xref: /freebsd/contrib/tcpdump/print.c (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1 /*
2  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * Support for splitting captures into multiple files with a maximum
22  * file size:
23  *
24  * Copyright (c) 2001
25  *	Seth Webster <swebster@sst.ll.mit.edu>
26  */
27 
28 #ifdef HAVE_CONFIG_H
29 #include <config.h>
30 #endif
31 
32 #include <stdlib.h>
33 #include <string.h>
34 #include <setjmp.h>
35 
36 #include "netdissect-stdinc.h"
37 
38 #include "netdissect.h"
39 #include "addrtoname.h"
40 #include "print.h"
41 #include "netdissect-alloc.h"
42 
43 #include "pcap-missing.h"
44 
45 struct printer {
46 	if_printer f;
47 	int type;
48 };
49 
50 static const struct printer printers[] = {
51 #ifdef DLT_APPLE_IP_OVER_IEEE1394
52 	{ ap1394_if_print,	DLT_APPLE_IP_OVER_IEEE1394 },
53 #endif
54 	{ arcnet_if_print,	DLT_ARCNET },
55 #ifdef DLT_ARCNET_LINUX
56 	{ arcnet_linux_if_print, DLT_ARCNET_LINUX },
57 #endif
58 	{ atm_if_print,		DLT_ATM_RFC1483 },
59 #ifdef DLT_DSA_TAG_BRCM
60 	{ brcm_tag_if_print,	DLT_DSA_TAG_BRCM },
61 #endif
62 #ifdef DLT_DSA_TAG_BRCM_PREPEND
63 	{ brcm_tag_prepend_if_print, DLT_DSA_TAG_BRCM_PREPEND },
64 #endif
65 #ifdef DLT_BLUETOOTH_HCI_H4_WITH_PHDR
66 	{ bt_if_print,		DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
67 #endif
68 #ifdef DLT_C_HDLC
69 	{ chdlc_if_print,	DLT_C_HDLC },
70 #endif
71 #ifdef DLT_HDLC
72 	{ chdlc_if_print,	DLT_HDLC },
73 #endif
74 #ifdef DLT_ATM_CLIP
75 	{ cip_if_print,		DLT_ATM_CLIP },
76 #endif
77 #ifdef DLT_CIP
78 	{ cip_if_print,		DLT_CIP },
79 #endif
80 #ifdef DLT_DSA_TAG_DSA
81 	{ dsa_if_print,		DLT_DSA_TAG_DSA },
82 #endif
83 #ifdef DLT_DSA_TAG_EDSA
84 	{ edsa_if_print,	DLT_DSA_TAG_EDSA },
85 #endif
86 #ifdef DLT_ENC
87 	{ enc_if_print,		DLT_ENC },
88 #endif
89 	{ ether_if_print,	DLT_EN10MB },
90 	{ fddi_if_print,	DLT_FDDI },
91 #ifdef DLT_FR
92 	{ fr_if_print,		DLT_FR },
93 #endif
94 #ifdef DLT_FRELAY
95 	{ fr_if_print,		DLT_FRELAY },
96 #endif
97 #ifdef DLT_IEEE802_11
98 	{ ieee802_11_if_print,	DLT_IEEE802_11},
99 #endif
100 #ifdef DLT_IEEE802_11_RADIO_AVS
101 	{ ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
102 #endif
103 #ifdef DLT_IEEE802_11_RADIO
104 	{ ieee802_11_radio_if_print,	DLT_IEEE802_11_RADIO },
105 #endif
106 #ifdef DLT_IEEE802_15_4
107 	{ ieee802_15_4_if_print, DLT_IEEE802_15_4 },
108 #endif
109 #ifdef DLT_IEEE802_15_4_NOFCS
110 	{ ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
111 #endif
112 #ifdef DLT_IEEE802_15_4_TAP
113 	{ ieee802_15_4_tap_if_print, DLT_IEEE802_15_4_TAP },
114 #endif
115 #ifdef DLT_IP_OVER_FC
116 	{ ipfc_if_print,	DLT_IP_OVER_FC },
117 #endif
118 #ifdef DLT_IPNET
119 	{ ipnet_if_print,	DLT_IPNET },
120 #endif
121 #ifdef DLT_IPOIB
122 	{ ipoib_if_print,       DLT_IPOIB },
123 #endif
124 #ifdef DLT_JUNIPER_ATM1
125 	{ juniper_atm1_if_print, DLT_JUNIPER_ATM1 },
126 #endif
127 #ifdef DLT_JUNIPER_ATM2
128 	{ juniper_atm2_if_print, DLT_JUNIPER_ATM2 },
129 #endif
130 #ifdef DLT_JUNIPER_CHDLC
131 	{ juniper_chdlc_if_print,	DLT_JUNIPER_CHDLC },
132 #endif
133 #ifdef DLT_JUNIPER_ES
134 	{ juniper_es_if_print,	DLT_JUNIPER_ES },
135 #endif
136 #ifdef DLT_JUNIPER_ETHER
137 	{ juniper_ether_if_print,	DLT_JUNIPER_ETHER },
138 #endif
139 #ifdef DLT_JUNIPER_FRELAY
140 	{ juniper_frelay_if_print,	DLT_JUNIPER_FRELAY },
141 #endif
142 #ifdef DLT_JUNIPER_GGSN
143 	{ juniper_ggsn_if_print, DLT_JUNIPER_GGSN },
144 #endif
145 #ifdef DLT_JUNIPER_MFR
146 	{ juniper_mfr_if_print,	DLT_JUNIPER_MFR },
147 #endif
148 #ifdef DLT_JUNIPER_MLFR
149 	{ juniper_mlfr_if_print, DLT_JUNIPER_MLFR },
150 #endif
151 #ifdef DLT_JUNIPER_MLPPP
152 	{ juniper_mlppp_if_print, DLT_JUNIPER_MLPPP },
153 #endif
154 #ifdef DLT_JUNIPER_MONITOR
155 	{ juniper_monitor_if_print, DLT_JUNIPER_MONITOR },
156 #endif
157 #ifdef DLT_JUNIPER_PPP
158 	{ juniper_ppp_if_print,	DLT_JUNIPER_PPP },
159 #endif
160 #ifdef DLT_JUNIPER_PPPOE_ATM
161 	{ juniper_pppoe_atm_if_print, DLT_JUNIPER_PPPOE_ATM },
162 #endif
163 #ifdef DLT_JUNIPER_PPPOE
164 	{ juniper_pppoe_if_print, DLT_JUNIPER_PPPOE },
165 #endif
166 #ifdef DLT_JUNIPER_SERVICES
167 	{ juniper_services_if_print, DLT_JUNIPER_SERVICES },
168 #endif
169 #ifdef DLT_LTALK
170 	{ ltalk_if_print,	DLT_LTALK },
171 #endif
172 #ifdef DLT_MFR
173 	{ mfr_if_print,		DLT_MFR },
174 #endif
175 #ifdef DLT_NETANALYZER
176 	{ netanalyzer_if_print, DLT_NETANALYZER },
177 #endif
178 #ifdef DLT_NETANALYZER_TRANSPARENT
179 	{ netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
180 #endif
181 #ifdef DLT_NFLOG
182 	{ nflog_if_print,	DLT_NFLOG},
183 #endif
184 	{ null_if_print,	DLT_NULL },
185 #ifdef DLT_LOOP
186 	{ null_if_print,	DLT_LOOP },
187 #endif
188 #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H)
189 	{ pflog_if_print,	DLT_PFLOG },
190 #endif
191 #if defined(DLT_PFSYNC) && defined(HAVE_NET_PFVAR_H)
192 	{ pfsync_if_print,	DLT_PFSYNC},
193 #endif
194 #ifdef DLT_PKTAP
195 	{ pktap_if_print,	DLT_PKTAP },
196 #endif
197 #ifdef DLT_PPI
198 	{ ppi_if_print,		DLT_PPI },
199 #endif
200 #ifdef DLT_PPP_BSDOS
201 	{ ppp_bsdos_if_print,	DLT_PPP_BSDOS },
202 #endif
203 #ifdef DLT_PPP_SERIAL
204 	{ ppp_hdlc_if_print,	DLT_PPP_SERIAL },
205 #endif
206 	{ ppp_if_print,		DLT_PPP },
207 #ifdef DLT_PPP_PPPD
208 	{ ppp_if_print,		DLT_PPP_PPPD },
209 #endif
210 #ifdef DLT_PPP_ETHER
211 	{ pppoe_if_print,	DLT_PPP_ETHER },
212 #endif
213 #ifdef DLT_PRISM_HEADER
214 	{ prism_if_print,	DLT_PRISM_HEADER },
215 #endif
216 	{ raw_if_print,		DLT_RAW },
217 #ifdef DLT_IPV4
218 	{ raw_if_print,		DLT_IPV4 },
219 #endif
220 #ifdef DLT_IPV6
221 	{ raw_if_print,		DLT_IPV6 },
222 #endif
223 #ifdef DLT_SLIP_BSDOS
224 	{ sl_bsdos_if_print,	DLT_SLIP_BSDOS },
225 #endif
226 	{ sl_if_print,		DLT_SLIP },
227 #ifdef DLT_LINUX_SLL
228 	{ sll_if_print,		DLT_LINUX_SLL },
229 #endif
230 #ifdef DLT_LINUX_SLL2
231 	{ sll2_if_print,	DLT_LINUX_SLL2 },
232 #endif
233 #ifdef DLT_SUNATM
234 	{ sunatm_if_print,	DLT_SUNATM },
235 #endif
236 #ifdef DLT_SYMANTEC_FIREWALL
237 	{ symantec_if_print,	DLT_SYMANTEC_FIREWALL },
238 #endif
239 	{ token_if_print,	DLT_IEEE802 },
240 #ifdef DLT_USB_LINUX
241 	{ usb_linux_48_byte_if_print, DLT_USB_LINUX},
242 #endif /* DLT_USB_LINUX */
243 #ifdef DLT_USB_LINUX_MMAPPED
244 	{ usb_linux_64_byte_if_print, DLT_USB_LINUX_MMAPPED},
245 #endif /* DLT_USB_LINUX_MMAPPED */
246 #ifdef DLT_VSOCK
247 	{ vsock_if_print,	DLT_VSOCK },
248 #endif
249 	{ NULL,                 0 },
250 };
251 
252 static void	ndo_default_print(netdissect_options *ndo, const u_char *bp,
253 		    u_int length);
254 
255 static void NORETURN ndo_error(netdissect_options *ndo,
256 		     status_exit_codes_t status,
257 		     FORMAT_STRING(const char *fmt), ...)
258 		     PRINTFLIKE(3, 4);
259 static void	ndo_warning(netdissect_options *ndo,
260 		    FORMAT_STRING(const char *fmt), ...)
261 		    PRINTFLIKE(2, 3);
262 
263 static int	ndo_printf(netdissect_options *ndo,
264 		     FORMAT_STRING(const char *fmt), ...)
265 		     PRINTFLIKE(2, 3);
266 
267 void
268 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
269 {
270 
271 	init_addrtoname(ndo, localnet, mask);
272 	init_checksum();
273 }
274 
275 if_printer
276 lookup_printer(int type)
277 {
278 	const struct printer *p;
279 
280 	for (p = printers; p->f; ++p)
281 		if (type == p->type)
282 			return p->f;
283 
284 #if defined(DLT_USER2) && defined(DLT_PKTAP)
285 	/*
286 	 * Apple incorrectly chose to use DLT_USER2 for their PKTAP
287 	 * header.
288 	 *
289 	 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
290 	 * based OSes or the same value as LINKTYPE_PKTAP as it is on
291 	 * other OSes, to LINKTYPE_PKTAP, so files written with
292 	 * this version of libpcap for a DLT_PKTAP capture have a link-
293 	 * layer header type of LINKTYPE_PKTAP.
294 	 *
295 	 * However, files written on OS X Mavericks for a DLT_PKTAP
296 	 * capture have a link-layer header type of LINKTYPE_USER2.
297 	 * If we don't have a printer for DLT_USER2, and type is
298 	 * DLT_USER2, we look up the printer for DLT_PKTAP and use
299 	 * that.
300 	 */
301 	if (type == DLT_USER2) {
302 		for (p = printers; p->f; ++p)
303 			if (DLT_PKTAP == p->type)
304 				return p->f;
305 	}
306 #endif
307 
308 	return NULL;
309 	/* NOTREACHED */
310 }
311 
312 int
313 has_printer(int type)
314 {
315 	return (lookup_printer(type) != NULL);
316 }
317 
318 if_printer
319 get_if_printer(int type)
320 {
321 	if_printer printer;
322 
323 	printer = lookup_printer(type);
324 	if (printer == NULL)
325 		printer = unsupported_if_print;
326 	return printer;
327 }
328 
329 void
330 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
331 		    const u_char *sp, u_int packets_captured)
332 {
333 	u_int hdrlen = 0;
334 	int invalid_header = 0;
335 
336 	if (ndo->ndo_packet_number)
337 		ND_PRINT("%5u  ", packets_captured);
338 
339 	/* Sanity checks on packet length / capture length */
340 	if (h->caplen == 0) {
341 		invalid_header = 1;
342 		ND_PRINT("[Invalid header: caplen==0");
343 	}
344 	if (h->len == 0) {
345 		if (!invalid_header) {
346 			invalid_header = 1;
347 			ND_PRINT("[Invalid header:");
348 		} else
349 			ND_PRINT(",");
350 		ND_PRINT(" len==0");
351 	} else if (h->len < h->caplen) {
352 		if (!invalid_header) {
353 			invalid_header = 1;
354 			ND_PRINT("[Invalid header:");
355 		} else
356 			ND_PRINT(",");
357 		ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen);
358 	}
359 	if (h->caplen > MAXIMUM_SNAPLEN) {
360 		if (!invalid_header) {
361 			invalid_header = 1;
362 			ND_PRINT("[Invalid header:");
363 		} else
364 			ND_PRINT(",");
365 		ND_PRINT(" caplen(%u) > %u", h->caplen, MAXIMUM_SNAPLEN);
366 	}
367 	if (h->len > MAXIMUM_SNAPLEN) {
368 		if (!invalid_header) {
369 			invalid_header = 1;
370 			ND_PRINT("[Invalid header:");
371 		} else
372 			ND_PRINT(",");
373 		ND_PRINT(" len(%u) > %u", h->len, MAXIMUM_SNAPLEN);
374 	}
375 	if (invalid_header) {
376 		ND_PRINT("]\n");
377 		return;
378 	}
379 
380 	/*
381 	 * At this point:
382 	 *   capture length != 0,
383 	 *   packet length != 0,
384 	 *   capture length <= MAXIMUM_SNAPLEN,
385 	 *   packet length <= MAXIMUM_SNAPLEN,
386 	 *   packet length >= capture length.
387 	 *
388 	 * Currently, there is no D-Bus printer, thus no need for
389 	 * bigger lengths.
390 	 */
391 
392 	/*
393 	 * The header /usr/include/pcap/pcap.h in OpenBSD declares h->ts as
394 	 * struct bpf_timeval, not struct timeval. The former comes from
395 	 * /usr/include/net/bpf.h and uses 32-bit unsigned types instead of
396 	 * the types used in struct timeval.
397 	 */
398 	struct timeval tvbuf;
399 	tvbuf.tv_sec = h->ts.tv_sec;
400 	tvbuf.tv_usec = h->ts.tv_usec;
401 	ts_print(ndo, &tvbuf);
402 
403 	/*
404 	 * Printers must check that they're not walking off the end of
405 	 * the packet.
406 	 * Rather than pass it all the way down, we set this member
407 	 * of the netdissect_options structure.
408 	 */
409 	ndo->ndo_snapend = sp + h->caplen;
410 	ndo->ndo_packetp = sp;
411 
412 	ndo->ndo_protocol = "";
413 	ndo->ndo_ll_hdr_len = 0;
414 	switch (setjmp(ndo->ndo_early_end)) {
415 	case 0:
416 		/* Print the packet. */
417 		(ndo->ndo_if_printer)(ndo, h, sp);
418 		break;
419 	case ND_TRUNCATED:
420 		/* A printer quit because the packet was truncated; report it */
421 		nd_print_trunc(ndo);
422 		/* Print the full packet */
423 		ndo->ndo_ll_hdr_len = 0;
424 		break;
425 	}
426 	hdrlen = ndo->ndo_ll_hdr_len;
427 
428 	/*
429 	 * Empty the stack of packet information, freeing all pushed buffers;
430 	 * if we got here by a printer quitting, we need to release anything
431 	 * that didn't get released because we longjmped out of the code
432 	 * before it popped the packet information.
433 	 */
434 	nd_pop_all_packet_info(ndo);
435 
436 	/*
437 	 * Restore the original snapend, as a printer might have
438 	 * changed it.
439 	 */
440 	ndo->ndo_snapend = sp + h->caplen;
441 	if (ndo->ndo_Xflag) {
442 		/*
443 		 * Print the raw packet data in hex and ASCII.
444 		 */
445 		if (ndo->ndo_Xflag > 1) {
446 			/*
447 			 * Include the link-layer header.
448 			 */
449 			hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
450 		} else {
451 			/*
452 			 * Don't include the link-layer header - and if
453 			 * we have nothing past the link-layer header,
454 			 * print nothing.
455 			 */
456 			if (h->caplen > hdrlen)
457 				hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
458 						    h->caplen - hdrlen);
459 		}
460 	} else if (ndo->ndo_xflag) {
461 		/*
462 		 * Print the raw packet data in hex.
463 		 */
464 		if (ndo->ndo_xflag > 1) {
465 			/*
466 			 * Include the link-layer header.
467 			 */
468 			hex_print(ndo, "\n\t", sp, h->caplen);
469 		} else {
470 			/*
471 			 * Don't include the link-layer header - and if
472 			 * we have nothing past the link-layer header,
473 			 * print nothing.
474 			 */
475 			if (h->caplen > hdrlen)
476 				hex_print(ndo, "\n\t", sp + hdrlen,
477 					  h->caplen - hdrlen);
478 		}
479 	} else if (ndo->ndo_Aflag) {
480 		/*
481 		 * Print the raw packet data in ASCII.
482 		 */
483 		if (ndo->ndo_Aflag > 1) {
484 			/*
485 			 * Include the link-layer header.
486 			 */
487 			ascii_print(ndo, sp, h->caplen);
488 		} else {
489 			/*
490 			 * Don't include the link-layer header - and if
491 			 * we have nothing past the link-layer header,
492 			 * print nothing.
493 			 */
494 			if (h->caplen > hdrlen)
495 				ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
496 		}
497 	}
498 
499 	ND_PRINT("\n");
500 	nd_free_all(ndo);
501 }
502 
503 /*
504  * By default, print the specified data out in hex and ASCII.
505  */
506 static void
507 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
508 {
509 	hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */
510 }
511 
512 /* VARARGS */
513 static void
514 ndo_error(netdissect_options *ndo, status_exit_codes_t status,
515 	  const char *fmt, ...)
516 {
517 	va_list ap;
518 
519 	if (ndo->program_name)
520 		(void)fprintf(stderr, "%s: ", ndo->program_name);
521 	va_start(ap, fmt);
522 	(void)vfprintf(stderr, fmt, ap);
523 	va_end(ap);
524 	if (*fmt) {
525 		fmt += strlen(fmt);
526 		if (fmt[-1] != '\n')
527 			(void)fputc('\n', stderr);
528 	}
529 	nd_cleanup();
530 	exit(status);
531 	/* NOTREACHED */
532 }
533 
534 /* VARARGS */
535 static void
536 ndo_warning(netdissect_options *ndo, const char *fmt, ...)
537 {
538 	va_list ap;
539 
540 	if (ndo->program_name)
541 		(void)fprintf(stderr, "%s: ", ndo->program_name);
542 	(void)fprintf(stderr, "WARNING: ");
543 	va_start(ap, fmt);
544 	(void)vfprintf(stderr, fmt, ap);
545 	va_end(ap);
546 	if (*fmt) {
547 		fmt += strlen(fmt);
548 		if (fmt[-1] != '\n')
549 			(void)fputc('\n', stderr);
550 	}
551 }
552 
553 static int
554 ndo_printf(netdissect_options *ndo, const char *fmt, ...)
555 {
556 	va_list args;
557 	int ret;
558 
559 	va_start(args, fmt);
560 	ret = vfprintf(stdout, fmt, args);
561 	va_end(args);
562 
563 	if (ret < 0)
564 		ndo_error(ndo, S_ERR_ND_WRITE_FILE,
565 			  "Unable to write output: %s", pcap_strerror(errno));
566 	return (ret);
567 }
568 
569 void
570 ndo_set_function_pointers(netdissect_options *ndo)
571 {
572 	ndo->ndo_default_print=ndo_default_print;
573 	ndo->ndo_printf=ndo_printf;
574 	ndo->ndo_error=ndo_error;
575 	ndo->ndo_warning=ndo_warning;
576 }
577