pf: Introduce ridentifier
ClosedPublic
Actions

Authored by kp on Oct 30 2021, 9:53 AM.

Details

Reviewers

Group Reviewers

network
pfsense
manpages

Commits

rGcfe9b890d574: pf: Introduce ridentifier
rG7f944794868f: pf: Introduce ridentifier
rG76c5eecc3490: pf: Introduce ridentifier

Summary

Allow users to set a number on rules which will be exposed as part of
the pflog header.
The intent behind this is to allow users to correlate rules across
updates (remember that pf rules continue to exist and match existing
states, even if they're removed from the active ruleset) and pflog.

Obtained from: pfSense
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 42455
Build 39343: arc lint + arc unit

Event Timeline

kp created this revision.Oct 30 2021, 9:53 AM

Herald added a reviewer: manpages. · View Herald TranscriptOct 30 2021, 9:53 AM

Herald added subscribers: donner, melifaro, farrokhi and 2 others. · View Herald Transcript

kp requested review of this revision.Oct 30 2021, 9:53 AM

Harbormaster completed remote builds in B42455: Diff 97734.Oct 30 2021, 9:53 AM

kp added a child revision: D32751: pf tests: basic test for ridentifier.Oct 30 2021, 9:53 AM

Man page part of the change looks good. It needs a .Dd date bump when the commit happens.
Thanks for keeping up the good work on pf!

eri requested changes to this revision.Oct 30 2021, 10:16 PM

eri added a subscriber: eri.

eri added inline comments.

sbin/pfctl/parse.y
267	Is there no better place for such info? It sounds like forced through as is

This revision now requires changes to proceed.Oct 30 2021, 10:16 PM

kp added inline comments.Oct 31 2021, 9:27 AM

sbin/pfctl/parse.y
267	I’m not sure I understand your objection.

eri added inline comments.Nov 1 2021, 1:58 AM

sbin/pfctl/parse.y
267	I am pointing out that antispoof structure does not seem to have a relationship with a rule identifier. Is there no better place to stick this new info/tag?