1 /* 2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Internet, ethernet, port, and protocol string to address 22 * and address to string conversion routines 23 * 24 * $FreeBSD$ 25 */ 26 27 #define NETDISSECT_REWORKED 28 #ifdef HAVE_CONFIG_H 29 #include "config.h" 30 #endif 31 32 #ifdef HAVE_CAPSICUM 33 #include <libcapsicum.h> 34 #include <libcapsicum_dns.h> 35 #endif /* HAVE_CAPSICUM */ 36 #include <tcpdump-stdinc.h> 37 38 #ifdef USE_ETHER_NTOHOST 39 #ifdef HAVE_NETINET_IF_ETHER_H 40 struct mbuf; /* Squelch compiler warnings on some platforms for */ 41 struct rtentry; /* declarations in <net/if.h> */ 42 #include <net/if.h> /* for "struct ifnet" in "struct arpcom" on Solaris */ 43 #include <netinet/if_ether.h> 44 #endif /* HAVE_NETINET_IF_ETHER_H */ 45 #ifdef NETINET_ETHER_H_DECLARES_ETHER_NTOHOST 46 #include <netinet/ether.h> 47 #endif /* NETINET_ETHER_H_DECLARES_ETHER_NTOHOST */ 48 49 #if !defined(HAVE_DECL_ETHER_NTOHOST) || !HAVE_DECL_ETHER_NTOHOST 50 #ifndef HAVE_STRUCT_ETHER_ADDR 51 struct ether_addr { 52 unsigned char ether_addr_octet[6]; 53 }; 54 #endif 55 extern int ether_ntohost(char *, const struct ether_addr *); 56 #endif 57 58 #endif /* USE_ETHER_NTOHOST */ 59 60 #include <pcap.h> 61 #include <pcap-namedb.h> 62 #include <signal.h> 63 #include <stdio.h> 64 #include <string.h> 65 #include <stdlib.h> 66 67 #include "interface.h" 68 #include "addrtoname.h" 69 #include "llc.h" 70 #include "setsignal.h" 71 #include "extract.h" 72 #include "oui.h" 73 74 #ifndef ETHER_ADDR_LEN 75 #define ETHER_ADDR_LEN 6 76 #endif 77 78 /* 79 * hash tables for whatever-to-name translations 80 * 81 * XXX there has to be error checks against strdup(3) failure 82 */ 83 84 #define HASHNAMESIZE 4096 85 86 struct hnamemem { 87 uint32_t addr; 88 const char *name; 89 struct hnamemem *nxt; 90 }; 91 92 static struct hnamemem hnametable[HASHNAMESIZE]; 93 static struct hnamemem tporttable[HASHNAMESIZE]; 94 static struct hnamemem uporttable[HASHNAMESIZE]; 95 static struct hnamemem eprototable[HASHNAMESIZE]; 96 static struct hnamemem dnaddrtable[HASHNAMESIZE]; 97 static struct hnamemem ipxsaptable[HASHNAMESIZE]; 98 99 #if defined(INET6) && defined(WIN32) 100 /* 101 * fake gethostbyaddr for Win2k/XP 102 * gethostbyaddr() returns incorrect value when AF_INET6 is passed 103 * to 3rd argument. 104 * 105 * h_name in struct hostent is only valid. 106 */ 107 static struct hostent * 108 win32_gethostbyaddr(const char *addr, int len, int type) 109 { 110 static struct hostent host; 111 static char hostbuf[NI_MAXHOST]; 112 char hname[NI_MAXHOST]; 113 struct sockaddr_in6 addr6; 114 115 host.h_name = hostbuf; 116 switch (type) { 117 case AF_INET: 118 return gethostbyaddr(addr, len, type); 119 break; 120 case AF_INET6: 121 memset(&addr6, 0, sizeof(addr6)); 122 addr6.sin6_family = AF_INET6; 123 memcpy(&addr6.sin6_addr, addr, len); 124 if (getnameinfo((struct sockaddr *)&addr6, sizeof(addr6), 125 hname, sizeof(hname), NULL, 0, 0)) { 126 return NULL; 127 } else { 128 strcpy(host.h_name, hname); 129 return &host; 130 } 131 break; 132 default: 133 return NULL; 134 } 135 } 136 #define gethostbyaddr win32_gethostbyaddr 137 #endif /* INET6 & WIN32 */ 138 139 #ifdef INET6 140 struct h6namemem { 141 struct in6_addr addr; 142 char *name; 143 struct h6namemem *nxt; 144 }; 145 146 static struct h6namemem h6nametable[HASHNAMESIZE]; 147 #endif /* INET6 */ 148 149 struct enamemem { 150 u_short e_addr0; 151 u_short e_addr1; 152 u_short e_addr2; 153 const char *e_name; 154 u_char *e_nsap; /* used only for nsaptable[] */ 155 #define e_bs e_nsap /* for bytestringtable */ 156 struct enamemem *e_nxt; 157 }; 158 159 static struct enamemem enametable[HASHNAMESIZE]; 160 static struct enamemem nsaptable[HASHNAMESIZE]; 161 static struct enamemem bytestringtable[HASHNAMESIZE]; 162 163 struct protoidmem { 164 uint32_t p_oui; 165 u_short p_proto; 166 const char *p_name; 167 struct protoidmem *p_nxt; 168 }; 169 170 static struct protoidmem protoidtable[HASHNAMESIZE]; 171 172 /* 173 * A faster replacement for inet_ntoa(). 174 */ 175 const char * 176 intoa(uint32_t addr) 177 { 178 register char *cp; 179 register u_int byte; 180 register int n; 181 static char buf[sizeof(".xxx.xxx.xxx.xxx")]; 182 183 NTOHL(addr); 184 cp = buf + sizeof(buf); 185 *--cp = '\0'; 186 187 n = 4; 188 do { 189 byte = addr & 0xff; 190 *--cp = byte % 10 + '0'; 191 byte /= 10; 192 if (byte > 0) { 193 *--cp = byte % 10 + '0'; 194 byte /= 10; 195 if (byte > 0) 196 *--cp = byte + '0'; 197 } 198 *--cp = '.'; 199 addr >>= 8; 200 } while (--n > 0); 201 202 return cp + 1; 203 } 204 205 static uint32_t f_netmask; 206 static uint32_t f_localnet; 207 #ifdef HAVE_CAPSICUM 208 extern cap_channel_t *capdns; 209 #endif 210 211 /* 212 * Return a name for the IP address pointed to by ap. This address 213 * is assumed to be in network byte order. 214 * 215 * NOTE: ap is *NOT* necessarily part of the packet data (not even if 216 * this is being called with the "ipaddr_string()" macro), so you 217 * *CANNOT* use the TCHECK{2}/TTEST{2} macros on it. Furthermore, 218 * even in cases where it *is* part of the packet data, the caller 219 * would still have to check for a null return value, even if it's 220 * just printing the return value with "%s" - not all versions of 221 * printf print "(null)" with "%s" and a null pointer, some of them 222 * don't check for a null pointer and crash in that case. 223 * 224 * The callers of this routine should, before handing this routine 225 * a pointer to packet data, be sure that the data is present in 226 * the packet buffer. They should probably do those checks anyway, 227 * as other data at that layer might not be IP addresses, and it 228 * also needs to check whether they're present in the packet buffer. 229 */ 230 const char * 231 getname(netdissect_options *ndo, const u_char *ap) 232 { 233 register struct hostent *hp; 234 uint32_t addr; 235 static struct hnamemem *p; /* static for longjmp() */ 236 237 memcpy(&addr, ap, sizeof(addr)); 238 p = &hnametable[addr & (HASHNAMESIZE-1)]; 239 for (; p->nxt; p = p->nxt) { 240 if (p->addr == addr) 241 return (p->name); 242 } 243 p->addr = addr; 244 p->nxt = newhnamemem(); 245 246 /* 247 * Print names unless: 248 * (1) -n was given. 249 * (2) Address is foreign and -f was given. (If -f was not 250 * given, f_netmask and f_localnet are 0 and the test 251 * evaluates to true) 252 */ 253 if (!ndo->ndo_nflag && 254 (addr & f_netmask) == f_localnet) { 255 #ifdef HAVE_CAPSICUM 256 if (capdns != NULL) { 257 hp = cap_gethostbyaddr(capdns, (char *)&addr, 4, 258 AF_INET); 259 } else 260 #endif 261 hp = gethostbyaddr((char *)&addr, 4, AF_INET); 262 if (hp) { 263 char *dotp; 264 265 p->name = strdup(hp->h_name); 266 if (ndo->ndo_Nflag) { 267 /* Remove domain qualifications */ 268 dotp = strchr(p->name, '.'); 269 if (dotp) 270 *dotp = '\0'; 271 } 272 return (p->name); 273 } 274 } 275 p->name = strdup(intoa(addr)); 276 return (p->name); 277 } 278 279 #ifdef INET6 280 /* 281 * Return a name for the IP6 address pointed to by ap. This address 282 * is assumed to be in network byte order. 283 */ 284 const char * 285 getname6(netdissect_options *ndo, const u_char *ap) 286 { 287 register struct hostent *hp; 288 union { 289 struct in6_addr addr; 290 struct for_hash_addr { 291 char fill[14]; 292 uint16_t d; 293 } addra; 294 } addr; 295 static struct h6namemem *p; /* static for longjmp() */ 296 register const char *cp; 297 char ntop_buf[INET6_ADDRSTRLEN]; 298 299 memcpy(&addr, ap, sizeof(addr)); 300 p = &h6nametable[addr.addra.d & (HASHNAMESIZE-1)]; 301 for (; p->nxt; p = p->nxt) { 302 if (memcmp(&p->addr, &addr, sizeof(addr)) == 0) 303 return (p->name); 304 } 305 p->addr = addr.addr; 306 p->nxt = newh6namemem(); 307 308 /* 309 * Do not print names if -n was given. 310 */ 311 if (!ndo->ndo_nflag) { 312 #ifdef HAVE_CAPSICUM 313 if (capdns != NULL) { 314 hp = cap_gethostbyaddr(capdns, (char *)&addr, 315 sizeof(addr), AF_INET6); 316 } else 317 #endif 318 hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); 319 if (hp) { 320 char *dotp; 321 322 p->name = strdup(hp->h_name); 323 if (ndo->ndo_Nflag) { 324 /* Remove domain qualifications */ 325 dotp = strchr(p->name, '.'); 326 if (dotp) 327 *dotp = '\0'; 328 } 329 return (p->name); 330 } 331 } 332 cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); 333 p->name = strdup(cp); 334 return (p->name); 335 } 336 #endif /* INET6 */ 337 338 static const char hex[] = "0123456789abcdef"; 339 340 341 /* Find the hash node that corresponds the ether address 'ep' */ 342 343 static inline struct enamemem * 344 lookup_emem(const u_char *ep) 345 { 346 register u_int i, j, k; 347 struct enamemem *tp; 348 349 k = (ep[0] << 8) | ep[1]; 350 j = (ep[2] << 8) | ep[3]; 351 i = (ep[4] << 8) | ep[5]; 352 353 tp = &enametable[(i ^ j) & (HASHNAMESIZE-1)]; 354 while (tp->e_nxt) 355 if (tp->e_addr0 == i && 356 tp->e_addr1 == j && 357 tp->e_addr2 == k) 358 return tp; 359 else 360 tp = tp->e_nxt; 361 tp->e_addr0 = i; 362 tp->e_addr1 = j; 363 tp->e_addr2 = k; 364 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); 365 if (tp->e_nxt == NULL) 366 error("lookup_emem: calloc"); 367 368 return tp; 369 } 370 371 /* 372 * Find the hash node that corresponds to the bytestring 'bs' 373 * with length 'nlen' 374 */ 375 376 static inline struct enamemem * 377 lookup_bytestring(register const u_char *bs, const unsigned int nlen) 378 { 379 struct enamemem *tp; 380 register u_int i, j, k; 381 382 if (nlen >= 6) { 383 k = (bs[0] << 8) | bs[1]; 384 j = (bs[2] << 8) | bs[3]; 385 i = (bs[4] << 8) | bs[5]; 386 } else if (nlen >= 4) { 387 k = (bs[0] << 8) | bs[1]; 388 j = (bs[2] << 8) | bs[3]; 389 i = 0; 390 } else 391 i = j = k = 0; 392 393 tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)]; 394 while (tp->e_nxt) 395 if (tp->e_addr0 == i && 396 tp->e_addr1 == j && 397 tp->e_addr2 == k && 398 memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0) 399 return tp; 400 else 401 tp = tp->e_nxt; 402 403 tp->e_addr0 = i; 404 tp->e_addr1 = j; 405 tp->e_addr2 = k; 406 407 tp->e_bs = (u_char *) calloc(1, nlen + 1); 408 if (tp->e_bs == NULL) 409 error("lookup_bytestring: calloc"); 410 411 memcpy(tp->e_bs, bs, nlen); 412 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); 413 if (tp->e_nxt == NULL) 414 error("lookup_bytestring: calloc"); 415 416 return tp; 417 } 418 419 /* Find the hash node that corresponds the NSAP 'nsap' */ 420 421 static inline struct enamemem * 422 lookup_nsap(register const u_char *nsap) 423 { 424 register u_int i, j, k; 425 unsigned int nlen = *nsap; 426 struct enamemem *tp; 427 const u_char *ensap = nsap + nlen - 6; 428 429 if (nlen > 6) { 430 k = (ensap[0] << 8) | ensap[1]; 431 j = (ensap[2] << 8) | ensap[3]; 432 i = (ensap[4] << 8) | ensap[5]; 433 } 434 else 435 i = j = k = 0; 436 437 tp = &nsaptable[(i ^ j) & (HASHNAMESIZE-1)]; 438 while (tp->e_nxt) 439 if (tp->e_addr0 == i && 440 tp->e_addr1 == j && 441 tp->e_addr2 == k && 442 tp->e_nsap[0] == nlen && 443 memcmp((const char *)&(nsap[1]), 444 (char *)&(tp->e_nsap[1]), nlen) == 0) 445 return tp; 446 else 447 tp = tp->e_nxt; 448 tp->e_addr0 = i; 449 tp->e_addr1 = j; 450 tp->e_addr2 = k; 451 tp->e_nsap = (u_char *)malloc(nlen + 1); 452 if (tp->e_nsap == NULL) 453 error("lookup_nsap: malloc"); 454 memcpy((char *)tp->e_nsap, (const char *)nsap, nlen + 1); 455 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); 456 if (tp->e_nxt == NULL) 457 error("lookup_nsap: calloc"); 458 459 return tp; 460 } 461 462 /* Find the hash node that corresponds the protoid 'pi'. */ 463 464 static inline struct protoidmem * 465 lookup_protoid(const u_char *pi) 466 { 467 register u_int i, j; 468 struct protoidmem *tp; 469 470 /* 5 octets won't be aligned */ 471 i = (((pi[0] << 8) + pi[1]) << 8) + pi[2]; 472 j = (pi[3] << 8) + pi[4]; 473 /* XXX should be endian-insensitive, but do big-endian testing XXX */ 474 475 tp = &protoidtable[(i ^ j) & (HASHNAMESIZE-1)]; 476 while (tp->p_nxt) 477 if (tp->p_oui == i && tp->p_proto == j) 478 return tp; 479 else 480 tp = tp->p_nxt; 481 tp->p_oui = i; 482 tp->p_proto = j; 483 tp->p_nxt = (struct protoidmem *)calloc(1, sizeof(*tp)); 484 if (tp->p_nxt == NULL) 485 error("lookup_protoid: calloc"); 486 487 return tp; 488 } 489 490 const char * 491 etheraddr_string(netdissect_options *ndo, register const u_char *ep) 492 { 493 register int i; 494 register char *cp; 495 register struct enamemem *tp; 496 int oui; 497 char buf[BUFSIZE]; 498 499 tp = lookup_emem(ep); 500 if (tp->e_name) 501 return (tp->e_name); 502 #ifdef USE_ETHER_NTOHOST 503 if (!ndo->ndo_nflag) { 504 char buf2[BUFSIZE]; 505 506 /* 507 * We don't cast it to "const struct ether_addr *" 508 * because some systems fail to declare the second 509 * argument as a "const" pointer, even though they 510 * don't modify what it points to. 511 */ 512 if (ether_ntohost(buf2, (struct ether_addr *)ep) == 0) { 513 tp->e_name = strdup(buf2); 514 return (tp->e_name); 515 } 516 } 517 #endif 518 cp = buf; 519 oui = EXTRACT_24BITS(ep); 520 *cp++ = hex[*ep >> 4 ]; 521 *cp++ = hex[*ep++ & 0xf]; 522 for (i = 5; --i >= 0;) { 523 *cp++ = ':'; 524 *cp++ = hex[*ep >> 4 ]; 525 *cp++ = hex[*ep++ & 0xf]; 526 } 527 528 if (!ndo->ndo_nflag) { 529 snprintf(cp, BUFSIZE - (2 + 5*3), " (oui %s)", 530 tok2str(oui_values, "Unknown", oui)); 531 } else 532 *cp = '\0'; 533 tp->e_name = strdup(buf); 534 return (tp->e_name); 535 } 536 537 const char * 538 le64addr_string(const u_char *ep) 539 { 540 const unsigned int len = 8; 541 register u_int i; 542 register char *cp; 543 register struct enamemem *tp; 544 char buf[BUFSIZE]; 545 546 tp = lookup_bytestring(ep, len); 547 if (tp->e_name) 548 return (tp->e_name); 549 550 cp = buf; 551 for (i = len; i > 0 ; --i) { 552 *cp++ = hex[*(ep + i - 1) >> 4]; 553 *cp++ = hex[*(ep + i - 1) & 0xf]; 554 *cp++ = ':'; 555 } 556 cp --; 557 558 *cp = '\0'; 559 560 tp->e_name = strdup(buf); 561 562 return (tp->e_name); 563 } 564 565 const char * 566 linkaddr_string(netdissect_options *ndo, const u_char *ep, const unsigned int type, const unsigned int len) 567 { 568 register u_int i; 569 register char *cp; 570 register struct enamemem *tp; 571 572 if (len == 0) 573 return ("<empty>"); 574 575 if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN) 576 return (etheraddr_string(ndo, ep)); 577 578 if (type == LINKADDR_FRELAY) 579 return (q922_string(ndo, ep, len)); 580 581 tp = lookup_bytestring(ep, len); 582 if (tp->e_name) 583 return (tp->e_name); 584 585 tp->e_name = cp = (char *)malloc(len*3); 586 if (tp->e_name == NULL) 587 error("linkaddr_string: malloc"); 588 *cp++ = hex[*ep >> 4]; 589 *cp++ = hex[*ep++ & 0xf]; 590 for (i = len-1; i > 0 ; --i) { 591 *cp++ = ':'; 592 *cp++ = hex[*ep >> 4]; 593 *cp++ = hex[*ep++ & 0xf]; 594 } 595 *cp = '\0'; 596 return (tp->e_name); 597 } 598 599 const char * 600 etherproto_string(u_short port) 601 { 602 register char *cp; 603 register struct hnamemem *tp; 604 register uint32_t i = port; 605 char buf[sizeof("0000")]; 606 607 for (tp = &eprototable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) 608 if (tp->addr == i) 609 return (tp->name); 610 611 tp->addr = i; 612 tp->nxt = newhnamemem(); 613 614 cp = buf; 615 NTOHS(port); 616 *cp++ = hex[port >> 12 & 0xf]; 617 *cp++ = hex[port >> 8 & 0xf]; 618 *cp++ = hex[port >> 4 & 0xf]; 619 *cp++ = hex[port & 0xf]; 620 *cp++ = '\0'; 621 tp->name = strdup(buf); 622 return (tp->name); 623 } 624 625 const char * 626 protoid_string(register const u_char *pi) 627 { 628 register u_int i, j; 629 register char *cp; 630 register struct protoidmem *tp; 631 char buf[sizeof("00:00:00:00:00")]; 632 633 tp = lookup_protoid(pi); 634 if (tp->p_name) 635 return tp->p_name; 636 637 cp = buf; 638 if ((j = *pi >> 4) != 0) 639 *cp++ = hex[j]; 640 *cp++ = hex[*pi++ & 0xf]; 641 for (i = 4; (int)--i >= 0;) { 642 *cp++ = ':'; 643 if ((j = *pi >> 4) != 0) 644 *cp++ = hex[j]; 645 *cp++ = hex[*pi++ & 0xf]; 646 } 647 *cp = '\0'; 648 tp->p_name = strdup(buf); 649 return (tp->p_name); 650 } 651 652 #define ISONSAP_MAX_LENGTH 20 653 const char * 654 isonsap_string(const u_char *nsap, register u_int nsap_length) 655 { 656 register u_int nsap_idx; 657 register char *cp; 658 register struct enamemem *tp; 659 660 if (nsap_length < 1 || nsap_length > ISONSAP_MAX_LENGTH) 661 return ("isonsap_string: illegal length"); 662 663 tp = lookup_nsap(nsap); 664 if (tp->e_name) 665 return tp->e_name; 666 667 tp->e_name = cp = (char *)malloc(sizeof("xx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xx")); 668 if (cp == NULL) 669 error("isonsap_string: malloc"); 670 671 for (nsap_idx = 0; nsap_idx < nsap_length; nsap_idx++) { 672 *cp++ = hex[*nsap >> 4]; 673 *cp++ = hex[*nsap++ & 0xf]; 674 if (((nsap_idx & 1) == 0) && 675 (nsap_idx + 1 < nsap_length)) { 676 *cp++ = '.'; 677 } 678 } 679 *cp = '\0'; 680 return (tp->e_name); 681 } 682 683 const char * 684 tcpport_string(u_short port) 685 { 686 register struct hnamemem *tp; 687 register uint32_t i = port; 688 char buf[sizeof("00000")]; 689 690 for (tp = &tporttable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) 691 if (tp->addr == i) 692 return (tp->name); 693 694 tp->addr = i; 695 tp->nxt = newhnamemem(); 696 697 (void)snprintf(buf, sizeof(buf), "%u", i); 698 tp->name = strdup(buf); 699 return (tp->name); 700 } 701 702 const char * 703 udpport_string(register u_short port) 704 { 705 register struct hnamemem *tp; 706 register uint32_t i = port; 707 char buf[sizeof("00000")]; 708 709 for (tp = &uporttable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) 710 if (tp->addr == i) 711 return (tp->name); 712 713 tp->addr = i; 714 tp->nxt = newhnamemem(); 715 716 (void)snprintf(buf, sizeof(buf), "%u", i); 717 tp->name = strdup(buf); 718 return (tp->name); 719 } 720 721 const char * 722 ipxsap_string(u_short port) 723 { 724 register char *cp; 725 register struct hnamemem *tp; 726 register uint32_t i = port; 727 char buf[sizeof("0000")]; 728 729 for (tp = &ipxsaptable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) 730 if (tp->addr == i) 731 return (tp->name); 732 733 tp->addr = i; 734 tp->nxt = newhnamemem(); 735 736 cp = buf; 737 NTOHS(port); 738 *cp++ = hex[port >> 12 & 0xf]; 739 *cp++ = hex[port >> 8 & 0xf]; 740 *cp++ = hex[port >> 4 & 0xf]; 741 *cp++ = hex[port & 0xf]; 742 *cp++ = '\0'; 743 tp->name = strdup(buf); 744 return (tp->name); 745 } 746 747 static void 748 init_servarray(netdissect_options *ndo) 749 { 750 struct servent *sv; 751 register struct hnamemem *table; 752 register int i; 753 char buf[sizeof("0000000000")]; 754 755 while ((sv = getservent()) != NULL) { 756 int port = ntohs(sv->s_port); 757 i = port & (HASHNAMESIZE-1); 758 if (strcmp(sv->s_proto, "tcp") == 0) 759 table = &tporttable[i]; 760 else if (strcmp(sv->s_proto, "udp") == 0) 761 table = &uporttable[i]; 762 else 763 continue; 764 765 while (table->name) 766 table = table->nxt; 767 if (ndo->ndo_nflag) { 768 (void)snprintf(buf, sizeof(buf), "%d", port); 769 table->name = strdup(buf); 770 } else 771 table->name = strdup(sv->s_name); 772 table->addr = port; 773 table->nxt = newhnamemem(); 774 } 775 endservent(); 776 } 777 778 /* in libpcap.a (nametoaddr.c) */ 779 #if defined(WIN32) && !defined(USE_STATIC_LIBPCAP) 780 extern __declspec(dllimport) 781 #else 782 extern 783 #endif 784 const struct eproto { 785 const char *s; 786 u_short p; 787 } eproto_db[]; 788 789 static void 790 init_eprotoarray(void) 791 { 792 register int i; 793 register struct hnamemem *table; 794 795 for (i = 0; eproto_db[i].s; i++) { 796 int j = htons(eproto_db[i].p) & (HASHNAMESIZE-1); 797 table = &eprototable[j]; 798 while (table->name) 799 table = table->nxt; 800 table->name = eproto_db[i].s; 801 table->addr = htons(eproto_db[i].p); 802 table->nxt = newhnamemem(); 803 } 804 } 805 806 static const struct protoidlist { 807 const u_char protoid[5]; 808 const char *name; 809 } protoidlist[] = { 810 {{ 0x00, 0x00, 0x0c, 0x01, 0x07 }, "CiscoMLS" }, 811 {{ 0x00, 0x00, 0x0c, 0x20, 0x00 }, "CiscoCDP" }, 812 {{ 0x00, 0x00, 0x0c, 0x20, 0x01 }, "CiscoCGMP" }, 813 {{ 0x00, 0x00, 0x0c, 0x20, 0x03 }, "CiscoVTP" }, 814 {{ 0x00, 0xe0, 0x2b, 0x00, 0xbb }, "ExtremeEDP" }, 815 {{ 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL } 816 }; 817 818 /* 819 * SNAP proto IDs with org code 0:0:0 are actually encapsulated Ethernet 820 * types. 821 */ 822 static void 823 init_protoidarray(void) 824 { 825 register int i; 826 register struct protoidmem *tp; 827 const struct protoidlist *pl; 828 u_char protoid[5]; 829 830 protoid[0] = 0; 831 protoid[1] = 0; 832 protoid[2] = 0; 833 for (i = 0; eproto_db[i].s; i++) { 834 u_short etype = htons(eproto_db[i].p); 835 836 memcpy((char *)&protoid[3], (char *)&etype, 2); 837 tp = lookup_protoid(protoid); 838 tp->p_name = strdup(eproto_db[i].s); 839 } 840 /* Hardwire some SNAP proto ID names */ 841 for (pl = protoidlist; pl->name != NULL; ++pl) { 842 tp = lookup_protoid(pl->protoid); 843 /* Don't override existing name */ 844 if (tp->p_name != NULL) 845 continue; 846 847 tp->p_name = pl->name; 848 } 849 } 850 851 static const struct etherlist { 852 const u_char addr[6]; 853 const char *name; 854 } etherlist[] = { 855 {{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, "Broadcast" }, 856 {{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL } 857 }; 858 859 /* 860 * Initialize the ethers hash table. We take two different approaches 861 * depending on whether or not the system provides the ethers name 862 * service. If it does, we just wire in a few names at startup, 863 * and etheraddr_string() fills in the table on demand. If it doesn't, 864 * then we suck in the entire /etc/ethers file at startup. The idea 865 * is that parsing the local file will be fast, but spinning through 866 * all the ethers entries via NIS & next_etherent might be very slow. 867 * 868 * XXX pcap_next_etherent doesn't belong in the pcap interface, but 869 * since the pcap module already does name-to-address translation, 870 * it's already does most of the work for the ethernet address-to-name 871 * translation, so we just pcap_next_etherent as a convenience. 872 */ 873 static void 874 init_etherarray(void) 875 { 876 register const struct etherlist *el; 877 register struct enamemem *tp; 878 #ifdef USE_ETHER_NTOHOST 879 char name[256]; 880 #else 881 register struct pcap_etherent *ep; 882 register FILE *fp; 883 884 /* Suck in entire ethers file */ 885 fp = fopen(PCAP_ETHERS_FILE, "r"); 886 if (fp != NULL) { 887 while ((ep = pcap_next_etherent(fp)) != NULL) { 888 tp = lookup_emem(ep->addr); 889 tp->e_name = strdup(ep->name); 890 } 891 (void)fclose(fp); 892 } 893 #endif 894 895 /* Hardwire some ethernet names */ 896 for (el = etherlist; el->name != NULL; ++el) { 897 tp = lookup_emem(el->addr); 898 /* Don't override existing name */ 899 if (tp->e_name != NULL) 900 continue; 901 902 #ifdef USE_ETHER_NTOHOST 903 /* 904 * Use YP/NIS version of name if available. 905 * 906 * We don't cast it to "const struct ether_addr *" 907 * because some systems don't modify the Ethernet 908 * address but fail to declare the second argument 909 * as a "const" pointer. 910 */ 911 if (ether_ntohost(name, (struct ether_addr *)el->addr) == 0) { 912 tp->e_name = strdup(name); 913 continue; 914 } 915 #endif 916 tp->e_name = el->name; 917 } 918 } 919 920 static const struct tok ipxsap_db[] = { 921 { 0x0000, "Unknown" }, 922 { 0x0001, "User" }, 923 { 0x0002, "User Group" }, 924 { 0x0003, "PrintQueue" }, 925 { 0x0004, "FileServer" }, 926 { 0x0005, "JobServer" }, 927 { 0x0006, "Gateway" }, 928 { 0x0007, "PrintServer" }, 929 { 0x0008, "ArchiveQueue" }, 930 { 0x0009, "ArchiveServer" }, 931 { 0x000a, "JobQueue" }, 932 { 0x000b, "Administration" }, 933 { 0x000F, "Novell TI-RPC" }, 934 { 0x0017, "Diagnostics" }, 935 { 0x0020, "NetBIOS" }, 936 { 0x0021, "NAS SNA Gateway" }, 937 { 0x0023, "NACS AsyncGateway" }, 938 { 0x0024, "RemoteBridge/RoutingService" }, 939 { 0x0026, "BridgeServer" }, 940 { 0x0027, "TCP/IP Gateway" }, 941 { 0x0028, "Point-to-point X.25 BridgeServer" }, 942 { 0x0029, "3270 Gateway" }, 943 { 0x002a, "CHI Corp" }, 944 { 0x002c, "PC Chalkboard" }, 945 { 0x002d, "TimeSynchServer" }, 946 { 0x002e, "ARCserve5.0/PalindromeBackup" }, 947 { 0x0045, "DI3270 Gateway" }, 948 { 0x0047, "AdvertisingPrintServer" }, 949 { 0x004a, "NetBlazerModems" }, 950 { 0x004b, "BtrieveVAP" }, 951 { 0x004c, "NetwareSQL" }, 952 { 0x004d, "XtreeNetwork" }, 953 { 0x0050, "BtrieveVAP4.11" }, 954 { 0x0052, "QuickLink" }, 955 { 0x0053, "PrintQueueUser" }, 956 { 0x0058, "Multipoint X.25 Router" }, 957 { 0x0060, "STLB/NLM" }, 958 { 0x0064, "ARCserve" }, 959 { 0x0066, "ARCserve3.0" }, 960 { 0x0072, "WAN CopyUtility" }, 961 { 0x007a, "TES-NetwareVMS" }, 962 { 0x0092, "WATCOM Debugger/EmeraldTapeBackupServer" }, 963 { 0x0095, "DDA OBGYN" }, 964 { 0x0098, "NetwareAccessServer" }, 965 { 0x009a, "Netware for VMS II/NamedPipeServer" }, 966 { 0x009b, "NetwareAccessServer" }, 967 { 0x009e, "PortableNetwareServer/SunLinkNVT" }, 968 { 0x00a1, "PowerchuteAPC UPS" }, 969 { 0x00aa, "LAWserve" }, 970 { 0x00ac, "CompaqIDA StatusMonitor" }, 971 { 0x0100, "PIPE STAIL" }, 972 { 0x0102, "LAN ProtectBindery" }, 973 { 0x0103, "OracleDataBaseServer" }, 974 { 0x0107, "Netware386/RSPX RemoteConsole" }, 975 { 0x010f, "NovellSNA Gateway" }, 976 { 0x0111, "TestServer" }, 977 { 0x0112, "HP PrintServer" }, 978 { 0x0114, "CSA MUX" }, 979 { 0x0115, "CSA LCA" }, 980 { 0x0116, "CSA CM" }, 981 { 0x0117, "CSA SMA" }, 982 { 0x0118, "CSA DBA" }, 983 { 0x0119, "CSA NMA" }, 984 { 0x011a, "CSA SSA" }, 985 { 0x011b, "CSA STATUS" }, 986 { 0x011e, "CSA APPC" }, 987 { 0x0126, "SNA TEST SSA Profile" }, 988 { 0x012a, "CSA TRACE" }, 989 { 0x012b, "NetwareSAA" }, 990 { 0x012e, "IKARUS VirusScan" }, 991 { 0x0130, "CommunicationsExecutive" }, 992 { 0x0133, "NNS DomainServer/NetwareNamingServicesDomain" }, 993 { 0x0135, "NetwareNamingServicesProfile" }, 994 { 0x0137, "Netware386 PrintQueue/NNS PrintQueue" }, 995 { 0x0141, "LAN SpoolServer" }, 996 { 0x0152, "IRMALAN Gateway" }, 997 { 0x0154, "NamedPipeServer" }, 998 { 0x0166, "NetWareManagement" }, 999 { 0x0168, "Intel PICKIT CommServer/Intel CAS TalkServer" }, 1000 { 0x0173, "Compaq" }, 1001 { 0x0174, "Compaq SNMP Agent" }, 1002 { 0x0175, "Compaq" }, 1003 { 0x0180, "XTreeServer/XTreeTools" }, 1004 { 0x018A, "NASI ServicesBroadcastServer" }, 1005 { 0x01b0, "GARP Gateway" }, 1006 { 0x01b1, "Binfview" }, 1007 { 0x01bf, "IntelLanDeskManager" }, 1008 { 0x01ca, "AXTEC" }, 1009 { 0x01cb, "ShivaNetModem/E" }, 1010 { 0x01cc, "ShivaLanRover/E" }, 1011 { 0x01cd, "ShivaLanRover/T" }, 1012 { 0x01ce, "ShivaUniversal" }, 1013 { 0x01d8, "CastelleFAXPressServer" }, 1014 { 0x01da, "CastelleLANPressPrintServer" }, 1015 { 0x01dc, "CastelleFAX/Xerox7033 FaxServer/ExcelLanFax" }, 1016 { 0x01f0, "LEGATO" }, 1017 { 0x01f5, "LEGATO" }, 1018 { 0x0233, "NMS Agent/NetwareManagementAgent" }, 1019 { 0x0237, "NMS IPX Discovery/LANternReadWriteChannel" }, 1020 { 0x0238, "NMS IP Discovery/LANternTrapAlarmChannel" }, 1021 { 0x023a, "LANtern" }, 1022 { 0x023c, "MAVERICK" }, 1023 { 0x023f, "NovellSMDR" }, 1024 { 0x024e, "NetwareConnect" }, 1025 { 0x024f, "NASI ServerBroadcast Cisco" }, 1026 { 0x026a, "NMS ServiceConsole" }, 1027 { 0x026b, "TimeSynchronizationServer Netware 4.x" }, 1028 { 0x0278, "DirectoryServer Netware 4.x" }, 1029 { 0x027b, "NetwareManagementAgent" }, 1030 { 0x0280, "Novell File and Printer Sharing Service for PC" }, 1031 { 0x0304, "NovellSAA Gateway" }, 1032 { 0x0308, "COM/VERMED" }, 1033 { 0x030a, "GalacticommWorldgroupServer" }, 1034 { 0x030c, "IntelNetport2/HP JetDirect/HP Quicksilver" }, 1035 { 0x0320, "AttachmateGateway" }, 1036 { 0x0327, "MicrosoftDiagnostiocs" }, 1037 { 0x0328, "WATCOM SQL Server" }, 1038 { 0x0335, "MultiTechSystems MultisynchCommServer" }, 1039 { 0x0343, "Xylogics RemoteAccessServer/LANModem" }, 1040 { 0x0355, "ArcadaBackupExec" }, 1041 { 0x0358, "MSLCD1" }, 1042 { 0x0361, "NETINELO" }, 1043 { 0x037e, "Powerchute UPS Monitoring" }, 1044 { 0x037f, "ViruSafeNotify" }, 1045 { 0x0386, "HP Bridge" }, 1046 { 0x0387, "HP Hub" }, 1047 { 0x0394, "NetWare SAA Gateway" }, 1048 { 0x039b, "LotusNotes" }, 1049 { 0x03b7, "CertusAntiVirus" }, 1050 { 0x03c4, "ARCserve4.0" }, 1051 { 0x03c7, "LANspool3.5" }, 1052 { 0x03d7, "LexmarkPrinterServer" }, 1053 { 0x03d8, "LexmarkXLE PrinterServer" }, 1054 { 0x03dd, "BanyanENS NetwareClient" }, 1055 { 0x03de, "GuptaSequelBaseServer/NetWareSQL" }, 1056 { 0x03e1, "UnivelUnixware" }, 1057 { 0x03e4, "UnivelUnixware" }, 1058 { 0x03fc, "IntelNetport" }, 1059 { 0x03fd, "PrintServerQueue" }, 1060 { 0x040A, "ipnServer" }, 1061 { 0x040D, "LVERRMAN" }, 1062 { 0x040E, "LVLIC" }, 1063 { 0x0414, "NET Silicon (DPI)/Kyocera" }, 1064 { 0x0429, "SiteLockVirus" }, 1065 { 0x0432, "UFHELPR???" }, 1066 { 0x0433, "Synoptics281xAdvancedSNMPAgent" }, 1067 { 0x0444, "MicrosoftNT SNA Server" }, 1068 { 0x0448, "Oracle" }, 1069 { 0x044c, "ARCserve5.01" }, 1070 { 0x0457, "CanonGP55" }, 1071 { 0x045a, "QMS Printers" }, 1072 { 0x045b, "DellSCSI Array" }, 1073 { 0x0491, "NetBlazerModems" }, 1074 { 0x04ac, "OnTimeScheduler" }, 1075 { 0x04b0, "CD-Net" }, 1076 { 0x0513, "EmulexNQA" }, 1077 { 0x0520, "SiteLockChecks" }, 1078 { 0x0529, "SiteLockChecks" }, 1079 { 0x052d, "CitrixOS2 AppServer" }, 1080 { 0x0535, "Tektronix" }, 1081 { 0x0536, "Milan" }, 1082 { 0x055d, "Attachmate SNA gateway" }, 1083 { 0x056b, "IBM8235 ModemServer" }, 1084 { 0x056c, "ShivaLanRover/E PLUS" }, 1085 { 0x056d, "ShivaLanRover/T PLUS" }, 1086 { 0x0580, "McAfeeNetShield" }, 1087 { 0x05B8, "NLM to workstation communication (Revelation Software)" }, 1088 { 0x05BA, "CompatibleSystemsRouters" }, 1089 { 0x05BE, "CheyenneHierarchicalStorageManager" }, 1090 { 0x0606, "JCWatermarkImaging" }, 1091 { 0x060c, "AXISNetworkPrinter" }, 1092 { 0x0610, "AdaptecSCSIManagement" }, 1093 { 0x0621, "IBM AntiVirus" }, 1094 { 0x0640, "Windows95 RemoteRegistryService" }, 1095 { 0x064e, "MicrosoftIIS" }, 1096 { 0x067b, "Microsoft Win95/98 File and Print Sharing for NetWare" }, 1097 { 0x067c, "Microsoft Win95/98 File and Print Sharing for NetWare" }, 1098 { 0x076C, "Xerox" }, 1099 { 0x079b, "ShivaLanRover/E 115" }, 1100 { 0x079c, "ShivaLanRover/T 115" }, 1101 { 0x07B4, "CubixWorldDesk" }, 1102 { 0x07c2, "Quarterdeck IWare Connect V2.x NLM" }, 1103 { 0x07c1, "Quarterdeck IWare Connect V3.x NLM" }, 1104 { 0x0810, "ELAN License Server Demo" }, 1105 { 0x0824, "ShivaLanRoverAccessSwitch/E" }, 1106 { 0x086a, "ISSC Collector" }, 1107 { 0x087f, "ISSC DAS AgentAIX" }, 1108 { 0x0880, "Intel Netport PRO" }, 1109 { 0x0881, "Intel Netport PRO" }, 1110 { 0x0b29, "SiteLock" }, 1111 { 0x0c29, "SiteLockApplications" }, 1112 { 0x0c2c, "LicensingServer" }, 1113 { 0x2101, "PerformanceTechnologyInstantInternet" }, 1114 { 0x2380, "LAI SiteLock" }, 1115 { 0x238c, "MeetingMaker" }, 1116 { 0x4808, "SiteLockServer/SiteLockMetering" }, 1117 { 0x5555, "SiteLockUser" }, 1118 { 0x6312, "Tapeware" }, 1119 { 0x6f00, "RabbitGateway" }, 1120 { 0x7703, "MODEM" }, 1121 { 0x8002, "NetPortPrinters" }, 1122 { 0x8008, "WordPerfectNetworkVersion" }, 1123 { 0x85BE, "Cisco EIGRP" }, 1124 { 0x8888, "WordPerfectNetworkVersion/QuickNetworkManagement" }, 1125 { 0x9000, "McAfeeNetShield" }, 1126 { 0x9604, "CSA-NT_MON" }, 1127 { 0xb6a8, "OceanIsleReachoutRemoteControl" }, 1128 { 0xf11f, "SiteLockMetering" }, 1129 { 0xf1ff, "SiteLock" }, 1130 { 0xf503, "Microsoft SQL Server" }, 1131 { 0xF905, "IBM TimeAndPlace" }, 1132 { 0xfbfb, "TopCallIII FaxServer" }, 1133 { 0xffff, "AnyService/Wildcard" }, 1134 { 0, (char *)0 } 1135 }; 1136 1137 static void 1138 init_ipxsaparray(void) 1139 { 1140 register int i; 1141 register struct hnamemem *table; 1142 1143 for (i = 0; ipxsap_db[i].s != NULL; i++) { 1144 int j = htons(ipxsap_db[i].v) & (HASHNAMESIZE-1); 1145 table = &ipxsaptable[j]; 1146 while (table->name) 1147 table = table->nxt; 1148 table->name = ipxsap_db[i].s; 1149 table->addr = htons(ipxsap_db[i].v); 1150 table->nxt = newhnamemem(); 1151 } 1152 } 1153 1154 /* 1155 * Initialize the address to name translation machinery. We map all 1156 * non-local IP addresses to numeric addresses if ndo->ndo_fflag is true 1157 * (i.e., to prevent blocking on the nameserver). localnet is the IP address 1158 * of the local network. mask is its subnet mask. 1159 */ 1160 void 1161 init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask) 1162 { 1163 if (ndo->ndo_fflag) { 1164 f_localnet = localnet; 1165 f_netmask = mask; 1166 } 1167 if (ndo->ndo_nflag) 1168 /* 1169 * Simplest way to suppress names. 1170 */ 1171 return; 1172 1173 init_etherarray(); 1174 init_servarray(ndo); 1175 init_eprotoarray(); 1176 init_protoidarray(); 1177 init_ipxsaparray(); 1178 } 1179 1180 const char * 1181 dnaddr_string(netdissect_options *ndo, u_short dnaddr) 1182 { 1183 register struct hnamemem *tp; 1184 1185 for (tp = &dnaddrtable[dnaddr & (HASHNAMESIZE-1)]; tp->nxt != 0; 1186 tp = tp->nxt) 1187 if (tp->addr == dnaddr) 1188 return (tp->name); 1189 1190 tp->addr = dnaddr; 1191 tp->nxt = newhnamemem(); 1192 if (ndo->ndo_nflag) 1193 tp->name = dnnum_string(dnaddr); 1194 else 1195 tp->name = dnname_string(dnaddr); 1196 1197 return(tp->name); 1198 } 1199 1200 /* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */ 1201 struct hnamemem * 1202 newhnamemem(void) 1203 { 1204 register struct hnamemem *p; 1205 static struct hnamemem *ptr = NULL; 1206 static u_int num = 0; 1207 1208 if (num <= 0) { 1209 num = 64; 1210 ptr = (struct hnamemem *)calloc(num, sizeof (*ptr)); 1211 if (ptr == NULL) 1212 error("newhnamemem: calloc"); 1213 } 1214 --num; 1215 p = ptr++; 1216 return (p); 1217 } 1218 1219 #ifdef INET6 1220 /* Return a zero'ed h6namemem struct and cuts down on calloc() overhead */ 1221 struct h6namemem * 1222 newh6namemem(void) 1223 { 1224 register struct h6namemem *p; 1225 static struct h6namemem *ptr = NULL; 1226 static u_int num = 0; 1227 1228 if (num <= 0) { 1229 num = 64; 1230 ptr = (struct h6namemem *)calloc(num, sizeof (*ptr)); 1231 if (ptr == NULL) 1232 error("newh6namemem: calloc"); 1233 } 1234 --num; 1235 p = ptr++; 1236 return (p); 1237 } 1238 #endif /* INET6 */ 1239 1240 /* Represent TCI part of the 802.1Q 4-octet tag as text. */ 1241 const char * 1242 ieee8021q_tci_string(const uint16_t tci) 1243 { 1244 static char buf[128]; 1245 snprintf(buf, sizeof(buf), "vlan %u, p %u%s", 1246 tci & 0xfff, 1247 tci >> 13, 1248 (tci & 0x1000) ? ", DEI" : ""); 1249 return buf; 1250 } 1251