u_int sl_if_print(const struct pcap_pkthdr *h, const u_char *p) { register u_int caplen = h->caplen; register u_int length = h->len; register const struct ip *ip; if (caplen < SLIP_HDRLEN) { printf("[|slip]"); return (caplen); } length -= SLIP_HDRLEN; ip = (struct ip *)(p + SLIP_HDRLEN); if (eflag) sliplink_print(p, ip, length); switch (IP_V(ip)) { case 4: ip_print(gndo, (u_char *)ip, length); break; #ifdef INET6 case 6: ip6_print((u_char *)ip, length); break; #endif default: printf ("ip v%d", IP_V(ip)); } return (SLIP_HDRLEN); }
static int arcnet_encap_print(netdissect_options *ndo, u_char arctype, const u_char *p, u_int length, u_int caplen) { switch (arctype) { case ARCTYPE_IP_OLD: case ARCTYPE_IP: ip_print(ndo, p, length); return (1); case ARCTYPE_INET6: ip6_print(ndo, p, length); return (1); case ARCTYPE_ARP_OLD: case ARCTYPE_ARP: case ARCTYPE_REVARP: arp_print(ndo, p, length, caplen); return (1); case ARCTYPE_ATALK: /* XXX was this ever used? */ if (ndo->ndo_vflag) ND_PRINT("et1 "); atalk_print(ndo, p, length); return (1); case ARCTYPE_IPX: ipx_print(ndo, p, length); return (1); default: return (0); } }
u_int sl_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { register u_int caplen = h->caplen; register u_int length = h->len; register const struct ip *ip; if (caplen < SLIP_HDRLEN || length < SLIP_HDRLEN) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } length -= SLIP_HDRLEN; ip = (struct ip *)(p + SLIP_HDRLEN); if (ndo->ndo_eflag) sliplink_print(ndo, p, ip, length); switch (IP_V(ip)) { case 4: ip_print(ndo, (u_char *)ip, length); break; case 6: ip6_print(ndo, (u_char *)ip, length); break; default: ND_PRINT((ndo, "ip v%d", IP_V(ip))); } return (SLIP_HDRLEN); }
/* PPP */ static void handle_ppp(netdissect_options *ndo, u_int proto, const u_char *p, int length) { if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */ ppp_hdlc(ndo, p - 1, length); return; } switch (proto) { case PPP_LCP: /* fall through */ case PPP_IPCP: case PPP_OSICP: case PPP_MPLSCP: case PPP_IPV6CP: case PPP_CCP: case PPP_BACP: handle_ctrl_proto(ndo, proto, p, length); break; case PPP_ML: handle_mlppp(ndo, p, length); break; case PPP_CHAP: handle_chap(ndo, p, length); break; case PPP_PAP: handle_pap(ndo, p, length); break; case PPP_BAP: /* XXX: not yet completed */ handle_bap(ndo, p, length); break; case ETHERTYPE_IP: /*XXX*/ case PPP_VJNC: case PPP_IP: ip_print(ndo, p, length); break; case ETHERTYPE_IPV6: /*XXX*/ case PPP_IPV6: ip6_print(ndo, p, length); break; case ETHERTYPE_IPX: /*XXX*/ case PPP_IPX: ipx_print(ndo, p, length); break; case PPP_OSI: isoclns_print(ndo, p, length, length); break; case PPP_MPLS_UCAST: case PPP_MPLS_MCAST: mpls_print(ndo, p, length); break; case PPP_COMP: ND_PRINT((ndo, "compressed PPP data")); break; default: ND_PRINT((ndo, "%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto))); print_unknown_data(ndo, p, "\n\t", length); break; } }
u_int juniper_mfr_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_MFR; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; /* child-link ? */ if (l2info.cookie_len == 0) { mfr_print(ndo, p, l2info.length); return l2info.header_len; } /* first try the LSQ protos */ if (l2info.cookie_len == AS_PIC_COOKIE_LEN) { switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: ip_print(ndo, p, l2info.length); return l2info.header_len; #ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; #endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(ndo, p, l2info.length, l2info.caplen); return l2info.header_len; default: break; } return l2info.header_len; } /* suppress Bundle-ID if frame was captured on a child-link */ if (ndo->ndo_eflag && EXTRACT_32BITS(l2info.cookie) != 1) ND_PRINT((ndo, "Bundle-ID %u, ", l2info.bundle)); switch (l2info.proto) { case (LLCSAP_ISONS<<8 | LLCSAP_ISONS): isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); break; case (LLC_UI<<8 | NLPID_Q933): case (LLC_UI<<8 | NLPID_IP): case (LLC_UI<<8 | NLPID_IP6): /* pass IP{4,6} to the OSI layer for proper link-layer printing */ isoclns_print(ndo, p - 1, l2info.length + 1, l2info.caplen + 1); break; default: ND_PRINT((ndo, "unknown protocol 0x%04x, length %u", l2info.proto, l2info.length)); } return l2info.header_len; }
u_int juniper_mfr_print(const struct pcap_pkthdr *h, packetbody_t p) { struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_MFR; if(juniper_parse_header(p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; /* child-link ? */ if (l2info.cookie_len == 0) { mfr_print(p,l2info.length); return l2info.header_len; } /* first try the LSQ protos */ if (l2info.cookie_len == AS_PIC_COOKIE_LEN) { switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: ip_print(gndo, p, l2info.length); return l2info.header_len; #ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(gndo, p,l2info.length); return l2info.header_len; #endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(p,l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(p,l2info.length,l2info.caplen); return l2info.header_len; default: break; } return l2info.header_len; } /* suppress Bundle-ID if frame was captured on a child-link */ if (eflag && EXTRACT_32BITS(cheri_ptr(l2info.cookie, 4)) != 1) printf("Bundle-ID %u, ",l2info.bundle); switch (l2info.proto) { case (LLCSAP_ISONS<<8 | LLCSAP_ISONS): isoclns_print(p+1, l2info.length-1, l2info.caplen-1); break; case (LLC_UI<<8 | NLPID_Q933): case (LLC_UI<<8 | NLPID_IP): case (LLC_UI<<8 | NLPID_IP6): /* pass IP{4,6} to the OSI layer for proper link-layer printing */ isoclns_print(PACKET_SUBTRACT(p, 1), l2info.length+1, l2info.caplen+1); break; default: printf("unknown protocol 0x%04x, length %u",l2info.proto, l2info.length); } return l2info.header_len; }
u_int juniper_mlppp_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_MLPPP; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; /* suppress Bundle-ID if frame was captured on a child-link * best indicator if the cookie looks like a proto */ if (ndo->ndo_eflag && EXTRACT_16BITS(&l2info.cookie) != PPP_OSI && EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL)) ND_PRINT((ndo, "Bundle-ID %u: ", l2info.bundle)); p+=l2info.header_len; /* first try the LSQ protos */ switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: /* IP traffic going to the RE would not have a cookie * -> this must be incoming IS-IS over PPP */ if (l2info.cookie[4] == (JUNIPER_LSQ_COOKIE_RE|JUNIPER_LSQ_COOKIE_DIR)) ppp_print(ndo, p, l2info.length); else ip_print(ndo, p, l2info.length); return l2info.header_len; #ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; #endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(ndo, p, l2info.length, l2info.caplen); return l2info.header_len; default: break; } /* zero length cookie ? */ switch (EXTRACT_16BITS(&l2info.cookie)) { case PPP_OSI: ppp_print(ndo, p - 2, l2info.length + 2); break; case (PPP_ADDRESS << 8 | PPP_CONTROL): /* fall through */ default: ppp_print(ndo, p, l2info.length); break; } return l2info.header_len; }
u_int juniper_mfr_print(const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_MFR; if(juniper_parse_header(p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; if (l2info.cookie_len == 0) { mfr_print(p,l2info.length); return l2info.header_len; } if (l2info.cookie_len == AS_PIC_COOKIE_LEN) { switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: ip_print(gndo, p, l2info.length); return l2info.header_len; #ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(p,l2info.length); return l2info.header_len; #endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(p,l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(p,l2info.length,l2info.caplen); return l2info.header_len; default: break; } return l2info.header_len; } if (eflag && EXTRACT_32BITS(l2info.cookie) != 1) printf("Bundle-ID %u, ",l2info.bundle); switch (l2info.proto) { case (LLCSAP_ISONS<<8 | LLCSAP_ISONS): isoclns_print(p+1, l2info.length-1, l2info.caplen-1); break; case (LLC_UI<<8 | NLPID_Q933): case (LLC_UI<<8 | NLPID_IP): case (LLC_UI<<8 | NLPID_IP6): isoclns_print(p-1, l2info.length+1, l2info.caplen+1); break; default: printf("unknown protocol 0x%04x, length %u",l2info.proto, l2info.length); } return l2info.header_len; }
u_int chdlc_print(register const u_char *p, u_int length) { u_int proto; proto = EXTRACT_16BITS(&p[2]); if (eflag) { printf("%s, ethertype %s (0x%04x), length %u: ", tok2str(chdlc_cast_values, "0x%02x", p[0]), tok2str(ethertype_values, "Unknown", proto), proto, length); } length -= CHDLC_HDRLEN; p += CHDLC_HDRLEN; switch (proto) { case ETHERTYPE_IP: ip_print(gndo, p, length); break; #ifdef INET6 case ETHERTYPE_IPV6: ip6_print(p, length); break; #endif case CHDLC_TYPE_SLARP: chdlc_slarp_print(p, length); break; #if 0 case CHDLC_TYPE_CDP: chdlc_cdp_print(p, length); break; #endif case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(p, length); break; case ETHERTYPE_ISO: /* is the fudge byte set ? lets verify by spotting ISO headers */ if (*(p+1) == 0x81 || *(p+1) == 0x82 || *(p+1) == 0x83) isoclns_print(p+1, length-1, length-1); else isoclns_print(p, length, length); break; default: if (!eflag) printf("unknown CHDLC protocol (0x%04x)", proto); break; } return (CHDLC_HDRLEN); }
void vxlan_gpe_print(netdissect_options *ndo, const u_char *bp, u_int len) { uint8_t flags; uint8_t next_protocol; uint32_t vni; if (len < VXLAN_GPE_HDR_LEN) goto trunc; ND_TCHECK2(*bp, VXLAN_GPE_HDR_LEN); flags = *bp; bp += 3; next_protocol = *bp; bp += 1; vni = EXTRACT_24BITS(bp); bp += 4; ND_PRINT((ndo, "VXLAN-GPE, ")); ND_PRINT((ndo, "flags [%s], ", bittok2str_nosep(vxlan_gpe_flags, "none", flags))); ND_PRINT((ndo, "vni %u", vni)); ND_PRINT((ndo, ndo->ndo_vflag ? "\n " : ": ")); switch (next_protocol) { case 0x1: ip_print(ndo, bp, len - 8); break; case 0x2: ip6_print(ndo, bp, len - 8); break; case 0x3: ether_print(ndo, bp, len - 8, len - 8, NULL, NULL); break; case 0x4: nsh_print(ndo, bp, len - 8); break; case 0x5: mpls_print(ndo, bp, len - 8); break; default: ND_PRINT((ndo, "ERROR: unknown-next-protocol")); return; } return; trunc: ND_PRINT((ndo, "%s", tstr)); }
u_int juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_MLPPP; if(juniper_parse_header(p, h, &l2info) == 0) return l2info.header_len; if (eflag && EXTRACT_16BITS(&l2info.cookie) != PPP_OSI && EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL)) printf("Bundle-ID %u: ",l2info.bundle); p+=l2info.header_len; switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: if (l2info.cookie[4] == (JUNIPER_LSQ_COOKIE_RE|JUNIPER_LSQ_COOKIE_DIR)) ppp_print(p, l2info.length); else ip_print(gndo, p, l2info.length); return l2info.header_len; #ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(p,l2info.length); return l2info.header_len; #endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(p,l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(p,l2info.length,l2info.caplen); return l2info.header_len; default: break; } switch (EXTRACT_16BITS(&l2info.cookie)) { case PPP_OSI: ppp_print(p-2,l2info.length+2); break; case (PPP_ADDRESS << 8 | PPP_CONTROL): default: ppp_print(p,l2info.length); break; } return l2info.header_len; }
/* * Decoding routines for GTP version 0. */ void gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) { struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; int len, version; u_int64_t tid; gtp_proto = GTP_V0_PROTO; /* Check if this is GTP prime. */ TCHECK(gh->flags); if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { gtp_proto = GTP_V0_PRIME_PROTO; gtp_v0_print_prime(cp); return; } /* Print GTP header. */ TCHECK(*gh); cp += sizeof(struct gtp_v0_hdr); len = ntohs(gh->length); bcopy(&gh->tid, &tid, sizeof(tid)); printf(" GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), ntohs(gh->npduno), betoh64(tid)); /* Decode GTP message. */ printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); if (!vflag) return; if (gh->msgtype == GTPV0_T_PDU) { TCHECK(cp[0]); version = cp[0] >> 4; printf(" { "); if (version == 4) ip_print(cp, len); #ifdef INET6 else if (version == 6) ip6_print(cp, len); #endif else printf("Unknown IP version %u", version); printf(" }"); } else
void sl_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { register u_int caplen = h->caplen; register u_int length = h->len; register const struct ip *ip; ts_print(&h->ts); if (caplen < SLIP_HDRLEN) { printf("[|slip]"); goto out; } /* * Some printers want to get back at the link level addresses, * and/or check that they're not walking off the end of the packet. * Rather than pass them all the way down, we set these globals. */ packetp = p; snapend = p + caplen; length -= SLIP_HDRLEN; ip = (struct ip *)(p + SLIP_HDRLEN); if (eflag) sliplink_print(p, ip, length); switch (ip->ip_v) { case 4: ip_print((u_char *)ip, length); break; #ifdef INET6 case 6: ip6_print((u_char *)ip, length); break; #endif default: printf ("ip v%d", ip->ip_v); } if (xflag) default_print((u_char *)ip, caplen - SLIP_HDRLEN); out: putchar('\n'); }
u_int juniper_ggsn_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; struct juniper_ggsn_header { uint8_t svc_id; uint8_t flags_len; uint8_t proto; uint8_t flags; uint8_t vlan_id[2]; uint8_t res[2]; }; const struct juniper_ggsn_header *gh; l2info.pictype = DLT_JUNIPER_GGSN; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; gh = (struct juniper_ggsn_header *)&l2info.cookie; if (ndo->ndo_eflag) { ND_PRINT((ndo, "proto %s (%u), vlan %u: ", tok2str(juniper_protocol_values,"Unknown",gh->proto), gh->proto, EXTRACT_16BITS(&gh->vlan_id[0]))); } switch (gh->proto) { case JUNIPER_PROTO_IPV4: ip_print(ndo, p, l2info.length); break; #ifdef INET6 case JUNIPER_PROTO_IPV6: ip6_print(ndo, p, l2info.length); break; #endif /* INET6 */ default: if (!ndo->ndo_eflag) ND_PRINT((ndo, "unknown GGSN proto (%u)", gh->proto)); } return l2info.header_len; }
static int ip_heuristic_guess(netdissect_options *ndo, register const u_char *p, u_int length) { switch(p[0]) { case 0x45: case 0x46: case 0x47: case 0x48: case 0x49: case 0x4a: case 0x4b: case 0x4c: case 0x4d: case 0x4e: case 0x4f: ip_print(ndo, p, length); break; #ifdef INET6 case 0x60: case 0x61: case 0x62: case 0x63: case 0x64: case 0x65: case 0x66: case 0x67: case 0x68: case 0x69: case 0x6a: case 0x6b: case 0x6c: case 0x6d: case 0x6e: case 0x6f: ip6_print(ndo, p, length); break; #endif default: return 0; /* did not find a ip header */ break; } return 1; /* we printed an v4/v6 packet */ }
u_int juniper_ggsn_print(const struct pcap_pkthdr *h, packetbody_t p) { struct juniper_l2info_t l2info; struct juniper_ggsn_header { u_int8_t svc_id; u_int8_t flags_len; u_int8_t proto; u_int8_t flags; u_int8_t vlan_id[2]; u_int8_t res[2]; }; __capability const struct juniper_ggsn_header *gh; l2info.pictype = DLT_JUNIPER_GGSN; if(juniper_parse_header(p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; gh = (__capability const struct juniper_ggsn_header *)&l2info.cookie; if (eflag) { printf("proto %s (%u), vlan %u: ", tok2str(juniper_protocol_values,"Unknown",gh->proto), gh->proto, EXTRACT_16BITS(&gh->vlan_id[0])); } switch (gh->proto) { case JUNIPER_PROTO_IPV4: ip_print(gndo, p, l2info.length); break; #ifdef INET6 case JUNIPER_PROTO_IPV6: ip6_print(gndo, p, l2info.length); break; #endif /* INET6 */ default: if (!eflag) printf("unknown GGSN proto (%u)", gh->proto); } return l2info.header_len; }
int ip_heuristic_guess(register const u_char *p, u_int length) { switch(p[0]) { case 0x45: case 0x46: case 0x47: case 0x48: case 0x49: case 0x4a: case 0x4b: case 0x4c: case 0x4d: case 0x4e: case 0x4f: ip_print(gndo, p, length); break; #ifdef INET6 case 0x60: case 0x61: case 0x62: case 0x63: case 0x64: case 0x65: case 0x66: case 0x67: case 0x68: case 0x69: case 0x6a: case 0x6b: case 0x6c: case 0x6d: case 0x6e: case 0x6f: ip6_print(p, length); break; #endif default: return 0; break; } return 1; }
int ip_heuristic_guess(packetbody_t p, u_int length) { switch(p[0]) { case 0x45: case 0x46: case 0x47: case 0x48: case 0x49: case 0x4a: case 0x4b: case 0x4c: case 0x4d: case 0x4e: case 0x4f: ip_print(gndo, p, length); break; #ifdef INET6 case 0x60: case 0x61: case 0x62: case 0x63: case 0x64: case 0x65: case 0x66: case 0x67: case 0x68: case 0x69: case 0x6a: case 0x6b: case 0x6c: case 0x6d: case 0x6e: case 0x6f: ip6_print(gndo, p, length); break; #endif default: return 0; /* did not find a ip header */ break; } return 1; /* we printed an v4/v6 packet */ }
u_int enc_if_print(const struct pcap_pkthdr *h, packetbody_t p) { register u_int length = h->len; register u_int caplen = h->caplen; int flags; __capability const struct enchdr *hdr; if (caplen < ENC_HDRLEN) { printf("[|enc]"); goto out; } hdr = (__capability struct enchdr *)p; flags = hdr->flags; if (flags == 0) printf("(unprotected): "); else printf("("); ENC_PRINT_TYPE(flags, M_AUTH, "authentic"); ENC_PRINT_TYPE(flags, M_CONF, "confidential"); /* ENC_PRINT_TYPE(flags, M_TUNNEL, "tunnel"); */ printf("SPI 0x%08x: ", EXTRACT_32BITS(&hdr->spi)); length -= ENC_HDRLEN; caplen -= ENC_HDRLEN; p += ENC_HDRLEN; switch (hdr->af) { case AF_INET: ip_print(gndo, p, length); break; #ifdef INET6 case AF_INET6: ip6_print(gndo, p, length); break; #endif /*INET6*/ } out: return (ENC_HDRLEN); }
static void ipnet_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { const ipnet_hdr_t *hdr; if (caplen < sizeof(ipnet_hdr_t)) goto trunc; if (ndo->ndo_eflag) ipnet_hdr_print(ndo, p, length); length -= sizeof(ipnet_hdr_t); caplen -= sizeof(ipnet_hdr_t); hdr = (const ipnet_hdr_t *)p; p += sizeof(ipnet_hdr_t); ND_TCHECK_1(hdr->iph_family); switch (EXTRACT_U_1(hdr->iph_family)) { case IPH_AF_INET: ip_print(ndo, p, length); break; case IPH_AF_INET6: ip6_print(ndo, p, length); break; default: if (!ndo->ndo_eflag) ipnet_hdr_print(ndo, (const u_char *)hdr, length + sizeof(ipnet_hdr_t)); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); break; } return; trunc: ND_PRINT(" %s", tstr); }
static void ipnet_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { ipnet_hdr_t *hdr; if (caplen < sizeof(ipnet_hdr_t)) { ND_PRINT((ndo, "[|ipnet]")); return; } if (ndo->ndo_eflag) ipnet_hdr_print(ndo, p, length); length -= sizeof(ipnet_hdr_t); caplen -= sizeof(ipnet_hdr_t); hdr = (ipnet_hdr_t *)p; p += sizeof(ipnet_hdr_t); switch (hdr->iph_family) { case IPH_AF_INET: ip_print(ndo, p, length); break; #ifdef INET6 case IPH_AF_INET6: ip6_print(ndo, p, length); break; #endif /*INET6*/ default: if (!ndo->ndo_eflag) ipnet_hdr_print(ndo, (u_char *)hdr, length + sizeof(ipnet_hdr_t)); if (!ndo->ndo_suppress_default_print) ndo->ndo_default_print(ndo, p, caplen); break; } }
static int arcnet_encap_print(u_char arctype, const u_char *p, u_int length, u_int caplen) { switch (arctype) { case ARCTYPE_IP_OLD: case ARCTYPE_IP: ip_print(gndo, p, length); return (1); #ifdef INET6 case ARCTYPE_INET6: ip6_print(gndo, p, length); return (1); #endif /*INET6*/ case ARCTYPE_ARP_OLD: case ARCTYPE_ARP: case ARCTYPE_REVARP: arp_print(gndo, p, length, caplen); return (1); case ARCTYPE_ATALK: /* XXX was this ever used? */ if (vflag) fputs("et1 ", stdout); atalk_print(p, length); return (1); case ARCTYPE_IPX: ipx_print(p, length); return (1); default: return (0); } }
void nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) { u_int n, vn; uint8_t ver; uint8_t flags; u_int length; uint8_t md_type; uint8_t next_protocol; uint32_t service_path_id; uint8_t service_index; uint32_t ctx; uint16_t tlv_class; uint8_t tlv_type; uint8_t tlv_len; u_int next_len; ndo->ndo_protocol = "nsh"; /* print Base Header and Service Path Header */ if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN) goto trunc; ND_TCHECK_LEN(bp, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN); ver = (uint8_t)(GET_U_1(bp) >> 6); flags = GET_U_1(bp); bp += 1; length = GET_U_1(bp); bp += 1; md_type = GET_U_1(bp); bp += 1; next_protocol = GET_U_1(bp); bp += 1; service_path_id = GET_BE_U_3(bp); bp += 3; service_index = GET_U_1(bp); bp += 1; ND_PRINT("NSH, "); if (ndo->ndo_vflag > 1) { ND_PRINT("ver %u, ", ver); } ND_PRINT("flags [%s], ", bittok2str_nosep(nsh_flags, "none", flags)); if (ndo->ndo_vflag > 2) { ND_PRINT("length %u, ", length); ND_PRINT("md type 0x%x, ", md_type); } if (ndo->ndo_vflag > 1) { ND_PRINT("next-protocol 0x%x, ", next_protocol); } ND_PRINT("service-path-id 0x%06x, ", service_path_id); ND_PRINT("service-index 0x%x", service_index); /* Make sure we have all the headers */ if (len < length * NSH_HDR_WORD_SIZE) goto trunc; ND_TCHECK_LEN(bp, length * NSH_HDR_WORD_SIZE); /* * length includes the lengths of the Base and Service Path headers. * That means it must be at least 2. */ if (length < 2) goto trunc; /* * Print, or skip, the Context Headers. * (length - 2) is the length of those headers. */ if (ndo->ndo_vflag > 2) { if (md_type == 0x01) { for (n = 0; n < length - 2; n++) { ctx = GET_BE_U_4(bp); bp += NSH_HDR_WORD_SIZE; ND_PRINT("\n Context[%02u]: 0x%08x", n, ctx); } } else if (md_type == 0x02) { n = 0; while (n < length - 2) { tlv_class = GET_BE_U_2(bp); bp += 2; tlv_type = GET_U_1(bp); bp += 1; tlv_len = GET_U_1(bp); bp += 1; ND_PRINT("\n TLV Class %u, Type %u, Len %u", tlv_class, tlv_type, tlv_len); n += 1; if (length - 2 < n + tlv_len) { ND_PRINT(" ERROR: invalid-tlv-length"); return; } for (vn = 0; vn < tlv_len; vn++) { ctx = GET_BE_U_4(bp); bp += NSH_HDR_WORD_SIZE; ND_PRINT("\n Value[%02u]: 0x%08x", vn, ctx); } n += tlv_len; } } else { ND_PRINT("ERROR: unknown-next-protocol"); return; } } else { bp += (length - 2) * NSH_HDR_WORD_SIZE; } ND_PRINT(ndo->ndo_vflag ? "\n " : ": "); /* print Next Protocol */ next_len = len - length * NSH_HDR_WORD_SIZE; switch (next_protocol) { case 0x1: ip_print(ndo, bp, next_len); break; case 0x2: ip6_print(ndo, bp, next_len); break; case 0x3: ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL); break; default: ND_PRINT("ERROR: unknown-next-protocol"); return; } return; trunc: nd_print_trunc(ndo); }
u_int chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length) { u_int proto; const u_char *bp = p; if (length < CHDLC_HDRLEN) goto trunc; ND_TCHECK2(*p, CHDLC_HDRLEN); proto = EXTRACT_16BITS(&p[2]); if (ndo->ndo_eflag) { ND_PRINT((ndo, "%s, ethertype %s (0x%04x), length %u: ", tok2str(chdlc_cast_values, "0x%02x", p[0]), tok2str(ethertype_values, "Unknown", proto), proto, length)); } length -= CHDLC_HDRLEN; p += CHDLC_HDRLEN; switch (proto) { case ETHERTYPE_IP: ip_print(ndo, p, length); break; case ETHERTYPE_IPV6: ip6_print(ndo, p, length); break; case CHDLC_TYPE_SLARP: chdlc_slarp_print(ndo, p, length); break; #if 0 case CHDLC_TYPE_CDP: chdlc_cdp_print(p, length); break; #endif case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(ndo, p, length); break; case ETHERTYPE_ISO: /* is the fudge byte set ? lets verify by spotting ISO headers */ if (length < 2) goto trunc; ND_TCHECK_16BITS(p); if (*(p+1) == 0x81 || *(p+1) == 0x82 || *(p+1) == 0x83) isoclns_print(ndo, p + 1, length - 1); else isoclns_print(ndo, p, length); break; default: if (!ndo->ndo_eflag) ND_PRINT((ndo, "unknown CHDLC protocol (0x%04x)", proto)); break; } return (CHDLC_HDRLEN); trunc: ND_PRINT((ndo, "[|chdlc]")); return ndo->ndo_snapend - bp; }
u_int pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { u_int length = h->len; u_int hdrlen; u_int caplen = h->caplen; const struct pfloghdr *hdr; uint8_t af; /* check length */ if (caplen < sizeof(uint8_t)) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } #define MIN_PFLOG_HDRLEN 45 hdr = (const struct pfloghdr *)p; if (hdr->length < MIN_PFLOG_HDRLEN) { ND_PRINT((ndo, "[pflog: invalid header length!]")); return (hdr->length); /* XXX: not really */ } hdrlen = BPF_WORDALIGN(hdr->length); if (caplen < hdrlen) { ND_PRINT((ndo, "%s", tstr)); return (hdrlen); /* XXX: true? */ } /* print what we know */ ND_TCHECK(*hdr); if (ndo->ndo_eflag) pflog_print(ndo, hdr); /* skip to the real packet */ af = hdr->af; length -= hdrlen; caplen -= hdrlen; p += hdrlen; switch (af) { case AF_INET: #if OPENBSD_AF_INET != AF_INET case OPENBSD_AF_INET: /* XXX: read pcap files */ #endif ip_print(ndo, p, length); break; #if defined(AF_INET6) || defined(OPENBSD_AF_INET6) #ifdef AF_INET6 case AF_INET6: #endif /* AF_INET6 */ #if !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 case OPENBSD_AF_INET6: /* XXX: read pcap files */ #endif /* !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 */ ip6_print(ndo, p, length); break; #endif /* defined(AF_INET6) || defined(OPENBSD_AF_INET6) */ default: /* address family not handled, print raw packet */ if (!ndo->ndo_eflag) pflog_print(ndo, hdr); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } return (hdrlen); trunc: ND_PRINT((ndo, "%s", tstr)); return (hdrlen); }
/* * RFC3032: MPLS label stack encoding */ void mpls_print(netdissect_options *ndo, const u_char *bp, u_int length) { const u_char *p; uint32_t label_entry; uint16_t label_stack_depth = 0; enum mpls_packet_type pt = PT_UNKNOWN; p = bp; ND_PRINT((ndo, "MPLS")); do { ND_TCHECK2(*p, sizeof(label_entry)); label_entry = EXTRACT_32BITS(p); ND_PRINT((ndo, "%s(label %u", (label_stack_depth && ndo->ndo_vflag) ? "\n\t" : " ", MPLS_LABEL(label_entry))); label_stack_depth++; if (ndo->ndo_vflag && MPLS_LABEL(label_entry) < sizeof(mpls_labelname) / sizeof(mpls_labelname[0])) ND_PRINT((ndo, " (%s)", mpls_labelname[MPLS_LABEL(label_entry)])); ND_PRINT((ndo, ", exp %u", MPLS_EXP(label_entry))); if (MPLS_STACK(label_entry)) ND_PRINT((ndo, ", [S]")); ND_PRINT((ndo, ", ttl %u)", MPLS_TTL(label_entry))); p += sizeof(label_entry); } while (!MPLS_STACK(label_entry)); /* * Try to figure out the packet type. */ switch (MPLS_LABEL(label_entry)) { case 0: /* IPv4 explicit NULL label */ case 3: /* IPv4 implicit NULL label */ pt = PT_IPV4; break; case 2: /* IPv6 explicit NULL label */ pt = PT_IPV6; break; default: /* * Generally there's no indication of protocol in MPLS label * encoding. * * However, draft-hsmit-isis-aal5mux-00.txt describes a * technique for encapsulating IS-IS and IP traffic on the * same ATM virtual circuit; you look at the first payload * byte to determine the network layer protocol, based on * the fact that * * 1) the first byte of an IP header is 0x45-0x4f * for IPv4 and 0x60-0x6f for IPv6; * * 2) the first byte of an OSI CLNP packet is 0x81, * the first byte of an OSI ES-IS packet is 0x82, * and the first byte of an OSI IS-IS packet is * 0x83; * * so the network layer protocol can be inferred from the * first byte of the packet, if the protocol is one of the * ones listed above. * * Cisco sends control-plane traffic MPLS-encapsulated in * this fashion. */ switch(*p) { case 0x45: case 0x46: case 0x47: case 0x48: case 0x49: case 0x4a: case 0x4b: case 0x4c: case 0x4d: case 0x4e: case 0x4f: pt = PT_IPV4; break; case 0x60: case 0x61: case 0x62: case 0x63: case 0x64: case 0x65: case 0x66: case 0x67: case 0x68: case 0x69: case 0x6a: case 0x6b: case 0x6c: case 0x6d: case 0x6e: case 0x6f: pt = PT_IPV6; break; case 0x81: case 0x82: case 0x83: pt = PT_OSI; break; default: /* ok bail out - we did not figure out what it is*/ break; } } /* * Print the payload. */ if (pt == PT_UNKNOWN) { if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, length - (p - bp)); return; } ND_PRINT((ndo, ndo->ndo_vflag ? "\n\t" : " ")); switch (pt) { case PT_IPV4: ip_print(ndo, p, length - (p - bp)); break; case PT_IPV6: ip6_print(ndo, p, length - (p - bp)); break; case PT_OSI: isoclns_print(ndo, p, length - (p - bp), length - (p - bp)); break; default: break; } return; trunc: ND_PRINT((ndo, "[|MPLS]")); }
/* * This is the top level routine of the printer. 'p' is the points * to the LLC/SNAP header of the packet, 'tvp' is the timestamp, * 'length' is the length of the packet off the wire, and 'caplen' * is the number of bytes actually captured. */ void atm_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; u_short ethertype; ts_print(&h->ts); if (caplen < 8) { printf("[|atm]"); goto out; } if (p[0] != 0xaa || p[1] != 0xaa || p[2] != 0x03) { /*XXX assume 802.6 MAC header from fore driver */ if (eflag) printf("%04x%04x %04x%04x ", p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3], p[4] << 24 | p[5] << 16 | p[6] << 8 | p[7], p[8] << 24 | p[9] << 16 | p[10] << 8 | p[11], p[12] << 24 | p[13] << 16 | p[14] << 8 | p[15]); p += 20; length -= 20; caplen -= 20; } ethertype = p[6] << 8 | p[7]; if (eflag) printf("%02x %02x %02x %02x-%02x-%02x %04x: ", p[0], p[1], p[2], /* dsap/ssap/ctrl */ p[3], p[4], p[5], /* manufacturer's code */ ethertype); /* * Some printers want to get back at the ethernet addresses, * and/or check that they're not walking off the end of the packet. * Rather than pass them all the way down, we set these globals. */ packetp = p; snapend = p + caplen; length -= 8; caplen -= 8; p += 8; switch (ethertype) { case ETHERTYPE_IP: ip_print(p, length); break; #ifdef INET6 case ETHERTYPE_IPV6: ip6_print(p, length); break; #endif /*INET6*/ /*XXX this probably isn't right */ case ETHERTYPE_ARP: case ETHERTYPE_REVARP: arp_print(p, length, caplen); break; #ifdef notyet case ETHERTYPE_DN: decnet_print(p, length, caplen); break; case ETHERTYPE_ATALK: if (vflag) fputs("et1 ", stdout); atalk_print(p, length); break; case ETHERTYPE_AARP: aarp_print(p, length); break; case ETHERTYPE_LAT: case ETHERTYPE_MOPRC: case ETHERTYPE_MOPDL: /* default_print for now */ #endif default: /* ether_type not known, print raw packet */ if (!eflag) printf("%02x %02x %02x %02x-%02x-%02x %04x: ", p[0], p[1], p[2], /* dsap/ssap/ctrl */ p[3], p[4], p[5], /* manufacturer's code */ ethertype); if (!xflag && !qflag) default_print(p, caplen); } if (xflag) default_print(p, caplen); out: putchar('\n'); }
u_int nflog_if_print(struct netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { const nflog_hdr_t *hdr = (const nflog_hdr_t *)p; const nflog_tlv_t *tlv; u_int16_t size; u_int16_t h_size = sizeof(nflog_hdr_t); u_int caplen = h->caplen; u_int length = h->len; if (caplen < (int) sizeof(nflog_hdr_t) || length < (int) sizeof(nflog_hdr_t)) { ND_PRINT((ndo, "[|nflog]")); return h_size; } if (!(hdr->nflog_version) == 0) { ND_PRINT((ndo, "version %u (unknown)", hdr->nflog_version)); return h_size; } if (ndo->ndo_eflag) nflog_hdr_print(ndo, hdr, length); p += sizeof(nflog_hdr_t); length -= sizeof(nflog_hdr_t); caplen -= sizeof(nflog_hdr_t); while (length > 0) { /* We have some data. Do we have enough for the TLV header? */ if (caplen < sizeof(nflog_tlv_t) || length < sizeof(nflog_tlv_t)) { /* No. */ ND_PRINT((ndo, "[|nflog]")); return h_size; } tlv = (const nflog_tlv_t *) p; size = tlv->tlv_length; if (size % 4 != 0) size += 4 - size % 4; /* Is the TLV's length less than the minimum? */ if (size < sizeof(nflog_tlv_t)) { /* Yes. Give up now. */ ND_PRINT((ndo, "[|nflog]")); return h_size; } /* Do we have enough data for the full TLV? */ if (caplen < size || length < size) { /* No. */ ND_PRINT((ndo, "[|nflog]")); return h_size; } if (tlv->tlv_type == NFULA_PAYLOAD) { /* * This TLV's data is the packet payload. * Skip past the TLV header, and break out * of the loop so we print the packet data. */ p += sizeof(nflog_tlv_t); h_size += sizeof(nflog_tlv_t); length -= sizeof(nflog_tlv_t); caplen -= sizeof(nflog_tlv_t); break; } p += size; h_size += size; length -= size; caplen -= size; } switch (hdr->nflog_family) { case AF_INET: ip_print(ndo, p, length); break; #ifdef INET6 case AF_INET6: ip6_print(ndo, p, length); break; #endif /*INET6*/ default: if (!ndo->ndo_eflag) nflog_hdr_print(ndo, hdr, length + sizeof(nflog_hdr_t)); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); break; } return h_size; }
/* * This is the top level routine of the printer. 'p' points * to the ether header of the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int length = h->len; u_int caplen = h->caplen; u_int family; if (caplen < NULL_HDRLEN) { ND_PRINT((ndo, "[|null]")); return (NULL_HDRLEN); } memcpy((char *)&family, (char *)p, sizeof(family)); /* * This isn't necessarily in our host byte order; if this is * a DLT_LOOP capture, it's in network byte order, and if * this is a DLT_NULL capture from a machine with the opposite * byte-order, it's in the opposite byte order from ours. * * If the upper 16 bits aren't all zero, assume it's byte-swapped. */ if ((family & 0xFFFF0000) != 0) family = SWAPLONG(family); if (ndo->ndo_eflag) null_hdr_print(ndo, family, length); length -= NULL_HDRLEN; caplen -= NULL_HDRLEN; p += NULL_HDRLEN; switch (family) { case BSD_AFNUM_INET: ip_print(ndo, p, length); break; case BSD_AFNUM_INET6_BSD: case BSD_AFNUM_INET6_FREEBSD: case BSD_AFNUM_INET6_DARWIN: ip6_print(ndo, p, length); break; case BSD_AFNUM_ISO: isoclns_print(ndo, p, length, caplen); break; case BSD_AFNUM_APPLETALK: atalk_print(ndo, p, length); break; case BSD_AFNUM_IPX: ipx_print(ndo, p, length); break; default: /* unknown AF_ value */ if (!ndo->ndo_eflag) null_hdr_print(ndo, family, length + NULL_HDRLEN); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } return (NULL_HDRLEN); }
void pflog_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int length = h->len; u_int hdrlen; u_int caplen = h->caplen; const struct ip *ip; #ifdef INET6 const struct ip6_hdr *ip6; #endif const struct pfloghdr *hdr; u_int8_t af; ts_print(&h->ts); /* check length */ if (caplen < sizeof(u_int8_t)) { printf("[|pflog]"); goto out; } #define MIN_PFLOG_HDRLEN 45 hdr = (struct pfloghdr *)p; if (hdr->length < MIN_PFLOG_HDRLEN) { printf("[pflog: invalid header length!]"); goto out; } hdrlen = (hdr->length + 3) & 0xfc; if (caplen < hdrlen) { printf("[|pflog]"); goto out; } /* * Some printers want to get back at the link level addresses, * and/or check that they're not walking off the end of the packet. * Rather than pass them all the way down, we set these globals. */ packetp = p; snapend = p + caplen; hdr = (struct pfloghdr *)p; if (eflag) { printf("rule "); if (ntohl(hdr->rulenr) == (u_int32_t) -1) printf("def"); else { printf("%u", ntohl(hdr->rulenr)); if (hdr->ruleset[0]) { printf(".%s", hdr->ruleset); if (ntohl(hdr->subrulenr) == (u_int32_t) -1) printf(".def"); else printf(".%u", ntohl(hdr->subrulenr)); } } if (hdr->reason < PFRES_MAX) printf("/(%s) ", pf_reasons[hdr->reason]); else printf("/(unkn %u) ", (unsigned)hdr->reason); if (vflag) printf("[uid %u, pid %u] ", (unsigned)hdr->rule_uid, (unsigned)hdr->rule_pid); switch (hdr->action) { case PF_MATCH: printf("match"); break; case PF_SCRUB: printf("scrub"); break; case PF_PASS: printf("pass"); break; case PF_DROP: printf("block"); break; case PF_NAT: case PF_NONAT: printf("nat"); break; case PF_BINAT: case PF_NOBINAT: printf("binat"); break; case PF_RDR: case PF_NORDR: printf("rdr"); break; } printf(" %s on %s: ", hdr->dir == PF_OUT ? "out" : "in", hdr->ifname); if (vflag && hdr->pid != NO_PID) printf("[uid %u, pid %u] ", (unsigned)hdr->uid, (unsigned)hdr->pid); if (vflag && hdr->rewritten) { char buf[48]; if (inet_ntop(hdr->af, &hdr->saddr.v4, buf, sizeof(buf)) == NULL) printf("[orig src ?, "); else printf("[orig src %s:%u, ", buf, ntohs(hdr->sport)); if (inet_ntop(hdr->af, &hdr->daddr.v4, buf, sizeof(buf)) == NULL) printf("dst ?] "); else printf("dst %s:%u] ", buf, ntohs(hdr->dport)); } } af = hdr->naf; length -= hdrlen; if (af == AF_INET) { ip = (struct ip *)(p + hdrlen); ip_print((const u_char *)ip, length); if (xflag) default_print((const u_char *)ip, caplen - hdrlen); } else { #ifdef INET6 ip6 = (struct ip6_hdr *)(p + hdrlen); ip6_print((const u_char *)ip6, length); if (xflag) default_print((const u_char *)ip6, caplen - hdrlen); #endif } out: putchar('\n'); }