Applied patch from Richard Tóth <risko@iklub.sk> to support PFLOG interfaces.

2 files changed, 29 insertions, 0 deletions

diff --git a/iftop.c b/iftop.c
index 5a7b41e..397d815 100644
--- a/iftop.c
+++ b/iftop.c
@@ -19,6 +19,7 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <net/if.h>
+#include <net/bpf.h>
 
 #include <pthread.h>
 #include <curses.h>
@@ -301,6 +302,19 @@ static void handle_raw_packet(unsigned char* args, const struct pcap_pkthdr* pkt
     handle_ip_packet((struct ip*)packet, -1);
 }
 
+static void handle_pflog_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
+{
+	register u_int length = pkthdr->len;
+	u_int hdrlen;
+	const struct pfloghdr *hdr;
+	
+	hdr = (struct pfloghdr *)packet;
+	hdrlen = BPF_WORDALIGN(hdr->length);
+	length -= hdrlen;
+	packet += hdrlen;
+	handle_ip_packet((struct ip*)packet, length);
+}
+
 static void handle_llc_packet(const struct llc* llc, int dir) {
 
     struct ip* ip = (struct ip*)((void*)llc + sizeof(struct llc));
@@ -519,6 +533,9 @@ void packet_init() {
     if(dlt == DLT_EN10MB) {
         packet_handler = handle_eth_packet;
     }
+    else if (dlt == DLT_PFLOG) {
+		packet_handler = handle_pflog_packet;
+    }
     else if(dlt == DLT_RAW || dlt == DLT_NULL) {
         packet_handler = handle_raw_packet;
     } 
diff --git a/iftop.h b/iftop.h
index 2c99e64..4f03d8c 100644
--- a/iftop.h
+++ b/iftop.h
@@ -32,5 +32,17 @@ void xfree(void *v);
 /* options.c */
 void options_read(int argc, char **argv);
 
+struct pfloghdr {
+      unsigned char		length;
+      unsigned char		af;
+      unsigned char		action;
+      unsigned char		reason;
+      char				ifname[16];
+      char				ruleset[16];
+      unsigned int		rulenr;
+      unsigned int		subrulenr;
+      unsigned char		dir;
+      unsigned char		pad[3];
+};
 
 #endif /* __IFTOP_H_ */