IP packet information printing from NFLOG packet

Added nflog.h to Makefile.in

Alphabetical order in Makefile.in

diff --git a/Makefile.in b/Makefile.in
index f789b79f1bbb4d69e8b0436b907ff71f1fb8270b..e2fea3320eea3e68ef581fe8ce553f02fb40fc82 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -87,7 +87,7 @@ CSRC =        addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c
        print-l2tp.c print-lane.c print-ldp.c print-lldp.c print-llc.c \
         print-lmp.c print-lspping.c print-lwapp.c \
        print-lwres.c print-mobile.c print-mpcp.c print-mpls.c print-mptcp.c print-msdp.c \
        print-l2tp.c print-lane.c print-ldp.c print-lldp.c print-llc.c \
         print-lmp.c print-lspping.c print-lwapp.c \
        print-lwres.c print-mobile.c print-mpcp.c print-mpls.c print-mptcp.c print-msdp.c \

-       print-msnlb.c print-nfs.c print-ntp.c print-null.c print-nflog.c \
+       print-msnlb.c print-nflog.c print-nfs.c print-ntp.c print-null.c \

        print-olsr.c print-openflow.c print-openflow-1.0.c print-ospf.c \
        print-pgm.c print-pim.c \
        print-ppi.c print-ppp.c print-pppoe.c print-pptp.c \
        print-olsr.c print-openflow.c print-openflow-1.0.c print-ospf.c \
        print-pgm.c print-pim.c \
        print-ppi.c print-ppp.c print-pppoe.c print-pptp.c \


@@ -161,6 +161,7 @@ HDR = \
        nameser.h \
        netbios.h \
        netdissect.h \
        nameser.h \
        netbios.h \
        netdissect.h \

+       nflog.h \

        nfs.h \
        nfsfh.h \
        nlpid.h \
        nfs.h \
        nfsfh.h \
        nlpid.h \

diff --git a/configure.in b/configure.in
index 4c8059b88578aef6e42c62aa9f829a90aa3b4639..2d22d1c9e9933ee434917463a79ebd032fd4fcfc 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -33,7 +33,7 @@ if test "$ac_cv___attribute__" = "yes"; then
                AC_C___ATTRIBUTE___FORMAT_FUNCTION_POINTER
        fi
 fi
                AC_C___ATTRIBUTE___FORMAT_FUNCTION_POINTER
        fi
 fi

-AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h netdnet/dnetdb.h)
+AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h netdnet/dnetdb.h linux/netfilter/nfnetlink_log.h)

 AC_CHECK_HEADERS(net/pfvar.h, , , [#include <sys/types.h>
 #include <sys/socket.h>
 #include <net/if.h>])
 AC_CHECK_HEADERS(net/pfvar.h, , , [#include <sys/types.h>
 #include <sys/socket.h>
 #include <net/if.h>])

diff --git a/netdissect.h b/netdissect.h
index ce08a54e638bd2a961ba5987b675655b012eefb7..f34dad4c79cad3d6cdec0fbb9380ca8559ddf108 100644 (file)
--- a/netdissect.h
+++ b/netdissect.h
@@ -482,7 +482,9 @@ extern void pptp_print(netdissect_options *,const u_char *, u_int);
 extern u_int ipnet_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 extern u_int ppi_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 
 extern u_int ipnet_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 extern u_int ppi_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 

+#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H

 extern u_int nflog_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 extern u_int nflog_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);

+#endif

 
 extern u_int ieee802_15_4_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 
 
 extern u_int ieee802_15_4_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 

diff --git a/nflog.h b/nflog.h
new file mode 100644 (file)
index 0000000..8505174
--- /dev/null
+++ b/nflog.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2013, Petar Alilovic,
+ * Faculty of Electrical Engineering and Computing, University of Zagreb
+ * All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+/*
+ * Structure of an NFLOG header and TLV parts, as described at
+ * http://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html
+ */
+typedef struct nflog_hdr {
+       u_int8_t        nflog_family;           /* adress family */
+       u_int8_t        nflog_version;          /* version */
+       u_int16_t       nflog_rid;                      /* resource ID */
+} nflog_hdr_t;
+
+typedef struct nflog_tlv {
+       u_int16_t       tlv_length;             /* tlv length */
+       u_int16_t       tlv_type;               /* tlv type */
+       void*           tlv_value;              /* tlv value */
+} nflog_tlv_t;

diff --git a/print-nflog.c b/print-nflog.c
index eed9c484f65a60cbd8b354607976ccf571318267..fdd21e69d9f52be99896f64fdc5c073560768d73 100644 (file)
--- a/print-nflog.c
+++ b/print-nflog.c
@@ -1,3 +1,30 @@
+/*
+ * Copyright (c) 2013, Petar Alilovic,
+ * Faculty of Electrical Engineering and Computing, University of Zagreb
+ * All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif


@@ -10,27 +37,118 @@
 #include "netdissect.h"
 #include "interface.h"
 
 #include "netdissect.h"
 #include "interface.h"
 

+#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H
+#include <linux/netfilter/nfnetlink_log.h>
+#include "nflog.h"
+

 #ifdef DLT_NFLOG
 
 #ifdef DLT_NFLOG
 

+const struct tok nflog_values[] = {
+       { AF_INET,              "IPv4" },
+       { AF_INET6,             "IPv6" },
+       { 0,                            NULL }
+};
+
+static inline void
+nflog_hdr_print(struct netdissect_options *ndo, const u_char *bp, u_int length)
+{
+       const nflog_hdr_t *hdr;
+       hdr = (const nflog_hdr_t *)bp;
+
+       ND_PRINT((ndo, "version %d, resource ID %d", hdr->nflog_version, ntohs(hdr->nflog_rid)));
+
+       if (!ndo->ndo_qflag) {
+               ND_PRINT((ndo,", family %s (%d)",
+                                                 tok2str(nflog_values, "Unknown",
+                                                                 hdr->nflog_family),
+                                                 hdr->nflog_family));
+               } else {
+               ND_PRINT((ndo,", %s",
+                                                 tok2str(nflog_values,
+                                                                 "Unknown NFLOG (0x%02x)",
+                                                                 hdr->nflog_family)));
+               }
+
+       ND_PRINT((ndo, ", length %u: ", length));
+}
+

 static void
 static void

-nflog_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen _U_)
+nflog_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)

 {
 {

-       ip_print(ndo, p, length);
-       return;
+       const nflog_hdr_t *hdr;
+       const nflog_tlv_t *tlv;
+       u_int16_t size;
+
+       if (caplen < (int) sizeof(nflog_hdr_t)) {
+               ND_PRINT((ndo, "[|nflog]"));
+               return;
+       }
+
+       if (ndo->ndo_eflag)
+               nflog_hdr_print(ndo, p, length);
+
+       length -= sizeof(nflog_hdr_t);
+       caplen -= sizeof(nflog_hdr_t);
+       hdr = (const nflog_hdr_t *)p;
+       p += sizeof(nflog_hdr_t);
+
+       do {
+               tlv = (const nflog_tlv_t *) p;
+               size = tlv->tlv_length;
+
+               /* wrong size of the packet */
+               if (size > length )
+                       return;
+
+               /* wrong tlv type */
+               if (tlv->tlv_type > NFULA_MAX)
+                       return;
+
+               if (size % 4 != 0)
+                       size += 4 - size % 4;
+
+               p += size;
+               length = length - size;
+               caplen = caplen - size;
+
+       } while (tlv->tlv_type != NFULA_PAYLOAD);
+
+       /* dont skip payload just tlv length and type */
+       p = p - size + 4;
+       length += size - 4;
+       caplen += size - 4;
+
+       switch (hdr->nflog_family) {
+
+       case AF_INET:
+                       ip_print(ndo, p, length);
+               break;
+
+#ifdef INET6
+       case AF_INET6:
+               ip6_print(ndo, p, length);
+               break;
+#endif /*INET6*/
+
+       default:
+               if (!ndo->ndo_eflag)
+                       nflog_hdr_print(ndo, (u_char *)hdr,
+                               length + sizeof(nflog_hdr_t));
+
+               if (!ndo->ndo_suppress_default_print)
+                       ndo->ndo_default_print(ndo, p, caplen);
+               break;
+       }

 }
 
 u_int
 nflog_if_print(struct netdissect_options *ndo,
 }
 
 u_int
 nflog_if_print(struct netdissect_options *ndo,

-              const struct pcap_pkthdr *h, const u_char *p)
+                          const struct pcap_pkthdr *h, const u_char *p)

 {
 {

-       if (h->len < 104 || h->caplen < 104) {
-               ND_PRINT((ndo, "[!nflog]"));
-               return h->caplen;
-       }
-
-       nflog_print(ndo, p + 104, h->len - 104, h->caplen - 104);

 
 

-       return 104;
+       nflog_print(ndo, p, h->len, h->caplen);
+       return (sizeof(nflog_hdr_t));

 }
 
 }
 

+#endif /* HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H */

 #endif /* DLT_NFLOG */
 #endif /* DLT_NFLOG */

diff --git a/tcpdump.c b/tcpdump.c
index 5435c7d41e6f292b7262e0f77c3f526d0cf56552..115cb74bb097f6a4bd14f0df94c27799d2f5eebf 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -313,7 +313,9 @@ static struct printer printers[] = {
 
 static struct ndo_printer ndo_printers[] = {
 #ifdef DLT_NFLOG
 
 static struct ndo_printer ndo_printers[] = {
 #ifdef DLT_NFLOG

+#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H

        { nflog_if_print,       DLT_NFLOG},
        { nflog_if_print,       DLT_NFLOG},

+#endif

 #endif
        { ether_if_print,       DLT_EN10MB },
 #ifdef DLT_IPNET
 #endif
        { ether_if_print,       DLT_EN10MB },
 #ifdef DLT_IPNET