summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-12-18 19:40:42 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-12-18 19:40:42 +0000
commit1b33c38cd3170b6cdfd4fabac6582b6177177605 (patch)
treef7cf8354676118fac3304133795fdfd26f5b6b1b /sys/net/pf.c
parent29d2e9a7f2313652b63884678ea2b63bd7170c38 (diff)
Store translation rule pointer in state entries, so pfctl -vsn can print
evaluation, packet, byte and state entry counters similar to -vsr. Helps verify whether/how often translation rules are evaluated/matched. ok frantzen@, henning@
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c40
1 files changed, 39 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 8fd60b07c85..b129bb52590 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.276 2002/12/18 18:35:30 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.277 2002/12/18 19:40:41 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -477,6 +477,8 @@ pf_purge_expired_states(void)
#endif
if (cur->state->rule.ptr != NULL)
cur->state->rule.ptr->states--;
+ if (cur->state->nat_rule != NULL)
+ cur->state->nat_rule->states--;
pool_put(&pf_state_pl, cur->state);
pool_put(&pf_tree_pl, cur);
pool_put(&pf_tree_pl, peer);
@@ -1928,6 +1930,12 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
rs->states++;
s->rule.ptr = rs;
+ if (nat != NULL)
+ s->nat_rule = nat;
+ else if (rdr != NULL)
+ s->nat_rule = rdr;
+ if (s->nat_rule != NULL)
+ s->nat_rule->states++;
s->allow_opts = *rm && (*rm)->allow_opts;
s->log = *rm && ((*rm)->log & 2);
s->proto = IPPROTO_TCP;
@@ -2167,6 +2175,12 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
rs->states++;
s->rule.ptr = rs;
+ if (nat != NULL)
+ s->nat_rule = nat;
+ else if (rdr != NULL)
+ s->nat_rule = rdr;
+ if (s->nat_rule != NULL)
+ s->nat_rule->states++;
s->allow_opts = *rm && (*rm)->allow_opts;
s->log = *rm && ((*rm)->log & 2);
s->proto = IPPROTO_UDP;
@@ -2407,6 +2421,12 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp,
rs->states++;
s->rule.ptr = rs;
+ if (nat != NULL)
+ s->nat_rule = nat;
+ else if (rdr != NULL)
+ s->nat_rule = rdr;
+ if (s->nat_rule != NULL)
+ s->nat_rule->states++;
s->allow_opts = *rm && (*rm)->allow_opts;
s->log = *rm && ((*rm)->log & 2);
s->proto = pd->proto;
@@ -2594,6 +2614,12 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp,
rs->states++;
s->rule.ptr = rs;
+ if (nat != NULL)
+ s->nat_rule = nat;
+ else if (rdr != NULL)
+ s->nat_rule = rdr;
+ if (s->nat_rule != NULL)
+ s->nat_rule->states++;
s->allow_opts = *rm && (*rm)->allow_opts;
s->log = *rm && ((*rm)->log & 2);
s->proto = pd->proto;
@@ -3007,6 +3033,10 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp,
(*state)->rule.ptr->packets++;
(*state)->rule.ptr->bytes += pd->tot_len;
}
+ if ((*state)->nat_rule != NULL) {
+ (*state)->nat_rule->packets++;
+ (*state)->nat_rule->bytes += pd->tot_len;
+ }
return (PF_PASS);
}
@@ -3074,6 +3104,10 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp,
(*state)->rule.ptr->packets++;
(*state)->rule.ptr->bytes += pd->tot_len;
}
+ if ((*state)->nat_rule != NULL) {
+ (*state)->nat_rule->packets++;
+ (*state)->nat_rule->bytes += pd->tot_len;
+ }
return (PF_PASS);
}
@@ -3650,6 +3684,10 @@ pf_test_state_other(struct pf_state **state, int direction, struct ifnet *ifp,
(*state)->rule.ptr->packets++;
(*state)->rule.ptr->bytes += pd->tot_len;
}
+ if ((*state)->nat_rule != NULL) {
+ (*state)->nat_rule->packets++;
+ (*state)->nat_rule->bytes += pd->tot_len;
+ }
return (PF_PASS);
}