diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-22 05:58:30 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-22 05:58:30 +0000 |
commit | c6cab0e74baee649c035704dbc40fb4b470d1961 (patch) | |
tree | 926eaff0da8446b74be05109a7785201dafee994 | |
parent | 1855230e93e1e431f26b80ff4f7d864798452e1a (diff) |
add a new log opt PF_LOG_MATCHES
forces logging on all subsequent matching rules
real ok theo assumed oks ryan and dlg bikeshedding everyone in the room
implementation time ~ 1 minute
-rw-r--r-- | sys/net/pf.c | 10 | ||||
-rw-r--r-- | sys/net/pfvar.h | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 0634784c309..ee3b3c5300c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.704 2010/09/22 02:12:36 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.705 2010/09/22 05:58:29 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2939,7 +2939,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, PFRES_MEMORY); goto cleanup; } - if (r->log) + if (r->log || act.log & PF_LOG_MATCHES) PFLOG_PACKET(kif, h, m, af, direction, reason, r, a, ruleset, pd); @@ -2948,6 +2948,10 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, *rm = r; *am = a; *rsm = ruleset; + if (act.log & PF_LOG_MATCHES) + PFLOG_PACKET(kif, h, m, af, + direction, reason, r, + a, ruleset, pd); } if ((*rm)->quick) @@ -2973,7 +2977,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, } REASON_SET(&reason, PFRES_MATCH); - if (r->log) + if (r->log || act.log & PF_LOG_MATCHES) PFLOG_PACKET(kif, h, m, af, direction, reason, r, a, ruleset, pd); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 56d800b9501..4c812506839 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.314 2010/09/21 11:29:12 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.315 2010/09/22 05:58:29 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -123,6 +123,7 @@ enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL, #define PF_LOG_ALL 0x02 #define PF_LOG_SOCKET_LOOKUP 0x04 #define PF_LOG_FORCE 0x08 +#define PF_LOG_MATCHES 0x10 struct pf_addr { union { |