X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/7b50febe28e54e076a9917164eeddec4bc7a170e..2cfe2bf4a5bdba199215e4c92129a36271b10a64:/print-null.c diff --git a/print-null.c b/print-null.c index b7072181..a602bc3a 100644 --- a/print-null.c +++ b/print-null.c @@ -21,7 +21,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.33 2000-09-23 08:26:37 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.40 2000-12-16 22:00:50 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -36,76 +36,98 @@ static const char rcsid[] = struct mbuf; struct rtentry; -#include #include -#include -#include -#include #include #include #include -#ifdef INET6 -#include -#endif - #include "interface.h" #include "addrtoname.h" +#include "ip.h" +#ifdef INET6 +#include "ip6.h" +#endif + #ifndef AF_NS #define AF_NS 6 /* XEROX NS protocols */ #endif /* - * The DLT_NULL packet header is 4 bytes long. It contains a network - * order 32 bit integer that specifies the family, e.g. AF_INET + * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order + * 32-bit integer that specifies the family, e.g. AF_INET. + * + * Note here that "host" refers to the host on which the packets were + * captured; that isn't necessarily *this* host. + * + * The OpenBSD DLT_LOOP packet header is the same, except that the integer + * is in network byte order. */ #define NULL_HDRLEN 4 static void -null_print(const u_char *p, const struct ip *ip, u_int length) +null_print(u_int family, u_int length) { - u_int family; - - memcpy((char *)&family, (char *)p, sizeof(family)); + if (nflag) + printf("AF %u ", family); + else { + switch (family) { - if (nflag) { - /* XXX just dump the header */ - return; - } - switch (family) { - - case AF_INET: - printf("ip: "); - break; + case AF_INET: + printf("ip "); + break; #ifdef INET6 - case AF_INET6: - printf("ip6: "); - break; + case AF_INET6: + printf("ip6 "); + break; #endif - case AF_NS: - printf("ns: "); - break; + case AF_NS: + printf("ns "); + break; - default: - printf("AF %d: ", family); - break; + default: + printf("AF %u ", family); + break; + } } + printf("%d: ", length); } +/* + * Byte-swap a 32-bit number. + * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on + * big-endian platforms.) + */ +#define SWAPLONG(y) \ +((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) + void null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int length = h->len; u_int caplen = h->caplen; const struct ip *ip; + u_int family; ts_print(&h->ts); + memcpy((char *)&family, (char *)p, sizeof(family)); + + /* + * This isn't necessarily in our host byte order; if this is + * a DLT_LOOP capture, it's in network byte order, and if + * this is a DLT_NULL capture from a machine with the opposite + * byte-order, it's in the opposite byte order from ours. + * + * If the upper 16 bits aren't all zero, assume it's byte-swapped. + */ + if ((family & 0xFFFF0000) != 0) + family = SWAPLONG(family); + /* * Some printers want to get back at the link level addresses, * and/or check that they're not walking off the end of the packet. @@ -119,9 +141,9 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ip = (struct ip *)(p + NULL_HDRLEN); if (eflag) - null_print(p, ip, length); + null_print(family, length); - switch (ip->ip_v) { + switch (IP_V(ip)) { case 4: ip_print((const u_char *)ip, length); break; @@ -131,7 +153,7 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) break; #endif /* INET6 */ default: - printf("ip v%d", ip->ip_v); + printf("ip v%d", IP_V(ip)); break; }