]> The Tcpdump Group git mirrors - tcpdump/blob - print.c
projects / tcpdump / blob


603969ffce44619cd71a9c361c1c0f068680fc1d
[tcpdump] / print.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Support for splitting captures into multiple files with a maximum
22 * file size:
23 *
24 * Copyright (c) 2001
25 * Seth Webster <swebster@sst.ll.mit.edu>
26 */
27
28 #include <config.h>
29
30 #include <stdlib.h>
31 #include <string.h>
32 #include <setjmp.h>
33
34 #include "netdissect-stdinc.h"
35
36 #include "netdissect.h"
37 #include "addrtoname.h"
38 #include "print.h"
39 #include "netdissect-alloc.h"
40
41 #include "pcap-missing.h"
42
43 struct printer {
44 if_printer f;
45 int type;
46 };
47
48 static const struct printer printers[] = {
49 #ifdef DLT_APPLE_IP_OVER_IEEE1394
50 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
51 #endif
52 { arcnet_if_print, DLT_ARCNET },
53 #ifdef DLT_ARCNET_LINUX
54 { arcnet_linux_if_print, DLT_ARCNET_LINUX },
55 #endif
56 { atm_if_print, DLT_ATM_RFC1483 },
57 #ifdef DLT_DSA_TAG_BRCM
58 { brcm_tag_if_print, DLT_DSA_TAG_BRCM },
59 #endif
60 #ifdef DLT_DSA_TAG_BRCM_PREPEND
61 { brcm_tag_prepend_if_print, DLT_DSA_TAG_BRCM_PREPEND },
62 #endif
63 #ifdef DLT_BLUETOOTH_HCI_H4_WITH_PHDR
64 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
65 #endif
66 #ifdef DLT_C_HDLC
67 { chdlc_if_print, DLT_C_HDLC },
68 #endif
69 #ifdef DLT_HDLC
70 { chdlc_if_print, DLT_HDLC },
71 #endif
72 #ifdef DLT_ATM_CLIP
73 { cip_if_print, DLT_ATM_CLIP },
74 #endif
75 #ifdef DLT_CIP
76 { cip_if_print, DLT_CIP },
77 #endif
78 #ifdef DLT_DSA_TAG_DSA
79 { dsa_if_print, DLT_DSA_TAG_DSA },
80 #endif
81 #ifdef DLT_DSA_TAG_EDSA
82 { edsa_if_print, DLT_DSA_TAG_EDSA },
83 #endif
84 #ifdef DLT_ENC
85 { enc_if_print, DLT_ENC },
86 #endif
87 { ether_if_print, DLT_EN10MB },
88 { fddi_if_print, DLT_FDDI },
89 #ifdef DLT_FR
90 { fr_if_print, DLT_FR },
91 #endif
92 #ifdef DLT_FRELAY
93 { fr_if_print, DLT_FRELAY },
94 #endif
95 #ifdef DLT_IEEE802_11
96 { ieee802_11_if_print, DLT_IEEE802_11},
97 #endif
98 #ifdef DLT_IEEE802_11_RADIO_AVS
99 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
100 #endif
101 #ifdef DLT_IEEE802_11_RADIO
102 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
103 #endif
104 #ifdef DLT_IEEE802_15_4
105 { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
106 #endif
107 #ifdef DLT_IEEE802_15_4_NOFCS
108 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
109 #endif
110 #ifdef DLT_IEEE802_15_4_TAP
111 { ieee802_15_4_tap_if_print, DLT_IEEE802_15_4_TAP },
112 #endif
113 #ifdef DLT_IP_OVER_FC
114 { ipfc_if_print, DLT_IP_OVER_FC },
115 #endif
116 #ifdef DLT_IPNET
117 { ipnet_if_print, DLT_IPNET },
118 #endif
119 #ifdef DLT_IPOIB
120 { ipoib_if_print, DLT_IPOIB },
121 #endif
122 #ifdef DLT_JUNIPER_ATM1
123 { juniper_atm1_if_print, DLT_JUNIPER_ATM1 },
124 #endif
125 #ifdef DLT_JUNIPER_ATM2
126 { juniper_atm2_if_print, DLT_JUNIPER_ATM2 },
127 #endif
128 #ifdef DLT_JUNIPER_CHDLC
129 { juniper_chdlc_if_print, DLT_JUNIPER_CHDLC },
130 #endif
131 #ifdef DLT_JUNIPER_ES
132 { juniper_es_if_print, DLT_JUNIPER_ES },
133 #endif
134 #ifdef DLT_JUNIPER_ETHER
135 { juniper_ether_if_print, DLT_JUNIPER_ETHER },
136 #endif
137 #ifdef DLT_JUNIPER_FRELAY
138 { juniper_frelay_if_print, DLT_JUNIPER_FRELAY },
139 #endif
140 #ifdef DLT_JUNIPER_GGSN
141 { juniper_ggsn_if_print, DLT_JUNIPER_GGSN },
142 #endif
143 #ifdef DLT_JUNIPER_MFR
144 { juniper_mfr_if_print, DLT_JUNIPER_MFR },
145 #endif
146 #ifdef DLT_JUNIPER_MLFR
147 { juniper_mlfr_if_print, DLT_JUNIPER_MLFR },
148 #endif
149 #ifdef DLT_JUNIPER_MLPPP
150 { juniper_mlppp_if_print, DLT_JUNIPER_MLPPP },
151 #endif
152 #ifdef DLT_JUNIPER_MONITOR
153 { juniper_monitor_if_print, DLT_JUNIPER_MONITOR },
154 #endif
155 #ifdef DLT_JUNIPER_PPP
156 { juniper_ppp_if_print, DLT_JUNIPER_PPP },
157 #endif
158 #ifdef DLT_JUNIPER_PPPOE_ATM
159 { juniper_pppoe_atm_if_print, DLT_JUNIPER_PPPOE_ATM },
160 #endif
161 #ifdef DLT_JUNIPER_PPPOE
162 { juniper_pppoe_if_print, DLT_JUNIPER_PPPOE },
163 #endif
164 #ifdef DLT_JUNIPER_SERVICES
165 { juniper_services_if_print, DLT_JUNIPER_SERVICES },
166 #endif
167 #ifdef DLT_LTALK
168 { ltalk_if_print, DLT_LTALK },
169 #endif
170 #ifdef DLT_MFR
171 { mfr_if_print, DLT_MFR },
172 #endif
173 #ifdef DLT_NETANALYZER
174 { netanalyzer_if_print, DLT_NETANALYZER },
175 #endif
176 #ifdef DLT_NETANALYZER_TRANSPARENT
177 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
178 #endif
179 #ifdef DLT_NFLOG
180 { nflog_if_print, DLT_NFLOG},
181 #endif
182 { null_if_print, DLT_NULL },
183 #ifdef DLT_LOOP
184 { null_if_print, DLT_LOOP },
185 #endif
186 #ifdef DLT_PFLOG
187 { pflog_if_print, DLT_PFLOG },
188 #endif
189 #ifdef DLT_PKTAP
190 { pktap_if_print, DLT_PKTAP },
191 #endif
192 #ifdef DLT_PPI
193 { ppi_if_print, DLT_PPI },
194 #endif
195 #ifdef DLT_PPP_SERIAL
196 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
197 #endif
198 { ppp_if_print, DLT_PPP },
199 #ifdef DLT_PPP_PPPD
200 { ppp_if_print, DLT_PPP_PPPD },
201 #endif
202 #ifdef DLT_PPP_ETHER
203 { pppoe_if_print, DLT_PPP_ETHER },
204 #endif
205 #ifdef DLT_PRISM_HEADER
206 { prism_if_print, DLT_PRISM_HEADER },
207 #endif
208 { raw_if_print, DLT_RAW },
209 #ifdef DLT_IPV4
210 { raw_if_print, DLT_IPV4 },
211 #endif
212 #ifdef DLT_IPV6
213 { raw_if_print, DLT_IPV6 },
214 #endif
215 #ifdef DLT_SLIP_BSDOS
216 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
217 #endif
218 { sl_if_print, DLT_SLIP },
219 #ifdef DLT_LINUX_SLL
220 { sll_if_print, DLT_LINUX_SLL },
221 #endif
222 #ifdef DLT_LINUX_SLL2
223 { sll2_if_print, DLT_LINUX_SLL2 },
224 #endif
225 #ifdef DLT_SUNATM
226 { sunatm_if_print, DLT_SUNATM },
227 #endif
228 #ifdef DLT_SYMANTEC_FIREWALL
229 { symantec_if_print, DLT_SYMANTEC_FIREWALL },
230 #endif
231 { token_if_print, DLT_IEEE802 },
232 #ifdef DLT_USB_LINUX
233 { usb_linux_48_byte_if_print, DLT_USB_LINUX},
234 #endif /* DLT_USB_LINUX */
235 #ifdef DLT_USB_LINUX_MMAPPED
236 { usb_linux_64_byte_if_print, DLT_USB_LINUX_MMAPPED},
237 #endif /* DLT_USB_LINUX_MMAPPED */
238 #ifdef DLT_VSOCK
239 { vsock_if_print, DLT_VSOCK },
240 #endif
241 { NULL, 0 },
242 };
243
244 void
245 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
246 {
247 init_addrtoname(ndo, localnet, mask);
248 }
249
250 if_printer
251 lookup_printer(int type)
252 {
253 const struct printer *p;
254
255 for (p = printers; p->f; ++p)
256 if (type == p->type)
257 return p->f;
258
259 #if defined(DLT_USER2) && defined(DLT_PKTAP)
260 /*
261 * Apple incorrectly chose to use DLT_USER2 for their PKTAP
262 * header.
263 *
264 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
265 * based OSes or the same value as LINKTYPE_PKTAP as it is on
266 * other OSes, to LINKTYPE_PKTAP, so files written with
267 * this version of libpcap for a DLT_PKTAP capture have a link-
268 * layer header type of LINKTYPE_PKTAP.
269 *
270 * However, files written on OS X Mavericks for a DLT_PKTAP
271 * capture have a link-layer header type of LINKTYPE_USER2.
272 * If we don't have a printer for DLT_USER2, and type is
273 * DLT_USER2, we look up the printer for DLT_PKTAP and use
274 * that.
275 */
276 if (type == DLT_USER2) {
277 for (p = printers; p->f; ++p)
278 if (DLT_PKTAP == p->type)
279 return p->f;
280 }
281 #endif
282
283 return NULL;
284 /* NOTREACHED */
285 }
286
287 int
288 has_printer(int type)
289 {
290 return (lookup_printer(type) != NULL);
291 }
292
293 if_printer
294 get_if_printer(int type)
295 {
296 if_printer printer;
297
298 printer = lookup_printer(type);
299 if (printer == NULL)
300 printer = unsupported_if_print;
301 return printer;
302 }
303
304 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
305 extern int profile_func_level;
306 static int pretty_print_packet_level = -1;
307 #endif
308
309 void
310 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
311 const u_char *sp, u_int packets_captured)
312 {
313 u_int hdrlen = 0;
314 int invalid_header = 0;
315
316 if (ndo->ndo_print_sampling && packets_captured % ndo->ndo_print_sampling != 0)
317 return;
318
319 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
320 if (pretty_print_packet_level == -1)
321 pretty_print_packet_level = profile_func_level;
322 #endif
323
324 if (ndo->ndo_packet_number)
325 ND_PRINT("%5u ", packets_captured);
326
327 if (ndo->ndo_lengths)
328 ND_PRINT("caplen %u len %u ", h->caplen, h->len);
329
330 /* Sanity checks on packet length / capture length */
331 if (h->caplen == 0) {
332 invalid_header = 1;
333 ND_PRINT("[Invalid header: caplen==0");
334 }
335 if (h->len == 0) {
336 if (!invalid_header) {
337 invalid_header = 1;
338 ND_PRINT("[Invalid header:");
339 } else
340 ND_PRINT(",");
341 ND_PRINT(" len==0");
342 } else if (h->len < h->caplen) {
343 if (!invalid_header) {
344 invalid_header = 1;
345 ND_PRINT("[Invalid header:");
346 } else
347 ND_PRINT(",");
348 ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen);
349 }
350 if (h->caplen > MAXIMUM_SNAPLEN) {
351 if (!invalid_header) {
352 invalid_header = 1;
353 ND_PRINT("[Invalid header:");
354 } else
355 ND_PRINT(",");
356 ND_PRINT(" caplen(%u) > %u", h->caplen, MAXIMUM_SNAPLEN);
357 }
358 if (h->len > MAXIMUM_SNAPLEN) {
359 if (!invalid_header) {
360 invalid_header = 1;
361 ND_PRINT("[Invalid header:");
362 } else
363 ND_PRINT(",");
364 ND_PRINT(" len(%u) > %u", h->len, MAXIMUM_SNAPLEN);
365 }
366 if (invalid_header) {
367 ND_PRINT("]\n");
368 return;
369 }
370
371 /*
372 * At this point:
373 * capture length != 0,
374 * packet length != 0,
375 * capture length <= MAXIMUM_SNAPLEN,
376 * packet length <= MAXIMUM_SNAPLEN,
377 * packet length >= capture length.
378 *
379 * Currently, there is no D-Bus printer, thus no need for
380 * bigger lengths.
381 */
382
383 /*
384 * The header /usr/include/pcap/pcap.h in OpenBSD declares h->ts as
385 * struct bpf_timeval, not struct timeval. The former comes from
386 * /usr/include/net/bpf.h and uses 32-bit unsigned types instead of
387 * the types used in struct timeval.
388 */
389 struct timeval tvbuf;
390 tvbuf.tv_sec = h->ts.tv_sec;
391 tvbuf.tv_usec = h->ts.tv_usec;
392 ts_print(ndo, &tvbuf);
393
394 /*
395 * Printers must check that they're not walking off the end of
396 * the packet.
397 * Rather than pass it all the way down, we set this member
398 * of the netdissect_options structure.
399 */
400 ndo->ndo_snapend = sp + h->caplen;
401 ndo->ndo_packetp = sp;
402
403 ndo->ndo_protocol = "";
404 ndo->ndo_ll_hdr_len = 0;
405 switch (setjmp(ndo->ndo_early_end)) {
406 case 0:
407 /* Print the packet. */
408 (ndo->ndo_if_printer)(ndo, h, sp);
409 break;
410 case ND_TRUNCATED:
411 /* A printer quit because the packet was truncated; report it */
412 nd_print_trunc(ndo);
413 /* Print the full packet */
414 ndo->ndo_ll_hdr_len = 0;
415 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
416 /* truncation => reassignment */
417 profile_func_level = pretty_print_packet_level;
418 #endif
419 break;
420 }
421 hdrlen = ndo->ndo_ll_hdr_len;
422
423 /*
424 * Empty the stack of packet information, freeing all pushed buffers;
425 * if we got here by a printer quitting, we need to release anything
426 * that didn't get released because we longjmped out of the code
427 * before it popped the packet information.
428 */
429 nd_pop_all_packet_info(ndo);
430
431 /*
432 * Restore the originals snapend and packetp, as a printer
433 * might have changed them.
434 *
435 * XXX - nd_pop_all_packet_info() should have restored the
436 * original values, but, just in case....
437 */
438 ndo->ndo_snapend = sp + h->caplen;
439 ndo->ndo_packetp = sp;
440 if (ndo->ndo_Xflag) {
441 /*
442 * Print the raw packet data in hex and ASCII.
443 */
444 if (ndo->ndo_Xflag > 1) {
445 /*
446 * Include the link-layer header.
447 */
448 hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
449 } else {
450 /*
451 * Don't include the link-layer header - and if
452 * we have nothing past the link-layer header,
453 * print nothing.
454 */
455 if (h->caplen > hdrlen)
456 hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
457 h->caplen - hdrlen);
458 }
459 } else if (ndo->ndo_xflag) {
460 /*
461 * Print the raw packet data in hex.
462 */
463 if (ndo->ndo_xflag > 1) {
464 /*
465 * Include the link-layer header.
466 */
467 hex_print(ndo, "\n\t", sp, h->caplen);
468 } else {
469 /*
470 * Don't include the link-layer header - and if
471 * we have nothing past the link-layer header,
472 * print nothing.
473 */
474 if (h->caplen > hdrlen)
475 hex_print(ndo, "\n\t", sp + hdrlen,
476 h->caplen - hdrlen);
477 }
478 } else if (ndo->ndo_Aflag) {
479 /*
480 * Print the raw packet data in ASCII.
481 */
482 if (ndo->ndo_Aflag > 1) {
483 /*
484 * Include the link-layer header.
485 */
486 ascii_print(ndo, sp, h->caplen);
487 } else {
488 /*
489 * Don't include the link-layer header - and if
490 * we have nothing past the link-layer header,
491 * print nothing.
492 */
493 if (h->caplen > hdrlen)
494 ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
495 }
496 }
497
498 ND_PRINT("\n");
499 nd_free_all(ndo);
500 }
501
502 /*
503 * By default, print the specified data out in hex and ASCII.
504 */
505 static void
506 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
507 {
508 hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */
509 }
510
511 /* VARARGS */
512 static void NORETURN PRINTFLIKE(3, 4)
513 ndo_error(netdissect_options *ndo, status_exit_codes_t status,
514 FORMAT_STRING(const char *fmt), ...)
515 {
516 va_list ap;
517
518 if (ndo->program_name)
519 (void)fprintf(stderr, "%s: ", ndo->program_name);
520 va_start(ap, fmt);
521 (void)vfprintf(stderr, fmt, ap);
522 va_end(ap);
523 if (*fmt) {
524 fmt += strlen(fmt);
525 if (fmt[-1] != '\n')
526 (void)fputc('\n', stderr);
527 }
528 nd_cleanup();
529 exit(status);
530 /* NOTREACHED */
531 }
532
533 /* VARARGS */
534 static void PRINTFLIKE(2, 3)
535 ndo_warning(netdissect_options *ndo, FORMAT_STRING(const char *fmt), ...)
536 {
537 va_list ap;
538
539 if (ndo->program_name)
540 (void)fprintf(stderr, "%s: ", ndo->program_name);
541 (void)fprintf(stderr, "WARNING: ");
542 va_start(ap, fmt);
543 (void)vfprintf(stderr, fmt, ap);
544 va_end(ap);
545 if (*fmt) {
546 fmt += strlen(fmt);
547 if (fmt[-1] != '\n')
548 (void)fputc('\n', stderr);
549 }
550 }
551
552 /* VARARGS */
553 static int PRINTFLIKE(2, 3)
554 ndo_printf(netdissect_options *ndo, FORMAT_STRING(const char *fmt), ...)
555 {
556 va_list args;
557 int ret;
558
559 va_start(args, fmt);
560 ret = vfprintf(stdout, fmt, args);
561 va_end(args);
562
563 if (ret < 0)
564 ndo_error(ndo, S_ERR_ND_WRITE_FILE,
565 "Unable to write output: %s", pcap_strerror(errno));
566 return (ret);
567 }
568
569 void
570 ndo_set_function_pointers(netdissect_options *ndo)
571 {
572 ndo->ndo_default_print=ndo_default_print;
573 ndo->ndo_printf=ndo_printf;
574 ndo->ndo_error=ndo_error;
575 ndo->ndo_warning=ndo_warning;
576 }
[mirror] the TCPdump network dissector