Get rid of bogus newline in BPF error string.
pcap.3
pcap.c
pcap.h
+pf.h
ppp.h
savefile.c
scanner.l
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.4 2002-07-16 05:03:34 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.5 2003-03-11 06:23:52 guy Exp $ (LBL)
To build libpcap, run "./configure" (a shell script). The configure
script will determine your system attributes and generate an
pcap.3 - manual entry
pcap.c - pcap utility routines
pcap.h - public libpcap definitions
+pf.h - OpenBSD DLT_PFLOG definitions
ppp.h - Point to Point Protocol definitions
savefile.c - offline support
scanner.l - filter string scanner
*/
#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.188 2003-03-08 08:42:13 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.189 2003-03-11 06:23:52 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "ppp.h"
#include "sll.h"
#include "arcnet.h"
+#include "pf.h"
#ifdef INET6
#ifndef WIN32
#include <netdb.h> /* for "struct addrinfo" */
off_nl_nosnap = 12; /* no 802.2 LLC */
return;
+ case DLT_PFLOG:
+ off_linktype = 0;
+ off_nl = 28;
+ off_nl_nosnap = 28; /* no 802.2 LLC */
+ return;
+
case DLT_PPP:
case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
case DLT_NULL:
case DLT_LOOP:
case DLT_ENC:
+ case DLT_PFLOG:
/*
* For DLT_NULL, the link-layer header is a 32-bit
* word containing an AF_ value in *host* byte order,
* This means that, when reading a capture file, just
* checking for our AF_INET6 value won't work if the
* capture file came from another OS.
+ *
+ * XXX - what's the byte order for DLT_PFLOG?
*/
switch (proto) {
}
break;
+ case DLT_PFLOG:
+ b0 = gen_cmp(26, BPF_H,
+ (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
+ break;
+
default:
- bpf_error("inbound/outbound not supported on linktype %d\n",
+ bpf_error("inbound/outbound not supported on linktype %d",
linktype);
b0 = NULL;
/* NOTREACHED */
return (b0);
}
+/* PF firewall log matched interface */
+struct block *
+gen_pf_ifname(char *ifname)
+{
+ if (linktype != DLT_PFLOG) {
+ bpf_error("ifname supported only for DLT_PFLOG");
+ /* NOTREACHED */
+ }
+ if (strlen(ifname) >= 16) {
+ bpf_error("ifname interface names can't be larger than 16 characters");
+ /* NOTREACHED */
+ }
+ return (gen_bcmp(4, strlen(ifname), ifname));
+}
+
+
+/* PF firewall log rule number */
+struct block *
+gen_pf_rnr(int rnr)
+{
+ if (linktype != DLT_PFLOG) {
+ bpf_error("rnr supported only for DLT_PFLOG");
+ /* NOTREACHED */
+ }
+
+ return (gen_cmp(20, BPF_H, (bpf_int32)rnr));
+}
+
+/* PF firewall log reason code */
+struct block *
+gen_pf_reason(int reason)
+{
+ if (linktype != DLT_PFLOG) {
+ bpf_error("reason supported only for DLT_PFLOG");
+ /* NOTREACHED */
+ }
+
+ return (gen_cmp(22, BPF_H, (bpf_int32)reason));
+}
+
+/* PF firewall log action */
+struct block *
+gen_pf_action(int action)
+{
+ if (linktype != DLT_PFLOG) {
+ bpf_error("action supported only for DLT_PFLOG");
+ /* NOTREACHED */
+ }
+
+ return (gen_cmp(24, BPF_H, (bpf_int32)action));
+}
+
struct block *
gen_acode(eaddr, q)
register const u_char *eaddr;
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.56 2002-12-06 00:01:34 hannes Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.57 2003-03-11 06:23:53 guy Exp $ (LBL)
*/
/*
struct block *gen_atmtype_abbrev(int type);
struct block *gen_atmmulti_abbrev(int type);
+struct block *gen_pf_ifname(char *);
+struct block *gen_pf_rnr(int);
+struct block *gen_pf_reason(int);
+struct block *gen_pf_action(int);
+struct block *gen_pf_dir(int);
+
void bpf_optimize(struct block **);
void bpf_error(const char *, ...)
#if HAVE___ATTRIBUTE__
*/
#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.78 2002-12-06 00:01:34 hannes Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.79 2003-03-11 06:23:53 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "pcap-int.h"
#include "gencode.h"
+#include "pf.h"
#include <pcap-namedb.h>
#ifdef HAVE_OS_PROTO_H
%type <a> arth narth
%type <i> byteop pname pnum relop irelop
%type <blk> and or paren not null prog
-%type <rblk> other
+%type <rblk> other pfvar
%type <i> atmtype atmmultitype
%type <blk> atmfield
%type <blk> atmfieldvalue atmvalue atmlistvalue
%token ATALK AARP DECNET LAT SCA MOPRC MOPDL
%token TK_BROADCAST TK_MULTICAST
%token NUM INBOUND OUTBOUND
+%token PF_IFNAME PF_RNR PF_REASON PF_ACTION
%token LINK
%token GEQ LEQ NEQ
%token ID EID HID HID6 AID
%type <e> EID
%type <e> AID
%type <s> HID HID6
-%type <i> NUM
+%type <i> NUM action reason
%left OR AND
%nonassoc '!'
| OUTBOUND { $$ = gen_inbound(1); }
| VLAN pnum { $$ = gen_vlan($2); }
| VLAN { $$ = gen_vlan(-1); }
+ | pfvar { $$ = $1; }
;
+
+pfvar: PF_IFNAME ID { $$ = gen_pf_ifname($2); }
+ | PF_RNR NUM { $$ = gen_pf_rnr($2); }
+ | PF_REASON reason { $$ = gen_pf_reason($2); }
+ | PF_ACTION action { $$ = gen_pf_action($2); }
+ ;
+
+reason: NUM { $$ = $1; }
+ | ID { const char *reasons[] = PFRES_NAMES;
+ int i;
+ for (i = 0; reasons[i]; i++) {
+ if (pcap_strcasecmp($1, reasons[i]) == 0) {
+ $$ = i;
+ break;
+ }
+ }
+ if (reasons[i] == NULL)
+ bpf_error("unknown PF reason");
+ }
+ ;
+
+action: ID { if (pcap_strcasecmp($1, "pass") == 0 ||
+ pcap_strcasecmp($1, "accept") == 0)
+ $$ = PF_PASS;
+ else if (pcap_strcasecmp($1, "drop") == 0 ||
+ pcap_strcasecmp($1, "block") == 0)
+ $$ = PF_DROP;
+ else
+ bpf_error("unknown PF action");
+ }
+ ;
+
relop: '>' { $$ = BPF_JGT; }
| GEQ { $$ = BPF_JGE; }
| '=' { $$ = BPF_JEQ; }
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
- * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.5 2003-03-08 09:21:37 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.6 2003-03-11 06:23:53 guy Exp $ (LBL)
*/
/*
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#endif
+/*
+ * 17 is used for DLT_PFLOG in OpenBSD; don't use it for anything else.
+ */
+
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
#define DLT_IPFILTER 116
/*
- * Reserved for use in capture-file headers as a link-layer type
- * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
- * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
- * in capture-file headers.
+ * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023
+ * in SuSE 6.3, so we can't use 17 for it in capture-file headers.
*/
+#ifdef __OpenBSD__
+#define DLT_PFLOG 17
+#else
#define DLT_PFLOG 117
+#endif
/*
* Registered for Cisco-internal use.
#define DLT_CISCO_IOS 118
/*
- * Reserved for 802.11 cards using the Prism II chips, with a link-layer
+ * For 802.11 cards using the Prism II chips, with a link-layer
* header including Prism monitor mode information plus an 802.11
* header.
*/
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.43 2002-12-28 00:44:04 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.44 2003-03-11 06:23:54 guy Exp $ (LBL)
*/
#ifndef pcap_int_h
strlen((y)))
#endif
+int pcap_strcasecmp(const char *, const char *);
+
/*
* Internal interface for "pcap_set_datalink()". Attempts to set the
* link-layer type to the specified type; if that fails, returns -1.
#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.49 2003-02-13 07:54:59 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.50 2003-03-11 06:23:54 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
(u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
};
-static int
+int
pcap_strcasecmp(const char *s1, const char *s2)
{
register const u_char *cm = charmap,
--- /dev/null
+/*
+ * Copyright (c) 2001 Daniel Hartmeier
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * @(#) $Header: /tcpdump/master/libpcap/Attic/pf.h,v 1.1 2003-03-11 06:23:54 guy Exp $ (LBL)
+ */
+
+/* from $OpenBSD: pfvar.h,v 1.61 2002/01/11 20:13:11 mickey Exp $ */
+
+enum { PF_IN=0, PF_OUT=1 };
+enum { PF_PASS=0, PF_DROP=1, PF_SCRUB=2 };
+
+/* Reasons code for passing/dropping a packet */
+#define PFRES_MATCH 0 /* Explicit match of a rule */
+#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */
+#define PFRES_FRAG 2 /* Dropping following fragment */
+#define PFRES_SHORT 3 /* Dropping short packet */
+#define PFRES_NORM 4 /* Dropping by normalizer */
+#define PFRES_MEMORY 5 /* Dropped due to lacking mem */
+#define PFRES_MAX 6 /* total+1 */
+
+#define PFRES_NAMES { \
+ "match", \
+ "bad-offset", \
+ "fragment", \
+ "short", \
+ "normalize", \
+ "memory", \
+ NULL \
+}
#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.77 2003-03-08 08:42:14 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.78 2003-03-11 06:23:55 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#define LINKTYPE_LTALK 114 /* Apple LocalTalk hardware */
#define LINKTYPE_ECONET 115 /* Acorn Econet */
+#define LINKTYPE_PFLOG 117 /* OpenBSD DLT_PFLOG */
#define LINKTYPE_CISCO_IOS 118 /* For Cisco-internal use */
#define LINKTYPE_PRISM_HEADER 119 /* 802.11+Prism II monitor mode */
#define LINKTYPE_AIRONET_HEADER 120 /* FreeBSD Aironet driver stuff */
#define LINKTYPE_HIPPI 111 /* NetBSD HIPPI */
#define LINKTYPE_HDLC 112 /* NetBSD HDLC framing */
#define LINKTYPE_IPFILTER 116 /* IP Filter capture files */
-#define LINKTYPE_PFLOG 117 /* OpenBSD DLT_PFLOG */
#define LINKTYPE_HHDLC 121 /* Siemens HiPath HDLC */
#define LINKTYPE_RIO 124 /* RapidIO */
#define LINKTYPE_PCI_EXP 125 /* PCI Express */
/* Acorn Econet */
{ DLT_ECONET, LINKTYPE_ECONET },
+ /* OpenBSD DLT_PFLOG */
+ { DLT_PFLOG, LINKTYPE_PFLOG },
+
/* For Cisco-internal use */
{ DLT_CISCO_IOS, LINKTYPE_CISCO_IOS },
#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.93 2003-03-08 05:53:11 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.94 2003-03-11 06:23:55 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
connectmsg return CONNECTMSG;
metaconnect return METACONNECT;
+on|ifname return PF_IFNAME;
+rnr|rulenum return PF_RNR;
+reason return PF_REASON;
+action return PF_ACTION;
+
[ \r\n\t] ;
[+\-*/:\[\]!<>()&|=] return yytext[0];
">=" return GEQ;
projects / libpcap / commitdiff
