The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=08fbad1b135b0efcfc82f793999463def9f95610
commit 08fbad1b135b0efcfc82f793999463def9f95610
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-08-28 15:52:18 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-09-25 12:41:11 +0000
pfctl: refactor 'rule_numbers' variable
The 'rule_numbers' is used for more than just displaying rule numbers.
Rename it and move the actual opts checking into the relevant functions.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl.c | 5 ++---
sbin/pfctl/pfctl_parser.c | 11 +++++++----
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index b8f4305a3e38..21562fa03e0d 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1315,7 +1315,6 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
struct pfctl_rule rule;
char anchor_call[MAXPATHLEN];
u_int32_t nr, header = 0;
- int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
int numeric = opts & PF_OPT_NUMERIC;
int len = strlen(path), ret = 0;
char *npath, *p;
@@ -1413,7 +1412,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
case PFCTL_SHOW_RULES:
if (rule.label[0][0] && (opts & PF_OPT_SHOWALL))
labels = 1;
- print_rule(&rule, anchor_call, rule_numbers, numeric);
+ print_rule(&rule, anchor_call, opts, numeric);
/*
* Do not print newline, when we have not
* printed expired rule.
@@ -1492,7 +1491,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
if (rule.label[0][0] && (opts & PF_OPT_SHOWALL))
labels = 1;
INDENT(depth, !(opts & PF_OPT_VERBOSE));
- print_rule(&rule, anchor_call, rule_numbers, numeric);
+ print_rule(&rule, anchor_call, opts, numeric);
/*
* If this is a 'unnamed' brace notation
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index f04bc93436d8..b8531067d3f6 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -389,9 +389,11 @@ print_flags(uint16_t f)
void
print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr
*dst,
- sa_family_t af, u_int8_t proto, int verbose, int numeric)
+ sa_family_t af, u_int8_t proto, int opts, int numeric)
{
char buf[PF_OSFP_LEN*3];
+ int verbose = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
+
if (src->addr.type == PF_ADDR_ADDRMASK &&
dst->addr.type == PF_ADDR_ADDRMASK &&
PF_AZERO(&src->addr.v.a.addr, AF_INET6) &&
@@ -854,7 +856,7 @@ print_eth_rule(struct pfctl_eth_rule *r, const char
*anchor_call,
}
void
-print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int
numeric)
+print_rule(struct pfctl_rule *r, const char *anchor_call, int opts, int
numeric)
{
static const char *actiontypes[] = { "pass", "block", "scrub",
"no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr",
@@ -862,7 +864,8 @@ print_rule(struct pfctl_rule *r, const char *anchor_call,
int verbose, int numer
static const char *anchortypes[] = { "anchor", "anchor", "anchor",
"anchor", "nat-anchor", "nat-anchor", "binat-anchor",
"binat-anchor", "rdr-anchor", "rdr-anchor" };
- int i, ropts;
+ int i, ropts;
+ int verbose = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
char *p;
if ((r->rule_flag & PFRULE_EXPIRED) && (!verbose))
@@ -988,7 +991,7 @@ print_rule(struct pfctl_rule *r, const char *anchor_call,
int verbose, int numer
printf(" proto %u", r->proto);
}
print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
- verbose, numeric);
+ opts, numeric);
if (r->rcv_ifname[0])
printf(" %sreceived-on %s", r->rcvifnot ? "!" : "",
r->rcv_ifname);
