1 /* $OpenBSD: print-pfsync.c,v 1.8 2003/06/21 09:07:00 djm Exp $ */ 2 3 /* 4 * Copyright (c) 2002 Michael Shalayeff 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 26 * THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #ifndef lint 30 static const char rcsid[] = 31 "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-pfsync.c,v 1.8 2003/06/21 09:07:00 djm Exp $"; 32 #endif 33 34 #include <sys/param.h> 35 #include <sys/time.h> 36 #include <sys/socket.h> 37 #include <sys/file.h> 38 #include <sys/ioctl.h> 39 #include <sys/mbuf.h> 40 41 #ifdef __STDC__ 42 struct rtentry; 43 #endif 44 #include <net/if.h> 45 46 #include <netinet/in.h> 47 #include <netinet/in_systm.h> 48 #include <netinet/ip.h> 49 50 #include <net/pfvar.h> 51 #include <net/if_pfsync.h> 52 53 #include <ctype.h> 54 #include <netdb.h> 55 #include <pcap.h> 56 #include <signal.h> 57 #include <stdio.h> 58 #include <string.h> 59 60 #include "interface.h" 61 #include "addrtoname.h" 62 #include "pfctl_parser.h" 63 #include "pfctl.h" 64 65 const char *pfsync_acts[] = { PFSYNC_ACTIONS }; 66 67 void 68 pfsync_if_print(u_char *user, const struct pcap_pkthdr *h, 69 register const u_char *p) 70 { 71 /*u_int length = h->len;*/ 72 u_int caplen = h->caplen; 73 struct pfsync_header *hdr; 74 struct pf_state *s; 75 int i, flags; 76 77 ts_print(&h->ts); 78 79 if (caplen < PFSYNC_HDRLEN) { 80 printf("[|pflog]"); 81 goto out; 82 } 83 84 packetp = p; 85 snapend = p + caplen; 86 87 hdr = (struct pfsync_header *)p; 88 if (eflag) 89 printf("version %d count %d: ", 90 hdr->version, hdr->count); 91 92 if (hdr->action < PFSYNC_ACT_MAX) 93 printf("%s: ", pfsync_acts[hdr->action]); 94 else 95 printf("%d?: ", hdr->action); 96 97 flags = 0; 98 if (vflag) 99 flags |= PF_OPT_VERBOSE; 100 if (!nflag) 101 flags |= PF_OPT_USEDNS; 102 103 for (i = 1, s = (struct pf_state *)(p + PFSYNC_HDRLEN); 104 i <= hdr->count && PFSYNC_HDRLEN + i * sizeof(*s) <= caplen; 105 i++, s++) { 106 struct pf_state st; 107 108 bcopy(&s->lan, &st.lan, sizeof(st.lan)); 109 bcopy(&s->gwy, &st.gwy, sizeof(st.gwy)); 110 bcopy(&s->ext, &st.ext, sizeof(st.ext)); 111 pf_state_peer_ntoh(&s->src, &st.src); 112 pf_state_peer_ntoh(&s->dst, &st.dst); 113 st.rule.nr = ntohl(s->rule.nr); 114 bcopy(&s->rt_addr, &st.rt_addr, sizeof(st.rt_addr)); 115 st.creation = ntohl(s->creation); 116 st.expire = ntohl(s->expire); 117 st.packets[0] = ntohl(s->packets[0]); 118 st.packets[1] = ntohl(s->packets[1]); 119 st.bytes[0] = ntohl(s->bytes[0]); 120 st.bytes[1] = ntohl(s->bytes[1]); 121 st.af = s->af; 122 st.proto = s->proto; 123 st.direction = s->direction; 124 st.log = s->log; 125 st.allow_opts = s->allow_opts; 126 127 printf("rule %d ", st.rule.nr); 128 129 print_state(&st, flags); 130 } 131 out: 132 putchar('\n'); 133 } 134