log two pairs of uid/pid through pflog: the uid/pid of the process that

inserted the rule which causes the logging. secondly, the uid/pid of the
process in case the logged packet is delivered to/from a local socket.
a lookup of the local socket can be forced for logged packets with a new
option, 'log (user)'. make tcpdump print the additional information when
-e and -v is used. note: this changes the pflog header struct, rebuild all
dependancies. ok bob@, henning@.

1 files changed, 13 insertions, 4 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index a4da86b3477..c4a62a84d78 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.488 2005/05/27 03:54:27 dhartmei Exp $	*/
+/*	$OpenBSD: parse.y,v 1.489 2005/05/27 17:22:40 dhartmei Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -416,8 +416,8 @@ typedef struct {
 %type	<v.interface>		interface if_list if_item_not if_item
 %type	<v.number>		number icmptype icmp6type uid gid
 %type	<v.number>		tos not yesno
-%type	<v.i>			no dir log af fragcache sourcetrack flush
-%type	<v.i>			unaryop statelock
+%type	<v.i>			no dir log logopts logopt af fragcache
+%type	<v.i>			sourcetrack flush unaryop statelock
 %type	<v.b>			action nataction natpass scrubaction
 %type	<v.b>			flags flag blockspec
 %type	<v.range>		port rport
@@ -2029,9 +2029,18 @@ logquick	: /* empty */			{ $$.log = 0; $$.quick = 0; }
 		;
 
 log		: LOG				{ $$ = PF_LOG; }
-		| LOGALL			{ $$ = PF_LOGALL; }
+		| LOG '(' logopts ')'		{ $$ = PF_LOG | $3; }
+		| LOGALL			{ $$ = PF_LOG_ALL; }
+		| LOGALL '(' logopts ')'	{ $$ = PF_LOG_ALL | $3; }
 		;
 
+logopts		: /* empty */			{ $$ = 0; }
+		| logopt			{ $$ = $1; }
+		| logopts comma logopt		{ $$ = $1 | $3; }
+
+logopt		: USER				{ $$ = PF_LOG_SOCKET_LOOKUP; }
+		| GROUP				{ $$ = PF_LOG_SOCKET_LOOKUP; }
+
 interface	: /* empty */			{ $$ = NULL; }
 		| ON if_item_not		{ $$ = $2; }
 		| ON '{' if_list '}'		{ $$ = $3; }