JP Abgrall | 53f17a9 | 2014-02-12 14:02:41 -0800 | [diff] [blame^] | 1 | /* |
| 2 | * This file implements decoding of ZeroMQ network protocol(s). |
| 3 | * |
| 4 | * |
| 5 | * Copyright (c) 2013 The TCPDUMP project |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the |
| 15 | * documentation and/or other materials provided with the distribution. |
| 16 | * |
| 17 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 18 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 19 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 20 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 21 | * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| 23 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| 25 | * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 26 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
| 27 | * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 28 | * POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | #ifdef HAVE_CONFIG_H |
| 32 | #include "config.h" |
| 33 | #endif |
| 34 | |
| 35 | #include <tcpdump-stdinc.h> |
| 36 | |
| 37 | #include <stdio.h> |
| 38 | |
| 39 | #include "interface.h" |
| 40 | #include "extract.h" |
| 41 | |
| 42 | /* Maximum number of ZMTP/1.0 frame body bytes (without the flags) to dump in |
| 43 | * hex and ASCII under a single "-v" flag. |
| 44 | */ |
| 45 | #define VBYTES 128 |
| 46 | |
| 47 | /* |
| 48 | * Below is an excerpt from the "13/ZMTP" specification: |
| 49 | * |
| 50 | * A ZMTP message consists of 1 or more frames. |
| 51 | * |
| 52 | * A ZMTP frame consists of a length, followed by a flags field and a frame |
| 53 | * body of (length - 1) octets. Note: the length includes the flags field, so |
| 54 | * an empty frame has a length of 1. |
| 55 | * |
| 56 | * For frames with a length of 1 to 254 octets, the length SHOULD BE encoded |
| 57 | * as a single octet. The minimum valid length of a frame is 1 octet, thus a |
| 58 | * length of 0 is invalid and such frames SHOULD be discarded silently. |
| 59 | * |
| 60 | * For frames with lengths of 255 and greater, the length SHALL BE encoded as |
| 61 | * a single octet with the value 255, followed by the length encoded as a |
| 62 | * 64-bit unsigned integer in network byte order. For frames with lengths of |
| 63 | * 1 to 254 octets this encoding MAY be also used. |
| 64 | * |
| 65 | * The flags field consists of a single octet containing various control |
| 66 | * flags. Bit 0 is the least significant bit. |
| 67 | * |
| 68 | * - Bit 0 (MORE): More frames to follow. A value of 0 indicates that there |
| 69 | * are no more frames to follow. A value of 1 indicates that more frames |
| 70 | * will follow. On messages consisting of a single frame the MORE flag MUST |
| 71 | * be 0. |
| 72 | * |
| 73 | * - Bits 1-7: Reserved. Bits 1-7 are reserved for future use and SHOULD be |
| 74 | * zero. |
| 75 | */ |
| 76 | |
| 77 | static const u_char * |
| 78 | zmtp1_print_frame(const u_char *cp, const u_char *ep) { |
| 79 | u_int64_t body_len_declared, body_len_captured, header_len; |
| 80 | u_int8_t flags; |
| 81 | |
| 82 | printf("\n\t"); |
| 83 | TCHECK2(*cp, 1); /* length/0xFF */ |
| 84 | |
| 85 | if (cp[0] != 0xFF) { |
| 86 | header_len = 1; /* length */ |
| 87 | body_len_declared = cp[0]; |
| 88 | if (body_len_declared == 0) |
| 89 | return cp + header_len; /* skip to next frame */ |
| 90 | printf(" frame flags+body (8-bit) length %u", cp[0]); |
| 91 | TCHECK2(*cp, header_len + 1); /* length, flags */ |
| 92 | flags = cp[1]; |
| 93 | } else { |
| 94 | header_len = 1 + 8; /* 0xFF, length */ |
| 95 | printf(" frame flags+body (64-bit) length"); |
| 96 | TCHECK2(*cp, header_len); /* 0xFF, length */ |
| 97 | body_len_declared = EXTRACT_64BITS(cp + 1); |
| 98 | if (body_len_declared == 0) |
| 99 | return cp + header_len; /* skip to next frame */ |
| 100 | printf(" %" PRIu64, body_len_declared); |
| 101 | TCHECK2(*cp, header_len + 1); /* 0xFF, length, flags */ |
| 102 | flags = cp[9]; |
| 103 | } |
| 104 | |
| 105 | body_len_captured = ep - cp - header_len; |
| 106 | if (body_len_declared > body_len_captured) |
| 107 | printf(" (%" PRIu64 " captured)", body_len_captured); |
| 108 | printf(", flags 0x%02x", flags); |
| 109 | |
| 110 | if (vflag) { |
| 111 | u_int64_t body_len_printed = MIN(body_len_captured, body_len_declared); |
| 112 | |
| 113 | printf(" (%s|%s|%s|%s|%s|%s|%s|%s)", |
| 114 | flags & 0x80 ? "MBZ" : "-", |
| 115 | flags & 0x40 ? "MBZ" : "-", |
| 116 | flags & 0x20 ? "MBZ" : "-", |
| 117 | flags & 0x10 ? "MBZ" : "-", |
| 118 | flags & 0x08 ? "MBZ" : "-", |
| 119 | flags & 0x04 ? "MBZ" : "-", |
| 120 | flags & 0x02 ? "MBZ" : "-", |
| 121 | flags & 0x01 ? "MORE" : "-"); |
| 122 | |
| 123 | if (vflag == 1) |
| 124 | body_len_printed = MIN(VBYTES + 1, body_len_printed); |
| 125 | if (body_len_printed > 1) { |
| 126 | printf(", first %" PRIu64 " byte(s) of body:", body_len_printed - 1); |
| 127 | hex_and_ascii_print("\n\t ", cp + header_len + 1, body_len_printed - 1); |
| 128 | printf("\n"); |
| 129 | } |
| 130 | } |
| 131 | |
| 132 | TCHECK2(*cp, header_len + body_len_declared); /* Next frame within the buffer ? */ |
| 133 | return cp + header_len + body_len_declared; |
| 134 | |
| 135 | trunc: |
| 136 | printf(" [|zmtp1]"); |
| 137 | return ep; |
| 138 | } |
| 139 | |
| 140 | void |
| 141 | zmtp1_print(const u_char *cp, u_int len) { |
| 142 | const u_char *ep = MIN(snapend, cp + len); |
| 143 | |
| 144 | printf(": ZMTP/1.0"); |
| 145 | while (cp < ep) |
| 146 | cp = zmtp1_print_frame(cp, ep); |
| 147 | } |
| 148 | |
| 149 | /* The functions below decode a ZeroMQ datagram, supposedly stored in the "Data" |
| 150 | * field of an ODATA/RDATA [E]PGM packet. An excerpt from zmq_pgm(7) man page |
| 151 | * follows. |
| 152 | * |
| 153 | * In order for late joining consumers to be able to identify message |
| 154 | * boundaries, each PGM datagram payload starts with a 16-bit unsigned integer |
| 155 | * in network byte order specifying either the offset of the first message frame |
| 156 | * in the datagram or containing the value 0xFFFF if the datagram contains |
| 157 | * solely an intermediate part of a larger message. |
| 158 | * |
| 159 | * Note that offset specifies where the first message begins rather than the |
| 160 | * first message part. Thus, if there are trailing message parts at the |
| 161 | * beginning of the packet the offset ignores them and points to first initial |
| 162 | * message part in the packet. |
| 163 | */ |
| 164 | |
| 165 | static const u_char * |
| 166 | zmtp1_print_intermediate_part(const u_char *cp, const u_int len) { |
| 167 | u_int frame_offset; |
| 168 | u_int64_t remaining_len; |
| 169 | |
| 170 | TCHECK2(*cp, 2); |
| 171 | frame_offset = EXTRACT_16BITS(cp); |
| 172 | printf("\n\t frame offset 0x%04x", frame_offset); |
| 173 | cp += 2; |
| 174 | remaining_len = snapend - cp; /* without the frame length */ |
| 175 | |
| 176 | if (frame_offset == 0xFFFF) |
| 177 | frame_offset = len - 2; /* always within the declared length */ |
| 178 | else if (2 + frame_offset > len) { |
| 179 | printf(" (exceeds datagram declared length)"); |
| 180 | goto trunc; |
| 181 | } |
| 182 | |
| 183 | /* offset within declared length of the datagram */ |
| 184 | if (frame_offset) { |
| 185 | printf("\n\t frame intermediate part, %u bytes", frame_offset); |
| 186 | if (frame_offset > remaining_len) |
| 187 | printf(" (%"PRIu64" captured)", remaining_len); |
| 188 | if (vflag) { |
| 189 | u_int64_t len_printed = MIN(frame_offset, remaining_len); |
| 190 | |
| 191 | if (vflag == 1) |
| 192 | len_printed = MIN(VBYTES, len_printed); |
| 193 | if (len_printed > 1) { |
| 194 | printf(", first %"PRIu64" byte(s):", len_printed); |
| 195 | hex_and_ascii_print("\n\t ", cp, len_printed); |
| 196 | printf("\n"); |
| 197 | } |
| 198 | } |
| 199 | } |
| 200 | return cp + frame_offset; |
| 201 | |
| 202 | trunc: |
| 203 | printf(" [|zmtp1]"); |
| 204 | return cp + len; |
| 205 | } |
| 206 | |
| 207 | void |
| 208 | zmtp1_print_datagram(const u_char *cp, const u_int len) { |
| 209 | const u_char *ep = MIN(snapend, cp + len); |
| 210 | |
| 211 | cp = zmtp1_print_intermediate_part(cp, len); |
| 212 | while (cp < ep) |
| 213 | cp = zmtp1_print_frame(cp, ep); |
| 214 | } |