diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-11-28 01:07:00 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-11-28 01:07:00 +0000 |
| commit | 6ccd2ccce7759b3332af5f55909348c49b0ab3d7 (patch) | |
| tree | ffed37436faf630d2dda4466d25d78e96918465b /sys | |
| parent | f2e25225753fc4f7d20d5116e313db39c5ccca67 (diff) | |
More pf stats fixups:
- Don't double count double count icmp packets.
- We only want to increment rule and state counters if we're passing
the packet, unless it's a 'drop' rule.
ok dhartmei@ henning@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 66 |
1 files changed, 31 insertions, 35 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b178847c6d6..95765175c08 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.403 2003/11/21 01:47:16 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.404 2003/11/28 01:06:59 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4966,13 +4966,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) action = pf_test_state_icmp(&s, dir, ifp, m, off, h, &pd); if (action == PF_PASS) { r = s->rule.ptr; - r->packets++; - r->bytes += ntohs(h->ip_len); a = s->anchor.ptr; - if (a != NULL) { - a->packets++; - a->bytes += ntohs(h->ip_len); - } log = s->log; } else if (s == NULL) action = pf_test_icmp(&r, &s, dir, ifp, @@ -5030,19 +5024,21 @@ done: pf_status.pcounters[0][dir == PF_OUT][action != PF_PASS]++; } - r->packets++; - r->bytes += pd.tot_len; - if (a != NULL) { - a->packets++; - a->bytes += pd.tot_len; - } - if (s != NULL) { - dirndx = (dir == s->direction) ? 0 : 1; - s->packets[dirndx]++; - s->bytes[dirndx] += pd.tot_len; - if (s->nat_rule.ptr != NULL) { - s->nat_rule.ptr->packets++; - s->nat_rule.ptr->bytes += pd.tot_len; + if (action == PF_PASS || r->action == PF_DROP) { + r->packets++; + r->bytes += pd.tot_len; + if (a != NULL) { + a->packets++; + a->bytes += pd.tot_len; + } + if (s != NULL) { + dirndx = (dir == s->direction) ? 0 : 1; + s->packets[dirndx]++; + s->bytes[dirndx] += pd.tot_len; + if (s->nat_rule.ptr != NULL) { + s->nat_rule.ptr->packets++; + s->nat_rule.ptr->bytes += pd.tot_len; + } } } tr = r; @@ -5232,8 +5228,6 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0) m, off, h, &pd); if (action == PF_PASS) { r = s->rule.ptr; - r->packets++; - r->bytes += h->ip6_plen; a = s->anchor.ptr; log = s->log; } else if (s == NULL) @@ -5285,19 +5279,21 @@ done: pf_status.pcounters[1][dir == PF_OUT][action != PF_PASS]++; } - r->packets++; - r->bytes += pd.tot_len; - if (a != NULL) { - a->packets++; - a->bytes += pd.tot_len; - } - if (s != NULL) { - dirndx = (dir == s->direction) ? 0 : 1; - s->packets[dirndx]++; - s->bytes[dirndx] += pd.tot_len; - if (s->nat_rule.ptr != NULL) { - s->nat_rule.ptr->packets++; - s->nat_rule.ptr->bytes += pd.tot_len; + if (action == PF_PASS || r->action == PF_DROP) { + r->packets++; + r->bytes += pd.tot_len; + if (a != NULL) { + a->packets++; + a->bytes += pd.tot_len; + } + if (s != NULL) { + dirndx = (dir == s->direction) ? 0 : 1; + s->packets[dirndx]++; + s->bytes[dirndx] += pd.tot_len; + if (s->nat_rule.ptr != NULL) { + s->nat_rule.ptr->packets++; + s->nat_rule.ptr->bytes += pd.tot_len; + } } } tr = r; |