| #
4848eb3a |
|
01-Apr-2024 |
Kristof Provost <kp@FreeBSD.org> |
tcpdump: cope with incorrect packet lengths
It's possible for the capture buffer to be smaller than indicated by the
header length. However, pfsync_print() only took the header length into
account. As a result we could read outside of the buffer.
Check that we have at least the expected amount of data before we start
parsing.
PR: 278034
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D44580
|
| #
1ad8d2ee |
|
16-Jun-2023 |
Joseph Mingrone <jrm@FreeBSD.org> |
tcpdump: Reconnect pfsync printer
Fixes: ee67461e (tpcdump: Update to 4.99.4)
Reported by: glebius
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40578
|
| #
4bf98559 |
|
29-May-2023 |
Kajetan Staszkiewicz <vegeta@tuxpowered.net> |
pf: make contents of struct pfsync_state configurable
Make struct pfsync_state contents configurable by sending out new
versions of the structure in separate subheader actions. Both old and
new version of struct pfsync_state can be understood, so replication of
states from a system running an older kernel is possible. The version
being sent out is configured using ifconfig pfsync0 … version XXXX. The
version is an user-friendly string - 1301 stands for FreeBSD 13.1 (I
have checked synchronization against a host running 13.1), 1400 stands
for 14.0.
A host running an older kernel will just ignore the messages and count
them as "packets discarded for bad action".
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D39392
|
| #
3f240bdf |
|
12-Jul-2021 |
Luiz Otavio O Souza <loos@FreeBSD.org> |
tcpdump: decode packets on pfsync interfaces
Reviewed by: kp, scottl
Obtained from: pfsense
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31153
|
| #
04c53351 |
|
24-Apr-2015 |
Brooks Davis <brooks@FreeBSD.org> |
Merge from CheriBSD: 1065cf515a7c2062598009c1318055aacbb39e80
Convert the pfsync dissector to use the netdissect framework.
Differential Revision: https://reviews.freebsd.org/D2359
Reviewed by: glebius
Sponsored by: DARPA, AFRL
|
| #
ffe9c13e |
|
05-Oct-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Provide ability for printing and decoding pfsync(4) traffic. This
doesn't mean supporting IFT_PFSYNC (which I hope will eventually
die). This means decoding packets with IP protocol of 240 caught
on any normal interface like Ethernet.
The code is based on couple of files from OpenBSD, significantly
modified by myself.
Parser differentiates for four levels of verbosity: no -v, -v,
-vv and -vvv.
We don't yet forward this code upstream, because currently it
strongly relies on if_pfsync.h and even on pfvar.h. I hope that
this can be fixed in future.
Reviewed by: gnn, delphij
|