]> The Tcpdump Group git mirrors - tcpdump/blob - print-nfs.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'kivinen-master'
[tcpdump] / print-nfs.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Network File System (NFS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <stdio.h>
31 #include <string.h>
32 #include <limits.h>
33
34 #include "netdissect.h"
35 #include "addrtoname.h"
36 #include "extract.h"
37
38 #include "nfs.h"
39 #include "nfsfh.h"
40
41 #include "ip.h"
42 #include "ip6.h"
43 #include "rpc_auth.h"
44 #include "rpc_msg.h"
45
46
47 static void nfs_printfh(netdissect_options *, const uint32_t *, const u_int);
48 static int xid_map_enter(netdissect_options *, const struct sunrpc_msg *, const u_char *);
49 static int xid_map_find(const struct sunrpc_msg *, const u_char *,
50 uint32_t *, uint32_t *);
51 static void interp_reply(netdissect_options *, const struct sunrpc_msg *, uint32_t, uint32_t, int);
52 static const uint32_t *parse_post_op_attr(netdissect_options *, const uint32_t *, int);
53
54 /*
55 * Mapping of old NFS Version 2 RPC numbers to generic numbers.
56 */
57 static uint32_t nfsv3_procid[NFS_NPROCS] = {
58 NFSPROC_NULL,
59 NFSPROC_GETATTR,
60 NFSPROC_SETATTR,
61 NFSPROC_NOOP,
62 NFSPROC_LOOKUP,
63 NFSPROC_READLINK,
64 NFSPROC_READ,
65 NFSPROC_NOOP,
66 NFSPROC_WRITE,
67 NFSPROC_CREATE,
68 NFSPROC_REMOVE,
69 NFSPROC_RENAME,
70 NFSPROC_LINK,
71 NFSPROC_SYMLINK,
72 NFSPROC_MKDIR,
73 NFSPROC_RMDIR,
74 NFSPROC_READDIR,
75 NFSPROC_FSSTAT,
76 NFSPROC_NOOP,
77 NFSPROC_NOOP,
78 NFSPROC_NOOP,
79 NFSPROC_NOOP,
80 NFSPROC_NOOP,
81 NFSPROC_NOOP,
82 NFSPROC_NOOP,
83 NFSPROC_NOOP
84 };
85
86 static const struct tok nfsproc_str[] = {
87 { NFSPROC_NOOP, "nop" },
88 { NFSPROC_NULL, "null" },
89 { NFSPROC_GETATTR, "getattr" },
90 { NFSPROC_SETATTR, "setattr" },
91 { NFSPROC_LOOKUP, "lookup" },
92 { NFSPROC_ACCESS, "access" },
93 { NFSPROC_READLINK, "readlink" },
94 { NFSPROC_READ, "read" },
95 { NFSPROC_WRITE, "write" },
96 { NFSPROC_CREATE, "create" },
97 { NFSPROC_MKDIR, "mkdir" },
98 { NFSPROC_SYMLINK, "symlink" },
99 { NFSPROC_MKNOD, "mknod" },
100 { NFSPROC_REMOVE, "remove" },
101 { NFSPROC_RMDIR, "rmdir" },
102 { NFSPROC_RENAME, "rename" },
103 { NFSPROC_LINK, "link" },
104 { NFSPROC_READDIR, "readdir" },
105 { NFSPROC_READDIRPLUS, "readdirplus" },
106 { NFSPROC_FSSTAT, "fsstat" },
107 { NFSPROC_FSINFO, "fsinfo" },
108 { NFSPROC_PATHCONF, "pathconf" },
109 { NFSPROC_COMMIT, "commit" },
110 { 0, NULL }
111 };
112
113 /*
114 * NFS V2 and V3 status values.
115 *
116 * Some of these come from the RFCs for NFS V2 and V3, with the message
117 * strings taken from the FreeBSD C library "errlst.c".
118 *
119 * Others are errors that are not in the RFC but that I suspect some
120 * NFS servers could return; the values are FreeBSD errno values, as
121 * the first NFS server was the SunOS 2.0 one, and until 5.0 SunOS
122 * was primarily BSD-derived.
123 */
124 static const struct tok status2str[] = {
125 { 1, "Operation not permitted" }, /* EPERM */
126 { 2, "No such file or directory" }, /* ENOENT */
127 { 5, "Input/output error" }, /* EIO */
128 { 6, "Device not configured" }, /* ENXIO */
129 { 11, "Resource deadlock avoided" }, /* EDEADLK */
130 { 12, "Cannot allocate memory" }, /* ENOMEM */
131 { 13, "Permission denied" }, /* EACCES */
132 { 17, "File exists" }, /* EEXIST */
133 { 18, "Cross-device link" }, /* EXDEV */
134 { 19, "Operation not supported by device" }, /* ENODEV */
135 { 20, "Not a directory" }, /* ENOTDIR */
136 { 21, "Is a directory" }, /* EISDIR */
137 { 22, "Invalid argument" }, /* EINVAL */
138 { 26, "Text file busy" }, /* ETXTBSY */
139 { 27, "File too large" }, /* EFBIG */
140 { 28, "No space left on device" }, /* ENOSPC */
141 { 30, "Read-only file system" }, /* EROFS */
142 { 31, "Too many links" }, /* EMLINK */
143 { 45, "Operation not supported" }, /* EOPNOTSUPP */
144 { 62, "Too many levels of symbolic links" }, /* ELOOP */
145 { 63, "File name too long" }, /* ENAMETOOLONG */
146 { 66, "Directory not empty" }, /* ENOTEMPTY */
147 { 69, "Disc quota exceeded" }, /* EDQUOT */
148 { 70, "Stale NFS file handle" }, /* ESTALE */
149 { 71, "Too many levels of remote in path" }, /* EREMOTE */
150 { 99, "Write cache flushed to disk" }, /* NFSERR_WFLUSH (not used) */
151 { 10001, "Illegal NFS file handle" }, /* NFS3ERR_BADHANDLE */
152 { 10002, "Update synchronization mismatch" }, /* NFS3ERR_NOT_SYNC */
153 { 10003, "READDIR/READDIRPLUS cookie is stale" }, /* NFS3ERR_BAD_COOKIE */
154 { 10004, "Operation not supported" }, /* NFS3ERR_NOTSUPP */
155 { 10005, "Buffer or request is too small" }, /* NFS3ERR_TOOSMALL */
156 { 10006, "Unspecified error on server" }, /* NFS3ERR_SERVERFAULT */
157 { 10007, "Object of that type not supported" }, /* NFS3ERR_BADTYPE */
158 { 10008, "Request couldn't be completed in time" }, /* NFS3ERR_JUKEBOX */
159 { 0, NULL }
160 };
161
162 static const struct tok nfsv3_writemodes[] = {
163 { 0, "unstable" },
164 { 1, "datasync" },
165 { 2, "filesync" },
166 { 0, NULL }
167 };
168
169 static const struct tok type2str[] = {
170 { NFNON, "NON" },
171 { NFREG, "REG" },
172 { NFDIR, "DIR" },
173 { NFBLK, "BLK" },
174 { NFCHR, "CHR" },
175 { NFLNK, "LNK" },
176 { NFFIFO, "FIFO" },
177 { 0, NULL }
178 };
179
180 static const struct tok sunrpc_auth_str[] = {
181 { SUNRPC_AUTH_OK, "OK" },
182 { SUNRPC_AUTH_BADCRED, "Bogus Credentials (seal broken)" },
183 { SUNRPC_AUTH_REJECTEDCRED, "Rejected Credentials (client should begin new session)" },
184 { SUNRPC_AUTH_BADVERF, "Bogus Verifier (seal broken)" },
185 { SUNRPC_AUTH_REJECTEDVERF, "Verifier expired or was replayed" },
186 { SUNRPC_AUTH_TOOWEAK, "Credentials are too weak" },
187 { SUNRPC_AUTH_INVALIDRESP, "Bogus response verifier" },
188 { SUNRPC_AUTH_FAILED, "Unknown failure" },
189 { 0, NULL }
190 };
191
192 static const struct tok sunrpc_str[] = {
193 { SUNRPC_PROG_UNAVAIL, "PROG_UNAVAIL" },
194 { SUNRPC_PROG_MISMATCH, "PROG_MISMATCH" },
195 { SUNRPC_PROC_UNAVAIL, "PROC_UNAVAIL" },
196 { SUNRPC_GARBAGE_ARGS, "GARBAGE_ARGS" },
197 { SUNRPC_SYSTEM_ERR, "SYSTEM_ERR" },
198 { 0, NULL }
199 };
200
201 static void
202 print_nfsaddr(netdissect_options *ndo,
203 const u_char *bp, const char *s, const char *d)
204 {
205 const struct ip *ip;
206 const struct ip6_hdr *ip6;
207 char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
208
209 srcaddr[0] = dstaddr[0] = '\0';
210 switch (IP_V((const struct ip *)bp)) {
211 case 4:
212 ip = (const struct ip *)bp;
213 strlcpy(srcaddr, ipaddr_string(ndo, ip->ip_src), sizeof(srcaddr));
214 strlcpy(dstaddr, ipaddr_string(ndo, ip->ip_dst), sizeof(dstaddr));
215 break;
216 case 6:
217 ip6 = (const struct ip6_hdr *)bp;
218 strlcpy(srcaddr, ip6addr_string(ndo, ip6->ip6_src),
219 sizeof(srcaddr));
220 strlcpy(dstaddr, ip6addr_string(ndo, ip6->ip6_dst),
221 sizeof(dstaddr));
222 break;
223 default:
224 strlcpy(srcaddr, "?", sizeof(srcaddr));
225 strlcpy(dstaddr, "?", sizeof(dstaddr));
226 break;
227 }
228
229 ND_PRINT("%s.%s > %s.%s: ", srcaddr, s, dstaddr, d);
230 }
231
232 /*
233 * NFS Version 3 sattr3 structure for the new node creation case.
234 * This does not have a fixed layout on the network, so this
235 * structure does not correspond to the layout of the data on
236 * the network; it's used to store the data when the sattr3
237 * is parsed for use when it's later printed.
238 */
239 struct nfsv3_sattr {
240 uint32_t sa_modeset;
241 uint32_t sa_mode;
242 uint32_t sa_uidset;
243 uint32_t sa_uid;
244 uint32_t sa_gidset;
245 uint32_t sa_gid;
246 uint32_t sa_sizeset;
247 uint32_t sa_size;
248 uint32_t sa_atimetype;
249 struct {
250 uint32_t nfsv3_sec;
251 uint32_t nfsv3_nsec;
252 } sa_atime;
253 uint32_t sa_mtimetype;
254 struct {
255 uint32_t nfsv3_sec;
256 uint32_t nfsv3_nsec;
257 } sa_mtime;
258 };
259
260 static const uint32_t *
261 parse_sattr3(netdissect_options *ndo,
262 const uint32_t *dp, struct nfsv3_sattr *sa3)
263 {
264 ND_TCHECK_4(dp);
265 sa3->sa_modeset = EXTRACT_BE_U_4(dp);
266 dp++;
267 if (sa3->sa_modeset) {
268 ND_TCHECK_4(dp);
269 sa3->sa_mode = EXTRACT_BE_U_4(dp);
270 dp++;
271 }
272
273 ND_TCHECK_4(dp);
274 sa3->sa_uidset = EXTRACT_BE_U_4(dp);
275 dp++;
276 if (sa3->sa_uidset) {
277 ND_TCHECK_4(dp);
278 sa3->sa_uid = EXTRACT_BE_U_4(dp);
279 dp++;
280 }
281
282 ND_TCHECK_4(dp);
283 sa3->sa_gidset = EXTRACT_BE_U_4(dp);
284 dp++;
285 if (sa3->sa_gidset) {
286 ND_TCHECK_4(dp);
287 sa3->sa_gid = EXTRACT_BE_U_4(dp);
288 dp++;
289 }
290
291 ND_TCHECK_4(dp);
292 sa3->sa_sizeset = EXTRACT_BE_U_4(dp);
293 dp++;
294 if (sa3->sa_sizeset) {
295 ND_TCHECK_4(dp);
296 sa3->sa_size = EXTRACT_BE_U_4(dp);
297 dp++;
298 }
299
300 ND_TCHECK_4(dp);
301 sa3->sa_atimetype = EXTRACT_BE_U_4(dp);
302 dp++;
303 if (sa3->sa_atimetype == NFSV3SATTRTIME_TOCLIENT) {
304 ND_TCHECK_4(dp + 1);
305 sa3->sa_atime.nfsv3_sec = EXTRACT_BE_U_4(dp);
306 dp++;
307 sa3->sa_atime.nfsv3_nsec = EXTRACT_BE_U_4(dp);
308 dp++;
309 }
310
311 ND_TCHECK_4(dp);
312 sa3->sa_mtimetype = EXTRACT_BE_U_4(dp);
313 dp++;
314 if (sa3->sa_mtimetype == NFSV3SATTRTIME_TOCLIENT) {
315 ND_TCHECK_4(dp + 1);
316 sa3->sa_mtime.nfsv3_sec = EXTRACT_BE_U_4(dp);
317 dp++;
318 sa3->sa_mtime.nfsv3_nsec = EXTRACT_BE_U_4(dp);
319 dp++;
320 }
321
322 return dp;
323 trunc:
324 return NULL;
325 }
326
327 static void
328 print_sattr3(netdissect_options *ndo,
329 const struct nfsv3_sattr *sa3, int verbose)
330 {
331 if (sa3->sa_modeset)
332 ND_PRINT(" mode %o", sa3->sa_mode);
333 if (sa3->sa_uidset)
334 ND_PRINT(" uid %u", sa3->sa_uid);
335 if (sa3->sa_gidset)
336 ND_PRINT(" gid %u", sa3->sa_gid);
337 if (verbose > 1) {
338 if (sa3->sa_atimetype == NFSV3SATTRTIME_TOCLIENT)
339 ND_PRINT(" atime %u.%06u", sa3->sa_atime.nfsv3_sec,
340 sa3->sa_atime.nfsv3_nsec);
341 if (sa3->sa_mtimetype == NFSV3SATTRTIME_TOCLIENT)
342 ND_PRINT(" mtime %u.%06u", sa3->sa_mtime.nfsv3_sec,
343 sa3->sa_mtime.nfsv3_nsec);
344 }
345 }
346
347 void
348 nfsreply_print(netdissect_options *ndo,
349 const u_char *bp, u_int length,
350 const u_char *bp2)
351 {
352 const struct sunrpc_msg *rp;
353 char srcid[20], dstid[20]; /*fits 32bit*/
354
355 ndo->ndo_protocol = "nfs";
356 rp = (const struct sunrpc_msg *)bp;
357
358 ND_TCHECK_4(rp->rm_xid);
359 if (!ndo->ndo_nflag) {
360 strlcpy(srcid, "nfs", sizeof(srcid));
361 nd_snprintf(dstid, sizeof(dstid), "%u",
362 EXTRACT_BE_U_4(rp->rm_xid));
363 } else {
364 nd_snprintf(srcid, sizeof(srcid), "%u", NFS_PORT);
365 nd_snprintf(dstid, sizeof(dstid), "%u",
366 EXTRACT_BE_U_4(rp->rm_xid));
367 }
368 print_nfsaddr(ndo, bp2, srcid, dstid);
369
370 nfsreply_noaddr_print(ndo, bp, length, bp2);
371 return;
372
373 trunc:
374 nd_print_trunc(ndo);
375 }
376
377 void
378 nfsreply_noaddr_print(netdissect_options *ndo,
379 const u_char *bp, u_int length,
380 const u_char *bp2)
381 {
382 const struct sunrpc_msg *rp;
383 uint32_t proc, vers, reply_stat;
384 enum sunrpc_reject_stat rstat;
385 uint32_t rlow;
386 uint32_t rhigh;
387 enum sunrpc_auth_stat rwhy;
388
389 ndo->ndo_protocol = "nfs";
390 rp = (const struct sunrpc_msg *)bp;
391
392 ND_TCHECK_4(rp->rm_reply.rp_stat);
393 reply_stat = EXTRACT_BE_U_4(&rp->rm_reply.rp_stat);
394 switch (reply_stat) {
395
396 case SUNRPC_MSG_ACCEPTED:
397 ND_PRINT("reply ok %u", length);
398 if (xid_map_find(rp, bp2, &proc, &vers) >= 0)
399 interp_reply(ndo, rp, proc, vers, length);
400 break;
401
402 case SUNRPC_MSG_DENIED:
403 ND_PRINT("reply ERR %u: ", length);
404 ND_TCHECK_4(rp->rm_reply.rp_reject.rj_stat);
405 rstat = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_stat);
406 switch (rstat) {
407
408 case SUNRPC_RPC_MISMATCH:
409 ND_TCHECK_4(rp->rm_reply.rp_reject.rj_vers.high);
410 rlow = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_vers.low);
411 rhigh = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_vers.high);
412 ND_PRINT("RPC Version mismatch (%u-%u)", rlow, rhigh);
413 break;
414
415 case SUNRPC_AUTH_ERROR:
416 ND_TCHECK_4(rp->rm_reply.rp_reject.rj_why);
417 rwhy = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_why);
418 ND_PRINT("Auth %s", tok2str(sunrpc_auth_str, "Invalid failure code %u", rwhy));
419 break;
420
421 default:
422 ND_PRINT("Unknown reason for rejecting rpc message %u", (unsigned int)rstat);
423 break;
424 }
425 break;
426
427 default:
428 ND_PRINT("reply Unknown rpc response code=%u %u", reply_stat, length);
429 break;
430 }
431 return;
432
433 trunc:
434 nd_print_trunc(ndo);
435 }
436
437 /*
438 * Return a pointer to the first file handle in the packet.
439 * If the packet was truncated, return 0.
440 */
441 static const uint32_t *
442 parsereq(netdissect_options *ndo,
443 const struct sunrpc_msg *rp, u_int length)
444 {
445 const uint32_t *dp;
446 u_int len, rounded_len;
447
448 /*
449 * Find the start of the req data (if we captured it).
450 * First, get the length of the credentials, and make sure
451 * we have all of the opaque part of the credentials.
452 */
453 dp = (const uint32_t *)&rp->rm_call.cb_cred;
454 if (length < 2 * sizeof(*dp))
455 goto trunc;
456 ND_TCHECK_4(dp + 1);
457 len = EXTRACT_BE_U_4(dp + 1);
458 rounded_len = roundup2(len, 4);
459 ND_TCHECK_LEN(dp + 2, rounded_len);
460 if (2 * sizeof(*dp) + rounded_len <= length) {
461 /*
462 * We have all of the credentials. Skip past them; they
463 * consist of 4 bytes of flavor, 4 bytes of length,
464 * and len-rounded-up-to-a-multiple-of-4 bytes of
465 * data.
466 */
467 dp += (len + (2 * sizeof(*dp) + 3)) / sizeof(*dp);
468 length -= 2 * sizeof(*dp) + rounded_len;
469
470 /*
471 * Now get the length of the verifier, and make sure
472 * we have all of the opaque part of the verifier.
473 */
474 if (length < 2 * sizeof(*dp))
475 goto trunc;
476 ND_TCHECK_4(dp + 1);
477 len = EXTRACT_BE_U_4(dp + 1);
478 rounded_len = roundup2(len, 4);
479 ND_TCHECK_LEN(dp + 2, rounded_len);
480 if (2 * sizeof(*dp) + rounded_len < length) {
481 /*
482 * We have all of the verifier. Skip past it;
483 * it consists of 4 bytes of flavor, 4 bytes of
484 * length, and len-rounded-up-to-a-multiple-of-4
485 * bytes of data.
486 */
487 dp += (len + (2 * sizeof(*dp) + 3)) / sizeof(*dp);
488 return (dp);
489 }
490 }
491 trunc:
492 return (NULL);
493 }
494
495 /*
496 * Print out an NFS file handle and return a pointer to following word.
497 * If packet was truncated, return 0.
498 */
499 static const uint32_t *
500 parsefh(netdissect_options *ndo,
501 const uint32_t *dp, int v3)
502 {
503 u_int len;
504
505 if (v3) {
506 ND_TCHECK_4(dp);
507 len = EXTRACT_BE_U_4(dp) / 4;
508 dp++;
509 } else
510 len = NFSX_V2FH / 4;
511
512 if (ND_TTEST_LEN(dp, len * sizeof(*dp))) {
513 nfs_printfh(ndo, dp, len);
514 return (dp + len);
515 }
516 trunc:
517 return (NULL);
518 }
519
520 /*
521 * Print out a file name and return pointer to 32-bit word past it.
522 * If packet was truncated, return 0.
523 */
524 static const uint32_t *
525 parsefn(netdissect_options *ndo,
526 const uint32_t *dp)
527 {
528 uint32_t len;
529 const u_char *cp;
530
531 /* Bail if we don't have the string length */
532 ND_TCHECK_4(dp);
533
534 /* Fetch big-endian string length */
535 len = EXTRACT_BE_U_4(dp);
536 dp++;
537
538 if (UINT_MAX - len < 3) {
539 ND_PRINT("[cannot pad to 32-bit boundaries]");
540 nd_print_invalid(ndo);
541 return NULL;
542 }
543
544 ND_TCHECK_LEN(dp, ((len + 3) & ~3));
545
546 cp = (const u_char *)dp;
547 /* Update 32-bit pointer (NFS filenames padded to 32-bit boundaries) */
548 dp += ((len + 3) & ~3) / sizeof(*dp);
549 ND_PRINT("\"");
550 if (nd_printn(ndo, cp, len, ndo->ndo_snapend)) {
551 ND_PRINT("\"");
552 goto trunc;
553 }
554 ND_PRINT("\"");
555
556 return (dp);
557 trunc:
558 return NULL;
559 }
560
561 /*
562 * Print out file handle and file name.
563 * Return pointer to 32-bit word past file name.
564 * If packet was truncated (or there was some other error), return 0.
565 */
566 static const uint32_t *
567 parsefhn(netdissect_options *ndo,
568 const uint32_t *dp, int v3)
569 {
570 dp = parsefh(ndo, dp, v3);
571 if (dp == NULL)
572 return (NULL);
573 ND_PRINT(" ");
574 return (parsefn(ndo, dp));
575 }
576
577 void
578 nfsreq_noaddr_print(netdissect_options *ndo,
579 const u_char *bp, u_int length,
580 const u_char *bp2)
581 {
582 const struct sunrpc_msg *rp;
583 const uint32_t *dp;
584 nfs_type type;
585 int v3;
586 uint32_t proc;
587 uint32_t access_flags;
588 struct nfsv3_sattr sa3;
589
590 ndo->ndo_protocol = "nfs";
591 ND_PRINT("%u", length);
592 rp = (const struct sunrpc_msg *)bp;
593
594 if (!xid_map_enter(ndo, rp, bp2)) /* record proc number for later on */
595 goto trunc;
596
597 v3 = (EXTRACT_BE_U_4(&rp->rm_call.cb_vers) == NFS_VER3);
598 proc = EXTRACT_BE_U_4(&rp->rm_call.cb_proc);
599
600 if (!v3 && proc < NFS_NPROCS)
601 proc = nfsv3_procid[proc];
602
603 ND_PRINT(" %s", tok2str(nfsproc_str, "proc-%u", proc));
604 switch (proc) {
605
606 case NFSPROC_GETATTR:
607 case NFSPROC_SETATTR:
608 case NFSPROC_READLINK:
609 case NFSPROC_FSSTAT:
610 case NFSPROC_FSINFO:
611 case NFSPROC_PATHCONF:
612 dp = parsereq(ndo, rp, length);
613 if (dp == NULL)
614 goto trunc;
615 if (parsefh(ndo, dp, v3) == NULL)
616 goto trunc;
617 break;
618
619 case NFSPROC_LOOKUP:
620 case NFSPROC_CREATE:
621 case NFSPROC_MKDIR:
622 case NFSPROC_REMOVE:
623 case NFSPROC_RMDIR:
624 dp = parsereq(ndo, rp, length);
625 if (dp == NULL)
626 goto trunc;
627 if (parsefhn(ndo, dp, v3) == NULL)
628 goto trunc;
629 break;
630
631 case NFSPROC_ACCESS:
632 dp = parsereq(ndo, rp, length);
633 if (dp == NULL)
634 goto trunc;
635 dp = parsefh(ndo, dp, v3);
636 if (dp == NULL)
637 goto trunc;
638 ND_TCHECK_4(dp);
639 access_flags = EXTRACT_BE_U_4(dp);
640 if (access_flags & ~NFSV3ACCESS_FULL) {
641 /* NFSV3ACCESS definitions aren't up to date */
642 ND_PRINT(" %04x", access_flags);
643 } else if ((access_flags & NFSV3ACCESS_FULL) == NFSV3ACCESS_FULL) {
644 ND_PRINT(" NFS_ACCESS_FULL");
645 } else {
646 char separator = ' ';
647 if (access_flags & NFSV3ACCESS_READ) {
648 ND_PRINT(" NFS_ACCESS_READ");
649 separator = '|';
650 }
651 if (access_flags & NFSV3ACCESS_LOOKUP) {
652 ND_PRINT("%cNFS_ACCESS_LOOKUP", separator);
653 separator = '|';
654 }
655 if (access_flags & NFSV3ACCESS_MODIFY) {
656 ND_PRINT("%cNFS_ACCESS_MODIFY", separator);
657 separator = '|';
658 }
659 if (access_flags & NFSV3ACCESS_EXTEND) {
660 ND_PRINT("%cNFS_ACCESS_EXTEND", separator);
661 separator = '|';
662 }
663 if (access_flags & NFSV3ACCESS_DELETE) {
664 ND_PRINT("%cNFS_ACCESS_DELETE", separator);
665 separator = '|';
666 }
667 if (access_flags & NFSV3ACCESS_EXECUTE)
668 ND_PRINT("%cNFS_ACCESS_EXECUTE", separator);
669 }
670 break;
671
672 case NFSPROC_READ:
673 dp = parsereq(ndo, rp, length);
674 if (dp == NULL)
675 goto trunc;
676 dp = parsefh(ndo, dp, v3);
677 if (dp == NULL)
678 goto trunc;
679 if (v3) {
680 ND_TCHECK_4(dp + 2);
681 ND_PRINT(" %u bytes @ %" PRIu64,
682 EXTRACT_BE_U_4(dp + 2),
683 EXTRACT_BE_U_8(dp));
684 } else {
685 ND_TCHECK_4(dp + 1);
686 ND_PRINT(" %u bytes @ %u",
687 EXTRACT_BE_U_4(dp + 1),
688 EXTRACT_BE_U_4(dp));
689 }
690 break;
691
692 case NFSPROC_WRITE:
693 dp = parsereq(ndo, rp, length);
694 if (dp == NULL)
695 goto trunc;
696 dp = parsefh(ndo, dp, v3);
697 if (dp == NULL)
698 goto trunc;
699 if (v3) {
700 ND_TCHECK_4(dp + 4);
701 ND_PRINT(" %u (%u) bytes @ %" PRIu64,
702 EXTRACT_BE_U_4(dp + 4),
703 EXTRACT_BE_U_4(dp + 2),
704 EXTRACT_BE_U_8(dp));
705 if (ndo->ndo_vflag) {
706 ND_PRINT(" <%s>",
707 tok2str(nfsv3_writemodes,
708 NULL, EXTRACT_BE_U_4(dp + 3)));
709 }
710 } else {
711 ND_TCHECK_4(dp + 3);
712 ND_PRINT(" %u (%u) bytes @ %u (%u)",
713 EXTRACT_BE_U_4(dp + 3),
714 EXTRACT_BE_U_4(dp + 2),
715 EXTRACT_BE_U_4(dp + 1),
716 EXTRACT_BE_U_4(dp));
717 }
718 break;
719
720 case NFSPROC_SYMLINK:
721 dp = parsereq(ndo, rp, length);
722 if (dp == NULL)
723 goto trunc;
724 dp = parsefhn(ndo, dp, v3);
725 if (dp == NULL)
726 goto trunc;
727 ND_PRINT(" ->");
728 if (v3 && (dp = parse_sattr3(ndo, dp, &sa3)) == NULL)
729 goto trunc;
730 if (parsefn(ndo, dp) == NULL)
731 goto trunc;
732 if (v3 && ndo->ndo_vflag)
733 print_sattr3(ndo, &sa3, ndo->ndo_vflag);
734 break;
735
736 case NFSPROC_MKNOD:
737 dp = parsereq(ndo, rp, length);
738 if (dp == NULL)
739 goto trunc;
740 dp = parsefhn(ndo, dp, v3);
741 if (dp == NULL)
742 goto trunc;
743 ND_TCHECK_4(dp);
744 type = (nfs_type) EXTRACT_BE_U_4(dp);
745 dp++;
746 dp = parse_sattr3(ndo, dp, &sa3);
747 if (dp == NULL)
748 goto trunc;
749 ND_PRINT(" %s", tok2str(type2str, "unk-ft %u", type));
750 if (ndo->ndo_vflag && (type == NFCHR || type == NFBLK)) {
751 ND_TCHECK_4(dp + 1);
752 ND_PRINT(" %u/%u",
753 EXTRACT_BE_U_4(dp),
754 EXTRACT_BE_U_4(dp + 1));
755 dp += 2;
756 }
757 if (ndo->ndo_vflag)
758 print_sattr3(ndo, &sa3, ndo->ndo_vflag);
759 break;
760
761 case NFSPROC_RENAME:
762 dp = parsereq(ndo, rp, length);
763 if (dp == NULL)
764 goto trunc;
765 dp = parsefhn(ndo, dp, v3);
766 if (dp == NULL)
767 goto trunc;
768 ND_PRINT(" ->");
769 if (parsefhn(ndo, dp, v3) == NULL)
770 goto trunc;
771 break;
772
773 case NFSPROC_LINK:
774 dp = parsereq(ndo, rp, length);
775 if (dp == NULL)
776 goto trunc;
777 dp = parsefh(ndo, dp, v3);
778 if (dp == NULL)
779 goto trunc;
780 ND_PRINT(" ->");
781 if (parsefhn(ndo, dp, v3) == NULL)
782 goto trunc;
783 break;
784
785 case NFSPROC_READDIR:
786 dp = parsereq(ndo, rp, length);
787 if (dp == NULL)
788 goto trunc;
789 dp = parsefh(ndo, dp, v3);
790 if (dp == NULL)
791 goto trunc;
792 if (v3) {
793 ND_TCHECK_4(dp + 4);
794 /*
795 * We shouldn't really try to interpret the
796 * offset cookie here.
797 */
798 ND_PRINT(" %u bytes @ %" PRId64,
799 EXTRACT_BE_U_4(dp + 4),
800 EXTRACT_BE_U_8(dp));
801 if (ndo->ndo_vflag) {
802 /*
803 * This displays the 8 bytes
804 * of the verifier in order,
805 * from the low-order byte
806 * to the high-order byte.
807 */
808 ND_PRINT(" verf %08x%08x",
809 EXTRACT_BE_U_4(dp + 2),
810 EXTRACT_BE_U_4(dp + 3));
811 }
812 } else {
813 ND_TCHECK_4(dp + 1);
814 /*
815 * Print the offset as signed, since -1 is
816 * common, but offsets > 2^31 aren't.
817 */
818 ND_PRINT(" %u bytes @ %u",
819 EXTRACT_BE_U_4(dp + 1),
820 EXTRACT_BE_U_4(dp));
821 }
822 break;
823
824 case NFSPROC_READDIRPLUS:
825 dp = parsereq(ndo, rp, length);
826 if (dp == NULL)
827 goto trunc;
828 dp = parsefh(ndo, dp, v3);
829 if (dp == NULL)
830 goto trunc;
831 ND_TCHECK_4(dp + 4);
832 /*
833 * We don't try to interpret the offset
834 * cookie here.
835 */
836 ND_PRINT(" %u bytes @ %" PRId64,
837 EXTRACT_BE_U_4(dp + 4),
838 EXTRACT_BE_U_8(dp));
839 if (ndo->ndo_vflag) {
840 ND_TCHECK_4(dp + 5);
841 /*
842 * This displays the 8 bytes
843 * of the verifier in order,
844 * from the low-order byte
845 * to the high-order byte.
846 */
847 ND_PRINT(" max %u verf %08x%08x",
848 EXTRACT_BE_U_4(dp + 5),
849 EXTRACT_BE_U_4(dp + 2),
850 EXTRACT_BE_U_4(dp + 3));
851 }
852 break;
853
854 case NFSPROC_COMMIT:
855 dp = parsereq(ndo, rp, length);
856 if (dp == NULL)
857 goto trunc;
858 dp = parsefh(ndo, dp, v3);
859 if (dp == NULL)
860 goto trunc;
861 ND_TCHECK_4(dp + 2);
862 ND_PRINT(" %u bytes @ %" PRIu64,
863 EXTRACT_BE_U_4(dp + 2),
864 EXTRACT_BE_U_8(dp));
865 break;
866
867 default:
868 break;
869 }
870 return;
871
872 trunc:
873 nd_print_trunc(ndo);
874 }
875
876 /*
877 * Print out an NFS file handle.
878 * We assume packet was not truncated before the end of the
879 * file handle pointed to by dp.
880 *
881 * Note: new version (using portable file-handle parser) doesn't produce
882 * generation number. It probably could be made to do that, with some
883 * additional hacking on the parser code.
884 */
885 static void
886 nfs_printfh(netdissect_options *ndo,
887 const uint32_t *dp, const u_int len)
888 {
889 my_fsid fsid;
890 uint32_t ino;
891 const char *sfsname = NULL;
892 char *spacep;
893
894 if (ndo->ndo_uflag) {
895 u_int i;
896 char const *sep = "";
897
898 ND_PRINT(" fh[");
899 for (i=0; i<len; i++) {
900 /*
901 * This displays 4 bytes in big-endian byte
902 * order. That's as good a choice as little-
903 * endian, as there's no guarantee that the
904 * server is big-endian or little-endian or
905 * that the file handle contains 4-byte
906 * integral fields, and is better than "the
907 * byte order of the host running tcpdump", as
908 * the latter means that different hosts
909 * running tcpdump may show the same file
910 * handle in different ways.
911 */
912 ND_PRINT("%s%x", sep, EXTRACT_BE_U_4(dp + i));
913 sep = ":";
914 }
915 ND_PRINT("]");
916 return;
917 }
918
919 Parse_fh((const u_char *)dp, len, &fsid, &ino, NULL, &sfsname, 0);
920
921 if (sfsname) {
922 /* file system ID is ASCII, not numeric, for this server OS */
923 char temp[NFSX_V3FHMAX+1];
924 u_int stringlen;
925
926 /* Make sure string is null-terminated */
927 stringlen = len;
928 if (stringlen > NFSX_V3FHMAX)
929 stringlen = NFSX_V3FHMAX;
930 strncpy(temp, sfsname, stringlen);
931 temp[stringlen] = '\0';
932 /* Remove trailing spaces */
933 spacep = strchr(temp, ' ');
934 if (spacep)
935 *spacep = '\0';
936
937 ND_PRINT(" fh %s/", temp);
938 } else {
939 ND_PRINT(" fh %u,%u/",
940 fsid.Fsid_dev.Major, fsid.Fsid_dev.Minor);
941 }
942
943 if(fsid.Fsid_dev.Minor == 257)
944 /* Print the undecoded handle */
945 ND_PRINT("%s", fsid.Opaque_Handle);
946 else
947 ND_PRINT("%ld", (long) ino);
948 }
949
950 /*
951 * Maintain a small cache of recent client.XID.server/proc pairs, to allow
952 * us to match up replies with requests and thus to know how to parse
953 * the reply.
954 */
955
956 struct xid_map_entry {
957 uint32_t xid; /* transaction ID (net order) */
958 int ipver; /* IP version (4 or 6) */
959 struct in6_addr client; /* client IP address (net order) */
960 struct in6_addr server; /* server IP address (net order) */
961 uint32_t proc; /* call proc number (host order) */
962 uint32_t vers; /* program version (host order) */
963 };
964
965 /*
966 * Map entries are kept in an array that we manage as a ring;
967 * new entries are always added at the tail of the ring. Initially,
968 * all the entries are zero and hence don't match anything.
969 */
970
971 #define XIDMAPSIZE 64
972
973 static struct xid_map_entry xid_map[XIDMAPSIZE];
974
975 static int xid_map_next = 0;
976 static int xid_map_hint = 0;
977
978 static int
979 xid_map_enter(netdissect_options *ndo,
980 const struct sunrpc_msg *rp, const u_char *bp)
981 {
982 const struct ip *ip = NULL;
983 const struct ip6_hdr *ip6 = NULL;
984 struct xid_map_entry *xmep;
985
986 if (!ND_TTEST_4(rp->rm_call.cb_proc))
987 return (0);
988 switch (IP_V((const struct ip *)bp)) {
989 case 4:
990 ip = (const struct ip *)bp;
991 break;
992 case 6:
993 ip6 = (const struct ip6_hdr *)bp;
994 break;
995 default:
996 return (1);
997 }
998
999 xmep = &xid_map[xid_map_next];
1000
1001 if (++xid_map_next >= XIDMAPSIZE)
1002 xid_map_next = 0;
1003
1004 UNALIGNED_MEMCPY(&xmep->xid, &rp->rm_xid, sizeof(xmep->xid));
1005 if (ip) {
1006 xmep->ipver = 4;
1007 UNALIGNED_MEMCPY(&xmep->client, ip->ip_src,
1008 sizeof(ip->ip_src));
1009 UNALIGNED_MEMCPY(&xmep->server, ip->ip_dst,
1010 sizeof(ip->ip_dst));
1011 }
1012 else if (ip6) {
1013 xmep->ipver = 6;
1014 UNALIGNED_MEMCPY(&xmep->client, ip6->ip6_src,
1015 sizeof(ip6->ip6_src));
1016 UNALIGNED_MEMCPY(&xmep->server, ip6->ip6_dst,
1017 sizeof(ip6->ip6_dst));
1018 }
1019 xmep->proc = EXTRACT_BE_U_4(&rp->rm_call.cb_proc);
1020 xmep->vers = EXTRACT_BE_U_4(&rp->rm_call.cb_vers);
1021 return (1);
1022 }
1023
1024 /*
1025 * Returns 0 and puts NFSPROC_xxx in proc return and
1026 * version in vers return, or returns -1 on failure
1027 */
1028 static int
1029 xid_map_find(const struct sunrpc_msg *rp, const u_char *bp, uint32_t *proc,
1030 uint32_t *vers)
1031 {
1032 int i;
1033 struct xid_map_entry *xmep;
1034 uint32_t xid;
1035 const struct ip *ip = (const struct ip *)bp;
1036 const struct ip6_hdr *ip6 = (const struct ip6_hdr *)bp;
1037 int cmp;
1038
1039 UNALIGNED_MEMCPY(&xid, &rp->rm_xid, sizeof(xmep->xid));
1040 /* Start searching from where we last left off */
1041 i = xid_map_hint;
1042 do {
1043 xmep = &xid_map[i];
1044 cmp = 1;
1045 if (xmep->ipver != IP_V(ip) || xmep->xid != xid)
1046 goto nextitem;
1047 switch (xmep->ipver) {
1048 case 4:
1049 if (UNALIGNED_MEMCMP(ip->ip_src, &xmep->server,
1050 sizeof(ip->ip_src)) != 0 ||
1051 UNALIGNED_MEMCMP(ip->ip_dst, &xmep->client,
1052 sizeof(ip->ip_dst)) != 0) {
1053 cmp = 0;
1054 }
1055 break;
1056 case 6:
1057 if (UNALIGNED_MEMCMP(ip6->ip6_src, &xmep->server,
1058 sizeof(ip6->ip6_src)) != 0 ||
1059 UNALIGNED_MEMCMP(ip6->ip6_dst, &xmep->client,
1060 sizeof(ip6->ip6_dst)) != 0) {
1061 cmp = 0;
1062 }
1063 break;
1064 default:
1065 cmp = 0;
1066 break;
1067 }
1068 if (cmp) {
1069 /* match */
1070 xid_map_hint = i;
1071 *proc = xmep->proc;
1072 *vers = xmep->vers;
1073 return 0;
1074 }
1075 nextitem:
1076 if (++i >= XIDMAPSIZE)
1077 i = 0;
1078 } while (i != xid_map_hint);
1079
1080 /* search failed */
1081 return (-1);
1082 }
1083
1084 /*
1085 * Routines for parsing reply packets
1086 */
1087
1088 /*
1089 * Return a pointer to the beginning of the actual results.
1090 * If the packet was truncated, return 0.
1091 */
1092 static const uint32_t *
1093 parserep(netdissect_options *ndo,
1094 const struct sunrpc_msg *rp, u_int length, int *nfserrp)
1095 {
1096 const uint32_t *dp;
1097 u_int len;
1098 enum sunrpc_accept_stat astat;
1099
1100 /*
1101 * Portability note:
1102 * Here we find the address of the ar_verf credentials.
1103 * Originally, this calculation was
1104 * dp = (uint32_t *)&rp->rm_reply.rp_acpt.ar_verf
1105 * On the wire, the rp_acpt field starts immediately after
1106 * the (32 bit) rp_stat field. However, rp_acpt (which is a
1107 * "struct accepted_reply") contains a "struct opaque_auth",
1108 * whose internal representation contains a pointer, so on a
1109 * 64-bit machine the compiler inserts 32 bits of padding
1110 * before rp->rm_reply.rp_acpt.ar_verf. So, we cannot use
1111 * the internal representation to parse the on-the-wire
1112 * representation. Instead, we skip past the rp_stat field,
1113 * which is an "enum" and so occupies one 32-bit word.
1114 */
1115 dp = ((const uint32_t *)&rp->rm_reply) + 1;
1116 ND_TCHECK_4(dp + 1);
1117 len = EXTRACT_BE_U_4(dp + 1);
1118 if (len >= length)
1119 return (NULL);
1120 /*
1121 * skip past the ar_verf credentials.
1122 */
1123 dp += (len + (2*sizeof(uint32_t) + 3)) / sizeof(uint32_t);
1124
1125 /*
1126 * now we can check the ar_stat field
1127 */
1128 ND_TCHECK_4(dp);
1129 astat = (enum sunrpc_accept_stat) EXTRACT_BE_U_4(dp);
1130 if (astat != SUNRPC_SUCCESS) {
1131 ND_PRINT(" %s", tok2str(sunrpc_str, "ar_stat %u", astat));
1132 *nfserrp = 1; /* suppress trunc string */
1133 return (NULL);
1134 }
1135 /* successful return */
1136 ND_TCHECK_LEN(dp, sizeof(astat));
1137 return ((const uint32_t *) (sizeof(astat) + ((const char *)dp)));
1138 trunc:
1139 return (0);
1140 }
1141
1142 static const uint32_t *
1143 parsestatus(netdissect_options *ndo,
1144 const uint32_t *dp, u_int *er, int *nfserrp)
1145 {
1146 u_int errnum;
1147
1148 ND_TCHECK_4(dp);
1149
1150 errnum = EXTRACT_BE_U_4(dp);
1151 if (er)
1152 *er = errnum;
1153 if (errnum != 0) {
1154 if (!ndo->ndo_qflag)
1155 ND_PRINT(" ERROR: %s",
1156 tok2str(status2str, "unk %u", errnum));
1157 *nfserrp = 1;
1158 }
1159 return (dp + 1);
1160 trunc:
1161 return NULL;
1162 }
1163
1164 static const uint32_t *
1165 parsefattr(netdissect_options *ndo,
1166 const uint32_t *dp, int verbose, int v3)
1167 {
1168 const struct nfs_fattr *fap;
1169
1170 fap = (const struct nfs_fattr *)dp;
1171 ND_TCHECK_4(fap->fa_gid);
1172 if (verbose) {
1173 /*
1174 * XXX - UIDs and GIDs are unsigned in NFS and in
1175 * at least some UN*Xes, but we'll show them as
1176 * signed because -2 has traditionally been the
1177 * UID for "nobody", rather than 4294967294.
1178 */
1179 ND_PRINT(" %s %o ids %d/%d",
1180 tok2str(type2str, "unk-ft %u ",
1181 EXTRACT_BE_U_4(fap->fa_type)),
1182 EXTRACT_BE_U_4(fap->fa_mode),
1183 EXTRACT_BE_S_4(fap->fa_uid),
1184 EXTRACT_BE_S_4(fap->fa_gid));
1185 if (v3) {
1186 ND_TCHECK_8(fap->fa3_size);
1187 ND_PRINT(" sz %" PRIu64,
1188 EXTRACT_BE_U_8(fap->fa3_size));
1189 } else {
1190 ND_TCHECK_4(fap->fa2_size);
1191 ND_PRINT(" sz %u", EXTRACT_BE_U_4(fap->fa2_size));
1192 }
1193 }
1194 /* print lots more stuff */
1195 if (verbose > 1) {
1196 if (v3) {
1197 ND_TCHECK_8(&fap->fa3_ctime);
1198 ND_PRINT(" nlink %u rdev %u/%u",
1199 EXTRACT_BE_U_4(fap->fa_nlink),
1200 EXTRACT_BE_U_4(fap->fa3_rdev.specdata1),
1201 EXTRACT_BE_U_4(fap->fa3_rdev.specdata2));
1202 ND_PRINT(" fsid %" PRIx64,
1203 EXTRACT_BE_U_8(fap->fa3_fsid));
1204 ND_PRINT(" fileid %" PRIx64,
1205 EXTRACT_BE_U_8(fap->fa3_fileid));
1206 ND_PRINT(" a/m/ctime %u.%06u",
1207 EXTRACT_BE_U_4(fap->fa3_atime.nfsv3_sec),
1208 EXTRACT_BE_U_4(fap->fa3_atime.nfsv3_nsec));
1209 ND_PRINT(" %u.%06u",
1210 EXTRACT_BE_U_4(fap->fa3_mtime.nfsv3_sec),
1211 EXTRACT_BE_U_4(fap->fa3_mtime.nfsv3_nsec));
1212 ND_PRINT(" %u.%06u",
1213 EXTRACT_BE_U_4(fap->fa3_ctime.nfsv3_sec),
1214 EXTRACT_BE_U_4(fap->fa3_ctime.nfsv3_nsec));
1215 } else {
1216 ND_TCHECK_8(&fap->fa2_ctime);
1217 ND_PRINT(" nlink %u rdev 0x%x fsid 0x%x nodeid 0x%x a/m/ctime",
1218 EXTRACT_BE_U_4(fap->fa_nlink),
1219 EXTRACT_BE_U_4(fap->fa2_rdev),
1220 EXTRACT_BE_U_4(fap->fa2_fsid),
1221 EXTRACT_BE_U_4(fap->fa2_fileid));
1222 ND_PRINT(" %u.%06u",
1223 EXTRACT_BE_U_4(fap->fa2_atime.nfsv2_sec),
1224 EXTRACT_BE_U_4(fap->fa2_atime.nfsv2_usec));
1225 ND_PRINT(" %u.%06u",
1226 EXTRACT_BE_U_4(fap->fa2_mtime.nfsv2_sec),
1227 EXTRACT_BE_U_4(fap->fa2_mtime.nfsv2_usec));
1228 ND_PRINT(" %u.%06u",
1229 EXTRACT_BE_U_4(fap->fa2_ctime.nfsv2_sec),
1230 EXTRACT_BE_U_4(fap->fa2_ctime.nfsv2_usec));
1231 }
1232 }
1233 return ((const uint32_t *)((const unsigned char *)dp +
1234 (v3 ? NFSX_V3FATTR : NFSX_V2FATTR)));
1235 trunc:
1236 return (NULL);
1237 }
1238
1239 static int
1240 parseattrstat(netdissect_options *ndo,
1241 const uint32_t *dp, int verbose, int v3, int *nfserrp)
1242 {
1243 u_int er;
1244
1245 dp = parsestatus(ndo, dp, &er, nfserrp);
1246 if (dp == NULL)
1247 return (0);
1248 if (er)
1249 return (1);
1250
1251 return (parsefattr(ndo, dp, verbose, v3) != NULL);
1252 }
1253
1254 static int
1255 parsediropres(netdissect_options *ndo,
1256 const uint32_t *dp, int *nfserrp)
1257 {
1258 u_int er;
1259
1260 dp = parsestatus(ndo, dp, &er, nfserrp);
1261 if (dp == NULL)
1262 return (0);
1263 if (er)
1264 return (1);
1265
1266 dp = parsefh(ndo, dp, 0);
1267 if (dp == NULL)
1268 return (0);
1269
1270 return (parsefattr(ndo, dp, ndo->ndo_vflag, 0) != NULL);
1271 }
1272
1273 static int
1274 parselinkres(netdissect_options *ndo,
1275 const uint32_t *dp, int v3, int *nfserrp)
1276 {
1277 u_int er;
1278
1279 dp = parsestatus(ndo, dp, &er, nfserrp);
1280 if (dp == NULL)
1281 return(0);
1282 if (er)
1283 return(1);
1284 if (v3) {
1285 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1286 if (dp == NULL)
1287 return (0);
1288 }
1289 ND_PRINT(" ");
1290 return (parsefn(ndo, dp) != NULL);
1291 }
1292
1293 static int
1294 parsestatfs(netdissect_options *ndo,
1295 const uint32_t *dp, int v3, int *nfserrp)
1296 {
1297 const struct nfs_statfs *sfsp;
1298 u_int er;
1299
1300 dp = parsestatus(ndo, dp, &er, nfserrp);
1301 if (dp == NULL)
1302 return (0);
1303 if (!v3 && er)
1304 return (1);
1305
1306 if (ndo->ndo_qflag)
1307 return(1);
1308
1309 if (v3) {
1310 if (ndo->ndo_vflag)
1311 ND_PRINT(" POST:");
1312 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1313 if (dp == NULL)
1314 return (0);
1315 }
1316
1317 ND_TCHECK_LEN(dp, (v3 ? NFSX_V3STATFS : NFSX_V2STATFS));
1318
1319 sfsp = (const struct nfs_statfs *)dp;
1320
1321 if (v3) {
1322 ND_PRINT(" tbytes %" PRIu64 " fbytes %" PRIu64 " abytes %" PRIu64,
1323 EXTRACT_BE_U_8(sfsp->sf_tbytes),
1324 EXTRACT_BE_U_8(sfsp->sf_fbytes),
1325 EXTRACT_BE_U_8(sfsp->sf_abytes));
1326 if (ndo->ndo_vflag) {
1327 ND_PRINT(" tfiles %" PRIu64 " ffiles %" PRIu64 " afiles %" PRIu64 " invar %u",
1328 EXTRACT_BE_U_8(sfsp->sf_tfiles),
1329 EXTRACT_BE_U_8(sfsp->sf_ffiles),
1330 EXTRACT_BE_U_8(sfsp->sf_afiles),
1331 EXTRACT_BE_U_4(sfsp->sf_invarsec));
1332 }
1333 } else {
1334 ND_PRINT(" tsize %u bsize %u blocks %u bfree %u bavail %u",
1335 EXTRACT_BE_U_4(sfsp->sf_tsize),
1336 EXTRACT_BE_U_4(sfsp->sf_bsize),
1337 EXTRACT_BE_U_4(sfsp->sf_blocks),
1338 EXTRACT_BE_U_4(sfsp->sf_bfree),
1339 EXTRACT_BE_U_4(sfsp->sf_bavail));
1340 }
1341
1342 return (1);
1343 trunc:
1344 return (0);
1345 }
1346
1347 static int
1348 parserddires(netdissect_options *ndo,
1349 const uint32_t *dp, int *nfserrp)
1350 {
1351 u_int er;
1352
1353 dp = parsestatus(ndo, dp, &er, nfserrp);
1354 if (dp == NULL)
1355 return (0);
1356 if (er)
1357 return (1);
1358 if (ndo->ndo_qflag)
1359 return (1);
1360
1361 ND_TCHECK_4(dp + 2);
1362 ND_PRINT(" offset 0x%x size %u ",
1363 EXTRACT_BE_U_4(dp), EXTRACT_BE_U_4(dp + 1));
1364 if (EXTRACT_BE_U_4(dp + 2) != 0)
1365 ND_PRINT(" eof");
1366
1367 return (1);
1368 trunc:
1369 return (0);
1370 }
1371
1372 static const uint32_t *
1373 parse_wcc_attr(netdissect_options *ndo,
1374 const uint32_t *dp)
1375 {
1376 /* Our caller has already checked this */
1377 ND_PRINT(" sz %" PRIu64, EXTRACT_BE_U_8(dp));
1378 ND_PRINT(" mtime %u.%06u ctime %u.%06u",
1379 EXTRACT_BE_U_4(dp + 2), EXTRACT_BE_U_4(dp + 3),
1380 EXTRACT_BE_U_4(dp + 4), EXTRACT_BE_U_4(dp + 5));
1381 return (dp + 6);
1382 }
1383
1384 /*
1385 * Pre operation attributes. Print only if vflag > 1.
1386 */
1387 static const uint32_t *
1388 parse_pre_op_attr(netdissect_options *ndo,
1389 const uint32_t *dp, int verbose)
1390 {
1391 ND_TCHECK_4(dp);
1392 if (!EXTRACT_BE_U_4(dp))
1393 return (dp + 1);
1394 dp++;
1395 ND_TCHECK_LEN(dp, 24);
1396 if (verbose > 1) {
1397 return parse_wcc_attr(ndo, dp);
1398 } else {
1399 /* If not verbose enough, just skip over wcc_attr */
1400 return (dp + 6);
1401 }
1402 trunc:
1403 return (NULL);
1404 }
1405
1406 /*
1407 * Post operation attributes are printed if vflag >= 1
1408 */
1409 static const uint32_t *
1410 parse_post_op_attr(netdissect_options *ndo,
1411 const uint32_t *dp, int verbose)
1412 {
1413 ND_TCHECK_4(dp);
1414 if (!EXTRACT_BE_U_4(dp))
1415 return (dp + 1);
1416 dp++;
1417 if (verbose) {
1418 return parsefattr(ndo, dp, verbose, 1);
1419 } else
1420 return (dp + (NFSX_V3FATTR / sizeof (uint32_t)));
1421 trunc:
1422 return (NULL);
1423 }
1424
1425 static const uint32_t *
1426 parse_wcc_data(netdissect_options *ndo,
1427 const uint32_t *dp, int verbose)
1428 {
1429 if (verbose > 1)
1430 ND_PRINT(" PRE:");
1431 dp = parse_pre_op_attr(ndo, dp, verbose);
1432 if (dp == NULL)
1433 return (0);
1434
1435 if (verbose)
1436 ND_PRINT(" POST:");
1437 return parse_post_op_attr(ndo, dp, verbose);
1438 }
1439
1440 static const uint32_t *
1441 parsecreateopres(netdissect_options *ndo,
1442 const uint32_t *dp, int verbose, int *nfserrp)
1443 {
1444 u_int er;
1445
1446 dp = parsestatus(ndo, dp, &er, nfserrp);
1447 if (dp == NULL)
1448 return (0);
1449 if (er)
1450 dp = parse_wcc_data(ndo, dp, verbose);
1451 else {
1452 ND_TCHECK_4(dp);
1453 if (!EXTRACT_BE_U_4(dp))
1454 return (dp + 1);
1455 dp++;
1456 dp = parsefh(ndo, dp, 1);
1457 if (dp == NULL)
1458 return (0);
1459 if (verbose) {
1460 dp = parse_post_op_attr(ndo, dp, verbose);
1461 if (dp == NULL)
1462 return (0);
1463 if (ndo->ndo_vflag > 1) {
1464 ND_PRINT(" dir attr:");
1465 dp = parse_wcc_data(ndo, dp, verbose);
1466 }
1467 }
1468 }
1469 return (dp);
1470 trunc:
1471 return (NULL);
1472 }
1473
1474 static const uint32_t *
1475 parsewccres(netdissect_options *ndo,
1476 const uint32_t *dp, int verbose, int *nfserrp)
1477 {
1478 u_int er;
1479
1480 dp = parsestatus(ndo, dp, &er, nfserrp);
1481 if (dp == NULL)
1482 return (0);
1483 return parse_wcc_data(ndo, dp, verbose);
1484 }
1485
1486 static const uint32_t *
1487 parsev3rddirres(netdissect_options *ndo,
1488 const uint32_t *dp, int verbose, int *nfserrp)
1489 {
1490 u_int er;
1491
1492 dp = parsestatus(ndo, dp, &er, nfserrp);
1493 if (dp == NULL)
1494 return (0);
1495 if (ndo->ndo_vflag)
1496 ND_PRINT(" POST:");
1497 dp = parse_post_op_attr(ndo, dp, verbose);
1498 if (dp == NULL)
1499 return (0);
1500 if (er)
1501 return dp;
1502 if (ndo->ndo_vflag) {
1503 ND_TCHECK_4(dp + 1);
1504 /*
1505 * This displays the 8 bytes of the verifier in order,
1506 * from the low-order byte to the high-order byte.
1507 */
1508 ND_PRINT(" verf %08x%08x",
1509 EXTRACT_BE_U_4(dp), EXTRACT_BE_U_4(dp + 1));
1510 dp += 2;
1511 }
1512 return dp;
1513 trunc:
1514 return (NULL);
1515 }
1516
1517 static int
1518 parsefsinfo(netdissect_options *ndo,
1519 const uint32_t *dp, int *nfserrp)
1520 {
1521 const struct nfsv3_fsinfo *sfp;
1522 u_int er;
1523
1524 dp = parsestatus(ndo, dp, &er, nfserrp);
1525 if (dp == NULL)
1526 return (0);
1527 if (ndo->ndo_vflag)
1528 ND_PRINT(" POST:");
1529 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1530 if (dp == NULL)
1531 return (0);
1532 if (er)
1533 return (1);
1534
1535 sfp = (const struct nfsv3_fsinfo *)dp;
1536 ND_TCHECK_SIZE(sfp);
1537 ND_PRINT(" rtmax %u rtpref %u wtmax %u wtpref %u dtpref %u",
1538 EXTRACT_BE_U_4(sfp->fs_rtmax),
1539 EXTRACT_BE_U_4(sfp->fs_rtpref),
1540 EXTRACT_BE_U_4(sfp->fs_wtmax),
1541 EXTRACT_BE_U_4(sfp->fs_wtpref),
1542 EXTRACT_BE_U_4(sfp->fs_dtpref));
1543 if (ndo->ndo_vflag) {
1544 ND_PRINT(" rtmult %u wtmult %u maxfsz %" PRIu64,
1545 EXTRACT_BE_U_4(sfp->fs_rtmult),
1546 EXTRACT_BE_U_4(sfp->fs_wtmult),
1547 EXTRACT_BE_U_8(sfp->fs_maxfilesize));
1548 ND_PRINT(" delta %u.%06u ",
1549 EXTRACT_BE_U_4(sfp->fs_timedelta.nfsv3_sec),
1550 EXTRACT_BE_U_4(sfp->fs_timedelta.nfsv3_nsec));
1551 }
1552 return (1);
1553 trunc:
1554 return (0);
1555 }
1556
1557 static int
1558 parsepathconf(netdissect_options *ndo,
1559 const uint32_t *dp, int *nfserrp)
1560 {
1561 u_int er;
1562 const struct nfsv3_pathconf *spp;
1563
1564 dp = parsestatus(ndo, dp, &er, nfserrp);
1565 if (dp == NULL)
1566 return (0);
1567 if (ndo->ndo_vflag)
1568 ND_PRINT(" POST:");
1569 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1570 if (dp == NULL)
1571 return (0);
1572 if (er)
1573 return (1);
1574
1575 spp = (const struct nfsv3_pathconf *)dp;
1576 ND_TCHECK_SIZE(spp);
1577
1578 ND_PRINT(" linkmax %u namemax %u %s %s %s %s",
1579 EXTRACT_BE_U_4(spp->pc_linkmax),
1580 EXTRACT_BE_U_4(spp->pc_namemax),
1581 EXTRACT_BE_U_4(spp->pc_notrunc) ? "notrunc" : "",
1582 EXTRACT_BE_U_4(spp->pc_chownrestricted) ? "chownres" : "",
1583 EXTRACT_BE_U_4(spp->pc_caseinsensitive) ? "igncase" : "",
1584 EXTRACT_BE_U_4(spp->pc_casepreserving) ? "keepcase" : "");
1585 return (1);
1586 trunc:
1587 return (0);
1588 }
1589
1590 static void
1591 interp_reply(netdissect_options *ndo,
1592 const struct sunrpc_msg *rp, uint32_t proc, uint32_t vers,
1593 int length)
1594 {
1595 const uint32_t *dp;
1596 int v3;
1597 u_int er;
1598 int nfserr = 0;
1599
1600 v3 = (vers == NFS_VER3);
1601
1602 if (!v3 && proc < NFS_NPROCS)
1603 proc = nfsv3_procid[proc];
1604
1605 ND_PRINT(" %s", tok2str(nfsproc_str, "proc-%u", proc));
1606 switch (proc) {
1607
1608 case NFSPROC_GETATTR:
1609 dp = parserep(ndo, rp, length, &nfserr);
1610 if (dp == NULL)
1611 goto trunc;
1612 if (parseattrstat(ndo, dp, !ndo->ndo_qflag, v3, &nfserr) == 0)
1613 goto trunc;
1614 break;
1615
1616 case NFSPROC_SETATTR:
1617 dp = parserep(ndo, rp, length, &nfserr);
1618 if (dp == NULL)
1619 goto trunc;
1620 if (v3) {
1621 if (parsewccres(ndo, dp, ndo->ndo_vflag, &nfserr) == 0)
1622 goto trunc;
1623 } else {
1624 if (parseattrstat(ndo, dp, !ndo->ndo_qflag, 0, &nfserr) == 0)
1625 goto trunc;
1626 }
1627 break;
1628
1629 case NFSPROC_LOOKUP:
1630 dp = parserep(ndo, rp, length, &nfserr);
1631 if (dp == NULL)
1632 goto trunc;
1633 if (v3) {
1634 dp = parsestatus(ndo, dp, &er, &nfserr);
1635 if (dp == NULL)
1636 goto trunc;
1637 if (er) {
1638 if (ndo->ndo_vflag > 1) {
1639 ND_PRINT(" post dattr:");
1640 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1641 if (dp == NULL)
1642 goto trunc;
1643 }
1644 } else {
1645 dp = parsefh(ndo, dp, v3);
1646 if (dp == NULL)
1647 goto trunc;
1648 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1649 if (dp == NULL)
1650 goto trunc;
1651 if (ndo->ndo_vflag > 1) {
1652 ND_PRINT(" post dattr:");
1653 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1654 if (dp == NULL)
1655 goto trunc;
1656 }
1657 }
1658 } else {
1659 if (parsediropres(ndo, dp, &nfserr) == 0)
1660 goto trunc;
1661 }
1662 break;
1663
1664 case NFSPROC_ACCESS:
1665 dp = parserep(ndo, rp, length, &nfserr);
1666 if (dp == NULL)
1667 goto trunc;
1668 dp = parsestatus(ndo, dp, &er, &nfserr);
1669 if (dp == NULL)
1670 goto trunc;
1671 if (ndo->ndo_vflag)
1672 ND_PRINT(" attr:");
1673 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1674 if (dp == NULL)
1675 goto trunc;
1676 if (!er) {
1677 ND_TCHECK_4(dp);
1678 ND_PRINT(" c %04x", EXTRACT_BE_U_4(dp));
1679 }
1680 break;
1681
1682 case NFSPROC_READLINK:
1683 dp = parserep(ndo, rp, length, &nfserr);
1684 if (dp == NULL)
1685 goto trunc;
1686 if (parselinkres(ndo, dp, v3, &nfserr) == 0)
1687 goto trunc;
1688 break;
1689
1690 case NFSPROC_READ:
1691 dp = parserep(ndo, rp, length, &nfserr);
1692 if (dp == NULL)
1693 goto trunc;
1694 if (v3) {
1695 dp = parsestatus(ndo, dp, &er, &nfserr);
1696 if (dp == NULL)
1697 goto trunc;
1698 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1699 if (dp == NULL)
1700 goto trunc;
1701 if (!er) {
1702 if (ndo->ndo_vflag) {
1703 ND_TCHECK_4(dp + 1);
1704 ND_PRINT(" %u bytes", EXTRACT_BE_U_4(dp));
1705 if (EXTRACT_BE_U_4(dp + 1))
1706 ND_PRINT(" EOF");
1707 }
1708 }
1709 } else {
1710 if (parseattrstat(ndo, dp, ndo->ndo_vflag, 0, &nfserr) == 0)
1711 goto trunc;
1712 }
1713 break;
1714
1715 case NFSPROC_WRITE:
1716 dp = parserep(ndo, rp, length, &nfserr);
1717 if (dp == NULL)
1718 goto trunc;
1719 if (v3) {
1720 dp = parsestatus(ndo, dp, &er, &nfserr);
1721 if (dp == NULL)
1722 goto trunc;
1723 dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag);
1724 if (dp == NULL)
1725 goto trunc;
1726 if (!er) {
1727 if (ndo->ndo_vflag) {
1728 ND_TCHECK_4(dp);
1729 ND_PRINT(" %u bytes", EXTRACT_BE_U_4(dp));
1730 if (ndo->ndo_vflag > 1) {
1731 ND_TCHECK_4(dp + 1);
1732 ND_PRINT(" <%s>",
1733 tok2str(nfsv3_writemodes,
1734 NULL, EXTRACT_BE_U_4(dp + 1)));
1735
1736 /* write-verf-cookie */
1737 ND_TCHECK_8(dp + 2);
1738 ND_PRINT(" verf %" PRIx64, EXTRACT_BE_U_8(dp + 2));
1739 }
1740 }
1741 }
1742 return;
1743 } else {
1744 if (parseattrstat(ndo, dp, ndo->ndo_vflag, v3, &nfserr) == 0)
1745 goto trunc;
1746 }
1747 break;
1748
1749 case NFSPROC_CREATE:
1750 case NFSPROC_MKDIR:
1751 dp = parserep(ndo, rp, length, &nfserr);
1752 if (dp == NULL)
1753 goto trunc;
1754 if (v3) {
1755 if (parsecreateopres(ndo, dp, ndo->ndo_vflag, &nfserr) == NULL)
1756 goto trunc;
1757 } else {
1758 if (parsediropres(ndo, dp, &nfserr) == 0)
1759 goto trunc;
1760 }
1761 break;
1762
1763 case NFSPROC_SYMLINK:
1764 dp = parserep(ndo, rp, length, &nfserr);
1765 if (dp == NULL)
1766 goto trunc;
1767 if (v3) {
1768 if (parsecreateopres(ndo, dp, ndo->ndo_vflag, &nfserr) == NULL)
1769 goto trunc;
1770 } else {
1771 if (parsestatus(ndo, dp, &er, &nfserr) == NULL)
1772 goto trunc;
1773 }
1774 break;
1775
1776 case NFSPROC_MKNOD:
1777 dp = parserep(ndo, rp, length, &nfserr);
1778 if (dp == NULL)
1779 goto trunc;
1780 if (parsecreateopres(ndo, dp, ndo->ndo_vflag, &nfserr) == NULL)
1781 goto trunc;
1782 break;
1783
1784 case NFSPROC_REMOVE:
1785 case NFSPROC_RMDIR:
1786 dp = parserep(ndo, rp, length, &nfserr);
1787 if (dp == NULL)
1788 goto trunc;
1789 if (v3) {
1790 if (parsewccres(ndo, dp, ndo->ndo_vflag, &nfserr) == NULL)
1791 goto trunc;
1792 } else {
1793 if (parsestatus(ndo, dp, &er, &nfserr) == NULL)
1794 goto trunc;
1795 }
1796 break;
1797
1798 case NFSPROC_RENAME:
1799 dp = parserep(ndo, rp, length, &nfserr);
1800 if (dp == NULL)
1801 goto trunc;
1802 if (v3) {
1803 dp = parsestatus(ndo, dp, &er, &nfserr);
1804 if (dp == NULL)
1805 goto trunc;
1806 if (ndo->ndo_vflag) {
1807 ND_PRINT(" from:");
1808 dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag);
1809 if (dp == NULL)
1810 goto trunc;
1811 ND_PRINT(" to:");
1812 dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag);
1813 if (dp == NULL)
1814 goto trunc;
1815 }
1816 } else {
1817 if (parsestatus(ndo, dp, &er, &nfserr) == NULL)
1818 goto trunc;
1819 }
1820 break;
1821
1822 case NFSPROC_LINK:
1823 dp = parserep(ndo, rp, length, &nfserr);
1824 if (dp == NULL)
1825 goto trunc;
1826 if (v3) {
1827 dp = parsestatus(ndo, dp, &er, &nfserr);
1828 if (dp == NULL)
1829 goto trunc;
1830 if (ndo->ndo_vflag) {
1831 ND_PRINT(" file POST:");
1832 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1833 if (dp == NULL)
1834 goto trunc;
1835 ND_PRINT(" dir:");
1836 dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag);
1837 if (dp == NULL)
1838 goto trunc;
1839 }
1840 return;
1841 } else {
1842 if (parsestatus(ndo, dp, &er, &nfserr) == NULL)
1843 goto trunc;
1844 }
1845 break;
1846
1847 case NFSPROC_READDIR:
1848 dp = parserep(ndo, rp, length, &nfserr);
1849 if (dp == NULL)
1850 goto trunc;
1851 if (v3) {
1852 if (parsev3rddirres(ndo, dp, ndo->ndo_vflag, &nfserr) == NULL)
1853 goto trunc;
1854 } else {
1855 if (parserddires(ndo, dp, &nfserr) == 0)
1856 goto trunc;
1857 }
1858 break;
1859
1860 case NFSPROC_READDIRPLUS:
1861 dp = parserep(ndo, rp, length, &nfserr);
1862 if (dp == NULL)
1863 goto trunc;
1864 if (parsev3rddirres(ndo, dp, ndo->ndo_vflag, &nfserr) == NULL)
1865 goto trunc;
1866 break;
1867
1868 case NFSPROC_FSSTAT:
1869 dp = parserep(ndo, rp, length, &nfserr);
1870 if (dp == NULL)
1871 goto trunc;
1872 if (parsestatfs(ndo, dp, v3, &nfserr) == 0)
1873 goto trunc;
1874 break;
1875
1876 case NFSPROC_FSINFO:
1877 dp = parserep(ndo, rp, length, &nfserr);
1878 if (dp == NULL)
1879 goto trunc;
1880 if (parsefsinfo(ndo, dp, &nfserr) == 0)
1881 goto trunc;
1882 break;
1883
1884 case NFSPROC_PATHCONF:
1885 dp = parserep(ndo, rp, length, &nfserr);
1886 if (dp == NULL)
1887 goto trunc;
1888 if (parsepathconf(ndo, dp, &nfserr) == 0)
1889 goto trunc;
1890 break;
1891
1892 case NFSPROC_COMMIT:
1893 dp = parserep(ndo, rp, length, &nfserr);
1894 if (dp == NULL)
1895 goto trunc;
1896 dp = parsewccres(ndo, dp, ndo->ndo_vflag, &nfserr);
1897 if (dp == NULL)
1898 goto trunc;
1899 if (ndo->ndo_vflag > 1) {
1900 /* write-verf-cookie */
1901 ND_TCHECK_8(dp);
1902 ND_PRINT(" verf %" PRIx64, EXTRACT_BE_U_8(dp));
1903 }
1904 break;
1905
1906 default:
1907 break;
1908 }
1909 return;
1910
1911 trunc:
1912 if (!nfserr)
1913 nd_print_trunc(ndo);
1914 }
[mirror] the TCPdump network dissector