Importing pfSense patch pf_static_tracker.diff

This version fixes the issue with 'State Creations' in pfctl -vvsr.

3 files changed, 25 insertions, 1 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 1ee564f..b5577e2 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -234,6 +234,7 @@ struct filter_opts {
 	u_int32_t		 tos;
 	u_int32_t		 dscp;
 	u_int32_t		 prob;
+	u_int32_t		 tracker;
 	struct {
 		int			 action;
 		struct node_state_opt	*options;
@@ -263,6 +264,7 @@ struct filter_opts {
 
 struct antispoof_opts {
 	char			*label;
+	u_int32_t		 tracker;
 	u_int			 rtableid;
 } antispoof_opts;
 
@@ -461,7 +463,7 @@ int	parseport(char *, struct range *r, int);
 %token	RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE
 %token	ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
 %token	MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL SCHEDULE
-%token	NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DSCP DROP TABLE
+%token	NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DSCP DROP TABLE TRACKER
 %token	REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
 %token	SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY RANDOMID
 %token	REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID
@@ -1244,6 +1246,7 @@ antispoof	: ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
 				if (rule_label(&r, $5.label))
 					YYERROR;
 				r.rtableid = $5.rtableid;
+				r.cuid = $5.tracker;
 				j = calloc(1, sizeof(struct node_if));
 				if (j == NULL)
 					err(1, "antispoof: calloc");
@@ -1293,6 +1296,7 @@ antispoof	: ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
 					r.logif = $2.logif;
 					r.quick = $2.quick;
 					r.af = $4;
+					r.cuid = $5.tracker;
 					if (rule_label(&r, $5.label))
 						YYERROR;
 					r.rtableid = $5.rtableid;
@@ -1354,6 +1358,9 @@ antispoof_opt	: label	{
 			}
 			antispoof_opts.label = $1;
 		}
+		| TRACKER number {
+			antispoof_opts.tracker = $2;
+		}
 		| RTABLE NUMBER				{
 			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
@@ -2063,6 +2070,8 @@ pfrule		: action dir logquick interface route af proto fromto
 			if  (rule_schedule(&r, $9.schedule))
 				YYERROR;
 			free($9.schedule);
+			if ($9.tracker)
+				r.cuid = $9.tracker;
 			r.flags = $9.flags.b1;
 			r.flagset = $9.flags.b2;
 			if (($9.flags.b1 & $9.flags.b2) != $9.flags.b1) {
@@ -2513,6 +2522,9 @@ filter_opt	: USER uids {
 			filter_opts.keep.action = $1.action;
 			filter_opts.keep.options = $1.options;
 		}
+		| TRACKER number {
+			filter_opts.tracker = $2;
+		}
 		| FRAGMENT {
 			filter_opts.fragment = 1;
 		}
@@ -5749,6 +5761,7 @@ lookup(char *s)
 		{ "timeout",		TIMEOUT},
 		{ "to",			TO},
 		{ "tos",		TOS},
+		{ "tracker",		TRACKER},
 		{ "ttl",		TTL},
 		{ "upperlimit",		UPPERLIMIT},
 		{ "urpf-failed",	URPFFAILED},
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 3a93fa2..e770275 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -825,10 +825,17 @@ pfctl_print_rule_counters(struct pf_rule *rule, int opts)
 			    (unsigned long long)(rule->bytes[0] +
 			    rule->bytes[1]), (uintmax_t)rule->u_states_cur);
 		if (!(opts & PF_OPT_DEBUG))
+#ifdef PF_USER_INFO
 			printf("  [ Inserted: uid %u pid %u "
 			    "State Creations: %-6ju]\n",
 			    (unsigned)rule->cuid, (unsigned)rule->cpid,
 			    (uintmax_t)rule->u_states_tot);
+#else
+			printf("  [ Inserted: pid %u "
+			    "State Creations: %-6ju]\n",
+			    (unsigned)rule->cpid,
+			    (uintmax_t)rule->u_states_tot);
+#endif
 	}
 }
 
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index b4fe20a..5b03a93 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -736,7 +736,11 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
 	int	i, opts;
 
 	if (verbose)
+#ifdef PF_USER_INFO
 		printf("@%d ", r->nr);
+#else
+		printf("@%d(%u) ", r->nr, r->cuid);
+#endif
 	if (r->action == PF_MATCH)
 		printf("match");
 	else if (r->action > PF_NORDR)