]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-cnfp.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CI: Add warning exemptions for Sun C (suncc-5.14) on Solaris 10
[tcpdump] / print-cnfp.c
diff --git a/print-cnfp.c b/print-cnfp.c
index 94a05807f22b2dabaad444cf7b950067f853db0b..d5fd9d67472684c6aaf2cb79d8aae21806477c0f 100644 (file)
--- a/print-cnfp.c
+++ b/print-cnfp.c
@@ -30,154 +30,389 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* Cisco NetFlow protocol */
+/* \summary: Cisco NetFlow protocol printer */
 
 
-#ifndef lint
-static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-cnfp.c,v 1.12 2002-11-09 17:19:25 itojun Exp $";
+/*
+ * Cisco NetFlow protocol
+ *
+ * See
+ *
+ *    https://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html#wp1005892
+ */
+
+#include <config.h>
+
+#include "netdissect-stdinc.h"
+
+#define ND_LONGJMP_FROM_TCHECK
+#include "netdissect.h"
+#include "addrtoname.h"
+#include "extract.h"
+
+#include "tcp.h"
+#include "ipproto.h"
+
+struct nfhdr_v1 {
+       nd_uint16_t     version;        /* version number */
+       nd_uint16_t     count;          /* # of records */
+       nd_uint32_t     msys_uptime;
+       nd_uint32_t     utc_sec;
+       nd_uint32_t     utc_nsec;
+};
+
+struct nfrec_v1 {
+       nd_ipv4         src_ina;
+       nd_ipv4         dst_ina;
+       nd_ipv4         nhop_ina;
+       nd_uint16_t     input;          /* SNMP index of input interface */
+       nd_uint16_t     output;         /* SNMP index of output interface */
+       nd_uint32_t     packets;        /* packets in the flow */
+       nd_uint32_t     octets;         /* layer 3 octets in the packets of the flow */
+       nd_uint32_t     start_time;     /* sys_uptime value at start of flow */
+       nd_uint32_t     last_time;      /* sys_uptime value when last packet of flow was received */
+       nd_uint16_t     srcport;        /* TCP/UDP source port or equivalent */
+       nd_uint16_t     dstport;        /* TCP/UDP source port or equivalent */
+       nd_byte         pad1[2];        /* pad */
+       nd_uint8_t      proto;          /* IP protocol type */
+       nd_uint8_t      tos;            /* IP type of service */
+       nd_uint8_t      tcp_flags;      /* cumulative OR of TCP flags */
+       nd_byte         pad[3];         /* padding */
+       nd_uint32_t     reserved;       /* unused */
+};
+
+struct nfhdr_v5 {
+       nd_uint16_t     version;        /* version number */
+       nd_uint16_t     count;          /* # of records */
+       nd_uint32_t     msys_uptime;
+       nd_uint32_t     utc_sec;
+       nd_uint32_t     utc_nsec;
+       nd_uint32_t     sequence;       /* flow sequence number */
+       nd_uint8_t      engine_type;    /* type of flow-switching engine */
+       nd_uint8_t      engine_id;      /* slot number of the flow-switching engine */
+       nd_uint16_t     sampling_interval; /* sampling mode and interval */
+};
+
+struct nfrec_v5 {
+       nd_ipv4         src_ina;
+       nd_ipv4         dst_ina;
+       nd_ipv4         nhop_ina;
+       nd_uint16_t     input;          /* SNMP index of input interface */
+       nd_uint16_t     output;         /* SNMP index of output interface */
+       nd_uint32_t     packets;        /* packets in the flow */
+       nd_uint32_t     octets;         /* layer 3 octets in the packets of the flow */
+       nd_uint32_t     start_time;     /* sys_uptime value at start of flow */
+       nd_uint32_t     last_time;      /* sys_uptime value when last packet of flow was received */
+       nd_uint16_t     srcport;        /* TCP/UDP source port or equivalent */
+       nd_uint16_t     dstport;        /* TCP/UDP source port or equivalent */
+       nd_byte         pad1;           /* pad */
+       nd_uint8_t      tcp_flags;      /* cumulative OR of TCP flags */
+       nd_uint8_t      proto;          /* IP protocol type */
+       nd_uint8_t      tos;            /* IP type of service */
+       nd_uint16_t     src_as;         /* AS number of the source */
+       nd_uint16_t     dst_as;         /* AS number of the destination */
+       nd_uint8_t      src_mask;       /* source address mask bits */
+       nd_uint8_t      dst_mask;       /* destination address prefix mask bits */
+       nd_byte         pad2[2];
+       nd_ipv4         peer_nexthop;   /* v6: IP address of the nexthop within the peer (FIB)*/
+};
+
+struct nfhdr_v6 {
+       nd_uint16_t     version;        /* version number */
+       nd_uint16_t     count;          /* # of records */
+       nd_uint32_t     msys_uptime;
+       nd_uint32_t     utc_sec;
+       nd_uint32_t     utc_nsec;
+       nd_uint32_t     sequence;       /* v5 flow sequence number */
+       nd_uint32_t     reserved;       /* v5 only */
+};
+
+struct nfrec_v6 {
+       nd_ipv4         src_ina;
+       nd_ipv4         dst_ina;
+       nd_ipv4         nhop_ina;
+       nd_uint16_t     input;          /* SNMP index of input interface */
+       nd_uint16_t     output;         /* SNMP index of output interface */
+       nd_uint32_t     packets;        /* packets in the flow */
+       nd_uint32_t     octets;         /* layer 3 octets in the packets of the flow */
+       nd_uint32_t     start_time;     /* sys_uptime value at start of flow */
+       nd_uint32_t     last_time;      /* sys_uptime value when last packet of flow was received */
+       nd_uint16_t     srcport;        /* TCP/UDP source port or equivalent */
+       nd_uint16_t     dstport;        /* TCP/UDP source port or equivalent */
+       nd_byte         pad1;           /* pad */
+       nd_uint8_t      tcp_flags;      /* cumulative OR of TCP flags */
+       nd_uint8_t      proto;          /* IP protocol type */
+       nd_uint8_t      tos;            /* IP type of service */
+       nd_uint16_t     src_as;         /* AS number of the source */
+       nd_uint16_t     dst_as;         /* AS number of the destination */
+       nd_uint8_t      src_mask;       /* source address mask bits */
+       nd_uint8_t      dst_mask;       /* destination address prefix mask bits */
+       nd_uint16_t     flags;
+       nd_ipv4         peer_nexthop;   /* v6: IP address of the nexthop within the peer (FIB)*/
+};
+
+static void
+cnfp_v1_print(netdissect_options *ndo, const u_char *cp)
+{
+       const struct nfhdr_v1 *nh;
+       const struct nfrec_v1 *nr;
+       const char *p_name;
+       uint8_t proto;
+       u_int nrecs, ver;
+#if 0
+       time_t t;
 #endif
 
 #endif
 
-#ifdef HAVE_CONFIG_H
-#include "config.h"
+       nh = (const struct nfhdr_v1 *)cp;
+
+       ver = GET_BE_U_2(nh->version);
+       nrecs = GET_BE_U_4(nh->count);
+#if 0
+       /*
+        * This is seconds since the UN*X epoch, and is followed by
+        * nanoseconds.  XXX - format it, rather than just dumping the
+        * raw seconds-since-the-Epoch.
+        */
+       t = GET_BE_U_4(nh->utc_sec);
 #endif
 
 #endif
 
-#include <tcpdump-stdinc.h>
+       ND_PRINT("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
+              GET_BE_U_4(nh->msys_uptime)/1000,
+              GET_BE_U_4(nh->msys_uptime)%1000,
+              GET_BE_U_4(nh->utc_sec), GET_BE_U_4(nh->utc_nsec));
 
 
-#include <stdio.h>
-#include <string.h>
+       nr = (const struct nfrec_v1 *)&nh[1];
 
 
-#include "interface.h"
+       ND_PRINT("%2u recs", nrecs);
 
 
-#include "addrtoname.h"
+       for (; nrecs != 0; nr++, nrecs--) {
+               ND_PRINT("\n  started %u.%03u, last %u.%03u",
+                      GET_BE_U_4(nr->start_time)/1000,
+                      GET_BE_U_4(nr->start_time)%1000,
+                      GET_BE_U_4(nr->last_time)/1000,
+                      GET_BE_U_4(nr->last_time)%1000);
 
 
-#include "tcp.h"
+               ND_PRINT("\n    %s:%u ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->src_ina)),
+                       GET_BE_U_2(nr->srcport));
 
 
-struct nfhdr {
-       u_int32_t       ver_cnt;        /* version [15], and # of records */
-       u_int32_t       msys_uptime;
-       u_int32_t       utc_sec;
-       u_int32_t       utc_nsec;
-       u_int32_t       sequence;       /* v5 flow sequence number */
-       u_int32_t       reserved;       /* v5 only */
-} __attribute__((packed));
-
-struct nfrec {
-       struct in_addr  src_ina;
-       struct in_addr  dst_ina;
-       struct in_addr  nhop_ina;
-       u_int32_t       ifaces;         /* src,dst ifaces */
-       u_int32_t       packets;
-       u_int32_t       octets;
-       u_int32_t       start_time;     /* sys_uptime value */
-       u_int32_t       last_time;      /* sys_uptime value */
-       u_int32_t       ports;          /* src,dst ports */
-       u_int32_t       proto_tos;      /* proto, tos, pad, flags(v5) */
-       u_int32_t       asses;          /* v1: flags; v5: src,dst AS */
-       u_int32_t       masks;          /* src,dst addr prefix; v6: encaps */
-       struct in_addr  peer_nexthop;   /* v6: IP address of the nexthop within the peer (FIB)*/
-} __attribute__((packed));
+               ND_PRINT("> %s:%u ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->dst_ina)),
+                       GET_BE_U_2(nr->dstport));
 
 
-void
-cnfp_print(const u_char *cp, const u_char *bp)
+               ND_PRINT(">> %s\n    ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->nhop_ina)));
+
+               proto = GET_U_1(nr->proto);
+               if (!ndo->ndo_nflag && (p_name = netdb_protoname(proto)) != NULL)
+                       ND_PRINT("%s ", p_name);
+               else
+                       ND_PRINT("%u ", proto);
+
+               /* tcp flags for tcp only */
+               if (proto == IPPROTO_TCP) {
+                       u_int flags;
+                       flags = GET_U_1(nr->tcp_flags);
+                       if (flags)
+                               ND_PRINT("%s ", bittok2str_nosep(tcp_flag_values, "", flags));
+               }
+
+               ND_PRINT("tos %u, %u (%u octets)",
+                      GET_U_1(nr->tos),
+                      GET_BE_U_4(nr->packets),
+                      GET_BE_U_4(nr->octets));
+               /* This was not all of struct nfrec_v1. */
+               ND_TCHECK_SIZE(nr);
+       }
+}
+
+static void
+cnfp_v5_print(netdissect_options *ndo, const u_char *cp)
 {
 {
-       register const struct nfhdr *nh;
-       register const struct nfrec *nr;
-       register const struct ip *ip;
-       struct protoent *pent;
-       int nrecs, ver;
+       const struct nfhdr_v5 *nh;
+       const struct nfrec_v5 *nr;
+       const char *p_name;
+       uint8_t proto;
+       u_int nrecs, ver;
+#if 0
        time_t t;
        time_t t;
+#endif
 
 
-       ip = (const struct ip *)bp;
-       nh = (const struct nfhdr *)cp;
-
-       if ((const u_char *)(nh + 1) > snapend)
-               return;
-
-       nrecs = ntohl(nh->ver_cnt) & 0xffff;
-       ver = (ntohl(nh->ver_cnt) & 0xffff0000) >> 16;
-       t = ntohl(nh->utc_sec);
-/*     (p = ctime(&t))[24] = '\0'; */
-
-       printf("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
-              (unsigned)ntohl(nh->msys_uptime)/1000,
-              (unsigned)ntohl(nh->msys_uptime)%1000,
-              (unsigned)ntohl(nh->utc_sec), (unsigned)ntohl(nh->utc_nsec));
-
-       if (ver == 5 || ver == 6) {
-               printf("#%u, ", (unsigned)htonl(nh->sequence));
-               nr = (const struct nfrec *)&nh[1];
-               snaplen -= 24;
-       } else {
-               nr = (const struct nfrec *)&nh->sequence;
-               snaplen -= 16;
-       }
+       nh = (const struct nfhdr_v5 *)cp;
 
 
-       printf("%2u recs", nrecs);
+       ver = GET_BE_U_2(nh->version);
+       nrecs = GET_BE_U_4(nh->count);
+#if 0
+       /*
+        * This is seconds since the UN*X epoch, and is followed by
+        * nanoseconds.  XXX - format it, rather than just dumping the
+        * raw seconds-since-the-Epoch.
+        */
+       t = GET_BE_U_4(nh->utc_sec);
+#endif
 
 
-       for (; nrecs-- && (const u_char *)(nr + 1) <= snapend; nr++) {
-               char buf[20];
-               char asbuf[20];
+       ND_PRINT("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
+              GET_BE_U_4(nh->msys_uptime)/1000,
+              GET_BE_U_4(nh->msys_uptime)%1000,
+              GET_BE_U_4(nh->utc_sec), GET_BE_U_4(nh->utc_nsec));
 
 
-               printf("\n  started %u.%03u, last %u.%03u",
-                      (unsigned)ntohl(nr->start_time)/1000,
-                      (unsigned)ntohl(nr->start_time)%1000,
-                      (unsigned)ntohl(nr->last_time)/1000,
-                      (unsigned)ntohl(nr->last_time)%1000);
+       ND_PRINT("#%u, ", GET_BE_U_4(nh->sequence));
+       /* This was not all of struct nfhdr_v5. */
+       ND_TCHECK_SIZE(nh);
+       nr = (const struct nfrec_v5 *)&nh[1];
 
 
-               asbuf[0] = buf[0] = '\0';
-               if (ver == 5 || ver == 6) {
-                       snprintf(buf, sizeof(buf), "/%u",
-                                (unsigned)(ntohl(nr->masks) >> 24) & 0xff);
-                       snprintf(asbuf, sizeof(asbuf), ":%u",
-                                (unsigned)(ntohl(nr->asses) >> 16) & 0xffff);
-               }
-               printf("\n    %s%s%s:%u ", intoa(nr->src_ina.s_addr), buf, asbuf,
-                       (unsigned)ntohl(nr->ports) >> 16);
-
-               if (ver == 5 || ver ==6) {
-                       snprintf(buf, sizeof(buf), "/%d",
-                                (unsigned)(ntohl(nr->masks) >> 16) & 0xff);
-                       snprintf(asbuf, sizeof(asbuf), ":%u",
-                                (unsigned)ntohl(nr->asses) & 0xffff);
-               }
-               printf("> %s%s%s:%u ", intoa(nr->dst_ina.s_addr), buf, asbuf,
-                       (unsigned)ntohl(nr->ports) & 0xffff);
+       ND_PRINT("%2u recs", nrecs);
+
+       for (; nrecs != 0; nr++, nrecs--) {
+               ND_PRINT("\n  started %u.%03u, last %u.%03u",
+                      GET_BE_U_4(nr->start_time)/1000,
+                      GET_BE_U_4(nr->start_time)%1000,
+                      GET_BE_U_4(nr->last_time)/1000,
+                      GET_BE_U_4(nr->last_time)%1000);
+
+               ND_PRINT("\n    %s/%u:%u:%u ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->src_ina)),
+                       GET_U_1(nr->src_mask), GET_BE_U_2(nr->src_as),
+                       GET_BE_U_2(nr->srcport));
 
 
-               printf(">> %s\n    ", intoa(nr->nhop_ina.s_addr));
+               ND_PRINT("> %s/%u:%u:%u ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->dst_ina)),
+                       GET_U_1(nr->dst_mask), GET_BE_U_2(nr->dst_as),
+                       GET_BE_U_2(nr->dstport));
 
 
-               pent = getprotobynumber((ntohl(nr->proto_tos) >> 8) & 0xff);
-               if (!pent || nflag)
-                       printf("%u ",
-                              (unsigned)(ntohl(nr->proto_tos) >> 8) & 0xff);
+               ND_PRINT(">> %s\n    ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->nhop_ina)));
+
+               proto = GET_U_1(nr->proto);
+               if (!ndo->ndo_nflag && (p_name = netdb_protoname(proto)) != NULL)
+                       ND_PRINT("%s ", p_name);
                else
                else
-                       printf("%s ", pent->p_name);
+                       ND_PRINT("%u ", proto);
 
                /* tcp flags for tcp only */
 
                /* tcp flags for tcp only */
-               if (pent && pent->p_proto == IPPROTO_TCP) {
-                       int flags;
-                       if (ver == 1)
-                               flags = (ntohl(nr->asses) >> 24) & 0xff;
-                       else
-                               flags = (ntohl(nr->proto_tos) >> 16) & 0xff;
-                       if (flags & TH_FIN)     putchar('F');
-                       if (flags & TH_SYN)     putchar('S');
-                       if (flags & TH_RST)     putchar('R');
-                       if (flags & TH_PUSH)    putchar('P');
-                       if (flags & TH_ACK)     putchar('A');
-                       if (flags & TH_URG)     putchar('U');
+               if (proto == IPPROTO_TCP) {
+                       u_int flags;
+                       flags = GET_U_1(nr->tcp_flags);
                        if (flags)
                        if (flags)
-                               putchar(' ');
+                               ND_PRINT("%s ", bittok2str_nosep(tcp_flag_values, "", flags));
                }
 
                }
 
-               buf[0]='\0';
-               if (ver == 6) {
-                       snprintf(buf, sizeof(buf), "(%u<>%u encaps)",
-                                (unsigned)(ntohl(nr->masks) >> 8) & 0xff,
-                                (unsigned)(ntohl(nr->masks)) & 0xff);
+               ND_PRINT("tos %u, %u (%u octets)",
+                      GET_U_1(nr->tos),
+                      GET_BE_U_4(nr->packets),
+                      GET_BE_U_4(nr->octets));
+               /* This was not all of struct nfrec_v5. */
+               ND_TCHECK_SIZE(nr);
+       }
+}
+
+static void
+cnfp_v6_print(netdissect_options *ndo, const u_char *cp)
+{
+       const struct nfhdr_v6 *nh;
+       const struct nfrec_v6 *nr;
+       const char *p_name;
+       uint8_t proto;
+       u_int nrecs, ver;
+#if 0
+       time_t t;
+#endif
+
+       nh = (const struct nfhdr_v6 *)cp;
+
+       ver = GET_BE_U_2(nh->version);
+       nrecs = GET_BE_U_4(nh->count);
+#if 0
+       /*
+        * This is seconds since the UN*X epoch, and is followed by
+        * nanoseconds.  XXX - format it, rather than just dumping the
+        * raw seconds-since-the-Epoch.
+        */
+       t = GET_BE_U_4(nh->utc_sec);
+#endif
+
+       ND_PRINT("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
+              GET_BE_U_4(nh->msys_uptime)/1000,
+              GET_BE_U_4(nh->msys_uptime)%1000,
+              GET_BE_U_4(nh->utc_sec), GET_BE_U_4(nh->utc_nsec));
+
+       ND_PRINT("#%u, ", GET_BE_U_4(nh->sequence));
+       /* This was not all of struct nfhdr_v6. */
+       ND_TCHECK_SIZE(nh);
+       nr = (const struct nfrec_v6 *)&nh[1];
+
+       ND_PRINT("%2u recs", nrecs);
+
+       for (; nrecs != 0; nr++, nrecs--) {
+               ND_PRINT("\n  started %u.%03u, last %u.%03u",
+                      GET_BE_U_4(nr->start_time)/1000,
+                      GET_BE_U_4(nr->start_time)%1000,
+                      GET_BE_U_4(nr->last_time)/1000,
+                      GET_BE_U_4(nr->last_time)%1000);
+
+               ND_PRINT("\n    %s/%u:%u:%u ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->src_ina)),
+                       GET_U_1(nr->src_mask), GET_BE_U_2(nr->src_as),
+                       GET_BE_U_2(nr->srcport));
+
+               ND_PRINT("> %s/%u:%u:%u ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->dst_ina)),
+                       GET_U_1(nr->dst_mask), GET_BE_U_2(nr->dst_as),
+                       GET_BE_U_2(nr->dstport));
+
+               ND_PRINT(">> %s\n    ",
+                       intoa(GET_IPV4_TO_NETWORK_ORDER(nr->nhop_ina)));
+
+               proto = GET_U_1(nr->proto);
+               if (!ndo->ndo_nflag && (p_name = netdb_protoname(proto)) != NULL)
+                       ND_PRINT("%s ", p_name);
+               else
+                       ND_PRINT("%u ", proto);
+
+               /* tcp flags for tcp only */
+               if (proto == IPPROTO_TCP) {
+                       u_int flags;
+                       flags = GET_U_1(nr->tcp_flags);
+                       if (flags)
+                               ND_PRINT("%s ", bittok2str_nosep(tcp_flag_values, "", flags));
                }
                }
-               printf("tos %u, %u (%u octets) %s",
-                      (unsigned)ntohl(nr->proto_tos) & 0xff,
-                      (unsigned)ntohl(nr->packets),
-                      (unsigned)ntohl(nr->octets), buf);
+
+               ND_PRINT("tos %u, %u (%u octets) (%u<>%u encaps)",
+                      GET_U_1(nr->tos),
+                      GET_BE_U_4(nr->packets),
+                      GET_BE_U_4(nr->octets),
+                      (GET_BE_U_2(nr->flags) >> 8) & 0xff,
+                      (GET_BE_U_2(nr->flags)) & 0xff);
+               /* This was not all of struct nfrec_v6. */
+               ND_TCHECK_SIZE(nr);
+       }
+}
+
+void
+cnfp_print(netdissect_options *ndo, const u_char *cp)
+{
+       int ver;
+
+       /*
+        * First 2 bytes are the version number.
+        */
+       ndo->ndo_protocol = "cnfp";
+       ver = GET_BE_U_2(cp);
+       switch (ver) {
+
+       case 1:
+               cnfp_v1_print(ndo, cp);
+               break;
+
+       case 5:
+               cnfp_v5_print(ndo, cp);
+               break;
+
+       case 6:
+               cnfp_v6_print(ndo, cp);
+               break;
+
+       default:
+               ND_PRINT("NetFlow v%x", ver);
+               break;
        }
 }
        }
 }
[mirror] the TCPdump network dissector