diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2026-01-06 15:57:18 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2026-01-14 06:44:39 +0000 |
| commit | 63d5d1b0b37e56deef2bed395928fcf52449ad94 (patch) | |
| tree | 2b3b04c50c82795dfffc2b45d845feda14428568 | |
| parent | aafa123641bed1f04546f7340d60858af082df94 (diff) | |
pfctl: improve limiters printing
Deviate a little from the OpenBSD code, to avoid unexpected output
changes.
Don't print limiter information when we show the rules (or labels).
Do include the source and state limiters in the 'all' (pfctl -sa) output
and give them their own titles.
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sbin/pfctl/pfctl.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index fb08d6300f23..ee1b2202cc1d 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -105,7 +105,7 @@ int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int, const char *, int); void pfctl_print_eth_rule_counters(struct pfctl_eth_rule *, int); void pfctl_print_rule_counters(struct pfctl_rule *, int); -int pfctl_show_statelims(int, enum pfctl_show); +int pfctl_show_statelims(int, enum pfctl_show, int); int pfctl_show_sourcelims(int, enum pfctl_show, int, const char *); int pfctl_show_eth_rules(int, char *, int, enum pfctl_show, char *, int, int); int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int, int); @@ -1258,12 +1258,15 @@ pfctl_print_title(char *title) } int -pfctl_show_statelims(int dev, enum pfctl_show format) +pfctl_show_statelims(int dev, enum pfctl_show format, int opts) { struct pfctl_state_lim stlim; uint32_t id = PF_STATELIM_ID_MIN; int error; + if (opts & PF_OPT_SHOWALL) + pfctl_print_title("STATE LIMITERS:"); + if (format == PFCTL_SHOW_LABELS) { printf("%3s %8s/%-8s %5s/%-5s %8s %8s %8s\n", "ID", "USE", "LIMIT", "RATE", "SECS", "ADMIT", "HARDLIM", "RATELIM"); @@ -1380,6 +1383,9 @@ pfctl_show_sourcelims(int dev, enum pfctl_show format, int opts, errx(1, "source limiter id: %s", errstr); } + if (opts & PF_OPT_SHOWALL) + pfctl_print_title("SOURCE LIMITERS:"); + if (format == PFCTL_SHOW_LABELS) { printf("%3s %8s/%-8s %5s %5s/%-5s %8s %8s %8s %8s\n", "ID", "USE", "ADDRS", "LIMIT", "RATE", "SECS", "ADMIT", "ADDRLIM", @@ -1612,15 +1618,6 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, int len = strlen(path), ret = 0; char *npath, *p; - if (anchorname[0] == '\0') { - ret = pfctl_show_statelims(dev, format); - if (ret != 0) - goto error; - ret = pfctl_show_sourcelims(dev, format, opts, NULL); - if (ret != 0) - goto error; - } - /* * Truncate a trailing / and * on an anchorname before searching for * the ruleset, this is syntactic sugar that doesn't actually make it @@ -3961,6 +3958,8 @@ main(int argc, char *argv[]) 0, 0); pfctl_show_timeouts(dev, opts); pfctl_show_limits(dev, opts); + pfctl_show_statelims(dev, PFCTL_SHOW_LABELS, opts); + pfctl_show_sourcelims(dev, PFCTL_SHOW_LABELS, opts, idopt); pfctl_show_tables(anchorname, opts); pfctl_show_fingerprints(opts); break; @@ -3983,7 +3982,7 @@ main(int argc, char *argv[]) pfctl_show_creators(opts); break; case SHOWOPT_STATELIMS: - pfctl_show_statelims(dev, PFCTL_SHOW_LABELS); + pfctl_show_statelims(dev, PFCTL_SHOW_LABELS, opts); break; case SHOWOPT_SOURCELIMS: pfctl_show_sourcelims(dev, PFCTL_SHOW_LABELS, opts, idopt); |