print ports as numbers by default; -P prints names instead

2/2 from Lawrence Teo <lteo at devio dot us>
ok sthen dlg and myself

5 files changed, 32 insertions, 22 deletions

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 764068adfdc..f41da81a8ad 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfctl.8,v 1.154 2011/04/23 10:14:59 sobrado Exp $
+.\" $OpenBSD: pfctl.8,v 1.155 2011/11/23 10:24:37 henning Exp $
 .\"
 .\" Copyright (c) 2001 Kjell Wooding.  All rights reserved.
 .\"
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 23 2011 $
+.Dd $Mdocdate: November 23 2011 $
 .Dt PFCTL 8
 .Os
 .Sh NAME
@@ -33,7 +33,7 @@
 .Sh SYNOPSIS
 .Nm pfctl
 .Bk -words
-.Op Fl deghnqrvz
+.Op Fl deghnPqrvz
 .Op Fl a Ar anchor
 .Op Fl D Ar macro Ns = Ns Ar value
 .Op Fl F Ar modifier
@@ -325,6 +325,10 @@ Enable basic ruleset optimizations with profiling.
 .El
 For further information on the ruleset optimizer, see
 .Xr pf.conf 5 .
+.It Fl P
+Print ports using their names in
+.Pa /etc/services
+if available.
 .It Fl p Ar device
 Use the device file
 .Ar device
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index b7ff2054c5b..2bc336c7374 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.c,v 1.305 2011/11/08 19:17:07 mikeb Exp $ */
+/*	$OpenBSD: pfctl.c,v 1.306 2011/11/23 10:24:37 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -232,7 +232,7 @@ usage(void)
 {
 	extern char *__progname;
 
-	fprintf(stderr, "usage: %s [-deghnqrvz] ", __progname);
+	fprintf(stderr, "usage: %s [-deghnPqrvz] ", __progname);
 	fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
 	fprintf(stderr, "\t[-f file] [-i interface] [-K host | network]\n");
 	fprintf(stderr, "\t[-k host | network | label | id] ");
@@ -755,7 +755,6 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 {
 	struct pfioc_rule pr;
 	u_int32_t nr, mnr, header = 0;
-	int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
 	int len = strlen(path), ret = 0;
 	char *npath, *p;
 
@@ -884,7 +883,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 			if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
 				labels = 1;
 			INDENT(depth, !(opts & PF_OPT_VERBOSE));
-			print_rule(&pr.rule, pr.anchor_call, rule_numbers);
+			print_rule(&pr.rule, pr.anchor_call, opts);
 
 			/*
 			 * If this is a 'unnamed' brace notation
@@ -1232,7 +1231,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pf_rule *r, int depth)
 
 	if (pf->opts & PF_OPT_VERBOSE) {
 		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
-		print_rule(r, name, pf->opts & PF_OPT_VERBOSE2);
+		print_rule(r, name, pf->opts);
 	}
 	path[len] = '\0';
 	return (0);
@@ -1948,7 +1947,7 @@ main(int argc, char *argv[])
 		usage();
 
 	while ((ch = getopt(argc, argv,
-	    "a:dD:eqf:F:ghi:k:K:L:no:p:R:rS:s:t:T:vx:z")) != -1) {
+	    "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vx:z")) != -1) {
 		switch (ch) {
 		case 'a':
 			anchoropt = optarg;
@@ -2026,6 +2025,9 @@ main(int argc, char *argv[])
 			}
 			opts |= PF_OPT_OPTIMIZE;
 			break;
+		case 'P':
+			opts |= PF_OPT_PORTNAMES;
+			break;
 		case 'p':
 			pf_device = optarg;
 			break;
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index 2a333565ad4..3bb5edf535c 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_optimize.c,v 1.29 2011/07/27 00:26:10 mcbride Exp $ */
+/*	$OpenBSD: pfctl_optimize.c,v 1.30 2011/11/23 10:24:37 henning Exp $ */
 
 /*
  * Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org>
@@ -394,7 +394,7 @@ optimize_superblock(struct pfctl *pf, struct superblock *block)
 	TAILQ_FOREACH(por, &block->sb_rules, por_entry) {
 		printf("  ");
 		print_rule(&por->por_rule, por->por_rule.anchor ?
-		    por->por_rule.anchor->name : "", 1);
+		    por->por_rule.anchor->name : "", PF_OPT_DEBUG);
 	}
 #endif /* OPT_DEBUG */
 
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 0a18417da79..2fd27648d46 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.282 2011/11/23 10:23:11 henning Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.283 2011/11/23 10:24:37 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -63,7 +63,7 @@
 #include "pfctl.h"
 
 void		 print_op (u_int8_t, const char *, const char *);
-void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *);
+void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int);
 void		 print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned);
 void		 print_flags (u_int8_t);
 void		 print_fromto(struct pf_rule_addr *, pf_osfp_t,
@@ -360,12 +360,13 @@ print_op(u_int8_t op, const char *a1, const char *a2)
 }
 
 void
-print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
+print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int opts)
 {
 	char		 a1[6], a2[6];
-	struct servent	*s;
+	struct servent	*s = NULL;
 
-	s = getservbyport(p1, proto);
+	if (opts & PF_OPT_PORTNAMES)
+		s = getservbyport(p1, proto);
 	p1 = ntohs(p1);
 	p2 = ntohs(p2);
 	snprintf(a1, sizeof(a1), "%u", p1);
@@ -403,9 +404,10 @@ print_flags(u_int8_t f)
 
 void
 print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
-    sa_family_t af, u_int8_t proto, int verbose)
+    sa_family_t af, u_int8_t proto, int opts)
 {
 	char buf[PF_OSFP_LEN*3];
+	int verbose = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
 	if (src->addr.type == PF_ADDR_ADDRMASK &&
 	    dst->addr.type == PF_ADDR_ADDRMASK &&
 	    PF_AZERO(&src->addr.v.a.addr, AF_INET6) &&
@@ -424,7 +426,7 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 		if (src->port_op)
 			print_port(src->port_op, src->port[0],
 			    src->port[1],
-			    proto == IPPROTO_TCP ? "tcp" : "udp");
+			    proto == IPPROTO_TCP ? "tcp" : "udp", opts);
 		if (osfp != PF_OSFP_ANY)
 			printf(" os \"%s\"", pfctl_lookup_fingerprint(osfp, buf,
 			    sizeof(buf)));
@@ -436,7 +438,7 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 		if (dst->port_op)
 			print_port(dst->port_op, dst->port[0],
 			    dst->port[1],
-			    proto == IPPROTO_TCP ? "tcp" : "udp");
+			    proto == IPPROTO_TCP ? "tcp" : "udp", opts);
 	}
 }
 
@@ -675,7 +677,7 @@ print_src_node(struct pf_src_node *sn, int opts)
 }
 
 void
-print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
+print_rule(struct pf_rule *r, const char *anchor_call, int opts)
 {
 	static const char *actiontypes[] = { "pass", "block", "scrub",
 	    "no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr",
@@ -684,6 +686,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
 	    "anchor", "nat-anchor", "nat-anchor", "binat-anchor",
 	    "binat-anchor", "rdr-anchor", "rdr-anchor" };
 	int	i, ropts;
+	int	verbose = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
 	char	*p;
 
 	if (verbose)
@@ -796,7 +799,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
 			printf(" proto %u", r->proto);
 	}
 	print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
-	    verbose);
+	    opts);
 	if (r->rcv_ifname[0])
 		printf(" received-on %s", r->rcv_ifname);
 	if (r->uid.op)
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 9359c4edff4..4be15cc40f0 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.h,v 1.97 2011/07/27 00:26:10 mcbride Exp $ */
+/*	$OpenBSD: pfctl_parser.h,v 1.98 2011/11/23 10:24:37 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -48,6 +48,7 @@
 #define PF_OPT_SHOWALL		0x0400
 #define PF_OPT_OPTIMIZE		0x0800
 #define PF_OPT_RECURSE		0x4000
+#define PF_OPT_PORTNAMES	0x8000
 
 #define PF_TH_ALL		0xFF