The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=63d5d1b0b37e56deef2bed395928fcf52449ad94
commit 63d5d1b0b37e56deef2bed395928fcf52449ad94 Author: Kristof Provost <[email protected]> AuthorDate: 2026-01-06 15:57:18 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2026-01-14 06:44:39 +0000 pfctl: improve limiters printing Deviate a little from the OpenBSD code, to avoid unexpected output changes. Don't print limiter information when we show the rules (or labels). Do include the source and state limiters in the 'all' (pfctl -sa) output and give them their own titles. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index fb08d6300f23..ee1b2202cc1d 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -105,7 +105,7 @@ int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int, const char *, int); void pfctl_print_eth_rule_counters(struct pfctl_eth_rule *, int); void pfctl_print_rule_counters(struct pfctl_rule *, int); -int pfctl_show_statelims(int, enum pfctl_show); +int pfctl_show_statelims(int, enum pfctl_show, int); int pfctl_show_sourcelims(int, enum pfctl_show, int, const char *); int pfctl_show_eth_rules(int, char *, int, enum pfctl_show, char *, int, int); int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int, int); @@ -1258,12 +1258,15 @@ pfctl_print_title(char *title) } int -pfctl_show_statelims(int dev, enum pfctl_show format) +pfctl_show_statelims(int dev, enum pfctl_show format, int opts) { struct pfctl_state_lim stlim; uint32_t id = PF_STATELIM_ID_MIN; int error; + if (opts & PF_OPT_SHOWALL) + pfctl_print_title("STATE LIMITERS:"); + if (format == PFCTL_SHOW_LABELS) { printf("%3s %8s/%-8s %5s/%-5s %8s %8s %8s\n", "ID", "USE", "LIMIT", "RATE", "SECS", "ADMIT", "HARDLIM", "RATELIM"); @@ -1380,6 +1383,9 @@ pfctl_show_sourcelims(int dev, enum pfctl_show format, int opts, errx(1, "source limiter id: %s", errstr); } + if (opts & PF_OPT_SHOWALL) + pfctl_print_title("SOURCE LIMITERS:"); + if (format == PFCTL_SHOW_LABELS) { printf("%3s %8s/%-8s %5s %5s/%-5s %8s %8s %8s %8s\n", "ID", "USE", "ADDRS", "LIMIT", "RATE", "SECS", "ADMIT", "ADDRLIM", @@ -1612,15 +1618,6 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, int len = strlen(path), ret = 0; char *npath, *p; - if (anchorname[0] == '\0') { - ret = pfctl_show_statelims(dev, format); - if (ret != 0) - goto error; - ret = pfctl_show_sourcelims(dev, format, opts, NULL); - if (ret != 0) - goto error; - } - /* * Truncate a trailing / and * on an anchorname before searching for * the ruleset, this is syntactic sugar that doesn't actually make it @@ -3961,6 +3958,8 @@ main(int argc, char *argv[]) 0, 0); pfctl_show_timeouts(dev, opts); pfctl_show_limits(dev, opts); + pfctl_show_statelims(dev, PFCTL_SHOW_LABELS, opts); + pfctl_show_sourcelims(dev, PFCTL_SHOW_LABELS, opts, idopt); pfctl_show_tables(anchorname, opts); pfctl_show_fingerprints(opts); break; @@ -3983,7 +3982,7 @@ main(int argc, char *argv[]) pfctl_show_creators(opts); break; case SHOWOPT_STATELIMS: - pfctl_show_statelims(dev, PFCTL_SHOW_LABELS); + pfctl_show_statelims(dev, PFCTL_SHOW_LABELS, opts); break; case SHOWOPT_SOURCELIMS: pfctl_show_sourcelims(dev, PFCTL_SHOW_LABELS, opts, idopt);
