diff options
| author |   bluhm <bluhm@openbsd.org> | 2021-01-20 13:40:15 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2021-01-20 13:40:15 +0000 |
| commit | a0942b10af817d9babc3e6a5ec8005dfb7e4e3e8 (patch) | |
| tree | 1e49d70ac3ab59da05af37ea878ceb1fed63226d | |
| parent | Reprogram outbound windows to match the device tree. Necessary because (diff) | |
| download | wireguard-openbsd-a0942b10af817d9babc3e6a5ec8005dfb7e4e3e8.tar.xz wireguard-openbsd-a0942b10af817d9babc3e6a5ec8005dfb7e4e3e8.zip | |
Print rewritten addresses in tcpdump(8) logged with pflog(4) for
rdr-to, nat-to, af-to rules. The kernel uses the information from
the packet description and fills it into the fields in the pflog
header. While doing this, it is trival to figure out whether the
packet has been rewritten.
OK sashan@
| -rw-r--r-- | sys/net/if_pflog.c | 13 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/print-pflog.c | 31 |
2 files changed, 28 insertions, 16 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index b574900593e..7b63991676e 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.95 2021/01/19 22:22:23 bluhm Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.96 2021/01/20 13:40:15 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -230,11 +230,18 @@ pflog_packet(struct pf_pdesc *pd, u_int8_t reason, struct pf_rule *rm, hdr.rule_uid = rm->cuid; hdr.rule_pid = rm->cpid; hdr.dir = pd->dir; + hdr.af = pd->af; + if (pd->af != pd->naf || + pf_addr_compare(pd->src, &pd->nsaddr, pd->naf) != 0 || + pf_addr_compare(pd->dst, &pd->ndaddr, pd->naf) != 0 || + pd->osport != pd->nsport || + pd->odport != pd->ndport) { + hdr.rewritten = 1; + } + hdr.naf = pd->naf; pf_addrcpy(&hdr.saddr, &pd->nsaddr, pd->naf); pf_addrcpy(&hdr.daddr, &pd->ndaddr, pd->naf); - hdr.af = pd->af; - hdr.naf = pd->naf; hdr.sport = pd->nsport; hdr.dport = pd->ndport; diff --git a/usr.sbin/tcpdump/print-pflog.c b/usr.sbin/tcpdump/print-pflog.c index 26475f9df33..c207771d936 100644 --- a/usr.sbin/tcpdump/print-pflog.c +++ b/usr.sbin/tcpdump/print-pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-pflog.c,v 1.32 2018/10/22 16:12:45 kn Exp $ */ +/* $OpenBSD: print-pflog.c,v 1.33 2021/01/20 13:40:15 bluhm Exp $ */ /* * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 @@ -64,7 +64,6 @@ pflog_if_print(u_char *user, const struct pcap_pkthdr *h, const struct ip *ip; const struct ip6_hdr *ip6; const struct pfloghdr *hdr; - u_int8_t af; ts_print(&h->ts); @@ -153,34 +152,40 @@ pflog_if_print(u_char *user, const struct pcap_pkthdr *h, if (vflag && hdr->rewritten) { char buf[48]; - if (inet_ntop(hdr->af, &hdr->saddr.v4, buf, + printf("[rewritten: "); + if (inet_ntop(hdr->naf, &hdr->saddr, buf, sizeof(buf)) == NULL) - printf("[orig src ?, "); + printf("src ?"); else - printf("[orig src %s:%u, ", buf, - ntohs(hdr->sport)); - if (inet_ntop(hdr->af, &hdr->daddr.v4, buf, + printf("src %s:%u", buf, ntohs(hdr->sport)); + printf(", "); + if (inet_ntop(hdr->naf, &hdr->daddr, buf, sizeof(buf)) == NULL) - printf("dst ?] "); + printf("dst ?"); else - printf("dst %s:%u] ", buf, - ntohs(hdr->dport)); + printf("dst %s:%u", buf, ntohs(hdr->dport)); + printf("] "); } } - af = hdr->naf; length -= hdrlen; - if (af == AF_INET) { + switch(hdr->af) { + case AF_INET: ip = (struct ip *)(p + hdrlen); ip_print((const u_char *)ip, length); if (xflag) default_print((const u_char *)ip, caplen - hdrlen); - } else { + break; + case AF_INET6: ip6 = (struct ip6_hdr *)(p + hdrlen); ip6_print((const u_char *)ip6, length); if (xflag) default_print((const u_char *)ip6, caplen - hdrlen); + break; + default: + printf("unknown-af %d", hdr->af); + break; } out: |