u_int
cip_if_print(const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
u_short extracted_ethertype;
if (memcmp(rfcllc, p, sizeof(rfcllc))==0 && caplen < RFC1483LLC_LEN) {
printf("[|cip]");
return (0);
}
if (eflag)
cip_print(length);
if (memcmp(rfcllc, p, sizeof(rfcllc)) == 0) {
if (llc_print(p, length, caplen, NULL, NULL,
&extracted_ethertype) == 0) {
if (!eflag)
cip_print(length);
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!suppress_default_print)
default_print(p, caplen);
}
} else {
ip_print(gndo, p, length);
}
return (0);
}
/*
* Print an RFC 1483 LLC-encapsulated ATM frame.
*/
static void
atm_llc_print(const u_char *p, int length, int caplen)
{
u_short extracted_ethertype;
if (!llc_print(p, length, caplen, NULL, NULL,
&extracted_ethertype)) {
/* ether_type not known, print raw packet */
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!suppress_default_print)
default_print(p, caplen);
}
}
static inline void
ether_print(register const u_char *bp, u_int length)
{
register const struct ether_header *ep;
ep = (const struct ether_header *)bp;
if (qflag)
(void)printf("%s %s %d: ",
etheraddr_string(ESRC(ep)),
etheraddr_string(EDST(ep)),
length);
else
(void)printf("%s %s %s %d: ",
etheraddr_string(ESRC(ep)),
etheraddr_string(EDST(ep)),
etherproto_string(ep->ether_type),
length);
}
/*
* This is the top level routine of the printer. 'p' points
* to the LLC/SNAP or raw header of the packet, 'h->ts' is the timestamp,
* 'h->len' is the length of the packet off the wire, and 'h->caplen'
* is the number of bytes actually captured.
*/
u_int
cip_if_print(const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
u_short extracted_ethertype;
if (memcmp(rfcllc, p, sizeof(rfcllc))==0 && caplen < RFC1483LLC_LEN) {
printf("[|cip]");
return (0);
}
if (eflag)
cip_print(length);
if (memcmp(rfcllc, p, sizeof(rfcllc)) == 0) {
/*
* LLC header is present. Try to print it & higher layers.
*/
if (llc_print(p, length, caplen, NULL, NULL,
&extracted_ethertype) == 0) {
/* ether_type not known, print raw packet */
if (!eflag)
cip_print(length);
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!suppress_default_print)
default_print(p, caplen);
}
} else {
/*
* LLC header is absent; treat it as just IP.
*/
ip_print(gndo, p, length);
}
return (0);
}
/*
* This is the top level routine of the printer. 'p' points to the
* Linux "cooked capture" header of the packet, 'h->ts' is the timestamp,
* 'h->len' is the length of the packet off the wire, and 'h->caplen'
* is the number of bytes actually captured.
*/
u_int
sll_if_print(const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
register const struct sll_header *sllp;
u_short ether_type;
u_short extracted_ethertype;
if (caplen < SLL_HDR_LEN) {
/*
* XXX - this "can't happen" because "pcap-linux.c" always
* adds this many bytes of header to every packet in a
* cooked socket capture.
*/
printf("[|sll]");
return (caplen);
}
sllp = (const struct sll_header *)p;
if (eflag)
sll_print(sllp, length);
/*
* Go past the cooked-mode header.
*/
length -= SLL_HDR_LEN;
caplen -= SLL_HDR_LEN;
p += SLL_HDR_LEN;
ether_type = EXTRACT_16BITS(&sllp->sll_protocol);
recurse:
/*
* Is it (gag) an 802.3 encapsulation, or some non-Ethernet
* packet type?
*/
if (ether_type <= ETHERMTU) {
/*
* Yes - what type is it?
*/
switch (ether_type) {
case LINUX_SLL_P_802_3:
/*
* Ethernet_802.3 IPX frame.
*/
ipx_print(p, length);
break;
case LINUX_SLL_P_802_2:
/*
* 802.2.
* Try to print the LLC-layer header & higher layers.
*/
if (llc_print(p, length, caplen, NULL, NULL,
&extracted_ethertype) == 0)
goto unknown; /* unknown LLC type */
break;
default:
extracted_ethertype = 0;
/*FALLTHROUGH*/
unknown:
/* ether_type not known, print raw packet */
if (!eflag)
sll_print(sllp, length + SLL_HDR_LEN);
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!suppress_default_print)
default_print(p, caplen);
break;
}
} else if (ether_type == ETHERTYPE_8021Q) {
/*
* Print VLAN information, and then go back and process
* the enclosed type field.
*/
if (caplen < 4 || length < 4) {
printf("[|vlan]");
return (SLL_HDR_LEN);
}
if (eflag) {
u_int16_t tag = EXTRACT_16BITS(p);
printf("vlan %u, p %u%s, ",
tag & 0xfff,
tag >> 13,
(tag & 0x1000) ? ", CFI" : "");
}
ether_type = EXTRACT_16BITS(p + 2);
if (ether_type <= ETHERMTU)
ether_type = LINUX_SLL_P_802_2;
if (!qflag) {
(void)printf("ethertype %s, ",
tok2str(ethertype_values, "Unknown", ether_type));
}
p += 4;
length -= 4;
caplen -= 4;
goto recurse;
} else {
if (ethertype_print(gndo, ether_type, p, length, caplen) == 0) {
u_int
_token_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen)
{
const struct token_header *trp;
u_short extracted_ethertype;
struct ether_header ehdr;
u_int route_len = 0, hdr_len = TOKEN_HDRLEN;
int seg;
trp = (const struct token_header *)p;
if (caplen < TOKEN_HDRLEN) {
ND_PRINT((ndo, "%s", tstr));
return hdr_len;
}
/*
* Get the TR addresses into a canonical form
*/
extract_token_addrs(trp, (char*)ESRC(&ehdr), (char*)EDST(&ehdr));
/* Adjust for source routing information in the MAC header */
if (IS_SOURCE_ROUTED(trp)) {
/* Clear source-routed bit */
*ESRC(&ehdr) &= 0x7f;
if (ndo->ndo_eflag)
token_hdr_print(ndo, trp, length, ESRC(&ehdr), EDST(&ehdr));
if (caplen < TOKEN_HDRLEN + 2) {
ND_PRINT((ndo, "%s", tstr));
return hdr_len;
}
route_len = RIF_LENGTH(trp);
hdr_len += route_len;
if (caplen < hdr_len) {
ND_PRINT((ndo, "%s", tstr));
return hdr_len;
}
if (ndo->ndo_vflag) {
ND_PRINT((ndo, "%s ", broadcast_indicator[BROADCAST(trp)]));
ND_PRINT((ndo, "%s", direction[DIRECTION(trp)]));
for (seg = 0; seg < SEGMENT_COUNT(trp); seg++)
ND_PRINT((ndo, " [%d:%d]", RING_NUMBER(trp, seg),
BRIDGE_NUMBER(trp, seg)));
} else {
ND_PRINT((ndo, "rt = %x", EXTRACT_16BITS(&trp->token_rcf)));
for (seg = 0; seg < SEGMENT_COUNT(trp); seg++)
ND_PRINT((ndo, ":%x", EXTRACT_16BITS(&trp->token_rseg[seg])));
}
ND_PRINT((ndo, " (%s) ", largest_frame[LARGEST_FRAME(trp)]));
} else {
if (ndo->ndo_eflag)
token_hdr_print(ndo, trp, length, ESRC(&ehdr), EDST(&ehdr));
}
/* Skip over token ring MAC header and routing information */
length -= hdr_len;
p += hdr_len;
caplen -= hdr_len;
/* Frame Control field determines interpretation of packet */
if (FRAME_TYPE(trp) == TOKEN_FC_LLC) {
/* Try to print the LLC-layer header & higher layers */
if (llc_print(ndo, p, length, caplen, ESRC(&ehdr), EDST(&ehdr),
&extracted_ethertype) == 0) {
/* ether_type not known, print raw packet */
if (!ndo->ndo_eflag)
token_hdr_print(ndo, trp,
length + TOKEN_HDRLEN + route_len,
ESRC(&ehdr), EDST(&ehdr));
if (extracted_ethertype) {
ND_PRINT((ndo, "(LLC %s) ",
etherproto_string(htons(extracted_ethertype))));
}
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
}
} else {
/* Some kinds of TR packet we cannot handle intelligently */
/* XXX - dissect MAC packets if frame type is 0 */
if (!ndo->ndo_eflag)
token_hdr_print(ndo, trp, length + TOKEN_HDRLEN + route_len,
ESRC(&ehdr), EDST(&ehdr));
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
}
return (hdr_len);
}
/*
* This is the top level routine of the printer. 'p' is the points
* to the ether header of the packet, 'tvp' is the timestamp,
* 'length' is the length of the packet off the wire, and 'caplen'
* is the number of bytes actually captured.
*/
void
ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
struct ether_header *ep;
u_short ether_type;
extern u_short extracted_ethertype;
ts_print(&h->ts);
if (caplen < sizeof(struct ether_header)) {
printf("[|ether]");
goto out;
}
if (eflag)
ether_print(p, length);
/*
* Some printers want to get back at the ethernet addresses,
* and/or check that they're not walking off the end of the packet.
* Rather than pass them all the way down, we set these globals.
*/
packetp = p;
snapend = p + caplen;
length -= sizeof(struct ether_header);
caplen -= sizeof(struct ether_header);
ep = (struct ether_header *)p;
p += sizeof(struct ether_header);
ether_type = ntohs(ep->ether_type);
/*
* Is it (gag) an 802.3 encapsulation?
*/
extracted_ethertype = 0;
if (ether_type <= ETHERMTU) {
/* Try to print the LLC-layer header & higher layers */
if (llc_print(p, length, caplen, ESRC(ep), EDST(ep)) == 0) {
/* ether_type not known, print raw packet */
if (!eflag)
ether_print((u_char *)ep, length);
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!xflag && !qflag)
default_print(p, caplen);
}
} else if (ether_encap_print(ether_type, p, length, caplen) == 0) {
/* ether_type not known, print raw packet */
if (!eflag)
ether_print((u_char *)ep, length + sizeof(*ep));
if (!xflag && !qflag)
default_print(p, caplen);
}
if (xflag)
default_print(p, caplen);
out:
putchar('\n');
}
/*
* This is the top level routine of the printer. 'sp' is the points
* to the FDDI header of the packet, 'tvp' is the timestamp,
* 'length' is the length of the packet off the wire, and 'caplen'
* is the number of bytes actually captured.
*/
void
fddi_if_print(u_char *pcap, const struct pcap_pkthdr *h,
register const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
const struct fddi_header *fddip = (struct fddi_header *)p;
extern u_short extracted_ethertype;
struct ether_header ehdr;
ts_print(&h->ts);
if (caplen < FDDI_HDRLEN) {
printf("[|fddi]");
goto out;
}
/*
* Get the FDDI addresses into a canonical form
*/
extract_fddi_addrs(fddip, (char *)ESRC(&ehdr), (char *)EDST(&ehdr));
/*
* Some printers want to get back at the link level addresses,
* and/or check that they're not walking off the end of the packet.
* Rather than pass them all the way down, we set these globals.
*/
snapend = p + caplen;
/*
* Actually, the only printer that uses packetp is print-bootp.c,
* and it assumes that packetp points to an Ethernet header. The
* right thing to do is to fix print-bootp.c to know which link
* type is in use when it excavates. XXX
*/
packetp = (u_char *)&ehdr;
if (eflag)
fddi_print(fddip, length, ESRC(&ehdr), EDST(&ehdr));
/* Skip over FDDI MAC header */
length -= FDDI_HDRLEN;
p += FDDI_HDRLEN;
caplen -= FDDI_HDRLEN;
/* Frame Control field determines interpretation of packet */
extracted_ethertype = 0;
if ((fddip->fddi_fc & FDDIFC_CLFF) == FDDIFC_LLC_ASYNC) {
/* Try to print the LLC-layer header & higher layers */
if (llc_print(p, length, caplen, ESRC(&ehdr), EDST(&ehdr))
== 0) {
/*
* Some kinds of LLC packet we cannot
* handle intelligently
*/
if (!eflag)
fddi_print(fddip, length,
ESRC(&ehdr), EDST(&ehdr));
if (extracted_ethertype) {
printf("(LLC %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!xflag && !qflag)
default_print(p, caplen);
}
} else if ((fddip->fddi_fc & FDDIFC_CLFF) == FDDIFC_SMT)
fddi_smt_print(p, caplen);
else {
/* Some kinds of FDDI packet we cannot handle intelligently */
if (!eflag)
fddi_print(fddip, length, ESRC(&ehdr), EDST(&ehdr));
if (!xflag && !qflag)
default_print(p, caplen);
}
if (xflag)
default_print(p, caplen);
out:
putchar('\n');
}
static u_int
ieee802_11_print(const u_char *p, u_int length, u_int caplen, int pad)
{
u_int16_t fc;
u_int hdrlen;
const u_int8_t *src, *dst;
u_short extracted_ethertype;
if (caplen < IEEE802_11_FC_LEN) {
printf("[|802.11]");
return caplen;
}
fc = EXTRACT_LE_16BITS(p);
hdrlen = extract_header_length(fc);
if (pad)
hdrlen = roundup2(hdrlen, 4);
if (caplen < hdrlen) {
printf("[|802.11]");
return hdrlen;
}
ieee_802_11_hdr_print(fc, p, &src, &dst);
/*
* Go past the 802.11 header.
*/
length -= hdrlen;
caplen -= hdrlen;
p += hdrlen;
switch (FC_TYPE(fc)) {
case T_MGMT:
if (!mgmt_body_print(fc,
(const struct mgmt_header_t *)(p - hdrlen), p)) {
printf("[|802.11]");
return hdrlen;
}
break;
case T_CTRL:
if (!ctrl_body_print(fc, p - hdrlen)) {
printf("[|802.11]");
return hdrlen;
}
break;
case T_DATA:
if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
return hdrlen; /* no-data frame */
/* There may be a problem w/ AP not having this bit set */
if (FC_WEP(fc)) {
if (!wep_print(p)) {
printf("[|802.11]");
return hdrlen;
}
} else if (llc_print(p, length, caplen, dst, src,
&extracted_ethertype) == 0) {
/*
* Some kinds of LLC packet we cannot
* handle intelligently
*/
if (!eflag)
ieee_802_11_hdr_print(fc, p - hdrlen, NULL,
NULL);
if (extracted_ethertype)
printf("(LLC %s) ",
etherproto_string(
htons(extracted_ethertype)));
if (!suppress_default_print)
default_print(p, caplen);
}
break;
default:
printf("unknown 802.11 frame type (%d)", FC_TYPE(fc));
break;
}
return hdrlen;
}
