diff options
author | alagoutte <alagoutte@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-08-05 14:33:53 +0000 |
---|---|---|
committer | alagoutte <alagoutte@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-08-05 14:33:53 +0000 |
commit | 7fcb4bf59a75f3a9a583f3db7d7a565d724c683d (patch) | |
tree | f3c134f5f2e3cd520d69b7c76dc2e8fb3052a6f5 /epan/dissectors/packet-pflog.c | |
parent | 5db27187ded44186143661204d86ffd9c20fdf94 (diff) |
Update pflog dissector via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6115
* Update pflog dissector to the last header format (OpenBSD 4.9)
* Dissect all new field (uid, pid, saddr, daddr...)
* Replace proto_tree_add_xxx(uint/string...) by proto_tree_add_item
* Remove not needed packet-pflog.h file
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38364 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-pflog.c')
-rw-r--r-- | epan/dissectors/packet-pflog.c | 447 |
1 files changed, 300 insertions, 147 deletions
diff --git a/epan/dissectors/packet-pflog.c b/epan/dissectors/packet-pflog.c index 6a6f60975b..b4ccfee712 100644 --- a/epan/dissectors/packet-pflog.c +++ b/epan/dissectors/packet-pflog.c @@ -28,6 +28,10 @@ * POSSIBILITY OF SUCH DAMAGE. */ +/* Specifications... : +http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflog.c +http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflog.h +*/ #ifdef HAVE_CONFIG_H # include "config.h" #endif @@ -37,18 +41,7 @@ #include <epan/aftypes.h> #include <epan/etypes.h> #include <epan/addr_resolv.h> -#include "packet-ip.h" -#include "packet-pflog.h" - -#ifndef offsetof -/* Can't trust stddef.h to be there for us */ -# define offsetof(type, member) ((size_t)(&((type *)0)->member)) -#endif - -#ifndef BPF_WORDALIGN -#define BPF_ALIGNMENT sizeof(long) -#define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1)) -#endif +#include <epan/expert.h> static dissector_handle_t data_handle, ip_handle, ipv6_handle; @@ -62,8 +55,21 @@ static int hf_pflog_ifname = -1; static int hf_pflog_ruleset = -1; static int hf_pflog_rulenr = -1; static int hf_pflog_subrulenr = -1; +static int hf_pflog_uid = -1; +static int hf_pflog_pid = -1; +static int hf_pflog_rule_uid = -1; +static int hf_pflog_rule_pid = -1; static int hf_pflog_dir = -1; - +static int hf_pflog_rewritten = -1; +static int hf_pflog_pad = -1; +static int hf_pflog_saddr_ipv4 = -1; +static int hf_pflog_daddr_ipv4 = -1; +static int hf_pflog_saddr_ipv6 = -1; +static int hf_pflog_daddr_ipv6 = -1; +static int hf_pflog_saddr = -1; +static int hf_pflog_daddr = -1; +static int hf_pflog_sport = -1; +static int hf_pflog_dport = -1; static gint ett_pflog = -1; /* old header */ @@ -77,36 +83,70 @@ static int hf_old_pflog_dir = -1; static gint ett_old_pflog = -1; -static const value_string af_vals[] = { - { BSD_AF_INET, "IPv4" }, +#define LEN_PFLOG_BSD34 48 +#define LEN_PFLOG_BSD38 64 +#define LEN_PFLOG_BSD49 100 + +static const value_string pflog_af_vals[] = { + { BSD_AF_INET, "IPv4" }, { BSD_AF_INET6_BSD, "IPv6" }, - { 0, NULL } + { 0, NULL } }; -static const value_string reason_vals[] = { +static const value_string pflog_reason_vals[] = { { 0, "match" }, { 1, "bad-offset" }, { 2, "fragment" }, { 3, "short" }, { 4, "normalize" }, { 5, "memory" }, + { 6, "timestamp" }, + { 7, "congestion" }, + { 8, "ip-option" }, + { 9, "proto-cksum" }, + { 10, "state-mismatch" }, + { 11, "state-ins-fail" }, + { 12, "max-states" }, + { 13, "srcnode-limit" }, + { 14, "syn-proxy" }, { 0, NULL } }; -static const value_string action_vals[] = { - { PF_PASS, "passed" }, - { PF_DROP, "dropped" }, - { PF_SCRUB, "scrubbed" }, +/* Actions */ +enum { PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT, + PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP, PF_DEFER, + PF_MATCH, PF_DIVERT, PF_RT }; + +static const value_string pflog_action_vals[] = { + { PF_MATCH, "match" }, + { PF_SCRUB, "scrub" }, + { PF_PASS, "pass" }, + { PF_DROP, "block" }, + { PF_DIVERT, "divert" }, + { PF_NAT, "nat" }, + { PF_NONAT, "nat" }, + { PF_BINAT, "binat" }, + { PF_NOBINAT, "binat" }, + { PF_RDR, "rdr" }, + { PF_NORDR, "rdr" }, { 0, NULL } }; -static const value_string old_dir_vals[] = { +/* Directions */ +#define PF_OLD_IN 0 +#define PF_OLD_OUT 1 + +#define PF_INOUT 0 +#define PF_IN 1 +#define PF_OUT 2 + +static const value_string pflog_old_dir_vals[] = { { PF_OLD_IN, "in" }, { PF_OLD_OUT, "out" }, { 0, NULL } }; -static const value_string dir_vals[] = { +static const value_string pflog_dir_vals[] = { { PF_INOUT, "inout" }, { PF_IN, "in" }, { PF_OUT, "out" }, @@ -116,87 +156,135 @@ static const value_string dir_vals[] = { static void dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { -#define MAX_RULE_STR 128 - struct pfloghdr pflogh; - static char rulestr[MAX_RULE_STR]; tvbuff_t *next_tvb; - proto_tree *pflog_tree; - proto_item *ti; - int hdrlen; + proto_tree *pflog_tree = NULL; + proto_item *ti = NULL, *ti_len; + int length; + guint8 af, action; + guint8 *ifname; + guint32 rulenr; + guint8 pad_len = 3; + gint offset = 0; col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG"); - /* Copy out the pflog header to insure alignment */ - tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); + if (tree) { + ti = proto_tree_add_item(tree, proto_pflog, tvb, offset, 0, ENC_BIG_ENDIAN); - /* Byteswap the header now */ - pflogh.rulenr = g_ntohl(pflogh.rulenr); - pflogh.subrulenr = g_ntohl(pflogh.subrulenr); + pflog_tree = proto_item_add_subtree(ti, ett_pflog); + } + length = tvb_get_guint8(tvb, offset) + pad_len; - hdrlen = BPF_WORDALIGN(pflogh.length); + ti_len = proto_tree_add_item(pflog_tree, hf_pflog_length, tvb, offset, 1, ENC_BIG_ENDIAN); + if(length < LEN_PFLOG_BSD34) + { + expert_add_info_format(pinfo, ti_len, PI_MALFORMED, PI_ERROR, "Invalid header length %u", length); + } - if (pflogh.subrulenr == (guint32) -1) - g_snprintf(rulestr, sizeof(rulestr), "%u", - pflogh.rulenr); - else - g_snprintf(rulestr, sizeof(rulestr), "%u.%s.%u", - pflogh.rulenr, pflogh.ruleset, pflogh.subrulenr); + offset += 1; - if (hdrlen < MIN_PFLOG_HDRLEN) { - if (tree) { - proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, - hdrlen, "PF Log invalid header length (%u)", hdrlen); - } - if (check_col(pinfo->cinfo, COL_INFO)) { - col_prepend_fstr(pinfo->cinfo, COL_INFO, "Invalid header length %u", - hdrlen); - } - return; + proto_tree_add_item(pflog_tree, hf_pflog_af, tvb, offset, 1, ENC_BIG_ENDIAN); + af = tvb_get_guint8(tvb, offset); + offset += 1; + + proto_tree_add_item(pflog_tree, hf_pflog_action, tvb, offset, 1, ENC_BIG_ENDIAN); + action = tvb_get_guint8(tvb, offset); + offset += 1; + + proto_tree_add_item(pflog_tree, hf_pflog_reason, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + + proto_tree_add_item(pflog_tree, hf_pflog_ifname, tvb, offset, 16, ENC_BIG_ENDIAN); + ifname = tvb_get_ephemeral_string(tvb, offset, 16); + offset += 16; + + proto_tree_add_item(pflog_tree, hf_pflog_ruleset, tvb, offset, 16, ENC_BIG_ENDIAN); + offset += 16; + + proto_tree_add_item(pflog_tree, hf_pflog_rulenr, tvb, offset, 4, ENC_BIG_ENDIAN); + rulenr = tvb_get_ntohs(tvb, offset); + offset += 4; + + proto_tree_add_item(pflog_tree, hf_pflog_subrulenr, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + if(length >= LEN_PFLOG_BSD38) + { + proto_tree_add_item(pflog_tree, hf_pflog_uid, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + proto_tree_add_item(pflog_tree, hf_pflog_pid, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + proto_tree_add_item(pflog_tree, hf_pflog_rule_uid, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + proto_tree_add_item(pflog_tree, hf_pflog_rule_pid, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + } + proto_tree_add_item(pflog_tree, hf_pflog_dir, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + + if(length >= LEN_PFLOG_BSD49) + { + pad_len = 2; + length -= 3; /* With OpenBSD >= 4.8 the length is the length of full Header (with padding..) */ + proto_tree_add_item(pflog_tree, hf_pflog_rewritten, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; } - if (tree) { - ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, - hdrlen, - "PF Log %s %s on %s by rule %s", - val_to_str(pflogh.af, af_vals, "unknown (%u)"), - val_to_str(pflogh.action, action_vals, "unknown (%u)"), - pflogh.ifname, - rulestr); - pflog_tree = proto_item_add_subtree(ti, ett_pflog); + proto_tree_add_item(pflog_tree, hf_pflog_pad, tvb, offset, pad_len, ENC_BIG_ENDIAN); + offset += pad_len; + + if(length >= LEN_PFLOG_BSD49) + { + switch (af) { + + case BSD_AF_INET: + proto_tree_add_item(pflog_tree, hf_pflog_saddr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 16; - proto_tree_add_uint(pflog_tree, hf_pflog_length, tvb, - offsetof(struct pfloghdr, length), sizeof(pflogh.length), - pflogh.length); - proto_tree_add_uint(pflog_tree, hf_pflog_af, tvb, - offsetof(struct pfloghdr, af), sizeof(pflogh.af), - pflogh.af); - proto_tree_add_uint(pflog_tree, hf_pflog_action, tvb, - offsetof(struct pfloghdr, action), sizeof(pflogh.action), - pflogh.action); - proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb, - offsetof(struct pfloghdr, reason), sizeof(pflogh.reason), - pflogh.reason); - proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb, - offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname), - pflogh.ifname); - proto_tree_add_string(pflog_tree, hf_pflog_ruleset, tvb, - offsetof(struct pfloghdr, ruleset), sizeof(pflogh.ruleset), - pflogh.ruleset); - proto_tree_add_int(pflog_tree, hf_pflog_rulenr, tvb, - offsetof(struct pfloghdr, rulenr), sizeof(pflogh.rulenr), - pflogh.rulenr); - proto_tree_add_int(pflog_tree, hf_pflog_subrulenr, tvb, - offsetof(struct pfloghdr, subrulenr), sizeof(pflogh.subrulenr), - pflogh.subrulenr); - proto_tree_add_uint(pflog_tree, hf_pflog_dir, tvb, - offsetof(struct pfloghdr, dir), sizeof(pflogh.dir), - pflogh.dir); + proto_tree_add_item(pflog_tree, hf_pflog_daddr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 16; + break; + + case BSD_AF_INET6_BSD: + proto_tree_add_item(pflog_tree, hf_pflog_saddr_ipv6, tvb, offset, 16, ENC_BIG_ENDIAN); + offset += 16; + + proto_tree_add_item(pflog_tree, hf_pflog_daddr_ipv6, tvb, offset, 16, ENC_BIG_ENDIAN); + offset += 16; + break; + + default: + proto_tree_add_item(pflog_tree, hf_pflog_saddr, tvb, offset, 16, ENC_BIG_ENDIAN); + offset += 16; + + proto_tree_add_item(pflog_tree, hf_pflog_daddr, tvb, offset, 16, ENC_BIG_ENDIAN); + offset += 16; + break; + } + + proto_tree_add_item(pflog_tree, hf_pflog_sport, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + proto_tree_add_item(pflog_tree, hf_pflog_dport, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; } + proto_item_set_text(ti, "PF Log %s %s on %s by rule %u", + val_to_str(af, pflog_af_vals, "unknown (%u)"), + val_to_str(action, pflog_action_vals, "unknown (%u)"), + ifname, + rulenr); + proto_item_set_len(ti, offset); + + + /* Set the tvbuff for the payload after the header */ - next_tvb = tvb_new_subset_remaining(tvb, hdrlen); + next_tvb = tvb_new_subset_remaining(tvb, length); - switch (pflogh.af) { + switch (af) { case BSD_AF_INET: call_dissector(ip_handle, next_tvb, pinfo, tree); @@ -212,10 +300,10 @@ dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } if (check_col(pinfo->cinfo, COL_INFO)) { - col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/%s] ", - val_to_str(pflogh.action, action_vals, "unknown (%u)"), - pflogh.ifname, - rulestr); + col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/%u] ", + val_to_str(action, pflog_action_vals, "unknown (%u)"), + ifname, + rulenr); } } @@ -227,13 +315,13 @@ proto_register_pflog(void) { "Header Length", "pflog.length", FT_UINT8, BASE_DEC, NULL, 0x0, "Length of Header", HFILL }}, { &hf_pflog_af, - { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0, + { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(pflog_af_vals), 0x0, "Protocol (IPv4 vs IPv6)", HFILL }}, { &hf_pflog_action, - { "Action", "pflog.action", FT_UINT8, BASE_DEC, VALS(action_vals), 0x0, + { "Action", "pflog.action", FT_UINT8, BASE_DEC, VALS(pflog_action_vals), 0x0, "Action taken by PF on the packet", HFILL }}, { &hf_pflog_reason, - { "Reason", "pflog.reason", FT_UINT8, BASE_DEC, VALS(reason_vals), 0x0, + { "Reason", "pflog.reason", FT_UINT8, BASE_DEC, VALS(pflog_reason_vals), 0x0, "Reason for logging the packet", HFILL }}, { &hf_pflog_ifname, { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0, @@ -247,8 +335,50 @@ proto_register_pflog(void) { &hf_pflog_subrulenr, { "Sub Rule Number", "pflog.subrulenr", FT_INT32, BASE_DEC, NULL, 0x0, "Last matched firewall anchored ruleset rule number", HFILL }}, + { &hf_pflog_uid, + { "UID", "pflog.uid", FT_INT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_pid, + { "PID", "pflog.pid", FT_INT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_rule_uid, + { "Rule UID", "pflog.rule_uid", FT_INT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_rule_pid, + { "Rule PID", "pflog.rule_pid", FT_INT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_rewritten, + { "Rewritten", "pflog.rewritten", FT_UINT8, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_pad, + { "Padding", "pflog.pad", FT_BYTES, BASE_NONE, NULL, 0x0, + "Must be Zero", HFILL }}, + { &hf_pflog_saddr_ipv4, + { "Source Address", "pflog.saddr", FT_IPv4, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_daddr_ipv4, + { "Destination Address", "pflog.daddr", FT_IPv4, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_saddr_ipv6, + { "Source Address", "pflog.saddr", FT_IPv6, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_daddr_ipv6, + { "Destination Address", "pflog.daddr", FT_IPv6, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_saddr, + { "Source Address", "pflog.saddr", FT_BYTES, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_daddr, + { "Destination Address", "pflog.daddr", FT_BYTES, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_sport, + { "Source Port", "pflog.sport", FT_UINT16, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + { &hf_pflog_dport, + { "Destination Port", "pflog.dport", FT_UINT16, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, { &hf_pflog_dir, - { "Direction", "pflog.dir", FT_UINT8, BASE_DEC, VALS(dir_vals), 0x0, + { "Direction", "pflog.dir", FT_UINT8, BASE_DEC, VALS(pflog_dir_vals), 0x0, "Direction of packet in stack (inbound versus outbound)", HFILL }}, }; static gint *ett[] = { &ett_pflog }; @@ -272,80 +402,92 @@ proto_reg_handoff_pflog(void) dissector_add_uint("wtap_encap", WTAP_ENCAP_PFLOG, pflog_handle); } -static void +static int dissect_old_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - struct old_pfloghdr pflogh; tvbuff_t *next_tvb; proto_tree *pflog_tree; proto_item *ti; + guint32 af; + guint8 *ifname; + guint16 rnr, action; + gint offset = 0; col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG-OLD"); - /* Copy out the pflog header to insure alignment */ - tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); + if (tree) { + ti = proto_tree_add_item(tree, proto_old_pflog, tvb, 0, 0, ENC_BIG_ENDIAN); + + pflog_tree = proto_item_add_subtree(ti, ett_pflog); - /* Byteswap the header now */ - pflogh.af = g_ntohl(pflogh.af); - pflogh.rnr = g_ntohs(pflogh.rnr); - pflogh.reason = g_ntohs(pflogh.reason); - pflogh.action = g_ntohs(pflogh.action); - pflogh.dir = g_ntohs(pflogh.dir); + proto_tree_add_item(pflog_tree, hf_old_pflog_af, tvb, offset, 4, ENC_BIG_ENDIAN); + } + af = tvb_get_ntohl(tvb, offset); + offset +=4; if (tree) { - ti = proto_tree_add_protocol_format(tree, proto_old_pflog, tvb, 0, - OLD_PFLOG_HDRLEN, - "PF Log (pre 3.4) %s %s on %s by rule %d", - val_to_str(pflogh.af, af_vals, "unknown (%u)"), - val_to_str(pflogh.action, action_vals, "unknown (%u)"), - pflogh.ifname, - pflogh.rnr); - pflog_tree = proto_item_add_subtree(ti, ett_pflog); + proto_tree_add_item(pflog_tree, hf_old_pflog_ifname, tvb, offset, 16, ENC_BIG_ENDIAN); + } + ifname = tvb_get_ephemeral_string(tvb, offset, 16); + offset +=16; + + if (tree) { + proto_tree_add_item(pflog_tree, hf_old_pflog_rnr, tvb, offset, 2, ENC_BIG_ENDIAN); + } + rnr = tvb_get_ntohs(tvb, offset); + offset +=2; + + if (tree) { + proto_tree_add_item(pflog_tree, hf_old_pflog_reason, tvb, offset, 2, ENC_BIG_ENDIAN); + } + offset +=2; + + if (tree) { + proto_tree_add_item(pflog_tree, hf_old_pflog_action, tvb, offset, 2, ENC_BIG_ENDIAN); + } + action = tvb_get_ntohs(tvb, offset); + offset +=2; + + if (tree) { + proto_tree_add_item(pflog_tree, hf_old_pflog_dir, tvb, offset, 2, ENC_BIG_ENDIAN); + } + offset +=2; + + if (tree) { + proto_item_set_text(ti, "PF Log (pre 3.4) %s %s on %s by rule %d", + val_to_str(af, pflog_af_vals, "unknown (%u)"), + val_to_str(action, pflog_action_vals, "unknown (%u)"), + ifname, + rnr); + proto_item_set_len(ti, offset); - proto_tree_add_uint(pflog_tree, hf_old_pflog_af, tvb, - offsetof(struct old_pfloghdr, af), sizeof(pflogh.af), - pflogh.af); - proto_tree_add_int(pflog_tree, hf_old_pflog_rnr, tvb, - offsetof(struct old_pfloghdr, rnr), sizeof(pflogh.rnr), - pflogh.rnr); - proto_tree_add_string(pflog_tree, hf_old_pflog_ifname, tvb, - offsetof(struct old_pfloghdr, ifname), sizeof(pflogh.ifname), - pflogh.ifname); - proto_tree_add_uint(pflog_tree, hf_old_pflog_reason, tvb, - offsetof(struct old_pfloghdr, reason), sizeof(pflogh.reason), - pflogh.reason); - proto_tree_add_uint(pflog_tree, hf_old_pflog_action, tvb, - offsetof(struct old_pfloghdr, action), sizeof(pflogh.action), - pflogh.action); - proto_tree_add_uint(pflog_tree, hf_old_pflog_dir, tvb, - offsetof(struct old_pfloghdr, dir), sizeof(pflogh.dir), - pflogh.dir); } /* Set the tvbuff for the payload after the header */ - next_tvb = tvb_new_subset_remaining(tvb, OLD_PFLOG_HDRLEN); + next_tvb = tvb_new_subset_remaining(tvb, offset); - switch (pflogh.af) { + switch (af) { case BSD_AF_INET: - call_dissector(ip_handle, next_tvb, pinfo, tree); + offset += call_dissector(ip_handle, next_tvb, pinfo, tree); break; case BSD_AF_INET6_BSD: - call_dissector(ipv6_handle, next_tvb, pinfo, tree); + offset += call_dissector(ipv6_handle, next_tvb, pinfo, tree); break; default: - call_dissector(data_handle, next_tvb, pinfo, tree); + offset += call_dissector(data_handle, next_tvb, pinfo, tree); break; } if (check_col(pinfo->cinfo, COL_INFO)) { col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ", - val_to_str(pflogh.action, action_vals, "unknown (%u)"), - pflogh.ifname, - pflogh.rnr); + val_to_str(action, pflog_action_vals, "unknown (%u)"), + ifname, + rnr); } + return offset; } void @@ -353,7 +495,7 @@ proto_register_old_pflog(void) { static hf_register_info hf[] = { { &hf_old_pflog_af, - { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0, + { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(pflog_af_vals), 0x0, "Protocol (IPv4 vs IPv6)", HFILL }}, { &hf_old_pflog_ifname, { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0, @@ -362,13 +504,13 @@ proto_register_old_pflog(void) { "Rule Number", "pflog.rnr", FT_INT16, BASE_DEC, NULL, 0x0, "Last matched firewall rule number", HFILL }}, { &hf_old_pflog_reason, - { "Reason", "pflog.reason", FT_UINT16, BASE_DEC, VALS(reason_vals), 0x0, + { "Reason", "pflog.reason", FT_UINT16, BASE_DEC, VALS(pflog_reason_vals), 0x0, "Reason for logging the packet", HFILL }}, { &hf_old_pflog_action, - { "Action", "pflog.action", FT_UINT16, BASE_DEC, VALS(action_vals), 0x0, + { "Action", "pflog.action", FT_UINT16, BASE_DEC, VALS(pflog_action_vals), 0x0, "Action taken by PF on the packet", HFILL }}, { &hf_old_pflog_dir, - { "Direction", "pflog.dir", FT_UINT16, BASE_DEC, VALS(old_dir_vals), 0x0, + { "Direction", "pflog.dir", FT_UINT16, BASE_DEC, VALS(pflog_old_dir_vals), 0x0, "Direction of packet in stack (inbound versus outbound)", HFILL }}, }; static gint *ett[] = { &ett_old_pflog }; @@ -389,7 +531,18 @@ proto_reg_handoff_old_pflog(void) ipv6_handle = find_dissector("ipv6"); data_handle = find_dissector("data"); - pflog_handle = create_dissector_handle(dissect_old_pflog, proto_old_pflog); + pflog_handle = new_create_dissector_handle(dissect_old_pflog, proto_old_pflog); dissector_add_uint("wtap_encap", WTAP_ENCAP_OLD_PFLOG, pflog_handle); } - +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=2 tabstop=8 expandtab + * :indentSize=2:tabSize=8:noTabs=true: + */ |