return; } ipfw_log_syslog(chain, f, hlen, args, offset, tablearg, ip); @@ -761,6 +737,6 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, ipfw_log_rtsock(chain, f, hlen, args, offset, tablearg, eh); if (cmd->arg1 & IPFW_LOG_IPFW0) - ipfw_log_ipfw0(args, ip); + ipfw_bpf_tap(args, ip, f->rulenum); } /* end of file */ diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h index c490d2849a7d..c60b7aa47e94 100644 --- a/sys/netpfil/ipfw/ip_fw_private.h +++ b/sys/netpfil/ipfw/ip_fw_private.h @@ -161,9 +161,10 @@ struct ip_fw_chain; void ipfw_bpf_init(int); void ipfw_bpf_uninit(int); -void ipfw_bpf_tap(u_char *, u_int); -void ipfw_bpf_mtap(struct mbuf *); -void ipfw_bpf_mtap2(void *, u_int, struct mbuf *); +void ipfw_tap_alloc(uint32_t); +void ipfw_tap_free(uint32_t); +void ipfw_bpf_tap(struct ip_fw_args *, struct ip *, uint32_t); +void ipfw_pflog_tap(void *, struct mbuf *); void ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, struct ip_fw_args *args, u_short offset, uint32_t tablearg, struct ip *ip, void *eh); diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index 5d57759ffb00..a91fb2e84da9 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -210,6 +210,8 @@ ipfw_free_rule(struct ip_fw *rule) */ if (rule->refcnt > 1) return; + if (ACTION_PTR(rule)->opcode == O_LOG) + ipfw_tap_free(rule->rulenum); uma_zfree_pcpu(V_ipfw_cntr_zone, rule->cntr); free(rule, M_IPFW); } @@ -2511,6 +2513,9 @@ import_rule_v1(struct ip_fw_chain *chain, struct rule_check_info *ci) /* Copy opcodes */ memcpy(krule->cmd, urule->cmd, krule->cmd_len * sizeof(uint32_t)); + + if (ACTION_PTR(krule)->opcode == O_LOG) + ipfw_tap_alloc(krule->rulenum); } /* diff --git a/sys/netpfil/ipfw/nat64/nat64_translate.c b/sys/netpfil/ipfw/nat64/nat64_translate.c index 393780c969fe..99340b4e16f1 100644 --- a/sys/netpfil/ipfw/nat64/nat64_translate.c +++ b/sys/netpfil/ipfw/nat64/nat64_translate.c @@ -151,7 +151,7 @@ nat64_log(struct pfloghdr *logdata, struct mbuf *m, sa_family_t family) logdata->dir = PF_OUT; logdata->af = family; - ipfw_bpf_mtap2(logdata, PFLOG_HDRLEN, m); + ipfw_pflog_tap(logdata, m); } static int diff --git a/sys/netpfil/ipfw/nat64/nat64clat.c b/sys/netpfil/ipfw/nat64/nat64clat.c index d524652e9a99..c458f85755d3 100644 --- a/sys/netpfil/ipfw/nat64/nat64clat.c +++ b/sys/netpfil/ipfw/nat64/nat64clat.c @@ -77,7 +77,7 @@ nat64clat_log(struct pfloghdr *plog, struct mbuf *m, sa_family_t family, plog->subrulenr = htonl(pktid); plog->ruleset[0] = '\0'; strlcpy(plog->ifname, "NAT64CLAT", sizeof(plog->ifname)); - ipfw_bpf_mtap2(plog, PFLOG_HDRLEN, m); + ipfw_pflog_tap(plog, m); } static int diff --git a/sys/netpfil/ipfw/nat64/nat64lsn.c b/sys/netpfil/ipfw/nat64/nat64lsn.c index 5d2ee7ee3b34..1bac425afc30 100644 --- a/sys/netpfil/ipfw/nat64/nat64lsn.c +++ b/sys/netpfil/ipfw/nat64/nat64lsn.c @@ -187,7 +187,7 @@ nat64lsn_log(struct pfloghdr *plog, struct mbuf *m, sa_family_t family, (state->proto << 8) | (state->ip_dst & 0xff)); plog->ruleset[0] = '\0'; strlcpy(plog->ifname, "NAT64LSN", sizeof(plog->ifname)); - ipfw_bpf_mtap2(plog, PFLOG_HDRLEN, m); + ipfw_pflog_tap(plog, m); } #define HVAL(p, n, s) jenkins_hash32((const uint32_t *)(p), (n), (s)) diff --git a/sys/netpfil/ipfw/nat64/nat64stl.c b/sys/netpfil/ipfw/nat64/nat64stl.c index ad1f2b3ec378..c1ca2dfd5e13 100644 --- a/sys/netpfil/ipfw/nat64/nat64stl.c +++ b/sys/netpfil/ipfw/nat64/nat64stl.c @@ -76,7 +76,7 @@ nat64stl_log(struct pfloghdr *plog, struct mbuf *m, sa_family_t family, plog->subrulenr = htonl(pktid); plog->ruleset[0] = '\0'; strlcpy(plog->ifname, "NAT64STL", sizeof(plog->ifname)); - ipfw_bpf_mtap2(plog, PFLOG_HDRLEN, m); + ipfw_pflog_tap(plog, m); } static int