]> The Tcpdump Group git mirrors - tcpdump/blob - print.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add --lengths option to print the captured and original packet lengths
[tcpdump] / print.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Support for splitting captures into multiple files with a maximum
22 * file size:
23 *
24 * Copyright (c) 2001
25 * Seth Webster <swebster@sst.ll.mit.edu>
26 */
27
28 #ifdef HAVE_CONFIG_H
29 #include <config.h>
30 #endif
31
32 #include <stdlib.h>
33 #include <string.h>
34 #include <setjmp.h>
35
36 #include "netdissect-stdinc.h"
37
38 #include "netdissect.h"
39 #include "addrtoname.h"
40 #include "print.h"
41 #include "netdissect-alloc.h"
42
43 #include "pcap-missing.h"
44
45 struct printer {
46 if_printer f;
47 int type;
48 };
49
50 static const struct printer printers[] = {
51 #ifdef DLT_APPLE_IP_OVER_IEEE1394
52 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
53 #endif
54 { arcnet_if_print, DLT_ARCNET },
55 #ifdef DLT_ARCNET_LINUX
56 { arcnet_linux_if_print, DLT_ARCNET_LINUX },
57 #endif
58 { atm_if_print, DLT_ATM_RFC1483 },
59 #ifdef DLT_DSA_TAG_BRCM
60 { brcm_tag_if_print, DLT_DSA_TAG_BRCM },
61 #endif
62 #ifdef DLT_DSA_TAG_BRCM_PREPEND
63 { brcm_tag_prepend_if_print, DLT_DSA_TAG_BRCM_PREPEND },
64 #endif
65 #ifdef DLT_BLUETOOTH_HCI_H4_WITH_PHDR
66 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
67 #endif
68 #ifdef DLT_C_HDLC
69 { chdlc_if_print, DLT_C_HDLC },
70 #endif
71 #ifdef DLT_HDLC
72 { chdlc_if_print, DLT_HDLC },
73 #endif
74 #ifdef DLT_ATM_CLIP
75 { cip_if_print, DLT_ATM_CLIP },
76 #endif
77 #ifdef DLT_CIP
78 { cip_if_print, DLT_CIP },
79 #endif
80 #ifdef DLT_DSA_TAG_DSA
81 { dsa_if_print, DLT_DSA_TAG_DSA },
82 #endif
83 #ifdef DLT_DSA_TAG_EDSA
84 { edsa_if_print, DLT_DSA_TAG_EDSA },
85 #endif
86 #ifdef DLT_ENC
87 { enc_if_print, DLT_ENC },
88 #endif
89 { ether_if_print, DLT_EN10MB },
90 { fddi_if_print, DLT_FDDI },
91 #ifdef DLT_FR
92 { fr_if_print, DLT_FR },
93 #endif
94 #ifdef DLT_FRELAY
95 { fr_if_print, DLT_FRELAY },
96 #endif
97 #ifdef DLT_IEEE802_11
98 { ieee802_11_if_print, DLT_IEEE802_11},
99 #endif
100 #ifdef DLT_IEEE802_11_RADIO_AVS
101 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
102 #endif
103 #ifdef DLT_IEEE802_11_RADIO
104 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
105 #endif
106 #ifdef DLT_IEEE802_15_4
107 { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
108 #endif
109 #ifdef DLT_IEEE802_15_4_NOFCS
110 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
111 #endif
112 #ifdef DLT_IEEE802_15_4_TAP
113 { ieee802_15_4_tap_if_print, DLT_IEEE802_15_4_TAP },
114 #endif
115 #ifdef DLT_IP_OVER_FC
116 { ipfc_if_print, DLT_IP_OVER_FC },
117 #endif
118 #ifdef DLT_IPNET
119 { ipnet_if_print, DLT_IPNET },
120 #endif
121 #ifdef DLT_IPOIB
122 { ipoib_if_print, DLT_IPOIB },
123 #endif
124 #ifdef DLT_JUNIPER_ATM1
125 { juniper_atm1_if_print, DLT_JUNIPER_ATM1 },
126 #endif
127 #ifdef DLT_JUNIPER_ATM2
128 { juniper_atm2_if_print, DLT_JUNIPER_ATM2 },
129 #endif
130 #ifdef DLT_JUNIPER_CHDLC
131 { juniper_chdlc_if_print, DLT_JUNIPER_CHDLC },
132 #endif
133 #ifdef DLT_JUNIPER_ES
134 { juniper_es_if_print, DLT_JUNIPER_ES },
135 #endif
136 #ifdef DLT_JUNIPER_ETHER
137 { juniper_ether_if_print, DLT_JUNIPER_ETHER },
138 #endif
139 #ifdef DLT_JUNIPER_FRELAY
140 { juniper_frelay_if_print, DLT_JUNIPER_FRELAY },
141 #endif
142 #ifdef DLT_JUNIPER_GGSN
143 { juniper_ggsn_if_print, DLT_JUNIPER_GGSN },
144 #endif
145 #ifdef DLT_JUNIPER_MFR
146 { juniper_mfr_if_print, DLT_JUNIPER_MFR },
147 #endif
148 #ifdef DLT_JUNIPER_MLFR
149 { juniper_mlfr_if_print, DLT_JUNIPER_MLFR },
150 #endif
151 #ifdef DLT_JUNIPER_MLPPP
152 { juniper_mlppp_if_print, DLT_JUNIPER_MLPPP },
153 #endif
154 #ifdef DLT_JUNIPER_MONITOR
155 { juniper_monitor_if_print, DLT_JUNIPER_MONITOR },
156 #endif
157 #ifdef DLT_JUNIPER_PPP
158 { juniper_ppp_if_print, DLT_JUNIPER_PPP },
159 #endif
160 #ifdef DLT_JUNIPER_PPPOE_ATM
161 { juniper_pppoe_atm_if_print, DLT_JUNIPER_PPPOE_ATM },
162 #endif
163 #ifdef DLT_JUNIPER_PPPOE
164 { juniper_pppoe_if_print, DLT_JUNIPER_PPPOE },
165 #endif
166 #ifdef DLT_JUNIPER_SERVICES
167 { juniper_services_if_print, DLT_JUNIPER_SERVICES },
168 #endif
169 #ifdef DLT_LTALK
170 { ltalk_if_print, DLT_LTALK },
171 #endif
172 #ifdef DLT_MFR
173 { mfr_if_print, DLT_MFR },
174 #endif
175 #ifdef DLT_NETANALYZER
176 { netanalyzer_if_print, DLT_NETANALYZER },
177 #endif
178 #ifdef DLT_NETANALYZER_TRANSPARENT
179 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
180 #endif
181 #ifdef DLT_NFLOG
182 { nflog_if_print, DLT_NFLOG},
183 #endif
184 { null_if_print, DLT_NULL },
185 #ifdef DLT_LOOP
186 { null_if_print, DLT_LOOP },
187 #endif
188 #ifdef DLT_PFLOG
189 { pflog_if_print, DLT_PFLOG },
190 #endif
191 #ifdef DLT_PKTAP
192 { pktap_if_print, DLT_PKTAP },
193 #endif
194 #ifdef DLT_PPI
195 { ppi_if_print, DLT_PPI },
196 #endif
197 #ifdef DLT_PPP_BSDOS
198 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
199 #endif
200 #ifdef DLT_PPP_SERIAL
201 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
202 #endif
203 { ppp_if_print, DLT_PPP },
204 #ifdef DLT_PPP_PPPD
205 { ppp_if_print, DLT_PPP_PPPD },
206 #endif
207 #ifdef DLT_PPP_ETHER
208 { pppoe_if_print, DLT_PPP_ETHER },
209 #endif
210 #ifdef DLT_PRISM_HEADER
211 { prism_if_print, DLT_PRISM_HEADER },
212 #endif
213 { raw_if_print, DLT_RAW },
214 #ifdef DLT_IPV4
215 { raw_if_print, DLT_IPV4 },
216 #endif
217 #ifdef DLT_IPV6
218 { raw_if_print, DLT_IPV6 },
219 #endif
220 #ifdef DLT_SLIP_BSDOS
221 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
222 #endif
223 { sl_if_print, DLT_SLIP },
224 #ifdef DLT_LINUX_SLL
225 { sll_if_print, DLT_LINUX_SLL },
226 #endif
227 #ifdef DLT_LINUX_SLL2
228 { sll2_if_print, DLT_LINUX_SLL2 },
229 #endif
230 #ifdef DLT_SUNATM
231 { sunatm_if_print, DLT_SUNATM },
232 #endif
233 #ifdef DLT_SYMANTEC_FIREWALL
234 { symantec_if_print, DLT_SYMANTEC_FIREWALL },
235 #endif
236 { token_if_print, DLT_IEEE802 },
237 #ifdef DLT_USB_LINUX
238 { usb_linux_48_byte_if_print, DLT_USB_LINUX},
239 #endif /* DLT_USB_LINUX */
240 #ifdef DLT_USB_LINUX_MMAPPED
241 { usb_linux_64_byte_if_print, DLT_USB_LINUX_MMAPPED},
242 #endif /* DLT_USB_LINUX_MMAPPED */
243 #ifdef DLT_VSOCK
244 { vsock_if_print, DLT_VSOCK },
245 #endif
246 { NULL, 0 },
247 };
248
249 void
250 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
251 {
252 init_addrtoname(ndo, localnet, mask);
253 }
254
255 if_printer
256 lookup_printer(int type)
257 {
258 const struct printer *p;
259
260 for (p = printers; p->f; ++p)
261 if (type == p->type)
262 return p->f;
263
264 #if defined(DLT_USER2) && defined(DLT_PKTAP)
265 /*
266 * Apple incorrectly chose to use DLT_USER2 for their PKTAP
267 * header.
268 *
269 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
270 * based OSes or the same value as LINKTYPE_PKTAP as it is on
271 * other OSes, to LINKTYPE_PKTAP, so files written with
272 * this version of libpcap for a DLT_PKTAP capture have a link-
273 * layer header type of LINKTYPE_PKTAP.
274 *
275 * However, files written on OS X Mavericks for a DLT_PKTAP
276 * capture have a link-layer header type of LINKTYPE_USER2.
277 * If we don't have a printer for DLT_USER2, and type is
278 * DLT_USER2, we look up the printer for DLT_PKTAP and use
279 * that.
280 */
281 if (type == DLT_USER2) {
282 for (p = printers; p->f; ++p)
283 if (DLT_PKTAP == p->type)
284 return p->f;
285 }
286 #endif
287
288 return NULL;
289 /* NOTREACHED */
290 }
291
292 int
293 has_printer(int type)
294 {
295 return (lookup_printer(type) != NULL);
296 }
297
298 if_printer
299 get_if_printer(int type)
300 {
301 if_printer printer;
302
303 printer = lookup_printer(type);
304 if (printer == NULL)
305 printer = unsupported_if_print;
306 return printer;
307 }
308
309 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
310 extern int profile_func_level;
311 static int pretty_print_packet_level = -1;
312 #endif
313
314 void
315 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
316 const u_char *sp, u_int packets_captured)
317 {
318 u_int hdrlen = 0;
319 int invalid_header = 0;
320
321 if (ndo->ndo_print_sampling && packets_captured % ndo->ndo_print_sampling != 0)
322 return;
323
324 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
325 if (pretty_print_packet_level == -1)
326 pretty_print_packet_level = profile_func_level;
327 #endif
328
329 if (ndo->ndo_packet_number)
330 ND_PRINT("%5u ", packets_captured);
331
332 if (ndo->ndo_lengths)
333 ND_PRINT("caplen %u len %u ", h->caplen, h->len);
334
335 /* Sanity checks on packet length / capture length */
336 if (h->caplen == 0) {
337 invalid_header = 1;
338 ND_PRINT("[Invalid header: caplen==0");
339 }
340 if (h->len == 0) {
341 if (!invalid_header) {
342 invalid_header = 1;
343 ND_PRINT("[Invalid header:");
344 } else
345 ND_PRINT(",");
346 ND_PRINT(" len==0");
347 } else if (h->len < h->caplen) {
348 if (!invalid_header) {
349 invalid_header = 1;
350 ND_PRINT("[Invalid header:");
351 } else
352 ND_PRINT(",");
353 ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen);
354 }
355 if (h->caplen > MAXIMUM_SNAPLEN) {
356 if (!invalid_header) {
357 invalid_header = 1;
358 ND_PRINT("[Invalid header:");
359 } else
360 ND_PRINT(",");
361 ND_PRINT(" caplen(%u) > %u", h->caplen, MAXIMUM_SNAPLEN);
362 }
363 if (h->len > MAXIMUM_SNAPLEN) {
364 if (!invalid_header) {
365 invalid_header = 1;
366 ND_PRINT("[Invalid header:");
367 } else
368 ND_PRINT(",");
369 ND_PRINT(" len(%u) > %u", h->len, MAXIMUM_SNAPLEN);
370 }
371 if (invalid_header) {
372 ND_PRINT("]\n");
373 return;
374 }
375
376 /*
377 * At this point:
378 * capture length != 0,
379 * packet length != 0,
380 * capture length <= MAXIMUM_SNAPLEN,
381 * packet length <= MAXIMUM_SNAPLEN,
382 * packet length >= capture length.
383 *
384 * Currently, there is no D-Bus printer, thus no need for
385 * bigger lengths.
386 */
387
388 /*
389 * The header /usr/include/pcap/pcap.h in OpenBSD declares h->ts as
390 * struct bpf_timeval, not struct timeval. The former comes from
391 * /usr/include/net/bpf.h and uses 32-bit unsigned types instead of
392 * the types used in struct timeval.
393 */
394 struct timeval tvbuf;
395 tvbuf.tv_sec = h->ts.tv_sec;
396 tvbuf.tv_usec = h->ts.tv_usec;
397 ts_print(ndo, &tvbuf);
398
399 /*
400 * Printers must check that they're not walking off the end of
401 * the packet.
402 * Rather than pass it all the way down, we set this member
403 * of the netdissect_options structure.
404 */
405 ndo->ndo_snapend = sp + h->caplen;
406 ndo->ndo_packetp = sp;
407
408 ndo->ndo_protocol = "";
409 ndo->ndo_ll_hdr_len = 0;
410 switch (setjmp(ndo->ndo_early_end)) {
411 case 0:
412 /* Print the packet. */
413 (ndo->ndo_if_printer)(ndo, h, sp);
414 break;
415 case ND_TRUNCATED:
416 /* A printer quit because the packet was truncated; report it */
417 nd_print_trunc(ndo);
418 /* Print the full packet */
419 ndo->ndo_ll_hdr_len = 0;
420 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
421 /* truncation => reassignment */
422 profile_func_level = pretty_print_packet_level;
423 #endif
424 break;
425 }
426 hdrlen = ndo->ndo_ll_hdr_len;
427
428 /*
429 * Empty the stack of packet information, freeing all pushed buffers;
430 * if we got here by a printer quitting, we need to release anything
431 * that didn't get released because we longjmped out of the code
432 * before it popped the packet information.
433 */
434 nd_pop_all_packet_info(ndo);
435
436 /*
437 * Restore the original snapend, as a printer might have
438 * changed it.
439 */
440 ndo->ndo_snapend = sp + h->caplen;
441 if (ndo->ndo_Xflag) {
442 /*
443 * Print the raw packet data in hex and ASCII.
444 */
445 if (ndo->ndo_Xflag > 1) {
446 /*
447 * Include the link-layer header.
448 */
449 hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
450 } else {
451 /*
452 * Don't include the link-layer header - and if
453 * we have nothing past the link-layer header,
454 * print nothing.
455 */
456 if (h->caplen > hdrlen)
457 hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
458 h->caplen - hdrlen);
459 }
460 } else if (ndo->ndo_xflag) {
461 /*
462 * Print the raw packet data in hex.
463 */
464 if (ndo->ndo_xflag > 1) {
465 /*
466 * Include the link-layer header.
467 */
468 hex_print(ndo, "\n\t", sp, h->caplen);
469 } else {
470 /*
471 * Don't include the link-layer header - and if
472 * we have nothing past the link-layer header,
473 * print nothing.
474 */
475 if (h->caplen > hdrlen)
476 hex_print(ndo, "\n\t", sp + hdrlen,
477 h->caplen - hdrlen);
478 }
479 } else if (ndo->ndo_Aflag) {
480 /*
481 * Print the raw packet data in ASCII.
482 */
483 if (ndo->ndo_Aflag > 1) {
484 /*
485 * Include the link-layer header.
486 */
487 ascii_print(ndo, sp, h->caplen);
488 } else {
489 /*
490 * Don't include the link-layer header - and if
491 * we have nothing past the link-layer header,
492 * print nothing.
493 */
494 if (h->caplen > hdrlen)
495 ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
496 }
497 }
498
499 ND_PRINT("\n");
500 nd_free_all(ndo);
501 }
502
503 /*
504 * By default, print the specified data out in hex and ASCII.
505 */
506 static void
507 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
508 {
509 hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */
510 }
511
512 /* VARARGS */
513 static void NORETURN PRINTFLIKE(3, 4)
514 ndo_error(netdissect_options *ndo, status_exit_codes_t status,
515 FORMAT_STRING(const char *fmt), ...)
516 {
517 va_list ap;
518
519 if (ndo->program_name)
520 (void)fprintf(stderr, "%s: ", ndo->program_name);
521 va_start(ap, fmt);
522 (void)vfprintf(stderr, fmt, ap);
523 va_end(ap);
524 if (*fmt) {
525 fmt += strlen(fmt);
526 if (fmt[-1] != '\n')
527 (void)fputc('\n', stderr);
528 }
529 nd_cleanup();
530 exit(status);
531 /* NOTREACHED */
532 }
533
534 /* VARARGS */
535 static void PRINTFLIKE(2, 3)
536 ndo_warning(netdissect_options *ndo, FORMAT_STRING(const char *fmt), ...)
537 {
538 va_list ap;
539
540 if (ndo->program_name)
541 (void)fprintf(stderr, "%s: ", ndo->program_name);
542 (void)fprintf(stderr, "WARNING: ");
543 va_start(ap, fmt);
544 (void)vfprintf(stderr, fmt, ap);
545 va_end(ap);
546 if (*fmt) {
547 fmt += strlen(fmt);
548 if (fmt[-1] != '\n')
549 (void)fputc('\n', stderr);
550 }
551 }
552
553 /* VARARGS */
554 static int PRINTFLIKE(2, 3)
555 ndo_printf(netdissect_options *ndo, FORMAT_STRING(const char *fmt), ...)
556 {
557 va_list args;
558 int ret;
559
560 va_start(args, fmt);
561 ret = vfprintf(stdout, fmt, args);
562 va_end(args);
563
564 if (ret < 0)
565 ndo_error(ndo, S_ERR_ND_WRITE_FILE,
566 "Unable to write output: %s", pcap_strerror(errno));
567 return (ret);
568 }
569
570 void
571 ndo_set_function_pointers(netdissect_options *ndo)
572 {
573 ndo->ndo_default_print=ndo_default_print;
574 ndo->ndo_printf=ndo_printf;
575 ndo->ndo_error=ndo_error;
576 ndo->ndo_warning=ndo_warning;
577 }
[mirror] the TCPdump network dissector