diff options
author | Ermal <eri@pfsense.org> | 2013-12-30 14:34:18 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-12-30 14:34:18 +0000 |
commit | b80e29e486464affddd79006a3b2f6428b30a4bd (patch) | |
tree | 9618db8b30cdfb7e79be69a1c7135c696d7e9e74 /etc | |
parent | 239024ee663e7fdb7434d47106338708041bce12 (diff) | |
download | pfsense-b80e29e486464affddd79006a3b2f6428b30a4bd.zip pfsense-b80e29e486464affddd79006a3b2f6428b30a4bd.tar.gz |
Speed up a bit rule number identification by avoiding going into kernel but using the rules parsing of pf which gives the same effect.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter_log.inc | 53 |
1 files changed, 39 insertions, 14 deletions
diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index 7160c10..7cdb370 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -256,29 +256,54 @@ function get_port_with_service($port, $proto) { } function find_rule_by_number($rulenum, $type="rules") { + global $g; + /* Passing arbitrary input to grep could be a Very Bad Thing(tm) */ if (!(is_numeric($rulenum))) return; /* At the moment, miniupnpd is the only thing I know of that generates logging rdr rules */ + unset($buffer); if ($type == "rdr") - return `pfctl -vvsn -a "miniupnpd" | grep '^@{$rulenum} '`; - else - return `pfctl -vvsr | grep '^@{$rulenum} '`; + $_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep '^@'", $buffer); + else { + if (file_exists("{$g['tmp_path']}/rules.debug")) + $_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@{$rulenum} [^nat|rdr|binat]'", $buffer); + else + $_gb = exec("/sbin/pfctl -vvPsr | grep '^@{$rulenum}'", $buffer); + } + if (is_array($buffer)) + return $buffer[0]; + + return ""; } function buffer_rules_load() { - global $buffer_rules_rdr, $buffer_rules_normal; - $buffer = explode("\n",`pfctl -vvsn -a "miniupnpd" | grep '^@'`); - foreach ($buffer as $line) { - list($key, $value) = explode (" ", $line, 2); - $buffer_rules_rdr[$key] = $value; - } - $buffer = explode("\n",`pfctl -vvsr | grep '^@'`); - foreach ($buffer as $line) { - list($key, $value) = explode (" ", $line, 2); - $buffer_rules_normal[$key] = $value; - } + global $g, $buffer_rules_rdr, $buffer_rules_normal; + + unset($buffer, $buffer_rules_rdr, $buffer_rules_normal); + $buffer_rules_rdr = array(); + $buffer_rules_normal = array(); + + $_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep '^@'", $buffer); + if (is_array($buffer)) { + foreach ($buffer as $line) { + list($key, $value) = explode (" ", $line, 2); + $buffer_rules_rdr[$key] = $value; + } + } + unset($buffer, $_gb); + if (file_exists("{$g['tmp_path']}/rules.debug")) + $_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+ [^nat|rdr|binat]'", $buffer); + else + $_gb = exec("/sbin/pfctl -vvPsr | grep '^@'", $buffer); + if (is_array($buffer)) { + foreach ($buffer as $line) { + list($key, $value) = explode (" ", $line, 2); + $buffer_rules_normal[$key] = $value; + } + } + unset($_gb, $buffer); } function buffer_rules_clear() { |