pflog.py revision d7dd2222e18718ea755fe780e8ef422901ba5b0b
1## This file is part of Scapy 2## See http://www.secdev.org/projects/scapy for more informations 3## Copyright (C) Philippe Biondi <phil@secdev.org> 4## This program is published under a GPLv2 license 5 6from scapy.packet import * 7from scapy.fields import * 8from scapy.layers.inet import IP 9if conf.ipv6_enabled: 10 from scapy.layers.inet6 import IPv6 11from scapy.config import conf 12 13class PFLog(Packet): 14 name = "PFLog" 15 # from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h 16 fields_desc = [ ByteField("hdrlen", 0), 17 ByteEnumField("addrfamily", 2, {socket.AF_INET: "IPv4", 18 socket.AF_INET6: "IPv6"}), 19 ByteEnumField("action", 1, {0: "pass", 1: "drop", 20 2: "scrub", 3: "no-scrub", 21 4: "nat", 5: "no-nat", 22 6: "binat", 7: "no-binat", 23 8: "rdr", 9: "no-rdr", 24 10: "syn-proxy-drop" }), 25 ByteEnumField("reason", 0, {0: "match", 1: "bad-offset", 26 2: "fragment", 3: "short", 27 4: "normalize", 5: "memory", 28 6: "bad-timestamp", 29 7: "congestion", 30 8: "ip-options", 31 9: "proto-cksum", 32 10: "state-mismatch", 33 11: "state-insert", 34 12: "state-limit", 35 13: "src-limit", 36 14: "syn-proxy" }), 37 StrFixedLenField("iface", "", 16), 38 StrFixedLenField("ruleset", "", 16), 39 SignedIntField("rulenumber", 0), 40 SignedIntField("subrulenumber", 0), 41 SignedIntField("uid", 0), 42 IntField("pid", 0), 43 SignedIntField("ruleuid", 0), 44 IntField("rulepid", 0), 45 ByteEnumField("direction", 255, {0: "inout", 1: "in", 46 2:"out", 255: "unknown"}), 47 StrFixedLenField("pad", "\x00\x00\x00", 3 ) ] 48 def mysummary(self): 49 return self.sprintf("%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%") 50 51bind_layers(PFLog, IP, addrfamily=socket.AF_INET) 52if conf.ipv6_enabled: 53 bind_layers(PFLog, IPv6, addrfamily=socket.AF_INET6) 54 55conf.l2types.register(117, PFLog) 56