diff options
Diffstat (limited to '')
-rw-r--r-- | print.c | 573 |
1 files changed, 573 insertions, 0 deletions
@@ -0,0 +1,573 @@ +/* + * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code distributions + * retain the above copyright notice and this paragraph in its entirety, (2) + * distributions including binary code include the above copyright notice and + * this paragraph in its entirety in the documentation or other materials + * provided with the distribution, and (3) all advertising materials mentioning + * features or use of this software display the following acknowledgement: + * ``This product includes software developed by the University of California, + * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of + * the University nor the names of its contributors may be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Support for splitting captures into multiple files with a maximum + * file size: + * + * Copyright (c) 2001 + * Seth Webster <swebster@sst.ll.mit.edu> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdlib.h> +#include <string.h> +#include <setjmp.h> + +#include "netdissect-stdinc.h" + +#include "netdissect.h" +#include "addrtoname.h" +#include "print.h" +#include "netdissect-alloc.h" + +#include "pcap-missing.h" + +struct printer { + if_printer f; + int type; +}; + +static const struct printer printers[] = { +#ifdef DLT_APPLE_IP_OVER_IEEE1394 + { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, +#endif + { arcnet_if_print, DLT_ARCNET }, +#ifdef DLT_ARCNET_LINUX + { arcnet_linux_if_print, DLT_ARCNET_LINUX }, +#endif + { atm_if_print, DLT_ATM_RFC1483 }, +#ifdef DLT_DSA_TAG_BRCM + { brcm_tag_if_print, DLT_DSA_TAG_BRCM }, +#endif +#ifdef DLT_DSA_TAG_BRCM_PREPEND + { brcm_tag_prepend_if_print, DLT_DSA_TAG_BRCM_PREPEND }, +#endif +#ifdef DLT_BLUETOOTH_HCI_H4_WITH_PHDR + { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, +#endif +#ifdef DLT_C_HDLC + { chdlc_if_print, DLT_C_HDLC }, +#endif +#ifdef DLT_HDLC + { chdlc_if_print, DLT_HDLC }, +#endif +#ifdef DLT_ATM_CLIP + { cip_if_print, DLT_ATM_CLIP }, +#endif +#ifdef DLT_CIP + { cip_if_print, DLT_CIP }, +#endif +#ifdef DLT_DSA_TAG_DSA + { dsa_if_print, DLT_DSA_TAG_DSA }, +#endif +#ifdef DLT_DSA_TAG_EDSA + { edsa_if_print, DLT_DSA_TAG_EDSA }, +#endif +#ifdef DLT_ENC + { enc_if_print, DLT_ENC }, +#endif + { ether_if_print, DLT_EN10MB }, + { fddi_if_print, DLT_FDDI }, +#ifdef DLT_FR + { fr_if_print, DLT_FR }, +#endif +#ifdef DLT_FRELAY + { fr_if_print, DLT_FRELAY }, +#endif +#ifdef DLT_IEEE802_11 + { ieee802_11_if_print, DLT_IEEE802_11}, +#endif +#ifdef DLT_IEEE802_11_RADIO_AVS + { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, +#endif +#ifdef DLT_IEEE802_11_RADIO + { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, +#endif +#ifdef DLT_IEEE802_15_4 + { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, +#endif +#ifdef DLT_IEEE802_15_4_NOFCS + { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, +#endif +#ifdef DLT_IEEE802_15_4_TAP + { ieee802_15_4_tap_if_print, DLT_IEEE802_15_4_TAP }, +#endif +#ifdef DLT_IP_OVER_FC + { ipfc_if_print, DLT_IP_OVER_FC }, +#endif +#ifdef DLT_IPNET + { ipnet_if_print, DLT_IPNET }, +#endif +#ifdef DLT_IPOIB + { ipoib_if_print, DLT_IPOIB }, +#endif +#ifdef DLT_JUNIPER_ATM1 + { juniper_atm1_if_print, DLT_JUNIPER_ATM1 }, +#endif +#ifdef DLT_JUNIPER_ATM2 + { juniper_atm2_if_print, DLT_JUNIPER_ATM2 }, +#endif +#ifdef DLT_JUNIPER_CHDLC + { juniper_chdlc_if_print, DLT_JUNIPER_CHDLC }, +#endif +#ifdef DLT_JUNIPER_ES + { juniper_es_if_print, DLT_JUNIPER_ES }, +#endif +#ifdef DLT_JUNIPER_ETHER + { juniper_ether_if_print, DLT_JUNIPER_ETHER }, +#endif +#ifdef DLT_JUNIPER_FRELAY + { juniper_frelay_if_print, DLT_JUNIPER_FRELAY }, +#endif +#ifdef DLT_JUNIPER_GGSN + { juniper_ggsn_if_print, DLT_JUNIPER_GGSN }, +#endif +#ifdef DLT_JUNIPER_MFR + { juniper_mfr_if_print, DLT_JUNIPER_MFR }, +#endif +#ifdef DLT_JUNIPER_MLFR + { juniper_mlfr_if_print, DLT_JUNIPER_MLFR }, +#endif +#ifdef DLT_JUNIPER_MLPPP + { juniper_mlppp_if_print, DLT_JUNIPER_MLPPP }, +#endif +#ifdef DLT_JUNIPER_MONITOR + { juniper_monitor_if_print, DLT_JUNIPER_MONITOR }, +#endif +#ifdef DLT_JUNIPER_PPP + { juniper_ppp_if_print, DLT_JUNIPER_PPP }, +#endif +#ifdef DLT_JUNIPER_PPPOE_ATM + { juniper_pppoe_atm_if_print, DLT_JUNIPER_PPPOE_ATM }, +#endif +#ifdef DLT_JUNIPER_PPPOE + { juniper_pppoe_if_print, DLT_JUNIPER_PPPOE }, +#endif +#ifdef DLT_JUNIPER_SERVICES + { juniper_services_if_print, DLT_JUNIPER_SERVICES }, +#endif +#ifdef DLT_LTALK + { ltalk_if_print, DLT_LTALK }, +#endif +#ifdef DLT_MFR + { mfr_if_print, DLT_MFR }, +#endif +#ifdef DLT_NETANALYZER + { netanalyzer_if_print, DLT_NETANALYZER }, +#endif +#ifdef DLT_NETANALYZER_TRANSPARENT + { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, +#endif +#ifdef DLT_NFLOG + { nflog_if_print, DLT_NFLOG}, +#endif + { null_if_print, DLT_NULL }, +#ifdef DLT_LOOP + { null_if_print, DLT_LOOP }, +#endif +#ifdef DLT_PFLOG + { pflog_if_print, DLT_PFLOG }, +#endif +#ifdef DLT_PKTAP + { pktap_if_print, DLT_PKTAP }, +#endif +#ifdef DLT_PPI + { ppi_if_print, DLT_PPI }, +#endif +#ifdef DLT_PPP_BSDOS + { ppp_bsdos_if_print, DLT_PPP_BSDOS }, +#endif +#ifdef DLT_PPP_SERIAL + { ppp_hdlc_if_print, DLT_PPP_SERIAL }, +#endif + { ppp_if_print, DLT_PPP }, +#ifdef DLT_PPP_PPPD + { ppp_if_print, DLT_PPP_PPPD }, +#endif +#ifdef DLT_PPP_ETHER + { pppoe_if_print, DLT_PPP_ETHER }, +#endif +#ifdef DLT_PRISM_HEADER + { prism_if_print, DLT_PRISM_HEADER }, +#endif + { raw_if_print, DLT_RAW }, +#ifdef DLT_IPV4 + { raw_if_print, DLT_IPV4 }, +#endif +#ifdef DLT_IPV6 + { raw_if_print, DLT_IPV6 }, +#endif +#ifdef DLT_SLIP_BSDOS + { sl_bsdos_if_print, DLT_SLIP_BSDOS }, +#endif + { sl_if_print, DLT_SLIP }, +#ifdef DLT_LINUX_SLL + { sll_if_print, DLT_LINUX_SLL }, +#endif +#ifdef DLT_LINUX_SLL2 + { sll2_if_print, DLT_LINUX_SLL2 }, +#endif +#ifdef DLT_SUNATM + { sunatm_if_print, DLT_SUNATM }, +#endif +#ifdef DLT_SYMANTEC_FIREWALL + { symantec_if_print, DLT_SYMANTEC_FIREWALL }, +#endif + { token_if_print, DLT_IEEE802 }, +#ifdef DLT_USB_LINUX + { usb_linux_48_byte_if_print, DLT_USB_LINUX}, +#endif /* DLT_USB_LINUX */ +#ifdef DLT_USB_LINUX_MMAPPED + { usb_linux_64_byte_if_print, DLT_USB_LINUX_MMAPPED}, +#endif /* DLT_USB_LINUX_MMAPPED */ +#ifdef DLT_VSOCK + { vsock_if_print, DLT_VSOCK }, +#endif + { NULL, 0 }, +}; + +static void ndo_default_print(netdissect_options *ndo, const u_char *bp, + u_int length); + +static void NORETURN ndo_error(netdissect_options *ndo, + status_exit_codes_t status, + FORMAT_STRING(const char *fmt), ...) + PRINTFLIKE(3, 4); +static void ndo_warning(netdissect_options *ndo, + FORMAT_STRING(const char *fmt), ...) + PRINTFLIKE(2, 3); + +static int ndo_printf(netdissect_options *ndo, + FORMAT_STRING(const char *fmt), ...) + PRINTFLIKE(2, 3); + +void +init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask) +{ + + init_addrtoname(ndo, localnet, mask); + init_checksum(); +} + +if_printer +lookup_printer(int type) +{ + const struct printer *p; + + for (p = printers; p->f; ++p) + if (type == p->type) + return p->f; + +#if defined(DLT_USER2) && defined(DLT_PKTAP) + /* + * Apple incorrectly chose to use DLT_USER2 for their PKTAP + * header. + * + * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin- + * based OSes or the same value as LINKTYPE_PKTAP as it is on + * other OSes, to LINKTYPE_PKTAP, so files written with + * this version of libpcap for a DLT_PKTAP capture have a link- + * layer header type of LINKTYPE_PKTAP. + * + * However, files written on OS X Mavericks for a DLT_PKTAP + * capture have a link-layer header type of LINKTYPE_USER2. + * If we don't have a printer for DLT_USER2, and type is + * DLT_USER2, we look up the printer for DLT_PKTAP and use + * that. + */ + if (type == DLT_USER2) { + for (p = printers; p->f; ++p) + if (DLT_PKTAP == p->type) + return p->f; + } +#endif + + return NULL; + /* NOTREACHED */ +} + +int +has_printer(int type) +{ + return (lookup_printer(type) != NULL); +} + +if_printer +get_if_printer(int type) +{ + if_printer printer; + + printer = lookup_printer(type); + if (printer == NULL) + printer = unsupported_if_print; + return printer; +} + +void +pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, + const u_char *sp, u_int packets_captured) +{ + u_int hdrlen = 0; + int invalid_header = 0; + + if (ndo->ndo_packet_number) + ND_PRINT("%5u ", packets_captured); + + /* Sanity checks on packet length / capture length */ + if (h->caplen == 0) { + invalid_header = 1; + ND_PRINT("[Invalid header: caplen==0"); + } + if (h->len == 0) { + if (!invalid_header) { + invalid_header = 1; + ND_PRINT("[Invalid header:"); + } else + ND_PRINT(","); + ND_PRINT(" len==0"); + } else if (h->len < h->caplen) { + if (!invalid_header) { + invalid_header = 1; + ND_PRINT("[Invalid header:"); + } else + ND_PRINT(","); + ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen); + } + if (h->caplen > MAXIMUM_SNAPLEN) { + if (!invalid_header) { + invalid_header = 1; + ND_PRINT("[Invalid header:"); + } else + ND_PRINT(","); + ND_PRINT(" caplen(%u) > %u", h->caplen, MAXIMUM_SNAPLEN); + } + if (h->len > MAXIMUM_SNAPLEN) { + if (!invalid_header) { + invalid_header = 1; + ND_PRINT("[Invalid header:"); + } else + ND_PRINT(","); + ND_PRINT(" len(%u) > %u", h->len, MAXIMUM_SNAPLEN); + } + if (invalid_header) { + ND_PRINT("]\n"); + return; + } + + /* + * At this point: + * capture length != 0, + * packet length != 0, + * capture length <= MAXIMUM_SNAPLEN, + * packet length <= MAXIMUM_SNAPLEN, + * packet length >= capture length. + * + * Currently, there is no D-Bus printer, thus no need for + * bigger lengths. + */ + + /* + * The header /usr/include/pcap/pcap.h in OpenBSD declares h->ts as + * struct bpf_timeval, not struct timeval. The former comes from + * /usr/include/net/bpf.h and uses 32-bit unsigned types instead of + * the types used in struct timeval. + */ + struct timeval tvbuf; + tvbuf.tv_sec = h->ts.tv_sec; + tvbuf.tv_usec = h->ts.tv_usec; + ts_print(ndo, &tvbuf); + + /* + * Printers must check that they're not walking off the end of + * the packet. + * Rather than pass it all the way down, we set this member + * of the netdissect_options structure. + */ + ndo->ndo_snapend = sp + h->caplen; + ndo->ndo_packetp = sp; + + ndo->ndo_protocol = ""; + ndo->ndo_ll_hdr_len = 0; + switch (setjmp(ndo->ndo_early_end)) { + case 0: + /* Print the packet. */ + (ndo->ndo_if_printer)(ndo, h, sp); + break; + case ND_TRUNCATED: + /* A printer quit because the packet was truncated; report it */ + nd_print_trunc(ndo); + /* Print the full packet */ + ndo->ndo_ll_hdr_len = 0; + break; + } + hdrlen = ndo->ndo_ll_hdr_len; + + /* + * Empty the stack of packet information, freeing all pushed buffers; + * if we got here by a printer quitting, we need to release anything + * that didn't get released because we longjmped out of the code + * before it popped the packet information. + */ + nd_pop_all_packet_info(ndo); + + /* + * Restore the original snapend, as a printer might have + * changed it. + */ + ndo->ndo_snapend = sp + h->caplen; + if (ndo->ndo_Xflag) { + /* + * Print the raw packet data in hex and ASCII. + */ + if (ndo->ndo_Xflag > 1) { + /* + * Include the link-layer header. + */ + hex_and_ascii_print(ndo, "\n\t", sp, h->caplen); + } else { + /* + * Don't include the link-layer header - and if + * we have nothing past the link-layer header, + * print nothing. + */ + if (h->caplen > hdrlen) + hex_and_ascii_print(ndo, "\n\t", sp + hdrlen, + h->caplen - hdrlen); + } + } else if (ndo->ndo_xflag) { + /* + * Print the raw packet data in hex. + */ + if (ndo->ndo_xflag > 1) { + /* + * Include the link-layer header. + */ + hex_print(ndo, "\n\t", sp, h->caplen); + } else { + /* + * Don't include the link-layer header - and if + * we have nothing past the link-layer header, + * print nothing. + */ + if (h->caplen > hdrlen) + hex_print(ndo, "\n\t", sp + hdrlen, + h->caplen - hdrlen); + } + } else if (ndo->ndo_Aflag) { + /* + * Print the raw packet data in ASCII. + */ + if (ndo->ndo_Aflag > 1) { + /* + * Include the link-layer header. + */ + ascii_print(ndo, sp, h->caplen); + } else { + /* + * Don't include the link-layer header - and if + * we have nothing past the link-layer header, + * print nothing. + */ + if (h->caplen > hdrlen) + ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen); + } + } + + ND_PRINT("\n"); + nd_free_all(ndo); +} + +/* + * By default, print the specified data out in hex and ASCII. + */ +static void +ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length) +{ + hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */ +} + +/* VARARGS */ +static void +ndo_error(netdissect_options *ndo, status_exit_codes_t status, + const char *fmt, ...) +{ + va_list ap; + + if (ndo->program_name) + (void)fprintf(stderr, "%s: ", ndo->program_name); + va_start(ap, fmt); + (void)vfprintf(stderr, fmt, ap); + va_end(ap); + if (*fmt) { + fmt += strlen(fmt); + if (fmt[-1] != '\n') + (void)fputc('\n', stderr); + } + nd_cleanup(); + exit(status); + /* NOTREACHED */ +} + +/* VARARGS */ +static void +ndo_warning(netdissect_options *ndo, const char *fmt, ...) +{ + va_list ap; + + if (ndo->program_name) + (void)fprintf(stderr, "%s: ", ndo->program_name); + (void)fprintf(stderr, "WARNING: "); + va_start(ap, fmt); + (void)vfprintf(stderr, fmt, ap); + va_end(ap); + if (*fmt) { + fmt += strlen(fmt); + if (fmt[-1] != '\n') + (void)fputc('\n', stderr); + } +} + +static int +ndo_printf(netdissect_options *ndo, const char *fmt, ...) +{ + va_list args; + int ret; + + va_start(args, fmt); + ret = vfprintf(stdout, fmt, args); + va_end(args); + + if (ret < 0) + ndo_error(ndo, S_ERR_ND_WRITE_FILE, + "Unable to write output: %s", pcap_strerror(errno)); + return (ret); +} + +void +ndo_set_function_pointers(netdissect_options *ndo) +{ + ndo->ndo_default_print=ndo_default_print; + ndo->ndo_printf=ndo_printf; + ndo->ndo_error=ndo_error; + ndo->ndo_warning=ndo_warning; +} |