update to Ethereal 0.9.13 and add ADNS (async dns lookup) flavour
also fixes several security issues as described at http://www.ethereal.com/appnotes/enpa-sa-00010.html
This commit is contained in:
parent
9a39e06e49
commit
0d04b67792
@ -1,8 +1,8 @@
|
|||||||
# $OpenBSD: Makefile,v 1.73 2003/05/04 23:19:33 margarida Exp $
|
# $OpenBSD: Makefile,v 1.74 2003/06/15 22:18:08 jakob Exp $
|
||||||
|
|
||||||
COMMENT= "network protocol analyzer"
|
COMMENT= "network protocol analyzer"
|
||||||
|
|
||||||
VERSION= 0.9.12
|
VERSION= 0.9.13
|
||||||
DISTNAME= ethereal-${VERSION}
|
DISTNAME= ethereal-${VERSION}
|
||||||
CATEGORIES= net x11
|
CATEGORIES= net x11
|
||||||
|
|
||||||
@ -29,15 +29,15 @@ USE_LIBTOOL= Yes
|
|||||||
SUBST_VARS+= VERSION
|
SUBST_VARS+= VERSION
|
||||||
SEPARATE_BUILD= concurrent
|
SEPARATE_BUILD= concurrent
|
||||||
|
|
||||||
FLAVORS= no_x11 snmp
|
FLAVORS= no_x11 snmp adns
|
||||||
FLAVOR?=
|
FLAVOR?=
|
||||||
|
|
||||||
.if ${FLAVOR:L:Mno_x11}
|
.if ${FLAVOR:L:Mno_x11}
|
||||||
LIB_DEPENDS= glib.1.2,gmodule.1.2::devel/glib
|
LIB_DEPENDS+= glib.1.2,gmodule.1.2::devel/glib
|
||||||
CONFIGURE_ARGS+= --disable-ethereal
|
CONFIGURE_ARGS+= --disable-ethereal
|
||||||
.else
|
.else
|
||||||
USE_X11= Yes
|
USE_X11= Yes
|
||||||
LIB_DEPENDS= gtk.1.2,gdk.1.2::x11/gtk+
|
LIB_DEPENDS+= gtk.1.2,gdk.1.2::x11/gtk+
|
||||||
CONFIGURE_ARGS+= --enable-ethereal
|
CONFIGURE_ARGS+= --enable-ethereal
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
@ -49,6 +49,14 @@ LIB_DEPENDS+= snmp::net/ucd-snmp
|
|||||||
CONFIGURE_ARGS+= --without-ucdsnmp
|
CONFIGURE_ARGS+= --without-ucdsnmp
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
|
.if ${FLAVOR:L:Madns}
|
||||||
|
CONFIGURE_ARGS+= --with-adns=${LOCALBASE}
|
||||||
|
LIB_DEPENDS+= adns::net/adns
|
||||||
|
CFLAGS+= -I${LOCALBASE}/include
|
||||||
|
.else
|
||||||
|
CONFIGURE_ARGS+= --without-adns
|
||||||
|
.endif
|
||||||
|
|
||||||
pre-configure:
|
pre-configure:
|
||||||
rm -f ${WRKSRC}/ltconfig ${WRKSRC}/ltmain.sh
|
rm -f ${WRKSRC}/ltconfig ${WRKSRC}/ltmain.sh
|
||||||
rm -f ${WRKBUILD}/libtool
|
rm -f ${WRKBUILD}/libtool
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
MD5 (ethereal-0.9.12.tar.gz) = 24fc4145967a23ca7c5b7b55bcf2df91
|
MD5 (ethereal-0.9.13.tar.gz) = 0d3942b1352d690342ae444afffdb3e6
|
||||||
RMD160 (ethereal-0.9.12.tar.gz) = 371a33a922f818ed5566313230d11a5d23b704f7
|
RMD160 (ethereal-0.9.13.tar.gz) = b3f6ca32b3a2ab7470b21c3b02f976bb95edab05
|
||||||
SHA1 (ethereal-0.9.12.tar.gz) = d6913f549132c84adf15e79d02fdd540f48aaaad
|
SHA1 (ethereal-0.9.13.tar.gz) = 88a7160a1bfe9b6e8d2438b1822ba53c89b3990a
|
||||||
|
@ -1,419 +0,0 @@
|
|||||||
$OpenBSD: patch-packet-pflog_c,v 1.1 2003/05/14 21:12:07 canacar Exp $
|
|
||||||
--- packet-pflog.c.orig Wed Aug 28 18:39:57 2002
|
|
||||||
+++ packet-pflog.c Wed May 14 12:18:07 2003
|
|
||||||
@@ -46,36 +46,63 @@
|
|
||||||
# define offsetof(type, member) ((size_t)(&((type *)0)->member))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifndef BPF_WORDALIGN
|
|
||||||
+#define BPF_ALIGNMENT sizeof(long)
|
|
||||||
+#define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1))
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static dissector_handle_t data_handle, ip_handle, ipv6_handle;
|
|
||||||
|
|
||||||
/* header fields */
|
|
||||||
static int proto_pflog = -1;
|
|
||||||
+static int hf_pflog_length = -1;
|
|
||||||
static int hf_pflog_af = -1;
|
|
||||||
-static int hf_pflog_ifname = -1;
|
|
||||||
-static int hf_pflog_rnr = -1;
|
|
||||||
-static int hf_pflog_reason = -1;
|
|
||||||
static int hf_pflog_action = -1;
|
|
||||||
+static int hf_pflog_reason = -1;
|
|
||||||
+static int hf_pflog_ifname = -1;
|
|
||||||
+static int hf_pflog_ruleset = -1;
|
|
||||||
+static int hf_pflog_rulenr = -1;
|
|
||||||
+static int hf_pflog_subrulenr = -1;
|
|
||||||
static int hf_pflog_dir = -1;
|
|
||||||
|
|
||||||
static gint ett_pflog = -1;
|
|
||||||
|
|
||||||
+/* old header */
|
|
||||||
+static int proto_old_pflog = -1;
|
|
||||||
+static int hf_old_pflog_af = -1;
|
|
||||||
+static int hf_old_pflog_ifname = -1;
|
|
||||||
+static int hf_old_pflog_rnr = -1;
|
|
||||||
+static int hf_old_pflog_reason = -1;
|
|
||||||
+static int hf_old_pflog_action = -1;
|
|
||||||
+static int hf_old_pflog_dir = -1;
|
|
||||||
+
|
|
||||||
+static gint ett_old_pflog = -1;
|
|
||||||
+
|
|
||||||
void
|
|
||||||
capture_pflog(const guchar *pd, int offset, int len, packet_counts *ld)
|
|
||||||
{
|
|
||||||
- struct pfloghdr pflogh;
|
|
||||||
+ struct pfloghdr *pflogh;
|
|
||||||
+ unsigned int hdrlen;
|
|
||||||
|
|
||||||
- if (!BYTES_ARE_IN_FRAME(offset, len, (int)PFLOG_HDRLEN)) {
|
|
||||||
+ pflogh = (struct pfloghdr *)pd;
|
|
||||||
+
|
|
||||||
+ if (!BYTES_ARE_IN_FRAME(offset, len, sizeof(guint8))) {
|
|
||||||
ld->other++;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
- offset += PFLOG_HDRLEN;
|
|
||||||
-
|
|
||||||
- /* Copy out the pflog header to insure alignment */
|
|
||||||
- memcpy(&pflogh, pd, sizeof(pflogh));
|
|
||||||
- pflogh.af = g_ntohl(pflogh.af);
|
|
||||||
+ if (pflogh->length < MIN_PFLOG_HDRLEN) {
|
|
||||||
+ ld->other++;
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ hdrlen = BPF_WORDALIGN(pflogh->length);
|
|
||||||
+ if (!BYTES_ARE_IN_FRAME(offset, hdrlen, sizeof(guint8))) {
|
|
||||||
+ ld->other++;
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ offset += hdrlen;
|
|
||||||
|
|
||||||
- switch (pflogh.af) {
|
|
||||||
+ switch (pflogh->af) {
|
|
||||||
|
|
||||||
case BSD_PF_INET:
|
|
||||||
capture_ip(pd, offset, len, ld);
|
|
||||||
@@ -116,19 +143,29 @@ static const value_string action_vals[]
|
|
||||||
{ 0, NULL }
|
|
||||||
};
|
|
||||||
|
|
||||||
+static const value_string old_dir_vals[] = {
|
|
||||||
+ { PF_OLD_IN, "in" },
|
|
||||||
+ { PF_OLD_OUT, "out" },
|
|
||||||
+ { 0, NULL }
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
static const value_string dir_vals[] = {
|
|
||||||
- { PF_IN, "in" },
|
|
||||||
- { PF_OUT, "out" },
|
|
||||||
- { 0, NULL }
|
|
||||||
+ { PF_INOUT, "inout" },
|
|
||||||
+ { PF_IN, "in" },
|
|
||||||
+ { PF_OUT, "out" },
|
|
||||||
+ { 0, NULL }
|
|
||||||
};
|
|
||||||
|
|
||||||
static void
|
|
||||||
dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
||||||
{
|
|
||||||
+#define MAX_RULE_STR 128
|
|
||||||
struct pfloghdr pflogh;
|
|
||||||
+ static char rulestr[MAX_RULE_STR];
|
|
||||||
tvbuff_t *next_tvb;
|
|
||||||
proto_tree *pflog_tree;
|
|
||||||
proto_item *ti;
|
|
||||||
+ int hdrlen;
|
|
||||||
|
|
||||||
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
||||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG");
|
|
||||||
@@ -137,44 +174,71 @@ dissect_pflog(tvbuff_t *tvb, packet_info
|
|
||||||
tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh));
|
|
||||||
|
|
||||||
/* Byteswap the header now */
|
|
||||||
- pflogh.af = g_ntohl(pflogh.af);
|
|
||||||
- pflogh.rnr = g_ntohs(pflogh.rnr);
|
|
||||||
- pflogh.reason = g_ntohs(pflogh.reason);
|
|
||||||
- pflogh.action = g_ntohs(pflogh.action);
|
|
||||||
- pflogh.dir = g_ntohs(pflogh.dir);
|
|
||||||
+ pflogh.rulenr = g_ntohl(pflogh.rulenr);
|
|
||||||
+ pflogh.subrulenr = g_ntohl(pflogh.subrulenr);
|
|
||||||
+
|
|
||||||
+ hdrlen = BPF_WORDALIGN(pflogh.length);
|
|
||||||
+
|
|
||||||
+ if (pflogh.subrulenr == (u_int32_t) -1)
|
|
||||||
+ snprintf(rulestr, sizeof(rulestr), "%u",
|
|
||||||
+ pflogh.rulenr);
|
|
||||||
+ else
|
|
||||||
+ snprintf(rulestr, sizeof(rulestr), "%u.%s.%u",
|
|
||||||
+ pflogh.rulenr, pflogh.ruleset, pflogh.subrulenr);
|
|
||||||
+
|
|
||||||
+ if (hdrlen < MIN_PFLOG_HDRLEN) {
|
|
||||||
+ if (tree) {
|
|
||||||
+ ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0,
|
|
||||||
+ hdrlen, "PF Log invalid header length (%u)", hdrlen);
|
|
||||||
+ }
|
|
||||||
+ if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
||||||
+ col_prepend_fstr(pinfo->cinfo, COL_INFO, "Invalid header length %u",
|
|
||||||
+ hdrlen);
|
|
||||||
+ }
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (tree) {
|
|
||||||
ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0,
|
|
||||||
- PFLOG_HDRLEN,
|
|
||||||
- "PF Log %s %s on %s by rule %d",
|
|
||||||
+ hdrlen,
|
|
||||||
+ "PF Log %s %s on %s by rule %s",
|
|
||||||
val_to_str(pflogh.af, af_vals, "unknown (%u)"),
|
|
||||||
val_to_str(pflogh.action, action_vals, "unknown (%u)"),
|
|
||||||
pflogh.ifname,
|
|
||||||
- pflogh.rnr);
|
|
||||||
+ rulestr);
|
|
||||||
pflog_tree = proto_item_add_subtree(ti, ett_pflog);
|
|
||||||
|
|
||||||
+ proto_tree_add_uint(pflog_tree, hf_pflog_length, tvb,
|
|
||||||
+ offsetof(struct pfloghdr, length), sizeof(pflogh.length),
|
|
||||||
+ pflogh.length);
|
|
||||||
proto_tree_add_uint(pflog_tree, hf_pflog_af, tvb,
|
|
||||||
offsetof(struct pfloghdr, af), sizeof(pflogh.af),
|
|
||||||
pflogh.af);
|
|
||||||
- proto_tree_add_int(pflog_tree, hf_pflog_rnr, tvb,
|
|
||||||
- offsetof(struct pfloghdr, rnr), sizeof(pflogh.rnr),
|
|
||||||
- pflogh.rnr);
|
|
||||||
- proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb,
|
|
||||||
- offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname),
|
|
||||||
- pflogh.ifname);
|
|
||||||
- proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb,
|
|
||||||
- offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
|
|
||||||
- pflogh.reason);
|
|
||||||
proto_tree_add_uint(pflog_tree, hf_pflog_action, tvb,
|
|
||||||
offsetof(struct pfloghdr, action), sizeof(pflogh.action),
|
|
||||||
pflogh.action);
|
|
||||||
+ proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb,
|
|
||||||
+ offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
|
|
||||||
+ pflogh.reason);
|
|
||||||
+ proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb,
|
|
||||||
+ offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname),
|
|
||||||
+ pflogh.ifname);
|
|
||||||
+ proto_tree_add_string(pflog_tree, hf_pflog_ruleset, tvb,
|
|
||||||
+ offsetof(struct pfloghdr, ruleset), sizeof(pflogh.ruleset),
|
|
||||||
+ pflogh.ruleset);
|
|
||||||
+ proto_tree_add_int(pflog_tree, hf_pflog_rulenr, tvb,
|
|
||||||
+ offsetof(struct pfloghdr, rulenr), sizeof(pflogh.rulenr),
|
|
||||||
+ pflogh.rulenr);
|
|
||||||
+ proto_tree_add_int(pflog_tree, hf_pflog_subrulenr, tvb,
|
|
||||||
+ offsetof(struct pfloghdr, subrulenr), sizeof(pflogh.subrulenr),
|
|
||||||
+ pflogh.subrulenr);
|
|
||||||
proto_tree_add_uint(pflog_tree, hf_pflog_dir, tvb,
|
|
||||||
offsetof(struct pfloghdr, dir), sizeof(pflogh.dir),
|
|
||||||
pflogh.dir);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Set the tvbuff for the payload after the header */
|
|
||||||
- next_tvb = tvb_new_subset(tvb, PFLOG_HDRLEN, -1, -1);
|
|
||||||
+ next_tvb = tvb_new_subset(tvb, hdrlen, -1, -1);
|
|
||||||
|
|
||||||
switch (pflogh.af) {
|
|
||||||
|
|
||||||
@@ -192,10 +256,10 @@ dissect_pflog(tvbuff_t *tvb, packet_info
|
|
||||||
}
|
|
||||||
|
|
||||||
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
||||||
- col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ",
|
|
||||||
+ col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/%s] ",
|
|
||||||
val_to_str(pflogh.action, action_vals, "unknown (%u)"),
|
|
||||||
pflogh.ifname,
|
|
||||||
- pflogh.rnr);
|
|
||||||
+ rulestr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -203,23 +267,32 @@ void
|
|
||||||
proto_register_pflog(void)
|
|
||||||
{
|
|
||||||
static hf_register_info hf[] = {
|
|
||||||
+ { &hf_pflog_length,
|
|
||||||
+ { "Header Length", "pflog.length", FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
||||||
+ "Length of Header", HFILL }},
|
|
||||||
{ &hf_pflog_af,
|
|
||||||
{ "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0,
|
|
||||||
"Protocol (IPv4 vs IPv6)", HFILL }},
|
|
||||||
+ { &hf_pflog_action,
|
|
||||||
+ { "Action", "pflog.action", FT_UINT8, BASE_DEC, VALS(action_vals), 0x0,
|
|
||||||
+ "Action taken by PF on the packet", HFILL }},
|
|
||||||
+ { &hf_pflog_reason,
|
|
||||||
+ { "Reason", "pflog.reason", FT_UINT8, BASE_DEC, VALS(reason_vals), 0x0,
|
|
||||||
+ "Reason for logging the packet", HFILL }},
|
|
||||||
{ &hf_pflog_ifname,
|
|
||||||
{ "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
||||||
"Interface", HFILL }},
|
|
||||||
- { &hf_pflog_rnr,
|
|
||||||
- { "Rule Number", "pflog.rnr", FT_INT16, BASE_DEC, NULL, 0x0,
|
|
||||||
- "Last matched firewall rule number", HFILL }},
|
|
||||||
- { &hf_pflog_reason,
|
|
||||||
- { "Reason", "pflog.reason", FT_UINT16, BASE_DEC, VALS(reason_vals), 0x0,
|
|
||||||
- "Reason for logging the packet", HFILL }},
|
|
||||||
- { &hf_pflog_action,
|
|
||||||
- { "Action", "pflog.action", FT_UINT16, BASE_DEC, VALS(action_vals), 0x0,
|
|
||||||
- "Action taken by PF on the packet", HFILL }},
|
|
||||||
+ { &hf_pflog_ruleset,
|
|
||||||
+ { "Ruleset", "pflog.ruleset", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
||||||
+ "Ruleset name in anchor", HFILL }},
|
|
||||||
+ { &hf_pflog_rulenr,
|
|
||||||
+ { "Rule Number", "pflog.rulenr", FT_INT32, BASE_DEC, NULL, 0x0,
|
|
||||||
+ "Last matched firewall main ruleset rule number", HFILL }},
|
|
||||||
+ { &hf_pflog_subrulenr,
|
|
||||||
+ { "Sub Rule Number", "pflog.subrulenr", FT_INT32, BASE_DEC, NULL, 0x0,
|
|
||||||
+ "Last matched firewall anchored ruleset rule number", HFILL }},
|
|
||||||
{ &hf_pflog_dir,
|
|
||||||
- { "Direction", "pflog.dir", FT_UINT16, BASE_DEC, VALS(dir_vals), 0x0,
|
|
||||||
+ { "Direction", "pflog.dir", FT_UINT8, BASE_DEC, VALS(dir_vals), 0x0,
|
|
||||||
"Direction of packet in stack (inbound versus outbound)", HFILL }},
|
|
||||||
};
|
|
||||||
static gint *ett[] = { &ett_pflog };
|
|
||||||
@@ -242,3 +315,161 @@ proto_reg_handoff_pflog(void)
|
|
||||||
pflog_handle = create_dissector_handle(dissect_pflog, proto_pflog);
|
|
||||||
dissector_add("wtap_encap", WTAP_ENCAP_PFLOG, pflog_handle);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+capture_old_pflog(const guchar *pd, int offset, int len, packet_counts *ld)
|
|
||||||
+{
|
|
||||||
+ struct old_pfloghdr pflogh;
|
|
||||||
+
|
|
||||||
+ if (!BYTES_ARE_IN_FRAME(offset, len, (int)OLD_PFLOG_HDRLEN)) {
|
|
||||||
+ ld->other++;
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ offset += OLD_PFLOG_HDRLEN;
|
|
||||||
+
|
|
||||||
+ /* Copy out the pflog header to insure alignment */
|
|
||||||
+ memcpy(&pflogh, pd, sizeof(pflogh));
|
|
||||||
+ pflogh.af = g_ntohl(pflogh.af);
|
|
||||||
+
|
|
||||||
+ switch (pflogh.af) {
|
|
||||||
+
|
|
||||||
+ case BSD_PF_INET:
|
|
||||||
+ capture_ip(pd, offset, len, ld);
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+#ifdef notyet
|
|
||||||
+ case BSD_PF_INET6:
|
|
||||||
+ capture_ipv6(pd, offset, len, ld);
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ default:
|
|
||||||
+ ld->other++;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+dissect_old_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
||||||
+{
|
|
||||||
+ struct old_pfloghdr pflogh;
|
|
||||||
+ tvbuff_t *next_tvb;
|
|
||||||
+ proto_tree *pflog_tree;
|
|
||||||
+ proto_item *ti;
|
|
||||||
+
|
|
||||||
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
||||||
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG-OLD");
|
|
||||||
+
|
|
||||||
+ /* Copy out the pflog header to insure alignment */
|
|
||||||
+ tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh));
|
|
||||||
+
|
|
||||||
+ /* Byteswap the header now */
|
|
||||||
+ pflogh.af = g_ntohl(pflogh.af);
|
|
||||||
+ pflogh.rnr = g_ntohs(pflogh.rnr);
|
|
||||||
+ pflogh.reason = g_ntohs(pflogh.reason);
|
|
||||||
+ pflogh.action = g_ntohs(pflogh.action);
|
|
||||||
+ pflogh.dir = g_ntohs(pflogh.dir);
|
|
||||||
+
|
|
||||||
+ if (tree) {
|
|
||||||
+ ti = proto_tree_add_protocol_format(tree, proto_old_pflog, tvb, 0,
|
|
||||||
+ OLD_PFLOG_HDRLEN,
|
|
||||||
+ "PF Log (pre 3.4) %s %s on %s by rule %d",
|
|
||||||
+ val_to_str(pflogh.af, af_vals, "unknown (%u)"),
|
|
||||||
+ val_to_str(pflogh.action, action_vals, "unknown (%u)"),
|
|
||||||
+ pflogh.ifname,
|
|
||||||
+ pflogh.rnr);
|
|
||||||
+ pflog_tree = proto_item_add_subtree(ti, ett_pflog);
|
|
||||||
+
|
|
||||||
+ proto_tree_add_uint(pflog_tree, hf_old_pflog_af, tvb,
|
|
||||||
+ offsetof(struct old_pfloghdr, af), sizeof(pflogh.af),
|
|
||||||
+ pflogh.af);
|
|
||||||
+ proto_tree_add_int(pflog_tree, hf_old_pflog_rnr, tvb,
|
|
||||||
+ offsetof(struct old_pfloghdr, rnr), sizeof(pflogh.rnr),
|
|
||||||
+ pflogh.rnr);
|
|
||||||
+ proto_tree_add_string(pflog_tree, hf_old_pflog_ifname, tvb,
|
|
||||||
+ offsetof(struct old_pfloghdr, ifname), sizeof(pflogh.ifname),
|
|
||||||
+ pflogh.ifname);
|
|
||||||
+ proto_tree_add_uint(pflog_tree, hf_old_pflog_reason, tvb,
|
|
||||||
+ offsetof(struct old_pfloghdr, reason), sizeof(pflogh.reason),
|
|
||||||
+ pflogh.reason);
|
|
||||||
+ proto_tree_add_uint(pflog_tree, hf_old_pflog_action, tvb,
|
|
||||||
+ offsetof(struct old_pfloghdr, action), sizeof(pflogh.action),
|
|
||||||
+ pflogh.action);
|
|
||||||
+ proto_tree_add_uint(pflog_tree, hf_old_pflog_dir, tvb,
|
|
||||||
+ offsetof(struct old_pfloghdr, dir), sizeof(pflogh.dir),
|
|
||||||
+ pflogh.dir);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Set the tvbuff for the payload after the header */
|
|
||||||
+ next_tvb = tvb_new_subset(tvb, OLD_PFLOG_HDRLEN, -1, -1);
|
|
||||||
+
|
|
||||||
+ switch (pflogh.af) {
|
|
||||||
+
|
|
||||||
+ case BSD_PF_INET:
|
|
||||||
+ call_dissector(ip_handle, next_tvb, pinfo, tree);
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+ case BSD_PF_INET6:
|
|
||||||
+ call_dissector(ipv6_handle, next_tvb, pinfo, tree);
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+ default:
|
|
||||||
+ call_dissector(data_handle, next_tvb, pinfo, tree);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
||||||
+ col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ",
|
|
||||||
+ val_to_str(pflogh.action, action_vals, "unknown (%u)"),
|
|
||||||
+ pflogh.ifname,
|
|
||||||
+ pflogh.rnr);
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+proto_register_old_pflog(void)
|
|
||||||
+{
|
|
||||||
+ static hf_register_info hf[] = {
|
|
||||||
+ { &hf_old_pflog_af,
|
|
||||||
+ { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0,
|
|
||||||
+ "Protocol (IPv4 vs IPv6)", HFILL }},
|
|
||||||
+ { &hf_old_pflog_ifname,
|
|
||||||
+ { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
||||||
+ "Interface", HFILL }},
|
|
||||||
+ { &hf_old_pflog_rnr,
|
|
||||||
+ { "Rule Number", "pflog.rnr", FT_INT16, BASE_DEC, NULL, 0x0,
|
|
||||||
+ "Last matched firewall rule number", HFILL }},
|
|
||||||
+ { &hf_old_pflog_reason,
|
|
||||||
+ { "Reason", "pflog.reason", FT_UINT16, BASE_DEC, VALS(reason_vals), 0x0,
|
|
||||||
+ "Reason for logging the packet", HFILL }},
|
|
||||||
+ { &hf_old_pflog_action,
|
|
||||||
+ { "Action", "pflog.action", FT_UINT16, BASE_DEC, VALS(action_vals), 0x0,
|
|
||||||
+ "Action taken by PF on the packet", HFILL }},
|
|
||||||
+ { &hf_old_pflog_dir,
|
|
||||||
+ { "Direction", "pflog.dir", FT_UINT16, BASE_DEC, VALS(old_dir_vals), 0x0,
|
|
||||||
+ "Direction of packet in stack (inbound versus outbound)", HFILL }},
|
|
||||||
+ };
|
|
||||||
+ static gint *ett[] = { &ett_old_pflog };
|
|
||||||
+
|
|
||||||
+ proto_old_pflog = proto_register_protocol(
|
|
||||||
+ "OpenBSD Packet Filter log file, pre 3.4",
|
|
||||||
+ "PFLOG-OLD", "pflog-old");
|
|
||||||
+ proto_register_field_array(proto_old_pflog, hf, array_length(hf));
|
|
||||||
+ proto_register_subtree_array(ett, array_length(ett));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+proto_reg_handoff_old_pflog(void)
|
|
||||||
+{
|
|
||||||
+ dissector_handle_t pflog_handle;
|
|
||||||
+
|
|
||||||
+ ip_handle = find_dissector("ip");
|
|
||||||
+ ipv6_handle = find_dissector("ipv6");
|
|
||||||
+ data_handle = find_dissector("data");
|
|
||||||
+
|
|
||||||
+ pflog_handle = create_dissector_handle(dissect_old_pflog, proto_old_pflog);
|
|
||||||
+ dissector_add("wtap_encap", WTAP_ENCAP_OLD_PFLOG, pflog_handle);
|
|
||||||
+}
|
|
||||||
+
|
|
@ -1,52 +0,0 @@
|
|||||||
$OpenBSD: patch-packet-pflog_h,v 1.1 2003/05/14 21:12:07 canacar Exp $
|
|
||||||
--- packet-pflog.h.orig Mon Jul 15 19:04:19 2002
|
|
||||||
+++ packet-pflog.h Wed May 14 12:14:55 2003
|
|
||||||
@@ -33,6 +33,24 @@
|
|
||||||
/* The header in OpenBSD pflog files. */
|
|
||||||
|
|
||||||
struct pfloghdr {
|
|
||||||
+ guchar length;
|
|
||||||
+ guchar af;
|
|
||||||
+ guchar action;
|
|
||||||
+ guchar reason;
|
|
||||||
+ char ifname[16];
|
|
||||||
+ char ruleset[16];
|
|
||||||
+ guint32 rulenr;
|
|
||||||
+ guint32 subrulenr;
|
|
||||||
+ guchar dir;
|
|
||||||
+ guchar pad[3];
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+#define PFLOG_HDRLEN sizeof(struct pfloghdr)
|
|
||||||
+/* minus pad, also used as a signature */
|
|
||||||
+#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad);
|
|
||||||
+#define MIN_PFLOG_HDRLEN 45
|
|
||||||
+
|
|
||||||
+struct old_pfloghdr {
|
|
||||||
guint32 af;
|
|
||||||
char ifname[16];
|
|
||||||
gint16 rnr;
|
|
||||||
@@ -40,7 +58,7 @@ struct pfloghdr {
|
|
||||||
guint16 action;
|
|
||||||
guint16 dir;
|
|
||||||
};
|
|
||||||
-#define PFLOG_HDRLEN sizeof(struct pfloghdr)
|
|
||||||
+#define OLD_PFLOG_HDRLEN sizeof(struct old_pfloghdr)
|
|
||||||
|
|
||||||
/* Actions */
|
|
||||||
#define PF_PASS 0
|
|
||||||
@@ -48,8 +66,12 @@ struct pfloghdr {
|
|
||||||
#define PF_SCRUB 2
|
|
||||||
|
|
||||||
/* Directions */
|
|
||||||
-#define PF_IN 0
|
|
||||||
-#define PF_OUT 1
|
|
||||||
+#define PF_OLD_IN 0
|
|
||||||
+#define PF_OLD_OUT 1
|
|
||||||
+
|
|
||||||
+#define PF_INOUT 0
|
|
||||||
+#define PF_IN 1
|
|
||||||
+#define PF_OUT 2
|
|
||||||
|
|
||||||
# define BSD_PF_INET 2
|
|
||||||
# define BSD_PF_INET6 24
|
|
@ -1,12 +0,0 @@
|
|||||||
$OpenBSD: patch-wiretap_libpcap_c,v 1.1 2003/05/14 21:12:07 canacar Exp $
|
|
||||||
--- wiretap/libpcap.c.orig Wed May 14 11:37:25 2003
|
|
||||||
+++ wiretap/libpcap.c Wed May 14 11:51:31 2003
|
|
||||||
@@ -385,7 +385,7 @@ static const struct {
|
|
||||||
* defined with the value 17.
|
|
||||||
*/
|
|
||||||
#if !defined(DLT_LANE8023) || (DLT_LANE8023 != 17)
|
|
||||||
- { 17, WTAP_ENCAP_PFLOG },
|
|
||||||
+ { 17, WTAP_ENCAP_OLD_PFLOG },
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
@ -1,25 +0,0 @@
|
|||||||
$OpenBSD: patch-wiretap_wtap_c,v 1.1 2003/05/14 21:12:07 canacar Exp $
|
|
||||||
--- wiretap/wtap.c.orig Wed May 14 11:34:12 2003
|
|
||||||
+++ wiretap/wtap.c Wed May 14 11:37:02 2003
|
|
||||||
@@ -147,7 +147,7 @@ static const struct encap_type_info {
|
|
||||||
{ "IEEE 802.11 plus Prism II monitor mode header", "prism" },
|
|
||||||
|
|
||||||
/* WTAP_ENCAP_PFLOG */
|
|
||||||
- { "OpenBSD PF Firewall logs", "pflog" },
|
|
||||||
+ { "OpenBSD PF Firewall logs, pre-3.4", "pflog-old" },
|
|
||||||
|
|
||||||
/* WTAP_ENCAP_HHDLC */
|
|
||||||
{ "HiPath HDLC", "hhdlc" },
|
|
||||||
@@ -169,6 +169,12 @@ static const struct encap_type_info {
|
|
||||||
|
|
||||||
/* WTAP_ENCAP_TZSP */
|
|
||||||
{ "Tazmen sniffer protocol", "tzsp" },
|
|
||||||
+
|
|
||||||
+ /* WTAP_ENCAP_ENC */
|
|
||||||
+ { "ENC", "enc" },
|
|
||||||
+
|
|
||||||
+ /* WTAP_ENCAP_PFLOG */
|
|
||||||
+ { "OpenBSD PF Firewall logs", "pflog" },
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Name that should be somewhat descriptive. */
|
|
@ -1,24 +0,0 @@
|
|||||||
$OpenBSD: patch-wiretap_wtap_h,v 1.1 2003/05/14 21:12:07 canacar Exp $
|
|
||||||
--- wiretap/wtap.h.orig Wed May 14 11:34:16 2003
|
|
||||||
+++ wiretap/wtap.h Wed May 14 11:35:32 2003
|
|
||||||
@@ -118,7 +118,7 @@
|
|
||||||
#define WTAP_ENCAP_CISCO_IOS 26
|
|
||||||
#define WTAP_ENCAP_LOCALTALK 27
|
|
||||||
#define WTAP_ENCAP_PRISM_HEADER 28
|
|
||||||
-#define WTAP_ENCAP_PFLOG 29
|
|
||||||
+#define WTAP_ENCAP_OLD_PFLOG 29
|
|
||||||
#define WTAP_ENCAP_HHDLC 30
|
|
||||||
#define WTAP_ENCAP_DOCSIS 31
|
|
||||||
#define WTAP_ENCAP_COSINE 32
|
|
||||||
@@ -127,9 +127,10 @@
|
|
||||||
#define WTAP_ENCAP_SDLC 35
|
|
||||||
#define WTAP_ENCAP_TZSP 36
|
|
||||||
#define WTAP_ENCAP_ENC 37
|
|
||||||
+#define WTAP_ENCAP_PFLOG 38
|
|
||||||
|
|
||||||
/* last WTAP_ENCAP_ value + 1 */
|
|
||||||
-#define WTAP_NUM_ENCAP_TYPES 38
|
|
||||||
+#define WTAP_NUM_ENCAP_TYPES 39
|
|
||||||
|
|
||||||
/* File types that can be read by wiretap.
|
|
||||||
We support writing some many of these file types, too, so we
|
|
@ -1,4 +1,4 @@
|
|||||||
@comment $OpenBSD: PFRAG.no-shared,v 1.15 2003/05/04 23:19:33 margarida Exp $
|
@comment $OpenBSD: PFRAG.no-shared,v 1.16 2003/06/15 22:18:08 jakob Exp $
|
||||||
lib/ethereal/plugins/${VERSION}/artnet.a
|
lib/ethereal/plugins/${VERSION}/artnet.a
|
||||||
lib/ethereal/plugins/${VERSION}/artnet.la
|
lib/ethereal/plugins/${VERSION}/artnet.la
|
||||||
lib/ethereal/plugins/${VERSION}/coseventcomm.a
|
lib/ethereal/plugins/${VERSION}/coseventcomm.a
|
||||||
@ -15,3 +15,5 @@ lib/ethereal/plugins/${VERSION}/mgcp.a
|
|||||||
lib/ethereal/plugins/${VERSION}/mgcp.la
|
lib/ethereal/plugins/${VERSION}/mgcp.la
|
||||||
lib/ethereal/plugins/${VERSION}/pcli.a
|
lib/ethereal/plugins/${VERSION}/pcli.a
|
||||||
lib/ethereal/plugins/${VERSION}/pcli.la
|
lib/ethereal/plugins/${VERSION}/pcli.la
|
||||||
|
lib/ethereal/plugins/${VERSION}/rtnet.a
|
||||||
|
lib/ethereal/plugins/${VERSION}/rtnet.la
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
@comment $OpenBSD: PFRAG.shared,v 1.18 2003/05/04 23:19:33 margarida Exp $
|
@comment $OpenBSD: PFRAG.shared,v 1.19 2003/06/15 22:18:08 jakob Exp $
|
||||||
lib/ethereal/plugins/${VERSION}/artnet.a
|
lib/ethereal/plugins/${VERSION}/artnet.a
|
||||||
lib/ethereal/plugins/${VERSION}/artnet.la
|
lib/ethereal/plugins/${VERSION}/artnet.la
|
||||||
lib/ethereal/plugins/${VERSION}/artnet.so
|
lib/ethereal/plugins/${VERSION}/artnet.so
|
||||||
@ -23,3 +23,6 @@ lib/ethereal/plugins/${VERSION}/mgcp.so
|
|||||||
lib/ethereal/plugins/${VERSION}/pcli.a
|
lib/ethereal/plugins/${VERSION}/pcli.a
|
||||||
lib/ethereal/plugins/${VERSION}/pcli.la
|
lib/ethereal/plugins/${VERSION}/pcli.la
|
||||||
lib/ethereal/plugins/${VERSION}/pcli.so
|
lib/ethereal/plugins/${VERSION}/pcli.so
|
||||||
|
lib/ethereal/plugins/${VERSION}/rtnet.a
|
||||||
|
lib/ethereal/plugins/${VERSION}/rtnet.la
|
||||||
|
lib/ethereal/plugins/${VERSION}/rtnet.so
|
||||||
|
Loading…
Reference in New Issue
Block a user