xref: /aosp_15_r20/external/tcpdump/print-pflog.c (revision 05b00f6010a2396e3db2409989fc67270046269f) 
1*05b00f60SXin Li /*
2*05b00f60SXin Li  * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
3*05b00f60SXin Li  *	The Regents of the University of California.  All rights reserved.
4*05b00f60SXin Li  *
5*05b00f60SXin Li  * Redistribution and use in source and binary forms, with or without
6*05b00f60SXin Li  * modification, are permitted provided that: (1) source code distributions
7*05b00f60SXin Li  * retain the above copyright notice and this paragraph in its entirety, (2)
8*05b00f60SXin Li  * distributions including binary code include the above copyright notice and
9*05b00f60SXin Li  * this paragraph in its entirety in the documentation or other materials
10*05b00f60SXin Li  * provided with the distribution, and (3) all advertising materials mentioning
11*05b00f60SXin Li  * features or use of this software display the following acknowledgement:
12*05b00f60SXin Li  * ``This product includes software developed by the University of California,
13*05b00f60SXin Li  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14*05b00f60SXin Li  * the University nor the names of its contributors may be used to endorse
15*05b00f60SXin Li  * or promote products derived from this software without specific prior
16*05b00f60SXin Li  * written permission.
17*05b00f60SXin Li  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18*05b00f60SXin Li  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19*05b00f60SXin Li  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20*05b00f60SXin Li  */
21*05b00f60SXin Li 
22*05b00f60SXin Li /* \summary: *BSD/Darwin packet filter log file printer */
23*05b00f60SXin Li 
24*05b00f60SXin Li #ifdef HAVE_CONFIG_H
25*05b00f60SXin Li #include <config.h>
26*05b00f60SXin Li #endif
27*05b00f60SXin Li 
28*05b00f60SXin Li #include "netdissect-stdinc.h"
29*05b00f60SXin Li 
30*05b00f60SXin Li #include "netdissect.h"
31*05b00f60SXin Li #include "extract.h"
32*05b00f60SXin Li #include "af.h"
33*05b00f60SXin Li 
34*05b00f60SXin Li #include "pflog.h"
35*05b00f60SXin Li 
36*05b00f60SXin Li static const struct tok pf_reasons[] = {
37*05b00f60SXin Li 	{ PFRES_MATCH,		"0(match)" },
38*05b00f60SXin Li 	{ PFRES_BADOFF,		"1(bad-offset)" },
39*05b00f60SXin Li 	{ PFRES_FRAG,		"2(fragment)" },
40*05b00f60SXin Li 	{ PFRES_NORM,		"3(short)" },
41*05b00f60SXin Li 	{ PFRES_NORM,		"4(normalize)" },
42*05b00f60SXin Li 	{ PFRES_MEMORY,		"5(memory)" },
43*05b00f60SXin Li 	{ PFRES_TS,		"6(bad-timestamp)" },
44*05b00f60SXin Li 	{ PFRES_CONGEST,	"7(congestion)" },
45*05b00f60SXin Li 	{ PFRES_IPOPTIONS,	"8(ip-option)" },
46*05b00f60SXin Li 	{ PFRES_PROTCKSUM,	"9(proto-cksum)" },
47*05b00f60SXin Li 	{ PFRES_BADSTATE,	"10(state-mismatch)" },
48*05b00f60SXin Li 	{ PFRES_STATEINS,	"11(state-insert)" },
49*05b00f60SXin Li 	{ PFRES_MAXSTATES,	"12(state-limit)" },
50*05b00f60SXin Li 	{ PFRES_SRCLIMIT,	"13(src-limit)" },
51*05b00f60SXin Li 	{ PFRES_SYNPROXY,	"14(synproxy)" },
52*05b00f60SXin Li #if defined(__FreeBSD__)
53*05b00f60SXin Li 	{ PFRES_MAPFAILED,	"15(map-failed)" },
54*05b00f60SXin Li #elif defined(__NetBSD__)
55*05b00f60SXin Li 	{ PFRES_STATELOCKED,	"15(state-locked)" },
56*05b00f60SXin Li #elif defined(__OpenBSD__)
57*05b00f60SXin Li 	{ PFRES_TRANSLATE,	"15(translate)" },
58*05b00f60SXin Li 	{ PFRES_NOROUTE,	"16(no-route)" },
59*05b00f60SXin Li #elif defined(__APPLE__)
60*05b00f60SXin Li 	{ PFRES_DUMMYNET,	"15(dummynet)" },
61*05b00f60SXin Li #endif
62*05b00f60SXin Li 	{ 0,	NULL }
63*05b00f60SXin Li };
64*05b00f60SXin Li 
65*05b00f60SXin Li static const struct tok pf_actions[] = {
66*05b00f60SXin Li 	{ PF_PASS,		"pass" },
67*05b00f60SXin Li 	{ PF_DROP,		"block" },
68*05b00f60SXin Li 	{ PF_SCRUB,		"scrub" },
69*05b00f60SXin Li 	{ PF_NAT,		"nat" },
70*05b00f60SXin Li 	{ PF_NONAT,		"nonat" },
71*05b00f60SXin Li 	{ PF_BINAT,		"binat" },
72*05b00f60SXin Li 	{ PF_NOBINAT,		"nobinat" },
73*05b00f60SXin Li 	{ PF_RDR,		"rdr" },
74*05b00f60SXin Li 	{ PF_NORDR,		"nordr" },
75*05b00f60SXin Li 	{ PF_SYNPROXY_DROP,	"synproxy-drop" },
76*05b00f60SXin Li #if defined(__FreeBSD__)
77*05b00f60SXin Li 	{ PF_DEFER,		"defer" },
78*05b00f60SXin Li #elif defined(__OpenBSD__)
79*05b00f60SXin Li 	{ PF_DEFER,		"defer" },
80*05b00f60SXin Li 	{ PF_MATCH,		"match" },
81*05b00f60SXin Li 	{ PF_DIVERT,		"divert" },
82*05b00f60SXin Li 	{ PF_RT,		"rt" },
83*05b00f60SXin Li 	{ PF_AFRT,		"afrt" },
84*05b00f60SXin Li #elif defined(__APPLE__)
85*05b00f60SXin Li 	{ PF_DUMMYNET,		"dummynet" },
86*05b00f60SXin Li 	{ PF_NODUMMYNET,	"nodummynet" },
87*05b00f60SXin Li 	{ PF_NAT64,		"nat64" },
88*05b00f60SXin Li 	{ PF_NONAT64,		"nonat64" },
89*05b00f60SXin Li #endif
90*05b00f60SXin Li 	{ 0,			NULL }
91*05b00f60SXin Li };
92*05b00f60SXin Li 
93*05b00f60SXin Li static const struct tok pf_directions[] = {
94*05b00f60SXin Li 	{ PF_INOUT,	"in/out" },
95*05b00f60SXin Li 	{ PF_IN,	"in" },
96*05b00f60SXin Li 	{ PF_OUT,	"out" },
97*05b00f60SXin Li #if defined(__OpenBSD__)
98*05b00f60SXin Li 	{ PF_FWD,	"fwd" },
99*05b00f60SXin Li #endif
100*05b00f60SXin Li 	{ 0,		NULL }
101*05b00f60SXin Li };
102*05b00f60SXin Li 
103*05b00f60SXin Li static void
pflog_print(netdissect_options * ndo,const struct pfloghdr * hdr)104*05b00f60SXin Li pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
105*05b00f60SXin Li {
106*05b00f60SXin Li 	uint32_t rulenr, subrulenr;
107*05b00f60SXin Li 
108*05b00f60SXin Li 	ndo->ndo_protocol = "pflog";
109*05b00f60SXin Li 	rulenr = GET_BE_U_4(&hdr->rulenr);
110*05b00f60SXin Li 	subrulenr = GET_BE_U_4(&hdr->subrulenr);
111*05b00f60SXin Li 	if (subrulenr == (uint32_t)-1)
112*05b00f60SXin Li 		ND_PRINT("rule %u/", rulenr);
113*05b00f60SXin Li 	else {
114*05b00f60SXin Li 		ND_PRINT("rule %u.", rulenr);
115*05b00f60SXin Li 		nd_printjnp(ndo, (const u_char*)hdr->ruleset, PFLOG_RULESET_NAME_SIZE);
116*05b00f60SXin Li 		ND_PRINT(".%u/", subrulenr);
117*05b00f60SXin Li 	}
118*05b00f60SXin Li 
119*05b00f60SXin Li 	ND_PRINT("%s: %s %s on ",
120*05b00f60SXin Li 	    tok2str(pf_reasons, "unkn(%u)", GET_U_1(&hdr->reason)),
121*05b00f60SXin Li 	    tok2str(pf_actions, "unkn(%u)", GET_U_1(&hdr->action)),
122*05b00f60SXin Li 	    tok2str(pf_directions, "unkn(%u)", GET_U_1(&hdr->dir)));
123*05b00f60SXin Li 	nd_printjnp(ndo, (const u_char*)hdr->ifname, PFLOG_IFNAMSIZ);
124*05b00f60SXin Li 	ND_PRINT(": ");
125*05b00f60SXin Li }
126*05b00f60SXin Li 
127*05b00f60SXin Li void
pflog_if_print(netdissect_options * ndo,const struct pcap_pkthdr * h,const u_char * p)128*05b00f60SXin Li pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
129*05b00f60SXin Li                const u_char *p)
130*05b00f60SXin Li {
131*05b00f60SXin Li 	u_int length = h->len;
132*05b00f60SXin Li 	u_int hdrlen;
133*05b00f60SXin Li 	u_int caplen = h->caplen;
134*05b00f60SXin Li 	const struct pfloghdr *hdr;
135*05b00f60SXin Li 	uint8_t af;
136*05b00f60SXin Li 
137*05b00f60SXin Li 	ndo->ndo_protocol = "pflog";
138*05b00f60SXin Li 	/* check length */
139*05b00f60SXin Li 	if (caplen < sizeof(uint8_t)) {
140*05b00f60SXin Li 		nd_print_trunc(ndo);
141*05b00f60SXin Li 		ndo->ndo_ll_hdr_len += h->caplen;
142*05b00f60SXin Li 		return;
143*05b00f60SXin Li 	}
144*05b00f60SXin Li 
145*05b00f60SXin Li #define MIN_PFLOG_HDRLEN	45
146*05b00f60SXin Li 	hdr = (const struct pfloghdr *)p;
147*05b00f60SXin Li 	if (GET_U_1(&hdr->length) < MIN_PFLOG_HDRLEN) {
148*05b00f60SXin Li 		ND_PRINT("[pflog: invalid header length!]");
149*05b00f60SXin Li 		ndo->ndo_ll_hdr_len += GET_U_1(&hdr->length);	/* XXX: not really */
150*05b00f60SXin Li 		return;
151*05b00f60SXin Li 	}
152*05b00f60SXin Li 	hdrlen = roundup2(hdr->length, 4);
153*05b00f60SXin Li 
154*05b00f60SXin Li 	if (caplen < hdrlen) {
155*05b00f60SXin Li 		nd_print_trunc(ndo);
156*05b00f60SXin Li 		ndo->ndo_ll_hdr_len += hdrlen;	/* XXX: true? */
157*05b00f60SXin Li 		return;
158*05b00f60SXin Li 	}
159*05b00f60SXin Li 
160*05b00f60SXin Li 	/* print what we know */
161*05b00f60SXin Li 	ND_TCHECK_SIZE(hdr);
162*05b00f60SXin Li 	if (ndo->ndo_eflag)
163*05b00f60SXin Li 		pflog_print(ndo, hdr);
164*05b00f60SXin Li 
165*05b00f60SXin Li 	/* skip to the real packet */
166*05b00f60SXin Li 	af = GET_U_1(&hdr->af);
167*05b00f60SXin Li 	length -= hdrlen;
168*05b00f60SXin Li 	caplen -= hdrlen;
169*05b00f60SXin Li 	p += hdrlen;
170*05b00f60SXin Li 	switch (af) {
171*05b00f60SXin Li 
172*05b00f60SXin Li 		/*
173*05b00f60SXin Li 		 * If there's a system that doesn't use the AF_INET
174*05b00f60SXin Li 		 * from 4.2BSD, feel free to add its value to af.h
175*05b00f60SXin Li 		 * and use it here.
176*05b00f60SXin Li 		 *
177*05b00f60SXin Li 		 * Hopefully, there isn't.
178*05b00f60SXin Li 		 */
179*05b00f60SXin Li 		case BSD_AFNUM_INET:
180*05b00f60SXin Li 		        ip_print(ndo, p, length);
181*05b00f60SXin Li 			break;
182*05b00f60SXin Li 
183*05b00f60SXin Li 		/*
184*05b00f60SXin Li 		 * Try all AF_INET6 values for all systems with pflog,
185*05b00f60SXin Li 		 * including Darwin.
186*05b00f60SXin Li 		 */
187*05b00f60SXin Li 		case BSD_AFNUM_INET6_BSD:
188*05b00f60SXin Li 		case BSD_AFNUM_INET6_FREEBSD:
189*05b00f60SXin Li 		case BSD_AFNUM_INET6_DARWIN:
190*05b00f60SXin Li 			ip6_print(ndo, p, length);
191*05b00f60SXin Li 			break;
192*05b00f60SXin Li 
193*05b00f60SXin Li 	default:
194*05b00f60SXin Li 		/* address family not handled, print raw packet */
195*05b00f60SXin Li 		if (!ndo->ndo_eflag)
196*05b00f60SXin Li 			pflog_print(ndo, hdr);
197*05b00f60SXin Li 		if (!ndo->ndo_suppress_default_print)
198*05b00f60SXin Li 			ND_DEFAULTPRINT(p, caplen);
199*05b00f60SXin Li 	}
200*05b00f60SXin Li 
201*05b00f60SXin Li 	ndo->ndo_ll_hdr_len += hdrlen;
202*05b00f60SXin Li 	return;
203*05b00f60SXin Li trunc:
204*05b00f60SXin Li 	nd_print_trunc(ndo);
205*05b00f60SXin Li 	ndo->ndo_ll_hdr_len += hdrlen;
206*05b00f60SXin Li }
207