dect
/
libpcap
Archived
13
0
Fork 0

From Max Laier: check whether the system has <net/pfvar.h> and:

if it does, use that for the pf definitions;

	if it doesn't, don't compile in pf support;

as both OpenBSD and FreeBSD have changed the pf definitions and header
format without changing the DLT value, so you can't reliably read
pflog-format libpcap files on a machine running an OS version other than
the one on which the file was generated.
This commit is contained in:
guy 2007-09-12 19:09:49 +00:00
parent 18341fc1b5
commit b52473e046
9 changed files with 3615 additions and 3232 deletions

View File

@ -66,6 +66,7 @@ Additional people who have contributed patches:
Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>
Martin Husemann <martin@netbsd.org>
Matthew Luckie <mjl@luckie.org.nz>
Max Laier <max@love2party.net>
Mike Kershaw <dragorn@kismetwireless.net>
Mike Wiacek <mike@iroot.net>
Monroe Williams <monroe@pobox.com>

1
FILES
View File

@ -109,7 +109,6 @@ pcap-win32.c
pcap.3
pcap.c
pcap.h
pf.h
ppp.h
savefile.c
scanner.l

View File

@ -1,4 +1,4 @@
@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.19 2007-03-11 04:35:24 guy Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.20 2007-09-12 19:09:50 guy Exp $ (LBL)
To build libpcap, run "./configure" (a shell script). The configure
script will determine your system attributes and generate an
@ -385,7 +385,6 @@ pcap-win32.c - WinPcap capture support
pcap.3 - manual entry
pcap.c - pcap utility routines
pcap.h - header for backwards compatibility
pf.h - OpenBSD DLT_PFLOG definitions
ppp.h - Point to Point Protocol definitions
savefile.c - offline support
scanner.l - filter string scanner

View File

@ -56,6 +56,9 @@
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
#undef HAVE_NETINET_IF_ETHER_H
/* Define to 1 if you have the <net/pfvar.h> header file. */
#undef HAVE_NET_PFVAR_H
/* if there's an os_proto.h */
#undef HAVE_OS_PROTO_H

6615
configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -1,4 +1,4 @@
dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.136 2007-06-15 17:55:50 guy Exp $ (LBL)
dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.137 2007-09-12 19:09:50 guy Exp $ (LBL)
dnl
dnl Copyright (c) 1994, 1995, 1996, 1997
dnl The Regents of the University of California. All rights reserved.
@ -6,7 +6,7 @@ dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_REVISION($Revision: 1.136 $)
AC_REVISION($Revision: 1.137 $)
AC_PREREQ(2.50)
AC_INIT(pcap.c)
@ -27,6 +27,9 @@ dnl test for it and set "HAVE_SYS_IOCCOM_H" if we have it, otherwise
dnl "AC_LBL_FIXINCLUDES" won't work on some platforms such as Solaris.
dnl
AC_CHECK_HEADERS(sys/ioccom.h sys/sockio.h limits.h paths.h)
AC_CHECK_HEADERS(net/pfvar.h, , , [#include <sys/types.h>
#include <sys/socket.h>
#include <net/if.h>])
AC_CHECK_HEADERS(netinet/if_ether.h, , , [#include <sys/types.h>
#include <sys/socket.h>])
if test "$ac_cv_header_netinet_if_ether_h" != yes; then

View File

@ -21,7 +21,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.285 2007-09-10 20:17:18 hannes Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.286 2007-09-12 19:09:50 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -73,7 +73,12 @@ static const char rcsid[] _U_ =
#include "ppp.h"
#include "pcap/sll.h"
#include "arcnet.h"
#include "pf.h"
#ifdef HAVE_NET_PFVAR_H
#include <sys/socket.h>
#include <net/if.h>
#include <net/pfvar.h>
#include <net/if_pflog.h>
#endif
#ifndef offsetof
#define offsetof(s, e) ((size_t)&((s *)0)->e)
#endif
@ -1175,12 +1180,13 @@ init_linktype(p)
off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
return;
#ifdef HAVE_NET_PFVAR_H
case DLT_PFLOG:
off_linktype = 0;
/* XXX read this from pf.h? */
off_nl = PFLOG_HDRLEN;
off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
return;
#endif
case DLT_JUNIPER_MFR:
case DLT_JUNIPER_MLFR:
@ -2447,6 +2453,7 @@ gen_linktype(proto)
}
return (gen_cmp(OR_LINK, 0, BPF_W, (bpf_int32)proto));
#ifdef HAVE_NET_PFVAR_H
case DLT_PFLOG:
/*
* af field is host byte order in contrast to the rest of
@ -2464,6 +2471,7 @@ gen_linktype(proto)
return gen_false();
/*NOTREACHED*/
break;
#endif /* HAVE_NET_PFVAR_H */
case DLT_ARCNET:
case DLT_ARCNET_LINUX:
@ -6397,10 +6405,12 @@ gen_inbound(dir)
}
break;
#ifdef HAVE_NET_PFVAR_H
case DLT_PFLOG:
b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B,
(bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
break;
#endif
case DLT_PPP_PPPD:
if (dir) {
@ -6450,6 +6460,7 @@ gen_inbound(dir)
return (b0);
}
#ifdef HAVE_NET_PFVAR_H
/* PF firewall log matched interface */
struct block *
gen_pf_ifname(const char *ifname)
@ -6557,6 +6568,55 @@ gen_pf_action(int action)
(bpf_int32)action);
return (b0);
}
#else /* !HAVE_NET_PFVAR_H */
struct block *
gen_pf_ifname(const char *ifname)
{
bpf_error("libpcap was compiled without pf support");
/* NOTREACHED */
return (NULL);
}
struct block *
gen_pf_ruleset(char *ruleset)
{
bpf_error("libpcap was compiled on a machine without pf support");
/* NOTREACHED */
return (NULL);
}
struct block *
gen_pf_rnr(int rnr)
{
bpf_error("libpcap was compiled on a machine without pf support");
/* NOTREACHED */
return (NULL);
}
struct block *
gen_pf_srnr(int srnr)
{
bpf_error("libpcap was compiled on a machine without pf support");
/* NOTREACHED */
return (NULL);
}
struct block *
gen_pf_reason(int reason)
{
bpf_error("libpcap was compiled on a machine without pf support");
/* NOTREACHED */
return (NULL);
}
struct block *
gen_pf_action(int action)
{
bpf_error("libpcap was compiled on a machine without pf support");
/* NOTREACHED */
return (NULL);
}
#endif /* HAVE_NET_PFVAR_H */
/* IEEE 802.11 wireless header */
struct block *

View File

@ -22,7 +22,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.97 2007-06-11 10:04:25 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.98 2007-09-12 19:09:50 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -52,7 +52,11 @@ struct rtentry;
#include "pcap-int.h"
#include "gencode.h"
#include "pf.h"
#ifdef HAVE_NET_PFVAR_H
#include <net/if.h>
#include <net/pfvar.h>
#include <net/if_pflog.h>
#endif
#include "ieee80211.h"
#include <pcap/namedb.h>
@ -90,6 +94,50 @@ pcap_parse()
}
#endif
#ifdef HAVE_NET_PFVAR_H
static int
pfreason_to_num(const char *reason)
{
const char *reasons[] = PFRES_NAMES;
int i;
for (i = 0; reasons[i]; i++) {
if (pcap_strcasecmp(reason, reasons[i]) == 0)
return (i);
}
bpf_error("unknown PF reason");
/*NOTREACHED*/
}
static int
pfaction_to_num(const char *action)
{
if (pcap_strcasecmp(action, "pass") == 0 ||
pcap_strcasecmp(action, "accept") == 0)
return (PF_PASS);
else if (pcap_strcasecmp(action, "drop") == 0 ||
pcap_strcasecmp(action, "block") == 0)
return (PF_DROP);
else {
bpf_error("unknown PF action");
/*NOTREACHED*/
}
}
#else /* !HAVE_NET_PFVAR_H */
static int
pfreason_to_num(const char *reason)
{
bpf_error("libpcap was compiled on a machine without pf support");
/*NOTREACHED*/
}
static int
pfaction_to_num(const char *action)
{
bpf_error("libpcap was compiled on a machine without pf support");
/*NOTREACHED*/
}
#endif /* HAVE_NET_PFVAR_H */
%}
%union {
@ -443,28 +491,10 @@ type_subtype: ID { const char **sub_names[] = {
;
reason: NUM { $$ = $1; }
| ID { const char *reasons[] = PFRES_NAMES;
int i;
for (i = 0; reasons[i]; i++) {
if (pcap_strcasecmp($1, reasons[i]) == 0) {
$$ = i;
break;
}
}
if (reasons[i] == NULL)
bpf_error("unknown PF reason");
}
| ID { $$ = pfreason_to_num($1); }
;
action: ID { if (pcap_strcasecmp($1, "pass") == 0 ||
pcap_strcasecmp($1, "accept") == 0)
$$ = PF_PASS;
else if (pcap_strcasecmp($1, "drop") == 0 ||
pcap_strcasecmp($1, "block") == 0)
$$ = PF_DROP;
else
bpf_error("unknown PF action");
}
action: ID { $$ = pfaction_to_num($1); }
;
relop: '>' { $$ = BPF_JGT; }

77
pf.h
View File

@ -1,77 +0,0 @@
/*
* Copyright (c) 2001 Daniel Hartmeier
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/Attic/pf.h,v 1.3 2004-04-02 06:33:30 guy Exp $ (LBL)
*/
/* from $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
enum { PF_INOUT=0, PF_IN=1, PF_OUT=2 };
enum { PF_PASS=0, PF_DROP=1, PF_SCRUB=2, PF_NAT=3, PF_NONAT=4,
PF_BINAT=5, PF_NOBINAT=6, PF_RDR=7, PF_NORDR=8, PF_SYNPROXY_DROP=9 };
/* Reasons code for passing/dropping a packet */
#define PFRES_MATCH 0 /* Explicit match of a rule */
#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */
#define PFRES_FRAG 2 /* Dropping following fragment */
#define PFRES_SHORT 3 /* Dropping short packet */
#define PFRES_NORM 4 /* Dropping by normalizer */
#define PFRES_MEMORY 5 /* Dropped due to lacking mem */
#define PFRES_MAX 6 /* total+1 */
#define PFRES_NAMES { \
"match", \
"bad-offset", \
"fragment", \
"short", \
"normalize", \
"memory", \
NULL \
}
#define PF_RULESET_NAME_SIZE 16
/* from $OpenBSD: if_pflog.h,v 1.9 2003/07/15 20:27:27 dhartmei Exp $ */
#ifndef IFNAMSIZ
#define IFNAMSIZ 16
#endif
struct pfloghdr {
u_int8_t length;
u_int8_t af;
u_int8_t action;
u_int8_t reason;
char ifname[IFNAMSIZ];
char ruleset[PF_RULESET_NAME_SIZE];
u_int32_t rulenr;
u_int32_t subrulenr;
u_int8_t dir;
u_int8_t pad[3];
};
#define PFLOG_HDRLEN sizeof(struct pfloghdr)