From nobody@FreeBSD.org  Mon Sep 27 21:13:40 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B0306106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 27 Sep 2010 21:13:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 9D9DC8FC1C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 27 Sep 2010 21:13:40 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o8RLDeVO027178
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 27 Sep 2010 21:13:40 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o8RLDexJ027177;
	Mon, 27 Sep 2010 21:13:40 GMT
	(envelope-from nobody)
Message-Id: <201009272113.o8RLDexJ027177@www.freebsd.org>
Date: Mon, 27 Sep 2010 21:13:40 GMT
From: Matt Koivisto <mkoivisto@sandvine.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] Add pfctl -P option to not perform service name lookup
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         151015
>Category:       misc
>Synopsis:       [patch] Add pfctl -P option to not perform service name lookup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 27 21:20:04 UTC 2010
>Closed-Date:    Mon Jun 20 08:48:12 UTC 2011
>Last-Modified:  Mon Jun 20 08:48:12 UTC 2011
>Originator:     Matt Koivisto
>Release:        8.1
>Organization:
Sandvine
>Environment:
N/A
>Description:
pfctl output uses getservbyport(3) calls to display ports by their service name. Currently, there is no option to disable this lookup and force numeric output.

>How-To-Repeat:
For example,

# pfctl -sr
..
pass in proto udp from any to any port = ssh keep state

>Fix:
See attached patch against RELENG_8_1

Added -P because -n (for numeric along the lines of netstat -n or tcpdump -n) was taken, as was -N and -p.

Patch after example,

# pfctl -sr -P
..
pass in proto udp from any to any port = 22 keep state


Patch attached with submission follows:

--- src/contrib/pf/pfctl/pfctl.c@@\main\RELENG_8\RELENG_8_1\0	2009-08-03 08:13:06.000000000 -0400
+++ src/contrib/pf/pfctl/pfctl.c	2010-09-27 15:00:19.000000000 -0400
@@ -233,11 +233,11 @@
 void
 usage(void)
 {
 	extern char *__progname;
 
-	fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname);
+	fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname);
 	fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
 	fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] ");
 	fprintf(stderr, "[-k host | network ]\n");
 	fprintf(stderr, "\t[-o [level]] [-p device] [-s modifier ]\n");
 	fprintf(stderr, "\t[-t table -T command [address ...]] [-x level]\n");
@@ -768,10 +768,11 @@
     char *anchorname, int depth)
 {
 	struct pfioc_rule pr;
 	u_int32_t nr, mnr, header = 0;
 	int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
+	int numeric = opts & PF_OPT_NUMERIC;
 	int len = strlen(path);
 	int brace;
 	char *p;
 
 	if (path[0])
@@ -832,11 +833,11 @@
 			}
 			break;
 		case PFCTL_SHOW_RULES:
 			if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
 				labels = 1;
-			print_rule(&pr.rule, pr.anchor_call, rule_numbers);
+			print_rule(&pr.rule, pr.anchor_call, rule_numbers, numeric);
 			printf("\n");
 			pfctl_print_rule_counters(&pr.rule, opts);
 			break;
 		case PFCTL_SHOW_NOTHING:
 			break;
@@ -892,11 +893,11 @@
 				else
 					p = &pr.anchor_call[0];
 			} else
 				p = &pr.anchor_call[0];
 		
-			print_rule(&pr.rule, p, rule_numbers);
+			print_rule(&pr.rule, p, rule_numbers, numeric);
 			if (brace)
 				printf(" {\n");
 			else
 				printf("\n");
 			pfctl_print_rule_counters(&pr.rule, opts);
@@ -949,11 +950,11 @@
 			if (dotitle) {
 				pfctl_print_title("TRANSLATION RULES:");
 				dotitle = 0;
 			}
 			print_rule(&pr.rule, pr.anchor_call,
-			    opts & PF_OPT_VERBOSE2);
+			    opts & PF_OPT_VERBOSE2, opts & PF_OPT_NUMERIC);
 			printf("\n");
 			pfctl_print_rule_counters(&pr.rule, opts);
 			pfctl_clear_pool(&pr.rule.rpool);
 		}
 	}
@@ -1316,11 +1317,12 @@
 	}
 
 	if (pf->opts & PF_OPT_VERBOSE) {
 		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
 		print_rule(r, r->anchor ? r->anchor->name : "",
-		    pf->opts & PF_OPT_VERBOSE2);
+		    pf->opts & PF_OPT_VERBOSE2,
+		    pf->opts & PF_OPT_NUMERIC);
 	}
 	path[len] = '\0';
 	pfctl_clear_pool(&r->rpool);
 	return (0);
 }
@@ -1976,11 +1978,11 @@
 
 	if (argc < 2)
 		usage();
 
 	while ((ch = getopt(argc, argv,
-	    "a:AdD:eqf:F:ghi:k:K:mnNOo::p:rRs:t:T:vx:z")) != -1) {
+	    "a:AdD:eqf:F:ghi:k:K:mnNOo::Pp:rRs:t:T:vx:z")) != -1) {
 		switch (ch) {
 		case 'a':
 			anchoropt = optarg;
 			break;
 		case 'd':
@@ -2078,10 +2080,13 @@
 			loadopt |= PFCTL_FLAG_OPTION;
 			break;
 		case 'p':
 			pf_device = optarg;
 			break;
+		case 'P':
+			opts |= PF_OPT_NUMERIC;
+			break;
 		case 's':
 			showopt = pfctl_lookup_option(optarg, showopt_list);
 			if (showopt == NULL) {
 				warnx("Unknown show modifier '%s'", optarg);
 				usage();
--- src/contrib/pf/pfctl/pfctl_optimize.c@@\main\RELENG_8\RELENG_8_1\0	2009-08-03 08:13:06.000000000 -0400
+++ src/contrib/pf/pfctl/pfctl_optimize.c	2010-09-27 14:55:08.000000000 -0400
@@ -405,11 +405,11 @@
 #ifdef OPT_DEBUG
 	printf("--- Superblock ---\n");
 	TAILQ_FOREACH(por, &block->sb_rules, por_entry) {
 		printf("  ");
 		print_rule(&por->por_rule, por->por_rule.anchor ?
-		    por->por_rule.anchor->name : "", 1);
+		    por->por_rule.anchor->name : "", 1, 0);
 	}
 #endif /* OPT_DEBUG */
 
 
 	if (remove_identical_rules(pf, block))
--- src/contrib/pf/pfctl/pfctl_parser.c@@\main\RELENG_8\RELENG_8_1\0	2010-01-23 00:32:19.000000000 -0500
+++ src/contrib/pf/pfctl/pfctl_parser.c	2010-09-27 14:54:59.000000000 -0400
@@ -62,15 +62,15 @@
 
 #include "pfctl_parser.h"
 #include "pfctl.h"
 
 void		 print_op (u_int8_t, const char *, const char *);
-void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *);
+void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int);
 void		 print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned);
 void		 print_flags (u_int8_t);
 void		 print_fromto(struct pf_rule_addr *, pf_osfp_t,
-		    struct pf_rule_addr *, u_int8_t, u_int8_t, int);
+		    struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
 int		 ifa_skip_if(const char *filter, struct node_host *p);
 
 struct node_host	*ifa_grouplookup(const char *, int);
 struct node_host	*host_if(const char *, int);
 struct node_host	*host_v4(const char *, int);
@@ -318,16 +318,17 @@
 	else if (op == PF_OP_RRG)
 		printf(" %s:%s", a1, a2);
 }
 
 void
-print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
+print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int numeric)
 {
 	char		 a1[6], a2[6];
-	struct servent	*s;
+	struct servent	*s = NULL;
 
-	s = getservbyport(p1, proto);
+	if (!numeric)
+		s = getservbyport(p1, proto);
 	p1 = ntohs(p1);
 	p2 = ntohs(p2);
 	snprintf(a1, sizeof(a1), "%u", p1);
 	snprintf(a2, sizeof(a2), "%u", p2);
 	printf(" port");
@@ -361,11 +362,11 @@
 			printf("%c", tcpflags[i]);
 }
 
 void
 print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
-    sa_family_t af, u_int8_t proto, int verbose)
+    sa_family_t af, u_int8_t proto, int verbose, int numeric)
 {
 	char buf[PF_OSFP_LEN*3];
 	if (src->addr.type == PF_ADDR_ADDRMASK &&
 	    dst->addr.type == PF_ADDR_ADDRMASK &&
 	    PF_AZERO(&src->addr.v.a.addr, AF_INET6) &&
@@ -382,11 +383,12 @@
 			printf("! ");
 		print_addr(&src->addr, af, verbose);
 		if (src->port_op)
 			print_port(src->port_op, src->port[0],
 			    src->port[1],
-			    proto == IPPROTO_TCP ? "tcp" : "udp");
+			    proto == IPPROTO_TCP ? "tcp" : "udp",
+			    numeric);
 		if (osfp != PF_OSFP_ANY)
 			printf(" os \"%s\"", pfctl_lookup_fingerprint(osfp, buf,
 			    sizeof(buf)));
 
 		printf(" to ");
@@ -394,11 +396,12 @@
 			printf("! ");
 		print_addr(&dst->addr, af, verbose);
 		if (dst->port_op)
 			print_port(dst->port_op, dst->port[0],
 			    dst->port[1],
-			    proto == IPPROTO_TCP ? "tcp" : "udp");
+			    proto == IPPROTO_TCP ? "tcp" : "udp",
+			    numeric);
 	}
 }
 
 void
 print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2,
@@ -671,11 +674,11 @@
 		printf("\n");
 	}
 }
 
 void
-print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
+print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
 {
 	static const char *actiontypes[] = { "pass", "block", "scrub",
 	    "no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr" };
 	static const char *anchortypes[] = { "anchor", "anchor", "anchor",
 	    "anchor", "nat-anchor", "nat-anchor", "binat-anchor",
@@ -798,11 +801,11 @@
 			printf(" proto %s", p->p_name);
 		else
 			printf(" proto %u", r->proto);
 	}
 	print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
-	    verbose);
+	    verbose, numeric);
 	if (r->uid.op)
 		print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user",
 		    UID_MAX);
 	if (r->gid.op)
 		print_ugid(r->gid.op, r->gid.gid[0], r->gid.gid[1], "group",
--- src/contrib/pf/pfctl/pfctl_parser.h@@\main\RELENG_8\RELENG_8_1\0	2009-08-03 08:13:06.000000000 -0400
+++ src/contrib/pf/pfctl/pfctl_parser.h	2010-09-27 14:55:02.000000000 -0400
@@ -46,10 +46,11 @@
 #define PF_OPT_VERBOSE2		0x0080
 #define PF_OPT_DUMMYACTION	0x0100
 #define PF_OPT_DEBUG		0x0200
 #define PF_OPT_SHOWALL		0x0400
 #define PF_OPT_OPTIMIZE		0x0800
+#define PF_OPT_NUMERIC		0x1000
 #define PF_OPT_MERGE		0x2000
 #define PF_OPT_RECURSE		0x4000
 
 #define PF_TH_ALL		0xFF
 
@@ -233,11 +234,11 @@
 int	parse_flags(char *);
 int	pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *);
 
 void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
 void	print_src_node(struct pf_src_node *, int);
-void	print_rule(struct pf_rule *, const char *, int);
+void	print_rule(struct pf_rule *, const char *, int, int);
 void	print_tabledef(const char *, int, int, struct node_tinithead *);
 void	print_status(struct pf_status *, int);
 
 int	eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *,
 	    struct node_queue_opt *);
--- src/contrib/pf/pfctl/pfctl.8@@\main\RELENG_8\RELENG_8_1\0	2009-08-03 08:13:06.000000000 -0400
+++ src/contrib/pf/pfctl/pfctl.8	2010-09-27 15:21:14.000000000 -0400
@@ -348,10 +348,13 @@
 without any options will enable
 .Cm basic
 optimizations, and a second
 .Fl o
 will enable profiling.
+.It Fl P
+Do not perform service name lookup for port specific rules,
+instead display the ports numerically.
 .It Fl p Ar device
 Use the device file
 .Ar device
 instead of the default
 .Pa /dev/pf .
@@ -668,10 +671,11 @@
 .Sh SEE ALSO
 .Xr pf 4 ,
 .Xr pf.conf 5 ,
 .Xr pf.os 5 ,
 .Xr rc.conf 5 ,
+.Xr services 5 ,
 .Xr sysctl.conf 5 ,
 .Xr authpf 8 ,
 .Xr ftp-proxy 8 ,
 .Xr rc 8 ,
 .Xr sysctl 8


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Mon Jun 13 11:00:15 UTC 2011 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151015 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/151015: commit references a PR
Date: Mon, 13 Jun 2011 20:11:38 +0000 (UTC)

 Author: bz
 Date: Mon Jun 13 20:11:28 2011
 New Revision: 223057
 URL: http://svn.freebsd.org/changeset/base/223057
 
 Log:
   Add a new option -P to suppress getservbyport(3) calls when printing rules.
   This allows one to force consistent printing of numeric port numbers like
   we do with -n for other tools like netstat (just that -n was already taken)
   rather than the service names.
   
   -P is currently unused in OpenBSD so the change is eligible for upstreaming.
   
   PR:		misc/151015
   Submitted by:	Matt Koivisto (mkoivisto sandvine.com)
   Sponsored by:	Sandvine Incorporated
   MFC after:	1 week
 
 Modified:
   head/contrib/pf/pfctl/pfctl.8
   head/contrib/pf/pfctl/pfctl.c
   head/contrib/pf/pfctl/pfctl_optimize.c
   head/contrib/pf/pfctl/pfctl_parser.c
   head/contrib/pf/pfctl/pfctl_parser.h
 
 Modified: head/contrib/pf/pfctl/pfctl.8
 ==============================================================================
 --- head/contrib/pf/pfctl/pfctl.8	Mon Jun 13 19:45:01 2011	(r223056)
 +++ head/contrib/pf/pfctl/pfctl.8	Mon Jun 13 20:11:28 2011	(r223057)
 @@ -26,7 +26,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd November 20, 2002
 +.Dd June 13, 2011
  .Dt PFCTL 8
  .Os
  .Sh NAME
 @@ -35,7 +35,7 @@
  .Sh SYNOPSIS
  .Nm pfctl
  .Bk -words
 -.Op Fl AdeghmNnOqRrvz
 +.Op Fl AdeghmNnOPqRrvz
  .Op Fl a Ar anchor
  .Oo Fl D Ar macro Ns =
  .Ar value Oc
 @@ -350,6 +350,9 @@ without any options will enable
  optimizations, and a second
  .Fl o
  will enable profiling.
 +.It Fl P
 +Do not perform service name lookup for port specific rules,
 +instead display the ports numerically.
  .It Fl p Ar device
  Use the device file
  .Ar device
 @@ -670,6 +673,7 @@ Passive operating system fingerprint dat
  .Xr pf.conf 5 ,
  .Xr pf.os 5 ,
  .Xr rc.conf 5 ,
 +.Xr services 5 ,
  .Xr sysctl.conf 5 ,
  .Xr authpf 8 ,
  .Xr ftp-proxy 8 ,
 
 Modified: head/contrib/pf/pfctl/pfctl.c
 ==============================================================================
 --- head/contrib/pf/pfctl/pfctl.c	Mon Jun 13 19:45:01 2011	(r223056)
 +++ head/contrib/pf/pfctl/pfctl.c	Mon Jun 13 20:11:28 2011	(r223057)
 @@ -235,7 +235,7 @@ usage(void)
  {
  	extern char *__progname;
  
 -	fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname);
 +	fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname);
  	fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
  	fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] ");
  	fprintf(stderr, "[-k host | network ]\n");
 @@ -770,6 +770,7 @@ pfctl_show_rules(int dev, char *path, in
  	struct pfioc_rule pr;
  	u_int32_t nr, mnr, header = 0;
  	int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
 +	int numeric = opts & PF_OPT_NUMERIC;
  	int len = strlen(path);
  	int brace;
  	char *p;
 @@ -834,7 +835,7 @@ pfctl_show_rules(int dev, char *path, in
  		case PFCTL_SHOW_RULES:
  			if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
  				labels = 1;
 -			print_rule(&pr.rule, pr.anchor_call, rule_numbers);
 +			print_rule(&pr.rule, pr.anchor_call, rule_numbers, numeric);
  			printf("\n");
  			pfctl_print_rule_counters(&pr.rule, opts);
  			break;
 @@ -894,7 +895,7 @@ pfctl_show_rules(int dev, char *path, in
  			} else
  				p = &pr.anchor_call[0];
  		
 -			print_rule(&pr.rule, p, rule_numbers);
 +			print_rule(&pr.rule, p, rule_numbers, numeric);
  			if (brace)
  				printf(" {\n");
  			else
 @@ -951,7 +952,7 @@ pfctl_show_nat(int dev, int opts, char *
  				dotitle = 0;
  			}
  			print_rule(&pr.rule, pr.anchor_call,
 -			    opts & PF_OPT_VERBOSE2);
 +			    opts & PF_OPT_VERBOSE2, opts & PF_OPT_NUMERIC);
  			printf("\n");
  			pfctl_print_rule_counters(&pr.rule, opts);
  			pfctl_clear_pool(&pr.rule.rpool);
 @@ -1318,7 +1319,8 @@ pfctl_load_rule(struct pfctl *pf, char *
  	if (pf->opts & PF_OPT_VERBOSE) {
  		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
  		print_rule(r, r->anchor ? r->anchor->name : "",
 -		    pf->opts & PF_OPT_VERBOSE2);
 +		    pf->opts & PF_OPT_VERBOSE2,
 +		    pf->opts & PF_OPT_NUMERIC);
  	}
  	path[len] = '\0';
  	pfctl_clear_pool(&r->rpool);
 @@ -1978,7 +1980,7 @@ main(int argc, char *argv[])
  		usage();
  
  	while ((ch = getopt(argc, argv,
 -	    "a:AdD:eqf:F:ghi:k:K:mnNOo::p:rRs:t:T:vx:z")) != -1) {
 +	    "a:AdD:eqf:F:ghi:k:K:mnNOo::Pp:rRs:t:T:vx:z")) != -1) {
  		switch (ch) {
  		case 'a':
  			anchoropt = optarg;
 @@ -2080,6 +2082,9 @@ main(int argc, char *argv[])
  		case 'p':
  			pf_device = optarg;
  			break;
 +		case 'P':
 +			opts |= PF_OPT_NUMERIC;
 +			break;
  		case 's':
  			showopt = pfctl_lookup_option(optarg, showopt_list);
  			if (showopt == NULL) {
 
 Modified: head/contrib/pf/pfctl/pfctl_optimize.c
 ==============================================================================
 --- head/contrib/pf/pfctl/pfctl_optimize.c	Mon Jun 13 19:45:01 2011	(r223056)
 +++ head/contrib/pf/pfctl/pfctl_optimize.c	Mon Jun 13 20:11:28 2011	(r223057)
 @@ -407,7 +407,7 @@ optimize_superblock(struct pfctl *pf, st
  	TAILQ_FOREACH(por, &block->sb_rules, por_entry) {
  		printf("  ");
  		print_rule(&por->por_rule, por->por_rule.anchor ?
 -		    por->por_rule.anchor->name : "", 1);
 +		    por->por_rule.anchor->name : "", 1, 0);
  	}
  #endif /* OPT_DEBUG */
  
 
 Modified: head/contrib/pf/pfctl/pfctl_parser.c
 ==============================================================================
 --- head/contrib/pf/pfctl/pfctl_parser.c	Mon Jun 13 19:45:01 2011	(r223056)
 +++ head/contrib/pf/pfctl/pfctl_parser.c	Mon Jun 13 20:11:28 2011	(r223057)
 @@ -64,11 +64,11 @@ __FBSDID("$FreeBSD$");
  #include "pfctl.h"
  
  void		 print_op (u_int8_t, const char *, const char *);
 -void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *);
 +void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int);
  void		 print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned);
  void		 print_flags (u_int8_t);
  void		 print_fromto(struct pf_rule_addr *, pf_osfp_t,
 -		    struct pf_rule_addr *, u_int8_t, u_int8_t, int);
 +		    struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
  int		 ifa_skip_if(const char *filter, struct node_host *p);
  
  struct node_host	*ifa_grouplookup(const char *, int);
 @@ -320,12 +320,15 @@ print_op(u_int8_t op, const char *a1, co
  }
  
  void
 -print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
 +print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int numeric)
  {
  	char		 a1[6], a2[6];
  	struct servent	*s;
  
 -	s = getservbyport(p1, proto);
 +	if (!numeric)
 +		s = getservbyport(p1, proto);
 +	else
 +		s = NULL;
  	p1 = ntohs(p1);
  	p2 = ntohs(p2);
  	snprintf(a1, sizeof(a1), "%u", p1);
 @@ -363,7 +366,7 @@ print_flags(u_int8_t f)
  
  void
  print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 -    sa_family_t af, u_int8_t proto, int verbose)
 +    sa_family_t af, u_int8_t proto, int verbose, int numeric)
  {
  	char buf[PF_OSFP_LEN*3];
  	if (src->addr.type == PF_ADDR_ADDRMASK &&
 @@ -384,7 +387,8 @@ print_fromto(struct pf_rule_addr *src, p
  		if (src->port_op)
  			print_port(src->port_op, src->port[0],
  			    src->port[1],
 -			    proto == IPPROTO_TCP ? "tcp" : "udp");
 +			    proto == IPPROTO_TCP ? "tcp" : "udp",
 +			    numeric);
  		if (osfp != PF_OSFP_ANY)
  			printf(" os \"%s\"", pfctl_lookup_fingerprint(osfp, buf,
  			    sizeof(buf)));
 @@ -396,7 +400,8 @@ print_fromto(struct pf_rule_addr *src, p
  		if (dst->port_op)
  			print_port(dst->port_op, dst->port[0],
  			    dst->port[1],
 -			    proto == IPPROTO_TCP ? "tcp" : "udp");
 +			    proto == IPPROTO_TCP ? "tcp" : "udp",
 +			    numeric);
  	}
  }
  
 @@ -673,7 +678,7 @@ print_src_node(struct pf_src_node *sn, i
  }
  
  void
 -print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
 +print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
  {
  	static const char *actiontypes[] = { "pass", "block", "scrub",
  	    "no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr" };
 @@ -800,7 +805,7 @@ print_rule(struct pf_rule *r, const char
  			printf(" proto %u", r->proto);
  	}
  	print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
 -	    verbose);
 +	    verbose, numeric);
  	if (r->uid.op)
  		print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user",
  		    UID_MAX);
 
 Modified: head/contrib/pf/pfctl/pfctl_parser.h
 ==============================================================================
 --- head/contrib/pf/pfctl/pfctl_parser.h	Mon Jun 13 19:45:01 2011	(r223056)
 +++ head/contrib/pf/pfctl/pfctl_parser.h	Mon Jun 13 20:11:28 2011	(r223057)
 @@ -48,6 +48,7 @@
  #define PF_OPT_DEBUG		0x0200
  #define PF_OPT_SHOWALL		0x0400
  #define PF_OPT_OPTIMIZE		0x0800
 +#define PF_OPT_NUMERIC		0x1000
  #define PF_OPT_MERGE		0x2000
  #define PF_OPT_RECURSE		0x4000
  
 @@ -235,7 +236,7 @@ int	pfctl_load_anchors(int, struct pfctl
  
  void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
  void	print_src_node(struct pf_src_node *, int);
 -void	print_rule(struct pf_rule *, const char *, int);
 +void	print_rule(struct pf_rule *, const char *, int, int);
  void	print_tabledef(const char *, int, int, struct node_tinithead *);
  void	print_status(struct pf_status *, int);
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/151015: commit references a PR
Date: Mon, 20 Jun 2011 08:37:36 +0000 (UTC)

 Author: bz
 Date: Mon Jun 20 08:37:20 2011
 New Revision: 223329
 URL: http://svn.freebsd.org/changeset/base/223329
 
 Log:
   MFC r223057:
   
    Add a new option -P to suppress getservbyport(3) calls when printing rules.
    This allows one to force consistent printing of numeric port numbers like
    we do with -n for other tools like netstat (just that -n was already taken)
    rather than the service names.
   
    PR:		misc/151015
    Submitted by:	Matt Koivisto (mkoivisto sandvine.com)
   Sponsored by:	Sandvine Incorporated
 
 Modified:
   stable/8/contrib/pf/pfctl/pfctl.8
   stable/8/contrib/pf/pfctl/pfctl.c
   stable/8/contrib/pf/pfctl/pfctl_optimize.c
   stable/8/contrib/pf/pfctl/pfctl_parser.c
   stable/8/contrib/pf/pfctl/pfctl_parser.h
 Directory Properties:
   stable/8/contrib/pf/   (props changed)
 
 Modified: stable/8/contrib/pf/pfctl/pfctl.8
 ==============================================================================
 --- stable/8/contrib/pf/pfctl/pfctl.8	Mon Jun 20 08:00:32 2011	(r223328)
 +++ stable/8/contrib/pf/pfctl/pfctl.8	Mon Jun 20 08:37:20 2011	(r223329)
 @@ -26,7 +26,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd November 20, 2002
 +.Dd June 13, 2011
  .Dt PFCTL 8
  .Os
  .Sh NAME
 @@ -35,7 +35,7 @@
  .Sh SYNOPSIS
  .Nm pfctl
  .Bk -words
 -.Op Fl AdeghmNnOqRrvz
 +.Op Fl AdeghmNnOPqRrvz
  .Op Fl a Ar anchor
  .Oo Fl D Ar macro Ns =
  .Ar value Oc
 @@ -350,6 +350,9 @@ without any options will enable
  optimizations, and a second
  .Fl o
  will enable profiling.
 +.It Fl P
 +Do not perform service name lookup for port specific rules,
 +instead display the ports numerically.
  .It Fl p Ar device
  Use the device file
  .Ar device
 @@ -670,6 +673,7 @@ Passive operating system fingerprint dat
  .Xr pf.conf 5 ,
  .Xr pf.os 5 ,
  .Xr rc.conf 5 ,
 +.Xr services 5 ,
  .Xr sysctl.conf 5 ,
  .Xr authpf 8 ,
  .Xr ftp-proxy 8 ,
 
 Modified: stable/8/contrib/pf/pfctl/pfctl.c
 ==============================================================================
 --- stable/8/contrib/pf/pfctl/pfctl.c	Mon Jun 20 08:00:32 2011	(r223328)
 +++ stable/8/contrib/pf/pfctl/pfctl.c	Mon Jun 20 08:37:20 2011	(r223329)
 @@ -235,7 +235,7 @@ usage(void)
  {
  	extern char *__progname;
  
 -	fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname);
 +	fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname);
  	fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
  	fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] ");
  	fprintf(stderr, "[-k host | network ]\n");
 @@ -770,6 +770,7 @@ pfctl_show_rules(int dev, char *path, in
  	struct pfioc_rule pr;
  	u_int32_t nr, mnr, header = 0;
  	int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
 +	int numeric = opts & PF_OPT_NUMERIC;
  	int len = strlen(path);
  	int brace;
  	char *p;
 @@ -834,7 +835,7 @@ pfctl_show_rules(int dev, char *path, in
  		case PFCTL_SHOW_RULES:
  			if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
  				labels = 1;
 -			print_rule(&pr.rule, pr.anchor_call, rule_numbers);
 +			print_rule(&pr.rule, pr.anchor_call, rule_numbers, numeric);
  			printf("\n");
  			pfctl_print_rule_counters(&pr.rule, opts);
  			break;
 @@ -894,7 +895,7 @@ pfctl_show_rules(int dev, char *path, in
  			} else
  				p = &pr.anchor_call[0];
  		
 -			print_rule(&pr.rule, p, rule_numbers);
 +			print_rule(&pr.rule, p, rule_numbers, numeric);
  			if (brace)
  				printf(" {\n");
  			else
 @@ -951,7 +952,7 @@ pfctl_show_nat(int dev, int opts, char *
  				dotitle = 0;
  			}
  			print_rule(&pr.rule, pr.anchor_call,
 -			    opts & PF_OPT_VERBOSE2);
 +			    opts & PF_OPT_VERBOSE2, opts & PF_OPT_NUMERIC);
  			printf("\n");
  			pfctl_print_rule_counters(&pr.rule, opts);
  			pfctl_clear_pool(&pr.rule.rpool);
 @@ -1318,7 +1319,8 @@ pfctl_load_rule(struct pfctl *pf, char *
  	if (pf->opts & PF_OPT_VERBOSE) {
  		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
  		print_rule(r, r->anchor ? r->anchor->name : "",
 -		    pf->opts & PF_OPT_VERBOSE2);
 +		    pf->opts & PF_OPT_VERBOSE2,
 +		    pf->opts & PF_OPT_NUMERIC);
  	}
  	path[len] = '\0';
  	pfctl_clear_pool(&r->rpool);
 @@ -1978,7 +1980,7 @@ main(int argc, char *argv[])
  		usage();
  
  	while ((ch = getopt(argc, argv,
 -	    "a:AdD:eqf:F:ghi:k:K:mnNOo::p:rRs:t:T:vx:z")) != -1) {
 +	    "a:AdD:eqf:F:ghi:k:K:mnNOo::Pp:rRs:t:T:vx:z")) != -1) {
  		switch (ch) {
  		case 'a':
  			anchoropt = optarg;
 @@ -2080,6 +2082,9 @@ main(int argc, char *argv[])
  		case 'p':
  			pf_device = optarg;
  			break;
 +		case 'P':
 +			opts |= PF_OPT_NUMERIC;
 +			break;
  		case 's':
  			showopt = pfctl_lookup_option(optarg, showopt_list);
  			if (showopt == NULL) {
 
 Modified: stable/8/contrib/pf/pfctl/pfctl_optimize.c
 ==============================================================================
 --- stable/8/contrib/pf/pfctl/pfctl_optimize.c	Mon Jun 20 08:00:32 2011	(r223328)
 +++ stable/8/contrib/pf/pfctl/pfctl_optimize.c	Mon Jun 20 08:37:20 2011	(r223329)
 @@ -407,7 +407,7 @@ optimize_superblock(struct pfctl *pf, st
  	TAILQ_FOREACH(por, &block->sb_rules, por_entry) {
  		printf("  ");
  		print_rule(&por->por_rule, por->por_rule.anchor ?
 -		    por->por_rule.anchor->name : "", 1);
 +		    por->por_rule.anchor->name : "", 1, 0);
  	}
  #endif /* OPT_DEBUG */
  
 
 Modified: stable/8/contrib/pf/pfctl/pfctl_parser.c
 ==============================================================================
 --- stable/8/contrib/pf/pfctl/pfctl_parser.c	Mon Jun 20 08:00:32 2011	(r223328)
 +++ stable/8/contrib/pf/pfctl/pfctl_parser.c	Mon Jun 20 08:37:20 2011	(r223329)
 @@ -64,11 +64,11 @@ __FBSDID("$FreeBSD$");
  #include "pfctl.h"
  
  void		 print_op (u_int8_t, const char *, const char *);
 -void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *);
 +void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int);
  void		 print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned);
  void		 print_flags (u_int8_t);
  void		 print_fromto(struct pf_rule_addr *, pf_osfp_t,
 -		    struct pf_rule_addr *, u_int8_t, u_int8_t, int);
 +		    struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
  int		 ifa_skip_if(const char *filter, struct node_host *p);
  
  struct node_host	*ifa_grouplookup(const char *, int);
 @@ -320,12 +320,15 @@ print_op(u_int8_t op, const char *a1, co
  }
  
  void
 -print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
 +print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int numeric)
  {
  	char		 a1[6], a2[6];
  	struct servent	*s;
  
 -	s = getservbyport(p1, proto);
 +	if (!numeric)
 +		s = getservbyport(p1, proto);
 +	else
 +		s = NULL;
  	p1 = ntohs(p1);
  	p2 = ntohs(p2);
  	snprintf(a1, sizeof(a1), "%u", p1);
 @@ -363,7 +366,7 @@ print_flags(u_int8_t f)
  
  void
  print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 -    sa_family_t af, u_int8_t proto, int verbose)
 +    sa_family_t af, u_int8_t proto, int verbose, int numeric)
  {
  	char buf[PF_OSFP_LEN*3];
  	if (src->addr.type == PF_ADDR_ADDRMASK &&
 @@ -384,7 +387,8 @@ print_fromto(struct pf_rule_addr *src, p
  		if (src->port_op)
  			print_port(src->port_op, src->port[0],
  			    src->port[1],
 -			    proto == IPPROTO_TCP ? "tcp" : "udp");
 +			    proto == IPPROTO_TCP ? "tcp" : "udp",
 +			    numeric);
  		if (osfp != PF_OSFP_ANY)
  			printf(" os \"%s\"", pfctl_lookup_fingerprint(osfp, buf,
  			    sizeof(buf)));
 @@ -396,7 +400,8 @@ print_fromto(struct pf_rule_addr *src, p
  		if (dst->port_op)
  			print_port(dst->port_op, dst->port[0],
  			    dst->port[1],
 -			    proto == IPPROTO_TCP ? "tcp" : "udp");
 +			    proto == IPPROTO_TCP ? "tcp" : "udp",
 +			    numeric);
  	}
  }
  
 @@ -673,7 +678,7 @@ print_src_node(struct pf_src_node *sn, i
  }
  
  void
 -print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
 +print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
  {
  	static const char *actiontypes[] = { "pass", "block", "scrub",
  	    "no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr" };
 @@ -800,7 +805,7 @@ print_rule(struct pf_rule *r, const char
  			printf(" proto %u", r->proto);
  	}
  	print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
 -	    verbose);
 +	    verbose, numeric);
  	if (r->uid.op)
  		print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user",
  		    UID_MAX);
 
 Modified: stable/8/contrib/pf/pfctl/pfctl_parser.h
 ==============================================================================
 --- stable/8/contrib/pf/pfctl/pfctl_parser.h	Mon Jun 20 08:00:32 2011	(r223328)
 +++ stable/8/contrib/pf/pfctl/pfctl_parser.h	Mon Jun 20 08:37:20 2011	(r223329)
 @@ -48,6 +48,7 @@
  #define PF_OPT_DEBUG		0x0200
  #define PF_OPT_SHOWALL		0x0400
  #define PF_OPT_OPTIMIZE		0x0800
 +#define PF_OPT_NUMERIC		0x1000
  #define PF_OPT_MERGE		0x2000
  #define PF_OPT_RECURSE		0x4000
  
 @@ -235,7 +236,7 @@ int	pfctl_load_anchors(int, struct pfctl
  
  void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
  void	print_src_node(struct pf_src_node *, int);
 -void	print_rule(struct pf_rule *, const char *, int);
 +void	print_rule(struct pf_rule *, const char *, int, int);
  void	print_tabledef(const char *, int, int, struct node_tinithead *);
  void	print_status(struct pf_status *, int);
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/151015: commit references a PR
Date: Mon, 20 Jun 2011 08:37:57 +0000 (UTC)

 Author: bz
 Date: Mon Jun 20 08:37:34 2011
 New Revision: 223330
 URL: http://svn.freebsd.org/changeset/base/223330
 
 Log:
   MFC r223057:
   
    Add a new option -P to suppress getservbyport(3) calls when printing rules.
    This allows one to force consistent printing of numeric port numbers like
    we do with -n for other tools like netstat (just that -n was already taken)
    rather than the service names.
   
    PR:            misc/151015
    Submitted by:  Matt Koivisto (mkoivisto sandvine.com)
   Sponsored by:   Sandvine Incorporated
 
 Modified:
   stable/7/contrib/pf/pfctl/pfctl.8
   stable/7/contrib/pf/pfctl/pfctl.c
   stable/7/contrib/pf/pfctl/pfctl_optimize.c
   stable/7/contrib/pf/pfctl/pfctl_parser.c
   stable/7/contrib/pf/pfctl/pfctl_parser.h
 Directory Properties:
   stable/7/contrib/pf/   (props changed)
 
 Modified: stable/7/contrib/pf/pfctl/pfctl.8
 ==============================================================================
 --- stable/7/contrib/pf/pfctl/pfctl.8	Mon Jun 20 08:37:20 2011	(r223329)
 +++ stable/7/contrib/pf/pfctl/pfctl.8	Mon Jun 20 08:37:34 2011	(r223330)
 @@ -26,7 +26,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd November 20, 2002
 +.Dd June 13, 2011
  .Dt PFCTL 8
  .Os
  .Sh NAME
 @@ -35,7 +35,7 @@
  .Sh SYNOPSIS
  .Nm pfctl
  .Bk -words
 -.Op Fl AdeghmNnOqRrvz
 +.Op Fl AdeghmNnOPqRrvz
  .Op Fl a Ar anchor
  .Oo Fl D Ar macro Ns =
  .Ar value Oc
 @@ -350,6 +350,9 @@ without any options will enable
  optimizations, and a second
  .Fl o
  will enable profiling.
 +.It Fl P
 +Do not perform service name lookup for port specific rules,
 +instead display the ports numerically.
  .It Fl p Ar device
  Use the device file
  .Ar device
 @@ -670,6 +673,7 @@ Passive operating system fingerprint dat
  .Xr pf.conf 5 ,
  .Xr pf.os 5 ,
  .Xr rc.conf 5 ,
 +.Xr services 5 ,
  .Xr sysctl.conf 5 ,
  .Xr authpf 8 ,
  .Xr ftp-proxy 8 ,
 
 Modified: stable/7/contrib/pf/pfctl/pfctl.c
 ==============================================================================
 --- stable/7/contrib/pf/pfctl/pfctl.c	Mon Jun 20 08:37:20 2011	(r223329)
 +++ stable/7/contrib/pf/pfctl/pfctl.c	Mon Jun 20 08:37:34 2011	(r223330)
 @@ -235,7 +235,7 @@ usage(void)
  {
  	extern char *__progname;
  
 -	fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname);
 +	fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname);
  	fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
  	fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] ");
  	fprintf(stderr, "[-k host | network ]\n");
 @@ -770,6 +770,7 @@ pfctl_show_rules(int dev, char *path, in
  	struct pfioc_rule pr;
  	u_int32_t nr, mnr, header = 0;
  	int rule_numbers = opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG);
 +	int numeric = opts & PF_OPT_NUMERIC;
  	int len = strlen(path);
  	int brace;
  	char *p;
 @@ -834,7 +835,7 @@ pfctl_show_rules(int dev, char *path, in
  		case PFCTL_SHOW_RULES:
  			if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
  				labels = 1;
 -			print_rule(&pr.rule, pr.anchor_call, rule_numbers);
 +			print_rule(&pr.rule, pr.anchor_call, rule_numbers, numeric);
  			printf("\n");
  			pfctl_print_rule_counters(&pr.rule, opts);
  			break;
 @@ -894,7 +895,7 @@ pfctl_show_rules(int dev, char *path, in
  			} else
  				p = &pr.anchor_call[0];
  		
 -			print_rule(&pr.rule, p, rule_numbers);
 +			print_rule(&pr.rule, p, rule_numbers, numeric);
  			if (brace)
  				printf(" {\n");
  			else
 @@ -951,7 +952,7 @@ pfctl_show_nat(int dev, int opts, char *
  				dotitle = 0;
  			}
  			print_rule(&pr.rule, pr.anchor_call,
 -			    opts & PF_OPT_VERBOSE2);
 +			    opts & PF_OPT_VERBOSE2, opts & PF_OPT_NUMERIC);
  			printf("\n");
  			pfctl_print_rule_counters(&pr.rule, opts);
  			pfctl_clear_pool(&pr.rule.rpool);
 @@ -1318,7 +1319,8 @@ pfctl_load_rule(struct pfctl *pf, char *
  	if (pf->opts & PF_OPT_VERBOSE) {
  		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
  		print_rule(r, r->anchor ? r->anchor->name : "",
 -		    pf->opts & PF_OPT_VERBOSE2);
 +		    pf->opts & PF_OPT_VERBOSE2,
 +		    pf->opts & PF_OPT_NUMERIC);
  	}
  	path[len] = '\0';
  	pfctl_clear_pool(&r->rpool);
 @@ -1978,7 +1980,7 @@ main(int argc, char *argv[])
  		usage();
  
  	while ((ch = getopt(argc, argv,
 -	    "a:AdD:eqf:F:ghi:k:K:mnNOo::p:rRs:t:T:vx:z")) != -1) {
 +	    "a:AdD:eqf:F:ghi:k:K:mnNOo::Pp:rRs:t:T:vx:z")) != -1) {
  		switch (ch) {
  		case 'a':
  			anchoropt = optarg;
 @@ -2080,6 +2082,9 @@ main(int argc, char *argv[])
  		case 'p':
  			pf_device = optarg;
  			break;
 +		case 'P':
 +			opts |= PF_OPT_NUMERIC;
 +			break;
  		case 's':
  			showopt = pfctl_lookup_option(optarg, showopt_list);
  			if (showopt == NULL) {
 
 Modified: stable/7/contrib/pf/pfctl/pfctl_optimize.c
 ==============================================================================
 --- stable/7/contrib/pf/pfctl/pfctl_optimize.c	Mon Jun 20 08:37:20 2011	(r223329)
 +++ stable/7/contrib/pf/pfctl/pfctl_optimize.c	Mon Jun 20 08:37:34 2011	(r223330)
 @@ -407,7 +407,7 @@ optimize_superblock(struct pfctl *pf, st
  	TAILQ_FOREACH(por, &block->sb_rules, por_entry) {
  		printf("  ");
  		print_rule(&por->por_rule, por->por_rule.anchor ?
 -		    por->por_rule.anchor->name : "", 1);
 +		    por->por_rule.anchor->name : "", 1, 0);
  	}
  #endif /* OPT_DEBUG */
  
 
 Modified: stable/7/contrib/pf/pfctl/pfctl_parser.c
 ==============================================================================
 --- stable/7/contrib/pf/pfctl/pfctl_parser.c	Mon Jun 20 08:37:20 2011	(r223329)
 +++ stable/7/contrib/pf/pfctl/pfctl_parser.c	Mon Jun 20 08:37:34 2011	(r223330)
 @@ -64,11 +64,11 @@ __FBSDID("$FreeBSD$");
  #include "pfctl.h"
  
  void		 print_op (u_int8_t, const char *, const char *);
 -void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *);
 +void		 print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int);
  void		 print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned);
  void		 print_flags (u_int8_t);
  void		 print_fromto(struct pf_rule_addr *, pf_osfp_t,
 -		    struct pf_rule_addr *, u_int8_t, u_int8_t, int);
 +		    struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
  int		 ifa_skip_if(const char *filter, struct node_host *p);
  
  struct node_host	*ifa_grouplookup(const char *, int);
 @@ -320,12 +320,15 @@ print_op(u_int8_t op, const char *a1, co
  }
  
  void
 -print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
 +print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int numeric)
  {
  	char		 a1[6], a2[6];
  	struct servent	*s;
  
 -	s = getservbyport(p1, proto);
 +	if (!numeric)
 +		s = getservbyport(p1, proto);
 +	else
 +		s = NULL;
  	p1 = ntohs(p1);
  	p2 = ntohs(p2);
  	snprintf(a1, sizeof(a1), "%u", p1);
 @@ -363,7 +366,7 @@ print_flags(u_int8_t f)
  
  void
  print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 -    sa_family_t af, u_int8_t proto, int verbose)
 +    sa_family_t af, u_int8_t proto, int verbose, int numeric)
  {
  	char buf[PF_OSFP_LEN*3];
  	if (src->addr.type == PF_ADDR_ADDRMASK &&
 @@ -384,7 +387,8 @@ print_fromto(struct pf_rule_addr *src, p
  		if (src->port_op)
  			print_port(src->port_op, src->port[0],
  			    src->port[1],
 -			    proto == IPPROTO_TCP ? "tcp" : "udp");
 +			    proto == IPPROTO_TCP ? "tcp" : "udp",
 +			    numeric);
  		if (osfp != PF_OSFP_ANY)
  			printf(" os \"%s\"", pfctl_lookup_fingerprint(osfp, buf,
  			    sizeof(buf)));
 @@ -396,7 +400,8 @@ print_fromto(struct pf_rule_addr *src, p
  		if (dst->port_op)
  			print_port(dst->port_op, dst->port[0],
  			    dst->port[1],
 -			    proto == IPPROTO_TCP ? "tcp" : "udp");
 +			    proto == IPPROTO_TCP ? "tcp" : "udp",
 +			    numeric);
  	}
  }
  
 @@ -673,7 +678,7 @@ print_src_node(struct pf_src_node *sn, i
  }
  
  void
 -print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
 +print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
  {
  	static const char *actiontypes[] = { "pass", "block", "scrub",
  	    "no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr" };
 @@ -800,7 +805,7 @@ print_rule(struct pf_rule *r, const char
  			printf(" proto %u", r->proto);
  	}
  	print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
 -	    verbose);
 +	    verbose, numeric);
  	if (r->uid.op)
  		print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user",
  		    UID_MAX);
 
 Modified: stable/7/contrib/pf/pfctl/pfctl_parser.h
 ==============================================================================
 --- stable/7/contrib/pf/pfctl/pfctl_parser.h	Mon Jun 20 08:37:20 2011	(r223329)
 +++ stable/7/contrib/pf/pfctl/pfctl_parser.h	Mon Jun 20 08:37:34 2011	(r223330)
 @@ -48,6 +48,7 @@
  #define PF_OPT_DEBUG		0x0200
  #define PF_OPT_SHOWALL		0x0400
  #define PF_OPT_OPTIMIZE		0x0800
 +#define PF_OPT_NUMERIC		0x1000
  #define PF_OPT_MERGE		0x2000
  #define PF_OPT_RECURSE		0x4000
  
 @@ -235,7 +236,7 @@ int	pfctl_load_anchors(int, struct pfctl
  
  void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
  void	print_src_node(struct pf_src_node *, int);
 -void	print_rule(struct pf_rule *, const char *, int);
 +void	print_rule(struct pf_rule *, const char *, int, int);
  void	print_tabledef(const char *, int, int, struct node_tinithead *);
  void	print_status(struct pf_status *, int);
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: bz 
State-Changed-When: Mon Jun 20 08:47:41 UTC 2011 
State-Changed-Why:  
Committed to HEAD and merges to stable/8 and stable/7. 
Thanks a lot for submitting the patch! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151015 
>Unformatted:
