The Tcpdump Group git mirrors - tcpdump/blob - print-nflog.c

   1 /*
   2  * Copyright (c) 2013, Petar Alilovic,
   3  * Faculty of Electrical Engineering and Computing, University of Zagreb
   4  * All rights reserved
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions are met:
   8  *
   9  * * Redistributions of source code must retain the above copyright notice,
  10  *       this list of conditions and the following disclaimer.
  11  * * Redistributions in binary form must reproduce the above copyright
  12  *       notice, this list of conditions and the following disclaimer in the
  13  *       documentation and/or other materials provided with the distribution.
  14  *
  15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
  16  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  18  * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
  19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  20  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  21  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  22  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
  25  * DAMAGE.
  26  */
  27
  28 #ifdef HAVE_CONFIG_H
  29 #include "config.h"
  30 #endif
  31
  32 #include <tcpdump-stdinc.h>
  33
  34 #include <stdio.h>
  35 #include <pcap.h>
  36
  37 #include "netdissect.h"
  38 #include "interface.h"
  39
  40 #ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H
  41 #include <linux/netfilter/nfnetlink_log.h>
  42 #include "nflog.h"
  43
  44 #ifdef DLT_NFLOG
  45
  46 const struct tok nflog_values[] = {
  47         { AF_INET,              "IPv4" },
  48         { AF_INET6,             "IPv6" },
  49         { 0,                            NULL }
  50 };
  51
  52 static inline void
  53 nflog_hdr_print(struct netdissect_options *ndo, const u_char *bp, u_int length)
  54 {
  55         const nflog_hdr_t *hdr;
  56         hdr = (const nflog_hdr_t *)bp;
  57
  58         ND_PRINT((ndo, "version %d, resource ID %d", hdr->nflog_version, ntohs(hdr->nflog_rid)));
  59
  60         if (!ndo->ndo_qflag) {
  61                 ND_PRINT((ndo,", family %s (%d)",
  62                                                   tok2str(nflog_values, "Unknown",
  63                                                                   hdr->nflog_family),
  64                                                   hdr->nflog_family));
  65                 } else {
  66                 ND_PRINT((ndo,", %s",
  67                                                   tok2str(nflog_values,
  68                                                                   "Unknown NFLOG (0x%02x)",
  69                                                                   hdr->nflog_family)));
  70                 }
  71
  72         ND_PRINT((ndo, ", length %u: ", length));
  73 }
  74
  75 static void
  76 nflog_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
  77 {
  78         const nflog_hdr_t *hdr;
  79         const nflog_tlv_t *tlv;
  80         u_int16_t size;
  81
  82         if (caplen < (int) sizeof(nflog_hdr_t)) {
  83                 ND_PRINT((ndo, "[|nflog]"));
  84                 return;
  85         }
  86
  87         if (ndo->ndo_eflag)
  88                 nflog_hdr_print(ndo, p, length);
  89
  90         length -= sizeof(nflog_hdr_t);
  91         caplen -= sizeof(nflog_hdr_t);
  92         hdr = (const nflog_hdr_t *)p;
  93         p += sizeof(nflog_hdr_t);
  94
  95         do {
  96                 tlv = (const nflog_tlv_t *) p;
  97                 size = tlv->tlv_length;
  98
  99                 /* wrong size of the packet */
 100                 if (size > length )
 101                         return;
 102
 103                 /* wrong tlv type */
 104                 if (tlv->tlv_type > NFULA_MAX)
 105                         return;
 106
 107                 if (size % 4 != 0)
 108                         size += 4 - size % 4;
 109
 110                 p += size;
 111                 length = length - size;
 112                 caplen = caplen - size;
 113
 114         } while (tlv->tlv_type != NFULA_PAYLOAD);
 115
 116         /* dont skip payload just tlv length and type */
 117         p = p - size + 4;
 118         length += size - 4;
 119         caplen += size - 4;
 120
 121         switch (hdr->nflog_family) {
 122
 123         case AF_INET:
 124                         ip_print(ndo, p, length);
 125                 break;
 126
 127 #ifdef INET6
 128         case AF_INET6:
 129                 ip6_print(ndo, p, length);
 130                 break;
 131 #endif /*INET6*/
 132
 133         default:
 134                 if (!ndo->ndo_eflag)
 135                         nflog_hdr_print(ndo, (u_char *)hdr,
 136                                 length + sizeof(nflog_hdr_t));
 137
 138                 if (!ndo->ndo_suppress_default_print)
 139                         ndo->ndo_default_print(ndo, p, caplen);
 140                 break;
 141         }
 142 }
 143
 144 u_int
 145 nflog_if_print(struct netdissect_options *ndo,
 146                            const struct pcap_pkthdr *h, const u_char *p)
 147 {
 148
 149         nflog_print(ndo, p, h->len, h->caplen);
 150         return (sizeof(nflog_hdr_t));
 151 }
 152
 153 #endif /* HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H */
 154 #endif /* DLT_NFLOG */