u_int
sl_if_print(const struct pcap_pkthdr *h, const u_char *p)
{
register u_int caplen = h->caplen;
register u_int length = h->len;
register const struct ip *ip;
if (caplen < SLIP_HDRLEN) {
printf("[|slip]");
return (caplen);
}
length -= SLIP_HDRLEN;
ip = (struct ip *)(p + SLIP_HDRLEN);
if (eflag)
sliplink_print(p, ip, length);
switch (IP_V(ip)) {
case 4:
ip_print(gndo, (u_char *)ip, length);
break;
#ifdef INET6
case 6:
ip6_print((u_char *)ip, length);
break;
#endif
default:
printf ("ip v%d", IP_V(ip));
}
return (SLIP_HDRLEN);
}
static int
arcnet_encap_print(netdissect_options *ndo, u_char arctype, const u_char *p,
u_int length, u_int caplen)
{
switch (arctype) {
case ARCTYPE_IP_OLD:
case ARCTYPE_IP:
ip_print(ndo, p, length);
return (1);
case ARCTYPE_INET6:
ip6_print(ndo, p, length);
return (1);
case ARCTYPE_ARP_OLD:
case ARCTYPE_ARP:
case ARCTYPE_REVARP:
arp_print(ndo, p, length, caplen);
return (1);
case ARCTYPE_ATALK: /* XXX was this ever used? */
if (ndo->ndo_vflag)
ND_PRINT("et1 ");
atalk_print(ndo, p, length);
return (1);
case ARCTYPE_IPX:
ipx_print(ndo, p, length);
return (1);
default:
return (0);
}
}
u_int
sl_if_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, const u_char *p)
{
register u_int caplen = h->caplen;
register u_int length = h->len;
register const struct ip *ip;
if (caplen < SLIP_HDRLEN || length < SLIP_HDRLEN) {
ND_PRINT((ndo, "%s", tstr));
return (caplen);
}
length -= SLIP_HDRLEN;
ip = (struct ip *)(p + SLIP_HDRLEN);
if (ndo->ndo_eflag)
sliplink_print(ndo, p, ip, length);
switch (IP_V(ip)) {
case 4:
ip_print(ndo, (u_char *)ip, length);
break;
case 6:
ip6_print(ndo, (u_char *)ip, length);
break;
default:
ND_PRINT((ndo, "ip v%d", IP_V(ip)));
}
return (SLIP_HDRLEN);
}
/* PPP */
static void
handle_ppp(netdissect_options *ndo,
u_int proto, const u_char *p, int length)
{
if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */
ppp_hdlc(ndo, p - 1, length);
return;
}
switch (proto) {
case PPP_LCP: /* fall through */
case PPP_IPCP:
case PPP_OSICP:
case PPP_MPLSCP:
case PPP_IPV6CP:
case PPP_CCP:
case PPP_BACP:
handle_ctrl_proto(ndo, proto, p, length);
break;
case PPP_ML:
handle_mlppp(ndo, p, length);
break;
case PPP_CHAP:
handle_chap(ndo, p, length);
break;
case PPP_PAP:
handle_pap(ndo, p, length);
break;
case PPP_BAP: /* XXX: not yet completed */
handle_bap(ndo, p, length);
break;
case ETHERTYPE_IP: /*XXX*/
case PPP_VJNC:
case PPP_IP:
ip_print(ndo, p, length);
break;
case ETHERTYPE_IPV6: /*XXX*/
case PPP_IPV6:
ip6_print(ndo, p, length);
break;
case ETHERTYPE_IPX: /*XXX*/
case PPP_IPX:
ipx_print(ndo, p, length);
break;
case PPP_OSI:
isoclns_print(ndo, p, length, length);
break;
case PPP_MPLS_UCAST:
case PPP_MPLS_MCAST:
mpls_print(ndo, p, length);
break;
case PPP_COMP:
ND_PRINT((ndo, "compressed PPP data"));
break;
default:
ND_PRINT((ndo, "%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto)));
print_unknown_data(ndo, p, "\n\t", length);
break;
}
}
u_int
juniper_mfr_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_MFR;
if (juniper_parse_header(ndo, p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
/* child-link ? */
if (l2info.cookie_len == 0) {
mfr_print(ndo, p, l2info.length);
return l2info.header_len;
}
/* first try the LSQ protos */
if (l2info.cookie_len == AS_PIC_COOKIE_LEN) {
switch(l2info.proto) {
case JUNIPER_LSQ_L3_PROTO_IPV4:
ip_print(ndo, p, l2info.length);
return l2info.header_len;
#ifdef INET6
case JUNIPER_LSQ_L3_PROTO_IPV6:
ip6_print(ndo, p,l2info.length);
return l2info.header_len;
#endif
case JUNIPER_LSQ_L3_PROTO_MPLS:
mpls_print(ndo, p, l2info.length);
return l2info.header_len;
case JUNIPER_LSQ_L3_PROTO_ISO:
isoclns_print(ndo, p, l2info.length, l2info.caplen);
return l2info.header_len;
default:
break;
}
return l2info.header_len;
}
/* suppress Bundle-ID if frame was captured on a child-link */
if (ndo->ndo_eflag && EXTRACT_32BITS(l2info.cookie) != 1)
ND_PRINT((ndo, "Bundle-ID %u, ", l2info.bundle));
switch (l2info.proto) {
case (LLCSAP_ISONS<<8 | LLCSAP_ISONS):
isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1);
break;
case (LLC_UI<<8 | NLPID_Q933):
case (LLC_UI<<8 | NLPID_IP):
case (LLC_UI<<8 | NLPID_IP6):
/* pass IP{4,6} to the OSI layer for proper link-layer printing */
isoclns_print(ndo, p - 1, l2info.length + 1, l2info.caplen + 1);
break;
default:
ND_PRINT((ndo, "unknown protocol 0x%04x, length %u", l2info.proto, l2info.length));
}
return l2info.header_len;
}
u_int
juniper_mfr_print(const struct pcap_pkthdr *h, packetbody_t p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_MFR;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
/* child-link ? */
if (l2info.cookie_len == 0) {
mfr_print(p,l2info.length);
return l2info.header_len;
}
/* first try the LSQ protos */
if (l2info.cookie_len == AS_PIC_COOKIE_LEN) {
switch(l2info.proto) {
case JUNIPER_LSQ_L3_PROTO_IPV4:
ip_print(gndo, p, l2info.length);
return l2info.header_len;
#ifdef INET6
case JUNIPER_LSQ_L3_PROTO_IPV6:
ip6_print(gndo, p,l2info.length);
return l2info.header_len;
#endif
case JUNIPER_LSQ_L3_PROTO_MPLS:
mpls_print(p,l2info.length);
return l2info.header_len;
case JUNIPER_LSQ_L3_PROTO_ISO:
isoclns_print(p,l2info.length,l2info.caplen);
return l2info.header_len;
default:
break;
}
return l2info.header_len;
}
/* suppress Bundle-ID if frame was captured on a child-link */
if (eflag && EXTRACT_32BITS(cheri_ptr(l2info.cookie, 4)) != 1) printf("Bundle-ID %u, ",l2info.bundle);
switch (l2info.proto) {
case (LLCSAP_ISONS<<8 | LLCSAP_ISONS):
isoclns_print(p+1, l2info.length-1, l2info.caplen-1);
break;
case (LLC_UI<<8 | NLPID_Q933):
case (LLC_UI<<8 | NLPID_IP):
case (LLC_UI<<8 | NLPID_IP6):
/* pass IP{4,6} to the OSI layer for proper link-layer printing */
isoclns_print(PACKET_SUBTRACT(p, 1), l2info.length+1,
l2info.caplen+1);
break;
default:
printf("unknown protocol 0x%04x, length %u",l2info.proto, l2info.length);
}
return l2info.header_len;
}
u_int
juniper_mlppp_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_MLPPP;
if (juniper_parse_header(ndo, p, h, &l2info) == 0)
return l2info.header_len;
/* suppress Bundle-ID if frame was captured on a child-link
* best indicator if the cookie looks like a proto */
if (ndo->ndo_eflag &&
EXTRACT_16BITS(&l2info.cookie) != PPP_OSI &&
EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL))
ND_PRINT((ndo, "Bundle-ID %u: ", l2info.bundle));
p+=l2info.header_len;
/* first try the LSQ protos */
switch(l2info.proto) {
case JUNIPER_LSQ_L3_PROTO_IPV4:
/* IP traffic going to the RE would not have a cookie
* -> this must be incoming IS-IS over PPP
*/
if (l2info.cookie[4] == (JUNIPER_LSQ_COOKIE_RE|JUNIPER_LSQ_COOKIE_DIR))
ppp_print(ndo, p, l2info.length);
else
ip_print(ndo, p, l2info.length);
return l2info.header_len;
#ifdef INET6
case JUNIPER_LSQ_L3_PROTO_IPV6:
ip6_print(ndo, p,l2info.length);
return l2info.header_len;
#endif
case JUNIPER_LSQ_L3_PROTO_MPLS:
mpls_print(ndo, p, l2info.length);
return l2info.header_len;
case JUNIPER_LSQ_L3_PROTO_ISO:
isoclns_print(ndo, p, l2info.length, l2info.caplen);
return l2info.header_len;
default:
break;
}
/* zero length cookie ? */
switch (EXTRACT_16BITS(&l2info.cookie)) {
case PPP_OSI:
ppp_print(ndo, p - 2, l2info.length + 2);
break;
case (PPP_ADDRESS << 8 | PPP_CONTROL): /* fall through */
default:
ppp_print(ndo, p, l2info.length);
break;
}
return l2info.header_len;
}
u_int
juniper_mfr_print(const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_MFR;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
if (l2info.cookie_len == 0) {
mfr_print(p,l2info.length);
return l2info.header_len;
}
if (l2info.cookie_len == AS_PIC_COOKIE_LEN) {
switch(l2info.proto) {
case JUNIPER_LSQ_L3_PROTO_IPV4:
ip_print(gndo, p, l2info.length);
return l2info.header_len;
#ifdef INET6
case JUNIPER_LSQ_L3_PROTO_IPV6:
ip6_print(p,l2info.length);
return l2info.header_len;
#endif
case JUNIPER_LSQ_L3_PROTO_MPLS:
mpls_print(p,l2info.length);
return l2info.header_len;
case JUNIPER_LSQ_L3_PROTO_ISO:
isoclns_print(p,l2info.length,l2info.caplen);
return l2info.header_len;
default:
break;
}
return l2info.header_len;
}
if (eflag && EXTRACT_32BITS(l2info.cookie) != 1) printf("Bundle-ID %u, ",l2info.bundle);
switch (l2info.proto) {
case (LLCSAP_ISONS<<8 | LLCSAP_ISONS):
isoclns_print(p+1, l2info.length-1, l2info.caplen-1);
break;
case (LLC_UI<<8 | NLPID_Q933):
case (LLC_UI<<8 | NLPID_IP):
case (LLC_UI<<8 | NLPID_IP6):
isoclns_print(p-1, l2info.length+1, l2info.caplen+1);
break;
default:
printf("unknown protocol 0x%04x, length %u",l2info.proto, l2info.length);
}
return l2info.header_len;
}
u_int
chdlc_print(register const u_char *p, u_int length) {
u_int proto;
proto = EXTRACT_16BITS(&p[2]);
if (eflag) {
printf("%s, ethertype %s (0x%04x), length %u: ",
tok2str(chdlc_cast_values, "0x%02x", p[0]),
tok2str(ethertype_values, "Unknown", proto),
proto,
length);
}
length -= CHDLC_HDRLEN;
p += CHDLC_HDRLEN;
switch (proto) {
case ETHERTYPE_IP:
ip_print(gndo, p, length);
break;
#ifdef INET6
case ETHERTYPE_IPV6:
ip6_print(p, length);
break;
#endif
case CHDLC_TYPE_SLARP:
chdlc_slarp_print(p, length);
break;
#if 0
case CHDLC_TYPE_CDP:
chdlc_cdp_print(p, length);
break;
#endif
case ETHERTYPE_MPLS:
case ETHERTYPE_MPLS_MULTI:
mpls_print(p, length);
break;
case ETHERTYPE_ISO:
/* is the fudge byte set ? lets verify by spotting ISO headers */
if (*(p+1) == 0x81 ||
*(p+1) == 0x82 ||
*(p+1) == 0x83)
isoclns_print(p+1, length-1, length-1);
else
isoclns_print(p, length, length);
break;
default:
if (!eflag)
printf("unknown CHDLC protocol (0x%04x)", proto);
break;
}
return (CHDLC_HDRLEN);
}
void
vxlan_gpe_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
uint8_t flags;
uint8_t next_protocol;
uint32_t vni;
if (len < VXLAN_GPE_HDR_LEN)
goto trunc;
ND_TCHECK2(*bp, VXLAN_GPE_HDR_LEN);
flags = *bp;
bp += 3;
next_protocol = *bp;
bp += 1;
vni = EXTRACT_24BITS(bp);
bp += 4;
ND_PRINT((ndo, "VXLAN-GPE, "));
ND_PRINT((ndo, "flags [%s], ",
bittok2str_nosep(vxlan_gpe_flags, "none", flags)));
ND_PRINT((ndo, "vni %u", vni));
ND_PRINT((ndo, ndo->ndo_vflag ? "\n " : ": "));
switch (next_protocol) {
case 0x1:
ip_print(ndo, bp, len - 8);
break;
case 0x2:
ip6_print(ndo, bp, len - 8);
break;
case 0x3:
ether_print(ndo, bp, len - 8, len - 8, NULL, NULL);
break;
case 0x4:
nsh_print(ndo, bp, len - 8);
break;
case 0x5:
mpls_print(ndo, bp, len - 8);
break;
default:
ND_PRINT((ndo, "ERROR: unknown-next-protocol"));
return;
}
return;
trunc:
ND_PRINT((ndo, "%s", tstr));
}
u_int
juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
l2info.pictype = DLT_JUNIPER_MLPPP;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
if (eflag &&
EXTRACT_16BITS(&l2info.cookie) != PPP_OSI &&
EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL))
printf("Bundle-ID %u: ",l2info.bundle);
p+=l2info.header_len;
switch(l2info.proto) {
case JUNIPER_LSQ_L3_PROTO_IPV4:
if (l2info.cookie[4] == (JUNIPER_LSQ_COOKIE_RE|JUNIPER_LSQ_COOKIE_DIR))
ppp_print(p, l2info.length);
else
ip_print(gndo, p, l2info.length);
return l2info.header_len;
#ifdef INET6
case JUNIPER_LSQ_L3_PROTO_IPV6:
ip6_print(p,l2info.length);
return l2info.header_len;
#endif
case JUNIPER_LSQ_L3_PROTO_MPLS:
mpls_print(p,l2info.length);
return l2info.header_len;
case JUNIPER_LSQ_L3_PROTO_ISO:
isoclns_print(p,l2info.length,l2info.caplen);
return l2info.header_len;
default:
break;
}
switch (EXTRACT_16BITS(&l2info.cookie)) {
case PPP_OSI:
ppp_print(p-2,l2info.length+2);
break;
case (PPP_ADDRESS << 8 | PPP_CONTROL):
default:
ppp_print(p,l2info.length);
break;
}
return l2info.header_len;
}
/*
* Decoding routines for GTP version 0.
*/
void
gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport)
{
struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp;
int len, version;
u_int64_t tid;
gtp_proto = GTP_V0_PROTO;
/* Check if this is GTP prime. */
TCHECK(gh->flags);
if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) {
gtp_proto = GTP_V0_PRIME_PROTO;
gtp_v0_print_prime(cp);
return;
}
/* Print GTP header. */
TCHECK(*gh);
cp += sizeof(struct gtp_v0_hdr);
len = ntohs(gh->length);
bcopy(&gh->tid, &tid, sizeof(tid));
printf(" GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ",
ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow),
ntohs(gh->npduno), betoh64(tid));
/* Decode GTP message. */
printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype));
if (!vflag)
return;
if (gh->msgtype == GTPV0_T_PDU) {
TCHECK(cp[0]);
version = cp[0] >> 4;
printf(" { ");
if (version == 4)
ip_print(cp, len);
#ifdef INET6
else if (version == 6)
ip6_print(cp, len);
#endif
else
printf("Unknown IP version %u", version);
printf(" }");
} else
void
sl_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
register u_int caplen = h->caplen;
register u_int length = h->len;
register const struct ip *ip;
ts_print(&h->ts);
if (caplen < SLIP_HDRLEN) {
printf("[|slip]");
goto out;
}
/*
* Some printers want to get back at the link level addresses,
* and/or check that they're not walking off the end of the packet.
* Rather than pass them all the way down, we set these globals.
*/
packetp = p;
snapend = p + caplen;
length -= SLIP_HDRLEN;
ip = (struct ip *)(p + SLIP_HDRLEN);
if (eflag)
sliplink_print(p, ip, length);
switch (ip->ip_v) {
case 4:
ip_print((u_char *)ip, length);
break;
#ifdef INET6
case 6:
ip6_print((u_char *)ip, length);
break;
#endif
default:
printf ("ip v%d", ip->ip_v);
}
if (xflag)
default_print((u_char *)ip, caplen - SLIP_HDRLEN);
out:
putchar('\n');
}
u_int
juniper_ggsn_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, register const u_char *p)
{
struct juniper_l2info_t l2info;
struct juniper_ggsn_header {
uint8_t svc_id;
uint8_t flags_len;
uint8_t proto;
uint8_t flags;
uint8_t vlan_id[2];
uint8_t res[2];
};
const struct juniper_ggsn_header *gh;
l2info.pictype = DLT_JUNIPER_GGSN;
if (juniper_parse_header(ndo, p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
gh = (struct juniper_ggsn_header *)&l2info.cookie;
if (ndo->ndo_eflag) {
ND_PRINT((ndo, "proto %s (%u), vlan %u: ",
tok2str(juniper_protocol_values,"Unknown",gh->proto),
gh->proto,
EXTRACT_16BITS(&gh->vlan_id[0])));
}
switch (gh->proto) {
case JUNIPER_PROTO_IPV4:
ip_print(ndo, p, l2info.length);
break;
#ifdef INET6
case JUNIPER_PROTO_IPV6:
ip6_print(ndo, p, l2info.length);
break;
#endif /* INET6 */
default:
if (!ndo->ndo_eflag)
ND_PRINT((ndo, "unknown GGSN proto (%u)", gh->proto));
}
return l2info.header_len;
}
static int
ip_heuristic_guess(netdissect_options *ndo,
register const u_char *p, u_int length) {
switch(p[0]) {
case 0x45:
case 0x46:
case 0x47:
case 0x48:
case 0x49:
case 0x4a:
case 0x4b:
case 0x4c:
case 0x4d:
case 0x4e:
case 0x4f:
ip_print(ndo, p, length);
break;
#ifdef INET6
case 0x60:
case 0x61:
case 0x62:
case 0x63:
case 0x64:
case 0x65:
case 0x66:
case 0x67:
case 0x68:
case 0x69:
case 0x6a:
case 0x6b:
case 0x6c:
case 0x6d:
case 0x6e:
case 0x6f:
ip6_print(ndo, p, length);
break;
#endif
default:
return 0; /* did not find a ip header */
break;
}
return 1; /* we printed an v4/v6 packet */
}
u_int
juniper_ggsn_print(const struct pcap_pkthdr *h, packetbody_t p)
{
struct juniper_l2info_t l2info;
struct juniper_ggsn_header {
u_int8_t svc_id;
u_int8_t flags_len;
u_int8_t proto;
u_int8_t flags;
u_int8_t vlan_id[2];
u_int8_t res[2];
};
__capability const struct juniper_ggsn_header *gh;
l2info.pictype = DLT_JUNIPER_GGSN;
if(juniper_parse_header(p, h, &l2info) == 0)
return l2info.header_len;
p+=l2info.header_len;
gh = (__capability const struct juniper_ggsn_header *)&l2info.cookie;
if (eflag) {
printf("proto %s (%u), vlan %u: ",
tok2str(juniper_protocol_values,"Unknown",gh->proto),
gh->proto,
EXTRACT_16BITS(&gh->vlan_id[0]));
}
switch (gh->proto) {
case JUNIPER_PROTO_IPV4:
ip_print(gndo, p, l2info.length);
break;
#ifdef INET6
case JUNIPER_PROTO_IPV6:
ip6_print(gndo, p, l2info.length);
break;
#endif /* INET6 */
default:
if (!eflag)
printf("unknown GGSN proto (%u)", gh->proto);
}
return l2info.header_len;
}
int
ip_heuristic_guess(register const u_char *p, u_int length) {
switch(p[0]) {
case 0x45:
case 0x46:
case 0x47:
case 0x48:
case 0x49:
case 0x4a:
case 0x4b:
case 0x4c:
case 0x4d:
case 0x4e:
case 0x4f:
ip_print(gndo, p, length);
break;
#ifdef INET6
case 0x60:
case 0x61:
case 0x62:
case 0x63:
case 0x64:
case 0x65:
case 0x66:
case 0x67:
case 0x68:
case 0x69:
case 0x6a:
case 0x6b:
case 0x6c:
case 0x6d:
case 0x6e:
case 0x6f:
ip6_print(p, length);
break;
#endif
default:
return 0;
break;
}
return 1;
}
int
ip_heuristic_guess(packetbody_t p, u_int length) {
switch(p[0]) {
case 0x45:
case 0x46:
case 0x47:
case 0x48:
case 0x49:
case 0x4a:
case 0x4b:
case 0x4c:
case 0x4d:
case 0x4e:
case 0x4f:
ip_print(gndo, p, length);
break;
#ifdef INET6
case 0x60:
case 0x61:
case 0x62:
case 0x63:
case 0x64:
case 0x65:
case 0x66:
case 0x67:
case 0x68:
case 0x69:
case 0x6a:
case 0x6b:
case 0x6c:
case 0x6d:
case 0x6e:
case 0x6f:
ip6_print(gndo, p, length);
break;
#endif
default:
return 0; /* did not find a ip header */
break;
}
return 1; /* we printed an v4/v6 packet */
}
u_int
enc_if_print(const struct pcap_pkthdr *h, packetbody_t p)
{
register u_int length = h->len;
register u_int caplen = h->caplen;
int flags;
__capability const struct enchdr *hdr;
if (caplen < ENC_HDRLEN) {
printf("[|enc]");
goto out;
}
hdr = (__capability struct enchdr *)p;
flags = hdr->flags;
if (flags == 0)
printf("(unprotected): ");
else
printf("(");
ENC_PRINT_TYPE(flags, M_AUTH, "authentic");
ENC_PRINT_TYPE(flags, M_CONF, "confidential");
/* ENC_PRINT_TYPE(flags, M_TUNNEL, "tunnel"); */
printf("SPI 0x%08x: ", EXTRACT_32BITS(&hdr->spi));
length -= ENC_HDRLEN;
caplen -= ENC_HDRLEN;
p += ENC_HDRLEN;
switch (hdr->af) {
case AF_INET:
ip_print(gndo, p, length);
break;
#ifdef INET6
case AF_INET6:
ip6_print(gndo, p, length);
break;
#endif /*INET6*/
}
out:
return (ENC_HDRLEN);
}
static void
ipnet_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
{
const ipnet_hdr_t *hdr;
if (caplen < sizeof(ipnet_hdr_t))
goto trunc;
if (ndo->ndo_eflag)
ipnet_hdr_print(ndo, p, length);
length -= sizeof(ipnet_hdr_t);
caplen -= sizeof(ipnet_hdr_t);
hdr = (const ipnet_hdr_t *)p;
p += sizeof(ipnet_hdr_t);
ND_TCHECK_1(hdr->iph_family);
switch (EXTRACT_U_1(hdr->iph_family)) {
case IPH_AF_INET:
ip_print(ndo, p, length);
break;
case IPH_AF_INET6:
ip6_print(ndo, p, length);
break;
default:
if (!ndo->ndo_eflag)
ipnet_hdr_print(ndo, (const u_char *)hdr,
length + sizeof(ipnet_hdr_t));
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
break;
}
return;
trunc:
ND_PRINT(" %s", tstr);
}
static void
ipnet_print(struct netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
{
ipnet_hdr_t *hdr;
if (caplen < sizeof(ipnet_hdr_t)) {
ND_PRINT((ndo, "[|ipnet]"));
return;
}
if (ndo->ndo_eflag)
ipnet_hdr_print(ndo, p, length);
length -= sizeof(ipnet_hdr_t);
caplen -= sizeof(ipnet_hdr_t);
hdr = (ipnet_hdr_t *)p;
p += sizeof(ipnet_hdr_t);
switch (hdr->iph_family) {
case IPH_AF_INET:
ip_print(ndo, p, length);
break;
#ifdef INET6
case IPH_AF_INET6:
ip6_print(ndo, p, length);
break;
#endif /*INET6*/
default:
if (!ndo->ndo_eflag)
ipnet_hdr_print(ndo, (u_char *)hdr,
length + sizeof(ipnet_hdr_t));
if (!ndo->ndo_suppress_default_print)
ndo->ndo_default_print(ndo, p, caplen);
break;
}
}
static int
arcnet_encap_print(u_char arctype, const u_char *p,
u_int length, u_int caplen)
{
switch (arctype) {
case ARCTYPE_IP_OLD:
case ARCTYPE_IP:
ip_print(gndo, p, length);
return (1);
#ifdef INET6
case ARCTYPE_INET6:
ip6_print(gndo, p, length);
return (1);
#endif /*INET6*/
case ARCTYPE_ARP_OLD:
case ARCTYPE_ARP:
case ARCTYPE_REVARP:
arp_print(gndo, p, length, caplen);
return (1);
case ARCTYPE_ATALK: /* XXX was this ever used? */
if (vflag)
fputs("et1 ", stdout);
atalk_print(p, length);
return (1);
case ARCTYPE_IPX:
ipx_print(p, length);
return (1);
default:
return (0);
}
}
void
nsh_print(netdissect_options *ndo, const u_char *bp, u_int len)
{
u_int n, vn;
uint8_t ver;
uint8_t flags;
u_int length;
uint8_t md_type;
uint8_t next_protocol;
uint32_t service_path_id;
uint8_t service_index;
uint32_t ctx;
uint16_t tlv_class;
uint8_t tlv_type;
uint8_t tlv_len;
u_int next_len;
ndo->ndo_protocol = "nsh";
/* print Base Header and Service Path Header */
if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN)
goto trunc;
ND_TCHECK_LEN(bp, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN);
ver = (uint8_t)(GET_U_1(bp) >> 6);
flags = GET_U_1(bp);
bp += 1;
length = GET_U_1(bp);
bp += 1;
md_type = GET_U_1(bp);
bp += 1;
next_protocol = GET_U_1(bp);
bp += 1;
service_path_id = GET_BE_U_3(bp);
bp += 3;
service_index = GET_U_1(bp);
bp += 1;
ND_PRINT("NSH, ");
if (ndo->ndo_vflag > 1) {
ND_PRINT("ver %u, ", ver);
}
ND_PRINT("flags [%s], ", bittok2str_nosep(nsh_flags, "none", flags));
if (ndo->ndo_vflag > 2) {
ND_PRINT("length %u, ", length);
ND_PRINT("md type 0x%x, ", md_type);
}
if (ndo->ndo_vflag > 1) {
ND_PRINT("next-protocol 0x%x, ", next_protocol);
}
ND_PRINT("service-path-id 0x%06x, ", service_path_id);
ND_PRINT("service-index 0x%x", service_index);
/* Make sure we have all the headers */
if (len < length * NSH_HDR_WORD_SIZE)
goto trunc;
ND_TCHECK_LEN(bp, length * NSH_HDR_WORD_SIZE);
/*
* length includes the lengths of the Base and Service Path headers.
* That means it must be at least 2.
*/
if (length < 2)
goto trunc;
/*
* Print, or skip, the Context Headers.
* (length - 2) is the length of those headers.
*/
if (ndo->ndo_vflag > 2) {
if (md_type == 0x01) {
for (n = 0; n < length - 2; n++) {
ctx = GET_BE_U_4(bp);
bp += NSH_HDR_WORD_SIZE;
ND_PRINT("\n Context[%02u]: 0x%08x", n, ctx);
}
}
else if (md_type == 0x02) {
n = 0;
while (n < length - 2) {
tlv_class = GET_BE_U_2(bp);
bp += 2;
tlv_type = GET_U_1(bp);
bp += 1;
tlv_len = GET_U_1(bp);
bp += 1;
ND_PRINT("\n TLV Class %u, Type %u, Len %u",
tlv_class, tlv_type, tlv_len);
n += 1;
if (length - 2 < n + tlv_len) {
ND_PRINT(" ERROR: invalid-tlv-length");
return;
}
for (vn = 0; vn < tlv_len; vn++) {
ctx = GET_BE_U_4(bp);
bp += NSH_HDR_WORD_SIZE;
ND_PRINT("\n Value[%02u]: 0x%08x", vn, ctx);
}
n += tlv_len;
}
}
else {
ND_PRINT("ERROR: unknown-next-protocol");
return;
}
}
else {
bp += (length - 2) * NSH_HDR_WORD_SIZE;
}
ND_PRINT(ndo->ndo_vflag ? "\n " : ": ");
/* print Next Protocol */
next_len = len - length * NSH_HDR_WORD_SIZE;
switch (next_protocol) {
case 0x1:
ip_print(ndo, bp, next_len);
break;
case 0x2:
ip6_print(ndo, bp, next_len);
break;
case 0x3:
ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
break;
default:
ND_PRINT("ERROR: unknown-next-protocol");
return;
}
return;
trunc:
nd_print_trunc(ndo);
}
u_int
chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length)
{
u_int proto;
const u_char *bp = p;
if (length < CHDLC_HDRLEN)
goto trunc;
ND_TCHECK2(*p, CHDLC_HDRLEN);
proto = EXTRACT_16BITS(&p[2]);
if (ndo->ndo_eflag) {
ND_PRINT((ndo, "%s, ethertype %s (0x%04x), length %u: ",
tok2str(chdlc_cast_values, "0x%02x", p[0]),
tok2str(ethertype_values, "Unknown", proto),
proto,
length));
}
length -= CHDLC_HDRLEN;
p += CHDLC_HDRLEN;
switch (proto) {
case ETHERTYPE_IP:
ip_print(ndo, p, length);
break;
case ETHERTYPE_IPV6:
ip6_print(ndo, p, length);
break;
case CHDLC_TYPE_SLARP:
chdlc_slarp_print(ndo, p, length);
break;
#if 0
case CHDLC_TYPE_CDP:
chdlc_cdp_print(p, length);
break;
#endif
case ETHERTYPE_MPLS:
case ETHERTYPE_MPLS_MULTI:
mpls_print(ndo, p, length);
break;
case ETHERTYPE_ISO:
/* is the fudge byte set ? lets verify by spotting ISO headers */
if (length < 2)
goto trunc;
ND_TCHECK_16BITS(p);
if (*(p+1) == 0x81 ||
*(p+1) == 0x82 ||
*(p+1) == 0x83)
isoclns_print(ndo, p + 1, length - 1);
else
isoclns_print(ndo, p, length);
break;
default:
if (!ndo->ndo_eflag)
ND_PRINT((ndo, "unknown CHDLC protocol (0x%04x)", proto));
break;
}
return (CHDLC_HDRLEN);
trunc:
ND_PRINT((ndo, "[|chdlc]"));
return ndo->ndo_snapend - bp;
}
u_int
pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
register const u_char *p)
{
u_int length = h->len;
u_int hdrlen;
u_int caplen = h->caplen;
const struct pfloghdr *hdr;
uint8_t af;
/* check length */
if (caplen < sizeof(uint8_t)) {
ND_PRINT((ndo, "%s", tstr));
return (caplen);
}
#define MIN_PFLOG_HDRLEN 45
hdr = (const struct pfloghdr *)p;
if (hdr->length < MIN_PFLOG_HDRLEN) {
ND_PRINT((ndo, "[pflog: invalid header length!]"));
return (hdr->length); /* XXX: not really */
}
hdrlen = BPF_WORDALIGN(hdr->length);
if (caplen < hdrlen) {
ND_PRINT((ndo, "%s", tstr));
return (hdrlen); /* XXX: true? */
}
/* print what we know */
ND_TCHECK(*hdr);
if (ndo->ndo_eflag)
pflog_print(ndo, hdr);
/* skip to the real packet */
af = hdr->af;
length -= hdrlen;
caplen -= hdrlen;
p += hdrlen;
switch (af) {
case AF_INET:
#if OPENBSD_AF_INET != AF_INET
case OPENBSD_AF_INET: /* XXX: read pcap files */
#endif
ip_print(ndo, p, length);
break;
#if defined(AF_INET6) || defined(OPENBSD_AF_INET6)
#ifdef AF_INET6
case AF_INET6:
#endif /* AF_INET6 */
#if !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6
case OPENBSD_AF_INET6: /* XXX: read pcap files */
#endif /* !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 */
ip6_print(ndo, p, length);
break;
#endif /* defined(AF_INET6) || defined(OPENBSD_AF_INET6) */
default:
/* address family not handled, print raw packet */
if (!ndo->ndo_eflag)
pflog_print(ndo, hdr);
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
}
return (hdrlen);
trunc:
ND_PRINT((ndo, "%s", tstr));
return (hdrlen);
}
/*
* RFC3032: MPLS label stack encoding
*/
void
mpls_print(netdissect_options *ndo, const u_char *bp, u_int length)
{
const u_char *p;
uint32_t label_entry;
uint16_t label_stack_depth = 0;
enum mpls_packet_type pt = PT_UNKNOWN;
p = bp;
ND_PRINT((ndo, "MPLS"));
do {
ND_TCHECK2(*p, sizeof(label_entry));
label_entry = EXTRACT_32BITS(p);
ND_PRINT((ndo, "%s(label %u",
(label_stack_depth && ndo->ndo_vflag) ? "\n\t" : " ",
MPLS_LABEL(label_entry)));
label_stack_depth++;
if (ndo->ndo_vflag &&
MPLS_LABEL(label_entry) < sizeof(mpls_labelname) / sizeof(mpls_labelname[0]))
ND_PRINT((ndo, " (%s)", mpls_labelname[MPLS_LABEL(label_entry)]));
ND_PRINT((ndo, ", exp %u", MPLS_EXP(label_entry)));
if (MPLS_STACK(label_entry))
ND_PRINT((ndo, ", [S]"));
ND_PRINT((ndo, ", ttl %u)", MPLS_TTL(label_entry)));
p += sizeof(label_entry);
} while (!MPLS_STACK(label_entry));
/*
* Try to figure out the packet type.
*/
switch (MPLS_LABEL(label_entry)) {
case 0: /* IPv4 explicit NULL label */
case 3: /* IPv4 implicit NULL label */
pt = PT_IPV4;
break;
case 2: /* IPv6 explicit NULL label */
pt = PT_IPV6;
break;
default:
/*
* Generally there's no indication of protocol in MPLS label
* encoding.
*
* However, draft-hsmit-isis-aal5mux-00.txt describes a
* technique for encapsulating IS-IS and IP traffic on the
* same ATM virtual circuit; you look at the first payload
* byte to determine the network layer protocol, based on
* the fact that
*
* 1) the first byte of an IP header is 0x45-0x4f
* for IPv4 and 0x60-0x6f for IPv6;
*
* 2) the first byte of an OSI CLNP packet is 0x81,
* the first byte of an OSI ES-IS packet is 0x82,
* and the first byte of an OSI IS-IS packet is
* 0x83;
*
* so the network layer protocol can be inferred from the
* first byte of the packet, if the protocol is one of the
* ones listed above.
*
* Cisco sends control-plane traffic MPLS-encapsulated in
* this fashion.
*/
switch(*p) {
case 0x45:
case 0x46:
case 0x47:
case 0x48:
case 0x49:
case 0x4a:
case 0x4b:
case 0x4c:
case 0x4d:
case 0x4e:
case 0x4f:
pt = PT_IPV4;
break;
case 0x60:
case 0x61:
case 0x62:
case 0x63:
case 0x64:
case 0x65:
case 0x66:
case 0x67:
case 0x68:
case 0x69:
case 0x6a:
case 0x6b:
case 0x6c:
case 0x6d:
case 0x6e:
case 0x6f:
pt = PT_IPV6;
break;
case 0x81:
case 0x82:
case 0x83:
pt = PT_OSI;
break;
default:
/* ok bail out - we did not figure out what it is*/
break;
}
}
/*
* Print the payload.
*/
if (pt == PT_UNKNOWN) {
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, length - (p - bp));
return;
}
ND_PRINT((ndo, ndo->ndo_vflag ? "\n\t" : " "));
switch (pt) {
case PT_IPV4:
ip_print(ndo, p, length - (p - bp));
break;
case PT_IPV6:
ip6_print(ndo, p, length - (p - bp));
break;
case PT_OSI:
isoclns_print(ndo, p, length - (p - bp), length - (p - bp));
break;
default:
break;
}
return;
trunc:
ND_PRINT((ndo, "[|MPLS]"));
}
/*
* This is the top level routine of the printer. 'p' is the points
* to the LLC/SNAP header of the packet, 'tvp' is the timestamp,
* 'length' is the length of the packet off the wire, and 'caplen'
* is the number of bytes actually captured.
*/
void
atm_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
u_short ethertype;
ts_print(&h->ts);
if (caplen < 8) {
printf("[|atm]");
goto out;
}
if (p[0] != 0xaa || p[1] != 0xaa || p[2] != 0x03) {
/*XXX assume 802.6 MAC header from fore driver */
if (eflag)
printf("%04x%04x %04x%04x ",
p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3],
p[4] << 24 | p[5] << 16 | p[6] << 8 | p[7],
p[8] << 24 | p[9] << 16 | p[10] << 8 | p[11],
p[12] << 24 | p[13] << 16 | p[14] << 8 | p[15]);
p += 20;
length -= 20;
caplen -= 20;
}
ethertype = p[6] << 8 | p[7];
if (eflag)
printf("%02x %02x %02x %02x-%02x-%02x %04x: ",
p[0], p[1], p[2], /* dsap/ssap/ctrl */
p[3], p[4], p[5], /* manufacturer's code */
ethertype);
/*
* Some printers want to get back at the ethernet addresses,
* and/or check that they're not walking off the end of the packet.
* Rather than pass them all the way down, we set these globals.
*/
packetp = p;
snapend = p + caplen;
length -= 8;
caplen -= 8;
p += 8;
switch (ethertype) {
case ETHERTYPE_IP:
ip_print(p, length);
break;
#ifdef INET6
case ETHERTYPE_IPV6:
ip6_print(p, length);
break;
#endif /*INET6*/
/*XXX this probably isn't right */
case ETHERTYPE_ARP:
case ETHERTYPE_REVARP:
arp_print(p, length, caplen);
break;
#ifdef notyet
case ETHERTYPE_DN:
decnet_print(p, length, caplen);
break;
case ETHERTYPE_ATALK:
if (vflag)
fputs("et1 ", stdout);
atalk_print(p, length);
break;
case ETHERTYPE_AARP:
aarp_print(p, length);
break;
case ETHERTYPE_LAT:
case ETHERTYPE_MOPRC:
case ETHERTYPE_MOPDL:
/* default_print for now */
#endif
default:
/* ether_type not known, print raw packet */
if (!eflag)
printf("%02x %02x %02x %02x-%02x-%02x %04x: ",
p[0], p[1], p[2], /* dsap/ssap/ctrl */
p[3], p[4], p[5], /* manufacturer's code */
ethertype);
if (!xflag && !qflag)
default_print(p, caplen);
}
if (xflag)
default_print(p, caplen);
out:
putchar('\n');
}
u_int
nflog_if_print(struct netdissect_options *ndo,
const struct pcap_pkthdr *h, const u_char *p)
{
const nflog_hdr_t *hdr = (const nflog_hdr_t *)p;
const nflog_tlv_t *tlv;
u_int16_t size;
u_int16_t h_size = sizeof(nflog_hdr_t);
u_int caplen = h->caplen;
u_int length = h->len;
if (caplen < (int) sizeof(nflog_hdr_t) || length < (int) sizeof(nflog_hdr_t)) {
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
if (!(hdr->nflog_version) == 0) {
ND_PRINT((ndo, "version %u (unknown)", hdr->nflog_version));
return h_size;
}
if (ndo->ndo_eflag)
nflog_hdr_print(ndo, hdr, length);
p += sizeof(nflog_hdr_t);
length -= sizeof(nflog_hdr_t);
caplen -= sizeof(nflog_hdr_t);
while (length > 0) {
/* We have some data. Do we have enough for the TLV header? */
if (caplen < sizeof(nflog_tlv_t) || length < sizeof(nflog_tlv_t)) {
/* No. */
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
tlv = (const nflog_tlv_t *) p;
size = tlv->tlv_length;
if (size % 4 != 0)
size += 4 - size % 4;
/* Is the TLV's length less than the minimum? */
if (size < sizeof(nflog_tlv_t)) {
/* Yes. Give up now. */
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
/* Do we have enough data for the full TLV? */
if (caplen < size || length < size) {
/* No. */
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
if (tlv->tlv_type == NFULA_PAYLOAD) {
/*
* This TLV's data is the packet payload.
* Skip past the TLV header, and break out
* of the loop so we print the packet data.
*/
p += sizeof(nflog_tlv_t);
h_size += sizeof(nflog_tlv_t);
length -= sizeof(nflog_tlv_t);
caplen -= sizeof(nflog_tlv_t);
break;
}
p += size;
h_size += size;
length -= size;
caplen -= size;
}
switch (hdr->nflog_family) {
case AF_INET:
ip_print(ndo, p, length);
break;
#ifdef INET6
case AF_INET6:
ip6_print(ndo, p, length);
break;
#endif /*INET6*/
default:
if (!ndo->ndo_eflag)
nflog_hdr_print(ndo, hdr,
length + sizeof(nflog_hdr_t));
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
break;
}
return h_size;
}
/*
* This is the top level routine of the printer. 'p' points
* to the ether header of the packet, 'h->ts' is the timestamp,
* 'h->len' is the length of the packet off the wire, and 'h->caplen'
* is the number of bytes actually captured.
*/
u_int
null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p)
{
u_int length = h->len;
u_int caplen = h->caplen;
u_int family;
if (caplen < NULL_HDRLEN) {
ND_PRINT((ndo, "[|null]"));
return (NULL_HDRLEN);
}
memcpy((char *)&family, (char *)p, sizeof(family));
/*
* This isn't necessarily in our host byte order; if this is
* a DLT_LOOP capture, it's in network byte order, and if
* this is a DLT_NULL capture from a machine with the opposite
* byte-order, it's in the opposite byte order from ours.
*
* If the upper 16 bits aren't all zero, assume it's byte-swapped.
*/
if ((family & 0xFFFF0000) != 0)
family = SWAPLONG(family);
if (ndo->ndo_eflag)
null_hdr_print(ndo, family, length);
length -= NULL_HDRLEN;
caplen -= NULL_HDRLEN;
p += NULL_HDRLEN;
switch (family) {
case BSD_AFNUM_INET:
ip_print(ndo, p, length);
break;
case BSD_AFNUM_INET6_BSD:
case BSD_AFNUM_INET6_FREEBSD:
case BSD_AFNUM_INET6_DARWIN:
ip6_print(ndo, p, length);
break;
case BSD_AFNUM_ISO:
isoclns_print(ndo, p, length, caplen);
break;
case BSD_AFNUM_APPLETALK:
atalk_print(ndo, p, length);
break;
case BSD_AFNUM_IPX:
ipx_print(ndo, p, length);
break;
default:
/* unknown AF_ value */
if (!ndo->ndo_eflag)
null_hdr_print(ndo, family, length + NULL_HDRLEN);
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
}
return (NULL_HDRLEN);
}
void
pflog_if_print(u_char *user, const struct pcap_pkthdr *h,
const u_char *p)
{
u_int length = h->len;
u_int hdrlen;
u_int caplen = h->caplen;
const struct ip *ip;
#ifdef INET6
const struct ip6_hdr *ip6;
#endif
const struct pfloghdr *hdr;
u_int8_t af;
ts_print(&h->ts);
/* check length */
if (caplen < sizeof(u_int8_t)) {
printf("[|pflog]");
goto out;
}
#define MIN_PFLOG_HDRLEN 45
hdr = (struct pfloghdr *)p;
if (hdr->length < MIN_PFLOG_HDRLEN) {
printf("[pflog: invalid header length!]");
goto out;
}
hdrlen = (hdr->length + 3) & 0xfc;
if (caplen < hdrlen) {
printf("[|pflog]");
goto out;
}
/*
* Some printers want to get back at the link level addresses,
* and/or check that they're not walking off the end of the packet.
* Rather than pass them all the way down, we set these globals.
*/
packetp = p;
snapend = p + caplen;
hdr = (struct pfloghdr *)p;
if (eflag) {
printf("rule ");
if (ntohl(hdr->rulenr) == (u_int32_t) -1)
printf("def");
else {
printf("%u", ntohl(hdr->rulenr));
if (hdr->ruleset[0]) {
printf(".%s", hdr->ruleset);
if (ntohl(hdr->subrulenr) == (u_int32_t) -1)
printf(".def");
else
printf(".%u", ntohl(hdr->subrulenr));
}
}
if (hdr->reason < PFRES_MAX)
printf("/(%s) ", pf_reasons[hdr->reason]);
else
printf("/(unkn %u) ", (unsigned)hdr->reason);
if (vflag)
printf("[uid %u, pid %u] ", (unsigned)hdr->rule_uid,
(unsigned)hdr->rule_pid);
switch (hdr->action) {
case PF_MATCH:
printf("match");
break;
case PF_SCRUB:
printf("scrub");
break;
case PF_PASS:
printf("pass");
break;
case PF_DROP:
printf("block");
break;
case PF_NAT:
case PF_NONAT:
printf("nat");
break;
case PF_BINAT:
case PF_NOBINAT:
printf("binat");
break;
case PF_RDR:
case PF_NORDR:
printf("rdr");
break;
}
printf(" %s on %s: ",
hdr->dir == PF_OUT ? "out" : "in",
hdr->ifname);
if (vflag && hdr->pid != NO_PID)
printf("[uid %u, pid %u] ", (unsigned)hdr->uid,
(unsigned)hdr->pid);
if (vflag && hdr->rewritten) {
char buf[48];
if (inet_ntop(hdr->af, &hdr->saddr.v4, buf,
sizeof(buf)) == NULL)
printf("[orig src ?, ");
else
printf("[orig src %s:%u, ", buf,
ntohs(hdr->sport));
if (inet_ntop(hdr->af, &hdr->daddr.v4, buf,
sizeof(buf)) == NULL)
printf("dst ?] ");
else
printf("dst %s:%u] ", buf,
ntohs(hdr->dport));
}
}
af = hdr->naf;
length -= hdrlen;
if (af == AF_INET) {
ip = (struct ip *)(p + hdrlen);
ip_print((const u_char *)ip, length);
if (xflag)
default_print((const u_char *)ip,
caplen - hdrlen);
} else {
#ifdef INET6
ip6 = (struct ip6_hdr *)(p + hdrlen);
ip6_print((const u_char *)ip6, length);
if (xflag)
default_print((const u_char *)ip6,
caplen - hdrlen);
#endif
}
out:
putchar('\n');
}
