts & PF_OPT_SHOWALL;
int brace, ret;
+ int len = strlen(path);
char *p;
+ if (path[0])
+ snprintf(&path[len], MAXPATHLEN - len, "/%s", anchorname);
+ else
+ snprintf(&path[len], MAXPATHLEN - len, "%s", anchorname);
+
for (i = 0; i < 3; i++) {
- ret = pfctl_get_rules_info(dev, &ri, nattype[i], anchorname);
+ ret = pfctl_get_rules_info(dev, &ri, nattype[i], path);
if (ret != 0) {
warn("DIOCGETRULES");
return (-1);
@@ -1303,13 +1309,13 @@ pfctl_show_nat(int dev, char *path, int opts, char
*anchorname, int depth)
brace = 0;
INDENT(depth, !(opts & PF_OPT_VERBOSE));
- if (pfctl_get_rule(dev, nr, ri.ticket, anchorname,
+ if (pfctl_get_rule(dev, nr, ri.ticket, path,
nattype[i], &rule, anchor_call)) {
warn("DIOCGETRULE");
return (-1);
}
if (pfctl_get_pool(dev, &rule.rpool, nr,
- ri.ticket, nattype[i], anchorname) != 0)
+ ri.ticket, nattype[i], path) != 0)
return (-1);
if (anchor_call[0] &&
