diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-08-19 18:19:09 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-08-19 18:19:09 +0000 |
| commit | ac6aa4301a8e553a0fadc757a32fe73b442c50ad (patch) | |
| tree | c1100619da815d7f728dab62ad539388ded778f8 /sys/net/pf.c | |
| parent | 606bfd5f4edb4d89b73a6100d272572cba4dfc92 (diff) | |
Add per-rule statistics (number of evaluations and number of packets).
Packets passed statefully will be counted using the rule that created
the state.
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index a9235c78751..b0bb8ce6bce 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.127 2001/08/19 17:03:00 frantzen Exp $ */ +/* $OpenBSD: pf.c,v 1.128 2001/08/19 18:19:08 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -823,6 +823,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } } else rule->ifp = NULL; + rule->packets = rule->evaluations = 0; TAILQ_INSERT_TAIL(pf_rules_inactive, rule, entries); break; } @@ -925,6 +926,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } } + newrule->packets = newrule->evaluations = 0; } s = splsoftnet(); @@ -1806,6 +1808,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m, r = TAILQ_NEXT(r, entries); continue; } + r->evaluations++; if (r->proto && r->proto != h->ip_p) r = r->skip[0]; else if (r->src.mask && !pf_match_addr(r->src.not, @@ -1835,6 +1838,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m, } if (rm != NULL) { + rm->packets++; REASON_SET(&reason, PFRES_MATCH); /* XXX will log packet before rewrite */ @@ -1987,6 +1991,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m, r = TAILQ_NEXT(r, entries); continue; } + r->evaluations++; if (r->proto && r->proto != h->ip_p) r = r->skip[0]; else if (r->src.mask && !pf_match_addr(r->src.not, @@ -2014,6 +2019,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m, } if (rm != NULL) { + rm->packets++; REASON_SET(&reason, PFRES_MATCH); /* XXX will log packet before rewrite */ @@ -2130,6 +2136,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, r = TAILQ_NEXT(r, entries); continue; } + r->evaluations++; if (r->proto && r->proto != h->ip_p) r = r->skip[0]; else if (r->src.mask && !pf_match_addr(r->src.not, @@ -2155,6 +2162,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, } if (rm != NULL) { + rm->packets++; REASON_SET(&reason, PFRES_MATCH); /* XXX will log packet before rewrite */ @@ -2228,6 +2236,7 @@ pf_test_other(int direction, struct ifnet *ifp, struct mbuf *m, struct ip *h) r = TAILQ_NEXT(r, entries); continue; } + r->evaluations++; if (r->proto && r->proto != h->ip_p) r = r->skip[0]; else if (r->src.mask && !pf_match_addr(r->src.not, @@ -2251,6 +2260,7 @@ pf_test_other(int direction, struct ifnet *ifp, struct mbuf *m, struct ip *h) if (rm != NULL) { u_short reason; + rm->packets++; REASON_SET(&reason, PFRES_MATCH); if (rm->log) PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); @@ -2928,6 +2938,8 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) pf_status.bcounters[dir] += h->ip_len; pf_status.pcounters[dir][action]++; } + if (r != NULL) + r->packets++; done: if (log) { |