diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-08-19 19:03:59 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-08-19 19:03:59 +0000 |
| commit | 732d8c04410f10e0bf97908be59eb9e0e406cbaa (patch) | |
| tree | d6f7a0dad241d202c87e3b6cf814b6f262c4088f | |
| parent | afbbad451be11366260491de1a7ebc5f6375aaf5 (diff) | |
Add per-rule byte counter, so mickey can do accounting. We're counting the
data part (without IP and TCP/UDP/ICMP headers), like the state counter does.
| -rw-r--r-- | sbin/pfctl/pfctl.c | 7 | ||||
| -rw-r--r-- | sys/net/pf.c | 25 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 5 |
3 files changed, 27 insertions, 10 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 9d8ce000933..2b0c7e680df 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.34 2001/08/19 18:20:46 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.35 2001/08/19 19:03:58 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -186,8 +186,9 @@ pfctl_show_rules(int dev, int opts) err(1, "DIOCGETRULE"); print_rule(&pr.rule); if (opts & PF_OPT_VERBOSE) - printf("[ Evaluations: %-10llu Packets: %-10llu ]\n\n", - pr.rule.evaluations, pr.rule.packets); + printf("[ Evaluations: %-10llu Packets: %-10llu " + "Bytes: %-10llu ]\n\n", pr.rule.evaluations, + pr.rule.packets, pr.rule.bytes); } return (0); } diff --git a/sys/net/pf.c b/sys/net/pf.c index b0bb8ce6bce..af39e660b73 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.128 2001/08/19 18:19:08 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.129 2001/08/19 19:03:58 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -823,7 +823,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } } else rule->ifp = NULL; - rule->packets = rule->evaluations = 0; + rule->evaluations = rule->packets = rule->bytes = 0; TAILQ_INSERT_TAIL(pf_rules_inactive, rule, entries); break; } @@ -926,7 +926,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } } - newrule->packets = newrule->evaluations = 0; + newrule->evaluations = newrule->packets = 0; + newrule->bytes = 0; } s = splsoftnet(); @@ -1839,6 +1840,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m, if (rm != NULL) { rm->packets++; + rm->bytes += h->ip_len - off - (th->th_off << 2); REASON_SET(&reason, PFRES_MATCH); /* XXX will log packet before rewrite */ @@ -2020,6 +2022,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m, if (rm != NULL) { rm->packets++; + rm->bytes += h->ip_len - off - sizeof(*uh); REASON_SET(&reason, PFRES_MATCH); /* XXX will log packet before rewrite */ @@ -2163,6 +2166,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, if (rm != NULL) { rm->packets++; + rm->bytes += h->ip_len - off - ICMP_MINLEN; REASON_SET(&reason, PFRES_MATCH); /* XXX will log packet before rewrite */ @@ -2261,6 +2265,7 @@ pf_test_other(int direction, struct ifnet *ifp, struct mbuf *m, struct ip *h) u_short reason; rm->packets++; + rm->bytes += h->ip_len; REASON_SET(&reason, PFRES_MATCH); if (rm->log) PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); @@ -2483,6 +2488,10 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp, (*state)->lan.port); m_copyback(m, off, sizeof(*th), (caddr_t)th); } + if ((*state)->rule != NULL) { + (*state)->rule->packets++; + (*state)->rule->bytes += len; + } return (PF_PASS); } @@ -2543,6 +2552,10 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp, m_copyback(m, off, sizeof(*uh), (caddr_t)uh); } + if ((*state)->rule != NULL) { + (*state)->rule->packets++; + (*state)->rule->bytes += len; + } return (PF_PASS); } @@ -2923,6 +2936,10 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) action = pf_test_state_icmp(&s, dir, ifp, m, 0, off, h, &ih); if (action == PF_PASS) { r = s->rule; + if (r != NULL) { + r->packets++; + r->bytes += h->ip_len - off - sizeof(ih); + } log = s->log; } else if (s == NULL) action = pf_test_icmp(dir, ifp, m, 0, off, h, &ih); @@ -2938,8 +2955,6 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) pf_status.bcounters[dir] += h->ip_len; pf_status.pcounters[dir][action]++; } - if (r != NULL) - r->packets++; done: if (log) { diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 679aeca3813..02eea7db9b4 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.42 2001/08/19 18:19:08 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.43 2001/08/19 19:03:58 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -61,8 +61,9 @@ struct pf_rule { struct pf_rule *skip[5]; TAILQ_ENTRY(pf_rule) entries; - u_int64_t packets; u_int64_t evaluations; + u_int64_t packets; + u_int64_t bytes; u_int16_t nr; u_int16_t return_icmp; |