summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2006-10-25 11:26:48 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2006-10-25 11:26:48 +0000
commit21a1d3c5ffca872a677e1459355d1810bd19e217 (patch)
tree67446db7788bb9e569ef0cf814a3b9d5181e54e7
parentff41d9b3d524c37c68b96c09e7b65325a302f870 (diff)
add a "u_int8_t logif" to struct pfrule to select to which pflog interface
logs go. ok mcbride
-rw-r--r--sys/net/if_pflog.c4
-rw-r--r--sys/net/pf_ioctl.c10
-rw-r--r--sys/net/pfvar.h3
3 files changed, 13 insertions, 4 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c
index 482d5233df1..d4e093f3468 100644
--- a/sys/net/if_pflog.c
+++ b/sys/net/if_pflog.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pflog.c,v 1.19 2006/10/23 12:46:09 henning Exp $ */
+/* $OpenBSD: if_pflog.c,v 1.20 2006/10/25 11:26:47 henning Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -221,7 +221,7 @@ pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
if (kif == NULL || m == NULL || rm == NULL || pd == NULL)
return (-1);
- if ((ifn = pflogifs[0]) == NULL || !ifn->if_bpf)
+ if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf)
return (0);
bzero(&hdr, sizeof(hdr));
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 979cd3535d0..f3b929dcc76 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.169 2006/08/30 11:31:02 djm Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.170 2006/10/25 11:26:47 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -72,6 +72,10 @@
#include <net/if_pfsync.h>
#endif /* NPFSYNC > 0 */
+#if NPFLOG > 0
+#include <net/if_pflog.h>
+#endif /* NPFLOG > 0 */
+
#ifdef INET6
#include <netinet/ip6.h>
#include <netinet/in_pcb.h>
@@ -1419,6 +1423,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EBUSY;
if (rule->rt && !rule->direction)
error = EINVAL;
+#if NPFLOG > 0
+ if (rule->logif >= PFLOGIFS_MAX)
+ error = EINVAL;
+#endif
if (pf_rtlabel_add(&rule->src.addr) ||
pf_rtlabel_add(&rule->dst.addr))
error = EBUSY;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 48c6ada497c..0a221b3825d 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.238 2006/10/17 14:08:17 reyk Exp $ */
+/* $OpenBSD: pfvar.h,v 1.239 2006/10/25 11:26:47 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -563,6 +563,7 @@ struct pf_rule {
u_int8_t action;
u_int8_t direction;
u_int8_t log;
+ u_int8_t logif;
u_int8_t quick;
u_int8_t ifnot;
u_int8_t match_tag_not;