The Tcpdump Group git mirrors - tcpdump/blob - print-pflog.c

   1 /*      $OpenBSD: print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $   */
   2
   3 /*
   4  * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
   5  *      The Regents of the University of California.  All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that: (1) source code distributions
   9  * retain the above copyright notice and this paragraph in its entirety, (2)
  10  * distributions including binary code include the above copyright notice and
  11  * this paragraph in its entirety in the documentation or other materials
  12  * provided with the distribution, and (3) all advertising materials mentioning
  13  * features or use of this software display the following acknowledgement:
  14  * ``This product includes software developed by the University of California,
  15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  16  * the University nor the names of its contributors may be used to endorse
  17  * or promote products derived from this software without specific prior
  18  * written permission.
  19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  22  */
  23
  24 #ifndef lint
  25 static const char rcsid[] =
  26     "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.6 2002-12-18 09:41:17 guy Exp $ (LBL)";
  27 #endif
  28
  29 #ifdef HAVE_CONFIG_H
  30 #include "config.h"
  31 #endif
  32
  33 #include <tcpdump-stdinc.h>
  34
  35 #include <stdio.h>
  36 #include <pcap.h>
  37
  38 #include "interface.h"
  39 #include "addrtoname.h"
  40
  41 /* The header in OpenBSD pflog files. */
  42
  43 struct pfloghdr {
  44         u_int32_t af;
  45         char    ifname[16];
  46         int16_t rnr;
  47         u_int16_t reason;
  48         u_int16_t action;
  49         u_int16_t dir;
  50 };
  51 #define PFLOG_HDRLEN    sizeof(struct pfloghdr)
  52
  53 /* Actions */
  54 #define PF_PASS  0
  55 #define PF_DROP  1
  56 #define PF_SCRUB 2
  57
  58 /* Directions */
  59 #define PF_IN  0
  60 #define PF_OUT 1
  61
  62 static struct tok pf_reasons[] = {
  63         { 0,    "match" },
  64         { 1,    "bad-offset" },
  65         { 2,    "fragment" },
  66         { 3,    "short" },
  67         { 4,    "normalize" },
  68         { 5,    "memory" },
  69         { 0,    NULL }
  70 };
  71
  72 static struct tok pf_actions[] = {
  73         { PF_PASS,      "pass" },
  74         { PF_DROP,      "drop" },
  75         { PF_SCRUB,     "scrub" },
  76         { 0,            NULL }
  77 };
  78
  79 static struct tok pf_directions[] = {
  80         { PF_IN,        "in" },
  81         { PF_OUT,       "out" },
  82         { 0,            NULL }
  83 };
  84
  85 #define OPENBSD_AF_INET         2
  86 #define OPENBSD_AF_INET6        24
  87
  88 static void
  89 pflog_print(const struct pfloghdr *hdr)
  90 {
  91         printf("rule %d/%s: %s %s on %s: ",
  92             (short)ntohs(hdr->rnr),
  93             tok2str(pf_reasons, "unkn(%u)", ntohs(hdr->reason)),
  94             tok2str(pf_actions, "unkn(%u)", ntohs(hdr->action)),
  95             tok2str(pf_directions, "unkn(%u)", ntohs(hdr->dir)),
  96             hdr->ifname);
  97 }
  98
  99 void
 100 pflog_if_print(u_char *user _U_, const struct pcap_pkthdr *h,
 101      register const u_char *p)
 102 {
 103         u_int length = h->len;
 104         u_int caplen = h->caplen;
 105         const u_char *orig_p;
 106         u_int orig_caplen;
 107         const struct pfloghdr *hdr;
 108         u_int8_t af;
 109
 110         ts_print(&h->ts);
 111
 112         if (caplen < PFLOG_HDRLEN) {
 113                 printf("[|pflog]");
 114                 goto out;
 115         }
 116
 117         /*
 118          * Some printers want to check that they're not walking off the
 119          * end of the packet.
 120          * Rather than pass it all the way down, we set this global.
 121          */
 122         snapend = p + caplen;
 123
 124         /*
 125          * Save the information for the full packet, so we can print
 126          * everything if "-e" and "-x" are both specified.
 127          */
 128         orig_p = p;
 129         orig_caplen = caplen;
 130
 131         hdr = (const struct pfloghdr *)p;
 132         if (eflag)
 133                 pflog_print(hdr);
 134         af = ntohl(hdr->af);
 135         length -= PFLOG_HDRLEN;
 136         caplen -= PFLOG_HDRLEN;
 137         p += PFLOG_HDRLEN;
 138         switch (af) {
 139
 140         case OPENBSD_AF_INET:
 141                 ip_print(p, length);
 142                 break;
 143
 144 #ifdef INET6
 145         case OPENBSD_AF_INET6:
 146                 ip6_print(p, length);
 147                 break;
 148 #endif
 149
 150         default:
 151                 /* address family not handled, print raw packet */
 152                 if (!eflag)
 153                         pflog_print(hdr);
 154                 if (!xflag && !qflag)
 155                         default_print(p, caplen);
 156         }
 157
 158         if (xflag)
 159                 default_print_packet(orig_p, orig_caplen, PFLOG_HDRLEN);
 160 out:
 161         putchar('\n');
 162         --infodelay;
 163         if (infoprint)
 164                 info(0);
 165 }