Hello,
whenever administrator asks pfctl to modify/remove anchor, which does not
exist, the pfctl(8) prints warning 'pfctl: DIOCGETRULES: Invalid argument'.
Few users on Solaris wants pfctl(8) to be more helpful.
The 'Invalid Argument' (EINVAL) is returned when particular anchor is not
found. Patch below changes pfctl output to this:
# pfctl -sA
# pfctl -a Foo -sr
Anchor 'Foo' not found.
#
OK?
thanks and
regards
sasha
--------8<---------------8<---------------8<------------------8<--------
diff -r 215db23c6b05 src/sbin/pfctl/pfctl.c
--- src/sbin/pfctl/pfctl.c Mon Sep 25 13:38:48 2017 +0200
+++ src/sbin/pfctl/pfctl.c Tue Sep 26 11:36:50 2017 +0200
@@ -318,13 +318,23 @@ void
pfctl_clear_rules(int dev, int opts, char *anchorname)
{
struct pfr_buffer t;
+ char *p;
+
+ p = strrchr(anchorname, '/');
+ if (p != NULL && p[1] == '\0')
+ errx(1, "%s: bad anchor name %s", __func__, anchorname);
memset(&t, 0, sizeof(t));
t.pfrb_type = PFRB_TRANS;
+
if (pfctl_add_trans(&t, PF_TRANS_RULESET, anchorname) ||
pfctl_trans(dev, &t, DIOCXBEGIN, 0) ||
- pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
- err(1, "pfctl_clear_rules");
+ pfctl_trans(dev, &t, DIOCXCOMMIT, 0)) {
+ if (errno != EINVAL)
+ err(1, "pfctl_clear_rules");
+ else
+ errx(1, "Anchor '%s' not found.\n", anchorname);
+ }
if ((opts & PF_OPT_QUIET) == 0)
fprintf(stderr, "rules cleared\n");
}
@@ -850,7 +860,7 @@ pfctl_show_rules(int dev, char *path, in
* to the kernel.
*/
if ((p = strrchr(anchorname, '/')) != NULL &&
- p[1] == '*' && p[2] == '\0') {
+ ((p[1] == '*' && p[2] == '\0') || (p[1] == '\0'))) {
p[0] = '\0';
}
@@ -871,7 +881,11 @@ pfctl_show_rules(int dev, char *path, in
if (opts & PF_OPT_SHOWALL) {
pr.rule.action = PF_PASS;
if (ioctl(dev, DIOCGETRULES, &pr)) {
- warn("DIOCGETRULES");
+ if (errno != EINVAL)
+ warn("DIOCGETRULES");
+ else
+ fprintf(stderr, "Anchor '%s' not found.\n",
+ anchorname);
ret = -1;
goto error;
}
@@ -886,7 +900,10 @@ pfctl_show_rules(int dev, char *path, in
pr.rule.action = PF_PASS;
if (ioctl(dev, DIOCGETRULES, &pr)) {
- warn("DIOCGETRULES");
+ if (errno != EINVAL)
+ warn("DIOCGETRULES");
+ else
+ fprintf(stderr, "Anchor '%s' not found.\n", anchorname);
ret = -1;
goto error;
}
diff -r 215db23c6b05 src/sys/kern/uipc_mbuf.c
--- src/sys/kern/uipc_mbuf.c Mon Sep 25 13:38:48 2017 +0200
+++ src/sys/kern/uipc_mbuf.c Tue Sep 26 11:36:50 2017 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_mbuf.c,v 1.249 2017/09/15 18:13:05 bluhm Exp $ */
+/* $OpenBSD: uipc_mbuf.c,v 1.248 2017/05/27 16:41:10 bluhm Exp $ */
/* $NetBSD: uipc_mbuf.c,v 1.15.4.1 1996/06/13 17:11:44 cgd Exp $ */
/*
@@ -804,13 +804,12 @@ m_adj(struct mbuf *mp, int req_len)
struct mbuf *m;
int count;
- if (mp == NULL)
+ if ((m = mp) == NULL)
return;
if (len >= 0) {
/*
* Trim from head.
*/
- m = mp;
while (m != NULL && len > 0) {
if (m->m_len <= len) {
len -= m->m_len;
@@ -834,7 +833,6 @@ m_adj(struct mbuf *mp, int req_len)
*/
len = -len;
count = 0;
- m = mp;
for (;;) {
count += m->m_len;
if (m->m_next == NULL)
@@ -855,16 +853,15 @@ m_adj(struct mbuf *mp, int req_len)
* Find the mbuf with last data, adjust its length,
* and toss data from remaining mbufs on chain.
*/
- if (mp->m_flags & M_PKTHDR)
- mp->m_pkthdr.len = count;
m = mp;
- for (;;) {
+ if (m->m_flags & M_PKTHDR)
+ m->m_pkthdr.len = count;
+ for (; m; m = m->m_next) {
if (m->m_len >= count) {
m->m_len = count;
break;
}
count -= m->m_len;
- m = m->m_next;
}
while ((m = m->m_next) != NULL)
m->m_len = 0;
--------8<---------------8<---------------8<------------------8<--------
