From: Denis Ovsienko Date: Wed, 2 Apr 2014 04:14:19 +0000 (+0400) Subject: NDOize SMB decoder X-Git-Tag: tcpdump-4.6.0~119 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/bcf0fb3b48edc9e642c4101e2ccf964a30cdb6f1 NDOize SMB decoder --- diff --git a/interface.h b/interface.h index 451702cc..b4d0c11e 100644 --- a/interface.h +++ b/interface.h @@ -172,16 +172,8 @@ extern u_int ppp_hdlc_if_print(const struct pcap_pkthdr *, const u_char *); extern u_int ppp_bsdos_if_print(const struct pcap_pkthdr *, const u_char *); extern void tcp_print(const u_char *, u_int, const u_char *, int); extern void timed_print(const u_char *); -extern void netbeui_print(u_short, const u_char *, int); -extern void ipx_netbios_print(const u_char *, u_int); -extern void nbt_tcp_print(const u_char *, int); -extern void nbt_udp137_print(const u_char *, int); -extern void nbt_udp138_print(const u_char *, int); -extern void smb_tcp_print(const u_char *, int); extern char *smb_errstr(int, int); extern const char *nt_errstr(u_int32_t); -extern void print_data(const unsigned char *, int); - #ifdef INET6 extern void babel_print(const u_char *, u_int); diff --git a/netdissect.h b/netdissect.h index 03b0b9f0..ad374a89 100644 --- a/netdissect.h +++ b/netdissect.h @@ -506,6 +506,13 @@ extern void sip_print(netdissect_options *, const u_char *, u_int); extern void syslog_print(netdissect_options *, const u_char *, u_int); extern void lwres_print(netdissect_options *, const u_char *, u_int); extern void cfm_print(netdissect_options *, const u_char *, u_int); +extern void nbt_tcp_print(netdissect_options *, const u_char *, int); +extern void nbt_udp137_print(netdissect_options *, const u_char *, int); +extern void nbt_udp138_print(netdissect_options *, const u_char *, int); +extern void smb_tcp_print(netdissect_options *, const u_char *, int); +extern void netbeui_print(netdissect_options *, u_short, const u_char *, int); +extern void ipx_netbios_print(netdissect_options *, const u_char *, u_int); +extern void print_data(netdissect_options *, const unsigned char *, int); /* stuff that has not yet been rototiled */ @@ -535,17 +542,8 @@ extern void ppp_bsdos_if_print(u_char *, extern void tcp_print(netdissect_options *,const u_char *, u_int, const u_char *, int); extern void timed_print(netdissect_options *,const u_char *, u_int); -extern void netbeui_print(netdissect_options *,u_short, - const u_char *, int); -extern void ipx_netbios_print(netdissect_options *,const u_char *, u_int); -extern void nbt_tcp_print(netdissect_options *,const u_char *, int); -extern void nbt_udp137_print(netdissect_options *, - const u_char *data, int); -extern void nbt_udp138_print(netdissect_options *, - const u_char *data, int); extern char *smb_errstr(netdissect_options *,int, int); extern const char *nt_errstr(netdissect_options *, u_int32_t); -extern void print_data(netdissect_options *,const unsigned char *, int); #endif extern u_int ipnet_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *); diff --git a/print-ipx.c b/print-ipx.c index da3fb51d..32e38908 100644 --- a/print-ipx.c +++ b/print-ipx.c @@ -125,7 +125,7 @@ ipx_decode(netdissect_options *ndo, const struct ipxHdr *ipx, const u_char *data case IPX_SKT_NETBIOS: ND_PRINT((ndo, "ipx-netbios %d", length)); #ifdef TCPDUMP_DO_SMB - ipx_netbios_print(datap, length); + ipx_netbios_print(ndo, datap, length); #endif break; case IPX_SKT_DIAGNOSTICS: @@ -134,7 +134,7 @@ ipx_decode(netdissect_options *ndo, const struct ipxHdr *ipx, const u_char *data case IPX_SKT_NWLINK_DGM: ND_PRINT((ndo, "ipx-nwlink-dgm %d", length)); #ifdef TCPDUMP_DO_SMB - ipx_netbios_print(datap, length); + ipx_netbios_print(ndo, datap, length); #endif break; case IPX_SKT_EIGRP: diff --git a/print-llc.c b/print-llc.c index 565fd3ce..c2363d5f 100644 --- a/print-llc.c +++ b/print-llc.c @@ -284,7 +284,7 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, p += 4; length -= 4; } - netbeui_print(control, p, length); + netbeui_print(ndo, control, p, length); return (1); } #endif diff --git a/print-smb.c b/print-smb.c index f0e992c4..e4bacbbc 100644 --- a/print-smb.c +++ b/print-smb.c @@ -6,13 +6,13 @@ * or later */ +#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include -#include #include #include "interface.h" @@ -31,7 +31,7 @@ struct smbdescript { const char *req_f2; const char *rep_f1; const char *rep_f2; - void (*fn)(const u_char *, const u_char *, const u_char *, const u_char *); + void (*fn)(netdissect_options *, const u_char *, const u_char *, const u_char *, const u_char *); }; struct smbdescriptint { @@ -39,7 +39,7 @@ struct smbdescriptint { const char *req_f2; const char *rep_f1; const char *rep_f2; - void (*fn)(const u_char *, const u_char *, int, int); + void (*fn)(netdissect_options *, const u_char *, const u_char *, int, int); }; struct smbfns @@ -87,7 +87,8 @@ smbfindint(int id, const struct smbfnsint *list) } static void -trans2_findfirst(const u_char *param, const u_char *data, int pcnt, int dcnt) +trans2_findfirst(netdissect_options *ndo, + const u_char *param, const u_char *data, int pcnt, int dcnt) { const char *fmt; @@ -96,24 +97,25 @@ trans2_findfirst(const u_char *param, const u_char *data, int pcnt, int dcnt) else fmt = "Handle=[w]\nCount=[d]\nEOS=[w]\nEoffset=[d]\nLastNameOfs=[w]\n"; - smb_fdata(param, fmt, param + pcnt, unicodestr); + smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); if (dcnt) { - printf("data:\n"); - print_data(data, dcnt); + ND_PRINT((ndo, "data:\n")); + print_data(ndo, data, dcnt); } } static void -trans2_qfsinfo(const u_char *param, const u_char *data, int pcnt, int dcnt) +trans2_qfsinfo(netdissect_options *ndo, + const u_char *param, const u_char *data, int pcnt, int dcnt) { static int level = 0; const char *fmt=""; if (request) { - TCHECK2(*param, 2); + ND_TCHECK2(*param, 2); level = EXTRACT_LE_16BITS(param); fmt = "InfoLevel=[d]\n"; - smb_fdata(param, fmt, param + pcnt, unicodestr); + smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); } else { switch (level) { case 1: @@ -129,16 +131,15 @@ trans2_qfsinfo(const u_char *param, const u_char *data, int pcnt, int dcnt) fmt = "UnknownLevel\n"; break; } - smb_fdata(data, fmt, data + dcnt, unicodestr); + smb_fdata(ndo, data, fmt, data + dcnt, unicodestr); } if (dcnt) { - printf("data:\n"); - print_data(data, dcnt); + ND_PRINT((ndo, "data:\n")); + print_data(ndo, data, dcnt); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } static const struct smbfnsint trans2_fns[] = { @@ -167,7 +168,8 @@ static const struct smbfnsint trans2_fns[] = { static void -print_trans2(const u_char *words, const u_char *dat, const u_char *buf, const u_char *maxbuf) +print_trans2(netdissect_options *ndo, + const u_char *words, const u_char *dat, const u_char *buf, const u_char *maxbuf) { u_int bcc; static const struct smbfnsint *fn = &trans2_fns[0]; @@ -176,9 +178,9 @@ print_trans2(const u_char *words, const u_char *dat, const u_char *buf, const u_ const char *f1 = NULL, *f2 = NULL; int pcnt, dcnt; - TCHECK(words[0]); + ND_TCHECK(words[0]); if (request) { - TCHECK2(w[14 * 2], 2); + ND_TCHECK2(w[14 * 2], 2); pcnt = EXTRACT_LE_16BITS(w + 9 * 2); param = buf + EXTRACT_LE_16BITS(w + 10 * 2); dcnt = EXTRACT_LE_16BITS(w + 11 * 2); @@ -186,151 +188,151 @@ print_trans2(const u_char *words, const u_char *dat, const u_char *buf, const u_ fn = smbfindint(EXTRACT_LE_16BITS(w + 14 * 2), trans2_fns); } else { if (words[0] == 0) { - printf("%s\n", fn->name); - printf("Trans2Interim\n"); + ND_PRINT((ndo, "%s\n", fn->name)); + ND_PRINT((ndo, "Trans2Interim\n")); return; } - TCHECK2(w[7 * 2], 2); + ND_TCHECK2(w[7 * 2], 2); pcnt = EXTRACT_LE_16BITS(w + 3 * 2); param = buf + EXTRACT_LE_16BITS(w + 4 * 2); dcnt = EXTRACT_LE_16BITS(w + 6 * 2); data = buf + EXTRACT_LE_16BITS(w + 7 * 2); } - printf("%s param_length=%d data_length=%d\n", fn->name, pcnt, dcnt); + ND_PRINT((ndo, "%s param_length=%d data_length=%d\n", fn->name, pcnt, dcnt)); if (request) { if (words[0] == 8) { - smb_fdata(words + 1, + smb_fdata(ndo, words + 1, "Trans2Secondary\nTotParam=[d]\nTotData=[d]\nParamCnt=[d]\nParamOff=[d]\nParamDisp=[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nHandle=[d]\n", maxbuf, unicodestr); return; } else { - smb_fdata(words + 1, + smb_fdata(ndo, words + 1, "TotParam=[d]\nTotData=[d]\nMaxParam=[d]\nMaxData=[d]\nMaxSetup=[b][P1]\nFlags=[w]\nTimeOut=[D]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nDataCnt=[d]\nDataOff=[d]\nSetupCnt=[b][P1]\n", words + 1 + 14 * 2, unicodestr); } f1 = fn->descript.req_f1; f2 = fn->descript.req_f2; } else { - smb_fdata(words + 1, + smb_fdata(ndo, words + 1, "TotParam=[d]\nTotData=[d]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nParamDisp[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nSetupCnt=[b][P1]\n", words + 1 + 10 * 2, unicodestr); f1 = fn->descript.rep_f1; f2 = fn->descript.rep_f2; } - TCHECK2(*dat, 2); + ND_TCHECK2(*dat, 2); bcc = EXTRACT_LE_16BITS(dat); - printf("smb_bcc=%u\n", bcc); + ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (fn->descript.fn) - (*fn->descript.fn)(param, data, pcnt, dcnt); + (*fn->descript.fn)(ndo, param, data, pcnt, dcnt); else { - smb_fdata(param, f1 ? f1 : "Parameters=\n", param + pcnt, unicodestr); - smb_fdata(data, f2 ? f2 : "Data=\n", data + dcnt, unicodestr); + smb_fdata(ndo, param, f1 ? f1 : "Parameters=\n", param + pcnt, unicodestr); + smb_fdata(ndo, data, f2 ? f2 : "Data=\n", data + dcnt, unicodestr); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } - static void -print_browse(const u_char *param, int paramlen, const u_char *data, int datalen) +print_browse(netdissect_options *ndo, + const u_char *param, int paramlen, const u_char *data, int datalen) { const u_char *maxbuf = data + datalen; int command; - TCHECK(data[0]); + ND_TCHECK(data[0]); command = data[0]; - smb_fdata(param, "BROWSE PACKET\n|Param ", param+paramlen, unicodestr); + smb_fdata(ndo, param, "BROWSE PACKET\n|Param ", param+paramlen, unicodestr); switch (command) { case 0xF: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (LocalMasterAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n", maxbuf, unicodestr); break; case 0x1: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (HostAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n", maxbuf, unicodestr); break; case 0x2: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (AnnouncementRequest)\nFlags=[B]\nReplySystemName=[S]\n", maxbuf, unicodestr); break; case 0xc: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (WorkgroupAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nCommentPointer=[W]\nServerName=[S]\n", maxbuf, unicodestr); break; case 0x8: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (ElectionFrame)\nElectionVersion=[B]\nOSSummary=[W]\nUptime=[(W, W)]\nServerName=[S]\n", maxbuf, unicodestr); break; case 0xb: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (BecomeBackupBrowser)\nName=[S]\n", maxbuf, unicodestr); break; case 0x9: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (GetBackupList)\nListCount?=[B]\nToken=[W]\n", maxbuf, unicodestr); break; case 0xa: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (BackupListResponse)\nServerCount?=[B]\nToken=[W]\n*Name=[S]\n", maxbuf, unicodestr); break; case 0xd: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (MasterAnnouncement)\nMasterName=[S]\n", maxbuf, unicodestr); break; case 0xe: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "BROWSE PACKET:\nType=[B] (ResetBrowser)\nOptions=[B]\n", maxbuf, unicodestr); break; default: - data = smb_fdata(data, "Unknown Browser Frame ", maxbuf, unicodestr); + data = smb_fdata(ndo, data, "Unknown Browser Frame ", maxbuf, unicodestr); break; } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } static void -print_ipc(const u_char *param, int paramlen, const u_char *data, int datalen) +print_ipc(netdissect_options *ndo, + const u_char *param, int paramlen, const u_char *data, int datalen) { if (paramlen) - smb_fdata(param, "Command=[w]\nStr1=[S]\nStr2=[S]\n", param + paramlen, + smb_fdata(ndo, param, "Command=[w]\nStr1=[S]\nStr2=[S]\n", param + paramlen, unicodestr); if (datalen) - smb_fdata(data, "IPC ", data + datalen, unicodestr); + smb_fdata(ndo, data, "IPC ", data + datalen, unicodestr); } static void -print_trans(const u_char *words, const u_char *data1, const u_char *buf, const u_char *maxbuf) +print_trans(netdissect_options *ndo, + const u_char *words, const u_char *data1, const u_char *buf, const u_char *maxbuf) { u_int bcc; const char *f1, *f2, *f3, *f4; @@ -339,7 +341,7 @@ print_trans(const u_char *words, const u_char *data1, const u_char *buf, const u int datalen, paramlen; if (request) { - TCHECK2(w[12 * 2], 2); + ND_TCHECK2(w[12 * 2], 2); paramlen = EXTRACT_LE_16BITS(w + 9 * 2); param = buf + EXTRACT_LE_16BITS(w + 10 * 2); datalen = EXTRACT_LE_16BITS(w + 11 * 2); @@ -349,7 +351,7 @@ print_trans(const u_char *words, const u_char *data1, const u_char *buf, const u f3 = "|Param "; f4 = "|Data "; } else { - TCHECK2(w[7 * 2], 2); + ND_TCHECK2(w[7 * 2], 2); paramlen = EXTRACT_LE_16BITS(w + 3 * 2); param = buf + EXTRACT_LE_16BITS(w + 4 * 2); datalen = EXTRACT_LE_16BITS(w + 6 * 2); @@ -360,44 +362,44 @@ print_trans(const u_char *words, const u_char *data1, const u_char *buf, const u f4 = "|Data "; } - smb_fdata(words + 1, f1, min(words + 1 + 2 * words[0], maxbuf), + smb_fdata(ndo, words + 1, f1, min(words + 1 + 2 * words[0], maxbuf), unicodestr); - TCHECK2(*data1, 2); + ND_TCHECK2(*data1, 2); bcc = EXTRACT_LE_16BITS(data1); - printf("smb_bcc=%u\n", bcc); + ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { - smb_fdata(data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr); + smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr); if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) { - print_browse(param, paramlen, data, datalen); + print_browse(ndo, param, paramlen, data, datalen); return; } if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) { - print_ipc(param, paramlen, data, datalen); + print_ipc(ndo, param, paramlen, data, datalen); return; } if (paramlen) - smb_fdata(param, f3, min(param + paramlen, maxbuf), unicodestr); + smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr); if (datalen) - smb_fdata(data, f4, min(data + datalen, maxbuf), unicodestr); + smb_fdata(ndo, data, f4, min(data + datalen, maxbuf), unicodestr); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } static void -print_negprot(const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) +print_negprot(netdissect_options *ndo, + const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) { u_int wct, bcc; const char *f1 = NULL, *f2 = NULL; - TCHECK(words[0]); + ND_TCHECK(words[0]); wct = words[0]; if (request) f2 = "*|Dialect=[Y]\n"; @@ -411,34 +413,34 @@ print_negprot(const u_char *words, const u_char *data, const u_char *buf _U_, co } if (f1) - smb_fdata(words + 1, f1, min(words + 1 + wct * 2, maxbuf), + smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), unicodestr); else - print_data(words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); + print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); - TCHECK2(*data, 2); + ND_TCHECK2(*data, 2); bcc = EXTRACT_LE_16BITS(data); - printf("smb_bcc=%u\n", bcc); + ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { if (f2) - smb_fdata(data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), + smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), maxbuf), unicodestr); else - print_data(data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); + print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } static void -print_sesssetup(const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) +print_sesssetup(netdissect_options *ndo, + const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) { u_int wct, bcc; const char *f1 = NULL, *f2 = NULL; - TCHECK(words[0]); + ND_TCHECK(words[0]); wct = words[0]; if (request) { if (wct == 10) @@ -455,39 +457,39 @@ print_sesssetup(const u_char *words, const u_char *data, const u_char *buf _U_, } if (f1) - smb_fdata(words + 1, f1, min(words + 1 + wct * 2, maxbuf), + smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), unicodestr); else - print_data(words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); + print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); - TCHECK2(*data, 2); + ND_TCHECK2(*data, 2); bcc = EXTRACT_LE_16BITS(data); - printf("smb_bcc=%u\n", bcc); + ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { if (f2) - smb_fdata(data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), + smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), maxbuf), unicodestr); else - print_data(data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); + print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } static void -print_lockingandx(const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) +print_lockingandx(netdissect_options *ndo, + const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) { u_int wct, bcc; const u_char *maxwords; const char *f1 = NULL, *f2 = NULL; - TCHECK(words[0]); + ND_TCHECK(words[0]); wct = words[0]; if (request) { f1 = "Com2=[w]\nOff2=[d]\nHandle=[d]\nLockType=[w]\nTimeOut=[D]\nUnlockCount=[d]\nLockCount=[d]\n"; - TCHECK(words[7]); + ND_TCHECK(words[7]); if (words[7] & 0x10) f2 = "*Process=[d]\n[P2]Offset=[M]\nLength=[M]\n"; else @@ -498,22 +500,21 @@ print_lockingandx(const u_char *words, const u_char *data, const u_char *buf _U_ maxwords = min(words + 1 + wct * 2, maxbuf); if (wct) - smb_fdata(words + 1, f1, maxwords, unicodestr); + smb_fdata(ndo, words + 1, f1, maxwords, unicodestr); - TCHECK2(*data, 2); + ND_TCHECK2(*data, 2); bcc = EXTRACT_LE_16BITS(data); - printf("smb_bcc=%u\n", bcc); + ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { if (f2) - smb_fdata(data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), + smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), maxbuf), unicodestr); else - print_data(data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); + print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } @@ -789,7 +790,8 @@ static const struct smbfns smb_fns[] = { * print a SMB message */ static void -print_smb(const u_char *buf, const u_char *maxbuf) +print_smb(netdissect_options *ndo, + const u_char *buf, const u_char *maxbuf) { u_int16_t flags2; int nterrcodes; @@ -801,7 +803,7 @@ print_smb(const u_char *buf, const u_char *maxbuf) "[P4]SMB Command = [B]\nError class = [BP1]\nError code = [d]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [d]\nProc ID = [d]\nUID = [d]\nMID = [d]\nWord Count = [b]\n"; int smboffset; - TCHECK(buf[9]); + ND_TCHECK(buf[9]); request = (buf[9] & 0x80) ? 0 : 1; flags2 = EXTRACT_LE_16BITS(&buf[10]); unicodestr = flags2 & 0x8000; @@ -812,24 +814,24 @@ print_smb(const u_char *buf, const u_char *maxbuf) fn = smbfind(command, smb_fns); - if (vflag > 1) - printf("\n"); + if (ndo->ndo_vflag > 1) + ND_PRINT((ndo, "\n")); - printf("SMB PACKET: %s (%s)\n", fn->name, request ? "REQUEST" : "REPLY"); + ND_PRINT((ndo, "SMB PACKET: %s (%s)\n", fn->name, request ? "REQUEST" : "REPLY")); - if (vflag < 2) + if (ndo->ndo_vflag < 2) return; /* print out the header */ - smb_fdata(buf, fmt_smbheader, buf + 33, unicodestr); + smb_fdata(ndo, buf, fmt_smbheader, buf + 33, unicodestr); if (nterrcodes) { nterror = EXTRACT_LE_32BITS(&buf[5]); if (nterror) - printf("NTError = %s\n", nt_errstr(nterror)); + ND_PRINT((ndo, "NTError = %s\n", nt_errstr(nterror))); } else { if (buf[5]) - printf("SMBError = %s\n", smb_errstr(buf[5], EXTRACT_LE_16BITS(&buf[7]))); + ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(buf[5], EXTRACT_LE_16BITS(&buf[7])))); } smboffset = 32; @@ -841,7 +843,7 @@ print_smb(const u_char *buf, const u_char *maxbuf) int newsmboffset; words = buf + smboffset; - TCHECK(words[0]); + ND_TCHECK(words[0]); wct = words[0]; data = words + 1 + wct * 2; maxwords = min(data, maxbuf); @@ -855,33 +857,33 @@ print_smb(const u_char *buf, const u_char *maxbuf) } if (fn->descript.fn) - (*fn->descript.fn)(words, data, buf, maxbuf); + (*fn->descript.fn)(ndo, words, data, buf, maxbuf); else { if (wct) { if (f1) - smb_fdata(words + 1, f1, words + 1 + wct * 2, unicodestr); + smb_fdata(ndo, words + 1, f1, words + 1 + wct * 2, unicodestr); else { int i; int v; for (i = 0; &words[1 + 2 * i] < maxwords; i++) { - TCHECK2(words[1 + 2 * i], 2); + ND_TCHECK2(words[1 + 2 * i], 2); v = EXTRACT_LE_16BITS(words + 1 + 2 * i); - printf("smb_vwv[%d]=%d (0x%X)\n", i, v, v); + ND_PRINT((ndo, "smb_vwv[%d]=%d (0x%X)\n", i, v, v)); } } } - TCHECK2(*data, 2); + ND_TCHECK2(*data, 2); bcc = EXTRACT_LE_16BITS(data); - printf("smb_bcc=%u\n", bcc); + ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (f2) { if (bcc > 0) - smb_fdata(data + 2, f2, data + 2 + bcc, unicodestr); + smb_fdata(ndo, data + 2, f2, data + 2 + bcc, unicodestr); } else { if (bcc > 0) { - printf("smb_buf[]=\n"); - print_data(data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2))); + ND_PRINT((ndo, "smb_buf[]=\n")); + print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2))); } } } @@ -890,29 +892,28 @@ print_smb(const u_char *buf, const u_char *maxbuf) break; if (wct == 0) break; - TCHECK(words[1]); + ND_TCHECK(words[1]); command = words[1]; if (command == 0xFF) break; - TCHECK2(words[3], 2); + ND_TCHECK2(words[3], 2); newsmboffset = EXTRACT_LE_16BITS(words + 3); fn = smbfind(command, smb_fns); - printf("\nSMB PACKET: %s (%s) (CHAINED)\n", - fn->name, request ? "REQUEST" : "REPLY"); + ND_PRINT((ndo, "\nSMB PACKET: %s (%s) (CHAINED)\n", + fn->name, request ? "REQUEST" : "REPLY")); if (newsmboffset <= smboffset) { - printf("Bad andX offset: %u <= %u\n", newsmboffset, smboffset); + ND_PRINT((ndo, "Bad andX offset: %u <= %u\n", newsmboffset, smboffset)); break; } smboffset = newsmboffset; } - printf("\n"); + ND_PRINT((ndo, "\n")); return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } @@ -920,7 +921,8 @@ trunc: * print a NBT packet received across tcp on port 139 */ void -nbt_tcp_print(const u_char *data, int length) +nbt_tcp_print(netdissect_options *ndo, + const u_char *data, int length) { int caplen; int type; @@ -929,9 +931,9 @@ nbt_tcp_print(const u_char *data, int length) if (length < 4) goto trunc; - if (snapend < data) + if (ndo->ndo_snapend < data) goto trunc; - caplen = snapend - data; + caplen = ndo->ndo_snapend - data; if (caplen < 4) goto trunc; maxbuf = data + caplen; @@ -942,19 +944,19 @@ nbt_tcp_print(const u_char *data, int length) startbuf = data; - if (vflag < 2) { - printf(" NBT Session Packet: "); + if (ndo->ndo_vflag < 2) { + ND_PRINT((ndo, " NBT Session Packet: ")); switch (type) { case 0x00: - printf("Session Message"); + ND_PRINT((ndo, "Session Message")); break; case 0x81: - printf("Session Request"); + ND_PRINT((ndo, "Session Request")); break; case 0x82: - printf("Session Granted"); + ND_PRINT((ndo, "Session Granted")); break; case 0x83: @@ -969,64 +971,64 @@ nbt_tcp_print(const u_char *data, int length) goto trunc; ecode = data[4]; - printf("Session Reject, "); + ND_PRINT((ndo, "Session Reject, ")); switch (ecode) { case 0x80: - printf("Not listening on called name"); + ND_PRINT((ndo, "Not listening on called name")); break; case 0x81: - printf("Not listening for calling name"); + ND_PRINT((ndo, "Not listening for calling name")); break; case 0x82: - printf("Called name not present"); + ND_PRINT((ndo, "Called name not present")); break; case 0x83: - printf("Called name present, but insufficient resources"); + ND_PRINT((ndo, "Called name present, but insufficient resources")); break; default: - printf("Unspecified error 0x%X", ecode); + ND_PRINT((ndo, "Unspecified error 0x%X", ecode)); break; } } break; case 0x85: - printf("Session Keepalive"); + ND_PRINT((ndo, "Session Keepalive")); break; default: - data = smb_fdata(data, "Unknown packet type [rB]", maxbuf, 0); + data = smb_fdata(ndo, data, "Unknown packet type [rB]", maxbuf, 0); break; } } else { - printf ("\n>>> NBT Session Packet\n"); + ND_PRINT((ndo, "\n>>> NBT Session Packet\n")); switch (type) { case 0x00: - data = smb_fdata(data, "[P1]NBT Session Message\nFlags=[B]\nLength=[rd]\n", + data = smb_fdata(ndo, data, "[P1]NBT Session Message\nFlags=[B]\nLength=[rd]\n", data + 4, 0); if (data == NULL) break; if (nbt_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { if ((int)nbt_len > caplen) { if ((int)nbt_len > length) - printf("WARNING: Packet is continued in later TCP segments\n"); + ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n")); else - printf("WARNING: Short packet. Try increasing the snap length by %d\n", - nbt_len - caplen); + ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %d\n", + nbt_len - caplen)); } - print_smb(data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf); + print_smb(ndo, data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf); } else - printf("Session packet:(raw data or continuation?)\n"); + ND_PRINT((ndo, "Session packet:(raw data or continuation?)\n")); break; case 0x81: - data = smb_fdata(data, + data = smb_fdata(ndo, data, "[P1]NBT Session Request\nFlags=[B]\nLength=[rd]\nDestination=[n1]\nSource=[n1]\n", maxbuf, 0); break; case 0x82: - data = smb_fdata(data, "[P1]NBT Session Granted\nFlags=[B]\nLength=[rd]\n", maxbuf, 0); + data = smb_fdata(ndo, data, "[P1]NBT Session Granted\nFlags=[B]\nLength=[rd]\n", maxbuf, 0); break; case 0x83: @@ -1035,7 +1037,7 @@ nbt_tcp_print(const u_char *data, int length) int ecode; origdata = data; - data = smb_fdata(data, "[P1]NBT SessionReject\nFlags=[B]\nLength=[rd]\nReason=[B]\n", + data = smb_fdata(ndo, data, "[P1]NBT SessionReject\nFlags=[B]\nLength=[rd]\nReason=[B]\n", maxbuf, 0); if (data == NULL) break; @@ -1043,19 +1045,19 @@ nbt_tcp_print(const u_char *data, int length) ecode = origdata[4]; switch (ecode) { case 0x80: - printf("Not listening on called name\n"); + ND_PRINT((ndo, "Not listening on called name\n")); break; case 0x81: - printf("Not listening for calling name\n"); + ND_PRINT((ndo, "Not listening for calling name\n")); break; case 0x82: - printf("Called name not present\n"); + ND_PRINT((ndo, "Called name not present\n")); break; case 0x83: - printf("Called name present, but insufficient resources\n"); + ND_PRINT((ndo, "Called name present, but insufficient resources\n")); break; default: - printf("Unspecified error 0x%X\n", ecode); + ND_PRINT((ndo, "Unspecified error 0x%X\n", ecode)); break; } } @@ -1063,20 +1065,18 @@ nbt_tcp_print(const u_char *data, int length) break; case 0x85: - data = smb_fdata(data, "[P1]NBT Session Keepalive\nFlags=[B]\nLength=[rd]\n", maxbuf, 0); + data = smb_fdata(ndo, data, "[P1]NBT Session Keepalive\nFlags=[B]\nLength=[rd]\n", maxbuf, 0); break; default: - data = smb_fdata(data, "NBT - Unknown packet type\nType=[B]\n", maxbuf, 0); + data = smb_fdata(ndo, data, "NBT - Unknown packet type\nType=[B]\n", maxbuf, 0); break; } - printf("\n"); - fflush(stdout); + ND_PRINT((ndo, "\n")); } return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } @@ -1084,7 +1084,8 @@ trunc: * print a NBT packet received across udp on port 137 */ void -nbt_udp137_print(const u_char *data, int length) +nbt_udp137_print(netdissect_options *ndo, + const u_char *data, int length) { const u_char *maxbuf = data + length; int name_trn_id, response, opcode, nm_flags, rcode; @@ -1093,7 +1094,7 @@ nbt_udp137_print(const u_char *data, int length) const u_char *p; int total, i; - TCHECK2(data[10], 2); + ND_TCHECK2(data[10], 2); name_trn_id = EXTRACT_16BITS(data); response = (data[2] >> 7); opcode = (data[2] >> 3) & 0xF; @@ -1108,10 +1109,10 @@ nbt_udp137_print(const u_char *data, int length) if (maxbuf <= data) return; - if (vflag > 1) - printf("\n>>> "); + if (ndo->ndo_vflag > 1) + ND_PRINT((ndo, "\n>>> ")); - printf("NBT UDP PACKET(137): "); + ND_PRINT((ndo, "NBT UDP PACKET(137): ")); switch (opcode) { case 0: opcodestr = "QUERY"; break; @@ -1123,44 +1124,44 @@ nbt_udp137_print(const u_char *data, int length) case 15: opcodestr = "MULTIHOMED REGISTRATION"; break; default: opcodestr = "OPUNKNOWN"; break; } - printf("%s", opcodestr); + ND_PRINT((ndo, "%s", opcodestr)); if (response) { if (rcode) - printf("; NEGATIVE"); + ND_PRINT((ndo, "; NEGATIVE")); else - printf("; POSITIVE"); + ND_PRINT((ndo, "; POSITIVE")); } if (response) - printf("; RESPONSE"); + ND_PRINT((ndo, "; RESPONSE")); else - printf("; REQUEST"); + ND_PRINT((ndo, "; REQUEST")); if (nm_flags & 1) - printf("; BROADCAST"); + ND_PRINT((ndo, "; BROADCAST")); else - printf("; UNICAST"); + ND_PRINT((ndo, "; UNICAST")); - if (vflag < 2) + if (ndo->ndo_vflag < 2) return; - printf("\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n", + ND_PRINT((ndo, "\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n", name_trn_id, opcode, nm_flags, rcode, qdcount, ancount, nscount, - arcount); + arcount)); p = data + 12; total = ancount + nscount + arcount; if (qdcount > 100 || total > 100) { - printf("Corrupt packet??\n"); + ND_PRINT((ndo, "Corrupt packet??\n")); return; } if (qdcount) { - printf("QuestionRecords:\n"); + ND_PRINT((ndo, "QuestionRecords:\n")); for (i = 0; i < qdcount; i++) { - p = smb_fdata(p, + p = smb_fdata(ndo, p, "|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#", maxbuf, 0); if (p == NULL) @@ -1169,60 +1170,60 @@ nbt_udp137_print(const u_char *data, int length) } if (total) { - printf("\nResourceRecords:\n"); + ND_PRINT((ndo, "\nResourceRecords:\n")); for (i = 0; i < total; i++) { int rdlen; int restype; - p = smb_fdata(p, "Name=[n1]\n#", maxbuf, 0); + p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0); if (p == NULL) goto out; restype = EXTRACT_16BITS(p); - p = smb_fdata(p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0); + p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0); if (p == NULL) goto out; rdlen = EXTRACT_16BITS(p); - printf("ResourceLength=%d\nResourceData=\n", rdlen); + ND_PRINT((ndo, "ResourceLength=%d\nResourceData=\n", rdlen)); p += 2; if (rdlen == 6) { - p = smb_fdata(p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen, 0); + p = smb_fdata(ndo, p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen, 0); if (p == NULL) goto out; } else { if (restype == 0x21) { int numnames; - TCHECK(*p); + ND_TCHECK(*p); numnames = p[0]; - p = smb_fdata(p, "NumNames=[B]\n", p + 1, 0); + p = smb_fdata(ndo, p, "NumNames=[B]\n", p + 1, 0); if (p == NULL) goto out; while (numnames--) { - p = smb_fdata(p, "Name=[n2]\t#", maxbuf, 0); + p = smb_fdata(ndo, p, "Name=[n2]\t#", maxbuf, 0); if (p == NULL) goto out; - TCHECK(*p); + ND_TCHECK(*p); if (p[0] & 0x80) - printf(" "); + ND_PRINT((ndo, " ")); switch (p[0] & 0x60) { - case 0x00: printf("B "); break; - case 0x20: printf("P "); break; - case 0x40: printf("M "); break; - case 0x60: printf("_ "); break; + case 0x00: ND_PRINT((ndo, "B ")); break; + case 0x20: ND_PRINT((ndo, "P ")); break; + case 0x40: ND_PRINT((ndo, "M ")); break; + case 0x60: ND_PRINT((ndo, "_ ")); break; } if (p[0] & 0x10) - printf(" "); + ND_PRINT((ndo, " ")); if (p[0] & 0x08) - printf(" "); + ND_PRINT((ndo, " ")); if (p[0] & 0x04) - printf(" "); + ND_PRINT((ndo, " ")); if (p[0] & 0x02) - printf(" "); - printf("\n"); + ND_PRINT((ndo, " ")); + ND_PRINT((ndo, "\n")); p += 2; } } else { - print_data(p, min(rdlen, length - (p - data))); + print_data(ndo, p, min(rdlen, length - (p - data))); p += rdlen; } } @@ -1230,22 +1231,21 @@ nbt_udp137_print(const u_char *data, int length) } if (p < maxbuf) - smb_fdata(p, "AdditionalData:\n", maxbuf, 0); + smb_fdata(ndo, p, "AdditionalData:\n", maxbuf, 0); out: - printf("\n"); - fflush(stdout); + ND_PRINT((ndo, "\n")); return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } /* * Print an SMB-over-TCP packet received across tcp on port 445 */ void -smb_tcp_print (const u_char * data, int length) +smb_tcp_print(netdissect_options *ndo, + const u_char * data, int length) { int caplen; u_int smb_len; @@ -1253,9 +1253,9 @@ smb_tcp_print (const u_char * data, int length) if (length < 4) goto trunc; - if (snapend < data) + if (ndo->ndo_snapend < data) goto trunc; - caplen = snapend - data; + caplen = ndo->ndo_snapend - data; if (caplen < 4) goto trunc; maxbuf = data + caplen; @@ -1269,40 +1269,40 @@ smb_tcp_print (const u_char * data, int length) if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { if ((int)smb_len > caplen) { if ((int)smb_len > length) - printf("WARNING: Packet is continued in later TCP segments\n"); + ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n")); else - printf("WARNING: Short packet. Try increasing the snap length by %d\n", - smb_len - caplen); + ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %d\n", + smb_len - caplen)); } - print_smb(data, maxbuf > data + smb_len ? data + smb_len : maxbuf); + print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf); } else - printf("SMB-over-TCP packet:(raw data or continuation?)\n"); + ND_PRINT((ndo, "SMB-over-TCP packet:(raw data or continuation?)\n")); return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } /* * print a NBT packet received across udp on port 138 */ void -nbt_udp138_print(const u_char *data, int length) +nbt_udp138_print(netdissect_options *ndo, + const u_char *data, int length) { const u_char *maxbuf = data + length; - if (maxbuf > snapend) - maxbuf = snapend; + if (maxbuf > ndo->ndo_snapend) + maxbuf = ndo->ndo_snapend; if (maxbuf <= data) return; startbuf = data; - if (vflag < 2) { - printf("NBT UDP PACKET(138)"); + if (ndo->ndo_vflag < 2) { + ND_PRINT((ndo, "NBT UDP PACKET(138)")); return; } - data = smb_fdata(data, + data = smb_fdata(ndo, data, "\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#", maxbuf, 0); @@ -1312,11 +1312,10 @@ nbt_udp138_print(const u_char *data, int length) goto out; if (memcmp(data, "\377SMB",4) == 0) - print_smb(data, maxbuf); + print_smb(ndo, data, maxbuf); } out: - printf("\n"); - fflush(stdout); + ND_PRINT((ndo, "\n")); } @@ -1379,7 +1378,8 @@ struct nbf_strings { }; void -netbeui_print(u_short control, const u_char *data, int length) +netbeui_print(netdissect_options *ndo, + u_short control, const u_char *data, int length) { const u_char *maxbuf = data + length; int len; @@ -1387,9 +1387,9 @@ netbeui_print(u_short control, const u_char *data, int length) const u_char *data2; int is_truncated = 0; - if (maxbuf > snapend) - maxbuf = snapend; - TCHECK(data[4]); + if (maxbuf > ndo->ndo_snapend) + maxbuf = ndo->ndo_snapend; + ND_TCHECK(data[4]); len = EXTRACT_LE_16BITS(data); command = data[4]; data2 = data + len; @@ -1400,36 +1400,36 @@ netbeui_print(u_short control, const u_char *data, int length) startbuf = data; - if (vflag < 2) { - printf("NBF Packet: "); - data = smb_fdata(data, "[P5]#", maxbuf, 0); + if (ndo->ndo_vflag < 2) { + ND_PRINT((ndo, "NBF Packet: ")); + data = smb_fdata(ndo, data, "[P5]#", maxbuf, 0); } else { - printf("\n>>> NBF Packet\nType=0x%X ", control); - data = smb_fdata(data, "Length=[d] Signature=[w] Command=[B]\n#", maxbuf, 0); + ND_PRINT((ndo, "\n>>> NBF Packet\nType=0x%X ", control)); + data = smb_fdata(ndo, data, "Length=[d] Signature=[w] Command=[B]\n#", maxbuf, 0); } if (data == NULL) goto out; if (command > 0x1f || nbf_strings[command].name == NULL) { - if (vflag < 2) - data = smb_fdata(data, "Unknown NBF Command#", data2, 0); + if (ndo->ndo_vflag < 2) + data = smb_fdata(ndo, data, "Unknown NBF Command#", data2, 0); else - data = smb_fdata(data, "Unknown NBF Command\n", data2, 0); + data = smb_fdata(ndo, data, "Unknown NBF Command\n", data2, 0); } else { - if (vflag < 2) { - printf("%s", nbf_strings[command].name); + if (ndo->ndo_vflag < 2) { + ND_PRINT((ndo, "%s", nbf_strings[command].name)); if (nbf_strings[command].nonverbose != NULL) - data = smb_fdata(data, nbf_strings[command].nonverbose, data2, 0); + data = smb_fdata(ndo, data, nbf_strings[command].nonverbose, data2, 0); } else { - printf("%s:\n", nbf_strings[command].name); + ND_PRINT((ndo, "%s:\n", nbf_strings[command].name)); if (nbf_strings[command].verbose != NULL) - data = smb_fdata(data, nbf_strings[command].verbose, data2, 0); + data = smb_fdata(ndo, data, nbf_strings[command].verbose, data2, 0); else - printf("\n"); + ND_PRINT((ndo, "\n")); } } - if (vflag < 2) + if (ndo->ndo_vflag < 2) return; if (data == NULL) @@ -1450,26 +1450,25 @@ netbeui_print(u_short control, const u_char *data, int length) goto out; if (memcmp(data2, "\377SMB",4) == 0) - print_smb(data2, maxbuf); + print_smb(ndo, data2, maxbuf); else { int i; for (i = 0; i < 128; i++) { if (&data2[i + 3] >= maxbuf) break; if (memcmp(&data2[i], "\377SMB", 4) == 0) { - printf("found SMB packet at %d\n", i); - print_smb(&data2[i], maxbuf); + ND_PRINT((ndo, "found SMB packet at %d\n", i)); + print_smb(ndo, &data2[i], maxbuf); break; } } } out: - printf("\n"); + ND_PRINT((ndo, "\n")); return; trunc: - printf("%s", tstr); - return; + ND_PRINT((ndo, "%s", tstr)); } @@ -1477,7 +1476,8 @@ trunc: * print IPX-Netbios frames */ void -ipx_netbios_print(const u_char *data, u_int length) +ipx_netbios_print(netdissect_options *ndo, + const u_char *data, u_int length) { /* * this is a hack till I work out how to parse the rest of the @@ -1488,20 +1488,19 @@ ipx_netbios_print(const u_char *data, u_int length) maxbuf = data + length; /* Don't go past the end of the captured data in the packet. */ - if (maxbuf > snapend) - maxbuf = snapend; + if (maxbuf > ndo->ndo_snapend) + maxbuf = ndo->ndo_snapend; startbuf = data; for (i = 0; i < 128; i++) { if (&data[i + 4] > maxbuf) break; if (memcmp(&data[i], "\377SMB", 4) == 0) { - smb_fdata(data, "\n>>> IPX transport ", &data[i], 0); - print_smb(&data[i], maxbuf); - printf("\n"); - fflush(stdout); + smb_fdata(ndo, data, "\n>>> IPX transport ", &data[i], 0); + print_smb(ndo, &data[i], maxbuf); + ND_PRINT((ndo, "\n")); break; } } if (i == 128) - smb_fdata(data, "\n>>> Unknown IPX ", maxbuf, 0); + smb_fdata(ndo, data, "\n>>> Unknown IPX ", maxbuf, 0); } diff --git a/print-tcp.c b/print-tcp.c index 4e970038..b6f5cbd4 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -678,9 +678,9 @@ tcp_print(register const u_char *bp, register u_int length, pptp_print(gndo, bp); #ifdef TCPDUMP_DO_SMB else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT) - nbt_tcp_print(bp, length); + nbt_tcp_print(gndo, bp, length); else if (sport == SMB_PORT || dport == SMB_PORT) - smb_tcp_print(bp, length); + smb_tcp_print(gndo, bp, length); #endif else if (sport == BEEP_PORT || dport == BEEP_PORT) beep_print(gndo, bp, length); diff --git a/print-udp.c b/print-udp.c index 9f7d5af9..f3c1235f 100644 --- a/print-udp.c +++ b/print-udp.c @@ -600,9 +600,9 @@ udp_print(netdissect_options *ndo, register const u_char *bp, u_int length, l2tp_print(ndo, (const u_char *)(up + 1), length); #ifdef TCPDUMP_DO_SMB else if (ISPORT(NETBIOS_NS_PORT)) - nbt_udp137_print((const u_char *)(up + 1), length); + nbt_udp137_print(ndo, (const u_char *)(up + 1), length); else if (ISPORT(NETBIOS_DGRAM_PORT)) - nbt_udp138_print((const u_char *)(up + 1), length); + nbt_udp138_print(ndo, (const u_char *)(up + 1), length); #endif else if (dport == VAT_PORT) vat_print(ndo, (const void *)(up + 1), up); diff --git a/smb.h b/smb.h index 97a43638..fbaa2f41 100644 --- a/smb.h +++ b/smb.h @@ -116,4 +116,4 @@ #define PTR_DIFF(p1, p2) ((size_t)(((char *)(p1)) - (char *)(p2))) /* some protos */ -const u_char *smb_fdata(const u_char *, const char *, const u_char *, int); +const u_char *smb_fdata(netdissect_options *, const u_char *, const char *, const u_char *, int); diff --git a/smbutil.c b/smbutil.c index f6917c02..95740daa 100644 --- a/smbutil.c +++ b/smbutil.c @@ -6,6 +6,7 @@ * or later */ +#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -124,14 +125,15 @@ interpret_long_date(const u_char *p) * we run past the end of the buffer */ static int -name_interpret(const u_char *in, const u_char *maxbuf, char *out) +name_interpret(netdissect_options *ndo, + const u_char *in, const u_char *maxbuf, char *out) { int ret; int len; if (in >= maxbuf) return(-1); /* name goes past the end of the buffer */ - TCHECK2(*in, 1); + ND_TCHECK2(*in, 1); len = (*in++) / 2; *out=0; @@ -140,7 +142,7 @@ name_interpret(const u_char *in, const u_char *maxbuf, char *out) return(0); while (len--) { - TCHECK2(*in, 2); + ND_TCHECK2(*in, 2); if (in + 1 >= maxbuf) return(-1); /* name goes past the end of the buffer */ if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') { @@ -164,7 +166,8 @@ trunc: * find a pointer to a netbios name */ static const u_char * -name_ptr(const u_char *buf, int ofs, const u_char *maxbuf) +name_ptr(netdissect_options *ndo, + const u_char *buf, int ofs, const u_char *maxbuf) { const u_char *p; u_char c; @@ -172,7 +175,7 @@ name_ptr(const u_char *buf, int ofs, const u_char *maxbuf) p = buf + ofs; if (p >= maxbuf) return(NULL); /* name goes past the end of the buffer */ - TCHECK2(*p, 1); + ND_TCHECK2(*p, 1); c = *p; @@ -180,7 +183,7 @@ name_ptr(const u_char *buf, int ofs, const u_char *maxbuf) if ((c & 0xC0) == 0xC0) { u_int16_t l; - TCHECK2(*p, 2); + ND_TCHECK2(*p, 2); if ((p + 1) >= maxbuf) return(NULL); /* name goes past the end of the buffer */ l = EXTRACT_16BITS(p) & 0x3FFF; @@ -191,7 +194,7 @@ name_ptr(const u_char *buf, int ofs, const u_char *maxbuf) p = buf + l; if (p >= maxbuf) return(NULL); /* name goes past the end of the buffer */ - TCHECK2(*p, 1); + ND_TCHECK2(*p, 1); } return(p); @@ -203,13 +206,14 @@ trunc: * extract a netbios name from a buf */ static int -name_extract(const u_char *buf, int ofs, const u_char *maxbuf, char *name) +name_extract(netdissect_options *ndo, + const u_char *buf, int ofs, const u_char *maxbuf, char *name) { - const u_char *p = name_ptr(buf, ofs, maxbuf); + const u_char *p = name_ptr(ndo, buf, ofs, maxbuf); if (p == NULL) return(-1); /* error (probably name going past end of buffer) */ name[0] = '\0'; - return(name_interpret(p, maxbuf, name)); + return(name_interpret(ndo, p, maxbuf, name)); } @@ -217,21 +221,22 @@ name_extract(const u_char *buf, int ofs, const u_char *maxbuf, char *name) * return the total storage length of a mangled name */ static int -name_len(const unsigned char *s, const unsigned char *maxbuf) +name_len(netdissect_options *ndo, + const unsigned char *s, const unsigned char *maxbuf) { const unsigned char *s0 = s; unsigned char c; if (s >= maxbuf) return(-1); /* name goes past the end of the buffer */ - TCHECK2(*s, 1); + ND_TCHECK2(*s, 1); c = *s; if ((c & 0xC0) == 0xC0) return(2); while (*s) { if (s >= maxbuf) return(-1); /* name goes past the end of the buffer */ - TCHECK2(*s, 1); + ND_TCHECK2(*s, 1); s += (*s) + 1; } return(PTR_DIFF(s, s0) + 1); @@ -241,11 +246,12 @@ trunc: } static void -print_asc(const unsigned char *buf, int len) +print_asc(netdissect_options *ndo, + const unsigned char *buf, int len) { int i; for (i = 0; i < len; i++) - safeputchar(gndo, buf[i]); + safeputchar(ndo, buf[i]); } static const char * @@ -266,56 +272,58 @@ name_type_str(int name_type) } void -print_data(const unsigned char *buf, int len) +print_data(netdissect_options *ndo, + const unsigned char *buf, int len) { int i = 0; if (len <= 0) return; - printf("[%03X] ", i); + ND_PRINT((ndo, "[%03X] ", i)); for (i = 0; i < len; /*nothing*/) { - TCHECK(buf[i]); - printf("%02X ", buf[i] & 0xff); + ND_TCHECK(buf[i]); + ND_PRINT((ndo, "%02X ", buf[i] & 0xff)); i++; if (i%8 == 0) - printf(" "); + ND_PRINT((ndo, " ")); if (i % 16 == 0) { - print_asc(&buf[i - 16], 8); - printf(" "); - print_asc(&buf[i - 8], 8); - printf("\n"); + print_asc(ndo, &buf[i - 16], 8); + ND_PRINT((ndo, " ")); + print_asc(ndo, &buf[i - 8], 8); + ND_PRINT((ndo, "\n")); if (i < len) - printf("[%03X] ", i); + ND_PRINT((ndo, "[%03X] ", i)); } } if (i % 16) { int n; n = 16 - (i % 16); - printf(" "); + ND_PRINT((ndo, " ")); if (n>8) - printf(" "); + ND_PRINT((ndo, " ")); while (n--) - printf(" "); + ND_PRINT((ndo, " ")); n = min(8, i % 16); - print_asc(&buf[i - (i % 16)], n); - printf(" "); + print_asc(ndo, &buf[i - (i % 16)], n); + ND_PRINT((ndo, " ")); n = (i % 16) - n; if (n > 0) - print_asc(&buf[i - n], n); - printf("\n"); + print_asc(ndo, &buf[i - n], n); + ND_PRINT((ndo, "\n")); } return; trunc: - printf("\n"); - printf("WARNING: Short packet. Try increasing the snap length\n"); + ND_PRINT((ndo, "\n")); + ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length\n")); } static void -write_bits(unsigned int val, const char *fmt) +write_bits(netdissect_options *ndo, + unsigned int val, const char *fmt) { const char *p = fmt; int i = 0; @@ -323,7 +331,7 @@ write_bits(unsigned int val, const char *fmt) while ((p = strchr(fmt, '|'))) { size_t l = PTR_DIFF(p, fmt); if (l && (val & (1 << i))) - printf("%.*s ", (int)l, fmt); + ND_PRINT((ndo, "%.*s ", (int)l, fmt)); fmt = p + 1; i++; } @@ -332,7 +340,8 @@ write_bits(unsigned int val, const char *fmt) /* convert a UCS-2 string into an ASCII string */ #define MAX_UNISTR_SIZE 1000 static const char * -unistr(const u_char *s, u_int32_t *len, int use_unicode) +unistr(netdissect_options *ndo, + const u_char *s, u_int32_t *len, int use_unicode) { static char buf[MAX_UNISTR_SIZE+1]; size_t l = 0; @@ -344,7 +353,7 @@ unistr(const u_char *s, u_int32_t *len, int use_unicode) * Skip padding that puts the string on an even boundary. */ if (((s - startbuf) % 2) != 0) { - TCHECK(s[0]); + ND_TCHECK(s[0]); s++; } } @@ -356,7 +365,7 @@ unistr(const u_char *s, u_int32_t *len, int use_unicode) sp = s; if (!use_unicode) { for (;;) { - TCHECK(sp[0]); + ND_TCHECK(sp[0]); *len += 1; if (sp[0] == 0) break; @@ -365,7 +374,7 @@ unistr(const u_char *s, u_int32_t *len, int use_unicode) strsize = *len - 1; } else { for (;;) { - TCHECK2(sp[0], 2); + ND_TCHECK2(sp[0], 2); *len += 2; if (sp[0] == 0 && sp[1] == 0) break; @@ -381,7 +390,7 @@ unistr(const u_char *s, u_int32_t *len, int use_unicode) } if (!use_unicode) { while (strsize != 0) { - TCHECK(s[0]); + ND_TCHECK(s[0]); if (l >= MAX_UNISTR_SIZE) break; if (ND_ISPRINT(s[0])) @@ -397,7 +406,7 @@ unistr(const u_char *s, u_int32_t *len, int use_unicode) } } else { while (strsize != 0) { - TCHECK2(s[0], 2); + ND_TCHECK2(s[0], 2); if (l >= MAX_UNISTR_SIZE) break; if (s[1] == 0 && ND_ISPRINT(s[0])) { @@ -424,8 +433,9 @@ trunc: } static const u_char * -smb_fdata1(const u_char *buf, const char *fmt, const u_char *maxbuf, - int unicodestr) +smb_fdata1(netdissect_options *ndo, + const u_char *buf, const char *fmt, const u_char *maxbuf, + int unicodestr) { int reverse = 0; const char *attrib_fmt = "READONLY|HIDDEN|SYSTEM|VOLUME|DIR|ARCHIVE|"; @@ -433,15 +443,15 @@ smb_fdata1(const u_char *buf, const char *fmt, const u_char *maxbuf, while (*fmt && buf= maxbuf && *fmt) - printf("END OF BUFFER\n"); + ND_PRINT((ndo, "END OF BUFFER\n")); return(buf); trunc: - printf("\n"); - printf("WARNING: Short packet. Try increasing the snap length\n"); + ND_PRINT((ndo, "\n")); + ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length\n")); return(NULL); } const u_char * -smb_fdata(const u_char *buf, const char *fmt, const u_char *maxbuf, - int unicodestr) +smb_fdata(netdissect_options *ndo, + const u_char *buf, const char *fmt, const u_char *maxbuf, + int unicodestr) { static int depth = 0; char s[128]; @@ -797,7 +808,7 @@ smb_fdata(const u_char *buf, const char *fmt, const u_char *maxbuf, while (buf < maxbuf) { const u_char *buf2; depth++; - buf2 = smb_fdata(buf, fmt, maxbuf, unicodestr); + buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr); depth--; if (buf2 == NULL) return(NULL); @@ -836,22 +847,21 @@ smb_fdata(const u_char *buf, const char *fmt, const u_char *maxbuf, strncpy(s, fmt, p - fmt); s[p - fmt] = '\0'; fmt = p + 1; - buf = smb_fdata1(buf, s, maxbuf, unicodestr); + buf = smb_fdata1(ndo, buf, s, maxbuf, unicodestr); if (buf == NULL) return(NULL); break; default: - putchar(*fmt); + ND_PRINT((ndo, "%c", *fmt)); fmt++; - fflush(stdout); break; } } if (!depth && buf < maxbuf) { size_t len = PTR_DIFF(maxbuf, buf); - printf("Data: (%lu bytes)\n", (unsigned long)len); - print_data(buf, len); + ND_PRINT((ndo, "Data: (%lu bytes)\n", (unsigned long)len)); + print_data(ndo, buf, len); return(buf + len); } return(buf);