diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index c5ed062fb5f..fb0d971d490 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -69,9 +69,9 @@ struct pf_ruleset; struct pfi_kif; struct pf_pdesc; -#define PFLOG_PACKET(i,a,b,c,d,e,f,g,di) do { \ +#define PFLOG_PACKET(i,a,b,t,c,d,e,f,g,di) do { \ if (pflog_packet_ptr != NULL) \ - pflog_packet_ptr(i,a,b,c,d,e,f,g,di); \ + pflog_packet_ptr(i,a,b,t,c,d,e,f,g,di); \ } while (0) #endif /* _KERNEL */ #endif /* _NET_IF_PFLOG_H_ */ diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index de18ead7281..87f4ead3366 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1207,7 +1207,7 @@ void pf_state_export(struct pf_state_export *, struct pf_kruleset; struct pf_pdesc; typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t, - u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *, + uint8_t, u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *, struct pf_pdesc *, int); extern pflog_packet_t *pflog_packet_ptr; diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c index b143aae1434..6035ba63511 100644 --- a/sys/netpfil/pf/if_pflog.c +++ b/sys/netpfil/pf/if_pflog.c @@ -214,7 +214,7 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data) static int pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, - u_int8_t reason, struct pf_krule *rm, struct pf_krule *am, + uint8_t action, u_int8_t reason, struct pf_krule *rm, struct pf_krule *am, struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe) { struct ifnet *ifn; @@ -230,7 +230,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, bzero(&hdr, sizeof(hdr)); hdr.length = PFLOG_REAL_HDRLEN; hdr.af = af; - hdr.action = rm->action; + hdr.action = action; hdr.reason = reason; memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname)); diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index a7bdb0bafb9..3fe51e38969 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -4793,7 +4793,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, KASSERT(nk != NULL, ("%s: null nk", __func__)); if (nr->log) { - PFLOG_PACKET(kif, m, af, PFRES_MATCH, nr, a, + PFLOG_PACKET(kif, m, af, PF_PASS, PFRES_MATCH, nr, a, ruleset, pd, 1); } @@ -5023,7 +5023,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, pf_rule_to_actions(r, &pd->act); if (r->log) PFLOG_PACKET(kif, m, af, - PFRES_MATCH, r, + r->action, PFRES_MATCH, r, a, ruleset, pd, 1); } else { match = 1; @@ -5055,7 +5055,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, if (r->log) { if (rewrite) m_copyback(m, off, hdrlen, pd->hdr.any); - PFLOG_PACKET(kif, m, af, reason, r, a, ruleset, pd, 1); + PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1); } if ((r->action == PF_DROP) && @@ -5471,7 +5471,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif, pf_rule_to_actions(r, &pd->act); if (r->log) PFLOG_PACKET(kif, m, af, - PFRES_MATCH, r, + r->action, PFRES_MATCH, r, a, ruleset, pd, 1); } else { match = 1; @@ -5501,7 +5501,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif, pf_rule_to_actions(r, &pd->act); if (r->log) - PFLOG_PACKET(kif, m, af, reason, r, a, ruleset, pd, 1); + PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1); if (r->action != PF_PASS) return (PF_DROP); @@ -8872,13 +8872,13 @@ done: lr = r; if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET, reason, lr, a, ruleset, - &pd, (s == NULL)); + PFLOG_PACKET(kif, m, AF_INET, action, reason, lr, a, + ruleset, &pd, (s == NULL)); if (s) { SLIST_FOREACH(ri, &s->match_rules, entry) if (ri->r->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET, reason, - ri->r, a, ruleset, &pd, 0); + PFLOG_PACKET(kif, m, AF_INET, action, + reason, ri->r, a, ruleset, &pd, 0); } } @@ -9444,12 +9444,12 @@ done: lr = r; if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET6, reason, lr, a, ruleset, + PFLOG_PACKET(kif, m, AF_INET6, action, reason, lr, a, ruleset, &pd, (s == NULL)); if (s) { SLIST_FOREACH(ri, &s->match_rules, entry) if (ri->r->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET6, reason, + PFLOG_PACKET(kif, m, AF_INET6, action, reason, ri->r, a, ruleset, &pd, 0); } } diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 414dc258cfa..c8f4d158c16 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1187,7 +1187,7 @@ pf_normalize_ip(struct mbuf **m0, struct pfi_kkif *kif, u_short *reason, REASON_SET(reason, PFRES_FRAG); drop: if (r != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET, *reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, AF_INET, PF_DROP, *reason, r, NULL, NULL, pd, 1); return (PF_DROP); } @@ -1360,13 +1360,13 @@ again: shortpkt: REASON_SET(reason, PFRES_SHORT); if (r != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET6, *reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1); return (PF_DROP); drop: REASON_SET(reason, PFRES_NORM); if (r != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET6, *reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1); return (PF_DROP); } #endif /* INET6 */ @@ -1491,7 +1491,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff, tcp_drop: REASON_SET(&reason, PFRES_NORM); if (rm != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET, reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd, 1); return (PF_DROP); } @@ -2261,7 +2261,7 @@ pf_normalize_sctp(int dir, struct pfi_kkif *kif, struct mbuf *m, int ipoff, sctp_drop: REASON_SET(&reason, PFRES_NORM); if (rm != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET, reason, r, NULL, NULL, pd, + PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd, 1); return (PF_DROP);