diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-22 06:03:00 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-22 06:03:00 +0000 |
| commit | 312a168eee53121e5b33e23b44900d96fdbdf207 (patch) | |
| tree | e9c5c4fc454237bccd63749b4e34af31bb7aa267 /sbin | |
| parent | c6cab0e74baee649c035704dbc40fb4b470d1961 (diff) | |
new log opt "matches"
awesome for debugging, a rule like
match log(matches) from $testbox
will show you exactly which subsequent rules match on that packet
real ok theo assumed oks ryan & dlg bikeshedding many
implementation time ~1 min bikeshedding about the keyword longish.
i voted for "matches" since i like to play with matches
idea was theo's, actually
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/pfctl/parse.y | 6 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 0bee3957e75..272a27f2644 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.592 2010/09/02 14:01:04 sobrado Exp $ */ +/* $OpenBSD: parse.y,v 1.593 2010/09/22 06:02:59 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -458,7 +458,7 @@ int parseport(char *, struct range *r, int); %token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR %token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY RANDOMID %token REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID -%token ANTISPOOF FOR INCLUDE +%token ANTISPOOF FOR INCLUDE MATCHES %token BITMASK RANDOM SOURCEHASH ROUNDROBIN STATICPORT PROBABILITY %token ALTQ CBQ PRIQ HFSC BANDWIDTH TBRSIZE LINKSHARE REALTIME UPPERLIMIT %token QUEUE PRIORITY QLIMIT RTABLE @@ -2482,6 +2482,7 @@ logopts : logopt { $$ = $1; } ; logopt : ALL { $$.log = PF_LOG_ALL; $$.logif = 0; } + | MATCHES { $$.log = PF_LOG_MATCHES; $$.logif = 0; } | USER { $$.log = PF_LOG_SOCKET_LOOKUP; $$.logif = 0; } | GROUP { $$.log = PF_LOG_SOCKET_LOOKUP; $$.logif = 0; } | TO string { @@ -5066,6 +5067,7 @@ lookup(char *s) { "log", LOG}, { "loginterface", LOGINTERFACE}, { "match", MATCH}, + { "matches", MATCHES}, { "max", MAXIMUM}, { "max-mss", MAXMSS}, { "max-src-conn", MAXSRCCONN}, diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 4b5d7d8bda5..91b7e2d7d85 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.270 2010/09/02 14:01:04 sobrado Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.271 2010/09/22 06:02:59 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -753,6 +753,8 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) printf(" ("); if (r->log & PF_LOG_ALL) printf("%sall", count++ ? ", " : ""); + if (r->log & PF_LOG_MATCHES) + printf("%smatches", count++ ? ", " : ""); if (r->log & PF_LOG_SOCKET_LOOKUP) printf("%suser", count++ ? ", " : ""); if (r->logif) |