From f0ae56947771a8a599c18ab751efff6c39c72cf5 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 25 Oct 2021 17:58:54 +0200
Subject: [PATCH] Squashed commit of the following:

commit 4be5387afb88689cb760c4dc60e0933834a7d9fd
Author: Ad Schellevis <ad@opnsense.org>
Date:   Mon Oct 25 17:56:57 2021 +0200

    Firewall / Diagnostics add 'rules' to Statistics (https://github.com/opnsense/core/pull/5292)

    o minor cleanups
    o cleanup pfctl call handling, when a section is provided only extract the one asked for.

commit be7f3f6b22fb88c96178102ac5b5266f52fbfe71
Merge: 116453543 f1a7b9320
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date:   Wed Oct 20 19:31:45 2021 +0300

    Merge branch 'master' into patch-20

commit 116453543ef50c3706633bbfe52436ba9ca4f009
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date:   Wed Oct 20 19:25:55 2021 +0300

    suffix

commit 70ea8ebb536b4fe282ce395a0d12f7b7496d9d07
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date:   Tue Oct 19 23:20:30 2021 +0300

    open node on label click

commit deef33fb07b4844641374ef5929613e51b1926d7
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date:   Tue Oct 19 18:49:30 2021 +0300

    add 'rules' to pf stats

    add 'rules' to pf stats

    add 'rules'

    add 'rules'

    Update pfstatistcs
---
 .../Diagnostics/FirewallController.php        |  5 +++
 .../views/OPNsense/Diagnostics/treeview.volt  |  6 +++
 src/opnsense/scripts/filter/pfstatistcs.py    | 45 ++++++++++++++-----
 3 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/FirewallController.php b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/FirewallController.php
index 521d0b2b4..a6df48cd0 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/FirewallController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/FirewallController.php
@@ -92,6 +92,11 @@ class FirewallController extends IndexController
             "name" => "interfaces",
             "caption" => gettext("interfaces"),
             "endpoint" => "/api/diagnostics/firewall/pf_statistcs/interfaces"
+          ],
+          [
+            "name" => "rules",
+            "caption" => gettext("rules"),
+            "endpoint" => "/api/diagnostics/firewall/pf_statistcs/rules"
           ]
         ];
         $this->view->default_tab = "info";
diff --git a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/treeview.volt b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/treeview.volt
index 744591346..7382f7eb2 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/treeview.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/treeview.volt
@@ -83,6 +83,8 @@
                           closedIcon: $('<i class="fa fa-plus-square-o"></i>'),
                           openedIcon: $('<i class="fa fa-minus-square-o"></i>'),
                           onCreateLi: function(node, $li) {
+                              let n_title = $li.find('.jqtree-title');
+                              n_title.text(n_title.text().replace('&gt;','\>').replace('&lt;','\<'));
                               if (node.value !== undefined) {
                                   $li.find('.jqtree-element').append(
                                       '&nbsp; <strong>:</strong> &nbsp;' + node.value
@@ -101,6 +103,10 @@
                               $tree.tree('openNode', $tree.tree('getNodeById', key));
                           }
                       }
+                      //open node on label click
+                      $tree.bind('tree.click', function(e) {
+                          $tree.tree('toggle', e.node);
+                      });
                   } else {
                       let curent_state = $tree.tree('getState');
                       $tree.tree('loadData', dict_to_tree(data));
diff --git a/src/opnsense/scripts/filter/pfstatistcs.py b/src/opnsense/scripts/filter/pfstatistcs.py
index 05feb4d63..00ea17acf 100755
--- a/src/opnsense/scripts/filter/pfstatistcs.py
+++ b/src/opnsense/scripts/filter/pfstatistcs.py
@@ -96,17 +96,42 @@ def pfctl_interfaces():
 
     return result
 
-def main():
-    result = {
-        'info': pfctl_info(),
-        'memory': pfctl_memory(),
-        'timeouts': pfctl_timeouts(),
-        'interfaces': pfctl_interfaces()
+def pfctl_rules():
+    result = dict()
+    headings = {
+        "rules": "filter rules",
+        "nat": "nat rules"
     }
+    for key in headings:
+        result[headings[key]] = dict()
+        rule = None
+        for line in subprocess.run(['/sbin/pfctl', '-vvs' + key], capture_output=True, text=True).stdout.split("\n"):
+            sline = line.strip()
+            if len(line) > 0 and line[0] not in ["\t", " "]:
+                rule = sline
+                result[headings[key]][rule] = dict()
+            elif rule is not None and sline.startswith('[') and sline.endswith(']'):
+                items = sline[1:].strip().lower().split(':')
+                for idx, item in enumerate(items[1:],1):
+                    opt = 'state_creations' if items[idx-1].find('creations') >  -1 else items[idx-1].split()[-1]
+                    val = " ".join(item.split()[:-1]).replace('state', '')
+                    result[headings[key]][rule][opt] = int(val) if val.isdigit() else val
 
-    if len(sys.argv) > 1 and sys.argv[1] in result:
-        return result[sys.argv[1]]
-    else:
-        return result
+    return result
+
+def main():
+    sections = {
+        'info': pfctl_info,
+        'memory': pfctl_memory,
+        'timeouts': pfctl_timeouts,
+        'interfaces': pfctl_interfaces,
+        'rules': pfctl_rules
+    }
+    result = dict()
+    for section in sections:
+        if (len(sys.argv) > 1 and sys.argv[1] == section) or (len(sys.argv) == 1):
+            result[section] = sections[section]()
+
+    return result
 
 print(ujson.dumps(main()))