macsec, ether: clean up printing of encrypted and changed packets.

If the packet is encrypted or changed, so that we just print the payload
as raw data, and we're not running with -e, print the MAC addresses (if
any) and an indication that it's an 802.11AE packet, followed by the
MACsec header.

diff --git a/netdissect.h b/netdissect.h
index 2f25d4167e0f78b1df548fa1c852eb558fe316e0..3123bc389ee1946233adde97db9b919d54872fbb 100644 (file)
--- a/netdissect.h
+++ b/netdissect.h
@@ -629,7 +629,8 @@ extern void lwapp_data_print(netdissect_options *, const u_char *, u_int);
 extern void lwres_print(netdissect_options *, const u_char *, u_int);
 extern void m3ua_print(netdissect_options *, const u_char *, const u_int);
 extern int macsec_print(netdissect_options *, const u_char **,
-                        u_int *, u_int *, u_int *);
+                        u_int *, u_int *, u_int *, const struct lladdr_info *,
+                        const struct lladdr_info *);
 extern u_int mfr_print(netdissect_options *, const u_char *, u_int);
 extern void mobile_print(netdissect_options *, const u_char *, u_int);
 extern int mobility_print(netdissect_options *, const u_char *, const u_char *);

diff --git a/print-ether.c b/print-ether.c
index 4bf4573153055c03454bbe6fba23e13b4e6ee5cf..205cc8a7d7c99c0570d99e570981b763530df1a7 100644 (file)
--- a/print-ether.c
+++ b/print-ether.c
@@ -219,14 +219,11 @@ recurse:
                        printed_length = 1;
                }
 
-               int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen);
+               int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen,
+                   &src, &dst);
 
                if (ret == 0) {
                        /* Payload is encrypted; print it as raw data. */
-                       if (!ndo->ndo_eflag) {
-                               ether_type_print(ndo, length_type);
-                               ND_PRINT(", length %u: ", orig_length);
-                       }
                        if (!ndo->ndo_suppress_default_print)
                                ND_DEFAULTPRINT(p, caplen);
                        return (hdrlen);

diff --git a/print-macsec.c b/print-macsec.c
index 892f2c332baabd8632c59c2d7fd290deba26d921..d409ddbb1a957f9eb1bb40481a1c78e6175d0869 100644 (file)
--- a/print-macsec.c
+++ b/print-macsec.c
@@ -89,9 +89,29 @@ static const struct tok macsec_flag_values[] = {
        { 0, NULL }
 };
 
+static void macsec_print_header(netdissect_options *ndo,
+                               const struct macsec_sectag *sectag,
+                               u_int short_length)
+{
+       ND_PRINT("an %u, pn %u, flags %s",
+                GET_U_1(sectag->tci_an) & MACSEC_AN_MASK,
+                GET_BE_U_4(sectag->packet_number),
+                bittok2str_nosep(macsec_flag_values, "none",
+                                 GET_U_1(sectag->tci_an) & MACSEC_TCI_FLAGS));
+
+       if (short_length != 0)
+               ND_PRINT(", sl %u", short_length);
+
+       if (GET_U_1(sectag->tci_an) & MACSEC_TCI_SC)
+               ND_PRINT(", sci " SCI_FMT, GET_BE_U_8(sectag->secure_channel_id));
+               
+       ND_PRINT(", ");
+}
+
 /* returns < 0 iff the packet can be decoded completely */
 int macsec_print(netdissect_options *ndo, const u_char **bp,
-                u_int *lengthp, u_int *caplenp, u_int *hdrlenp)
+                u_int *lengthp, u_int *caplenp, u_int *hdrlenp,
+                const struct lladdr_info *src, const struct lladdr_info *dst)
 {
        const char *save_protocol;
        const u_char *p = *bp;
@@ -140,21 +160,8 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
        }
 
        short_length = GET_U_1(sectag->short_length) & MACSEC_SL_MASK;
-       if (ndo->ndo_eflag) {
-               ND_PRINT("an %u, pn %u, flags %s",
-                        GET_U_1(sectag->tci_an) & MACSEC_AN_MASK,
-                        GET_BE_U_4(sectag->packet_number),
-                        bittok2str_nosep(macsec_flag_values, "none",
-                                         GET_U_1(sectag->tci_an) & MACSEC_TCI_FLAGS));
-
-               if (short_length != 0)
-                       ND_PRINT(", sl %u", short_length);
-
-               if (GET_U_1(sectag->tci_an) & MACSEC_TCI_SC)
-                       ND_PRINT(", sci " SCI_FMT, GET_BE_U_8(sectag->secure_channel_id));
-               
-               ND_PRINT(", ");
-       }
+       if (ndo->ndo_eflag)
+               macsec_print_header(ndo, sectag, short_length);
 
        /* Skip the MACsec header. */
        *bp += sectag_len;
@@ -166,8 +173,30 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
 
        if ((GET_U_1(sectag->tci_an) & MACSEC_TCI_CONFID)) {
                /*
-                * The payload is encrypted.  Tell our
-                * caller it can't be dissected.
+                * The payload is encrypted.  Print link-layer
+                * information, if it hasn't already been printed.
+                */
+               if (!ndo->ndo_eflag) {
+                       /*
+                        * Nobody printed the link-layer addresses,
+                        * so print them, if we have any.
+                        */
+                       if (src != NULL && dst != NULL) {
+                               ND_PRINT("%s > %s ",
+                                       (src->addr_string)(ndo, src->addr),
+                                       (dst->addr_string)(ndo, dst->addr));
+                       }
+
+                       ND_PRINT("802.1AE MACsec, ");
+
+                       /*
+                        * Print the MACsec header.
+                        */
+                       macsec_print_header(ndo, sectag, short_length);
+               }
+
+               /*
+                * Tell our caller it can't be dissected.
                 */
                ndo->ndo_protocol = save_protocol;
                return 0;