From: Guy Harris Date: Tue, 17 Dec 2024 09:00:52 +0000 (-0800) Subject: pflog: print the ruleset if it's present. X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/b50d26f23956f6f4483a91aa80654c3aeff1620b pflog: print the ruleset if it's present. Do that regardless of whether the subrule is present. Picked up from the OpenBSD tcpdump. --- diff --git a/CHANGES b/CHANGES index fe0d98c3..e125e934 100644 --- a/CHANGES +++ b/CHANGES @@ -148,7 +148,11 @@ Friday, August 30, 2024 / The Tcpdump Group OSPF: Update LS-Ack printing not to run off the end of the packet. OSPF6: Fix an undefined behavior. pflog: use nd_ types in struct pfloghdr. + pflog: print some additional fields from the header (picked up + from the FreeBSD tcpdump). pflog: handle all types of pflog files (as best as can be done) + pflog: print the ruleset if it's present, regardless of whether + the subrule is present (picked up from the OpenBSD tcpdump). PPP: Check if there is some data to hexdump. PPP: Remove an extra colon before LCP Callback Operation. Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397; diff --git a/print-pflog.c b/print-pflog.c index 51b437ee..e65a1ef9 100644 --- a/print-pflog.c +++ b/print-pflog.c @@ -350,13 +350,17 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr) rulenr = GET_BE_U_4(hdr->rulenr); subrulenr = GET_BE_U_4(hdr->subrulenr); - if (subrulenr == (uint32_t)-1) - ND_PRINT("rule %u/", rulenr); - else { - ND_PRINT("rule %u.", rulenr); - nd_printjnp(ndo, (const u_char*)hdr->ruleset, PFLOG_RULESET_NAME_SIZE); - ND_PRINT(".%u/", subrulenr); + ND_PRINT("rule "); + if (rulenr != (uint32_t)-1) { + ND_PRINT("%u", rulenr); + if (hdr->ruleset[0] != '\0') { + ND_PRINT("."); + nd_printjnp(ndo, (const u_char*)hdr->ruleset, PFLOG_RULESET_NAME_SIZE); + } + if (subrulenr != (uint32_t)-1) + ND_PRINT(".%u", subrulenr); } + ND_PRINT("/"); if (length == PFLOG_HEADER_LEN_FREEBSD) ND_PRINT("%s", tok2str(pf_reasons_freebsd, "unkn(%u)", GET_U_1(hdr->reason)));