OS-7667 Cdiff usr/src/uts/common/inet/ipf/fil.c

Print this page

OS-7667 IPFilter needs to keep and report state for cloud firewall logging
Portions contributed by: Mike Gerdts <mike.gerdts@joyent.com>


*** 3,13 ****
   *
   * See the IPFILTER.LICENCE file for details on licencing.
   *
   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
   *
!  * Copyright (c) 2014, Joyent, Inc.  All rights reserved.
   */
  
  #if defined(KERNEL) || defined(_KERNEL)
  # undef KERNEL
  # undef _KERNEL
--- 3,13 ----
   *
   * See the IPFILTER.LICENCE file for details on licencing.
   *
   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
   *
!  * Copyright 2019 Joyent, Inc.
   */
  
  #if defined(KERNEL) || defined(_KERNEL)
  # undef KERNEL
  # undef _KERNEL
*** 2586,2595 ****
--- 2586,2598 ----
          if ((ifs->ifs_fr_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
                  (void) fr_dolog(fin, &pass);
          }
  #endif
  
+         if (IFS_CFWLOG(ifs, fr) && FR_ISBLOCK(pass))
+                 ipf_block_cfwlog(fr, fin, ifs);
+ 
          /*
           * The FI_STATE flag is cleared here so that calling fr_checkstate
           * will work when called from inside of fr_fastroute.  Although
           * there is a similar flag, FI_NATED, for NAT, it does have the same
           * impact on code execution.