Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/if_pflog.c
| Show First 20 Lines • Show All 209 Lines • ▼ Show 20 Lines | pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir, | ||||
| if (kif == NULL || m == NULL || rm == NULL || pd == NULL) | if (kif == NULL || m == NULL || rm == NULL || pd == NULL) | ||||
| return ( 1); | return ( 1); | ||||
| if ((ifn = V_pflogifs[rm->logif]) == NULL || !ifn->if_bpf) | if ((ifn = V_pflogifs[rm->logif]) == NULL || !ifn->if_bpf) | ||||
| return (0); | return (0); | ||||
| bzero(&hdr, sizeof(hdr)); | bzero(&hdr, sizeof(hdr)); | ||||
| hdr.length = PFLOG_REAL_HDRLEN; | hdr.length = PFLOG_HDRLEN; | ||||
| hdr.af = af; | hdr.af = af; | ||||
| hdr.action = rm->action; | hdr.action = rm->action; | ||||
| hdr.reason = reason; | hdr.reason = reason; | ||||
| memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname)); | memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname)); | ||||
| if (am == NULL) { | if (am == NULL) { | ||||
| hdr.rulenr = htonl(rm->nr); | hdr.rulenr = htonl(rm->nr); | ||||
| hdr.subrulenr = -1; | hdr.subrulenr = -1; | ||||
| } else { | } else { | ||||
| hdr.rulenr = htonl(am->nr); | hdr.rulenr = htonl(am->nr); | ||||
| hdr.subrulenr = htonl(rm->nr); | hdr.subrulenr = htonl(rm->nr); | ||||
| if (ruleset != NULL && ruleset->anchor != NULL) | if (ruleset != NULL && ruleset->anchor != NULL) | ||||
| strlcpy(hdr.ruleset, ruleset->anchor->name, | strlcpy(hdr.ruleset, ruleset->anchor->name, | ||||
| sizeof(hdr.ruleset)); | sizeof(hdr.ruleset)); | ||||
| } | } | ||||
| hdr.ridentifier = htonl(rm->ridentifier); | |||||
| /* | /* | ||||
| * XXXGL: we avoid pf_socket_lookup() when we are holding | * XXXGL: we avoid pf_socket_lookup() when we are holding | ||||
| * state lock, since this leads to unsafe LOR. | * state lock, since this leads to unsafe LOR. | ||||
| * These conditions are very very rare, however. | * These conditions are very very rare, however. | ||||
| */ | */ | ||||
| if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe) | if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe) | ||||
| pd->lookup.done = pf_socket_lookup(dir, pd, m); | pd->lookup.done = pf_socket_lookup(dir, pd, m); | ||||
| if (pd->lookup.done > 0) | if (pd->lookup.done > 0) | ||||
| ▲ Show 20 Lines • Show All 79 Lines • Show Last 20 Lines | |||||