--- /dev/null
+/*
+ * This file implements decoding of ZeroMQ network protocol(s).
+ *
+ *
+ * Copyright (c) 2013 The TCPDUMP project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <tcpdump-stdinc.h>
+
+#include <stdio.h>
+
+#include "interface.h"
+#include "extract.h"
+
+/* Maximum number of ZMTP/1.0 frame body bytes (without the flags) to dump in
+ * hex and ASCII under a single "-v" flag.
+ */
+#define VBYTES 128
+
+/*
+ * Below is an excerpt from the "13/ZMTP" specification:
+ *
+ * A ZMTP message consists of 1 or more frames.
+ *
+ * A ZMTP frame consists of a length, followed by a flags field and a frame
+ * body of (length - 1) octets. Note: the length includes the flags field, so
+ * an empty frame has a length of 1.
+ *
+ * For frames with a length of 1 to 254 octets, the length SHOULD BE encoded
+ * as a single octet. The minimum valid length of a frame is 1 octet, thus a
+ * length of 0 is invalid and such frames SHOULD be discarded silently.
+ *
+ * For frames with lengths of 255 and greater, the length SHALL BE encoded as
+ * a single octet with the value 255, followed by the length encoded as a
+ * 64-bit unsigned integer in network byte order. For frames with lengths of
+ * 1 to 254 octets this encoding MAY be also used.
+ *
+ * The flags field consists of a single octet containing various control
+ * flags. Bit 0 is the least significant bit.
+ *
+ * - Bit 0 (MORE): More frames to follow. A value of 0 indicates that there
+ * are no more frames to follow. A value of 1 indicates that more frames
+ * will follow. On messages consisting of a single frame the MORE flag MUST
+ * be 0.
+ *
+ * - Bits 1-7: Reserved. Bits 1-7 are reserved for future use and SHOULD be
+ * zero.
+ */
+
+static const u_char *
+zmtp1_print_frame(const u_char *cp, const u_char *ep) {
+ u_int64_t body_len_declared, body_len_captured, header_len;
+ u_int8_t flags;
+
+ printf("\n\t");
+ TCHECK2(*cp, 1); /* length/0xFF */
+
+ if (cp[0] != 0xFF) {
+ header_len = 1; /* length */
+ body_len_declared = cp[0];
+ if (body_len_declared == 0)
+ return cp + header_len; /* skip to next frame */
+ printf(" frame flags+body (8-bit) length %"PRIu8"", cp[0]);
+ TCHECK2(*cp, header_len + 1); /* length, flags */
+ flags = cp[1];
+ } else {
+ header_len = 1 + 8; /* 0xFF, length */
+ printf(" frame flags+body (64-bit) length");
+ TCHECK2(*cp, header_len); /* 0xFF, length */
+ body_len_declared = EXTRACT_64BITS(cp + 1);
+ if (body_len_declared == 0)
+ return cp + header_len; /* skip to next frame */
+ printf(" %"PRIu64"", body_len_declared);
+ TCHECK2(*cp, header_len + 1); /* 0xFF, length, flags */
+ flags = cp[9];
+ }
+
+ body_len_captured = ep - cp - header_len;
+ if (body_len_declared > body_len_captured)
+ printf(" (%"PRIu64" captured)", body_len_captured);
+ printf(", flags 0x%02"PRIx8"", flags);
+
+ if (vflag) {
+ u_int64_t body_len_printed = MIN(body_len_captured, body_len_declared);
+
+ printf(" (%s|%s|%s|%s|%s|%s|%s|%s)",
+ flags & 0x80 ? "MBZ" : "-",
+ flags & 0x40 ? "MBZ" : "-",
+ flags & 0x20 ? "MBZ" : "-",
+ flags & 0x10 ? "MBZ" : "-",
+ flags & 0x08 ? "MBZ" : "-",
+ flags & 0x04 ? "MBZ" : "-",
+ flags & 0x02 ? "MBZ" : "-",
+ flags & 0x01 ? "MORE" : "-");
+
+ if (vflag == 1)
+ body_len_printed = MIN(VBYTES + 1, body_len_printed);
+ if (body_len_printed > 1) {
+ printf(", first %"PRIu64" byte(s) of body:", body_len_printed - 1);
+ hex_and_ascii_print("\n\t ", cp + header_len + 1, body_len_printed - 1);
+ printf("\n");
+ }
+ }
+
+ TCHECK2(*cp, header_len + body_len_declared); /* Next frame within the buffer ? */
+ return cp + header_len + body_len_declared;
+
+trunc:
+ printf(" [|zmtp1]");
+ return ep;
+}
+
+void
+zmtp1_print(const u_char *cp, u_int len) {
+ const u_char *ep = MIN(snapend, cp + len);
+
+ printf(": ZMTP/1.0");
+ while (cp < ep)
+ cp = zmtp1_print_frame(cp, ep);
+}
+
--- /dev/null
+IP (tos 0x0, ttl 64, id 17993, offset 0, flags [DF], proto TCP (6), length 60)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [S], cksum 0xfe30 (incorrect -> 0x1a9d), seq 2523978814, win 32792, options [mss 16396,sackOK,TS val 245537399 ecr 0,nop,wscale 7], length 0
+IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [S.], cksum 0xfe30 (incorrect -> 0x31b6), seq 3988083230, ack 2523978815, win 32768, options [mss 16396,sackOK,TS val 245537399 ecr 245537399,nop,wscale 7], length 0
+IP (tos 0x0, ttl 64, id 17994, offset 0, flags [DF], proto TCP (6), length 52)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [.], cksum 0xfe28 (incorrect -> 0x19da), ack 1, win 257, options [nop,nop,TS val 245537399 ecr 245537399], length 0
+IP (tos 0x0, ttl 64, id 17995, offset 0, flags [DF], proto TCP (6), length 54)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [P.], cksum 0xfe2a (incorrect -> 0x18d0), seq 1:3, ack 1, win 257, options [nop,nop,TS val 245537399 ecr 245537399], length 2: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x00 (-|-|-|-|-|-|-|-)
+IP (tos 0x0, ttl 64, id 51304, offset 0, flags [DF], proto TCP (6), length 52)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [.], cksum 0xfe28 (incorrect -> 0x19d9), ack 3, win 256, options [nop,nop,TS val 245537399 ecr 245537399], length 0
+IP (tos 0x0, ttl 64, id 51305, offset 0, flags [DF], proto TCP (6), length 54)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [P.], cksum 0xfe2a (incorrect -> 0x18cf), seq 1:3, ack 3, win 256, options [nop,nop,TS val 245537399 ecr 245537399], length 2: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x00 (-|-|-|-|-|-|-|-)
+IP (tos 0x0, ttl 64, id 17996, offset 0, flags [DF], proto TCP (6), length 52)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [.], cksum 0xfe28 (incorrect -> 0x19d6), ack 3, win 257, options [nop,nop,TS val 245537399 ecr 245537399], length 0
+IP (tos 0x0, ttl 64, id 17997, offset 0, flags [DF], proto TCP (6), length 148)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [P.], cksum 0xfe88 (incorrect -> 0x11da), seq 3:99, ack 3, win 257, options [nop,nop,TS val 245537399 ecr 245537399], length 96: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x01 (-|-|-|-|-|-|-|MORE)
+ frame flags+body (8-bit) length 93, flags 0x00 (-|-|-|-|-|-|-|-), first 92 byte(s) of body:
+ 0x0000: 5468 6973 2069 7320 6120 7368 6f72 7420 This.is.a.short.
+ 0x0010: 4153 4349 4920 6d65 7373 6167 6520 666f ASCII.message.fo
+ 0x0020: 6c6c 6f77 6564 2062 7920 6120 7368 6f72 llowed.by.a.shor
+ 0x0030: 7420 6269 6e61 7279 206d 6573 7361 6765 t.binary.message
+ 0x0040: 2061 6e64 2061 206c 6f6e 6765 7220 4153 .and.a.longer.AS
+ 0x0050: 4349 4920 6d65 7373 6167 652e CII.message.
+
+IP (tos 0x0, ttl 64, id 51306, offset 0, flags [DF], proto TCP (6), length 84)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [P.], cksum 0xfe48 (incorrect -> 0xc80f), seq 3:35, ack 99, win 256, options [nop,nop,TS val 245537399 ecr 245537399], length 32: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x01 (-|-|-|-|-|-|-|MORE)
+ frame flags+body (8-bit) length 29, flags 0x00 (-|-|-|-|-|-|-|-), first 28 byte(s) of body:
+ 0x0000: 5468 6973 2069 7320 6120 7368 6f72 7420 This.is.a.short.
+ 0x0010: 4153 4349 4920 7265 706c 792e ASCII.reply.
+
+IP (tos 0x0, ttl 64, id 17998, offset 0, flags [DF], proto TCP (6), length 72)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [P.], cksum 0xfe3c (incorrect -> 0xcef8), seq 99:119, ack 35, win 257, options [nop,nop,TS val 245537399 ecr 245537399], length 20: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x01 (-|-|-|-|-|-|-|MORE)
+ frame flags+body (8-bit) length 17, flags 0x00 (-|-|-|-|-|-|-|-), first 16 byte(s) of body:
+ 0x0000: 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f ................
+
+IP (tos 0x0, ttl 64, id 51307, offset 0, flags [DF], proto TCP (6), length 84)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [P.], cksum 0xfe48 (incorrect -> 0xc7da), seq 35:67, ack 119, win 256, options [nop,nop,TS val 245537400 ecr 245537399], length 32: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x01 (-|-|-|-|-|-|-|MORE)
+ frame flags+body (8-bit) length 29, flags 0x00 (-|-|-|-|-|-|-|-), first 28 byte(s) of body:
+ 0x0000: 5468 6973 2069 7320 6120 7368 6f72 7420 This.is.a.short.
+ 0x0010: 4153 4349 4920 7265 706c 792e ASCII.reply.
+
+IP (tos 0x0, ttl 64, id 17999, offset 0, flags [DF], proto TCP (6), length 603)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [P.], cksum 0x0050 (incorrect -> 0xafc1), seq 119:670, ack 67, win 257, options [nop,nop,TS val 245537400 ecr 245537400], length 551: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x01 (-|-|-|-|-|-|-|MORE)
+ frame flags+body (64-bit) length 540, flags 0x00 (-|-|-|-|-|-|-|-), first 128 byte(s) of body:
+ 0x0000: 5468 6520 7175 6963 6b20 6272 6f77 6e20 The.quick.brown.
+ 0x0010: 666f 7820 6a75 6d70 7320 6f76 6572 2074 fox.jumps.over.t
+ 0x0020: 6865 206c 617a 7920 646f 672e 2054 6865 he.lazy.dog..The
+ 0x0030: 2071 7569 636b 2062 726f 776e 2066 6f78 .quick.brown.fox
+ 0x0040: 206a 756d 7073 206f 7665 7220 7468 6520 .jumps.over.the.
+ 0x0050: 6c61 7a79 2064 6f67 2e20 5468 6520 7175 lazy.dog..The.qu
+ 0x0060: 6963 6b20 6272 6f77 6e20 666f 7820 6a75 ick.brown.fox.ju
+ 0x0070: 6d70 7320 6f76 6572 2074 6865 206c 617a mps.over.the.laz
+
+IP (tos 0x0, ttl 64, id 51308, offset 0, flags [DF], proto TCP (6), length 84)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [P.], cksum 0xfe48 (incorrect -> 0xc592), seq 67:99, ack 670, win 256, options [nop,nop,TS val 245537400 ecr 245537400], length 32: ZMTP/1.0
+ frame flags+body (8-bit) length 1, flags 0x01 (-|-|-|-|-|-|-|MORE)
+ frame flags+body (8-bit) length 29, flags 0x00 (-|-|-|-|-|-|-|-), first 28 byte(s) of body:
+ 0x0000: 5468 6973 2069 7320 6120 7368 6f72 7420 This.is.a.short.
+ 0x0010: 4153 4349 4920 7265 706c 792e ASCII.reply.
+
+IP (tos 0x0, ttl 64, id 18000, offset 0, flags [DF], proto TCP (6), length 52)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [F.], cksum 0xfe28 (incorrect -> 0x16d8), seq 670, ack 99, win 257, options [nop,nop,TS val 245537400 ecr 245537400], length 0
+IP (tos 0x0, ttl 64, id 51309, offset 0, flags [DF], proto TCP (6), length 52)
+ 127.0.0.1.33000 > 127.0.0.1.55358: Flags [F.], cksum 0xfe28 (incorrect -> 0x16d8), seq 99, ack 671, win 256, options [nop,nop,TS val 245537400 ecr 245537400], length 0
+IP (tos 0x0, ttl 64, id 18001, offset 0, flags [DF], proto TCP (6), length 52)
+ 127.0.0.1.55358 > 127.0.0.1.33000: Flags [.], cksum 0xfe28 (incorrect -> 0x16d7), ack 100, win 257, options [nop,nop,TS val 245537400 ecr 245537400], length 0
projects / tcpdump / commitdiff
