The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7153a62d29784780fdc1d61aebd92c76fb158627
commit 7153a62d29784780fdc1d61aebd92c76fb158627
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-07 06:45:04 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-12 09:57:50 +0000
pfctl: Unify error message for nonexisting anchors
pf(4) returns EINVAL for DIOCGETRULE, DIOCGETRULES and DIOCGETRULESET if
the specified anchor does not exist.
Extend and rename {pfr -> pf}_strerror() to make error message more
consistent.
There are other occasions as well but those need additional tweaks;
that's stuff for another diff.
OK and rename from sashan
Obtained from: OpenBSD, kn <k...@openbsd.org>, e5c920154c
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl.c | 24 +++++++++++++++++++-----
sbin/pfctl/pfctl_optimize.c | 8 ++++----
sbin/pfctl/pfctl_radix.c | 13 -------------
3 files changed, 23 insertions(+), 22 deletions(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 8d2b556d7085..b4453c850de4 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1350,7 +1350,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
for (nr = 0; nr < mnr; ++nr) {
if ((ret = pfctl_get_ruleset(pfh, npath, nr, &prs)) !=
0)
- errc(1, ret, "DIOCGETRULESET");
+ errx(1, "%s", pfr_strerror(ret));
INDENT(depth, !(opts & PF_OPT_VERBOSE));
printf("anchor \"%s\" all {\n", prs.name);
pfctl_show_rules(dev, npath, opts,
@@ -1365,14 +1365,14 @@ pfctl_show_rules(int dev, char *path, int opts, enum
pfctl_show format,
if (opts & PF_OPT_SHOWALL) {
ret = pfctl_get_rules_info_h(pfh, &ri, PF_PASS, path);
if (ret != 0) {
- warnc(ret, "DIOCGETRULES");
+ warnx("%s", pfr_strerror(ret));
goto error;
}
header++;
}
ret = pfctl_get_rules_info_h(pfh, &ri, PF_SCRUB, path);
if (ret != 0) {
- warnc(ret, "DIOCGETRULES");
+ warnx("%s", pfr_strerror(ret));
goto error;
}
if (opts & PF_OPT_SHOWALL) {
@@ -1565,12 +1565,12 @@ pfctl_show_nat(int dev, const char *path, int opts,
char *anchorname, int depth,
fprintf(stderr, "NAT anchor '%s' "
"not found.\n", anchorname);
else
- errc(1, ret, "DIOCGETRULESETS");
+ errx(1, "%s", pfr_strerror(ret));
}
for (nr = 0; nr < mnr; ++nr) {
if ((ret = pfctl_get_ruleset(pfh, npath, nr, &prs)) !=
0)
- errc(1, ret, "DIOCGETRULESET");
+ errx(1, "%s", pfr_strerror(ret));
INDENT(depth, !(opts & PF_OPT_VERBOSE));
printf("nat-anchor \"%s\" all {\n", prs.name);
pfctl_show_nat(dev, npath, opts,
@@ -3643,3 +3643,17 @@ main(int argc, char *argv[])
exit(exit_val);
}
+
+char *
+pfr_strerror(int errnum)
+{
+ switch (errnum) {
+ case ESRCH:
+ return "Table does not exist";
+ case EINVAL:
+ case ENOENT:
+ return "Anchor does not exist";
+ default:
+ return strerror(errnum);
+ }
+}
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index e727324bbf40..24b774bc66be 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -903,13 +903,13 @@ load_feedback_profile(struct pfctl *pf, struct
superblocks *superblocks)
struct pf_opt_queue queue;
struct pfctl_rules_info rules;
struct pfctl_rule a, b, rule;
- int nr, mnr;
+ int nr, mnr, ret;
TAILQ_INIT(&queue);
TAILQ_INIT(&prof_superblocks);
- if (pfctl_get_rules_info_h(pf->h, &rules, PF_PASS, "")) {
- warn("DIOCGETRULES");
+ if ((ret = pfctl_get_rules_info_h(pf->h, &rules, PF_PASS, "")) != 0) {
+ warnx("%s", pfr_strerror(ret));
return (1);
}
mnr = rules.nr;
@@ -924,7 +924,7 @@ load_feedback_profile(struct pfctl *pf, struct superblocks
*superblocks)
if (pfctl_get_rule_h(pf->h, nr, rules.ticket, "", PF_PASS,
&rule, anchor_call)) {
- warn("DIOCGETRULENV");
+ warnx("%s", pfr_strerror(ret));
free(por);
return (1);
}
diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c
index 5f9f121bc81c..00e4207d377b 100644
--- a/sbin/pfctl/pfctl_radix.c
+++ b/sbin/pfctl/pfctl_radix.c
@@ -461,16 +461,3 @@ pfr_next_token(char buf[BUF_SIZE], FILE *fp)
buf[i] = '\0';
return (1);
}
-
-char *
-pfr_strerror(int errnum)
-{
- switch (errnum) {
- case ESRCH:
- return "Table does not exist";
- case ENOENT:
- return "Anchor does not exist";
- default:
- return strerror(errnum);
- }
-}
