d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pfctl: fix retrieving nested nat-anchors

Browse Source 
When retrieving nat rules in anchors we need to set the path just like
we do for regular rules.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2022-03-17 18:31:37 +01:00
parent d58d2e403d
commit a632d9e360
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sbin/pfctl/pfctl.c
View File

@ -1291,10 +1291,16 @@ pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth)
static int nattype[3] = { PF_NAT, PF_RDR, PF_BINAT };
int i, dotitle = opts & PF_OPT_SHOWALL;
int brace, ret;
int len = strlen(path);
char *p;
if (path[0])
snprintf(&path[len], MAXPATHLEN - len, "/%s", anchorname);
else
snprintf(&path[len], MAXPATHLEN - len, "%s", anchorname);
for (i = 0; i < 3; i++) {
ret = pfctl_get_rules_info(dev, &ri, nattype[i], anchorname);
ret = pfctl_get_rules_info(dev, &ri, nattype[i], path);
if (ret != 0) {
warn("DIOCGETRULES");
return (-1);
@ -1303,13 +1309,13 @@ pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth)
brace = 0;
INDENT(depth, !(opts & PF_OPT_VERBOSE));
if (pfctl_get_rule(dev, nr, ri.ticket, anchorname,
if (pfctl_get_rule(dev, nr, ri.ticket, path,
nattype[i], &rule, anchor_call)) {
warn("DIOCGETRULE");
return (-1);
}
if (pfctl_get_pool(dev, &rule.rpool, nr,
ri.ticket, nattype[i], anchorname) != 0)
ri.ticket, nattype[i], path) != 0)
return (-1);
if (anchor_call[0] &&