![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / net
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.29 / (download) - annotate - [select for diffs], Wed Jan 13 09:13:30 2021 UTC (3 years, 4 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
HEAD
Changes since 1.28: +5 -3 lines
Diff to previous 1.28 (colored)
Link pflog(4) instances to `pflog_ifs' list instead of allocating `pflogifs' array. This was done to prevent panics caused by internal malloc(9) limit. Also we avoid the case while single pflog(4) interface with a high index allocates an array for all indices below and eats up kernel memory. Since we have a very little count of pflog(4) interfaces linear search does not performance impact. ok bluhm@ claudio@ kn@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Apr 6 10:39:15 2018 UTC (6 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.27: +1 -6 lines
Diff to previous 1.27 (colored)
All users of the PFLOG_PACKET() macro are inside "#if NPFLOG > 0". So this macro does not make much sense, just call pflog_packet(). OK sashan@ henning@
Revision 1.27 / (download) - annotate - [select for diffs], Tue May 16 11:36:16 2017 UTC (7 years ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.26: +1 -2 lines
Diff to previous 1.26 (colored)
Remove list member now that the global list is gone.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Feb 12 01:24:10 2015 UTC (9 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored)
change log(matches) semantics slightly to make it more useful. since it is a debug tool change of semantics not considered problematic. up until now, log(matches) forced logging on subsequent matching rules, the actual logging used the log settings from that matched rule. now, log(matches) causes subsequent matches to be logged with the log settings from the log(matches) rule. in particular (this was the driving point), log(matches, to pflog23) allows you to have the trace log going to a seperate pflog interface, not clobbering your regular pflogs, actually not affecting them at all. long conversation with bluhm about it, which didn't lead to a single bit changed in the diff but was very very helpful. ok bluhm as well.
Revision 1.25 / (download) - annotate - [select for diffs], Wed Jul 9 11:03:04 2014 UTC (9 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.24: +0 -2 lines
Diff to previous 1.24 (colored)
tedu bpf_mtap_pflog(). now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to be exported any more and can stay private to if_pflog.c ok benno bluhm reyk
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 25 09:16:34 2013 UTC (10 years, 11 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.23: +8 -7 lines
Diff to previous 1.23 (colored)
Protect various driver descriptors by _KERNEL to stop exposing to much stuff to userland, especially the "struct ifnet". ok sthen@, henning@, uebayasi@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Jul 8 07:58:09 2012 UTC (11 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.22: +1 -3 lines
Diff to previous 1.22 (colored)
there was a limit on the number of pflog interfaces - 16. remove that. mostly by dynamically allocating pflogifs instead of making that a static array. ok claudio zinke
Revision 1.22 / (download) - annotate - [select for diffs], Thu Oct 13 18:23:39 2011 UTC (12 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.21: +3 -2 lines
Diff to previous 1.21 (colored)
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
Revision 1.21 / (download) - annotate - [select for diffs], Wed Sep 28 17:15:45 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
As requested by henning, move the mbuf pointer into struct pf_pdesc. Also sort pd to the beginning of the functions' parameter lists for consistency. ok henning
Revision 1.20 / (download) - annotate - [select for diffs], Tue Sep 20 10:51:18 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
Put kif and dir into pdesc an use this instead of passing the values around. This is a mechanical change. Initialize pd2 and use it where appropriate. ok henning on an earlier version; ok mpf
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jul 3 19:07:32 2011 UTC (12 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
reduce kernel compile time dramatically (you don't need to fix this file for it to compile. oups. forgotten in the last commit)
Revision 1.18 / (download) - annotate - [select for diffs], Sun May 22 13:21:24 2011 UTC (13 years ago) by claudio
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET() because either the info is already available in struct pd or easy to figure out. Makes pf_test() and pf_test6() even more similar (with the target to remove one of them in the near future). OK henning@
Revision 1.17 / (download) - annotate - [select for diffs], Tue Sep 21 11:05:10 2010 UTC (13 years, 8 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
aye. that should not have been forgotten. add the rewritten indicator to struct pflog. ok gcc
Revision 1.16 / (download) - annotate - [select for diffs], Tue Sep 21 04:06:37 2010 UTC (13 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.15: +11 -3 lines
Diff to previous 1.15 (colored)
pflog overhaul pflog was logging the "wrong" as in not yet rewritten (nat/rdr) addresses. to address this without making an extra copy of the mbuf chain: -introduce bpf_mtap_pflog, which is a 1:1 copy of bpf_mtap_hdr, except that it supplies bpf_catchpacket with pflog_bpfcopy as copy function instead of plain bcopy -said new shiny pflog_bpfcopy knows what a pflog packet looks like, copies everything into bpf's buffer, contructs a fake mbuf (which is allocated once at attach time and reused over and over) which points to the bpf buffer as data storage -call pf_setup_pdesc on said fake mbuf -then call pf_translate to rewrite the addresses as needed right in the bpf buffer this changes the pflog header as we have to pass the new addresses/ports around. relies on canacar's awesome work in libpcap to work olrite with the new, longer pflog header as well as with the old, shorter one. almost completely written at c2k10 in canada, finished here at j2k10 in japan. ok ryan dlg
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jun 26 16:49:01 2010 UTC (13 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.14: +1 -12 lines
Diff to previous 1.14 (colored)
bye bye DLT_OLD_PFLOG & friends. dead since 2003. 7 years oughta be enough ok ryan theo reyk
Revision 1.14 / (download) - annotate - [select for diffs], Wed Oct 25 11:27:01 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
allow up to 16 pflog interfaces, ok mcbride
Revision 1.13 / (download) - annotate - [select for diffs], Mon Oct 23 12:46:09 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.12: +6 -2 lines
Diff to previous 1.12 (colored)
make the pflog interface clonable. for now, only allow pflog0 to be created. keep an array of ifps to the pflog interfaces with the unit # as index for fast access. if pflog0 does not exist, no logging is done (just like if it is down). on machines without pf enabled, this makes the pflog0 interface go away, on machines with pf, rc sets up pflog0 and starts pflogd, no change there. idea old (pf2k4 or c2k5?), hacked at the hack.lu 2006 conference, ryan ok
Revision 1.12 / (download) - annotate - [select for diffs], Fri May 27 17:22:40 2005 UTC (19 years ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.11: +7 -3 lines
Diff to previous 1.11 (colored)
log two pairs of uid/pid through pflog: the uid/pid of the process that inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@.
Revision 1.5.2.5 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:23 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.5.2.4: +3 -6 lines
Diff to previous 1.5.2.4 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
Merge with the trunk
Revision 1.11 / (download) - annotate - [select for diffs], Wed May 19 17:50:51 2004 UTC (20 years ago) by dhartmei
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.10: +3 -6 lines
Diff to previous 1.10 (colored)
Allow recursive anchors (anchors within anchors, up to 64 levels deep). More work required, but this is already functional. authpf users will need to adjust their anchor calls, but this will change again soon. ok beck@, cedric@, henning@, mcbride@
Revision 1.10 / (download) - annotate - [select for diffs], Fri Mar 19 04:52:04 2004 UTC (20 years, 2 months ago) by frantzen
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
remove trailing ';' in PFLOG_REAL_HDRLEN definition. ok dhartmei@ mcbride@
Revision 1.5.2.4 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:21 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.5.2.3: +1 -12 lines
Diff to previous 1.5.2.3 (colored) to branchpoint 1.5 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jul 15 20:27:27 2003 UTC (20 years, 11 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.8: +2 -13 lines
Diff to previous 1.8 (colored)
Adjust pflog after recent byte order changes, fixes the 'truncated-ip' errors on pflog0. Reported and tested by Ben Lovett. ok frantzen@, cedric@
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Mon May 19 22:30:08 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.6: +43 -3 lines
Diff to previous 1.6 (colored) next main 1.7 (colored)
sync
Revision 1.5.2.3 / (download) - annotate - [select for diffs], Fri May 16 00:29:43 2003 UTC (21 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.5.2.2: +28 -6 lines
Diff to previous 1.5.2.2 (colored) to branchpoint 1.5 (colored)
merge the trunk so we will get the genfs and locking fixes
Revision 1.8 / (download) - annotate - [select for diffs], Wed May 14 08:42:00 2003 UTC (21 years, 1 month ago) by canacar
Branch: MAIN
CVS Tags: UBC_SYNC_A
Changes since 1.7: +29 -7 lines
Diff to previous 1.7 (colored)
Use official (from pcap people) link type for pflog. With this change, the log header format also changes. The new log format is extendible and allows logging of the originating anchor and ruleset information. ok henning@ dhartmei@ frantzen@
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Fri Mar 28 00:41:28 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.5.2.1: +19 -1 lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored)
Sync the SMP branch with 3.3
Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 29 19:51:04 2002 UTC (21 years, 7 months ago) by mickey
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.6: +20 -2 lines
Diff to previous 1.6 (colored)
keep all pflog goodies in pflog sources, avoids code duplications; okski frantzen@ and dhartmei@
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Tue Nov 13 22:59:58 2001 UTC (22 years, 7 months ago) by niklas
Branch: SMP
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
merge in -current
Revision 1.6 / (download) - annotate - [select for diffs], Thu Nov 8 22:02:11 2001 UTC (22 years, 7 months ago) by mickey
Branch: MAIN
CVS Tags: UBC_SYNC_B,
UBC_BASE,
OPENBSD_3_2_BASE,
OPENBSD_3_2,
OPENBSD_3_1_BASE,
OPENBSD_3_1
Branch point for: UBC
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
fix the endif comment
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 26 21:03:28 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: SMP
Changes since 1.4: +22 -31 lines
Diff to previous 1.4 (colored)
clean up copyright
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jun 26 19:01:54 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
use reasons in pull_hdr, default log if pull_hdr fails. okay deraadt@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 26 15:33:00 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.2: +5 -4 lines
Diff to previous 1.2 (colored)
add a subreason to the link header to allow us to determine why a packet was dropped or passed. from discussion with theo and me.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 25 23:02:19 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.1: +7 -3 lines
Diff to previous 1.1 (colored)
extend the logging via a new link header type. export interface, direction, action and rule nr.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 25 20:48:17 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
first stab at packet logging for pf. inspired by late night dreams of art. we just pass drop and passed packets to different pseudo interface that can be listened to with bpf.