| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
`pflogifs' array. This was done to prevent panics caused by internal
malloc(9) limit.
Also we avoid the case while single pflog(4) interface with a high index
allocates an array for all indices below and eats up kernel memory.
Since we have a very little count of pflog(4) interfaces linear search
does not performance impact.
ok bluhm@ claudio@ kn@
|
| |
|
|
|
| |
So this macro does not make much sense, just call pflog_packet().
OK sashan@ henning@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
is a debug tool change of semantics not considered problematic.
up until now, log(matches) forced logging on subsequent matching rules,
the actual logging used the log settings from that matched rule.
now, log(matches) causes subsequent matches to be logged with the log settings
from the log(matches) rule. in particular (this was the driving point),
log(matches, to pflog23) allows you to have the trace log going to a seperate
pflog interface, not clobbering your regular pflogs, actually not affecting
them at all.
long conversation with bluhm about it, which didn't lead to a single bit
changed in the diff but was very very helpful. ok bluhm as well.
|
| |
|
|
|
|
|
| |
now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can
use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to
be exported any more and can stay private to if_pflog.c
ok benno bluhm reyk
|
| |
|
|
|
|
| |
stuff to userland, especially the "struct ifnet".
ok sthen@, henning@, uebayasi@
|
| |
|
|
|
| |
mostly by dynamically allocating pflogifs instead of making that a static
array. ok claudio zinke
|
| |
|
|
|
|
|
|
| |
"af-to" a generic IP version translator for pf(4).
Not everything perfect yet but lets fix these things in the tree.
Insane amount of work done by sperreault@, mikeb@ and reyk@.
Looked over by mcbride@ henning@ and myself at eurobsdcon.
OK mcbride@ and general put it in from deraadt@
|
| |
|
|
|
|
| |
Also sort pd to the beginning of the functions' parameter lists for
consistency.
ok henning
|
| |
|
|
|
|
| |
around. This is a mechanical change. Initialize pd2 and use it
where appropriate.
ok henning on an earlier version; ok mpf
|
| |
|
|
|
| |
(you don't need to fix this file for it to compile. oups. forgotten in the
last commit)
|
| |
|
|
|
|
|
| |
because either the info is already available in struct pd or easy
to figure out. Makes pf_test() and pf_test6() even more similar
(with the target to remove one of them in the near future).
OK henning@
|
| |
|
|
| |
to struct pflog. ok gcc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pflog was logging the "wrong" as in not yet rewritten (nat/rdr) addresses.
to address this without making an extra copy of the mbuf chain:
-introduce bpf_mtap_pflog, which is a 1:1 copy of bpf_mtap_hdr, except that
it supplies bpf_catchpacket with pflog_bpfcopy as copy function instead of
plain bcopy
-said new shiny pflog_bpfcopy knows what a pflog packet looks like, copies
everything into bpf's buffer, contructs a fake mbuf (which is allocated once
at attach time and reused over and over) which points to the bpf buffer
as data storage
-call pf_setup_pdesc on said fake mbuf
-then call pf_translate to rewrite the addresses as needed right in the
bpf buffer
this changes the pflog header as we have to pass the new addresses/ports
around. relies on canacar's awesome work in libpcap to work olrite with the
new, longer pflog header as well as with the old, shorter one.
almost completely written at c2k10 in canada, finished here at j2k10 in
japan. ok ryan dlg
|
| |
|
|
| |
ok ryan theo reyk
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
for now, only allow pflog0 to be created.
keep an array of ifps to the pflog interfaces with the unit # as index for
fast access.
if pflog0 does not exist, no logging is done (just like if it is down).
on machines without pf enabled, this makes the pflog0 interface go away,
on machines with pf, rc sets up pflog0 and starts pflogd, no change there.
idea old (pf2k4 or c2k5?), hacked at the hack.lu 2006 conference, ryan ok
|
| |
|
|
|
|
|
|
|
| |
inserted the rule which causes the logging. secondly, the uid/pid of the
process in case the logged packet is delivered to/from a local socket.
a lookup of the local socket can be forced for logged packets with a new
option, 'log (user)'. make tcpdump print the additional information when
-e and -v is used. note: this changes the pflog header struct, rebuild all
dependancies. ok bob@, henning@.
|
| |
|
|
|
|
|
| |
levels deep). More work required, but this is already
functional. authpf users will need to adjust their anchor
calls, but this will change again soon. ok beck@, cedric@,
henning@, mcbride@
|
| | |
|
| |
|
|
| |
errors on pflog0. Reported and tested by Ben Lovett. ok frantzen@, cedric@
|
| |
|
|
|
|
|
|
| |
With this change, the log header format also changes.
The new log format is extendible and allows logging
of the originating anchor and ruleset information.
ok henning@ dhartmei@ frantzen@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
dropped or passed. from discussion with theo and me.
|
| |
|
|
| |
action and rule nr.
|
|
|
we just pass drop and passed packets to different pseudo interface that
can be listened to with bpf.
|
mvs
bluhm
mpi
henning
claudio
dhartmei
frantzen
canacar
mickey
provos