summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2001-06-26 19:43:16 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2001-06-26 19:43:16 +0000
commit04a10fb53b830b8e86bd8650451872831c55f4eb (patch)
tree82f644f128d2feb25163d86623994b9cc5e9994a /sys/net
parentb82e290e218f6249a5b2aeae788ef47d965edb1b (diff)
add rule pointer and log option to states
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf.c11
-rw-r--r--sys/net/pfvar.h4
2 files changed, 13 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index d87e1b49a38..9dffeed2d24 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.57 2001/06/26 19:09:43 provos Exp $ */
+/* $OpenBSD: pf.c,v 1.58 2001/06/26 19:43:14 dhartmei Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -674,6 +674,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
u_int32_t *ticket = (u_int32_t *)addr;
struct pf_rulequeue *old_rules;
struct pf_rule *rule;
+ struct pf_state *state;
if (*ticket != ticket_rules_inactive) {
error = EBUSY;
@@ -682,6 +683,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
/* Swap rules, keep the old. */
s = splsoftnet();
+ /* Rules are about to get freed, clear rule pointers in states */
+ TAILQ_FOREACH(state, &pf_states, entries) state->rule = NULL;
old_rules = pf_rules_active;
pf_rules_active = pf_rules_inactive;
pf_rules_inactive = old_rules;
@@ -1307,6 +1310,8 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m,
if (s == NULL) {
return (PF_DROP);
}
+ s->rule = rm;
+ s->log = rm && (rm->log & 2);
s->proto = IPPROTO_TCP;
s->direction = direction;
if (direction == PF_OUT) {
@@ -1434,6 +1439,8 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m,
if (s == NULL) {
return (PF_DROP);
}
+ s->rule = rm;
+ s->log = rm && (rm->log & 2);
s->proto = IPPROTO_UDP;
s->direction = direction;
if (direction == PF_OUT) {
@@ -1544,6 +1551,8 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m,
if (s == NULL) {
return (PF_DROP);
}
+ s->rule = rm;
+ s->log = rm && (rm->log & 2);
s->proto = IPPROTO_ICMP;
s->direction = direction;
if (direction == PF_OUT) {
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 262ce4600ec..5daa870ae7c 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.16 2001/06/26 19:01:55 provos Exp $ */
+/* $OpenBSD: pfvar.h,v 1.17 2001/06/26 19:43:14 dhartmei Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -87,12 +87,14 @@ struct pf_state {
struct pf_state_host ext;
struct pf_state_peer src;
struct pf_state_peer dst;
+ struct pf_rule *rule;
u_int32_t creation;
u_int32_t expire;
u_int32_t packets;
u_int32_t bytes;
u_int8_t proto;
u_int8_t direction;
+ u_int8_t log;
};
struct pf_nat {