Print this page
Only exploit ipf state keeping for CFW logging.
*** 1522,1531 ****
--- 1522,1534 ----
is->is_sync = ipfsync_new(SMC_STATE, fin, is);
#endif
if (ifs->ifs_ipstate_logging)
ipstate_log(is, ISL_NEW, ifs);
+ if (IFS_CFWLOG(ifs))
+ ipf_log_cfwlog(is, ISL_NEW, ifs);
+
RWLOCK_EXIT(&ifs->ifs_ipf_state);
fin->fin_rev = IP6_NEQ(&is->is_dst, &fin->fin_daddr);
fin->fin_flx |= FI_STATE;
if (fin->fin_flx & FI_FRAG)
(void) fr_newfrag(fin, pass ^ FR_KEEPSTATE);
*** 2312,2321 ****
--- 2315,2326 ----
is->is_maxdend = is->is_dend + 1;
}
is->is_flags &= ~(SI_W_SPORT|SI_W_DPORT);
if ((flags & SI_CLONED) && ifs->ifs_ipstate_logging)
ipstate_log(is, ISL_CLONE, ifs);
+ if ((flags & SI_CLONED) && IFS_CFWLOG(ifs))
+ ipf_log_cfwlog(is, ISL_CLONE, ifs);
}
ret = -1;
if (is->is_flx[out][rev] == 0) {
*** 3395,3405 ****
is->is_pnext = NULL;
}
if (ifs->ifs_ipstate_logging != 0 && why != 0)
ipstate_log(is, why, ifs);
!
if (is->is_rule != NULL) {
is->is_rule->fr_statecnt--;
(void)fr_derefrule(&is->is_rule, ifs);
}
--- 3400,3418 ----
is->is_pnext = NULL;
}
if (ifs->ifs_ipstate_logging != 0 && why != 0)
ipstate_log(is, why, ifs);
! #if 0
! /*
! * For now, ipf_log_cfwlog() copes with all "why" values.
! * strictly speaking, though, they all map to one event, which for
! * now is not supported.
! */
! if (why != 0 && IFS_CFWLOG(ifs))
! ipf_log_cfwlog(is, why, ifs);
! #endif
if (is->is_rule != NULL) {
is->is_rule->fr_statecnt--;
(void)fr_derefrule(&is->is_rule, ifs);
}
*** 3929,3939 ****
}
return rval;
}
-
/* ------------------------------------------------------------------------ */
/* Function: ipstate_log */
/* Returns: Nil */
/* Parameters: is(I) - pointer to state structure */
/* type(I) - type of log entry to create */
--- 3942,3951 ----