From Max Laier: check whether the system has <net/pfvar.h> and:
if it does, use that for the pf definitions; if it doesn't, don't compile in pf support; as both OpenBSD and FreeBSD have changed the pf definitions and header format without changing the DLT value, so you can't reliably read pflog-format libpcap files on a machine running an OS version other than the one on which the file was generated.
This commit is contained in:
parent
18341fc1b5
commit
b52473e046
1
CREDITS
1
CREDITS
|
@ -66,6 +66,7 @@ Additional people who have contributed patches:
|
|||
Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>
|
||||
Martin Husemann <martin@netbsd.org>
|
||||
Matthew Luckie <mjl@luckie.org.nz>
|
||||
Max Laier <max@love2party.net>
|
||||
Mike Kershaw <dragorn@kismetwireless.net>
|
||||
Mike Wiacek <mike@iroot.net>
|
||||
Monroe Williams <monroe@pobox.com>
|
||||
|
|
1
FILES
1
FILES
|
@ -109,7 +109,6 @@ pcap-win32.c
|
|||
pcap.3
|
||||
pcap.c
|
||||
pcap.h
|
||||
pf.h
|
||||
ppp.h
|
||||
savefile.c
|
||||
scanner.l
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.19 2007-03-11 04:35:24 guy Exp $ (LBL)
|
||||
@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.20 2007-09-12 19:09:50 guy Exp $ (LBL)
|
||||
|
||||
To build libpcap, run "./configure" (a shell script). The configure
|
||||
script will determine your system attributes and generate an
|
||||
|
@ -385,7 +385,6 @@ pcap-win32.c - WinPcap capture support
|
|||
pcap.3 - manual entry
|
||||
pcap.c - pcap utility routines
|
||||
pcap.h - header for backwards compatibility
|
||||
pf.h - OpenBSD DLT_PFLOG definitions
|
||||
ppp.h - Point to Point Protocol definitions
|
||||
savefile.c - offline support
|
||||
scanner.l - filter string scanner
|
||||
|
|
|
@ -56,6 +56,9 @@
|
|||
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
|
||||
#undef HAVE_NETINET_IF_ETHER_H
|
||||
|
||||
/* Define to 1 if you have the <net/pfvar.h> header file. */
|
||||
#undef HAVE_NET_PFVAR_H
|
||||
|
||||
/* if there's an os_proto.h */
|
||||
#undef HAVE_OS_PROTO_H
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.136 2007-06-15 17:55:50 guy Exp $ (LBL)
|
||||
dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.137 2007-09-12 19:09:50 guy Exp $ (LBL)
|
||||
dnl
|
||||
dnl Copyright (c) 1994, 1995, 1996, 1997
|
||||
dnl The Regents of the University of California. All rights reserved.
|
||||
|
@ -6,7 +6,7 @@ dnl
|
|||
dnl Process this file with autoconf to produce a configure script.
|
||||
dnl
|
||||
|
||||
AC_REVISION($Revision: 1.136 $)
|
||||
AC_REVISION($Revision: 1.137 $)
|
||||
AC_PREREQ(2.50)
|
||||
AC_INIT(pcap.c)
|
||||
|
||||
|
@ -27,6 +27,9 @@ dnl test for it and set "HAVE_SYS_IOCCOM_H" if we have it, otherwise
|
|||
dnl "AC_LBL_FIXINCLUDES" won't work on some platforms such as Solaris.
|
||||
dnl
|
||||
AC_CHECK_HEADERS(sys/ioccom.h sys/sockio.h limits.h paths.h)
|
||||
AC_CHECK_HEADERS(net/pfvar.h, , , [#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <net/if.h>])
|
||||
AC_CHECK_HEADERS(netinet/if_ether.h, , , [#include <sys/types.h>
|
||||
#include <sys/socket.h>])
|
||||
if test "$ac_cv_header_netinet_if_ether_h" != yes; then
|
||||
|
|
66
gencode.c
66
gencode.c
|
@ -21,7 +21,7 @@
|
|||
*/
|
||||
#ifndef lint
|
||||
static const char rcsid[] _U_ =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.285 2007-09-10 20:17:18 hannes Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.286 2007-09-12 19:09:50 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -73,7 +73,12 @@ static const char rcsid[] _U_ =
|
|||
#include "ppp.h"
|
||||
#include "pcap/sll.h"
|
||||
#include "arcnet.h"
|
||||
#include "pf.h"
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
#include <sys/socket.h>
|
||||
#include <net/if.h>
|
||||
#include <net/pfvar.h>
|
||||
#include <net/if_pflog.h>
|
||||
#endif
|
||||
#ifndef offsetof
|
||||
#define offsetof(s, e) ((size_t)&((s *)0)->e)
|
||||
#endif
|
||||
|
@ -1175,12 +1180,13 @@ init_linktype(p)
|
|||
off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
|
||||
return;
|
||||
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
case DLT_PFLOG:
|
||||
off_linktype = 0;
|
||||
/* XXX read this from pf.h? */
|
||||
off_nl = PFLOG_HDRLEN;
|
||||
off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
|
||||
return;
|
||||
#endif
|
||||
|
||||
case DLT_JUNIPER_MFR:
|
||||
case DLT_JUNIPER_MLFR:
|
||||
|
@ -2447,6 +2453,7 @@ gen_linktype(proto)
|
|||
}
|
||||
return (gen_cmp(OR_LINK, 0, BPF_W, (bpf_int32)proto));
|
||||
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
case DLT_PFLOG:
|
||||
/*
|
||||
* af field is host byte order in contrast to the rest of
|
||||
|
@ -2464,6 +2471,7 @@ gen_linktype(proto)
|
|||
return gen_false();
|
||||
/*NOTREACHED*/
|
||||
break;
|
||||
#endif /* HAVE_NET_PFVAR_H */
|
||||
|
||||
case DLT_ARCNET:
|
||||
case DLT_ARCNET_LINUX:
|
||||
|
@ -6397,10 +6405,12 @@ gen_inbound(dir)
|
|||
}
|
||||
break;
|
||||
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
case DLT_PFLOG:
|
||||
b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B,
|
||||
(bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
|
||||
break;
|
||||
#endif
|
||||
|
||||
case DLT_PPP_PPPD:
|
||||
if (dir) {
|
||||
|
@ -6450,6 +6460,7 @@ gen_inbound(dir)
|
|||
return (b0);
|
||||
}
|
||||
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
/* PF firewall log matched interface */
|
||||
struct block *
|
||||
gen_pf_ifname(const char *ifname)
|
||||
|
@ -6557,6 +6568,55 @@ gen_pf_action(int action)
|
|||
(bpf_int32)action);
|
||||
return (b0);
|
||||
}
|
||||
#else /* !HAVE_NET_PFVAR_H */
|
||||
struct block *
|
||||
gen_pf_ifname(const char *ifname)
|
||||
{
|
||||
bpf_error("libpcap was compiled without pf support");
|
||||
/* NOTREACHED */
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
struct block *
|
||||
gen_pf_ruleset(char *ruleset)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/* NOTREACHED */
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
struct block *
|
||||
gen_pf_rnr(int rnr)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/* NOTREACHED */
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
struct block *
|
||||
gen_pf_srnr(int srnr)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/* NOTREACHED */
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
struct block *
|
||||
gen_pf_reason(int reason)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/* NOTREACHED */
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
struct block *
|
||||
gen_pf_action(int action)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/* NOTREACHED */
|
||||
return (NULL);
|
||||
}
|
||||
#endif /* HAVE_NET_PFVAR_H */
|
||||
|
||||
/* IEEE 802.11 wireless header */
|
||||
struct block *
|
||||
|
|
74
grammar.y
74
grammar.y
|
@ -22,7 +22,7 @@
|
|||
*/
|
||||
#ifndef lint
|
||||
static const char rcsid[] _U_ =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.97 2007-06-11 10:04:25 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.98 2007-09-12 19:09:50 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -52,7 +52,11 @@ struct rtentry;
|
|||
#include "pcap-int.h"
|
||||
|
||||
#include "gencode.h"
|
||||
#include "pf.h"
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
#include <net/if.h>
|
||||
#include <net/pfvar.h>
|
||||
#include <net/if_pflog.h>
|
||||
#endif
|
||||
#include "ieee80211.h"
|
||||
#include <pcap/namedb.h>
|
||||
|
||||
|
@ -90,6 +94,50 @@ pcap_parse()
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NET_PFVAR_H
|
||||
static int
|
||||
pfreason_to_num(const char *reason)
|
||||
{
|
||||
const char *reasons[] = PFRES_NAMES;
|
||||
int i;
|
||||
|
||||
for (i = 0; reasons[i]; i++) {
|
||||
if (pcap_strcasecmp(reason, reasons[i]) == 0)
|
||||
return (i);
|
||||
}
|
||||
bpf_error("unknown PF reason");
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
|
||||
static int
|
||||
pfaction_to_num(const char *action)
|
||||
{
|
||||
if (pcap_strcasecmp(action, "pass") == 0 ||
|
||||
pcap_strcasecmp(action, "accept") == 0)
|
||||
return (PF_PASS);
|
||||
else if (pcap_strcasecmp(action, "drop") == 0 ||
|
||||
pcap_strcasecmp(action, "block") == 0)
|
||||
return (PF_DROP);
|
||||
else {
|
||||
bpf_error("unknown PF action");
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
}
|
||||
#else /* !HAVE_NET_PFVAR_H */
|
||||
static int
|
||||
pfreason_to_num(const char *reason)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
|
||||
static int
|
||||
pfaction_to_num(const char *action)
|
||||
{
|
||||
bpf_error("libpcap was compiled on a machine without pf support");
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
#endif /* HAVE_NET_PFVAR_H */
|
||||
%}
|
||||
|
||||
%union {
|
||||
|
@ -443,28 +491,10 @@ type_subtype: ID { const char **sub_names[] = {
|
|||
;
|
||||
|
||||
reason: NUM { $$ = $1; }
|
||||
| ID { const char *reasons[] = PFRES_NAMES;
|
||||
int i;
|
||||
for (i = 0; reasons[i]; i++) {
|
||||
if (pcap_strcasecmp($1, reasons[i]) == 0) {
|
||||
$$ = i;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (reasons[i] == NULL)
|
||||
bpf_error("unknown PF reason");
|
||||
}
|
||||
| ID { $$ = pfreason_to_num($1); }
|
||||
;
|
||||
|
||||
action: ID { if (pcap_strcasecmp($1, "pass") == 0 ||
|
||||
pcap_strcasecmp($1, "accept") == 0)
|
||||
$$ = PF_PASS;
|
||||
else if (pcap_strcasecmp($1, "drop") == 0 ||
|
||||
pcap_strcasecmp($1, "block") == 0)
|
||||
$$ = PF_DROP;
|
||||
else
|
||||
bpf_error("unknown PF action");
|
||||
}
|
||||
action: ID { $$ = pfaction_to_num($1); }
|
||||
;
|
||||
|
||||
relop: '>' { $$ = BPF_JGT; }
|
||||
|
|
77
pf.h
77
pf.h
|
@ -1,77 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2001 Daniel Hartmeier
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* - Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/Attic/pf.h,v 1.3 2004-04-02 06:33:30 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
/* from $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
|
||||
|
||||
enum { PF_INOUT=0, PF_IN=1, PF_OUT=2 };
|
||||
enum { PF_PASS=0, PF_DROP=1, PF_SCRUB=2, PF_NAT=3, PF_NONAT=4,
|
||||
PF_BINAT=5, PF_NOBINAT=6, PF_RDR=7, PF_NORDR=8, PF_SYNPROXY_DROP=9 };
|
||||
|
||||
/* Reasons code for passing/dropping a packet */
|
||||
#define PFRES_MATCH 0 /* Explicit match of a rule */
|
||||
#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */
|
||||
#define PFRES_FRAG 2 /* Dropping following fragment */
|
||||
#define PFRES_SHORT 3 /* Dropping short packet */
|
||||
#define PFRES_NORM 4 /* Dropping by normalizer */
|
||||
#define PFRES_MEMORY 5 /* Dropped due to lacking mem */
|
||||
#define PFRES_MAX 6 /* total+1 */
|
||||
|
||||
#define PFRES_NAMES { \
|
||||
"match", \
|
||||
"bad-offset", \
|
||||
"fragment", \
|
||||
"short", \
|
||||
"normalize", \
|
||||
"memory", \
|
||||
NULL \
|
||||
}
|
||||
|
||||
#define PF_RULESET_NAME_SIZE 16
|
||||
|
||||
/* from $OpenBSD: if_pflog.h,v 1.9 2003/07/15 20:27:27 dhartmei Exp $ */
|
||||
|
||||
#ifndef IFNAMSIZ
|
||||
#define IFNAMSIZ 16
|
||||
#endif
|
||||
|
||||
struct pfloghdr {
|
||||
u_int8_t length;
|
||||
u_int8_t af;
|
||||
u_int8_t action;
|
||||
u_int8_t reason;
|
||||
char ifname[IFNAMSIZ];
|
||||
char ruleset[PF_RULESET_NAME_SIZE];
|
||||
u_int32_t rulenr;
|
||||
u_int32_t subrulenr;
|
||||
u_int8_t dir;
|
||||
u_int8_t pad[3];
|
||||
};
|
||||
#define PFLOG_HDRLEN sizeof(struct pfloghdr)
|
Reference in New Issue