FreeBSD Bugzilla – Attachment 240725 Details for
Bug 270090
security/snort: Add support for FreeBSD 13.1 pflog header format
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for FreeBSD 13.1 pflog header format
patch-pflog-header (text/plain), 2.57 KB, created by
ldd
on 2023-03-10 16:16:11 UTC
(
hide
)
Description:
patch for FreeBSD 13.1 pflog header format
Filename:
MIME Type:
Creator:
ldd
Created:
2023-03-10 16:16:11 UTC
Size:
2.57 KB
patch
obsolete
>--- src/decode.h.orig 2022-05-18 00:45:01 >+++ src/decode.h 2023-02-24 11:46:59 >@@ -835,12 +835,13 @@ > > > /* >- * Snort supports 3 versions of the OpenBSD pflog header: >+ * Snort supports 5 versions of the OpenBSD pflog header: > * >- * Pflog1_Hdr: CVS = 1.3, DLT_OLD_PFLOG = 17, Length = 28 >- * Pflog2_Hdr: CVS = 1.8, DLT_PFLOG = 117, Length = 48 >- * Pflog3_Hdr: CVS = 1.12, DLT_PFLOG = 117, Length = 64 >- * Pflog3_Hdr: CVS = 1.172, DLT_PFLOG = 117, Length = 100 >+ * Pflog1_Hdr: CVS = 1.3, DLT_OLD_PFLOG = 17, Length = 28 >+ * Pflog2_Hdr: CVS = 1.8, DLT_PFLOG = 117, Length = 48 >+ * Pflog3_Hdr: CVS = 1.12, DLT_PFLOG = 117, Length = 64 >+ * Pflog4_Hdr: CVS = 1.172, DLT_PFLOG = 117, Length = 100 >+ * PflogFbsd_Hdr: FBSD13.1, DLT_PFLOG = 117, Length = 72 > * > * Since they have the same DLT, Pflog{2,3}Hdr are distinguished > * by their actual length. The minimum required length excludes >@@ -937,6 +938,31 @@ > #define PFLOG4_HDRLEN sizeof(struct _Pflog4_hdr) > #define PFLOG4_HDRMIN sizeof(struct _Pflog4_hdr) > >+ >+typedef struct _PflogFbsd_hdr >+{ >+ uint8_t length; >+ uint8_t af; >+ uint8_t action; >+ uint8_t reason; >+ char ifname[IFNAMSIZ]; >+ char ruleset[PFLOG_RULELEN]; >+ uint32_t rulenr; >+ uint32_t subrulenr; >+ uint32_t uid; >+ uint32_t pid; >+ uint32_t rule_uid; >+ uint32_t rule_pid; >+ uint8_t dir; >+ uint8_t pad[3]; >+ uint32_t ridentifier; >+ uint8_t reserve; >+ uint8_t pad2[3]; >+} PflogFbsdHdr; >+ >+#define PFLOGFBSD_HDRLEN sizeof(struct _PflogFbsd_hdr) >+#define PFLOGFBSD_HDRMIN (PFLOGFBSD_HDRLEN - PFLOG_PADLEN) >+ > /* > * ssl_pkttype values. > */ >@@ -1805,6 +1831,7 @@ > Pflog2Hdr *pf2h; /* OpenBSD pflog interface header - version 2 */ > Pflog3Hdr *pf3h; /* OpenBSD pflog interface header - version 3 */ > Pflog4Hdr *pf4h; /* OpenBSD pflog interface header - version 4 */ >+ PflogFbsdHdr *pffbsdh; /* FreeBSD pflog interface header - FreeBSD 13.1 */ > > #ifdef DLT_LINUX_SLL > const SLLHdr *sllh; /* Linux cooked sockets header */ >--- src/decode.c.orig 2023-02-23 00:22:48 >+++ src/decode.c 2023-02-24 11:45:14 >@@ -7073,6 +7073,13 @@ > af = p->pf4h->af; > padlen = sizeof(p->pf4h->pad); > break; >+ case PFLOGFBSD_HDRMIN: >+ p->pffbsdh = (PflogFbsdHdr*)pkt; >+ pflen = p->pffbsdh->length; >+ hlen = PFLOGFBSD_HDRLEN; >+ af = p->pffbsdh->af; >+ padlen = sizeof(p->pffbsdh->pad); >+ break; > default: > if (ScLogVerbose()) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=240725">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 270090
: 240725