starting to adopt it.
Don't bother being backwards compatible to old value (17).
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
-# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.276.2.3 2004-03-17 19:47:47 guy Exp $ (LBL)
+# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.276.2.4 2004-03-28 21:25:02 fenner Exp $ (LBL)
#
# Various configurable paths (remember to edit Makefile.in, not Makefile)
ipx.h llc.h machdep.h mib.h nfsfh.h nfsv2.h ntp.h ospf.h \
setsignal.h \
gnuc.h ipsec_doi.h isakmp.h l2tp.h nameser.h \
- netbios.h oakley.h ospf6.h ppp.h route6d.h
+ netbios.h oakley.h ospf6.h pf.h ppp.h route6d.h
TAGHDR = \
/usr/include/arpa/tftp.h \
--- /dev/null
+/*
+ * Copyright (c) 2001 Daniel Hartmeier
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * @(#) $Header: /tcpdump/master/tcpdump/Attic/pf.h,v 1.1.2.1 2004-03-28 21:25:03 fenner Exp $ (LBL)
+ */
+
+/* from $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
+
+enum { PF_INOUT=0, PF_IN=1, PF_OUT=2 };
+enum { PF_PASS=0, PF_DROP=1, PF_SCRUB=2, PF_NAT=3, PF_NONAT=4,
+ PF_BINAT=5, PF_NOBINAT=6, PF_RDR=7, PF_NORDR=8, PF_SYNPROXY_DROP=9 };
+
+/* Reasons code for passing/dropping a packet */
+#define PFRES_MATCH 0 /* Explicit match of a rule */
+#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */
+#define PFRES_FRAG 2 /* Dropping following fragment */
+#define PFRES_SHORT 3 /* Dropping short packet */
+#define PFRES_NORM 4 /* Dropping by normalizer */
+#define PFRES_MEMORY 5 /* Dropped due to lacking mem */
+#define PFRES_MAX 6 /* total+1 */
+
+#define PFRES_NAMES { \
+ "match", \
+ "bad-offset", \
+ "fragment", \
+ "short", \
+ "normalize", \
+ "memory", \
+ NULL \
+}
+
+#define PF_RULESET_NAME_SIZE 16
+
+/* from $OpenBSD: if_pflog.h,v 1.9 2003/07/15 20:27:27 dhartmei Exp $ */
+
+#ifndef IFNAMSIZ
+#define IFNAMSIZ 16
+#endif
+
+struct pfloghdr {
+ u_int8_t length;
+ sa_family_t af;
+ u_int8_t action;
+ u_int8_t reason;
+ char ifname[IFNAMSIZ];
+ char ruleset[PF_RULESET_NAME_SIZE];
+ u_int32_t rulenr;
+ u_int32_t subrulenr;
+ u_int8_t dir;
+ u_int8_t pad[3];
+};
+#define PFLOG_HDRLEN sizeof(struct pfloghdr)
-/* $OpenBSD: print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $ */
-
/*
* Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.7.2.2 2003-11-16 08:51:38 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.7.2.3 2004-03-28 21:25:03 fenner Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "interface.h"
#include "addrtoname.h"
-
-/* The header in OpenBSD pflog files. */
-
-struct pfloghdr {
- u_int32_t af;
- char ifname[16];
- int16_t rnr;
- u_int16_t reason;
- u_int16_t action;
- u_int16_t dir;
-};
-#define PFLOG_HDRLEN sizeof(struct pfloghdr)
-
-/* Actions */
-#define PF_PASS 0
-#define PF_DROP 1
-#define PF_SCRUB 2
-
-/* Directions */
-#define PF_IN 0
-#define PF_OUT 1
+#include "pf.h"
static struct tok pf_reasons[] = {
- { 0, "match" },
- { 1, "bad-offset" },
- { 2, "fragment" },
- { 3, "short" },
- { 4, "normalize" },
- { 5, "memory" },
+ { 0, "0(match)" },
+ { 1, "1(bad-offset)" },
+ { 2, "2(fragment)" },
+ { 3, "3(short)" },
+ { 4, "4(normalize)" },
+ { 5, "5(memory)" },
{ 0, NULL }
};
static struct tok pf_actions[] = {
- { PF_PASS, "pass" },
- { PF_DROP, "drop" },
- { PF_SCRUB, "scrub" },
- { 0, NULL }
+ { PF_PASS, "pass" },
+ { PF_DROP, "block" },
+ { PF_SCRUB, "scrub" },
+ { PF_NAT, "nat" },
+ { PF_NONAT, "nat" },
+ { PF_BINAT, "binat" },
+ { PF_NOBINAT, "binat" },
+ { PF_RDR, "rdr" },
+ { PF_NORDR, "rdr" },
+ { PF_SYNPROXY_DROP, "synproxy-drop" },
+ { 0, NULL }
};
static struct tok pf_directions[] = {
+ { PF_INOUT, "in/out" },
{ PF_IN, "in" },
{ PF_OUT, "out" },
{ 0, NULL }
};
-#define OPENBSD_AF_INET 2
-#define OPENBSD_AF_INET6 24
+/* For reading capture files on other systems */
+#define OPENBSD_AF_INET 2
+#define OPENBSD_AF_INET6 24
static void
pflog_print(const struct pfloghdr *hdr)
{
- printf("rule %d/%s: %s %s on %s: ",
- (short)ntohs(hdr->rnr),
- tok2str(pf_reasons, "unkn(%u)", ntohs(hdr->reason)),
- tok2str(pf_actions, "unkn(%u)", ntohs(hdr->action)),
- tok2str(pf_directions, "unkn(%u)", ntohs(hdr->dir)),
+ if (ntohl(hdr->subrulenr) == (u_int32_t)-1)
+ printf("rule %u/", ntohl(hdr->rulenr));
+ else
+ printf("rule %u.%s.%u/", ntohl(hdr->rulenr), hdr->ruleset,
+ ntohl(hdr->subrulenr));
+
+ printf("%s: %s %s on %s: ",
+ tok2str(pf_reasons, "unkn(%u)", hdr->reason),
+ tok2str(pf_actions, "unkn(%u)", hdr->action),
+ tok2str(pf_directions, "unkn(%u)", hdr->dir),
hdr->ifname);
}
pflog_if_print(const struct pcap_pkthdr *h, register const u_char *p)
{
u_int length = h->len;
+ u_int hdrlen;
u_int caplen = h->caplen;
+ const struct ip *ip;
+#ifdef INET6
+ const struct ip6_hdr *ip6;
+#endif
const struct pfloghdr *hdr;
u_int8_t af;
- if (caplen < PFLOG_HDRLEN) {
+ /* check length */
+ if (caplen < sizeof(u_int8_t)) {
printf("[|pflog]");
return (caplen);
}
- hdr = (const struct pfloghdr *)p;
+#define MIN_PFLOG_HDRLEN 45
+ hdr = (struct pfloghdr *)p;
+ if (hdr->length < MIN_PFLOG_HDRLEN) {
+ printf("[pflog: invalid header length!]");
+ return (hdr->length); /* XXX: not really */
+ }
+ hdrlen = BPF_WORDALIGN(hdr->length);
+
+ if (caplen < hdrlen) {
+ printf("[|pflog]");
+ return (hdrlen); /* XXX: true? */
+ }
+
+ /* print what we know */
+ hdr = (struct pfloghdr *)p;
+ TCHECK(*hdr);
if (eflag)
pflog_print(hdr);
- af = ntohl(hdr->af);
- length -= PFLOG_HDRLEN;
- caplen -= PFLOG_HDRLEN;
- p += PFLOG_HDRLEN;
+
+ /* skip to the real packet */
+ af = hdr->af;
+ length -= hdrlen;
+ caplen -= hdrlen;
+ p += hdrlen;
switch (af) {
- case OPENBSD_AF_INET:
- ip_print(p, length);
- break;
+ case AF_INET:
+#if OPENBSD_AF_INET != AF_INET
+ case OPENBSD_AF_INET: /* XXX: read pcap files */
+#endif
+ ip_print(p, length);
+ break;
#ifdef INET6
- case OPENBSD_AF_INET6:
- ip6_print(p, length);
- break;
+ case AF_INET6:
+#if OPENBSD_AF_INET6 != AF_INET6
+ case OPENBSD_AF_INET6: /* XXX: read pcap files */
+#endif
+ ip6_print(p, length);
+ break;
#endif
default:
if (!xflag && !qflag)
default_print(p, caplen);
}
-
- return (PFLOG_HDRLEN);
+
+ return (hdrlen);
+trunc:
+ printf("[|pflog]");
+ return (hdrlen);
}
-.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.148.2.5 2004-01-26 02:13:52 guy Exp $ (LBL)
+.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.148.2.6 2004-03-28 21:25:03 fenner Exp $ (LBL)
.\"
.\" $NetBSD: tcpdump.8,v 1.9 2003/03/31 00:18:17 perry Exp $
.\"
.B memory
(applies only to packets logged by OpenBSD's
.BR pf (4)).
+.IP "\fBrset \fIname\fR"
+True if the packet was logged as matching the specified PF ruleset
+name of an anchored ruleset (applies only to packets logged by
+.BR pf (4)).
+.IP "\fBruleset \fIname\fR"
+Synonomous with the
+.B rset
+modifier.
+.IP "\fBsrnr \fInum\fR"
+True if the packet was logged as matching the specified PF rule number
+of an anchored ruleset (applies only to packets logged by
+.BR pf (4)).
+.IP "\fBsubrulenum \fInum\fR"
+Synonomous with the
+.B srnr
+modifier.
.IP "\fBaction \fIact\fR"
True if PF took the specified action when the packet was logged. Known actions
are:
and
.B block
(applies only to packets logged by OpenBSD's
-.BR pf(4)).
+.BR pf (4)).
.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR, \fBstp\fR, \fBipx\fR, \fInetbeui\fP"
Abbreviations for:
.in +.5i
projects / tcpdump / commitdiff
