Page MenuHomeFreeBSD
Differential D53360

pfctl: Do not warn if there is no Ethernet anchor
ClosedPublic
Actions

Authored by jlduran on Oct 26 2025, 12:54 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 14, 4:21 AM
Unknown Object (File)
Mon, Jan 12, 10:40 AM
Unknown Object (File)
Mon, Jan 12, 4:11 AM
Unknown Object (File)
Dec 2 2025, 10:27 AM
Unknown Object (File)
Nov 26 2025, 2:35 AM
Unknown Object (File)
Nov 23 2025, 10:09 AM
Unknown Object (File)
Nov 21 2025, 10:24 AM
Unknown Object (File)
Nov 19 2025, 5:55 AM
View All 25 Files
Subscribers
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
kp
emaste
Commits
rG355ef0c36471: pfctl: Do not warn if there is no Ethernet anchor
rG99560fe98c76: pfctl: Do not warn if there is no Ethernet anchor
Summary

Avoid emitting a warning if there is no Ethernet anchor. If the anchor
--regardless of its type-- is nonexistent, should be caught earlier.

PR: 280516

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jlduran created this revision.Oct 26 2025, 12:54 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptOct 26 2025, 12:54 PM
jlduran requested review of this revision.Oct 26 2025, 12:54 PM
Harbormaster completed remote builds in B68125: Diff 165069.Oct 26 2025, 12:54 PM
jlduran added a parent revision: D53358: libpfctl: Fix displaying deeply nested anchors.Oct 26 2025, 12:59 PM

This is the simplest fix I can think of to fix PR 280516.
Feel free to commandeer, this or the parent revision. My main objective is to ship blocklist without defects or misleading warnings.

sbin/pfctl/pfctl.c
1240

I think this warning is also not needed. However, I don't know how to test this code path.

1577

I think this warning is also not needed. However, I don't know how to test this code path.

kp added a comment.Oct 26 2025, 1:17 PM

Thanks. I’ll try to review this (and your other patch) in the next days.

kp accepted this revision.Oct 27 2025, 9:36 PM

Part of the issue here is that we've got layer 3 and ethernet anchors and it's possible for an anchor to exist in one but not the other. So a pfctl -sA -a foo can be valid for one but not the other. I don't immediately see a better way of handling that than to just not raise errors either.

This revision is now accepted and ready to land.Oct 27 2025, 9:36 PM
Closed by commit rG99560fe98c76: pfctl: Do not warn if there is no Ethernet anchor (authored by jlduran). · Explain WhyOct 28 2025, 11:49 AM
This revision was automatically updated to reflect the committed changes.
jlduran added a commit: rG99560fe98c76: pfctl: Do not warn if there is no Ethernet anchor.
jlduran added a commit: rG355ef0c36471: pfctl: Do not warn if there is no Ethernet anchor.Oct 30 2025, 1:53 AM

Revision Contents
Changeset List

PathSize
sbin/
pfctl/
5 lines
tests/
sys/
netpfil/
pf/
4 lines

Diff 165202

View Options

sbin/pfctl/pfctl.c

Loading...
View Options

tests/sys/netpfil/pf/anchor.sh

Loading...