The Tcpdump Group git mirrors - tcpdump/blobdiff

-/* $OpenBSD: print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $ */

-

/*

* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

*/

* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

*/

-#ifndef lint

-static const char rcsid[] =

- "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.4 2002-09-05 21:25:44 guy Exp $ (LBL)";

-#endif

-

#ifdef HAVE_CONFIG_H

#include "config.h"

#endif

#ifdef HAVE_CONFIG_H

#include "config.h"

#endif

-#include <tcpdump-stdinc.h>

-

-#include <stdio.h>

-#include <pcap.h>

-

-#include "interface.h"

-#include "addrtoname.h"

-

-/* The header in OpenBSD pflog files. */

-

-struct pfloghdr {

- u_int32_t af;

- char ifname[16];

- int16_t rnr;

- u_int16_t reason;

- u_int16_t action;

- u_int16_t dir;

-};

-#define PFLOG_HDRLEN sizeof(struct pfloghdr)

-

-/* Actions */

-#define PF_PASS 0

-#define PF_DROP 1

-#define PF_SCRUB 2

-

-/* Directions */

-#define PF_IN 0

-#define PF_OUT 1

-

-static struct tok pf_reasons[] = {

- { 0, "match" },

- { 1, "bad-offset" },

- { 2, "fragment" },

- { 3, "short" },

- { 4, "normalize" },

- { 5, "memory" },

+#ifndef HAVE_NET_PFVAR_H

+#error "No pf headers available"

+#endif

+#include <sys/types.h>

+#include <sys/socket.h>

+#include <net/if.h>

+#include <net/pfvar.h>

+#include <net/if_pflog.h>

+

+#include <netdissect-stdinc.h>

+

+#include "netdissect.h"

+#include "extract.h"

+

+static const char tstr[] = "[|pflog]";

+

+static const struct tok pf_reasons[] = {

+ { 0, "0(match)" },

+ { 1, "1(bad-offset)" },

+ { 2, "2(fragment)" },

+ { 3, "3(short)" },

+ { 4, "4(normalize)" },

+ { 5, "5(memory)" },

+ { 6, "6(bad-timestamp)" },

+ { 7, "7(congestion)" },

+ { 8, "8(ip-option)" },

+ { 9, "9(proto-cksum)" },

+ { 10, "10(state-mismatch)" },

+ { 11, "11(state-insert)" },

+ { 12, "12(state-limit)" },

+ { 13, "13(src-limit)" },

+ { 14, "14(synproxy)" },

{ 0, NULL }

};

{ 0, NULL }

};

-static struct tok pf_actions[] = {

- { PF_PASS, "pass" },

- { PF_DROP, "drop" },

- { PF_SCRUB, "scrub" },

- { 0, NULL }

+static const struct tok pf_actions[] = {

+ { PF_PASS, "pass" },

+ { PF_DROP, "block" },

+ { PF_SCRUB, "scrub" },

+ { PF_NAT, "nat" },

+ { PF_NONAT, "nat" },

+ { PF_BINAT, "binat" },

+ { PF_NOBINAT, "binat" },

+ { PF_RDR, "rdr" },

+ { PF_NORDR, "rdr" },

+ { PF_SYNPROXY_DROP, "synproxy-drop" },

+ { 0, NULL }

};

-static struct tok pf_directions[] = {

+static const struct tok pf_directions[] = {

+ { PF_INOUT, "in/out" },

{ PF_IN, "in" },

{ PF_OUT, "out" },

{ 0, NULL }

};

{ PF_IN, "in" },

{ PF_OUT, "out" },

{ 0, NULL }

};

-#define OPENBSD_AF_INET 2

-#define OPENBSD_AF_INET6 24

+/* For reading capture files on other systems */

+#define OPENBSD_AF_INET 2

+#define OPENBSD_AF_INET6 24

static void

-pflog_print(const struct pfloghdr *hdr)

+pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)

{

- printf("rule %d/%s: %s %s on %s: ",

- (short)ntohs(hdr->rnr),

- tok2str(pf_reasons, "unkn(%u)", ntohs(hdr->reason)),

- tok2str(pf_actions, "unkn(%u)", ntohs(hdr->action)),

- tok2str(pf_directions, "unkn(%u)", ntohs(hdr->dir)),

- hdr->ifname);

+ uint32_t rulenr, subrulenr;

+

+ rulenr = EXTRACT_32BITS(&hdr->rulenr);

+ subrulenr = EXTRACT_32BITS(&hdr->subrulenr);

+ if (subrulenr == (uint32_t)-1)

+ ND_PRINT((ndo, "rule %u/", rulenr));

+ else

+ ND_PRINT((ndo, "rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr));

+

+ ND_PRINT((ndo, "%s: %s %s on %s: ",

+ tok2str(pf_reasons, "unkn(%u)", hdr->reason),

+ tok2str(pf_actions, "unkn(%u)", hdr->action),

+ tok2str(pf_directions, "unkn(%u)", hdr->dir),

+ hdr->ifname));

}

-void

-pflog_if_print(u_char *user _U_, const struct pcap_pkthdr *h,

- register const u_char *p)

+u_int

+pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,

+ register const u_char *p)

{

u_int length = h->len;

{

u_int length = h->len;

+ u_int hdrlen;

u_int caplen = h->caplen;

const struct pfloghdr *hdr;

u_int caplen = h->caplen;

const struct pfloghdr *hdr;

- u_int8_t af;

+ uint8_t af;

- ts_print(&h->ts);

+ /* check length */

+ if (caplen < sizeof(uint8_t)) {

+ ND_PRINT((ndo, "%s", tstr));

+ return (caplen);

+ }

- if (caplen < PFLOG_HDRLEN) {

- printf("[|pflog]");

- goto out;

+#define MIN_PFLOG_HDRLEN 45

+ hdr = (struct pfloghdr *)p;

+ if (hdr->length < MIN_PFLOG_HDRLEN) {

+ ND_PRINT((ndo, "[pflog: invalid header length!]"));

+ return (hdr->length); /* XXX: not really */

}

+ hdrlen = BPF_WORDALIGN(hdr->length);

- /*

- * Some printers want to get back at the link level addresses,

- * and/or check that they're not walking off the end of the packet.

- * Rather than pass them all the way down, we set these globals.

- */

- packetp = p;

- snapend = p + caplen;

-

- hdr = (const struct pfloghdr *)p;

- if (eflag)

- pflog_print(hdr);

- af = ntohl(hdr->af);

- length -= PFLOG_HDRLEN;

- caplen -= PFLOG_HDRLEN;

- p += PFLOG_HDRLEN;

- switch (af) {

+ if (caplen < hdrlen) {

+ ND_PRINT((ndo, "%s", tstr));

+ return (hdrlen); /* XXX: true? */

+ }

- case OPENBSD_AF_INET:

- ip_print(p, length);

- break;

+ /* print what we know */

+ hdr = (struct pfloghdr *)p;

+ ND_TCHECK(*hdr);

+ if (ndo->ndo_eflag)

+ pflog_print(ndo, hdr);

+

+ /* skip to the real packet */

+ af = hdr->af;

+ length -= hdrlen;

+ caplen -= hdrlen;

+ p += hdrlen;

+ switch (af) {

-#ifdef INET6

- case OPENBSD_AF_INET6:

- ip6_print(p, length);

- break;

+ case AF_INET:

+#if OPENBSD_AF_INET != AF_INET

+ case OPENBSD_AF_INET: /* XXX: read pcap files */

#endif

+ ip_print(ndo, p, length);

+ break;

+

+#if defined(AF_INET6) || defined(OPENBSD_AF_INET6)

+#ifdef AF_INET6

+ case AF_INET6:

+#endif /* AF_INET6 */

+#if !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6

+ case OPENBSD_AF_INET6: /* XXX: read pcap files */

+#endif /* !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 */

+ ip6_print(ndo, p, length);

+ break;

+#endif /* defined(AF_INET6) || defined(OPENBSD_AF_INET6) */

default:

/* address family not handled, print raw packet */

default:

/* address family not handled, print raw packet */

- if (!eflag)

- pflog_print(hdr);

- if (!xflag && !qflag)

- default_print(p, caplen);

+ if (!ndo->ndo_eflag)

+ pflog_print(ndo, hdr);

+ if (!ndo->ndo_suppress_default_print)

+ ND_DEFAULTPRINT(p, caplen);

}

- if (xflag)

- default_print(p, caplen);

-out:

- putchar('\n');

- --infodelay;

- if (infoprint)

- info(0);

+ return (hdrlen);

+trunc:

+ ND_PRINT((ndo, "%s", tstr));

+ return (hdrlen);

}

+

+/*

+ * Local Variables:

+ * c-style: whitesmith

+ * c-basic-offset: 8

+ * End:

+ */