[Tcpick-project] [PATCH] pflog support
Status: Beta
Brought to you by:
duskdruid
Menu
▾
▴
[Tcpick-project] [PATCH] pflog support
|
From: kirash <ki...@in...> - 2004-04-15 09:55:54
|
explanation (very short):
in main()[tcpick.c] , if pcap_lookupnet return -1, set netp and maskp to
zero, print a warning message and go on... this is necessary because
pflog is a pseudodevice without ip address.
in datalink.c
ip_trasl for DLT_PFLOG is 48 (for OpenBSD 3.3 and higher):
struct pfloghdr {
u_int8_t length;
sa_family_t af;
u_int8_t action;
u_int8_t reason;
char ifname[IFNAMSIZ];
char ruleset[PF_RULESET_NAME_SIZE];
u_int32_t rulenr;
u_int32_t subrulenr;
u_int8_t dir;
u_int8_t pad[3];
};
however, this is a silly pflog support, because pflog packet contain
other significant info, for a complete implementation see ethreal sources.
PATCH:
diff tcpick-0.1.22/src/datalink.c tcpick-0.1.22-pflog/src/datalink.c
--- tcpick-0.1.22/src/datalink.c Fri Mar 19 22:14:48 2004
+++ tcpick-0.1.22-pflog/src/datalink.c Thu Apr 15 10:53:55 2004
@@ -138,6 +138,13 @@
break;
}
#endif
+#ifdef DLT_PFLOG
+ case DLT_PFLOG:
+ {
+ strcpy(str,"DLT_PFLOG");
+ break;
+ }
+#endif
default:
{
sprintf(str,"NOT RECOGNIZED DATALINK(0x%x)(%d)",numba,numba);
@@ -183,10 +190,11 @@
break;
}
#endif
-#ifdef DLT_LOOP /* not tested */
+#ifdef DLT_LOOP
case DLT_LOOP:
{
ip_trasl=4;
+ break;
}
#endif
#ifdef DLT_LINUX_SLL
@@ -196,10 +204,11 @@
break;
}
#endif
-#ifdef DLT_PFLOG /* not tested */
+#ifdef DLT_PFLOG
case DLT_PFLOG:
{
- ip_trasl=28;
+ ip_trasl=48;
+ break;
}
#endif
diff tcpick-0.1.22/src/tcpick.c tcpick-0.1.22-pflog/src/tcpick.c
--- tcpick-0.1.22/src/tcpick.c Sun Feb 29 14:44:35 2004
+++ tcpick-0.1.22-pflog/src/tcpick.c Wed Apr 14 19:53:01 2004
@@ -466,10 +466,11 @@
ret=pcap_lookupnet(dev,&netp,&maskp,(char *)errbuf);
if (ret==-1)
{
+ netp = 0;
+ maskp = 0;
errcolor();
fprintf(stderr,"%s\n",errbuf);
resetcolor();
- exit(-1);
}
addr.s_addr = netp;
--
GLS aka KIRASH
|
