[dragonfly.git] / contrib / tcpdump / print-pflog.c

/*
 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that: (1) source code distributions
 * retain the above copyright notice and this paragraph in its entirety, (2)
 * distributions including binary code include the above copyright notice and
 * this paragraph in its entirety in the documentation or other materials
 * provided with the distribution, and (3) all advertising materials mentioning
 * features or use of this software display the following acknowledgement:
 * ``This product includes software developed by the University of California,
 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
 * the University nor the names of its contributors may be used to endorse
 * or promote products derived from this software without specific prior
 * written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#ifndef lint
static const char rcsid[] _U_ =
    "@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.13.2.4 2007/09/13 17:18:10 gianluca Exp $ (LBL)";
#endif

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifndef HAVE_NET_PFVAR_H
#error "No pf headers available"
#endif

#include <sys/types.h>
#ifndef WIN32
#include <sys/socket.h>
#endif
#include <net/if.h>
#include <net/pfvar.h>
#include <net/if_pflog.h>


#include <tcpdump-stdinc.h>

#include <stdio.h>
#include <pcap.h>

#include "interface.h"
#include "addrtoname.h"

static struct tok pf_reasons[] = {
	{ 0,	"0(match)" },
	{ 1,	"1(bad-offset)" },
	{ 2,	"2(fragment)" },
	{ 3,	"3(short)" },
	{ 4,	"4(normalize)" },
	{ 5,	"5(memory)" },
	{ 6,	"6(bad-timestamp)" },
	{ 7,	"7(congestion)" },
	{ 8,	"8(ip-option)" },
	{ 9,	"9(proto-cksum)" },
	{ 10,	"10(state-mismatch)" },
	{ 11,	"11(state-insert)" },
	{ 12,	"12(state-limit)" },
	{ 13,	"13(src-limit)" },
	{ 14,	"14(synproxy)" },
	{ 0,	NULL }
};

static struct tok pf_actions[] = {
	{ PF_PASS,		"pass" },
	{ PF_DROP,		"block" },
	{ PF_SCRUB,		"scrub" },
	{ PF_NAT,		"nat" },
	{ PF_NONAT,		"nat" },
	{ PF_BINAT,		"binat" },
	{ PF_NOBINAT,		"binat" },
	{ PF_RDR,		"rdr" },
	{ PF_NORDR,		"rdr" },
	{ PF_SYNPROXY_DROP,	"synproxy-drop" },
	{ 0,			NULL }
};

static struct tok pf_directions[] = {
	{ PF_INOUT,	"in/out" },
	{ PF_IN,	"in" },
	{ PF_OUT,	"out" },
	{ 0,		NULL }
};

/* For reading capture files on other systems */
#define	OPENBSD_AF_INET		2
#define	OPENBSD_AF_INET6	24

static void
pflog_print(const struct pfloghdr *hdr)
{
	u_int32_t rulenr, subrulenr;

	rulenr = ntohl(hdr->rulenr);
	subrulenr = ntohl(hdr->subrulenr);
	if (subrulenr == (u_int32_t)-1)
		printf("rule %u/", rulenr);
	else
		printf("rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr);

	printf("%s: %s %s on %s: ",
	    tok2str(pf_reasons, "unkn(%u)", hdr->reason),
	    tok2str(pf_actions, "unkn(%u)", hdr->action),
	    tok2str(pf_directions, "unkn(%u)", hdr->dir),
	    hdr->ifname);
}

u_int
pflog_if_print(const struct pcap_pkthdr *h, register const u_char *p)
{
	u_int length = h->len;
	u_int hdrlen;
	u_int caplen = h->caplen;
	const struct pfloghdr *hdr;
	u_int8_t af;

	/* check length */
	if (caplen < sizeof(u_int8_t)) {
		printf("[|pflog]");
		return (caplen);
	}

#define MIN_PFLOG_HDRLEN	45
	hdr = (struct pfloghdr *)p;
	if (hdr->length < MIN_PFLOG_HDRLEN) {
		printf("[pflog: invalid header length!]");
		return (hdr->length);	/* XXX: not really */
	}
	hdrlen = BPF_WORDALIGN(hdr->length);

	if (caplen < hdrlen) {
		printf("[|pflog]");
		return (hdrlen);	/* XXX: true? */
	}

	/* print what we know */
	hdr = (struct pfloghdr *)p;
	TCHECK(*hdr);
	if (eflag)
		pflog_print(hdr);
	
	/* skip to the real packet */
	af = hdr->af;
	length -= hdrlen;
	caplen -= hdrlen;
	p += hdrlen;
	switch (af) {

		case AF_INET:
#if OPENBSD_AF_INET != AF_INET
		case OPENBSD_AF_INET:		/* XXX: read pcap files */
#endif
		        ip_print(gndo, p, length);
			break;

#ifdef INET6
		case AF_INET6:
#if OPENBSD_AF_INET6 != AF_INET6
		case OPENBSD_AF_INET6:		/* XXX: read pcap files */
#endif
			ip6_print(p, length);
			break;
#endif

	default:
		/* address family not handled, print raw packet */
		if (!eflag)
			pflog_print(hdr);
		if (!suppress_default_print)
			default_print(p, caplen);
	}
	
	return (hdrlen);
trunc:
	printf("[|pflog]");
	return (hdrlen);
}

/*
 * Local Variables:
 * c-style: whitesmith
 * c-basic-offset: 8
 * End:
 */
Commit	Line	Data
c8cf0f94 PA	1	/*
	2	* Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
	3	* The Regents of the University of California. All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that: (1) source code distributions
	7	* retain the above copyright notice and this paragraph in its entirety, (2)
	8	* distributions including binary code include the above copyright notice and
	9	* this paragraph in its entirety in the documentation or other materials
	10	* provided with the distribution, and (3) all advertising materials mentioning
	11	* features or use of this software display the following acknowledgement:
	12	* ``This product includes software developed by the University of California,
	13	* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
	14	* the University nor the names of its contributors may be used to endorse
	15	* or promote products derived from this software without specific prior
	16	* written permission.
	17	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
	18	* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
	19	* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
	20	*/
	21
	22	#ifndef lint
	23	static const char rcsid[] _U_ =
825e8fa1	24	"@(#) $Header: /tcpdump/master/tcpdump/print-pflog.c,v 1.13.2.4 2007/09/13 17:18:10 gianluca Exp $ (LBL)";
c8cf0f94 PA	25	#endif
	26
	27	#ifdef HAVE_CONFIG_H
	28	#include "config.h"
	29	#endif
	30
825e8fa1 PA	31	#ifndef HAVE_NET_PFVAR_H
	32	#error "No pf headers available"
	33	#endif
	34
	35	#include <sys/types.h>
	36	#ifndef WIN32
	37	#include <sys/socket.h>
	38	#endif
	39	#include <net/if.h>
	40	#include <net/pfvar.h>
	41	#include <net/if_pflog.h>
	42
	43
	44
c8cf0f94 PA	45	#include <tcpdump-stdinc.h>
	46
	47	#include <stdio.h>
	48	#include <pcap.h>
	49
	50	#include "interface.h"
	51	#include "addrtoname.h"
c8cf0f94 PA	52
	53	static struct tok pf_reasons[] = {
	54	{ 0, "0(match)" },
	55	{ 1, "1(bad-offset)" },
	56	{ 2, "2(fragment)" },
	57	{ 3, "3(short)" },
	58	{ 4, "4(normalize)" },
	59	{ 5, "5(memory)" },
66170f0a PA	60	{ 6, "6(bad-timestamp)" },
	61	{ 7, "7(congestion)" },
	62	{ 8, "8(ip-option)" },
	63	{ 9, "9(proto-cksum)" },
	64	{ 10, "10(state-mismatch)" },
	65	{ 11, "11(state-insert)" },
	66	{ 12, "12(state-limit)" },
	67	{ 13, "13(src-limit)" },
	68	{ 14, "14(synproxy)" },
c8cf0f94 PA	69	{ 0, NULL }
	70	};
	71
	72	static struct tok pf_actions[] = {
	73	{ PF_PASS, "pass" },
	74	{ PF_DROP, "block" },
	75	{ PF_SCRUB, "scrub" },
	76	{ PF_NAT, "nat" },
	77	{ PF_NONAT, "nat" },
	78	{ PF_BINAT, "binat" },
	79	{ PF_NOBINAT, "binat" },
	80	{ PF_RDR, "rdr" },
	81	{ PF_NORDR, "rdr" },
	82	{ PF_SYNPROXY_DROP, "synproxy-drop" },
	83	{ 0, NULL }
	84	};
	85
	86	static struct tok pf_directions[] = {
	87	{ PF_INOUT, "in/out" },
	88	{ PF_IN, "in" },
	89	{ PF_OUT, "out" },
	90	{ 0, NULL }
	91	};
	92
	93	/* For reading capture files on other systems */
	94	#define OPENBSD_AF_INET 2
	95	#define OPENBSD_AF_INET6 24
	96
	97	static void
	98	pflog_print(const struct pfloghdr *hdr)
	99	{
	100	u_int32_t rulenr, subrulenr;
	101
	102	rulenr = ntohl(hdr->rulenr);
	103	subrulenr = ntohl(hdr->subrulenr);
	104	if (subrulenr == (u_int32_t)-1)
	105	printf("rule %u/", rulenr);
	106	else
	107	printf("rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr);
	108
	109	printf("%s: %s %s on %s: ",
	110	tok2str(pf_reasons, "unkn(%u)", hdr->reason),
	111	tok2str(pf_actions, "unkn(%u)", hdr->action),
	112	tok2str(pf_directions, "unkn(%u)", hdr->dir),
	113	hdr->ifname);
	114	}
	115
	116	u_int
	117	pflog_if_print(const struct pcap_pkthdr h, register const u_char p)
	118	{
	119	u_int length = h->len;
	120	u_int hdrlen;
	121	u_int caplen = h->caplen;
	122	const struct pfloghdr *hdr;
	123	u_int8_t af;
	124
	125	/* check length */
	126	if (caplen < sizeof(u_int8_t)) {
	127	printf("[\|pflog]");
	128	return (caplen);
	129	}
	130
	131	#define MIN_PFLOG_HDRLEN 45
	132	hdr = (struct pfloghdr *)p;
133	if (hdr->length < MIN_PFLOG_HDRLEN) {
134	printf("[pflog: invalid header length!]");
135	return (hdr->length); /* XXX: not really */
136	}
137	hdrlen = BPF_WORDALIGN(hdr->length);
138
139	if (caplen < hdrlen) {
140	printf("[\|pflog]");
141	return (hdrlen); /* XXX: true? */
142	}
143
144	/* print what we know */
145	hdr = (struct pfloghdr *)p;
146	TCHECK(*hdr);
147	if (eflag)
148	pflog_print(hdr);
149
150	/* skip to the real packet */
151	af = hdr->af;
152	length -= hdrlen;
153	caplen -= hdrlen;
154	p += hdrlen;
155	switch (af) {
156
157	case AF_INET:
158	#if OPENBSD_AF_INET != AF_INET
159	case OPENBSD_AF_INET: /* XXX: read pcap files */
160	#endif
161	ip_print(gndo, p, length);
162	break;
163
164	#ifdef INET6
165	case AF_INET6:
166	#if OPENBSD_AF_INET6 != AF_INET6
167	case OPENBSD_AF_INET6: /* XXX: read pcap files */
168	#endif
169	ip6_print(p, length);
170	break;
171	#endif
172
173	default:
174	/* address family not handled, print raw packet */
175	if (!eflag)
176	pflog_print(hdr);
177	if (!suppress_default_print)
178	default_print(p, caplen);
179	}
180
181	return (hdrlen);
182	trunc:
183	printf("[\|pflog]");
184	return (hdrlen);
185	}
186
187	/*
188	* Local Variables:
189	* c-style: whitesmith
190	* c-basic-offset: 8
191	* End:
192	*/