id summary reporter owner description type status priority milestone component version resolution keywords cc 7 Support for (OpenBSD) PFLog low-level pseudo packet type Pierre LALET pbi "This patch adds support for the OpenBSD PFLog low-level pseudo packet type. This is used by Packet Filter to store packet logged (via /var/log/pflog or pflog pseudo-interfaces). {{{ --- scapy.py.official 2006-08-11 14:47:52.000000000 +0200 +++ scapy.py 2006-08-22 21:33:23.000000000 +0200 @@ -3923,6 +3923,13 @@ class StrField(Field): self.shift = shift def i2len(self, pkt, i): return len(i)+self.shift + def i2repr(self, pkt, x): + try: + while x[-1] == ""\x00"": + x = x[:-1] + except IndexError: + pass + return x def i2m(self, pkt, x): if x is None: x = """" @@ -5831,8 +5838,46 @@ class CookedLinux(Packet): ShortField(""lladdrlen"",0), StrFixedLenField(""src"","""",8), XShortEnumField(""proto"",0x800,ETHER_TYPES) ] - - + + +class PFLog(Packet): + name = ""PFLog"" + # from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h + fields_desc = [ ByteField(""hdrlen"", 0), + ByteEnumField(""addrfamily"", 2, {socket.AF_INET: ""IPv4"", + socket.AF_INET6: ""IPv6""}), + ByteEnumField(""action"", 1, {0: ""pass"", 1: ""drop"", + 2: ""scrub"", 3: ""no-scrub"", + 4: ""nat"", 5: ""no-nat"", + 6: ""binat"", 7: ""no-binat"", + 8: ""rdr"", 9: ""no-rdr"", + 10: ""syn-proxy-drop"" }), + ByteEnumField(""reason"", 0, {0: ""match"", 1: ""bad-offset"", + 2: ""fragment"", 3: ""short"", + 4: ""normalize"", 5: ""memory"", + 6: ""bad-timestamp"", + 7: ""congestion"", + 8: ""ip-options"", + 9: ""proto-cksum"", + 10: ""state-mismatch"", + 11: ""state-insert"", + 12: ""state-limit"", + 13: ""src-limit"", + 14: ""syn-proxy"" }), + StrFixedLenField(""iface"", """", 16), + StrFixedLenField(""ruleset"", """", 16), + SignedIntField(""rulenumber"", 0), + SignedIntField(""subrulenumber"", 0), + SignedIntField(""uid"", 0), + IntField(""pid"", 0), + SignedIntField(""ruleuid"", 0), + IntField(""rulepid"", 0), + ByteEnumField(""direction"", 255, {0: ""inout"", 1: ""in"", + 2:""out"", 255: ""unknown""}), + StrFixedLenField(""pad"", ""\x00\x00\x00"", 3 ) ] + def mysummary(self): + return self.sprintf(""%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%"") + class SNAP(Packet): name = ""SNAP"" @@ -8287,6 +8332,8 @@ layer_bonds = [ ( Dot3, LLC, { } ( CookedLinux, EAPOL, { ""proto"" : 0x888e } ), ( CookedLinux, PPPoED, { ""proto"" : 0x8863 } ), ( CookedLinux, PPPoE, { ""proto"" : 0x8864 } ), + ( PFLog, IP, { ""addrfamily"" : socket.AF_INET } ), + ( PFLog, IP, { ""addrfamily"" : socket.AF_INET6 } ), ( GRE, LLC, { ""proto"" : 0x007a } ), ( GRE, Dot1Q, { ""proto"" : 0x8100 } ), ( GRE, Ether, { ""proto"" : 0x0001 } ), @@ -8456,6 +8503,7 @@ LLTypes = { ARPHDR_ETHER : Ether_Dot3_Di 802 : PrismHeader, 105 : Dot11, 113 : CookedLinux, + 117 : PFLog, 119 : PrismHeader, # for atheros 144 : CookedLinux, # called LINUX_IRDA, similar to CookedLinux 783 : IrLAPHead, @@ -8469,6 +8517,7 @@ LLNumTypes = { Ether : ARPHDR_ETHER, PrismHeader : 802, Dot11 : 105, CookedLinux : 113, + PFLog : 117, CookedLinux : 144, IrLAPHead : 783 } }}} " new layer closed minor scapy 2.2 Scapy fixed OpenBSD PF low-level