pflog: handle OpenBSD's "rewriten" flag and addresses.

author Guy Harris <[email protected]>

Tue, 17 Dec 2024 19:46:50 +0000 (11:46 -0800)

committer Guy Harris <[email protected]>

Tue, 17 Dec 2024 19:47:03 +0000 (11:47 -0800)
author Guy Harris <[email protected]>
Tue, 17 Dec 2024 19:46:50 +0000 (11:46 -0800)
committer Guy Harris <[email protected]>
Tue, 17 Dec 2024 19:47:03 +0000 (11:47 -0800)
diff --git a/print-pflog.c b/print-pflog.c

index df5f8551b21838c9d63a5ca42c76bc0979f98396..f65ede295938ba0e39affe17c3c7a316ccf33eb3 100644 (file)
--- a/print-pflog.c
+++ b/print-pflog.c
@@ -31,6 +31,7 @@
  #include "netdissect.h"
  #include "extract.h"
  #include "af.h"
  #include "netdissect.h"
  #include "extract.h"
  #include "af.h"
+#include "addrtostr.h"
  
  /*
   * pflog headers, at least as they exist now.
  
  /*
   * pflog headers, at least as they exist now.
@@ -337,6 +338,34 @@ static const struct tok pf_directions_other[] = {
         { 0,            NULL }
  };
  
         { 0,            NULL }
  };
  
+static void
+print_pf_addr(netdissect_options *ndo, const char *tag, u_int naf,
+    const struct pf_addr *addr, const nd_uint16_t port)
+{
+       char buf[INET6_ADDRSTRLEN];
+       uint16_t portnum;
+
+       ND_PRINT("%s ", tag);
+       ND_TCHECK_SIZE(addr);
+       switch (naf) {
+
+       case BSD_AF_INET:
+               addrtostr(addr->v4, buf, sizeof(buf));
+               break;
+
+       case BSD_AF_INET6_BSD:
+               addrtostr6(addr->v6, buf, sizeof(buf));
+               break;
+
+       default:
+               strlcpy(buf, "?", sizeof(buf));
+               break;
+       }
+       ND_PRINT("%s:", buf);
+       portnum = GET_BE_U_2(port);
+       ND_PRINT("%u", portnum);
+}
+
  static void
  pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
  {
  static void
  pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
  {
@@ -427,6 +456,20 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
         }
         nd_printjnp(ndo, (const u_char*)hdr->ifname, PFLOG_IFNAMSIZ);
         ND_PRINT(": ");
         }
         nd_printjnp(ndo, (const u_char*)hdr->ifname, PFLOG_IFNAMSIZ);
         ND_PRINT(": ");
+       if (length == PFLOG_HEADER_LEN_OPENBSD) {
+               if (ndo->ndo_vflag && GET_U_1(hdr->u.openbsd.rewritten)) {
+                       uint8_t naf;
+
+                       ND_PRINT("[rewritten: ");
+                       naf = GET_U_1(hdr->u.openbsd.naf);
+                       print_pf_addr(ndo, "src", naf, &hdr->u.openbsd.saddr,
+                           hdr->u.openbsd.sport);
+                       ND_PRINT(", ");
+                       print_pf_addr(ndo, "src", naf, &hdr->u.openbsd.daddr,
+                           hdr->u.openbsd.dport);
+                       ND_PRINT("; ");
+               }
+       }
  }
  
  void
  }
  
  void
author	Guy Harris <[email protected]>
	Tue, 17 Dec 2024 19:46:50 +0000 (11:46 -0800)
committer	Guy Harris <[email protected]>
	Tue, 17 Dec 2024 19:47:03 +0000 (11:47 -0800)