]> The Tcpdump Group git mirrors - tcpdump/blob - print.c
projects / tcpdump / blob


7460b777035e5efe79111f9e2234c1621622e9fb
[tcpdump] / print.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Support for splitting captures into multiple files with a maximum
22 * file size:
23 *
24 * Copyright (c) 2001
25 * Seth Webster <swebster@sst.ll.mit.edu>
26 */
27
28 #ifdef HAVE_CONFIG_H
29 #include <config.h>
30 #endif
31
32 #include <stdlib.h>
33 #include <string.h>
34
35 #include "netdissect-stdinc.h"
36
37 #include "netdissect.h"
38 #include "addrtoname.h"
39 #include "print.h"
40 #include "netdissect-alloc.h"
41
42 #include "pcap-missing.h"
43
44 struct printer {
45 if_printer f;
46 int type;
47 };
48
49 static const struct printer printers[] = {
50 { ether_if_print, DLT_EN10MB },
51 #ifdef DLT_IPNET
52 { ipnet_if_print, DLT_IPNET },
53 #endif
54 #ifdef DLT_IEEE802_15_4
55 { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
56 #endif
57 #ifdef DLT_IEEE802_15_4_NOFCS
58 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
59 #endif
60 #ifdef DLT_PPI
61 { ppi_if_print, DLT_PPI },
62 #endif
63 #ifdef DLT_NETANALYZER
64 { netanalyzer_if_print, DLT_NETANALYZER },
65 #endif
66 #ifdef DLT_NETANALYZER_TRANSPARENT
67 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
68 #endif
69 #ifdef DLT_NFLOG
70 { nflog_if_print, DLT_NFLOG},
71 #endif
72 #ifdef DLT_CIP
73 { cip_if_print, DLT_CIP },
74 #endif
75 #ifdef DLT_ATM_CLIP
76 { cip_if_print, DLT_ATM_CLIP },
77 #endif
78 #ifdef DLT_IP_OVER_FC
79 { ipfc_if_print, DLT_IP_OVER_FC },
80 #endif
81 { null_if_print, DLT_NULL },
82 #ifdef DLT_LOOP
83 { null_if_print, DLT_LOOP },
84 #endif
85 #ifdef DLT_APPLE_IP_OVER_IEEE1394
86 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
87 #endif
88 #ifdef DLT_BLUETOOTH_HCI_H4_WITH_PHDR
89 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
90 #endif
91 #ifdef DLT_LANE8023
92 { lane_if_print, DLT_LANE8023 },
93 #endif
94 { arcnet_if_print, DLT_ARCNET },
95 #ifdef DLT_ARCNET_LINUX
96 { arcnet_linux_if_print, DLT_ARCNET_LINUX },
97 #endif
98 { raw_if_print, DLT_RAW },
99 #ifdef DLT_IPV4
100 { raw_if_print, DLT_IPV4 },
101 #endif
102 #ifdef DLT_IPV6
103 { raw_if_print, DLT_IPV6 },
104 #endif
105 #ifdef DLT_USB_LINUX
106 { usb_linux_48_byte_if_print, DLT_USB_LINUX},
107 #endif /* DLT_USB_LINUX */
108 #ifdef DLT_USB_LINUX_MMAPPED
109 { usb_linux_64_byte_if_print, DLT_USB_LINUX_MMAPPED},
110 #endif /* DLT_USB_LINUX_MMAPPED */
111 #ifdef DLT_SYMANTEC_FIREWALL
112 { symantec_if_print, DLT_SYMANTEC_FIREWALL },
113 #endif
114 #ifdef DLT_C_HDLC
115 { chdlc_if_print, DLT_C_HDLC },
116 #endif
117 #ifdef DLT_HDLC
118 { chdlc_if_print, DLT_HDLC },
119 #endif
120 #ifdef DLT_PPP_ETHER
121 { pppoe_if_print, DLT_PPP_ETHER },
122 #endif
123 #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H)
124 { pflog_if_print, DLT_PFLOG },
125 #endif
126 { token_if_print, DLT_IEEE802 },
127 { fddi_if_print, DLT_FDDI },
128 #ifdef DLT_LINUX_SLL
129 { sll_if_print, DLT_LINUX_SLL },
130 #endif
131 #ifdef DLT_LINUX_SLL2
132 { sll2_if_print, DLT_LINUX_SLL2 },
133 #endif
134 #ifdef DLT_FR
135 { fr_if_print, DLT_FR },
136 #endif
137 #ifdef DLT_FRELAY
138 { fr_if_print, DLT_FRELAY },
139 #endif
140 #ifdef DLT_MFR
141 { mfr_if_print, DLT_MFR },
142 #endif
143 { atm_if_print, DLT_ATM_RFC1483 },
144 #ifdef DLT_SUNATM
145 { sunatm_if_print, DLT_SUNATM },
146 #endif
147 #ifdef DLT_ENC
148 { enc_if_print, DLT_ENC },
149 #endif
150 { sl_if_print, DLT_SLIP },
151 #ifdef DLT_SLIP_BSDOS
152 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
153 #endif
154 #ifdef DLT_LTALK
155 { ltalk_if_print, DLT_LTALK },
156 #endif
157 #ifdef DLT_JUNIPER_ATM1
158 { juniper_atm1_if_print, DLT_JUNIPER_ATM1 },
159 #endif
160 #ifdef DLT_JUNIPER_ATM2
161 { juniper_atm2_if_print, DLT_JUNIPER_ATM2 },
162 #endif
163 #ifdef DLT_JUNIPER_MFR
164 { juniper_mfr_if_print, DLT_JUNIPER_MFR },
165 #endif
166 #ifdef DLT_JUNIPER_MLFR
167 { juniper_mlfr_if_print, DLT_JUNIPER_MLFR },
168 #endif
169 #ifdef DLT_JUNIPER_MLPPP
170 { juniper_mlppp_if_print, DLT_JUNIPER_MLPPP },
171 #endif
172 #ifdef DLT_JUNIPER_PPPOE
173 { juniper_pppoe_if_print, DLT_JUNIPER_PPPOE },
174 #endif
175 #ifdef DLT_JUNIPER_PPPOE_ATM
176 { juniper_pppoe_atm_if_print, DLT_JUNIPER_PPPOE_ATM },
177 #endif
178 #ifdef DLT_JUNIPER_GGSN
179 { juniper_ggsn_if_print, DLT_JUNIPER_GGSN },
180 #endif
181 #ifdef DLT_JUNIPER_ES
182 { juniper_es_if_print, DLT_JUNIPER_ES },
183 #endif
184 #ifdef DLT_JUNIPER_MONITOR
185 { juniper_monitor_if_print, DLT_JUNIPER_MONITOR },
186 #endif
187 #ifdef DLT_JUNIPER_SERVICES
188 { juniper_services_if_print, DLT_JUNIPER_SERVICES },
189 #endif
190 #ifdef DLT_JUNIPER_ETHER
191 { juniper_ether_if_print, DLT_JUNIPER_ETHER },
192 #endif
193 #ifdef DLT_JUNIPER_PPP
194 { juniper_ppp_if_print, DLT_JUNIPER_PPP },
195 #endif
196 #ifdef DLT_JUNIPER_FRELAY
197 { juniper_frelay_if_print, DLT_JUNIPER_FRELAY },
198 #endif
199 #ifdef DLT_JUNIPER_CHDLC
200 { juniper_chdlc_if_print, DLT_JUNIPER_CHDLC },
201 #endif
202 #ifdef DLT_PKTAP
203 { pktap_if_print, DLT_PKTAP },
204 #endif
205 #ifdef DLT_IEEE802_11_RADIO
206 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
207 #endif
208 #ifdef DLT_IEEE802_11
209 { ieee802_11_if_print, DLT_IEEE802_11},
210 #endif
211 #ifdef DLT_IEEE802_11_RADIO_AVS
212 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
213 #endif
214 #ifdef DLT_PRISM_HEADER
215 { prism_if_print, DLT_PRISM_HEADER },
216 #endif
217 { ppp_if_print, DLT_PPP },
218 #ifdef DLT_PPP_WITHDIRECTION
219 { ppp_if_print, DLT_PPP_WITHDIRECTION },
220 #endif
221 #ifdef DLT_PPP_BSDOS
222 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
223 #endif
224 #ifdef DLT_PPP_SERIAL
225 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
226 #endif
227 { NULL, 0 },
228 };
229
230 static void ndo_default_print(netdissect_options *ndo, const u_char *bp,
231 u_int length);
232
233 static void NORETURN ndo_error(netdissect_options *ndo,
234 status_exit_codes_t status,
235 FORMAT_STRING(const char *fmt), ...)
236 PRINTFLIKE(3, 4);
237 static void ndo_warning(netdissect_options *ndo,
238 FORMAT_STRING(const char *fmt), ...)
239 PRINTFLIKE(2, 3);
240
241 static int ndo_printf(netdissect_options *ndo,
242 FORMAT_STRING(const char *fmt), ...)
243 PRINTFLIKE(2, 3);
244
245 void
246 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask,
247 uint32_t timezone_offset)
248 {
249
250 thiszone = timezone_offset;
251 init_addrtoname(ndo, localnet, mask);
252 init_checksum();
253 }
254
255 if_printer
256 lookup_printer(int type)
257 {
258 const struct printer *p;
259
260 for (p = printers; p->f; ++p)
261 if (type == p->type)
262 return p->f;
263
264 #if defined(DLT_USER2) && defined(DLT_PKTAP)
265 /*
266 * Apple incorrectly chose to use DLT_USER2 for their PKTAP
267 * header.
268 *
269 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
270 * based OSes or the same value as LINKTYPE_PKTAP as it is on
271 * other OSes, to LINKTYPE_PKTAP, so files written with
272 * this version of libpcap for a DLT_PKTAP capture have a link-
273 * layer header type of LINKTYPE_PKTAP.
274 *
275 * However, files written on OS X Mavericks for a DLT_PKTAP
276 * capture have a link-layer header type of LINKTYPE_USER2.
277 * If we don't have a printer for DLT_USER2, and type is
278 * DLT_USER2, we look up the printer for DLT_PKTAP and use
279 * that.
280 */
281 if (type == DLT_USER2) {
282 for (p = printers; p->f; ++p)
283 if (DLT_PKTAP == p->type)
284 return p->f;
285 }
286 #endif
287
288 return NULL;
289 /* NOTREACHED */
290 }
291
292 int
293 has_printer(int type)
294 {
295 return (lookup_printer(type) != NULL);
296 }
297
298 if_printer
299 get_if_printer(netdissect_options *ndo, int type)
300 {
301 const char *dltname;
302 if_printer printer;
303
304 printer = lookup_printer(type);
305 if (printer == NULL) {
306 dltname = pcap_datalink_val_to_name(type);
307 if (dltname != NULL)
308 (*ndo->ndo_error)(ndo, S_ERR_ND_NO_PRINTER,
309 "packet printing is not supported for link type %s: use -w",
310 dltname);
311 else
312 (*ndo->ndo_error)(ndo, S_ERR_ND_NO_PRINTER,
313 "packet printing is not supported for link type %d: use -w", type);
314 }
315 return printer;
316 }
317
318 void
319 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
320 const u_char *sp, u_int packets_captured)
321 {
322 u_int hdrlen;
323 int invalid_header = 0;
324
325 if(ndo->ndo_packet_number)
326 ND_PRINT("%5u ", packets_captured);
327
328 /* Sanity checks on packet length / capture length */
329 if(h->caplen == 0) {
330 invalid_header = 1;
331 ND_PRINT("[Invalid header: caplen==0");
332 }
333 if (h->len == 0) {
334 if (!invalid_header) {
335 invalid_header = 1;
336 ND_PRINT("[Invalid header:");
337 } else
338 ND_PRINT(",");
339 ND_PRINT(" len==0");
340 } else if (h->len < h->caplen) {
341 if (!invalid_header) {
342 invalid_header = 1;
343 ND_PRINT("[Invalid header:");
344 } else
345 ND_PRINT(",");
346 ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen);
347 }
348 if (h->caplen > MAXIMUM_SNAPLEN) {
349 if (!invalid_header) {
350 invalid_header = 1;
351 ND_PRINT("[Invalid header:");
352 } else
353 ND_PRINT(",");
354 ND_PRINT(" caplen(%u) > %u", h->caplen, MAXIMUM_SNAPLEN);
355 }
356 if (h->len > MAXIMUM_SNAPLEN) {
357 if (!invalid_header) {
358 invalid_header = 1;
359 ND_PRINT("[Invalid header:");
360 } else
361 ND_PRINT(",");
362 ND_PRINT(" len(%u) > %u", h->len, MAXIMUM_SNAPLEN);
363 }
364 if (invalid_header) {
365 ND_PRINT("]\n");
366 return;
367 }
368
369 /*
370 * At this point:
371 * capture length != 0,
372 * packet length != 0,
373 * capture length <= MAXIMUM_SNAPLEN,
374 * packet length <= MAXIMUM_SNAPLEN,
375 * packet length >= capture length.
376 *
377 * Currently, there is no D-Bus printer, thus no need for
378 * bigger lengths.
379 */
380
381 ts_print(ndo, &h->ts);
382
383 /*
384 * Printers must check that they're not walking off the end of
385 * the packet.
386 * Rather than pass it all the way down, we set this member
387 * of the netdissect_options structure.
388 */
389 ndo->ndo_snapend = sp + h->caplen;
390
391 hdrlen = (ndo->ndo_if_printer)(ndo, h, sp);
392
393 /*
394 * Restore the original snapend, as a printer might have
395 * changed it.
396 */
397 ndo->ndo_snapend = sp + h->caplen;
398 if (ndo->ndo_Xflag) {
399 /*
400 * Print the raw packet data in hex and ASCII.
401 */
402 if (ndo->ndo_Xflag > 1) {
403 /*
404 * Include the link-layer header.
405 */
406 hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
407 } else {
408 /*
409 * Don't include the link-layer header - and if
410 * we have nothing past the link-layer header,
411 * print nothing.
412 */
413 if (h->caplen > hdrlen)
414 hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
415 h->caplen - hdrlen);
416 }
417 } else if (ndo->ndo_xflag) {
418 /*
419 * Print the raw packet data in hex.
420 */
421 if (ndo->ndo_xflag > 1) {
422 /*
423 * Include the link-layer header.
424 */
425 hex_print(ndo, "\n\t", sp, h->caplen);
426 } else {
427 /*
428 * Don't include the link-layer header - and if
429 * we have nothing past the link-layer header,
430 * print nothing.
431 */
432 if (h->caplen > hdrlen)
433 hex_print(ndo, "\n\t", sp + hdrlen,
434 h->caplen - hdrlen);
435 }
436 } else if (ndo->ndo_Aflag) {
437 /*
438 * Print the raw packet data in ASCII.
439 */
440 if (ndo->ndo_Aflag > 1) {
441 /*
442 * Include the link-layer header.
443 */
444 ascii_print(ndo, sp, h->caplen);
445 } else {
446 /*
447 * Don't include the link-layer header - and if
448 * we have nothing past the link-layer header,
449 * print nothing.
450 */
451 if (h->caplen > hdrlen)
452 ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
453 }
454 }
455
456 ND_PRINT("\n");
457 nd_free_all(ndo);
458 }
459
460 /*
461 * By default, print the specified data out in hex and ASCII.
462 */
463 static void
464 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
465 {
466 hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */
467 }
468
469 /* VARARGS */
470 static void
471 ndo_error(netdissect_options *ndo, status_exit_codes_t status,
472 const char *fmt, ...)
473 {
474 va_list ap;
475
476 if(ndo->program_name)
477 (void)fprintf(stderr, "%s: ", ndo->program_name);
478 va_start(ap, fmt);
479 (void)vfprintf(stderr, fmt, ap);
480 va_end(ap);
481 if (*fmt) {
482 fmt += strlen(fmt);
483 if (fmt[-1] != '\n')
484 (void)fputc('\n', stderr);
485 }
486 nd_cleanup();
487 exit(status);
488 /* NOTREACHED */
489 }
490
491 /* VARARGS */
492 static void
493 ndo_warning(netdissect_options *ndo, const char *fmt, ...)
494 {
495 va_list ap;
496
497 if(ndo->program_name)
498 (void)fprintf(stderr, "%s: ", ndo->program_name);
499 (void)fprintf(stderr, "WARNING: ");
500 va_start(ap, fmt);
501 (void)vfprintf(stderr, fmt, ap);
502 va_end(ap);
503 if (*fmt) {
504 fmt += strlen(fmt);
505 if (fmt[-1] != '\n')
506 (void)fputc('\n', stderr);
507 }
508 }
509
510 static int
511 ndo_printf(netdissect_options *ndo, const char *fmt, ...)
512 {
513 va_list args;
514 int ret;
515
516 va_start(args, fmt);
517 ret = vfprintf(stdout, fmt, args);
518 va_end(args);
519
520 if (ret < 0)
521 ndo_error(ndo, S_ERR_ND_WRITE_FILE,
522 "Unable to write output: %s", pcap_strerror(errno));
523 return (ret);
524 }
525
526 void
527 ndo_set_function_pointers(netdissect_options *ndo)
528 {
529 ndo->ndo_default_print=ndo_default_print;
530 ndo->ndo_printf=ndo_printf;
531 ndo->ndo_error=ndo_error;
532 ndo->ndo_warning=ndo_warning;
533 }
[mirror] the TCPdump network dissector