add a new log opt PF_LOG_MATCHES

forces logging on all subsequent matching rules
real ok theo assumed oks ryan and dlg bikeshedding everyone in the room
implementation time ~ 1 minute

2 files changed, 9 insertions, 4 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 0634784c309..ee3b3c5300c 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.704 2010/09/22 02:12:36 henning Exp $ */
+/*	$OpenBSD: pf.c,v 1.705 2010/09/22 05:58:29 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -2939,7 +2939,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 						    PFRES_MEMORY);
 						goto cleanup;
 					}
-					if (r->log)
+					if (r->log || act.log & PF_LOG_MATCHES)
 						PFLOG_PACKET(kif, h, m, af,
 						    direction, reason, r,
 						    a, ruleset, pd);
@@ -2948,6 +2948,10 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 					*rm = r;
 					*am = a;
 					*rsm = ruleset;
+					if (act.log & PF_LOG_MATCHES)
+						PFLOG_PACKET(kif, h, m, af,
+						    direction, reason, r,
+						    a, ruleset, pd);
 				}
 
 				if ((*rm)->quick)
@@ -2973,7 +2977,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 	}
 	REASON_SET(&reason, PFRES_MATCH);
 
-	if (r->log)
+	if (r->log || act.log & PF_LOG_MATCHES)
 		PFLOG_PACKET(kif, h, m, af, direction, reason,
 		    r, a, ruleset, pd);
 
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 56d800b9501..4c812506839 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.314 2010/09/21 11:29:12 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.315 2010/09/22 05:58:29 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -123,6 +123,7 @@ enum	{ PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,
 #define	PF_LOG_ALL		0x02
 #define	PF_LOG_SOCKET_LOOKUP	0x04
 #define	PF_LOG_FORCE		0x08
+#define	PF_LOG_MATCHES		0x10
 
 struct pf_addr {
 	union {