Use nd_ types, add EXTRACT_ calls, use %u for unsigned values.

[tcpdump] / print-enc.c

diff --git a/print-enc.c b/print-enc.c
index c3fcf10c7da0d287c590282092b09bfbe82ad464..db965efb2e0b9c0369739899893ab7ed9f108f8c 100644 (file)
--- a/print-enc.c
+++ b/print-enc.c
@@ -31,6 +31,7 @@
 
 #include "netdissect.h"
 #include "extract.h"
+#include "af.h"
 
 /* From $OpenBSD: if_enc.h,v 1.8 2001/06/25 05:14:00 angelos Exp $ */
 /*
@@ -74,9 +75,9 @@
 #define M_AUTH         0x0800  /* packet was authenticated (AH) */
 
 struct enchdr {
-       uint32_t af;
-       uint32_t spi;
-       uint32_t flags;
+       nd_uint32_t af;
+       nd_uint32_t spi;
+       nd_uint32_t flags;
 };
 
 #define ENC_PRINT_TYPE(wh, xf, nam) \
@@ -85,13 +86,21 @@ struct enchdr {
                (wh) &= ~(xf); \
        }
 
+/*
+ * Byte-swap a 32-bit number.
+ * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
+ * big-endian platforms.)
+ */
+#define        SWAPLONG(y) \
+((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
+
 u_int
 enc_if_print(netdissect_options *ndo,
              const struct pcap_pkthdr *h, const u_char *p)
 {
        u_int length = h->len;
        u_int caplen = h->caplen;
-       int flags;
+       u_int af, flags;
        const struct enchdr *hdr;
 
        if (caplen < ENC_HDRLEN) {
@@ -100,7 +109,31 @@ enc_if_print(netdissect_options *ndo,
        }
 
        hdr = (const struct enchdr *)p;
-       flags = hdr->flags;
+       /*
+        * The address family and flags fields are in the byte order
+        * of the host that originally captured the traffic.
+        *
+        * To determine that, look at the address family.  It's 32-bit,
+        * it is not likely ever to be > 65535 (I doubt there will
+        * ever be > 65535 address families and, so far, AF_ values have
+        * not been allocated very sparsely) so it should not have the
+        * upper 16 bits set, and it is not likely ever to be AF_UNSPEC,
+        * i.e. it's not likely ever to be 0, so if it's byte-swapped,
+        * it should have at least one of the upper 16 bits set.
+        *
+        * So if any of the upper 16 bits are set, we assume it, and
+        * the flags field, are byte-swapped.
+        *
+        * The SPI field is always in network byte order, i.e. big-
+        * endian.
+        */
+       UNALIGNED_MEMCPY(&af, &hdr->af, sizeof (af));
+       UNALIGNED_MEMCPY(&flags, &hdr->flags, sizeof (flags));
+       if ((af & 0xFFFF0000) != 0) {
+               af = SWAPLONG(af);
+               flags = SWAPLONG(flags);
+       }
+
        if (flags == 0)
                ND_PRINT((ndo, "(unprotected): "));
        else
@@ -108,21 +141,21 @@ enc_if_print(netdissect_options *ndo,
        ENC_PRINT_TYPE(flags, M_AUTH, "authentic");
        ENC_PRINT_TYPE(flags, M_CONF, "confidential");
        /* ENC_PRINT_TYPE(flags, M_TUNNEL, "tunnel"); */
-       ND_PRINT((ndo, "SPI 0x%08x: ", EXTRACT_BE_U_4(&hdr->spi)));
+       ND_PRINT((ndo, "SPI 0x%08x: ", EXTRACT_BE_U_4(hdr->spi)));
 
        length -= ENC_HDRLEN;
        caplen -= ENC_HDRLEN;
        p += ENC_HDRLEN;
 
-       switch (hdr->af) {
-       case AF_INET:
+       switch (af) {
+       case BSD_AFNUM_INET:
                ip_print(ndo, p, length);
                break;
-#ifdef AF_INET6
-       case AF_INET6:
+       case BSD_AFNUM_INET6_BSD:
+       case BSD_AFNUM_INET6_FREEBSD:
+       case BSD_AFNUM_INET6_DARWIN:
                ip6_print(ndo, p, length);
                break;
-#endif
        }
 
 out: