From: Petar <petar.alilovic@gmail.com>
Date: Tue, 6 Aug 2013 09:26:38 +0000 (+0200)
Subject: IP packet information printing from NFLOG packet
X-Git-Tag: tcpdump-4.5.0~52^2
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/05ec05a87b3a7c6983a16b5ae62d0f1512c4ce89

IP packet information printing from NFLOG packet

Added nflog.h to Makefile.in

Alphabetical order in Makefile.in
---

diff --git a/Makefile.in b/Makefile.in
index f789b79f..e2fea332 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -87,7 +87,7 @@ CSRC =	addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c
 	print-l2tp.c print-lane.c print-ldp.c print-lldp.c print-llc.c \
         print-lmp.c print-lspping.c print-lwapp.c \
 	print-lwres.c print-mobile.c print-mpcp.c print-mpls.c print-mptcp.c print-msdp.c \
-	print-msnlb.c print-nfs.c print-ntp.c print-null.c print-nflog.c \
+	print-msnlb.c print-nflog.c print-nfs.c print-ntp.c print-null.c \
 	print-olsr.c print-openflow.c print-openflow-1.0.c print-ospf.c \
 	print-pgm.c print-pim.c \
 	print-ppi.c print-ppp.c print-pppoe.c print-pptp.c \
@@ -161,6 +161,7 @@ HDR = \
 	nameser.h \
 	netbios.h \
 	netdissect.h \
+	nflog.h \
 	nfs.h \
 	nfsfh.h \
 	nlpid.h \
diff --git a/configure.in b/configure.in
index 4c8059b8..2d22d1c9 100644
--- a/configure.in
+++ b/configure.in
@@ -33,7 +33,7 @@ if test "$ac_cv___attribute__" = "yes"; then
 		AC_C___ATTRIBUTE___FORMAT_FUNCTION_POINTER
 	fi
 fi
-AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h netdnet/dnetdb.h)
+AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h netdnet/dnetdb.h linux/netfilter/nfnetlink_log.h)
 AC_CHECK_HEADERS(net/pfvar.h, , , [#include <sys/types.h>
 #include <sys/socket.h>
 #include <net/if.h>])
diff --git a/netdissect.h b/netdissect.h
index ce08a54e..f34dad4c 100644
--- a/netdissect.h
+++ b/netdissect.h
@@ -482,7 +482,9 @@ extern void pptp_print(netdissect_options *,const u_char *, u_int);
 extern u_int ipnet_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 extern u_int ppi_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 
+#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H
 extern u_int nflog_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
+#endif
 
 extern u_int ieee802_15_4_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *);
 
diff --git a/nflog.h b/nflog.h
new file mode 100644
index 00000000..85051742
--- /dev/null
+++ b/nflog.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2013, Petar Alilovic,
+ * Faculty of Electrical Engineering and Computing, University of Zagreb
+ * All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *	 this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *	 notice, this list of conditions and the following disclaimer in the
+ *	 documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+/*
+ * Structure of an NFLOG header and TLV parts, as described at
+ * http://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html
+ */
+typedef struct nflog_hdr {
+	u_int8_t	nflog_family;		/* adress family */
+	u_int8_t	nflog_version;		/* version */
+	u_int16_t	nflog_rid;			/* resource ID */
+} nflog_hdr_t;
+
+typedef struct nflog_tlv {
+	u_int16_t	tlv_length;		/* tlv length */
+	u_int16_t	tlv_type;		/* tlv type */
+	void*		tlv_value;		/* tlv value */
+} nflog_tlv_t;
diff --git a/print-nflog.c b/print-nflog.c
index eed9c484..fdd21e69 100644
--- a/print-nflog.c
+++ b/print-nflog.c
@@ -1,3 +1,30 @@
+/*
+ * Copyright (c) 2013, Petar Alilovic,
+ * Faculty of Electrical Engineering and Computing, University of Zagreb
+ * All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *	 this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *	 notice, this list of conditions and the following disclaimer in the
+ *	 documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -10,27 +37,118 @@
 #include "netdissect.h"
 #include "interface.h"
 
+#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H
+#include <linux/netfilter/nfnetlink_log.h>
+#include "nflog.h"
+
 #ifdef DLT_NFLOG
 
+const struct tok nflog_values[] = {
+	{ AF_INET,		"IPv4" },
+	{ AF_INET6,		"IPv6" },
+	{ 0,				NULL }
+};
+
+static inline void
+nflog_hdr_print(struct netdissect_options *ndo, const u_char *bp, u_int length)
+{
+	const nflog_hdr_t *hdr;
+	hdr = (const nflog_hdr_t *)bp;
+
+	ND_PRINT((ndo, "version %d, resource ID %d", hdr->nflog_version, ntohs(hdr->nflog_rid)));
+
+	if (!ndo->ndo_qflag) {
+		ND_PRINT((ndo,", family %s (%d)",
+						  tok2str(nflog_values, "Unknown",
+								  hdr->nflog_family),
+						  hdr->nflog_family));
+		} else {
+		ND_PRINT((ndo,", %s",
+						  tok2str(nflog_values,
+								  "Unknown NFLOG (0x%02x)",
+								  hdr->nflog_family)));
+		}
+
+	ND_PRINT((ndo, ", length %u: ", length));
+}
+
 static void
-nflog_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen _U_)
+nflog_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
 {
-	ip_print(ndo, p, length);
-	return;
+	const nflog_hdr_t *hdr;
+	const nflog_tlv_t *tlv;
+	u_int16_t size;
+
+	if (caplen < (int) sizeof(nflog_hdr_t)) {
+		ND_PRINT((ndo, "[|nflog]"));
+		return;
+	}
+
+	if (ndo->ndo_eflag)
+		nflog_hdr_print(ndo, p, length);
+
+	length -= sizeof(nflog_hdr_t);
+	caplen -= sizeof(nflog_hdr_t);
+	hdr = (const nflog_hdr_t *)p;
+	p += sizeof(nflog_hdr_t);
+
+	do {
+		tlv = (const nflog_tlv_t *) p;
+		size = tlv->tlv_length;
+
+		/* wrong size of the packet */
+		if (size > length )
+			return;
+
+		/* wrong tlv type */
+		if (tlv->tlv_type > NFULA_MAX)
+			return;
+
+		if (size % 4 != 0)
+			size += 4 - size % 4;
+
+		p += size;
+		length = length - size;
+		caplen = caplen - size;
+
+	} while (tlv->tlv_type != NFULA_PAYLOAD);
+
+	/* dont skip payload just tlv length and type */
+	p = p - size + 4;
+	length += size - 4;
+	caplen += size - 4;
+
+	switch (hdr->nflog_family) {
+
+	case AF_INET:
+			ip_print(ndo, p, length);
+		break;
+
+#ifdef INET6
+	case AF_INET6:
+		ip6_print(ndo, p, length);
+		break;
+#endif /*INET6*/
+
+	default:
+		if (!ndo->ndo_eflag)
+			nflog_hdr_print(ndo, (u_char *)hdr,
+				length + sizeof(nflog_hdr_t));
+
+		if (!ndo->ndo_suppress_default_print)
+			ndo->ndo_default_print(ndo, p, caplen);
+		break;
+	}
 }
 
 u_int
 nflog_if_print(struct netdissect_options *ndo,
-	       const struct pcap_pkthdr *h, const u_char *p)
+			   const struct pcap_pkthdr *h, const u_char *p)
 {
-	if (h->len < 104 || h->caplen < 104) {
-		ND_PRINT((ndo, "[!nflog]"));
-		return h->caplen;
-	}
-
-	nflog_print(ndo, p + 104, h->len - 104, h->caplen - 104);
 
-	return 104;
+	nflog_print(ndo, p, h->len, h->caplen);
+	return (sizeof(nflog_hdr_t));
 }
 
+#endif /* HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H */
 #endif /* DLT_NFLOG */
diff --git a/tcpdump.c b/tcpdump.c
index 5435c7d4..115cb74b 100644
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -313,7 +313,9 @@ static struct printer printers[] = {
 
 static struct ndo_printer ndo_printers[] = {
 #ifdef DLT_NFLOG
+#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_LOG_H
 	{ nflog_if_print,	DLT_NFLOG},
+#endif
 #endif
 	{ ether_if_print,	DLT_EN10MB },
 #ifdef DLT_IPNET