[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    fix pf counters with match rules
From:       Bret Lambert <blambert () openbsd ! org>
Date:       2013-06-21 15:32:30
Message-ID: 20130621153230.GA18292 () gmail ! com
[Download RAW message or body]

When using match vice pass/block rules when wanting counters, e.g.,

match in from <mahtable> counters

counters were not being updated. reyk@ and I tracked this down to
a failure to check the matched rules for the need to increment stats.

the following diff fixes that here

- Bert

Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.835
diff -u -p -r1.835 pf.c
--- pf.c	17 Jun 2013 19:50:06 -0000	1.835
+++ pf.c	21 Jun 2013 15:16:25 -0000
@@ -6526,6 +6526,23 @@ pf_counters_inc(int action, struct pf_pd
 			SLIST_FOREACH(ri, &s->match_rules, entry) {
 				ri->r->packets[dirndx]++;
 				ri->r->bytes[dirndx] += pd->tot_len;
+
+				if (ri->r->src.addr.type == PF_ADDR_TABLE)
+					pfr_update_stats(ri->r->src.addr.p.tbl,
+					    &s->key[(s->direction == PF_IN)]->
+						addr[(s->direction == PF_OUT)],
+					    pd->af, pd->tot_len,
+					    pd->dir == PF_OUT,
+					    ri->r->action == PF_PASS,
+					    ri->r->src.neg);
+				if (ri->r->dst.addr.type == PF_ADDR_TABLE)
+					pfr_update_stats(ri->r->dst.addr.p.tbl,
+					    &s->key[(s->direction == PF_IN)]->
+						addr[(s->direction == PF_IN)],
+					    pd->af, pd->tot_len,
+					    pd->dir == PF_OUT,
+					    ri->r->action == PF_PASS,
+					    ri->r->dst.neg);
 			}
 		}
 		if (r->src.addr.type == PF_ADDR_TABLE)

[prev in list] [next in list] [prev in thread] [next in thread]