diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-21 07:04:25 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-21 07:04:25 +0000 |
| commit | f9d72b836869addd9b18af48c06c57b844731d21 (patch) | |
| tree | 38de0f3db4417d25715f9815802f9764078c7442 | |
| parent | b81227f2496dae7efb1a8469b8c498d8c0c7a362 (diff) | |
make "match log" rules log on the fly. thus you can log and see the packet
as it is in the very same moment pf hits that match rule. really awesome
with multiple rdr-to and the like. ok dlg - ryan would ok it too if he was
here right now
| -rw-r--r-- | sys/net/pf.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b0fa5cb1660..a1bc79a8d7f 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.699 2010/09/21 04:09:33 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.700 2010/09/21 07:04:24 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2945,6 +2945,10 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, PFRES_MEMORY); goto cleanup; } + if (r->log) + PFLOG_PACKET(kif, h, m, af, + direction, reason, r, + a, ruleset, pd); } else { match = 1; *rm = r; @@ -2978,17 +2982,9 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, REASON_SET(&reason, PFRES_MATCH); - if (act.log) { - struct pf_rule_item *mr; - - if (r->log) - PFLOG_PACKET(kif, h, m, af, direction, reason, - r, a, ruleset, pd); - SLIST_FOREACH(mr, &rules, entry) - if (mr->r->log) - PFLOG_PACKET(kif, h, m, af, direction, reason, - mr->r, a, ruleset, pd); - } + if (r->log) + PFLOG_PACKET(kif, h, m, af, direction, reason, + r, a, ruleset, pd); if ((r->action == PF_DROP) && ((r->rule_flag & PFRULE_RETURNRST) || |