X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4c76b828529c59ccb0eaf3d67e594f298b26900c..233f4c20af017634d373bd3cdbd5b1139469ced6:/print-null.c

diff --git a/print-null.c b/print-null.c
index a4b4085e..74c67bf9 100644
--- a/print-null.c
+++ b/print-null.c
@@ -20,24 +20,15 @@
  */
 
 #ifndef lint
-static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.39 2000-12-04 06:47:17 guy Exp $ (LBL)";
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.49.2.2 2003-11-16 08:51:36 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/ioctl.h>
-
-struct mbuf;
-struct rtentry;
-
-#include <netinet/in.h>
+#include <tcpdump-stdinc.h>
 
 #include <pcap.h>
 #include <stdio.h>
@@ -51,90 +42,158 @@ struct rtentry;
 #include "ip6.h"
 #endif
 
-#ifndef AF_NS
-#define AF_NS		6		/* XEROX NS protocols */
-#endif
-
 /*
- * The DLT_NULL packet header is 4 bytes long. It contains a network
- * order 32 bit integer that specifies the family, e.g. AF_INET
+ * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order
+ * 32-bit integer that specifies the family, e.g. AF_INET.
+ *
+ * Note here that "host" refers to the host on which the packets were
+ * captured; that isn't necessarily *this* host.
+ *
+ * The OpenBSD DLT_LOOP packet header is the same, except that the integer
+ * is in network byte order.
  */
 #define	NULL_HDRLEN 4
 
+/*
+ * BSD AF_ values.
+ *
+ * Unfortunately, the BSDs don't all use the same value for AF_INET6,
+ * so, because we want to be able to read captures from all of the BSDs,
+ * we check for all of them.
+ */
+#define BSD_AF_INET		2
+#define BSD_AF_NS		6		/* XEROX NS protocols */
+#define BSD_AF_ISO		7
+#define BSD_AF_APPLETALK	16
+#define BSD_AF_IPX		23
+#define BSD_AF_INET6_BSD	24	/* OpenBSD (and probably NetBSD), BSD/OS */
+#define BSD_AF_INET6_FREEBSD	28
+#define BSD_AF_INET6_DARWIN	30
+
 static void
-null_print(const u_char *p, const struct ip *ip, u_int length)
+null_print(u_int family, u_int length)
 {
-	u_int family;
-
-	memcpy((char *)&family, (char *)p, sizeof(family));
-
 	if (nflag)
-		printf("AF %d ", family);
+		printf("AF %u ", family);
 	else {
 		switch (family) {
 
-		case AF_INET:
+		case BSD_AF_INET:
 			printf("ip ");
 			break;
 
 #ifdef INET6
-		case AF_INET6:
+		case BSD_AF_INET6_BSD:
+		case BSD_AF_INET6_FREEBSD:
+		case BSD_AF_INET6_DARWIN:
 			printf("ip6 ");
 			break;
 #endif
 
-		case AF_NS:
+		case BSD_AF_NS:
 			printf("ns ");
 			break;
 
+		case BSD_AF_ISO:
+			printf("osi ");
+			break;
+
+		case BSD_AF_APPLETALK:
+			printf("atalk ");
+			break;
+
+		case BSD_AF_IPX:
+			printf("ipx ");
+			break;
+
 		default:
-			printf("AF %d ", family);
+			printf("AF %u ", family);
 			break;
 		}
 	}
 	printf("%d: ", length);
 }
 
-void
-null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
+/*
+ * Byte-swap a 32-bit number.
+ * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
+ * big-endian platforms.)
+ */
+#define	SWAPLONG(y) \
+((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
+
+/*
+ * This is the top level routine of the printer.  'p' points
+ * to the ether header of the packet, 'h->ts' is the timestamp,
+ * 'h->length' is the length of the packet off the wire, and 'h->caplen'
+ * is the number of bytes actually captured.
+ */
+u_int
+null_if_print(const struct pcap_pkthdr *h, const u_char *p)
 {
 	u_int length = h->len;
 	u_int caplen = h->caplen;
-	const struct ip *ip;
+	u_int family;
 
-	ts_print(&h->ts);
+	if (caplen < NULL_HDRLEN) {
+		printf("[|null]");
+		return (NULL_HDRLEN);
+	}
+
+	memcpy((char *)&family, (char *)p, sizeof(family));
 
 	/*
-	 * Some printers want to get back at the link level addresses,
-	 * and/or check that they're not walking off the end of the packet.
-	 * Rather than pass them all the way down, we set these globals.
+	 * This isn't necessarily in our host byte order; if this is
+	 * a DLT_LOOP capture, it's in network byte order, and if
+	 * this is a DLT_NULL capture from a machine with the opposite
+	 * byte-order, it's in the opposite byte order from ours.
+	 *
+	 * If the upper 16 bits aren't all zero, assume it's byte-swapped.
 	 */
-	packetp = p;
-	snapend = p + caplen;
+	if ((family & 0xFFFF0000) != 0)
+		family = SWAPLONG(family);
 
 	length -= NULL_HDRLEN;
-
-	ip = (struct ip *)(p + NULL_HDRLEN);
+	caplen -= NULL_HDRLEN;
+	p += NULL_HDRLEN;
 
 	if (eflag)
-		null_print(p, ip, length);
+		null_print(family, length);
+
+	switch (family) {
 
-	switch (IP_V(ip)) {
-	case 4:
-		ip_print((const u_char *)ip, length);
+	case BSD_AF_INET:
+		ip_print(p, length);
 		break;
+
 #ifdef INET6
-	case 6:
-		ip6_print((const u_char *)ip, length);
+	case BSD_AF_INET6_BSD:
+	case BSD_AF_INET6_FREEBSD:
+	case BSD_AF_INET6_DARWIN:
+		ip6_print(p, length);
 		break;
-#endif /* INET6 */
-	default:
-		printf("ip v%d", IP_V(ip));
+#endif
+
+	case BSD_AF_ISO:
+		isoclns_print(p, length, caplen);
+		break;
+
+	case BSD_AF_APPLETALK:
+		atalk_print(p, length);
+		break;
+
+	case BSD_AF_IPX:
+		ipx_print(p, length);
 		break;
+
+	default:
+		/* unknown AF_ value */
+		if (!eflag)
+			null_print(family, length + NULL_HDRLEN);
+		if (!xflag && !qflag)
+			default_print(p, caplen);
 	}
 
-	if (xflag)
-		default_print((const u_char *)ip, caplen - NULL_HDRLEN);
-	putchar('\n');
+	return (NULL_HDRLEN);
 }