summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2001-06-26 19:51:05 +0000
committerNiels Provos <provos@cvs.openbsd.org>2001-06-26 19:51:05 +0000
commit365a4d00173693652d309133c96a976401713859 (patch)
tree2704fff18da915f845b93916571868e09e51eff5
parent9424116e40f7e83c289da99358b68710fb409990 (diff)
log-all causes state matches to log packets to pflog
-rw-r--r--sys/net/pf.c43
1 files changed, 22 insertions, 21 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 9dffeed2d24..cc1633ab7ce 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.58 2001/06/26 19:43:14 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.59 2001/06/26 19:51:04 provos Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -2067,10 +2067,11 @@ pull_hdr(struct ifnet *ifp, struct mbuf *m, int ipoff, int off, void *p,
}
int
-pf_test(int direction, struct ifnet *ifp, struct mbuf *m)
+pf_test(int dir, struct ifnet *ifp, struct mbuf *m)
{
u_short action, reason = 0, log = 0;
struct ip *h;
+ struct pf_state *s;
int off;
if (!pf_status.running)
@@ -2105,14 +2106,14 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf *m)
if (!pull_hdr(ifp, m, 0, off, &th, sizeof(th), h,
&action, &reason)) {
- log = 1;
+ log = action != PF_PASS;
goto done;
}
- if (pf_test_state_tcp(direction, ifp, m, 0, off, h, &th))
+ if ((s = pf_test_state_tcp(dir, ifp, m, 0, off, h, &th))) {
action = PF_PASS;
- else
- action = pf_test_tcp(direction, ifp, m, 0, off, h,
- &th);
+ log = s->log;
+ } else
+ action = pf_test_tcp(dir, ifp, m, 0, off, h, &th);
break;
}
@@ -2121,14 +2122,14 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf *m)
if (!pull_hdr(ifp, m, 0, off, &uh, sizeof(uh), h,
&action, &reason)) {
- log = 1;
+ log = action != PF_PASS;
goto done;
}
- if (pf_test_state_udp(direction, ifp, m, 0, off, h, &uh))
+ if ((s = pf_test_state_udp(dir, ifp, m, 0, off, h, &uh))) {
action = PF_PASS;
- else
- action = pf_test_udp(direction, ifp, m, 0, off, h,
- &uh);
+ log = s->log;
+ } else
+ action = pf_test_udp(dir, ifp, m, 0, off, h, &uh);
break;
}
@@ -2137,14 +2138,14 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf *m)
if (!pull_hdr(ifp, m, 0, off, &ih, sizeof(ih), h,
&action, &reason)) {
- log = 1;
+ log = action != PF_PASS;
goto done;
}
- if (pf_test_state_icmp(direction, ifp, m, 0, off, h, &ih))
+ if ((s = pf_test_state_icmp(dir, ifp, m, 0, off, h, &ih))) {
action = PF_PASS;
- else
- action = pf_test_icmp(direction, ifp, m, 0, off, h,
- &ih);
+ log = s->log;
+ } else
+ action = pf_test_icmp(dir, ifp, m, 0, off, h, &ih);
break;
}
@@ -2155,15 +2156,15 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf *m)
done:
if (ifp == status_ifp) {
- pf_status.bytes[direction] += h->ip_len;
- pf_status.packets[direction][action]++;
+ pf_status.bytes[dir] += h->ip_len;
+ pf_status.packets[dir][action]++;
}
- if (log && action != PF_PASS) {
+ if (log) {
struct pf_rule r;
r.ifp = ifp;
r.action = action;
- PFLOG_PACKET(h, m, AF_INET, direction, reason, -1, &r);
+ PFLOG_PACKET(h, m, AF_INET, dir, reason, -1, &r);
}
return (action);
}