summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2001-06-26 20:06:37 +0000
committerNiels Provos <provos@cvs.openbsd.org>2001-06-26 20:06:37 +0000
commit4bd38b28ad33d205bd1e197e7cc38c8282ade8a1 (patch)
tree72e53acadedf43357a6677eadfa137eceac0d84e /sys/net/pf.c
parent0652294b476010067362c5725f2456cf047d854f (diff)
pass rule to logging for state matches
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index cc1633ab7ce..e3271384da1 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.59 2001/06/26 19:51:04 provos Exp $ */
+/* $OpenBSD: pf.c,v 1.60 2001/06/26 20:06:36 provos Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -2071,6 +2071,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf *m)
{
u_short action, reason = 0, log = 0;
struct ip *h;
+ struct pf_rule *r = NULL;
struct pf_state *s;
int off;
@@ -2111,6 +2112,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf *m)
}
if ((s = pf_test_state_tcp(dir, ifp, m, 0, off, h, &th))) {
action = PF_PASS;
+ r = s->rule;
log = s->log;
} else
action = pf_test_tcp(dir, ifp, m, 0, off, h, &th);
@@ -2127,6 +2129,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf *m)
}
if ((s = pf_test_state_udp(dir, ifp, m, 0, off, h, &uh))) {
action = PF_PASS;
+ r = s->rule;
log = s->log;
} else
action = pf_test_udp(dir, ifp, m, 0, off, h, &uh);
@@ -2143,6 +2146,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf *m)
}
if ((s = pf_test_state_icmp(dir, ifp, m, 0, off, h, &ih))) {
action = PF_PASS;
+ r = s->rule;
log = s->log;
} else
action = pf_test_icmp(dir, ifp, m, 0, off, h, &ih);
@@ -2160,11 +2164,14 @@ done:
pf_status.packets[dir][action]++;
}
if (log) {
- struct pf_rule r;
+ struct pf_rule r0;
- r.ifp = ifp;
- r.action = action;
- PFLOG_PACKET(h, m, AF_INET, dir, reason, -1, &r);
+ if (r == NULL) {
+ r0.ifp = ifp;
+ r0.action = action;
+ r = &r0;
+ }
+ PFLOG_PACKET(h, m, AF_INET, dir, reason, -1, r);
}
return (action);
}