fi
-#
-# Check for some headers introduced in later versions of libpcap
-# and used by some printers.
-#
-# Those headers might use the {u_}intN_t types, so we must do this
-# after we check for what's needed to get them defined.
-#
-savedcppflags="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $V_INCLS"
-for ac_header in pcap/nflog.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "pcap/nflog.h" "ac_cv_header_pcap_nflog_h" "#include \"netdissect-stdinc.h\"
-"
-if test "x$ac_cv_header_pcap_nflog_h" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_PCAP_NFLOG_H 1
-_ACEOF
-
-fi
-
-done
-
-CPPFLAGS="$savedcppflags"
-
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
#include "netdissect-stdinc.h"
#include "netdissect.h"
+#include "extract.h"
-#if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
+#ifdef DLT_NFLOG
-#include <pcap/nflog.h>
+/*
+ * Structure of an NFLOG header and TLV parts, as described at
+ * http://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html
+ *
+ * The NFLOG header is big-endian.
+ *
+ * The TLV length and type are in host byte order. The value is either
+ * big-endian or is an array of bytes in some externally-specified byte
+ * order (text string, link-layer address, link-layer header, packet
+ * data, etc.).
+ */
+typedef struct nflog_hdr {
+ nd_uint8_t nflog_family; /* address family */
+ nd_uint8_t nflog_version; /* version */
+ nd_uint16_t nflog_rid; /* resource ID */
+} nflog_hdr_t;
+
+typedef struct nflog_tlv {
+ nd_uint16_t tlv_length; /* tlv length */
+ nd_uint16_t tlv_type; /* tlv type */
+ /* value follows this */
+} nflog_tlv_t;
+
+typedef struct nflog_packet_hdr {
+ nd_uint16_t hw_protocol; /* hw protocol */
+ nd_uint8_t hook; /* netfilter hook */
+ nd_byte pad[1]; /* padding to 32 bits */
+} nflog_packet_hdr_t;
+
+typedef struct nflog_hwaddr {
+ nd_uint16_t hw_addrlen; /* address length */
+ nd_byte pad[2]; /* padding to 32-bit boundary */
+ nd_byte hw_addr[8]; /* address, up to 8 bytes */
+} nflog_hwaddr_t;
+
+typedef struct nflog_timestamp {
+ nd_uint64_t sec;
+ nd_uint64_t usec;
+} nflog_timestamp_t;
+/*
+ * TLV types.
+ */
+#define NFULA_PACKET_HDR 1 /* nflog_packet_hdr_t */
+#define NFULA_MARK 2 /* packet mark from skbuff */
+#define NFULA_TIMESTAMP 3 /* nflog_timestamp_t for skbuff's time stamp */
+#define NFULA_IFINDEX_INDEV 4 /* ifindex of device on which packet received (possibly bridge group) */
+#define NFULA_IFINDEX_OUTDEV 5 /* ifindex of device on which packet transmitted (possibly bridge group) */
+#define NFULA_IFINDEX_PHYSINDEV 6 /* ifindex of physical device on which packet received (not bridge group) */
+#define NFULA_IFINDEX_PHYSOUTDEV 7 /* ifindex of physical device on which packet transmitted (not bridge group) */
+#define NFULA_HWADDR 8 /* nflog_hwaddr_t for hardware address */
+#define NFULA_PAYLOAD 9 /* packet payload */
+#define NFULA_PREFIX 10 /* text string - null-terminated, count includes NUL */
+#define NFULA_UID 11 /* UID owning socket on which packet was sent/received */
+#define NFULA_SEQ 12 /* sequence number of packets on this NFLOG socket */
+#define NFULA_SEQ_GLOBAL 13 /* sequence number of pakets on all NFLOG sockets */
+#define NFULA_GID 14 /* GID owning socket on which packet was sent/received */
+#define NFULA_HWTYPE 15 /* ARPHRD_ type of skbuff's device */
+#define NFULA_HWHEADER 16 /* skbuff's MAC-layer header */
+#define NFULA_HWLEN 17 /* length of skbuff's MAC-layer header */
static const struct tok nflog_values[] = {
{ AF_INET, "IPv4" },
static void
nflog_hdr_print(netdissect_options *ndo, const nflog_hdr_t *hdr, u_int length)
{
- ND_PRINT("version %d, resource ID %d", hdr->nflog_version, ntohs(hdr->nflog_rid));
+ ND_PRINT("version %u, resource ID %u",
+ EXTRACT_U_1(hdr->nflog_version), EXTRACT_BE_U_2(hdr->nflog_rid));
if (!ndo->ndo_qflag) {
- ND_PRINT(", family %s (%d)",
+ ND_PRINT(", family %s (%u)",
tok2str(nflog_values, "Unknown",
- hdr->nflog_family),
- hdr->nflog_family);
+ EXTRACT_U_1(hdr->nflog_family)),
+ EXTRACT_U_1(hdr->nflog_family));
} else {
ND_PRINT(", %s",
tok2str(nflog_values,
"Unknown NFLOG (0x%02x)",
- hdr->nflog_family));
+ EXTRACT_U_1(hdr->nflog_family)));
}
ND_PRINT(", length %u: ", length);
goto trunc;
ND_TCHECK_SIZE(hdr);
- if (hdr->nflog_version != 0) {
- ND_PRINT("version %u (unknown)", hdr->nflog_version);
+ if (EXTRACT_U_1(hdr->nflog_version) != 0) {
+ ND_PRINT("version %u (unknown)", EXTRACT_U_1(hdr->nflog_version));
return h_size;
}
tlv = (const nflog_tlv_t *) p;
ND_TCHECK_SIZE(tlv);
- size = tlv->tlv_length;
+ size = EXTRACT_HE_U_2(tlv->tlv_length);
if (size % 4 != 0)
size += 4 - size % 4;
if (caplen < size || length < size)
goto trunc; /* No. */
- if (tlv->tlv_type == NFULA_PAYLOAD) {
+ if (EXTRACT_HE_U_2(tlv->tlv_type) == NFULA_PAYLOAD) {
/*
* This TLV's data is the packet payload.
* Skip past the TLV header, and break out
caplen -= size;
}
- switch (hdr->nflog_family) {
+ switch (EXTRACT_U_1(hdr->nflog_family)) {
case AF_INET:
ip_print(ndo, p, length);
projects / tcpdump / commitdiff
