]> The Tcpdump Group git mirrors - tcpdump/blob - print-nfs.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add comments explaining why using EXTRACT_BE_U_4() isn't wrong.
[tcpdump] / print-nfs.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Network File System (NFS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <netdissect-stdinc.h>
29
30 #include <stdio.h>
31 #include <string.h>
32
33 #include "netdissect.h"
34 #include "addrtoname.h"
35 #include "extract.h"
36
37 #include "nfs.h"
38 #include "nfsfh.h"
39
40 #include "ip.h"
41 #include "ip6.h"
42 #include "rpc_auth.h"
43 #include "rpc_msg.h"
44
45 static const char tstr[] = " [|nfs]";
46
47 static void nfs_printfh(netdissect_options *, const uint32_t *, const u_int);
48 static int xid_map_enter(netdissect_options *, const struct sunrpc_msg *, const u_char *);
49 static int xid_map_find(const struct sunrpc_msg *, const u_char *,
50 uint32_t *, uint32_t *);
51 static void interp_reply(netdissect_options *, const struct sunrpc_msg *, uint32_t, uint32_t, int);
52 static const uint32_t *parse_post_op_attr(netdissect_options *, const uint32_t *, int);
53
54 /*
55 * Mapping of old NFS Version 2 RPC numbers to generic numbers.
56 */
57 static uint32_t nfsv3_procid[NFS_NPROCS] = {
58 NFSPROC_NULL,
59 NFSPROC_GETATTR,
60 NFSPROC_SETATTR,
61 NFSPROC_NOOP,
62 NFSPROC_LOOKUP,
63 NFSPROC_READLINK,
64 NFSPROC_READ,
65 NFSPROC_NOOP,
66 NFSPROC_WRITE,
67 NFSPROC_CREATE,
68 NFSPROC_REMOVE,
69 NFSPROC_RENAME,
70 NFSPROC_LINK,
71 NFSPROC_SYMLINK,
72 NFSPROC_MKDIR,
73 NFSPROC_RMDIR,
74 NFSPROC_READDIR,
75 NFSPROC_FSSTAT,
76 NFSPROC_NOOP,
77 NFSPROC_NOOP,
78 NFSPROC_NOOP,
79 NFSPROC_NOOP,
80 NFSPROC_NOOP,
81 NFSPROC_NOOP,
82 NFSPROC_NOOP,
83 NFSPROC_NOOP
84 };
85
86 static const struct tok nfsproc_str[] = {
87 { NFSPROC_NOOP, "nop" },
88 { NFSPROC_NULL, "null" },
89 { NFSPROC_GETATTR, "getattr" },
90 { NFSPROC_SETATTR, "setattr" },
91 { NFSPROC_LOOKUP, "lookup" },
92 { NFSPROC_ACCESS, "access" },
93 { NFSPROC_READLINK, "readlink" },
94 { NFSPROC_READ, "read" },
95 { NFSPROC_WRITE, "write" },
96 { NFSPROC_CREATE, "create" },
97 { NFSPROC_MKDIR, "mkdir" },
98 { NFSPROC_SYMLINK, "symlink" },
99 { NFSPROC_MKNOD, "mknod" },
100 { NFSPROC_REMOVE, "remove" },
101 { NFSPROC_RMDIR, "rmdir" },
102 { NFSPROC_RENAME, "rename" },
103 { NFSPROC_LINK, "link" },
104 { NFSPROC_READDIR, "readdir" },
105 { NFSPROC_READDIRPLUS, "readdirplus" },
106 { NFSPROC_FSSTAT, "fsstat" },
107 { NFSPROC_FSINFO, "fsinfo" },
108 { NFSPROC_PATHCONF, "pathconf" },
109 { NFSPROC_COMMIT, "commit" },
110 { 0, NULL }
111 };
112
113 /*
114 * NFS V2 and V3 status values.
115 *
116 * Some of these come from the RFCs for NFS V2 and V3, with the message
117 * strings taken from the FreeBSD C library "errlst.c".
118 *
119 * Others are errors that are not in the RFC but that I suspect some
120 * NFS servers could return; the values are FreeBSD errno values, as
121 * the first NFS server was the SunOS 2.0 one, and until 5.0 SunOS
122 * was primarily BSD-derived.
123 */
124 static const struct tok status2str[] = {
125 { 1, "Operation not permitted" }, /* EPERM */
126 { 2, "No such file or directory" }, /* ENOENT */
127 { 5, "Input/output error" }, /* EIO */
128 { 6, "Device not configured" }, /* ENXIO */
129 { 11, "Resource deadlock avoided" }, /* EDEADLK */
130 { 12, "Cannot allocate memory" }, /* ENOMEM */
131 { 13, "Permission denied" }, /* EACCES */
132 { 17, "File exists" }, /* EEXIST */
133 { 18, "Cross-device link" }, /* EXDEV */
134 { 19, "Operation not supported by device" }, /* ENODEV */
135 { 20, "Not a directory" }, /* ENOTDIR */
136 { 21, "Is a directory" }, /* EISDIR */
137 { 22, "Invalid argument" }, /* EINVAL */
138 { 26, "Text file busy" }, /* ETXTBSY */
139 { 27, "File too large" }, /* EFBIG */
140 { 28, "No space left on device" }, /* ENOSPC */
141 { 30, "Read-only file system" }, /* EROFS */
142 { 31, "Too many links" }, /* EMLINK */
143 { 45, "Operation not supported" }, /* EOPNOTSUPP */
144 { 62, "Too many levels of symbolic links" }, /* ELOOP */
145 { 63, "File name too long" }, /* ENAMETOOLONG */
146 { 66, "Directory not empty" }, /* ENOTEMPTY */
147 { 69, "Disc quota exceeded" }, /* EDQUOT */
148 { 70, "Stale NFS file handle" }, /* ESTALE */
149 { 71, "Too many levels of remote in path" }, /* EREMOTE */
150 { 99, "Write cache flushed to disk" }, /* NFSERR_WFLUSH (not used) */
151 { 10001, "Illegal NFS file handle" }, /* NFS3ERR_BADHANDLE */
152 { 10002, "Update synchronization mismatch" }, /* NFS3ERR_NOT_SYNC */
153 { 10003, "READDIR/READDIRPLUS cookie is stale" }, /* NFS3ERR_BAD_COOKIE */
154 { 10004, "Operation not supported" }, /* NFS3ERR_NOTSUPP */
155 { 10005, "Buffer or request is too small" }, /* NFS3ERR_TOOSMALL */
156 { 10006, "Unspecified error on server" }, /* NFS3ERR_SERVERFAULT */
157 { 10007, "Object of that type not supported" }, /* NFS3ERR_BADTYPE */
158 { 10008, "Request couldn't be completed in time" }, /* NFS3ERR_JUKEBOX */
159 { 0, NULL }
160 };
161
162 static const struct tok nfsv3_writemodes[] = {
163 { 0, "unstable" },
164 { 1, "datasync" },
165 { 2, "filesync" },
166 { 0, NULL }
167 };
168
169 static const struct tok type2str[] = {
170 { NFNON, "NON" },
171 { NFREG, "REG" },
172 { NFDIR, "DIR" },
173 { NFBLK, "BLK" },
174 { NFCHR, "CHR" },
175 { NFLNK, "LNK" },
176 { NFFIFO, "FIFO" },
177 { 0, NULL }
178 };
179
180 static const struct tok sunrpc_auth_str[] = {
181 { SUNRPC_AUTH_OK, "OK" },
182 { SUNRPC_AUTH_BADCRED, "Bogus Credentials (seal broken)" },
183 { SUNRPC_AUTH_REJECTEDCRED, "Rejected Credentials (client should begin new session)" },
184 { SUNRPC_AUTH_BADVERF, "Bogus Verifier (seal broken)" },
185 { SUNRPC_AUTH_REJECTEDVERF, "Verifier expired or was replayed" },
186 { SUNRPC_AUTH_TOOWEAK, "Credentials are too weak" },
187 { SUNRPC_AUTH_INVALIDRESP, "Bogus response verifier" },
188 { SUNRPC_AUTH_FAILED, "Unknown failure" },
189 { 0, NULL }
190 };
191
192 static const struct tok sunrpc_str[] = {
193 { SUNRPC_PROG_UNAVAIL, "PROG_UNAVAIL" },
194 { SUNRPC_PROG_MISMATCH, "PROG_MISMATCH" },
195 { SUNRPC_PROC_UNAVAIL, "PROC_UNAVAIL" },
196 { SUNRPC_GARBAGE_ARGS, "GARBAGE_ARGS" },
197 { SUNRPC_SYSTEM_ERR, "SYSTEM_ERR" },
198 { 0, NULL }
199 };
200
201 static void
202 print_nfsaddr(netdissect_options *ndo,
203 const u_char *bp, const char *s, const char *d)
204 {
205 const struct ip *ip;
206 const struct ip6_hdr *ip6;
207 char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
208
209 srcaddr[0] = dstaddr[0] = '\0';
210 switch (IP_V((const struct ip *)bp)) {
211 case 4:
212 ip = (const struct ip *)bp;
213 strlcpy(srcaddr, ipaddr_string(ndo, &ip->ip_src), sizeof(srcaddr));
214 strlcpy(dstaddr, ipaddr_string(ndo, &ip->ip_dst), sizeof(dstaddr));
215 break;
216 case 6:
217 ip6 = (const struct ip6_hdr *)bp;
218 strlcpy(srcaddr, ip6addr_string(ndo, &ip6->ip6_src),
219 sizeof(srcaddr));
220 strlcpy(dstaddr, ip6addr_string(ndo, &ip6->ip6_dst),
221 sizeof(dstaddr));
222 break;
223 default:
224 strlcpy(srcaddr, "?", sizeof(srcaddr));
225 strlcpy(dstaddr, "?", sizeof(dstaddr));
226 break;
227 }
228
229 ND_PRINT((ndo, "%s.%s > %s.%s: ", srcaddr, s, dstaddr, d));
230 }
231
232 static const uint32_t *
233 parse_sattr3(netdissect_options *ndo,
234 const uint32_t *dp, struct nfsv3_sattr *sa3)
235 {
236 ND_TCHECK(dp[0]);
237 sa3->sa_modeset = EXTRACT_BE_U_4(dp);
238 dp++;
239 if (sa3->sa_modeset) {
240 ND_TCHECK(dp[0]);
241 sa3->sa_mode = EXTRACT_BE_U_4(dp);
242 dp++;
243 }
244
245 ND_TCHECK(dp[0]);
246 sa3->sa_uidset = EXTRACT_BE_U_4(dp);
247 dp++;
248 if (sa3->sa_uidset) {
249 ND_TCHECK(dp[0]);
250 sa3->sa_uid = EXTRACT_BE_U_4(dp);
251 dp++;
252 }
253
254 ND_TCHECK(dp[0]);
255 sa3->sa_gidset = EXTRACT_BE_U_4(dp);
256 dp++;
257 if (sa3->sa_gidset) {
258 ND_TCHECK(dp[0]);
259 sa3->sa_gid = EXTRACT_BE_U_4(dp);
260 dp++;
261 }
262
263 ND_TCHECK(dp[0]);
264 sa3->sa_sizeset = EXTRACT_BE_U_4(dp);
265 dp++;
266 if (sa3->sa_sizeset) {
267 ND_TCHECK(dp[0]);
268 sa3->sa_size = EXTRACT_BE_U_4(dp);
269 dp++;
270 }
271
272 ND_TCHECK(dp[0]);
273 sa3->sa_atimetype = EXTRACT_BE_U_4(dp);
274 dp++;
275 if (sa3->sa_atimetype == NFSV3SATTRTIME_TOCLIENT) {
276 ND_TCHECK(dp[1]);
277 sa3->sa_atime.nfsv3_sec = EXTRACT_BE_U_4(dp);
278 dp++;
279 sa3->sa_atime.nfsv3_nsec = EXTRACT_BE_U_4(dp);
280 dp++;
281 }
282
283 ND_TCHECK(dp[0]);
284 sa3->sa_mtimetype = EXTRACT_BE_U_4(dp);
285 dp++;
286 if (sa3->sa_mtimetype == NFSV3SATTRTIME_TOCLIENT) {
287 ND_TCHECK(dp[1]);
288 sa3->sa_mtime.nfsv3_sec = EXTRACT_BE_U_4(dp);
289 dp++;
290 sa3->sa_mtime.nfsv3_nsec = EXTRACT_BE_U_4(dp);
291 dp++;
292 }
293
294 return dp;
295 trunc:
296 return NULL;
297 }
298
299 static int nfserr; /* true if we error rather than trunc */
300
301 static void
302 print_sattr3(netdissect_options *ndo,
303 const struct nfsv3_sattr *sa3, int verbose)
304 {
305 if (sa3->sa_modeset)
306 ND_PRINT((ndo, " mode %o", sa3->sa_mode));
307 if (sa3->sa_uidset)
308 ND_PRINT((ndo, " uid %u", sa3->sa_uid));
309 if (sa3->sa_gidset)
310 ND_PRINT((ndo, " gid %u", sa3->sa_gid));
311 if (verbose > 1) {
312 if (sa3->sa_atimetype == NFSV3SATTRTIME_TOCLIENT)
313 ND_PRINT((ndo, " atime %u.%06u", sa3->sa_atime.nfsv3_sec,
314 sa3->sa_atime.nfsv3_nsec));
315 if (sa3->sa_mtimetype == NFSV3SATTRTIME_TOCLIENT)
316 ND_PRINT((ndo, " mtime %u.%06u", sa3->sa_mtime.nfsv3_sec,
317 sa3->sa_mtime.nfsv3_nsec));
318 }
319 }
320
321 void
322 nfsreply_print(netdissect_options *ndo,
323 const u_char *bp, u_int length,
324 const u_char *bp2)
325 {
326 const struct sunrpc_msg *rp;
327 char srcid[20], dstid[20]; /*fits 32bit*/
328
329 nfserr = 0; /* assume no error */
330 rp = (const struct sunrpc_msg *)bp;
331
332 ND_TCHECK(rp->rm_xid);
333 if (!ndo->ndo_nflag) {
334 strlcpy(srcid, "nfs", sizeof(srcid));
335 snprintf(dstid, sizeof(dstid), "%u",
336 EXTRACT_BE_U_4(&rp->rm_xid));
337 } else {
338 snprintf(srcid, sizeof(srcid), "%u", NFS_PORT);
339 snprintf(dstid, sizeof(dstid), "%u",
340 EXTRACT_BE_U_4(&rp->rm_xid));
341 }
342 print_nfsaddr(ndo, bp2, srcid, dstid);
343
344 nfsreply_noaddr_print(ndo, bp, length, bp2);
345 return;
346
347 trunc:
348 if (!nfserr)
349 ND_PRINT((ndo, "%s", tstr));
350 }
351
352 void
353 nfsreply_noaddr_print(netdissect_options *ndo,
354 const u_char *bp, u_int length,
355 const u_char *bp2)
356 {
357 const struct sunrpc_msg *rp;
358 uint32_t proc, vers, reply_stat;
359 enum sunrpc_reject_stat rstat;
360 uint32_t rlow;
361 uint32_t rhigh;
362 enum sunrpc_auth_stat rwhy;
363
364 nfserr = 0; /* assume no error */
365 rp = (const struct sunrpc_msg *)bp;
366
367 ND_TCHECK(rp->rm_reply.rp_stat);
368 reply_stat = EXTRACT_BE_U_4(&rp->rm_reply.rp_stat);
369 switch (reply_stat) {
370
371 case SUNRPC_MSG_ACCEPTED:
372 ND_PRINT((ndo, "reply ok %u", length));
373 if (xid_map_find(rp, bp2, &proc, &vers) >= 0)
374 interp_reply(ndo, rp, proc, vers, length);
375 break;
376
377 case SUNRPC_MSG_DENIED:
378 ND_PRINT((ndo, "reply ERR %u: ", length));
379 ND_TCHECK(rp->rm_reply.rp_reject.rj_stat);
380 rstat = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_stat);
381 switch (rstat) {
382
383 case SUNRPC_RPC_MISMATCH:
384 ND_TCHECK(rp->rm_reply.rp_reject.rj_vers.high);
385 rlow = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_vers.low);
386 rhigh = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_vers.high);
387 ND_PRINT((ndo, "RPC Version mismatch (%u-%u)", rlow, rhigh));
388 break;
389
390 case SUNRPC_AUTH_ERROR:
391 ND_TCHECK(rp->rm_reply.rp_reject.rj_why);
392 rwhy = EXTRACT_BE_U_4(&rp->rm_reply.rp_reject.rj_why);
393 ND_PRINT((ndo, "Auth %s", tok2str(sunrpc_auth_str, "Invalid failure code %u", rwhy)));
394 break;
395
396 default:
397 ND_PRINT((ndo, "Unknown reason for rejecting rpc message %u", (unsigned int)rstat));
398 break;
399 }
400 break;
401
402 default:
403 ND_PRINT((ndo, "reply Unknown rpc response code=%u %u", reply_stat, length));
404 break;
405 }
406 return;
407
408 trunc:
409 if (!nfserr)
410 ND_PRINT((ndo, "%s", tstr));
411 }
412
413 /*
414 * Return a pointer to the first file handle in the packet.
415 * If the packet was truncated, return 0.
416 */
417 static const uint32_t *
418 parsereq(netdissect_options *ndo,
419 const struct sunrpc_msg *rp, u_int length)
420 {
421 const uint32_t *dp;
422 u_int len;
423
424 /*
425 * find the start of the req data (if we captured it)
426 */
427 dp = (const uint32_t *)&rp->rm_call.cb_cred;
428 ND_TCHECK(dp[1]);
429 len = EXTRACT_BE_U_4(dp + 1);
430 if (len < length) {
431 dp += (len + (2 * sizeof(*dp) + 3)) / sizeof(*dp);
432 ND_TCHECK(dp[1]);
433 len = EXTRACT_BE_U_4(dp + 1);
434 if (len < length) {
435 dp += (len + (2 * sizeof(*dp) + 3)) / sizeof(*dp);
436 ND_TCHECK_LEN(dp, 0);
437 return (dp);
438 }
439 }
440 trunc:
441 return (NULL);
442 }
443
444 /*
445 * Print out an NFS file handle and return a pointer to following word.
446 * If packet was truncated, return 0.
447 */
448 static const uint32_t *
449 parsefh(netdissect_options *ndo,
450 const uint32_t *dp, int v3)
451 {
452 u_int len;
453
454 if (v3) {
455 ND_TCHECK(dp[0]);
456 len = EXTRACT_BE_U_4(dp) / 4;
457 dp++;
458 } else
459 len = NFSX_V2FH / 4;
460
461 if (ND_TTEST_LEN(dp, len * sizeof(*dp))) {
462 nfs_printfh(ndo, dp, len);
463 return (dp + len);
464 }
465 trunc:
466 return (NULL);
467 }
468
469 /*
470 * Print out a file name and return pointer to 32-bit word past it.
471 * If packet was truncated, return 0.
472 */
473 static const uint32_t *
474 parsefn(netdissect_options *ndo,
475 const uint32_t *dp)
476 {
477 uint32_t len;
478 const u_char *cp;
479
480 /* Bail if we don't have the string length */
481 ND_TCHECK(*dp);
482
483 /* Fetch big-endian string length */
484 len = EXTRACT_BE_U_4(dp);
485 dp++;
486
487 ND_TCHECK_LEN(dp, ((len + 3) & ~3));
488
489 cp = (const u_char *)dp;
490 /* Update 32-bit pointer (NFS filenames padded to 32-bit boundaries) */
491 dp += ((len + 3) & ~3) / sizeof(*dp);
492 ND_PRINT((ndo, "\""));
493 if (fn_printn(ndo, cp, len, ndo->ndo_snapend)) {
494 ND_PRINT((ndo, "\""));
495 goto trunc;
496 }
497 ND_PRINT((ndo, "\""));
498
499 return (dp);
500 trunc:
501 return NULL;
502 }
503
504 /*
505 * Print out file handle and file name.
506 * Return pointer to 32-bit word past file name.
507 * If packet was truncated (or there was some other error), return 0.
508 */
509 static const uint32_t *
510 parsefhn(netdissect_options *ndo,
511 const uint32_t *dp, int v3)
512 {
513 dp = parsefh(ndo, dp, v3);
514 if (dp == NULL)
515 return (NULL);
516 ND_PRINT((ndo, " "));
517 return (parsefn(ndo, dp));
518 }
519
520 void
521 nfsreq_noaddr_print(netdissect_options *ndo,
522 const u_char *bp, u_int length,
523 const u_char *bp2)
524 {
525 const struct sunrpc_msg *rp;
526 const uint32_t *dp;
527 nfs_type type;
528 int v3;
529 uint32_t proc;
530 uint32_t access_flags;
531 struct nfsv3_sattr sa3;
532
533 ND_PRINT((ndo, "%d", length));
534 nfserr = 0; /* assume no error */
535 rp = (const struct sunrpc_msg *)bp;
536
537 if (!xid_map_enter(ndo, rp, bp2)) /* record proc number for later on */
538 goto trunc;
539
540 v3 = (EXTRACT_BE_U_4(&rp->rm_call.cb_vers) == NFS_VER3);
541 proc = EXTRACT_BE_U_4(&rp->rm_call.cb_proc);
542
543 if (!v3 && proc < NFS_NPROCS)
544 proc = nfsv3_procid[proc];
545
546 ND_PRINT((ndo, " %s", tok2str(nfsproc_str, "proc-%u", proc)));
547 switch (proc) {
548
549 case NFSPROC_GETATTR:
550 case NFSPROC_SETATTR:
551 case NFSPROC_READLINK:
552 case NFSPROC_FSSTAT:
553 case NFSPROC_FSINFO:
554 case NFSPROC_PATHCONF:
555 if ((dp = parsereq(ndo, rp, length)) != NULL &&
556 parsefh(ndo, dp, v3) != NULL)
557 return;
558 break;
559
560 case NFSPROC_LOOKUP:
561 case NFSPROC_CREATE:
562 case NFSPROC_MKDIR:
563 case NFSPROC_REMOVE:
564 case NFSPROC_RMDIR:
565 if ((dp = parsereq(ndo, rp, length)) != NULL &&
566 parsefhn(ndo, dp, v3) != NULL)
567 return;
568 break;
569
570 case NFSPROC_ACCESS:
571 if ((dp = parsereq(ndo, rp, length)) != NULL &&
572 (dp = parsefh(ndo, dp, v3)) != NULL) {
573 ND_TCHECK(dp[0]);
574 access_flags = EXTRACT_BE_U_4(dp);
575 if (access_flags & ~NFSV3ACCESS_FULL) {
576 /* NFSV3ACCESS definitions aren't up to date */
577 ND_PRINT((ndo, " %04x", access_flags));
578 } else if ((access_flags & NFSV3ACCESS_FULL) == NFSV3ACCESS_FULL) {
579 ND_PRINT((ndo, " NFS_ACCESS_FULL"));
580 } else {
581 char separator = ' ';
582 if (access_flags & NFSV3ACCESS_READ) {
583 ND_PRINT((ndo, " NFS_ACCESS_READ"));
584 separator = '|';
585 }
586 if (access_flags & NFSV3ACCESS_LOOKUP) {
587 ND_PRINT((ndo, "%cNFS_ACCESS_LOOKUP", separator));
588 separator = '|';
589 }
590 if (access_flags & NFSV3ACCESS_MODIFY) {
591 ND_PRINT((ndo, "%cNFS_ACCESS_MODIFY", separator));
592 separator = '|';
593 }
594 if (access_flags & NFSV3ACCESS_EXTEND) {
595 ND_PRINT((ndo, "%cNFS_ACCESS_EXTEND", separator));
596 separator = '|';
597 }
598 if (access_flags & NFSV3ACCESS_DELETE) {
599 ND_PRINT((ndo, "%cNFS_ACCESS_DELETE", separator));
600 separator = '|';
601 }
602 if (access_flags & NFSV3ACCESS_EXECUTE)
603 ND_PRINT((ndo, "%cNFS_ACCESS_EXECUTE", separator));
604 }
605 return;
606 }
607 break;
608
609 case NFSPROC_READ:
610 if ((dp = parsereq(ndo, rp, length)) != NULL &&
611 (dp = parsefh(ndo, dp, v3)) != NULL) {
612 if (v3) {
613 ND_TCHECK(dp[2]);
614 ND_PRINT((ndo, " %u bytes @ %" PRIu64,
615 EXTRACT_BE_U_4(dp + 2),
616 EXTRACT_BE_U_8(dp)));
617 } else {
618 ND_TCHECK(dp[1]);
619 ND_PRINT((ndo, " %u bytes @ %u",
620 EXTRACT_BE_U_4(dp + 1),
621 EXTRACT_BE_U_4(dp)));
622 }
623 return;
624 }
625 break;
626
627 case NFSPROC_WRITE:
628 if ((dp = parsereq(ndo, rp, length)) != NULL &&
629 (dp = parsefh(ndo, dp, v3)) != NULL) {
630 if (v3) {
631 ND_TCHECK(dp[4]);
632 ND_PRINT((ndo, " %u (%u) bytes @ %" PRIu64,
633 EXTRACT_BE_U_4(dp + 4),
634 EXTRACT_BE_U_4(dp + 2),
635 EXTRACT_BE_U_8(dp)));
636 if (ndo->ndo_vflag) {
637 ND_PRINT((ndo, " <%s>",
638 tok2str(nfsv3_writemodes,
639 NULL, EXTRACT_BE_U_4(dp + 3))));
640 }
641 } else {
642 ND_TCHECK(dp[3]);
643 ND_PRINT((ndo, " %u (%u) bytes @ %u (%u)",
644 EXTRACT_BE_U_4(dp + 3),
645 EXTRACT_BE_U_4(dp + 2),
646 EXTRACT_BE_U_4(dp + 1),
647 EXTRACT_BE_U_4(dp)));
648 }
649 return;
650 }
651 break;
652
653 case NFSPROC_SYMLINK:
654 if ((dp = parsereq(ndo, rp, length)) != NULL &&
655 (dp = parsefhn(ndo, dp, v3)) != NULL) {
656 ND_PRINT((ndo, " ->"));
657 if (v3 && (dp = parse_sattr3(ndo, dp, &sa3)) == NULL)
658 break;
659 if (parsefn(ndo, dp) == NULL)
660 break;
661 if (v3 && ndo->ndo_vflag)
662 print_sattr3(ndo, &sa3, ndo->ndo_vflag);
663 return;
664 }
665 break;
666
667 case NFSPROC_MKNOD:
668 if ((dp = parsereq(ndo, rp, length)) != NULL &&
669 (dp = parsefhn(ndo, dp, v3)) != NULL) {
670 ND_TCHECK(*dp);
671 type = (nfs_type) EXTRACT_BE_U_4(dp);
672 dp++;
673 if ((dp = parse_sattr3(ndo, dp, &sa3)) == NULL)
674 break;
675 ND_PRINT((ndo, " %s", tok2str(type2str, "unk-ft %d", type)));
676 if (ndo->ndo_vflag && (type == NFCHR || type == NFBLK)) {
677 ND_TCHECK(dp[1]);
678 ND_PRINT((ndo, " %u/%u",
679 EXTRACT_BE_U_4(dp),
680 EXTRACT_BE_U_4(dp + 1)));
681 dp += 2;
682 }
683 if (ndo->ndo_vflag)
684 print_sattr3(ndo, &sa3, ndo->ndo_vflag);
685 return;
686 }
687 break;
688
689 case NFSPROC_RENAME:
690 if ((dp = parsereq(ndo, rp, length)) != NULL &&
691 (dp = parsefhn(ndo, dp, v3)) != NULL) {
692 ND_PRINT((ndo, " ->"));
693 if (parsefhn(ndo, dp, v3) != NULL)
694 return;
695 }
696 break;
697
698 case NFSPROC_LINK:
699 if ((dp = parsereq(ndo, rp, length)) != NULL &&
700 (dp = parsefh(ndo, dp, v3)) != NULL) {
701 ND_PRINT((ndo, " ->"));
702 if (parsefhn(ndo, dp, v3) != NULL)
703 return;
704 }
705 break;
706
707 case NFSPROC_READDIR:
708 if ((dp = parsereq(ndo, rp, length)) != NULL &&
709 (dp = parsefh(ndo, dp, v3)) != NULL) {
710 if (v3) {
711 ND_TCHECK(dp[4]);
712 /*
713 * We shouldn't really try to interpret the
714 * offset cookie here.
715 */
716 ND_PRINT((ndo, " %u bytes @ %" PRId64,
717 EXTRACT_BE_U_4(dp + 4),
718 EXTRACT_BE_U_8(dp)));
719 if (ndo->ndo_vflag) {
720 /*
721 * This displays the 8 bytes
722 * of the verifier in order,
723 * from the low-order byte
724 * to the high-order byte.
725 */
726 ND_PRINT((ndo, " verf %08x%08x",
727 EXTRACT_BE_U_4(dp + 2),
728 EXTRACT_BE_U_4(dp + 3)));
729 }
730 } else {
731 ND_TCHECK(dp[1]);
732 /*
733 * Print the offset as signed, since -1 is
734 * common, but offsets > 2^31 aren't.
735 */
736 ND_PRINT((ndo, " %u bytes @ %d",
737 EXTRACT_BE_U_4(dp + 1),
738 EXTRACT_BE_U_4(dp)));
739 }
740 return;
741 }
742 break;
743
744 case NFSPROC_READDIRPLUS:
745 if ((dp = parsereq(ndo, rp, length)) != NULL &&
746 (dp = parsefh(ndo, dp, v3)) != NULL) {
747 ND_TCHECK(dp[4]);
748 /*
749 * We don't try to interpret the offset
750 * cookie here.
751 */
752 ND_PRINT((ndo, " %u bytes @ %" PRId64,
753 EXTRACT_BE_U_4(dp + 4),
754 EXTRACT_BE_U_8(dp)));
755 if (ndo->ndo_vflag) {
756 ND_TCHECK(dp[5]);
757 /*
758 * This displays the 8 bytes
759 * of the verifier in order,
760 * from the low-order byte
761 * to the high-order byte.
762 */
763 ND_PRINT((ndo, " max %u verf %08x%08x",
764 EXTRACT_BE_U_4(dp + 5),
765 EXTRACT_BE_U_4(dp + 2),
766 EXTRACT_BE_U_4(dp + 3)));
767 }
768 return;
769 }
770 break;
771
772 case NFSPROC_COMMIT:
773 if ((dp = parsereq(ndo, rp, length)) != NULL &&
774 (dp = parsefh(ndo, dp, v3)) != NULL) {
775 ND_TCHECK(dp[2]);
776 ND_PRINT((ndo, " %u bytes @ %" PRIu64,
777 EXTRACT_BE_U_4(dp + 2),
778 EXTRACT_BE_U_8(dp)));
779 return;
780 }
781 break;
782
783 default:
784 return;
785 }
786
787 trunc:
788 if (!nfserr)
789 ND_PRINT((ndo, "%s", tstr));
790 }
791
792 /*
793 * Print out an NFS file handle.
794 * We assume packet was not truncated before the end of the
795 * file handle pointed to by dp.
796 *
797 * Note: new version (using portable file-handle parser) doesn't produce
798 * generation number. It probably could be made to do that, with some
799 * additional hacking on the parser code.
800 */
801 static void
802 nfs_printfh(netdissect_options *ndo,
803 const uint32_t *dp, const u_int len)
804 {
805 my_fsid fsid;
806 uint32_t ino;
807 const char *sfsname = NULL;
808 char *spacep;
809
810 if (ndo->ndo_uflag) {
811 u_int i;
812 char const *sep = "";
813
814 ND_PRINT((ndo, " fh["));
815 for (i=0; i<len; i++) {
816 /*
817 * This displays 4 bytes in big-endian byte
818 * order. That's as good a choice as little-
819 * endian, as there's no guarantee that the
820 * server is big-endian or little-endian or
821 * that the file handle contains 4-byte
822 * integral fields, and is better than "the
823 * byte order of the host running tcpdump", as
824 * the latter means that different hosts
825 * running tcpdump may show the same file
826 * handle in different ways.
827 */
828 ND_PRINT((ndo, "%s%x", sep, EXTRACT_BE_U_4(dp + i)));
829 sep = ":";
830 }
831 ND_PRINT((ndo, "]"));
832 return;
833 }
834
835 Parse_fh((const u_char *)dp, len, &fsid, &ino, NULL, &sfsname, 0);
836
837 if (sfsname) {
838 /* file system ID is ASCII, not numeric, for this server OS */
839 char temp[NFSX_V3FHMAX+1];
840 u_int stringlen;
841
842 /* Make sure string is null-terminated */
843 stringlen = len;
844 if (stringlen > NFSX_V3FHMAX)
845 stringlen = NFSX_V3FHMAX;
846 strncpy(temp, sfsname, stringlen);
847 temp[stringlen] = '\0';
848 /* Remove trailing spaces */
849 spacep = strchr(temp, ' ');
850 if (spacep)
851 *spacep = '\0';
852
853 ND_PRINT((ndo, " fh %s/", temp));
854 } else {
855 ND_PRINT((ndo, " fh %d,%d/",
856 fsid.Fsid_dev.Major, fsid.Fsid_dev.Minor));
857 }
858
859 if(fsid.Fsid_dev.Minor == 257)
860 /* Print the undecoded handle */
861 ND_PRINT((ndo, "%s", fsid.Opaque_Handle));
862 else
863 ND_PRINT((ndo, "%ld", (long) ino));
864 }
865
866 /*
867 * Maintain a small cache of recent client.XID.server/proc pairs, to allow
868 * us to match up replies with requests and thus to know how to parse
869 * the reply.
870 */
871
872 struct xid_map_entry {
873 uint32_t xid; /* transaction ID (net order) */
874 int ipver; /* IP version (4 or 6) */
875 struct in6_addr client; /* client IP address (net order) */
876 struct in6_addr server; /* server IP address (net order) */
877 uint32_t proc; /* call proc number (host order) */
878 uint32_t vers; /* program version (host order) */
879 };
880
881 /*
882 * Map entries are kept in an array that we manage as a ring;
883 * new entries are always added at the tail of the ring. Initially,
884 * all the entries are zero and hence don't match anything.
885 */
886
887 #define XIDMAPSIZE 64
888
889 static struct xid_map_entry xid_map[XIDMAPSIZE];
890
891 static int xid_map_next = 0;
892 static int xid_map_hint = 0;
893
894 static int
895 xid_map_enter(netdissect_options *ndo,
896 const struct sunrpc_msg *rp, const u_char *bp)
897 {
898 const struct ip *ip = NULL;
899 const struct ip6_hdr *ip6 = NULL;
900 struct xid_map_entry *xmep;
901
902 if (!ND_TTEST(rp->rm_call.cb_proc))
903 return (0);
904 switch (IP_V((const struct ip *)bp)) {
905 case 4:
906 ip = (const struct ip *)bp;
907 break;
908 case 6:
909 ip6 = (const struct ip6_hdr *)bp;
910 break;
911 default:
912 return (1);
913 }
914
915 xmep = &xid_map[xid_map_next];
916
917 if (++xid_map_next >= XIDMAPSIZE)
918 xid_map_next = 0;
919
920 UNALIGNED_MEMCPY(&xmep->xid, &rp->rm_xid, sizeof(xmep->xid));
921 if (ip) {
922 xmep->ipver = 4;
923 UNALIGNED_MEMCPY(&xmep->client, &ip->ip_src, sizeof(ip->ip_src));
924 UNALIGNED_MEMCPY(&xmep->server, &ip->ip_dst, sizeof(ip->ip_dst));
925 }
926 else if (ip6) {
927 xmep->ipver = 6;
928 UNALIGNED_MEMCPY(&xmep->client, &ip6->ip6_src, sizeof(ip6->ip6_src));
929 UNALIGNED_MEMCPY(&xmep->server, &ip6->ip6_dst, sizeof(ip6->ip6_dst));
930 }
931 xmep->proc = EXTRACT_BE_U_4(&rp->rm_call.cb_proc);
932 xmep->vers = EXTRACT_BE_U_4(&rp->rm_call.cb_vers);
933 return (1);
934 }
935
936 /*
937 * Returns 0 and puts NFSPROC_xxx in proc return and
938 * version in vers return, or returns -1 on failure
939 */
940 static int
941 xid_map_find(const struct sunrpc_msg *rp, const u_char *bp, uint32_t *proc,
942 uint32_t *vers)
943 {
944 int i;
945 struct xid_map_entry *xmep;
946 uint32_t xid;
947 const struct ip *ip = (const struct ip *)bp;
948 const struct ip6_hdr *ip6 = (const struct ip6_hdr *)bp;
949 int cmp;
950
951 UNALIGNED_MEMCPY(&xid, &rp->rm_xid, sizeof(xmep->xid));
952 /* Start searching from where we last left off */
953 i = xid_map_hint;
954 do {
955 xmep = &xid_map[i];
956 cmp = 1;
957 if (xmep->ipver != IP_V(ip) || xmep->xid != xid)
958 goto nextitem;
959 switch (xmep->ipver) {
960 case 4:
961 if (UNALIGNED_MEMCMP(&ip->ip_src, &xmep->server,
962 sizeof(ip->ip_src)) != 0 ||
963 UNALIGNED_MEMCMP(&ip->ip_dst, &xmep->client,
964 sizeof(ip->ip_dst)) != 0) {
965 cmp = 0;
966 }
967 break;
968 case 6:
969 if (UNALIGNED_MEMCMP(&ip6->ip6_src, &xmep->server,
970 sizeof(ip6->ip6_src)) != 0 ||
971 UNALIGNED_MEMCMP(&ip6->ip6_dst, &xmep->client,
972 sizeof(ip6->ip6_dst)) != 0) {
973 cmp = 0;
974 }
975 break;
976 default:
977 cmp = 0;
978 break;
979 }
980 if (cmp) {
981 /* match */
982 xid_map_hint = i;
983 *proc = xmep->proc;
984 *vers = xmep->vers;
985 return 0;
986 }
987 nextitem:
988 if (++i >= XIDMAPSIZE)
989 i = 0;
990 } while (i != xid_map_hint);
991
992 /* search failed */
993 return (-1);
994 }
995
996 /*
997 * Routines for parsing reply packets
998 */
999
1000 /*
1001 * Return a pointer to the beginning of the actual results.
1002 * If the packet was truncated, return 0.
1003 */
1004 static const uint32_t *
1005 parserep(netdissect_options *ndo,
1006 const struct sunrpc_msg *rp, u_int length)
1007 {
1008 const uint32_t *dp;
1009 u_int len;
1010 enum sunrpc_accept_stat astat;
1011
1012 /*
1013 * Portability note:
1014 * Here we find the address of the ar_verf credentials.
1015 * Originally, this calculation was
1016 * dp = (uint32_t *)&rp->rm_reply.rp_acpt.ar_verf
1017 * On the wire, the rp_acpt field starts immediately after
1018 * the (32 bit) rp_stat field. However, rp_acpt (which is a
1019 * "struct accepted_reply") contains a "struct opaque_auth",
1020 * whose internal representation contains a pointer, so on a
1021 * 64-bit machine the compiler inserts 32 bits of padding
1022 * before rp->rm_reply.rp_acpt.ar_verf. So, we cannot use
1023 * the internal representation to parse the on-the-wire
1024 * representation. Instead, we skip past the rp_stat field,
1025 * which is an "enum" and so occupies one 32-bit word.
1026 */
1027 dp = ((const uint32_t *)&rp->rm_reply) + 1;
1028 ND_TCHECK(dp[1]);
1029 len = EXTRACT_BE_U_4(dp + 1);
1030 if (len >= length)
1031 return (NULL);
1032 /*
1033 * skip past the ar_verf credentials.
1034 */
1035 dp += (len + (2*sizeof(uint32_t) + 3)) / sizeof(uint32_t);
1036
1037 /*
1038 * now we can check the ar_stat field
1039 */
1040 ND_TCHECK(dp[0]);
1041 astat = (enum sunrpc_accept_stat) EXTRACT_BE_U_4(dp);
1042 if (astat != SUNRPC_SUCCESS) {
1043 ND_PRINT((ndo, " %s", tok2str(sunrpc_str, "ar_stat %d", astat)));
1044 nfserr = 1; /* suppress trunc string */
1045 return (NULL);
1046 }
1047 /* successful return */
1048 ND_TCHECK_LEN(dp, sizeof(astat));
1049 return ((const uint32_t *) (sizeof(astat) + ((const char *)dp)));
1050 trunc:
1051 return (0);
1052 }
1053
1054 static const uint32_t *
1055 parsestatus(netdissect_options *ndo,
1056 const uint32_t *dp, int *er)
1057 {
1058 int errnum;
1059
1060 ND_TCHECK(dp[0]);
1061
1062 errnum = EXTRACT_BE_U_4(dp);
1063 if (er)
1064 *er = errnum;
1065 if (errnum != 0) {
1066 if (!ndo->ndo_qflag)
1067 ND_PRINT((ndo, " ERROR: %s",
1068 tok2str(status2str, "unk %d", errnum)));
1069 nfserr = 1;
1070 }
1071 return (dp + 1);
1072 trunc:
1073 return NULL;
1074 }
1075
1076 static const uint32_t *
1077 parsefattr(netdissect_options *ndo,
1078 const uint32_t *dp, int verbose, int v3)
1079 {
1080 const struct nfs_fattr *fap;
1081
1082 fap = (const struct nfs_fattr *)dp;
1083 ND_TCHECK(fap->fa_gid);
1084 if (verbose) {
1085 ND_PRINT((ndo, " %s %o ids %d/%d",
1086 tok2str(type2str, "unk-ft %d ",
1087 EXTRACT_BE_U_4(&fap->fa_type)),
1088 EXTRACT_BE_U_4(&fap->fa_mode),
1089 EXTRACT_BE_U_4(&fap->fa_uid),
1090 EXTRACT_BE_U_4(&fap->fa_gid)));
1091 if (v3) {
1092 ND_TCHECK(fap->fa3_size);
1093 ND_PRINT((ndo, " sz %" PRIu64,
1094 EXTRACT_BE_U_8((const uint32_t *)&fap->fa3_size)));
1095 } else {
1096 ND_TCHECK(fap->fa2_size);
1097 ND_PRINT((ndo, " sz %d", EXTRACT_BE_U_4(&fap->fa2_size)));
1098 }
1099 }
1100 /* print lots more stuff */
1101 if (verbose > 1) {
1102 if (v3) {
1103 ND_TCHECK(fap->fa3_ctime);
1104 ND_PRINT((ndo, " nlink %d rdev %d/%d",
1105 EXTRACT_BE_U_4(&fap->fa_nlink),
1106 EXTRACT_BE_U_4(&fap->fa3_rdev.specdata1),
1107 EXTRACT_BE_U_4(&fap->fa3_rdev.specdata2)));
1108 ND_PRINT((ndo, " fsid %" PRIx64,
1109 EXTRACT_BE_U_8((const uint32_t *)&fap->fa3_fsid)));
1110 ND_PRINT((ndo, " fileid %" PRIx64,
1111 EXTRACT_BE_U_8((const uint32_t *)&fap->fa3_fileid)));
1112 ND_PRINT((ndo, " a/m/ctime %u.%06u",
1113 EXTRACT_BE_U_4(&fap->fa3_atime.nfsv3_sec),
1114 EXTRACT_BE_U_4(&fap->fa3_atime.nfsv3_nsec)));
1115 ND_PRINT((ndo, " %u.%06u",
1116 EXTRACT_BE_U_4(&fap->fa3_mtime.nfsv3_sec),
1117 EXTRACT_BE_U_4(&fap->fa3_mtime.nfsv3_nsec)));
1118 ND_PRINT((ndo, " %u.%06u",
1119 EXTRACT_BE_U_4(&fap->fa3_ctime.nfsv3_sec),
1120 EXTRACT_BE_U_4(&fap->fa3_ctime.nfsv3_nsec)));
1121 } else {
1122 ND_TCHECK(fap->fa2_ctime);
1123 ND_PRINT((ndo, " nlink %d rdev 0x%x fsid 0x%x nodeid 0x%x a/m/ctime",
1124 EXTRACT_BE_U_4(&fap->fa_nlink),
1125 EXTRACT_BE_U_4(&fap->fa2_rdev),
1126 EXTRACT_BE_U_4(&fap->fa2_fsid),
1127 EXTRACT_BE_U_4(&fap->fa2_fileid)));
1128 ND_PRINT((ndo, " %u.%06u",
1129 EXTRACT_BE_U_4(&fap->fa2_atime.nfsv2_sec),
1130 EXTRACT_BE_U_4(&fap->fa2_atime.nfsv2_usec)));
1131 ND_PRINT((ndo, " %u.%06u",
1132 EXTRACT_BE_U_4(&fap->fa2_mtime.nfsv2_sec),
1133 EXTRACT_BE_U_4(&fap->fa2_mtime.nfsv2_usec)));
1134 ND_PRINT((ndo, " %u.%06u",
1135 EXTRACT_BE_U_4(&fap->fa2_ctime.nfsv2_sec),
1136 EXTRACT_BE_U_4(&fap->fa2_ctime.nfsv2_usec)));
1137 }
1138 }
1139 return ((const uint32_t *)((const unsigned char *)dp +
1140 (v3 ? NFSX_V3FATTR : NFSX_V2FATTR)));
1141 trunc:
1142 return (NULL);
1143 }
1144
1145 static int
1146 parseattrstat(netdissect_options *ndo,
1147 const uint32_t *dp, int verbose, int v3)
1148 {
1149 int er;
1150
1151 dp = parsestatus(ndo, dp, &er);
1152 if (dp == NULL)
1153 return (0);
1154 if (er)
1155 return (1);
1156
1157 return (parsefattr(ndo, dp, verbose, v3) != NULL);
1158 }
1159
1160 static int
1161 parsediropres(netdissect_options *ndo,
1162 const uint32_t *dp)
1163 {
1164 int er;
1165
1166 if (!(dp = parsestatus(ndo, dp, &er)))
1167 return (0);
1168 if (er)
1169 return (1);
1170
1171 dp = parsefh(ndo, dp, 0);
1172 if (dp == NULL)
1173 return (0);
1174
1175 return (parsefattr(ndo, dp, ndo->ndo_vflag, 0) != NULL);
1176 }
1177
1178 static int
1179 parselinkres(netdissect_options *ndo,
1180 const uint32_t *dp, int v3)
1181 {
1182 int er;
1183
1184 dp = parsestatus(ndo, dp, &er);
1185 if (dp == NULL)
1186 return(0);
1187 if (er)
1188 return(1);
1189 if (v3 && !(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1190 return (0);
1191 ND_PRINT((ndo, " "));
1192 return (parsefn(ndo, dp) != NULL);
1193 }
1194
1195 static int
1196 parsestatfs(netdissect_options *ndo,
1197 const uint32_t *dp, int v3)
1198 {
1199 const struct nfs_statfs *sfsp;
1200 int er;
1201
1202 dp = parsestatus(ndo, dp, &er);
1203 if (dp == NULL)
1204 return (0);
1205 if (!v3 && er)
1206 return (1);
1207
1208 if (ndo->ndo_qflag)
1209 return(1);
1210
1211 if (v3) {
1212 if (ndo->ndo_vflag)
1213 ND_PRINT((ndo, " POST:"));
1214 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1215 return (0);
1216 }
1217
1218 ND_TCHECK_LEN(dp, (v3 ? NFSX_V3STATFS : NFSX_V2STATFS));
1219
1220 sfsp = (const struct nfs_statfs *)dp;
1221
1222 if (v3) {
1223 ND_PRINT((ndo, " tbytes %" PRIu64 " fbytes %" PRIu64 " abytes %" PRIu64,
1224 EXTRACT_BE_U_8((const uint32_t *)&sfsp->sf_tbytes),
1225 EXTRACT_BE_U_8((const uint32_t *)&sfsp->sf_fbytes),
1226 EXTRACT_BE_U_8((const uint32_t *)&sfsp->sf_abytes)));
1227 if (ndo->ndo_vflag) {
1228 ND_PRINT((ndo, " tfiles %" PRIu64 " ffiles %" PRIu64 " afiles %" PRIu64 " invar %u",
1229 EXTRACT_BE_U_8((const uint32_t *)&sfsp->sf_tfiles),
1230 EXTRACT_BE_U_8((const uint32_t *)&sfsp->sf_ffiles),
1231 EXTRACT_BE_U_8((const uint32_t *)&sfsp->sf_afiles),
1232 EXTRACT_BE_U_4(&sfsp->sf_invarsec)));
1233 }
1234 } else {
1235 ND_PRINT((ndo, " tsize %d bsize %d blocks %d bfree %d bavail %d",
1236 EXTRACT_BE_U_4(&sfsp->sf_tsize),
1237 EXTRACT_BE_U_4(&sfsp->sf_bsize),
1238 EXTRACT_BE_U_4(&sfsp->sf_blocks),
1239 EXTRACT_BE_U_4(&sfsp->sf_bfree),
1240 EXTRACT_BE_U_4(&sfsp->sf_bavail)));
1241 }
1242
1243 return (1);
1244 trunc:
1245 return (0);
1246 }
1247
1248 static int
1249 parserddires(netdissect_options *ndo,
1250 const uint32_t *dp)
1251 {
1252 int er;
1253
1254 dp = parsestatus(ndo, dp, &er);
1255 if (dp == NULL)
1256 return (0);
1257 if (er)
1258 return (1);
1259 if (ndo->ndo_qflag)
1260 return (1);
1261
1262 ND_TCHECK(dp[2]);
1263 ND_PRINT((ndo, " offset 0x%x size %d ",
1264 EXTRACT_BE_U_4(dp), EXTRACT_BE_U_4(dp + 1)));
1265 if (EXTRACT_BE_U_4(dp + 2) != 0)
1266 ND_PRINT((ndo, " eof"));
1267
1268 return (1);
1269 trunc:
1270 return (0);
1271 }
1272
1273 static const uint32_t *
1274 parse_wcc_attr(netdissect_options *ndo,
1275 const uint32_t *dp)
1276 {
1277 /* Our caller has already checked this */
1278 ND_PRINT((ndo, " sz %" PRIu64, EXTRACT_BE_U_8(dp)));
1279 ND_PRINT((ndo, " mtime %u.%06u ctime %u.%06u",
1280 EXTRACT_BE_U_4(dp + 2), EXTRACT_BE_U_4(dp + 3),
1281 EXTRACT_BE_U_4(dp + 4), EXTRACT_BE_U_4(dp + 5)));
1282 return (dp + 6);
1283 }
1284
1285 /*
1286 * Pre operation attributes. Print only if vflag > 1.
1287 */
1288 static const uint32_t *
1289 parse_pre_op_attr(netdissect_options *ndo,
1290 const uint32_t *dp, int verbose)
1291 {
1292 ND_TCHECK(dp[0]);
1293 if (!EXTRACT_BE_U_4(dp))
1294 return (dp + 1);
1295 dp++;
1296 ND_TCHECK_LEN(dp, 24);
1297 if (verbose > 1) {
1298 return parse_wcc_attr(ndo, dp);
1299 } else {
1300 /* If not verbose enough, just skip over wcc_attr */
1301 return (dp + 6);
1302 }
1303 trunc:
1304 return (NULL);
1305 }
1306
1307 /*
1308 * Post operation attributes are printed if vflag >= 1
1309 */
1310 static const uint32_t *
1311 parse_post_op_attr(netdissect_options *ndo,
1312 const uint32_t *dp, int verbose)
1313 {
1314 ND_TCHECK(dp[0]);
1315 if (!EXTRACT_BE_U_4(dp))
1316 return (dp + 1);
1317 dp++;
1318 if (verbose) {
1319 return parsefattr(ndo, dp, verbose, 1);
1320 } else
1321 return (dp + (NFSX_V3FATTR / sizeof (uint32_t)));
1322 trunc:
1323 return (NULL);
1324 }
1325
1326 static const uint32_t *
1327 parse_wcc_data(netdissect_options *ndo,
1328 const uint32_t *dp, int verbose)
1329 {
1330 if (verbose > 1)
1331 ND_PRINT((ndo, " PRE:"));
1332 if (!(dp = parse_pre_op_attr(ndo, dp, verbose)))
1333 return (0);
1334
1335 if (verbose)
1336 ND_PRINT((ndo, " POST:"));
1337 return parse_post_op_attr(ndo, dp, verbose);
1338 }
1339
1340 static const uint32_t *
1341 parsecreateopres(netdissect_options *ndo,
1342 const uint32_t *dp, int verbose)
1343 {
1344 int er;
1345
1346 if (!(dp = parsestatus(ndo, dp, &er)))
1347 return (0);
1348 if (er)
1349 dp = parse_wcc_data(ndo, dp, verbose);
1350 else {
1351 ND_TCHECK(dp[0]);
1352 if (!EXTRACT_BE_U_4(dp))
1353 return (dp + 1);
1354 dp++;
1355 if (!(dp = parsefh(ndo, dp, 1)))
1356 return (0);
1357 if (verbose) {
1358 if (!(dp = parse_post_op_attr(ndo, dp, verbose)))
1359 return (0);
1360 if (ndo->ndo_vflag > 1) {
1361 ND_PRINT((ndo, " dir attr:"));
1362 dp = parse_wcc_data(ndo, dp, verbose);
1363 }
1364 }
1365 }
1366 return (dp);
1367 trunc:
1368 return (NULL);
1369 }
1370
1371 static int
1372 parsewccres(netdissect_options *ndo,
1373 const uint32_t *dp, int verbose)
1374 {
1375 int er;
1376
1377 if (!(dp = parsestatus(ndo, dp, &er)))
1378 return (0);
1379 return parse_wcc_data(ndo, dp, verbose) != NULL;
1380 }
1381
1382 static const uint32_t *
1383 parsev3rddirres(netdissect_options *ndo,
1384 const uint32_t *dp, int verbose)
1385 {
1386 int er;
1387
1388 if (!(dp = parsestatus(ndo, dp, &er)))
1389 return (0);
1390 if (ndo->ndo_vflag)
1391 ND_PRINT((ndo, " POST:"));
1392 if (!(dp = parse_post_op_attr(ndo, dp, verbose)))
1393 return (0);
1394 if (er)
1395 return dp;
1396 if (ndo->ndo_vflag) {
1397 ND_TCHECK(dp[1]);
1398 /*
1399 * This displays the 8 bytes of the verifier in order,
1400 * from the low-order byte to the high-order byte.
1401 */
1402 ND_PRINT((ndo, " verf %08x%08x",
1403 EXTRACT_BE_U_4(dp), EXTRACT_BE_U_4(dp + 1)));
1404 dp += 2;
1405 }
1406 return dp;
1407 trunc:
1408 return (NULL);
1409 }
1410
1411 static int
1412 parsefsinfo(netdissect_options *ndo,
1413 const uint32_t *dp)
1414 {
1415 const struct nfsv3_fsinfo *sfp;
1416 int er;
1417
1418 if (!(dp = parsestatus(ndo, dp, &er)))
1419 return (0);
1420 if (ndo->ndo_vflag)
1421 ND_PRINT((ndo, " POST:"));
1422 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1423 return (0);
1424 if (er)
1425 return (1);
1426
1427 sfp = (const struct nfsv3_fsinfo *)dp;
1428 ND_TCHECK(*sfp);
1429 ND_PRINT((ndo, " rtmax %u rtpref %u wtmax %u wtpref %u dtpref %u",
1430 EXTRACT_BE_U_4(&sfp->fs_rtmax),
1431 EXTRACT_BE_U_4(&sfp->fs_rtpref),
1432 EXTRACT_BE_U_4(&sfp->fs_wtmax),
1433 EXTRACT_BE_U_4(&sfp->fs_wtpref),
1434 EXTRACT_BE_U_4(&sfp->fs_dtpref)));
1435 if (ndo->ndo_vflag) {
1436 ND_PRINT((ndo, " rtmult %u wtmult %u maxfsz %" PRIu64,
1437 EXTRACT_BE_U_4(&sfp->fs_rtmult),
1438 EXTRACT_BE_U_4(&sfp->fs_wtmult),
1439 EXTRACT_BE_U_8((const uint32_t *)&sfp->fs_maxfilesize)));
1440 ND_PRINT((ndo, " delta %u.%06u ",
1441 EXTRACT_BE_U_4(&sfp->fs_timedelta.nfsv3_sec),
1442 EXTRACT_BE_U_4(&sfp->fs_timedelta.nfsv3_nsec)));
1443 }
1444 return (1);
1445 trunc:
1446 return (0);
1447 }
1448
1449 static int
1450 parsepathconf(netdissect_options *ndo,
1451 const uint32_t *dp)
1452 {
1453 int er;
1454 const struct nfsv3_pathconf *spp;
1455
1456 if (!(dp = parsestatus(ndo, dp, &er)))
1457 return (0);
1458 if (ndo->ndo_vflag)
1459 ND_PRINT((ndo, " POST:"));
1460 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1461 return (0);
1462 if (er)
1463 return (1);
1464
1465 spp = (const struct nfsv3_pathconf *)dp;
1466 ND_TCHECK(*spp);
1467
1468 ND_PRINT((ndo, " linkmax %u namemax %u %s %s %s %s",
1469 EXTRACT_BE_U_4(&spp->pc_linkmax),
1470 EXTRACT_BE_U_4(&spp->pc_namemax),
1471 EXTRACT_BE_U_4(&spp->pc_notrunc) ? "notrunc" : "",
1472 EXTRACT_BE_U_4(&spp->pc_chownrestricted) ? "chownres" : "",
1473 EXTRACT_BE_U_4(&spp->pc_caseinsensitive) ? "igncase" : "",
1474 EXTRACT_BE_U_4(&spp->pc_casepreserving) ? "keepcase" : ""));
1475 return (1);
1476 trunc:
1477 return (0);
1478 }
1479
1480 static void
1481 interp_reply(netdissect_options *ndo,
1482 const struct sunrpc_msg *rp, uint32_t proc, uint32_t vers, int length)
1483 {
1484 const uint32_t *dp;
1485 int v3;
1486 int er;
1487
1488 v3 = (vers == NFS_VER3);
1489
1490 if (!v3 && proc < NFS_NPROCS)
1491 proc = nfsv3_procid[proc];
1492
1493 ND_PRINT((ndo, " %s", tok2str(nfsproc_str, "proc-%u", proc)));
1494 switch (proc) {
1495
1496 case NFSPROC_GETATTR:
1497 dp = parserep(ndo, rp, length);
1498 if (dp != NULL && parseattrstat(ndo, dp, !ndo->ndo_qflag, v3) != 0)
1499 return;
1500 break;
1501
1502 case NFSPROC_SETATTR:
1503 if (!(dp = parserep(ndo, rp, length)))
1504 return;
1505 if (v3) {
1506 if (parsewccres(ndo, dp, ndo->ndo_vflag))
1507 return;
1508 } else {
1509 if (parseattrstat(ndo, dp, !ndo->ndo_qflag, 0) != 0)
1510 return;
1511 }
1512 break;
1513
1514 case NFSPROC_LOOKUP:
1515 if (!(dp = parserep(ndo, rp, length)))
1516 break;
1517 if (v3) {
1518 if (!(dp = parsestatus(ndo, dp, &er)))
1519 break;
1520 if (er) {
1521 if (ndo->ndo_vflag > 1) {
1522 ND_PRINT((ndo, " post dattr:"));
1523 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1524 }
1525 } else {
1526 if (!(dp = parsefh(ndo, dp, v3)))
1527 break;
1528 if ((dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)) &&
1529 ndo->ndo_vflag > 1) {
1530 ND_PRINT((ndo, " post dattr:"));
1531 dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag);
1532 }
1533 }
1534 if (dp)
1535 return;
1536 } else {
1537 if (parsediropres(ndo, dp) != 0)
1538 return;
1539 }
1540 break;
1541
1542 case NFSPROC_ACCESS:
1543 if (!(dp = parserep(ndo, rp, length)))
1544 break;
1545 if (!(dp = parsestatus(ndo, dp, &er)))
1546 break;
1547 if (ndo->ndo_vflag)
1548 ND_PRINT((ndo, " attr:"));
1549 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1550 break;
1551 if (!er) {
1552 ND_TCHECK(dp[0]);
1553 ND_PRINT((ndo, " c %04x", EXTRACT_BE_U_4(dp)));
1554 }
1555 return;
1556
1557 case NFSPROC_READLINK:
1558 dp = parserep(ndo, rp, length);
1559 if (dp != NULL && parselinkres(ndo, dp, v3) != 0)
1560 return;
1561 break;
1562
1563 case NFSPROC_READ:
1564 if (!(dp = parserep(ndo, rp, length)))
1565 break;
1566 if (v3) {
1567 if (!(dp = parsestatus(ndo, dp, &er)))
1568 break;
1569 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1570 break;
1571 if (er)
1572 return;
1573 if (ndo->ndo_vflag) {
1574 ND_TCHECK(dp[1]);
1575 ND_PRINT((ndo, " %u bytes", EXTRACT_BE_U_4(dp)));
1576 if (EXTRACT_BE_U_4(dp + 1))
1577 ND_PRINT((ndo, " EOF"));
1578 }
1579 return;
1580 } else {
1581 if (parseattrstat(ndo, dp, ndo->ndo_vflag, 0) != 0)
1582 return;
1583 }
1584 break;
1585
1586 case NFSPROC_WRITE:
1587 if (!(dp = parserep(ndo, rp, length)))
1588 break;
1589 if (v3) {
1590 if (!(dp = parsestatus(ndo, dp, &er)))
1591 break;
1592 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1593 break;
1594 if (er)
1595 return;
1596 if (ndo->ndo_vflag) {
1597 ND_TCHECK(dp[0]);
1598 ND_PRINT((ndo, " %u bytes", EXTRACT_BE_U_4(dp)));
1599 if (ndo->ndo_vflag > 1) {
1600 ND_TCHECK(dp[1]);
1601 ND_PRINT((ndo, " <%s>",
1602 tok2str(nfsv3_writemodes,
1603 NULL, EXTRACT_BE_U_4(dp + 1))));
1604 }
1605 return;
1606 }
1607 } else {
1608 if (parseattrstat(ndo, dp, ndo->ndo_vflag, v3) != 0)
1609 return;
1610 }
1611 break;
1612
1613 case NFSPROC_CREATE:
1614 case NFSPROC_MKDIR:
1615 if (!(dp = parserep(ndo, rp, length)))
1616 break;
1617 if (v3) {
1618 if (parsecreateopres(ndo, dp, ndo->ndo_vflag) != NULL)
1619 return;
1620 } else {
1621 if (parsediropres(ndo, dp) != 0)
1622 return;
1623 }
1624 break;
1625
1626 case NFSPROC_SYMLINK:
1627 if (!(dp = parserep(ndo, rp, length)))
1628 break;
1629 if (v3) {
1630 if (parsecreateopres(ndo, dp, ndo->ndo_vflag) != NULL)
1631 return;
1632 } else {
1633 if (parsestatus(ndo, dp, &er) != NULL)
1634 return;
1635 }
1636 break;
1637
1638 case NFSPROC_MKNOD:
1639 if (!(dp = parserep(ndo, rp, length)))
1640 break;
1641 if (parsecreateopres(ndo, dp, ndo->ndo_vflag) != NULL)
1642 return;
1643 break;
1644
1645 case NFSPROC_REMOVE:
1646 case NFSPROC_RMDIR:
1647 if (!(dp = parserep(ndo, rp, length)))
1648 break;
1649 if (v3) {
1650 if (parsewccres(ndo, dp, ndo->ndo_vflag))
1651 return;
1652 } else {
1653 if (parsestatus(ndo, dp, &er) != NULL)
1654 return;
1655 }
1656 break;
1657
1658 case NFSPROC_RENAME:
1659 if (!(dp = parserep(ndo, rp, length)))
1660 break;
1661 if (v3) {
1662 if (!(dp = parsestatus(ndo, dp, &er)))
1663 break;
1664 if (ndo->ndo_vflag) {
1665 ND_PRINT((ndo, " from:"));
1666 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1667 break;
1668 ND_PRINT((ndo, " to:"));
1669 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1670 break;
1671 }
1672 return;
1673 } else {
1674 if (parsestatus(ndo, dp, &er) != NULL)
1675 return;
1676 }
1677 break;
1678
1679 case NFSPROC_LINK:
1680 if (!(dp = parserep(ndo, rp, length)))
1681 break;
1682 if (v3) {
1683 if (!(dp = parsestatus(ndo, dp, &er)))
1684 break;
1685 if (ndo->ndo_vflag) {
1686 ND_PRINT((ndo, " file POST:"));
1687 if (!(dp = parse_post_op_attr(ndo, dp, ndo->ndo_vflag)))
1688 break;
1689 ND_PRINT((ndo, " dir:"));
1690 if (!(dp = parse_wcc_data(ndo, dp, ndo->ndo_vflag)))
1691 break;
1692 return;
1693 }
1694 } else {
1695 if (parsestatus(ndo, dp, &er) != NULL)
1696 return;
1697 }
1698 break;
1699
1700 case NFSPROC_READDIR:
1701 if (!(dp = parserep(ndo, rp, length)))
1702 break;
1703 if (v3) {
1704 if (parsev3rddirres(ndo, dp, ndo->ndo_vflag))
1705 return;
1706 } else {
1707 if (parserddires(ndo, dp) != 0)
1708 return;
1709 }
1710 break;
1711
1712 case NFSPROC_READDIRPLUS:
1713 if (!(dp = parserep(ndo, rp, length)))
1714 break;
1715 if (parsev3rddirres(ndo, dp, ndo->ndo_vflag))
1716 return;
1717 break;
1718
1719 case NFSPROC_FSSTAT:
1720 dp = parserep(ndo, rp, length);
1721 if (dp != NULL && parsestatfs(ndo, dp, v3) != 0)
1722 return;
1723 break;
1724
1725 case NFSPROC_FSINFO:
1726 dp = parserep(ndo, rp, length);
1727 if (dp != NULL && parsefsinfo(ndo, dp) != 0)
1728 return;
1729 break;
1730
1731 case NFSPROC_PATHCONF:
1732 dp = parserep(ndo, rp, length);
1733 if (dp != NULL && parsepathconf(ndo, dp) != 0)
1734 return;
1735 break;
1736
1737 case NFSPROC_COMMIT:
1738 dp = parserep(ndo, rp, length);
1739 if (dp != NULL && parsewccres(ndo, dp, ndo->ndo_vflag) != 0)
1740 return;
1741 break;
1742
1743 default:
1744 return;
1745 }
1746 trunc:
1747 if (!nfserr)
1748 ND_PRINT((ndo, "%s", tstr));
1749 }
[mirror] the TCPdump network dissector