summaryrefslogtreecommitdiff
path: root/usr.sbin/tcpdump
diff options
context:
space:
mode:
authorMichael Shalayeff <mickey@cvs.openbsd.org>2002-11-29 18:27:55 +0000
committerMichael Shalayeff <mickey@cvs.openbsd.org>2002-11-29 18:27:55 +0000
commit17ca6171958bd50bac72f467792006f0347159a5 (patch)
tree6579415a2458fd61da66dab70c993b99da69bfb5 /usr.sbin/tcpdump
parent9f068907d7c2fd3327baf5ca6957f17a3d51f933 (diff)
tcpdump support for pfsync; henning@ ok
Diffstat (limited to 'usr.sbin/tcpdump')
-rw-r--r--usr.sbin/tcpdump/Makefile6
-rw-r--r--usr.sbin/tcpdump/interface.h6
-rw-r--r--usr.sbin/tcpdump/print-pfsync.c130
-rw-r--r--usr.sbin/tcpdump/tcpdump.c9
4 files changed, 143 insertions, 8 deletions
diff --git a/usr.sbin/tcpdump/Makefile b/usr.sbin/tcpdump/Makefile
index 5bd85a3e1f3..b3eac9abc64 100644
--- a/usr.sbin/tcpdump/Makefile
+++ b/usr.sbin/tcpdump/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.35 2002/09/18 08:51:17 jakob Exp $
+# $OpenBSD: Makefile,v 1.36 2002/11/29 18:27:54 mickey Exp $
#
# Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
@@ -23,7 +23,8 @@
PROG= tcpdump
MAN= tcpdump.8
-CFLAGS+=-Wall -Werror
+CFLAGS+=-Wall -Werror -I${.CURDIR}/../../sbin/pfctl
+.PATH: ${.CURDIR}/../../sbin/pfctl
CFLAGS+=-DCSLIP -DPPP -DHAVE_FDDI -DETHER_SERVICE -DRETSIGTYPE=void -DHAVE_NET_SLIP_H -DHAVE_ETHER_NTOHOST -DINET6
.if (${MACHINE_ARCH} == "alpha") || (${MACHINE_ARCH} == "sparc") || \
@@ -48,6 +49,7 @@ SRCS= tcpdump.c addrtoname.c \
print-ip6.c print-ip6opts.c print-icmp6.c print-dhcp6.c print-frag6.c \
print-bgp.c print-ospf6.c print-ripng.c print-rt6.c print-stp.c \
print-etherip.c print-lwres.c print-cdp.c print-pflog.c \
+ print-pfsync.c pf_print_state.c \
gmt2local.c savestr.c setsignal.c
#SRCS+= smbutil.c print-smb.c
diff --git a/usr.sbin/tcpdump/interface.h b/usr.sbin/tcpdump/interface.h
index 4f576f1c605..74903d916fc 100644
--- a/usr.sbin/tcpdump/interface.h
+++ b/usr.sbin/tcpdump/interface.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: interface.h,v 1.32 2002/07/12 23:18:12 pvalchev Exp $ */
+/* $OpenBSD: interface.h,v 1.33 2002/11/29 18:27:54 mickey Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -20,7 +20,7 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * @(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/interface.h,v 1.32 2002/07/12 23:18:12 pvalchev Exp $ (LBL)
+ * @(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/interface.h,v 1.33 2002/11/29 18:27:54 mickey Exp $ (LBL)
*/
#ifndef tcpdump_interface_h
@@ -195,6 +195,8 @@ extern void egp_print(const u_char *, u_int, const u_char *);
extern void enc_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
extern void pflog_if_print(u_char *, const struct pcap_pkthdr *,
const u_char *);
+extern void pfsync_if_print(u_char *, const struct pcap_pkthdr *,
+ const u_char *);
extern void ether_if_print(u_char *, const struct pcap_pkthdr *,
const u_char *);
extern void fddi_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
diff --git a/usr.sbin/tcpdump/print-pfsync.c b/usr.sbin/tcpdump/print-pfsync.c
new file mode 100644
index 00000000000..b7fff5a065b
--- /dev/null
+++ b/usr.sbin/tcpdump/print-pfsync.c
@@ -0,0 +1,130 @@
+/* $OpenBSD: print-pfsync.c,v 1.1 2002/11/29 18:27:54 mickey Exp $ */
+
+/*
+ * Copyright (c) 2002 Michael Shalayeff
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char rcsid[] =
+ "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-pfsync.c,v 1.1 2002/11/29 18:27:54 mickey Exp $";
+#endif
+
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+
+#ifdef __STDC__
+struct rtentry;
+#endif
+#include <net/if.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <net/pfvar.h>
+#include <net/if_pfsync.h>
+
+#include <ctype.h>
+#include <netdb.h>
+#include <pcap.h>
+#include <signal.h>
+#include <stdio.h>
+
+#include "interface.h"
+#include "addrtoname.h"
+#include "pfctl_parser.h"
+#include "pf_print_state.h"
+
+const char *pfsync_acts[] = { PFSYNC_ACTIONS };
+
+void
+pfsync_if_print(u_char *user, const struct pcap_pkthdr *h,
+ register const u_char *p)
+{
+ /*u_int length = h->len;*/
+ u_int caplen = h->caplen;
+ struct pfsync_header *hdr;
+ struct pf_state *s;
+ int i, flags;
+
+ ts_print(&h->ts);
+
+ if (caplen < PFSYNC_HDRLEN) {
+ printf("[|pflog]");
+ goto out;
+ }
+
+ packetp = p;
+ snapend = p + caplen;
+
+ hdr = (struct pfsync_header *)p;
+ if (eflag)
+ printf("version %d count %d: ",
+ hdr->version, hdr->count);
+
+ if (hdr->action < PFSYNC_ACT_MAX)
+ printf("%s: ", pfsync_acts[hdr->action]);
+ else
+ printf("%d?: ", hdr->action);
+
+ flags = 0;
+ if (vflag)
+ flags |= PF_OPT_VERBOSE;
+ if (!nflag)
+ flags |= PF_OPT_USEDNS;
+
+ for (i = 1, s = (struct pf_state *)(p + PFSYNC_HDRLEN);
+ i <= hdr->count && PFSYNC_HDRLEN + i * sizeof(*s) <= caplen;
+ i++, s++) {
+ struct pf_state st;
+
+ st.lan = s->lan; NTOHS(st.lan.port);
+ st.gwy = s->gwy; NTOHS(st.gwy.port);
+ st.ext = s->ext; NTOHS(st.ext.port);
+ pf_state_peer_ntoh(&s->src, &st.src);
+ pf_state_peer_ntoh(&s->dst, &st.dst);
+ st.rule.nr = ntohl(s->rule.nr);
+ st.rt_addr = s->rt_addr;
+ st.creation = ntohl(s->creation);
+ st.expire = ntohl(s->expire);
+ st.packets = ntohl(s->packets);
+ st.bytes = ntohl(s->bytes);
+ st.af = s->af;
+ st.proto = s->proto;
+ st.direction = s->direction;
+ st.log = s->log;
+ st.allow_opts = s->allow_opts;
+
+ printf("rule %d ", st.rule.nr);
+
+ print_state(&st, flags);
+ }
+out:
+ putchar('\n');
+}
diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c
index e0d54022e79..112fd700714 100644
--- a/usr.sbin/tcpdump/tcpdump.c
+++ b/usr.sbin/tcpdump/tcpdump.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcpdump.c,v 1.27 2002/01/23 23:32:20 mickey Exp $ */
+/* $OpenBSD: tcpdump.c,v 1.28 2002/11/29 18:27:54 mickey Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -26,7 +26,7 @@ static const char copyright[] =
"@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\
The Regents of the University of California. All rights reserved.\n";
static const char rcsid[] =
- "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/tcpdump.c,v 1.27 2002/01/23 23:32:20 mickey Exp $ (LBL)";
+ "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/tcpdump.c,v 1.28 2002/11/29 18:27:54 mickey Exp $ (LBL)";
#endif
/*
@@ -98,7 +98,7 @@ struct printer {
#define DLT_ATM_RFC1483 11
#endif
-static struct printer printers[] = {
+static const struct printer printers[] = {
{ ether_if_print, DLT_EN10MB },
{ ether_if_print, DLT_IEEE802 },
{ sl_if_print, DLT_SLIP },
@@ -111,13 +111,14 @@ static struct printer printers[] = {
{ loop_if_print, DLT_LOOP },
{ enc_if_print, DLT_ENC },
{ pflog_if_print, DLT_PFLOG },
+ { pfsync_if_print, DLT_PFSYNC },
{ NULL, 0 },
};
static pcap_handler
lookup_printer(int type)
{
- struct printer *p;
+ const struct printer *p;
for (p = printers; p->f; ++p)
if (type == p->type)