Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf.c
| Show First 20 Lines • Show All 5,192 Lines • ▼ Show 20 Lines | else { | ||||
| } | } | ||||
| ri->r = r; | ri->r = r; | ||||
| SLIST_INSERT_HEAD(&match_rules, ri, entry); | SLIST_INSERT_HEAD(&match_rules, ri, entry); | ||||
| pf_counter_u64_critical_enter(); | pf_counter_u64_critical_enter(); | ||||
| pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1); | pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1); | ||||
| pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len); | pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len); | ||||
| pf_counter_u64_critical_exit(); | pf_counter_u64_critical_exit(); | ||||
| pf_rule_to_actions(r, &pd->act); | pf_rule_to_actions(r, &pd->act); | ||||
| if (r->log) | if (r->log || pd->act.log & PF_LOG_MATCHES) | ||||
| PFLOG_PACKET(kif, m, af, | PFLOG_PACKET(kif, m, af, | ||||
| r->action, PFRES_MATCH, r, | r->action, PFRES_MATCH, r, | ||||
| a, ruleset, pd, 1); | a, ruleset, pd, 1); | ||||
| } else { | } else { | ||||
| match = 1; | match = 1; | ||||
| *rm = r; | *rm = r; | ||||
| *am = a; | *am = a; | ||||
| *rsm = ruleset; | *rsm = ruleset; | ||||
| if (pd->act.log & PF_LOG_MATCHES) | |||||
| PFLOG_PACKET(kif, m, af, | |||||
| r->action, PFRES_MATCH, r, | |||||
| a, ruleset, pd, 1); | |||||
| } | } | ||||
| if ((*rm)->quick) | if ((*rm)->quick) | ||||
| break; | break; | ||||
| r = TAILQ_NEXT(r, entries); | r = TAILQ_NEXT(r, entries); | ||||
| } else | } else | ||||
| pf_step_into_anchor(anchor_stack, &asd, | pf_step_into_anchor(anchor_stack, &asd, | ||||
| &ruleset, PF_RULESET_FILTER, &r, &a, | &ruleset, PF_RULESET_FILTER, &r, &a, | ||||
| &match); | &match); | ||||
| } | } | ||||
| if (r == NULL && pf_step_out_of_anchor(anchor_stack, &asd, | if (r == NULL && pf_step_out_of_anchor(anchor_stack, &asd, | ||||
| &ruleset, PF_RULESET_FILTER, &r, &a, &match)) | &ruleset, PF_RULESET_FILTER, &r, &a, &match)) | ||||
| break; | break; | ||||
| } | } | ||||
| r = *rm; | r = *rm; | ||||
| a = *am; | a = *am; | ||||
| ruleset = *rsm; | ruleset = *rsm; | ||||
| REASON_SET(&reason, PFRES_MATCH); | REASON_SET(&reason, PFRES_MATCH); | ||||
| /* apply actions for last matching pass/block rule */ | /* apply actions for last matching pass/block rule */ | ||||
| pf_rule_to_actions(r, &pd->act); | pf_rule_to_actions(r, &pd->act); | ||||
| if (r->log) { | if (r->log || pd->act.log & PF_LOG_MATCHES) { | ||||
| if (rewrite) | if (rewrite) | ||||
| m_copyback(m, off, hdrlen, pd->hdr.any); | m_copyback(m, off, hdrlen, pd->hdr.any); | ||||
| PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1); | PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1); | ||||
| } | } | ||||
| if ((r->action == PF_DROP) && | if ((r->action == PF_DROP) && | ||||
| ((r->rule_flag & PFRULE_RETURNRST) || | ((r->rule_flag & PFRULE_RETURNRST) || | ||||
| (r->rule_flag & PFRULE_RETURNICMP) || | (r->rule_flag & PFRULE_RETURNICMP) || | ||||
| ▲ Show 20 Lines • Show All 4,587 Lines • Show Last 20 Lines | |||||