2 * Copyright (c) 2013, Petar Alilovic,
3 * Faculty of Electrical Engineering and Computing, University of Zagreb
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
16 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
32 #include <tcpdump-stdinc.h>
34 #include "netdissect.h"
36 #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
37 #include <pcap/nflog.h>
39 static const struct tok nflog_values
[] = {
48 nflog_hdr_print(netdissect_options
*ndo
, const nflog_hdr_t
*hdr
, u_int length
)
50 ND_PRINT((ndo
, "version %d, resource ID %d", hdr
->nflog_version
, ntohs(hdr
->nflog_rid
)));
52 if (!ndo
->ndo_qflag
) {
53 ND_PRINT((ndo
,", family %s (%d)",
54 tok2str(nflog_values
, "Unknown",
60 "Unknown NFLOG (0x%02x)",
64 ND_PRINT((ndo
, ", length %u: ", length
));
68 nflog_if_print(netdissect_options
*ndo
,
69 const struct pcap_pkthdr
*h
, const u_char
*p
)
71 const nflog_hdr_t
*hdr
= (const nflog_hdr_t
*)p
;
72 const nflog_tlv_t
*tlv
;
74 uint16_t h_size
= sizeof(nflog_hdr_t
);
75 u_int caplen
= h
->caplen
;
76 u_int length
= h
->len
;
78 if (caplen
< (int) sizeof(nflog_hdr_t
) || length
< (int) sizeof(nflog_hdr_t
)) {
79 ND_PRINT((ndo
, "[|nflog]"));
83 if (!(hdr
->nflog_version
) == 0) {
84 ND_PRINT((ndo
, "version %u (unknown)", hdr
->nflog_version
));
89 nflog_hdr_print(ndo
, hdr
, length
);
91 p
+= sizeof(nflog_hdr_t
);
92 length
-= sizeof(nflog_hdr_t
);
93 caplen
-= sizeof(nflog_hdr_t
);
96 /* We have some data. Do we have enough for the TLV header? */
97 if (caplen
< sizeof(nflog_tlv_t
) || length
< sizeof(nflog_tlv_t
)) {
99 ND_PRINT((ndo
, "[|nflog]"));
103 tlv
= (const nflog_tlv_t
*) p
;
104 size
= tlv
->tlv_length
;
106 size
+= 4 - size
% 4;
108 /* Is the TLV's length less than the minimum? */
109 if (size
< sizeof(nflog_tlv_t
)) {
110 /* Yes. Give up now. */
111 ND_PRINT((ndo
, "[|nflog]"));
115 /* Do we have enough data for the full TLV? */
116 if (caplen
< size
|| length
< size
) {
118 ND_PRINT((ndo
, "[|nflog]"));
122 if (tlv
->tlv_type
== NFULA_PAYLOAD
) {
124 * This TLV's data is the packet payload.
125 * Skip past the TLV header, and break out
126 * of the loop so we print the packet data.
128 p
+= sizeof(nflog_tlv_t
);
129 h_size
+= sizeof(nflog_tlv_t
);
130 length
-= sizeof(nflog_tlv_t
);
131 caplen
-= sizeof(nflog_tlv_t
);
141 switch (hdr
->nflog_family
) {
144 ip_print(ndo
, p
, length
);
149 ip6_print(ndo
, p
, length
);
151 #endif /* AF_INET6 */
155 nflog_hdr_print(ndo
, hdr
,
156 length
+ sizeof(nflog_hdr_t
));
158 if (!ndo
->ndo_suppress_default_print
)
159 ND_DEFAULTPRINT(p
, caplen
);
166 #endif /* defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) */
projects / tcpdump / blob