From: Guy Harris Date: Thu, 28 May 2020 19:50:39 +0000 (-0700) Subject: macsec, ether: clean up printing of encrypted and changed packets. X-Git-Tag: tcpdump-4.99-bp~357 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/4e67f5b8391f7dc8be736611c5e5e5d35a2f5f1e macsec, ether: clean up printing of encrypted and changed packets. If the packet is encrypted or changed, so that we just print the payload as raw data, and we're not running with -e, print the MAC addresses (if any) and an indication that it's an 802.11AE packet, followed by the MACsec header. --- diff --git a/netdissect.h b/netdissect.h index 2f25d416..3123bc38 100644 --- a/netdissect.h +++ b/netdissect.h @@ -629,7 +629,8 @@ extern void lwapp_data_print(netdissect_options *, const u_char *, u_int); extern void lwres_print(netdissect_options *, const u_char *, u_int); extern void m3ua_print(netdissect_options *, const u_char *, const u_int); extern int macsec_print(netdissect_options *, const u_char **, - u_int *, u_int *, u_int *); + u_int *, u_int *, u_int *, const struct lladdr_info *, + const struct lladdr_info *); extern u_int mfr_print(netdissect_options *, const u_char *, u_int); extern void mobile_print(netdissect_options *, const u_char *, u_int); extern int mobility_print(netdissect_options *, const u_char *, const u_char *); diff --git a/print-ether.c b/print-ether.c index 4bf45731..205cc8a7 100644 --- a/print-ether.c +++ b/print-ether.c @@ -219,14 +219,11 @@ recurse: printed_length = 1; } - int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen); + int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen, + &src, &dst); if (ret == 0) { /* Payload is encrypted; print it as raw data. */ - if (!ndo->ndo_eflag) { - ether_type_print(ndo, length_type); - ND_PRINT(", length %u: ", orig_length); - } if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); return (hdrlen); diff --git a/print-macsec.c b/print-macsec.c index 892f2c33..d409ddbb 100644 --- a/print-macsec.c +++ b/print-macsec.c @@ -89,9 +89,29 @@ static const struct tok macsec_flag_values[] = { { 0, NULL } }; +static void macsec_print_header(netdissect_options *ndo, + const struct macsec_sectag *sectag, + u_int short_length) +{ + ND_PRINT("an %u, pn %u, flags %s", + GET_U_1(sectag->tci_an) & MACSEC_AN_MASK, + GET_BE_U_4(sectag->packet_number), + bittok2str_nosep(macsec_flag_values, "none", + GET_U_1(sectag->tci_an) & MACSEC_TCI_FLAGS)); + + if (short_length != 0) + ND_PRINT(", sl %u", short_length); + + if (GET_U_1(sectag->tci_an) & MACSEC_TCI_SC) + ND_PRINT(", sci " SCI_FMT, GET_BE_U_8(sectag->secure_channel_id)); + + ND_PRINT(", "); +} + /* returns < 0 iff the packet can be decoded completely */ int macsec_print(netdissect_options *ndo, const u_char **bp, - u_int *lengthp, u_int *caplenp, u_int *hdrlenp) + u_int *lengthp, u_int *caplenp, u_int *hdrlenp, + const struct lladdr_info *src, const struct lladdr_info *dst) { const char *save_protocol; const u_char *p = *bp; @@ -140,21 +160,8 @@ int macsec_print(netdissect_options *ndo, const u_char **bp, } short_length = GET_U_1(sectag->short_length) & MACSEC_SL_MASK; - if (ndo->ndo_eflag) { - ND_PRINT("an %u, pn %u, flags %s", - GET_U_1(sectag->tci_an) & MACSEC_AN_MASK, - GET_BE_U_4(sectag->packet_number), - bittok2str_nosep(macsec_flag_values, "none", - GET_U_1(sectag->tci_an) & MACSEC_TCI_FLAGS)); - - if (short_length != 0) - ND_PRINT(", sl %u", short_length); - - if (GET_U_1(sectag->tci_an) & MACSEC_TCI_SC) - ND_PRINT(", sci " SCI_FMT, GET_BE_U_8(sectag->secure_channel_id)); - - ND_PRINT(", "); - } + if (ndo->ndo_eflag) + macsec_print_header(ndo, sectag, short_length); /* Skip the MACsec header. */ *bp += sectag_len; @@ -166,8 +173,30 @@ int macsec_print(netdissect_options *ndo, const u_char **bp, if ((GET_U_1(sectag->tci_an) & MACSEC_TCI_CONFID)) { /* - * The payload is encrypted. Tell our - * caller it can't be dissected. + * The payload is encrypted. Print link-layer + * information, if it hasn't already been printed. + */ + if (!ndo->ndo_eflag) { + /* + * Nobody printed the link-layer addresses, + * so print them, if we have any. + */ + if (src != NULL && dst != NULL) { + ND_PRINT("%s > %s ", + (src->addr_string)(ndo, src->addr), + (dst->addr_string)(ndo, dst->addr)); + } + + ND_PRINT("802.1AE MACsec, "); + + /* + * Print the MACsec header. + */ + macsec_print_header(ndo, sectag, short_length); + } + + /* + * Tell our caller it can't be dissected. */ ndo->ndo_protocol = save_protocol; return 0;