Changeset a6badc2
- Timestamp:
- 04/28/05 15:58:51 (17 years ago)
- Branches:
- 4.0.1-hotfixes, cachetimestamps, develop, dpdk-ndag, etsilive, getfragoff, help, libtrace4, master, ndag_format, pfring, rc-4.0.1, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance, ringtimestampfixes
- Children:
- b13027e
- Parents:
- 58e9e02
- Location:
- lib
- Files:
-
- 2 edited
-
libtrace.h (modified) (1 diff)
-
trace.c (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
lib/libtrace.h
r58e9e02 ra6badc2 380 380 TRACE_TYPE_80211, 381 381 TRACE_TYPE_NONE, 382 TRACE_TYPE_LINUX_SLL 382 TRACE_TYPE_LINUX_SLL, 383 TRACE_TYPE_PFLOG 383 384 } libtrace_linktype_t; 384 385 -
lib/trace.c
r58e9e02 ra6badc2 205 205 char addr[8]; /* link-layer address */ 206 206 uint16_t protocol; /* protocol */ 207 }; 208 209 #ifndef PF_RULESET_NAME_SIZE 210 #define PF_RULESET_NAME_SIZE 16 211 #endif 212 213 struct trace_pflog_header_t { 214 uint8_t length; 215 sa_family_t af; 216 uint8_t action; 217 uint8_t reason; 218 char ifname[IFNAMSIZ]; 219 char ruleset[PF_RULESET_NAME_SIZE]; 220 uint32_t rulenr; 221 uint32_t subrulenr; 222 uint8_t dir; 223 uint8_t pad[3]; 207 224 }; 208 225 … … 988 1005 } 989 1006 break; 1007 case TRACE_TYPE_PFLOG: 1008 { 1009 struct trace_pflog_header_t *pflog; 1010 pflog = trace_get_link(packet); 1011 if (!pflog) { 1012 ipptr = NULL; 1013 break; 1014 } 1015 if (pflog->af != AF_INET) { 1016 ipptr = NULL; 1017 } else { 1018 ipptr = ((void*)pflog)+sizeof(*pflog); 1019 } 1020 } 1021 break; 990 1022 case TRACE_TYPE_ATM: 991 1023 { … … 1416 1448 return TRACE_TYPE_LINUX_SLL; 1417 1449 #endif 1450 #ifdef DLT_PFLOG 1451 case DLT_PFLOG: 1452 return TRACE_TYPE_PFLOG; 1453 #endif 1418 1454 } 1419 1455 break; … … 1648 1684 break; 1649 1685 #endif 1686 #ifdef DLT_PFLOG 1687 case TRACE_TYPE_PFLOG: 1688 pcap = pcap_open_dead(DLT_PFLOG, 1500); 1689 break; 1690 #endif 1650 1691 default: 1651 1692 printf("only works for ETH and LINUX_SLL (ppp) at the moment\n"); … … 1725 1766 switch (trace_get_link_type(packet)) { 1726 1767 case TRACE_TYPE_LINUX_SLL: 1727 { 1728 struct trace_sll_header_t *sll; 1729 sll = trace_get_link(packet); 1730 if (!sll) { 1731 return -1; 1732 } 1733 /* 0 == LINUX_SLL_HOST */ 1734 /* the Waikato Capture point defines "packets 1735 * originating locally" (ie, outbound), with a 1736 * direction of 0, and "packets destined locally" 1737 * (ie, inbound), with a direction of 1. 1738 * This is kind-of-opposite to LINUX_SLL. 1739 * We return consistent values here, however 1740 * 1741 * Note that in recent versions of pcap, you can 1742 * use "inbound" and "outbound" on ppp in linux 1743 */ 1744 if (ntohs(sll->pkttype==0)) { 1745 1746 direction = 1; 1747 } 1748 else { 1749 direction = 0; 1750 } 1751 break; 1768 { 1769 struct trace_sll_header_t *sll; 1770 sll = trace_get_link(packet); 1771 if (!sll) { 1772 return -1; 1752 1773 } 1774 /* 0 == LINUX_SLL_HOST */ 1775 /* the Waikato Capture point defines "packets 1776 * originating locally" (ie, outbound), with a 1777 * direction of 0, and "packets destined locally" 1778 * (ie, inbound), with a direction of 1. 1779 * This is kind-of-opposite to LINUX_SLL. 1780 * We return consistent values here, however 1781 * 1782 * Note that in recent versions of pcap, you can 1783 * use "inbound" and "outbound" on ppp in linux 1784 */ 1785 if (ntohs(sll->pkttype==0)) { 1786 1787 direction = 1; 1788 } 1789 else { 1790 direction = 0; 1791 } 1792 break; 1793 } 1794 case TRACE_TYPE_PFLOG: 1795 { 1796 struct trace_pflog_header_t *pflog; 1797 pflog = trace_get_link(packet); 1798 if (!pflog) { 1799 return -1; 1800 } 1801 /* enum { PF_IN=0, PF_OUT=1 }; */ 1802 if (ntohs(pflog->dir==0)) { 1803 1804 direction = 1; 1805 } 1806 else { 1807 direction = 0; 1808 } 1809 break; 1810 } 1753 1811 default: 1754 1812 /* pass */
Note: See TracChangeset
for help on using the changeset viewer.
