From: guy Date: Thu, 11 Mar 2004 09:36:14 +0000 (+0000) Subject: Add support for DLT_ value 99, as used by the Axent Raptor X-Git-Tag: tcpdump-3.9.1~464 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/cc3207b9affac5eacc416e6d263d1327d7f6e3fa Add support for DLT_ value 99, as used by the Axent Raptor firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not asking us for a DLT_ value and not telling us about the link-layer type. --- diff --git a/FILES b/FILES index 30faa1a7..a23f7e5b 100644 --- a/FILES +++ b/FILES @@ -170,6 +170,7 @@ print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c +print-symantec.c print-tcp.c print-telnet.c print-tftp.c diff --git a/INSTALL b/INSTALL index aa65a869..f8edb41a 100644 --- a/INSTALL +++ b/INSTALL @@ -1,4 +1,4 @@ -@(#) $Header: /tcpdump/master/tcpdump/Attic/INSTALL,v 1.58 2003-12-15 02:44:38 guy Exp $ (LBL) +@(#) $Header: /tcpdump/master/tcpdump/Attic/INSTALL,v 1.59 2004-03-11 09:36:15 guy Exp $ (LBL) If you have not built libpcap, do so first. See the README file in this directory for the ftp location. @@ -187,6 +187,7 @@ print-snmp.c - Simple Network Management Protocol printer routines print-stp.c - IEEE 802.1d spanning tree protocol printer routines print-sunatm.c - SunATM DLPI capture printer routines print-sunrpc.c - Sun Remote Procedure Call printer routines +print-symantec.c - Symantec Enterprise Firewall printer routines print-tcp.c - TCP printer routines print-telnet.c - Telnet option printer routines print-tftp.c - Trivial File Transfer Protocol printer routines diff --git a/Makefile.in b/Makefile.in index 11a49ac6..7d7394ea 100644 --- a/Makefile.in +++ b/Makefile.in @@ -17,7 +17,7 @@ # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # -# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.279 2003-12-15 02:12:40 guy Exp $ (LBL) +# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.280 2004-03-11 09:36:15 guy Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -82,8 +82,8 @@ CSRC = addrtoname.c gmpls.c oui.c gmt2local.c machdep.c parsenfsfh.c \ print-pptp.c print-radius.c print-raw.c print-rip.c \ print-rsvp.c print-rx.c print-sctp.c print-sl.c print-sll.c \ print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c \ - print-tcp.c print-telnet.c print-tftp.c print-timed.c \ - print-token.c print-udp.c print-vjc.c print-vrrp.c \ + print-symantec.c print-tcp.c print-telnet.c print-tftp.c \ + print-timed.c print-token.c print-udp.c print-vjc.c print-vrrp.c \ print-wb.c print-zephyr.c setsignal.c tcpdump.c util.c LOCALSRC = @LOCALSRC@ diff --git a/interface.h b/interface.h index 88f76bc0..69158efc 100644 --- a/interface.h +++ b/interface.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.222 2003-12-29 11:05:09 hannes Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.223 2004-03-11 09:36:15 guy Exp $ (LBL) */ #ifndef tcpdump_interface_h @@ -276,6 +276,7 @@ extern u_int chdlc_if_print(const struct pcap_pkthdr *, const u_char *); extern u_int sll_if_print(const struct pcap_pkthdr *, const u_char *); extern void snmp_print(const u_char *, u_int); extern void sunrpcrequest_print(const u_char *, u_int, const u_char *); +extern u_int symantec_if_print(const struct pcap_pkthdr *, const u_char *); extern void tcp_print(const u_char *, u_int, const u_char *, int); extern void tftp_print(const u_char *, u_int); extern void timed_print(const u_char *); diff --git a/print-symantec.c b/print-symantec.c new file mode 100644 index 00000000..d07646c3 --- /dev/null +++ b/print-symantec.c @@ -0,0 +1,123 @@ +/* + * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code distributions + * retain the above copyright notice and this paragraph in its entirety, (2) + * distributions including binary code include the above copyright notice and + * this paragraph in its entirety in the documentation or other materials + * provided with the distribution, and (3) all advertising materials mentioning + * features or use of this software display the following acknowledgement: + * ``This product includes software developed by the University of California, + * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of + * the University nor the names of its contributors may be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ +#ifndef lint +static const char rcsid[] _U_ = + "@(#) $Header: /tcpdump/master/tcpdump/print-symantec.c,v 1.1 2004-03-11 09:36:16 guy Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include + +#include "interface.h" +#include "addrtoname.h" +#include "ethertype.h" + +#include "ether.h" + +const u_char *snapend; + +struct symantec_header { + u_int8_t stuff1[6]; + u_int16_t ether_type; + u_int8_t stuff2[36]; +}; + +static inline void +symantec_hdr_print(register const u_char *bp, u_int length) +{ + register const struct symantec_header *sp; + u_int16_t etype; + + sp = (const struct symantec_header *)bp; + + etype = ntohs(sp->ether_type); + if (!qflag) { + if (etype <= ETHERMTU) + (void)printf(", invalid ethertype %u", etype); + else + (void)printf(", ethertype %s (0x%04x)", + tok2str(ethertype_values,"Unknown", etype), + etype); + } else { + if (etype <= ETHERMTU) + (void)printf(", invalid ethertype %u", etype); + else + (void)printf(", %s", tok2str(ethertype_values,"Unknown Ethertype (0x%04x)", etype)); + } + + (void)printf(", length %u: ", length); +} + +/* + * This is the top level routine of the printer. 'p' points + * to the ether header of the packet, 'h->ts' is the timestamp, + * 'h->length' is the length of the packet off the wire, and 'h->caplen' + * is the number of bytes actually captured. + */ +u_int +symantec_if_print(const struct pcap_pkthdr *h, const u_char *p) +{ + u_int length = h->len; + u_int caplen = h->caplen; + struct symantec_header *sp; + u_short ether_type; + u_short extracted_ether_type; + + if (caplen < sizeof (struct symantec_header)) { + printf("[|syhmantec]"); + return caplen; + } + + if (eflag) + symantec_hdr_print(p, length); + + length -= sizeof (struct symantec_header); + caplen -= sizeof (struct symantec_header); + sp = (struct symantec_header *)p; + p += sizeof (struct symantec_header); + + ether_type = ntohs(sp->ether_type); + + if (ether_type <= ETHERMTU) { + /* ether_type not known, print raw packet */ + if (!eflag) + symantec_hdr_print((u_char *)sp, length + sizeof (struct symantec_header)); + + if (!xflag && !qflag) + default_print(p, caplen); + } else if (ether_encap_print(ether_type, p, length, caplen, + &extracted_ether_type) == 0) { + /* ether_type not known, print raw packet */ + if (!eflag) + symantec_hdr_print((u_char *)sp, length + sizeof (struct symantec_header)); + + if (!xflag && !qflag) + default_print(p, caplen); + } + + return (sizeof (struct symantec_header)); +} diff --git a/tcpdump.c b/tcpdump.c index 5d48baf1..2fedb9fa 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -30,7 +30,7 @@ static const char copyright[] _U_ = "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.233 2004-02-26 08:47:27 hannes Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.234 2004-03-11 09:36:16 guy Exp $ (LBL)"; #endif /* @@ -231,6 +231,9 @@ static struct printer printers[] = { #endif #ifdef DLT_ENC { enc_if_print, DLT_ENC }, +#endif +#ifdef DLT_SYMANTEC_FIREWALL + { symantec_if_print, DLT_SYMANTEC_FIREWALL }, #endif { NULL, 0 }, };