Store translation rule pointer in state entries, so pfctl -vsn can print

evaluation, packet, byte and state entry counters similar to -vsr. Helps
verify whether/how often translation rules are evaluated/matched.
ok frantzen@, henning@

1 files changed, 12 insertions, 4 deletions

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 28c08ad989e..420136a43ed 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.28 2002/12/18 18:25:14 henning Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.29 2002/12/18 19:40:41 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -609,8 +609,12 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		 * Rules are about to get freed, clear rule pointers in states
 		 */
 		if (ruleset == &pf_main_ruleset) {
-			RB_FOREACH(n, pf_state_tree, &tree_ext_gwy)
-				n->state->rule.ptr = NULL;
+			if (rs_num == PF_RULESET_RULE)
+				RB_FOREACH(n, pf_state_tree, &tree_ext_gwy)
+					n->state->rule.ptr = NULL;
+			else
+				RB_FOREACH(n, pf_state_tree, &tree_ext_gwy)
+					n->state->nat_rule = NULL;
 		}
 		old_rules = ruleset->rules[rs_num].active.ptr;
 		ruleset->rules[rs_num].active.ptr =
@@ -797,9 +801,12 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			struct pf_tree_node	*n;
 
 			if (ruleset == &pf_main_ruleset) {
-				RB_FOREACH(n, pf_state_tree, &tree_ext_gwy)
+				RB_FOREACH(n, pf_state_tree, &tree_ext_gwy) {
 					if (n->state->rule.ptr == oldrule)
 						n->state->rule.ptr = NULL;
+					if (n->state->nat_rule == oldrule)
+						n->state->nat_rule = NULL;
+				}
 			}
 			pf_rm_rule(ruleset->rules[rs_num].active.ptr, oldrule);
 		} else {
@@ -887,6 +894,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		s = splsoftnet();
 		bcopy(&ps->state, state, sizeof(struct pf_state));
 		state->rule.ptr = NULL;
+		state->nat_rule = NULL;
 		state->creation = time.tv_sec;
 		state->expire += state->creation;
 		state->packets = 0;