The Tcpdump Group git mirrors - tcpdump/blob - print-pflog.c

   1 /*      $OpenBSD: print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $   */
   2
   3 /*
   4  * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
   5  *      The Regents of the University of California.  All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that: (1) source code distributions
   9  * retain the above copyright notice and this paragraph in its entirety, (2)
  10  * distributions including binary code include the above copyright notice and
  11  * this paragraph in its entirety in the documentation or other materials
  12  * provided with the distribution, and (3) all advertising materials mentioning
  13  * features or use of this software display the following acknowledgement:
  14  * ``This product includes software developed by the University of California,
  15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  16  * the University nor the names of its contributors may be used to endorse
  17  * or promote products derived from this software without specific prior
  18  * written permission.
  19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  22  */
  23
  24 #ifndef lint
  25 static const char rcsid[] =
  26     "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.2 2002-02-06 11:05:35 guy Exp $ (LBL)";
  27 #endif
  28
  29 #ifdef HAVE_CONFIG_H
  30 #include "config.h"
  31 #endif
  32
  33 #include <sys/param.h>
  34 #include <sys/time.h>
  35 #include <sys/socket.h>
  36
  37 #include <netinet/in.h>
  38
  39 #include <stdio.h>
  40 #include <pcap.h>
  41
  42 #include "interface.h"
  43 #include "addrtoname.h"
  44
  45 /* The header in OpenBSD pflog files. */
  46
  47 struct pfloghdr {
  48         u_int32_t af;
  49         char    ifname[16];
  50         int16_t rnr;
  51         u_int16_t reason;
  52         u_int16_t action;
  53         u_int16_t dir;
  54 };
  55 #define PFLOG_HDRLEN    sizeof(struct pfloghdr)
  56
  57 /* Actions */
  58 #define PF_PASS  0
  59 #define PF_DROP  1
  60 #define PF_SCRUB 2
  61
  62 /* Directions */
  63 #define PF_IN  0
  64 #define PF_OUT 1
  65
  66 static struct tok pf_reasons[] = {
  67         { 0,    "match" },
  68         { 1,    "bad-offset" },
  69         { 2,    "fragment" },
  70         { 3,    "short" },
  71         { 4,    "normalize" },
  72         { 5,    "memory" },
  73         { 0,    NULL }
  74 };
  75
  76 static struct tok pf_actions[] = {
  77         { PF_PASS,      "pass" },
  78         { PF_DROP,      "drop" },
  79         { PF_SCRUB,     "scrub" },
  80         { 0,            NULL }
  81 };
  82
  83 static struct tok pf_directions[] = {
  84         { PF_IN,        "in" },
  85         { PF_OUT,       "out" },
  86         { 0,            NULL }
  87 };
  88
  89 #define OPENBSD_AF_INET         2
  90 #define OPENBSD_AF_INET6        24
  91
  92 static void
  93 pflog_print(const struct pfloghdr *hdr)
  94 {
  95         printf("rule %d/%s: %s %s on %s: ",
  96             (short)ntohs(hdr->rnr),
  97             tok2str(pf_reasons, "unkn(%u)", ntohs(hdr->reason)),
  98             tok2str(pf_actions, "unkn(%u)", ntohs(hdr->action)),
  99             tok2str(pf_directions, "unkn(%u)", ntohs(hdr->dir)),
 100             hdr->ifname);
 101 }
 102
 103 void
 104 pflog_if_print(u_char *user, const struct pcap_pkthdr *h,
 105      register const u_char *p)
 106 {
 107         u_int length = h->len;
 108         u_int caplen = h->caplen;
 109         const struct pfloghdr *hdr;
 110         u_int8_t af;
 111
 112         ts_print(&h->ts);
 113
 114         if (caplen < PFLOG_HDRLEN) {
 115                 printf("[|pflog]");
 116                 goto out;
 117         }
 118
 119         /*
 120          * Some printers want to get back at the link level addresses,
 121          * and/or check that they're not walking off the end of the packet.
 122          * Rather than pass them all the way down, we set these globals.
 123          */
 124         packetp = p;
 125         snapend = p + caplen;
 126
 127         hdr = (const struct pfloghdr *)p;
 128         if (eflag)
 129                 pflog_print(hdr);
 130         af = ntohl(hdr->af);
 131         length -= PFLOG_HDRLEN;
 132         caplen -= PFLOG_HDRLEN;
 133         p += PFLOG_HDRLEN;
 134         switch (af) {
 135
 136         case OPENBSD_AF_INET:
 137                 ip_print(p, length);
 138                 break;
 139
 140 #ifdef INET6
 141         case OPENBSD_AF_INET6:
 142                 ip6_print(p, length);
 143                 break;
 144 #endif
 145
 146         default:
 147                 /* address family not handled, print raw packet */
 148                 if (!eflag)
 149                         pflog_print(hdr);
 150                 if (!xflag && !qflag)
 151                         default_print(p, caplen);
 152         }
 153
 154         if (xflag)
 155                 default_print(p, caplen);
 156 out:
 157         putchar('\n');
 158         --infodelay;
 159         if (infoprint)
 160                 info(0);
 161 }