1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Support for splitting captures into multiple files with a maximum
22 * file size:
23 *
24 * Copyright (c) 2001
25 * Seth Webster <[email protected]>
26 */
27
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31
32 #include <stdlib.h>
33 #include <string.h>
34
35 #include <netdissect-stdinc.h>
36
37 #include "netdissect.h"
38 #include "addrtoname.h"
39 #include "print.h"
40
41 struct printer {
42 if_printer f;
43 int type;
44 };
45
46 static const struct printer printers[] = {
47 { ether_if_print, DLT_EN10MB },
48 #ifdef DLT_IPNET
49 { ipnet_if_print, DLT_IPNET },
50 #endif
51 #ifdef DLT_IEEE802_15_4
52 { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
53 #endif
54 #ifdef DLT_IEEE802_15_4_NOFCS
55 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
56 #endif
57 #ifdef DLT_PPI
58 { ppi_if_print, DLT_PPI },
59 #endif
60 #ifdef DLT_NETANALYZER
61 { netanalyzer_if_print, DLT_NETANALYZER },
62 #endif
63 #ifdef DLT_NETANALYZER_TRANSPARENT
64 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
65 #endif
66 #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
67 { nflog_if_print, DLT_NFLOG},
68 #endif
69 #ifdef DLT_CIP
70 { cip_if_print, DLT_CIP },
71 #endif
72 #ifdef DLT_ATM_CLIP
73 { cip_if_print, DLT_ATM_CLIP },
74 #endif
75 #ifdef DLT_IP_OVER_FC
76 { ipfc_if_print, DLT_IP_OVER_FC },
77 #endif
78 { null_if_print, DLT_NULL },
79 #ifdef DLT_LOOP
80 { null_if_print, DLT_LOOP },
81 #endif
82 #ifdef DLT_APPLE_IP_OVER_IEEE1394
83 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
84 #endif
85 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
86 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
87 #endif
88 #ifdef DLT_LANE8023
89 { lane_if_print, DLT_LANE8023 },
90 #endif
91 { arcnet_if_print, DLT_ARCNET },
92 #ifdef DLT_ARCNET_LINUX
93 { arcnet_linux_if_print, DLT_ARCNET_LINUX },
94 #endif
95 { raw_if_print, DLT_RAW },
96 #ifdef DLT_IPV4
97 { raw_if_print, DLT_IPV4 },
98 #endif
99 #ifdef DLT_IPV6
100 { raw_if_print, DLT_IPV6 },
101 #endif
102 #ifdef HAVE_PCAP_USB_H
103 #ifdef DLT_USB_LINUX
104 { usb_linux_48_byte_print, DLT_USB_LINUX},
105 #endif /* DLT_USB_LINUX */
106 #ifdef DLT_USB_LINUX_MMAPPED
107 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED},
108 #endif /* DLT_USB_LINUX_MMAPPED */
109 #endif /* HAVE_PCAP_USB_H */
110 #ifdef DLT_SYMANTEC_FIREWALL
111 { symantec_if_print, DLT_SYMANTEC_FIREWALL },
112 #endif
113 #ifdef DLT_C_HDLC
114 { chdlc_if_print, DLT_C_HDLC },
115 #endif
116 #ifdef DLT_HDLC
117 { chdlc_if_print, DLT_HDLC },
118 #endif
119 #ifdef DLT_PPP_ETHER
120 { pppoe_if_print, DLT_PPP_ETHER },
121 #endif
122 #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H)
123 { pflog_if_print, DLT_PFLOG },
124 #endif
125 #if defined(DLT_PFSYNC) && defined(HAVE_NET_PFVAR_H)
126 { pfsync_if_print, DLT_PFSYNC},
127 #endif
128 { token_if_print, DLT_IEEE802 },
129 { fddi_if_print, DLT_FDDI },
130 #ifdef DLT_LINUX_SLL
131 { sll_if_print, DLT_LINUX_SLL },
132 #endif
133 #ifdef DLT_FR
134 { fr_if_print, DLT_FR },
135 #endif
136 #ifdef DLT_FRELAY
137 { fr_if_print, DLT_FRELAY },
138 #endif
139 #ifdef DLT_MFR
140 { mfr_if_print, DLT_MFR },
141 #endif
142 { atm_if_print, DLT_ATM_RFC1483 },
143 #ifdef DLT_SUNATM
144 { sunatm_if_print, DLT_SUNATM },
145 #endif
146 #ifdef DLT_ENC
147 { enc_if_print, DLT_ENC },
148 #endif
149 { sl_if_print, DLT_SLIP },
150 #ifdef DLT_SLIP_BSDOS
151 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
152 #endif
153 #ifdef DLT_LTALK
154 { ltalk_if_print, DLT_LTALK },
155 #endif
156 #ifdef DLT_JUNIPER_ATM1
157 { juniper_atm1_print, DLT_JUNIPER_ATM1 },
158 #endif
159 #ifdef DLT_JUNIPER_ATM2
160 { juniper_atm2_print, DLT_JUNIPER_ATM2 },
161 #endif
162 #ifdef DLT_JUNIPER_MFR
163 { juniper_mfr_print, DLT_JUNIPER_MFR },
164 #endif
165 #ifdef DLT_JUNIPER_MLFR
166 { juniper_mlfr_print, DLT_JUNIPER_MLFR },
167 #endif
168 #ifdef DLT_JUNIPER_MLPPP
169 { juniper_mlppp_print, DLT_JUNIPER_MLPPP },
170 #endif
171 #ifdef DLT_JUNIPER_PPPOE
172 { juniper_pppoe_print, DLT_JUNIPER_PPPOE },
173 #endif
174 #ifdef DLT_JUNIPER_PPPOE_ATM
175 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM },
176 #endif
177 #ifdef DLT_JUNIPER_GGSN
178 { juniper_ggsn_print, DLT_JUNIPER_GGSN },
179 #endif
180 #ifdef DLT_JUNIPER_ES
181 { juniper_es_print, DLT_JUNIPER_ES },
182 #endif
183 #ifdef DLT_JUNIPER_MONITOR
184 { juniper_monitor_print, DLT_JUNIPER_MONITOR },
185 #endif
186 #ifdef DLT_JUNIPER_SERVICES
187 { juniper_services_print, DLT_JUNIPER_SERVICES },
188 #endif
189 #ifdef DLT_JUNIPER_ETHER
190 { juniper_ether_print, DLT_JUNIPER_ETHER },
191 #endif
192 #ifdef DLT_JUNIPER_PPP
193 { juniper_ppp_print, DLT_JUNIPER_PPP },
194 #endif
195 #ifdef DLT_JUNIPER_FRELAY
196 { juniper_frelay_print, DLT_JUNIPER_FRELAY },
197 #endif
198 #ifdef DLT_JUNIPER_CHDLC
199 { juniper_chdlc_print, DLT_JUNIPER_CHDLC },
200 #endif
201 #ifdef DLT_PKTAP
202 { pktap_if_print, DLT_PKTAP },
203 #endif
204 #ifdef DLT_IEEE802_11_RADIO
205 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
206 #endif
207 #ifdef DLT_IEEE802_11
208 { ieee802_11_if_print, DLT_IEEE802_11},
209 #endif
210 #ifdef DLT_IEEE802_11_RADIO_AVS
211 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
212 #endif
213 #ifdef DLT_PRISM_HEADER
214 { prism_if_print, DLT_PRISM_HEADER },
215 #endif
216 { ppp_if_print, DLT_PPP },
217 #ifdef DLT_PPP_WITHDIRECTION
218 { ppp_if_print, DLT_PPP_WITHDIRECTION },
219 #endif
220 #ifdef DLT_PPP_BSDOS
221 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
222 #endif
223 #ifdef DLT_PPP_SERIAL
224 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
225 #endif
226 { NULL, 0 },
227 };
228
229 static void ndo_default_print(netdissect_options *ndo, const u_char *bp,
230 u_int length);
231
232 static void ndo_error(netdissect_options *ndo,
233 FORMAT_STRING(const char *fmt), ...)
234 NORETURN PRINTFLIKE(2, 3);
235 static void ndo_warning(netdissect_options *ndo,
236 FORMAT_STRING(const char *fmt), ...)
237 PRINTFLIKE(2, 3);
238
239 static int ndo_printf(netdissect_options *ndo,
240 FORMAT_STRING(const char *fmt), ...)
241 PRINTFLIKE(2, 3);
242
243 void
init_print(netdissect_options * ndo,uint32_t localnet,uint32_t mask,uint32_t timezone_offset)244 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask,
245 uint32_t timezone_offset)
246 {
247
248 thiszone = timezone_offset;
249 init_addrtoname(ndo, localnet, mask);
250 init_checksum();
251 }
252
253 if_printer
lookup_printer(int type)254 lookup_printer(int type)
255 {
256 const struct printer *p;
257
258 for (p = printers; p->f; ++p)
259 if (type == p->type)
260 return p->f;
261
262 #if defined(DLT_USER2) && defined(DLT_PKTAP)
263 /*
264 * Apple incorrectly chose to use DLT_USER2 for their PKTAP
265 * header.
266 *
267 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
268 * based OSes or the same value as LINKTYPE_PKTAP as it is on
269 * other OSes, to LINKTYPE_PKTAP, so files written with
270 * this version of libpcap for a DLT_PKTAP capture have a link-
271 * layer header type of LINKTYPE_PKTAP.
272 *
273 * However, files written on OS X Mavericks for a DLT_PKTAP
274 * capture have a link-layer header type of LINKTYPE_USER2.
275 * If we don't have a printer for DLT_USER2, and type is
276 * DLT_USER2, we look up the printer for DLT_PKTAP and use
277 * that.
278 */
279 if (type == DLT_USER2) {
280 for (p = printers; p->f; ++p)
281 if (DLT_PKTAP == p->type)
282 return p->f;
283 }
284 #endif
285
286 return NULL;
287 /* NOTREACHED */
288 }
289
290 int
has_printer(int type)291 has_printer(int type)
292 {
293 return (lookup_printer(type) != NULL);
294 }
295
296 if_printer
get_if_printer(netdissect_options * ndo,int type)297 get_if_printer(netdissect_options *ndo, int type)
298 {
299 const char *dltname;
300 if_printer printer;
301
302 printer = lookup_printer(type);
303 if (printer == NULL) {
304 dltname = pcap_datalink_val_to_name(type);
305 if (dltname != NULL)
306 (*ndo->ndo_error)(ndo,
307 "packet printing is not supported for link type %s: use -w",
308 dltname);
309 else
310 (*ndo->ndo_error)(ndo,
311 "packet printing is not supported for link type %d: use -w", type);
312 }
313 return printer;
314 }
315
316 void
pretty_print_packet(netdissect_options * ndo,const struct pcap_pkthdr * h,const u_char * sp,u_int packets_captured)317 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
318 const u_char *sp, u_int packets_captured)
319 {
320 u_int hdrlen;
321
322 if(ndo->ndo_packet_number)
323 ND_PRINT((ndo, "%5u ", packets_captured));
324
325 ts_print(ndo, &h->ts);
326
327 /*
328 * Some printers want to check that they're not walking off the
329 * end of the packet.
330 * Rather than pass it all the way down, we set this member
331 * of the netdissect_options structure.
332 */
333 ndo->ndo_snapend = sp + h->caplen;
334
335 hdrlen = (ndo->ndo_if_printer)(ndo, h, sp);
336
337 /*
338 * Restore the original snapend, as a printer might have
339 * changed it.
340 */
341 ndo->ndo_snapend = sp + h->caplen;
342 if (ndo->ndo_Xflag) {
343 /*
344 * Print the raw packet data in hex and ASCII.
345 */
346 if (ndo->ndo_Xflag > 1) {
347 /*
348 * Include the link-layer header.
349 */
350 hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
351 } else {
352 /*
353 * Don't include the link-layer header - and if
354 * we have nothing past the link-layer header,
355 * print nothing.
356 */
357 if (h->caplen > hdrlen)
358 hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
359 h->caplen - hdrlen);
360 }
361 } else if (ndo->ndo_xflag) {
362 /*
363 * Print the raw packet data in hex.
364 */
365 if (ndo->ndo_xflag > 1) {
366 /*
367 * Include the link-layer header.
368 */
369 hex_print(ndo, "\n\t", sp, h->caplen);
370 } else {
371 /*
372 * Don't include the link-layer header - and if
373 * we have nothing past the link-layer header,
374 * print nothing.
375 */
376 if (h->caplen > hdrlen)
377 hex_print(ndo, "\n\t", sp + hdrlen,
378 h->caplen - hdrlen);
379 }
380 } else if (ndo->ndo_Aflag) {
381 /*
382 * Print the raw packet data in ASCII.
383 */
384 if (ndo->ndo_Aflag > 1) {
385 /*
386 * Include the link-layer header.
387 */
388 ascii_print(ndo, sp, h->caplen);
389 } else {
390 /*
391 * Don't include the link-layer header - and if
392 * we have nothing past the link-layer header,
393 * print nothing.
394 */
395 if (h->caplen > hdrlen)
396 ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
397 }
398 }
399
400 ND_PRINT((ndo, "\n"));
401 }
402
403 /*
404 * By default, print the specified data out in hex and ASCII.
405 */
406 static void
ndo_default_print(netdissect_options * ndo,const u_char * bp,u_int length)407 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
408 {
409 hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */
410 }
411
412 /* VARARGS */
413 static void
ndo_error(netdissect_options * ndo,const char * fmt,...)414 ndo_error(netdissect_options *ndo, const char *fmt, ...)
415 {
416 va_list ap;
417
418 if(ndo->program_name)
419 (void)fprintf(stderr, "%s: ", ndo->program_name);
420 va_start(ap, fmt);
421 (void)vfprintf(stderr, fmt, ap);
422 va_end(ap);
423 if (*fmt) {
424 fmt += strlen(fmt);
425 if (fmt[-1] != '\n')
426 (void)fputc('\n', stderr);
427 }
428 nd_cleanup();
429 exit(1);
430 /* NOTREACHED */
431 }
432
433 /* VARARGS */
434 static void
ndo_warning(netdissect_options * ndo,const char * fmt,...)435 ndo_warning(netdissect_options *ndo, const char *fmt, ...)
436 {
437 va_list ap;
438
439 if(ndo->program_name)
440 (void)fprintf(stderr, "%s: ", ndo->program_name);
441 (void)fprintf(stderr, "WARNING: ");
442 va_start(ap, fmt);
443 (void)vfprintf(stderr, fmt, ap);
444 va_end(ap);
445 if (*fmt) {
446 fmt += strlen(fmt);
447 if (fmt[-1] != '\n')
448 (void)fputc('\n', stderr);
449 }
450 }
451
452 static int
ndo_printf(netdissect_options * ndo,const char * fmt,...)453 ndo_printf(netdissect_options *ndo, const char *fmt, ...)
454 {
455 va_list args;
456 int ret;
457
458 va_start(args, fmt);
459 ret = vfprintf(stdout, fmt, args);
460 va_end(args);
461
462 if (ret < 0)
463 ndo_error(ndo, "Unable to write output: %s", pcap_strerror(errno));
464 return (ret);
465 }
466
467 void
ndo_set_function_pointers(netdissect_options * ndo)468 ndo_set_function_pointers(netdissect_options *ndo)
469 {
470 ndo->ndo_default_print=ndo_default_print;
471 ndo->ndo_printf=ndo_printf;
472 ndo->ndo_error=ndo_error;
473 ndo->ndo_warning=ndo_warning;
474 }
475 /*
476 * Local Variables:
477 * c-style: whitesmith
478 * c-basic-offset: 8
479 * End:
480 */
481