static int arcnet_encap_print(netdissect_options *ndo, u_char arctype, const u_char *p, u_int length, u_int caplen) { switch (arctype) { case ARCTYPE_IP_OLD: case ARCTYPE_IP: ip_print(ndo, p, length); return (1); case ARCTYPE_INET6: ip6_print(ndo, p, length); return (1); case ARCTYPE_ARP_OLD: case ARCTYPE_ARP: case ARCTYPE_REVARP: arp_print(ndo, p, length, caplen); return (1); case ARCTYPE_ATALK: /* XXX was this ever used? */ if (ndo->ndo_vflag) ND_PRINT("et1 "); atalk_print(ndo, p, length); return (1); case ARCTYPE_IPX: ipx_print(ndo, p, length); return (1); default: return (0); } }
/* PPP */ static void handle_ppp(netdissect_options *ndo, u_int proto, const u_char *p, int length) { if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */ ppp_hdlc(ndo, p - 1, length); return; } switch (proto) { case PPP_LCP: /* fall through */ case PPP_IPCP: case PPP_OSICP: case PPP_MPLSCP: case PPP_IPV6CP: case PPP_CCP: case PPP_BACP: handle_ctrl_proto(ndo, proto, p, length); break; case PPP_ML: handle_mlppp(ndo, p, length); break; case PPP_CHAP: handle_chap(ndo, p, length); break; case PPP_PAP: handle_pap(ndo, p, length); break; case PPP_BAP: /* XXX: not yet completed */ handle_bap(ndo, p, length); break; case ETHERTYPE_IP: /*XXX*/ case PPP_VJNC: case PPP_IP: ip_print(ndo, p, length); break; case ETHERTYPE_IPV6: /*XXX*/ case PPP_IPV6: ip6_print(ndo, p, length); break; case ETHERTYPE_IPX: /*XXX*/ case PPP_IPX: ipx_print(ndo, p, length); break; case PPP_OSI: isoclns_print(ndo, p, length, length); break; case PPP_MPLS_UCAST: case PPP_MPLS_MCAST: mpls_print(ndo, p, length); break; case PPP_COMP: ND_PRINT((ndo, "compressed PPP data")); break; default: ND_PRINT((ndo, "%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto))); print_unknown_data(ndo, p, "\n\t", length); break; } }
static char *ipx_prpr(struct ipx_addr *x) { struct sockaddr_ipx *sipx = &ssipx; sipx->sipx_addr = *x; return(ipx_print((struct sockaddr *)sipx)); }
static int arcnet_encap_print(u_char arctype, const u_char *p, u_int length, u_int caplen) { switch (arctype) { case ARCTYPE_IP_OLD: case ARCTYPE_IP: ip_print(gndo, p, length); return (1); #ifdef INET6 case ARCTYPE_INET6: ip6_print(gndo, p, length); return (1); #endif /*INET6*/ case ARCTYPE_ARP_OLD: case ARCTYPE_ARP: case ARCTYPE_REVARP: arp_print(gndo, p, length, caplen); return (1); case ARCTYPE_ATALK: /* XXX was this ever used? */ if (vflag) fputs("et1 ", stdout); atalk_print(p, length); return (1); case ARCTYPE_IPX: ipx_print(p, length); return (1); default: return (0); } }
/* * This is the top level routine of the printer. 'p' points to the * Linux "cooked capture" header of the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int sll_if_print(const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; register const struct sll_header *sllp; u_short ether_type; u_short extracted_ethertype; if (caplen < SLL_HDR_LEN) { /* * XXX - this "can't happen" because "pcap-linux.c" always * adds this many bytes of header to every packet in a * cooked socket capture. */ printf("[|sll]"); return (caplen); } sllp = (const struct sll_header *)p; if (eflag) sll_print(sllp, length); /* * Go past the cooked-mode header. */ length -= SLL_HDR_LEN; caplen -= SLL_HDR_LEN; p += SLL_HDR_LEN; ether_type = EXTRACT_16BITS(&sllp->sll_protocol); recurse: /* * Is it (gag) an 802.3 encapsulation, or some non-Ethernet * packet type? */ if (ether_type <= ETHERMTU) { /* * Yes - what type is it? */ switch (ether_type) { case LINUX_SLL_P_802_3: /* * Ethernet_802.3 IPX frame. */ ipx_print(p, length); break; case LINUX_SLL_P_802_2: /* * 802.2. * Try to print the LLC-layer header & higher layers. */ if (llc_print(p, length, caplen, NULL, NULL, &extracted_ethertype) == 0) goto unknown; /* unknown LLC type */ break; default: extracted_ethertype = 0; /*FALLTHROUGH*/ unknown: /* ether_type not known, print raw packet */ if (!eflag) sll_print(sllp, length + SLL_HDR_LEN); if (extracted_ethertype) { printf("(LLC %s) ", etherproto_string(htons(extracted_ethertype))); } if (!suppress_default_print) default_print(p, caplen); break; } } else if (ether_type == ETHERTYPE_8021Q) { /* * Print VLAN information, and then go back and process * the enclosed type field. */ if (caplen < 4 || length < 4) { printf("[|vlan]"); return (SLL_HDR_LEN); } if (eflag) { u_int16_t tag = EXTRACT_16BITS(p); printf("vlan %u, p %u%s, ", tag & 0xfff, tag >> 13, (tag & 0x1000) ? ", CFI" : ""); } ether_type = EXTRACT_16BITS(p + 2); if (ether_type <= ETHERMTU) ether_type = LINUX_SLL_P_802_2; if (!qflag) { (void)printf("ethertype %s, ", tok2str(ethertype_values, "Unknown", ether_type)); } p += 4; length -= 4; caplen -= 4; goto recurse; } else { if (ethertype_print(gndo, ether_type, p, length, caplen) == 0) {
static const char * fmt_sockaddr(struct sockaddr *sa, struct sockaddr *mask, int flags) { static char workbuf[128]; const char *cp; if (sa == NULL) return ("null"); switch(sa->sa_family) { case AF_INET: { struct sockaddr_in *sockin = (struct sockaddr_in *)sa; if ((sockin->sin_addr.s_addr == INADDR_ANY) && mask && ntohl(((struct sockaddr_in *)mask)->sin_addr.s_addr) ==0L) cp = "default" ; else if (flags & RTF_HOST) cp = routename(sockin->sin_addr.s_addr); else if (mask) cp = netname(sockin->sin_addr.s_addr, ntohl(((struct sockaddr_in *)mask) ->sin_addr.s_addr)); else cp = netname(sockin->sin_addr.s_addr, 0L); break; } #ifdef INET6 case AF_INET6: { struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa; in6_fillscopeid(sa6); if (flags & RTF_HOST) cp = routename6(sa6); else if (mask) cp = netname6(sa6, &((struct sockaddr_in6 *)mask)->sin6_addr); else { cp = netname6(sa6, NULL); } break; } #endif /*INET6*/ case AF_IPX: { struct ipx_addr work = ((struct sockaddr_ipx *)sa)->sipx_addr; if (ipx_nullnet(satoipx_addr(work))) cp = "default"; else cp = ipx_print(sa); break; } case AF_APPLETALK: { if (!(flags & RTF_HOST) && mask) cp = atalk_print2(sa,mask,9); else cp = atalk_print(sa,11); break; } case AF_NETGRAPH: { strlcpy(workbuf, ((struct sockaddr_ng *)sa)->sg_data, sizeof(workbuf)); cp = workbuf; break; } case AF_LINK: { struct sockaddr_dl *sdl = (struct sockaddr_dl *)sa; if (sdl->sdl_nlen == 0 && sdl->sdl_alen == 0 && sdl->sdl_slen == 0) { (void) sprintf(workbuf, "link#%d", sdl->sdl_index); cp = workbuf; } else switch (sdl->sdl_type) { case IFT_ETHER: case IFT_L2VLAN: case IFT_BRIDGE: if (sdl->sdl_alen == ETHER_ADDR_LEN) { cp = ether_ntoa((struct ether_addr *) (sdl->sdl_data + sdl->sdl_nlen)); break; } /* FALLTHROUGH */ default: cp = link_ntoa(sdl); break; } break; } default: { u_char *s = (u_char *)sa->sa_data, *slim; char *cq, *cqlim; cq = workbuf; slim = sa->sa_len + (u_char *) sa; cqlim = cq + sizeof(workbuf) - 6; cq += sprintf(cq, "(%d)", sa->sa_family); while (s < slim && cq < cqlim) { cq += sprintf(cq, " %02x", *s++); if (s < slim) cq += sprintf(cq, "%02x", *s++); } cp = workbuf; } } return (cp); }
/* * This is the top level routine of the printer. 'p' points * to the ether header of the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int length = h->len; u_int caplen = h->caplen; u_int family; if (caplen < NULL_HDRLEN) { ND_PRINT((ndo, "[|null]")); return (NULL_HDRLEN); } memcpy((char *)&family, (char *)p, sizeof(family)); /* * This isn't necessarily in our host byte order; if this is * a DLT_LOOP capture, it's in network byte order, and if * this is a DLT_NULL capture from a machine with the opposite * byte-order, it's in the opposite byte order from ours. * * If the upper 16 bits aren't all zero, assume it's byte-swapped. */ if ((family & 0xFFFF0000) != 0) family = SWAPLONG(family); if (ndo->ndo_eflag) null_hdr_print(ndo, family, length); length -= NULL_HDRLEN; caplen -= NULL_HDRLEN; p += NULL_HDRLEN; switch (family) { case BSD_AFNUM_INET: ip_print(ndo, p, length); break; case BSD_AFNUM_INET6_BSD: case BSD_AFNUM_INET6_FREEBSD: case BSD_AFNUM_INET6_DARWIN: ip6_print(ndo, p, length); break; case BSD_AFNUM_ISO: isoclns_print(ndo, p, length, caplen); break; case BSD_AFNUM_APPLETALK: atalk_print(ndo, p, length); break; case BSD_AFNUM_IPX: ipx_print(ndo, p, length); break; default: /* unknown AF_ value */ if (!ndo->ndo_eflag) null_hdr_print(ndo, family, length + NULL_HDRLEN); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } return (NULL_HDRLEN); }
int llc_print(const u_char *p, u_int length, u_int caplen, const u_char *esrc, const u_char *edst, u_short *extracted_ethertype) { u_int8_t dsap_field, dsap, ssap_field, ssap; u_int16_t control; int is_u; register int ret; *extracted_ethertype = 0; if (caplen < 3) { (void)printf("[|llc]"); default_print((u_char *)p, caplen); return(0); } dsap_field = *p; ssap_field = *(p + 1); /* * OK, what type of LLC frame is this? The length * of the control field depends on that - I frames * have a two-byte control field, and U frames have * a one-byte control field. */ control = *(p + 2); if ((control & LLC_U_FMT) == LLC_U_FMT) { /* * U frame. */ is_u = 1; } else { /* * The control field in I and S frames is * 2 bytes... */ if (caplen < 4) { (void)printf("[|llc]"); default_print((u_char *)p, caplen); return(0); } /* * ...and is little-endian. */ control = EXTRACT_LE_16BITS(p + 2); is_u = 0; } if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an * 802.3 header (i.e., an Ethernet header where the * type/length field is <= ETHERMTU, i.e. it's a length * field, not a type field), but has no 802.2 header - * the IPX packet starts right after the Ethernet header, * with a signature of two bytes of 0xFF (which is * LLCSAP_GLOBAL). * * (It might also have been an Ethernet_802.3 IPX at * one time, but got bridged onto another network, * such as an 802.11 network; this has appeared in at * least one capture file.) */ if (eflag) printf("IPX 802.3: "); ipx_print(p, length); return (1); } dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; if (eflag) { printf("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s", tok2str(llc_values, "Unknown", dsap), dsap, tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG), tok2str(llc_values, "Unknown", ssap), ssap, tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP)); if (is_u) { printf(", ctrl 0x%02x: ", control); } else { printf(", ctrl 0x%04x: ", control); } } if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D && control == LLC_UI) { stp_print(p+3, length-3); return (1); } if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { ip_print(gndo, p+4, length-4); return (1); } if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { /* * This is an Ethernet_802.2 IPX frame, with an 802.3 * header and an 802.2 LLC header with the source and * destination SAPs being the IPX SAP. * * Skip DSAP, LSAP, and control field. */ if (eflag) printf("IPX 802.2: "); ipx_print(p+3, length-3); return (1); } #ifdef TCPDUMP_DO_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) { /* * we don't actually have a full netbeui parser yet, but the * smb parser can handle many smb-in-netbeui packets, which * is very useful, so we call that * * We don't call it for S frames, however, just I frames * (which are frames that don't have the low-order bit, * LLC_S_FMT, set in the first byte of the control field) * and UI frames (whose control field is just 3, LLC_U_FMT). */ /* * Skip the LLC header. */ if (is_u) { p += 3; length -= 3; caplen -= 3; } else { p += 4; length -= 4; caplen -= 4; } netbeui_print(control, p, length); return (1); } #endif if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { isoclns_print(p + 3, length - 3, caplen - 3); return (1); } if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP && control == LLC_UI) { /* * XXX - what *is* the right bridge pad value here? * Does anybody ever bridge one form of LAN traffic * over a networking type that uses 802.2 LLC? */ ret = snap_print(p+3, length-3, caplen-3, extracted_ethertype, 2); if (ret) return (ret); } if (!eflag) { if (ssap == dsap) { if (esrc == NULL || edst == NULL) (void)printf("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); else (void)printf("%s > %s %s ", etheraddr_string(esrc), etheraddr_string(edst), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); } else { if (esrc == NULL || edst == NULL) (void)printf("%s > %s ", tok2str(llc_values, "Unknown SSAP 0x%02x", ssap), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); else (void)printf("%s %s > %s %s ", etheraddr_string(esrc), tok2str(llc_values, "Unknown SSAP 0x%02x", ssap), etheraddr_string(edst), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); } } if (is_u) { printf("Unnumbered, %s, Flags [%s], length %u", tok2str(llc_cmd_values, "%02x", LLC_U_CMD(control)), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)), length); p += 3; length -= 3; caplen -= 3; if ((control & ~LLC_U_POLL) == LLC_XID) { if (*p == LLC_XID_FI) { printf(": %02x %02x", p[1], p[2]); p += 3; length -= 3; caplen -= 3; } } } else { if ((control & LLC_S_FMT) == LLC_S_FMT) { (void)printf("Supervisory, %s, rcv seq %u, Flags [%s], length %u", tok2str(llc_supervisory_values,"?",LLC_S_CMD(control)), LLC_IS_NR(control), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), length); } else { (void)printf("Information, send seq %u, rcv seq %u, Flags [%s], length %u", LLC_I_NS(control), LLC_IS_NR(control), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), length); } p += 4; length -= 4; caplen -= 4; } return(1); }
int ethertype_print(netdissect_options *ndo, u_short ether_type, const u_char *p, u_int length, u_int caplen) { switch (ether_type) { case ETHERTYPE_IP: ip_print(ndo, p, length); return (1); case ETHERTYPE_IPV6: ip6_print(ndo, p, length); return (1); case ETHERTYPE_ARP: case ETHERTYPE_REVARP: arp_print(ndo, p, length, caplen); return (1); case ETHERTYPE_DN: decnet_print(ndo, p, length, caplen); return (1); case ETHERTYPE_ATALK: if (ndo->ndo_vflag) ND_PRINT((ndo, "et1 ")); atalk_print(ndo, p, length); return (1); case ETHERTYPE_AARP: aarp_print(ndo, p, length); return (1); case ETHERTYPE_IPX: ND_PRINT((ndo, "(NOV-ETHII) ")); ipx_print(ndo, p, length); return (1); case ETHERTYPE_ISO: isoclns_print(ndo, p + 1, length - 1, length - 1); return(1); case ETHERTYPE_PPPOED: case ETHERTYPE_PPPOES: case ETHERTYPE_PPPOED2: case ETHERTYPE_PPPOES2: pppoe_print(ndo, p, length); return (1); case ETHERTYPE_EAPOL: eap_print(ndo, p, length); return (1); case ETHERTYPE_RRCP: rrcp_print(ndo, p - 14 , length + 14); return (1); case ETHERTYPE_PPP: if (length) { ND_PRINT((ndo, ": ")); ppp_print(ndo, p, length); } return (1); case ETHERTYPE_MPCP: mpcp_print(ndo, p, length); return (1); case ETHERTYPE_SLOW: slow_print(ndo, p, length); return (1); case ETHERTYPE_CFM: case ETHERTYPE_CFM_OLD: cfm_print(ndo, p, length); return (1); case ETHERTYPE_LLDP: lldp_print(ndo, p, length); return (1); case ETHERTYPE_LOOPBACK: loopback_print(ndo, p, length); return (1); case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(ndo, p, length); return (1); case ETHERTYPE_TIPC: tipc_print(ndo, p, length, caplen); return (1); case ETHERTYPE_MS_NLB_HB: msnlb_print(ndo, p); return (1); case ETHERTYPE_GEONET_OLD: case ETHERTYPE_GEONET: geonet_print(ndo, p-14, p, length); return (1); case ETHERTYPE_CALM_FAST: calm_fast_print(ndo, p-14, p, length); return (1); case ETHERTYPE_AOE: aoe_print(ndo, p, length); return (1); case ETHERTYPE_LAT: case ETHERTYPE_SCA: case ETHERTYPE_MOPRC: case ETHERTYPE_MOPDL: case ETHERTYPE_IEEE1905_1: /* default_print for now */ default: return (0); } }
/* * If we printed information about the payload, returns the length of the LLC * header, plus the length of any SNAP header following it. * * Otherwise (for example, if the packet has unknown SAPs or has a SNAP * header with an unknown OUI/PID combination), returns the *negative* * of that value. */ int llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, const struct lladdr_info *src, const struct lladdr_info *dst) { uint8_t dsap_field, dsap, ssap_field, ssap; uint16_t control; int hdrlen; int is_u; if (caplen < 3) { ND_PRINT("[|llc]"); ND_DEFAULTPRINT((const u_char *)p, caplen); return (caplen); } if (length < 3) { ND_PRINT("[|llc]"); ND_DEFAULTPRINT((const u_char *)p, caplen); return (length); } dsap_field = EXTRACT_U_1(p); ssap_field = EXTRACT_U_1(p + 1); /* * OK, what type of LLC frame is this? The length * of the control field depends on that - I frames * have a two-byte control field, and U frames have * a one-byte control field. */ control = EXTRACT_U_1(p + 2); if ((control & LLC_U_FMT) == LLC_U_FMT) { /* * U frame. */ is_u = 1; hdrlen = 3; /* DSAP, SSAP, 1-byte control field */ } else { /* * The control field in I and S frames is * 2 bytes... */ if (caplen < 4) { ND_PRINT("[|llc]"); ND_DEFAULTPRINT((const u_char *)p, caplen); return (caplen); } if (length < 4) { ND_PRINT("[|llc]"); ND_DEFAULTPRINT((const u_char *)p, caplen); return (length); } /* * ...and is little-endian. */ control = EXTRACT_LE_U_2(p + 2); is_u = 0; hdrlen = 4; /* DSAP, SSAP, 2-byte control field */ } if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an * 802.3 header (i.e., an Ethernet header where the * type/length field is <= MAX_ETHERNET_LENGTH_VAL, * i.e. it's a length field, not a type field), but * has no 802.2 header - the IPX packet starts right * after the Ethernet header, with a signature of two * bytes of 0xFF (which is LLCSAP_GLOBAL). * * (It might also have been an Ethernet_802.3 IPX at * one time, but got bridged onto another network, * such as an 802.11 network; this has appeared in at * least one capture file.) */ if (ndo->ndo_eflag) ND_PRINT("IPX 802.3: "); ipx_print(ndo, p, length); return (0); /* no LLC header */ } dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; if (ndo->ndo_eflag) { ND_PRINT("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s", tok2str(llc_values, "Unknown", dsap), dsap, tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG), tok2str(llc_values, "Unknown", ssap), ssap, tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP)); if (is_u) { ND_PRINT(", ctrl 0x%02x: ", control); } else { ND_PRINT(", ctrl 0x%04x: ", control); } } /* * Skip LLC header. */ p += hdrlen; length -= hdrlen; caplen -= hdrlen; if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP && control == LLC_UI) { /* * XXX - what *is* the right bridge pad value here? * Does anybody ever bridge one form of LAN traffic * over a networking type that uses 802.2 LLC? */ if (!snap_print(ndo, p, length, caplen, src, dst, 2)) { /* * Unknown packet type; tell our caller, by * returning a negative value, so they * can print the raw packet. */ return (-(hdrlen + 5)); /* include LLC and SNAP header */ } else return (hdrlen + 5); /* include LLC and SNAP header */ } if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D && control == LLC_UI) { stp_print(ndo, p, length); return (hdrlen); } if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { /* * This is an RFC 948-style IP packet, with * an 802.3 header and an 802.2 LLC header * with the source and destination SAPs being * the IP SAP. */ ip_print(ndo, p, length); return (hdrlen); } if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { /* * This is an Ethernet_802.2 IPX frame, with an 802.3 * header and an 802.2 LLC header with the source and * destination SAPs being the IPX SAP. */ if (ndo->ndo_eflag) ND_PRINT("IPX 802.2: "); ipx_print(ndo, p, length); return (hdrlen); } #ifdef ENABLE_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) { /* * we don't actually have a full netbeui parser yet, but the * smb parser can handle many smb-in-netbeui packets, which * is very useful, so we call that * * We don't call it for S frames, however, just I frames * (which are frames that don't have the low-order bit, * LLC_S_FMT, set in the first byte of the control field) * and UI frames (whose control field is just 3, LLC_U_FMT). */ netbeui_print(ndo, control, p, length); return (hdrlen); } #endif if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { isoclns_print(ndo, p, length); return (hdrlen); } if (!ndo->ndo_eflag) { if (ssap == dsap) { if (src == NULL || dst == NULL) ND_PRINT("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); else ND_PRINT("%s > %s %s ", (src->addr_string)(ndo, src->addr), (dst->addr_string)(ndo, dst->addr), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); } else { if (src == NULL || dst == NULL) ND_PRINT("%s > %s ", tok2str(llc_values, "Unknown SSAP 0x%02x", ssap), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); else ND_PRINT("%s %s > %s %s ", (src->addr_string)(ndo, src->addr), tok2str(llc_values, "Unknown SSAP 0x%02x", ssap), (dst->addr_string)(ndo, dst->addr), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); } } if (is_u) { ND_PRINT("Unnumbered, %s, Flags [%s], length %u", tok2str(llc_cmd_values, "%02x", LLC_U_CMD(control)), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)), length + hdrlen); if ((control & ~LLC_U_POLL) == LLC_XID) { if (length == 0) { /* * XID with no payload. * This could, for example, be an SNA * "short form" XID. */ return (hdrlen); } if (caplen < 1) { ND_PRINT("[|llc]"); if (caplen > 0) ND_DEFAULTPRINT((const u_char *)p, caplen); return (hdrlen); } if (EXTRACT_U_1(p) == LLC_XID_FI) { if (caplen < 3 || length < 3) { ND_PRINT("[|llc]"); if (caplen > 0) ND_DEFAULTPRINT((const u_char *)p, caplen); } else ND_PRINT(": %02x %02x", EXTRACT_U_1(p + 1), EXTRACT_U_1(p + 2)); return (hdrlen); } } } else { if ((control & LLC_S_FMT) == LLC_S_FMT) { ND_PRINT("Supervisory, %s, rcv seq %u, Flags [%s], length %u", tok2str(llc_supervisory_values,"?",LLC_S_CMD(control)), LLC_IS_NR(control), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), length + hdrlen); return (hdrlen); /* no payload to print */ } else { ND_PRINT("Information, send seq %u, rcv seq %u, Flags [%s], length %u", LLC_I_NS(control), LLC_IS_NR(control), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), length + hdrlen); } } return (-hdrlen); }
static const char * fmt_sockaddr(struct sockaddr *sa, struct sockaddr *mask, int flags) { static char workbuf[128]; const char *cp; switch(sa->sa_family) { case AF_INET: { struct sockaddr_in *sockin = (struct sockaddr_in *)sa; if ((sockin->sin_addr.s_addr == INADDR_ANY) && mask && ntohl(((struct sockaddr_in *)mask)->sin_addr.s_addr) ==0L) cp = "default" ; else if (flags & RTF_HOST) cp = routename(sockin->sin_addr.s_addr); else if (mask) cp = netname(sockin->sin_addr.s_addr, ntohl(((struct sockaddr_in *)mask) ->sin_addr.s_addr)); else cp = netname(sockin->sin_addr.s_addr, 0L); break; } #ifdef INET6 case AF_INET6: { struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa; struct in6_addr *in6 = &sa6->sin6_addr; /* * XXX: This is a special workaround for KAME kernels. * sin6_scope_id field of SA should be set in the future. */ if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_MC_LINKLOCAL(in6) || IN6_IS_ADDR_MC_NODELOCAL(in6)) { /* XXX: override is ok? */ sa6->sin6_scope_id = (u_int32_t)ntohs(*(u_short *)&in6->s6_addr[2]); *(u_short *)&in6->s6_addr[2] = 0; } if (flags & RTF_HOST) cp = routename6(sa6); else if (mask) cp = netname6(sa6, &((struct sockaddr_in6 *)mask)->sin6_addr); else { cp = netname6(sa6, NULL); } break; } #endif /*INET6*/ case AF_IPX: { struct ipx_addr work = ((struct sockaddr_ipx *)sa)->sipx_addr; if (ipx_nullnet(satoipx_addr(work))) cp = "default"; else cp = ipx_print(sa); break; } case AF_APPLETALK: { if (!(flags & RTF_HOST) && mask) cp = atalk_print2(sa,mask,9); else cp = atalk_print(sa,11); break; } case AF_NETGRAPH: { printf("%s", ((struct sockaddr_ng *)sa)->sg_data); break; } case AF_LINK: { struct sockaddr_dl *sdl = (struct sockaddr_dl *)sa; if (sdl->sdl_nlen == 0 && sdl->sdl_alen == 0 && sdl->sdl_slen == 0) { (void) sprintf(workbuf, "link#%d", sdl->sdl_index); cp = workbuf; } else switch (sdl->sdl_type) { case IFT_ETHER: case IFT_L2VLAN: if (sdl->sdl_alen == ETHER_ADDR_LEN) { cp = ether_ntoa((struct ether_addr *) (sdl->sdl_data + sdl->sdl_nlen)); break; } /* FALLTHROUGH */ default: cp = link_ntoa(sdl); break; } break; } default: { u_char *s = (u_char *)sa->sa_data, *slim; char *cq, *cqlim; cq = workbuf; slim = sa->sa_len + (u_char *) sa; cqlim = cq + sizeof(workbuf) - 6; cq += sprintf(cq, "(%d)", sa->sa_family); while (s < slim && cq < cqlim) { cq += sprintf(cq, " %02x", *s++); if (s < slim) cq += sprintf(cq, "%02x", *s++); } cp = workbuf; } } return (cp); }
void gre_print_0(const u_char *bp, u_int length) { u_int len = length; u_int16_t flags, prot; flags = EXTRACT_16BITS(bp); if (vflag) printf(", Flags [%s]", bittok2str(gre_flag_values,"none",flags)); len -= 2; bp += 2; if (len < 2) goto trunc; prot = EXTRACT_16BITS(bp); len -= 2; bp += 2; if ((flags & GRE_CP) | (flags & GRE_RP)) { if (len < 2) goto trunc; if (vflag) printf(", sum 0x%x", EXTRACT_16BITS(bp)); bp += 2; len -= 2; if (len < 2) goto trunc; printf(", off 0x%x", EXTRACT_16BITS(bp)); bp += 2; len -= 2; } if (flags & GRE_KP) { if (len < 4) goto trunc; printf(", key=0x%x", EXTRACT_32BITS(bp)); bp += 4; len -= 4; } if (flags & GRE_SP) { if (len < 4) goto trunc; printf(", seq %u", EXTRACT_32BITS(bp)); bp += 4; len -= 4; } if (flags & GRE_RP) { for (;;) { u_int16_t af; u_int8_t sreoff; u_int8_t srelen; if (len < 4) goto trunc; af = EXTRACT_16BITS(bp); sreoff = *(bp + 2); srelen = *(bp + 3); bp += 4; len -= 4; if (af == 0 && srelen == 0) break; gre_sre_print(af, sreoff, srelen, bp, len); if (len < srelen) goto trunc; bp += srelen; len -= srelen; } } if (eflag) printf(", proto %s (0x%04x)", tok2str(ethertype_values,"unknown",prot), prot); printf(", length %u",length); if (vflag < 1) printf(": "); /* put in a colon as protocol demarc */ else printf("\n\t"); /* if verbose go multiline */ switch (prot) { case ETHERTYPE_IP: ip_print(gndo, bp, len); break; #ifdef INET6 case ETHERTYPE_IPV6: ip6_print(gndo, bp, len); break; #endif case ETHERTYPE_MPLS: mpls_print(bp, len); break; case ETHERTYPE_IPX: ipx_print(bp, len); break; case ETHERTYPE_ATALK: atalk_print(bp, len); break; case ETHERTYPE_GRE_ISO: isoclns_print(bp, len, len); break; case ETHERTYPE_TEB: ether_print(gndo, bp, len, len, NULL, NULL); break; default: printf("gre-proto-0x%x", prot); } return; trunc: printf("[|gre]"); }
static void gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length) { u_int len = length; uint16_t flags, prot; /* 16 bits ND_TCHECKed in gre_print() */ flags = EXTRACT_BE_U_2(bp); if (ndo->ndo_vflag) ND_PRINT(", Flags [%s]", bittok2str(gre_flag_values,"none",flags)); len -= 2; bp += 2; ND_TCHECK_2(bp); if (len < 2) goto trunc; prot = EXTRACT_BE_U_2(bp); len -= 2; bp += 2; if ((flags & GRE_CP) | (flags & GRE_RP)) { ND_TCHECK_2(bp); if (len < 2) goto trunc; if (ndo->ndo_vflag) ND_PRINT(", sum 0x%x", EXTRACT_BE_U_2(bp)); bp += 2; len -= 2; ND_TCHECK_2(bp); if (len < 2) goto trunc; ND_PRINT(", off 0x%x", EXTRACT_BE_U_2(bp)); bp += 2; len -= 2; } if (flags & GRE_KP) { ND_TCHECK_4(bp); if (len < 4) goto trunc; ND_PRINT(", key=0x%x", EXTRACT_BE_U_4(bp)); bp += 4; len -= 4; } if (flags & GRE_SP) { ND_TCHECK_4(bp); if (len < 4) goto trunc; ND_PRINT(", seq %u", EXTRACT_BE_U_4(bp)); bp += 4; len -= 4; } if (flags & GRE_RP) { for (;;) { uint16_t af; uint8_t sreoff; uint8_t srelen; ND_TCHECK_4(bp); if (len < 4) goto trunc; af = EXTRACT_BE_U_2(bp); sreoff = EXTRACT_U_1(bp + 2); srelen = EXTRACT_U_1(bp + 3); bp += 4; len -= 4; if (af == 0 && srelen == 0) break; if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len)) goto trunc; if (len < srelen) goto trunc; bp += srelen; len -= srelen; } } if (ndo->ndo_eflag) ND_PRINT(", proto %s (0x%04x)", tok2str(ethertype_values,"unknown",prot), prot); ND_PRINT(", length %u",length); if (ndo->ndo_vflag < 1) ND_PRINT(": "); /* put in a colon as protocol demarc */ else ND_PRINT("\n\t"); /* if verbose go multiline */ switch (prot) { case ETHERTYPE_IP: ip_print(ndo, bp, len); break; case ETHERTYPE_IPV6: ip6_print(ndo, bp, len); break; case ETHERTYPE_MPLS: mpls_print(ndo, bp, len); break; case ETHERTYPE_IPX: ipx_print(ndo, bp, len); break; case ETHERTYPE_ATALK: atalk_print(ndo, bp, len); break; case ETHERTYPE_GRE_ISO: isoclns_print(ndo, bp, len); break; case ETHERTYPE_TEB: ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL); break; default: ND_PRINT("gre-proto-0x%x", prot); } return; trunc: ND_PRINT("%s", tstr); }
/* * Returns non-zero IFF it succeeds in printing the header */ int llc_print(const u_char *p, u_int length, u_int caplen, const u_char *esrc, const u_char *edst, u_short *extracted_ethertype) { u_int8_t dsap, ssap; u_int16_t control; int is_u; register int ret; if (caplen < 3) { (void)printf("[|llc]"); default_print((u_char *)p, caplen); return(0); } dsap = *p; ssap = *(p + 1); /* * OK, what type of LLC frame is this? The length * of the control field depends on that - I frames * have a two-byte control field, and U frames have * a one-byte control field. */ control = *(p + 2); if ((control & LLC_U_FMT) == LLC_U_FMT) { /* * U frame. */ is_u = 1; } else { /* * The control field in I and S frames is * 2 bytes... */ if (caplen < 4) { (void)printf("[|llc]"); default_print((u_char *)p, caplen); return(0); } /* * ...and is little-endian. */ control = EXTRACT_LE_16BITS(p + 2); is_u = 0; } #if !defined(EMBED) || defined(CONFIG_IPX) || defined(CONFIG_IPX_MODULE) if (ssap == LLCSAP_GLOBAL && dsap == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an * 802.3 header (i.e., an Ethernet header where the * type/length field is <= ETHERMTU, i.e. it's a length * field, not a type field), but has no 802.2 header - * the IPX packet starts right after the Ethernet header, * with a signature of two bytes of 0xFF (which is * LLCSAP_GLOBAL). * * (It might also have been an Ethernet_802.3 IPX at * one time, but got bridged onto another network, * such as an 802.11 network; this has appeared in at * least one capture file.) */ if (eflag) printf("IPX-802.3: "); ipx_print(p, length); return (1); } #endif if (eflag) { if (is_u) { printf("LLC, dsap %s (0x%02x), ssap %s (0x%02x), cmd 0x%02x: ", tok2str(llc_values, "Unknown", dsap), dsap, tok2str(llc_values, "Unknown", ssap), ssap, control); } else { printf("LLC, dsap %s (0x%02x), ssap %s (0x%02x), cmd 0x%04x: ", tok2str(llc_values, "Unknown", dsap), dsap, tok2str(llc_values, "Unknown", ssap), ssap, control); } } #if !defined(EMBED) || defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D && control == LLC_UI) { stp_print(p+3, length-3); return (1); } #endif if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { ip_print(gndo, p+4, length-4); return (1); } #if !defined(EMBED) || defined(CONFIG_IPX) || defined(CONFIG_IPX_MODULE) if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { /* * This is an Ethernet_802.2 IPX frame, with an 802.3 * header and an 802.2 LLC header with the source and * destination SAPs being the IPX SAP. * * Skip DSAP, LSAP, and control field. */ printf("(NOV-802.2) "); ipx_print(p+3, length-3); return (1); } #endif #ifdef TCPDUMP_DO_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) { /* * we don't actually have a full netbeui parser yet, but the * smb parser can handle many smb-in-netbeui packets, which * is very useful, so we call that * * We don't call it for S frames, however, just I frames * (which are frames that don't have the low-order bit, * LLC_S_FMT, set in the first byte of the control field) * and UI frames (whose control field is just 3, LLC_U_FMT). */ /* * Skip the LLC header. */ if (is_u) { p += 3; length -= 3; caplen -= 3; } else { p += 4; length -= 4; caplen -= 4; } netbeui_print(control, p, length); return (1); } #endif #if !defined(EMBED) if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { isoclns_print(p + 3, length - 3, caplen - 3); return (1); } #endif if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP && control == LLC_UI) { /* * XXX - what *is* the right bridge pad value here? * Does anybody ever bridge one form of LAN traffic * over a networking type that uses 802.2 LLC? */ ret = snap_print(p+3, length-3, caplen-3, extracted_ethertype, 2); if (ret) return (ret); } if (!eflag) { if ((ssap & ~LLC_GSAP) == dsap) { if (esrc == NULL || edst == NULL) (void)printf("%s ", llcsap_string(dsap)); else (void)printf("%s > %s %s ", etheraddr_string(esrc), etheraddr_string(edst), llcsap_string(dsap)); } else { if (esrc == NULL || edst == NULL) (void)printf("%s > %s ", llcsap_string(ssap & ~LLC_GSAP), llcsap_string(dsap)); else (void)printf("%s %s > %s %s ", etheraddr_string(esrc), llcsap_string(ssap & ~LLC_GSAP), etheraddr_string(edst), llcsap_string(dsap)); } } if (is_u) { const char *m; char f; m = tok2str(cmd2str, "%02x", LLC_U_CMD(control)); switch ((ssap & LLC_GSAP) | (control & LLC_U_POLL)) { case 0: f = 'C'; break; case LLC_GSAP: f = 'R'; break; case LLC_U_POLL: f = 'P'; break; case LLC_GSAP|LLC_U_POLL: f = 'F'; break; default: f = '?'; break; } printf("%s/%c", m, f); p += 3; length -= 3; caplen -= 3; if ((control & ~LLC_U_POLL) == LLC_XID) { if (*p == LLC_XID_FI) { printf(": %02x %02x", p[1], p[2]); p += 3; length -= 3; caplen -= 3; } } } else { char f; switch ((ssap & LLC_GSAP) | (control & LLC_IS_POLL)) { case 0: f = 'C'; break; case LLC_GSAP: f = 'R'; break; case LLC_IS_POLL: f = 'P'; break; case LLC_GSAP|LLC_IS_POLL: f = 'F'; break; default: f = '?'; break; } if ((control & LLC_S_FMT) == LLC_S_FMT) { static const char *llc_s[] = { "rr", "rej", "rnr", "03" }; (void)printf("%s (r=%d,%c)", llc_s[LLC_S_CMD(control)], LLC_IS_NR(control), f); } else { (void)printf("I (s=%d,r=%d,%c)", LLC_I_NS(control), LLC_IS_NR(control), f); } p += 4; length -= 4; caplen -= 4; } return(1); }
/* * This is the top level routine of the printer. 'p' points to the * Linux "cooked capture" header of the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int sll_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; register const struct sll_header *sllp; u_short ether_type; int llc_hdrlen; u_int hdrlen; if (caplen < SLL_HDR_LEN) { /* * XXX - this "can't happen" because "pcap-linux.c" always * adds this many bytes of header to every packet in a * cooked socket capture. */ ND_PRINT((ndo, "[|sll]")); return (caplen); } sllp = (const struct sll_header *)p; if (ndo->ndo_eflag) sll_print(ndo, sllp, length); /* * Go past the cooked-mode header. */ length -= SLL_HDR_LEN; caplen -= SLL_HDR_LEN; p += SLL_HDR_LEN; hdrlen = SLL_HDR_LEN; ether_type = EXTRACT_16BITS(&sllp->sll_protocol); recurse: /* * Is it (gag) an 802.3 encapsulation, or some non-Ethernet * packet type? */ if (ether_type <= ETHERMTU) { /* * Yes - what type is it? */ switch (ether_type) { case LINUX_SLL_P_802_3: /* * Ethernet_802.3 IPX frame. */ ipx_print(ndo, p, length); break; case LINUX_SLL_P_802_2: /* * 802.2. * Try to print the LLC-layer header & higher layers. */ llc_hdrlen = llc_print(ndo, p, length, caplen, NULL, NULL); if (llc_hdrlen < 0) goto unknown; /* unknown LLC type */ hdrlen += llc_hdrlen; break; default: /*FALLTHROUGH*/ unknown: /* packet type not known, print raw packet */ if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); break; } } else if (ether_type == ETHERTYPE_8021Q) { /* * Print VLAN information, and then go back and process * the enclosed type field. */ if (caplen < 4) { ND_PRINT((ndo, "[|vlan]")); return (hdrlen + caplen); } if (length < 4) { ND_PRINT((ndo, "[|vlan]")); return (hdrlen + length); } if (ndo->ndo_eflag) { uint16_t tag = EXTRACT_16BITS(p); ND_PRINT((ndo, "%s, ", ieee8021q_tci_string(tag))); } ether_type = EXTRACT_16BITS(p + 2); if (ether_type <= ETHERMTU) ether_type = LINUX_SLL_P_802_2; if (!ndo->ndo_qflag) { ND_PRINT((ndo, "ethertype %s, ", tok2str(ethertype_values, "Unknown", ether_type))); } p += 4; length -= 4; caplen -= 4; hdrlen += 4; goto recurse; } else { if (ethertype_print(ndo, ether_type, p, length, caplen) == 0) { /* ether_type not known, print raw packet */ if (!ndo->ndo_eflag) sll_print(ndo, sllp, length + SLL_HDR_LEN); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } } return (hdrlen); }
/* * Returns non-zero IFF it succeeds in printing the header */ int llc_print(const u_char *p, u_int length, u_int caplen, const u_char *esrc, const u_char *edst) { struct llc llc; register u_short et; register int ret; if (caplen < 3) { (void)printf("[|llc]"); default_print((u_char *)p, caplen); return(0); } /* Watch out for possible alignment problems */ memcpy((char *)&llc, (char *)p, min(caplen, sizeof(llc))); if (llc.ssap == LLCSAP_GLOBAL && llc.dsap == LLCSAP_GLOBAL) { ipx_print(p, length); return (1); } #ifdef notyet else if (p[0] == 0xf0 && p[1] == 0xf0) netbios_print(p, length); #endif if (llc.ssap == LLCSAP_ISONS && llc.dsap == LLCSAP_ISONS && llc.llcui == LLC_UI) { isoclns_print(p + 3, length - 3, caplen - 3, esrc, edst); return (1); } if (llc.ssap == LLCSAP_SNAP && llc.dsap == LLCSAP_SNAP && llc.llcui == LLC_UI) { if (caplen < sizeof(llc)) { (void)printf("[|llc-snap]"); default_print((u_char *)p, caplen); return (0); } if (vflag) (void)printf("snap %s ", protoid_string(llc.llcpi)); caplen -= sizeof(llc); length -= sizeof(llc); p += sizeof(llc); /* This is an encapsulated Ethernet packet */ et = EXTRACT_16BITS(&llc.ethertype[0]); ret = ether_encap_print(et, p, length, caplen); if (ret) return (ret); } if ((llc.ssap & ~LLC_GSAP) == llc.dsap) { if (eflag) (void)printf("%s ", llcsap_string(llc.dsap)); else (void)printf("%s > %s %s ", etheraddr_string(esrc), etheraddr_string(edst), llcsap_string(llc.dsap)); } else { if (eflag) (void)printf("%s > %s ", llcsap_string(llc.ssap & ~LLC_GSAP), llcsap_string(llc.dsap)); else (void)printf("%s %s > %s %s ", etheraddr_string(esrc), llcsap_string(llc.ssap & ~LLC_GSAP), etheraddr_string(edst), llcsap_string(llc.dsap)); } if ((llc.llcu & LLC_U_FMT) == LLC_U_FMT) { const char *m; char f; m = tok2str(cmd2str, "%02x", LLC_U_CMD(llc.llcu)); switch ((llc.ssap & LLC_GSAP) | (llc.llcu & LLC_U_POLL)) { case 0: f = 'C'; break; case LLC_GSAP: f = 'R'; break; case LLC_U_POLL: f = 'P'; break; case LLC_GSAP|LLC_U_POLL: f = 'F'; break; default: f = '?'; break; } printf("%s/%c", m, f); p += 3; length -= 3; caplen -= 3; if ((llc.llcu & ~LLC_U_POLL) == LLC_XID) { if (*p == LLC_XID_FI) { printf(": %02x %02x", p[1], p[2]); p += 3; length -= 3; caplen -= 3; } } } else { char f; llc.llcis = ntohs(llc.llcis); switch ((llc.ssap & LLC_GSAP) | (llc.llcu & LLC_U_POLL)) { case 0: f = 'C'; break; case LLC_GSAP: f = 'R'; break; case LLC_U_POLL: f = 'P'; break; case LLC_GSAP|LLC_U_POLL: f = 'F'; break; default: f = '?'; break; } if ((llc.llcu & LLC_S_FMT) == LLC_S_FMT) { static char *llc_s[] = { "rr", "rej", "rnr", "03" }; (void)printf("%s (r=%d,%c)", llc_s[LLC_S_CMD(llc.llcis)], LLC_IS_NR(llc.llcis), f); } else { (void)printf("I (s=%d,r=%d,%c)", LLC_I_NS(llc.llcis), LLC_IS_NR(llc.llcis), f); } p += 4; length -= 4; caplen -= 4; } (void)printf(" len=%d", length); if (caplen > 0) { default_print_unaligned(p, caplen); } return(1); }