1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #ifdef HAVE_CONFIG_H 29 #include "config.h" 30 #endif 31 32 #include <stdlib.h> 33 #include <string.h> 34 35 #include <netdissect-stdinc.h> 36 37 #include "netdissect.h" 38 #include "addrtoname.h" 39 #include "print.h" 40 41 struct printer { 42 if_printer f; 43 int type; 44 }; 45 46 static const struct printer printers[] = { 47 { ether_if_print, DLT_EN10MB }, 48 #ifdef DLT_IPNET 49 { ipnet_if_print, DLT_IPNET }, 50 #endif 51 #ifdef DLT_IEEE802_15_4 52 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, 53 #endif 54 #ifdef DLT_IEEE802_15_4_NOFCS 55 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, 56 #endif 57 #ifdef DLT_PPI 58 { ppi_if_print, DLT_PPI }, 59 #endif 60 #ifdef DLT_NETANALYZER 61 { netanalyzer_if_print, DLT_NETANALYZER }, 62 #endif 63 #ifdef DLT_NETANALYZER_TRANSPARENT 64 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, 65 #endif 66 #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) 67 { nflog_if_print, DLT_NFLOG}, 68 #endif 69 #ifdef DLT_CIP 70 { cip_if_print, DLT_CIP }, 71 #endif 72 #ifdef DLT_ATM_CLIP 73 { cip_if_print, DLT_ATM_CLIP }, 74 #endif 75 #ifdef DLT_IP_OVER_FC 76 { ipfc_if_print, DLT_IP_OVER_FC }, 77 #endif 78 { null_if_print, DLT_NULL }, 79 #ifdef DLT_LOOP 80 { null_if_print, DLT_LOOP }, 81 #endif 82 #ifdef DLT_APPLE_IP_OVER_IEEE1394 83 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 84 #endif 85 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 86 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 87 #endif 88 #ifdef DLT_LANE8023 89 { lane_if_print, DLT_LANE8023 }, 90 #endif 91 { arcnet_if_print, DLT_ARCNET }, 92 #ifdef DLT_ARCNET_LINUX 93 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 94 #endif 95 { raw_if_print, DLT_RAW }, 96 #ifdef DLT_IPV4 97 { raw_if_print, DLT_IPV4 }, 98 #endif 99 #ifdef DLT_IPV6 100 { raw_if_print, DLT_IPV6 }, 101 #endif 102 #ifdef HAVE_PCAP_USB_H 103 #ifdef DLT_USB_LINUX 104 { usb_linux_48_byte_print, DLT_USB_LINUX}, 105 #endif /* DLT_USB_LINUX */ 106 #ifdef DLT_USB_LINUX_MMAPPED 107 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 108 #endif /* DLT_USB_LINUX_MMAPPED */ 109 #endif /* HAVE_PCAP_USB_H */ 110 #ifdef DLT_SYMANTEC_FIREWALL 111 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 112 #endif 113 #ifdef DLT_C_HDLC 114 { chdlc_if_print, DLT_C_HDLC }, 115 #endif 116 #ifdef DLT_HDLC 117 { chdlc_if_print, DLT_HDLC }, 118 #endif 119 #ifdef DLT_PPP_ETHER 120 { pppoe_if_print, DLT_PPP_ETHER }, 121 #endif 122 #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H) 123 { pflog_if_print, DLT_PFLOG }, 124 #endif 125 { token_if_print, DLT_IEEE802 }, 126 { fddi_if_print, DLT_FDDI }, 127 #ifdef DLT_LINUX_SLL 128 { sll_if_print, DLT_LINUX_SLL }, 129 #endif 130 #ifdef DLT_FR 131 { fr_if_print, DLT_FR }, 132 #endif 133 #ifdef DLT_FRELAY 134 { fr_if_print, DLT_FRELAY }, 135 #endif 136 #ifdef DLT_MFR 137 { mfr_if_print, DLT_MFR }, 138 #endif 139 { atm_if_print, DLT_ATM_RFC1483 }, 140 #ifdef DLT_SUNATM 141 { sunatm_if_print, DLT_SUNATM }, 142 #endif 143 #ifdef DLT_ENC 144 { enc_if_print, DLT_ENC }, 145 #endif 146 { sl_if_print, DLT_SLIP }, 147 #ifdef DLT_SLIP_BSDOS 148 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 149 #endif 150 #ifdef DLT_LTALK 151 { ltalk_if_print, DLT_LTALK }, 152 #endif 153 #ifdef DLT_JUNIPER_ATM1 154 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 155 #endif 156 #ifdef DLT_JUNIPER_ATM2 157 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 158 #endif 159 #ifdef DLT_JUNIPER_MFR 160 { juniper_mfr_print, DLT_JUNIPER_MFR }, 161 #endif 162 #ifdef DLT_JUNIPER_MLFR 163 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 164 #endif 165 #ifdef DLT_JUNIPER_MLPPP 166 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 167 #endif 168 #ifdef DLT_JUNIPER_PPPOE 169 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 170 #endif 171 #ifdef DLT_JUNIPER_PPPOE_ATM 172 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 173 #endif 174 #ifdef DLT_JUNIPER_GGSN 175 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 176 #endif 177 #ifdef DLT_JUNIPER_ES 178 { juniper_es_print, DLT_JUNIPER_ES }, 179 #endif 180 #ifdef DLT_JUNIPER_MONITOR 181 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 182 #endif 183 #ifdef DLT_JUNIPER_SERVICES 184 { juniper_services_print, DLT_JUNIPER_SERVICES }, 185 #endif 186 #ifdef DLT_JUNIPER_ETHER 187 { juniper_ether_print, DLT_JUNIPER_ETHER }, 188 #endif 189 #ifdef DLT_JUNIPER_PPP 190 { juniper_ppp_print, DLT_JUNIPER_PPP }, 191 #endif 192 #ifdef DLT_JUNIPER_FRELAY 193 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 194 #endif 195 #ifdef DLT_JUNIPER_CHDLC 196 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 197 #endif 198 #ifdef DLT_PKTAP 199 { pktap_if_print, DLT_PKTAP }, 200 #endif 201 #ifdef DLT_IEEE802_11_RADIO 202 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 203 #endif 204 #ifdef DLT_IEEE802_11 205 { ieee802_11_if_print, DLT_IEEE802_11}, 206 #endif 207 #ifdef DLT_IEEE802_11_RADIO_AVS 208 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 209 #endif 210 #ifdef DLT_PRISM_HEADER 211 { prism_if_print, DLT_PRISM_HEADER }, 212 #endif 213 { ppp_if_print, DLT_PPP }, 214 #ifdef DLT_PPP_WITHDIRECTION 215 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 216 #endif 217 #ifdef DLT_PPP_BSDOS 218 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 219 #endif 220 #ifdef DLT_PPP_SERIAL 221 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 222 #endif 223 { NULL, 0 }, 224 }; 225 226 static void ndo_default_print(netdissect_options *ndo, const u_char *bp, 227 u_int length); 228 229 static void ndo_error(netdissect_options *ndo, const char *fmt, ...) 230 __attribute__((noreturn)) 231 #ifdef __ATTRIBUTE___FORMAT_OK 232 __attribute__((format (printf, 2, 3))) 233 #endif /* __ATTRIBUTE___FORMAT_OK */ 234 ; 235 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...) 236 #ifdef __ATTRIBUTE___FORMAT_OK 237 __attribute__((format (printf, 2, 3))) 238 #endif /* __ATTRIBUTE___FORMAT_OK */ 239 ; 240 241 static int ndo_printf(netdissect_options *ndo, const char *fmt, ...) 242 #ifdef __ATTRIBUTE___FORMAT_OK 243 __attribute ((format (printf, 2, 3))) 244 #endif /* __ATTRIBUTE___FORMAT_OK */ 245 ; 246 247 void 248 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask, 249 uint32_t timezone_offset) 250 { 251 252 thiszone = timezone_offset; 253 init_addrtoname(ndo, localnet, mask); 254 init_checksum(); 255 } 256 257 if_printer 258 lookup_printer(int type) 259 { 260 const struct printer *p; 261 262 for (p = printers; p->f; ++p) 263 if (type == p->type) 264 return p->f; 265 266 #if defined(DLT_USER2) && defined(DLT_PKTAP) 267 /* 268 * Apple incorrectly chose to use DLT_USER2 for their PKTAP 269 * header. 270 * 271 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin- 272 * based OSes or the same value as LINKTYPE_PKTAP as it is on 273 * other OSes, to LINKTYPE_PKTAP, so files written with 274 * this version of libpcap for a DLT_PKTAP capture have a link- 275 * layer header type of LINKTYPE_PKTAP. 276 * 277 * However, files written on OS X Mavericks for a DLT_PKTAP 278 * capture have a link-layer header type of LINKTYPE_USER2. 279 * If we don't have a printer for DLT_USER2, and type is 280 * DLT_USER2, we look up the printer for DLT_PKTAP and use 281 * that. 282 */ 283 if (type == DLT_USER2) { 284 for (p = printers; p->f; ++p) 285 if (DLT_PKTAP == p->type) 286 return p->f; 287 } 288 #endif 289 290 return NULL; 291 /* NOTREACHED */ 292 } 293 294 int 295 has_printer(int type) 296 { 297 return (lookup_printer(type) != NULL); 298 } 299 300 if_printer 301 get_if_printer(netdissect_options *ndo, int type) 302 { 303 const char *dltname; 304 if_printer printer; 305 306 printer = lookup_printer(type); 307 if (printer == NULL) { 308 dltname = pcap_datalink_val_to_name(type); 309 if (dltname != NULL) 310 (*ndo->ndo_error)(ndo, 311 "packet printing is not supported for link type %s: use -w", 312 dltname); 313 else 314 (*ndo->ndo_error)(ndo, 315 "packet printing is not supported for link type %d: use -w", type); 316 } 317 return printer; 318 } 319 320 void 321 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, 322 const u_char *sp, u_int packets_captured) 323 { 324 u_int hdrlen; 325 326 if(ndo->ndo_packet_number) 327 ND_PRINT((ndo, "%5u ", packets_captured)); 328 329 ts_print(ndo, &h->ts); 330 331 /* 332 * Some printers want to check that they're not walking off the 333 * end of the packet. 334 * Rather than pass it all the way down, we set this member 335 * of the netdissect_options structure. 336 */ 337 ndo->ndo_snapend = sp + h->caplen; 338 339 hdrlen = (ndo->ndo_if_printer)(ndo, h, sp); 340 341 /* 342 * Restore the original snapend, as a printer might have 343 * changed it. 344 */ 345 ndo->ndo_snapend = sp + h->caplen; 346 if (ndo->ndo_Xflag) { 347 /* 348 * Print the raw packet data in hex and ASCII. 349 */ 350 if (ndo->ndo_Xflag > 1) { 351 /* 352 * Include the link-layer header. 353 */ 354 hex_and_ascii_print(ndo, "\n\t", sp, h->caplen); 355 } else { 356 /* 357 * Don't include the link-layer header - and if 358 * we have nothing past the link-layer header, 359 * print nothing. 360 */ 361 if (h->caplen > hdrlen) 362 hex_and_ascii_print(ndo, "\n\t", sp + hdrlen, 363 h->caplen - hdrlen); 364 } 365 } else if (ndo->ndo_xflag) { 366 /* 367 * Print the raw packet data in hex. 368 */ 369 if (ndo->ndo_xflag > 1) { 370 /* 371 * Include the link-layer header. 372 */ 373 hex_print(ndo, "\n\t", sp, h->caplen); 374 } else { 375 /* 376 * Don't include the link-layer header - and if 377 * we have nothing past the link-layer header, 378 * print nothing. 379 */ 380 if (h->caplen > hdrlen) 381 hex_print(ndo, "\n\t", sp + hdrlen, 382 h->caplen - hdrlen); 383 } 384 } else if (ndo->ndo_Aflag) { 385 /* 386 * Print the raw packet data in ASCII. 387 */ 388 if (ndo->ndo_Aflag > 1) { 389 /* 390 * Include the link-layer header. 391 */ 392 ascii_print(ndo, sp, h->caplen); 393 } else { 394 /* 395 * Don't include the link-layer header - and if 396 * we have nothing past the link-layer header, 397 * print nothing. 398 */ 399 if (h->caplen > hdrlen) 400 ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen); 401 } 402 } 403 404 ND_PRINT((ndo, "\n")); 405 } 406 407 /* 408 * By default, print the specified data out in hex and ASCII. 409 */ 410 static void 411 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length) 412 { 413 hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */ 414 } 415 416 /* VARARGS */ 417 static void 418 ndo_error(netdissect_options *ndo, const char *fmt, ...) 419 { 420 va_list ap; 421 422 if(ndo->program_name) 423 (void)fprintf(stderr, "%s: ", ndo->program_name); 424 va_start(ap, fmt); 425 (void)vfprintf(stderr, fmt, ap); 426 va_end(ap); 427 if (*fmt) { 428 fmt += strlen(fmt); 429 if (fmt[-1] != '\n') 430 (void)fputc('\n', stderr); 431 } 432 nd_cleanup(); 433 exit(1); 434 /* NOTREACHED */ 435 } 436 437 /* VARARGS */ 438 static void 439 ndo_warning(netdissect_options *ndo, const char *fmt, ...) 440 { 441 va_list ap; 442 443 if(ndo->program_name) 444 (void)fprintf(stderr, "%s: ", ndo->program_name); 445 (void)fprintf(stderr, "WARNING: "); 446 va_start(ap, fmt); 447 (void)vfprintf(stderr, fmt, ap); 448 va_end(ap); 449 if (*fmt) { 450 fmt += strlen(fmt); 451 if (fmt[-1] != '\n') 452 (void)fputc('\n', stderr); 453 } 454 } 455 456 static int 457 ndo_printf(netdissect_options *ndo, const char *fmt, ...) 458 { 459 va_list args; 460 int ret; 461 462 va_start(args, fmt); 463 ret = vfprintf(stdout, fmt, args); 464 va_end(args); 465 466 if (ret < 0) 467 ndo_error(ndo, "Unable to write output: %s", pcap_strerror(errno)); 468 return (ret); 469 } 470 471 void 472 ndo_set_function_pointers(netdissect_options *ndo) 473 { 474 ndo->ndo_default_print=ndo_default_print; 475 ndo->ndo_printf=ndo_printf; 476 ndo->ndo_error=ndo_error; 477 ndo->ndo_warning=ndo_warning; 478 } 479 /* 480 * Local Variables: 481 * c-style: whitesmith 482 * c-basic-offset: 8 483 * End: 484 */ 485