Add support for OpenBSD DLT_PFLOG.

Get rid of bogus newline in BPF error string.
2003-03-11 06:23:52 +00:00 · 2003-03-11 06:23:52 +00:00 · 23d8b7205b
parent d5c3be9ab6
commit 23d8b7205b
11 changed files with 199 additions and 19 deletions
--- a/1
+++ b/1
@ -67,6 +67,7 @@ pcap-win32.c
 pcap.3
 pcap.c
 pcap.h
+pf.h
 ppp.h
 savefile.c
 scanner.l
--- a/INSTALL.txt
+++ b/INSTALL.txt
@ -1,4 +1,4 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.4 2002-07-16 05:03:34 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.5 2003-03-11 06:23:52 guy Exp $ (LBL)

 To build libpcap, run "./configure" (a shell script). The configure
 script will determine your system attributes and generate an
@ -349,6 +349,7 @@ pcap-snoop.c	- IRIX Snoop network monitoring support
 pcap.3		- manual entry
 pcap.c		- pcap utility routines
 pcap.h		- public libpcap definitions
+pf.h		- OpenBSD DLT_PFLOG definitions
 ppp.h		- Point to Point Protocol definitions
 savefile.c	- offline support
 scanner.l	- filter string scanner
--- a/gencode.c
+++ b/gencode.c
@ -21,7 +21,7 @@
 */
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.188 2003-03-08 08:42:13 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.189 2003-03-11 06:23:52 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -70,6 +70,7 @@ static const char rcsid[] =
 #include "ppp.h"
 #include "sll.h"
 #include "arcnet.h"
+#include "pf.h"
 #ifdef INET6
 #ifndef WIN32
 #include <netdb.h>	/* for "struct addrinfo" */
@ -744,6 +745,12 @@ init_linktype(type)
 		off_nl_nosnap = 12;	/* no 802.2 LLC */
 		return;

+	case DLT_PFLOG:
+		off_linktype = 0;
+		off_nl = 28;
+		off_nl_nosnap = 28;	/* no 802.2 LLC */
+		return;
+
 	case DLT_PPP:
 	case DLT_C_HDLC:		/* BSD/OS Cisco HDLC */
 	case DLT_PPP_SERIAL:		/* NetBSD sync/async serial PPP */
@ -1530,6 +1537,7 @@ gen_linktype(proto)
 	case DLT_NULL:
 	case DLT_LOOP:
 	case DLT_ENC:
+	case DLT_PFLOG:
 		/*
 		 * For DLT_NULL, the link-layer header is a 32-bit
 		 * word containing an AF_ value in *host* byte order,
@ -1551,6 +1559,8 @@ gen_linktype(proto)
 		 * This means that, when reading a capture file, just
 		 * checking for our AF_INET6 value won't work if the
 		 * capture file came from another OS.
+		 *
+		 * XXX - what's the byte order for DLT_PFLOG?
 		 */
 		switch (proto) {

@ -4943,8 +4953,13 @@ gen_inbound(dir)
 		}
 		break;

+	case DLT_PFLOG:
+		b0 = gen_cmp(26, BPF_H,
+		    (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
+		break;
+
 	default:
-		bpf_error("inbound/outbound not supported on linktype %d\n",
+		bpf_error("inbound/outbound not supported on linktype %d",
 		    linktype);
 		b0 = NULL;
 		/* NOTREACHED */
@ -4952,6 +4967,58 @@ gen_inbound(dir)
 	return (b0);
 }

+/* PF firewall log matched interface */
+struct block *
+gen_pf_ifname(char *ifname)
+{
+	if (linktype != DLT_PFLOG) {
+		bpf_error("ifname supported only for DLT_PFLOG");
+		/* NOTREACHED */
+	}
+	if (strlen(ifname) >= 16) {
+		bpf_error("ifname interface names can't be larger than 16 characters");
+		/* NOTREACHED */
+	}
+	return (gen_bcmp(4, strlen(ifname), ifname));
+}
+
+
+/* PF firewall log rule number */
+struct block *
+gen_pf_rnr(int rnr)
+{
+	if (linktype != DLT_PFLOG) {
+		bpf_error("rnr supported only for DLT_PFLOG");
+		/* NOTREACHED */
+	}
+
+	return (gen_cmp(20, BPF_H, (bpf_int32)rnr));
+}
+
+/* PF firewall log reason code */
+struct block *
+gen_pf_reason(int reason)
+{
+	if (linktype != DLT_PFLOG) {
+		bpf_error("reason supported only for DLT_PFLOG");
+		/* NOTREACHED */
+	}
+
+	return (gen_cmp(22, BPF_H, (bpf_int32)reason));
+}
+
+/* PF firewall log action */
+struct block *
+gen_pf_action(int action)
+{
+	if (linktype != DLT_PFLOG) {
+		bpf_error("action supported only for DLT_PFLOG");
+		/* NOTREACHED */
+	}
+
+	return (gen_cmp(24, BPF_H, (bpf_int32)action));
+}
+
 struct block *
 gen_acode(eaddr, q)
 	register const u_char *eaddr;
--- a/gencode.h
+++ b/gencode.h
@ -18,7 +18,7 @@
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.56 2002-12-06 00:01:34 hannes Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.57 2003-03-11 06:23:53 guy Exp $ (LBL)
 */

 /*
@ -278,6 +278,12 @@ struct block *gen_atmfield_code(int atmfield, bpf_u_int32 jvalue, bpf_u_int32 jt
 struct block *gen_atmtype_abbrev(int type);
 struct block *gen_atmmulti_abbrev(int type);

+struct block *gen_pf_ifname(char *);
+struct block *gen_pf_rnr(int);
+struct block *gen_pf_reason(int);
+struct block *gen_pf_action(int);
+struct block *gen_pf_dir(int);
+
 void bpf_optimize(struct block **);
 void bpf_error(const char *, ...)
 #if HAVE___ATTRIBUTE__
--- a/grammar.y
+++ b/grammar.y
@ -22,7 +22,7 @@
 */
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.78 2002-12-06 00:01:34 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.79 2003-03-11 06:23:53 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -53,6 +53,7 @@ struct rtentry;
 #include "pcap-int.h"

 #include "gencode.h"
+#include "pf.h"
 #include <pcap-namedb.h>

 #ifdef HAVE_OS_PROTO_H
@ -108,7 +109,7 @@ pcap_parse()
 %type	<a>	arth narth
 %type	<i>	byteop pname pnum relop irelop
 %type	<blk>	and or paren not null prog
-%type	<rblk>	other
+%type	<rblk>	other pfvar
 %type	<i>	atmtype atmmultitype
 %type	<blk>	atmfield
 %type	<blk>	atmfieldvalue atmvalue atmlistvalue
@ -119,6 +120,7 @@ pcap_parse()
 %token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
+%token  PF_IFNAME PF_RNR PF_REASON PF_ACTION
 %token  LINK
 %token	GEQ LEQ NEQ
 %token	ID EID HID HID6 AID
@ -138,7 +140,7 @@ pcap_parse()
 %type	<e> EID
 %type	<e> AID
 %type	<s> HID HID6
-%type	<i> NUM
+%type	<i> NUM action reason

 %left OR AND
 %nonassoc  '!'
@ -321,7 +323,40 @@ other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| OUTBOUND		{ $$ = gen_inbound(1); }
 	| VLAN pnum		{ $$ = gen_vlan($2); }
 	| VLAN			{ $$ = gen_vlan(-1); }
+	| pfvar			{ $$ = $1; }
 	;
+
+pfvar:	  PF_IFNAME ID		{ $$ = gen_pf_ifname($2); }
+	| PF_RNR NUM		{ $$ = gen_pf_rnr($2); }
+	| PF_REASON reason	{ $$ = gen_pf_reason($2); }
+	| PF_ACTION action	{ $$ = gen_pf_action($2); }
+	;
+
+reason:	  NUM			{ $$ = $1; }
+	| ID			{ const char *reasons[] = PFRES_NAMES;
+				  int i;
+				  for (i = 0; reasons[i]; i++) {
+					  if (pcap_strcasecmp($1, reasons[i]) == 0) {
+						  $$ = i;
+						  break;
+					  }
+				  }
+				  if (reasons[i] == NULL)
+					  bpf_error("unknown PF reason");
+				}
+	;
+
+action:	  ID			{ if (pcap_strcasecmp($1, "pass") == 0 ||
+				      pcap_strcasecmp($1, "accept") == 0)
+					$$ = PF_PASS;
+				  else if (pcap_strcasecmp($1, "drop") == 0 ||
+				      pcap_strcasecmp($1, "block") == 0)
+					$$ = PF_DROP;
+				  else
+					  bpf_error("unknown PF action");
+				}
+	;
+
 relop:	  '>'			{ $$ = BPF_JGT; }
 	| GEQ			{ $$ = BPF_JGE; }
 	| '='			{ $$ = BPF_JEQ; }
--- a/pcap-bpf.h
+++ b/pcap-bpf.h
@ -37,7 +37,7 @@
 *
 *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.5 2003-03-08 09:21:37 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.6 2003-03-11 06:23:53 guy Exp $ (LBL)
 */

 /*
@ -158,6 +158,10 @@ struct bpf_version {
 #define DLT_PPP_BSDOS	16	/* BSD/OS Point-to-point Protocol */
 #endif

+/*
+ * 17 is used for DLT_PFLOG in OpenBSD; don't use it for anything else.
+ */
+
 #define DLT_ATM_CLIP	19	/* Linux Classical-IP over ATM */

 /*
@ -258,12 +262,14 @@ struct bpf_version {
 #define DLT_IPFILTER	116

 /*
- * Reserved for use in capture-file headers as a link-layer type
- * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
- * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
- * in capture-file headers.
+ * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023
+ * in SuSE 6.3, so we can't use 17 for it in capture-file headers.
 */
+#ifdef __OpenBSD__
+#define DLT_PFLOG	17
+#else
 #define DLT_PFLOG	117
+#endif

 /*
 * Registered for Cisco-internal use.
@ -271,7 +277,7 @@ struct bpf_version {
 #define DLT_CISCO_IOS	118

 /*
- * Reserved for 802.11 cards using the Prism II chips, with a link-layer
+ * For 802.11 cards using the Prism II chips, with a link-layer
 * header including Prism monitor mode information plus an 802.11
 * header.
 */
--- a/pcap-int.h
+++ b/pcap-int.h
@ -30,7 +30,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.43 2002-12-28 00:44:04 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.44 2003-03-11 06:23:54 guy Exp $ (LBL)
 */

 #ifndef pcap_int_h
@ -211,6 +211,8 @@ int sf_next_packet(pcap_t *, struct pcap_pkthdr *, u_char *, int);
 	 strlen((y)))
 #endif

+int	pcap_strcasecmp(const char *, const char *);
+
 /*
 * Internal interface for "pcap_set_datalink()".  Attempts to set the
 * link-layer type to the specified type; if that fails, returns -1.
--- a/pcap.c
+++ b/pcap.c
@ -33,7 +33,7 @@

 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.49 2003-02-13 07:54:59 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.50 2003-03-11 06:23:54 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -313,7 +313,7 @@ static const u_char charmap[] = {
 	(u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
 };

-static int
+int
 pcap_strcasecmp(const char *s1, const char *s2)
 {
 	register const u_char	*cm = charmap,
--- a/pf.h
+++ b/pf.h
@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2001 Daniel Hartmeier
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *    - Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer. 
+ *    - Redistributions in binary form must reproduce the above
+ *      copyright notice, this list of conditions and the following
+ *      disclaimer in the documentation and/or other materials provided
+ *      with the distribution. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * @(#) $Header: /tcpdump/master/libpcap/Attic/pf.h,v 1.1 2003-03-11 06:23:54 guy Exp $ (LBL)
+ */
+
+/*	from $OpenBSD: pfvar.h,v 1.61 2002/01/11 20:13:11 mickey Exp $ */
+
+enum	{ PF_IN=0, PF_OUT=1 };
+enum	{ PF_PASS=0, PF_DROP=1, PF_SCRUB=2 };
+
+/* Reasons code for passing/dropping a packet */
+#define PFRES_MATCH	0		/* Explicit match of a rule */
+#define PFRES_BADOFF	1		/* Bad offset for pull_hdr */
+#define PFRES_FRAG	2		/* Dropping following fragment */
+#define PFRES_SHORT	3		/* Dropping short packet */
+#define PFRES_NORM	4		/* Dropping by normalizer */
+#define PFRES_MEMORY	5		/* Dropped due to lacking mem */
+#define PFRES_MAX	6		/* total+1 */
+
+#define PFRES_NAMES { \
+	"match", \
+	"bad-offset", \
+	"fragment", \
+	"short", \
+	"normalize", \
+	"memory", \
+	NULL \
+}
--- a/savefile.c
+++ b/savefile.c
@ -30,7 +30,7 @@

 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.77 2003-03-08 08:42:14 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.78 2003-03-11 06:23:55 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -162,6 +162,7 @@ static const char rcsid[] =
 #define LINKTYPE_LTALK		114		/* Apple LocalTalk hardware */
 #define LINKTYPE_ECONET		115		/* Acorn Econet */

+#define LINKTYPE_PFLOG		117		/* OpenBSD DLT_PFLOG */
 #define LINKTYPE_CISCO_IOS	118		/* For Cisco-internal use */
 #define LINKTYPE_PRISM_HEADER	119		/* 802.11+Prism II monitor mode */
 #define LINKTYPE_AIRONET_HEADER	120		/* FreeBSD Aironet driver stuff */
@ -189,7 +190,6 @@ static const char rcsid[] =
 #define LINKTYPE_HIPPI		111		/* NetBSD HIPPI */
 #define LINKTYPE_HDLC		112		/* NetBSD HDLC framing */
 #define LINKTYPE_IPFILTER	116		/* IP Filter capture files */
-#define LINKTYPE_PFLOG		117		/* OpenBSD DLT_PFLOG */
 #define LINKTYPE_HHDLC		121		/* Siemens HiPath HDLC */
 #define LINKTYPE_RIO		124		/* RapidIO */
 #define LINKTYPE_PCI_EXP	125		/* PCI Express */
@ -267,6 +267,9 @@ static struct linktype_map {
 	/* Acorn Econet */
 	{ DLT_ECONET,		LINKTYPE_ECONET },

+	/* OpenBSD DLT_PFLOG */
+	{ DLT_PFLOG,		LINKTYPE_PFLOG },
+
 	/* For Cisco-internal use */
 	{ DLT_CISCO_IOS,	LINKTYPE_CISCO_IOS },

--- a/scanner.l
+++ b/scanner.l
@ -22,7 +22,7 @@

 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.93 2003-03-08 05:53:11 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.94 2003-03-11 06:23:55 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -276,6 +276,11 @@ vci		return VCI;
 connectmsg	return CONNECTMSG;
 metaconnect	return METACONNECT;

+on|ifname	return PF_IFNAME;
+rnr|rulenum	return PF_RNR;
+reason		return PF_REASON;
+action		return PF_ACTION;
+
 [ \r\n\t]		;
 [+\-*/:\[\]!<>()&|=]	return yytext[0];
 ">="			return GEQ;