add a subreason to the link header to allow us to determine why a packet was

dropped or passed.  from discussion with theo and me.

3 files changed, 17 insertions, 13 deletions

diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h
index 577ee1c340d..3cb7f7ff346 100644
--- a/sys/net/if_pflog.h
+++ b/sys/net/if_pflog.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pflog.h,v 1.2 2001/06/25 23:02:19 provos Exp $ */
+/* $OpenBSD: if_pflog.h,v 1.3 2001/06/26 15:33:00 provos Exp $ */
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and 
@@ -43,9 +43,10 @@ struct pflog_softc {
 struct pfloghdr {
 	u_int32_t af;
 	char ifname[IFNAMSIZ];
-	int rnr;
-	short dir;
-	short action;
+	u_short rnr;
+	u_short reason;
+	u_short action;
+	u_short dir;
 };
 
 #define PFLOG_HDRLEN	sizeof(struct pfloghdr)
diff --git a/sys/net/pf.c b/sys/net/pf.c
index eab95e07279..dd6291c46a6 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.50 2001/06/26 12:27:16 wilfried Exp $ */
+/*	$OpenBSD: pf.c,v 1.51 2001/06/26 15:33:00 provos Exp $ */
 
 /*
  * Copyright (c) 2001, Daniel Hartmeier
@@ -163,15 +163,15 @@ struct pf_state	*pf_test_state_icmp(int, struct ifnet *, struct mbuf **,
 void		*pull_hdr(struct ifnet *, struct mbuf **, int, int, void *, int,
 		    struct ip *, int *);
 int		 pf_test(int, struct ifnet *, struct mbuf **);
-int		 pflog_packet(struct mbuf *, int, short,int,
+int		 pflog_packet(struct mbuf *, int, u_short, u_short, u_short,
 		    struct pf_rule *);
 
 #if NPFLOG > 0
-#define		 PFLOG_PACKET(x,a,b,c,d,e) \
+#define		 PFLOG_PACKET(x,a,b,c,d,e,f) \
 		do { \
 			HTONS((x)->ip_len); \
 			HTONS((x)->ip_off); \
-			pflog_packet(a,b,c,d,e); \
+			pflog_packet(a,b,c,d,e,f); \
 			NTOHS((x)->ip_len); \
 			NTOHS((x)->ip_off); \
 		} while (0)
@@ -356,7 +356,8 @@ tree_remove(struct pf_tree_node **p, struct pf_tree_key *key)
 }
 
 int
-pflog_packet(struct mbuf *m, int af, short dir, int nr, struct pf_rule *rm)
+pflog_packet(struct mbuf *m, int af, u_short dir, u_short reason,
+    u_short nr, struct pf_rule *rm)
 {
 #if NBPFILTER > 0
         struct ifnet *ifn, *ifp = rm->ifp;
@@ -1272,7 +1273,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
 
 	/* XXX will log packet before rewrite */
 	if ((rm != NULL) && rm->log)
-		PFLOG_PACKET(h, *m, AF_INET, direction, mnr, rm);
+		PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm);
 
 	if ((rm != NULL) && (rm->action == PF_DROP_RST)) {
 		/* undo NAT/RST changes, if they have taken place */
@@ -1418,7 +1419,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m,
 
 	/* XXX will log packet before rewrite */
 	if (rm != NULL && rm->log)
-		PFLOG_PACKET(h, *m, AF_INET, direction, mnr, rm);
+		PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm);
 
 	if (rm != NULL && rm->action != PF_PASS)
 		return (PF_DROP);
@@ -1528,7 +1529,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
 
 	/* XXX will log packet before rewrite */
 	if (rm != NULL && rm->log)
-		PFLOG_PACKET(h, *m, AF_INET, direction, mnr, rm);
+		PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm);
 
 	if (rm != NULL && rm->action != PF_PASS)
 		return (PF_DROP);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index f420dbcee4d..7fe4d629a17 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.13 2001/06/26 04:17:11 frantzen Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.14 2001/06/26 15:33:01 provos Exp $ */
 
 /*
  * Copyright (c) 2001, Daniel Hartmeier
@@ -187,6 +187,8 @@ struct pfioc_if {
 #define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if)
 #define DIOCGETSTATUS	_IOWR('D', 21, struct pf_status)
 
+/* Reasons code for passing/dropping a packet */
+#define PFRES_MATCH	0		/* Explicit match of a rule */
 
 #ifdef _KERNEL