The Tcpdump Group git mirrors - tcpdump/blob - print-null.c

   1 /*
   2  * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997
   3  *      The Regents of the University of California.  All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that: (1) source code distributions
   7  * retain the above copyright notice and this paragraph in its entirety, (2)
   8  * distributions including binary code include the above copyright notice and
   9  * this paragraph in its entirety in the documentation or other materials
  10  * provided with the distribution, and (3) all advertising materials mentioning
  11  * features or use of this software display the following acknowledgement:
  12  * ``This product includes software developed by the University of California,
  13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  14  * the University nor the names of its contributors may be used to endorse
  15  * or promote products derived from this software without specific prior
  16  * written permission.
  17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  20  */
  21
  22 #ifndef lint
  23 static const char rcsid[] _U_ =
  24     "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.54 2005-05-18 13:50:52 hannes Exp $ (LBL)";
  25 #endif
  26
  27 #ifdef HAVE_CONFIG_H
  28 #include "config.h"
  29 #endif
  30
  31 #include <tcpdump-stdinc.h>
  32
  33 #include <pcap.h>
  34 #include <stdio.h>
  35 #include <string.h>
  36
  37 #include "interface.h"
  38 #include "addrtoname.h"
  39
  40 #include "ip.h"
  41 #ifdef INET6
  42 #include "ip6.h"
  43 #endif
  44
  45 /*
  46  * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order
  47  * 32-bit integer that specifies the family, e.g. AF_INET.
  48  *
  49  * Note here that "host" refers to the host on which the packets were
  50  * captured; that isn't necessarily *this* host.
  51  *
  52  * The OpenBSD DLT_LOOP packet header is the same, except that the integer
  53  * is in network byte order.
  54  */
  55 #define NULL_HDRLEN 4
  56
  57 /*
  58  * BSD AF_ values.
  59  *
  60  * Unfortunately, the BSDs don't all use the same value for AF_INET6,
  61  * so, because we want to be able to read captures from all of the BSDs,
  62  * we check for all of them.
  63  */
  64 #define BSD_AF_INET             2
  65 #define BSD_AF_NS               6               /* XEROX NS protocols */
  66 #define BSD_AF_ISO              7
  67 #define BSD_AF_APPLETALK        16
  68 #define BSD_AF_IPX              23
  69 #define BSD_AF_INET6_BSD        24      /* OpenBSD (and probably NetBSD), BSD/OS */
  70 #define BSD_AF_INET6_FREEBSD    28
  71 #define BSD_AF_INET6_DARWIN     30
  72
  73 const struct tok bsd_af_values[] = {
  74         { BSD_AF_INET, "IPv4" },
  75         { BSD_AF_NS, "NS" },
  76         { BSD_AF_ISO, "ISO" },
  77         { BSD_AF_APPLETALK, "Appletalk" },
  78         { BSD_AF_IPX, "IPX" },
  79         { BSD_AF_INET6_BSD, "IPv6" },
  80         { BSD_AF_INET6_FREEBSD, "IPv6" },
  81         { BSD_AF_INET6_DARWIN, "IPv6" },
  82         { 0, NULL}
  83 };
  84
  85
  86 /*
  87  * Byte-swap a 32-bit number.
  88  * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
  89  * big-endian platforms.)
  90  */
  91 #define SWAPLONG(y) \
  92 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
  93
  94 /*
  95  * This is the top level routine of the printer.  'p' points
  96  * to the ether header of the packet, 'h->ts' is the timestamp,
  97  * 'h->len' is the length of the packet off the wire, and 'h->caplen'
  98  * is the number of bytes actually captured.
  99  */
 100 u_int
 101 null_if_print(const struct pcap_pkthdr *h, const u_char *p)
 102 {
 103         u_int length = h->len;
 104         u_int caplen = h->caplen;
 105         u_int family;
 106
 107         if (caplen < NULL_HDRLEN) {
 108                 printf("[|null]");
 109                 return (NULL_HDRLEN);
 110         }
 111
 112         memcpy((char *)&family, (char *)p, sizeof(family));
 113
 114         /*
 115          * This isn't necessarily in our host byte order; if this is
 116          * a DLT_LOOP capture, it's in network byte order, and if
 117          * this is a DLT_NULL capture from a machine with the opposite
 118          * byte-order, it's in the opposite byte order from ours.
 119          *
 120          * If the upper 16 bits aren't all zero, assume it's byte-swapped.
 121          */
 122         if ((family & 0xFFFF0000) != 0)
 123                 family = SWAPLONG(family);
 124
 125         length -= NULL_HDRLEN;
 126         caplen -= NULL_HDRLEN;
 127         p += NULL_HDRLEN;
 128
 129         if (eflag)
 130                 printf("AF %s (%u)",tok2str(bsd_af_values,"Unknown",family),family);
 131
 132         switch (family) {
 133
 134         case BSD_AF_INET:
 135                 ip_print(gndo, p, length);
 136                 break;
 137
 138 #ifdef INET6
 139         case BSD_AF_INET6_BSD:
 140         case BSD_AF_INET6_FREEBSD:
 141         case BSD_AF_INET6_DARWIN:
 142                 ip6_print(p, length);
 143                 break;
 144 #endif
 145
 146         case BSD_AF_ISO:
 147                 isoclns_print(p, length, caplen);
 148                 break;
 149
 150         case BSD_AF_APPLETALK:
 151                 atalk_print(p, length);
 152                 break;
 153
 154         case BSD_AF_IPX:
 155                 ipx_print(p, length);
 156                 break;
 157
 158         default:
 159                 /* unknown AF_ value */
 160                 if (!xflag && !qflag)
 161                         default_print(p, caplen);
 162         }
 163
 164         return (NULL_HDRLEN);
 165 }
 166
 167 /*
 168  * Local Variables:
 169  * c-style: whitesmith
 170  * c-basic-offset: 8
 171  * End:
 172  */