blame | history | raw
lin
2025-07-30 fcd736bf35fd93b563e9bbf594f2aa7b62028cc9 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

## This file is part of Scapy


## See http://www.secdev.org/projects/scapy for more informations


## Copyright (C) Philippe Biondi <phil@secdev.org>


## This program is published under a GPLv2 license


 


"""


PFLog: OpenBSD PF packet filter logging.


"""


 


from scapy.data import DLT_PFLOG


from scapy.packet import *


from scapy.fields import *


from scapy.layers.inet import IP


if conf.ipv6_enabled:


    from scapy.layers.inet6 import IPv6


from scapy.config import conf


 


class PFLog(Packet):


    name = "PFLog"


    # from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h


    fields_desc = [ ByteField("hdrlen", 0),


                    ByteEnumField("addrfamily", 2, {socket.AF_INET: "IPv4",


                                                    socket.AF_INET6: "IPv6"}),


                    ByteEnumField("action", 1, {0: "pass", 1: "drop",


                                                2: "scrub", 3: "no-scrub",


                                                4: "nat", 5: "no-nat",


                                                6: "binat", 7: "no-binat",


                                                8: "rdr", 9: "no-rdr",


                                                10: "syn-proxy-drop" }),


                    ByteEnumField("reason", 0, {0: "match", 1: "bad-offset",


                                                2: "fragment", 3: "short",


                                                4: "normalize", 5: "memory",


                                                6: "bad-timestamp",


                                                7: "congestion",


                                                8: "ip-options",


                                                9: "proto-cksum",


                                                10: "state-mismatch",


                                                11: "state-insert",


                                                12: "state-limit",


                                                13: "src-limit",


                                                14: "syn-proxy" }),


                    StrFixedLenField("iface", "", 16),


                    StrFixedLenField("ruleset", "", 16),


                    SignedIntField("rulenumber", 0),


                    SignedIntField("subrulenumber", 0),


                    SignedIntField("uid", 0),


                    IntField("pid", 0),


                    SignedIntField("ruleuid", 0),


                    IntField("rulepid", 0),


                    ByteEnumField("direction", 255, {0: "inout", 1: "in",


                                                     2:"out", 255: "unknown"}),


                    StrFixedLenField("pad", b"\x00\x00\x00", 3 ) ]


    def mysummary(self):


        return self.sprintf("%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%")


 


bind_layers(PFLog, IP, addrfamily=socket.AF_INET)


if conf.ipv6_enabled:


    bind_layers(PFLog, IPv6, addrfamily=socket.AF_INET6)


 


conf.l2types.register(DLT_PFLOG, PFLog)