]> The Tcpdump Group git mirrors - tcpdump/blob - print-nfs.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use UTC/GMT time when building/checking tests files
[tcpdump] / print-nfs.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Network File System (NFS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <stdio.h>
31 #include <string.h>
32
33 #include "netdissect.h"
34 #include "addrtoname.h"
35 #include "extract.h"
36
37 #include "nfs.h"
38 #include "nfsfh.h"
39
40 #include "ip.h"
41 #include "ip6.h"
42 #include "rpc_auth.h"
43 #include "rpc_msg.h"
44
45
46 static void nfs_printfh(netdissect_options *, const uint32_t *, const u_int);
47 static int xid_map_enter(netdissect_options *, const struct sunrpc_msg *, const u_char *);
48 static int xid_map_find(const struct sunrpc_msg *, const u_char *,
49 uint32_t *, uint32_t *);
50 static void interp_reply(netdissect_options *, const struct sunrpc_msg *, uint32_t, uint32_t, int);
51 static const uint32_t *parse_post_op_attr(netdissect_options *, const uint32_t *, int);
52
53 /*
54 * Mapping of old NFS Version 2 RPC numbers to generic numbers.
55 */
56 static uint32_t nfsv3_procid[NFS_NPROCS] = {
57 NFSPROC_NULL,
58 NFSPROC_GETATTR,
59 NFSPROC_SETATTR,
60 NFSPROC_NOOP,
61 NFSPROC_LOOKUP,
62 NFSPROC_READLINK,
63 NFSPROC_READ,
64 NFSPROC_NOOP,
65 NFSPROC_WRITE,
66 NFSPROC_CREATE,
67 NFSPROC_REMOVE,
68 NFSPROC_RENAME,
69 NFSPROC_LINK,
70 NFSPROC_SYMLINK,
71 NFSPROC_MKDIR,
72 NFSPROC_RMDIR,
73 NFSPROC_READDIR,
74 NFSPROC_FSSTAT,
75 NFSPROC_NOOP,
76 NFSPROC_NOOP,
77 NFSPROC_NOOP,
78 NFSPROC_NOOP,
79 NFSPROC_NOOP,
80 NFSPROC_NOOP,
81 NFSPROC_NOOP,
82 NFSPROC_NOOP
83 };
84
85 static const struct tok nfsproc_str[] = {
86 { NFSPROC_NOOP, "nop" },
87 { NFSPROC_NULL, "null" },
88 { NFSPROC_GETATTR, "getattr" },
89 { NFSPROC_SETATTR, "setattr" },
90 { NFSPROC_LOOKUP, "lookup" },
91 { NFSPROC_ACCESS, "access" },
92 { NFSPROC_READLINK, "readlink" },
93 { NFSPROC_READ, "read" },
94 { NFSPROC_WRITE, "write" },
95 { NFSPROC_CREATE, "create" },
96 { NFSPROC_MKDIR, "mkdir" },
97 { NFSPROC_SYMLINK, "symlink" },
98 { NFSPROC_MKNOD, "mknod" },
99 { NFSPROC_REMOVE, "remove" },
100 { NFSPROC_RMDIR, "rmdir" },
101 { NFSPROC_RENAME, "rename" },
102 { NFSPROC_LINK, "link" },
103 { NFSPROC_READDIR, "readdir" },
104 { NFSPROC_READDIRPLUS, "readdirplus" },
105 { NFSPROC_FSSTAT, "fsstat" },
106 { NFSPROC_FSINFO, "fsinfo" },
107 { NFSPROC_PATHCONF, "pathconf" },
108 { NFSPROC_COMMIT, "commit" },
109 { 0, NULL }
110 };
111
112 /*
113 * NFS V2 and V3 status values.
114 *
115 * Some of these come from the RFCs for NFS V2 and V3, with the message
116 * strings taken from the FreeBSD C library "errlst.c".
117 *
118 * Others are errors that are not in the RFC but that I suspect some
119 * NFS servers could return; the values are FreeBSD errno values, as
120 * the first NFS server was the SunOS 2.0 one, and until 5.0 SunOS
121 * was primarily BSD-derived.
122 */
123 static const struct tok status2str[] = {
124 { 1, "Operation not permitted" }, /* EPERM */
125 { 2, "No such file or directory" }, /* ENOENT */
126 { 5, "Input/output error" }, /* EIO */
127 { 6, "Device not configured" }, /* ENXIO */
128 { 11, "Resource deadlock avoided" }, /* EDEADLK */
129 { 12, "Cannot allocate memory" }, /* ENOMEM */
130 { 13, "Permission denied" }, /* EACCES */
131 { 17, "File exists" }, /* EEXIST */
132 { 18, "Cross-device link" }, /* EXDEV */
133 { 19, "Operation not supported by device" }, /* ENODEV */
134 { 20, "Not a directory" }, /* ENOTDIR */
135 { 21, "Is a directory" }, /* EISDIR */
136 { 22, "Invalid argument" }, /* EINVAL */
137 { 26, "Text file busy" }, /* ETXTBSY */
138 { 27, "File too large" }, /* EFBIG */
139 { 28, "No space left on device" }, /* ENOSPC */
140 { 30, "Read-only file system" }, /* EROFS */
141 { 31, "Too many links" }, /* EMLINK */
142 { 45, "Operation not supported" }, /* EOPNOTSUPP */
143 { 62, "Too many levels of symbolic links" }, /* ELOOP */
144 { 63, "File name too long" }, /* ENAMETOOLONG */
145 { 66, "Directory not empty" }, /* ENOTEMPTY */
146 { 69, "Disc quota exceeded" }, /* EDQUOT */
147 { 70, "Stale NFS file handle" }, /* ESTALE */
148 { 71, "Too many levels of remote in path" }, /* EREMOTE */
149 { 99, "Write cache flushed to disk" }, /* NFSERR_WFLUSH (not used) */
150 { 10001, "Illegal NFS file handle" }, /* NFS3ERR_BADHANDLE */
151 { 10002, "Update synchronization mismatch" }, /* NFS3ERR_NOT_SYNC */
152 { 10003, "READDIR/READDIRPLUS cookie is stale" }, /* NFS3ERR_BAD_COOKIE */
153 { 10004, "Operation not supported" }, /* NFS3ERR_NOTSUPP */
154 { 10005, "Buffer or request is too small" }, /* NFS3ERR_TOOSMALL */
155 { 10006, "Unspecified error on server" }, /* NFS3ERR_SERVERFAULT */
156 { 10007, "Object of that type not supported" }, /* NFS3ERR_BADTYPE */
157 { 10008, "Request couldn't be completed in time" }, /* NFS3ERR_JUKEBOX */
158 { 0, NULL }
159 };
160
161 static const struct tok nfsv3_writemodes[] = {
162 { 0, "unstable" },
163 { 1, "datasync" },
164 { 2, "filesync" },
165 { 0, NULL }
166 };
167
168 static const struct tok type2str[] = {
169 { NFNON, "NON" },
170 { NFREG, "REG" },
171 { NFDIR, "DIR" },
172 { NFBLK, "BLK" },
173 { NFCHR, "CHR" },
174 { NFLNK, "LNK" },
175 { NFFIFO, "FIFO" },
176 { 0, NULL }
177 };
178
179 static const struct tok sunrpc_auth_str[] = {
180 { SUNRPC_AUTH_OK, "OK" },
181 { SUNRPC_AUTH_BADCRED, "Bogus Credentials (seal broken)" },
182 { SUNRPC_AUTH_REJECTEDCRED, "Rejected Credentials (client should begin new session)" },
183 { SUNRPC_AUTH_BADVERF, "Bogus Verifier (seal broken)" },
184 { SUNRPC_AUTH_REJECTEDVERF, "Verifier expired or was replayed" },
185 { SUNRPC_AUTH_TOOWEAK, "Credentials are too weak" },
186 { SUNRPC_AUTH_INVALIDRESP, "Bogus response verifier" },
187 { SUNRPC_AUTH_FAILED, "Unknown failure" },
188 { 0, NULL }
189 };
190
191 static const struct tok sunrpc_str[] = {
192 { SUNRPC_PROG_UNAVAIL, "PROG_UNAVAIL" },
193 { SUNRPC_PROG_MISMATCH, "PROG_MISMATCH" },
194 { SUNRPC_PROC_UNAVAIL, "PROC_UNAVAIL" },
195 { SUNRPC_GARBAGE_ARGS, "GARBAGE_ARGS" },
196 { SUNRPC_SYSTEM_ERR, "SYSTEM_ERR" },
197 { 0, NULL }
198 };
199
200 static void
201 print_nfsaddr(netdissect_options *ndo,
202 const u_char *bp, const char *s, const char *d)
203 {
204 const struct ip *ip;
205 const struct ip6_hdr *ip6;
206 char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
207
208 srcaddr[0] = dstaddr[0] = '\0';
209 switch (IP_V((const struct ip *)bp)) {
210 case 4:
211 ip = (const struct ip *)bp;
212 strlcpy(srcaddr, ipaddr_string(ndo, ip->ip_src), sizeof(srcaddr));
213 strlcpy(dstaddr, ipaddr_string(ndo, ip->ip_dst), sizeof(dstaddr));
214 break;
215 case 6:
216 ip6 = (const struct ip6_hdr *)bp;
217 strlcpy(srcaddr, ip6addr_string(ndo, ip6->ip6_src),
218 sizeof(srcaddr));
219 strlcpy(dstaddr, ip6addr_string(ndo, ip6->ip6_dst),
220 sizeof(dstaddr));
221 break;
222 default:
223 strlcpy(srcaddr, "?", sizeof(srcaddr));
224 strlcpy(dstaddr, "?", sizeof(dstaddr));
225 break;
226 }
227
228 ND_PRINT("%s.%s > %s.%s: ", srcaddr, s, dstaddr, d);
229 }
230
231 /*
232 * NFS Version 3 sattr3 structure for the new node creation case.
233 * This does not have a fixed layout on the network, so this
234 * structure does not correspond to the layout of the data on
235 * the network; it's used to store the data when the sattr3
236 * is parsed for use when it's later printed.
237 */
238 struct nfsv3_sattr {
239 uint32_t sa_modeset;
240 uint32_t sa_mode;
241 uint32_t sa_uidset;
242 uint32_t sa_uid;
243 uint32_t sa_gidset;
244 uint32_t sa_gid;
245 uint32_t sa_sizeset;
246 uint32_t sa_size;
247 uint32_t sa_atimetype;
248 struct {
249 uint32_t nfsv3_sec;
250 uint32_t nfsv3_nsec;
251 } sa_atime;
252 uint32_t sa_mtimetype;
253 struct {
254 uint32_t nfsv3_sec;
255 uint32_t nfsv3_nsec;
256 } sa_mtime;
257 };
258
259 static const uint32_t *
260 parse_sattr3(netdissect_options *ndo,
261 const uint32_t *dp, struct nfsv3_sattr *sa3)
262 {
263 ND_TCHECK_4(dp);
264 sa3->sa_modeset = EXTRACT_BE_U_4(dp);
265 dp++;
266 if (sa3->sa_modeset) {
267 ND_TCHECK_4(dp);
268 sa3->sa_mode = EXTRACT_BE_U_4(dp);
269 dp++;
270 }
271
272 ND_TCHECK_4(dp);
273 sa3->sa_uidset = EXTRACT_BE_U_4(dp);
274 dp++;
275 if (sa3->sa_uidset) {
276 ND_TCHECK_4(dp);
277 sa3->sa_uid = EXTRACT_BE_U_4(dp);
278 dp++;
279 }
280
281 ND_TCHECK_4(dp);
282 sa3->sa_gidset = EXTRACT_BE_U_4(dp);
283 dp++;
284 if (sa3->sa_gidset) {
285 ND_TCHECK_4(dp);
286 sa3->sa_gid = EXTRACT_BE_U_4(dp);
287 dp++;
288 }
289
290 ND_TCHECK_4(dp);
291 sa3->sa_sizeset = EXTRACT_BE_U_4(dp);
292 dp++;
293 if (sa3->sa_sizeset) {
294 ND_TCHECK_4(dp);
295 sa3->sa_size = EXTRACT_BE_U_4(dp);
296 dp++;
297 }
298
299 ND_TCHECK_4(dp);
300 sa3->sa_atimetype = EXTRACT_BE_U_4(dp);
301 dp++;
302 if (sa3->sa_atimetype == NFSV3SATTRTIME_TOCLIENT) {
303 ND_TCHECK_4(dp + 1);
304 sa3->sa_atime.nfsv3_sec = EXTRACT_BE_U_4(dp);
305 dp++;
306 sa3->sa_atime.nfsv3_nsec = EXTRACT_BE_U_4(dp);
307 dp++;
308 }
309
310 ND_TCHECK_4(dp);
311 sa3->sa_mtimetype = EXTRACT_BE_U_4(dp);
312 dp++;
313 if (sa3->sa_mtimetype == NFSV3SATTRTIME_TOCLIENT) {
314 ND_TCHECK_4(dp + 1);
315 sa3->sa_mtime.nfsv3_sec = EXTRACT_BE_U_4(dp);
316 dp++;
317 sa3->sa_mtime.nfsv3_nsec = EXTRACT_BE_U_4(dp);
318 dp++;
319 }
320
321 return dp;
322 trunc:
323 return NULL;
324 }
325
326 static int nfserr; /* true if we error rather than trunc */
327
328 static void
329 print_sattr3(netdissect_options *ndo,
330 const struct nfsv3_sattr *sa3, int verbose)
331 {
332 if (sa3->sa_modeset)
333 ND_PRINT(" mode %o", sa3->sa_mode);
334 if (sa3->sa_uidset)
335 ND_PRINT(" uid %u", sa3->sa_uid);
336 if (sa3->sa_gidset)
337 ND_PRINT(" gid %u", sa3->sa_gid);
338 if (verbose > 1) {
339 if (sa3->sa_atimetype == NFSV3SATTRTIME_TOCLIENT)
340 ND_PRINT(" atime %u.%06u", sa3->sa_atime.nfsv3_sec,
341 sa3->sa_atime.nfsv3_nsec);
342 if (sa3->sa_mtimetype == NFSV3SATTRTIME_TOCLIENT)
343 ND_PRINT(" mtime %u.%06u", sa3->sa_mtime.nfsv3_sec,
344 sa3->sa_mtime.nfsv3_nsec);
345 }
346 }
347
348 void
349 nfsreply_print(netdissect_options *ndo,
350 const u_char *bp, u_int length,
351 const u_char *bp2)
352 {
353 const struct sunrpc_msg *rp;
354 char srcid[20], dstid[20]; /*fits 32bit*/
355
356 ndo->ndo_protocol = "nfs";
357 nfserr = 0; /* assume no error */
358 rp = (const struct sunrpc_msg *)bp;
359
360 ND_TCHECK_4(rp->rm_xid);
361 if (!ndo->ndo_nflag) {
362 strlcpy(srcid, "nfs", sizeof(srcid));
363 nd_snprintf(dstid, sizeof(dstid), "%u",
364 EXTRACT_BE_U_4(rp->rm_xid));
365 } else {
366 nd_snprintf(srcid, sizeof(srcid), "%u", NFS_PORT);
367 nd_snprintf(dstid, sizeof(dstid), "%u",
368 EXTRACT_BE_U_4(rp->rm_xid));
369 }
370 print_nfsaddr(ndo, bp2, srcid, dstid);
371
372 nfsreply_noaddr_print(ndo, bp, length, bp2);
373 return;
374
375 trunc:
376 if (!nfserr)
377 nd_print_trunc(ndo);
378 }
379
380 void
381 nfsreply_noaddr_print(netdissect_options *ndo,
382 const u_char *bp, u_int length,
383 const u_char *bp2)
384 {
385 const struct sunrpc_msg *rp;
386 uint32_t proc, vers, reply_stat;
387 enum sunrpc_reject_stat rstat;
388 uint32_t rlow;
389 uint32_t rhigh;
390 enum sunrpc_auth_stat rwhy;
391
392 ndo->ndo_protocol = "nfs";
393 nfserr = 0; /* assume no error */
394 rp = (const struct sunrpc_msg *)bp;
395
396 ND_TCHECK_4(rp->rm_reply.rp_stat);
397 reply_stat = EXTRACT_BE_U_4(&rp->rm_reply.rp_stat);
398 switch (reply_stat) {
399
400 case SUNRPC_MSG_ACCEPTED:
401 ND_PRINT("reply ok %u", length);
402 if (xid_map_find(rp, bp2, &proc, &vers) >= 0)
403 interp_reply(ndo, rp, proc, vers, length);
404 break;
405
406 case SUNRPC_MSG_DENIED:
407 ND_PRINT("reply ERR %u: ", length);
408 ND_TCHECK_4(rp->rm_reply.rp_reject.rj_stat);
409 rstat = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_stat);
410 switch (rstat) {
411
412 case SUNRPC_RPC_MISMATCH:
413 ND_TCHECK_4(rp->rm_reply.rp_reject.rj_vers.high);
414 rlow = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_vers.low);
415 rhigh = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_vers.high);
416 ND_PRINT("RPC Version mismatch (%u-%u)", rlow, rhigh);
417 break;
418
419 case SUNRPC_AUTH_ERROR:
420 ND_TCHECK_4(rp->rm_reply.rp_reject.rj_why);
421 rwhy = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_why);
422 ND_PRINT("Auth %s", tok2str(sunrpc_auth_str, "Invalid failure code %u", rwhy));
423 break;
424
425 default:
426 ND_PRINT("Unknown reason for rejecting rpc message %u", (unsigned int)rstat);
427 break;
428 }
429 break;
430
431 default:
432 ND_PRINT("reply Unknown rpc response code=%u %u", reply_stat, length);
433 break;
434 }
435 return;
436
437 trunc:
438 if (!nfserr)
439 nd_print_trunc(ndo);
440 }
441
442 /*
443 * Return a pointer to the first file handle in the packet.
444 * If the packet was truncated, return 0.
445 */
446 static const uint32_t *
447 parsereq(netdissect_options *ndo,
448 const struct sunrpc_msg *rp, u_int length)
449 {
450 const uint32_t *dp;
451 u_int len, rounded_len;
452
453 /*
454 * Find the start of the req data (if we captured it).
455 * First, get the length of the credentials, and make sure
456 * we have all of the opaque part of the credentials.
457 */
458 dp = (const uint32_t *)&rp->rm_call.cb_cred;
459 if (length < 2 * sizeof(*dp))
460 goto trunc;
461 ND_TCHECK_4(dp + 1);
462 len = EXTRACT_BE_U_4(dp + 1);
463 rounded_len = roundup2(len, 4);
464 ND_TCHECK_LEN(dp + 2, rounded_len);
465 if (2 * sizeof(*dp) + rounded_len <= length) {
466 /*
467 * We have all of the credentials. Skip past them; they
468 * consist of 4 bytes of flavor, 4 bytes of length,
469 * and len-rounded-up-to-a-multiple-of-4 bytes of
470 * data.
471 */
472 dp += (len + (2 * sizeof(*dp) + 3)) / sizeof(*dp);
473 length -= 2 * sizeof(*dp) + rounded_len;
474
475 /*
476 * Now get the length of the verifier, and make sure
477 * we have all of the opaque part of the verifier.
478 */
479 if (length < 2 * sizeof(*dp))
480 goto trunc;
481 ND_TCHECK_4(dp + 1);
482 len = EXTRACT_BE_U_4(dp + 1);
483 rounded_len = roundup2(len, 4);
484 ND_TCHECK_LEN(dp + 2, rounded_len);
485 if (2 * sizeof(*dp) + rounded_len < length) {
486 /*
487 * We have all of the verifier. Skip past it;
488 * it consists of 4 bytes of flavor, 4 bytes of
489 * length, and len-rounded-up-to-a-multiple-of-4
490 * bytes of data.
491 */
492 dp += (len + (2 * sizeof(*dp) + 3)) / sizeof(*dp);
493 return (dp);
494 }
495 }
496 trunc:
497 return (NULL);
498 }
499
500 /*
501 * Print out an NFS file handle and return a pointer to following word.
502 * If packet was truncated, return 0.
503 */
504 static const uint32_t *
505 parsefh(netdissect_options *ndo,
506 const uint32_t *dp, int v3)
507 {
508 u_int len;
509
510 if (v3) {
511 ND_TCHECK_4(dp);
512 len = EXTRACT_BE_U_4(dp) / 4;
513 dp++;
514 } else
515 len = NFSX_V2FH / 4;
516
517 if (ND_TTEST_LEN(dp, len * sizeof(*dp))) {
518 nfs_printfh(ndo, dp, len);
519 return (dp + len);
520 }
521 trunc:
522 return (NULL);
523 }
524
525 /*
526 * Print out a file name and return pointer to 32-bit word past it.
527 * If packet was truncated, return 0.
528 */
529 static const uint32_t *
530 parsefn(netdissect_options *ndo,
531 const uint32_t *dp)
532 {
533 uint32_t len;
534 const u_char *cp;
535
536 /* Bail if we don't have the string length */
537 ND_TCHECK_4(dp);
538
539 /* Fetch big-endian string length */
540 len = EXTRACT_BE_U_4(dp);
541 dp++;
542
543 ND_TCHECK_LEN(dp, ((len + 3) & ~3));
544
545 cp = (const u_char *)dp;
546 /* Update 32-bit pointer (NFS filenames padded to 32-bit boundaries) */
547 dp += ((len + 3) & ~3) / sizeof(*dp);
548 ND_PRINT("\"");
549 if (nd_printn(ndo, cp, len, ndo->ndo_snapend)) {
550 ND_PRINT("\"");
551 goto trunc;
552 }
553 ND_PRINT("\"");
554
555 return (dp);
556 trunc:
557 return NULL;
558 }
559
560 /*
561 * Print out file handle and file name.
562 * Return pointer to 32-bit word past file name.
563 * If packet was truncated (or there was some other error), return 0.
564 */
565 static const uint32_t *
566 parsefhn(netdissect_options *ndo,
567 const uint32_t *dp, int v3)
568 {
569 dp = parsefh(ndo, dp, v3);
570 if (dp == NULL)
571 return (NULL);
572 ND_PRINT(" ");
573 return (parsefn(ndo, dp));
574 }
575
576 void
577 nfsreq_noaddr_print(netdissect_options *ndo,
578 const u_char *bp, u_int length,
579 const u_char *bp2)
580 {
581 const struct sunrpc_msg *rp;
582 const uint32_t *dp;
583 nfs_type type;
584 int v3;
585 uint32_t proc;
586 uint32_t access_flags;
587 struct nfsv3_sattr sa3;
588
589 ndo->ndo_protocol = "nfs";
590 ND_PRINT("%u", length);
591 nfserr = 0; /* assume no error */
592 rp = (const struct sunrpc_msg *)bp;
593
594 if (!xid_map_enter(ndo, rp, bp2)) /* record proc number for later on */
595 goto trunc;
596
597 v3 = (EXTRACT_BE_U_4(&rp->rm_call.cb_vers) == NFS_VER3);
598 proc = EXTRACT_BE_U_4(&rp->rm_call.cb_proc);
599
600 if (!v3 && proc < NFS_NPROCS)
601 proc = nfsv3_procid[proc];
602
603 ND_PRINT(" %s", tok2str(nfsproc_str, "proc-%u", proc));
604 switch (proc) {
605
606 case NFSPROC_GETATTR:
607 case NFSPROC_SETATTR:
608 case NFSPROC_READLINK:
609 case NFSPROC_FSSTAT:
610 case NFSPROC_FSINFO:
611 case NFSPROC_PATHCONF:
612 if ((dp = parsereq(ndo, rp, length)) != NULL &&
613 parsefh(ndo, dp, v3) != NULL)
614 return;
615 break;
616
617 case NFSPROC_LOOKUP:
618 case NFSPROC_CREATE:
619 case NFSPROC_MKDIR:
620 case NFSPROC_REMOVE:
621 case NFSPROC_RMDIR:
622 if ((dp = parsereq(ndo, rp, length)) != NULL &&
623 parsefhn(ndo, dp, v3) != NULL)
624 return;
625 break;
626
627 case NFSPROC_ACCESS:
628 if ((dp = parsereq(ndo, rp, length)) != NULL &&
629 (dp = parsefh(ndo, dp, v3)) != NULL) {
630 ND_TCHECK_4(dp);
631 access_flags = EXTRACT_BE_U_4(dp);
632 if (access_flags & ~NFSV3ACCESS_FULL) {
633 /* NFSV3ACCESS definitions aren't up to date */
634 ND_PRINT(" %04x", access_flags);
635 } else if ((access_flags & NFSV3ACCESS_FULL) == NFSV3ACCESS_FULL) {
636 ND_PRINT(" NFS_ACCESS_FULL");
637 } else {
638 char separator = ' ';
639 if (access_flags & NFSV3ACCESS_READ) {
640 ND_PRINT(" NFS_ACCESS_READ");
641 separator = '|';
642 }
643 if (access_flags & NFSV3ACCESS_LOOKUP) {
644 ND_PRINT("%cNFS_ACCESS_LOOKUP", separator);
645 separator = '|';
646 }
647 if (access_flags & NFSV3ACCESS_MODIFY) {
648 ND_PRINT("%cNFS_ACCESS_MODIFY", separator);
649 separator = '|';
650 }
651 if (access_flags & NFSV3ACCESS_EXTEND) {
652 ND_PRINT("%cNFS_ACCESS_EXTEND", separator);
653 separator = '|';
654 }
655 if (access_flags & NFSV3ACCESS_DELETE) {
656 ND_PRINT("%cNFS_ACCESS_DELETE", separator);
657 separator = '|';
658 }
659 if (access_flags & NFSV3ACCESS_EXECUTE)
660 ND_PRINT("%cNFS_ACCESS_EXECUTE", separator);
661 }
662 return;
663 }
664 break;
665
666 case NFSPROC_READ:
667 if ((dp = parsereq(ndo, rp, length)) != NULL &&
668 (dp = parsefh(ndo, dp, v3)) != NULL) {
669 if (v3) {
670 ND_TCHECK_4(dp + 2);
671 ND_PRINT(" %u bytes @ %" PRIu64,
672 EXTRACT_BE_U_4(dp + 2),
673 EXTRACT_BE_U_8(dp));
674 } else {
675 ND_TCHECK_4(dp + 1);
676 ND_PRINT(" %u bytes @ %u",
677 EXTRACT_BE_U_4(dp + 1),
678 EXTRACT_BE_U_4(dp));
679 }
680 return;
681 }
682 break;
683
684 case NFSPROC_WRITE:
685 if ((dp = parsereq(ndo, rp, length)) != NULL &&
686 (dp = parsefh(ndo, dp, v3)) != NULL) {
687 if (v3) {
688 ND_TCHECK_4(dp + 4);
689 ND_PRINT(" %u (%u) bytes @ %" PRIu64,
690 EXTRACT_BE_U_4(dp + 4),
691 EXTRACT_BE_U_4(dp + 2),
692 EXTRACT_BE_U_8(dp));
693 if (ndo->ndo_vflag) {
694 ND_PRINT(" <%s>",
695 tok2str(nfsv3_writemodes,
696 NULL, EXTRACT_BE_U_4(dp + 3)));
697 }
698 } else {
699 ND_TCHECK_4(dp + 3);
700 ND_PRINT(" %u (%u) bytes @ %u (%u)",
701 EXTRACT_BE_U_4(dp + 3),
702 EXTRACT_BE_U_4(dp + 2),
703 EXTRACT_BE_U_4(dp + 1),
704 EXTRACT_BE_U_4(dp));
705 }
706 return;
707 }
708 break;
709
710 case NFSPROC_SYMLINK:
711 if ((dp = parsereq(ndo, rp, length)) != NULL &&
712 (dp = parsefhn(ndo, dp, v3)) != NULL) {
713 ND_PRINT(" ->");
714 if (v3 && (dp = parse_sattr3(ndo, dp, &sa3)) == NULL)
715 break;
716 if (parsefn(ndo, dp) == NULL)
717 break;
718 if (v3 && ndo->ndo_vflag)
719 print_sattr3(ndo, &sa3, ndo->ndo_vflag);
720 return;
721 }
722 break;
723
724 case NFSPROC_MKNOD:
725 if ((dp = parsereq(ndo, rp, length)) != NULL &&
726 (dp = parsefhn(ndo, dp, v3)) != NULL) {
727 ND_TCHECK_4(dp);
728 type = (nfs_type) EXTRACT_BE_U_4(dp);
729 dp++;
730 if ((dp = parse_sattr3(ndo, dp, &sa3)) == NULL)
731 break;
732 ND_PRINT(" %s", tok2str(type2str, "unk-ft %u", type));
733 if (ndo->ndo_vflag && (type == NFCHR || type == NFBLK)) {
734 ND_TCHECK_4(dp + 1);
735 ND_PRINT(" %u/%u",
736 EXTRACT_BE_U_4(dp),
737 EXTRACT_BE_U_4(dp + 1));
738 dp += 2;
739 }
740 if (ndo->ndo_vflag)
741 print_sattr3(ndo, &sa3, ndo->ndo_vflag);
742 return;
743 }
744 break;
745
746 case NFSPROC_RENAME:
747 if ((dp = parsereq(ndo, rp, length)) != NULL &&
748 (dp = parsefhn(ndo, dp, v3)) != NULL) {
749 ND_PRINT(" ->");
750 if (parsefhn(ndo, dp, v3) != NULL)
751 return;
752 }
753 break;
754
755 case NFSPROC_LINK:
756 if ((dp = parsereq(ndo, rp, length)) != NULL &&
757 (dp = parsefh(ndo, dp, v3)) != NULL) {
758 ND_PRINT(" ->");
759 if (parsefhn(ndo, dp, v3) != NULL)
760 return;
761 }
762 break;
763
764 case NFSPROC_READDIR:
765 if ((dp = parsereq(ndo, rp, length)) != NULL &&
766 (dp = parsefh(ndo, dp, v3)) != NULL) {
767 if (v3) {
768 ND_TCHECK_4(dp + 4);
769 /*
770 * We shouldn't really try to interpret the
771 * offset cookie here.
772 */
773 ND_PRINT(" %u bytes @ %" PRId64,
774 EXTRACT_BE_U_4(dp + 4),
775 EXTRACT_BE_U_8(dp));
776 if (ndo->ndo_vflag) {
777 /*
778 * This displays the 8 bytes
779 * of the verifier in order,
780 * from the low-order byte
781 * to the high-order byte.
782 */
783 ND_PRINT(" verf %08x%08x",
784 EXTRACT_BE_U_4(dp + 2),
785 EXTRACT_BE_U_4(dp + 3));
786 }
787 } else {
788 ND_TCHECK_4(dp + 1);
789 /*
790 * Print the offset as signed, since -1 is
791 * common, but offsets > 2^31 aren't.
792 */
793 ND_PRINT(" %u bytes @ %u",
794 EXTRACT_BE_U_4(dp + 1),
795 EXTRACT_BE_U_4(dp));
796 }
797 return;
798 }
799 break;
800
801 case NFSPROC_READDIRPLUS:
802 if ((dp = parsereq(ndo, rp, length)) != NULL &&
803 (dp = parsefh(ndo, dp, v3)) != NULL) {
804 ND_TCHECK_4(dp + 4);
805 /*
806 * We don't try to interpret the offset
807 * cookie here.
808 */
809 ND_PRINT(" %u bytes @ %" PRId64,
810 EXTRACT_BE_U_4(dp + 4),
811 EXTRACT_BE_U_8(dp));
812 if (ndo->ndo_vflag) {
813 ND_TCHECK_4(dp + 5);
814 /*
815 * This displays the 8 bytes
816 * of the verifier in order,
817 * from the low-order byte
818 * to the high-order byte.
819 */
820 ND_PRINT(" max %u verf %08x%08x",
821 EXTRACT_BE_U_4(dp + 5),
822 EXTRACT_BE_U_4(dp + 2),
823 EXTRACT_BE_U_4(dp + 3));
824 }
825 return;
826 }
827 break;
828
829 case NFSPROC_COMMIT:
830 if ((dp = parsereq(ndo, rp, length)) != NULL &&
831 (dp = parsefh(ndo, dp, v3)) != NULL) {
832 ND_TCHECK_4(dp + 2);
833 ND_PRINT(" %u bytes @ %" PRIu64,
834 EXTRACT_BE_U_4(dp + 2),
835 EXTRACT_BE_U_8(dp));
836 return;
837 }
838 break;
839
840 default:
841 return;
842 }
843
844 trunc:
845 if (!nfserr)
846 nd_print_trunc(ndo);
847 }
848
849 /*
850 * Print out an NFS file handle.
851 * We assume packet was not truncated before the end of the
852 * file handle pointed to by dp.
853 *
854 * Note: new version (using portable file-handle parser) doesn't produce
855 * generation number. It probably could be made to do that, with some
856 * additional hacking on the parser code.
857 */
858 static void
859 nfs_printfh(netdissect_options *ndo,
860 const uint32_t *dp, const u_int len)
861 {
862 my_fsid fsid;
863 uint32_t ino;
864 const char *sfsname = NULL;
865 char *spacep;
866
867 if (ndo->ndo_uflag) {
868 u_int i;
869 char const *sep = "";
870
871 ND_PRINT(" fh[");
872 for (i=0; i<len; i++) {
873 /*
874 * This displays 4 bytes in big-endian byte
875 * order. That's as good a choice as little-
876 * endian, as there's no guarantee that the
877 * server is big-endian or little-endian or
878 * that the file handle contains 4-byte
879 * integral fields, and is better than "the
880 * byte order of the host running tcpdump", as
881 * the latter means that different hosts
882 * running tcpdump may show the same file
883 * handle in different ways.
884 */
885 ND_PRINT("%s%x", sep, EXTRACT_BE_U_4(dp + i));
886 sep = ":";
887 }
888 ND_PRINT("]");
889 return;
890 }
891
892 Parse_fh((const u_char *)dp, len, &fsid, &ino, NULL, &sfsname, 0);
893
894 if (sfsname) {
895 /* file system ID is ASCII, not numeric, for this server OS */
896 char temp[NFSX_V3FHMAX+1];
897 u_int stringlen;
898
899 /* Make sure string is null-terminated */
900 stringlen = len;
901 if (stringlen > NFSX_V3FHMAX)
902 stringlen = NFSX_V3FHMAX;
903 strncpy(temp, sfsname, stringlen);
904 temp[stringlen] = '\0';
905 /* Remove trailing spaces */
906 spacep = strchr(temp, ' ');
907 if (spacep)
908 *spacep = '\0';
909
910 ND_PRINT(" fh %s/", temp);
911 } else {
912 ND_PRINT(" fh %u,%u/",
913 fsid.Fsid_dev.Major, fsid.Fsid_dev.Minor);
914 }
915
916 if(fsid.Fsid_dev.Minor == 257)
917 /* Print the undecoded handle */
918 ND_PRINT("%s", fsid.Opaque_Handle);
919 else
920 ND_PRINT("%ld", (long) ino);
921 }
922
923 /*
924 * Maintain a small cache of recent client.XID.server/proc pairs, to allow
925 * us to match up replies with requests and thus to know how to parse
926 * the reply.
927 */
928
929 struct xid_map_entry {
930 uint32_t xid; /* transaction ID (net order) */
931 int ipver; /* IP version (4 or 6) */
932 struct in6_addr client; /* client IP address (net order) */
933 struct in6_addr server; /* server IP address (net order) */
934 uint32_t proc; /* call proc number (host order) */
935 uint32_t vers; /* program version (host order) */
936 };
937
938 /*
939 * Map entries are kept in an array that we manage as a ring;
940 * new entries are always added at the tail of the ring. Initially,
941 * all the entries are zero and hence don't match anything.
942 */
943
944 #define XIDMAPSIZE 64
945
946 static struct xid_map_entry xid_map[XIDMAPSIZE];
947
948 static int xid_map_next = 0;
949 static int xid_map_hint = 0;
950
951 static int
952 xid_map_enter(netdissect_options *ndo,
953 const struct sunrpc_msg *rp, const u_char *bp)
954 {
955 const struct ip *ip = NULL;
956 const struct ip6_hdr *ip6 = NULL;
957 struct xid_map_entry *xmep;
958
959 if (!ND_TTEST_4(rp->rm_call.cb_proc))
960 return (0);
961 switch (IP_V((const struct ip *)bp)) {
962 case 4:
963 ip = (const struct ip *)bp;
964 break;
965 case 6:
966 ip6 = (const struct ip6_hdr *)bp;
967 break;
968 default:
969 return (1);
970 }
971
972 xmep = &xid_map[xid_map_next];
973
974 if (++xid_map_next >= XIDMAPSIZE)
975 xid_map_next = 0;
976
977 UNALIGNED_MEMCPY(&xmep->xid, &rp->rm_xid, sizeof(xmep->xid));
978 if (ip) {
979 xmep->ipver = 4;
980 UNALIGNED_MEMCPY(&xmep->client, ip->ip_src,
981 sizeof(ip->ip_src));
982 UNALIGNED_MEMCPY(&xmep->server, ip->ip_dst,
983 sizeof(ip->ip_dst));
984 }
985 else if (ip6) {
986 xmep->ipver = 6;
987 UNALIGNED_MEMCPY(&xmep->client, ip6->ip6_src,
988 sizeof(ip6->ip6_src));
989 UNALIGNED_MEMCPY(&xmep->server, ip6->ip6_dst,
990 sizeof(ip6->ip6_dst));
991 }
992 xmep->proc = EXTRACT_BE_U_4(&rp->rm_call.cb_proc);
993 xmep->vers = EXTRACT_BE_U_4(&rp->rm_call.cb_vers);
994 return (1);
995 }
996
997 /*
998 * Returns 0 and puts NFSPROC_xxx in proc return and
999 * version in vers return, or returns -1 on failure
1000 */
1001 static int
1002 xid_map_find(const struct sunrpc_msg *rp, const u_char *bp, uint32_t *proc,
1003 uint32_t *vers)
1004 {
1005 int i;
1006 struct xid_map_entry *xmep;
1007 uint32_t xid;
1008 const struct ip *ip = (const struct ip *)bp;
1009 const struct ip6_hdr *ip6 = (const struct ip6_hdr *)bp;
1010 int cmp;
1011
1012 UNALIGNED_MEMCPY(&xid, &rp->rm_xid, sizeof(xmep->xid));
1013 /* Start searching from where we last left off */
1014 i = xid_map_hint;
1015 do {
1016 xmep = &xid_map[i];
1017 cmp = 1;
1018 if (xmep->ipver != IP_V(ip) || xmep->xid != xid)
1019 goto nextitem;
1020 switch (xmep->ipver) {
1021 case 4:
1022 if (UNALIGNED_MEMCMP(ip->ip_src, &xmep->server,
1023 sizeof(ip->ip_src)) != 0 ||
1024 UNALIGNED_MEMCMP(ip->ip_dst, &xmep->client,
1025 sizeof(ip->ip_dst)) != 0) {
1026 cmp = 0;
1027 }
1028 break;
1029 case 6:
1030 if (UNALIGNED_MEMCMP(ip6->ip6_src, &xmep->server,
1031 sizeof(ip6->ip6_src)) != 0 ||
1032 UNALIGNED_MEMCMP(ip6->ip6_dst, &xmep->client,
1033 sizeof(ip6->ip6_dst)) != 0) {
1034 cmp = 0;
1035 }
1036 break;
1037 default:
1038 cmp = 0;
1039 break;
1040 }
1041 if (cmp) {
1042 /* match */
1043 xid_map_hint = i;
1044 *proc = xmep->proc;
1045 *vers = xmep->vers;
1046 return 0;
1047 }
1048 nextitem:
1049 if (++i >= XIDMAPSIZE)
1050 i = 0;
1051 } while (i != xid_map_hint);
1052
1053 /* search failed */
1054 return (-1);
1055 }
1056
1057 /*
1058 * Routines for parsing reply packets
1059 */
1060
1061 /*
1062 * Return a pointer to the beginning of the actual results.
1063 * If the packet was truncated, return 0.
1064 */
1065 static const uint32_t *
1066 parserep(netdissect_options *ndo,
1067 const struct sunrpc_msg *rp, u_int length)
1068 {
1069 const uint32_t *dp;
1070 u_int len;
1071 enum sunrpc_accept_stat astat;
1072
1073 /*
1074 * Portability note:
1075 * Here we find the address of the ar_verf credentials.
1076 * Originally, this calculation was
1077 * dp = (uint32_t *)&rp->rm_reply.rp_acpt.ar_verf
1078 * On the wire, the rp_acpt field starts immediately after
1079 * the (32 bit) rp_stat field. However, rp_acpt (which is a
1080 * "struct accepted_reply") contains a "struct opaque_auth",
1081 * whose internal representation contains a pointer, so on a
1082 * 64-bit machine the compiler inserts 32 bits of padding
1083 * before rp->rm_reply.rp_acpt.ar_verf. So, we cannot use
1084 * the internal representation to parse the on-the-wire
1085 * representation. Instead, we skip past the rp_stat field,
1086 * which is an "enum" and so occupies one 32-bit word.
1087 */
1088 dp = ((const uint32_t *)&rp->rm_reply) + 1;
1089 ND_TCHECK_4(dp + 1);
1090 len = EXTRACT_BE_U_4(dp + 1);
1091 if (len >= length)
1092 return (NULL);
1093 /*
1094 * skip past the ar_verf credentials.
1095 */
1096 dp += (len + (2*sizeof(uint32_t) + 3)) / sizeof(uint32_t);
1097
1098 /*
1099 * now we can check the ar_stat field
1100 */
1101 ND_TCHECK_4(dp);
1102 astat = (enum sunrpc_accept_stat) EXTRACT_BE_U_4(dp);
1103 if (astat != SUNRPC_SUCCESS) {
1104 ND_PRINT(" %s", tok2str(sunrpc_str, "ar_stat %u", astat));
1105 nfserr = 1; /* suppress trunc string */
1106 return (NULL);
1107 }
1108 /* successful return */
1109 ND_TCHECK_LEN(dp, sizeof(astat));
1110 return ((const uint32_t *) (sizeof(astat) + ((const char *)dp)));
1111 trunc:
1112 return (0);
1113 }
1114
1115 static const uint32_t *
1116 parsestatus(netdissect_options *ndo,
1117 const uint32_t *dp, u_int *er)
1118 {
1119 u_int errnum;
1120
1121 ND_TCHECK_4(dp);
1122
1123 errnum = EXTRACT_BE_U_4(dp);
1124 if (er)
1125 *er = errnum;
1126 if (errnum != 0) {
1127 if (!ndo->ndo_qflag)
1128 ND_PRINT(" ERROR: %s",
1129 tok2str(status2str, "unk %u", errnum));
1130 nfserr = 1;
1131 }
1132 return (dp + 1);
1133 trunc:
1134 return NULL;
1135 }
1136
1137 static const uint32_t *
1138 parsefattr(netdissect_options *ndo,
1139 const uint32_t *dp, int verbose, int v3)
1140 {
1141 const struct nfs_fattr *fap;
1142
1143 fap = (const struct nfs_fattr *)dp;
1144 ND_TCHECK_4(fap->fa_gid);
1145 if (verbose) {
1146 /*
1147 * XXX - UIDs and GIDs are unsigned in NFS and in
1148 * at least some UN*Xes, but we'll show them as
1149 * signed because -2 has traditionally been the
1150 * UID for "nobody", rather than 4294967294.
1151 */
1152 ND_PRINT(" %s %o ids %d/%d",
1153 tok2str(type2str, "unk-ft %u ",
1154 EXTRACT_BE_U_4(fap->fa_type)),
1155 EXTRACT_BE_U_4(fap->fa_mode),
1156 EXTRACT_BE_S_4(fap->fa_uid),
1157 EXTRACT_BE_S_4(fap->fa_gid));
1158 if (v3) {
1159 ND_TCHECK_8(fap->fa3_size);
1160 ND_PRINT(" sz %" PRIu64,
1161 EXTRACT_BE_U_8(fap->fa3_size));
1162 } else {
1163 ND_TCHECK_4(fap->fa2_size);
1164 ND_PRINT(" sz %u", EXTRACT_BE_U_4(fap->fa2_size));
1165 }
1166 }
1167 /* print lots more stuff */
1168 if (verbose > 1) {
1169 if (v3) {
1170 ND_TCHECK_8(&fap->fa3_ctime);
1171 ND_PRINT(" nlink %u rdev %u/%u",
1172 EXTRACT_BE_U_4(fap->fa_nlink),
1173 EXTRACT_BE_U_4(fap->fa3_rdev.specdata1),
1174 EXTRACT_BE_U_4(fap->fa3_rdev.specdata2));
1175 ND_PRINT(" fsid %" PRIx64,
1176 EXTRACT_BE_U_8(fap->fa3_fsid));
1177 ND_PRINT(" fileid %" PRIx64,
1178 EXTRACT_BE_U_8(fap->fa3_fileid));
1179 ND_PRINT(" a/m/ctime %u.%06u",
1180 EXTRACT_BE_U_4(fap->fa3_atime.nfsv3_sec),
1181 EXTRACT_BE_U_4(fap->fa3_atime.nfsv3_nsec));
1182 ND_PRINT(" %u.%06u",
1183 EXTRACT_BE_U_4(fap->fa3_mtime.nfsv3_sec),
1184 EXTRACT_BE_U_4(fap->fa3_mtime.nfsv3_nsec));
1185 ND_PRINT(" %u.%06u",
1186 EXTRACT_BE_U_4(fap->fa3_ctime.nfsv3_sec),
1187 EXTRACT_BE_U_4(fap->fa3_ctime.nfsv3_nsec));
1188 } else {
1189 ND_TCHECK_8(&fap->fa2_ctime);
1190 ND_PRINT(" nlink %u rdev 0x%x fsid 0x%x nodeid 0x%x a/m/ctime",
1191 EXTRACT_BE_U_4(fap->fa_nlink),
1192 EXTRACT_BE_U_4(fap->fa2_rdev),
1193 EXTRACT_BE_U_4(fap->fa2_fsid),
1194 EXTRACT_BE_U_4(fap->fa2_fileid));
1195 ND_PRINT(" %u.%06u",
1196 EXTRACT_BE_U_4(fap->fa2_atime.nfsv2_sec),
1197 EXTRACT_BE_U_4(fap->fa2_atime.nfsv2_usec));
1198 ND_PRINT(" %u.%06u",
1199 EXTRACT_BE_U_4(fap->fa2_mtime.nfsv2_sec),
1200 EXTRACT_BE_U_4(fap->fa2_mtime.nfsv2_usec));
1201 ND_PRINT(" %u.%06u",
1202 EXTRACT_BE_U_4(fap->fa2_ctime.nfsv2_sec),
1203 EXTRACT_BE_U_4(fap->fa2_ctime.nfsv2_usec));
1204 }
1205 }
1206 return ((const uint32_t *)((const unsigned char *)dp +
1207 (v3 ? NFSX_V3FATTR : NFSX_V2FATTR)));
1208 trunc:
1209 return (NULL);
1210 }
1211
1212 static int
1213 parseattrstat(netdissect_options *ndo,
1214 const uint32_t *dp, int verbose, int v3)
1215 {
1216 u_int er;
1217
1218 dp = parsestatus(ndo, dp, &er);
1219 if (dp == NULL)
1220 return (0);
1221 if (er)
1222 return (1);
1223
1224 return (parsefattr(ndo, dp, verbose, v3) != NULL);
1225 }
1226
1227 static int
1228 parsediropres(netdissect_options *ndo,
1229 const uint32_t *dp)
1230 {
1231 u_int er;
1232
1233 if (!(dp = parsestatus(ndo, dp, &er)))
1234 return (0);
1235 if (er)
1236 return (1);
1237
1238 dp = parsefh(ndo, dp, 0);
1239 if (dp == NULL)
1240 return (0);
1241
1242 return (parsefattr(ndo, dp, ndo->ndo_vflag, 0) != NULL);
1243 }
1244
1245 static int
1246 parselinkres(netdissect_options *ndo,
1247 const uint32_t *dp, int v3)
1248 {
1249 u_int er;
1250
1251 dp = parsestatus(ndo, dp, &er);
1252 if (dp == NULL)
1253 return(0);
1254 if (er)
1255 return(1);
1256 if (v3 && !(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1257 return (0);
1258 ND_PRINT(" ");
1259 return (parsefn(ndo, dp) != NULL);
1260 }
1261
1262 static int
1263 parsestatfs(netdissect_options *ndo,
1264 const uint32_t *dp, int v3)
1265 {
1266 const struct nfs_statfs *sfsp;
1267 u_int er;
1268
1269 dp = parsestatus(ndo, dp, &er);
1270 if (dp == NULL)
1271 return (0);
1272 if (!v3 && er)
1273 return (1);
1274
1275 if (ndo->ndo_qflag)
1276 return(1);
1277
1278 if (v3) {
1279 if (ndo->ndo_vflag)
1280 ND_PRINT(" POST:");
1281 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1282 return (0);
1283 }
1284
1285 ND_TCHECK_LEN(dp, (v3 ? NFSX_V3STATFS : NFSX_V2STATFS));
1286
1287 sfsp = (const struct nfs_statfs *)dp;
1288
1289 if (v3) {
1290 ND_PRINT(" tbytes %" PRIu64 " fbytes %" PRIu64 " abytes %" PRIu64,
1291 EXTRACT_BE_U_8(sfsp->sf_tbytes),
1292 EXTRACT_BE_U_8(sfsp->sf_fbytes),
1293 EXTRACT_BE_U_8(sfsp->sf_abytes));
1294 if (ndo->ndo_vflag) {
1295 ND_PRINT(" tfiles %" PRIu64 " ffiles %" PRIu64 " afiles %" PRIu64 " invar %u",
1296 EXTRACT_BE_U_8(sfsp->sf_tfiles),
1297 EXTRACT_BE_U_8(sfsp->sf_ffiles),
1298 EXTRACT_BE_U_8(sfsp->sf_afiles),
1299 EXTRACT_BE_U_4(sfsp->sf_invarsec));
1300 }
1301 } else {
1302 ND_PRINT(" tsize %u bsize %u blocks %u bfree %u bavail %u",
1303 EXTRACT_BE_U_4(sfsp->sf_tsize),
1304 EXTRACT_BE_U_4(sfsp->sf_bsize),
1305 EXTRACT_BE_U_4(sfsp->sf_blocks),
1306 EXTRACT_BE_U_4(sfsp->sf_bfree),
1307 EXTRACT_BE_U_4(sfsp->sf_bavail));
1308 }
1309
1310 return (1);
1311 trunc:
1312 return (0);
1313 }
1314
1315 static int
1316 parserddires(netdissect_options *ndo,
1317 const uint32_t *dp)
1318 {
1319 u_int er;
1320
1321 dp = parsestatus(ndo, dp, &er);
1322 if (dp == NULL)
1323 return (0);
1324 if (er)
1325 return (1);
1326 if (ndo->ndo_qflag)
1327 return (1);
1328
1329 ND_TCHECK_4(dp + 2);
1330 ND_PRINT(" offset 0x%x size %u ",
1331 EXTRACT_BE_U_4(dp), EXTRACT_BE_U_4(dp + 1));
1332 if (EXTRACT_BE_U_4(dp + 2) != 0)
1333 ND_PRINT(" eof");
1334
1335 return (1);
1336 trunc:
1337 return (0);
1338 }
1339
1340 static const uint32_t *
1341 parse_wcc_attr(netdissect_options *ndo,
1342 const uint32_t *dp)
1343 {
1344 /* Our caller has already checked this */
1345 ND_PRINT(" sz %" PRIu64, EXTRACT_BE_U_8(dp));
1346 ND_PRINT(" mtime %u.%06u ctime %u.%06u",
1347 EXTRACT_BE_U_4(dp + 2), EXTRACT_BE_U_4(dp + 3),
1348 EXTRACT_BE_U_4(dp + 4), EXTRACT_BE_U_4(dp + 5));
1349 return (dp + 6);
1350 }
1351
1352 /*
1353 * Pre operation attributes. Print only if vflag > 1.
1354 */
1355 static const uint32_t *
1356 parse_pre_op_attr(netdissect_options *ndo,
1357 const uint32_t *dp, int verbose)
1358 {
1359 ND_TCHECK_4(dp);
1360 if (!EXTRACT_BE_U_4(dp))
1361 return (dp + 1);
1362 dp++;
1363 ND_TCHECK_LEN(dp, 24);
1364 if (verbose > 1) {
1365 return parse_wcc_attr(ndo, dp);
1366 } else {
1367 /* If not verbose enough, just skip over wcc_attr */
1368 return (dp + 6);
1369 }
1370 trunc:
1371 return (NULL);
1372 }
1373
1374 /*
1375 * Post operation attributes are printed if vflag >= 1
1376 */
1377 static const uint32_t *
1378 parse_post_op_attr(netdissect_options *ndo,
1379 const uint32_t *dp, int verbose)
1380 {
1381 ND_TCHECK_4(dp);
1382 if (!EXTRACT_BE_U_4(dp))
1383 return (dp + 1);
1384 dp++;
1385 if (verbose) {
1386 return parsefattr(ndo, dp, verbose, 1);
1387 } else
1388 return (dp + (NFSX_V3FATTR / sizeof (uint32_t)));
1389 trunc:
1390 return (NULL);
1391 }
1392
1393 static const uint32_t *
1394 parse_wcc_data(netdissect_options *ndo,
1395 const uint32_t *dp, int verbose)
1396 {
1397 if (verbose > 1)
1398 ND_PRINT(" PRE:");
1399 if (!(dp = parse_pre_op_attr(ndo, dp, verbose)))
1400 return (0);
1401
1402 if (verbose)
1403 ND_PRINT(" POST:");
1404 return parse_post_op_attr(ndo, dp, verbose);
1405 }
1406
1407 static const uint32_t *
1408 parsecreateopres(netdissect_options *ndo,
1409 const uint32_t *dp, int verbose)
1410 {
1411 u_int er;
1412
1413 if (!(dp = parsestatus(ndo, dp, &er)))
1414 return (0);
1415 if (er)
1416 dp = parse_wcc_data(ndo, dp, verbose);
1417 else {
1418 ND_TCHECK_4(dp);
1419 if (!EXTRACT_BE_U_4(dp))
1420 return (dp + 1);
1421 dp++;
1422 if (!(dp = parsefh(ndo, dp, 1)))
1423 return (0);
1424 if (verbose) {
1425 if (!(dp = parse_post_op_attr(ndo, dp, verbose)))
1426 return (0);
1427 if (ndo->ndo_vflag > 1) {
1428 ND_PRINT(" dir attr:");
1429 dp = parse_wcc_data(ndo, dp, verbose);
1430 }
1431 }
1432 }
1433 return (dp);
1434 trunc:
1435 return (NULL);
1436 }
1437
1438 static int
1439 parsewccres(netdissect_options *ndo,
1440 const uint32_t *dp, int verbose)
1441 {
1442 u_int er;
1443
1444 if (!(dp = parsestatus(ndo, dp, &er)))
1445 return (0);
1446 return parse_wcc_data(ndo, dp, verbose) != NULL;
1447 }
1448
1449 static const uint32_t *
1450 parsev3rddirres(netdissect_options *ndo,
1451 const uint32_t *dp, int verbose)
1452 {
1453 u_int er;
1454
1455 if (!(dp = parsestatus(ndo, dp, &er)))
1456 return (0);
1457 if (ndo->ndo_vflag)
1458 ND_PRINT(" POST:");
1459 if (!(dp = parse_post_op_attr(ndo, dp, verbose)))
1460 return (0);
1461 if (er)
1462 return dp;
1463 if (ndo->ndo_vflag) {
1464 ND_TCHECK_4(dp + 1);
1465 /*
1466 * This displays the 8 bytes of the verifier in order,
1467 * from the low-order byte to the high-order byte.
1468 */
1469 ND_PRINT(" verf %08x%08x",
1470 EXTRACT_BE_U_4(dp), EXTRACT_BE_U_4(dp + 1));
1471 dp += 2;
1472 }
1473 return dp;
1474 trunc:
1475 return (NULL);
1476 }
1477
1478 static int
1479 parsefsinfo(netdissect_options *ndo,
1480 const uint32_t *dp)
1481 {
1482 const struct nfsv3_fsinfo *sfp;
1483 u_int er;
1484
1485 if (!(dp = parsestatus(ndo, dp, &er)))
1486 return (0);
1487 if (ndo->ndo_vflag)
1488 ND_PRINT(" POST:");
1489 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1490 return (0);
1491 if (er)
1492 return (1);
1493
1494 sfp = (const struct nfsv3_fsinfo *)dp;
1495 ND_TCHECK_SIZE(sfp);
1496 ND_PRINT(" rtmax %u rtpref %u wtmax %u wtpref %u dtpref %u",
1497 EXTRACT_BE_U_4(sfp->fs_rtmax),
1498 EXTRACT_BE_U_4(sfp->fs_rtpref),
1499 EXTRACT_BE_U_4(sfp->fs_wtmax),
1500 EXTRACT_BE_U_4(sfp->fs_wtpref),
1501 EXTRACT_BE_U_4(sfp->fs_dtpref));
1502 if (ndo->ndo_vflag) {
1503 ND_PRINT(" rtmult %u wtmult %u maxfsz %" PRIu64,
1504 EXTRACT_BE_U_4(sfp->fs_rtmult),
1505 EXTRACT_BE_U_4(sfp->fs_wtmult),
1506 EXTRACT_BE_U_8(sfp->fs_maxfilesize));
1507 ND_PRINT(" delta %u.%06u ",
1508 EXTRACT_BE_U_4(sfp->fs_timedelta.nfsv3_sec),
1509 EXTRACT_BE_U_4(sfp->fs_timedelta.nfsv3_nsec));
1510 }
1511 return (1);
1512 trunc:
1513 return (0);
1514 }
1515
1516 static int
1517 parsepathconf(netdissect_options *ndo,
1518 const uint32_t *dp)
1519 {
1520 u_int er;
1521 const struct nfsv3_pathconf *spp;
1522
1523 if (!(dp = parsestatus(ndo, dp, &er)))
1524 return (0);
1525 if (ndo->ndo_vflag)
1526 ND_PRINT(" POST:");
1527 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1528 return (0);
1529 if (er)
1530 return (1);
1531
1532 spp = (const struct nfsv3_pathconf *)dp;
1533 ND_TCHECK_SIZE(spp);
1534
1535 ND_PRINT(" linkmax %u namemax %u %s %s %s %s",
1536 EXTRACT_BE_U_4(spp->pc_linkmax),
1537 EXTRACT_BE_U_4(spp->pc_namemax),
1538 EXTRACT_BE_U_4(spp->pc_notrunc) ? "notrunc" : "",
1539 EXTRACT_BE_U_4(spp->pc_chownrestricted) ? "chownres" : "",
1540 EXTRACT_BE_U_4(spp->pc_caseinsensitive) ? "igncase" : "",
1541 EXTRACT_BE_U_4(spp->pc_casepreserving) ? "keepcase" : "");
1542 return (1);
1543 trunc:
1544 return (0);
1545 }
1546
1547 static void
1548 interp_reply(netdissect_options *ndo,
1549 const struct sunrpc_msg *rp, uint32_t proc, uint32_t vers, int length)
1550 {
1551 const uint32_t *dp;
1552 int v3;
1553 u_int er;
1554
1555 v3 = (vers == NFS_VER3);
1556
1557 if (!v3 && proc < NFS_NPROCS)
1558 proc = nfsv3_procid[proc];
1559
1560 ND_PRINT(" %s", tok2str(nfsproc_str, "proc-%u", proc));
1561 switch (proc) {
1562
1563 case NFSPROC_GETATTR:
1564 dp = parserep(ndo, rp, length);
1565 if (dp != NULL && parseattrstat(ndo, dp, !ndo->ndo_qflag, v3) != 0)
1566 return;
1567 break;
1568
1569 case NFSPROC_SETATTR:
1570 if (!(dp = parserep(ndo, rp, length)))
1571 return;
1572 if (v3) {
1573 if (parsewccres(ndo, dp, ndo->ndo_vflag))
1574 return;
1575 } else {
1576 if (parseattrstat(ndo, dp, !ndo->ndo_qflag, 0) != 0)
1577 return;
1578 }
1579 break;
1580
1581 case NFSPROC_LOOKUP:
1582 if (!(dp = parserep(ndo, rp, length)))
1583 break;
1584 if (v3) {
1585 if (!(dp = parsestatus(ndo, dp, &er)))
1586 break;
1587 if (er) {
1588 if (ndo->ndo_vflag > 1) {
1589 ND_PRINT(" post dattr:");
1590 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1591 }
1592 } else {
1593 if (!(dp = parsefh(ndo, dp, v3)))
1594 break;
1595 if ((dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)) &&
1596 ndo->ndo_vflag > 1) {
1597 ND_PRINT(" post dattr:");
1598 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1599 }
1600 }
1601 if (dp)
1602 return;
1603 } else {
1604 if (parsediropres(ndo, dp) != 0)
1605 return;
1606 }
1607 break;
1608
1609 case NFSPROC_ACCESS:
1610 if (!(dp = parserep(ndo, rp, length)))
1611 break;
1612 if (!(dp = parsestatus(ndo, dp, &er)))
1613 break;
1614 if (ndo->ndo_vflag)
1615 ND_PRINT(" attr:");
1616 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1617 break;
1618 if (!er) {
1619 ND_TCHECK_4(dp);
1620 ND_PRINT(" c %04x", EXTRACT_BE_U_4(dp));
1621 }
1622 return;
1623
1624 case NFSPROC_READLINK:
1625 dp = parserep(ndo, rp, length);
1626 if (dp != NULL && parselinkres(ndo, dp, v3) != 0)
1627 return;
1628 break;
1629
1630 case NFSPROC_READ:
1631 if (!(dp = parserep(ndo, rp, length)))
1632 break;
1633 if (v3) {
1634 if (!(dp = parsestatus(ndo, dp, &er)))
1635 break;
1636 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1637 break;
1638 if (er)
1639 return;
1640 if (ndo->ndo_vflag) {
1641 ND_TCHECK_4(dp + 1);
1642 ND_PRINT(" %u bytes", EXTRACT_BE_U_4(dp));
1643 if (EXTRACT_BE_U_4(dp + 1))
1644 ND_PRINT(" EOF");
1645 }
1646 return;
1647 } else {
1648 if (parseattrstat(ndo, dp, ndo->ndo_vflag, 0) != 0)
1649 return;
1650 }
1651 break;
1652
1653 case NFSPROC_WRITE:
1654 if (!(dp = parserep(ndo, rp, length)))
1655 break;
1656 if (v3) {
1657 if (!(dp = parsestatus(ndo, dp, &er)))
1658 break;
1659 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1660 break;
1661 if (er)
1662 return;
1663 if (ndo->ndo_vflag) {
1664 ND_TCHECK_4(dp);
1665 ND_PRINT(" %u bytes", EXTRACT_BE_U_4(dp));
1666 if (ndo->ndo_vflag > 1) {
1667 ND_TCHECK_4(dp + 1);
1668 ND_PRINT(" <%s>",
1669 tok2str(nfsv3_writemodes,
1670 NULL, EXTRACT_BE_U_4(dp + 1)));
1671 }
1672 return;
1673 }
1674 } else {
1675 if (parseattrstat(ndo, dp, ndo->ndo_vflag, v3) != 0)
1676 return;
1677 }
1678 break;
1679
1680 case NFSPROC_CREATE:
1681 case NFSPROC_MKDIR:
1682 if (!(dp = parserep(ndo, rp, length)))
1683 break;
1684 if (v3) {
1685 if (parsecreateopres(ndo, dp, ndo->ndo_vflag) != NULL)
1686 return;
1687 } else {
1688 if (parsediropres(ndo, dp) != 0)
1689 return;
1690 }
1691 break;
1692
1693 case NFSPROC_SYMLINK:
1694 if (!(dp = parserep(ndo, rp, length)))
1695 break;
1696 if (v3) {
1697 if (parsecreateopres(ndo, dp, ndo->ndo_vflag) != NULL)
1698 return;
1699 } else {
1700 if (parsestatus(ndo, dp, &er) != NULL)
1701 return;
1702 }
1703 break;
1704
1705 case NFSPROC_MKNOD:
1706 if (!(dp = parserep(ndo, rp, length)))
1707 break;
1708 if (parsecreateopres(ndo, dp, ndo->ndo_vflag) != NULL)
1709 return;
1710 break;
1711
1712 case NFSPROC_REMOVE:
1713 case NFSPROC_RMDIR:
1714 if (!(dp = parserep(ndo, rp, length)))
1715 break;
1716 if (v3) {
1717 if (parsewccres(ndo, dp, ndo->ndo_vflag))
1718 return;
1719 } else {
1720 if (parsestatus(ndo, dp, &er) != NULL)
1721 return;
1722 }
1723 break;
1724
1725 case NFSPROC_RENAME:
1726 if (!(dp = parserep(ndo, rp, length)))
1727 break;
1728 if (v3) {
1729 if (!(dp = parsestatus(ndo, dp, &er)))
1730 break;
1731 if (ndo->ndo_vflag) {
1732 ND_PRINT(" from:");
1733 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1734 break;
1735 ND_PRINT(" to:");
1736 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1737 break;
1738 }
1739 return;
1740 } else {
1741 if (parsestatus(ndo, dp, &er) != NULL)
1742 return;
1743 }
1744 break;
1745
1746 case NFSPROC_LINK:
1747 if (!(dp = parserep(ndo, rp, length)))
1748 break;
1749 if (v3) {
1750 if (!(dp = parsestatus(ndo, dp, &er)))
1751 break;
1752 if (ndo->ndo_vflag) {
1753 ND_PRINT(" file POST:");
1754 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1755 break;
1756 ND_PRINT(" dir:");
1757 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1758 break;
1759 return;
1760 }
1761 } else {
1762 if (parsestatus(ndo, dp, &er) != NULL)
1763 return;
1764 }
1765 break;
1766
1767 case NFSPROC_READDIR:
1768 if (!(dp = parserep(ndo, rp, length)))
1769 break;
1770 if (v3) {
1771 if (parsev3rddirres(ndo, dp, ndo->ndo_vflag))
1772 return;
1773 } else {
1774 if (parserddires(ndo, dp) != 0)
1775 return;
1776 }
1777 break;
1778
1779 case NFSPROC_READDIRPLUS:
1780 if (!(dp = parserep(ndo, rp, length)))
1781 break;
1782 if (parsev3rddirres(ndo, dp, ndo->ndo_vflag))
1783 return;
1784 break;
1785
1786 case NFSPROC_FSSTAT:
1787 dp = parserep(ndo, rp, length);
1788 if (dp != NULL && parsestatfs(ndo, dp, v3) != 0)
1789 return;
1790 break;
1791
1792 case NFSPROC_FSINFO:
1793 dp = parserep(ndo, rp, length);
1794 if (dp != NULL && parsefsinfo(ndo, dp) != 0)
1795 return;
1796 break;
1797
1798 case NFSPROC_PATHCONF:
1799 dp = parserep(ndo, rp, length);
1800 if (dp != NULL && parsepathconf(ndo, dp) != 0)
1801 return;
1802 break;
1803
1804 case NFSPROC_COMMIT:
1805 dp = parserep(ndo, rp, length);
1806 if (dp != NULL && parsewccres(ndo, dp, ndo->ndo_vflag) != 0)
1807 return;
1808 break;
1809
1810 default:
1811 return;
1812 }
1813 trunc:
1814 if (!nfserr)
1815 nd_print_trunc(ndo);
1816 }
[mirror] the TCPdump network dissector