mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-30 05:36:10 +00:00
pf: do not pass af to PFLOG_PACKET
Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET()
because either the info is already available in struct pd or easy
to figure out. Makes pf_test() and pf_test6() even more similar
(with the target to remove one of them in the near future).
OK henning@
Reviewed by: zlei
Obtained from: OpenBSD, claudio <claudio@openbsd.org>, 5480721ed1
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46596
This commit is contained in:
Kristof Provost
parent
9746c1e288
commit
bc4b0defb0
|
|
@ -69,9 +69,9 @@ struct pf_ruleset;
|
|||
struct pfi_kif;
|
||||
struct pf_pdesc;
|
||||
|
||||
#define PFLOG_PACKET(i,a,b,t,c,d,e,f,g,di) do { \
|
||||
#define PFLOG_PACKET(i,a,b,t,c,d,e,f,g) do { \
|
||||
if (pflog_packet_ptr != NULL) \
|
||||
pflog_packet_ptr(i,a,b,t,c,d,e,f,g,di); \
|
||||
pflog_packet_ptr(i,a,b,t,c,d,e,f,g); \
|
||||
} while (0)
|
||||
#endif /* _KERNEL */
|
||||
#endif /* _NET_IF_PFLOG_H_ */
|
||||
|
|
|
|||
|
|
@ -1254,7 +1254,7 @@ void pf_state_export(struct pf_state_export *,
|
|||
/* pflog */
|
||||
struct pf_kruleset;
|
||||
struct pf_pdesc;
|
||||
typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t,
|
||||
typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *,
|
||||
uint8_t, u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *,
|
||||
struct pf_pdesc *, int);
|
||||
extern pflog_packet_t *pflog_packet_ptr;
|
||||
|
|
|
|||
|
|
@ -213,7 +213,7 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
|||
}
|
||||
|
||||
static int
|
||||
pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af,
|
||||
pflog_packet(struct pfi_kkif *kif, struct mbuf *m,
|
||||
uint8_t action, u_int8_t reason, struct pf_krule *rm, struct pf_krule *am,
|
||||
struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe)
|
||||
{
|
||||
|
|
@ -229,7 +229,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af,
|
|||
|
||||
bzero(&hdr, sizeof(hdr));
|
||||
hdr.length = PFLOG_REAL_HDRLEN;
|
||||
hdr.af = af;
|
||||
hdr.af = pd->af;
|
||||
hdr.action = action;
|
||||
hdr.reason = reason;
|
||||
memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname));
|
||||
|
|
@ -262,7 +262,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af,
|
|||
hdr.dir = pd->dir;
|
||||
|
||||
#ifdef INET
|
||||
if (af == AF_INET && pd->dir == PF_OUT) {
|
||||
if (pd->af == AF_INET && pd->dir == PF_OUT) {
|
||||
struct ip *ip;
|
||||
|
||||
ip = mtod(m, struct ip *);
|
||||
|
|
|
|||
|
|
@ -4974,7 +4974,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
|
|||
KASSERT(nk != NULL, ("%s: null nk", __func__));
|
||||
|
||||
if (nr->log) {
|
||||
PFLOG_PACKET(kif, m, af, PF_PASS, PFRES_MATCH, nr, a,
|
||||
PFLOG_PACKET(kif, m, PF_PASS, PFRES_MATCH, nr, a,
|
||||
ruleset, pd, 1);
|
||||
}
|
||||
|
||||
|
|
@ -5201,7 +5201,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
|
|||
pf_counter_u64_critical_exit();
|
||||
pf_rule_to_actions(r, &pd->act);
|
||||
if (r->log || pd->act.log & PF_LOG_MATCHES)
|
||||
PFLOG_PACKET(kif, m, af,
|
||||
PFLOG_PACKET(kif, m,
|
||||
r->action, PFRES_MATCH, r,
|
||||
a, ruleset, pd, 1);
|
||||
} else {
|
||||
|
|
@ -5210,7 +5210,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
|
|||
*am = a;
|
||||
*rsm = ruleset;
|
||||
if (pd->act.log & PF_LOG_MATCHES)
|
||||
PFLOG_PACKET(kif, m, af,
|
||||
PFLOG_PACKET(kif, m,
|
||||
r->action, PFRES_MATCH, r,
|
||||
a, ruleset, pd, 1);
|
||||
}
|
||||
|
|
@ -5238,7 +5238,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
|
|||
if (r->log || pd->act.log & PF_LOG_MATCHES) {
|
||||
if (rewrite)
|
||||
m_copyback(m, off, hdrlen, pd->hdr.any);
|
||||
PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1);
|
||||
PFLOG_PACKET(kif, m, r->action, reason, r, a, ruleset, pd, 1);
|
||||
}
|
||||
|
||||
if ((r->action == PF_DROP) &&
|
||||
|
|
@ -5659,7 +5659,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif,
|
|||
pf_counter_u64_critical_exit();
|
||||
pf_rule_to_actions(r, &pd->act);
|
||||
if (r->log)
|
||||
PFLOG_PACKET(kif, m, af,
|
||||
PFLOG_PACKET(kif, m,
|
||||
r->action, PFRES_MATCH, r,
|
||||
a, ruleset, pd, 1);
|
||||
} else {
|
||||
|
|
@ -5690,7 +5690,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif,
|
|||
pf_rule_to_actions(r, &pd->act);
|
||||
|
||||
if (r->log)
|
||||
PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1);
|
||||
PFLOG_PACKET(kif, m, r->action, reason, r, a, ruleset, pd, 1);
|
||||
|
||||
if (r->action != PF_PASS)
|
||||
return (PF_DROP);
|
||||
|
|
@ -9328,12 +9328,12 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
|
|||
lr = r;
|
||||
|
||||
if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL)
|
||||
PFLOG_PACKET(kif, m, AF_INET, action, reason, lr, a,
|
||||
PFLOG_PACKET(kif, m, action, reason, lr, a,
|
||||
ruleset, &pd, (s == NULL));
|
||||
if (s) {
|
||||
SLIST_FOREACH(ri, &s->match_rules, entry)
|
||||
if (ri->r->log & PF_LOG_ALL)
|
||||
PFLOG_PACKET(kif, m, AF_INET, action,
|
||||
PFLOG_PACKET(kif, m, action,
|
||||
reason, ri->r, a, ruleset, &pd, 0);
|
||||
}
|
||||
}
|
||||
|
|
@ -9736,12 +9736,12 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
|
|||
lr = r;
|
||||
|
||||
if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL)
|
||||
PFLOG_PACKET(kif, m, AF_INET6, action, reason, lr, a, ruleset,
|
||||
PFLOG_PACKET(kif, m, action, reason, lr, a, ruleset,
|
||||
&pd, (s == NULL));
|
||||
if (s) {
|
||||
SLIST_FOREACH(ri, &s->match_rules, entry)
|
||||
if (ri->r->log & PF_LOG_ALL)
|
||||
PFLOG_PACKET(kif, m, AF_INET6, action, reason,
|
||||
PFLOG_PACKET(kif, m, action, reason,
|
||||
ri->r, a, ruleset, &pd, 0);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1199,7 +1199,7 @@ pf_normalize_ip(struct mbuf **m0, struct pfi_kkif *kif, u_short *reason,
|
|||
REASON_SET(reason, PFRES_FRAG);
|
||||
drop:
|
||||
if (r != NULL && r->log)
|
||||
PFLOG_PACKET(kif, m, AF_INET, PF_DROP, *reason, r, NULL, NULL, pd, 1);
|
||||
PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1);
|
||||
|
||||
return (PF_DROP);
|
||||
}
|
||||
|
|
@ -1372,13 +1372,13 @@ pf_normalize_ip6(struct mbuf **m0, struct pfi_kkif *kif,
|
|||
shortpkt:
|
||||
REASON_SET(reason, PFRES_SHORT);
|
||||
if (r != NULL && r->log)
|
||||
PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1);
|
||||
PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1);
|
||||
return (PF_DROP);
|
||||
|
||||
drop:
|
||||
REASON_SET(reason, PFRES_NORM);
|
||||
if (r != NULL && r->log)
|
||||
PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1);
|
||||
PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1);
|
||||
return (PF_DROP);
|
||||
}
|
||||
#endif /* INET6 */
|
||||
|
|
@ -1504,7 +1504,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff,
|
|||
tcp_drop:
|
||||
REASON_SET(&reason, PFRES_NORM);
|
||||
if (rm != NULL && r->log)
|
||||
PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd, 1);
|
||||
PFLOG_PACKET(kif, m, PF_DROP, reason, r, NULL, NULL, pd, 1);
|
||||
return (PF_DROP);
|
||||
}
|
||||
|
||||
|
|
@ -2261,7 +2261,7 @@ pf_normalize_sctp(int dir, struct pfi_kkif *kif, struct mbuf *m, int ipoff,
|
|||
sctp_drop:
|
||||
REASON_SET(&reason, PFRES_NORM);
|
||||
if (rm != NULL && r->log)
|
||||
PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd,
|
||||
PFLOG_PACKET(kif, m, PF_DROP, reason, r, NULL, NULL, pd,
|
||||
1);
|
||||
|
||||
return (PF_DROP);
|
||||
|
|
|
|||
Loading…
Reference in a new issue