diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-06-26 19:43:16 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-06-26 19:43:16 +0000 |
| commit | 04a10fb53b830b8e86bd8650451872831c55f4eb (patch) | |
| tree | 82f644f128d2feb25163d86623994b9cc5e9994a | |
| parent | b82e290e218f6249a5b2aeae788ef47d965edb1b (diff) | |
add rule pointer and log option to states
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 9 | ||||
| -rw-r--r-- | sys/net/pf.c | 11 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
3 files changed, 20 insertions, 4 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index e631fc9b196..c75c4657050 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.12 2001/06/26 18:18:58 kjell Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.13 2001/06/26 19:43:15 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -397,8 +397,10 @@ print_rule(struct pf_rule *r) printf("in "); else printf("out "); - if (r->log) + if (r->log == 1) printf("log "); + else if (r->log == 2) + printf("log-all "); if (r->quick) printf("quick "); if (r->ifname[0]) @@ -625,6 +627,9 @@ parse_rule(int n, char *l, struct pf_rule *r) if (!strcmp(w, "log")) { r->log = 1; w = next_word(&l); + } else if (!strcmp(w, "log-all")) { + r->log = 2; + w = next_word(&l); } /* quick */ diff --git a/sys/net/pf.c b/sys/net/pf.c index d87e1b49a38..9dffeed2d24 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.57 2001/06/26 19:09:43 provos Exp $ */ +/* $OpenBSD: pf.c,v 1.58 2001/06/26 19:43:14 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -674,6 +674,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) u_int32_t *ticket = (u_int32_t *)addr; struct pf_rulequeue *old_rules; struct pf_rule *rule; + struct pf_state *state; if (*ticket != ticket_rules_inactive) { error = EBUSY; @@ -682,6 +683,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) /* Swap rules, keep the old. */ s = splsoftnet(); + /* Rules are about to get freed, clear rule pointers in states */ + TAILQ_FOREACH(state, &pf_states, entries) state->rule = NULL; old_rules = pf_rules_active; pf_rules_active = pf_rules_inactive; pf_rules_inactive = old_rules; @@ -1307,6 +1310,8 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m, if (s == NULL) { return (PF_DROP); } + s->rule = rm; + s->log = rm && (rm->log & 2); s->proto = IPPROTO_TCP; s->direction = direction; if (direction == PF_OUT) { @@ -1434,6 +1439,8 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m, if (s == NULL) { return (PF_DROP); } + s->rule = rm; + s->log = rm && (rm->log & 2); s->proto = IPPROTO_UDP; s->direction = direction; if (direction == PF_OUT) { @@ -1544,6 +1551,8 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, if (s == NULL) { return (PF_DROP); } + s->rule = rm; + s->log = rm && (rm->log & 2); s->proto = IPPROTO_ICMP; s->direction = direction; if (direction == PF_OUT) { diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 262ce4600ec..5daa870ae7c 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.16 2001/06/26 19:01:55 provos Exp $ */ +/* $OpenBSD: pfvar.h,v 1.17 2001/06/26 19:43:14 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -87,12 +87,14 @@ struct pf_state { struct pf_state_host ext; struct pf_state_peer src; struct pf_state_peer dst; + struct pf_rule *rule; u_int32_t creation; u_int32_t expire; u_int32_t packets; u_int32_t bytes; u_int8_t proto; u_int8_t direction; + u_int8_t log; }; struct pf_nat { |