Ticket #176: filter.patch
| File filter.patch, 1.8 KB (added by maxbritov, 7 months ago) |
|---|
-
.c
old new 45 45 char *buf; 46 46 nad_cache_t cache; 47 47 nad_t nad; 48 int i, nfilters, filter, from, to, what, error ;48 int i, nfilters, filter, from, to, what, error, logit; 49 49 acl_t list_tail, acl; 50 50 51 51 log_debug(ZONE, "loading filter"); … … 102 102 to = nad_find_attr(nad, filter, -1, "to", NULL); 103 103 what = nad_find_attr(nad, filter, -1, "what", NULL); 104 104 error = nad_find_attr(nad, filter, -1, "error", NULL); 105 logit = nad_find_attr(nad, filter, -1, "logit", NULL); 105 106 106 107 acl = (acl_t) calloc(1, sizeof(struct acl_s)); 107 108 … … 138 139 } 139 140 } 140 141 } 142 if(logit > 0) acl->logit = 1; 141 143 142 144 if(list_tail != NULL) { 143 145 list_tail->next = acl; … … 150 152 list_tail = acl; 151 153 } 152 154 153 log_debug(ZONE, "added %s rule: from=%s, to=%s, what=%s, error=%d ", (acl->error?"deny":"allow"), acl->from, acl->to, acl->what, acl->error);155 log_debug(ZONE, "added %s rule: from=%s, to=%s, what=%s, error=%d, logit=%s", (acl->error?"deny":"allow"), acl->from, acl->to, acl->what, acl->error, (acl->logit?"yes":"no")); 154 156 155 157 nfilters++; 156 158 … … 196 198 if( to != NULL && acl->to != NULL && fnmatch(acl->to, to, 0) != 0 ) continue; 197 199 if( acl->what != NULL && nad_find_elem_path(nad, 0, -1, acl->what) < 0 ) continue; /* match packet type */ 198 200 log_debug(ZONE, "matched packet %s->%s vs rule (%s %s->%s)", from, to, acl->what, acl->from, acl->to); 201 if (acl->logit) log_write(r->log, LOG_NOTICE, "filter: %s packet from=%s to=%s vs rule (from=%s to=%s what=%s)",(acl->error?"deny":"allow"), from, to, acl->from, acl->to, acl->what); 199 202 error = acl->error; 200 203 break; 201 204 }
