NetPacket::PFLog.3pm

Langue: en

Version: 2010-06-20 (ubuntu - 24/10/10)

Section: 3 (Bibliothèques de fonctions)

Sommaire

NAME

"NetPacket::PFLog" - Assembling and disassembling OpenBSD's Packet Filter log header.

VERSION

version 0.43.1

SYNOPSIS

   use NetPacket::PFLog;
 
   $pfl_obj = NetPacket::PFLog->decode($raw_pkt);
   $pfl_pkt = NetPacket::PFLog->encode();
   $pfl_data = NetPacket::PFLog::strip($raw_pkt);

DESCRIPTION

"NetPacket::PFLog" provides a set of routines for assembling and disassembling the header attached to packets logged by OpenBSD's Packet Filter.

Methods

"NetPacket::PFLog->decode([RAW PACKET])"
Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.
"NetPacket::PFLog->encode()"
Return a PFLog packet encoded with the instance data specified.

Functions

"NetPacket::PFLog::strip([RAW PACKET])"
Return the actual packet logged by Packet Filter that the PFLog header is describing. This data is suitable to be used as input for other "NetPacket::*" modules.

This function is equivalent to creating an object using the "decode()" constructor and returning the "data" field of that object.

Instance data

The instance data for the "NetPacket::PFLog" object consists of the following fields:
len
The length of the pflog header.
af
The Address Family which denotes if the packet is IPv4 or IPv6.
action
The action (block, pass, or scrub) that was taken on the packet.
reason
The reason that the action was taken.
ifname
The name of the interface the packet was passing through.
ruleset
The name of the subruleset that the matching rule is a member of. If the value is empty, the matching rule is in the main ruleset.
rulenr
The rule number that the packet matched.
subrulenr
The rule number in the subruleset that the packet matched. The value will be 2^32-1 if the packet matched in the main ruleset only.
uid
The uid of the local process that generated the packet that was logged, if applicable.
pid
The pid of the local process that generated the packet that was logged, if applicable.
rule_uid
The uid of the process that inserted the rule that caused the packet to be logged.
rule_pid
The pid of the process that inserted the rule that caused the packet to be logged.
dir
The direction the packet was travelling through the interface.
pad
Padding data.
data
The actual IPv4 or IPv6 packet that was logged by Packet Filter.

Exports

default
none
exportable
Data Link Type: 
   DLT_PFLOG

Strip function:

   pflog_strip
tags
The following tags can be used to export certain items:
":DLT"
DLT_PFLOG
":strip"
The function "pflog_strip"
":ALL"
All the above exportable items

EXAMPLE

The following prints the action, direction, interface name, and reason: 
   #!/usr/bin/perl -w
 
   use strict;
   use Net::PcapUtils;
   use NetPacket::PFLog;
 
   sub process_pkt {
       my ($user, $hdr, $pkt) = @_;
 
       my $pfl_obj = NetPacket::PFLog->decode($pkt);
       print("$pfl_obj->{action} $pfl_obj->{dir} ");
       print("on $pfl_obj->{ifname} ($pfl_obj->{reason})\n");
   }
 
   Net::PcapUtils::loop(\&process_pkt, FILTER => 'ip or ip6');

TODO

Nothing at this time. Copyright (c) 2003-2009 Joel Knight <knight.joel@gmail.com>

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED ``AS IS'' AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

AUTHOR

Joel Knight <knight.joel@gmail.com>