From e580afeab5627064bbdb7bac00adf3d3bfbda8ae Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 3 Nov 2017 22:41:07 +0100
Subject: [PATCH] parse label from running firewall config, for
 https://github.com/opnsense/core/issues/1788

---
 .../views/OPNsense/Diagnostics/fw_log.volt    |  1 +
 src/opnsense/scripts/filter/read_log.py       | 23 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt
index 2b85ad27b..e58056d96 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt
@@ -211,6 +211,7 @@ POSSIBILITY OF SUCH DAMAGE.
                               <th data-column-id="src" data-type="address">{{ lang._('Source') }}</th>
                               <th data-column-id="dst" data-type="address">{{ lang._('Destination') }}</th>
                               <th data-column-id="protoname" data-type="string">{{ lang._('Proto') }}</th>
+                              <th data-column-id="label" data-type="string">{{ lang._('Label') }}</th>
                               <th data-column-id="" data-type="info" style="width:20px;"></th>
                           </tr>
                         </thead>
diff --git a/src/opnsense/scripts/filter/read_log.py b/src/opnsense/scripts/filter/read_log.py
index 208ac5c89..a44f6f958 100755
--- a/src/opnsense/scripts/filter/read_log.py
+++ b/src/opnsense/scripts/filter/read_log.py
@@ -33,6 +33,8 @@ import sys
 import md5
 import argparse
 import ujson
+import tempfile
+import subprocess
 sys.path.insert(0, "/usr/local/opnsense/site-python")
 from log_helper import reverse_log_reader, fetch_clog
 from params import update_params
@@ -64,12 +66,31 @@ def update_rule(target, metadata_target, ruleparts, spec):
     # full spec
     metadata_target['__spec__'] = spec
 
+def fetch_rules_descriptions():
+    """ Fetch rule descriptions from the current running config if available
+        :return : rule details per line number
+    """
+    result = dict()
+    if os.path.isfile('/tmp/rules.debug'):
+        with tempfile.NamedTemporaryFile() as output_stream:
+            subprocess.call(['/sbin/pfctl', '-vvPnf', '/tmp/rules.debug'], stdout=output_stream, stderr=open(os.devnull, 'wb'))
+            output_stream.seek(0)
+            for line in output_stream.read().strip().split('\n'):
+                if line.startswith('@'):
+                    line_id = line.split()[0][1:]
+                    result[line_id] = {'label': ''.join(line.split(' label ')[-1:]).strip()[1:-1]}
+    return result
+
+
 if __name__ == '__main__':
     # read parameters
     parameters = {'limit': '0', 'digest': ''}
     update_params(parameters)
     parameters['limit'] = int(parameters['limit'])
 
+    # parse current running config
+    running_conf_descr = fetch_rules_descriptions()
+
     result = list()
     for record in reverse_log_reader(fetch_clog(filter_log)):
         if record['line'].find('filterlog') > -1:
@@ -104,6 +125,8 @@ if __name__ == '__main__':
                             update_rule(rule, metadata, rulep, fields_ipv6_carp)
 
             rule.update(metadata)
+            if 'rulenr' in rule and rule['rulenr'] in running_conf_descr:
+                rule['label'] = running_conf_descr[rule['rulenr']]['label']
             result.append(rule)
 
             # handle exit criteria, row limit or last digest