Move tcpdump-3.9/ to tcpdump/. No need for a versioned dir.
[dragonfly.git] / contrib / tcpdump / print-pflog.c
CommitLineData
c8cf0f94
PA
1/*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22#ifndef lint
23static const char rcsid[] _U_ =
825e8fa1 24 "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.13.2.4 2007/09/13 17:18:10 gianluca Exp $ (LBL)";
c8cf0f94
PA
25#endif
26
27#ifdef HAVE_CONFIG_H
28#include "config.h"
29#endif
30
825e8fa1
PA
31#ifndef HAVE_NET_PFVAR_H
32#error "No pf headers available"
33#endif
34
35#include <sys/types.h>
36#ifndef WIN32
37#include <sys/socket.h>
38#endif
39#include <net/if.h>
40#include <net/pfvar.h>
41#include <net/if_pflog.h>
42
43
44
c8cf0f94
PA
45#include <tcpdump-stdinc.h>
46
47#include <stdio.h>
48#include <pcap.h>
49
50#include "interface.h"
51#include "addrtoname.h"
c8cf0f94
PA
52
53static struct tok pf_reasons[] = {
54 { 0, "0(match)" },
55 { 1, "1(bad-offset)" },
56 { 2, "2(fragment)" },
57 { 3, "3(short)" },
58 { 4, "4(normalize)" },
59 { 5, "5(memory)" },
66170f0a
PA
60 { 6, "6(bad-timestamp)" },
61 { 7, "7(congestion)" },
62 { 8, "8(ip-option)" },
63 { 9, "9(proto-cksum)" },
64 { 10, "10(state-mismatch)" },
65 { 11, "11(state-insert)" },
66 { 12, "12(state-limit)" },
67 { 13, "13(src-limit)" },
68 { 14, "14(synproxy)" },
c8cf0f94
PA
69 { 0, NULL }
70};
71
72static struct tok pf_actions[] = {
73 { PF_PASS, "pass" },
74 { PF_DROP, "block" },
75 { PF_SCRUB, "scrub" },
76 { PF_NAT, "nat" },
77 { PF_NONAT, "nat" },
78 { PF_BINAT, "binat" },
79 { PF_NOBINAT, "binat" },
80 { PF_RDR, "rdr" },
81 { PF_NORDR, "rdr" },
82 { PF_SYNPROXY_DROP, "synproxy-drop" },
83 { 0, NULL }
84};
85
86static struct tok pf_directions[] = {
87 { PF_INOUT, "in/out" },
88 { PF_IN, "in" },
89 { PF_OUT, "out" },
90 { 0, NULL }
91};
92
93/* For reading capture files on other systems */
94#define OPENBSD_AF_INET 2
95#define OPENBSD_AF_INET6 24
96
97static void
98pflog_print(const struct pfloghdr *hdr)
99{
100 u_int32_t rulenr, subrulenr;
101
102 rulenr = ntohl(hdr->rulenr);
103 subrulenr = ntohl(hdr->subrulenr);
104 if (subrulenr == (u_int32_t)-1)
105 printf("rule %u/", rulenr);
106 else
107 printf("rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr);
108
109 printf("%s: %s %s on %s: ",
110 tok2str(pf_reasons, "unkn(%u)", hdr->reason),
111 tok2str(pf_actions, "unkn(%u)", hdr->action),
112 tok2str(pf_directions, "unkn(%u)", hdr->dir),
113 hdr->ifname);
114}
115
116u_int
117pflog_if_print(const struct pcap_pkthdr *h, register const u_char *p)
118{
119 u_int length = h->len;
120 u_int hdrlen;
121 u_int caplen = h->caplen;
122 const struct pfloghdr *hdr;
123 u_int8_t af;
124
125 /* check length */
126 if (caplen < sizeof(u_int8_t)) {
127 printf("[|pflog]");
128 return (caplen);
129 }
130
131#define MIN_PFLOG_HDRLEN 45
132 hdr = (struct pfloghdr *)p;
133 if (hdr->length < MIN_PFLOG_HDRLEN) {
134 printf("[pflog: invalid header length!]");
135 return (hdr->length); /* XXX: not really */
136 }
137 hdrlen = BPF_WORDALIGN(hdr->length);
138
139 if (caplen < hdrlen) {
140 printf("[|pflog]");
141 return (hdrlen); /* XXX: true? */
142 }
143
144 /* print what we know */
145 hdr = (struct pfloghdr *)p;
146 TCHECK(*hdr);
147 if (eflag)
148 pflog_print(hdr);
149
150 /* skip to the real packet */
151 af = hdr->af;
152 length -= hdrlen;
153 caplen -= hdrlen;
154 p += hdrlen;
155 switch (af) {
156
157 case AF_INET:
158#if OPENBSD_AF_INET != AF_INET
159 case OPENBSD_AF_INET: /* XXX: read pcap files */
160#endif
161 ip_print(gndo, p, length);
162 break;
163
164#ifdef INET6
165 case AF_INET6:
166#if OPENBSD_AF_INET6 != AF_INET6
167 case OPENBSD_AF_INET6: /* XXX: read pcap files */
168#endif
169 ip6_print(p, length);
170 break;
171#endif
172
173 default:
174 /* address family not handled, print raw packet */
175 if (!eflag)
176 pflog_print(hdr);
177 if (!suppress_default_print)
178 default_print(p, caplen);
179 }
180
181 return (hdrlen);
182trunc:
183 printf("[|pflog]");
184 return (hdrlen);
185}
186
187/*
188 * Local Variables:
189 * c-style: whitesmith
190 * c-basic-offset: 8
191 * End:
192 */