Support for capturing on, and reading captures from, OpenBSD firewall
logging virtual interface, from Mike Frantzen. svn path=/trunk/; revision=4616
This commit is contained in:
parent
d76a4172a6
commit
c873f79156
5
AUTHORS
5
AUTHORS
|
@ -1014,6 +1014,11 @@ Ricardo Barroetave
|
||||||
Alan Harrison <alanharrison[AT]mail.com> {
|
Alan Harrison <alanharrison[AT]mail.com> {
|
||||||
Fixes to EtherPeek file reader code
|
Fixes to EtherPeek file reader code
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Mike Frantzen <frantzen[AT]w4g.org> {
|
||||||
|
Support for capturing on, and reading captures from, OpenBSD
|
||||||
|
firewall logging virtual interface
|
||||||
|
}
|
||||||
|
|
||||||
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
||||||
give his permission to use his version of snprintf.c.
|
give his permission to use his version of snprintf.c.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Makefile.am
|
# Makefile.am
|
||||||
# Automake file for Ethereal
|
# Automake file for Ethereal
|
||||||
#
|
#
|
||||||
# $Id: Makefile.am,v 1.405 2002/01/20 23:05:22 gerald Exp $
|
# $Id: Makefile.am,v 1.406 2002/01/29 08:44:45 guy Exp $
|
||||||
#
|
#
|
||||||
# Ethereal - Network traffic analyzer
|
# Ethereal - Network traffic analyzer
|
||||||
# By Gerald Combs <gerald@ethereal.com>
|
# By Gerald Combs <gerald@ethereal.com>
|
||||||
|
@ -208,6 +208,7 @@ DISSECTOR_SRC = \
|
||||||
packet-osi-options.c \
|
packet-osi-options.c \
|
||||||
packet-ospf.c \
|
packet-ospf.c \
|
||||||
packet-pcnfsd.c \
|
packet-pcnfsd.c \
|
||||||
|
packet-pflog.c \
|
||||||
packet-pgm.c \
|
packet-pgm.c \
|
||||||
packet-pim.c \
|
packet-pim.c \
|
||||||
packet-pop.c \
|
packet-pop.c \
|
||||||
|
@ -394,6 +395,7 @@ noinst_HEADERS = \
|
||||||
packet-osi.h \
|
packet-osi.h \
|
||||||
packet-osi-options.h \
|
packet-osi-options.h \
|
||||||
packet-pcnfsd.h \
|
packet-pcnfsd.h \
|
||||||
|
packet-pflog.h \
|
||||||
packet-pgm.h \
|
packet-pgm.h \
|
||||||
packet-pim.h \
|
packet-pim.h \
|
||||||
packet-portmap.h \
|
packet-portmap.h \
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
## Makefile for building ethereal.exe with Microsoft C and nmake
|
## Makefile for building ethereal.exe with Microsoft C and nmake
|
||||||
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
|
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
|
||||||
#
|
#
|
||||||
# $Id: Makefile.nmake,v 1.165 2002/01/21 10:21:57 guy Exp $
|
# $Id: Makefile.nmake,v 1.166 2002/01/29 08:44:46 guy Exp $
|
||||||
|
|
||||||
include config.nmake
|
include config.nmake
|
||||||
include <win32.mak>
|
include <win32.mak>
|
||||||
|
@ -159,6 +159,7 @@ DISSECTOR_SRC = \
|
||||||
packet-osi-options.c \
|
packet-osi-options.c \
|
||||||
packet-ospf.c \
|
packet-ospf.c \
|
||||||
packet-pcnfsd.c \
|
packet-pcnfsd.c \
|
||||||
|
packet-pflog.c \
|
||||||
packet-pgm.c \
|
packet-pgm.c \
|
||||||
packet-pim.c \
|
packet-pim.c \
|
||||||
packet-pop.c \
|
packet-pop.c \
|
||||||
|
|
|
@ -1358,6 +1358,7 @@ B<http://www.ethereal.com>.
|
||||||
Jirka Novak <j.novak[AT]netsystem.cz>
|
Jirka Novak <j.novak[AT]netsystem.cz>
|
||||||
Ricardo Barroetaveña <rbarroetavena[AT]veufort.com>
|
Ricardo Barroetaveña <rbarroetavena[AT]veufort.com>
|
||||||
Alan Harrison <alanharrison[AT]mail.com>
|
Alan Harrison <alanharrison[AT]mail.com>
|
||||||
|
Mike Frantzen <frantzen[AT]w4g.org>
|
||||||
|
|
||||||
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
|
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
|
||||||
permission to use his version of snprintf.c.
|
permission to use his version of snprintf.c.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* column-utils.c
|
/* column-utils.c
|
||||||
* Routines for column utilities.
|
* Routines for column utilities.
|
||||||
*
|
*
|
||||||
* $Id: column-utils.c,v 1.10 2002/01/11 08:21:00 guy Exp $
|
* $Id: column-utils.c,v 1.11 2002/01/29 08:44:49 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* By Gerald Combs <gerald@ethereal.com>
|
* By Gerald Combs <gerald@ethereal.com>
|
||||||
|
@ -154,6 +154,7 @@ col_add_fstr(column_info *cinfo, gint el, gchar *format, ...) {
|
||||||
cinfo->col_data[i] = cinfo->col_buf[i];
|
cinfo->col_data[i] = cinfo->col_buf[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
va_end(ap);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Appends a vararg list to a packet info string. */
|
/* Appends a vararg list to a packet info string. */
|
||||||
|
@ -182,6 +183,45 @@ col_append_fstr(column_info *cinfo, gint el, gchar *format, ...) {
|
||||||
cinfo->col_data[i] = cinfo->col_buf[i];
|
cinfo->col_data[i] = cinfo->col_buf[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
va_end(ap);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Prepends a vararg list to a packet info string. */
|
||||||
|
void
|
||||||
|
col_prepend_fstr(column_info *cinfo, gint el, gchar *format, ...)
|
||||||
|
{
|
||||||
|
va_list ap;
|
||||||
|
int i, safe_orig = FALSE;
|
||||||
|
char *orig = NULL;
|
||||||
|
size_t max_len;
|
||||||
|
|
||||||
|
if (el == COL_INFO)
|
||||||
|
max_len = COL_MAX_INFO_LEN;
|
||||||
|
else
|
||||||
|
max_len = COL_MAX_LEN;
|
||||||
|
|
||||||
|
va_start(ap, format);
|
||||||
|
for (i = 0; i < cinfo->num_cols; i++) {
|
||||||
|
if (cinfo->fmt_matx[i][el]) {
|
||||||
|
if (cinfo->col_data[i] != cinfo->col_buf[i]) {
|
||||||
|
/* This was set with "col_set_str()"; which is effectively const */
|
||||||
|
orig = cinfo->col_data[i];
|
||||||
|
} else {
|
||||||
|
/* Need to cache the original string */
|
||||||
|
if (!safe_orig) {
|
||||||
|
orig = alloca(max_len);
|
||||||
|
safe_orig = TRUE;
|
||||||
|
}
|
||||||
|
strncpy(orig, cinfo->col_buf[i], max_len);
|
||||||
|
orig[max_len - 1] = '\0';
|
||||||
|
}
|
||||||
|
vsnprintf(cinfo->col_buf[i], max_len, format, ap);
|
||||||
|
strncat(cinfo->col_buf[i], orig, max_len);
|
||||||
|
cinfo->col_buf[i][max_len - 1] = '\0';
|
||||||
|
cinfo->col_data[i] = cinfo->col_buf[i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
va_end(ap);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Use this if "str" points to something that won't stay around (and
|
/* Use this if "str" points to something that won't stay around (and
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* column-utils.h
|
/* column-utils.h
|
||||||
* Definitions for column utility structures and routines
|
* Definitions for column utility structures and routines
|
||||||
*
|
*
|
||||||
* $Id: column-utils.h,v 1.5 2001/12/10 00:26:16 guy Exp $
|
* $Id: column-utils.h,v 1.6 2002/01/29 08:44:49 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* By Gerald Combs <gerald@ethereal.com>
|
* By Gerald Combs <gerald@ethereal.com>
|
||||||
|
@ -48,9 +48,12 @@ extern void col_add_fstr(column_info *, gint, gchar *, ...)
|
||||||
__attribute__((format (printf, 3, 4)));
|
__attribute__((format (printf, 3, 4)));
|
||||||
extern void col_append_fstr(column_info *, gint, gchar *, ...)
|
extern void col_append_fstr(column_info *, gint, gchar *, ...)
|
||||||
__attribute__((format (printf, 3, 4)));
|
__attribute__((format (printf, 3, 4)));
|
||||||
|
extern void col_prepend_fstr(column_info *, gint, gchar *, ...)
|
||||||
|
__attribute__((format (printf, 3, 4)));
|
||||||
#else
|
#else
|
||||||
extern void col_add_fstr(column_info *, gint, gchar *, ...);
|
extern void col_add_fstr(column_info *, gint, gchar *, ...);
|
||||||
extern void col_append_fstr(column_info *, gint, gchar *, ...);
|
extern void col_append_fstr(column_info *, gint, gchar *, ...);
|
||||||
|
extern void col_prepend_fstr(column_info *, gint, gchar *, ...);
|
||||||
#endif
|
#endif
|
||||||
extern void col_add_str(column_info *, gint, const gchar *);
|
extern void col_add_str(column_info *, gint, const gchar *);
|
||||||
extern void col_append_str(column_info *, gint, gchar *);
|
extern void col_append_str(column_info *, gint, gchar *);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* plugins.c
|
/* plugins.c
|
||||||
* plugin routines
|
* plugin routines
|
||||||
*
|
*
|
||||||
* $Id: plugins.c,v 1.45 2002/01/05 04:12:16 gram Exp $
|
* $Id: plugins.c,v 1.46 2002/01/29 08:44:49 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* By Gerald Combs <gerald@ethereal.com>
|
* By Gerald Combs <gerald@ethereal.com>
|
||||||
|
@ -288,6 +288,7 @@ init_plugins(const char *plugin_dir)
|
||||||
patable.p_col_clear = col_clear;
|
patable.p_col_clear = col_clear;
|
||||||
patable.p_col_add_fstr = col_add_fstr;
|
patable.p_col_add_fstr = col_add_fstr;
|
||||||
patable.p_col_append_fstr = col_append_fstr;
|
patable.p_col_append_fstr = col_append_fstr;
|
||||||
|
patable.p_col_prepend_fstr = col_prepend_fstr;
|
||||||
patable.p_col_add_str = col_add_str;
|
patable.p_col_add_str = col_add_str;
|
||||||
patable.p_col_append_str = col_append_str;
|
patable.p_col_append_str = col_append_str;
|
||||||
patable.p_col_set_str = col_set_str;
|
patable.p_col_set_str = col_set_str;
|
||||||
|
|
|
@ -0,0 +1,212 @@
|
||||||
|
/* packet-pflog.c
|
||||||
|
* Routines for pflog (OpenBSD Firewall Logging) packet disassembly
|
||||||
|
*
|
||||||
|
* $Id: packet-pflog.c,v 1.1 2002/01/29 08:44:46 guy Exp $
|
||||||
|
*
|
||||||
|
* Copyright 2001 Mike Frantzen
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* - Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||||
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||||
|
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||||
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||||
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||||
|
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
# include "config.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_SYS_TYPES_H
|
||||||
|
# include <sys/types.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include <glib.h>
|
||||||
|
#include <epan/packet.h>
|
||||||
|
#include "etypes.h"
|
||||||
|
#include <epan/resolv.h>
|
||||||
|
#include "packet-ip.h"
|
||||||
|
#include "packet-ipv6.h"
|
||||||
|
#include "packet-pflog.h"
|
||||||
|
|
||||||
|
#ifndef offsetof
|
||||||
|
/* Can't trust stddef.h to be there for us */
|
||||||
|
# define offsetof(type, member) ((size_t)(&((type *)0)->member))
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static dissector_handle_t data_handle, ip_handle, ipv6_handle, pflog_handle;
|
||||||
|
|
||||||
|
/* header fields */
|
||||||
|
static int proto_pflog = -1;
|
||||||
|
static int hf_pflog_af = -1;
|
||||||
|
static int hf_pflog_ifname = -1;
|
||||||
|
static int hf_pflog_rnr = -1;
|
||||||
|
static int hf_pflog_reason = -1;
|
||||||
|
static int hf_pflog_action = -1;
|
||||||
|
static int hf_pflog_dir = -1;
|
||||||
|
|
||||||
|
static gint ett_pflog = -1;
|
||||||
|
|
||||||
|
static char *pf_reasons[PFRES_MAX+2] = PFRES_NAMES;
|
||||||
|
|
||||||
|
|
||||||
|
void
|
||||||
|
capture_pflog(const u_char *pd, int offset, int len, packet_counts *ld)
|
||||||
|
{
|
||||||
|
struct pfloghdr pflogh;
|
||||||
|
|
||||||
|
if (!BYTES_ARE_IN_FRAME(offset, len, (int)PFLOG_HDRLEN)) {
|
||||||
|
ld->other++;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
offset += PFLOG_HDRLEN;
|
||||||
|
|
||||||
|
/* Copy out the pflog header to insure alignment */
|
||||||
|
memcpy(&pflogh, pd, sizeof(pflogh));
|
||||||
|
NTOHL(pflogh.af);
|
||||||
|
|
||||||
|
if (pflogh.af == BSD_PF_INET)
|
||||||
|
capture_ip(pd, offset, len, ld);
|
||||||
|
#ifdef notyet
|
||||||
|
else if (pflogh.af == BSD_PF_INET6)
|
||||||
|
capture_ipv6(pd, offset, len, ld);
|
||||||
|
#endif
|
||||||
|
else
|
||||||
|
ld->other++;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||||
|
{
|
||||||
|
struct pfloghdr pflogh;
|
||||||
|
tvbuff_t *next_tvb;
|
||||||
|
proto_tree *pflog_tree;
|
||||||
|
proto_item *ti, *tf;
|
||||||
|
char *why;
|
||||||
|
|
||||||
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
||||||
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "pflog");
|
||||||
|
|
||||||
|
/* Copy out the pflog header to insure alignment */
|
||||||
|
tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh));
|
||||||
|
|
||||||
|
/* Byteswap the header now */
|
||||||
|
NTOHL(pflogh.af);
|
||||||
|
NTOHS(pflogh.rnr);
|
||||||
|
NTOHS(pflogh.reason);
|
||||||
|
NTOHS(pflogh.action);
|
||||||
|
NTOHS(pflogh.dir);
|
||||||
|
|
||||||
|
why = (pflogh.reason < PFRES_MAX) ? pf_reasons[pflogh.reason] : "unkn";
|
||||||
|
|
||||||
|
if (tree) {
|
||||||
|
ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0,
|
||||||
|
PFLOG_HDRLEN,
|
||||||
|
"PF Log %s %s on %s by rule %d", pflogh.af == BSD_PF_INET ? "IPv4" :
|
||||||
|
pflogh.af == BSD_PF_INET6 ? "IPv6" : "unkn",
|
||||||
|
pflogh.action == PF_PASS ? "passed" :
|
||||||
|
pflogh.action == PF_DROP ? "dropped" :
|
||||||
|
pflogh.action == PF_SCRUB ? "scrubbed" : "unkn",
|
||||||
|
pflogh.ifname,
|
||||||
|
pflogh.rnr);
|
||||||
|
pflog_tree = proto_item_add_subtree(ti, ett_pflog);
|
||||||
|
|
||||||
|
tf = proto_tree_add_uint_format(pflog_tree, hf_pflog_rnr, tvb,
|
||||||
|
offsetof(struct pfloghdr, rnr), sizeof(pflogh.rnr),
|
||||||
|
pflogh.rnr, "Rule Number: %d", pflogh.rnr);
|
||||||
|
tf = proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb,
|
||||||
|
offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
|
||||||
|
pflogh.ifname);
|
||||||
|
tf = proto_tree_add_string(pflog_tree, hf_pflog_reason, tvb,
|
||||||
|
offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
|
||||||
|
why);
|
||||||
|
tf = proto_tree_add_string(pflog_tree, hf_pflog_action, tvb,
|
||||||
|
offsetof(struct pfloghdr, action), sizeof(pflogh.action),
|
||||||
|
pflogh.action == PF_PASS ? "pass" :
|
||||||
|
pflogh.action == PF_DROP ? "drop" :
|
||||||
|
pflogh.action == PF_SCRUB ? "scrub" : "unkn");
|
||||||
|
tf = proto_tree_add_string(pflog_tree, hf_pflog_dir, tvb,
|
||||||
|
offsetof(struct pfloghdr, dir), sizeof(pflogh.dir),
|
||||||
|
pflogh.dir == PF_IN ? "in" : "out");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set the tvbuff for the payload after the header */
|
||||||
|
next_tvb = tvb_new_subset(tvb, PFLOG_HDRLEN, -1, -1);
|
||||||
|
|
||||||
|
pinfo->ethertype = (hf_pflog_af == BSD_PF_INET) ? ETHERTYPE_IP : ETHERTYPE_IPv6;
|
||||||
|
if (pflogh.af == BSD_PF_INET)
|
||||||
|
call_dissector(ip_handle, next_tvb, pinfo, tree);
|
||||||
|
else if (pflogh.af == BSD_PF_INET6)
|
||||||
|
call_dissector(ipv6_handle, next_tvb, pinfo, tree);
|
||||||
|
else
|
||||||
|
call_dissector(data_handle, next_tvb, pinfo, tree);
|
||||||
|
|
||||||
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
||||||
|
col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ",
|
||||||
|
pflogh.action == PF_PASS ? "passed" :
|
||||||
|
pflogh.action == PF_DROP ? "dropped" :
|
||||||
|
pflogh.action == PF_SCRUB ? "scrubbed" : "unkn",
|
||||||
|
pflogh.ifname,
|
||||||
|
pflogh.rnr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
proto_register_pflog(void)
|
||||||
|
{
|
||||||
|
static hf_register_info hf[] = {
|
||||||
|
{ &hf_pflog_af,
|
||||||
|
{ "Address Family", "pflog.af", FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||||
|
"Protocol (IPv4 vs IPv6)", HFILL }},
|
||||||
|
{ &hf_pflog_ifname,
|
||||||
|
{ "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0,
|
||||||
|
"Interface", HFILL }},
|
||||||
|
{ &hf_pflog_rnr,
|
||||||
|
{ "Rule Number", "pflog.rnr", FT_UINT16, BASE_DEC, NULL, 0x0,
|
||||||
|
"Last matched firewall rule number", HFILL }},
|
||||||
|
{ &hf_pflog_reason,
|
||||||
|
{ "Reason", "pflog.reason", FT_STRING, BASE_NONE, NULL, 0x0,
|
||||||
|
"Reason for logging the packet", HFILL }},
|
||||||
|
{ &hf_pflog_action,
|
||||||
|
{ "Action", "pflog.action", FT_STRING, BASE_NONE, NULL, 0x0,
|
||||||
|
"Action taken by PF on the packet", HFILL }},
|
||||||
|
{ &hf_pflog_dir,
|
||||||
|
{ "Direction", "pflog.dir", FT_STRING, BASE_NONE, NULL, 0x0,
|
||||||
|
"Direction of packet in stack (inbound versus outbound)", HFILL }},
|
||||||
|
};
|
||||||
|
static gint *ett[] = { &ett_pflog };
|
||||||
|
|
||||||
|
proto_pflog = proto_register_protocol("pflog", "pflog", "pflog");
|
||||||
|
proto_register_field_array(proto_pflog, hf, array_length(hf));
|
||||||
|
proto_register_subtree_array(ett, array_length(ett));
|
||||||
|
|
||||||
|
register_dissector("pflog", dissect_pflog, proto_pflog);
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
proto_reg_handoff_pflog(void)
|
||||||
|
{
|
||||||
|
dissector_handle_t pflog_handle;
|
||||||
|
|
||||||
|
pflog_handle = find_dissector("pflog");
|
||||||
|
ip_handle = find_dissector("ip");
|
||||||
|
ipv6_handle = find_dissector("ipv6");
|
||||||
|
data_handle = find_dissector("data");
|
||||||
|
dissector_add("wtap_encap", WTAP_ENCAP_PFLOG, pflog_handle);
|
||||||
|
}
|
|
@ -0,0 +1,83 @@
|
||||||
|
/* packet-pflog.h
|
||||||
|
*
|
||||||
|
* $Id: packet-pflog.h,v 1.1 2002/01/29 08:44:46 guy Exp $
|
||||||
|
*
|
||||||
|
* Copyright 2001 Mike Frantzen
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* - Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||||
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||||
|
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||||
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||||
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||||
|
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef __PACKET_PFLOG_H__
|
||||||
|
#define __PACKET_PFLOG_H__
|
||||||
|
|
||||||
|
/* The header in OpenBSD pflog files. */
|
||||||
|
|
||||||
|
struct pfloghdr {
|
||||||
|
guint32 af;
|
||||||
|
char ifname[16];
|
||||||
|
gint16 rnr;
|
||||||
|
guint16 reason;
|
||||||
|
guint16 action;
|
||||||
|
guint16 dir;
|
||||||
|
};
|
||||||
|
#define PFLOG_HDRLEN sizeof(struct pfloghdr)
|
||||||
|
|
||||||
|
/* Named reasons */
|
||||||
|
#define PFRES_NAMES { \
|
||||||
|
"match", \
|
||||||
|
"bad-offset", \
|
||||||
|
"fragment", \
|
||||||
|
"short", \
|
||||||
|
"normalize", \
|
||||||
|
"memory", \
|
||||||
|
NULL \
|
||||||
|
}
|
||||||
|
#define PFRES_MAX 6
|
||||||
|
|
||||||
|
/* Actions */
|
||||||
|
#define PF_PASS 0
|
||||||
|
#define PF_DROP 1
|
||||||
|
#define PF_SCRUB 2
|
||||||
|
|
||||||
|
/* Directions */
|
||||||
|
#define PF_IN 0
|
||||||
|
#define PF_OUT 1
|
||||||
|
|
||||||
|
/* BSDisms */
|
||||||
|
#ifndef NTOHL
|
||||||
|
# define NTOHL(x) x = ntohl(x)
|
||||||
|
#endif
|
||||||
|
#ifndef NTOHS
|
||||||
|
# define NTONS(x) x = ntohs(x)
|
||||||
|
#endif
|
||||||
|
#ifndef HTONL
|
||||||
|
# define HTONL(x) x = htonl(x)
|
||||||
|
#endif
|
||||||
|
#ifndef HTONS
|
||||||
|
# define HTONS(x) x = htons(x)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
# define BSD_PF_INET 2
|
||||||
|
# define BSD_PF_INET6 24
|
||||||
|
|
||||||
|
#endif /* __PACKET_PFLOG_H__ */
|
|
@ -1,7 +1,7 @@
|
||||||
/* plugin_api.c
|
/* plugin_api.c
|
||||||
* Routines for Ethereal plugins.
|
* Routines for Ethereal plugins.
|
||||||
*
|
*
|
||||||
* $Id: plugin_api.c,v 1.33 2002/01/05 04:12:17 gram Exp $
|
* $Id: plugin_api.c,v 1.34 2002/01/29 08:44:51 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -38,6 +38,7 @@ plugin_address_table_init(plugin_address_table_t *pat)
|
||||||
p_col_clear = pat->p_col_clear;
|
p_col_clear = pat->p_col_clear;
|
||||||
p_col_add_fstr = pat->p_col_add_fstr;
|
p_col_add_fstr = pat->p_col_add_fstr;
|
||||||
p_col_append_fstr = pat->p_col_append_fstr;
|
p_col_append_fstr = pat->p_col_append_fstr;
|
||||||
|
p_col_prepend_fstr = pat->p_col_prepend_fstr;
|
||||||
p_col_add_str = pat->p_col_add_str;
|
p_col_add_str = pat->p_col_add_str;
|
||||||
p_col_append_str = pat->p_col_append_str;
|
p_col_append_str = pat->p_col_append_str;
|
||||||
p_col_set_str = pat->p_col_set_str;
|
p_col_set_str = pat->p_col_set_str;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* plugin_api.h
|
/* plugin_api.h
|
||||||
* Routines for Ethereal plugins.
|
* Routines for Ethereal plugins.
|
||||||
*
|
*
|
||||||
* $Id: plugin_api.h,v 1.34 2002/01/21 07:37:45 guy Exp $
|
* $Id: plugin_api.h,v 1.35 2002/01/29 08:44:51 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -38,6 +38,7 @@
|
||||||
#define col_clear (*p_col_clear)
|
#define col_clear (*p_col_clear)
|
||||||
#define col_add_fstr (*p_col_add_fstr)
|
#define col_add_fstr (*p_col_add_fstr)
|
||||||
#define col_append_fstr (*p_col_append_fstr)
|
#define col_append_fstr (*p_col_append_fstr)
|
||||||
|
#define col_prepend_fstr (*p_col_prepend_fstr)
|
||||||
#define col_add_str (*p_col_add_str)
|
#define col_add_str (*p_col_add_str)
|
||||||
#define col_append_str (*p_col_append_str)
|
#define col_append_str (*p_col_append_str)
|
||||||
#define col_set_str (*p_col_set_str)
|
#define col_set_str (*p_col_set_str)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* plugin_api_defs.h
|
/* plugin_api_defs.h
|
||||||
* Define the variables that hold pointers to plugin API functions
|
* Define the variables that hold pointers to plugin API functions
|
||||||
*
|
*
|
||||||
* $Id: plugin_api_defs.h,v 1.9 2002/01/05 04:12:17 gram Exp $
|
* $Id: plugin_api_defs.h,v 1.10 2002/01/29 08:44:51 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -27,6 +27,7 @@ addr_check_col p_check_col;
|
||||||
addr_col_clear p_col_clear;
|
addr_col_clear p_col_clear;
|
||||||
addr_col_add_fstr p_col_add_fstr;
|
addr_col_add_fstr p_col_add_fstr;
|
||||||
addr_col_append_fstr p_col_append_fstr;
|
addr_col_append_fstr p_col_append_fstr;
|
||||||
|
addr_col_prepend_fstr p_col_prepend_fstr;
|
||||||
addr_col_add_str p_col_add_str;
|
addr_col_add_str p_col_add_str;
|
||||||
addr_col_append_str p_col_append_str;
|
addr_col_append_str p_col_append_str;
|
||||||
addr_col_set_str p_col_set_str;
|
addr_col_set_str p_col_set_str;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* plugin_table.h
|
/* plugin_table.h
|
||||||
* Table of exported addresses for Ethereal plugins.
|
* Table of exported addresses for Ethereal plugins.
|
||||||
*
|
*
|
||||||
* $Id: plugin_table.h,v 1.36 2002/01/05 04:12:17 gram Exp $
|
* $Id: plugin_table.h,v 1.37 2002/01/29 08:44:51 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -32,6 +32,7 @@ typedef gint (*addr_check_col)(column_info*, gint);
|
||||||
typedef void (*addr_col_clear)(column_info*, gint);
|
typedef void (*addr_col_clear)(column_info*, gint);
|
||||||
typedef void (*addr_col_add_fstr)(column_info*, gint, gchar*, ...);
|
typedef void (*addr_col_add_fstr)(column_info*, gint, gchar*, ...);
|
||||||
typedef void (*addr_col_append_fstr)(column_info*, gint, gchar*, ...);
|
typedef void (*addr_col_append_fstr)(column_info*, gint, gchar*, ...);
|
||||||
|
typedef void (*addr_col_prepend_fstr)(column_info*, gint, gchar*, ...);
|
||||||
typedef void (*addr_col_add_str)(column_info*, gint, const gchar*);
|
typedef void (*addr_col_add_str)(column_info*, gint, const gchar*);
|
||||||
typedef void (*addr_col_append_str)(column_info*, gint, gchar*);
|
typedef void (*addr_col_append_str)(column_info*, gint, gchar*);
|
||||||
typedef void (*addr_col_set_str)(column_info*, gint, gchar*);
|
typedef void (*addr_col_set_str)(column_info*, gint, gchar*);
|
||||||
|
@ -215,6 +216,7 @@ typedef struct {
|
||||||
addr_col_clear p_col_clear;
|
addr_col_clear p_col_clear;
|
||||||
addr_col_add_fstr p_col_add_fstr;
|
addr_col_add_fstr p_col_add_fstr;
|
||||||
addr_col_append_fstr p_col_append_fstr;
|
addr_col_append_fstr p_col_append_fstr;
|
||||||
|
addr_col_prepend_fstr p_col_prepend_fstr;
|
||||||
addr_col_add_str p_col_add_str;
|
addr_col_add_str p_col_add_str;
|
||||||
addr_col_append_str p_col_append_str;
|
addr_col_append_str p_col_append_str;
|
||||||
addr_col_set_str p_col_set_str;
|
addr_col_set_str p_col_set_str;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/* libpcap.c
|
/* libpcap.c
|
||||||
*
|
*
|
||||||
* $Id: libpcap.c,v 1.62 2001/12/04 07:32:05 guy Exp $
|
* $Id: libpcap.c,v 1.63 2002/01/29 08:44:53 guy Exp $
|
||||||
*
|
*
|
||||||
* Wiretap Library
|
* Wiretap Library
|
||||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -230,7 +230,12 @@ static const struct {
|
||||||
/*
|
/*
|
||||||
* 17 is DLT_LANE8023 in SuSE 6.3 libpcap; we don't currently
|
* 17 is DLT_LANE8023 in SuSE 6.3 libpcap; we don't currently
|
||||||
* handle it.
|
* handle it.
|
||||||
|
* It is also used as the PF (Packet Filter) logging format beginning
|
||||||
|
* with OpenBSD 3.0.
|
||||||
*/
|
*/
|
||||||
|
#if defined(DLT_PFLOG) && (DLT_PFLOG == 17)
|
||||||
|
{ 17, WTAP_ENCAP_PFLOG },
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 18 is DLT_CIP in SuSE 6.3 libpcap; if it's the same as the
|
* 18 is DLT_CIP in SuSE 6.3 libpcap; if it's the same as the
|
||||||
|
@ -366,6 +371,13 @@ static const struct {
|
||||||
|
|
||||||
{ 114, WTAP_ENCAP_LOCALTALK }, /* Localtalk */
|
{ 114, WTAP_ENCAP_LOCALTALK }, /* Localtalk */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The tcpdump.org version of libpcap uses 117, rather than 17,
|
||||||
|
* for OpenBSD packet filter logging, so as to avoid conflicting
|
||||||
|
* with DLT_LANE8023 in SuSE 6.3 libpcap.
|
||||||
|
*/
|
||||||
|
{ 117, WTAP_ENCAP_PFLOG },
|
||||||
|
|
||||||
{ 118, WTAP_ENCAP_CISCO_IOS },
|
{ 118, WTAP_ENCAP_CISCO_IOS },
|
||||||
{ 119, WTAP_ENCAP_PRISM_HEADER }, /* Prism monitor mode hdr */
|
{ 119, WTAP_ENCAP_PRISM_HEADER }, /* Prism monitor mode hdr */
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/* wtap.c
|
/* wtap.c
|
||||||
*
|
*
|
||||||
* $Id: wtap.c,v 1.58 2001/11/30 07:14:22 guy Exp $
|
* $Id: wtap.c,v 1.59 2002/01/29 08:44:53 guy Exp $
|
||||||
*
|
*
|
||||||
* Wiretap Library
|
* Wiretap Library
|
||||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -133,6 +133,9 @@ static const struct encap_type_info {
|
||||||
|
|
||||||
/* WTAP_ENCAP_PRISM_HEADER */
|
/* WTAP_ENCAP_PRISM_HEADER */
|
||||||
{ "IEEE 802.11 plus Prism II monitor mode header", "prism" },
|
{ "IEEE 802.11 plus Prism II monitor mode header", "prism" },
|
||||||
|
|
||||||
|
/* WTAP_ENCAP_PFLOG */
|
||||||
|
{ "OpenBSD PF Firewall logs", "pflog" },
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Name that should be somewhat descriptive. */
|
/* Name that should be somewhat descriptive. */
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/* wtap.h
|
/* wtap.h
|
||||||
*
|
*
|
||||||
* $Id: wtap.h,v 1.101 2002/01/23 06:32:52 guy Exp $
|
* $Id: wtap.h,v 1.102 2002/01/29 08:44:53 guy Exp $
|
||||||
*
|
*
|
||||||
* Wiretap Library
|
* Wiretap Library
|
||||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -101,9 +101,10 @@
|
||||||
#define WTAP_ENCAP_CISCO_IOS 22
|
#define WTAP_ENCAP_CISCO_IOS 22
|
||||||
#define WTAP_ENCAP_LOCALTALK 23
|
#define WTAP_ENCAP_LOCALTALK 23
|
||||||
#define WTAP_ENCAP_PRISM_HEADER 24
|
#define WTAP_ENCAP_PRISM_HEADER 24
|
||||||
|
#define WTAP_ENCAP_PFLOG 25
|
||||||
|
|
||||||
/* last WTAP_ENCAP_ value + 1 */
|
/* last WTAP_ENCAP_ value + 1 */
|
||||||
#define WTAP_NUM_ENCAP_TYPES 25
|
#define WTAP_NUM_ENCAP_TYPES 26
|
||||||
|
|
||||||
/* File types that can be read by wiretap.
|
/* File types that can be read by wiretap.
|
||||||
We support writing some many of these file types, too, so we
|
We support writing some many of these file types, too, so we
|
||||||
|
|
Loading…
Reference in New Issue