diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-21 04:06:38 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2010-09-21 04:06:38 +0000 |
| commit | dcf3f6f485167d3dc34ecc8f45552ec19d21856c (patch) | |
| tree | 68742083410777fa1aec05a306179b42230bd274 /sys/net/if_pflog.h | |
| parent | dffc674616e5989cfa4c6f81ddbe553f839f6d34 (diff) | |
pflog overhaul
pflog was logging the "wrong" as in not yet rewritten (nat/rdr) addresses.
to address this without making an extra copy of the mbuf chain:
-introduce bpf_mtap_pflog, which is a 1:1 copy of bpf_mtap_hdr, except that
it supplies bpf_catchpacket with pflog_bpfcopy as copy function instead of
plain bcopy
-said new shiny pflog_bpfcopy knows what a pflog packet looks like, copies
everything into bpf's buffer, contructs a fake mbuf (which is allocated once
at attach time and reused over and over) which points to the bpf buffer
as data storage
-call pf_setup_pdesc on said fake mbuf
-then call pf_translate to rewrite the addresses as needed right in the
bpf buffer
this changes the pflog header as we have to pass the new addresses/ports
around. relies on canacar's awesome work in libpcap to work olrite with the
new, longer pflog header as well as with the old, shorter one.
almost completely written at c2k10 in canada, finished here at j2k10 in
japan. ok ryan dlg
Diffstat (limited to 'sys/net/if_pflog.h')
| -rw-r--r-- | sys/net/if_pflog.h | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index 835700c5bb7..243870375d0 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.h,v 1.15 2010/06/26 16:49:01 henning Exp $ */ +/* $OpenBSD: if_pflog.h,v 1.16 2010/09/21 04:06:37 henning Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -27,6 +27,8 @@ #ifndef _NET_IF_PFLOG_H_ #define _NET_IF_PFLOG_H_ +#include <net/pfvar.h> + #define PFLOGIFS_MAX 16 struct pflog_softc { @@ -52,13 +54,19 @@ struct pfloghdr { pid_t rule_pid; u_int8_t dir; u_int8_t pad[3]; + struct pf_addr saddr; + struct pf_addr daddr; + u_int16_t sport; + u_int16_t dport; }; #define PFLOG_HDRLEN sizeof(struct pfloghdr) -/* minus pad, also used as a signature */ -#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad) +/* used to be minus pad, also used as a signature */ +#define PFLOG_REAL_HDRLEN PFLOG_HDRLEN +#define PFLOG_OLD_HDRLEN offsetof(struct pfloghdr, pad) #ifdef _KERNEL +void pflog_bpfcopy(const void *, void *, size_t); #if NPFLOG > 0 #define PFLOG_PACKET(i,x,a,b,c,d,e,f,g,h) pflog_packet(i,a,b,c,d,e,f,g,h) |