예제 #1
0
void
otv_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    uint8_t flags;

    ND_PRINT((ndo, "OTV, "));
    if (len < 8)
        goto trunc;

    ND_TCHECK(*bp);
    flags = *bp;
    ND_PRINT((ndo, "flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags));
    bp += 1;

    ND_TCHECK2(*bp, 3);
    ND_PRINT((ndo, "overlay %u, ", EXTRACT_24BITS(bp)));
    bp += 3;

    ND_TCHECK2(*bp, 3);
    ND_PRINT((ndo, "instance %u\n", EXTRACT_24BITS(bp)));
    bp += 3;

    /* Reserved */
    ND_TCHECK(*bp);
    bp += 1;

    ether_print(ndo, bp, len - 8, ndo->ndo_snapend - bp, NULL, NULL);
    return;

trunc:
    ND_PRINT((ndo, " [|OTV]"));
}
/*
 * This is the top level routine of the printer.  'p' points
 * to the LANE header of the packet, 'h->ts' is the timestamp,
 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
 * is the number of bytes actually captured.
 *
 * This assumes 802.3, not 802.5, LAN emulation.
 */
void
lane_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
{
	struct lane_controlhdr *lec;

	if (caplen < sizeof(struct lane_controlhdr)) {
		ND_PRINT((ndo, "[|lane]"));
		return;
	}

	lec = (struct lane_controlhdr *)p;
	if (EXTRACT_16BITS(&lec->lec_header) == 0xff00) {
		/*
		 * LE Control.
		 */
		ND_PRINT((ndo, "lec: proto %x vers %x %s",
		    lec->lec_proto, lec->lec_vers,
		    tok2str(lecop2str, "opcode-#%u", EXTRACT_16BITS(&lec->lec_opcode))));
		return;
	}

	/*
	 * Go past the LE header.
	 */
	length -= 2;
	caplen -= 2;
	p += 2;

	/*
	 * Now print the encapsulated frame, under the assumption
	 * that it's an Ethernet frame.
	 */
	ether_print(ndo, p, length, caplen, lane_hdr_print, p - 2);
}
예제 #3
0
void
vxlan_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    uint8_t flags;
    uint32_t vni;

    ndo->ndo_protocol = "vxlan";
    if (len < VXLAN_HDR_LEN)
        goto trunc;

    ND_TCHECK_LEN(bp, VXLAN_HDR_LEN);

    flags = EXTRACT_U_1(bp);
    bp += 4;

    vni = EXTRACT_BE_U_3(bp);
    bp += 4;

    ND_PRINT("VXLAN, ");
    ND_PRINT("flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags);
    ND_PRINT("vni %u\n", vni);

    ether_print(ndo, bp, len - VXLAN_HDR_LEN, ndo->ndo_snapend - bp, NULL, NULL);

    return;

trunc:
    nd_print_trunc(ndo);
}
예제 #4
0
void
vxlan_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    uint8_t flags;
    uint32_t vni;

    if (len < VXLAN_HDR_LEN)
        goto trunc;

    ND_TCHECK2(*bp, VXLAN_HDR_LEN);

    flags = *bp;
    bp += 4;

    vni = EXTRACT_24BITS(bp);
    bp += 4;

    ND_PRINT((ndo, "VXLAN, "));
    ND_PRINT((ndo, "flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags));
    ND_PRINT((ndo, "vni %u\n", vni));

    ether_print(ndo, bp, len - VXLAN_HDR_LEN, len - VXLAN_HDR_LEN, NULL, NULL);

    return;

trunc:
    ND_PRINT((ndo, "%s", tstr));
}
예제 #5
0
/*
 * This is the top level routine of the printer.  'p' points
 * to the ether header of the packet, 'h->ts' is the timestamp,
 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
 * is the number of bytes actually captured.
 */
u_int
ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
               const u_char *p)
{
	ether_print(ndo, p, h->len, h->caplen, NULL, NULL);

	return (ETHER_HDRLEN);
}
예제 #6
0
파일: arp.c 프로젝트: echothrust/pecl-arp
/*
 * Display an arp entry
 */
void
print_entry(struct sockaddr_dl *sdl, struct sockaddr_inarp *sin,
    struct rt_msghdr *rtm)
{
	char ifname[IFNAMSIZ], *host;
	struct hostent *hp;

	hp = 0;
	host = "?";
	if (sdl->sdl_alen)
		ether_print(LLADDR(sdl));
}
예제 #7
0
void
vxlan_gpe_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    uint8_t flags;
    uint8_t next_protocol;
    uint32_t vni;

    if (len < VXLAN_GPE_HDR_LEN)
        goto trunc;

    ND_TCHECK2(*bp, VXLAN_GPE_HDR_LEN);

    flags = *bp;
    bp += 3;

    next_protocol = *bp;
    bp += 1;

    vni = EXTRACT_24BITS(bp);
    bp += 4;

    ND_PRINT((ndo, "VXLAN-GPE, "));
    ND_PRINT((ndo, "flags [%s], ",
              bittok2str_nosep(vxlan_gpe_flags, "none", flags)));
    ND_PRINT((ndo, "vni %u", vni));
    ND_PRINT((ndo, ndo->ndo_vflag ? "\n    " : ": "));

    switch (next_protocol) {
    case 0x1:
        ip_print(ndo, bp, len - 8);
        break;
    case 0x2:
        ip6_print(ndo, bp, len - 8);
        break;
    case 0x3:
        ether_print(ndo, bp, len - 8, len - 8, NULL, NULL);
        break;
    case 0x4:
        nsh_print(ndo, bp, len - 8);
        break;
    case 0x5:
        mpls_print(ndo, bp, len - 8);
        break;
    default:
        ND_PRINT((ndo, "ERROR: unknown-next-protocol"));
        return;
    }

	return;

trunc:
	ND_PRINT((ndo, "%s", tstr));
}
예제 #8
0
u_int
juniper_ether_print(const struct pcap_pkthdr *h, packetbody_t p)
{
        struct juniper_l2info_t l2info;

        l2info.pictype = DLT_JUNIPER_ETHER;
        if(juniper_parse_header(p, h, &l2info) == 0)
            return l2info.header_len;

        p+=l2info.header_len;
        /* this DLT contains nothing but raw Ethernet frames */
        ether_print(gndo, p, l2info.length, l2info.caplen, NULL, NULL);
        return l2info.header_len;
}
예제 #9
0
u_int
juniper_ether_print(const struct pcap_pkthdr *h, register const u_char *p)
{
        struct juniper_l2info_t l2info;

        l2info.pictype = DLT_JUNIPER_ETHER;
        if(juniper_parse_header(p, h, &l2info) == 0)
            return l2info.header_len;

        p+=l2info.header_len;
        /* this DLT contains nothing but raw Ethernet frames */
        ether_print(p, l2info.length, l2info.caplen);
        return l2info.header_len;
}
예제 #10
0
u_int
juniper_ether_print(const struct pcap_pkthdr *h, register const u_char *p)
{
        struct juniper_l2info_t l2info;

        l2info.pictype = DLT_JUNIPER_ETHER;
        if(juniper_parse_header(p, h, &l2info) == 0)
            return l2info.header_len;

        p+=l2info.header_len;
        
        ether_print(p, l2info.length, l2info.caplen);
        return l2info.header_len;
}
예제 #11
0
u_int
juniper_pppoe_print(netdissect_options *ndo,
                    const struct pcap_pkthdr *h, register const u_char *p)
{
        struct juniper_l2info_t l2info;

        l2info.pictype = DLT_JUNIPER_PPPOE;
        if (juniper_parse_header(ndo, p, h, &l2info) == 0)
            return l2info.header_len;

        p+=l2info.header_len;
        /* this DLT contains nothing but raw ethernet frames */
        ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
        return l2info.header_len;
}
예제 #12
0
파일: print-ether.c 프로젝트: qsn/tcpdump
/*
 * This is the top level routine of the printer.  'p' points
 * to the ether header of the packet, 'h->len' is the length
 * of the packet off the wire, and 'h->caplen' is the number
 * of bytes actually captured.
 *
 * This is for DLT_NETANALYZER, which has a 4-byte pseudo-header
 * before the Ethernet header.
 */
u_int
netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
                     const u_char *p)
{
	/*
	 * Fail if we don't have enough data for the Hilscher pseudo-header.
	 */
	if (h->len < 4 || h->caplen < 4) {
		ND_PRINT((ndo, "[|netanalyzer]"));
		return (h->caplen);
	}

	/* Skip the pseudo-header. */
	return (4 + ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL));
}
예제 #13
0
u_int
juniper_atm2_print(netdissect_options *ndo,
                   const struct pcap_pkthdr *h, register const u_char *p)
{
        uint16_t extracted_ethertype;

        struct juniper_l2info_t l2info;

        l2info.pictype = DLT_JUNIPER_ATM2;
        if (juniper_parse_header(ndo, p, h, &l2info) == 0)
            return l2info.header_len;

        p+=l2info.header_len;

        if (l2info.cookie[7] & ATM2_PKT_TYPE_MASK) { /* OAM cell ? */
            oam_print(ndo, p, l2info.length, ATM_OAM_NOHEC);
            return l2info.header_len;
        }

        if (EXTRACT_24BITS(p) == 0xfefe03 || /* NLPID encaps ? */
            EXTRACT_24BITS(p) == 0xaaaa03) { /* SNAP encaps ? */

            if (llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL,
                          &extracted_ethertype) != 0)
                return l2info.header_len;
        }

        if (l2info.direction != JUNIPER_BPF_PKT_IN && /* ether-over-1483 encaps ? */
            (EXTRACT_32BITS(l2info.cookie) & ATM2_GAP_COUNT_MASK)) {
            ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
            return l2info.header_len;
        }

        if (p[0] == 0x03) { /* Cisco style NLPID encaps ? */
            isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1);
            /* FIXME check if frame was recognized */
            return l2info.header_len;
        }

        if(juniper_ppp_heuristic_guess(ndo, p, l2info.length) != 0) /* PPPoA vcmux encaps ? */
            return l2info.header_len;

        if (ip_heuristic_guess(ndo, p, l2info.length) != 0) /* last try - vcmux encaps ? */
            return l2info.header_len;

	return l2info.header_len;
}
예제 #14
0
파일: print-ether.c 프로젝트: qsn/tcpdump
/*
 * This is the top level routine of the printer.  'p' points
 * to the ether header of the packet, 'h->len' is the length
 * of the packet off the wire, and 'h->caplen' is the number
 * of bytes actually captured.
 *
 * This is for DLT_NETANALYZER_TRANSPARENT, which has a 4-byte
 * pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF
 * before the Ethernet header.
 */
u_int
netanalyzer_transparent_if_print(netdissect_options *ndo,
                                 const struct pcap_pkthdr *h,
                                 const u_char *p)
{
	/*
	 * Fail if we don't have enough data for the Hilscher pseudo-header,
	 * preamble, and SOF.
	 */
	if (h->len < 12 || h->caplen < 12) {
		ND_PRINT((ndo, "[|netanalyzer-transparent]"));
		return (h->caplen);
	}

	/* Skip the pseudo-header, preamble, and SOF. */
	return (12 + ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL));
}
예제 #15
0
u_int
juniper_atm2_print(const struct pcap_pkthdr *h, register const u_char *p)
{
        u_int16_t extracted_ethertype;

        struct juniper_l2info_t l2info;

        l2info.pictype = DLT_JUNIPER_ATM2;
        if(juniper_parse_header(p, h, &l2info) == 0)
            return l2info.header_len;

        p+=l2info.header_len;

        if (l2info.cookie[7] & ATM2_PKT_TYPE_MASK) { 
            oam_print(p,l2info.length,ATM_OAM_NOHEC);
            return l2info.header_len;
        }

        if (EXTRACT_24BITS(p) == 0xfefe03 || 
            EXTRACT_24BITS(p) == 0xaaaa03) { 

            if (llc_print(p, l2info.length, l2info.caplen, NULL, NULL,
                          &extracted_ethertype) != 0)
                return l2info.header_len;
        }

        if (l2info.direction != JUNIPER_BPF_PKT_IN && 
            (EXTRACT_32BITS(l2info.cookie) & ATM2_GAP_COUNT_MASK)) {
            ether_print(p, l2info.length, l2info.caplen);
            return l2info.header_len;
        }

        if (p[0] == 0x03) { 
            isoclns_print(p + 1, l2info.length - 1, l2info.caplen - 1);
            
            return l2info.header_len;
        }

        if(juniper_ppp_heuristic_guess(p, l2info.length) != 0) 
            return l2info.header_len;

        if(ip_heuristic_guess(p, l2info.length) != 0) 
            return l2info.header_len;

	return l2info.header_len;
}
예제 #16
0
/*
 * This is the top level routine of the printer.  'p' points
 * to the LANE header of the packet, 'h->ts' is the timestamp,
 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
 * is the number of bytes actually captured.
 *
 * This assumes 802.3, not 802.5, LAN emulation.
 */
void
lane_print(packetbody_t p, u_int length, u_int caplen)
{
	packetbody_t hdr;
	__capability struct lane_controlhdr *lec;

	if (caplen < sizeof(struct lane_controlhdr)) {
		printf("[|lane]");
		return;
	}

	lec = (__capability struct lane_controlhdr *)p;
	if (EXTRACT_16BITS(&lec->lec_header) == 0xff00) {
		/*
		 * LE Control.
		 */
		printf("lec: proto %x vers %x %s",
		    lec->lec_proto, lec->lec_vers,
		    tok2str(lecop2str, "opcode-#%u", EXTRACT_16BITS(&lec->lec_opcode)));
		return;
	}

	hdr = p;
	/*
	 * Go past the LE header.
	 */
	length -= 2;
	caplen -= 2;
	p += 2;

	/*
	 * Now print the encapsulated frame, under the assumption
	 * that it's an Ethernet frame.
	 */
	ether_print(gndo, p, length, caplen, lane_hdr_print, hdr);
}
예제 #17
0
static void
gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length)
{
	u_int len = length;
	uint16_t flags, prot;

	/* 16 bits ND_TCHECKed in gre_print() */
	flags = EXTRACT_BE_U_2(bp);
        if (ndo->ndo_vflag)
            ND_PRINT(", Flags [%s]",
                   bittok2str(gre_flag_values,"none",flags));

	len -= 2;
	bp += 2;

	ND_TCHECK_2(bp);
	if (len < 2)
		goto trunc;
	prot = EXTRACT_BE_U_2(bp);
	len -= 2;
	bp += 2;

	if ((flags & GRE_CP) | (flags & GRE_RP)) {
		ND_TCHECK_2(bp);
		if (len < 2)
			goto trunc;
		if (ndo->ndo_vflag)
			ND_PRINT(", sum 0x%x", EXTRACT_BE_U_2(bp));
		bp += 2;
		len -= 2;

		ND_TCHECK_2(bp);
		if (len < 2)
			goto trunc;
		ND_PRINT(", off 0x%x", EXTRACT_BE_U_2(bp));
		bp += 2;
		len -= 2;
	}

	if (flags & GRE_KP) {
		ND_TCHECK_4(bp);
		if (len < 4)
			goto trunc;
		ND_PRINT(", key=0x%x", EXTRACT_BE_U_4(bp));
		bp += 4;
		len -= 4;
	}

	if (flags & GRE_SP) {
		ND_TCHECK_4(bp);
		if (len < 4)
			goto trunc;
		ND_PRINT(", seq %u", EXTRACT_BE_U_4(bp));
		bp += 4;
		len -= 4;
	}

	if (flags & GRE_RP) {
		for (;;) {
			uint16_t af;
			uint8_t sreoff;
			uint8_t srelen;

			ND_TCHECK_4(bp);
			if (len < 4)
				goto trunc;
			af = EXTRACT_BE_U_2(bp);
			sreoff = EXTRACT_U_1(bp + 2);
			srelen = EXTRACT_U_1(bp + 3);
			bp += 4;
			len -= 4;

			if (af == 0 && srelen == 0)
				break;

			if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len))
				goto trunc;

			if (len < srelen)
				goto trunc;
			bp += srelen;
			len -= srelen;
		}
	}

        if (ndo->ndo_eflag)
            ND_PRINT(", proto %s (0x%04x)",
                   tok2str(ethertype_values,"unknown",prot),
                   prot);

        ND_PRINT(", length %u",length);

        if (ndo->ndo_vflag < 1)
            ND_PRINT(": "); /* put in a colon as protocol demarc */
        else
            ND_PRINT("\n\t"); /* if verbose go multiline */

	switch (prot) {
	case ETHERTYPE_IP:
	        ip_print(ndo, bp, len);
		break;
	case ETHERTYPE_IPV6:
		ip6_print(ndo, bp, len);
		break;
	case ETHERTYPE_MPLS:
		mpls_print(ndo, bp, len);
		break;
	case ETHERTYPE_IPX:
		ipx_print(ndo, bp, len);
		break;
	case ETHERTYPE_ATALK:
		atalk_print(ndo, bp, len);
		break;
	case ETHERTYPE_GRE_ISO:
		isoclns_print(ndo, bp, len);
		break;
	case ETHERTYPE_TEB:
		ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL);
		break;
	default:
		ND_PRINT("gre-proto-0x%x", prot);
	}
	return;

trunc:
	ND_PRINT("%s", tstr);
}
예제 #18
0
void
geneve_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    uint8_t ver_opt;
    u_int version;
    uint8_t flags;
    uint16_t prot;
    uint32_t vni;
    uint8_t reserved;
    u_int opts_len;

    ndo->ndo_protocol = "geneve";
    ND_PRINT("Geneve");

    ND_TCHECK_8(bp);

    ver_opt = GET_U_1(bp);
    bp += 1;
    len -= 1;

    version = ver_opt >> VER_SHIFT;
    if (version != 0) {
        ND_PRINT(" ERROR: unknown-version %u", version);
        return;
    }

    flags = GET_U_1(bp);
    bp += 1;
    len -= 1;

    prot = GET_BE_U_2(bp);
    bp += 2;
    len -= 2;

    vni = GET_BE_U_3(bp);
    bp += 3;
    len -= 3;

    reserved = GET_U_1(bp);
    bp += 1;
    len -= 1;

    ND_PRINT(", Flags [%s]",
              bittok2str_nosep(geneve_flag_values, "none", flags));
    ND_PRINT(", vni 0x%x", vni);

    if (reserved)
        ND_PRINT(", rsvd 0x%x", reserved);

    if (ndo->ndo_eflag)
        ND_PRINT(", proto %s (0x%04x)",
                  tok2str(ethertype_values, "unknown", prot), prot);

    opts_len = (ver_opt & HDR_OPTS_LEN_MASK) * 4;

    if (len < opts_len) {
        ND_PRINT(" truncated-geneve - %u bytes missing",
                  opts_len - len);
        return;
    }

    ND_TCHECK_LEN(bp, opts_len);

    if (opts_len > 0) {
        ND_PRINT(", options [");

        if (ndo->ndo_vflag)
            geneve_opts_print(ndo, bp, opts_len);
        else
            ND_PRINT("%u bytes", opts_len);

        ND_PRINT("]");
    }

    bp += opts_len;
    len -= opts_len;

    if (ndo->ndo_vflag < 1)
        ND_PRINT(": ");
    else
        ND_PRINT("\n\t");

    if (ethertype_print(ndo, prot, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL) == 0) {
        if (prot == ETHERTYPE_TEB)
            ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
        else
            ND_PRINT("geneve-proto-0x%x", prot);
    }

    return;

trunc:
    nd_print_trunc(ndo);
}
예제 #19
0
void
gre_print_0(const u_char *bp, u_int length)
{
	u_int len = length;
	u_int16_t flags, prot;

	flags = EXTRACT_16BITS(bp);
        if (vflag)
            printf(", Flags [%s]",
                   bittok2str(gre_flag_values,"none",flags));

	len -= 2;
	bp += 2;

	if (len < 2)
		goto trunc;
	prot = EXTRACT_16BITS(bp);
	len -= 2;
	bp += 2;

	if ((flags & GRE_CP) | (flags & GRE_RP)) {
		if (len < 2)
			goto trunc;
		if (vflag)
			printf(", sum 0x%x", EXTRACT_16BITS(bp));
		bp += 2;
		len -= 2;

		if (len < 2)
			goto trunc;
		printf(", off 0x%x", EXTRACT_16BITS(bp));
		bp += 2;
		len -= 2;
	}

	if (flags & GRE_KP) {
		if (len < 4)
			goto trunc;
		printf(", key=0x%x", EXTRACT_32BITS(bp));
		bp += 4;
		len -= 4;
	}

	if (flags & GRE_SP) {
		if (len < 4)
			goto trunc;
		printf(", seq %u", EXTRACT_32BITS(bp));
		bp += 4;
		len -= 4;
	}

	if (flags & GRE_RP) {
		for (;;) {
			u_int16_t af;
			u_int8_t sreoff;
			u_int8_t srelen;

			if (len < 4)
				goto trunc;
			af = EXTRACT_16BITS(bp);
			sreoff = *(bp + 2);
			srelen = *(bp + 3);
			bp += 4;
			len -= 4;

			if (af == 0 && srelen == 0)
				break;

			gre_sre_print(af, sreoff, srelen, bp, len);

			if (len < srelen)
				goto trunc;
			bp += srelen;
			len -= srelen;
		}
	}

        if (eflag)
            printf(", proto %s (0x%04x)",
                   tok2str(ethertype_values,"unknown",prot),
                   prot);

        printf(", length %u",length);

        if (vflag < 1)
            printf(": "); /* put in a colon as protocol demarc */
        else
            printf("\n\t"); /* if verbose go multiline */

	switch (prot) {
	case ETHERTYPE_IP:
	        ip_print(gndo, bp, len);
		break;
#ifdef INET6
	case ETHERTYPE_IPV6:
		ip6_print(gndo, bp, len);
		break;
#endif
	case ETHERTYPE_MPLS:
		mpls_print(bp, len);
		break;
	case ETHERTYPE_IPX:
		ipx_print(bp, len);
		break;
	case ETHERTYPE_ATALK:
		atalk_print(bp, len);
		break;
	case ETHERTYPE_GRE_ISO:
		isoclns_print(bp, len, len);
		break;
	case ETHERTYPE_TEB:
		ether_print(gndo, bp, len, len, NULL, NULL);
		break;
	default:
		printf("gre-proto-0x%x", prot);
	}
	return;

trunc:
	printf("[|gre]");
}
예제 #20
0
void
geneve_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    uint8_t ver_opt;
    u_int version;
    uint8_t flags;
    uint16_t prot;
    uint32_t vni;
    uint8_t reserved;
    u_int opts_len;

    ND_PRINT((ndo, "Geneve"));

    ND_TCHECK2(*bp, 8);

    ver_opt = *bp;
    bp += 1;
    len -= 1;

    version = ver_opt >> VER_SHIFT;
    if (version != 0) {
        ND_PRINT((ndo, " ERROR: unknown-version %u", version));
        return;
    }

    flags = *bp;
    bp += 1;
    len -= 1;

    prot = EXTRACT_16BITS(bp);
    bp += 2;
    len -= 2;

    vni = EXTRACT_24BITS(bp);
    bp += 3;
    len -= 3;

    reserved = *bp;
    bp += 1;
    len -= 1;

    ND_PRINT((ndo, ", Flags [%s]",
              bittok2str_nosep(geneve_flag_values, "none", flags)));
    ND_PRINT((ndo, ", vni 0x%x", vni));

    if (reserved)
        ND_PRINT((ndo, ", rsvd 0x%x", reserved));

    if (ndo->ndo_eflag)
        ND_PRINT((ndo, ", proto %s (0x%04x)",
                  tok2str(ethertype_values, "unknown", prot), prot));

    opts_len = (ver_opt & HDR_OPTS_LEN_MASK) * 4;

    if (len < opts_len) {
        ND_PRINT((ndo, " truncated-geneve - %u bytes missing",
                  opts_len - len));
        return;
    }

    ND_TCHECK2(*bp, opts_len);

    if (opts_len > 0) {
        ND_PRINT((ndo, ", options ["));

        if (ndo->ndo_vflag)
            geneve_opts_print(ndo, bp, opts_len);
        else
            ND_PRINT((ndo, "%u bytes", opts_len));

        ND_PRINT((ndo, "]"));
    }

    bp += opts_len;
    len -= opts_len;

    if (ndo->ndo_vflag < 1)
        ND_PRINT((ndo, ": "));
    else
        ND_PRINT((ndo, "\n\t"));

    if (ethertype_print(ndo, prot, bp, len, len) == 0) {
        if (prot == ETHERTYPE_TEB)
            ether_print(ndo, bp, len, len, NULL, NULL);
        else
            ND_PRINT((ndo, "geneve-proto-0x%x", prot));
    }

    return;

trunc:
    ND_PRINT((ndo, " [|geneve]"));
}
예제 #21
0
int
snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
	const struct lladdr_info *src, const struct lladdr_info *dst,
	u_int bridge_pad)
{
	uint32_t orgcode;
	u_short et;
	int ret;

	ND_TCHECK_5(p);
	if (caplen < 5 || length < 5)
		goto trunc;
	orgcode = EXTRACT_BE_U_3(p);
	et = EXTRACT_BE_U_2(p + 3);

	if (ndo->ndo_eflag) {
		/*
		 * Somebody's already printed the MAC addresses, if there
		 * are any, so just print the SNAP header, not the MAC
		 * addresses.
		 */
		ND_PRINT("oui %s (0x%06x), %s %s (0x%04x), length %u: ",
		     tok2str(oui_values, "Unknown", orgcode),
		     orgcode,
		     (orgcode == 0x000000 ? "ethertype" : "pid"),
		     tok2str(oui_to_struct_tok(orgcode), "Unknown", et),
		     et, length - 5);
	}
	p += 5;
	length -= 5;
	caplen -= 5;

	switch (orgcode) {
	case OUI_ENCAP_ETHER:
	case OUI_CISCO_90:
		/*
		 * This is an encapsulated Ethernet packet,
		 * or a packet bridged by some piece of
		 * Cisco hardware; the protocol ID is
		 * an Ethernet protocol type.
		 */
		ret = ethertype_print(ndo, et, p, length, caplen, src, dst);
		if (ret)
			return (ret);
		break;

	case OUI_APPLETALK:
		if (et == ETHERTYPE_ATALK) {
			/*
			 * No, I have no idea why Apple used one
			 * of their own OUIs, rather than
			 * 0x000000, and an Ethernet packet
			 * type, for Appletalk data packets,
			 * but used 0x000000 and an Ethernet
			 * packet type for AARP packets.
			 */
			ret = ethertype_print(ndo, et, p, length, caplen, src, dst);
			if (ret)
				return (ret);
		}
		break;

	case OUI_CISCO:
                switch (et) {
                case PID_CISCO_CDP:
                        cdp_print(ndo, p, length, caplen);
                        return (1);
                case PID_CISCO_DTP:
                        dtp_print(ndo, p, length);
                        return (1);
                case PID_CISCO_UDLD:
                        udld_print(ndo, p, length);
                        return (1);
                case PID_CISCO_VTP:
                        vtp_print(ndo, p, length);
                        return (1);
                case PID_CISCO_PVST:
                case PID_CISCO_VLANBRIDGE:
                        stp_print(ndo, p, length);
                        return (1);
                default:
                        break;
                }
		break;

	case OUI_RFC2684:
		switch (et) {

		case PID_RFC2684_ETH_FCS:
		case PID_RFC2684_ETH_NOFCS:
			/*
			 * XXX - remove the last two bytes for
			 * PID_RFC2684_ETH_FCS?
			 */
			/*
			 * Skip the padding.
			 */
			ND_TCHECK_LEN(p, bridge_pad);
			caplen -= bridge_pad;
			length -= bridge_pad;
			p += bridge_pad;

			/*
			 * What remains is an Ethernet packet.
			 */
			ether_print(ndo, p, length, caplen, NULL, NULL);
			return (1);

		case PID_RFC2684_802_5_FCS:
		case PID_RFC2684_802_5_NOFCS:
			/*
			 * XXX - remove the last two bytes for
			 * PID_RFC2684_ETH_FCS?
			 */
			/*
			 * Skip the padding, but not the Access
			 * Control field.
			 */
			ND_TCHECK_LEN(p, bridge_pad);
			caplen -= bridge_pad;
			length -= bridge_pad;
			p += bridge_pad;

			/*
			 * What remains is an 802.5 Token Ring
			 * packet.
			 */
			token_print(ndo, p, length, caplen);
			return (1);

		case PID_RFC2684_FDDI_FCS:
		case PID_RFC2684_FDDI_NOFCS:
			/*
			 * XXX - remove the last two bytes for
			 * PID_RFC2684_ETH_FCS?
			 */
			/*
			 * Skip the padding.
			 */
			ND_TCHECK_LEN(p, bridge_pad + 1);
			caplen -= bridge_pad + 1;
			length -= bridge_pad + 1;
			p += bridge_pad + 1;

			/*
			 * What remains is an FDDI packet.
			 */
			fddi_print(ndo, p, length, caplen);
			return (1);

		case PID_RFC2684_BPDU:
			stp_print(ndo, p, length);
			return (1);
		}
	}
	if (!ndo->ndo_eflag) {
		/*
		 * Nobody printed the link-layer addresses, so print them, if
		 * we have any.
		 */
		if (src != NULL && dst != NULL) {
			ND_PRINT("%s > %s ",
				(src->addr_string)(ndo, src->addr),
				(dst->addr_string)(ndo, dst->addr));
		}
		/*
		 * Print the SNAP header, but if the OUI is 000000, don't
		 * bother printing it, and report the PID as being an
		 * ethertype.
		 */
		if (orgcode == 0x000000) {
			ND_PRINT("SNAP, ethertype %s (0x%04x), length %u: ",
			     tok2str(ethertype_values, "Unknown", et),
			     et, length);
		} else {
			ND_PRINT("SNAP, oui %s (0x%06x), pid %s (0x%04x), length %u: ",
			     tok2str(oui_values, "Unknown", orgcode),
			     orgcode,
			     tok2str(oui_to_struct_tok(orgcode), "Unknown", et),
			     et, length);
		}
	}
	return (0);

trunc:
	ND_PRINT("[|snap]");
	return (1);
}
예제 #22
0
파일: print-nsh.c 프로젝트: fenner/tcpdump
void
nsh_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
    u_int n, vn;
    uint8_t ver;
    uint8_t flags;
    u_int length;
    uint8_t md_type;
    uint8_t next_protocol;
    uint32_t service_path_id;
    uint8_t service_index;
    uint32_t ctx;
    uint16_t tlv_class;
    uint8_t tlv_type;
    uint8_t tlv_len;
    u_int next_len;

    ndo->ndo_protocol = "nsh";
    /* print Base Header and Service Path Header */
    if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN)
        goto trunc;

    ND_TCHECK_LEN(bp, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN);

    ver = (uint8_t)(GET_U_1(bp) >> 6);
    flags = GET_U_1(bp);
    bp += 1;
    length = GET_U_1(bp);
    bp += 1;
    md_type = GET_U_1(bp);
    bp += 1;
    next_protocol = GET_U_1(bp);
    bp += 1;
    service_path_id = GET_BE_U_3(bp);
    bp += 3;
    service_index = GET_U_1(bp);
    bp += 1;

    ND_PRINT("NSH, ");
    if (ndo->ndo_vflag > 1) {
        ND_PRINT("ver %u, ", ver);
    }
    ND_PRINT("flags [%s], ", bittok2str_nosep(nsh_flags, "none", flags));
    if (ndo->ndo_vflag > 2) {
        ND_PRINT("length %u, ", length);
        ND_PRINT("md type 0x%x, ", md_type);
    }
    if (ndo->ndo_vflag > 1) {
        ND_PRINT("next-protocol 0x%x, ", next_protocol);
    }
    ND_PRINT("service-path-id 0x%06x, ", service_path_id);
    ND_PRINT("service-index 0x%x", service_index);

    /* Make sure we have all the headers */
    if (len < length * NSH_HDR_WORD_SIZE)
        goto trunc;

    ND_TCHECK_LEN(bp, length * NSH_HDR_WORD_SIZE);

    /*
     * length includes the lengths of the Base and Service Path headers.
     * That means it must be at least 2.
     */
    if (length < 2)
        goto trunc;

    /*
     * Print, or skip, the Context Headers.
     * (length - 2) is the length of those headers.
     */
    if (ndo->ndo_vflag > 2) {
        if (md_type == 0x01) {
            for (n = 0; n < length - 2; n++) {
                ctx = GET_BE_U_4(bp);
                bp += NSH_HDR_WORD_SIZE;
                ND_PRINT("\n        Context[%02u]: 0x%08x", n, ctx);
            }
        }
        else if (md_type == 0x02) {
            n = 0;
            while (n < length - 2) {
                tlv_class = GET_BE_U_2(bp);
                bp += 2;
                tlv_type  = GET_U_1(bp);
                bp += 1;
                tlv_len   = GET_U_1(bp);
                bp += 1;

                ND_PRINT("\n        TLV Class %u, Type %u, Len %u",
                          tlv_class, tlv_type, tlv_len);

                n += 1;

                if (length - 2 < n + tlv_len) {
                    ND_PRINT(" ERROR: invalid-tlv-length");
                    return;
                }

                for (vn = 0; vn < tlv_len; vn++) {
                    ctx = GET_BE_U_4(bp);
                    bp += NSH_HDR_WORD_SIZE;
                    ND_PRINT("\n            Value[%02u]: 0x%08x", vn, ctx);
                }
                n += tlv_len;
            }
        }
        else {
            ND_PRINT("ERROR: unknown-next-protocol");
            return;
        }
    }
    else {
        bp += (length - 2) * NSH_HDR_WORD_SIZE;
    }
    ND_PRINT(ndo->ndo_vflag ? "\n    " : ": ");

    /* print Next Protocol */
    next_len = len - length * NSH_HDR_WORD_SIZE;
    switch (next_protocol) {
    case 0x1:
        ip_print(ndo, bp, next_len);
        break;
    case 0x2:
        ip6_print(ndo, bp, next_len);
        break;
    case 0x3:
        ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
        break;
    default:
        ND_PRINT("ERROR: unknown-next-protocol");
        return;
    }

    return;

trunc:
    nd_print_trunc(ndo);
}
예제 #23
0
/*
 * This is the top level routine of the printer.  'p' is the points
 * to the ether header of the packet, 'tvp' is the timestamp,
 * 'length' is the length of the packet off the wire, and 'caplen'
 * is the number of bytes actually captured.
 */
void
ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
	u_int caplen = h->caplen;
	u_int length = h->len;
	struct ether_header *ep;
	u_short ether_type;
	extern u_short extracted_ethertype;

	ts_print(&h->ts);

	if (caplen < sizeof(struct ether_header)) {
		printf("[|ether]");
		goto out;
	}

	if (eflag)
		ether_print(p, length);

	/*
	 * Some printers want to get back at the ethernet addresses,
	 * and/or check that they're not walking off the end of the packet.
	 * Rather than pass them all the way down, we set these globals.
	 */
	packetp = p;
	snapend = p + caplen;

	length -= sizeof(struct ether_header);
	caplen -= sizeof(struct ether_header);
	ep = (struct ether_header *)p;
	p += sizeof(struct ether_header);

	ether_type = ntohs(ep->ether_type);

	/*
	 * Is it (gag) an 802.3 encapsulation?
	 */
	extracted_ethertype = 0;
	if (ether_type <= ETHERMTU) {
		/* Try to print the LLC-layer header & higher layers */
		if (llc_print(p, length, caplen, ESRC(ep), EDST(ep)) == 0) {
			/* ether_type not known, print raw packet */
			if (!eflag)
				ether_print((u_char *)ep, length);
			if (extracted_ethertype) {
				printf("(LLC %s) ",
			       etherproto_string(htons(extracted_ethertype)));
			}
			if (!xflag && !qflag)
				default_print(p, caplen);
		}
	} else if (ether_encap_print(ether_type, p, length, caplen) == 0) {
		/* ether_type not known, print raw packet */
		if (!eflag)
			ether_print((u_char *)ep, length + sizeof(*ep));
		if (!xflag && !qflag)
			default_print(p, caplen);
	}
	if (xflag)
		default_print(p, caplen);
 out:
	putchar('\n');
}
예제 #24
0
int
snap_print(const u_char *p, u_int length, u_int caplen,
           u_short *extracted_ethertype, u_int bridge_pad)
{
    u_int32_t orgcode;
    register u_short et;
    register int ret;

    TCHECK2(*p, 5);
    orgcode = EXTRACT_24BITS(p);
    et = EXTRACT_16BITS(p + 3);

    if (eflag) {
        const struct tok *tok = null_values;
        const struct oui_tok *otp;

        for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) {
            if (otp->oui == orgcode) {
                tok = otp->tok;
                break;
            }
        }
        (void)printf("oui %s (0x%06x), %s %s (0x%04x): ",
                     tok2str(oui_values, "Unknown", orgcode),
                     orgcode,
                     (orgcode == 0x000000 ? "ethertype" : "pid"),
                     tok2str(tok, "Unknown", et),
                     et);
    }
    p += 5;
    length -= 5;
    caplen -= 5;

    switch (orgcode) {
    case OUI_ENCAP_ETHER:
    case OUI_CISCO_90:
        /*
         * This is an encapsulated Ethernet packet,
         * or a packet bridged by some piece of
         * Cisco hardware; the protocol ID is
         * an Ethernet protocol type.
         */
        ret = ether_encap_print(et, p, length, caplen,
                                extracted_ethertype);
        if (ret)
            return (ret);
        break;

    case OUI_APPLETALK:
        if (et == ETHERTYPE_ATALK) {
            /*
             * No, I have no idea why Apple used one
             * of their own OUIs, rather than
             * 0x000000, and an Ethernet packet
             * type, for Appletalk data packets,
             * but used 0x000000 and an Ethernet
             * packet type for AARP packets.
             */
            ret = ether_encap_print(et, p, length, caplen,
                                    extracted_ethertype);
            if (ret)
                return (ret);
        }
        break;

    case OUI_CISCO:
        if (et == PID_CISCO_CDP) {
            cdp_print(p, length, caplen);
            return (1);
        }
        break;

    case OUI_RFC2684:
        switch (et) {

        case PID_RFC2684_ETH_FCS:
        case PID_RFC2684_ETH_NOFCS:
            /*
             * XXX - remove the last two bytes for
             * PID_RFC2684_ETH_FCS?
             */
            /*
             * Skip the padding.
             */
            TCHECK2(*p, bridge_pad);
            caplen -= bridge_pad;
            length -= bridge_pad;
            p += bridge_pad;

            /*
             * What remains is an Ethernet packet.
             */
            ether_print(p, length, caplen);
            return (1);

        case PID_RFC2684_802_5_FCS:
        case PID_RFC2684_802_5_NOFCS:
            /*
             * XXX - remove the last two bytes for
             * PID_RFC2684_ETH_FCS?
             */
            /*
             * Skip the padding, but not the Access
             * Control field.
             */
            TCHECK2(*p, bridge_pad);
            caplen -= bridge_pad;
            length -= bridge_pad;
            p += bridge_pad;

            /*
             * What remains is an 802.5 Token Ring
             * packet.
             */
            token_print(p, length, caplen);
            return (1);

        case PID_RFC2684_FDDI_FCS:
        case PID_RFC2684_FDDI_NOFCS:
            /*
             * XXX - remove the last two bytes for
             * PID_RFC2684_ETH_FCS?
             */
            /*
             * Skip the padding.
             */
            TCHECK2(*p, bridge_pad + 1);
            caplen -= bridge_pad + 1;
            length -= bridge_pad + 1;
            p += bridge_pad + 1;

            /*
             * What remains is an FDDI packet.
             */
            fddi_print(p, length, caplen);
            return (1);

        case PID_RFC2684_BPDU:
            stp_print(p, length);
            return (1);
        }
    }
    return (0);

trunc:
    (void)printf("[|snap]");
    return (1);
}