From: guy Date: Tue, 5 Feb 2002 10:07:38 +0000 (+0000) Subject: Include code to handle OpenBSD DLT_PFLOG files, based on the OpenBSD X-Git-Tag: tcpdump-3.8-bp~545 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/73a1c3892c1b33aa5dd4ede34cb686f90676ed29 Include code to handle OpenBSD DLT_PFLOG files, based on the OpenBSD "print-pflog.c", originally written by Niels Provos . --- diff --git a/CREDITS b/CREDITS index e766e89c..51b1612d 100644 --- a/CREDITS +++ b/CREDITS @@ -63,6 +63,7 @@ Additional people who have contributed patches: Motonori Shindo Nathan J. Williams Nathaniel Couper-Noles + Niels Provos Nickolai Zeldovich Olaf Kirch Onno van der Linden diff --git a/FILES b/FILES index c65384ef..0ac8a388 100644 --- a/FILES +++ b/FILES @@ -128,6 +128,7 @@ print-ntp.c print-null.c print-ospf.c print-ospf6.c +print-pflog.c print-pim.c print-ppp.c print-pppoe.c diff --git a/Makefile.in b/Makefile.in index 2cb6924a..d250097e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -17,7 +17,7 @@ # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # -# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.260 2001-12-10 08:21:23 guy Exp $ (LBL) +# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.261 2002-02-05 10:07:39 guy Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -76,10 +76,10 @@ CSRC = addrtoname.c gmt2local.c machdep.c parsenfsfh.c \ print-ipx.c print-isakmp.c print-isoclns.c print-krb.c \ print-l2tp.c print-lane.c print-lcp.c print-llc.c print-lwres.c \ print-msdp.c print-mobile.c print-mpls.c print-nfs.c \ - print-ntp.c print-null.c print-ospf.c print-pim.c \ - print-ppp.c print-pppoe.c print-pptp.c print-radius.c \ - print-raw.c print-rip.c print-rx.c print-sctp.c \ - print-sl.c print-sll.c print-snmp.c \ + print-ntp.c print-null.c print-ospf.c print-pflog.c \ + print-pim.c print-ppp.c print-pppoe.c print-pptp.c \ + print-radius.c print-raw.c print-rip.c print-rx.c \ + print-sctp.c print-sl.c print-sll.c print-snmp.c \ print-stp.c print-sunrpc.c print-tcp.c \ print-telnet.c print-tftp.c print-timed.c print-token.c \ print-udp.c print-vjc.c print-vrrp.c print-wb.c print-zephyr.c \ diff --git a/interface.h b/interface.h index c290d576..94ece1a9 100644 --- a/interface.h +++ b/interface.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.178 2002-01-21 11:39:58 mcr Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.179 2002-02-05 10:07:39 guy Exp $ (LBL) */ #ifndef tcpdump_interface_h @@ -204,6 +204,8 @@ extern void default_print(const u_char *, u_int); extern void default_print_unaligned(const u_char *, u_int); extern void dvmrp_print(const u_char *, u_int); extern void egp_print(const u_char *, u_int, const u_char *); +extern void pflog_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); extern void arcnet_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void ether_if_print(u_char *, const struct pcap_pkthdr *, diff --git a/print-pflog.c b/print-pflog.c new file mode 100644 index 00000000..78dd4db1 --- /dev/null +++ b/print-pflog.c @@ -0,0 +1,157 @@ +/* $OpenBSD: print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $ */ + +/* + * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code distributions + * retain the above copyright notice and this paragraph in its entirety, (2) + * distributions including binary code include the above copyright notice and + * this paragraph in its entirety in the documentation or other materials + * provided with the distribution, and (3) all advertising materials mentioning + * features or use of this software display the following acknowledgement: + * ``This product includes software developed by the University of California, + * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of + * the University nor the names of its contributors may be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#ifndef lint +static const char rcsid[] = + "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.1 2002-02-05 10:07:39 guy Exp $ (LBL)"; +#endif + +#include +#include +#include + +#include + +#include +#include + +#include "interface.h" +#include "addrtoname.h" + +/* The header in OpenBSD pflog files. */ + +struct pfloghdr { + u_int32_t af; + char ifname[16]; + int16_t rnr; + u_int16_t reason; + u_int16_t action; + u_int16_t dir; +}; +#define PFLOG_HDRLEN sizeof(struct pfloghdr) + +/* Actions */ +#define PF_PASS 0 +#define PF_DROP 1 +#define PF_SCRUB 2 + +/* Directions */ +#define PF_IN 0 +#define PF_OUT 1 + +static struct tok pf_reasons[] = { + { 0, "match" }, + { 1, "bad-offset" }, + { 2, "fragment" }, + { 3, "short" }, + { 4, "normalize" }, + { 5, "memory" }, + { 0, NULL } +}; + +static struct tok pf_actions[] = { + { PF_PASS, "pass" }, + { PF_DROP, "drop" }, + { PF_SCRUB, "scrub" }, + { 0, NULL } +}; + +static struct tok pf_directions[] = { + { PF_IN, "in" }, + { PF_OUT, "out" }, + { 0, NULL } +}; + +#define OPENBSD_AF_INET 2 +#define OPENBSD_AF_INET6 24 + +static void +pflog_print(const struct pfloghdr *hdr) +{ + printf("rule %d/%s: %s %s on %s: ", + (short)ntohs(hdr->rnr), + tok2str(pf_reasons, "unkn(%u)", ntohs(hdr->reason)), + tok2str(pf_actions, "unkn(%u)", ntohs(hdr->action)), + tok2str(pf_directions, "unkn(%u)", ntohs(hdr->dir)), + hdr->ifname); +} + +void +pflog_if_print(u_char *user, const struct pcap_pkthdr *h, + register const u_char *p) +{ + u_int length = h->len; + u_int caplen = h->caplen; + const struct pfloghdr *hdr; + u_int8_t af; + + ts_print(&h->ts); + + if (caplen < PFLOG_HDRLEN) { + printf("[|pflog]"); + goto out; + } + + /* + * Some printers want to get back at the link level addresses, + * and/or check that they're not walking off the end of the packet. + * Rather than pass them all the way down, we set these globals. + */ + packetp = p; + snapend = p + caplen; + + hdr = (const struct pfloghdr *)p; + if (eflag) + pflog_print(hdr); + af = ntohl(hdr->af); + length -= PFLOG_HDRLEN; + caplen -= PFLOG_HDRLEN; + p += PFLOG_HDRLEN; + switch (af) { + + case OPENBSD_AF_INET: + ip_print(p, length); + break; + +#ifdef INET6 + case OPENBSD_AF_INET6: + ip6_print(p, length); + break; +#endif + + default: + /* address family not handled, print raw packet */ + if (!eflag) + pflog_print(hdr); + if (!xflag && !qflag) + default_print(p, caplen); + } + + if (xflag) + default_print(p, caplen); +out: + putchar('\n'); + --infodelay; + if (infoprint) + info(0); +} diff --git a/tcpdump.c b/tcpdump.c index 46008661..785dce7a 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -30,7 +30,7 @@ static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.173 2001-12-22 22:12:23 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.174 2002-02-05 10:07:40 guy Exp $ (LBL)"; #endif /* @@ -157,6 +157,9 @@ static struct printer printers[] = { #endif #ifdef DLT_LTALK { ltalk_if_print, DLT_LTALK }, +#endif +#ifdef DLT_PFLOG + { pflog_if_print, DLT_PFLOG }, #endif { NULL, 0 }, };