Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw_log.c
Show First 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | |||||
#define TARG(k, f) IP_FW_ARG_TABLEARG(chain, k, f) | #define TARG(k, f) IP_FW_ARG_TABLEARG(chain, k, f) | ||||
/* | /* | ||||
* We enter here when we have a rule with O_LOG. | * We enter here when we have a rule with O_LOG. | ||||
* XXX this function alone takes about 2Kbytes of code! | * XXX this function alone takes about 2Kbytes of code! | ||||
*/ | */ | ||||
void | void | ||||
ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, | ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, | ||||
struct ip_fw_args *args, struct mbuf *m, struct ifnet *oif, | struct ip_fw_args *args, u_short offset, uint32_t tablearg, struct ip *ip) | ||||
u_short offset, uint32_t tablearg, struct ip *ip) | |||||
{ | { | ||||
char *action; | char *action; | ||||
int limit_reached = 0; | int limit_reached = 0; | ||||
char action2[92], proto[128], fragment[32]; | char action2[92], proto[128], fragment[32]; | ||||
if (V_fw_verbose == 0) { | if (V_fw_verbose == 0) { | ||||
if (args->flags & IPFW_ARGS_ETHER) /* layer2, use orig hdr */ | if (args->flags & IPFW_ARGS_LENMASK) | ||||
ipfw_bpf_mtap2(args->eh, ETHER_HDR_LEN, m); | ipfw_bpf_tap(args->mem, IPFW_ARGS_LENGTH(args->flags)); | ||||
else if (args->flags & IPFW_ARGS_ETHER) | |||||
/* layer2, use orig hdr */ | |||||
ipfw_bpf_mtap(args->m); | |||||
else { | else { | ||||
/* Add fake header. Later we will store | /* Add fake header. Later we will store | ||||
* more info in the header. | * more info in the header. | ||||
*/ | */ | ||||
if (ip->ip_v == 4) | if (ip->ip_v == 4) | ||||
ipfw_bpf_mtap2("DDDDDDSSSSSS\x08\x00", | ipfw_bpf_mtap2("DDDDDDSSSSSS\x08\x00", | ||||
ETHER_HDR_LEN, m); | ETHER_HDR_LEN, args->m); | ||||
else if (ip->ip_v == 6) | else if (ip->ip_v == 6) | ||||
ipfw_bpf_mtap2("DDDDDDSSSSSS\x86\xdd", | ipfw_bpf_mtap2("DDDDDDSSSSSS\x86\xdd", | ||||
ETHER_HDR_LEN, m); | ETHER_HDR_LEN, args->m); | ||||
else | else | ||||
/* Obviously bogus EtherType. */ | /* Obviously bogus EtherType. */ | ||||
ipfw_bpf_mtap2("DDDDDDSSSSSS\xff\xff", | ipfw_bpf_mtap2("DDDDDDSSSSSS\xff\xff", | ||||
ETHER_HDR_LEN, m); | ETHER_HDR_LEN, args->m); | ||||
} | } | ||||
return; | return; | ||||
} | } | ||||
/* the old 'log' function */ | /* the old 'log' function */ | ||||
fragment[0] = '\0'; | fragment[0] = '\0'; | ||||
proto[0] = '\0'; | proto[0] = '\0'; | ||||
if (f == NULL) { /* bogus pkt */ | if (f == NULL) { /* bogus pkt */ | ||||
▲ Show 20 Lines • Show All 266 Lines • ▼ Show 20 Lines | #endif | ||||
snprintf(SNPARGS(fragment, 0), | snprintf(SNPARGS(fragment, 0), | ||||
" (frag %d:%d@%d%s)", | " (frag %d:%d@%d%s)", | ||||
ntohs(ip->ip_id), iplen - (ip->ip_hl << 2), | ntohs(ip->ip_id), iplen - (ip->ip_hl << 2), | ||||
offset << 3, | offset << 3, | ||||
(ipoff & IP_MF) ? "+" : ""); | (ipoff & IP_MF) ? "+" : ""); | ||||
} | } | ||||
} | } | ||||
#ifdef __FreeBSD__ | #ifdef __FreeBSD__ | ||||
if (oif || m->m_pkthdr.rcvif) | log(LOG_SECURITY | LOG_INFO, "ipfw: %d %s %s %s via %s%s\n", | ||||
log(LOG_SECURITY | LOG_INFO, | f ? f->rulenum : -1, action, proto, | ||||
"ipfw: %d %s %s %s via %s%s\n", | args->flags & IPFW_ARGS_OUT ? "out" : "in", args->ifp->if_xname, | ||||
f ? f->rulenum : -1, | |||||
action, proto, oif ? "out" : "in", | |||||
oif ? oif->if_xname : m->m_pkthdr.rcvif->if_xname, | |||||
fragment); | fragment); | ||||
else | #else | ||||
log(LOG_SECURITY | LOG_INFO, "ipfw: %d %s %s [no if info]%s\n", | |||||
f ? f->rulenum : -1, action, proto, fragment); | |||||
#endif | #endif | ||||
log(LOG_SECURITY | LOG_INFO, | |||||
"ipfw: %d %s %s [no if info]%s\n", | |||||
f ? f->rulenum : -1, | |||||
action, proto, fragment); | |||||
if (limit_reached) | if (limit_reached) | ||||
log(LOG_SECURITY | LOG_NOTICE, | log(LOG_SECURITY | LOG_NOTICE, | ||||
"ipfw: limit %d reached on entry %d\n", | "ipfw: limit %d reached on entry %d\n", | ||||
limit_reached, f ? f->rulenum : -1); | limit_reached, f ? f->rulenum : -1); | ||||
} | } | ||||
/* end of file */ | /* end of file */ |