diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-05-27 09:35:29 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-05-27 09:35:29 -0300 |
commit | efa26483ee517f6f5087631ef895cdc1f48c17e2 (patch) | |
tree | 50220930c6e37c1ac243c35b8fe422e4e477ff24 /etc | |
parent | 67eec08539c8deeca86c0c450a9c8a9c709e5b21 (diff) | |
download | pfsense-efa26483ee517f6f5087631ef895cdc1f48c17e2.zip pfsense-efa26483ee517f6f5087631ef895cdc1f48c17e2.tar.gz |
Add ICMP to filter parser, it should fix #3663
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter_log.inc | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index a327bb8..cddd5d2 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -174,6 +174,54 @@ function parse_filter_line($line) { $flent['urg'] = $rule_data[$field++]; $flent['options'] = explode(";",$rule_data[$field++]); } + } else if ($flent['protoid'] == '1') { // ICMP + $flent['src'] = $flent['srcip']; + $flent['dst'] = $flent['dstip']; + + $flent['icmp_type'] = $rule_data[$field++]; + + switch ($flent['icmp_type']) { + case "request": + case "reply": + $flent['icmp_id'] = $rule_data[$field++]; + $flent['icmp_seq'] = $rule_data[$field++]; + break; + case "unreachproto": + $flent['icmp_dstip'] = $rule_data[$field++]; + $flent['icmp_protoid'] = $rule_data[$field++]; + break; + case "unreachport": + $flent['icmp_dstip'] = $rule_data[$field++]; + $flent['icmp_protoid'] = $rule_data[$field++]; + $flent['icmp_port'] = $rule_data[$field++]; + break; + case "unreach": + case "timexceed": + case "paramprob": + case "redirect": + case "maskreply": + $flent['icmp_descr'] = $rule_data[$field++]; + break; + case "needfrag": + $flent['icmp_dstip'] = $rule_data[$field++]; + $flent['icmp_mtu'] = $rule_data[$field++]; + break; + case "tstamp": + $flent['icmp_id'] = $rule_data[$field++]; + $flent['icmp_seq'] = $rule_data[$field++]; + break; + case "tstampreply": + $flent['icmp_id'] = $rule_data[$field++]; + $flent['icmp_seq'] = $rule_data[$field++]; + $flent['icmp_otime'] = $rule_data[$field++]; + $flent['icmp_rtime'] = $rule_data[$field++]; + $flent['icmp_ttime'] = $rule_data[$field++]; + break; + default : + $flent['icmp_descr'] = $rule_data[$field++]; + break; + } + } else if ($flent['protoid'] == '112') { // CARP $flent['type'] = $rule_data[$field++]; $flent['ttl'] = $rule_data[$field++]; |