Use official (from pcap people) link type for pflog.

With this change, the log header format also changes.
The new log format is extendible and allows logging
of the originating anchor and ruleset information.

ok henning@ dhartmei@ frantzen@

6 files changed, 136 insertions, 75 deletions

diff --git a/sys/net/bpf.h b/sys/net/bpf.h
index 43fec24fa25..7d1782d746f 100644
--- a/sys/net/bpf.h
+++ b/sys/net/bpf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bpf.h,v 1.20 2002/11/29 18:35:15 henning Exp $	*/
+/*	$OpenBSD: bpf.h,v 1.21 2003/05/14 08:42:00 canacar Exp $	*/
 /*	$NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $	*/
 
 /*
@@ -169,8 +169,9 @@ struct bpf_hdr {
 #define DLT_RAW		14	/* raw IP */
 #define DLT_SLIP_BSDOS	15	/* BSD/OS Serial Line IP */
 #define DLT_PPP_BSDOS	16	/* BSD/OS Point-to-point Protocol */
-#define DLT_PFLOG	17	/* Packet filter logging */
+#define DLT_OLD_PFLOG	17	/* Packet filter logging, old (XXX remove?) */
 #define DLT_PFSYNC	18	/* Packet filter state syncing */
+#define DLT_PFLOG	117	/* Packet filter logging, by pcap people */
 
 /*
  * The instruction encodings.
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c
index 3c93560d329..e856f2cc965 100644
--- a/sys/net/if_pflog.c
+++ b/sys/net/if_pflog.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pflog.c,v 1.8 2003/05/03 21:15:11 deraadt Exp $	*/
+/*	$OpenBSD: if_pflog.c,v 1.9 2003/05/14 08:42:00 canacar Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and 
@@ -172,8 +172,9 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 }
 
 int
-pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_short dir,
-    u_short reason, struct pf_rule *rm)
+pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_int8_t dir,
+    u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
+    struct pf_ruleset *ruleset)
 {
 #if NBPFILTER > 0
 	struct ifnet *ifn;
@@ -183,13 +184,28 @@ pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_short dir,
 	if (ifp == NULL || m == NULL || rm == NULL)
 		return (-1);
 
-	hdr.af = htonl(af);
+	hdr.length = PFLOG_REAL_HDRLEN;
+	hdr.af = af;
+	hdr.action = rm->action;
+	hdr.reason = reason;
 	memcpy(hdr.ifname, ifp->if_xname, sizeof(hdr.ifname));
 
-	hdr.rnr = htons(rm->nr);
-	hdr.reason = htons(reason);
-	hdr.dir = htons(dir);
-	hdr.action = htons(rm->action);
+	if (am == NULL) {
+		hdr.rulenr = htonl(rm->nr);
+		hdr.subrulenr = -1;
+		bzero(hdr.ruleset, sizeof(hdr.ruleset));
+	} else {
+		hdr.rulenr = htonl(am->nr);
+		hdr.subrulenr = htonl(rm->nr);
+		if (ruleset == NULL)
+			bzero(hdr.ruleset, sizeof(hdr.ruleset));
+		else
+			memcpy(hdr.ruleset, ruleset->name,
+			    sizeof(hdr.ruleset));
+
+			
+	}
+	hdr.dir = dir;
 
 #ifdef INET
 	if (af == AF_INET && dir == PF_OUT) {
diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h
index 098b781670e..1b22c328771 100644
--- a/sys/net/if_pflog.h
+++ b/sys/net/if_pflog.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pflog.h,v 1.7 2002/10/29 19:51:04 mickey Exp $ */
+/* $OpenBSD: if_pflog.h,v 1.8 2003/05/14 08:42:00 canacar Exp $ */
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -31,7 +31,30 @@ struct pflog_softc {
 	struct ifnet	sc_if;  /* the interface */
 };
 
+/* XXX keep in sync with pfvar.h */
+#ifndef PF_RULESET_NAME_SIZE
+#define PF_RULESET_NAME_SIZE	 16
+#endif
+
 struct pfloghdr {
+	u_int8_t	length;
+	sa_family_t	af;
+	u_int8_t	action;
+	u_int8_t	reason;
+	char		ifname[IFNAMSIZ];
+	char		ruleset[PF_RULESET_NAME_SIZE];
+	u_int32_t	rulenr;
+	u_int32_t	subrulenr;
+	u_int8_t	dir;
+	u_int8_t	pad[3];
+};
+
+#define PFLOG_HDRLEN		sizeof(struct pfloghdr)
+/* minus pad, also used as a signature */
+#define PFLOG_REAL_HDRLEN	offsetof(struct pfloghdr, pad);
+
+/* XXX remove later when old format logs are no longer needed */
+struct old_pfloghdr {
 	u_int32_t af;
 	char ifname[IFNAMSIZ];
 	short rnr;
@@ -39,26 +62,25 @@ struct pfloghdr {
 	u_short action;
 	u_short dir;
 };
-
-#define PFLOG_HDRLEN	sizeof(struct pfloghdr)
+#define OLD_PFLOG_HDRLEN	sizeof(struct old_pfloghdr)
 
 #ifdef _KERNEL
 
 #if NPFLOG > 0
-#define	PFLOG_PACKET(i,x,a,b,c,d,e) \
+#define	PFLOG_PACKET(i,x,a,b,c,d,e,f,g) \
 	do { \
 		if (b == AF_INET) { \
 			HTONS(((struct ip *)x)->ip_len); \
 			HTONS(((struct ip *)x)->ip_off); \
-			pflog_packet(i,a,b,c,d,e); \
+			pflog_packet(i,a,b,c,d,e,f,g); \
 			NTOHS(((struct ip *)x)->ip_len); \
 			NTOHS(((struct ip *)x)->ip_off); \
 		} else { \
-			pflog_packet(i,a,b,c,d,e); \
+			pflog_packet(i,a,b,c,d,e,f,g); \
 		} \
 	} while (0)
 #else
-#define	PFLOG_PACKET(i,x,a,b,c,d,e)	((void)0)
+#define	PFLOG_PACKET(i,x,a,b,c,d,e,f,g)	((void)0)
 #endif /* NPFLOG > 0 */
 #endif /* _KERNEL */
 #endif /* _NET_IF_PFLOG_H_ */
diff --git a/sys/net/pf.c b/sys/net/pf.c
index a6321ab6d08..440217a0600 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.350 2003/05/14 04:51:10 henning Exp $ */
+/*	$OpenBSD: pf.c,v 1.351 2003/05/14 08:42:00 canacar Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -150,21 +150,26 @@ struct pf_rule		*pf_get_translation(int, struct ifnet *, u_int8_t,
 			    struct pf_addr *, u_int16_t,
 			    struct pf_addr *, u_int16_t,
 			    struct pf_addr *, u_int16_t *, sa_family_t);
-int			 pf_test_tcp(struct pf_rule **, struct pf_state **, int,
-			    struct ifnet *, struct mbuf *, int, int, void *,
-			    struct pf_pdesc *, struct pf_rule **);
-int			 pf_test_udp(struct pf_rule **, struct pf_state **, int,
-			    struct ifnet *, struct mbuf *, int, int, void *,
-			    struct pf_pdesc *, struct pf_rule **);
+int			 pf_test_tcp(struct pf_rule **, struct pf_state **,
+			    int, struct ifnet *, struct mbuf *, int, int,
+			    void *, struct pf_pdesc *, struct pf_rule **,
+			    struct pf_ruleset **);
+int			 pf_test_udp(struct pf_rule **, struct pf_state **,
+			    int, struct ifnet *, struct mbuf *, int, int,
+			    void *, struct pf_pdesc *, struct pf_rule **,
+			    struct pf_ruleset **);
 int			 pf_test_icmp(struct pf_rule **, struct pf_state **,
 			    int, struct ifnet *, struct mbuf *, int, int,
-			    void *, struct pf_pdesc *, struct pf_rule **);
+			    void *, struct pf_pdesc *, struct pf_rule **,
+			    struct pf_ruleset **);
 int			 pf_test_other(struct pf_rule **, struct pf_state **,
 			    int, struct ifnet *, struct mbuf *, void *,
-			    struct pf_pdesc *, struct pf_rule **);
+			    struct pf_pdesc *, struct pf_rule **,
+			    struct pf_ruleset **);
 int			 pf_test_fragment(struct pf_rule **, int,
 			    struct ifnet *, struct mbuf *, void *,
-			    struct pf_pdesc *, struct pf_rule **);
+			    struct pf_pdesc *, struct pf_rule **,
+			    struct pf_ruleset **);
 int			 pf_test_state_tcp(struct pf_state **, int,
 			    struct ifnet *, struct mbuf *, int, int,
 			    void *, struct pf_pdesc *, u_short *);
@@ -1950,7 +1955,7 @@ pf_get_wscale(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af)
 int
 pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
     struct ifnet *ifp, struct mbuf *m, int ipoff, int off, void *h,
-    struct pf_pdesc *pd, struct pf_rule **am)
+    struct pf_pdesc *pd, struct pf_rule **am, struct pf_ruleset **rsm)
 {
 	struct pf_rule		*nat = NULL, *rdr = NULL;
 	struct pf_addr		*saddr = pd->src, *daddr = pd->dst;
@@ -2038,6 +2043,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
 			if (r->anchor == NULL) {
 				*rm = r;
 				*am = a;
+				*rsm = ruleset;
 				if ((*rm)->quick)
 					break;
 				r = TAILQ_NEXT(r, entries);
@@ -2051,6 +2057,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
 	}
 	r = *rm;
 	a = *am;
+	ruleset = *rsm;
 
 	r->packets++;
 	r->bytes += pd->tot_len;
@@ -2063,7 +2070,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
 	if (r->log) {
 		if (rewrite)
 			m_copyback(m, off, sizeof(*th), (caddr_t)th);
-		PFLOG_PACKET(ifp, h, m, af, direction, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, af, direction, reason, r, a, ruleset);
 	}
 
 	if ((r->action == PF_DROP) &&
@@ -2214,7 +2221,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
 int
 pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
     struct ifnet *ifp, struct mbuf *m, int ipoff, int off, void *h,
-    struct pf_pdesc *pd, struct pf_rule **am)
+    struct pf_pdesc *pd, struct pf_rule **am, struct pf_ruleset **rsm)
 {
 	struct pf_rule		*nat = NULL, *rdr = NULL;
 	struct pf_addr		*saddr = pd->src, *daddr = pd->dst;
@@ -2300,6 +2307,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
 			if (r->anchor == NULL) {
 				*rm = r;
 				*am = a;
+				*rsm = ruleset;
 				if ((*rm)->quick)
 					break;
 				r = TAILQ_NEXT(r, entries);
@@ -2313,6 +2321,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
 	}
 	r = *rm;
 	a = *am;
+	ruleset = *rsm;
 
 	r->packets++;
 	r->bytes += pd->tot_len;
@@ -2325,7 +2334,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
 	if (r->log) {
 		if (rewrite)
 			m_copyback(m, off, sizeof(*uh), (caddr_t)uh);
-		PFLOG_PACKET(ifp, h, m, af, direction, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, af, direction, reason, r, a, ruleset);
 	}
 
 	if ((r->action == PF_DROP) &&
@@ -2436,7 +2445,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
 int
 pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
     struct ifnet *ifp, struct mbuf *m, int ipoff, int off, void *h,
-    struct pf_pdesc *pd, struct pf_rule **am)
+    struct pf_pdesc *pd, struct pf_rule **am, struct pf_ruleset **rsm)
 {
 	struct pf_rule		*nat = NULL, *rdr = NULL;
 	struct pf_addr		*saddr = pd->src, *daddr = pd->dst;
@@ -2558,6 +2567,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
 			if (r->anchor == NULL) {
 				*rm = r;
 				*am = a;
+				*rsm = ruleset;
 				if ((*rm)->quick)
 					break;
 				r = TAILQ_NEXT(r, entries);
@@ -2571,6 +2581,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
 	}
 	r = *rm;
 	a = *am;
+	ruleset = *rsm;
 
 	r->packets++;
 	r->bytes += pd->tot_len;
@@ -2586,7 +2597,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
 			m_copyback(m, off, sizeof(struct icmp6_hdr),
 			    (caddr_t)pd->hdr.icmp6);
 #endif /* INET6 */
-		PFLOG_PACKET(ifp, h, m, af, direction, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, af, direction, reason, r, a, ruleset);
 	}
 
 	if (r->action != PF_PASS)
@@ -2676,7 +2687,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
 int
 pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
     struct ifnet *ifp, struct mbuf *m, void *h, struct pf_pdesc *pd,
-    struct pf_rule **am)
+    struct pf_rule **am, struct pf_ruleset **rsm)
 {
 	struct pf_rule		*nat = NULL, *rdr = NULL;
 	struct pf_rule		*r, *a = NULL;
@@ -2754,6 +2765,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
 			if (r->anchor == NULL) {
 				*rm = r;
 				*am = a;
+				*rsm = ruleset;
 				if ((*rm)->quick)
 					break;
 				r = TAILQ_NEXT(r, entries);
@@ -2767,6 +2779,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
 	}
 	r = *rm;
 	a = *am;
+	ruleset = *rsm;
 
 	r->packets++;
 	r->bytes += pd->tot_len;
@@ -2776,7 +2789,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
 	}
 	REASON_SET(&reason, PFRES_MATCH);
 	if (r->log)
-		PFLOG_PACKET(ifp, h, m, af, direction, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, af, direction, reason, r, a, ruleset);
 
 	if ((r->action == PF_DROP) &&
 	    ((r->rule_flag & PFRULE_RETURNICMP) ||
@@ -2879,7 +2892,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
 			REASON_SET(&reason, PFRES_MEMORY);
 			if (r->log)
 				PFLOG_PACKET(ifp, h, m, af, direction, reason,
-				    a ? a : r);
+				    r, a, ruleset);
 			pool_put(&pf_state_pl, s);
 			return (PF_DROP);
 		} else
@@ -2891,7 +2904,8 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
 
 int
 pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,
-    struct mbuf *m, void *h, struct pf_pdesc *pd, struct pf_rule **am)
+    struct mbuf *m, void *h, struct pf_pdesc *pd, struct pf_rule **am,
+    struct pf_ruleset **rsm)
 {
 	struct pf_rule		*r, *a = NULL;
 	struct pf_ruleset	*ruleset = NULL;
@@ -2927,6 +2941,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,
 			if (r->anchor == NULL) {
 				*rm = r;
 				*am = a;
+				*rsm = ruleset;
 				if ((*rm)->quick)
 					break;
 				r = TAILQ_NEXT(r, entries);
@@ -2940,6 +2955,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,
 	}
 	r = *rm;
 	a = *am;
+	ruleset = *rsm;
 
 	r->packets++;
 	r->bytes += pd->tot_len;
@@ -2949,7 +2965,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,
 	}
 	REASON_SET(&reason, PFRES_MATCH);
 	if (r->log)
-		PFLOG_PACKET(ifp, h, m, af, direction, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, af, direction, reason, r, a, ruleset);
 
 	if (r->action != PF_PASS)
 		return (PF_DROP);
@@ -4420,15 +4436,16 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, sa_family_t a
 int
 pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 {
-	u_short		 action, reason = 0, log = 0;
-	struct mbuf	*m = *m0;
-	struct m_tag	*mtag;
-	struct ip	*h;
-	struct pf_rule	*a = NULL, *r = &pf_default_rule;
-	struct pf_state	*s = NULL;
-	struct pf_pdesc	 pd;
-	int		 off;
-	int		 pqid = 0;
+	u_short		   action, reason = 0, log = 0;
+	struct mbuf	  *m = *m0;
+	struct m_tag	  *mtag;
+	struct ip	  *h;
+	struct pf_rule	  *a = NULL, *r = &pf_default_rule;
+	struct pf_state	  *s = NULL;
+	struct pf_ruleset *ruleset = NULL;
+	struct pf_pdesc	   pd;
+	int		   off;
+	int		   pqid = 0;
 
 	if (!pf_status.running ||
 	    (m_tag_find(m, PACKET_TAG_PF_GENERATED, NULL) != NULL))
@@ -4472,7 +4489,8 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 
 	/* handle fragments that didn't get reassembled by normalization */
 	if (h->ip_off & (IP_MF | IP_OFFMASK)) {
-		action = pf_test_fragment(&r, dir, ifp, m, h, &pd, &a);
+		action = pf_test_fragment(&r, dir, ifp, m, h,
+		    &pd, &a, &ruleset);
 		goto done;
 	}
 
@@ -4505,7 +4523,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 			log = s->log;
 		} else if (s == NULL)
 			action = pf_test_tcp(&r, &s, dir, ifp,
-			    m, 0, off, h, &pd, &a);
+			    m, 0, off, h, &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4530,7 +4548,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 			log = s->log;
 		} else if (s == NULL)
 			action = pf_test_udp(&r, &s, dir, ifp,
-			    m, 0, off, h, &pd, &a);
+			    m, 0, off, h, &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4561,7 +4579,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 			log = s->log;
 		} else if (s == NULL)
 			action = pf_test_icmp(&r, &s, dir, ifp,
-			    m, 0, off, h, &pd, &a);
+			    m, 0, off, h, &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4572,7 +4590,8 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 			a = s->anchor.ptr;
 			log = s->log;
 		} else if (s == NULL)
-			action = pf_test_other(&r, &s, dir, ifp, m, h, &pd, &a);
+			action = pf_test_other(&r, &s, dir, ifp, m, h,
+			    &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4637,7 +4656,7 @@ done:
 #endif
 
 	if (log)
-		PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, r, a, ruleset);
 
 	/* pf_route can free the mbuf causing *m0 to become NULL */
 	if (r->rt)
@@ -4651,14 +4670,15 @@ done:
 int
 pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 {
-	u_short		 action, reason = 0, log = 0;
-	struct mbuf	*m = *m0;
-	struct m_tag	*mtag;
-	struct ip6_hdr	*h;
-	struct pf_rule	*a = NULL, *r = &pf_default_rule;
-	struct pf_state	*s = NULL;
-	struct pf_pdesc pd;
-	int		off, terminal = 0;
+	u_short		   action, reason = 0, log = 0;
+	struct mbuf	  *m = *m0;
+	struct m_tag	  *mtag;
+	struct ip6_hdr	  *h;
+	struct pf_rule	  *a = NULL, *r = &pf_default_rule;
+	struct pf_state	  *s = NULL;
+	struct pf_ruleset *ruleset = NULL;
+	struct pf_pdesc    pd;
+	int		   off, terminal = 0;
 
 	if (!pf_status.running ||
 	    (m_tag_find(m, PACKET_TAG_PF_GENERATED, NULL) != NULL))
@@ -4691,7 +4711,8 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 	do {
 		switch (pd.proto) {
 		case IPPROTO_FRAGMENT:
-			action = pf_test_fragment(&r, dir, ifp, m, h, &pd, &a);
+			action = pf_test_fragment(&r, dir, ifp, m, h,
+			    &pd, &a, &ruleset);
 			if (action == PF_DROP)
 				REASON_SET(&reason, PFRES_FRAG);
 			goto done;
@@ -4752,7 +4773,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 			log = s->log;
 		} else if (s == NULL)
 			action = pf_test_tcp(&r, &s, dir, ifp,
-			    m, 0, off, h, &pd, &a);
+			    m, 0, off, h, &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4776,7 +4797,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 			log = s->log;
 		} else if (s == NULL)
 			action = pf_test_udp(&r, &s, dir, ifp,
-			    m, 0, off, h, &pd, &a);
+			    m, 0, off, h, &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4803,12 +4824,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 			log = s->log;
 		} else if (s == NULL)
 			action = pf_test_icmp(&r, &s, dir, ifp,
-			    m, 0, off, h, &pd, &a);
+			    m, 0, off, h, &pd, &a, &ruleset);
 		break;
 	}
 
 	default:
-		action = pf_test_other(&r, &s, dir, ifp, m, h, &pd, &a);
+		action = pf_test_other(&r, &s, dir, ifp, m, h,
+		    &pd, &a, &ruleset);
 		break;
 	}
 
@@ -4866,7 +4888,7 @@ done:
 #endif
 
 	if (log)
-		PFLOG_PACKET(ifp, h, m, AF_INET6, dir, reason, a ? a : r);
+		PFLOG_PACKET(ifp, h, m, AF_INET6, dir, reason, r, a, ruleset);
 
 	/* pf_route6 can free the mbuf causing *m0 to become NULL */
 	if (r->rt)
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index a75942c42d8..b0d2dd79efd 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.57 2003/05/11 20:44:03 frantzen Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.58 2003/05/14 08:42:00 canacar Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -972,13 +972,13 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
  no_mem:
 	REASON_SET(reason, PFRES_MEMORY);
 	if (r != NULL && r->log)
-		PFLOG_PACKET(ifp, h, m, AF_INET, dir, *reason, r);
+		PFLOG_PACKET(ifp, h, m, AF_INET, dir, *reason, r, NULL, NULL);
 	return (PF_DROP);
 
  drop:
 	REASON_SET(reason, PFRES_NORM);
 	if (r != NULL && r->log)
-		PFLOG_PACKET(ifp, h, m, AF_INET, dir, *reason, r);
+		PFLOG_PACKET(ifp, h, m, AF_INET, dir, *reason, r, NULL, NULL);
 	return (PF_DROP);
 
  bad:
@@ -990,7 +990,7 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
 
 	REASON_SET(reason, PFRES_FRAG);
 	if (r != NULL && r->log)
-		PFLOG_PACKET(ifp, h, m, AF_INET, dir, *reason, r);
+		PFLOG_PACKET(ifp, h, m, AF_INET, dir, *reason, r, NULL, NULL);
 
 	return (PF_DROP);
 }
@@ -1098,7 +1098,7 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,
  tcp_drop:
 	REASON_SET(&reason, PFRES_NORM);
 	if (rm != NULL && r->log)
-		PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, r);
+		PFLOG_PACKET(ifp, h, m, AF_INET, dir, reason, r, NULL, NULL);
 	return (PF_DROP);
 }
 
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index b18c4f23422..5c66a953274 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.147 2003/05/13 17:45:24 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.148 2003/05/14 08:42:00 canacar Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1034,8 +1034,8 @@ int	pf_test(int, struct ifnet *, struct mbuf **);
 int	pf_test6(int, struct ifnet *, struct mbuf **);
 #endif /* INET */
 
-int	pflog_packet(struct ifnet *, struct mbuf *, sa_family_t, u_short,
-	    u_short, struct pf_rule *);
+int	pflog_packet(struct ifnet *, struct mbuf *, sa_family_t, u_int8_t,
+	    u_int8_t, struct pf_rule *, struct pf_rule *, struct pf_ruleset *);
 int	pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *,
 	    struct pf_addr *, sa_family_t);
 int	pf_match(u_int8_t, u_int16_t, u_int16_t, u_int16_t);