diff options
| -rw-r--r-- | AUTHORS | 5 | ||||
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | Makefile.nmake | 3 | ||||
| -rw-r--r-- | doc/ethereal.pod.template | 1 | ||||
| -rw-r--r-- | epan/column-utils.c | 42 | ||||
| -rw-r--r-- | epan/column-utils.h | 5 | ||||
| -rw-r--r-- | epan/plugins.c | 3 | ||||
| -rw-r--r-- | packet-pflog.c | 212 | ||||
| -rw-r--r-- | packet-pflog.h | 83 | ||||
| -rw-r--r-- | plugins/plugin_api.c | 3 | ||||
| -rw-r--r-- | plugins/plugin_api.h | 3 | ||||
| -rw-r--r-- | plugins/plugin_api_defs.h | 3 | ||||
| -rw-r--r-- | plugins/plugin_table.h | 4 | ||||
| -rw-r--r-- | wiretap/libpcap.c | 14 | ||||
| -rw-r--r-- | wiretap/wtap.c | 5 | ||||
| -rw-r--r-- | wiretap/wtap.h | 5 |
16 files changed, 382 insertions, 13 deletions
@@ -1014,6 +1014,11 @@ Ricardo Barroetaveña <rbarroetavena[AT]veufort.com> { Alan Harrison <alanharrison[AT]mail.com> { Fixes to EtherPeek file reader code } + +Mike Frantzen <frantzen[AT]w4g.org> { + Support for capturing on, and reading captures from, OpenBSD + firewall logging virtual interface +} Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c. diff --git a/Makefile.am b/Makefile.am index 6ff3cfd98a..d3ce39e4d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.405 2002/01/20 23:05:22 gerald Exp $ +# $Id: Makefile.am,v 1.406 2002/01/29 08:44:45 guy Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@ethereal.com> @@ -208,6 +208,7 @@ DISSECTOR_SRC = \ packet-osi-options.c \ packet-ospf.c \ packet-pcnfsd.c \ + packet-pflog.c \ packet-pgm.c \ packet-pim.c \ packet-pop.c \ @@ -394,6 +395,7 @@ noinst_HEADERS = \ packet-osi.h \ packet-osi-options.h \ packet-pcnfsd.h \ + packet-pflog.h \ packet-pgm.h \ packet-pim.h \ packet-portmap.h \ diff --git a/Makefile.nmake b/Makefile.nmake index add12101b5..ab82296a1d 100644 --- a/Makefile.nmake +++ b/Makefile.nmake @@ -1,7 +1,7 @@ ## Makefile for building ethereal.exe with Microsoft C and nmake ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake # -# $Id: Makefile.nmake,v 1.165 2002/01/21 10:21:57 guy Exp $ +# $Id: Makefile.nmake,v 1.166 2002/01/29 08:44:46 guy Exp $ include config.nmake include <win32.mak> @@ -159,6 +159,7 @@ DISSECTOR_SRC = \ packet-osi-options.c \ packet-ospf.c \ packet-pcnfsd.c \ + packet-pflog.c \ packet-pgm.c \ packet-pim.c \ packet-pop.c \ diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index d9ef37dd6b..c234739fd8 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -1358,6 +1358,7 @@ B<http://www.ethereal.com>. Jirka Novak <j.novak[AT]netsystem.cz> Ricardo Barroetaveña <rbarroetavena[AT]veufort.com> Alan Harrison <alanharrison[AT]mail.com> + Mike Frantzen <frantzen[AT]w4g.org> Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c. diff --git a/epan/column-utils.c b/epan/column-utils.c index c332f5816a..4052b19385 100644 --- a/epan/column-utils.c +++ b/epan/column-utils.c @@ -1,7 +1,7 @@ /* column-utils.c * Routines for column utilities. * - * $Id: column-utils.c,v 1.10 2002/01/11 08:21:00 guy Exp $ + * $Id: column-utils.c,v 1.11 2002/01/29 08:44:49 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -154,6 +154,7 @@ col_add_fstr(column_info *cinfo, gint el, gchar *format, ...) { cinfo->col_data[i] = cinfo->col_buf[i]; } } + va_end(ap); } /* Appends a vararg list to a packet info string. */ @@ -182,6 +183,45 @@ col_append_fstr(column_info *cinfo, gint el, gchar *format, ...) { cinfo->col_data[i] = cinfo->col_buf[i]; } } + va_end(ap); +} + +/* Prepends a vararg list to a packet info string. */ +void +col_prepend_fstr(column_info *cinfo, gint el, gchar *format, ...) +{ + va_list ap; + int i, safe_orig = FALSE; + char *orig = NULL; + size_t max_len; + + if (el == COL_INFO) + max_len = COL_MAX_INFO_LEN; + else + max_len = COL_MAX_LEN; + + va_start(ap, format); + for (i = 0; i < cinfo->num_cols; i++) { + if (cinfo->fmt_matx[i][el]) { + if (cinfo->col_data[i] != cinfo->col_buf[i]) { + /* This was set with "col_set_str()"; which is effectively const */ + orig = cinfo->col_data[i]; + } else { + /* Need to cache the original string */ + if (!safe_orig) { + orig = alloca(max_len); + safe_orig = TRUE; + } + strncpy(orig, cinfo->col_buf[i], max_len); + orig[max_len - 1] = '\0'; + } + vsnprintf(cinfo->col_buf[i], max_len, format, ap); + strncat(cinfo->col_buf[i], orig, max_len); + cinfo->col_buf[i][max_len - 1] = '\0'; + cinfo->col_data[i] = cinfo->col_buf[i]; + } + } + va_end(ap); } /* Use this if "str" points to something that won't stay around (and diff --git a/epan/column-utils.h b/epan/column-utils.h index 69154c5d47..a0a230991d 100644 --- a/epan/column-utils.h +++ b/epan/column-utils.h @@ -1,7 +1,7 @@ /* column-utils.h * Definitions for column utility structures and routines * - * $Id: column-utils.h,v 1.5 2001/12/10 00:26:16 guy Exp $ + * $Id: column-utils.h,v 1.6 2002/01/29 08:44:49 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -48,9 +48,12 @@ extern void col_add_fstr(column_info *, gint, gchar *, ...) __attribute__((format (printf, 3, 4))); extern void col_append_fstr(column_info *, gint, gchar *, ...) __attribute__((format (printf, 3, 4))); +extern void col_prepend_fstr(column_info *, gint, gchar *, ...) + __attribute__((format (printf, 3, 4))); #else extern void col_add_fstr(column_info *, gint, gchar *, ...); extern void col_append_fstr(column_info *, gint, gchar *, ...); +extern void col_prepend_fstr(column_info *, gint, gchar *, ...); #endif extern void col_add_str(column_info *, gint, const gchar *); extern void col_append_str(column_info *, gint, gchar *); diff --git a/epan/plugins.c b/epan/plugins.c index e2b6779330..0a46ef9927 100644 --- a/epan/plugins.c +++ b/epan/plugins.c @@ -1,7 +1,7 @@ /* plugins.c * plugin routines * - * $Id: plugins.c,v 1.45 2002/01/05 04:12:16 gram Exp $ + * $Id: plugins.c,v 1.46 2002/01/29 08:44:49 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -288,6 +288,7 @@ init_plugins(const char *plugin_dir) patable.p_col_clear = col_clear; patable.p_col_add_fstr = col_add_fstr; patable.p_col_append_fstr = col_append_fstr; + patable.p_col_prepend_fstr = col_prepend_fstr; patable.p_col_add_str = col_add_str; patable.p_col_append_str = col_append_str; patable.p_col_set_str = col_set_str; diff --git a/packet-pflog.c b/packet-pflog.c new file mode 100644 index 0000000000..b706788578 --- /dev/null +++ b/packet-pflog.c @@ -0,0 +1,212 @@ +/* packet-pflog.c + * Routines for pflog (OpenBSD Firewall Logging) packet disassembly + * + * $Id: packet-pflog.c,v 1.1 2002/01/29 08:44:46 guy Exp $ + * + * Copyright 2001 Mike Frantzen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif + +#include <glib.h> +#include <epan/packet.h> +#include "etypes.h" +#include <epan/resolv.h> +#include "packet-ip.h" +#include "packet-ipv6.h" +#include "packet-pflog.h" + +#ifndef offsetof +/* Can't trust stddef.h to be there for us */ +# define offsetof(type, member) ((size_t)(&((type *)0)->member)) +#endif + +static dissector_handle_t data_handle, ip_handle, ipv6_handle, pflog_handle; + +/* header fields */ +static int proto_pflog = -1; +static int hf_pflog_af = -1; +static int hf_pflog_ifname = -1; +static int hf_pflog_rnr = -1; +static int hf_pflog_reason = -1; +static int hf_pflog_action = -1; +static int hf_pflog_dir = -1; + +static gint ett_pflog = -1; + +static char *pf_reasons[PFRES_MAX+2] = PFRES_NAMES; + + +void +capture_pflog(const u_char *pd, int offset, int len, packet_counts *ld) +{ + struct pfloghdr pflogh; + + if (!BYTES_ARE_IN_FRAME(offset, len, (int)PFLOG_HDRLEN)) { + ld->other++; + return; + } + + offset += PFLOG_HDRLEN; + + /* Copy out the pflog header to insure alignment */ + memcpy(&pflogh, pd, sizeof(pflogh)); + NTOHL(pflogh.af); + + if (pflogh.af == BSD_PF_INET) + capture_ip(pd, offset, len, ld); +#ifdef notyet + else if (pflogh.af == BSD_PF_INET6) + capture_ipv6(pd, offset, len, ld); +#endif + else + ld->other++; +} + +static void +dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + struct pfloghdr pflogh; + tvbuff_t *next_tvb; + proto_tree *pflog_tree; + proto_item *ti, *tf; + char *why; + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "pflog"); + + /* Copy out the pflog header to insure alignment */ + tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); + + /* Byteswap the header now */ + NTOHL(pflogh.af); + NTOHS(pflogh.rnr); + NTOHS(pflogh.reason); + NTOHS(pflogh.action); + NTOHS(pflogh.dir); + + why = (pflogh.reason < PFRES_MAX) ? pf_reasons[pflogh.reason] : "unkn"; + + if (tree) { + ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, + PFLOG_HDRLEN, + "PF Log %s %s on %s by rule %d", pflogh.af == BSD_PF_INET ? "IPv4" : + pflogh.af == BSD_PF_INET6 ? "IPv6" : "unkn", + pflogh.action == PF_PASS ? "passed" : + pflogh.action == PF_DROP ? "dropped" : + pflogh.action == PF_SCRUB ? "scrubbed" : "unkn", + pflogh.ifname, + pflogh.rnr); + pflog_tree = proto_item_add_subtree(ti, ett_pflog); + + tf = proto_tree_add_uint_format(pflog_tree, hf_pflog_rnr, tvb, + offsetof(struct pfloghdr, rnr), sizeof(pflogh.rnr), + pflogh.rnr, "Rule Number: %d", pflogh.rnr); + tf = proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb, + offsetof(struct pfloghdr, reason), sizeof(pflogh.reason), + pflogh.ifname); + tf = proto_tree_add_string(pflog_tree, hf_pflog_reason, tvb, + offsetof(struct pfloghdr, reason), sizeof(pflogh.reason), + why); + tf = proto_tree_add_string(pflog_tree, hf_pflog_action, tvb, + offsetof(struct pfloghdr, action), sizeof(pflogh.action), + pflogh.action == PF_PASS ? "pass" : + pflogh.action == PF_DROP ? "drop" : + pflogh.action == PF_SCRUB ? "scrub" : "unkn"); + tf = proto_tree_add_string(pflog_tree, hf_pflog_dir, tvb, + offsetof(struct pfloghdr, dir), sizeof(pflogh.dir), + pflogh.dir == PF_IN ? "in" : "out"); + } + + /* Set the tvbuff for the payload after the header */ + next_tvb = tvb_new_subset(tvb, PFLOG_HDRLEN, -1, -1); + + pinfo->ethertype = (hf_pflog_af == BSD_PF_INET) ? ETHERTYPE_IP : ETHERTYPE_IPv6; + if (pflogh.af == BSD_PF_INET) + call_dissector(ip_handle, next_tvb, pinfo, tree); + else if (pflogh.af == BSD_PF_INET6) + call_dissector(ipv6_handle, next_tvb, pinfo, tree); + else + call_dissector(data_handle, next_tvb, pinfo, tree); + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ", + pflogh.action == PF_PASS ? "passed" : + pflogh.action == PF_DROP ? "dropped" : + pflogh.action == PF_SCRUB ? "scrubbed" : "unkn", + pflogh.ifname, + pflogh.rnr); + } +} + +void +proto_register_pflog(void) +{ + static hf_register_info hf[] = { + { &hf_pflog_af, + { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, NULL, 0x0, + "Protocol (IPv4 vs IPv6)", HFILL }}, + { &hf_pflog_ifname, + { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0, + "Interface", HFILL }}, + { &hf_pflog_rnr, + { "Rule Number", "pflog.rnr", FT_UINT16, BASE_DEC, NULL, 0x0, + "Last matched firewall rule number", HFILL }}, + { &hf_pflog_reason, + { "Reason", "pflog.reason", FT_STRING, BASE_NONE, NULL, 0x0, + "Reason for logging the packet", HFILL }}, + { &hf_pflog_action, + { "Action", "pflog.action", FT_STRING, BASE_NONE, NULL, 0x0, + "Action taken by PF on the packet", HFILL }}, + { &hf_pflog_dir, + { "Direction", "pflog.dir", FT_STRING, BASE_NONE, NULL, 0x0, + "Direction of packet in stack (inbound versus outbound)", HFILL }}, + }; + static gint *ett[] = { &ett_pflog }; + + proto_pflog = proto_register_protocol("pflog", "pflog", "pflog"); + proto_register_field_array(proto_pflog, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + register_dissector("pflog", dissect_pflog, proto_pflog); +} + +void +proto_reg_handoff_pflog(void) +{ + dissector_handle_t pflog_handle; + + pflog_handle = find_dissector("pflog"); + ip_handle = find_dissector("ip"); + ipv6_handle = find_dissector("ipv6"); + data_handle = find_dissector("data"); + dissector_add("wtap_encap", WTAP_ENCAP_PFLOG, pflog_handle); +} diff --git a/packet-pflog.h b/packet-pflog.h new file mode 100644 index 0000000000..3bb785191b --- /dev/null +++ b/packet-pflog.h @@ -0,0 +1,83 @@ +/* packet-pflog.h + * + * $Id: packet-pflog.h,v 1.1 2002/01/29 08:44:46 guy Exp $ + * + * Copyright 2001 Mike Frantzen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __PACKET_PFLOG_H__ +#define __PACKET_PFLOG_H__ + +/* The header in OpenBSD pflog files. */ + +struct pfloghdr { + guint32 af; + char ifname[16]; + gint16 rnr; + guint16 reason; + guint16 action; + guint16 dir; +}; +#define PFLOG_HDRLEN sizeof(struct pfloghdr) + +/* Named reasons */ +#define PFRES_NAMES { \ + "match", \ + "bad-offset", \ + "fragment", \ + "short", \ + "normalize", \ + "memory", \ + NULL \ +} +#define PFRES_MAX 6 + +/* Actions */ +#define PF_PASS 0 +#define PF_DROP 1 +#define PF_SCRUB 2 + +/* Directions */ +#define PF_IN 0 +#define PF_OUT 1 + +/* BSDisms */ +#ifndef NTOHL +# define NTOHL(x) x = ntohl(x) +#endif +#ifndef NTOHS +# define NTONS(x) x = ntohs(x) +#endif +#ifndef HTONL +# define HTONL(x) x = htonl(x) +#endif +#ifndef HTONS +# define HTONS(x) x = htons(x) +#endif + +# define BSD_PF_INET 2 +# define BSD_PF_INET6 24 + +#endif /* __PACKET_PFLOG_H__ */ diff --git a/plugins/plugin_api.c b/plugins/plugin_api.c index 1d83fde0ec..3af42f8d42 100644 --- a/plugins/plugin_api.c +++ b/plugins/plugin_api.c @@ -1,7 +1,7 @@ /* plugin_api.c * Routines for Ethereal plugins. * - * $Id: plugin_api.c,v 1.33 2002/01/05 04:12:17 gram Exp $ + * $Id: plugin_api.c,v 1.34 2002/01/29 08:44:51 guy Exp $ * * Ethereal - Network traffic analyzer * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -38,6 +38,7 @@ plugin_address_table_init(plugin_address_table_t *pat) p_col_clear = pat->p_col_clear; p_col_add_fstr = pat->p_col_add_fstr; p_col_append_fstr = pat->p_col_append_fstr; + p_col_prepend_fstr = pat->p_col_prepend_fstr; p_col_add_str = pat->p_col_add_str; p_col_append_str = pat->p_col_append_str; p_col_set_str = pat->p_col_set_str; diff --git a/plugins/plugin_api.h b/plugins/plugin_api.h index fdefaf07e4..7b29baaf44 100644 --- a/plugins/plugin_api.h +++ b/plugins/plugin_api.h @@ -1,7 +1,7 @@ /* plugin_api.h * Routines for Ethereal plugins. * - * $Id: plugin_api.h,v 1.34 2002/01/21 07:37:45 guy Exp $ + * $Id: plugin_api.h,v 1.35 2002/01/29 08:44:51 guy Exp $ * * Ethereal - Network traffic analyzer * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -38,6 +38,7 @@ #define col_clear (*p_col_clear) #define col_add_fstr (*p_col_add_fstr) #define col_append_fstr (*p_col_append_fstr) +#define col_prepend_fstr (*p_col_prepend_fstr) #define col_add_str (*p_col_add_str) #define col_append_str (*p_col_append_str) #define col_set_str (*p_col_set_str) diff --git a/plugins/plugin_api_defs.h b/plugins/plugin_api_defs.h index 897399e6a7..0a3f7f7377 100644 --- a/plugins/plugin_api_defs.h +++ b/plugins/plugin_api_defs.h @@ -1,7 +1,7 @@ /* plugin_api_defs.h * Define the variables that hold pointers to plugin API functions * - * $Id: plugin_api_defs.h,v 1.9 2002/01/05 04:12:17 gram Exp $ + * $Id: plugin_api_defs.h,v 1.10 2002/01/29 08:44:51 guy Exp $ * * Ethereal - Network traffic analyzer * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -27,6 +27,7 @@ addr_check_col p_check_col; addr_col_clear p_col_clear; addr_col_add_fstr p_col_add_fstr; addr_col_append_fstr p_col_append_fstr; +addr_col_prepend_fstr p_col_prepend_fstr; addr_col_add_str p_col_add_str; addr_col_append_str p_col_append_str; addr_col_set_str p_col_set_str; diff --git a/plugins/plugin_table.h b/plugins/plugin_table.h index 7dd259811f..c40fbd8644 100644 --- a/plugins/plugin_table.h +++ b/plugins/plugin_table.h @@ -1,7 +1,7 @@ /* plugin_table.h * Table of exported addresses for Ethereal plugins. * - * $Id: plugin_table.h,v 1.36 2002/01/05 04:12:17 gram Exp $ + * $Id: plugin_table.h,v 1.37 2002/01/29 08:44:51 guy Exp $ * * Ethereal - Network traffic analyzer * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -32,6 +32,7 @@ typedef gint (*addr_check_col)(column_info*, gint); typedef void (*addr_col_clear)(column_info*, gint); typedef void (*addr_col_add_fstr)(column_info*, gint, gchar*, ...); typedef void (*addr_col_append_fstr)(column_info*, gint, gchar*, ...); +typedef void (*addr_col_prepend_fstr)(column_info*, gint, gchar*, ...); typedef void (*addr_col_add_str)(column_info*, gint, const gchar*); typedef void (*addr_col_append_str)(column_info*, gint, gchar*); typedef void (*addr_col_set_str)(column_info*, gint, gchar*); @@ -215,6 +216,7 @@ typedef struct { addr_col_clear p_col_clear; addr_col_add_fstr p_col_add_fstr; addr_col_append_fstr p_col_append_fstr; + addr_col_prepend_fstr p_col_prepend_fstr; addr_col_add_str p_col_add_str; addr_col_append_str p_col_append_str; addr_col_set_str p_col_set_str; diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index b10d1d2317..b4c1bad05c 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c,v 1.62 2001/12/04 07:32:05 guy Exp $ + * $Id: libpcap.c,v 1.63 2002/01/29 08:44:53 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -230,7 +230,12 @@ static const struct { /* * 17 is DLT_LANE8023 in SuSE 6.3 libpcap; we don't currently * handle it. + * It is also used as the PF (Packet Filter) logging format beginning + * with OpenBSD 3.0. */ +#if defined(DLT_PFLOG) && (DLT_PFLOG == 17) + { 17, WTAP_ENCAP_PFLOG }, +#endif /* * 18 is DLT_CIP in SuSE 6.3 libpcap; if it's the same as the @@ -366,6 +371,13 @@ static const struct { { 114, WTAP_ENCAP_LOCALTALK }, /* Localtalk */ + /* + * The tcpdump.org version of libpcap uses 117, rather than 17, + * for OpenBSD packet filter logging, so as to avoid conflicting + * with DLT_LANE8023 in SuSE 6.3 libpcap. + */ + { 117, WTAP_ENCAP_PFLOG }, + { 118, WTAP_ENCAP_CISCO_IOS }, { 119, WTAP_ENCAP_PRISM_HEADER }, /* Prism monitor mode hdr */ }; diff --git a/wiretap/wtap.c b/wiretap/wtap.c index 75f3f40326..253eda2159 100644 --- a/wiretap/wtap.c +++ b/wiretap/wtap.c @@ -1,6 +1,6 @@ /* wtap.c * - * $Id: wtap.c,v 1.58 2001/11/30 07:14:22 guy Exp $ + * $Id: wtap.c,v 1.59 2002/01/29 08:44:53 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -133,6 +133,9 @@ static const struct encap_type_info { /* WTAP_ENCAP_PRISM_HEADER */ { "IEEE 802.11 plus Prism II monitor mode header", "prism" }, + + /* WTAP_ENCAP_PFLOG */ + { "OpenBSD PF Firewall logs", "pflog" }, }; /* Name that should be somewhat descriptive. */ diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 6619956147..74df2e1c70 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.101 2002/01/23 06:32:52 guy Exp $ + * $Id: wtap.h,v 1.102 2002/01/29 08:44:53 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -101,9 +101,10 @@ #define WTAP_ENCAP_CISCO_IOS 22 #define WTAP_ENCAP_LOCALTALK 23 #define WTAP_ENCAP_PRISM_HEADER 24 +#define WTAP_ENCAP_PFLOG 25 /* last WTAP_ENCAP_ value + 1 */ -#define WTAP_NUM_ENCAP_TYPES 25 +#define WTAP_NUM_ENCAP_TYPES 26 /* File types that can be read by wiretap. We support writing some many of these file types, too, so we |