When using match vice pass/block rules when wanting counters, e.g.,
match in from <mahtable> counters
counters were not being updated. reyk@ and I tracked this down to
a failure to check the matched rules for the need to increment stats.
the following diff fixes that here
- Bert
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.835
diff -u -p -r1.835 pf.c
--- pf.c 17 Jun 2013 19:50:06 -0000 1.835
+++ pf.c 21 Jun 2013 15:16:25 -0000
@@ -6526,6 +6526,23 @@ pf_counters_inc(int action, struct pf_pd
SLIST_FOREACH(ri, &s->match_rules, entry) {
ri->r->packets[dirndx]++;
ri->r->bytes[dirndx] += pd->tot_len;
+
+ if (ri->r->src.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(ri->r->src.addr.p.tbl,
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_OUT)],
+ pd->af, pd->tot_len,
+ pd->dir == PF_OUT,
+ ri->r->action == PF_PASS,
+ ri->r->src.neg);
+ if (ri->r->dst.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(ri->r->dst.addr.p.tbl,
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_IN)],
+ pd->af, pd->tot_len,
+ pd->dir == PF_OUT,
+ ri->r->action == PF_PASS,
+ ri->r->dst.neg);
}
}
if (r->src.addr.type == PF_ADDR_TABLE)
