diff options
| author | Michael Shalayeff <mickey@cvs.openbsd.org> | 2002-10-29 19:51:05 +0000 |
|---|---|---|
| committer | Michael Shalayeff <mickey@cvs.openbsd.org> | 2002-10-29 19:51:05 +0000 |
| commit | 6f521bf77023b728eac468a07e077ee039120a27 (patch) | |
| tree | 815d51036ede312eddbdd83e874264355a0eb92c | |
| parent | c8811b30c30f967b1b25387b30bc1cfd2e619a84 (diff) | |
keep all pflog goodies in pflog sources, avoids code duplications; okski frantzen@ and dhartmei@
| -rw-r--r-- | sys/net/if_pflog.c | 56 | ||||
| -rw-r--r-- | sys/net/if_pflog.h | 22 | ||||
| -rw-r--r-- | sys/net/pf.c | 69 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 22 |
4 files changed, 78 insertions, 91 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index 176bf6d2451..7c1648ce6e5 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.6 2002/06/30 13:04:36 itojun Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.7 2002/10/29 19:51:04 mickey Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -33,6 +33,9 @@ * PURPOSE. */ +#include "bpfilter.h" +#include "pflog.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> @@ -44,11 +47,11 @@ #include <net/route.h> #include <net/bpf.h> -#include <net/if_pflog.h> - #ifdef INET #include <netinet/in.h> #include <netinet/in_var.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> #endif #ifdef INET6 @@ -58,8 +61,8 @@ #include <netinet6/nd6.h> #endif /* INET6 */ -#include "bpfilter.h" -#include "pflog.h" +#include <net/pfvar.h> +#include <net/if_pflog.h> #define PFLOGMTU (32768 + MHLEN + MLEN) @@ -167,3 +170,46 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data) return (0); } + +int +pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_short dir, + u_short reason, struct pf_rule *rm) +{ +#if NBPFILTER > 0 + struct ifnet *ifn; + struct pfloghdr hdr; + struct mbuf m1; + + if (ifp == NULL || m == NULL || rm == NULL) + return (-1); + + hdr.af = htonl(af); + memcpy(hdr.ifname, ifp->if_xname, sizeof(hdr.ifname)); + + hdr.rnr = htons(rm->nr); + hdr.reason = htons(reason); + hdr.dir = htons(dir); + hdr.action = htons(rm->action); + +#ifdef INET + if (af == AF_INET && dir == PF_OUT) { + struct ip *ip; + + ip = mtod(m, struct ip *); + ip->ip_sum = 0; + ip->ip_sum = in_cksum(m, ip->ip_hl << 2); + } +#endif /* INET */ + + m1.m_next = m; + m1.m_len = PFLOG_HDRLEN; + m1.m_data = (char *) &hdr; + + ifn = &(pflogif[0].sc_if); + + if (ifn->if_bpf) + bpf_mtap(ifn->if_bpf, &m1); +#endif + + return (0); +} diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index eab48e509b0..098b781670e 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.h,v 1.6 2001/11/08 22:02:11 mickey Exp $ */ +/* $OpenBSD: if_pflog.h,v 1.7 2002/10/29 19:51:04 mickey Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -42,5 +42,23 @@ struct pfloghdr { #define PFLOG_HDRLEN sizeof(struct pfloghdr) -extern struct pflog_softc pflogif[]; +#ifdef _KERNEL + +#if NPFLOG > 0 +#define PFLOG_PACKET(i,x,a,b,c,d,e) \ + do { \ + if (b == AF_INET) { \ + HTONS(((struct ip *)x)->ip_len); \ + HTONS(((struct ip *)x)->ip_off); \ + pflog_packet(i,a,b,c,d,e); \ + NTOHS(((struct ip *)x)->ip_len); \ + NTOHS(((struct ip *)x)->ip_off); \ + } else { \ + pflog_packet(i,a,b,c,d,e); \ + } \ + } while (0) +#else +#define PFLOG_PACKET(i,x,a,b,c,d,e) ((void)0) +#endif /* NPFLOG > 0 */ +#endif /* _KERNEL */ #endif /* _NET_IF_PFLOG_H_ */ diff --git a/sys/net/pf.c b/sys/net/pf.c index 9e6293c7fc2..1936ac9088b 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.257 2002/10/22 12:23:35 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.258 2002/10/29 19:51:04 mickey Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -34,6 +34,9 @@ * */ +#include "bpfilter.h" +#include "pflog.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> @@ -68,9 +71,6 @@ #include <dev/rndvar.h> #include <net/pfvar.h> -#include "bpfilter.h" -#include "pflog.h" - #ifdef INET6 #include <netinet/ip6.h> #include <netinet/in_pcb.h> @@ -237,24 +237,6 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = { { &pf_state_pl, UINT_MAX } { &pf_frent_pl, PFFRAG_FRENT_HIWAT } }; - -#if NPFLOG > 0 -#define PFLOG_PACKET(i,x,a,b,c,d,e) \ - do { \ - if (b == AF_INET) { \ - HTONS(((struct ip *)x)->ip_len); \ - HTONS(((struct ip *)x)->ip_off); \ - pflog_packet(i,a,b,c,d,e); \ - NTOHS(((struct ip *)x)->ip_len); \ - NTOHS(((struct ip *)x)->ip_off); \ - } else { \ - pflog_packet(i,a,b,c,d,e); \ - } \ - } while (0) -#else -#define PFLOG_PACKET(i,x,a,b,c,d,e) ((void)0) -#endif - #define STATE_TRANSLATE(s) \ (s)->lan.addr.addr32[0] != (s)->gwy.addr.addr32[0] || \ ((s)->af == AF_INET6 && \ @@ -366,49 +348,6 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) } #endif -int -pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_short dir, - u_short reason, struct pf_rule *rm) -{ -#if NBPFILTER > 0 - struct ifnet *ifn; - struct pfloghdr hdr; - struct mbuf m1; - - if (ifp == NULL || m == NULL || rm == NULL) - return (-1); - - hdr.af = htonl(af); - memcpy(hdr.ifname, ifp->if_xname, sizeof(hdr.ifname)); - - hdr.rnr = htons(rm->nr); - hdr.reason = htons(reason); - hdr.dir = htons(dir); - hdr.action = htons(rm->action); - -#ifdef INET - if (af == AF_INET && dir == PF_OUT) { - struct ip *ip; - - ip = mtod(m, struct ip *); - ip->ip_sum = 0; - ip->ip_sum = in_cksum(m, ip->ip_hl << 2); - } -#endif /* INET */ - - m1.m_next = m; - m1.m_len = PFLOG_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(pflogif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); -#endif - - return (0); -} - struct pf_state * pf_find_state(struct pf_state_tree *tree, struct pf_tree_node *key) { diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index cd44fa9171f..54bd300ade0 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.37 2002/10/22 12:23:35 mcbride Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.38 2002/10/29 19:51:04 mickey Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -25,6 +25,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "pflog.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> @@ -53,8 +55,6 @@ #include <net/pfvar.h> -#include "pflog.h" - struct pf_frent { LIST_ENTRY(pf_frent) fr_next; struct ip *fr_ip; @@ -118,22 +118,6 @@ int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, #define DPFPRINTF(x) if (pf_status.debug >= PF_DEBUG_MISC) \ { printf("%s: ", __func__); printf x ;} -#if NPFLOG > 0 -#define PFLOG_PACKET(i,x,a,b,c,d,e) \ - do { \ - if (b == AF_INET) { \ - HTONS(((struct ip *)x)->ip_len); \ - HTONS(((struct ip *)x)->ip_off); \ - pflog_packet(i,a,b,c,d,e); \ - NTOHS(((struct ip *)x)->ip_len); \ - NTOHS(((struct ip *)x)->ip_off); \ - } else \ - pflog_packet(i,a,b,c,d,e); \ - } while (0) -#else -#define PFLOG_PACKET(i,x,a,b,c,d,e) ((void)0) -#endif - /* Globals */ struct pool pf_frent_pl, pf_frag_pl, pf_cache_pl, pf_cent_pl; int pf_nfrents, pf_ncache; |