FreeBSD Bugzilla – Attachment 206307 Details for
Bug 239506
ipfw logging doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch (untested)
nat_ipfwlog.diff (text/plain), 2.23 KB, created by
Andrey V. Elsukov
on 2019-08-06 12:47:19 UTC
(
hide
)
Description:
Proposed patch (untested)
Filename:
MIME Type:
Creator:
Andrey V. Elsukov
Created:
2019-08-06 12:47:19 UTC
Size:
2.23 KB
patch
obsolete
>Index: sys/netpfil/ipfw/ip_fw_nat.c >=================================================================== >--- sys/netpfil/ipfw/ip_fw_nat.c (revision 350627) >+++ sys/netpfil/ipfw/ip_fw_nat.c (working copy) >@@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$"); > > #include <net/if.h> > #include <net/if_var.h> >+#include <net/if_pflog.h> > #include <netinet/in.h> > #include <netinet/ip.h> > #include <netinet/ip_var.h> >@@ -53,6 +54,7 @@ __FBSDID("$FreeBSD$"); > #include <netinet/udp.h> > > #include <netpfil/ipfw/ip_fw_private.h> >+#include <netpfil/pf/pf.h> > > #include <machine/in_cksum.h> /* XXX for in_cksum */ > >@@ -279,7 +281,20 @@ free_nat_instance(struct cfg_nat *ptr) > free(ptr, M_IPFW); > } > >+static void >+init_loghdr(struct pfloghdr *plog, uint32_t id, uint32_t rulenum) >+{ > >+ memset(plog, 0, sizeof(*plog)); >+ plog->length = PFLOG_REAL_HDRLEN; >+ plog->af = AF_INET; >+ plog->action = PF_NAT; >+ plog->dir = PF_IN; >+ plog->rulenr = htonl(id); /* NAT id */ >+ plog->subrulenr = htonl(rulenum); /* ipfw's rule number */ >+ strlcpy(plog->ifname, "NAT44", sizeof(plog->ifname)); >+} >+ > /* > * ipfw_nat - perform mbuf header translation. > * >@@ -290,6 +305,7 @@ free_nat_instance(struct cfg_nat *ptr) > static int > ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) > { >+ struct pfloghdr loghdr; > struct mbuf *mcl; > struct ip *ip; > /* XXX - libalias duct tape */ >@@ -363,6 +379,9 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat * > mcl->m_len + M_TRAILINGSPACE(mcl), 0); > if (retval == PKT_ALIAS_OK) { > /* Nat instance recognises state */ >+ if (t->mode & PKT_ALIAS_LOG) >+ init_loghdr(&loghdr, t->id, >+ args->rule.rulenum); > found = 1; > break; > } >@@ -373,6 +392,10 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat * > return (IP_FW_NAT); > } > } else { >+ if (t->mode & PKT_ALIAS_LOG) { >+ init_loghdr(&loghdr, t->id, args->rule.rulenum); >+ ipfw_bpf_mtap2(&loghdr, PFLOG_HDRLEN, mcl); >+ } > if (args->flags & IPFW_ARGS_IN) > retval = LibAliasIn(t->lib, c, > mcl->m_len + M_TRAILINGSPACE(mcl)); >@@ -453,6 +476,10 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat * > } > } > args->m = mcl; >+ if (t->mode & PKT_ALIAS_LOG) { >+ loghdr.dir = PF_OUT; >+ ipfw_bpf_mtap2(&loghdr, PFLOG_HDRLEN, mcl); >+ } > return (IP_FW_NAT); > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 239506
:
206306
| 206307