From e28dfd6b5557a502bad6faecac4b0b8ecfd611cc Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Mon, 12 Jan 2026 21:32:13 +0100 Subject: [PATCH] pfctl: make the source limiter output match the input When printing source limiters use the same keywords as we accept on input, that is use 'entries' for the entries value (not 'limit') and 'limit' for the limit value (and not 'states'). Update the test case to match. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl_parser.c | 2 +- sbin/pfctl/tests/files/pf1077.ok | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 78a1034a3b4..c6ad62555b8 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -869,7 +869,7 @@ print_statelim(const struct pfctl_state_lim *ioc) void print_sourcelim(const struct pfctl_source_lim *ioc) { - printf("source limiter %s id %u limit %u states %u", ioc->name, + printf("source limiter %s id %u entries %u limit %u", ioc->name, ioc->id, ioc->entries, ioc->limit); if (ioc->rate.limit != 0) printf(" rate %u/%u", ioc->rate.limit, ioc->rate.seconds); diff --git a/sbin/pfctl/tests/files/pf1077.ok b/sbin/pfctl/tests/files/pf1077.ok index dc8882e1b87..834399c40d8 100644 --- a/sbin/pfctl/tests/files/pf1077.ok +++ b/sbin/pfctl/tests/files/pf1077.ok @@ -1,2 +1,2 @@ -source limiter dns-server id 1 limit 2 states 3 rate 4/5 inet mask 16 +source limiter dns-server id 1 entries 2 limit 3 rate 4/5 inet mask 16 pass in proto tcp from any to any port = domain flags S/SA keep state source limiter id 1 (no-match)