From: Guy Harris <gharris@sonic.net>
Date: Tue, 17 Dec 2024 19:46:50 +0000 (-0800)
Subject: pflog: handle OpenBSD's "rewriten" flag and addresses.
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/346122ac064a81e1eb1ad4dbcfee00d0ffa145c6

pflog: handle OpenBSD's "rewriten" flag and addresses.

Derived from the OpenBSD tcpdump.
---

diff --git a/print-pflog.c b/print-pflog.c
index df5f8551..f65ede29 100644
--- a/print-pflog.c
+++ b/print-pflog.c
@@ -31,6 +31,7 @@
 #include "netdissect.h"
 #include "extract.h"
 #include "af.h"
+#include "addrtostr.h"
 
 /*
  * pflog headers, at least as they exist now.
@@ -337,6 +338,34 @@ static const struct tok pf_directions_other[] = {
 	{ 0,		NULL }
 };
 
+static void
+print_pf_addr(netdissect_options *ndo, const char *tag, u_int naf,
+    const struct pf_addr *addr, const nd_uint16_t port)
+{
+	char buf[INET6_ADDRSTRLEN];
+	uint16_t portnum;
+
+	ND_PRINT("%s ", tag);
+	ND_TCHECK_SIZE(addr);
+	switch (naf) {
+
+	case BSD_AF_INET:
+		addrtostr(addr->v4, buf, sizeof(buf));
+		break;
+
+	case BSD_AF_INET6_BSD:
+		addrtostr6(addr->v6, buf, sizeof(buf));
+		break;
+
+	default:
+		strlcpy(buf, "?", sizeof(buf));
+		break;
+	}
+	ND_PRINT("%s:", buf);
+	portnum = GET_BE_U_2(port);
+	ND_PRINT("%u", portnum);
+}
+
 static void
 pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
 {
@@ -427,6 +456,20 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
 	}
 	nd_printjnp(ndo, (const u_char*)hdr->ifname, PFLOG_IFNAMSIZ);
 	ND_PRINT(": ");
+	if (length == PFLOG_HEADER_LEN_OPENBSD) {
+		if (ndo->ndo_vflag && GET_U_1(hdr->u.openbsd.rewritten)) {
+			uint8_t naf;
+
+			ND_PRINT("[rewritten: ");
+			naf = GET_U_1(hdr->u.openbsd.naf);
+			print_pf_addr(ndo, "src", naf, &hdr->u.openbsd.saddr,
+			    hdr->u.openbsd.sport);
+			ND_PRINT(", ");
+			print_pf_addr(ndo, "src", naf, &hdr->u.openbsd.daddr,
+			    hdr->u.openbsd.dport);
+			ND_PRINT("; ");
+		}
+	}
 }
 
 void