xref: /openbsd-src/usr.sbin/tcpdump/print-pflog.c (revision b2ea75c1b17e1a9a339660e7ed45cd24946b230e) 
1 /*	$OpenBSD: print-pflog.c,v 1.7 2001/07/17 20:36:00 provos Exp $	*/
2 
3 /*
4  * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #ifndef lint
25 static const char rcsid[] =
26     "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-pflog.c,v 1.7 2001/07/17 20:36:00 provos Exp $ (LBL)";
27 #endif
28 
29 #include <sys/param.h>
30 #include <sys/time.h>
31 #include <sys/socket.h>
32 #include <sys/file.h>
33 #include <sys/ioctl.h>
34 #include <sys/mbuf.h>
35 
36 #ifdef __STDC__
37 struct rtentry;
38 #endif
39 #include <net/if.h>
40 #include <net/if_pflog.h>
41 
42 #include <netinet/in.h>
43 #include <netinet/in_systm.h>
44 #include <netinet/ip.h>
45 
46 #include <net/pfvar.h>
47 
48 #include <ctype.h>
49 #include <netdb.h>
50 #include <pcap.h>
51 #include <signal.h>
52 #include <stdio.h>
53 
54 #include "interface.h"
55 #include "addrtoname.h"
56 
57 char *pf_reasons[PFRES_MAX+2] = PFRES_NAMES;
58 
59 void
60 pflog_if_print(u_char *user, const struct pcap_pkthdr *h,
61      register const u_char *p)
62 {
63 	u_int length = h->len;
64 	u_int caplen = h->caplen;
65 	const struct ip *ip;
66 	const struct pfloghdr *hdr;
67 	u_short res;
68 	char reason[128], *why;
69 
70 	ts_print(&h->ts);
71 
72 	if (caplen < PFLOG_HDRLEN) {
73 		printf("[|pflog]");
74 		goto out;
75 	}
76 
77 	/*
78 	 * Some printers want to get back at the link level addresses,
79 	 * and/or check that they're not walking off the end of the packet.
80 	 * Rather than pass them all the way down, we set these globals.
81 	 */
82 	packetp = p;
83 	snapend = p + caplen;
84 
85 	hdr = (struct pfloghdr *)p;
86 
87 	res = ntohs(hdr->reason);
88 	why = (res < PFRES_MAX) ? pf_reasons[res] : "unkn";
89 
90 	snprintf(reason, sizeof(reason), "%d(%s)", res, why);
91 
92 	printf("rule %d/%s: %s %s on %s: ",
93 	       (short)ntohs(hdr->rnr), reason,
94 	       ntohs(hdr->action) == PF_PASS ? "pass" : "block",
95 	       ntohs(hdr->dir) == PF_OUT ? "out" : "in",
96 	       hdr->ifname);
97 
98 	length -= PFLOG_HDRLEN;
99 	ip = (struct ip *)(p + PFLOG_HDRLEN);
100 	ip_print((const u_char *)ip, length);
101 
102 	if (xflag)
103 		default_print((const u_char *)ip, caplen - PFLOG_HDRLEN);
104 out:
105 	putchar('\n');
106 }
107