Print this page
Only exploit ipf state keeping for CFW logging.
@@ -1522,10 +1522,13 @@
is->is_sync = ipfsync_new(SMC_STATE, fin, is);
#endif
if (ifs->ifs_ipstate_logging)
ipstate_log(is, ISL_NEW, ifs);
+ if (IFS_CFWLOG(ifs))
+ ipf_log_cfwlog(is, ISL_NEW, ifs);
+
RWLOCK_EXIT(&ifs->ifs_ipf_state);
fin->fin_rev = IP6_NEQ(&is->is_dst, &fin->fin_daddr);
fin->fin_flx |= FI_STATE;
if (fin->fin_flx & FI_FRAG)
(void) fr_newfrag(fin, pass ^ FR_KEEPSTATE);
@@ -2312,10 +2315,12 @@
is->is_maxdend = is->is_dend + 1;
}
is->is_flags &= ~(SI_W_SPORT|SI_W_DPORT);
if ((flags & SI_CLONED) && ifs->ifs_ipstate_logging)
ipstate_log(is, ISL_CLONE, ifs);
+ if ((flags & SI_CLONED) && IFS_CFWLOG(ifs))
+ ipf_log_cfwlog(is, ISL_CLONE, ifs);
}
ret = -1;
if (is->is_flx[out][rev] == 0) {
@@ -3395,11 +3400,19 @@
is->is_pnext = NULL;
}
if (ifs->ifs_ipstate_logging != 0 && why != 0)
ipstate_log(is, why, ifs);
-
+#if 0
+ /*
+ * For now, ipf_log_cfwlog() copes with all "why" values.
+ * strictly speaking, though, they all map to one event, which for
+ * now is not supported.
+ */
+ if (why != 0 && IFS_CFWLOG(ifs))
+ ipf_log_cfwlog(is, why, ifs);
+#endif
if (is->is_rule != NULL) {
is->is_rule->fr_statecnt--;
(void)fr_derefrule(&is->is_rule, ifs);
}
@@ -3929,11 +3942,10 @@
}
return rval;
}
-
/* ------------------------------------------------------------------------ */
/* Function: ipstate_log */
/* Returns: Nil */
/* Parameters: is(I) - pointer to state structure */
/* type(I) - type of log entry to create */