]> The Tcpdump Group git mirrors - tcpdump/blob - print-sll.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump
[tcpdump] / print-sll.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21 #ifndef lint
22 static const char rcsid[] _U_ =
23 "@(#) $Header: /tcpdump/master/tcpdump/print-sll.c,v 1.19 2005-11-13 12:12:43 guy Exp $ (LBL)";
24 #endif
25
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29
30 #include <tcpdump-stdinc.h>
31
32 #include <stdio.h>
33 #include <string.h>
34 #include <pcap.h>
35
36 #include "interface.h"
37 #include "addrtoname.h"
38 #include "ethertype.h"
39 #include "extract.h"
40
41 #include "ether.h"
42
43 /*
44 * For captures on Linux cooked sockets, we construct a fake header
45 * that includes:
46 *
47 * a 2-byte "packet type" which is one of:
48 *
49 * LINUX_SLL_HOST packet was sent to us
50 * LINUX_SLL_BROADCAST packet was broadcast
51 * LINUX_SLL_MULTICAST packet was multicast
52 * LINUX_SLL_OTHERHOST packet was sent to somebody else
53 * LINUX_SLL_OUTGOING packet was sent *by* us;
54 *
55 * a 2-byte Ethernet protocol field;
56 *
57 * a 2-byte link-layer type;
58 *
59 * a 2-byte link-layer address length;
60 *
61 * an 8-byte source link-layer address, whose actual length is
62 * specified by the previous value.
63 *
64 * All fields except for the link-layer address are in network byte order.
65 *
66 * DO NOT change the layout of this structure, or change any of the
67 * LINUX_SLL_ values below. If you must change the link-layer header
68 * for a "cooked" Linux capture, introduce a new DLT_ type (ask
69 * "tcpdump-workers@lists.tcpdump.org" for one, so that you don't give it
70 * a value that collides with a value already being used), and use the
71 * new header in captures of that type, so that programs that can
72 * handle DLT_LINUX_SLL captures will continue to handle them correctly
73 * without any change, and so that capture files with different headers
74 * can be told apart and programs that read them can dissect the
75 * packets in them.
76 *
77 * This structure, and the #defines below, must be the same in the
78 * libpcap and tcpdump versions of "sll.h".
79 */
80
81 /*
82 * A DLT_LINUX_SLL fake link-layer header.
83 */
84 #define SLL_HDR_LEN 16 /* total header length */
85 #define SLL_ADDRLEN 8 /* length of address field */
86
87 struct sll_header {
88 u_int16_t sll_pkttype; /* packet type */
89 u_int16_t sll_hatype; /* link-layer address type */
90 u_int16_t sll_halen; /* link-layer address length */
91 u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */
92 u_int16_t sll_protocol; /* protocol */
93 };
94
95 /*
96 * The LINUX_SLL_ values for "sll_pkttype"; these correspond to the
97 * PACKET_ values on Linux, but are defined here so that they're
98 * available even on systems other than Linux, and so that they
99 * don't change even if the PACKET_ values change.
100 */
101 #define LINUX_SLL_HOST 0
102 #define LINUX_SLL_BROADCAST 1
103 #define LINUX_SLL_MULTICAST 2
104 #define LINUX_SLL_OTHERHOST 3
105 #define LINUX_SLL_OUTGOING 4
106
107 /*
108 * The LINUX_SLL_ values for "sll_protocol"; these correspond to the
109 * ETH_P_ values on Linux, but are defined here so that they're
110 * available even on systems other than Linux. We assume, for now,
111 * that the ETH_P_ values won't change in Linux; if they do, then:
112 *
113 * if we don't translate them in "pcap-linux.c", capture files
114 * won't necessarily be readable if captured on a system that
115 * defines ETH_P_ values that don't match these values;
116 *
117 * if we do translate them in "pcap-linux.c", that makes life
118 * unpleasant for the BPF code generator, as the values you test
119 * for in the kernel aren't the values that you test for when
120 * reading a capture file, so the fixup code run on BPF programs
121 * handed to the kernel ends up having to do more work.
122 *
123 * Add other values here as necessary, for handling packet types that
124 * might show up on non-Ethernet, non-802.x networks. (Not all the ones
125 * in the Linux "if_ether.h" will, I suspect, actually show up in
126 * captures.)
127 */
128 #define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */
129 #define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */
130
131 static const struct tok sll_pkttype_values[] = {
132 { LINUX_SLL_HOST, "In" },
133 { LINUX_SLL_BROADCAST, "B" },
134 { LINUX_SLL_MULTICAST, "M" },
135 { LINUX_SLL_OTHERHOST, "P" },
136 { LINUX_SLL_OUTGOING, "Out" },
137 { 0, NULL}
138 };
139
140 static inline void
141 sll_print(register const struct sll_header *sllp, u_int length)
142 {
143 u_short ether_type;
144
145 printf("%3s ",tok2str(sll_pkttype_values,"?",EXTRACT_16BITS(&sllp->sll_pkttype)));
146
147 /*
148 * XXX - check the link-layer address type value?
149 * For now, we just assume 6 means Ethernet.
150 * XXX - print others as strings of hex?
151 */
152 if (EXTRACT_16BITS(&sllp->sll_halen) == 6)
153 (void)printf("%s ", etheraddr_string(sllp->sll_addr));
154
155 if (!qflag) {
156 ether_type = EXTRACT_16BITS(&sllp->sll_protocol);
157
158 if (ether_type <= ETHERMTU) {
159 /*
160 * Not an Ethernet type; what type is it?
161 */
162 switch (ether_type) {
163
164 case LINUX_SLL_P_802_3:
165 /*
166 * Ethernet_802.3 IPX frame.
167 */
168 (void)printf("802.3");
169 break;
170
171 case LINUX_SLL_P_802_2:
172 /*
173 * 802.2.
174 */
175 (void)printf("802.2");
176 break;
177
178 default:
179 /*
180 * What is it?
181 */
182 (void)printf("ethertype Unknown (0x%04x)",
183 ether_type);
184 break;
185 }
186 } else {
187 (void)printf("ethertype %s (0x%04x)",
188 tok2str(ethertype_values, "Unknown", ether_type),
189 ether_type);
190 }
191 (void)printf(", length %u: ", length);
192 }
193 }
194
195 /*
196 * This is the top level routine of the printer. 'p' points to the
197 * Linux "cooked capture" header of the packet, 'h->ts' is the timestamp,
198 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
199 * is the number of bytes actually captured.
200 */
201 u_int
202 sll_if_print(const struct pcap_pkthdr *h, const u_char *p)
203 {
204 u_int caplen = h->caplen;
205 u_int length = h->len;
206 register const struct sll_header *sllp;
207 u_short ether_type;
208 u_short extracted_ethertype;
209
210 if (caplen < SLL_HDR_LEN) {
211 /*
212 * XXX - this "can't happen" because "pcap-linux.c" always
213 * adds this many bytes of header to every packet in a
214 * cooked socket capture.
215 */
216 printf("[|sll]");
217 return (caplen);
218 }
219
220 sllp = (const struct sll_header *)p;
221
222 if (eflag)
223 sll_print(sllp, length);
224
225 /*
226 * Go past the cooked-mode header.
227 */
228 length -= SLL_HDR_LEN;
229 caplen -= SLL_HDR_LEN;
230 p += SLL_HDR_LEN;
231
232 ether_type = EXTRACT_16BITS(&sllp->sll_protocol);
233
234 recurse:
235 /*
236 * Is it (gag) an 802.3 encapsulation, or some non-Ethernet
237 * packet type?
238 */
239 if (ether_type <= ETHERMTU) {
240 /*
241 * Yes - what type is it?
242 */
243 switch (ether_type) {
244
245 case LINUX_SLL_P_802_3:
246 /*
247 * Ethernet_802.3 IPX frame.
248 */
249 ipx_print(p, length);
250 break;
251
252 case LINUX_SLL_P_802_2:
253 /*
254 * 802.2.
255 * Try to print the LLC-layer header & higher layers.
256 */
257 if (llc_print(p, length, caplen, NULL, NULL,
258 &extracted_ethertype) == 0)
259 goto unknown; /* unknown LLC type */
260 break;
261
262 default:
263 extracted_ethertype = 0;
264 /*FALLTHROUGH*/
265
266 unknown:
267 /* ether_type not known, print raw packet */
268 if (!eflag)
269 sll_print(sllp, length + SLL_HDR_LEN);
270 if (extracted_ethertype) {
271 printf("(LLC %s) ",
272 etherproto_string(htons(extracted_ethertype)));
273 }
274 if (!suppress_default_print)
275 default_print(p, caplen);
276 break;
277 }
278 } else if (ether_type == ETHERTYPE_8021Q) {
279 /*
280 * Print VLAN information, and then go back and process
281 * the enclosed type field.
282 */
283 if (caplen < 4 || length < 4) {
284 printf("[|vlan]");
285 return (SLL_HDR_LEN);
286 }
287 if (eflag) {
288 u_int16_t tag = EXTRACT_16BITS(p);
289
290 printf("vlan %u, p %u%s, ",
291 tag & 0xfff,
292 tag >> 13,
293 (tag & 0x1000) ? ", CFI" : "");
294 }
295
296 ether_type = EXTRACT_16BITS(p + 2);
297 if (ether_type <= ETHERMTU)
298 ether_type = LINUX_SLL_P_802_2;
299 if (!qflag) {
300 (void)printf("ethertype %s, ",
301 tok2str(ethertype_values, "Unknown", ether_type));
302 }
303 p += 4;
304 length -= 4;
305 caplen -= 4;
306 goto recurse;
307 } else {
308 if (ethertype_print(gndo, ether_type, p, length, caplen) == 0) {
309 /* ether_type not known, print raw packet */
310 if (!eflag)
311 sll_print(sllp, length + SLL_HDR_LEN);
312 if (!suppress_default_print)
313 default_print(p, caplen);
314 }
315 }
316
317 return (SLL_HDR_LEN);
318 }
[mirror] the TCPdump network dissector