mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2025-01-08 00:38:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
23fc6548bc
tcpdump/print-cnfp.c

421 lines
12 KiB
C
Raw Normal View History

add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
/* $OpenBSD: print-cnfp.c,v 1.2 1998/06/25 20:26:59 mickey Exp $ */
/*
* Copyright (c) 1998 Michael Shalayeff
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Michael Shalayeff.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
Move the printer summaries from INSTALL.txt to each printer with the tag '\summary:' for greping. Remark: Currently some printers have no summary line. Moreover: Summarize all printers with a single line in INSTALL.txt
2016-08-14 21:42:19 +08:00
/* \summary: Cisco NetFlow protocol printer */
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
/*
* Cisco NetFlow protocol
*
* See
*
Use more HTTPS in URLs [skip ci]
2019-08-05 21:11:50 +08:00
* https://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html#wp1005892
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
*/
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
follow rule about rcsid and config.h
2000-04-27 18:41:40 +08:00
#ifdef HAVE_CONFIG_H
Always include <config.h> rather than "config.h". This can prevent bizarre failures if, for example, you've done a configuration in the top-level source directory, leaving behind one config.h file, and then do an out-of-tree build in another directory, with different configuration options. This way, we always pick up the same config.h, in the build directory.
2018-01-22 04:27:08 +08:00
#include <config.h>
follow rule about rcsid and config.h
2000-04-27 18:41:40 +08:00
#endif
Use quoted include netdissect-stdinc.h instead of angle-bracketed one
2018-01-20 22:59:49 +08:00
#include "netdissect-stdinc.h"
-Wall -Werror clean.
2000-04-28 19:17:36 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
#define ND_LONGJMP_FROM_TCHECK
Printers must include 'netdissect.h', not 'interface.h'
2015-09-06 05:35:58 +08:00
#include "netdissect.h"
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
#include "addrtoname.h"
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
#include "extract.h"
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
Add "tcp.h" and "udp.h" headers, to declare the TCP and UDP stuff needed by dissectors, and have dissectors include them rather than <netinet/udp.h>, <netinet/udp_var.h>, or <netinet/tcp.h>, if they actually need that stuff. Remove all unnecessary includes of <netinet/udp*.h> or <netinet/tcp*.h> files.
2000-09-23 16:26:30 +08:00
#include "tcp.h"
Add a new "ipproto.h" header file, with definitions of IP protocol type values. Use that rather than private definitions in various files. Add "gmpls.h" to the list of files in FILES, and add it and "ipfc.h" to the list of files in INSTALL.
2003-06-07 19:57:51 +08:00
#include "ipproto.h"
Add "tcp.h" and "udp.h" headers, to declare the TCP and UDP stuff needed by dissectors, and have dissectors include them rather than <netinet/udp.h>, <netinet/udp_var.h>, or <netinet/tcp.h>, if they actually need that stuff. Remove all unnecessary includes of <netinet/udp*.h> or <netinet/tcp*.h> files.
2000-09-23 16:26:30 +08:00
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
struct nfhdr_v1 {
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
nd_uint16_t version; /* version number */
nd_uint16_t count; /* # of records */
nd_uint32_t msys_uptime;
nd_uint32_t utc_sec;
nd_uint32_t utc_nsec;
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
};
struct nfrec_v1 {
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
nd_ipv4 src_ina;
nd_ipv4 dst_ina;
nd_ipv4 nhop_ina;
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
nd_uint16_t input; /* SNMP index of input interface */
nd_uint16_t output; /* SNMP index of output interface */
nd_uint32_t packets; /* packets in the flow */
nd_uint32_t octets; /* layer 3 octets in the packets of the flow */
nd_uint32_t start_time; /* sys_uptime value at start of flow */
nd_uint32_t last_time; /* sys_uptime value when last packet of flow was received */
nd_uint16_t srcport; /* TCP/UDP source port or equivalent */
nd_uint16_t dstport; /* TCP/UDP source port or equivalent */
nd_byte pad1[2]; /* pad */
nd_uint8_t proto; /* IP protocol type */
nd_uint8_t tos; /* IP type of service */
nd_uint8_t tcp_flags; /* cumulative OR of TCP flags */
nd_byte pad[3]; /* padding */
nd_uint32_t reserved; /* unused */
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
};
struct nfhdr_v5 {
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
nd_uint16_t version; /* version number */
nd_uint16_t count; /* # of records */
nd_uint32_t msys_uptime;
nd_uint32_t utc_sec;
nd_uint32_t utc_nsec;
nd_uint32_t sequence; /* flow sequence number */
nd_uint8_t engine_type; /* type of flow-switching engine */
nd_uint8_t engine_id; /* slot number of the flow-switching engine */
nd_uint16_t sampling_interval; /* sampling mode and interval */
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
};
struct nfrec_v5 {
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
nd_ipv4 src_ina;
nd_ipv4 dst_ina;
nd_ipv4 nhop_ina;
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
nd_uint16_t input; /* SNMP index of input interface */
nd_uint16_t output; /* SNMP index of output interface */
nd_uint32_t packets; /* packets in the flow */
nd_uint32_t octets; /* layer 3 octets in the packets of the flow */
nd_uint32_t start_time; /* sys_uptime value at start of flow */
nd_uint32_t last_time; /* sys_uptime value when last packet of flow was received */
nd_uint16_t srcport; /* TCP/UDP source port or equivalent */
nd_uint16_t dstport; /* TCP/UDP source port or equivalent */
nd_byte pad1; /* pad */
nd_uint8_t tcp_flags; /* cumulative OR of TCP flags */
nd_uint8_t proto; /* IP protocol type */
nd_uint8_t tos; /* IP type of service */
nd_uint16_t src_as; /* AS number of the source */
nd_uint16_t dst_as; /* AS number of the destination */
nd_uint8_t src_mask; /* source address mask bits */
nd_uint8_t dst_mask; /* destination address prefix mask bits */
nd_byte pad2[2];
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
nd_ipv4 peer_nexthop; /* v6: IP address of the nexthop within the peer (FIB)*/
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
};
struct nfhdr_v6 {
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
nd_uint16_t version; /* version number */
nd_uint16_t count; /* # of records */
nd_uint32_t msys_uptime;
nd_uint32_t utc_sec;
nd_uint32_t utc_nsec;
nd_uint32_t sequence; /* v5 flow sequence number */
nd_uint32_t reserved; /* v5 only */
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
};
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
struct nfrec_v6 {
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
nd_ipv4 src_ina;
nd_ipv4 dst_ina;
nd_ipv4 nhop_ina;
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
nd_uint16_t input; /* SNMP index of input interface */
nd_uint16_t output; /* SNMP index of output interface */
nd_uint32_t packets; /* packets in the flow */
nd_uint32_t octets; /* layer 3 octets in the packets of the flow */
nd_uint32_t start_time; /* sys_uptime value at start of flow */
nd_uint32_t last_time; /* sys_uptime value when last packet of flow was received */
nd_uint16_t srcport; /* TCP/UDP source port or equivalent */
nd_uint16_t dstport; /* TCP/UDP source port or equivalent */
nd_byte pad1; /* pad */
nd_uint8_t tcp_flags; /* cumulative OR of TCP flags */
nd_uint8_t proto; /* IP protocol type */
nd_uint8_t tos; /* IP type of service */
nd_uint16_t src_as; /* AS number of the source */
nd_uint16_t dst_as; /* AS number of the destination */
nd_uint8_t src_mask; /* source address mask bits */
nd_uint8_t dst_mask; /* destination address prefix mask bits */
nd_uint16_t flags;
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
nd_ipv4 peer_nexthop; /* v6: IP address of the nexthop within the peer (FIB)*/
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
};
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
static void
cnfp_v1_print(netdissect_options *ndo, const u_char *cp)
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
{
Remove all storage class specifier 'register' Let the compiler do the optimizations (or not) based on build options. Avoid 'value has been optimized out' messages in gdb using '-O0'.
2017-12-14 02:17:47 +08:00
const struct nfhdr_v1 *nh;
const struct nfrec_v1 *nr;
Use a table instead of getprotobynumber(). On Linux getprotobynumber() returns different results for the same argument depending on the contents of /etc/protocols at runtime (expectedly but gets in the way of reproducible test cases). On FreeBSD it returns results that are irrelevant of the contents of /etc/protocols at runtime (unexpectedly). Other implementations exist and may expose interesting properties too. And if the host uses LDAP instead of /etc/protocols for name services, a call to that function may cause LDAP handle the request. All of the above is not right for the specific task of network protocols decoding, which needs to be fast and deterministic. As the protocol number space is just 8-bit, add a 256-element array of strings/NULLs for the translation and a wrapper function around it for index range enforcement. Change the code to use the new function instead of getprotobynumber(). Fix a typo while at it.
2017-08-27 21:15:17 +08:00
const char *p_name;
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
uint8_t proto;
u_int nrecs, ver;
Get rid of an unused variable. #if out some other unused stuff, and note how it *should* be used.
2005-04-21 04:53:18 +08:00
#if 0
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
time_t t;
Get rid of an unused variable. #if out some other unused stuff, and note how it *should* be used.
2005-04-21 04:53:18 +08:00
#endif
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
nh = (const struct nfhdr_v1 *)cp;
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
ver = GET_BE_U_2(nh->version);
nrecs = GET_BE_U_4(nh->count);
Get rid of an unused variable. #if out some other unused stuff, and note how it *should* be used.
2005-04-21 04:53:18 +08:00
#if 0
/*
* This is seconds since the UN*X epoch, and is followed by
* nanoseconds. XXX - format it, rather than just dumping the
* raw seconds-since-the-Epoch.
*/
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
t = GET_BE_U_4(nh->utc_sec);
Get rid of an unused variable. #if out some other unused stuff, and note how it *should* be used.
2005-04-21 04:53:18 +08:00
#endif
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_4(nh->msys_uptime)/1000,
GET_BE_U_4(nh->msys_uptime)%1000,
GET_BE_U_4(nh->utc_sec), GET_BE_U_4(nh->utc_nsec));
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
nr = (const struct nfrec_v1 *)&nh[1];
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%2u recs", nrecs);
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Use ND_TCHECK() to do bounds checking. While we're at it, just use the record count to when iterating over records; the ND_TCHECK()s will make sure we don't run past the end of the captured data. Also get rid of an unused argument to cnfp_print().
2014-11-10 15:24:53 +08:00
for (; nrecs != 0; nr++, nrecs--) {
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("\n started %u.%03u, last %u.%03u",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_4(nr->start_time)/1000,
GET_BE_U_4(nr->start_time)%1000,
GET_BE_U_4(nr->last_time)/1000,
GET_BE_U_4(nr->last_time)%1000);
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("\n %s:%u ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->src_ina)),
GET_BE_U_2(nr->srcport));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("> %s:%u ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->dst_ina)),
GET_BE_U_2(nr->dstport));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
ND_PRINT(">> %s\n ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->nhop_ina)));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
proto = GET_U_1(nr->proto);
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
if (!ndo->ndo_nflag && (p_name = netdb_protoname(proto)) != NULL)
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%s ", p_name);
If -n is specified, don't look up IP protocol numbers. In ISAKMP, that means "add a test for the -n flag". In CNFP, that means "if -n is specified, don't even bother doing the lookup, don't do the lookup and then ignore the result" - the latter just wastes resources doing the lookup.
2017-08-27 11:06:34 +08:00
else
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%u ", proto);
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
/* tcp flags for tcp only */
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
if (proto == IPPROTO_TCP) {
u_int flags;
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
flags = GET_U_1(nr->tcp_flags);
NetFlow: Use tcp_flag_values[] for TCP flags. This way there is less code duplication and more consistency.
2021-01-16 18:56:30 +08:00
if (flags)
ND_PRINT("%s ", bittok2str_nosep(tcp_flag_values, "", flags));
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
}
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("tos %u, %u (%u octets)",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_U_1(nr->tos),
GET_BE_U_4(nr->packets),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_BE_U_4(nr->octets));
/* This was not all of struct nfrec_v1. */
ND_TCHECK_SIZE(nr);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
}
}
static void
cnfp_v5_print(netdissect_options *ndo, const u_char *cp)
{
Remove all storage class specifier 'register' Let the compiler do the optimizations (or not) based on build options. Avoid 'value has been optimized out' messages in gdb using '-O0'.
2017-12-14 02:17:47 +08:00
const struct nfhdr_v5 *nh;
const struct nfrec_v5 *nr;
Use a table instead of getprotobynumber(). On Linux getprotobynumber() returns different results for the same argument depending on the contents of /etc/protocols at runtime (expectedly but gets in the way of reproducible test cases). On FreeBSD it returns results that are irrelevant of the contents of /etc/protocols at runtime (unexpectedly). Other implementations exist and may expose interesting properties too. And if the host uses LDAP instead of /etc/protocols for name services, a call to that function may cause LDAP handle the request. All of the above is not right for the specific task of network protocols decoding, which needs to be fast and deterministic. As the protocol number space is just 8-bit, add a 256-element array of strings/NULLs for the translation and a wrapper function around it for index range enforcement. Change the code to use the new function instead of getprotobynumber(). Fix a typo while at it.
2017-08-27 21:15:17 +08:00
const char *p_name;
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
uint8_t proto;
u_int nrecs, ver;
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
#if 0
time_t t;
#endif
nh = (const struct nfhdr_v5 *)cp;
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
ver = GET_BE_U_2(nh->version);
nrecs = GET_BE_U_4(nh->count);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
#if 0
/*
* This is seconds since the UN*X epoch, and is followed by
* nanoseconds. XXX - format it, rather than just dumping the
* raw seconds-since-the-Epoch.
*/
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
t = GET_BE_U_4(nh->utc_sec);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
#endif
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_4(nh->msys_uptime)/1000,
GET_BE_U_4(nh->msys_uptime)%1000,
GET_BE_U_4(nh->utc_sec), GET_BE_U_4(nh->utc_nsec));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
ND_PRINT("#%u, ", GET_BE_U_4(nh->sequence));
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
/* This was not all of struct nfhdr_v5. */
ND_TCHECK_SIZE(nh);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
nr = (const struct nfrec_v5 *)&nh[1];
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%2u recs", nrecs);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
for (; nrecs != 0; nr++, nrecs--) {
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("\n started %u.%03u, last %u.%03u",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_4(nr->start_time)/1000,
GET_BE_U_4(nr->start_time)%1000,
GET_BE_U_4(nr->last_time)/1000,
GET_BE_U_4(nr->last_time)%1000);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("\n %s/%u:%u:%u ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->src_ina)),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_U_1(nr->src_mask), GET_BE_U_2(nr->src_as),
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_2(nr->srcport));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("> %s/%u:%u:%u ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->dst_ina)),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_U_1(nr->dst_mask), GET_BE_U_2(nr->dst_as),
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_2(nr->dstport));
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
ND_PRINT(">> %s\n ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->nhop_ina)));
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
proto = GET_U_1(nr->proto);
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
if (!ndo->ndo_nflag && (p_name = netdb_protoname(proto)) != NULL)
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%s ", p_name);
If -n is specified, don't look up IP protocol numbers. In ISAKMP, that means "add a test for the -n flag". In CNFP, that means "if -n is specified, don't even bother doing the lookup, don't do the lookup and then ignore the result" - the latter just wastes resources doing the lookup.
2017-08-27 11:06:34 +08:00
else
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%u ", proto);
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
/* tcp flags for tcp only */
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
if (proto == IPPROTO_TCP) {
u_int flags;
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
flags = GET_U_1(nr->tcp_flags);
NetFlow: Use tcp_flag_values[] for TCP flags. This way there is less code duplication and more consistency.
2021-01-16 18:56:30 +08:00
if (flags)
ND_PRINT("%s ", bittok2str_nosep(tcp_flag_values, "", flags));
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
}
Patch from Harry Raaymakers <harryr@connect.com.au> to the Cisco NetFlow printer to: add v6 support; fix the output so that the tcp ports and AS numbers don't run into each other; add the v6 encapsulation overhead bytes in the output.
2001-02-21 17:05:39 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("tos %u, %u (%u octets)",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_U_1(nr->tos),
GET_BE_U_4(nr->packets),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_BE_U_4(nr->octets));
/* This was not all of struct nfrec_v5. */
ND_TCHECK_SIZE(nr);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
}
}
static void
cnfp_v6_print(netdissect_options *ndo, const u_char *cp)
{
Remove all storage class specifier 'register' Let the compiler do the optimizations (or not) based on build options. Avoid 'value has been optimized out' messages in gdb using '-O0'.
2017-12-14 02:17:47 +08:00
const struct nfhdr_v6 *nh;
const struct nfrec_v6 *nr;
Use a table instead of getprotobynumber(). On Linux getprotobynumber() returns different results for the same argument depending on the contents of /etc/protocols at runtime (expectedly but gets in the way of reproducible test cases). On FreeBSD it returns results that are irrelevant of the contents of /etc/protocols at runtime (unexpectedly). Other implementations exist and may expose interesting properties too. And if the host uses LDAP instead of /etc/protocols for name services, a call to that function may cause LDAP handle the request. All of the above is not right for the specific task of network protocols decoding, which needs to be fast and deterministic. As the protocol number space is just 8-bit, add a 256-element array of strings/NULLs for the translation and a wrapper function around it for index range enforcement. Change the code to use the new function instead of getprotobynumber(). Fix a typo while at it.
2017-08-27 21:15:17 +08:00
const char *p_name;
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
uint8_t proto;
u_int nrecs, ver;
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
#if 0
time_t t;
#endif
nh = (const struct nfhdr_v6 *)cp;
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
ver = GET_BE_U_2(nh->version);
nrecs = GET_BE_U_4(nh->count);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
#if 0
/*
* This is seconds since the UN*X epoch, and is followed by
* nanoseconds. XXX - format it, rather than just dumping the
* raw seconds-since-the-Epoch.
*/
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
t = GET_BE_U_4(nh->utc_sec);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
#endif
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver,
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_4(nh->msys_uptime)/1000,
GET_BE_U_4(nh->msys_uptime)%1000,
GET_BE_U_4(nh->utc_sec), GET_BE_U_4(nh->utc_nsec));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
ND_PRINT("#%u, ", GET_BE_U_4(nh->sequence));
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
/* This was not all of struct nfhdr_v6. */
ND_TCHECK_SIZE(nh);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
nr = (const struct nfrec_v6 *)&nh[1];
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%2u recs", nrecs);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
for (; nrecs != 0; nr++, nrecs--) {
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("\n started %u.%03u, last %u.%03u",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_4(nr->start_time)/1000,
GET_BE_U_4(nr->start_time)%1000,
GET_BE_U_4(nr->last_time)/1000,
GET_BE_U_4(nr->last_time)%1000);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("\n %s/%u:%u:%u ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->src_ina)),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_U_1(nr->src_mask), GET_BE_U_2(nr->src_as),
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_2(nr->srcport));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("> %s/%u:%u:%u ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->dst_ina)),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_U_1(nr->dst_mask), GET_BE_U_2(nr->dst_as),
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_BE_U_2(nr->dstport));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
Use nd_ipv4 rather than struct in_addr. This ensures that we have no purportedly-aligned-but-not-necessarily- unaligned values that we access; we have to use EXTRACT_ macros/functions to get at IPv4 address values.
2018-01-31 06:39:15 +08:00
ND_PRINT(">> %s\n ",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
intoa(GET_IPV4_TO_NETWORK_ORDER(nr->nhop_ina)));
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
proto = GET_U_1(nr->proto);
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
if (!ndo->ndo_nflag && (p_name = netdb_protoname(proto)) != NULL)
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%s ", p_name);
If -n is specified, don't look up IP protocol numbers. In ISAKMP, that means "add a test for the -n flag". In CNFP, that means "if -n is specified, don't even bother doing the lookup, don't do the lookup and then ignore the result" - the latter just wastes resources doing the lookup.
2017-08-27 11:06:34 +08:00
else
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("%u ", proto);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
/* tcp flags for tcp only */
Use nd_ types, add EXTRACT_ calls.
2017-12-30 11:47:55 +08:00
if (proto == IPPROTO_TCP) {
u_int flags;
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
flags = GET_U_1(nr->tcp_flags);
NetFlow: Use tcp_flag_values[] for TCP flags. This way there is less code duplication and more consistency.
2021-01-16 18:56:30 +08:00
if (flags)
ND_PRINT("%s ", bittok2str_nosep(tcp_flag_values, "", flags));
Patch from Harry Raaymakers <harryr@connect.com.au> to the Cisco NetFlow printer to: add v6 support; fix the output so that the tcp ports and AS numbers don't run into each other; add the v6 encapsulation overhead bytes in the output.
2001-02-21 17:05:39 +08:00
}
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
ND_PRINT("tos %u, %u (%u octets) (%u<>%u encaps)",
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
GET_U_1(nr->tos),
GET_BE_U_4(nr->packets),
NetFlow: Modernize packet parsing style. [skip ci] Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE() instance and place the remaining ones after the code that prints individual structure fields, so it can print incomplete structures. Lose intermediate snprintf() calls and associated props. Lose trailing spaces in v1 and v5 output.
2021-01-23 23:24:32 +08:00
GET_BE_U_4(nr->octets),
(GET_BE_U_2(nr->flags) >> 8) & 0xff,
(GET_BE_U_2(nr->flags)) & 0xff);
/* This was not all of struct nfrec_v6. */
ND_TCHECK_SIZE(nr);
add cisco NetFlow support from OpenBSD.
2000-04-27 18:05:30 +08:00
}
}
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
void
cnfp_print(netdissect_options *ndo, const u_char *cp)
{
int ver;
/*
* First 2 bytes are the version number.
*/
Add the ndo_protocol field in the netdissect_options structure Update this field in printer entry functions. It will be used for some printings.
2018-03-14 23:54:17 +08:00
ndo->ndo_protocol = "cnfp";
Use the new GET_ macros instead of the EXTRACT_ ones The exceptions are currently: Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer. An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer pointer.
2018-06-16 23:23:21 +08:00
ver = GET_BE_U_2(cp);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
switch (ver) {
case 1:
cnfp_v1_print(ndo, cp);
break;
case 5:
cnfp_v5_print(ndo, cp);
break;
case 6:
cnfp_v6_print(ndo, cp);
break;
default:
Update ND_PRINT() as a variadic macro
2018-01-07 18:47:30 +08:00
ND_PRINT("NetFlow v%x", ver);
Dissect NetFlow 1, 5, and 6 in separate loops. Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
2014-11-10 17:54:29 +08:00
break;
}
}
Reference in New Issue Copy Permalink