summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjasoni <jasoni@cvs.openbsd.org>2001-12-11 03:08:48 +0000
committerjasoni <jasoni@cvs.openbsd.org>2001-12-11 03:08:48 +0000
commitc4b5da3b3b2aefe4aa5ee00db75afd7cfa6711a4 (patch)
tree5c2def38c3f5e15f49724ffddcc158e10435f921
parent3055ec4b761020d79f60a24556ca5d6545b581e5 (diff)
- Log packet while mbuf is still valid.
- If logging and r == NULL, use r0 leaving r untouched. - Note that pf_route/pf_route6 can free the mbuf. Thanks and ok frantzen@
-rw-r--r--sys/net/pf.c50
1 files changed, 25 insertions, 25 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index b8d9950202b..11dfd4161e7 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.178 2001/12/10 18:28:32 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.179 2001/12/11 03:08:47 jasoni Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -4965,6 +4965,18 @@ done:
("pf: dropping packet with ip options\n"));
}
+ if (log) {
+ if (r == NULL) {
+ struct pf_rule r0;
+ r0.ifp = ifp;
+ r0.action = action;
+ r0.nr = -1;
+ PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, &r0);
+ } else
+ PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, r);
+ }
+
+ /* pf_route can free the mbuf causing *m to become NULL */
if (r && r->rt) {
pf_route(m, r);
if (r->rt != PF_DUPTO) {
@@ -4973,18 +4985,6 @@ done:
}
}
- if (log) {
- struct pf_rule r0;
-
- if (r == NULL) {
- r0.ifp = ifp;
- r0.action = action;
- r0.nr = -1;
- r = &r0;
- }
- PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, r);
- }
- /* XXX (pf_rule *)r may now be invalid from the above log */
return (action);
}
#endif /* INET */
@@ -5147,6 +5147,18 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
done:
/* XXX handle IPv6 options, if not allowed. not implemented. */
+ if (log) {
+ if (r == NULL) {
+ struct pf_rule r0;
+ r0.ifp = ifp;
+ r0.action = action;
+ r0.nr = -1;
+ PFLOG_PACKET(ifp, h, m, AF_INET6, dir, reason, &r0);
+ } else
+ PFLOG_PACKET(ifp, h, m, AF_INET6, dir, reason, r);
+ }
+
+ /* pf_route6 can free the mbuf causing *m to become NULL */
if (r && r->rt) {
pf_route6(m, r);
if (r->rt != PF_DUPTO) {
@@ -5155,18 +5167,6 @@ done:
}
}
- if (log) {
- struct pf_rule r0;
-
- if (r == NULL) {
- r0.ifp = ifp;
- r0.action = action;
- r0.nr = -1;
- r = &r0;
- }
- PFLOG_PACKET(ifp, h, m, AF_INET6, dir, reason, r);
- }
- /* XXX (pf_rule *)r may now be invalid from the above log */
return (action);
}
#endif /* INET6 */