Startsida Utforska Hjälp
Registrera dig Logga in
scw
/
munchclient
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 8f6d7bd4e4
Grenar Taggar
munchclient
/
vendor
/
github.com
/
google
/
gopacket
/
layers
/
pflog.go

pflog.go 2.1 KB
Historik

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. // Copyright 2012 Google, Inc. All rights reserved.
    2. 

  2. //
    3. 

  3. // Use of this source code is governed by a BSD-style license
    4. 

  4. // that can be found in the LICENSE file in the root of the source
    5. 

  5. // tree.
    6. 

  6. 

  7. package layers
    8. 

  8. 

  9. import (
    10. 

  10. 	"encoding/binary"
    11. 

  11. 	"errors"
    12. 

  12. 

  13. 	"github.com/google/gopacket"
    14. 

  14. )
    15. 

  15. 

  16. type PFDirection uint8
    17. 

  17. 

  18. const (
    19. 

  19. 	PFDirectionInOut PFDirection = 0
    20. 

  20. 	PFDirectionIn    PFDirection = 1
    21. 

  21. 	PFDirectionOut   PFDirection = 2
    22. 

  22. )
    23. 

  23. 

  24. // PFLog provides the layer for 'pf' packet-filter logging, as described at
    25. 

  25. // http://www.freebsd.org/cgi/man.cgi?query=pflog&sektion=4
    26. 

  26. type PFLog struct {
    27. 

  27. 	BaseLayer
    28. 

  28. 	Length              uint8
    29. 

  29. 	Family              ProtocolFamily
    30. 

  30. 	Action, Reason      uint8
    31. 

  31. 	IFName, Ruleset     []byte
    32. 

  32. 	RuleNum, SubruleNum uint32
    33. 

  33. 	UID                 uint32
    34. 

  34. 	PID                 int32
    35. 

  35. 	RuleUID             uint32
    36. 

  36. 	RulePID             int32
    37. 

  37. 	Direction           PFDirection
    38. 

  38. 	// The remainder is padding
    39. 

  39. }
    40. 

  40. 

  41. func (pf *PFLog) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
    42. 

  42. 	pf.Length = data[0]
    43. 

  43. 	pf.Family = ProtocolFamily(data[1])
    44. 

  44. 	pf.Action = data[2]
    45. 

  45. 	pf.Reason = data[3]
    46. 

  46. 	pf.IFName = data[4:20]
    47. 

  47. 	pf.Ruleset = data[20:36]
    48. 

  48. 	pf.RuleNum = binary.BigEndian.Uint32(data[36:40])
    49. 

  49. 	pf.SubruleNum = binary.BigEndian.Uint32(data[40:44])
    50. 

  50. 	pf.UID = binary.BigEndian.Uint32(data[44:48])
    51. 

  51. 	pf.PID = int32(binary.BigEndian.Uint32(data[48:52]))
    52. 

  52. 	pf.RuleUID = binary.BigEndian.Uint32(data[52:56])
    53. 

  53. 	pf.RulePID = int32(binary.BigEndian.Uint32(data[56:60]))
    54. 

  54. 	pf.Direction = PFDirection(data[60])
    55. 

  55. 	if pf.Length%4 != 1 {
    56. 

  56. 		return errors.New("PFLog header length should be 3 less than multiple of 4")
    57. 

  57. 	}
    58. 

  58. 	actualLength := int(pf.Length) + 3
    59. 

  59. 	pf.Contents = data[:actualLength]
    60. 

  60. 	pf.Payload = data[actualLength:]
    61. 

  61. 	return nil
    62. 

  62. }
    63. 

  63. 

  64. // LayerType returns layers.LayerTypePFLog
    65. 

  65. func (pf *PFLog) LayerType() gopacket.LayerType { return LayerTypePFLog }
    66. 

  66. 

  67. func (pf *PFLog) CanDecode() gopacket.LayerClass { return LayerTypePFLog }
    68. 

  68. 

  69. func (pf *PFLog) NextLayerType() gopacket.LayerType {
    70. 

  70. 	return pf.Family.LayerType()
    71. 

  71. }
    72. 

  72. 

  73. func decodePFLog(data []byte, p gopacket.PacketBuilder) error {
    74. 

  74. 	pf := &PFLog{}
    75. 

  75. 	return decodingLayerDecoder(pf, data, p)
    76. 

  76. }
    77.