]> The Tcpdump Group git mirrors - tcpdump/blob - print.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make sure we don't set the snapend before the beginning of the packet.
[tcpdump] / print.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Support for splitting captures into multiple files with a maximum
22 * file size:
23 *
24 * Copyright (c) 2001
25 * Seth Webster <swebster@sst.ll.mit.edu>
26 */
27
28 #ifdef HAVE_CONFIG_H
29 #include <config.h>
30 #endif
31
32 #include <stdlib.h>
33 #include <string.h>
34 #include <setjmp.h>
35
36 #include "netdissect-stdinc.h"
37
38 #include "netdissect.h"
39 #include "addrtoname.h"
40 #include "print.h"
41 #include "netdissect-alloc.h"
42
43 #include "pcap-missing.h"
44
45 struct printer {
46 if_printer f;
47 int type;
48 };
49
50 static const struct printer printers[] = {
51 #ifdef DLT_APPLE_IP_OVER_IEEE1394
52 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
53 #endif
54 { arcnet_if_print, DLT_ARCNET },
55 #ifdef DLT_ARCNET_LINUX
56 { arcnet_linux_if_print, DLT_ARCNET_LINUX },
57 #endif
58 { atm_if_print, DLT_ATM_RFC1483 },
59 #ifdef DLT_DSA_TAG_BRCM
60 { brcm_tag_if_print, DLT_DSA_TAG_BRCM },
61 #endif
62 #ifdef DLT_DSA_TAG_BRCM_PREPEND
63 { brcm_tag_prepend_if_print, DLT_DSA_TAG_BRCM_PREPEND },
64 #endif
65 #ifdef DLT_BLUETOOTH_HCI_H4_WITH_PHDR
66 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
67 #endif
68 #ifdef DLT_C_HDLC
69 { chdlc_if_print, DLT_C_HDLC },
70 #endif
71 #ifdef DLT_HDLC
72 { chdlc_if_print, DLT_HDLC },
73 #endif
74 #ifdef DLT_ATM_CLIP
75 { cip_if_print, DLT_ATM_CLIP },
76 #endif
77 #ifdef DLT_CIP
78 { cip_if_print, DLT_CIP },
79 #endif
80 #ifdef DLT_DSA_TAG_DSA
81 { dsa_if_print, DLT_DSA_TAG_DSA },
82 #endif
83 #ifdef DLT_DSA_TAG_EDSA
84 { edsa_if_print, DLT_DSA_TAG_EDSA },
85 #endif
86 #ifdef DLT_ENC
87 { enc_if_print, DLT_ENC },
88 #endif
89 { ether_if_print, DLT_EN10MB },
90 { fddi_if_print, DLT_FDDI },
91 #ifdef DLT_FR
92 { fr_if_print, DLT_FR },
93 #endif
94 #ifdef DLT_FRELAY
95 { fr_if_print, DLT_FRELAY },
96 #endif
97 #ifdef DLT_IEEE802_11
98 { ieee802_11_if_print, DLT_IEEE802_11},
99 #endif
100 #ifdef DLT_IEEE802_11_RADIO_AVS
101 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
102 #endif
103 #ifdef DLT_IEEE802_11_RADIO
104 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
105 #endif
106 #ifdef DLT_IEEE802_15_4
107 { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
108 #endif
109 #ifdef DLT_IEEE802_15_4_NOFCS
110 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
111 #endif
112 #ifdef DLT_IEEE802_15_4_TAP
113 { ieee802_15_4_tap_if_print, DLT_IEEE802_15_4_TAP },
114 #endif
115 #ifdef DLT_IP_OVER_FC
116 { ipfc_if_print, DLT_IP_OVER_FC },
117 #endif
118 #ifdef DLT_IPNET
119 { ipnet_if_print, DLT_IPNET },
120 #endif
121 #ifdef DLT_IPOIB
122 { ipoib_if_print, DLT_IPOIB },
123 #endif
124 #ifdef DLT_JUNIPER_ATM1
125 { juniper_atm1_if_print, DLT_JUNIPER_ATM1 },
126 #endif
127 #ifdef DLT_JUNIPER_ATM2
128 { juniper_atm2_if_print, DLT_JUNIPER_ATM2 },
129 #endif
130 #ifdef DLT_JUNIPER_CHDLC
131 { juniper_chdlc_if_print, DLT_JUNIPER_CHDLC },
132 #endif
133 #ifdef DLT_JUNIPER_ES
134 { juniper_es_if_print, DLT_JUNIPER_ES },
135 #endif
136 #ifdef DLT_JUNIPER_ETHER
137 { juniper_ether_if_print, DLT_JUNIPER_ETHER },
138 #endif
139 #ifdef DLT_JUNIPER_FRELAY
140 { juniper_frelay_if_print, DLT_JUNIPER_FRELAY },
141 #endif
142 #ifdef DLT_JUNIPER_GGSN
143 { juniper_ggsn_if_print, DLT_JUNIPER_GGSN },
144 #endif
145 #ifdef DLT_JUNIPER_MFR
146 { juniper_mfr_if_print, DLT_JUNIPER_MFR },
147 #endif
148 #ifdef DLT_JUNIPER_MLFR
149 { juniper_mlfr_if_print, DLT_JUNIPER_MLFR },
150 #endif
151 #ifdef DLT_JUNIPER_MLPPP
152 { juniper_mlppp_if_print, DLT_JUNIPER_MLPPP },
153 #endif
154 #ifdef DLT_JUNIPER_MONITOR
155 { juniper_monitor_if_print, DLT_JUNIPER_MONITOR },
156 #endif
157 #ifdef DLT_JUNIPER_PPP
158 { juniper_ppp_if_print, DLT_JUNIPER_PPP },
159 #endif
160 #ifdef DLT_JUNIPER_PPPOE_ATM
161 { juniper_pppoe_atm_if_print, DLT_JUNIPER_PPPOE_ATM },
162 #endif
163 #ifdef DLT_JUNIPER_PPPOE
164 { juniper_pppoe_if_print, DLT_JUNIPER_PPPOE },
165 #endif
166 #ifdef DLT_JUNIPER_SERVICES
167 { juniper_services_if_print, DLT_JUNIPER_SERVICES },
168 #endif
169 #ifdef DLT_LTALK
170 { ltalk_if_print, DLT_LTALK },
171 #endif
172 #ifdef DLT_MFR
173 { mfr_if_print, DLT_MFR },
174 #endif
175 #ifdef DLT_NETANALYZER
176 { netanalyzer_if_print, DLT_NETANALYZER },
177 #endif
178 #ifdef DLT_NETANALYZER_TRANSPARENT
179 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
180 #endif
181 #ifdef DLT_NFLOG
182 { nflog_if_print, DLT_NFLOG},
183 #endif
184 { null_if_print, DLT_NULL },
185 #ifdef DLT_LOOP
186 { null_if_print, DLT_LOOP },
187 #endif
188 #ifdef DLT_PFLOG
189 { pflog_if_print, DLT_PFLOG },
190 #endif
191 #ifdef DLT_PKTAP
192 { pktap_if_print, DLT_PKTAP },
193 #endif
194 #ifdef DLT_PPI
195 { ppi_if_print, DLT_PPI },
196 #endif
197 #ifdef DLT_PPP_BSDOS
198 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
199 #endif
200 #ifdef DLT_PPP_SERIAL
201 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
202 #endif
203 { ppp_if_print, DLT_PPP },
204 #ifdef DLT_PPP_PPPD
205 { ppp_if_print, DLT_PPP_PPPD },
206 #endif
207 #ifdef DLT_PPP_ETHER
208 { pppoe_if_print, DLT_PPP_ETHER },
209 #endif
210 #ifdef DLT_PRISM_HEADER
211 { prism_if_print, DLT_PRISM_HEADER },
212 #endif
213 { raw_if_print, DLT_RAW },
214 #ifdef DLT_IPV4
215 { raw_if_print, DLT_IPV4 },
216 #endif
217 #ifdef DLT_IPV6
218 { raw_if_print, DLT_IPV6 },
219 #endif
220 #ifdef DLT_SLIP_BSDOS
221 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
222 #endif
223 { sl_if_print, DLT_SLIP },
224 #ifdef DLT_LINUX_SLL
225 { sll_if_print, DLT_LINUX_SLL },
226 #endif
227 #ifdef DLT_LINUX_SLL2
228 { sll2_if_print, DLT_LINUX_SLL2 },
229 #endif
230 #ifdef DLT_SUNATM
231 { sunatm_if_print, DLT_SUNATM },
232 #endif
233 #ifdef DLT_SYMANTEC_FIREWALL
234 { symantec_if_print, DLT_SYMANTEC_FIREWALL },
235 #endif
236 { token_if_print, DLT_IEEE802 },
237 #ifdef DLT_USB_LINUX
238 { usb_linux_48_byte_if_print, DLT_USB_LINUX},
239 #endif /* DLT_USB_LINUX */
240 #ifdef DLT_USB_LINUX_MMAPPED
241 { usb_linux_64_byte_if_print, DLT_USB_LINUX_MMAPPED},
242 #endif /* DLT_USB_LINUX_MMAPPED */
243 #ifdef DLT_VSOCK
244 { vsock_if_print, DLT_VSOCK },
245 #endif
246 { NULL, 0 },
247 };
248
249 void
250 init_print(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
251 {
252
253 init_addrtoname(ndo, localnet, mask);
254 init_checksum();
255 }
256
257 if_printer
258 lookup_printer(int type)
259 {
260 const struct printer *p;
261
262 for (p = printers; p->f; ++p)
263 if (type == p->type)
264 return p->f;
265
266 #if defined(DLT_USER2) && defined(DLT_PKTAP)
267 /*
268 * Apple incorrectly chose to use DLT_USER2 for their PKTAP
269 * header.
270 *
271 * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
272 * based OSes or the same value as LINKTYPE_PKTAP as it is on
273 * other OSes, to LINKTYPE_PKTAP, so files written with
274 * this version of libpcap for a DLT_PKTAP capture have a link-
275 * layer header type of LINKTYPE_PKTAP.
276 *
277 * However, files written on OS X Mavericks for a DLT_PKTAP
278 * capture have a link-layer header type of LINKTYPE_USER2.
279 * If we don't have a printer for DLT_USER2, and type is
280 * DLT_USER2, we look up the printer for DLT_PKTAP and use
281 * that.
282 */
283 if (type == DLT_USER2) {
284 for (p = printers; p->f; ++p)
285 if (DLT_PKTAP == p->type)
286 return p->f;
287 }
288 #endif
289
290 return NULL;
291 /* NOTREACHED */
292 }
293
294 int
295 has_printer(int type)
296 {
297 return (lookup_printer(type) != NULL);
298 }
299
300 if_printer
301 get_if_printer(int type)
302 {
303 if_printer printer;
304
305 printer = lookup_printer(type);
306 if (printer == NULL)
307 printer = unsupported_if_print;
308 return printer;
309 }
310
311 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
312 extern int profile_func_level;
313 static int pretty_print_packet_level = -1;
314 #endif
315
316 void
317 pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
318 const u_char *sp, u_int packets_captured)
319 {
320 u_int hdrlen = 0;
321 int invalid_header = 0;
322
323 if (ndo->ndo_print_sampling && packets_captured % ndo->ndo_print_sampling != 0)
324 return;
325
326 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
327 if (pretty_print_packet_level == -1)
328 pretty_print_packet_level = profile_func_level;
329 #endif
330
331 if (ndo->ndo_packet_number)
332 ND_PRINT("%5u ", packets_captured);
333
334 /* Sanity checks on packet length / capture length */
335 if (h->caplen == 0) {
336 invalid_header = 1;
337 ND_PRINT("[Invalid header: caplen==0");
338 }
339 if (h->len == 0) {
340 if (!invalid_header) {
341 invalid_header = 1;
342 ND_PRINT("[Invalid header:");
343 } else
344 ND_PRINT(",");
345 ND_PRINT(" len==0");
346 } else if (h->len < h->caplen) {
347 if (!invalid_header) {
348 invalid_header = 1;
349 ND_PRINT("[Invalid header:");
350 } else
351 ND_PRINT(",");
352 ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen);
353 }
354 if (h->caplen > MAXIMUM_SNAPLEN) {
355 if (!invalid_header) {
356 invalid_header = 1;
357 ND_PRINT("[Invalid header:");
358 } else
359 ND_PRINT(",");
360 ND_PRINT(" caplen(%u) > %u", h->caplen, MAXIMUM_SNAPLEN);
361 }
362 if (h->len > MAXIMUM_SNAPLEN) {
363 if (!invalid_header) {
364 invalid_header = 1;
365 ND_PRINT("[Invalid header:");
366 } else
367 ND_PRINT(",");
368 ND_PRINT(" len(%u) > %u", h->len, MAXIMUM_SNAPLEN);
369 }
370 if (invalid_header) {
371 ND_PRINT("]\n");
372 return;
373 }
374
375 /*
376 * At this point:
377 * capture length != 0,
378 * packet length != 0,
379 * capture length <= MAXIMUM_SNAPLEN,
380 * packet length <= MAXIMUM_SNAPLEN,
381 * packet length >= capture length.
382 *
383 * Currently, there is no D-Bus printer, thus no need for
384 * bigger lengths.
385 */
386
387 /*
388 * The header /usr/include/pcap/pcap.h in OpenBSD declares h->ts as
389 * struct bpf_timeval, not struct timeval. The former comes from
390 * /usr/include/net/bpf.h and uses 32-bit unsigned types instead of
391 * the types used in struct timeval.
392 */
393 struct timeval tvbuf;
394 tvbuf.tv_sec = h->ts.tv_sec;
395 tvbuf.tv_usec = h->ts.tv_usec;
396 ts_print(ndo, &tvbuf);
397
398 /*
399 * Printers must check that they're not walking off the end of
400 * the packet.
401 * Rather than pass it all the way down, we set this member
402 * of the netdissect_options structure.
403 */
404 ndo->ndo_snapend = sp + h->caplen;
405 ndo->ndo_packetp = sp;
406
407 ndo->ndo_protocol = "";
408 ndo->ndo_ll_hdr_len = 0;
409 switch (setjmp(ndo->ndo_early_end)) {
410 case 0:
411 /* Print the packet. */
412 (ndo->ndo_if_printer)(ndo, h, sp);
413 break;
414 case ND_TRUNCATED:
415 /* A printer quit because the packet was truncated; report it */
416 nd_print_trunc(ndo);
417 /* Print the full packet */
418 ndo->ndo_ll_hdr_len = 0;
419 #ifdef ENABLE_INSTRUMENT_FUNCTIONS
420 /* truncation => reassignment */
421 profile_func_level = pretty_print_packet_level;
422 #endif
423 break;
424 case ND_BUG:
425 /*
426 * A printer or helper routine quit because a bug was
427 * detected; report it.
428 */
429 ND_PRINT(" [Bug in %s protocol printer]", ndo->ndo_protocol);
430 break;
431 }
432 hdrlen = ndo->ndo_ll_hdr_len;
433
434 /*
435 * Empty the stack of packet information, freeing all pushed buffers;
436 * if we got here by a printer quitting, we need to release anything
437 * that didn't get released because we longjmped out of the code
438 * before it popped the packet information.
439 */
440 nd_pop_all_packet_info(ndo);
441
442 /*
443 * Restore the original snapend, as a printer might have
444 * changed it.
445 */
446 ndo->ndo_snapend = sp + h->caplen;
447 if (ndo->ndo_Xflag) {
448 /*
449 * Print the raw packet data in hex and ASCII.
450 */
451 if (ndo->ndo_Xflag > 1) {
452 /*
453 * Include the link-layer header.
454 */
455 hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
456 } else {
457 /*
458 * Don't include the link-layer header - and if
459 * we have nothing past the link-layer header,
460 * print nothing.
461 */
462 if (h->caplen > hdrlen)
463 hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
464 h->caplen - hdrlen);
465 }
466 } else if (ndo->ndo_xflag) {
467 /*
468 * Print the raw packet data in hex.
469 */
470 if (ndo->ndo_xflag > 1) {
471 /*
472 * Include the link-layer header.
473 */
474 hex_print(ndo, "\n\t", sp, h->caplen);
475 } else {
476 /*
477 * Don't include the link-layer header - and if
478 * we have nothing past the link-layer header,
479 * print nothing.
480 */
481 if (h->caplen > hdrlen)
482 hex_print(ndo, "\n\t", sp + hdrlen,
483 h->caplen - hdrlen);
484 }
485 } else if (ndo->ndo_Aflag) {
486 /*
487 * Print the raw packet data in ASCII.
488 */
489 if (ndo->ndo_Aflag > 1) {
490 /*
491 * Include the link-layer header.
492 */
493 ascii_print(ndo, sp, h->caplen);
494 } else {
495 /*
496 * Don't include the link-layer header - and if
497 * we have nothing past the link-layer header,
498 * print nothing.
499 */
500 if (h->caplen > hdrlen)
501 ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
502 }
503 }
504
505 ND_PRINT("\n");
506 nd_free_all(ndo);
507 }
508
509 /*
510 * By default, print the specified data out in hex and ASCII.
511 */
512 static void
513 ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
514 {
515 hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */
516 }
517
518 /* VARARGS */
519 static void NORETURN PRINTFLIKE(3, 4)
520 ndo_error(netdissect_options *ndo, status_exit_codes_t status,
521 FORMAT_STRING(const char *fmt), ...)
522 {
523 va_list ap;
524
525 if (ndo->program_name)
526 (void)fprintf(stderr, "%s: ", ndo->program_name);
527 va_start(ap, fmt);
528 (void)vfprintf(stderr, fmt, ap);
529 va_end(ap);
530 if (*fmt) {
531 fmt += strlen(fmt);
532 if (fmt[-1] != '\n')
533 (void)fputc('\n', stderr);
534 }
535 nd_cleanup();
536 exit(status);
537 /* NOTREACHED */
538 }
539
540 /* VARARGS */
541 static void PRINTFLIKE(2, 3)
542 ndo_warning(netdissect_options *ndo, FORMAT_STRING(const char *fmt), ...)
543 {
544 va_list ap;
545
546 if (ndo->program_name)
547 (void)fprintf(stderr, "%s: ", ndo->program_name);
548 (void)fprintf(stderr, "WARNING: ");
549 va_start(ap, fmt);
550 (void)vfprintf(stderr, fmt, ap);
551 va_end(ap);
552 if (*fmt) {
553 fmt += strlen(fmt);
554 if (fmt[-1] != '\n')
555 (void)fputc('\n', stderr);
556 }
557 }
558
559 /* VARARGS */
560 static int PRINTFLIKE(2, 3)
561 ndo_printf(netdissect_options *ndo, FORMAT_STRING(const char *fmt), ...)
562 {
563 va_list args;
564 int ret;
565
566 va_start(args, fmt);
567 ret = vfprintf(stdout, fmt, args);
568 va_end(args);
569
570 if (ret < 0)
571 ndo_error(ndo, S_ERR_ND_WRITE_FILE,
572 "Unable to write output: %s", pcap_strerror(errno));
573 return (ret);
574 }
575
576 void
577 ndo_set_function_pointers(netdissect_options *ndo)
578 {
579 ndo->ndo_default_print=ndo_default_print;
580 ndo->ndo_printf=ndo_printf;
581 ndo->ndo_error=ndo_error;
582 ndo->ndo_warning=ndo_warning;
583 }
[mirror] the TCPdump network dissector