|
Lines 835-846
Link Here
|
| 835 |
|
835 |
|
| 836 |
|
836 |
|
| 837 |
/* |
837 |
/* |
| 838 |
* Snort supports 3 versions of the OpenBSD pflog header: |
838 |
* Snort supports 5 versions of the OpenBSD pflog header: |
| 839 |
* |
839 |
* |
| 840 |
* Pflog1_Hdr: CVS = 1.3, DLT_OLD_PFLOG = 17, Length = 28 |
840 |
* Pflog1_Hdr: CVS = 1.3, DLT_OLD_PFLOG = 17, Length = 28 |
| 841 |
* Pflog2_Hdr: CVS = 1.8, DLT_PFLOG = 117, Length = 48 |
841 |
* Pflog2_Hdr: CVS = 1.8, DLT_PFLOG = 117, Length = 48 |
| 842 |
* Pflog3_Hdr: CVS = 1.12, DLT_PFLOG = 117, Length = 64 |
842 |
* Pflog3_Hdr: CVS = 1.12, DLT_PFLOG = 117, Length = 64 |
| 843 |
* Pflog3_Hdr: CVS = 1.172, DLT_PFLOG = 117, Length = 100 |
843 |
* Pflog4_Hdr: CVS = 1.172, DLT_PFLOG = 117, Length = 100 |
|
|
844 |
* PflogFbsd_Hdr: FBSD13.1, DLT_PFLOG = 117, Length = 72 |
| 844 |
* |
845 |
* |
| 845 |
* Since they have the same DLT, Pflog{2,3}Hdr are distinguished |
846 |
* Since they have the same DLT, Pflog{2,3}Hdr are distinguished |
| 846 |
* by their actual length. The minimum required length excludes |
847 |
* by their actual length. The minimum required length excludes |
|
Lines 937-942
Link Here
|
| 937 |
#define PFLOG4_HDRLEN sizeof(struct _Pflog4_hdr) |
938 |
#define PFLOG4_HDRLEN sizeof(struct _Pflog4_hdr) |
| 938 |
#define PFLOG4_HDRMIN sizeof(struct _Pflog4_hdr) |
939 |
#define PFLOG4_HDRMIN sizeof(struct _Pflog4_hdr) |
| 939 |
|
940 |
|
|
|
941 |
|
| 942 |
typedef struct _PflogFbsd_hdr |
| 943 |
{ |
| 944 |
uint8_t length; |
| 945 |
uint8_t af; |
| 946 |
uint8_t action; |
| 947 |
uint8_t reason; |
| 948 |
char ifname[IFNAMSIZ]; |
| 949 |
char ruleset[PFLOG_RULELEN]; |
| 950 |
uint32_t rulenr; |
| 951 |
uint32_t subrulenr; |
| 952 |
uint32_t uid; |
| 953 |
uint32_t pid; |
| 954 |
uint32_t rule_uid; |
| 955 |
uint32_t rule_pid; |
| 956 |
uint8_t dir; |
| 957 |
uint8_t pad[3]; |
| 958 |
uint32_t ridentifier; |
| 959 |
uint8_t reserve; |
| 960 |
uint8_t pad2[3]; |
| 961 |
} PflogFbsdHdr; |
| 962 |
|
| 963 |
#define PFLOGFBSD_HDRLEN sizeof(struct _PflogFbsd_hdr) |
| 964 |
#define PFLOGFBSD_HDRMIN (PFLOGFBSD_HDRLEN - PFLOG_PADLEN) |
| 965 |
|
| 940 |
/* |
966 |
/* |
| 941 |
* ssl_pkttype values. |
967 |
* ssl_pkttype values. |
| 942 |
*/ |
968 |
*/ |
|
Lines 1805-1810
Link Here
|
| 1805 |
Pflog2Hdr *pf2h; /* OpenBSD pflog interface header - version 2 */ |
1831 |
Pflog2Hdr *pf2h; /* OpenBSD pflog interface header - version 2 */ |
| 1806 |
Pflog3Hdr *pf3h; /* OpenBSD pflog interface header - version 3 */ |
1832 |
Pflog3Hdr *pf3h; /* OpenBSD pflog interface header - version 3 */ |
| 1807 |
Pflog4Hdr *pf4h; /* OpenBSD pflog interface header - version 4 */ |
1833 |
Pflog4Hdr *pf4h; /* OpenBSD pflog interface header - version 4 */ |
|
|
1834 |
PflogFbsdHdr *pffbsdh; /* FreeBSD pflog interface header - FreeBSD 13.1 */ |
| 1808 |
|
1835 |
|
| 1809 |
#ifdef DLT_LINUX_SLL |
1836 |
#ifdef DLT_LINUX_SLL |
| 1810 |
const SLLHdr *sllh; /* Linux cooked sockets header */ |
1837 |
const SLLHdr *sllh; /* Linux cooked sockets header */ |