xref: /openbsd-src/usr.sbin/tcpdump/print-pflog.c (revision 8445c53715e7030056b779e8ab40efb7820981f2) 
1 /*	$OpenBSD: print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $	*/
2 
3 /*
4  * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #ifndef lint
25 static const char rcsid[] =
26     "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-pflog.c,v 1.9 2001/09/18 14:52:53 jakob Exp $ (LBL)";
27 #endif
28 
29 #include <sys/param.h>
30 #include <sys/time.h>
31 #include <sys/socket.h>
32 #include <sys/file.h>
33 #include <sys/ioctl.h>
34 #include <sys/mbuf.h>
35 
36 #ifdef __STDC__
37 struct rtentry;
38 #endif
39 #include <net/if.h>
40 #include <net/if_pflog.h>
41 
42 #include <netinet/in.h>
43 #include <netinet/in_systm.h>
44 #include <netinet/ip.h>
45 
46 #include <net/pfvar.h>
47 
48 #include <ctype.h>
49 #include <netdb.h>
50 #include <pcap.h>
51 #include <signal.h>
52 #include <stdio.h>
53 
54 #include "interface.h"
55 #include "addrtoname.h"
56 
57 char *pf_reasons[PFRES_MAX+2] = PFRES_NAMES;
58 
59 void
60 pflog_if_print(u_char *user, const struct pcap_pkthdr *h,
61      register const u_char *p)
62 {
63 	u_int length = h->len;
64 	u_int caplen = h->caplen;
65 	const struct ip *ip;
66 	const struct ip6_hdr *ip6;
67 	const struct pfloghdr *hdr;
68 	u_short res;
69 	char reason[128], *why;
70 	u_int8_t af;
71 
72 	ts_print(&h->ts);
73 
74 	if (caplen < PFLOG_HDRLEN) {
75 		printf("[|pflog]");
76 		goto out;
77 	}
78 
79 	/*
80 	 * Some printers want to get back at the link level addresses,
81 	 * and/or check that they're not walking off the end of the packet.
82 	 * Rather than pass them all the way down, we set these globals.
83 	 */
84 	packetp = p;
85 	snapend = p + caplen;
86 
87 	hdr = (struct pfloghdr *)p;
88 	if (eflag) {
89 		res = ntohs(hdr->reason);
90 		why = (res < PFRES_MAX) ? pf_reasons[res] : "unkn";
91 
92 		snprintf(reason, sizeof(reason), "%d(%s)", res, why);
93 
94 		printf("rule %d/%s: %s %s on %s: ",
95 		    (short)ntohs(hdr->rnr), reason,
96 		    ntohs(hdr->action) == PF_PASS ? "pass" : "block",
97 		    ntohs(hdr->dir) == PF_OUT ? "out" : "in",
98 		    hdr->ifname);
99 	}
100 	af = ntohl(hdr->af);
101 	length -= PFLOG_HDRLEN;
102 	if (af == AF_INET) {
103 		ip = (struct ip *)(p + PFLOG_HDRLEN);
104 		ip_print((const u_char *)ip, length);
105 		if (xflag)
106 			default_print((const u_char *)ip,
107 			    caplen - PFLOG_HDRLEN);
108 	} else {
109 		ip6 = (struct ip6_hdr *)(p + PFLOG_HDRLEN);
110 		ip6_print((const u_char *)ip6, length);
111 		if (xflag)
112 			default_print((const u_char *)ip6,
113 			    caplen - PFLOG_HDRLEN);
114 	}
115 
116 out:
117 	putchar('\n');
118 }
119