From: Guy Harris Date: Sat, 18 Apr 2015 07:08:52 +0000 (-0700) Subject: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header. X-Git-Tag: tcpdump-4.8.0~282^2~5 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/5170957d27cfb81694989a6c061440ec0bb314c9 With -e, print the LLC header before the SNAP header; without it, cut the SNAP header. With -e, write out everything; without -e, just write the SNAP header and, if the OUI is 000000, don't report it, and report the PID as an ethertype. --- diff --git a/print-llc.c b/print-llc.c index 0132bdaa..3839240a 100644 --- a/print-llc.c +++ b/print-llc.c @@ -237,13 +237,22 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, length -= hdrlen; caplen -= hdrlen; - /* - * Check for SNAP UI packets; if we have one, there's no point - * in printing the LLC header information, as we already know it - - * the relevant protocol-selection information is the SNAP OUI - * and PID, so it's sufficient to print that for frames we - * don't know how to print and for the "-e" flag. - */ + if (ndo->ndo_eflag) { + ND_PRINT((ndo, "LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s", + tok2str(llc_values, "Unknown", dsap), + dsap, + tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG), + tok2str(llc_values, "Unknown", ssap), + ssap, + tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP))); + + if (is_u) { + ND_PRINT((ndo, ", ctrl 0x%02x: ", control)); + } else { + ND_PRINT((ndo, ", ctrl 0x%04x: ", control)); + } + } + if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP && control == LLC_UI) { /* @@ -262,22 +271,6 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, return (hdrlen + 5); /* include LLC and SNAP header */ } - if (ndo->ndo_eflag) { - ND_PRINT((ndo, "LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s", - tok2str(llc_values, "Unknown", dsap), - dsap, - tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG), - tok2str(llc_values, "Unknown", ssap), - ssap, - tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP))); - - if (is_u) { - ND_PRINT((ndo, ", ctrl 0x%02x: ", control)); - } else { - ND_PRINT((ndo, ", ctrl 0x%04x: ", control)); - } - } - if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D && control == LLC_UI) { stp_print(ndo, p, length); @@ -387,30 +380,19 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, return (-hdrlen); } -static void -snap_hdr_print(netdissect_options *ndo, const uint8_t *esrc, const uint8_t *edst, - uint32_t orgcode, u_short et, u_int length) +static const struct tok * +oui_to_struct_tok(uint32_t orgcode) { const struct tok *tok = null_values; const struct oui_tok *otp; - if (esrc != NULL && edst != NULL) { - ND_PRINT((ndo, "%s > %s ", - etheraddr_string(ndo, esrc), - etheraddr_string(ndo, edst))); - } for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) { if (otp->oui == orgcode) { tok = otp->tok; break; } } - ND_PRINT((ndo, "SNAP oui %s (0x%06x), %s %s (0x%04x), length %u: ", - tok2str(oui_values, "Unknown", orgcode), - orgcode, - (orgcode == 0x000000 ? "ethertype" : "pid"), - tok2str(tok, "Unknown", et), - et, length)); + return (tok); } int @@ -430,9 +412,15 @@ snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, if (ndo->ndo_eflag) { /* * Somebody's already printed the MAC addresses, if there - * are any, so just print the SNAP header. + * are any, so just print the SNAP header, not the MAC + * addresses. */ - snap_hdr_print(ndo, NULL, NULL, orgcode, et, length - 5); + ND_PRINT((ndo, "oui %s (0x%06x), %s %s (0x%04x), length %u: ", + tok2str(oui_values, "Unknown", orgcode), + orgcode, + (orgcode == 0x000000 ? "ethertype" : "pid"), + tok2str(oui_to_struct_tok(orgcode), "Unknown", et), + et, length - 5)); } p += 5; length -= 5; @@ -561,8 +549,33 @@ snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, return (1); } } - if (!ndo->ndo_eflag) - snap_hdr_print(ndo, esrc, edst, orgcode, et, length); + if (!ndo->ndo_eflag) { + /* + * Nobody printed the MAC addresses, so print them, if + * we have any. + */ + if (esrc != NULL && edst != NULL) { + ND_PRINT((ndo, "%s > %s ", + etheraddr_string(ndo, esrc), + etheraddr_string(ndo, edst))); + } + /* + * Print the SNAP header, but if the OUI is 000000, don't + * bother printing it, and report the PID as being an + * ethertype. + */ + if (orgcode == 0x000000) { + ND_PRINT((ndo, "SNAP, ethertype %s (0x%04x), length %u: ", + tok2str(ethertype_values, "Unknown", et), + et, length)); + } else { + ND_PRINT((ndo, "SNAP, oui %s (0x%06x), pid %s (0x%04x), length %u: ", + tok2str(oui_values, "Unknown", orgcode), + orgcode, + tok2str(oui_to_struct_tok(orgcode), "Unknown", et), + et, length)); + } + } return (0); trunc: diff --git a/tests/dtp-v.out b/tests/dtp-v.out index cc06c265..4eb566b9 100644 --- a/tests/dtp-v.out +++ b/tests/dtp-v.out @@ -3,7 +3,7 @@ DTPv1, length 38 Status TLV (0x0002) TLV, length 5, 0x4 DTP type TLV (0x0003) TLV, length 5, 0x40 Neighbor TLV (0x0004) TLV, length 10, 00:19:06:ea:b8:85 -00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP oui Cisco (0x00000c), pid Unknown (0x0003), length 68: +00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP, oui Cisco (0x00000c), pid Unknown (0x0003), length 68: 0x0000: aaaa 0300 000c 0003 0000 0000 0100 0ccc ................ 0x0010: cccc 0019 06ea b885 0025 aaaa 0300 000c .........%...... 0x0020: 2004 0100 0100 084c 6162 0000 0200 0504 .......Lab...... @@ -14,7 +14,7 @@ DTPv1, length 38 Status TLV (0x0002) TLV, length 5, 0x4 DTP type TLV (0x0003) TLV, length 5, 0x40 Neighbor TLV (0x0004) TLV, length 10, 00:19:06:ea:b8:85 -00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP oui Cisco (0x00000c), pid Unknown (0x0003), length 68: +00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP, oui Cisco (0x00000c), pid Unknown (0x0003), length 68: 0x0000: aaaa 0300 000c 0003 0000 0000 0100 0ccc ................ 0x0010: cccc 0019 06ea b885 0025 aaaa 0300 000c .........%...... 0x0020: 2004 0100 0100 084c 6162 0000 0200 0504 .......Lab...... @@ -25,7 +25,7 @@ DTPv1, length 38 Status TLV (0x0002) TLV, length 5, 0x4 DTP type TLV (0x0003) TLV, length 5, 0x40 Neighbor TLV (0x0004) TLV, length 10, 00:19:06:ea:b8:85 -00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP oui Cisco (0x00000c), pid Unknown (0x0003), length 68: +00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP, oui Cisco (0x00000c), pid Unknown (0x0003), length 68: 0x0000: aaaa 0300 000c 0003 0000 0000 0100 0ccc ................ 0x0010: cccc 0019 06ea b885 0025 aaaa 0300 000c .........%...... 0x0020: 2004 0100 0100 084c 6162 0000 0200 0504 .......Lab...... @@ -36,7 +36,7 @@ DTPv1, length 38 Status TLV (0x0002) TLV, length 5, 0x4 DTP type TLV (0x0003) TLV, length 5, 0x40 Neighbor TLV (0x0004) TLV, length 10, 00:19:06:ea:b8:85 -00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP oui Cisco (0x00000c), pid Unknown (0x0003), length 68: +00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP, oui Cisco (0x00000c), pid Unknown (0x0003), length 68: 0x0000: aaaa 0300 000c 0003 0000 0000 0100 0ccc ................ 0x0010: cccc 0019 06ea b885 0025 aaaa 0300 000c .........%...... 0x0020: 2004 0100 0100 084c 6162 0000 0200 0504 .......Lab...... @@ -47,7 +47,7 @@ DTPv1, length 38 Status TLV (0x0002) TLV, length 5, 0x4 DTP type TLV (0x0003) TLV, length 5, 0x40 Neighbor TLV (0x0004) TLV, length 10, 00:19:06:ea:b8:85 -00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP oui Cisco (0x00000c), pid Unknown (0x0003), length 68: +00:19:06:ea:b8:85 > 01:00:0c:00:00:00 SNAP, oui Cisco (0x00000c), pid Unknown (0x0003), length 68: 0x0000: aaaa 0300 000c 0003 0000 0000 0100 0ccc ................ 0x0010: cccc 0019 06ea b885 0025 aaaa 0300 000c .........%...... 0x0020: 2004 0100 0100 084c 6162 0000 0200 0504 .......Lab...... diff --git a/tests/lldp_cdp-ev.out b/tests/lldp_cdp-ev.out index 055e3f41..5743b466 100644 --- a/tests/lldp_cdp-ev.out +++ b/tests/lldp_cdp-ev.out @@ -1,4 +1,4 @@ -00:18:ba:98:68:8f > 01:00:0c:cc:cc:cc, 802.3, length 388: SNAP oui Cisco (0x00000c), pid CDP (0x2000), length 366: CDPv2, ttl: 180s, checksum: 0x0bea (unverified), length 366 +00:18:ba:98:68:8f > 01:00:0c:cc:cc:cc, 802.3, length 388: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid CDP (0x2000), length 366: CDPv2, ttl: 180s, checksum: 0x0bea (unverified), length 366 Device-ID (0x01), value length: 2 bytes: 'S1' Version String (0x05), value length: 190 bytes: Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE, RELEASE SOFTWARE (fc1) @@ -17,7 +17,7 @@ Management Addresses (0x16), value length: 13 bytes: IPv4 (1) 0.0.0.0 unknown field type (0x1a), value length: 12 bytes: 0x0000: 0000 0001 0000 0000 ffff ffff -00:19:2f:a7:b2:8d > 01:00:0c:cc:cc:cc, 802.3, length 392: SNAP oui Cisco (0x00000c), pid CDP (0x2000), length 370: CDPv2, ttl: 180s, checksum: 0x971d (unverified), length 370 +00:19:2f:a7:b2:8d > 01:00:0c:cc:cc:cc, 802.3, length 392: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid CDP (0x2000), length 370: CDPv2, ttl: 180s, checksum: 0x971d (unverified), length 370 Device-ID (0x01), value length: 2 bytes: 'S2' Version String (0x05), value length: 190 bytes: Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE, RELEASE SOFTWARE (fc1) @@ -124,7 +124,7 @@ PMD autoneg capability [Sym PAUSE for fdx, Asym and Sym PAUSE for fdx, 1000BASE-{X LX SX CX} fdx, 1000BASE-T hdx] (0x0036) MAU type 100BASETX fdx (0x0010) End TLV (0), length 0 -00:18:ba:98:68:8f > 01:00:0c:cc:cc:cc, 802.3, length 388: SNAP oui Cisco (0x00000c), pid CDP (0x2000), length 366: CDPv2, ttl: 180s, checksum: 0x0be9 (unverified), length 366 +00:18:ba:98:68:8f > 01:00:0c:cc:cc:cc, 802.3, length 388: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid CDP (0x2000), length 366: CDPv2, ttl: 180s, checksum: 0x0be9 (unverified), length 366 Device-ID (0x01), value length: 2 bytes: 'S1' Version String (0x05), value length: 190 bytes: Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE, RELEASE SOFTWARE (fc1) @@ -143,7 +143,7 @@ Management Addresses (0x16), value length: 13 bytes: IPv4 (1) 0.0.0.0 unknown field type (0x1a), value length: 12 bytes: 0x0000: 0000 0001 0000 0000 ffff ffff -00:19:2f:a7:b2:8d > 01:00:0c:cc:cc:cc, 802.3, length 392: SNAP oui Cisco (0x00000c), pid CDP (0x2000), length 370: CDPv2, ttl: 180s, checksum: 0x971c (unverified), length 370 +00:19:2f:a7:b2:8d > 01:00:0c:cc:cc:cc, 802.3, length 392: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid CDP (0x2000), length 370: CDPv2, ttl: 180s, checksum: 0x971c (unverified), length 370 Device-ID (0x01), value length: 2 bytes: 'S2' Version String (0x05), value length: 190 bytes: Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE, RELEASE SOFTWARE (fc1)