void
otv_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t flags;
ND_PRINT((ndo, "OTV, "));
if (len < 8)
goto trunc;
ND_TCHECK(*bp);
flags = *bp;
ND_PRINT((ndo, "flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags));
bp += 1;
ND_TCHECK2(*bp, 3);
ND_PRINT((ndo, "overlay %u, ", EXTRACT_24BITS(bp)));
bp += 3;
ND_TCHECK2(*bp, 3);
ND_PRINT((ndo, "instance %u\n", EXTRACT_24BITS(bp)));
bp += 3;
/* Reserved */
ND_TCHECK(*bp);
bp += 1;
ether_print(ndo, bp, len - 8, ndo->ndo_snapend - bp, NULL, NULL);
return;
trunc:
ND_PRINT((ndo, " [|OTV]"));
}
/*
* This is the top level routine of the printer. 'p' points
* to the LANE header of the packet, 'h->ts' is the timestamp,
* 'h->len' is the length of the packet off the wire, and 'h->caplen'
* is the number of bytes actually captured.
*
* This assumes 802.3, not 802.5, LAN emulation.
*/
void
lane_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
{
struct lane_controlhdr *lec;
if (caplen < sizeof(struct lane_controlhdr)) {
ND_PRINT((ndo, "[|lane]"));
return;
}
lec = (struct lane_controlhdr *)p;
if (EXTRACT_16BITS(&lec->lec_header) == 0xff00) {
/*
* LE Control.
*/
ND_PRINT((ndo, "lec: proto %x vers %x %s",
lec->lec_proto, lec->lec_vers,
tok2str(lecop2str, "opcode-#%u", EXTRACT_16BITS(&lec->lec_opcode))));
return;
}
/*
* Go past the LE header.
*/
length -= 2;
caplen -= 2;
p += 2;
/*
* Now print the encapsulated frame, under the assumption
* that it's an Ethernet frame.
*/
ether_print(ndo, p, length, caplen, lane_hdr_print, p - 2);
}
void
vxlan_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t flags;
uint32_t vni;
ndo->ndo_protocol = "vxlan";
if (len < VXLAN_HDR_LEN)
goto trunc;
ND_TCHECK_LEN(bp, VXLAN_HDR_LEN);
flags = EXTRACT_U_1(bp);
bp += 4;
vni = EXTRACT_BE_U_3(bp);
bp += 4;
ND_PRINT("VXLAN, ");
ND_PRINT("flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags);
ND_PRINT("vni %u\n", vni);
ether_print(ndo, bp, len - VXLAN_HDR_LEN, ndo->ndo_snapend - bp, NULL, NULL);
return;
trunc:
nd_print_trunc(ndo);
}
void
vxlan_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t flags;
uint32_t vni;
if (len < VXLAN_HDR_LEN)
goto trunc;
ND_TCHECK2(*bp, VXLAN_HDR_LEN);
flags = *bp;
bp += 4;
vni = EXTRACT_24BITS(bp);
bp += 4;
ND_PRINT((ndo, "VXLAN, "));
ND_PRINT((ndo, "flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags));
ND_PRINT((ndo, "vni %u\n", vni));
ether_print(ndo, bp, len - VXLAN_HDR_LEN, len - VXLAN_HDR_LEN, NULL, NULL);
return;
trunc:
ND_PRINT((ndo, "%s", tstr));
}
/*
* This is the top level routine of the printer. 'p' points
* to the ether header of the packet, 'h->ts' is the timestamp,
* 'h->len' is the length of the packet off the wire, and 'h->caplen'
* is the number of bytes actually captured.
*/
u_int
ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
const u_char *p)
{
ether_print(ndo, p, h->len, h->caplen, NULL, NULL);
return (ETHER_HDRLEN);
}
/*
* Display an arp entry
*/
void
print_entry(struct sockaddr_dl *sdl, struct sockaddr_inarp *sin,
struct rt_msghdr *rtm)
{
char ifname[IFNAMSIZ], *host;
struct hostent *hp;
hp = 0;
host = "?";
if (sdl->sdl_alen)
ether_print(LLADDR(sdl));
}
void
vxlan_gpe_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t flags;
uint8_t next_protocol;
uint32_t vni;
if (len < VXLAN_GPE_HDR_LEN)
goto trunc;
ND_TCHECK2(*bp, VXLAN_GPE_HDR_LEN);
flags = *bp;
bp += 3;
next_protocol = *bp;
bp += 1;
vni = EXTRACT_24BITS(bp);
bp += 4;
ND_PRINT((ndo, "VXLAN-GPE, "));
ND_PRINT((ndo, "flags [%s], ",
bittok2str_nosep(vxlan_gpe_flags, "none", flags)));
ND_PRINT((ndo, "vni %u", vni));
ND_PRINT((ndo, ndo->ndo_vflag ? "\n " : ": "));
switch (next_protocol) {
case 0x1:
ip_print(ndo, bp, len - 8);
break;
case 0x2:
ip6_print(ndo, bp, len - 8);
break;
case 0x3:
ether_print(ndo, bp, len - 8, len - 8, NULL, NULL);
break;
case 0x4:
nsh_print(ndo, bp, len - 8);
break;
case 0x5:
mpls_print(ndo, bp, len - 8);
break;
default:
ND_PRINT((ndo, "ERROR: unknown-next-protocol"));
return;
}
return;
trunc:
ND_PRINT((ndo, "%s", tstr));
}
u_int
juniper_ether_print(const struct pcap_pkthdr *h, packetbody_t p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_ETHER;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
/* this DLT contains nothing but raw Ethernet frames */
ether_print(gndo, p, l2info.length, l2info.caplen, NULL, NULL);
return l2info.header_len;
}
u_int
juniper_ether_print(const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_ETHER;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
/* this DLT contains nothing but raw Ethernet frames */
ether_print(p, l2info.length, l2info.caplen);
return l2info.header_len;
}
u_int
juniper_ether_print(const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_ETHER;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
ether_print(p, l2info.length, l2info.caplen);
return l2info.header_len;
}
u_int
juniper_pppoe_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_PPPOE;
if (juniper_parse_header(ndo, p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
/* this DLT contains nothing but raw ethernet frames */
ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
return l2info.header_len;
}
/*
* This is the top level routine of the printer. 'p' points
* to the ether header of the packet, 'h->len' is the length
* of the packet off the wire, and 'h->caplen' is the number
* of bytes actually captured.
*
* This is for DLT_NETANALYZER, which has a 4-byte pseudo-header
* before the Ethernet header.
*/
u_int
netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
const u_char *p)
{
/*
* Fail if we don't have enough data for the Hilscher pseudo-header.
*/
if (h->len < 4 || h->caplen < 4) {
ND_PRINT((ndo, "[|netanalyzer]"));
return (h->caplen);
}
/* Skip the pseudo-header. */
return (4 + ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL));
}
u_int
juniper_atm2_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, register const u_char *p)
{
uint16_t extracted_ethertype;
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_ATM2;
if (juniper_parse_header(ndo, p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
if (l2info.cookie[7] & ATM2_PKT_TYPE_MASK) { /* OAM cell ? */
oam_print(ndo, p, l2info.length, ATM_OAM_NOHEC);
return l2info.header_len;
}
if (EXTRACT_24BITS(p) == 0xfefe03 || /* NLPID encaps ? */
EXTRACT_24BITS(p) == 0xaaaa03) { /* SNAP encaps ? */
if (llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL,
&extracted_ethertype) != 0)
return l2info.header_len;
}
if (l2info.direction != JUNIPER_BPF_PKT_IN && /* ether-over-1483 encaps ? */
(EXTRACT_32BITS(l2info.cookie) & ATM2_GAP_COUNT_MASK)) {
ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
return l2info.header_len;
}
if (p[0] == 0x03) { /* Cisco style NLPID encaps ? */
isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1);
/* FIXME check if frame was recognized */
return l2info.header_len;
}
if(juniper_ppp_heuristic_guess(ndo, p, l2info.length) != 0) /* PPPoA vcmux encaps ? */
return l2info.header_len;
if (ip_heuristic_guess(ndo, p, l2info.length) != 0) /* last try - vcmux encaps ? */
return l2info.header_len;
return l2info.header_len;
}
/*
* This is the top level routine of the printer. 'p' points
* to the ether header of the packet, 'h->len' is the length
* of the packet off the wire, and 'h->caplen' is the number
* of bytes actually captured.
*
* This is for DLT_NETANALYZER_TRANSPARENT, which has a 4-byte
* pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF
* before the Ethernet header.
*/
u_int
netanalyzer_transparent_if_print(netdissect_options *ndo,
const struct pcap_pkthdr *h,
const u_char *p)
{
/*
* Fail if we don't have enough data for the Hilscher pseudo-header,
* preamble, and SOF.
*/
if (h->len < 12 || h->caplen < 12) {
ND_PRINT((ndo, "[|netanalyzer-transparent]"));
return (h->caplen);
}
/* Skip the pseudo-header, preamble, and SOF. */
return (12 + ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL));
}
u_int
juniper_atm2_print(const struct pcap_pkthdr *h, register const u_char *p)
{
u_int16_t extracted_ethertype;
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_ATM2;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
if (l2info.cookie[7] & ATM2_PKT_TYPE_MASK) {
oam_print(p,l2info.length,ATM_OAM_NOHEC);
return l2info.header_len;
}
if (EXTRACT_24BITS(p) == 0xfefe03 ||
EXTRACT_24BITS(p) == 0xaaaa03) {
if (llc_print(p, l2info.length, l2info.caplen, NULL, NULL,
&extracted_ethertype) != 0)
return l2info.header_len;
}
if (l2info.direction != JUNIPER_BPF_PKT_IN &&
(EXTRACT_32BITS(l2info.cookie) & ATM2_GAP_COUNT_MASK)) {
ether_print(p, l2info.length, l2info.caplen);
return l2info.header_len;
}
if (p[0] == 0x03) {
isoclns_print(p + 1, l2info.length - 1, l2info.caplen - 1);
return l2info.header_len;
}
if(juniper_ppp_heuristic_guess(p, l2info.length) != 0)
return l2info.header_len;
if(ip_heuristic_guess(p, l2info.length) != 0)
return l2info.header_len;
return l2info.header_len;
}
/*
* This is the top level routine of the printer. 'p' points
* to the LANE header of the packet, 'h->ts' is the timestamp,
* 'h->len' is the length of the packet off the wire, and 'h->caplen'
* is the number of bytes actually captured.
*
* This assumes 802.3, not 802.5, LAN emulation.
*/
void
lane_print(packetbody_t p, u_int length, u_int caplen)
{
packetbody_t hdr;
__capability struct lane_controlhdr *lec;
if (caplen < sizeof(struct lane_controlhdr)) {
printf("[|lane]");
return;
}
lec = (__capability struct lane_controlhdr *)p;
if (EXTRACT_16BITS(&lec->lec_header) == 0xff00) {
/*
* LE Control.
*/
printf("lec: proto %x vers %x %s",
lec->lec_proto, lec->lec_vers,
tok2str(lecop2str, "opcode-#%u", EXTRACT_16BITS(&lec->lec_opcode)));
return;
}
hdr = p;
/*
* Go past the LE header.
*/
length -= 2;
caplen -= 2;
p += 2;
/*
* Now print the encapsulated frame, under the assumption
* that it's an Ethernet frame.
*/
ether_print(gndo, p, length, caplen, lane_hdr_print, hdr);
}
static void
gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length)
{
u_int len = length;
uint16_t flags, prot;
/* 16 bits ND_TCHECKed in gre_print() */
flags = EXTRACT_BE_U_2(bp);
if (ndo->ndo_vflag)
ND_PRINT(", Flags [%s]",
bittok2str(gre_flag_values,"none",flags));
len -= 2;
bp += 2;
ND_TCHECK_2(bp);
if (len < 2)
goto trunc;
prot = EXTRACT_BE_U_2(bp);
len -= 2;
bp += 2;
if ((flags & GRE_CP) | (flags & GRE_RP)) {
ND_TCHECK_2(bp);
if (len < 2)
goto trunc;
if (ndo->ndo_vflag)
ND_PRINT(", sum 0x%x", EXTRACT_BE_U_2(bp));
bp += 2;
len -= 2;
ND_TCHECK_2(bp);
if (len < 2)
goto trunc;
ND_PRINT(", off 0x%x", EXTRACT_BE_U_2(bp));
bp += 2;
len -= 2;
}
if (flags & GRE_KP) {
ND_TCHECK_4(bp);
if (len < 4)
goto trunc;
ND_PRINT(", key=0x%x", EXTRACT_BE_U_4(bp));
bp += 4;
len -= 4;
}
if (flags & GRE_SP) {
ND_TCHECK_4(bp);
if (len < 4)
goto trunc;
ND_PRINT(", seq %u", EXTRACT_BE_U_4(bp));
bp += 4;
len -= 4;
}
if (flags & GRE_RP) {
for (;;) {
uint16_t af;
uint8_t sreoff;
uint8_t srelen;
ND_TCHECK_4(bp);
if (len < 4)
goto trunc;
af = EXTRACT_BE_U_2(bp);
sreoff = EXTRACT_U_1(bp + 2);
srelen = EXTRACT_U_1(bp + 3);
bp += 4;
len -= 4;
if (af == 0 && srelen == 0)
break;
if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len))
goto trunc;
if (len < srelen)
goto trunc;
bp += srelen;
len -= srelen;
}
}
if (ndo->ndo_eflag)
ND_PRINT(", proto %s (0x%04x)",
tok2str(ethertype_values,"unknown",prot),
prot);
ND_PRINT(", length %u",length);
if (ndo->ndo_vflag < 1)
ND_PRINT(": "); /* put in a colon as protocol demarc */
else
ND_PRINT("\n\t"); /* if verbose go multiline */
switch (prot) {
case ETHERTYPE_IP:
ip_print(ndo, bp, len);
break;
case ETHERTYPE_IPV6:
ip6_print(ndo, bp, len);
break;
case ETHERTYPE_MPLS:
mpls_print(ndo, bp, len);
break;
case ETHERTYPE_IPX:
ipx_print(ndo, bp, len);
break;
case ETHERTYPE_ATALK:
atalk_print(ndo, bp, len);
break;
case ETHERTYPE_GRE_ISO:
isoclns_print(ndo, bp, len);
break;
case ETHERTYPE_TEB:
ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL);
break;
default:
ND_PRINT("gre-proto-0x%x", prot);
}
return;
trunc:
ND_PRINT("%s", tstr);
}
void
geneve_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t ver_opt;
u_int version;
uint8_t flags;
uint16_t prot;
uint32_t vni;
uint8_t reserved;
u_int opts_len;
ndo->ndo_protocol = "geneve";
ND_PRINT("Geneve");
ND_TCHECK_8(bp);
ver_opt = GET_U_1(bp);
bp += 1;
len -= 1;
version = ver_opt >> VER_SHIFT;
if (version != 0) {
ND_PRINT(" ERROR: unknown-version %u", version);
return;
}
flags = GET_U_1(bp);
bp += 1;
len -= 1;
prot = GET_BE_U_2(bp);
bp += 2;
len -= 2;
vni = GET_BE_U_3(bp);
bp += 3;
len -= 3;
reserved = GET_U_1(bp);
bp += 1;
len -= 1;
ND_PRINT(", Flags [%s]",
bittok2str_nosep(geneve_flag_values, "none", flags));
ND_PRINT(", vni 0x%x", vni);
if (reserved)
ND_PRINT(", rsvd 0x%x", reserved);
if (ndo->ndo_eflag)
ND_PRINT(", proto %s (0x%04x)",
tok2str(ethertype_values, "unknown", prot), prot);
opts_len = (ver_opt & HDR_OPTS_LEN_MASK) * 4;
if (len < opts_len) {
ND_PRINT(" truncated-geneve - %u bytes missing",
opts_len - len);
return;
}
ND_TCHECK_LEN(bp, opts_len);
if (opts_len > 0) {
ND_PRINT(", options [");
if (ndo->ndo_vflag)
geneve_opts_print(ndo, bp, opts_len);
else
ND_PRINT("%u bytes", opts_len);
ND_PRINT("]");
}
bp += opts_len;
len -= opts_len;
if (ndo->ndo_vflag < 1)
ND_PRINT(": ");
else
ND_PRINT("\n\t");
if (ethertype_print(ndo, prot, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL) == 0) {
if (prot == ETHERTYPE_TEB)
ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
else
ND_PRINT("geneve-proto-0x%x", prot);
}
return;
trunc:
nd_print_trunc(ndo);
}
void
gre_print_0(const u_char *bp, u_int length)
{
u_int len = length;
u_int16_t flags, prot;
flags = EXTRACT_16BITS(bp);
if (vflag)
printf(", Flags [%s]",
bittok2str(gre_flag_values,"none",flags));
len -= 2;
bp += 2;
if (len < 2)
goto trunc;
prot = EXTRACT_16BITS(bp);
len -= 2;
bp += 2;
if ((flags & GRE_CP) | (flags & GRE_RP)) {
if (len < 2)
goto trunc;
if (vflag)
printf(", sum 0x%x", EXTRACT_16BITS(bp));
bp += 2;
len -= 2;
if (len < 2)
goto trunc;
printf(", off 0x%x", EXTRACT_16BITS(bp));
bp += 2;
len -= 2;
}
if (flags & GRE_KP) {
if (len < 4)
goto trunc;
printf(", key=0x%x", EXTRACT_32BITS(bp));
bp += 4;
len -= 4;
}
if (flags & GRE_SP) {
if (len < 4)
goto trunc;
printf(", seq %u", EXTRACT_32BITS(bp));
bp += 4;
len -= 4;
}
if (flags & GRE_RP) {
for (;;) {
u_int16_t af;
u_int8_t sreoff;
u_int8_t srelen;
if (len < 4)
goto trunc;
af = EXTRACT_16BITS(bp);
sreoff = *(bp + 2);
srelen = *(bp + 3);
bp += 4;
len -= 4;
if (af == 0 && srelen == 0)
break;
gre_sre_print(af, sreoff, srelen, bp, len);
if (len < srelen)
goto trunc;
bp += srelen;
len -= srelen;
}
}
if (eflag)
printf(", proto %s (0x%04x)",
tok2str(ethertype_values,"unknown",prot),
prot);
printf(", length %u",length);
if (vflag < 1)
printf(": "); /* put in a colon as protocol demarc */
else
printf("\n\t"); /* if verbose go multiline */
switch (prot) {
case ETHERTYPE_IP:
ip_print(gndo, bp, len);
break;
#ifdef INET6
case ETHERTYPE_IPV6:
ip6_print(gndo, bp, len);
break;
#endif
case ETHERTYPE_MPLS:
mpls_print(bp, len);
break;
case ETHERTYPE_IPX:
ipx_print(bp, len);
break;
case ETHERTYPE_ATALK:
atalk_print(bp, len);
break;
case ETHERTYPE_GRE_ISO:
isoclns_print(bp, len, len);
break;
case ETHERTYPE_TEB:
ether_print(gndo, bp, len, len, NULL, NULL);
break;
default:
printf("gre-proto-0x%x", prot);
}
return;
trunc:
printf("[|gre]");
}
void
geneve_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t ver_opt;
u_int version;
uint8_t flags;
uint16_t prot;
uint32_t vni;
uint8_t reserved;
u_int opts_len;
ND_PRINT((ndo, "Geneve"));
ND_TCHECK2(*bp, 8);
ver_opt = *bp;
bp += 1;
len -= 1;
version = ver_opt >> VER_SHIFT;
if (version != 0) {
ND_PRINT((ndo, " ERROR: unknown-version %u", version));
return;
}
flags = *bp;
bp += 1;
len -= 1;
prot = EXTRACT_16BITS(bp);
bp += 2;
len -= 2;
vni = EXTRACT_24BITS(bp);
bp += 3;
len -= 3;
reserved = *bp;
bp += 1;
len -= 1;
ND_PRINT((ndo, ", Flags [%s]",
bittok2str_nosep(geneve_flag_values, "none", flags)));
ND_PRINT((ndo, ", vni 0x%x", vni));
if (reserved)
ND_PRINT((ndo, ", rsvd 0x%x", reserved));
if (ndo->ndo_eflag)
ND_PRINT((ndo, ", proto %s (0x%04x)",
tok2str(ethertype_values, "unknown", prot), prot));
opts_len = (ver_opt & HDR_OPTS_LEN_MASK) * 4;
if (len < opts_len) {
ND_PRINT((ndo, " truncated-geneve - %u bytes missing",
opts_len - len));
return;
}
ND_TCHECK2(*bp, opts_len);
if (opts_len > 0) {
ND_PRINT((ndo, ", options ["));
if (ndo->ndo_vflag)
geneve_opts_print(ndo, bp, opts_len);
else
ND_PRINT((ndo, "%u bytes", opts_len));
ND_PRINT((ndo, "]"));
}
bp += opts_len;
len -= opts_len;
if (ndo->ndo_vflag < 1)
ND_PRINT((ndo, ": "));
else
ND_PRINT((ndo, "\n\t"));
if (ethertype_print(ndo, prot, bp, len, len) == 0) {
if (prot == ETHERTYPE_TEB)
ether_print(ndo, bp, len, len, NULL, NULL);
else
ND_PRINT((ndo, "geneve-proto-0x%x", prot));
}
return;
trunc:
ND_PRINT((ndo, " [|geneve]"));
}
int
snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
const struct lladdr_info *src, const struct lladdr_info *dst,
u_int bridge_pad)
{
uint32_t orgcode;
u_short et;
int ret;
ND_TCHECK_5(p);
if (caplen < 5 || length < 5)
goto trunc;
orgcode = EXTRACT_BE_U_3(p);
et = EXTRACT_BE_U_2(p + 3);
if (ndo->ndo_eflag) {
/*
* Somebody's already printed the MAC addresses, if there
* are any, so just print the SNAP header, not the MAC
* addresses.
*/
ND_PRINT("oui %s (0x%06x), %s %s (0x%04x), length %u: ",
tok2str(oui_values, "Unknown", orgcode),
orgcode,
(orgcode == 0x000000 ? "ethertype" : "pid"),
tok2str(oui_to_struct_tok(orgcode), "Unknown", et),
et, length - 5);
}
p += 5;
length -= 5;
caplen -= 5;
switch (orgcode) {
case OUI_ENCAP_ETHER:
case OUI_CISCO_90:
/*
* This is an encapsulated Ethernet packet,
* or a packet bridged by some piece of
* Cisco hardware; the protocol ID is
* an Ethernet protocol type.
*/
ret = ethertype_print(ndo, et, p, length, caplen, src, dst);
if (ret)
return (ret);
break;
case OUI_APPLETALK:
if (et == ETHERTYPE_ATALK) {
/*
* No, I have no idea why Apple used one
* of their own OUIs, rather than
* 0x000000, and an Ethernet packet
* type, for Appletalk data packets,
* but used 0x000000 and an Ethernet
* packet type for AARP packets.
*/
ret = ethertype_print(ndo, et, p, length, caplen, src, dst);
if (ret)
return (ret);
}
break;
case OUI_CISCO:
switch (et) {
case PID_CISCO_CDP:
cdp_print(ndo, p, length, caplen);
return (1);
case PID_CISCO_DTP:
dtp_print(ndo, p, length);
return (1);
case PID_CISCO_UDLD:
udld_print(ndo, p, length);
return (1);
case PID_CISCO_VTP:
vtp_print(ndo, p, length);
return (1);
case PID_CISCO_PVST:
case PID_CISCO_VLANBRIDGE:
stp_print(ndo, p, length);
return (1);
default:
break;
}
break;
case OUI_RFC2684:
switch (et) {
case PID_RFC2684_ETH_FCS:
case PID_RFC2684_ETH_NOFCS:
/*
* XXX - remove the last two bytes for
* PID_RFC2684_ETH_FCS?
*/
/*
* Skip the padding.
*/
ND_TCHECK_LEN(p, bridge_pad);
caplen -= bridge_pad;
length -= bridge_pad;
p += bridge_pad;
/*
* What remains is an Ethernet packet.
*/
ether_print(ndo, p, length, caplen, NULL, NULL);
return (1);
case PID_RFC2684_802_5_FCS:
case PID_RFC2684_802_5_NOFCS:
/*
* XXX - remove the last two bytes for
* PID_RFC2684_ETH_FCS?
*/
/*
* Skip the padding, but not the Access
* Control field.
*/
ND_TCHECK_LEN(p, bridge_pad);
caplen -= bridge_pad;
length -= bridge_pad;
p += bridge_pad;
/*
* What remains is an 802.5 Token Ring
* packet.
*/
token_print(ndo, p, length, caplen);
return (1);
case PID_RFC2684_FDDI_FCS:
case PID_RFC2684_FDDI_NOFCS:
/*
* XXX - remove the last two bytes for
* PID_RFC2684_ETH_FCS?
*/
/*
* Skip the padding.
*/
ND_TCHECK_LEN(p, bridge_pad + 1);
caplen -= bridge_pad + 1;
length -= bridge_pad + 1;
p += bridge_pad + 1;
/*
* What remains is an FDDI packet.
*/
fddi_print(ndo, p, length, caplen);
return (1);
case PID_RFC2684_BPDU:
stp_print(ndo, p, length);
return (1);
}
}
if (!ndo->ndo_eflag) {
/*
* Nobody printed the link-layer addresses, so print them, if
* we have any.
*/
if (src != NULL && dst != NULL) {
ND_PRINT("%s > %s ",
(src->addr_string)(ndo, src->addr),
(dst->addr_string)(ndo, dst->addr));
}
/*
* Print the SNAP header, but if the OUI is 000000, don't
* bother printing it, and report the PID as being an
* ethertype.
*/
if (orgcode == 0x000000) {
ND_PRINT("SNAP, ethertype %s (0x%04x), length %u: ",
tok2str(ethertype_values, "Unknown", et),
et, length);
} else {
ND_PRINT("SNAP, oui %s (0x%06x), pid %s (0x%04x), length %u: ",
tok2str(oui_values, "Unknown", orgcode),
orgcode,
tok2str(oui_to_struct_tok(orgcode), "Unknown", et),
et, length);
}
}
return (0);
trunc:
ND_PRINT("[|snap]");
return (1);
}
void
nsh_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
u_int n, vn;
uint8_t ver;
uint8_t flags;
u_int length;
uint8_t md_type;
uint8_t next_protocol;
uint32_t service_path_id;
uint8_t service_index;
uint32_t ctx;
uint16_t tlv_class;
uint8_t tlv_type;
uint8_t tlv_len;
u_int next_len;
ndo->ndo_protocol = "nsh";
/* print Base Header and Service Path Header */
if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN)
goto trunc;
ND_TCHECK_LEN(bp, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN);
ver = (uint8_t)(GET_U_1(bp) >> 6);
flags = GET_U_1(bp);
bp += 1;
length = GET_U_1(bp);
bp += 1;
md_type = GET_U_1(bp);
bp += 1;
next_protocol = GET_U_1(bp);
bp += 1;
service_path_id = GET_BE_U_3(bp);
bp += 3;
service_index = GET_U_1(bp);
bp += 1;
ND_PRINT("NSH, ");
if (ndo->ndo_vflag > 1) {
ND_PRINT("ver %u, ", ver);
}
ND_PRINT("flags [%s], ", bittok2str_nosep(nsh_flags, "none", flags));
if (ndo->ndo_vflag > 2) {
ND_PRINT("length %u, ", length);
ND_PRINT("md type 0x%x, ", md_type);
}
if (ndo->ndo_vflag > 1) {
ND_PRINT("next-protocol 0x%x, ", next_protocol);
}
ND_PRINT("service-path-id 0x%06x, ", service_path_id);
ND_PRINT("service-index 0x%x", service_index);
/* Make sure we have all the headers */
if (len < length * NSH_HDR_WORD_SIZE)
goto trunc;
ND_TCHECK_LEN(bp, length * NSH_HDR_WORD_SIZE);
/*
* length includes the lengths of the Base and Service Path headers.
* That means it must be at least 2.
*/
if (length < 2)
goto trunc;
/*
* Print, or skip, the Context Headers.
* (length - 2) is the length of those headers.
*/
if (ndo->ndo_vflag > 2) {
if (md_type == 0x01) {
for (n = 0; n < length - 2; n++) {
ctx = GET_BE_U_4(bp);
bp += NSH_HDR_WORD_SIZE;
ND_PRINT("\n Context[%02u]: 0x%08x", n, ctx);
}
}
else if (md_type == 0x02) {
n = 0;
while (n < length - 2) {
tlv_class = GET_BE_U_2(bp);
bp += 2;
tlv_type = GET_U_1(bp);
bp += 1;
tlv_len = GET_U_1(bp);
bp += 1;
ND_PRINT("\n TLV Class %u, Type %u, Len %u",
tlv_class, tlv_type, tlv_len);
n += 1;
if (length - 2 < n + tlv_len) {
ND_PRINT(" ERROR: invalid-tlv-length");
return;
}
for (vn = 0; vn < tlv_len; vn++) {
ctx = GET_BE_U_4(bp);
bp += NSH_HDR_WORD_SIZE;
ND_PRINT("\n Value[%02u]: 0x%08x", vn, ctx);
}
n += tlv_len;
}
}
else {
ND_PRINT("ERROR: unknown-next-protocol");
return;
}
}
else {
bp += (length - 2) * NSH_HDR_WORD_SIZE;
}
ND_PRINT(ndo->ndo_vflag ? "\n " : ": ");
/* print Next Protocol */
next_len = len - length * NSH_HDR_WORD_SIZE;
switch (next_protocol) {
case 0x1:
ip_print(ndo, bp, next_len);
break;
case 0x2:
ip6_print(ndo, bp, next_len);
break;
case 0x3:
ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
break;
default:
ND_PRINT("ERROR: unknown-next-protocol");
return;
}
return;
trunc:
nd_print_trunc(ndo);
}
/*
* This is the top level routine of the printer. 'p' is the points
* to the ether header of the packet, 'tvp' is the timestamp,
* 'length' is the length of the packet off the wire, and 'caplen'
* is the number of bytes actually captured.
*/
void
ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
struct ether_header *ep;
u_short ether_type;
extern u_short extracted_ethertype;
ts_print(&h->ts);
if (caplen < sizeof(struct ether_header)) {
printf("[|ether]");
goto out;
}
if (eflag)
ether_print(p, length);
/*
* Some printers want to get back at the ethernet addresses,
* and/or check that they're not walking off the end of the packet.
* Rather than pass them all the way down, we set these globals.
*/
packetp = p;
snapend = p + caplen;
length -= sizeof(struct ether_header);
caplen -= sizeof(struct ether_header);
ep = (struct ether_header *)p;
p += sizeof(struct ether_header);
ether_type = ntohs(ep->ether_type);
/*
* Is it (gag) an 802.3 encapsulation?
*/
extracted_ethertype = 0;
if (ether_type <= ETHERMTU) {
/* Try to print the LLC-layer header & higher layers */
if (llc_print(p, length, caplen, ESRC(ep), EDST(ep)) == 0) {
/* ether_type not known, print raw packet */
if (!eflag)
ether_print((u_char *)ep, length);
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!xflag && !qflag)
default_print(p, caplen);
}
} else if (ether_encap_print(ether_type, p, length, caplen) == 0) {
/* ether_type not known, print raw packet */
if (!eflag)
ether_print((u_char *)ep, length + sizeof(*ep));
if (!xflag && !qflag)
default_print(p, caplen);
}
if (xflag)
default_print(p, caplen);
out:
putchar('\n');
}
int
snap_print(const u_char *p, u_int length, u_int caplen,
u_short *extracted_ethertype, u_int bridge_pad)
{
u_int32_t orgcode;
register u_short et;
register int ret;
TCHECK2(*p, 5);
orgcode = EXTRACT_24BITS(p);
et = EXTRACT_16BITS(p + 3);
if (eflag) {
const struct tok *tok = null_values;
const struct oui_tok *otp;
for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) {
if (otp->oui == orgcode) {
tok = otp->tok;
break;
}
}
(void)printf("oui %s (0x%06x), %s %s (0x%04x): ",
tok2str(oui_values, "Unknown", orgcode),
orgcode,
(orgcode == 0x000000 ? "ethertype" : "pid"),
tok2str(tok, "Unknown", et),
et);
}
p += 5;
length -= 5;
caplen -= 5;
switch (orgcode) {
case OUI_ENCAP_ETHER:
case OUI_CISCO_90:
/*
* This is an encapsulated Ethernet packet,
* or a packet bridged by some piece of
* Cisco hardware; the protocol ID is
* an Ethernet protocol type.
*/
ret = ether_encap_print(et, p, length, caplen,
extracted_ethertype);
if (ret)
return (ret);
break;
case OUI_APPLETALK:
if (et == ETHERTYPE_ATALK) {
/*
* No, I have no idea why Apple used one
* of their own OUIs, rather than
* 0x000000, and an Ethernet packet
* type, for Appletalk data packets,
* but used 0x000000 and an Ethernet
* packet type for AARP packets.
*/
ret = ether_encap_print(et, p, length, caplen,
extracted_ethertype);
if (ret)
return (ret);
}
break;
case OUI_CISCO:
if (et == PID_CISCO_CDP) {
cdp_print(p, length, caplen);
return (1);
}
break;
case OUI_RFC2684:
switch (et) {
case PID_RFC2684_ETH_FCS:
case PID_RFC2684_ETH_NOFCS:
/*
* XXX - remove the last two bytes for
* PID_RFC2684_ETH_FCS?
*/
/*
* Skip the padding.
*/
TCHECK2(*p, bridge_pad);
caplen -= bridge_pad;
length -= bridge_pad;
p += bridge_pad;
/*
* What remains is an Ethernet packet.
*/
ether_print(p, length, caplen);
return (1);
case PID_RFC2684_802_5_FCS:
case PID_RFC2684_802_5_NOFCS:
/*
* XXX - remove the last two bytes for
* PID_RFC2684_ETH_FCS?
*/
/*
* Skip the padding, but not the Access
* Control field.
*/
TCHECK2(*p, bridge_pad);
caplen -= bridge_pad;
length -= bridge_pad;
p += bridge_pad;
/*
* What remains is an 802.5 Token Ring
* packet.
*/
token_print(p, length, caplen);
return (1);
case PID_RFC2684_FDDI_FCS:
case PID_RFC2684_FDDI_NOFCS:
/*
* XXX - remove the last two bytes for
* PID_RFC2684_ETH_FCS?
*/
/*
* Skip the padding.
*/
TCHECK2(*p, bridge_pad + 1);
caplen -= bridge_pad + 1;
length -= bridge_pad + 1;
p += bridge_pad + 1;
/*
* What remains is an FDDI packet.
*/
fddi_print(p, length, caplen);
return (1);
case PID_RFC2684_BPDU:
stp_print(p, length);
return (1);
}
}
return (0);
trunc:
(void)printf("[|snap]");
return (1);
}
