FreeBSD Bugzilla – Attachment 206306 Details for
Bug 239506
ipfw logging doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch (untested)
nat_ipfwlog.diff (text/plain), 2.09 KB, created by
Andrey V. Elsukov
on 2019-08-06 12:41:52 UTC
(
hide
)
Description:
Proposed patch (untested)
Filename:
MIME Type:
Creator:
Andrey V. Elsukov
Created:
2019-08-06 12:41:52 UTC
Size:
2.09 KB
patch
obsolete
>Index: sys/netpfil/ipfw/ip_fw_nat.c >=================================================================== >--- sys/netpfil/ipfw/ip_fw_nat.c (revision 350627) >+++ sys/netpfil/ipfw/ip_fw_nat.c (working copy) >@@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$"); > > #include <net/if.h> > #include <net/if_var.h> >+#include <net/if_pflog.h> > #include <netinet/in.h> > #include <netinet/ip.h> > #include <netinet/ip_var.h> >@@ -53,6 +54,7 @@ __FBSDID("$FreeBSD$"); > #include <netinet/udp.h> > > #include <netpfil/ipfw/ip_fw_private.h> >+#include <netpfil/pf/pf.h> > > #include <machine/in_cksum.h> /* XXX for in_cksum */ > >@@ -279,7 +281,19 @@ free_nat_instance(struct cfg_nat *ptr) > free(ptr, M_IPFW); > } > >+static void >+init_loghdr(struct pfloghdr *plog, uint32_t id) >+{ > >+ memset(plog, 0, sizeof(*plog)); >+ plog->length = PFLOG_REAL_HDRLEN; >+ plog->af = AF_INET; >+ plog->action = PF_NAT; >+ plog->dir = PF_IN; >+ plog->rulenr = htonl(id); >+ strlcpy(plog->ifname, "NAT44", sizeof(plog->ifname)); >+} >+ > /* > * ipfw_nat - perform mbuf header translation. > * >@@ -290,6 +304,7 @@ free_nat_instance(struct cfg_nat *ptr) > static int > ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) > { >+ struct pfloghdr loghdr; > struct mbuf *mcl; > struct ip *ip; > /* XXX - libalias duct tape */ >@@ -363,6 +378,8 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat * > mcl->m_len + M_TRAILINGSPACE(mcl), 0); > if (retval == PKT_ALIAS_OK) { > /* Nat instance recognises state */ >+ if (t->mode & PKT_ALIAS_LOG) >+ init_loghdr(&loghdr, t->id); > found = 1; > break; > } >@@ -373,6 +390,10 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat * > return (IP_FW_NAT); > } > } else { >+ if (t->mode & PKT_ALIAS_LOG) { >+ init_loghdr(&loghdr, t->id); >+ ipfw_bpf_mtap2(&loghdr, PFLOG_HDRLEN, mcl); >+ } > if (args->flags & IPFW_ARGS_IN) > retval = LibAliasIn(t->lib, c, > mcl->m_len + M_TRAILINGSPACE(mcl)); >@@ -453,6 +474,10 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat * > } > } > args->m = mcl; >+ if (t->mode & PKT_ALIAS_LOG) { >+ loghdr.dir = PF_OUT; >+ ipfw_bpf_mtap2(&loghdr, PFLOG_HDRLEN, mcl); >+ } > return (IP_FW_NAT); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=206306">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 239506
:
206306
|
206307