int
pflog_packet(struct pf_pdesc *pd, u_int8_t reason, struct pf_rule *rm,
struct pf_rule *am, struct pf_ruleset *ruleset)
{
#if NBPFILTER > 0
struct ifnet *ifn;
struct pfloghdr hdr;
if (rm == NULL || pd == NULL || pd->kif == NULL || pd->m == NULL)
return (-1);
if (rm->logif >= npflogifs || (ifn = pflogifs[rm->logif]) == NULL ||
!ifn->if_bpf)
return (0);
bzero(&hdr, sizeof(hdr));
hdr.length = PFLOG_REAL_HDRLEN;
hdr.action = rm->action;
hdr.reason = reason;
memcpy(hdr.ifname, pd->kif->pfik_name, sizeof(hdr.ifname));
if (am == NULL) {
hdr.rulenr = htonl(rm->nr);
hdr.subrulenr = -1;
} else {
hdr.rulenr = htonl(am->nr);
hdr.subrulenr = htonl(rm->nr);
if (ruleset != NULL && ruleset->anchor != NULL)
strlcpy(hdr.ruleset, ruleset->anchor->name,
sizeof(hdr.ruleset));
}
if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done)
pd->lookup.done = pf_socket_lookup(pd);
if (pd->lookup.done > 0) {
hdr.uid = pd->lookup.uid;
hdr.pid = pd->lookup.pid;
} else {
hdr.uid = UID_MAX;
hdr.pid = NO_PID;
}
hdr.rule_uid = rm->cuid;
hdr.rule_pid = rm->cpid;
hdr.dir = pd->dir;
PF_ACPY(&hdr.saddr, &pd->nsaddr, pd->naf);
PF_ACPY(&hdr.daddr, &pd->ndaddr, pd->naf);
hdr.af = pd->af;
hdr.naf = pd->naf;
hdr.sport = pd->nsport;
hdr.dport = pd->ndport;
ifn->if_opackets++;
ifn->if_obytes += pd->m->m_pkthdr.len;
bpf_mtap_hdr(ifn->if_bpf, (caddr_t)&hdr, PFLOG_HDRLEN, pd->m,
BPF_DIRECTION_OUT, pflog_bpfcopy);
#endif
return (0);
}
int
pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
struct pf_ruleset *ruleset, struct pf_pdesc *pd)
{
#if NBPFILTER > 0
struct ifnet *ifn;
struct pfloghdr hdr;
if (kif == NULL || m == NULL || rm == NULL || pd == NULL)
return (-1);
if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf)
return (0);
bzero(&hdr, sizeof(hdr));
hdr.length = PFLOG_REAL_HDRLEN;
hdr.af = af;
hdr.action = rm->action;
hdr.reason = reason;
memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname));
if (am == NULL) {
hdr.rulenr = htonl(rm->nr);
hdr.subrulenr = -1;
} else {
hdr.rulenr = htonl(am->nr);
hdr.subrulenr = htonl(rm->nr);
if (ruleset != NULL && ruleset->anchor != NULL)
strlcpy(hdr.ruleset, ruleset->anchor->name,
sizeof(hdr.ruleset));
}
if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done)
pd->lookup.done = pf_socket_lookup(dir, pd);
if (pd->lookup.done > 0) {
hdr.uid = pd->lookup.uid;
hdr.pid = pd->lookup.pid;
} else {
hdr.uid = UID_MAX;
hdr.pid = NO_PID;
}
hdr.rule_uid = rm->cuid;
hdr.rule_pid = rm->cpid;
hdr.dir = dir;
#ifdef INET
if (af == AF_INET && dir == PF_OUT) {
struct ip *ip;
ip = mtod(m, struct ip *);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
}
#endif /* INET */
ifn->if_opackets++;
ifn->if_obytes += m->m_pkthdr.len;
bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, PFLOG_HDRLEN, m,
BPF_DIRECTION_OUT);
#endif
return (0);
}
int
pflog_packet(struct pfi_kif *kif, pbuf_t *pbuf, sa_family_t af, u_int8_t dir,
u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
struct pf_ruleset *ruleset, struct pf_pdesc *pd)
{
#if NBPFILTER > 0
struct ifnet *ifn;
struct pfloghdr hdr;
struct mbuf *m;
LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
if (kif == NULL || !pbuf_is_valid(pbuf) || rm == NULL || pd == NULL)
return (-1);
if (rm->logif >= PFLOGIFS_MAX ||
(ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf) {
return (0);
}
if ((m = pbuf_to_mbuf(pbuf, FALSE)) == NULL)
return (0);
bzero(&hdr, sizeof (hdr));
hdr.length = PFLOG_REAL_HDRLEN;
hdr.af = af;
hdr.action = rm->action;
hdr.reason = reason;
memcpy(hdr.ifname, kif->pfik_name, sizeof (hdr.ifname));
if (am == NULL) {
hdr.rulenr = htonl(rm->nr);
hdr.subrulenr = -1;
} else {
hdr.rulenr = htonl(am->nr);
hdr.subrulenr = htonl(rm->nr);
if (ruleset != NULL && ruleset->anchor != NULL)
strlcpy(hdr.ruleset, ruleset->anchor->name,
sizeof (hdr.ruleset));
}
if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done)
pd->lookup.done = pf_socket_lookup(dir, pd);
if (pd->lookup.done > 0) {
hdr.uid = pd->lookup.uid;
hdr.pid = pd->lookup.pid;
} else {
hdr.uid = UID_MAX;
hdr.pid = NO_PID;
}
hdr.rule_uid = rm->cuid;
hdr.rule_pid = rm->cpid;
hdr.dir = dir;
#if INET
if (af == AF_INET && dir == PF_OUT) {
struct ip *ip;
ip = mtod(m, struct ip *);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
}
#endif /* INET */
atomic_add_64(&ifn->if_opackets, 1);
atomic_add_64(&ifn->if_obytes, m->m_pkthdr.len);
switch (dir) {
case PF_IN:
bpf_tap_in(ifn, DLT_PFLOG, m, &hdr, PFLOG_HDRLEN);
break;
case PF_OUT:
bpf_tap_out(ifn, DLT_PFLOG, m, &hdr, PFLOG_HDRLEN);
break;
default:
break;
}
#endif /* NBPFILTER > 0 */
return (0);
}
static int
pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
struct pf_ruleset *ruleset, struct pf_pdesc *pd, int lookupsafe)
{
struct ifnet *ifn;
struct pfloghdr hdr;
if (kif == NULL || m == NULL || rm == NULL || pd == NULL)
return ( 1);
if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf)
return (0);
bzero(&hdr, sizeof(hdr));
hdr.length = PFLOG_REAL_HDRLEN;
hdr.af = af;
hdr.action = rm->action;
hdr.reason = reason;
memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname));
if (am == NULL) {
hdr.rulenr = htonl(rm->nr);
hdr.subrulenr = 1;
} else {
hdr.rulenr = htonl(am->nr);
hdr.subrulenr = htonl(rm->nr);
if (ruleset != NULL && ruleset->anchor != NULL)
strlcpy(hdr.ruleset, ruleset->anchor->name,
sizeof(hdr.ruleset));
}
/*
* XXXGL: we avoid pf_socket_lookup() when we are holding
* state lock, since this leads to unsafe LOR.
* These conditions are very very rare, however.
*/
if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe)
pd->lookup.done = pf_socket_lookup(dir, pd, m);
if (pd->lookup.done > 0)
hdr.uid = pd->lookup.uid;
else
hdr.uid = UID_MAX;
hdr.pid = NO_PID;
hdr.rule_uid = rm->cuid;
hdr.rule_pid = rm->cpid;
hdr.dir = dir;
#ifdef INET
if (af == AF_INET && dir == PF_OUT) {
struct ip *ip;
ip = mtod(m, struct ip *);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
}
#endif /* INET */
ifn->if_opackets++;
ifn->if_obytes += m->m_pkthdr.len;
BPF_MTAP2(ifn, &hdr, PFLOG_HDRLEN, m);
return (0);
}
