1 ## This file is part of Scapy 2 ## See http://www.secdev.org/projects/scapy for more informations 3 ## Copyright (C) Philippe Biondi <phil (at] secdev.org> 4 ## This program is published under a GPLv2 license 5 6 """ 7 PFLog: OpenBSD PF packet filter logging. 8 """ 9 10 from scapy.data import DLT_PFLOG 11 from scapy.packet import * 12 from scapy.fields import * 13 from scapy.layers.inet import IP 14 if conf.ipv6_enabled: 15 from scapy.layers.inet6 import IPv6 16 from scapy.config import conf 17 18 class PFLog(Packet): 19 name = "PFLog" 20 # from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h 21 fields_desc = [ ByteField("hdrlen", 0), 22 ByteEnumField("addrfamily", 2, {socket.AF_INET: "IPv4", 23 socket.AF_INET6: "IPv6"}), 24 ByteEnumField("action", 1, {0: "pass", 1: "drop", 25 2: "scrub", 3: "no-scrub", 26 4: "nat", 5: "no-nat", 27 6: "binat", 7: "no-binat", 28 8: "rdr", 9: "no-rdr", 29 10: "syn-proxy-drop" }), 30 ByteEnumField("reason", 0, {0: "match", 1: "bad-offset", 31 2: "fragment", 3: "short", 32 4: "normalize", 5: "memory", 33 6: "bad-timestamp", 34 7: "congestion", 35 8: "ip-options", 36 9: "proto-cksum", 37 10: "state-mismatch", 38 11: "state-insert", 39 12: "state-limit", 40 13: "src-limit", 41 14: "syn-proxy" }), 42 StrFixedLenField("iface", "", 16), 43 StrFixedLenField("ruleset", "", 16), 44 SignedIntField("rulenumber", 0), 45 SignedIntField("subrulenumber", 0), 46 SignedIntField("uid", 0), 47 IntField("pid", 0), 48 SignedIntField("ruleuid", 0), 49 IntField("rulepid", 0), 50 ByteEnumField("direction", 255, {0: "inout", 1: "in", 51 2:"out", 255: "unknown"}), 52 StrFixedLenField("pad", b"\x00\x00\x00", 3 ) ] 53 def mysummary(self): 54 return self.sprintf("%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%") 55 56 bind_layers(PFLog, IP, addrfamily=socket.AF_INET) 57 if conf.ipv6_enabled: 58 bind_layers(PFLog, IPv6, addrfamily=socket.AF_INET6) 59 60 conf.l2types.register(DLT_PFLOG, PFLog) 61
