diff options
| author | fenner <fenner@FreeBSD.org> | 2002-06-21 00:49:02 +0000 |
|---|---|---|
| committer | fenner <fenner@FreeBSD.org> | 2002-06-21 00:49:02 +0000 |
| commit | 6d9538de202e4b8787f1b1a2ee8dce6273a43dc2 (patch) | |
| tree | cf4df09e1e89ebd11358792543230083e577ad0f | |
| parent | d832be42ce7cc0a492cddc15e8429bc29fb46462 (diff) | |
| download | FreeBSD-src-6d9538de202e4b8787f1b1a2ee8dce6273a43dc2.zip FreeBSD-src-6d9538de202e4b8787f1b1a2ee8dce6273a43dc2.tar.gz | |
Merge tcpdump 3.7.1
MFC after: 2 weeks
30 files changed, 3144 insertions, 1474 deletions
diff --git a/contrib/tcpdump/addrtoname.c b/contrib/tcpdump/addrtoname.c index e53f41e..19eedbc 100644 --- a/contrib/tcpdump/addrtoname.c +++ b/contrib/tcpdump/addrtoname.c @@ -25,7 +25,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/addrtoname.c,v 1.69.2.1 2001/01/17 18:29:58 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/addrtoname.c,v 1.83 2001/09/17 21:57:50 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -60,7 +60,6 @@ struct rtentry; #include "interface.h" #include "addrtoname.h" #include "llc.h" -#include "savestr.h" #include "setsignal.h" /* Forwards */ @@ -74,7 +73,7 @@ static RETSIGTYPE nohostname(int); struct hnamemem { u_int32_t addr; - char *name; + const char *name; struct hnamemem *nxt; }; @@ -99,18 +98,20 @@ struct enamemem { u_short e_addr0; u_short e_addr1; u_short e_addr2; - char *e_name; + const char *e_name; u_char *e_nsap; /* used only for nsaptable[] */ +#define e_bs e_nsap /* for bytestringtable */ struct enamemem *e_nxt; }; struct enamemem enametable[HASHNAMESIZE]; struct enamemem nsaptable[HASHNAMESIZE]; +struct enamemem bytestringtable[HASHNAMESIZE]; struct protoidmem { u_int32_t p_oui; u_short p_proto; - char *p_name; + const char *p_name; struct protoidmem *p_nxt; }; @@ -119,7 +120,7 @@ struct protoidmem protoidtable[HASHNAMESIZE]; /* * A faster replacement for inet_ntoa(). */ -char * +const char * intoa(u_int32_t addr) { register char *cp; @@ -171,18 +172,14 @@ nohostname(int signo) * Return a name for the IP address pointed to by ap. This address * is assumed to be in network byte order. */ -char * +const char * getname(const u_char *ap) { register struct hostent *hp; u_int32_t addr; static struct hnamemem *p; /* static for longjmp() */ -#ifndef LBL_ALIGN - addr = *(const u_int32_t *)ap; -#else memcpy(&addr, ap, sizeof(addr)); -#endif p = &hnametable[addr & (HASHNAMESIZE-1)]; for (; p->nxt; p = p->nxt) { if (p->addr == addr) @@ -212,7 +209,7 @@ getname(const u_char *ap) if (hp) { char *dotp; - p->name = savestr(hp->h_name); + p->name = strdup(hp->h_name); if (Nflag) { /* Remove domain qualifications */ dotp = strchr(p->name, '.'); @@ -223,7 +220,7 @@ getname(const u_char *ap) } } } - p->name = savestr(intoa(addr)); + p->name = strdup(intoa(addr)); return (p->name); } @@ -232,13 +229,13 @@ getname(const u_char *ap) * Return a name for the IP6 address pointed to by ap. This address * is assumed to be in network byte order. */ -char * +const char * getname6(const u_char *ap) { register struct hostent *hp; struct in6_addr addr; static struct h6namemem *p; /* static for longjmp() */ - register char *cp; + register const char *cp; char ntop_buf[INET6_ADDRSTRLEN]; memcpy(&addr, ap, sizeof(addr)); @@ -275,7 +272,7 @@ getname6(const u_char *ap) if (hp) { char *dotp; - p->name = savestr(hp->h_name); + p->name = strdup(hp->h_name); if (Nflag) { /* Remove domain qualifications */ dotp = strchr(p->name, '.'); @@ -286,8 +283,8 @@ getname6(const u_char *ap) } } } - cp = (char *)inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); - p->name = savestr(cp); + cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); + p->name = strdup(cp); return (p->name); } #endif /* INET6 */ @@ -325,13 +322,58 @@ lookup_emem(const u_char *ep) return tp; } +/* + * Find the hash node that corresponds to the bytestring 'bs' + * with length 'nlen' + */ + +static inline struct enamemem * +lookup_bytestring(register const u_char *bs, const unsigned int nlen) +{ + struct enamemem *tp; + register u_int i, j, k; + + if (nlen >= 6) { + k = (bs[0] << 8) | bs[1]; + j = (bs[2] << 8) | bs[3]; + i = (bs[4] << 8) | bs[5]; + } else if (nlen >= 4) { + k = (bs[0] << 8) | bs[1]; + j = (bs[2] << 8) | bs[3]; + i = 0; + } else + i = j = k = 0; + + tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)]; + while (tp->e_nxt) + if (tp->e_addr0 == i && + tp->e_addr1 == j && + tp->e_addr2 == k && + memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0) + return tp; + else + tp = tp->e_nxt; + + tp->e_addr0 = i; + tp->e_addr1 = j; + tp->e_addr2 = k; + + tp->e_bs = (u_char *) calloc(1, nlen + 1); + memcpy(tp->e_bs, bs, nlen); + tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); + if (tp->e_nxt == NULL) + error("lookup_bytestring: calloc"); + + return tp; +} + /* Find the hash node that corresponds the NSAP 'nsap' */ static inline struct enamemem * lookup_nsap(register const u_char *nsap) { register u_int i, j, k; - int nlen = *nsap; + unsigned int nlen = *nsap; struct enamemem *tp; const u_char *ensap = nsap + nlen - 6; @@ -349,7 +391,7 @@ lookup_nsap(register const u_char *nsap) tp->e_addr1 == j && tp->e_addr2 == k && tp->e_nsap[0] == nlen && - memcmp((char *)&(nsap[1]), + memcmp((const char *)&(nsap[1]), (char *)&(tp->e_nsap[1]), nlen) == 0) return tp; else @@ -360,7 +402,7 @@ lookup_nsap(register const u_char *nsap) tp->e_nsap = (u_char *)malloc(nlen + 1); if (tp->e_nsap == NULL) error("lookup_nsap: malloc"); - memcpy((char *)tp->e_nsap, (char *)nsap, nlen + 1); + memcpy((char *)tp->e_nsap, (const char *)nsap, nlen + 1); tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); if (tp->e_nxt == NULL) error("lookup_nsap: calloc"); @@ -396,7 +438,7 @@ lookup_protoid(const u_char *pi) return tp; } -char * +const char * etheraddr_string(register const u_char *ep) { register u_int i, j; @@ -407,11 +449,11 @@ etheraddr_string(register const u_char *ep) tp = lookup_emem(ep); if (tp->e_name) return (tp->e_name); -#ifdef HAVE_ETHER_NTOHOST +#ifdef USE_ETHER_NTOHOST if (!nflag) { char buf[128]; - if (ether_ntohost(buf, (struct ether_addr *)ep) == 0) { - tp->e_name = savestr(buf); + if (ether_ntohost(buf, (const struct ether_addr *)ep) == 0) { + tp->e_name = strdup(buf); return (tp->e_name); } } @@ -427,11 +469,41 @@ etheraddr_string(register const u_char *ep) *cp++ = hex[*ep++ & 0xf]; } *cp = '\0'; - tp->e_name = savestr(buf); + tp->e_name = strdup(buf); return (tp->e_name); } -char * +const char * +linkaddr_string(const u_char *ep, const unsigned int len) +{ + register u_int i, j; + register char *cp; + register struct enamemem *tp; + + if (len == 6) /* XXX not totally correct... */ + return etheraddr_string(ep); + + tp = lookup_bytestring(ep, len); + if (tp->e_name) + return (tp->e_name); + + tp->e_name = cp = (char *)malloc(len*3); + if (tp->e_name == NULL) + error("linkaddr_string: malloc"); + if ((j = *ep >> 4) != 0) + *cp++ = hex[j]; + *cp++ = hex[*ep++ & 0xf]; + for (i = len-1; i > 0 ; --i) { + *cp++ = ':'; + if ((j = *ep >> 4) != 0) + *cp++ = hex[j]; + *cp++ = hex[*ep++ & 0xf]; + } + *cp = '\0'; + return (tp->e_name); +} + +const char * etherproto_string(u_short port) { register char *cp; @@ -453,11 +525,11 @@ etherproto_string(u_short port) *cp++ = hex[port >> 4 & 0xf]; *cp++ = hex[port & 0xf]; *cp++ = '\0'; - tp->name = savestr(buf); + tp->name = strdup(buf); return (tp->name); } -char * +const char * protoid_string(register const u_char *pi) { register u_int i, j; @@ -480,11 +552,11 @@ protoid_string(register const u_char *pi) *cp++ = hex[*pi++ & 0xf]; } *cp = '\0'; - tp->p_name = savestr(buf); + tp->p_name = strdup(buf); return (tp->p_name); } -char * +const char * llcsap_string(u_char sap) { register struct hnamemem *tp; @@ -499,11 +571,11 @@ llcsap_string(u_char sap) tp->nxt = newhnamemem(); snprintf(buf, sizeof(buf), "sap %02x", sap & 0xff); - tp->name = savestr(buf); + tp->name = strdup(buf); return (tp->name); } -char * +const char * isonsap_string(const u_char *nsap) { register u_int i, nlen = nsap[0]; @@ -529,7 +601,7 @@ isonsap_string(const u_char *nsap) return (tp->e_name); } -char * +const char * tcpport_string(u_short port) { register struct hnamemem *tp; @@ -544,11 +616,11 @@ tcpport_string(u_short port) tp->nxt = newhnamemem(); (void)snprintf(buf, sizeof(buf), "%u", i); - tp->name = savestr(buf); + tp->name = strdup(buf); return (tp->name); } -char * +const char * udpport_string(register u_short port) { register struct hnamemem *tp; @@ -563,7 +635,7 @@ udpport_string(register u_short port) tp->nxt = newhnamemem(); (void)snprintf(buf, sizeof(buf), "%u", i); - tp->name = savestr(buf); + tp->name = strdup(buf); return (tp->name); } @@ -589,9 +661,9 @@ init_servarray(void) table = table->nxt; if (nflag) { (void)snprintf(buf, sizeof(buf), "%d", port); - table->name = savestr(buf); + table->name = strdup(buf); } else - table->name = savestr(sv->s_name); + table->name = strdup(sv->s_name); table->addr = port; table->nxt = newhnamemem(); } @@ -621,6 +693,18 @@ init_eprotoarray(void) } } +static struct protoidlist { + const u_char protoid[5]; + const char *name; +} protoidlist[] = { + {{ 0x00, 0x00, 0x0c, 0x01, 0x07 }, "CiscoMLS" }, + {{ 0x00, 0x00, 0x0c, 0x20, 0x00 }, "CiscoCDP" }, + {{ 0x00, 0x00, 0x0c, 0x20, 0x01 }, "CiscoCGMP" }, + {{ 0x00, 0x00, 0x0c, 0x20, 0x03 }, "CiscoVTP" }, + {{ 0x00, 0xe0, 0x2b, 0x00, 0xbb }, "ExtremeEDP" }, + {{ 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL } +}; + /* * SNAP proto IDs with org code 0:0:0 are actually encapsulated Ethernet * types. @@ -630,6 +714,7 @@ init_protoidarray(void) { register int i; register struct protoidmem *tp; + struct protoidlist *pl; u_char protoid[5]; protoid[0] = 0; @@ -640,13 +725,22 @@ init_protoidarray(void) memcpy((char *)&protoid[3], (char *)&etype, 2); tp = lookup_protoid(protoid); - tp->p_name = savestr(eproto_db[i].s); + tp->p_name = strdup(eproto_db[i].s); + } + /* Hardwire some SNAP proto ID names */ + for (pl = protoidlist; pl->name != NULL; ++pl) { + tp = lookup_protoid(pl->protoid); + /* Don't override existing name */ + if (tp->p_name != NULL) + continue; + + tp->p_name = pl->name; } } static struct etherlist { - u_char addr[6]; - char *name; + const u_char addr[6]; + const char *name; } etherlist[] = { {{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, "Broadcast" }, {{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL } @@ -671,7 +765,7 @@ init_etherarray(void) { register struct etherlist *el; register struct enamemem *tp; -#ifdef HAVE_ETHER_NTOHOST +#ifdef USE_ETHER_NTOHOST char name[256]; #else register struct pcap_etherent *ep; @@ -682,7 +776,7 @@ init_etherarray(void) if (fp != NULL) { while ((ep = pcap_next_etherent(fp)) != NULL) { tp = lookup_emem(ep->addr); - tp->e_name = savestr(ep->name); + tp->e_name = strdup(ep->name); } (void)fclose(fp); } @@ -695,10 +789,10 @@ init_etherarray(void) if (tp->e_name != NULL) continue; -#ifdef HAVE_ETHER_NTOHOST +#ifdef USE_ETHER_NTOHOST /* Use yp/nis version of name if available */ - if (ether_ntohost(name, (struct ether_addr *)el->addr) == 0) { - tp->e_name = savestr(name); + if (ether_ntohost(name, (const struct ether_addr *)el->addr) == 0) { + tp->e_name = strdup(name); continue; } #endif @@ -716,6 +810,9 @@ static struct tok llcsap_db[] = { { LLCSAP_RS511, "eia-rs511" }, { LLCSAP_ISO8208, "x.25/llc2" }, { LLCSAP_PROWAY, "proway" }, + { LLCSAP_SNAP, "snap" }, + { LLCSAP_IPX, "IPX" }, + { LLCSAP_NETBEUI, "netbeui" }, { LLCSAP_ISONS, "iso-clns" }, { LLCSAP_GLOBAL, "global" }, { 0, NULL } @@ -764,7 +861,7 @@ init_addrtoname(u_int32_t localnet, u_int32_t mask) init_protoidarray(); } -char * +const char * dnaddr_string(u_short dnaddr) { register struct hnamemem *tp; diff --git a/contrib/tcpdump/ethertype.h b/contrib/tcpdump/ethertype.h index 86d96fe..caff2579 100644 --- a/contrib/tcpdump/ethertype.h +++ b/contrib/tcpdump/ethertype.h @@ -18,7 +18,8 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /tcpdump/master/tcpdump/ethertype.h,v 1.12 2000/09/23 08:03:30 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/ethertype.h,v 1.16 2001/06/21 17:56:02 itojun Exp $ (LBL) + * * $FreeBSD$ */ @@ -98,11 +99,20 @@ #define ETHERTYPE_8021Q 0x8100 #endif #ifndef ETHERTYPE_IPX -#define ETHERTYPE_IPX 0x8137 +#define ETHERTYPE_IPX 0x8137 #endif #ifndef ETHERTYPE_IPV6 #define ETHERTYPE_IPV6 0x86dd #endif +#ifndef ETHERTYPE_PPP +#define ETHERTYPE_PPP 0x880b +#endif +#ifndef ETHERTYPE_MPLS +#define ETHERTYPE_MPLS 0x8847 +#endif +#ifndef ETHERTYPE_MPLS_MULTI +#define ETHERTYPE_MPLS_MULTI 0x8848 +#endif #ifndef ETHERTYPE_PPPOED #define ETHERTYPE_PPPOED 0x8863 #endif diff --git a/contrib/tcpdump/interface.h b/contrib/tcpdump/interface.h index af069cb..8fa15438 100644 --- a/contrib/tcpdump/interface.h +++ b/contrib/tcpdump/interface.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 + * Copyright (c) 1988-2002 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -18,7 +18,8 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.149 2001/01/02 22:47:06 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.178 2002/01/21 11:39:58 mcr Exp $ (LBL) + * * $FreeBSD$ */ @@ -40,25 +41,29 @@ #include <stdarg.h> #if !defined(HAVE_SNPRINTF) -int snprintf (char *str, size_t sz, const char *format, ...) - __attribute__ ((format (printf, 3, 4))); +int snprintf(char *, size_t, const char *, ...) + __attribute__((format(printf, 3, 4))); #endif #if !defined(HAVE_VSNPRINTF) -int vsnprintf (char *str, size_t sz, const char *format, va_list ap) - __attribute__((format (printf, 3, 0))); +int vsnprintf(char *, size_t, const char *, va_list) + __attribute__((format(printf, 3, 0))); #endif #ifndef HAVE_STRLCAT -extern size_t strlcat (char *, const char *, size_t); +extern size_t strlcat(char *, const char *, size_t); #endif #ifndef HAVE_STRLCPY -extern size_t strlcpy (char *, const char *, size_t); +extern size_t strlcpy(char *, const char *, size_t); +#endif + +#ifndef HAVE_STRDUP +extern char *strdup(const char *); #endif struct tok { int v; /* value */ - char *s; /* string */ + const char *s; /* string */ }; extern int aflag; /* translate network and broadcast addresses */ @@ -78,6 +83,8 @@ extern int xflag; /* print packet in hex */ extern int Xflag; /* print packet in hex/ascii */ extern char *espsecret; +extern struct esp_algorithm *espsecret_xform; /* cache of decoded alg. */ +extern char *espsecret_key; extern int packettype; /* as specified by -T */ #define PT_VAT 1 /* Visual Audio Tool */ @@ -95,16 +102,14 @@ extern int packettype; /* as specified by -T */ #define max(a,b) ((b)>(a)?(b):(a)) #endif -#ifndef INET6 /* * The default snapshot length. This value allows most printers to print * useful information while keeping the amount of unwanted data down. - * In particular, it allows for an ethernet header, tcp/ip header, and - * 14 bytes of data (assuming no ip options). */ -#define DEFAULT_SNAPLEN 68 +#ifndef INET6 +#define DEFAULT_SNAPLEN 68 /* ether + IPv4 + TCP + 14 */ #else -#define DEFAULT_SNAPLEN 96 +#define DEFAULT_SNAPLEN 96 /* ether + IPv6 + TCP + 22 */ #endif #ifndef BIG_ENDIAN @@ -152,17 +157,20 @@ extern const u_char *snapend; /* Bail if "var" was not captured */ #define TCHECK(var) TCHECK2(var, sizeof(var)) -struct timeval; - extern void ts_print(const struct timeval *); extern void relts_print(int); extern int fn_print(const u_char *, const u_char *); extern int fn_printn(const u_char *, u_int, const u_char *); extern const char *tok2str(const struct tok *, const char *, int); -extern char *dnaddr_string(u_short); +extern const char *tok2strary_internal(const char **, int, const char *, int); +#define tok2strary(a,f,i) tok2strary_internal(a, sizeof(a)/sizeof(a[0]),f,i) -extern void wrapup(int); +extern const char *dnaddr_string(u_short); + +extern void info(int); +extern int infodelay; +extern int infoprint; extern void error(const char *, ...) __attribute__((noreturn, format (printf, 1, 2))); @@ -174,15 +182,16 @@ extern char *copy_argv(char **); extern void safeputchar(int); extern void safeputs(const char *); -extern char *isonsap_string(const u_char *); -extern char *llcsap_string(u_char); -extern char *protoid_string(const u_char *); -extern char *dnname_string(u_short); -extern char *dnnum_string(u_short); +extern const char *isonsap_string(const u_char *); +extern const char *llcsap_string(u_char); +extern const char *protoid_string(const u_char *); +extern const char *ipxsap_string(u_short); +extern const char *dnname_string(u_short); +extern const char *dnnum_string(u_short); /* The printer routines. */ -struct pcap_pkthdr; +#include <pcap.h> extern void ascii_print_with_offset(const u_char *, u_int, u_int); extern void ascii_print(const u_char *, u_int); @@ -198,21 +207,25 @@ extern void atalk_print(const u_char *, u_int); extern void atm_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void bootp_print(const u_char *, u_int, u_short, u_short); extern void bgp_print(const u_char *, int); -extern void bxxp_print(const u_char *, u_int); -extern void cnfp_print(const u_char *cp, u_int len, const u_char *bp); +extern void beep_print(const u_char *, u_int); +extern void cnfp_print(const u_char *, u_int, const u_char *); extern void decnet_print(const u_char *, u_int, u_int); extern void default_print(const u_char *, u_int); extern void default_print_unaligned(const u_char *, u_int); extern void dvmrp_print(const u_char *, u_int); extern void egp_print(const u_char *, u_int, const u_char *); +extern void arcnet_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); extern void ether_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void token_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void fddi_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); +extern void ieee802_11_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); extern void gre_print(const u_char *, u_int); extern void icmp_print(const u_char *, u_int, const u_char *); -extern void igmp_print(const u_char *, u_int, const u_char *); +extern void igmp_print(const u_char *, u_int); extern void igrp_print(const u_char *, u_int, const u_char *); extern void ip_print(const u_char *, u_int); extern void ipN_print(const u_char *, u_int); @@ -221,6 +234,9 @@ extern void isoclns_print(const u_char *, u_int, u_int, const u_char *, const u_char *); extern void krb_print(const u_char *, u_int); extern void llap_print(const u_char *, u_int); +extern void ltalk_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); +extern void msdp_print(const unsigned char *, u_int); extern void nfsreply_print(const u_char *, u_int, const u_char *); extern void nfsreq_print(const u_char *, u_int, const u_char *); extern void ns_print(const u_char *, u_int); @@ -238,6 +254,8 @@ extern void ppp_hdlc_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void ppp_bsdos_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); +extern void pppoe_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); extern int vjc_print(register const char *, register u_int, u_short); extern void raw_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void rip_print(const u_char *, u_int); @@ -248,6 +266,7 @@ extern void sl_bsdos_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void chdlc_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); +extern void chdlc_print(register const u_char *, u_int, u_int); extern void sll_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void snmp_print(const u_char *, u_int); extern void sunrpcrequest_print(const u_char *, u_int, const u_char *); @@ -257,35 +276,47 @@ extern void timed_print(const u_char *, u_int); extern void udp_print(const u_char *, u_int, const u_char *, int); extern void wb_print(const void *, u_int); extern int ah_print(register const u_char *, register const u_char *); -extern int esp_print(register const u_char *, register const u_char *, int *); +extern int esp_print(register const u_char *, register const u_char *, int *, int *); extern void isakmp_print(const u_char *, u_int, const u_char *); extern int ipcomp_print(register const u_char *, register const u_char *, int *); extern void rx_print(register const u_char *, int, int, int, u_char *); -extern void netbeui_print(u_short, const u_char *, const u_char *); -extern void ipx_netbios_print(const u_char *, const u_char *); +extern void netbeui_print(u_short, const u_char *, int); +extern void ipx_netbios_print(const u_char *, u_int); extern void nbt_tcp_print(const u_char *, int); -extern void nbt_udp137_print(const u_char *data, int); -extern void nbt_udp138_print(const u_char *data, int); +extern void nbt_udp137_print(const u_char *, int); +extern void nbt_udp138_print(const u_char *, int); extern char *smb_errstr(int, int); extern void print_data(const unsigned char *, int); extern void l2tp_print(const u_char *, u_int); extern void lcp_print(const u_char *, u_int); -extern void vrrp_print(const u_char *bp, u_int len, int ttl); -extern void cdp_print(const u_char *p, u_int length, u_int caplen, - const u_char *esrc, const u_char *edst); -extern void stp_print(const u_char *p, u_int length); +extern void vrrp_print(const u_char *, u_int, int); +extern void cdp_print(const u_char *, u_int, u_int, const u_char *, + const u_char *); +extern void stp_print(const u_char *, u_int); extern void radius_print(const u_char *, u_int); +extern void lwres_print(const u_char *, u_int); +extern void pptp_print(const u_char *, u_int); +extern void sctp_print(const u_char *, const u_char *, u_int); +extern void mpls_print(const u_char *, u_int); +extern void zephyr_print(const u_char *, int); +extern void hsrp_print(const u_char *, u_int); #ifdef INET6 -extern void ip6_print(const u_char *, int); +extern void ip6_print(const u_char *, u_int); extern void ip6_opt_print(const u_char *, int); extern int hbhopt_print(const u_char *); extern int dstopt_print(const u_char *); extern int frag6_print(const u_char *, const u_char *); extern void icmp6_print(const u_char *, const u_char *); -extern void ripng_print(const u_char *, int); +extern void ripng_print(const u_char *, unsigned int); extern int rt6_print(const u_char *, const u_char *); extern void ospf6_print(const u_char *, u_int); extern void dhcp6_print(const u_char *, u_int, u_int16_t, u_int16_t); #endif /*INET6*/ -extern u_short in_cksum(const u_short *addr, register int len, u_short csum); +extern u_short in_cksum(const u_short *, register u_int, int); + +#ifndef HAVE_BPF_DUMP +struct bpf_program; + +extern void bpf_dump(struct bpf_program *, int); +#endif diff --git a/contrib/tcpdump/nfsfh.h b/contrib/tcpdump/nfsfh.h index 97e56c1..6b6a395 100644 --- a/contrib/tcpdump/nfsfh.h +++ b/contrib/tcpdump/nfsfh.h @@ -1,13 +1,47 @@ +/* @(#) $Header: /tcpdump/master/tcpdump/nfsfh.h,v 1.12 2001/09/17 21:57:52 fenner Exp $ (LBL) */ + /* - * $Header: /tcpdump/master/tcpdump/nfsfh.h,v 1.9 2000/06/01 01:16:36 assar Exp $ + * Copyright (c) 1993, 1994 Jeffrey C. Mogul, Digital Equipment Corporation, + * Western Research Laboratory. All rights reserved. + * Copyright (c) 2001 Compaq Computer Corporation. All rights reserved. + * + * Permission to use, copy, and modify this software and its + * documentation is hereby granted only under the following terms and + * conditions. Both the above copyright notice and this permission + * notice must appear in all copies of the software, derivative works + * or modified versions, and any portions thereof, and both notices + * must appear in supporting documentation. * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND COMPAQ COMPUTER CORPORATION + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING + * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO + * EVENT SHALL COMPAQ COMPUTER CORPORATION BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* * nfsfh.h - NFS file handle definitions (for portable use) * * Jeffrey C. Mogul * Digital Equipment Corporation * Western Research Laboratory * $FreeBSD$ - * $NetBSD: nfsfh.h,v 1.1.1.2 1997/10/03 17:25:13 christos Exp $ */ + * $NetBSD: nfsfh.h,v 1.1.1.2 1997/10/03 17:25:13 christos Exp $ + */ /* * Internal representation of dev_t, because different NFS servers @@ -33,4 +67,4 @@ typedef struct { #define fsid_eq(a,b) ((a.fsid_code == b.fsid_code) &&\ dev_eq(a.Fsid_dev, b.Fsid_dev)) -extern void Parse_fh(caddr_t *, int, my_fsid *, ino_t *, char **, char **, int); +extern void Parse_fh(caddr_t *, int, my_fsid *, ino_t *, const char **, const char **, int); diff --git a/contrib/tcpdump/parsenfsfh.c b/contrib/tcpdump/parsenfsfh.c index 6712e49..f93321f 100644 --- a/contrib/tcpdump/parsenfsfh.c +++ b/contrib/tcpdump/parsenfsfh.c @@ -1,4 +1,37 @@ /* + * Copyright (c) 1993, 1994 Jeffrey C. Mogul, Digital Equipment Corporation, + * Western Research Laboratory. All rights reserved. + * Copyright (c) 2001 Compaq Computer Corporation. All rights reserved. + * + * Permission to use, copy, and modify this software and its + * documentation is hereby granted only under the following terms and + * conditions. Both the above copyright notice and this permission + * notice must appear in all copies of the software, derivative works + * or modified versions, and any portions thereof, and both notices + * must appear in supporting documentation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND COMPAQ COMPUTER CORPORATION + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING + * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO + * EVENT SHALL COMPAQ COMPUTER CORPORATION BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* * parsenfsfh.c - portable parser for NFS file handles * uses all sorts of heuristics * @@ -11,7 +44,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/parsenfsfh.c,v 1.18 2000/07/01 03:39:00 assar Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/parsenfsfh.c,v 1.23 2001/09/17 21:57:53 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -85,8 +118,8 @@ register caddr_t *fh; int len; my_fsid *fsidp; ino_t *inop; -char **osnamep; /* if non-NULL, return OS name here */ -char **fsnamep; /* if non-NULL, return server fs name here (for VMS) */ +const char **osnamep; /* if non-NULL, return OS name here */ +const char **fsnamep; /* if non-NULL, return server fs name here (for VMS) */ int ourself; /* true if file handle was generated on this host */ { register unsigned char *fhp = (unsigned char *)fh; @@ -371,17 +404,15 @@ int ourself; /* true if file handle was generated on this host */ case FHT_UNKNOWN: #ifdef DEBUG /* XXX debugging */ - int i; for (i = 0; i < 32; i++) (void)fprintf(stderr, "%x.", fhp[i]); (void)fprintf(stderr, "\n"); #endif - /* XXX for now, give "bogus" values to aid debugging */ - /* Save the actual handle, so it can be display with -u */ for (i = 0; i < 32; i++) - (void)sprintf(&(fsidp->Opaque_Handle[i*2]), "%.2X", fhp[i]); + (void)snprintf(&(fsidp->Opaque_Handle[i*2]), 3, "%.2X", fhp[i]); + /* XXX for now, give "bogus" values to aid debugging */ fsidp->fsid_code = 0; fsidp->Fsid_dev.Minor = 257; fsidp->Fsid_dev.Major = 257; diff --git a/contrib/tcpdump/ppp.h b/contrib/tcpdump/ppp.h index d55d6ae..6c7262d 100644 --- a/contrib/tcpdump/ppp.h +++ b/contrib/tcpdump/ppp.h @@ -1,4 +1,4 @@ -/* @(#) $Header: /tcpdump/master/tcpdump/ppp.h,v 1.11 2000/10/09 01:53:19 guy Exp $ (LBL) */ +/* @(#) $Header: /tcpdump/master/tcpdump/ppp.h,v 1.12 2001/02/04 02:17:55 fenner Exp $ (LBL) */ /* * Point to Point Protocol (PPP) RFC1331 * @@ -41,6 +41,7 @@ #define PPP_STII 0x0033 /* Stream Protocol (ST-II) */ #define PPP_VINES 0x0035 /* Banyan Vines */ #define PPP_IPV6 0x0057 /* IPv6 */ +#define PPP_COMP 0x00fd /* Compressed Datagram */ #define PPP_HELLO 0x0201 /* 802.1d Hello Packets */ #define PPP_LUXCOM 0x0231 /* Luxcom */ diff --git a/contrib/tcpdump/print-arp.c b/contrib/tcpdump/print-arp.c index ccb93bf..20534ed 100644 --- a/contrib/tcpdump/print-arp.c +++ b/contrib/tcpdump/print-arp.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-arp.c,v 1.49 2000/10/10 05:05:07 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-arp.c,v 1.51 2001/09/17 21:57:54 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -58,7 +58,10 @@ struct arphdr { u_short ar_hrd; /* format of hardware address */ #define ARPHRD_ETHER 1 /* ethernet hardware format */ #define ARPHRD_IEEE802 6 /* token-ring hardware format */ +#define ARPHRD_ARCNET 7 /* arcnet hardware format */ #define ARPHRD_FRELAY 15 /* frame relay hardware format */ +#define ARPHRD_STRIP 23 /* Ricochet Starmode Radio hardware format */ +#define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */ u_short ar_pro; /* format of protocol address */ u_char ar_hln; /* length of hardware address */ u_char ar_pln; /* length of protocol address */ @@ -79,117 +82,86 @@ struct arphdr { u_char ar_tha[]; /* target hardware address */ u_char ar_tpa[]; /* target protocol address */ #endif +#define ar_sha(ap) (((const caddr_t)((ap)+1))+0) +#define ar_spa(ap) (((const caddr_t)((ap)+1))+ (ap)->ar_hln) +#define ar_tha(ap) (((const caddr_t)((ap)+1))+ (ap)->ar_hln+(ap)->ar_pln) +#define ar_tpa(ap) (((const caddr_t)((ap)+1))+2*(ap)->ar_hln+(ap)->ar_pln) }; #define ARP_HDRLEN 8 -/* - * Ethernet Address Resolution Protocol. - * - * See RFC 826 for protocol description. Structure below is adapted - * to resolving internet addresses. Field names used correspond to - * RFC 826. - */ -struct ether_arp { - struct arphdr ea_hdr; /* fixed-size header */ - u_char arp_sha[6]; /* sender hardware address */ - u_char arp_spa[4]; /* sender protocol address */ - u_char arp_tha[6]; /* target hardware address */ - u_char arp_tpa[4]; /* target protocol address */ -}; -#define arp_hrd ea_hdr.ar_hrd -#define arp_pro ea_hdr.ar_pro -#define arp_hln ea_hdr.ar_hln -#define arp_pln ea_hdr.ar_pln -#define arp_op ea_hdr.ar_op - -#define ETHER_ARP_HDRLEN (ARP_HDRLEN + 6 + 4 + 6 + 4) - -#define SHA(ap) ((ap)->arp_sha) -#define THA(ap) ((ap)->arp_tha) -#define SPA(ap) ((ap)->arp_spa) -#define TPA(ap) ((ap)->arp_tpa) - -/* Compatibility */ -#ifndef REVARP_REQUEST -#define REVARP_REQUEST 3 -#endif -#ifndef REVARP_REPLY -#define REVARP_REPLY 4 -#endif +#define HRD(ap) ((ap)->ar_hrd) +#define HLN(ap) ((ap)->ar_hln) +#define PLN(ap) ((ap)->ar_pln) +#define OP(ap) ((ap)->ar_op) +#define PRO(ap) ((ap)->ar_pro) +#define SHA(ap) (ar_sha(ap)) +#define SPA(ap) (ar_spa(ap)) +#define THA(ap) (ar_tha(ap)) +#define TPA(ap) (ar_tpa(ap)) static u_char ezero[6]; void -arp_print(register const u_char *bp, u_int length, u_int caplen) +arp_print(const u_char *bp, u_int length, u_int caplen) { - register const struct ether_arp *ap; - register const struct ether_header *eh; - register u_short pro, hrd, op; + const struct arphdr *ap; + u_short pro, hrd, op; - ap = (struct ether_arp *)bp; - if ((u_char *)(ap + 1) > snapend) { - printf("[|arp]"); - return; - } - if (length < ETHER_ARP_HDRLEN) { + ap = (const struct arphdr *)bp; + TCHECK(*ap); + if ((const u_char *)(ar_tpa(ap) + PLN(ap)) > snapend) { (void)printf("truncated-arp"); - default_print((u_char *)ap, length); + default_print((const u_char *)ap, length); return; } - pro = EXTRACT_16BITS(&ap->arp_pro); - hrd = EXTRACT_16BITS(&ap->arp_hrd); - op = EXTRACT_16BITS(&ap->arp_op); + pro = EXTRACT_16BITS(&PRO(ap)); + hrd = EXTRACT_16BITS(&HRD(ap)); + op = EXTRACT_16BITS(&OP(ap)); - if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) - || ap->arp_hln != sizeof(SHA(ap)) - || ap->arp_pln != sizeof(SPA(ap))) { + if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) { (void)printf("arp-#%d for proto #%d (%d) hardware #%d (%d)", - op, pro, ap->arp_pln, - hrd, ap->arp_hln); + op, pro, PLN(ap), hrd, HLN(ap)); return; } if (pro == ETHERTYPE_TRAIL) (void)printf("trailer-"); - eh = (struct ether_header *)packetp; switch (op) { case ARPOP_REQUEST: (void)printf("arp who-has %s", ipaddr_string(TPA(ap))); - if (memcmp((char *)ezero, (char *)THA(ap), 6) != 0) - (void)printf(" (%s)", etheraddr_string(THA(ap))); + if (memcmp((const char *)ezero, (const char *)THA(ap), HLN(ap)) != 0) + (void)printf(" (%s)", + linkaddr_string(THA(ap), HLN(ap))); (void)printf(" tell %s", ipaddr_string(SPA(ap))); - if (memcmp((char *)ESRC(eh), (char *)SHA(ap), 6) != 0) - (void)printf(" (%s)", etheraddr_string(SHA(ap))); break; case ARPOP_REPLY: (void)printf("arp reply %s", ipaddr_string(SPA(ap))); - if (memcmp((char *)ESRC(eh), (char *)SHA(ap), 6) != 0) - (void)printf(" (%s)", etheraddr_string(SHA(ap))); - (void)printf(" is-at %s", etheraddr_string(SHA(ap))); - if (memcmp((char *)EDST(eh), (char *)THA(ap), 6) != 0) - (void)printf(" (%s)", etheraddr_string(THA(ap))); + (void)printf(" is-at %s", linkaddr_string(SHA(ap), HLN(ap))); break; - case REVARP_REQUEST: + case ARPOP_REVREQUEST: (void)printf("rarp who-is %s tell %s", - etheraddr_string(THA(ap)), - etheraddr_string(SHA(ap))); + linkaddr_string(THA(ap), HLN(ap)), + linkaddr_string(SHA(ap), HLN(ap))); break; - case REVARP_REPLY: + case ARPOP_REVREPLY: (void)printf("rarp reply %s at %s", - etheraddr_string(THA(ap)), + linkaddr_string(THA(ap), HLN(ap)), ipaddr_string(TPA(ap))); break; default: (void)printf("arp-#%d", op); - default_print((u_char *)ap, caplen); + default_print((const u_char *)ap, caplen); return; } if (hrd != ARPHRD_ETHER) printf(" hardware #%d", hrd); + return; +trunc: + (void)printf("[|arp]"); } diff --git a/contrib/tcpdump/print-atalk.c b/contrib/tcpdump/print-atalk.c index 195638b..9e72cbe 100644 --- a/contrib/tcpdump/print-atalk.c +++ b/contrib/tcpdump/print-atalk.c @@ -25,7 +25,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-atalk.c,v 1.64 2000/10/30 06:22:14 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-atalk.c,v 1.70 2001/11/15 08:23:12 itojun Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -42,13 +42,13 @@ static const char rcsid[] = #include <stdlib.h> #include <string.h> #include <netdb.h> /* for MAXHOSTNAMELEN on some platforms */ +#include <pcap.h> #include "interface.h" #include "addrtoname.h" #include "ethertype.h" #include "extract.h" /* must come after interface.h */ #include "appletalk.h" -#include "savestr.h" static struct tok type2str[] = { { ddpRTMP, "rtmp" }, @@ -86,6 +86,24 @@ static void ddp_print(const u_char *, u_int, int, u_short, u_char, u_char); static const char *ddpskt_string(int); /* + * Print LLAP packets received on a physical LocalTalk interface. + */ +void +ltalk_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) +{ + snapend = p + h->caplen; + ++infodelay; + ts_print(&h->ts); + llap_print(p, h->caplen); + if(xflag) + default_print(p, h->caplen); + putchar('\n'); + --infodelay; + if (infoprint) + info(0); +} + +/* * Print AppleTalk LLAP packets. */ void @@ -97,7 +115,7 @@ llap_print(register const u_char *bp, u_int length) u_short snet; #if 0 - lp = (struct LAP *)bp; + lp = (const struct LAP *)bp; bp += sizeof(*lp); length -= sizeof(*lp); #else @@ -165,8 +183,8 @@ atalk_print(register const u_char *bp, u_int length) u_short snet; if (length < ddpSize) { - (void)printf(" [|ddp %d]", length); - return; + (void)printf(" [|ddp %d]", length); + return; } dp = (const struct atDDP *)bp; snet = EXTRACT_16BITS(&dp->srcNet); @@ -177,6 +195,21 @@ atalk_print(register const u_char *bp, u_int length) ddpskt_string(dp->dstSkt)); bp += ddpSize; length -= ddpSize; +#ifdef LBL_ALIGN + if ((long)bp & 3) { + static u_char *abuf = NULL; + + if (abuf == NULL) { + abuf = (u_char *)malloc(snaplen); + if (abuf == NULL) + error("atalk_print: malloc"); + } + memcpy((char *)abuf, (char *)bp, min(length, snaplen)); + snapend += abuf - (u_char *)bp; + packetp = abuf; + bp = abuf; + } +#endif ddp_print(bp, length, dp->type, snet, dp->srcNode, dp->srcSkt); } @@ -366,7 +399,7 @@ nbp_print(register const struct atNBP *np, u_int length, register u_short snet, register u_char snode, register u_char skt) { register const struct atNBPtuple *tp = - (struct atNBPtuple *)((u_char *)np + nbpHeaderSize); + (const struct atNBPtuple *)((u_char *)np + nbpHeaderSize); int i; const u_char *ep; @@ -442,7 +475,7 @@ print_cstring(register const char *cp, register const u_char *ep) return (0); } while ((int)--length >= 0) { - if (cp >= (char *)ep) { + if (cp >= (const char *)ep) { fputs(tstr, stdout); return (0); } @@ -551,7 +584,7 @@ ataddr_string(u_short atnet, u_char athost) ; tp->addr = i2; tp->nxt = newhnamemem(); - tp->name = savestr(nambuf); + tp->name = strdup(nambuf); } fclose(fp); } @@ -568,7 +601,7 @@ ataddr_string(u_short atnet, u_char athost) tp->nxt = newhnamemem(); (void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost); - tp->name = savestr(nambuf); + tp->name = strdup(nambuf); return (tp->name); } @@ -580,7 +613,7 @@ ataddr_string(u_short atnet, u_char athost) else (void)snprintf(nambuf, sizeof(nambuf), "%d.%d", atnet >> 8, atnet & 0xff); - tp->name = savestr(nambuf); + tp->name = strdup(nambuf); return (tp->name); } diff --git a/contrib/tcpdump/print-atm.c b/contrib/tcpdump/print-atm.c index 95f24b2..2090267 100644 --- a/contrib/tcpdump/print-atm.c +++ b/contrib/tcpdump/print-atm.c @@ -22,7 +22,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-atm.c,v 1.20 2000/12/22 22:45:09 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-atm.c,v 1.21 2001/07/05 18:54:14 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -55,6 +55,7 @@ atm_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) u_int length = h->len; u_short ethertype, extracted_ethertype; + ++infodelay; ts_print(&h->ts); if (caplen < 8) { @@ -157,4 +158,7 @@ atm_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) default_print(p, caplen); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } diff --git a/contrib/tcpdump/print-bootp.c b/contrib/tcpdump/print-bootp.c index 4005398..c8d9ca4 100644 --- a/contrib/tcpdump/print-bootp.c +++ b/contrib/tcpdump/print-bootp.c @@ -24,7 +24,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-bootp.c,v 1.56 2000/12/04 00:00:08 fenner Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-bootp.c,v 1.60 2001/09/17 21:57:56 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -50,8 +50,8 @@ struct rtentry; #include "ether.h" #include "bootp.h" -static void rfc1048_print(const u_char *, u_int); -static void cmu_print(const u_char *, u_int); +static void rfc1048_print(const u_char *); +static void cmu_print(const u_char *); static char tstr[] = " [|bootp]"; @@ -63,10 +63,10 @@ bootp_print(register const u_char *cp, u_int length, u_short sport, u_short dport) { register const struct bootp *bp; - static u_char vm_cmu[4] = VM_CMU; - static u_char vm_rfc1048[4] = VM_RFC1048; + static const u_char vm_cmu[4] = VM_CMU; + static const u_char vm_rfc1048[4] = VM_RFC1048; - bp = (struct bootp *)cp; + bp = (const struct bootp *)cp; TCHECK(bp->bp_op); switch (bp->bp_op) { @@ -132,14 +132,14 @@ bootp_print(register const u_char *cp, u_int length, register const char *e; TCHECK2(bp->bp_chaddr[0], 6); - eh = (struct ether_header *)packetp; + eh = (const struct ether_header *)packetp; if (bp->bp_op == BOOTREQUEST) e = (const char *)ESRC(eh); else if (bp->bp_op == BOOTREPLY) e = (const char *)EDST(eh); else e = 0; - if (e == 0 || memcmp((char *)bp->bp_chaddr, e, 6) != 0) + if (e == 0 || memcmp((const char *)bp->bp_chaddr, e, 6) != 0) printf(" ether %s", etheraddr_string(bp->bp_chaddr)); } @@ -166,13 +166,12 @@ bootp_print(register const u_char *cp, u_int length, /* Decode the vendor buffer */ TCHECK(bp->bp_vend[0]); - length -= sizeof(*bp) - sizeof(bp->bp_vend); - if (memcmp((char *)bp->bp_vend, (char *)vm_rfc1048, + if (memcmp((const char *)bp->bp_vend, vm_rfc1048, sizeof(u_int32_t)) == 0) - rfc1048_print(bp->bp_vend, length); - else if (memcmp((char *)bp->bp_vend, (char *)vm_cmu, + rfc1048_print(bp->bp_vend); + else if (memcmp((const char *)bp->bp_vend, vm_cmu, sizeof(u_int32_t)) == 0) - cmu_print(bp->bp_vend, length); + cmu_print(bp->bp_vend); else { u_int32_t ul; @@ -186,7 +185,19 @@ trunc: fputs(tstr, stdout); } -/* The first character specifies the format to print */ +/* + * The first character specifies the format to print: + * i - ip address (32 bits) + * p - ip address pairs (32 bits + 32 bits) + * l - long (32 bits) + * L - unsigned long (32 bits) + * s - short (16 bits) + * b - period-seperated decimal bytes (variable length) + * x - colon-seperated hex bytes (variable length) + * a - ascii string (variable length) + * B - on/off (8 bits) + * $ - special (explicit code to handle) + */ static struct tok tag2str[] = { /* RFC1048 tags */ { TAG_PAD, " PAD" }, @@ -238,7 +249,7 @@ static struct tok tag2str[] = { { TAG_VENDOR_OPTS, "bVO" }, { TAG_NETBIOS_NS, "iWNS" }, { TAG_NETBIOS_DDS, "iWDD" }, - { TAG_NETBIOS_NODE, "bWNT" }, + { TAG_NETBIOS_NODE, "$WNT" }, { TAG_NETBIOS_SCOPE, "aWSC" }, { TAG_XWIN_FS, "iXFS" }, { TAG_XWIN_DM, "iXDM" }, @@ -255,7 +266,7 @@ static struct tok tag2str[] = { { TAG_STREETTALK_STDA, "iSTDA" }, { TAG_REQUESTED_IP, "iRQ" }, { TAG_IP_LEASE, "lLT" }, - { TAG_OPT_OVERLOAD, "bOO" }, + { TAG_OPT_OVERLOAD, "$OO" }, { TAG_TFTP_SERVER, "aTFTP" }, { TAG_BOOTFILENAME, "aBF" }, { TAG_DHCP_MESSAGE, " DHCP" }, @@ -265,8 +276,8 @@ static struct tok tag2str[] = { { TAG_MAX_MSG_SIZE, "sMSZ" }, { TAG_RENEWAL_TIME, "lRN" }, { TAG_REBIND_TIME, "lRB" }, - { TAG_VENDOR_CLASS, "bVC" }, - { TAG_CLIENT_ID, "xCID" }, + { TAG_VENDOR_CLASS, "aVC" }, + { TAG_CLIENT_ID, "$CID" }, /* RFC 2485 */ { TAG_OPEN_GROUP_UAP, "aUAP" }, /* RFC 2563 */ @@ -281,7 +292,7 @@ static struct tok tag2str[] = { /* ftp://ftp.isi.edu/.../assignments/bootp-dhcp-extensions */ { TAG_USER_CLASS, "aCLASS" }, { TAG_SLP_NAMING_AUTH, "aSLP-NA" }, - { TAG_CLIENT_FQDN, "bFQDN" }, /* XXX 'b' */ + { TAG_CLIENT_FQDN, "$FQDN" }, { TAG_AGENT_CIRCUIT, "bACKT" }, { TAG_AGENT_REMOTE, "bARMT" }, { TAG_AGENT_MASK, "bAMSK" }, @@ -309,8 +320,36 @@ static struct tok xtag2str[] = { { 0, NULL } }; +/* DHCP "options overload" types */ +static struct tok oo2str[] = { + { 1, "file" }, + { 2, "sname" }, + { 3, "file+sname" }, + { 0, NULL } +}; + +/* NETBIOS over TCP/IP node type options */ +static struct tok nbo2str[] = { + { 0x1, "b-node" }, + { 0x2, "p-node" }, + { 0x4, "m-node" }, + { 0x8, "h-node" }, + { 0, NULL } +}; + +/* ARP Hardware types, for Client-ID option */ +static struct tok arp2str[] = { + { 0x1, "ether" }, + { 0x6, "ieee802" }, + { 0x7, "arcnet" }, + { 0xf, "frelay" }, + { 0x17, "strip" }, + { 0x18, "ieee1394" }, + { 0, NULL } +}; + static void -rfc1048_print(register const u_char *bp, register u_int length) +rfc1048_print(register const u_char *bp) { register u_char tag; register u_int len, size; @@ -448,10 +487,10 @@ rfc1048_print(register const u_char *bp, register u_int length) while (size >= 2*sizeof(ul)) { if (!first) putchar(','); - memcpy((char *)&ul, (char *)bp, sizeof(ul)); + memcpy((char *)&ul, (const char *)bp, sizeof(ul)); printf("(%s:", ipaddr_string(&ul)); bp += sizeof(ul); - memcpy((char *)&ul, (char *)bp, sizeof(ul)); + memcpy((char *)&ul, (const char *)bp, sizeof(ul)); printf("%s)", ipaddr_string(&ul)); bp += sizeof(ul); size -= 2*sizeof(ul); @@ -500,13 +539,76 @@ rfc1048_print(register const u_char *bp, register u_int length) /* Bytes */ while (size > 0) { if (!first) - putchar (c == 'x' ? ':' : '.'); - printf (c == 'x' ? "%02x" : "%d", *bp); + putchar(c == 'x' ? ':' : '.'); + if (c == 'x') + printf("%02x", *bp); + else + printf("%d", *bp); ++bp; --size; first = 0; } break; + + case '$': + /* Guys we can't handle with one of the usual cases */ + switch (tag) { + + case TAG_NETBIOS_NODE: + tag = *bp++; + --size; + fputs(tok2str(nbo2str, NULL, tag), stdout); + break; + + case TAG_OPT_OVERLOAD: + tag = *bp++; + --size; + fputs(tok2str(oo2str, NULL, tag), stdout); + break; + + case TAG_CLIENT_FQDN: + if (*bp++) + printf("[svrreg]"); + if (*bp) + printf("%d/%d/", *bp, *(bp+1)); + bp += 2; + putchar('"'); + (void)fn_printn(bp, size - 3, NULL); + putchar('"'); + bp += size - 3; + size = 0; + break; + + case TAG_CLIENT_ID: + { int type = *bp++; + size--; + if (type == 0) { + putchar('"'); + (void)fn_printn(bp, size, NULL); + putchar('"'); + break; + } else { + printf("[%s]", tok2str(arp2str, "type-%d", type)); + } + while (size > 0) { + if (!first) + putchar(':'); + printf("%02x", *bp); + ++bp; + --size; + first = 0; + } + break; + } + + default: + printf("[unknown special tag %d, size %d]", + tag, size); + bp += size; + size = 0; + break; + } + break; } /* Data left over? */ if (size) @@ -518,17 +620,16 @@ trunc: } static void -cmu_print(register const u_char *bp, register u_int length) +cmu_print(register const u_char *bp) { register const struct cmu_vend *cmu; - char *fmt = " %s:%s"; #define PRINTCMUADDR(m, s) { TCHECK(cmu->m); \ if (cmu->m.s_addr != 0) \ - printf(fmt, s, ipaddr_string(&cmu->m.s_addr)); } + printf(" %s:%s", s, ipaddr_string(&cmu->m.s_addr)); } printf(" vend-cmu"); - cmu = (struct cmu_vend *)bp; + cmu = (const struct cmu_vend *)bp; /* Only print if there are unknown bits */ TCHECK(cmu->v_flags); diff --git a/contrib/tcpdump/print-domain.c b/contrib/tcpdump/print-domain.c index fff315e..caabb1a 100644 --- a/contrib/tcpdump/print-domain.c +++ b/contrib/tcpdump/print-domain.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.64.2.1 2001/02/21 09:01:20 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.78 2001/10/19 09:00:48 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -35,12 +35,6 @@ static const char rcsid[] = #include <netinet/in.h> -#ifdef NOERROR -#undef NOERROR /* Solaris sucks */ -#endif -#ifdef NOERROR -#undef T_UNSPEC /* SINIX does too */ -#endif #include "nameser.h" #include <stdio.h> @@ -50,102 +44,16 @@ static const char rcsid[] = #include "addrtoname.h" #include "extract.h" /* must come after interface.h */ -/* Compatibility */ -#ifndef T_TXT -#define T_TXT 16 /* text strings */ -#endif -#ifndef T_RP -#define T_RP 17 /* responsible person */ -#endif -#ifndef T_AFSDB -#define T_AFSDB 18 /* AFS cell database */ -#endif -#ifndef T_X25 -#define T_X25 19 /* X_25 calling address */ -#endif -#ifndef T_ISDN -#define T_ISDN 20 /* ISDN calling address */ -#endif -#ifndef T_RT -#define T_RT 21 /* router */ -#endif -#ifndef T_NSAP -#define T_NSAP 22 /* NSAP address */ -#endif -#ifndef T_NSAP_PTR -#define T_NSAP_PTR 23 /* reverse NSAP lookup (deprecated) */ -#endif -#ifndef T_SIG -#define T_SIG 24 /* security signature */ -#endif -#ifndef T_KEY -#define T_KEY 25 /* security key */ -#endif -#ifndef T_PX -#define T_PX 26 /* X.400 mail mapping */ -#endif -#ifndef T_GPOS -#define T_GPOS 27 /* geographical position (withdrawn) */ -#endif -#ifndef T_AAAA -#define T_AAAA 28 /* IP6 Address */ -#endif -#ifndef T_LOC -#define T_LOC 29 /* Location Information */ -#endif -#ifndef T_NXT -#define T_NXT 30 /* Next Valid Name in Zone */ -#endif -#ifndef T_EID -#define T_EID 31 /* Endpoint identifier */ -#endif -#ifndef T_NIMLOC -#define T_NIMLOC 32 /* Nimrod locator */ -#endif -#ifndef T_SRV -#define T_SRV 33 /* Server selection */ -#endif -#ifndef T_ATMA -#define T_ATMA 34 /* ATM Address */ -#endif -#ifndef T_NAPTR -#define T_NAPTR 35 /* Naming Authority PoinTeR */ -#endif -#ifndef T_A6 -#define T_A6 38 /* IP6 address */ -#endif -#ifndef T_DNAME -#define T_DNAME 39 /* non-terminal redirection */ -#endif - -#ifndef T_OPT -#define T_OPT 41 /* EDNS0 option (meta-RR) */ -#endif - -#ifndef T_UNSPEC -#define T_UNSPEC 103 /* Unspecified format (binary data) */ -#endif -#ifndef T_UNSPECA -#define T_UNSPECA 104 /* "unspecified ascii". Ugly MIT hack */ -#endif - -#ifndef C_CHAOS -#define C_CHAOS 3 /* for chaos net (MIT) */ -#endif -#ifndef C_HS -#define C_HS 4 /* for Hesiod name server (MIT) (XXX) */ -#endif - -static char *ns_ops[] = { - "", " inv_q", " stat", " op3", " notify", " op5", " op6", " op7", +static const char *ns_ops[] = { + "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", " op8", " updataA", " updateD", " updateDA", " updateM", " updateMA", " zoneInit", " zoneRef", }; -static char *ns_resp[] = { +static const char *ns_resp[] = { "", " FormErr", " ServFail", " NXDomain", - " NotImp", " Refused", " Resp6", " Resp7", - " Resp8", " Resp9", " Resp10", " Resp11", + " NotImp", " Refused", " YXDomain", " YXRRSet", + " NXRRSet", " NotAuth", " NotZone", " Resp11", " Resp12", " Resp13", " Resp14", " NoChange", }; @@ -155,24 +63,26 @@ ns_nskip(register const u_char *cp, register const u_char *bp) { register u_char i; + if (!TTEST2(*cp, 1)) + return (NULL); if (((i = *cp++) & INDIR_MASK) == INDIR_MASK) return (cp + 1); - if (cp >= snapend) - return(NULL); - while (i && cp < snapend) { + while (i) { if ((i & INDIR_MASK) == EDNS0_MASK) { int bitlen, bytelen; if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) return(NULL); /* unknown ELT */ + if (!TTEST2(*cp, 1)) + return (NULL); if ((bitlen = *cp++) == 0) bitlen = 256; bytelen = (bitlen + 7) / 8; cp += bytelen; } else cp += i; - if (cp >= snapend) - return(NULL); + if (!TTEST2(*cp, 1)) + return (NULL); i = *cp++; } return (cp); @@ -187,7 +97,7 @@ blabel_print(const u_char *cp) const u_char *bitp, *lim; char tc; - if (cp >= snapend) + if (!TTEST2(*cp, 1)) return(NULL); if ((bitlen = *cp) == 0) bitlen = 256; @@ -220,7 +130,7 @@ labellen(const u_char *cp) { register u_int i; - if (cp >= snapend) + if (!TTEST2(*cp, 1)) return(-1); i = *cp; if ((i & INDIR_MASK) == EDNS0_MASK) { @@ -228,7 +138,7 @@ labellen(const u_char *cp) if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) return(-1); - if (cp + 1 >= snapend) + if (!TTEST2(*(cp + 1), 1)) return(-1); if ((bitlen = *(cp + 1)) == 0) bitlen = 256; @@ -249,7 +159,7 @@ ns_nprint(register const u_char *cp, register const u_char *bp) if ((l = labellen(cp)) < 0) return(NULL); - if (cp >= snapend) + if (!TTEST2(*cp, 1)) return(NULL); chars_processed = 1; if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { @@ -264,11 +174,13 @@ ns_nprint(register const u_char *cp, register const u_char *bp) rp = cp + 1; compress = 1; } - cp = bp + (((i << 8) | *cp) & 0x3fff); - if (cp >= snapend) + if (!TTEST2(*cp, 1)) return(NULL); + cp = bp + (((i << 8) | *cp) & 0x3fff); if ((l = labellen(cp)) < 0) return(NULL); + if (!TTEST2(*cp, 1)) + return(NULL); i = *cp++; chars_processed++; @@ -288,7 +200,8 @@ ns_nprint(register const u_char *cp, register const u_char *bp) elt = (i & ~INDIR_MASK); switch(elt) { case EDNS0_ELT_BITLABEL: - blabel_print(cp); + if (blabel_print(cp) == NULL) + return (NULL); break; default: /* unknown ELT */ @@ -297,13 +210,15 @@ ns_nprint(register const u_char *cp, register const u_char *bp) } } else { if (fn_printn(cp, l, snapend)) - break; + return(NULL); } cp += l; chars_processed += l; putchar('.'); - if (cp >= snapend || (l = labellen(cp)) < 0) + if ((l = labellen(cp)) < 0) + return(NULL); + if (!TTEST2(*cp, 1)) return(NULL); i = *cp++; chars_processed++; @@ -321,14 +236,15 @@ ns_cprint(register const u_char *cp, register const u_char *bp) { register u_int i; - if (cp >= snapend) - return NULL; + if (!TTEST2(*cp, 1)) + return (NULL); i = *cp++; - (void)fn_printn(cp, i, snapend); + if (fn_printn(cp, i, snapend)) + return (NULL); return (cp + i); } -static struct tok type2str[] = { +struct tok ns_type2str[] = { { T_A, "A" }, { T_NS, "NS" }, { T_MD, "MD" }, @@ -357,21 +273,24 @@ static struct tok type2str[] = { { T_PX, "PX" }, { T_GPOS, "GPOS" }, { T_AAAA, "AAAA" }, - { T_LOC, "LOC " }, - { T_NXT, "NXT " }, - { T_EID, "EID " }, - { T_NIMLOC, "NIMLOC " }, - { T_SRV, "SRV " }, - { T_ATMA, "ATMA " }, - { T_NAPTR, "NAPTR " }, - { T_A6, "A6 " }, - { T_DNAME, "DNAME " }, - { T_OPT, "OPT " }, + { T_LOC, "LOC" }, + { T_NXT, "NXT" }, + { T_EID, "EID" }, + { T_NIMLOC, "NIMLOC" }, + { T_SRV, "SRV" }, + { T_ATMA, "ATMA" }, + { T_NAPTR, "NAPTR" }, + { T_A6, "A6" }, + { T_DNAME, "DNAME" }, + { T_OPT, "OPT" }, { T_UINFO, "UINFO" }, { T_UID, "UID" }, { T_GID, "GID" }, { T_UNSPEC, "UNSPEC" }, { T_UNSPECA, "UNSPECA" }, + { T_TKEY, "TKEY" }, + { T_TSIG, "TSIG" }, + { T_IXFR, "IXFR" }, { T_AXFR, "AXFR" }, { T_MAILB, "MAILB" }, { T_MAILA, "MAILA" }, @@ -379,9 +298,9 @@ static struct tok type2str[] = { { 0, NULL } }; -static struct tok class2str[] = { +struct tok ns_class2str[] = { { C_IN, "IN" }, /* Not used */ - { C_CHAOS, "CHAOS)" }, + { C_CHAOS, "CHAOS" }, { C_HS, "HS" }, { C_ANY, "ANY" }, { 0, NULL } @@ -396,17 +315,17 @@ ns_qprint(register const u_char *cp, register const u_char *bp) cp = ns_nskip(cp, bp); - if (cp + 4 > snapend || cp == NULL) + if (cp == NULL || !TTEST2(*cp, 4)) return(NULL); /* print the qtype and qclass (if it's not IN) */ i = *cp++ << 8; i |= *cp++; - printf(" %s", tok2str(type2str, "Type%d", i)); + printf(" %s", tok2str(ns_type2str, "Type%d", i)); i = *cp++ << 8; i |= *cp++; if (i != C_IN) - printf(" %s", tok2str(class2str, "(Class %d)", i)); + printf(" %s", tok2str(ns_class2str, "(Class %d)", i)); fputs("? ", stdout); cp = ns_nprint(np, bp); @@ -428,7 +347,7 @@ ns_rprint(register const u_char *cp, register const u_char *bp) } else cp = ns_nskip(cp, bp); - if (cp + 10 > snapend || cp == NULL) + if (cp == NULL || !TTEST2(*cp, 10)) return (snapend); /* print the type/qtype and class (if it's not IN) */ @@ -437,7 +356,7 @@ ns_rprint(register const u_char *cp, register const u_char *bp) class = *cp++ << 8; class |= *cp++; if (class != C_IN && typ != T_OPT) - printf(" %s", tok2str(class2str, "(Class %d)", class)); + printf(" %s", tok2str(ns_class2str, "(Class %d)", class)); /* ignore ttl */ cp += 4; @@ -447,13 +366,13 @@ ns_rprint(register const u_char *cp, register const u_char *bp) rp = cp + len; - printf(" %s", tok2str(type2str, "Type%d", typ)); + printf(" %s", tok2str(ns_type2str, "Type%d", typ)); if (rp > snapend) return(NULL); switch (typ) { case T_A: - if (cp + sizeof(struct in_addr) > snapend) + if (!TTEST2(*cp, sizeof(struct in_addr))) return(NULL); printf(" %s", ipaddr_string(cp)); break; @@ -478,7 +397,7 @@ ns_rprint(register const u_char *cp, register const u_char *bp) putchar(' '); if ((cp = ns_nprint(cp, bp)) == NULL) return(NULL); - if (cp + 5 * 4 > snapend) + if (!TTEST2(*cp, 5 * 4)) return(NULL); printf(" %u", EXTRACT_32BITS(cp)); cp += 4; @@ -493,7 +412,7 @@ ns_rprint(register const u_char *cp, register const u_char *bp) break; case T_MX: putchar(' '); - if (cp + 2 > snapend) + if (!TTEST2(*cp, 2)) return(NULL); if (ns_nprint(cp + 2, bp) == NULL) return(NULL); @@ -507,7 +426,7 @@ ns_rprint(register const u_char *cp, register const u_char *bp) #ifdef INET6 case T_AAAA: - if (cp + sizeof(struct in6_addr) > snapend) + if (!TTEST2(*cp, sizeof(struct in6_addr))) return(NULL); printf(" %s", ip6addr_string(cp)); break; @@ -517,12 +436,16 @@ ns_rprint(register const u_char *cp, register const u_char *bp) struct in6_addr a; int pbit, pbyte; + if (!TTEST2(*cp, 1)) + return(NULL); pbit = *cp; pbyte = (pbit & ~7) / 8; if (pbit > 128) { printf(" %u(bad plen)", pbit); break; } else if (pbit < 128) { + if (!TTEST2(*(cp + 1), sizeof(a) - pbyte)) + return(NULL); memset(&a, 0, sizeof(a)); memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); printf(" %u %s", pbit, ip6addr_string(&a)); @@ -541,10 +464,43 @@ ns_rprint(register const u_char *cp, register const u_char *bp) break; case T_UNSPECA: /* One long string */ - if (cp + len > snapend) + if (!TTEST2(*cp, len)) + return(NULL); + if (fn_printn(cp, len, snapend)) return(NULL); - fn_printn(cp, len, snapend); break; + + case T_TSIG: + { + if (cp + len > snapend) + return(NULL); + if (!vflag) + break; + putchar(' '); + if ((cp = ns_nprint(cp, bp)) == NULL) + return(NULL); + cp += 6; + if (!TTEST2(*cp, 2)) + return(NULL); + printf(" fudge=%u", EXTRACT_16BITS(cp)); + cp += 2; + if (!TTEST2(*cp, 2)) + return(NULL); + printf(" maclen=%u", EXTRACT_16BITS(cp)); + cp += 2 + EXTRACT_16BITS(cp); + if (!TTEST2(*cp, 2)) + return(NULL); + printf(" origid=%u", EXTRACT_16BITS(cp)); + cp += 2; + if (!TTEST2(*cp, 2)) + return(NULL); + printf(" error=%u", EXTRACT_16BITS(cp)); + cp += 2; + if (!TTEST2(*cp, 2)) + return(NULL); + printf(" otherlen=%u", EXTRACT_16BITS(cp)); + cp += 2; + } } return (rp); /* XXX This isn't always right */ } @@ -554,7 +510,7 @@ ns_print(register const u_char *bp, u_int length) { register const HEADER *np; register int qdcount, ancount, nscount, arcount; - register const u_char *cp = NULL; + register const u_char *cp; np = (const HEADER *)bp; TCHECK(*np); @@ -578,49 +534,58 @@ ns_print(register const u_char *bp, u_int length) if (qdcount != 1) printf(" [%dq]", qdcount); /* Print QUESTION section on -vv */ - if (vflag > 1) { - fputs(" q:", stdout); - if ((cp = ns_qprint((const u_char *)(np + 1), bp)) - == NULL) - goto trunc; - } else { - if ((cp = ns_nskip((const u_char *)(np + 1), bp)) - == NULL) - goto trunc; - cp += 4; + cp = (const u_char *)(np + 1); + while (qdcount--) { + if (qdcount < ntohs(np->qdcount) - 1) + putchar(','); + if (vflag > 1) { + fputs(" q:", stdout); + if ((cp = ns_qprint(cp, bp)) == NULL) + goto trunc; + } else { + if ((cp = ns_nskip(cp, bp)) == NULL) + goto trunc; + cp += 4; /* skip QTYPE and QCLASS */ + } } printf(" %d/%d/%d", ancount, nscount, arcount); if (ancount--) { if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; - while (ancount-- && cp < snapend) { + while (cp < snapend && ancount--) { putchar(','); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; } } + if (ancount > 0) + goto trunc; /* Print NS and AR sections on -vv */ if (vflag > 1) { - if (nscount-- && cp < snapend) { + if (cp < snapend && nscount--) { fputs(" ns:", stdout); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; - while (nscount-- && cp < snapend) { + while (cp < snapend && nscount--) { putchar(','); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; } } - if (arcount-- && cp < snapend) { + if (nscount > 0) + goto trunc; + if (cp < snapend && arcount--) { fputs(" ar:", stdout); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; - while (arcount-- && cp < snapend) { + while (cp < snapend && arcount--) { putchar(','); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; } } + if (arcount > 0) + goto trunc; } } else { @@ -650,35 +615,35 @@ ns_print(register const u_char *bp, u_int length) if (arcount) printf(" [%dau]", arcount); + cp = (const u_char *)(np + 1); if (qdcount--) { - cp = ns_qprint((const u_char *)(np + 1), - (const u_char *)np); + cp = ns_qprint(cp, (const u_char *)np); if (!cp) goto trunc; - if ((cp = ns_rprint(cp, bp)) == NULL) - goto trunc; - while (qdcount-- && cp < snapend) { + while (cp < snapend && qdcount--) { cp = ns_qprint((const u_char *)cp, (const u_char *)np); if (!cp) goto trunc; - if ((cp = ns_rprint(cp, bp)) == NULL) - goto trunc; } } + if (qdcount > 0) + goto trunc; /* Print remaining sections on -vv */ if (vflag > 1) { if (ancount--) { if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; - while (ancount-- && cp < snapend) { + while (cp < snapend && ancount--) { putchar(','); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; } } - if (nscount-- && cp < snapend) { + if (ancount > 0) + goto trunc; + if (cp < snapend && nscount--) { fputs(" ns:", stdout); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; @@ -688,16 +653,20 @@ ns_print(register const u_char *bp, u_int length) goto trunc; } } - if (arcount-- && cp < snapend) { + if (nscount > 0) + goto trunc; + if (cp < snapend && arcount--) { fputs(" ar:", stdout); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; - while (arcount-- && cp < snapend) { + while (cp < snapend && arcount--) { putchar(','); if ((cp = ns_rprint(cp, bp)) == NULL) goto trunc; } } + if (arcount > 0) + goto trunc; } } printf(" (%d)", length); diff --git a/contrib/tcpdump/print-ether.c b/contrib/tcpdump/print-ether.c index 3c165c5..6ca59fd 100644 --- a/contrib/tcpdump/print-ether.c +++ b/contrib/tcpdump/print-ether.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 + * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -22,7 +22,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ether.c,v 1.61 2000/12/22 22:45:10 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ether.c,v 1.65 2001/07/04 22:03:14 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -84,6 +84,7 @@ ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) u_short ether_type; u_short extracted_ethertype; + ++infodelay; ts_print(&h->ts); if (caplen < ETHER_HDRLEN) { @@ -139,6 +140,9 @@ ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) default_print(p, caplen); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } /* @@ -230,6 +234,19 @@ ether_encap_print(u_short ethertype, const u_char *p, pppoe_print(p, length); return (1); + case ETHERTYPE_PPP: + printf("ppp"); + if (length) { + printf(": "); + ppp_print(p, length); + } + return (1); + + case ETHERTYPE_MPLS: + case ETHERTYPE_MPLS_MULTI: + mpls_print(p, length); + return (1); + case ETHERTYPE_LAT: case ETHERTYPE_SCA: case ETHERTYPE_MOPRC: diff --git a/contrib/tcpdump/print-fddi.c b/contrib/tcpdump/print-fddi.c index 6871737..76e6d8d 100644 --- a/contrib/tcpdump/print-fddi.c +++ b/contrib/tcpdump/print-fddi.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-fddi.c,v 1.50 2000/12/23 20:48:13 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-fddi.c,v 1.53 2001/11/14 16:46:34 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -54,7 +54,7 @@ static const char rcsid[] = /* * Some FDDI interfaces use bit-swapped addresses. */ -#if defined(ultrix) || defined(__alpha) || defined(__bsdi) || defined(__NetBSD__) +#if defined(ultrix) || defined(__alpha) || defined(__bsdi) || defined(__NetBSD__) || defined(__linux__) int fddi_bitswap = 0; #else int fddi_bitswap = 1; @@ -212,8 +212,8 @@ extract_fddi_addrs(const struct fddi_header *fddip, char *fsrc, char *fdst) fsrc[i] = fddi_bit_swap[fddip->fddi_shost[i]]; } else { - memcpy(fdst, (char *)fddip->fddi_dhost, 6); - memcpy(fsrc, (char *)fddip->fddi_shost, 6); + memcpy(fdst, (const char *)fddip->fddi_dhost, 6); + memcpy(fsrc, (const char *)fddip->fddi_shost, 6); } } @@ -224,7 +224,7 @@ static inline void fddi_print(register const struct fddi_header *fddip, register u_int length, register const u_char *fsrc, register const u_char *fdst) { - char *srcname, *dstname; + const char *srcname, *dstname; srcname = etheraddr_string(fsrc); dstname = etheraddr_string(fdst); @@ -260,10 +260,11 @@ fddi_if_print(u_char *pcap, const struct pcap_pkthdr *h, { u_int caplen = h->caplen; u_int length = h->len; - const struct fddi_header *fddip = (struct fddi_header *)p; + const struct fddi_header *fddip = (const struct fddi_header *)p; struct ether_header ehdr; u_short extracted_ethertype; + ++infodelay; ts_print(&h->ts); if (caplen < FDDI_HDRLEN) { @@ -330,4 +331,7 @@ fddi_if_print(u_char *pcap, const struct pcap_pkthdr *h, default_print(p, caplen); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } diff --git a/contrib/tcpdump/print-icmp.c b/contrib/tcpdump/print-icmp.c index 40d0d89..d26d5ac 100644 --- a/contrib/tcpdump/print-icmp.c +++ b/contrib/tcpdump/print-icmp.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-icmp.c,v 1.57 2000/10/10 05:03:32 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-icmp.c,v 1.62 2001/07/24 16:56:11 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -247,7 +247,7 @@ static struct tok type2str[] = { { ICMP_REDIRECT_NET, "redirect %s to net %s" }, { ICMP_REDIRECT_HOST, "redirect %s to host %s" }, { ICMP_REDIRECT_TOSNET, "redirect-tos %s to net %s" }, - { ICMP_REDIRECT_TOSHOST, "redirect-tos %s to net %s" }, + { ICMP_REDIRECT_TOSHOST, "redirect-tos %s to host %s" }, { 0, NULL } }; @@ -270,27 +270,21 @@ struct id_rdiscovery { }; void -icmp_print(register const u_char *bp, u_int plen, register const u_char *bp2) +icmp_print(const u_char *bp, u_int plen, const u_char *bp2) { - register char *cp; - register const struct icmp *dp; - register const struct ip *ip; - register const char *str, *fmt; - register const struct ip *oip; - register const struct udphdr *ouh; - register u_int hlen, dport, mtu; + char *cp; + const struct icmp *dp; + const struct ip *ip; + const char *str, *fmt; + const struct ip *oip; + const struct udphdr *ouh; + u_int hlen, dport, mtu; char buf[MAXHOSTNAMELEN + 100]; dp = (struct icmp *)bp; ip = (struct ip *)bp2; str = buf; -#if 0 - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif - TCHECK(dp->icmp_code); switch (dp->icmp_type) { @@ -341,12 +335,12 @@ icmp_print(register const u_char *bp, u_int plen, register const u_char *bp2) { register const struct mtu_discovery *mp; mp = (struct mtu_discovery *)&dp->icmp_void; - mtu = EXTRACT_16BITS(&mp->nexthopmtu); - if (mtu) { + mtu = EXTRACT_16BITS(&mp->nexthopmtu); + if (mtu) { (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag (mtu %d)", ipaddr_string(&dp->icmp_ip.ip_dst), mtu); - } else { + } else { (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag", ipaddr_string(&dp->icmp_ip.ip_dst)); @@ -482,7 +476,7 @@ icmp_print(register const u_char *bp, u_int plen, register const u_char *bp2) str = tok2str(icmp2str, "type-#%d", dp->icmp_type); break; } - (void)printf("icmp: %s", str); + (void)printf("icmp: %s", str); if (vflag) { if (TTEST2(*bp, plen)) { if (in_cksum((u_short*)dp, plen, 0)) diff --git a/contrib/tcpdump/print-ip.c b/contrib/tcpdump/print-ip.c index 8e88d6e..c7d7335 100644 --- a/contrib/tcpdump/print-ip.c +++ b/contrib/tcpdump/print-ip.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.92 2001/01/02 23:00:01 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.100 2001/09/17 21:58:03 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -205,7 +205,7 @@ ip_optprint(register const u_char *cp, u_int length) printf("{%d}", len); else if (cp[2] || cp[3]) printf("%d.%d", cp[2], cp[3]); - break; + break; default: printf(" IPOPT-%d{%d}", cp[0], len); @@ -219,7 +219,7 @@ ip_optprint(register const u_char *cp, u_int length) * don't modifiy the packet. */ u_short -in_cksum(const u_short *addr, register int len, u_short csum) +in_cksum(const u_short *addr, register u_int len, int csum) { int nleft = len; const u_short *w = addr; @@ -303,7 +303,7 @@ ip_print(register const u_char *bp, register u_int length) len = ntohs(ip->ip_len); if (length < len) - (void)printf("truncated-ip - %d bytes missing!", + (void)printf("truncated-ip - %d bytes missing! ", len - length); len -= hlen; len0 = len; @@ -317,7 +317,11 @@ ip_print(register const u_char *bp, register u_int length) cp = (const u_char *)ip + hlen; nh = ip->ip_p; - if (nh != IPPROTO_TCP && nh != IPPROTO_UDP) { +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif + if (nh != IPPROTO_TCP && nh != IPPROTO_UDP && + nh != IPPROTO_SCTP) { (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); } @@ -339,10 +343,10 @@ again: #endif case IPPROTO_ESP: { - int enh; - advance = esp_print(cp, (const u_char *)ip, &enh); + int enh, padlen; + advance = esp_print(cp, (const u_char *)ip, &enh, &padlen); cp += advance; - len -= advance; + len -= advance + padlen; if (enh < 0) break; nh = enh & 0xff; @@ -364,6 +368,10 @@ again: goto again; } + case IPPROTO_SCTP: + sctp_print(cp, (const u_char *)ip, len); + break; + case IPPROTO_TCP: tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000)); break; @@ -384,10 +392,6 @@ again: break; case IPPROTO_ND: -#if 0 - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif (void)printf(" nd %d", len); break; @@ -406,20 +410,14 @@ again: #define IPPROTO_IGMP 2 #endif case IPPROTO_IGMP: - igmp_print(cp, len, (const u_char *)ip); + igmp_print(cp, len); break; case 4: /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ -#if 0 - if (vflag) - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif ip_print(cp, len); if (! vflag) { - printf(" (ipip)"); + printf(" (ipip-proto-4)"); return; } break; @@ -430,17 +428,7 @@ again: #endif case IP6PROTO_ENCAP: /* ip6-in-ip encapsulation */ -#if 0 - if (vflag) - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif ip6_print(cp, len); - if (! vflag) { - printf(" (encap)"); - return; - } break; #endif /*INET6*/ @@ -449,31 +437,15 @@ again: #define IPPROTO_GRE 47 #endif case IPPROTO_GRE: - if (vflag) - (void)printf("gre %s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); /* do it */ gre_print(cp, len); - if (! vflag) { - printf(" (gre encap)"); - return; - } - break; + break; #ifndef IPPROTO_MOBILE #define IPPROTO_MOBILE 55 #endif case IPPROTO_MOBILE: - if (vflag) - (void)printf("mobile %s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); mobile_print(cp, len); - if (! vflag) { - printf(" (mobile encap)"); - return; - } break; #ifndef IPPROTO_PIM @@ -487,18 +459,10 @@ again: #define IPPROTO_VRRP 112 #endif case IPPROTO_VRRP: - if (vflag) - (void)printf("vrrp %s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); vrrp_print(cp, len, ip->ip_ttl); break; default: -#if 0 - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif (void)printf(" ip-proto-%d %d", nh, len); break; } @@ -539,10 +503,17 @@ again: if (ip->ip_tos) { (void)printf(" [tos 0x%x", (int)ip->ip_tos); /* ECN bits */ - if (ip->ip_tos&0x02) { - (void)printf(",ECT"); - if (ip->ip_tos&0x01) + if (ip->ip_tos & 0x03) { + switch (ip->ip_tos & 0x03) { + case 1: + (void)printf(",ECT(1)"); + break; + case 2: + (void)printf(",ECT(0)"); + break; + case 3: (void)printf(",CE"); + } } (void)printf("] "); } @@ -594,15 +565,15 @@ ipN_print(register const u_char *bp, register u_int length) memcpy (&hdr, (char *)ip, 4); switch (IP_V(&hdr)) { case 4: - ip_print (bp, length); - return; + ip_print (bp, length); + return; #ifdef INET6 case 6: - ip6_print (bp, length); - return; + ip6_print (bp, length); + return; #endif default: - (void)printf("unknown ip %d", IP_V(&hdr)); - return; + (void)printf("unknown ip %d", IP_V(&hdr)); + return; } } diff --git a/contrib/tcpdump/print-ip6.c b/contrib/tcpdump/print-ip6.c index 9eee4de..0e8bf02 100644 --- a/contrib/tcpdump/print-ip6.c +++ b/contrib/tcpdump/print-ip6.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ip6.c,v 1.16 2000/11/17 19:08:15 itojun Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ip6.c,v 1.21 2001/11/16 02:17:36 itojun Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -53,11 +53,11 @@ static const char rcsid[] = * print an IP6 datagram. */ void -ip6_print(register const u_char *bp, register int length) +ip6_print(register const u_char *bp, register u_int length) { register const struct ip6_hdr *ip6; register int advance; - register int len; + register u_int len; register const u_char *cp; int nh; int fragmented = 0; @@ -68,24 +68,23 @@ ip6_print(register const u_char *bp, register int length) #ifdef LBL_ALIGN /* * The IP6 header is not 16-byte aligned, so copy into abuf. - * This will never happen with BPF. It does happen raw packet - * dumps from -r. */ if ((u_long)ip6 & 15) { static u_char *abuf; - if (abuf == NULL) + if (abuf == NULL) { abuf = malloc(snaplen); + if (abuf == NULL) + error("ip6_print: malloc"); + } memcpy(abuf, ip6, min(length, snaplen)); snapend += abuf - (u_char *)ip6; packetp = abuf; ip6 = (struct ip6_hdr *)abuf; + bp = abuf; } #endif - if ((u_char *)(ip6 + 1) > snapend) { - printf("[|ip6]"); - return; - } + TCHECK(*ip6); if (length < sizeof (struct ip6_hdr)) { (void)printf("truncated-ip6 %d", length); return; @@ -102,7 +101,7 @@ ip6_print(register const u_char *bp, register int length) while (cp < snapend) { cp += advance; - if (cp == (u_char *)(ip6 + 1) + if (cp == (const u_char *)(ip6 + 1) && nh != IPPROTO_TCP && nh != IPPROTO_UDP) { (void)printf("%s > %s: ", ip6addr_string(&ip6->ip6_src), ip6addr_string(&ip6->ip6_dst)); @@ -145,11 +144,12 @@ ip6_print(register const u_char *bp, register int length) break; case IPPROTO_ESP: { - int enh; - advance = esp_print(cp, (const u_char *)ip6, &enh); + int enh, padlen; + advance = esp_print(cp, (const u_char *)ip6, &enh, &padlen); if (enh < 0) goto end; nh = enh & 0xff; + len -= padlen; break; } #ifndef IPPROTO_IPCOMP @@ -223,6 +223,9 @@ ip6_print(register const u_char *bp, register int length) (void)printf(", hlim %d", (int)ip6->ip6_hlim); printf(")"); } + return; +trunc: + (void)printf("[|ip6]"); } #endif /* INET6 */ diff --git a/contrib/tcpdump/print-ipx.c b/contrib/tcpdump/print-ipx.c index 867634c..9a4f60a 100644 --- a/contrib/tcpdump/print-ipx.c +++ b/contrib/tcpdump/print-ipx.c @@ -26,7 +26,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ipx.c,v 1.27 2000/09/29 04:58:41 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ipx.c,v 1.32 2001/10/08 21:25:20 fenner Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -110,10 +110,22 @@ ipx_decode(const struct ipxHdr *ipx, const u_char *datap, u_int length) break; case IPX_SKT_NETBIOS: (void)printf(" ipx-netbios %d", length); +#ifdef TCPDUMP_DO_SMB + ipx_netbios_print(datap, length); +#endif break; case IPX_SKT_DIAGNOSTICS: (void)printf(" ipx-diags %d", length); break; + case IPX_SKT_NWLINK_DGM: + (void)printf(" ipx-nwlink-dgm %d", length); +#ifdef TCPDUMP_DO_SMB + ipx_netbios_print(datap, length); +#endif + break; + case IPX_SKT_EIGRP: + (void)printf(" ipx-eigrp %d", length); + break; default: (void)printf(" ipx-#%x %d", dstSkt, length); break; @@ -138,12 +150,8 @@ ipx_sap_print(const u_short *ipx, u_int length) else (void)printf("ipx-sap-nearest-req"); - if (length > 0) { - TCHECK(ipx[1]); - (void)printf(" %x '", EXTRACT_16BITS(&ipx[0])); - fn_print((u_char *)&ipx[1], (u_char *)&ipx[1] + 48); - putchar('\''); - } + TCHECK(ipx[0]); + (void)printf(" %x", EXTRACT_16BITS(&ipx[0])); break; case 2: @@ -154,7 +162,7 @@ ipx_sap_print(const u_short *ipx, u_int length) (void)printf("ipx-sap-nearest-resp"); for (i = 0; i < 8 && length > 0; i++) { - TCHECK2(ipx[27], 1); + TCHECK2(ipx[25], 10); (void)printf(" %x '", EXTRACT_16BITS(&ipx[0])); fn_print((u_char *)&ipx[1], (u_char *)&ipx[1] + 48); printf("' addr %s", @@ -164,12 +172,12 @@ ipx_sap_print(const u_short *ipx, u_int length) } break; default: - (void)printf("ipx-sap-?%x", command); + (void)printf("ipx-sap-?%x", command); break; } - return; + return; trunc: - printf("[|ipx %d]", length); + printf("[|ipx %d]", length); } void @@ -203,10 +211,11 @@ ipx_rip_print(const u_short *ipx, u_int length) } break; default: - (void)printf("ipx-rip-?%x", command); + (void)printf("ipx-rip-?%x", command); + break; } - return; + return; trunc: - printf("[|ipx %d]", length); + printf("[|ipx %d]", length); } diff --git a/contrib/tcpdump/print-isoclns.c b/contrib/tcpdump/print-isoclns.c index ed020fa..14b8947 100644 --- a/contrib/tcpdump/print-isoclns.c +++ b/contrib/tcpdump/print-isoclns.c @@ -20,12 +20,15 @@ * * Original code by Matt Thomas, Digital Equipment Corporation * + * Extensively modified by Hannes Gredler (hannes@juniper.net) for more + * complete IS-IS support. + * * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.22 2000/10/11 04:04:33 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.36 2002/01/10 09:33:23 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -39,6 +42,7 @@ static const char rcsid[] = #include <netinet/in.h> #include <stdio.h> +#include <string.h> #include "interface.h" #include "addrtoname.h" @@ -49,9 +53,10 @@ static const char rcsid[] = #define NLPID_CLNS 129 /* 0x81 */ #define NLPID_ESIS 130 /* 0x82 */ #define NLPID_ISIS 131 /* 0x83 */ +#define NLPID_IP6 0x8e +#define NLPID_IP 0xcc #define NLPID_NULLNS 0 - /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. */ @@ -64,10 +69,13 @@ static const char rcsid[] = #define L1_LAN_IIH 15 #define L2_LAN_IIH 16 #define PTP_IIH 17 -#define L1_LS_PDU 18 -#define L2_LS_PDU 19 -#define L1_COMPLETE_SEQ_PDU 24 -#define L2_COMPLETE_SEQ_PDU 25 +#define L1_LSP 18 +#define L2_LSP 20 +#define L1_CSNP 24 +#define L2_CSNP 25 +#define L1_PSNP 26 +#define L2_PSNP 27 + /* * A TLV is a tuple of a type, length and a value and is normally used for @@ -75,21 +83,89 @@ static const char rcsid[] = * the well known types. */ -#define TLV_AREA_ADDR 1 -#define TLV_IS_REACH 2 -#define TLV_ES_REACH 3 -#define TLV_SUMMARY 5 -#define TLV_ISNEIGH 6 -#define TLV_PADDING 8 -#define TLV_LSP 9 -#define TLV_AUTHENT 10 -#define TLV_IP_REACH 128 -#define TLV_PROTOCOLS 129 -#define TLV_IP_EXTERN 130 -#define TLV_IDRP_INFO 131 -#define TLV_IPADDR 132 -#define TLV_IPAUTH 133 -#define TLV_PTP_ADJ 240 +#define TLV_AREA_ADDR 1 +#define TLV_IS_REACH 2 +#define TLV_ES_REACH 3 +#define TLV_SUMMARY 5 +#define TLV_ISNEIGH 6 +#define TLV_PADDING 8 +#define TLV_LSP 9 +#define TLV_AUTH 10 +#define TLV_CHECKSUM 12 +#define TLV_EXT_IS_REACH 22 +#define TLV_IP_REACH 128 +#define TLV_PROTOCOLS 129 +#define TLV_IP_REACH_EXT 130 +#define TLV_IDRP_INFO 131 +#define TLV_IPADDR 132 +#define TLV_IPAUTH 133 +#define TLV_TE_ROUTER_ID 134 +#define TLV_EXT_IP_REACH 135 +#define TLV_HOSTNAME 137 +#define TLV_RESTART_SIGNALING 211 +#define TLV_MT_IS_REACH 222 +#define TLV_MT_SUPPORTED 229 +#define TLV_IP6ADDR 232 +#define TLV_MT_REACH 235 +#define TLV_IP6_REACH 236 +#define TLV_PTP_ADJ 240 + +#define SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 +#define SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR 6 +#define SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR 8 +#define SUBTLV_EXT_IS_REACH_MAX_LINK_BW 9 +#define SUBTLV_EXT_IS_REACH_RESERVABLE_BW 10 +#define SUBTLV_EXT_IS_REACH_UNRESERVED_BW 11 +#define SUBTLV_EXT_IS_REACH_TE_METRIC 18 + +#define SUBTLV_AUTH_SIMPLE 1 +#define SUBTLV_AUTH_MD5 54 + +#define ISIS_MASK_LEVEL_BITS(x) ((x)&0x1) + +#define ISIS_MASK_LSP_OL_BIT(x) ((x)&0x4) +#define ISIS_MASK_LSP_ISTYPE_BITS(x) ((x)&0x3) +#define ISIS_MASK_LSP_PARTITION_BIT(x) ((x)&0x80) +#define ISIS_MASK_LSP_ATT_BITS(x) ((x)&0x78) +#define ISIS_MASK_LSP_ATT_ERROR_BIT(x) ((x)&0x40) +#define ISIS_MASK_LSP_ATT_EXPENSE_BIT(x) ((x)&0x20) +#define ISIS_MASK_LSP_ATT_DELAY_BIT(x) ((x)&0x10) +#define ISIS_MASK_LSP_ATT_DEFAULT_BIT(x) ((x)&0x8) + +#define ISIS_MASK_TLV_EXT_IP_UPDOWN(x) ((x)&0x80) +#define ISIS_MASK_TLV_EXT_IP_SUBTLV(x) ((x)&0x40) + +#define ISIS_MASK_TLV_IP6_UPDOWN(x) ((x)&0x80) +#define ISIS_MASK_TLV_IP6_IE(x) ((x)&0x40) +#define ISIS_MASK_TLV_IP6_SUBTLV(x) ((x)&0x20) + +#define ISIS_MASK_RESTART_RR(x) ((x)&0x1) +#define ISIS_MASK_RESTART_RA(x) ((x)&0x2) + +#define ISIS_LSP_TLV_METRIC_SUPPORTED(x) ((x)&0x80) +#define ISIS_LSP_TLV_METRIC_IE(x) ((x)&0x40) +#define ISIS_LSP_TLV_METRIC_UPDOWN(x) ((x)&0x80) +#define ISIS_LSP_TLV_METRIC_VALUE(x) ((x)&0x3f) + +#define ISIS_LSP_TYPE_UNUSED0 0 +#define ISIS_LSP_TYPE_LEVEL_1 1 +#define ISIS_LSP_TYPE_UNUSED2 2 +#define ISIS_LSP_TYPE_LEVEL_2 3 + +static struct tok isis_lsp_istype_values[] = { + { ISIS_LSP_TYPE_UNUSED0, "Unused 0x0 (invalid)"}, + { ISIS_LSP_TYPE_LEVEL_1, "L1 IS"}, + { ISIS_LSP_TYPE_UNUSED2, "Unused 0x2 (invalid)"}, + { ISIS_LSP_TYPE_LEVEL_2, "L1L2 IS"}, + { 0, NULL } +}; + +static struct tok isis_nlpid_values[] = { + { NLPID_CLNS, "CLNS"}, + { NLPID_IP, "IPv4"}, + { NLPID_IP6, "IPv6"}, + { 0, "unknown" } +}; /* * Katz's point to point adjacency TLV uses codes to tell us the state of @@ -100,89 +176,117 @@ static const char rcsid[] = #define ISIS_PTP_ADJ_INIT 1 #define ISIS_PTP_ADJ_DOWN 2 -static int osi_cksum(const u_char *, int, u_char *); +static int osi_cksum(const u_char *, u_int, u_char *); static void esis_print(const u_char *, u_int); static int isis_print(const u_char *, u_int); -struct isis_ptp_adjancey_values { - u_char id; - char *name; +static struct tok isis_ptp_adjancey_values[] = { + { ISIS_PTP_ADJ_UP, "Up" }, + { ISIS_PTP_ADJ_INIT, "Initializing" }, + { ISIS_PTP_ADJ_DOWN, "Down" } }; -static struct isis_ptp_adjancey_values isis_ptp_adjancey_values[] = { - { ISIS_PTP_ADJ_UP, "UP" }, - { ISIS_PTP_ADJ_INIT, "INIT" }, - { ISIS_PTP_ADJ_DOWN, "DOWN" } +struct isis_tlv_ptp_adj { + u_char adjacency_state; + u_char ext_local_circuit_id[4]; + u_char neighbor_sysid[SYSTEM_ID_LEN]; + u_char neighbor_ext_local_circuit_id[4]; }; +struct isis_tlv_ip_reach { + u_char metric_default; + u_char metric_delay; + u_char metric_expense; + u_char metric_error; + u_char prefix[4]; + u_char mask[4]; +}; + +struct isis_tlv_is_reach { + u_char metric_default; + u_char metric_delay; + u_char metric_expense; + u_char metric_error; + u_char neighbor_nodeid[SYSTEM_ID_LEN+1]; +}; + + struct isis_common_header { u_char nlpid; u_char fixed_len; u_char version; /* Protocol version? */ u_char id_length; - u_char enc_pdu_type; /* 3 MSbs are reserved */ + u_char pdu_type; /* 3 MSbs are reserved */ u_char pkt_version; /* Packet format version? */ u_char reserved; - u_char enc_max_area; + u_char max_area; }; -struct isis_header { - u_char nlpid; - u_char fixed_len; - u_char version; /* Protocol version? */ - u_char id_length; - u_char enc_pdu_type; /* 3 MSbs are reserved */ - u_char pkt_version; /* Packet format version? */ - u_char reserved; - u_char enc_max_area; - u_char circuit; - u_char enc_source_id[SYSTEM_ID_LEN]; - u_char enc_holding_time[2]; - u_char enc_packet_len[2]; - u_char enc_priority; - u_char enc_lan_id[SYSTEM_ID_LEN+1]; +struct isis_iih_lan_header { + u_char circuit_type; + u_char source_id[SYSTEM_ID_LEN]; + u_char holding_time[2]; + u_char pdu_len[2]; + u_char priority; + u_char lan_id[SYSTEM_ID_LEN+1]; }; -struct isis_lan_header { - u_char circuit; - u_char enc_source_id[SYSTEM_ID_LEN]; - u_char enc_holding_time[2]; - u_char enc_packet_len[2]; - u_char enc_priority; - u_char enc_lan_id[SYSTEM_ID_LEN+1]; + +struct isis_iih_ptp_header { + u_char circuit_type; + u_char source_id[SYSTEM_ID_LEN]; + u_char holding_time[2]; + u_char pdu_len[2]; + u_char circuit_id; }; -struct isis_ptp_header { - u_char circuit; - u_char enc_source_id[SYSTEM_ID_LEN]; - u_char enc_holding_time[2]; - u_char enc_packet_len[2]; - u_char loc_circuit_id; +struct isis_lsp_header { + u_char pdu_len[2]; + u_char remaining_lifetime[2]; + u_char lsp_id[SYSTEM_ID_LEN+2]; + u_char sequence_number[4]; + u_char checksum[2]; + u_char typeblock; }; -#define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header)) -#define ISIS_HEADER_SIZE (15+(SYSTEM_ID_LEN<<1)) -#define ISIS_PTP_HEADER_SIZE (14+SYSTEM_ID_LEN) -#define L1_LS_PDU_HEADER_SIZE (21+SYSTEM_ID_LEN) -#define L2_LS_PDU_HEADER_SIZE L1_LS_PDU_HEADER_SIZE -#define L1_COMPLETE_SEQ_PDU_HEADER_SIZE 33 -#define L2_COMPLETE_SEQ_PDU_HEADER_SIZE L1_COMPLETE_SEQ_PDU_HEADER_SIZE +struct isis_csnp_header { + u_char pdu_len[2]; + u_char source_id[SYSTEM_ID_LEN+1]; + u_char start_lsp_id[SYSTEM_ID_LEN+2]; + u_char end_lsp_id[SYSTEM_ID_LEN+2]; +}; +struct isis_psnp_header { + u_char pdu_len[2]; + u_char source_id[SYSTEM_ID_LEN+1]; +}; +struct isis_tlv_lsp { + u_char remaining_lifetime[2]; + u_char lsp_id[SYSTEM_ID_LEN+2]; + u_char sequence_number[4]; + u_char checksum[2]; +}; + +#define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header)) +#define ISIS_IIH_LAN_HEADER_SIZE (sizeof(struct isis_iih_lan_header)) +#define ISIS_IIH_PTP_HEADER_SIZE (sizeof(struct isis_iih_ptp_header)) +#define ISIS_LSP_HEADER_SIZE (sizeof(struct isis_lsp_header)) +#define ISIS_CSNP_HEADER_SIZE (sizeof(struct isis_csnp_header)) +#define ISIS_PSNP_HEADER_SIZE (sizeof(struct isis_psnp_header)) -void -isoclns_print(const u_char *p, u_int length, u_int caplen, +void isoclns_print(const u_char *p, u_int length, u_int caplen, const u_char *esrc, const u_char *edst) { u_char pdu_type; - struct isis_header *header; + const struct isis_common_header *header; - header = (struct isis_header *)p; - pdu_type = header->enc_pdu_type & PDU_TYPE_MASK; + header = (const struct isis_common_header *)p; + pdu_type = header->pdu_type & PDU_TYPE_MASK; if (caplen < 1) { printf("[|iso-clns] "); - if (!eflag) + if (!eflag && esrc != NULL && edst != NULL) printf("%s > %s", etheraddr_string(esrc), etheraddr_string(edst)); @@ -192,50 +296,46 @@ isoclns_print(const u_char *p, u_int length, u_int caplen, switch (*p) { case NLPID_CLNS: - printf("iso clns"); - if (!eflag) - (void)printf(" %s > %s", + (void)printf("CLNS(%d)", length); + if (!eflag && esrc != NULL && edst != NULL) + (void)printf(", %s > %s", etheraddr_string(esrc), etheraddr_string(edst)); break; case NLPID_ESIS: - printf("iso esis"); - if (!eflag) - (void)printf(" %s > %s", + (void)printf("ESIS"); + if (!eflag && esrc != NULL && edst != NULL) + (void)printf(", %s > %s", etheraddr_string(esrc), etheraddr_string(edst)); esis_print(p, length); return; case NLPID_ISIS: - printf("iso isis"); - if (!eflag) { - if(pdu_type != PTP_IIH) - (void)printf(" %s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); - } - (void)printf(" len=%d ", length); + (void)printf("ISIS(%d)", length); + if (!eflag && esrc != NULL && edst != NULL) + (void)printf(", %s > %s", + etheraddr_string(esrc), + etheraddr_string(edst)); if (!isis_print(p, length)) - default_print_unaligned(p, caplen); + default_print_unaligned(p, caplen); break; case NLPID_NULLNS: - printf("iso nullns"); - if (!eflag) - (void)printf(" %s > %s", + (void)printf("ISO NULLNS(%d)", length); + if (!eflag && esrc != NULL && edst != NULL) + (void)printf(", %s > %s", etheraddr_string(esrc), etheraddr_string(edst)); break; default: - printf("iso clns %02x", p[0]); - if (!eflag) - (void)printf(" %s > %s", + (void)printf("CLNS %02x(%d)", p[0], length); + if (!eflag && esrc != NULL && edst != NULL) + (void)printf(", %s > %s", etheraddr_string(esrc), etheraddr_string(edst)); - (void)printf(" len=%d ", length); if (caplen > 1) default_print_unaligned(p, caplen); break; @@ -258,17 +358,19 @@ static void esis_print(const u_char *p, u_int length) { const u_char *ep; - int li = p[1]; - const struct esis_hdr *eh = (const struct esis_hdr *) &p[2]; + u_int li; + const struct esis_hdr *eh; u_char off[2]; - if (length == 2) { + if (length <= 2) { if (qflag) printf(" bad pkt!"); else printf(" no header at all!"); return; } + li = p[1]; + eh = (const struct esis_hdr *) &p[2]; ep = p + li; if (li > length) { if (qflag) @@ -374,7 +476,7 @@ esis_print(const u_char *p, u_int length) } if (vflag) while (p < ep && li) { - int op, opli; + u_int op, opli; const u_char *q; if (snapend - p < 2) @@ -400,7 +502,7 @@ esis_print(const u_char *p, u_int length) continue; } printf (" %d:<", op); - while (--opli >= 0) + while (opli-- > 0) printf("%02x", *q++); printf (">"); } @@ -410,181 +512,438 @@ esis_print(const u_char *p, u_int length) * print_nsap * Print out an NSAP. */ +static int +print_nsap(register const u_char *cp, register int length) +{ + int i; + + for (i = 0; i < length; i++) { + if (!TTEST2(*cp, 1)) + return (0); + printf("%02x", *cp++); + if (((i & 1) == 0) && (i + 1 < length)) { + printf("."); + } + } + return (1); +} + +static int +isis_print_sysid(const u_char *cp) +{ + int i; + + for (i = 1; i <= 6; i++) { + if (!TTEST2(*cp, 1)) + return (0); + printf("%02x", *cp++); + if ((i==2)^(i==4)) { + printf("."); + } + } + return (1); +} + +static int +isis_print_nodeid(const u_char *cp) +{ + int i; + + for (i = 1; i <= 7; i++) { + if (!TTEST2(*cp, 1)) + return (0); + printf("%02x", *cp++); + if ((i & 1) == 0) { + printf("."); + } + } + return (1); +} static void -print_nsap (register const u_char *cp, register int length) +isis_print_lspid(const u_char *cp) { - int i; - - for (i = 0; i < length; i++) { - printf("%02x", *cp++); - if (((i & 1) == 0) && (i + 1 < length)) { - printf("."); + int i; + + for (i = 1; i <= 7; i++) { + printf("%02x", *cp++); + if ((i & 1) == 0) + printf("."); } + printf("-%02x", *cp); +} - } +static int +isis_print_tlv_ip_reach (const u_char *cp, int length) +{ + int bitmasks[33] = { + 0x00000000, + 0x80000000, 0xc0000000, 0xe0000000, 0xf0000000, + 0xf8000000, 0xfc000000, 0xfe000000, 0xff000000, + 0xff800000, 0xffc00000, 0xffe00000, 0xfff00000, + 0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000, + 0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000, + 0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00, + 0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0, + 0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff + }; + int mask, prefix_len; + const struct isis_tlv_ip_reach *tlv_ip_reach; + + tlv_ip_reach = (const struct isis_tlv_ip_reach *)cp; + + while (length > 0) { + if (length < sizeof(*tlv_ip_reach)) { + printf("short IP reachability (%d vs %lu)", length, + (unsigned long)sizeof(*tlv_ip_reach)); + return (0); + } + + if (!TTEST(*tlv_ip_reach)) + return (0); + + mask = EXTRACT_32BITS(tlv_ip_reach->mask); + prefix_len = 0; + + while (prefix_len <= 33) { + if (bitmasks[prefix_len++] == mask) { + prefix_len--; + break; + } + } + + /* + * 34 indicates no match -> must be a discontiguous netmask + * lets dump the mask, otherwise print the prefix_len + */ + if (prefix_len == 34) + printf("\n\t\t\tIPv4 prefix: %u.%u.%u.%u mask %u.%u.%u.%u", + (tlv_ip_reach->prefix)[0], + (tlv_ip_reach->prefix)[1], + (tlv_ip_reach->prefix)[2], + (tlv_ip_reach->prefix)[3], + (tlv_ip_reach->mask)[0], (tlv_ip_reach->mask)[1], + (tlv_ip_reach->mask)[2], (tlv_ip_reach->mask)[3]); + else + printf("\n\t\t\tIPv4 prefix: %u.%u.%u.%u/%u", + (tlv_ip_reach->prefix)[0], + (tlv_ip_reach->prefix)[1], + (tlv_ip_reach->prefix)[2], + (tlv_ip_reach->prefix)[3], prefix_len); + + printf("\n\t\t\t Default Metric: %02d, %s, Distribution: %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->metric_default), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->metric_default) ? "External" : "Internal", + ISIS_LSP_TLV_METRIC_UPDOWN(tlv_ip_reach->metric_default) ? "down" : "up"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->metric_delay)) + printf("\n\t\t\t Delay Metric: %02d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->metric_delay), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->metric_delay) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->metric_expense)) + printf("\n\t\t\t Expense Metric: %02d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->metric_expense), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->metric_expense) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->metric_error)) + printf("\n\t\t\t Error Metric: %02d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->metric_error), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->metric_error) ? "External" : "Internal"); + + length -= sizeof(struct isis_tlv_ip_reach); + tlv_ip_reach++; + } + return (1); } /* * isis_print * Decode IS-IS packets. Return 0 on error. - * - * So far, this is only smart enough to print IIH's. Someday... */ -static int -isis_print (const u_char *p, u_int length) +static int isis_print (const u_char *p, u_int length) { - struct isis_header *header; - struct isis_ptp_header *header_ptp; - u_char pdu_type, max_area, priority, type, len, tmp, alen; - const u_char *pptr, *tptr; - u_short packet_len, holding_time; - int i; - - header = (struct isis_header *)p; - header_ptp = (struct isis_ptp_header *)header; - printf("\n\t\t\t"); - + const struct isis_common_header *header; + + const struct isis_iih_lan_header *header_iih_lan; + const struct isis_iih_ptp_header *header_iih_ptp; + const struct isis_lsp_header *header_lsp; + const struct isis_csnp_header *header_csnp; + const struct isis_psnp_header *header_psnp; + + const struct isis_tlv_lsp *tlv_lsp; + const struct isis_tlv_ptp_adj *tlv_ptp_adj; + const struct isis_tlv_is_reach *tlv_is_reach; + + u_char pdu_type, max_area, type, len, tmp, alen, subl, subt, tslen, ttslen; + const u_char *optr, *pptr, *tptr; + u_short packet_len,pdu_len; + u_int i,j,bit_length,byte_length,metric; + u_char prefix[4]; /* copy buffer for ipv4 prefixes */ +#ifdef INET6 + u_char prefix6[16]; /* copy buffer for ipv6 prefixes */ +#endif + u_char off[2]; + float bw; /* copy buffer for several subTLVs of the extended IS reachability TLV */ + + packet_len=length; + optr = p; /* initialize the _o_riginal pointer - need it for parsing the checksum TLV */ + header = (const struct isis_common_header *)p; + TCHECK(*header); + pptr = p+(ISIS_COMMON_HEADER_SIZE); + header_iih_lan = (const struct isis_iih_lan_header *)pptr; + header_iih_ptp = (const struct isis_iih_ptp_header *)pptr; + header_lsp = (const struct isis_lsp_header *)pptr; + header_csnp = (const struct isis_csnp_header *)pptr; + header_psnp = (const struct isis_psnp_header *)pptr; + /* * Sanity checking of the header. */ if (header->nlpid != NLPID_ISIS) { - printf(" coding error!"); - return(0); + printf(", coding error!"); + return (0); } if (header->version != ISIS_VERSION) { - printf(" version %d packet not supported", header->version); - return(0); + printf(", version %d packet not supported", header->version); + return (0); } if ((header->id_length != SYSTEM_ID_LEN) && (header->id_length != 0)) { - printf(" system ID length of %d is not supported", + printf(", system ID length of %d is not supported", header->id_length); - return(0); - } - - if ((header->fixed_len != ISIS_HEADER_SIZE) && - (header->fixed_len != ISIS_PTP_HEADER_SIZE) && - (header->fixed_len != L1_LS_PDU_HEADER_SIZE) && - (header-> fixed_len != L1_COMPLETE_SEQ_PDU_HEADER_SIZE) ) { - printf(" bogus fixed header length %u", - header->fixed_len); - return(0); - } - - pdu_type = header->enc_pdu_type & PDU_TYPE_MASK; - if ((pdu_type != L1_LAN_IIH) && (pdu_type != L2_LAN_IIH) && - (pdu_type != PTP_IIH) && - (pdu_type != L1_COMPLETE_SEQ_PDU) && - (pdu_type != L2_COMPLETE_SEQ_PDU) ) { - printf(" PDU type (%d) not supported", pdu_type); - return(0); + return (0); } if (header->pkt_version != ISIS_VERSION) { - printf(" version %d packet not supported", header->pkt_version); - return(0); + printf(", version %d packet not supported", header->pkt_version); + return (0); } - max_area = header->enc_max_area; + max_area = header->max_area; switch(max_area) { case 0: max_area = 3; /* silly shit */ break; case 255: - printf(" bad packet -- 255 areas"); - return(0); + printf(", bad packet -- 255 areas"); + return (0); default: break; } - switch (header->circuit) { - case 0: - printf(" PDU with circuit type 0"); - return(0); - case 1: - if (pdu_type == L2_LAN_IIH) { - printf(" L2 IIH on an L1 only circuit"); - return(0); + printf(", hlen: %u, v: %u, sys-id-len: 6 (0), max-area: %u (%u)", + header->fixed_len, + header->pkt_version, + max_area, + header->max_area); + + pdu_type=header->pdu_type; + + switch (pdu_type) { + + case L1_LAN_IIH: + case L2_LAN_IIH: + if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { + printf(", bogus fixed header length %u should be %lu", + header->fixed_len, (unsigned long)ISIS_IIH_LAN_HEADER_SIZE); + return (0); } - break; - case 2: - if (pdu_type == L1_LAN_IIH) { - printf(" L1 IIH on an L2 only circuit"); - return(0); + + pdu_len=EXTRACT_16BITS(header_iih_lan->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; } - break; - case 3: - break; - default: - printf(" unknown circuit type"); - return(0); - } - - holding_time = EXTRACT_16BITS(header->enc_holding_time); - - packet_len = EXTRACT_16BITS(header->enc_packet_len); - if ((packet_len < ISIS_HEADER_SIZE) || - (packet_len > length)) { - printf(" bogus packet length %d, real length %d", packet_len, - length); - return(0); - } - if(pdu_type != PTP_IIH) - priority = header->enc_priority & PRIORITY_MASK; + printf(", L%s Lan IIH (%u)", + ISIS_MASK_LEVEL_BITS(pdu_type) ? "1" : "2", + pdu_len); + + TCHECK(*header_iih_lan); + printf("\n\t\t source-id: "); + isis_print_sysid(header_iih_lan->source_id); + printf(", holding time: %us",EXTRACT_16BITS(header_iih_lan->holding_time)); + switch(header_iih_lan->circuit_type) { + + case 1: + printf(", Level 1 only"); + break; - /* - * Now print the fixed header. - */ - switch (pdu_type) { - case L1_LAN_IIH: - printf(" L1 lan iih, "); - break; - case L2_LAN_IIH: - printf(" L2 lan iih, "); + case 2: + printf(", Level 2 only"); + break; + + case 3: + printf(", Level 1, Level 2"); + break; + + default: + printf(", unknown 0x%02x", header_iih_lan->circuit_type); + break; + } + printf("\n\t\t lan-id: "); + isis_print_nodeid(header_iih_lan->lan_id); + printf(", Priority: %u",(header_iih_lan->priority) & PRIORITY_MASK); + + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); break; + case PTP_IIH: - printf(" PTP iih, "); - break; - } + if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { + printf(", bogus fixed header length %u should be %lu", + header->fixed_len, (unsigned long)ISIS_IIH_PTP_HEADER_SIZE); + return (0); + } + + pdu_len=EXTRACT_16BITS(header_iih_ptp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } + + printf(", PTP IIH (%u)",pdu_len); + TCHECK(*header_iih_ptp); + printf("\n\t\t source-id: "); + isis_print_sysid(header_iih_ptp->source_id); + printf(", holding time: %us",EXTRACT_16BITS(header_iih_ptp->holding_time)); + printf(", circuit-id: 0x%02x", header_iih_ptp->circuit_id); + switch(header_iih_ptp->circuit_type) { + + case 1: + printf(", Level 1 only"); + break; + + case 2: + printf(", Level 2 only"); + break; + + case 3: + printf(", Level 1, Level 2"); + break; - printf("circuit "); - switch (header->circuit) { - case 1: - printf("l1 only, "); + default: + printf(", unknown 0x%02x", header_iih_ptp->circuit_type); + break; + } + + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); break; - case 2: - printf("l2 only, "); + + case L1_LSP: + case L2_LSP: + if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { + printf(", bogus fixed header length %u should be %lu", + header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE); + return (0); + } + + pdu_len=EXTRACT_16BITS(header_lsp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } + + if (pdu_type == L1_LSP) + printf(", L1 LSP (%u)",pdu_len); + else if (pdu_type == L2_LSP) + printf(", L2 LSP (%u)",pdu_len); + + TCHECK(*header_lsp); + printf("\n\t\t lsp-id: "); + isis_print_lspid(header_lsp->lsp_id); + printf(", sequence number: 0x%08x",EXTRACT_32BITS(header_lsp->sequence_number)); + printf(", lifetime: %5us",EXTRACT_16BITS(header_lsp->remaining_lifetime)); + printf("\n\t\t checksum: 0x%04x",EXTRACT_16BITS(header_lsp->checksum)); + + printf(", %s", ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : ""); + + if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) { + printf("%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""); + printf("%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""); + printf("%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""); + printf("%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""); + printf("ATT bit set, "); + } + printf("%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""); + printf("%s", tok2str(isis_lsp_istype_values,"Unknown(0x%x)",ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))); + + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); break; - case 3: - printf("l1-l2, "); + + case L1_CSNP: + case L2_CSNP: + if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { + printf(", bogus fixed header length %u should be %lu", + header->fixed_len, (unsigned long)ISIS_CSNP_HEADER_SIZE); + return (0); + } + + pdu_len=EXTRACT_16BITS(header_csnp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } + + printf(", L%s CSNP (%u)", ISIS_MASK_LEVEL_BITS(pdu_type) ? "2" : "1", pdu_len); + TCHECK(*header_csnp); + printf("\n\t\t source-id: "); + isis_print_nodeid(header_csnp->source_id); + printf("\n\t\t start lsp-id: "); + isis_print_lspid(header_csnp->start_lsp_id); + printf("\n\t\t end lsp-id: "); + isis_print_lspid(header_csnp->end_lsp_id); + + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + break; + + case L1_PSNP: + case L2_PSNP: + if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { + printf("- bogus fixed header length %u should be %lu", + header->fixed_len, (unsigned long)ISIS_PSNP_HEADER_SIZE); + return (0); + } + + pdu_len=EXTRACT_16BITS(header_psnp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } + + printf(", L%s PSNP (%u)", ISIS_MASK_LEVEL_BITS(pdu_type) ? "2" : "1", pdu_len); + TCHECK(*header_psnp); + printf("\n\t\t source-id: "); + isis_print_nodeid(header_psnp->source_id); + + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); break; - } - printf ("holding time %d ", holding_time); - printf ("\n\t\t\t source %s, length %d", - etheraddr_string(header->enc_source_id), packet_len); - if((pdu_type==L1_LAN_IIH)||(pdu_type==L2_LAN_IIH)) - printf ("\n\t\t\t lan id %s(%d)", etheraddr_string(header->enc_lan_id), - header->enc_lan_id[SYSTEM_ID_LEN]); + default: + printf(", PDU type (0x%02x) not supported", pdu_type); + return (1); + } /* * Now print the TLV's. */ - if(pdu_type==PTP_IIH) { - packet_len -= ISIS_PTP_HEADER_SIZE; - pptr = p + ISIS_PTP_HEADER_SIZE; - } else { - packet_len -= ISIS_HEADER_SIZE; - pptr = p + ISIS_HEADER_SIZE; - } + while (packet_len >= 2) { - if (pptr >= snapend) { - printf("\n\t\t\t packet exceeded snapshot"); - return(1); + if (pptr == snapend) { + return (1); + } + + if (!TTEST2(*pptr, 2)) { + printf("\n\t\t\t packet exceeded snapshot (%ld) bytes", + (long)(pptr-snapend)); + return (1); } type = *pptr++; len = *pptr++; @@ -592,53 +951,593 @@ isis_print (const u_char *p, u_int length) if (len > packet_len) { break; } + printf("\n\t\t "); switch (type) { case TLV_AREA_ADDR: - printf("\n\t\t\t area addresses"); + printf("Area address(es) (%u)",len); tmp = len; tptr = pptr; + if (!TTEST2(*tptr, 1)) + goto trunctlv; alen = *tptr++; while (tmp && alen < tmp) { - printf("\n\t\t\t "); - print_nsap(tptr, alen); - printf(" (%d)", alen); + printf("\n\t\t\tArea address (%u): ",alen); + if (!print_nsap(tptr, alen)) + return (1); tptr += alen; tmp -= alen + 1; + if (tmp==0) /* if this is the last area address do not attemt a boundary check */ + break; + if (!TTEST2(*tptr, 1)) + goto trunctlv; alen = *tptr++; } break; case TLV_ISNEIGH: - printf("\n\t\t\t neighbor addresses"); + printf("IS Neighbor(s) (%u)",len); tmp = len; tptr = pptr; while (tmp >= ETHER_ADDR_LEN) { - printf("\n\t\t\t %s", etheraddr_string(tptr)); + printf("\n\t\t\tIS Neighbor: "); + if (!isis_print_sysid(tptr)) + return (1); tmp -= ETHER_ADDR_LEN; tptr += ETHER_ADDR_LEN; } break; + case TLV_PADDING: - printf("\n\t\t\t padding for %d bytes", len); + printf("Padding (%u)", len); + break; + + case TLV_MT_IS_REACH: + printf("Multi Topology IS Reachability (%u)",len); + tptr=pptr; + tmp=len; + while (tmp>0) { + printf("\n\t\t\t"); + if (!TTEST2(*tptr, 2)) + goto trunctlv; + switch(EXTRACT_16BITS(tptr)&0x0fff) { + + case 0: + printf("IPv4 unicast"); + break; + + case 1: + printf("In-Band Management"); + break; + + case 2: + printf("IPv6 unicast"); + break; + + case 3: + printf("Multicast"); + break; + + case 4095: + printf("Development, Experimental or Proprietary"); + break; + + default: + printf("Reserved for IETF Consensus"); + break; + } + printf(" Topology (0x%03x)",EXTRACT_16BITS(tptr)&0x0fff); + tptr+=2; + printf("\n\t\t\t IS Neighbor: "); + if (!isis_print_nodeid(tptr)) + return (1); + tptr+=(SYSTEM_ID_LEN+1); + if (!TTEST2(*tptr, 3)) + goto trunctlv; + printf(", Metric: %d",EXTRACT_24BITS(tptr)); + tptr+=3; + if (!TTEST2(*tptr, 1)) + goto trunctlv; + tslen=*(tptr++); + printf(", %ssub-TLVs present",tslen ? "" : "no "); + + tptr+=tslen; + tmp-=(13+tslen); + } + break; + + case TLV_EXT_IS_REACH: + printf("Extended IS Reachability (%u)",len); + tptr=pptr; + tmp=len; + while (tmp>0) { + printf("\n\t\t\tIS Neighbor: "); + if (!isis_print_nodeid(tptr)) + return (1); + tptr+=(SYSTEM_ID_LEN+1); + if (!TTEST2(*tptr, 3)) + goto trunctlv; + printf(", Metric: %d",EXTRACT_24BITS(tptr)); + tptr+=3; + if (!TTEST2(*tptr, 1)) + goto trunctlv; + tslen=*(tptr++); + printf(", %ssub-TLVs present",tslen ? "" : "no "); + if (tslen) { + printf(" (%u)",tslen); + ttslen=tslen; + while (ttslen>0) { + if (!TTEST2(*tptr,2)) + goto trunctlv; + printf("\n\t\t\t "); + subt=*(tptr++); + subl=*(tptr++); + switch(subt) { + case SUBTLV_EXT_IS_REACH_ADMIN_GROUP: + printf("Administrative groups: 0x%08x", EXTRACT_32BITS(tptr)); + break; + case SUBTLV_EXT_IS_REACH_MAX_LINK_BW : + if (!TTEST2(*tptr,4)) + goto trunctlv; + j = EXTRACT_32BITS(tptr); + memcpy (&bw, &j, 4); + printf("Maximum link bandwidth : %.3f Mbps", + bw*8/1000000 ); + break; + case SUBTLV_EXT_IS_REACH_RESERVABLE_BW : + if (!TTEST2(*tptr,4)) + goto trunctlv; + j = EXTRACT_32BITS(tptr); + memcpy (&bw, &j, 4); + printf("Reservable link bandwidth: %.3f Mbps", + bw*8/1000000 ); + break; + case SUBTLV_EXT_IS_REACH_UNRESERVED_BW : + printf("Unreserved bandwidth:"); + for (i = 0; i < 8; i++) { + if (!TTEST2(*tptr,4)) + goto trunctlv; + j = EXTRACT_32BITS(tptr); + memcpy (&bw, &j, 4); + printf("\n\t\t\t priority level %d: %.3f Mbps", + i, bw*8/1000000 ); + tptr+=4; + } + tptr-=32; + break; + case SUBTLV_EXT_IS_REACH_TE_METRIC: + if (!TTEST2(*tptr,3)) + goto trunctlv; + printf("Traffic Engineering Metric: %d", EXTRACT_24BITS(tptr)); + break; + case SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: + if (!TTEST2(*tptr,4)) + goto trunctlv; + printf("IPv4 interface address: %s", ipaddr_string(tptr)); + break; + case SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: + if (!TTEST2(*tptr,4)) + goto trunctlv; + printf("IPv4 neighbor address: %s", ipaddr_string(tptr)); + break; + case 250: + case 251: + case 252: + case 253: + case 254: + printf("Reserved for cisco specific extensions, type %d, length %d", subt, subl); + break; + case 255: + printf("Reserved for future expansion, type %d, length %d", subt, subl); + break; + default: + printf("unknown subTLV, type %d, length %d", subt, subl); + } + tptr+=subl; + ttslen-=(subl+2); + } + } + tptr+=tslen; + tmp-=(11+tslen); + } + break; + case TLV_IS_REACH: + printf("IS Reachability (%u)",len); + + tptr=pptr; + + if (!TTEST2(*tptr,1)) /* check if there is one byte left to read out the virtual flag */ + goto trunctlv; + + switch (*tptr) { + case 0: + printf("\n\t\t\tIsNotVirtual"); + break; + case 1: + printf("\n\t\t\tIsVirtual"); + break; + default: + printf("\n\t\t\tbogus virtual flag 0x%02x",(*tptr)); + break; + } + + tptr++; + + tlv_is_reach = (const struct isis_tlv_is_reach *)tptr; + + tmp = len; + while (tmp >= sizeof(struct isis_tlv_is_reach)) { + if (!TTEST(*tlv_is_reach)) + goto trunctlv; + + printf("\n\t\t\tIS Neighbor: "); + isis_print_nodeid(tlv_is_reach->neighbor_nodeid); + + printf(", Default Metric: %d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_is_reach->metric_default), + ISIS_LSP_TLV_METRIC_IE(tlv_is_reach->metric_default) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_is_reach->metric_delay)) + printf("\n\t\t\t Delay Metric: %d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_is_reach->metric_delay), + ISIS_LSP_TLV_METRIC_IE(tlv_is_reach->metric_delay) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_is_reach->metric_expense)) + printf("\n\t\t\t Expense Metric: %d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_is_reach->metric_expense), + ISIS_LSP_TLV_METRIC_IE(tlv_is_reach->metric_expense) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_is_reach->metric_error)) + printf("\n\t\t\t Error Metric: %d, %s", + ISIS_LSP_TLV_METRIC_VALUE(tlv_is_reach->metric_error), + ISIS_LSP_TLV_METRIC_IE(tlv_is_reach->metric_error) ? "External" : "Internal"); + + tmp -= sizeof(struct isis_tlv_is_reach); + tlv_is_reach++; + } + break; + + case TLV_IP_REACH: + printf("IP Internal reachability (%u)",len); + if (!isis_print_tlv_ip_reach(pptr, len)) + return (1); + break; + + case TLV_IP_REACH_EXT: + printf("IP External reachability (%u)",len); + if (!isis_print_tlv_ip_reach(pptr, len)) + return (1); + break; + + case TLV_EXT_IP_REACH: + printf("Extended IP reachability (%u)",len); + i=len; + tptr=pptr; + + while (i>0) { + memset (prefix, 0, 4); + if (!TTEST2(*tptr, 4)) + return (1); + metric = EXTRACT_32BITS(tptr); + tptr+=4; + + if (!TTEST2(*tptr, 1)) + return (1); + j=*(tptr); + bit_length = (*(tptr)++&0x3f); + byte_length = (bit_length + 7) / 8; + if (!TTEST2(*tptr, byte_length)) + return (1); + + memcpy(prefix,tptr,byte_length); + + printf("\n\t\t\tIPv4 prefix: %u.%u.%u.%u/%d", + prefix[0], + prefix[1], + prefix[2], + prefix[3], + bit_length); + + printf("\n\t\t\t Metric: %u, Distribution: %s", + metric, + ISIS_MASK_TLV_EXT_IP_UPDOWN(j) ? "down" : "up"); + + printf(", %ssub-TLVs present", + ISIS_MASK_TLV_EXT_IP_SUBTLV(j) ? "" : "no "); + + if (ISIS_MASK_TLV_EXT_IP_SUBTLV(j)) { + if (!TTEST2(*tptr, 1)) + return (1); + printf(" (%u)",*tptr); /* no subTLV decoder supported - just print out subTLV length */ + i-=*tptr; + tptr+=*tptr++; + } + + i-=(5+byte_length); + tptr+=byte_length; + } break; - case TLV_AUTHENT: - printf("\n\t\t\t authentication data"); - default_print(pptr, len); + +#ifdef INET6 + + case TLV_IP6_REACH: + printf("IP6 reachability (%u)",len); + i=len; + tptr=pptr; + + while (i>0) { + if (!TTEST2(*tptr, 4)) + return (1); + metric = EXTRACT_32BITS(tptr); + tptr+=4; + + if (!TTEST2(*tptr, 2)) + return (1); + j=*(tptr++); + bit_length = (*(tptr)++); + byte_length = (bit_length + 7) / 8; + if (!TTEST2(*tptr, byte_length)) + return (1); + + memset(prefix6, 0, 16); + memcpy(prefix6,tptr,byte_length); + + printf("\n\t\t\tIPv6 prefix: %s/%u", + ip6addr_string(prefix6), + bit_length); + + printf("\n\t\t\t Metric: %u, %s, Distribution: %s, %ssub-TLVs present", + metric, + ISIS_MASK_TLV_IP6_IE(j) ? "External" : "Internal", + ISIS_MASK_TLV_IP6_UPDOWN(j) ? "down" : "up", + ISIS_MASK_TLV_IP6_SUBTLV(j) ? "" : "no "); + + if (ISIS_MASK_TLV_IP6_SUBTLV(j)) { + if (!TTEST2(*tptr, 1)) + return (1); + printf(" (%u)",*tptr); /* no subTLV decoder supported - just print out subTLV length */ + i-=*tptr; + tptr+=*tptr++; + } + + i-=(6+byte_length); + tptr+=byte_length; + } + break; +#endif + +#ifdef INET6 + case TLV_IP6ADDR: + printf("IPv6 Interface address(es) (%u)",len); + i=len; + tptr=pptr; + while (i>0) { + if (!TTEST2(*tptr, 16)) + goto trunctlv; + + printf("\n\t\t\tIPv6 interface address: %s", + ip6addr_string(tptr)); + + tptr += 16; + i -= 16; + } + break; +#endif + case TLV_AUTH: + if (!TTEST2(*pptr, 1)) + goto trunctlv; + printf("Authentication (%u)",len); + if (*pptr==SUBTLV_AUTH_SIMPLE) { + printf("\n\t\t\tsimple text password: "); + for(i=1;i<len;i++) { + if (!TTEST2(*(pptr+i), 1)) + goto trunctlv; + printf("%c",*(pptr+i)); + } + } + if (!TTEST2(*pptr, 1)) + goto trunctlv; + if (*pptr==SUBTLV_AUTH_MD5) { + printf("\n\t\t\tMD5 password: "); + for(i=1;i<len;i++) { + if (!TTEST2(*(pptr+i), 1)) + goto trunctlv; + printf("%02x",*(pptr+i)); + } + } + break; + case TLV_PTP_ADJ: - printf("\n\t\t\t PTP adjacency status %s", - isis_ptp_adjancey_values[*pptr].name); + printf("Point-to-point Adjacency State (%u)",len); + tlv_ptp_adj = (const struct isis_tlv_ptp_adj *)pptr; + i=len; + if(i>=1) { + if (!TTEST2(*pptr, 1)) + goto trunctlv; + printf("\n\t\t\tAdjacency State: %s", + tok2str(isis_ptp_adjancey_values, "#0x%x", *pptr)); + i--; + } + if(i>=4) { + if (!TTEST2(tlv_ptp_adj->ext_local_circuit_id, 4)) + goto trunctlv; + printf("\n\t\t\tExtended Local circuit ID: 0x%08x", + EXTRACT_32BITS(tlv_ptp_adj->ext_local_circuit_id)); + i-=4; + } + if(i>=6) { + if (!TTEST2(tlv_ptp_adj->neighbor_sysid, 6)) + goto trunctlv; + printf("\n\t\t\tNeighbor SystemID: "); + isis_print_sysid(tlv_ptp_adj->neighbor_sysid); + i-=6; + } + if(i>=4) { + if (!TTEST2(tlv_ptp_adj->neighbor_ext_local_circuit_id, 4)) + goto trunctlv; + printf("\n\t\t\tNeighbor Extended Local circuit ID: 0x%08x", + EXTRACT_32BITS(tlv_ptp_adj->neighbor_ext_local_circuit_id)); + } break; + case TLV_PROTOCOLS: - printf("\n\t\t\t Supports protocols %s", (len>1)? "are":"is"); - for(i=0;i<len;i++) - printf(" %02X", (u_char)*(pptr+i)); + printf("Protocols supported (%u)", len); + printf("\n\t\t\tNLPID(s): "); + for (i = 0; i < len; i++) { + if (!TTEST2(*(pptr+i), 1)) + goto trunctlv; + printf("%s (0x%02x)",tok2str(isis_nlpid_values, "Unknown", *(pptr+i)),*(pptr+i)); + if (i<len-1) + printf(", "); + } break; + + case TLV_TE_ROUTER_ID: + printf("Traffic Engineering Router ID (%u)",len); + if (!TTEST2(*pptr, 4)) + goto trunctlv; + printf("\n\t\t\tTraffic Engineering Router ID: %s", ipaddr_string(pptr)); + break; + case TLV_IPADDR: - printf("\n\t\t\t IP address: %s", ipaddr_string(pptr)); + printf("IPv4 Interface address(es) (%u)",len); + i=len; + tptr=pptr; + while (i>0) { + if (!TTEST2(*tptr, 4)) + goto trunctlv; + printf("\n\t\t\tIPv4 interface address: %s", ipaddr_string(tptr)); + tptr += 4; + i -= 4; + } + break; + + case TLV_HOSTNAME: + printf("Hostname (%u)", len); + printf("\n\t\t\tHostname: "); + for(i = 0; i < len; i++) { + if (!TTEST2(*(pptr+i), 1)) + goto trunctlv; + printf("%c",*(pptr+i)); + } + break; + + case TLV_LSP: + tlv_lsp = (const struct isis_tlv_lsp *)pptr; + printf("LSP entries (%u)", len); + i=0; + while(i<len) { + printf("\n\t\t\tlsp-id: "); + if (!isis_print_nodeid(tlv_lsp->lsp_id)) + return (1); + if (!TTEST((tlv_lsp->lsp_id)[SYSTEM_ID_LEN+1])) + goto trunctlv; + printf("-%02x",(tlv_lsp->lsp_id)[SYSTEM_ID_LEN+1]); + if (!TTEST2(tlv_lsp->sequence_number, 4)) + goto trunctlv; + printf("\n\t\t\t sequence number: 0x%08x",EXTRACT_32BITS(tlv_lsp->sequence_number)); + if (!TTEST2(tlv_lsp->remaining_lifetime, 2)) + goto trunctlv; + printf("\n\t\t\t Remaining lifetime: %5ds",EXTRACT_16BITS(tlv_lsp->remaining_lifetime)); + if (!TTEST2(tlv_lsp->checksum, 2)) + goto trunctlv; + printf("\n\t\t\t checksum: 0x%04x",EXTRACT_16BITS(tlv_lsp->checksum)); + i+=sizeof(struct isis_tlv_lsp); + tlv_lsp++; + } + break; + + case TLV_CHECKSUM: + if (!TTEST2(*pptr, 2)) + goto trunctlv; + printf("Checksum (%u)", len); + printf("\n\t\t\tchecksum: 0x%04x", + EXTRACT_16BITS(pptr)); + + if (osi_cksum(optr, length, off)) + printf(" (incorrect)"); + else + printf(" (correct)"); + break; + + case TLV_MT_SUPPORTED: + printf("Multi Topology (%u)",len); + i=len; + tptr=pptr; + while (i>1) { + /* length can only be a multiple of 2, otherwise there is + something broken -> so decode down until length is 1 */ + if (i!=1) { + if (!TTEST2(*tptr, 2)) + goto trunctlv; + printf("\n\t\t\t"); + switch(EXTRACT_16BITS(tptr)&0x0fff) { + + case 0: + printf("IPv4 unicast"); + break; + + case 1: + printf("In-Band Management"); + break; + + case 2: + printf("IPv6 unicast"); + break; + + case 3: + printf("Multicast"); + break; + + case 4095: + printf("Development, Experimental or Proprietary"); + break; + + default: + printf("Reserved for IETF Consensus"); + break; + } + printf(" Topology (0x%03x)%s%s", + EXTRACT_16BITS(tptr)&0xfff, + (EXTRACT_16BITS(tptr)&0x8000) ? "" : ", no sub-TLVs present", + (EXTRACT_16BITS(tptr)&0x4000) ? ", ATT bit set" : "" ); + } else { + printf("\n\t\t\tmalformed MT-ID"); + break; + } + i-=2; + tptr+=2; + } + break; + + case TLV_RESTART_SIGNALING: + tptr=pptr; + printf("Restart Signaling (%u)",len); + if (!TTEST2(*tptr, 3)) + goto trunctlv; + + printf("\n\t\t\tRestart Request bit %s, Restart Acknowledgement bit %s\n\t\t\tRemaining holding time: %us", + ISIS_MASK_RESTART_RR(*tptr) ? "set" : "clear", + ISIS_MASK_RESTART_RA(*tptr++) ? "set" : "clear", + EXTRACT_16BITS(tptr)); + break; + default: - printf("\n\t\t\t unknown TLV, type %d, length %d", type, len); + printf("unknown TLV, type %d, length %d\n\t\t\t", type, len); + tptr=pptr; + + for(i=0;i<len;i++) { + if (!TTEST2(*(tptr+i), 1)) + goto trunctlv; + printf("%02x",*(tptr+i)); /* formatted hex output of unknown TLV data */ + if (i%2) + printf(" "); + if (i/16!=(i+1)/16) { + if (i<(len-1)) + printf("\n\t\t\t"); + } + } break; } @@ -649,6 +1548,14 @@ isis_print (const u_char *p, u_int length) if (packet_len != 0) { printf("\n\t\t\t %d straggler bytes", packet_len); } + return (1); + +trunc: + fputs("[|isis]", stdout); + return (1); + +trunctlv: + printf("\n\t\t\t packet exceeded snapshot"); return(1); } @@ -657,7 +1564,7 @@ isis_print (const u_char *p, u_int length) */ static int -osi_cksum(register const u_char *p, register int len, u_char *off) +osi_cksum(register const u_char *p, register u_int len, u_char *off) { int32_t c0 = 0, c1 = 0; @@ -673,3 +1580,4 @@ osi_cksum(register const u_char *p, register int len, u_char *off) } return (c0 | c1); } + diff --git a/contrib/tcpdump/print-llc.c b/contrib/tcpdump/print-llc.c index a31d6ad2..39994a8 100644 --- a/contrib/tcpdump/print-llc.c +++ b/contrib/tcpdump/print-llc.c @@ -26,7 +26,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.32 2000/12/18 07:55:36 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.43 2001/10/08 21:25:22 fenner Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -48,6 +48,7 @@ static const char rcsid[] = #include "extract.h" /* must come after interface.h */ #include "llc.h" +#include "ethertype.h" static struct tok cmd2str[] = { { LLC_UI, "ui" }, @@ -83,23 +84,47 @@ llc_print(const u_char *p, u_int length, u_int caplen, memcpy((char *)&llc, (char *)p, min(caplen, sizeof(llc))); if (llc.ssap == LLCSAP_GLOBAL && llc.dsap == LLCSAP_GLOBAL) { + /* + * This is an Ethernet_802.3 IPX frame; it has an + * 802.3 header (i.e., an Ethernet header where the + * type/length field is <= ETHERMTU, i.e. it's a length + * field, not a type field), but has no 802.2 header - + * the IPX packet starts right after the Ethernet header, + * with a signature of two bytes of 0xFF (which is + * LLCSAP_GLOBAL). + * + * (It might also have been an Ethernet_802.3 IPX at + * one time, but got bridged onto another network, + * such as an 802.11 network; this has appeared in at + * least one capture file.) + */ ipx_print(p, length); return (1); } - /* Cisco Discovery Protocol - SNAP & ether type 0x2000 */ - if(llc.ssap == LLCSAP_SNAP && llc.dsap == LLCSAP_SNAP && - llc.llcui == LLC_UI && - llc.ethertype[0] == 0x20 && llc.ethertype[1] == 0x00 ) { - cdp_print( p, length, caplen, esrc, edst); - return (1); - } - if (llc.ssap == LLCSAP_8021D && llc.dsap == LLCSAP_8021D) { stp_print(p, length); return (1); } - if (llc.ssap == 0xf0 && llc.dsap == 0xf0 + + if (llc.ssap == LLCSAP_IPX && llc.dsap == LLCSAP_IPX && + llc.llcui == LLC_UI) { + /* + * This is an Ethernet_802.2 IPX frame, with an 802.3 + * header and an 802.2 LLC header with the source and + * destination SAPs being the IPX SAP. + * + * Skip DSAP, LSAP, and control field. + */ + p += 3; + length -= 3; + caplen -= 3; + ipx_print(p, length); + return (1); + } + +#ifdef TCPDUMP_DO_SMB + if (llc.ssap == LLCSAP_NETBEUI && llc.dsap == LLCSAP_NETBEUI && (!(llc.llcu & LLC_S_FMT) || llc.llcu == LLC_U_FMT)) { /* * we don't actually have a full netbeui parser yet, but the @@ -140,9 +165,10 @@ llc_print(const u_char *p, u_int length, u_int caplen, length -= 2; caplen -= 2; } - netbeui_print(control, p, p + min(caplen, length)); + netbeui_print(control, p, length); return (1); } +#endif if (llc.ssap == LLCSAP_ISONS && llc.dsap == LLCSAP_ISONS && llc.llcui == LLC_UI) { isoclns_print(p + 3, length - 3, caplen - 3, esrc, edst); @@ -151,6 +177,8 @@ llc_print(const u_char *p, u_int length, u_int caplen, if (llc.ssap == LLCSAP_SNAP && llc.dsap == LLCSAP_SNAP && llc.llcui == LLC_UI) { + u_int32_t orgcode; + if (caplen < sizeof(llc)) { (void)printf("[|llc-snap]"); default_print((u_char *)p, caplen); @@ -163,16 +191,51 @@ llc_print(const u_char *p, u_int length, u_int caplen, length -= sizeof(llc); p += sizeof(llc); - /* This is an encapsulated Ethernet packet */ - et = EXTRACT_16BITS(&llc.ethertype[0]); - ret = ether_encap_print(et, p, length, caplen, - extracted_ethertype); - if (ret) - return (ret); + orgcode = EXTRACT_24BITS(&llc.llc_orgcode[0]); + et = EXTRACT_16BITS(&llc.llc_ethertype[0]); + switch (orgcode) { + case OUI_ENCAP_ETHER: + case OUI_CISCO_90: + /* + * This is an encapsulated Ethernet packet, + * or a packet bridged by some piece of + * Cisco hardware; the protocol ID is + * an Ethernet protocol type. + */ + ret = ether_encap_print(et, p, length, caplen, + extracted_ethertype); + if (ret) + return (ret); + break; + + case OUI_APPLETALK: + if (et == ETHERTYPE_ATALK) { + /* + * No, I have no idea why Apple used one + * of their own OUIs, rather than + * 0x000000, and an Ethernet packet + * type, for Appletalk data packets, + * but used 0x000000 and an Ethernet + * packet type for AARP packets. + */ + ret = ether_encap_print(et, p, length, caplen, + extracted_ethertype); + if (ret) + return (ret); + } + break; + + case OUI_CISCO: + if (et == ETHERTYPE_CISCO_CDP) { + cdp_print(p, length, caplen, esrc, edst); + return 1; + } + break; + } } if ((llc.ssap & ~LLC_GSAP) == llc.dsap) { - if (eflag) + if (eflag || esrc == NULL || edst == NULL) (void)printf("%s ", llcsap_string(llc.dsap)); else (void)printf("%s > %s %s ", @@ -180,7 +243,7 @@ llc_print(const u_char *p, u_int length, u_int caplen, etheraddr_string(edst), llcsap_string(llc.dsap)); } else { - if (eflag) + if (eflag || esrc == NULL || edst == NULL) (void)printf("%s > %s ", llcsap_string(llc.ssap & ~LLC_GSAP), llcsap_string(llc.dsap)); @@ -221,14 +284,6 @@ llc_print(const u_char *p, u_int length, u_int caplen, caplen -= 3; } } - - if (cmd == LLC_UI && f == 'C') { - /* - * we don't have a proper ipx decoder yet, but there - * is a partial one in the smb code - */ - ipx_netbios_print(p,p+min(caplen,length)); - } } else { char f; diff --git a/contrib/tcpdump/print-nfs.c b/contrib/tcpdump/print-nfs.c index 289535e..743339e 100644 --- a/contrib/tcpdump/print-nfs.c +++ b/contrib/tcpdump/print-nfs.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-nfs.c,v 1.87 2000/10/07 05:53:12 itojun Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-nfs.c,v 1.89 2001/07/08 08:01:43 itojun Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -1207,7 +1207,7 @@ parserddires(const u_int32_t *dp) int er; dp = parsestatus(dp, &er); - if (dp == 0 || er) + if (dp == NULL || er) return (0); if (qflag) return (1); @@ -1489,7 +1489,8 @@ interp_reply(const struct rpc_msg *rp, u_int32_t proc, u_int32_t vers, int lengt case NFSPROC_ACCESS: printf(" access"); - dp = parserep(rp, length); + if (!(dp = parserep(rp, length))) + break; if (!(dp = parsestatus(dp, &er))) break; if (vflag) diff --git a/contrib/tcpdump/print-ntp.c b/contrib/tcpdump/print-ntp.c index 0e09612..409a592 100644 --- a/contrib/tcpdump/print-ntp.c +++ b/contrib/tcpdump/print-ntp.c @@ -27,7 +27,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ntp.c,v 1.31 2000/10/06 04:23:13 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ntp.c,v 1.32 2001/08/20 15:36:57 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -63,7 +63,6 @@ ntp_print(register const u_char *cp, u_int length) { register const struct ntpdata *bp; int mode, version, leapind; - static char rclock[5]; bp = (struct ntpdata *)cp; /* Note funny sized packets */ @@ -158,9 +157,7 @@ ntp_print(register const u_char *cp, u_int length) break; case PRIM_REF: - strncpy(rclock, (char *)&(bp->refid), 4); - rclock[4] = '\0'; - fputs(rclock, stdout); + fn_printn((char *)&(bp->refid), 4, NULL); break; case INFO_QUERY: diff --git a/contrib/tcpdump/print-null.c b/contrib/tcpdump/print-null.c index 8da9a95..18e4a45 100644 --- a/contrib/tcpdump/print-null.c +++ b/contrib/tcpdump/print-null.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.40 2000/12/16 22:00:50 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.41 2001/07/05 18:54:15 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -115,6 +115,7 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) const struct ip *ip; u_int family; + ++infodelay; ts_print(&h->ts); memcpy((char *)&family, (char *)p, sizeof(family)); @@ -162,5 +163,8 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) if (xflag) default_print((const u_char *)ip, caplen - NULL_HDRLEN); putchar('\n'); + --infodelay; + if (infoprint) + info(0); } diff --git a/contrib/tcpdump/print-pim.c b/contrib/tcpdump/print-pim.c index 2e6ff72..209c552 100644 --- a/contrib/tcpdump/print-pim.c +++ b/contrib/tcpdump/print-pim.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-pim.c,v 1.23 2000/10/03 02:55:00 itojun Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-pim.c,v 1.29 2001/07/04 21:36:15 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -71,280 +71,287 @@ static void pimv2_print(register const u_char *bp, register u_int len); static void pimv1_join_prune_print(register const u_char *bp, register u_int len) { - int maddrlen, addrlen, ngroups, njoin, nprune; - int njp; - - /* If it's a single group and a single source, use 1-line output. */ - if (TTEST2(bp[0], 30) && bp[11] == 1 && - ((njoin = EXTRACT_16BITS(&bp[20])) + EXTRACT_16BITS(&bp[22])) == 1) { - int hold; - - (void)printf(" RPF %s ", ipaddr_string(bp)); - hold = EXTRACT_16BITS(&bp[6]); - if (hold != 180) { - (void)printf("Hold "); - relts_print(hold); - } - (void)printf("%s (%s/%d, %s", njoin ? "Join" : "Prune", - ipaddr_string(&bp[26]), bp[25] & 0x3f, - ipaddr_string(&bp[12])); - if (EXTRACT_32BITS(&bp[16]) != 0xffffffff) - (void)printf("/%s", ipaddr_string(&bp[16])); - (void)printf(") %s%s %s", + int maddrlen, addrlen, ngroups, njoin, nprune; + int njp; + + /* If it's a single group and a single source, use 1-line output. */ + if (TTEST2(bp[0], 30) && bp[11] == 1 && + ((njoin = EXTRACT_16BITS(&bp[20])) + EXTRACT_16BITS(&bp[22])) == 1) { + int hold; + + (void)printf(" RPF %s ", ipaddr_string(bp)); + hold = EXTRACT_16BITS(&bp[6]); + if (hold != 180) { + (void)printf("Hold "); + relts_print(hold); + } + (void)printf("%s (%s/%d, %s", njoin ? "Join" : "Prune", + ipaddr_string(&bp[26]), bp[25] & 0x3f, + ipaddr_string(&bp[12])); + if (EXTRACT_32BITS(&bp[16]) != 0xffffffff) + (void)printf("/%s", ipaddr_string(&bp[16])); + (void)printf(") %s%s %s", (bp[24] & 0x01) ? "Sparse" : "Dense", (bp[25] & 0x80) ? " WC" : "", (bp[25] & 0x40) ? "RP" : "SPT"); - return; - } - - TCHECK2(bp[0], 4); - (void)printf("\n Upstream Nbr: %s", ipaddr_string(bp)); - TCHECK2(bp[6], 2); - (void)printf("\n Hold time: "); - relts_print(EXTRACT_16BITS(&bp[6])); - bp += 8; len -= 8; - - TCHECK2(bp[0], 4); - maddrlen = bp[1]; - addrlen = bp[2]; - ngroups = bp[3]; - bp += 4; len -= 4; - while (ngroups--) { + return; + } + TCHECK2(bp[0], 4); - (void)printf("\n\tGroup: %s", ipaddr_string(bp)); - if (EXTRACT_32BITS(&bp[4]) != 0xffffffff) - (void)printf("/%s", ipaddr_string(&bp[4])); - TCHECK2(bp[8], 4); - njoin = EXTRACT_16BITS(&bp[8]); - nprune = EXTRACT_16BITS(&bp[10]); - (void)printf(" joined: %d pruned: %d", njoin, nprune); - bp += 12; len -= 12; - for (njp = 0; njp < (njoin + nprune); njp++) { - char *type; - - if (njp < njoin) { - type = "Join "; - } else { - type = "Prune"; - } - TCHECK2(bp[0], 6); - (void)printf("\n\t%s %s%s%s%s/%d", type, + if (vflag > 1) + (void)printf("\n"); + (void)printf(" Upstream Nbr: %s", ipaddr_string(bp)); + TCHECK2(bp[6], 2); + if (vflag > 1) + (void)printf("\n"); + (void)printf(" Hold time: "); + relts_print(EXTRACT_16BITS(&bp[6])); + if (vflag < 2) + return; + bp += 8; + len -= 8; + + TCHECK2(bp[0], 4); + maddrlen = bp[1]; + addrlen = bp[2]; + ngroups = bp[3]; + bp += 4; + len -= 4; + while (ngroups--) { + TCHECK2(bp[0], 4); + (void)printf("\n\tGroup: %s", ipaddr_string(bp)); + if (EXTRACT_32BITS(&bp[4]) != 0xffffffff) + (void)printf("/%s", ipaddr_string(&bp[4])); + TCHECK2(bp[8], 4); + njoin = EXTRACT_16BITS(&bp[8]); + nprune = EXTRACT_16BITS(&bp[10]); + (void)printf(" joined: %d pruned: %d", njoin, nprune); + bp += 12; + len -= 12; + for (njp = 0; njp < (njoin + nprune); njp++) { + char *type; + + if (njp < njoin) + type = "Join "; + else + type = "Prune"; + TCHECK2(bp[0], 6); + (void)printf("\n\t%s %s%s%s%s/%d", type, (bp[0] & 0x01) ? "Sparse " : "Dense ", (bp[1] & 0x80) ? "WC " : "", (bp[1] & 0x40) ? "RP " : "SPT ", - ipaddr_string(&bp[2]), bp[1] & 0x3f); - bp += 6; len -= 6; + ipaddr_string(&bp[2]), bp[1] & 0x3f); + bp += 6; + len -= 6; + } } - } - return; + return; trunc: - (void)printf("[|pim]"); - return; + (void)printf("[|pim]"); + return; } void pimv1_print(register const u_char *bp, register u_int len) { - register const u_char *ep; - register u_char type; + register const u_char *ep; + register u_char type; - ep = (const u_char *)snapend; - if (bp >= ep) - return; + ep = (const u_char *)snapend; + if (bp >= ep) + return; - type = bp[1]; + type = bp[1]; - switch (type) { - case 0: - (void)printf(" Query"); - if (TTEST(bp[8])) { - switch (bp[8] >> 4) { - case 0: (void)printf(" Dense-mode"); + switch (type) { + case 0: + (void)printf(" Query"); + if (TTEST(bp[8])) { + switch (bp[8] >> 4) { + case 0: + (void)printf(" Dense-mode"); break; - case 1: (void)printf(" Sparse-mode"); + case 1: + (void)printf(" Sparse-mode"); break; - case 2: (void)printf(" Sparse-Dense-mode"); + case 2: + (void)printf(" Sparse-Dense-mode"); break; - default: (void)printf(" mode-%d", bp[8] >> 4); + default: + (void)printf(" mode-%d", bp[8] >> 4); break; + } } - } - if (vflag) { - TCHECK2(bp[10],2); - (void)printf(" (Hold-time "); - relts_print(EXTRACT_16BITS(&bp[10])); - (void)printf(")"); - } - break; - - case 1: - (void)printf(" Register"); - TCHECK2(bp[8], 20); /* ip header */ - (void)printf(" for %s > %s", ipaddr_string(&bp[20]), - ipaddr_string(&bp[24])); - break; - - case 2: - (void)printf(" Register-Stop"); - TCHECK2(bp[12], 4); - (void)printf(" for %s > %s", ipaddr_string(&bp[8]), - ipaddr_string(&bp[12])); - break; - - case 3: - (void)printf(" Join/Prune"); - if (vflag) { - pimv1_join_prune_print(&bp[8], len - 8); - } - break; + if (vflag) { + TCHECK2(bp[10],2); + (void)printf(" (Hold-time "); + relts_print(EXTRACT_16BITS(&bp[10])); + (void)printf(")"); + } + break; - case 4: - (void)printf(" RP-reachable"); - if (vflag) { - TCHECK2(bp[22], 2); - (void)printf(" group %s", + case 1: + (void)printf(" Register"); + TCHECK2(bp[8], 20); /* ip header */ + (void)printf(" for %s > %s", ipaddr_string(&bp[20]), + ipaddr_string(&bp[24])); + break; + case 2: + (void)printf(" Register-Stop"); + TCHECK2(bp[12], 4); + (void)printf(" for %s > %s", ipaddr_string(&bp[8]), + ipaddr_string(&bp[12])); + break; + case 3: + (void)printf(" Join/Prune"); + if (vflag) + pimv1_join_prune_print(&bp[8], len - 8); + break; + case 4: + (void)printf(" RP-reachable"); + if (vflag) { + TCHECK2(bp[22], 2); + (void)printf(" group %s", ipaddr_string(&bp[8])); + if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) + (void)printf("/%s", ipaddr_string(&bp[12])); + (void)printf(" RP %s hold ", ipaddr_string(&bp[16])); + relts_print(EXTRACT_16BITS(&bp[22])); + } + break; + case 5: + (void)printf(" Assert"); + TCHECK2(bp[16], 4); + (void)printf(" for %s > %s", ipaddr_string(&bp[16]), + ipaddr_string(&bp[8])); if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) (void)printf("/%s", ipaddr_string(&bp[12])); - (void)printf(" RP %s hold ", - ipaddr_string(&bp[16])); - relts_print(EXTRACT_16BITS(&bp[22])); - } - break; - - case 5: - (void)printf(" Assert"); - TCHECK2(bp[16], 4); - (void)printf(" for %s > %s", ipaddr_string(&bp[16]), - ipaddr_string(&bp[8])); - if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) - (void)printf("/%s", ipaddr_string(&bp[12])); - TCHECK2(bp[24], 4); - (void)printf(" %s pref %d metric %d", - (bp[20] & 0x80) ? "RP-tree" : "SPT", + TCHECK2(bp[24], 4); + (void)printf(" %s pref %d metric %d", + (bp[20] & 0x80) ? "RP-tree" : "SPT", EXTRACT_32BITS(&bp[20]) & 0x7fffffff, EXTRACT_32BITS(&bp[24])); - break; - - case 6: - (void)printf(" Graft"); - if (vflag) { - pimv1_join_prune_print(&bp[8], len - 8); - } - break; - - case 7: - (void)printf(" Graft-ACK"); - if (vflag) { - pimv1_join_prune_print(&bp[8], len - 8); + break; + case 6: + (void)printf(" Graft"); + if (vflag) + pimv1_join_prune_print(&bp[8], len - 8); + break; + case 7: + (void)printf(" Graft-ACK"); + if (vflag) + pimv1_join_prune_print(&bp[8], len - 8); + break; + case 8: + (void)printf(" Mode"); + break; + default: + (void)printf(" [type %d]", type); + break; } - break; - - case 8: - (void)printf(" Mode"); - break; - - default: - (void)printf(" [type %d]", type); - break; - } - if ((bp[4] >> 4) != 1) - (void)printf(" [v%d]", bp[4] >> 4); - return; + if ((bp[4] >> 4) != 1) + (void)printf(" [v%d]", bp[4] >> 4); + return; trunc: - (void)printf("[|pim]"); - return; + (void)printf("[|pim]"); + return; } /* * auto-RP is a cisco protocol, documented at - * ftp://ftpeng.cisco.com/ipmulticast/pim-autorp-spec01.txt + * ftp://ftpeng.cisco.com/ipmulticast/specs/pim-autorp-spec01.txt + * + * This implements version 1+, dated Sept 9, 1998. */ void cisco_autorp_print(register const u_char *bp, register u_int len) { - int type; - int numrps; - int hold; - - TCHECK(bp[0]); - (void)printf(" auto-rp "); - type = bp[0]; - switch (type) { - case 0x11: - (void)printf("candidate-advert"); - break; - case 0x12: - (void)printf("mapping"); - break; - default: - (void)printf("type-0x%02x", type); - break; - } - - TCHECK(bp[1]); - numrps = bp[1]; - - TCHECK2(bp[2], 2); - (void)printf(" Hold "); - hold = EXTRACT_16BITS(&bp[2]); - if (hold) - relts_print(EXTRACT_16BITS(&bp[2])); - else - printf("FOREVER"); - - /* Next 4 bytes are reserved. */ - - bp += 8; len -= 8; - - /*XXX skip unless -v? */ - - /* - * Rest of packet: - * numrps entries of the form: - * 32 bits: RP - * 6 bits: reserved - * 2 bits: PIM version supported, bit 0 is "supports v1", 1 is "v2". - * 8 bits: # of entries for this RP - * each entry: 7 bits: reserved, 1 bit: negative, - * 8 bits: mask 32 bits: source - * lather, rinse, repeat. - */ - while (numrps--) { - int nentries; - char s; + int type; + int numrps; + int hold; - TCHECK2(bp[0], 4); - (void)printf(" RP %s", ipaddr_string(bp)); - TCHECK(bp[4]); - switch (bp[4] & 0x3) { - case 0: printf(" PIMv?"); - break; - case 1: printf(" PIMv1"); + TCHECK(bp[0]); + (void)printf(" auto-rp "); + type = bp[0]; + switch (type) { + case 0x11: + (void)printf("candidate-advert"); break; - case 2: printf(" PIMv2"); + case 0x12: + (void)printf("mapping"); break; - case 3: printf(" PIMv1+2"); + default: + (void)printf("type-0x%02x", type); break; } - TCHECK(bp[5]); - nentries = bp[5]; - bp += 6; len -= 6; - s = ' '; - for (; nentries; nentries--) { - TCHECK2(bp[0], 6); - (void)printf("%c%s%s/%d", s, bp[0] & 1 ? "!" : "", - ipaddr_string(&bp[2]), bp[1]); - s = ','; - bp += 6; len -= 6; + + TCHECK(bp[1]); + numrps = bp[1]; + + TCHECK2(bp[2], 2); + (void)printf(" Hold "); + hold = EXTRACT_16BITS(&bp[2]); + if (hold) + relts_print(EXTRACT_16BITS(&bp[2])); + else + printf("FOREVER"); + + /* Next 4 bytes are reserved. */ + + bp += 8; len -= 8; + + /*XXX skip unless -v? */ + + /* + * Rest of packet: + * numrps entries of the form: + * 32 bits: RP + * 6 bits: reserved + * 2 bits: PIM version supported, bit 0 is "supports v1", 1 is "v2". + * 8 bits: # of entries for this RP + * each entry: 7 bits: reserved, 1 bit: negative, + * 8 bits: mask 32 bits: source + * lather, rinse, repeat. + */ + while (numrps--) { + int nentries; + char s; + + TCHECK2(bp[0], 4); + (void)printf(" RP %s", ipaddr_string(bp)); + TCHECK(bp[4]); + switch (bp[4] & 0x3) { + case 0: printf(" PIMv?"); + break; + case 1: printf(" PIMv1"); + break; + case 2: printf(" PIMv2"); + break; + case 3: printf(" PIMv1+2"); + break; + } + if (bp[4] & 0xfc) + (void)printf(" [rsvd=0x%02x]", bp[4] & 0xfc); + TCHECK(bp[5]); + nentries = bp[5]; + bp += 6; len -= 6; + s = ' '; + for (; nentries; nentries--) { + TCHECK2(bp[0], 6); + (void)printf("%c%s%s/%d", s, bp[0] & 1 ? "!" : "", + ipaddr_string(&bp[2]), bp[1]); + if (bp[0] & 0xfe) + (void)printf("[rsvd=0x%02x]", bp[0] & 0xfe); + s = ','; + bp += 6; len -= 6; + } } - } - return; + return; trunc: - (void)printf("[|autorp]"); - return; + (void)printf("[|autorp]"); + return; } void @@ -361,11 +368,11 @@ pim_print(register const u_char *bp, register u_int len) #endif switch (PIM_VER(pim->pim_typever)) { - case 2: /* avoid hardcoding? */ + case 2: /* avoid hardcoding? */ (void)printf("pim v2"); pimv2_print(bp, len); break; - default: + default: (void)printf("pim v%d", PIM_VER(pim->pim_typever)); break; } @@ -417,11 +424,6 @@ static int pimv2_addr_len; enum pimv2_addrtype { pimv2_unicast, pimv2_group, pimv2_source }; -#if 0 -static char *addrtypestr[] = { - "unicast", "group", "source" -}; -#endif /* 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -455,19 +457,19 @@ pimv2_addr_print(const u_char *bp, enum pimv2_addrtype at, int silent) if (pimv2_addr_len == 0) { TCHECK(bp[1]); switch (bp[0]) { - case 1: + case 1: af = AF_INET; afstr = "IPv4"; len = 4; break; #ifdef INET6 - case 2: + case 2: af = AF_INET6; afstr = "IPv6"; len = 16; break; #endif - default: + default: return -1; } if (bp[1] != 0) @@ -475,17 +477,17 @@ pimv2_addr_print(const u_char *bp, enum pimv2_addrtype at, int silent) hdrlen = 2; } else { switch (pimv2_addr_len) { - case 4: + case 4: af = AF_INET; afstr = "IPv4"; break; #ifdef INET6 - case 16: + case 16: af = AF_INET6; afstr = "IPv6"; break; #endif - default: + default: return -1; break; } @@ -495,7 +497,7 @@ pimv2_addr_print(const u_char *bp, enum pimv2_addrtype at, int silent) bp += hdrlen; switch (at) { - case pimv2_unicast: + case pimv2_unicast: TCHECK2(bp[0], len); if (af == AF_INET) { if (!silent) @@ -508,8 +510,8 @@ pimv2_addr_print(const u_char *bp, enum pimv2_addrtype at, int silent) } #endif return hdrlen + len; - case pimv2_group: - case pimv2_source: + case pimv2_group: + case pimv2_source: TCHECK2(bp[0], len + 2); if (af == AF_INET) { if (!silent) { @@ -567,7 +569,7 @@ pimv2_print(register const u_char *bp, register u_int len) (void)printf("[RFC2117-encoding] "); switch (PIM_TYPE(pim->pim_typever)) { - case 0: + case 0: { u_int16_t otype, olen; (void)printf(" Hello"); @@ -584,20 +586,13 @@ pimv2_print(register const u_char *bp, register u_int len) (void)printf(")"); break; - /* XXX - * draft-ietf-idmr-pimv2-dr-priority-00.txt - * says that DR-Priority is option 19. - * draft-ietf-pim-v2-sm-00.txt says it's 18. - */ - case 18: /* DR-Priority */ - (void)printf(" (DR-Priority: %d)", EXTRACT_32BITS(&bp[4])); - break; - - case 19: /* Bidir-Capable */ - if (olen == 4) - (void)printf(" (OLD-DR-Priority: %d)", EXTRACT_32BITS(&bp[4])); - else - (void)printf(" (bidir-capable)"); + case 19: /* DR-Priority */ + (void)printf(" (DR-Priority: "); + if (olen != 4) { + (void)printf("!olen=%d!)", olen); + } else { + (void)printf("%d)", EXTRACT_32BITS(&bp[4])); + } break; case 20: @@ -605,13 +600,21 @@ pimv2_print(register const u_char *bp, register u_int len) break; case 21: - (void)printf(" (State Refresh Capable"); - if (EXTRACT_32BITS(&bp[4]) != 1) { - (void)printf(" ?0x%x?", EXTRACT_32BITS(&bp[4])); + (void)printf(" (State Refresh Capable; v%d", bp[4]); + if (bp[5] != 0) { + (void)printf(" interval "); + relts_print(bp[5]); + } + if (EXTRACT_16BITS(&bp[6]) != 0) { + (void)printf(" ?0x%04x?", EXTRACT_16BITS(&bp[6])); } (void)printf(")"); break; + case 22: /* Bidir-Capable */ + (void)printf(" (bidir-capable)"); + break; + default: if (vflag) (void)printf(" [Hello option %d]", otype); @@ -621,8 +624,8 @@ pimv2_print(register const u_char *bp, register u_int len) break; } - case 1: - { + case 1: + { struct ip *ip; (void)printf(" Register"); @@ -637,24 +640,24 @@ pimv2_print(register const u_char *bp, register u_int len) break; ip = (struct ip *)bp; switch (IP_V(ip)) { - case 4: /* IPv4 */ + case 4: /* IPv4 */ printf(" "); ip_print(bp, len); break; #ifdef INET6 - case 6: /* IPv6 */ + case 6: /* IPv6 */ printf(" "); ip6_print(bp, len); break; #endif - default: + default: (void)printf(" IP ver %d", IP_V(ip)); break; } break; - } + } - case 2: + case 2: (void)printf(" Register-Stop"); bp += 4; len -= 4; if (bp >= ep) @@ -675,9 +678,9 @@ pimv2_print(register const u_char *bp, register u_int len) bp += advance; len -= advance; break; - case 3: - case 6: - case 7: + case 3: + case 6: + case 7: { u_int8_t ngroup; u_int16_t holdtime; @@ -686,13 +689,13 @@ pimv2_print(register const u_char *bp, register u_int len) int i, j; switch (PIM_TYPE(pim->pim_typever)) { - case 3: + case 3: (void)printf(" Join/Prune"); break; - case 6: + case 6: (void)printf(" Graft"); break; - case 7: + case 7: (void)printf(" Graft-ACK"); break; } @@ -760,8 +763,8 @@ pimv2_print(register const u_char *bp, register u_int len) break; } - case 4: - { + case 4: + { int i, j, frpcnt; (void)printf(" Bootstrap"); @@ -837,8 +840,8 @@ pimv2_print(register const u_char *bp, register u_int len) } bs_done: break; - } - case 5: + } + case 5: (void)printf(" Assert"); bp += 4; len -= 4; if (bp >= ep) @@ -865,8 +868,8 @@ pimv2_print(register const u_char *bp, register u_int len) (void)printf(" metric=%u", EXTRACT_32BITS(&bp[4])); break; - case 8: - { + case 8: + { int i, pfxcnt; (void)printf(" Candidate-RP-Advertisement"); @@ -903,9 +906,9 @@ pimv2_print(register const u_char *bp, register u_int len) bp += advance; } break; - } + } - case 9: + case 9: (void)printf(" Prune-Refresh"); (void)printf(" src="); if ((advance = pimv2_addr_print(bp, pimv2_unicast, 0)) < 0) { diff --git a/contrib/tcpdump/print-ppp.c b/contrib/tcpdump/print-ppp.c index ebd1ec1..3416ed6 100644 --- a/contrib/tcpdump/print-ppp.c +++ b/contrib/tcpdump/print-ppp.c @@ -33,7 +33,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.58 2000/12/27 11:09:08 itojun Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.64 2001/09/09 02:04:19 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -354,14 +354,14 @@ ppp_protoname(u_int proto) case PPP_XNS: return "XNS"; #endif case PPP_IPX: return "IPX"; + case PPP_OSI: return "OSI"; case PPP_VJC: return "VJC"; case PPP_VJNC: return "VJNC"; -#ifdef PPP_COMP case PPP_COMP: return "COMP"; -#endif case PPP_IPCP: return "IPCP"; case PPP_IPV6CP: return "IPv6CP"; case PPP_IPXCP: return "IPXCP"; + case PPP_OSICP: return "OSICP"; case PPP_CCP: return "CCP"; case PPP_LCP: return "LCP"; case PPP_PAP: return "PAP"; @@ -983,6 +983,11 @@ handle_ppp(u_int proto, const u_char *p, int length) case PPP_IPX: ipx_print(p, length); break; + case PPP_OSI: + isoclns_print(p, length, length, NULL, NULL); + break; + default: + break; } } @@ -1016,7 +1021,8 @@ ppp_print(register const u_char *p, u_int length) length -= 2; } - printf("%s %d: ", ppp_protoname(proto), full_length); + if (eflag) + printf("%s %d: ", ppp_protoname(proto), full_length); handle_ppp(proto, p, length); return; @@ -1033,6 +1039,7 @@ ppp_if_print(u_char *user, const struct pcap_pkthdr *h, register u_int length = h->len; register u_int caplen = h->caplen; + ++infodelay; ts_print(&h->ts); if (caplen < PPP_HDRLEN) { @@ -1095,6 +1102,9 @@ ppp_if_print(u_char *user, const struct pcap_pkthdr *h, default_print(p, caplen); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } /* @@ -1114,6 +1124,9 @@ ppp_hdlc_if_print(u_char *user, const struct pcap_pkthdr *h, register u_int caplen = h->caplen; u_int proto; + ++infodelay; + ts_print(&h->ts); + if (caplen < 2) { printf("[|ppp]"); goto out; @@ -1135,7 +1148,6 @@ ppp_hdlc_if_print(u_char *user, const struct pcap_pkthdr *h, goto out; } - ts_print(&h->ts); if (eflag) printf("%02x %02x %d ", p[0], p[1], length); p += 2; @@ -1144,21 +1156,18 @@ ppp_hdlc_if_print(u_char *user, const struct pcap_pkthdr *h, proto = EXTRACT_16BITS(p); p += 2; length -= 2; - printf("%s: ", ppp_protoname(proto)); + if (eflag) + printf("%s: ", ppp_protoname(proto)); handle_ppp(proto, p, length); break; case CHDLC_UNICAST: case CHDLC_BCAST: - /* - * Have the Cisco HDLC print routine do all the work. - */ - chdlc_if_print(user, h, p); - return; + chdlc_print(p, length, caplen); + goto out; default: - ts_print(&h->ts); if (eflag) printf("%02x %02x %d ", p[0], p[1], length); p += 2; @@ -1177,6 +1186,9 @@ ppp_hdlc_if_print(u_char *user, const struct pcap_pkthdr *h, default_print(p, caplen); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } @@ -1231,6 +1243,7 @@ ppp_bsdos_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *q; int i; + ++infodelay; ts_print(&h->ts); if (caplen < PPP_BSDI_HDRLEN) { @@ -1372,5 +1385,8 @@ printx: default_print((const u_char *)p, caplen - hdrlength); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); #endif /* __bsdi__ */ } diff --git a/contrib/tcpdump/print-sl.c b/contrib/tcpdump/print-sl.c index ed6948a..6f2e872 100644 --- a/contrib/tcpdump/print-sl.c +++ b/contrib/tcpdump/print-sl.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-sl.c,v 1.56 2000/10/10 05:06:10 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-sl.c,v 1.57 2001/07/05 18:54:17 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -62,6 +62,7 @@ sl_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) register u_int length = h->len; register const struct ip *ip; + ++infodelay; ts_print(&h->ts); if (caplen < SLIP_HDRLEN) { @@ -100,6 +101,9 @@ sl_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) default_print((u_char *)ip, caplen - SLIP_HDRLEN); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } @@ -110,6 +114,7 @@ sl_bsdos_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) register u_int length = h->len; register const struct ip *ip; + ++infodelay; ts_print(&h->ts); if (caplen < SLIP_HDRLEN) { @@ -139,6 +144,9 @@ sl_bsdos_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) default_print((u_char *)ip, caplen - SLIP_HDRLEN); out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } static void diff --git a/contrib/tcpdump/print-token.c b/contrib/tcpdump/print-token.c index 158d86a..748c4b6 100644 --- a/contrib/tcpdump/print-token.c +++ b/contrib/tcpdump/print-token.c @@ -20,85 +20,92 @@ * * Hacked version of print-ether.c Larry Lile <lile@stdio.com> * + * Further tweaked to more closely resemble print-fddi.c + * Guy Harris <guy@alum.mit.edu> + * * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /home/ncvs/src/contrib/tcpdump/print-token.c,v 1.1 1999/02/20 11:17:55 julian Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-token.c,v 1.13 2001/09/18 15:46:37 fenner Exp $"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> #include <sys/time.h> #include <sys/socket.h> -#if __STDC__ -struct mbuf; -struct rtentry; -#endif -#include <net/if.h> - -#include "token.h" - #include <netinet/in.h> -#include <net/ethernet.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/ip_var.h> -#include <netinet/udp.h> -#include <netinet/udp_var.h> -#include <netinet/tcp.h> -#include <netinet/tcpip.h> -#include <stdio.h> #include <pcap.h> +#include <stdio.h> +#include <string.h> #include "interface.h" #include "addrtoname.h" #include "ethertype.h" -#include "llc.h" -const u_char *packetp; -const u_char *snapend; +#include "ether.h" +#include "token.h" + +/* Extract src, dst addresses */ +static inline void +extract_token_addrs(const struct token_header *trp, char *fsrc, char *fdst) +{ + memcpy(fdst, (const char *)trp->token_dhost, 6); + memcpy(fsrc, (const char *)trp->token_shost, 6); +} +/* + * Print the TR MAC header + */ static inline void -token_print(register const u_char *bp, u_int length) +token_print(register const struct token_header *trp, register u_int length, + register const u_char *fsrc, register const u_char *fdst) { - register const struct token_header *tp; - register const struct llc *lp; - u_short ether_type; - - tp = (const struct token_header *)bp; - lp = (struct llc *)(bp + TOKEN_HDR_LEN); - - if (IS_SOURCE_ROUTED) { - tp->ether_shost[0] = tp->ether_shost[0] & 0x7f; - lp = (struct llc *)(bp + TOKEN_HDR_LEN + RIF_LENGTH); - } - - /* - * Ethertype on ethernet is a short, but ethertype in an llc-snap has - * been defined as 2 u_chars. This is a stupid little hack to fix - * this for now but something better should be done using ntohs() - * XXX - */ - ether_type = ((u_short)lp->ethertype[1] << 16) | lp->ethertype[0]; - - if (qflag) - (void)printf("%s %s %d: ", - etheraddr_string(ESRC(tp)), - etheraddr_string(EDST(tp)), - length); + const char *srcname, *dstname; + + srcname = etheraddr_string(fsrc); + dstname = etheraddr_string(fdst); + + if (vflag) + (void) printf("%02x %02x %s %s %d: ", + trp->token_ac, + trp->token_fc, + srcname, dstname, + length); else - (void)printf("%s %s %s %d: ", - etheraddr_string(ESRC(tp)), - etheraddr_string(EDST(tp)), - etherproto_string(ether_type), - length); + printf("%s %s %d: ", srcname, dstname, length); } +static const char *broadcast_indicator[] = { + "Non-Broadcast", "Non-Broadcast", + "Non-Broadcast", "Non-Broadcast", + "All-routes", "All-routes", + "Single-route", "Single-route" +}; + +static const char *direction[] = { + "Forward", "Backward" +}; + +static const char *largest_frame[] = { + "516", + "1500", + "2052", + "4472", + "8144", + "11407", + "17800", + "??" +}; + /* * This is the top level routine of the printer. 'p' is the points - * to the ether header of the packet, 'tvp' is the timestamp, + * to the TR header of the packet, 'tvp' is the timestamp, * 'length' is the length of the packet off the wire, and 'caplen' * is the number of bytes actually captured. */ @@ -107,83 +114,103 @@ token_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; - struct token_header *tp; - u_short ether_type; + const struct token_header *trp; u_short extracted_ethertype; - u_int route_len = 0, seg; - struct llc *lp; + struct ether_header ehdr; + u_int route_len = 0, seg; - tp = (struct token_header *)p; + trp = (const struct token_header *)p; + ++infodelay; ts_print(&h->ts); - if (caplen < TOKEN_HDR_LEN) { + if (caplen < TOKEN_HDRLEN) { printf("[|token-ring]"); goto out; } - + /* + * Get the TR addresses into a canonical form + */ + extract_token_addrs(trp, (char*)ESRC(&ehdr), (char*)EDST(&ehdr)); /* * Some printers want to get back at the ethernet addresses, * and/or check that they're not walking off the end of the packet. * Rather than pass them all the way down, we set these globals. */ - tp = (struct token_header *)p; - - /* Adjust for source routing information in the MAC header */ - if (IS_SOURCE_ROUTED) { - - if (eflag) - token_print(p, length); - - route_len = RIF_LENGTH; - if (vflag) { - if (vflag > 1) - printf("ac %x fc %x ", tp->ac, tp->fc); - ether_type = ntohs((int)lp->ethertype); - - printf("%s ", broadcast_indicator[BROADCAST]); - printf("%s", direction[DIRECTION]); + snapend = p + caplen; + /* + * Actually, the only printers that use packetp are print-arp.c + * and print-bootp.c, and they assume that packetp points to an + * Ethernet header. The right thing to do is to fix them to know + * which link type is in use when they excavate. XXX + */ + packetp = (u_char *)&ehdr; + + /* Adjust for source routing information in the MAC header */ + if (IS_SOURCE_ROUTED(trp)) { + /* Clear source-routed bit */ + *ESRC(&ehdr) &= 0x7f; + + if (eflag) + token_print(trp, length, ESRC(&ehdr), EDST(&ehdr)); + + route_len = RIF_LENGTH(trp); + if (vflag) { + printf("%s ", broadcast_indicator[BROADCAST(trp)]); + printf("%s", direction[DIRECTION(trp)]); - for (seg = 0; seg < SEGMENT_COUNT; seg++) - printf(" [%d:%d]", RING_NUMBER(seg), BRIDGE_NUMBER(seg)); - } else { - printf("rt = %x", ntohs(tp->rcf)); + for (seg = 0; seg < SEGMENT_COUNT(trp); seg++) + printf(" [%d:%d]", RING_NUMBER(trp, seg), + BRIDGE_NUMBER(trp, seg)); + } else { + printf("rt = %x", ntohs(trp->token_rcf)); - for (seg = 0; seg < SEGMENT_COUNT; seg++) - printf(":%x", ntohs(tp->rseg[seg])); - } - printf(" (%s) ", largest_frame[LARGEST_FRAME]); - } else { - if (eflag) - token_print(p, length); - } - - /* Set pointer to llc header, adjusted for routing information */ - lp = (struct llc *)(p + TOKEN_HDR_LEN + route_len); - - packetp = p; - snapend = p + caplen; + for (seg = 0; seg < SEGMENT_COUNT(trp); seg++) + printf(":%x", ntohs(trp->token_rseg[seg])); + } + printf(" (%s) ", largest_frame[LARGEST_FRAME(trp)]); + } else { + if (eflag) + token_print(trp, length, ESRC(&ehdr), EDST(&ehdr)); + } - /* Skip over token ring MAC header */ - length -= TOKEN_HDR_LEN + route_len; - caplen -= TOKEN_HDR_LEN + route_len; - p += TOKEN_HDR_LEN + route_len; + /* Skip over token ring MAC header and routing information */ + length -= TOKEN_HDRLEN + route_len; + p += TOKEN_HDRLEN + route_len; + caplen -= TOKEN_HDRLEN + route_len; + /* Frame Control field determines interpretation of packet */ extracted_ethertype = 0; - /* Try to print the LLC-layer header & higher layers */ - if (llc_print(p, length, caplen, ESRC(tp), EDST(tp), &extracted_ethertype) == 0) { - /* ether_type not known, print raw packet */ - if (!eflag) - token_print((u_char *)tp, length); - if (extracted_ethertype) { - printf("(LLC %s) ", - etherproto_string(htons(extracted_ethertype))); + if (FRAME_TYPE(trp) == TOKEN_FC_LLC) { + /* Try to print the LLC-layer header & higher layers */ + if (llc_print(p, length, caplen, ESRC(&ehdr), EDST(&ehdr), + &extracted_ethertype) == 0) { + /* ether_type not known, print raw packet */ + if (!eflag) + token_print(trp, + length + TOKEN_HDRLEN + route_len, + ESRC(&ehdr), EDST(&ehdr)); + if (extracted_ethertype) { + printf("(LLC %s) ", + etherproto_string(htons(extracted_ethertype))); + } + if (!xflag && !qflag) + default_print(p, caplen); } + } else { + /* Some kinds of TR packet we cannot handle intelligently */ + /* XXX - dissect MAC packets if frame type is 0 */ + if (!eflag) + token_print(trp, length + TOKEN_HDRLEN + route_len, + ESRC(&ehdr), EDST(&ehdr)); if (!xflag && !qflag) default_print(p, caplen); } if (xflag) default_print(p, caplen); - out: +out: putchar('\n'); + --infodelay; + if (infoprint) + info(0); } diff --git a/contrib/tcpdump/print-udp.c b/contrib/tcpdump/print-udp.c index 2e703bb..536e9af 100644 --- a/contrib/tcpdump/print-udp.c +++ b/contrib/tcpdump/print-udp.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-udp.c,v 1.90 2000/12/23 20:55:22 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-udp.c,v 1.101 2001/10/08 21:25:24 fenner Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -56,12 +56,6 @@ static const char rcsid[] = #include "ip6.h" #endif -#ifdef NOERROR -#undef NOERROR /* Solaris sucks */ -#endif -#ifdef T_UNSPEC -#undef T_UNSPEC /* SINIX does too */ -#endif #include "nameser.h" #include "nfs.h" #include "bootp.h" @@ -122,14 +116,14 @@ vat_print(const void *hdr, u_int len, register const struct udphdr *up) u_int ts = *(u_int16_t *)hdr; if ((ts & 0xf060) != 0) { /* probably vt */ - (void)printf(" udp/vt %u %d / %d", + (void)printf("udp/vt %u %d / %d", (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up)), ts & 0x3ff, ts >> 10); } else { /* probably vat */ u_int32_t i0 = (u_int32_t)ntohl(((u_int *)hdr)[0]); u_int32_t i1 = (u_int32_t)ntohl(((u_int *)hdr)[1]); - printf(" udp/vat %u c%d %u%s", + printf("udp/vat %u c%d %u%s", (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up) - 8), i0 & 0xffff, i1, i0 & 0x800000? "*" : ""); @@ -173,7 +167,7 @@ rtp_print(const void *hdr, u_int len, register const struct udphdr *up) ip += 1; len -= 1; } - printf(" udp/%s %d c%d %s%s %d %u", + printf("udp/%s %d c%d %s%s %d %u", ptype, dlen, contype, @@ -296,7 +290,6 @@ static int udp_cksum(register const struct ip *ip, register const struct udphdr *up, register int len) { - int i, tlen; union phu { struct phdr { u_int32_t src; @@ -308,33 +301,17 @@ static int udp_cksum(register const struct ip *ip, u_int16_t pa[6]; } phu; register const u_int16_t *sp; - u_int32_t sum; - tlen = ntohs(ip->ip_len) - ((const char *)up-(const char*)ip); /* pseudo-header.. */ - phu.ph.len = htons(tlen); + phu.ph.len = htons(len); phu.ph.mbz = 0; phu.ph.proto = IPPROTO_UDP; memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t)); memcpy(&phu.ph.dst, &ip->ip_dst.s_addr, sizeof(u_int32_t)); sp = &phu.pa[0]; - sum = sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]; - - sp = (const u_int16_t *)up; - - for (i=0; i<(tlen&~1); i+= 2) - sum += *sp++; - - if (tlen & 1) { - sum += htons( (*(const u_int8_t *)sp) << 8); - } - - while (sum > 0xffff) - sum = (sum & 0xffff) + (sum >> 16); - sum = ~sum & 0xffff; - - return (sum); + return in_cksum((u_short *)up, len, + sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]); } #ifdef INET6 @@ -398,8 +375,8 @@ static int udp6_cksum(const struct ip6_hdr *ip6, const struct udphdr *up, #define RIP_PORT 520 /*XXX*/ #define KERBEROS_SEC_PORT 750 /*XXX*/ #define L2TP_PORT 1701 /*XXX*/ -#define ISAKMP_PORT_USER1 7500 /*??? - nonstandard*/ -#define ISAKMP_PORT_USER2 8500 /*??? - nonstandard*/ +#define ISAKMP_PORT_USER1 7500 /*XXX - nonstandard*/ +#define ISAKMP_PORT_USER2 8500 /*XXX - nonstandard*/ #define RX_PORT_LOW 7000 /*XXX*/ #define RX_PORT_HIGH 7009 /*XXX*/ #define NETBIOS_NS_PORT 137 @@ -409,6 +386,10 @@ static int udp6_cksum(const struct ip6_hdr *ip6, const struct udphdr *up, #define RADIUS_NEW_PORT 1812 #define RADIUS_ACCOUNTING_PORT 1646 #define RADIUS_NEW_ACCOUNTING_PORT 1813 +#define HSRP_PORT 1985 /*XXX*/ +#define LWRES_PORT 921 +#define ZEPHYR_SRV_PORT 2103 +#define ZEPHYR_CLT_PORT 2104 #ifdef INET6 #define RIPNG_PORT 521 /*XXX*/ @@ -470,7 +451,7 @@ udp_print(register const u_char *bp, u_int length, switch (packettype) { case PT_VAT: - (void)printf("%s.%s > %s.%s:", + (void)printf("%s.%s > %s.%s: ", ipaddr_string(&ip->ip_src), udpport_string(sport), ipaddr_string(&ip->ip_dst), @@ -479,7 +460,7 @@ udp_print(register const u_char *bp, u_int length, break; case PT_WB: - (void)printf("%s.%s > %s.%s:", + (void)printf("%s.%s > %s.%s: ", ipaddr_string(&ip->ip_src), udpport_string(sport), ipaddr_string(&ip->ip_dst), @@ -499,7 +480,7 @@ udp_print(register const u_char *bp, u_int length, break; case PT_RTP: - (void)printf("%s.%s > %s.%s:", + (void)printf("%s.%s > %s.%s: ", ipaddr_string(&ip->ip_src), udpport_string(sport), ipaddr_string(&ip->ip_dst), @@ -571,11 +552,6 @@ udp_print(register const u_char *bp, u_int length, return; } } -#if 0 - (void)printf("%s.%s > %s.%s:", - ipaddr_string(&ip->ip_src), udpport_string(sport), - ipaddr_string(&ip->ip_dst), udpport_string(dport)); -#else #ifdef INET6 if (ip6) { if (ip6->ip6_nxt == IPPROTO_UDP) { @@ -602,18 +578,17 @@ udp_print(register const u_char *bp, u_int length, udpport_string(sport), udpport_string(dport)); } } -#endif if (IP_V(ip) == 4 && vflag && !fragmented) { int sum = up->uh_sum; if (sum == 0) { - (void)printf(" [no cksum]"); + (void)printf("[no cksum] "); } else if (TTEST2(cp[0], length)) { - sum = udp_cksum(ip, up, length); + sum = udp_cksum(ip, up, length + sizeof(struct udphdr)); if (sum != 0) - (void)printf(" [bad udp cksum %x!]", sum); + (void)printf("[bad udp cksum %x!] ", sum); else - (void)printf(" [udp sum ok]"); + (void)printf("[udp sum ok] "); } } #ifdef INET6 @@ -623,9 +598,9 @@ udp_print(register const u_char *bp, u_int length, if (TTEST2(cp[0], length)) { sum = udp6_cksum(ip6, up, length); if (sum != 0) - (void)printf(" [bad udp cksum %x!]", sum); + (void)printf("[bad udp cksum %x!] ", sum); else - (void)printf(" [udp sum ok]"); + (void)printf("[udp sum ok] "); } } #endif @@ -657,14 +632,16 @@ udp_print(register const u_char *bp, u_int length, krb_print((const void *)(up + 1), length); else if (ISPORT(L2TP_PORT)) l2tp_print((const u_char *)(up + 1), length); - else if (ISPORT(NETBIOS_NS_PORT)) { +#ifdef TCPDUMP_DO_SMB + else if (ISPORT(NETBIOS_NS_PORT)) nbt_udp137_print((const u_char *)(up + 1), length); - } - else if (ISPORT(NETBIOS_DGRAM_PORT)) { + else if (ISPORT(NETBIOS_DGRAM_PORT)) nbt_udp138_print((const u_char *)(up + 1), length); - } +#endif else if (dport == 3456) vat_print((const void *)(up + 1), length, up); + else if (ISPORT(ZEPHYR_SRV_PORT) || ISPORT(ZEPHYR_CLT_PORT)) + zephyr_print((const void *)(up + 1), length); /* * Since there are 10 possible ports to check, I think * a <> test would be more efficient @@ -689,14 +666,18 @@ udp_print(register const u_char *bp, u_int length, else if (ISPORT(CISCO_AUTORP_PORT)) cisco_autorp_print((const void *)(up + 1), length); else if (ISPORT(RADIUS_PORT) || - ISPORT(RADIUS_NEW_PORT) || - ISPORT(RADIUS_ACCOUNTING_PORT) || - ISPORT(RADIUS_NEW_ACCOUNTING_PORT) ) - radius_print((const u_char *)(up+1), length); + ISPORT(RADIUS_NEW_PORT) || + ISPORT(RADIUS_ACCOUNTING_PORT) || + ISPORT(RADIUS_NEW_ACCOUNTING_PORT) ) + radius_print((const u_char *)(up+1), length); + else if (dport == HSRP_PORT) + hsrp_print((const u_char *)(up + 1), length); + else if (ISPORT(LWRES_PORT)) + lwres_print((const u_char *)(up + 1), length); else - (void)printf(" udp %u", + (void)printf("udp %u", (u_int32_t)(ulen - sizeof(*up))); #undef ISPORT } else - (void)printf(" udp %u", (u_int32_t)(ulen - sizeof(*up))); + (void)printf("udp %u", (u_int32_t)(ulen - sizeof(*up))); } diff --git a/contrib/tcpdump/tcpdump.1 b/contrib/tcpdump/tcpdump.1 index 64e6144..047c614 100644 --- a/contrib/tcpdump/tcpdump.1 +++ b/contrib/tcpdump/tcpdump.1 @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/tcpdump/tcpdump.1,v 1.92.2.3 2001/03/04 00:19:48 guy Exp $ (LBL) +.\" @(#) $Header: /tcpdump/master/tcpdump/tcpdump.1,v 1.114 2002/01/04 07:37:49 guy Exp $ (LBL) .\" .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -29,10 +29,16 @@ tcpdump \- dump traffic on a network .na .B tcpdump [ -.B \-adeflnNOpqRStvxX +.B \-adeflnNOpqRStuvxX ] [ .B \-c .I count +] +.br +.ti +8 +[ +.B \-C +.I file_size ] [ .B \-F .I file @@ -79,32 +85,103 @@ tcpdump \- dump traffic on a network .SH DESCRIPTION .LP \fITcpdump\fP prints out the headers of packets on a network interface -that match the boolean \fIexpression\fP. +that match the boolean \fIexpression\fP. It can also be run with the +.B \-w +flag, which causes it to save the packet data to a file for later +analysis, and/or with the +.B \-b +flag, which causes it to read from a saved packet file rather than to +read packets from a network interface. In all cases, only packets that +match +.I expression +will be processed by +.IR tcpdump . +.LP +.I Tcpdump +will, if not run with the +.B \-c +flag, continue capturing packets until it is interrupted by a SIGINT +signal (generated, for example, by typing your interrupt character, +typically control-C) or a SIGTERM signal (typically generated with the +.BR kill (1) +command); if run with the +.B \-c +flag, it will capture packets until it is interrupted by a SIGINT or +SIGTERM signal or the specified number of packets have been processed. .LP -.B Under SunOS with nit or bpf: -To run +When .I tcpdump -you must have read access to +finishes capturing packets, it will report counts of: +.IP +packets ``received by filter'' (the meaning of this depends on the OS on +which you're running +.IR tcpdump , +and possibly on the way the OS was configured - if a filter was +specified on the command line, on some OSes it counts packets regardless +of whether they were matched by the filter expression, and on other OSes +it counts only packets that were matched by the filter expression and +were processed by +.IR tcpdump ); +.IP +packets ``dropped by kernel'' (this is the number of packets that were +dropped, due to a lack of buffer space, by the packet capture mechanism +in the OS on which +.I tcpdump +is running, if the OS reports that information to applications; if not, +it will be reported as 0). +.LP +On platforms that support the SIGINFO signal, such as most BSDs, it will +report those counts when it receives a SIGINFO signal (generated, for +example, by typing your ``status'' character, typically control-T) and +will continue capturing packets. +.LP +Reading packets from a network interface may require that you have +special privileges: +.TP +.B Under SunOS 3.x or 4.x with NIT or BPF: +You must have read access to .I /dev/nit or .IR /dev/bpf* . -.B Under Solaris with dlpi: +.TP +.B Under Solaris with DLPI: You must have read/write access to the network pseudo device, e.g. .IR /dev/le . -.B Under HP-UX with dlpi: -You must be root or it must be installed setuid to root. +On at least some versions of Solaris, however, this is not sufficient to +allow +.I tcpdump +to capture in promiscuous mode; on those versions of Solaris, you must +be root, or +.I tcpdump +must be installed setuid to root, in order to capture in promiscuous +mode. +.TP +.B Under HP-UX with DLPI: +You must be root or +.I tcpdump +must be installed setuid to root. +.TP .B Under IRIX with snoop: -You must be root or it must be installed setuid to root. +You must be root or +.I tcpdump +must be installed setuid to root. +.TP .B Under Linux: -You must be root or it must be installed setuid to root. +You must be root or +.I tcpdump +must be installed setuid to root. +.TP .B Under Ultrix and Digital UNIX: Once the super-user has enabled promiscuous-mode operation using .IR pfconfig (8), -any user may run -.BR tcpdump . +any user may capture network traffic with +.IR tcpdump . +.TP .B Under BSD: You must have read access to .IR /dev/bpf* . +.LP +Reading a saved packet file doesn't require special privileges. .SH OPTIONS .TP .B \-a @@ -113,6 +190,16 @@ Attempt to convert network and broadcast addresses to names. .B \-c Exit after receiving \fIcount\fP packets. .TP +.B \-C +Before writing a raw packet to a savefile, check whether the file is +currently larger than \fIfile_size\fP and, if so, close the current +savefile and open a new one. Savefiles after the first savefile will +have the name specified with the +.B \-w +flag, with a number after it, starting at 2 and continuing upward. +The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, +not 1,048,576 bytes). +.TP .B \-d Dump the compiled packet-matching code in a human readable form to standard output and stop. @@ -129,12 +216,13 @@ Dump packet-matching code as decimal numbers (preceded with a count). Print the link-level header on each dump line. .TP .B \-E -Use \fIalgo:secret\fP for decrypting IPsec ESP packets. Algorithms may be -\fBdes-cbc\fP, -\fB3des-cbc\fP, -\fBblowfish-cbc\fP, -\fBrc3-cbc\fP, -\fBcast128-cbc\fP, or +Use \fIalgo:secret\fP for decrypting IPsec ESP packets. +Algorithms may be +\fBdes-cbc\fP, +\fB3des-cbc\fP, +\fBblowfish-cbc\fP, +\fBrc3-cbc\fP, +\fBcast128-cbc\fP, or \fBnone\fP. The default is \fBdes-cbc\fP. The ability to decrypt packets is only present if \fItcpdump\fP was compiled @@ -167,65 +255,86 @@ Ties are broken by choosing the earliest match. .IP On Linux systems with 2.2 or later kernels, an .I interface -argument of ``any'' can be used to capture packets from all interfaces. +argument of ``any'' can be used to capture packets from all interfaces. Note that captures on the ``any'' device will not be done in promiscuous mode. .TP .B \-l -Make stdout line buffered. Useful if you want to see the data -while capturing it. E.g., +Make stdout line buffered. +Useful if you want to see the data +while capturing it. +E.g., .br ``tcpdump\ \ \-l\ \ |\ \ tee dat'' or ``tcpdump\ \ \-l \ \ > dat\ \ &\ \ tail\ \ \-f\ \ dat''. .TP +.B \-m +Load SMI MIB module definitions from file \fImodule\fR. +This option +can be used several times to load several MIB modules into \fItcpdump\fP. +.TP .B \-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. .TP .B \-N -Don't print domain name qualification of host names. E.g., +Don't print domain name qualification of host names. +E.g., if you give this flag then \fItcpdump\fP will print ``nic'' instead of ``nic.ddn.mil''. .TP -.B \-m -Load SMI MIB module definitions from file \fImodule\fR. This option -can be used several times to load several MIB modules into \fItcpdump\fP. -.TP .B \-O -Do not run the packet-matching code optimizer. This is useful only +Do not run the packet-matching code optimizer. +This is useful only if you suspect a bug in the optimizer. .TP .B \-p \fIDon't\fP put the interface -into promiscuous mode. Note that the interface might be in promiscuous +into promiscuous mode. +Note that the interface might be in promiscuous mode for some other reason; hence, `-p' cannot be used as an abbreviation for `ether host {local-hw-addr} or ether broadcast'. .TP .B \-q -Quick (quiet?) output. Print less protocol information so output +Quick (quiet?) output. +Print less protocol information so output lines are shorter. .TP +.B \-R +Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829). +If specified, \fItcpdump\fP will not print replay prevention field. +Since there is no protocol version field in ESP/AH specification, +\fItcpdump\fP cannot deduce the version of ESP/AH protocol. +.TP .B \-r Read packets from \fIfile\fR (which was created with the -w option). Standard input is used if \fIfile\fR is ``-''. .TP +.B \-S +Print absolute, rather than relative, TCP sequence numbers. +.TP .B \-s Snarf \fIsnaplen\fP bytes of data from each packet rather than the default of 68 (with SunOS's NIT, the minimum is actually 96). 68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS -packets (see below). Packets truncated because of a limited snapshot +packets (see below). +Packets truncated because of a limited snapshot are indicated in the output with ``[|\fIproto\fP]'', where \fIproto\fP is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, -decreases the amount of packet buffering. This may cause packets to be -lost. You should limit \fIsnaplen\fP to the smallest number that will -capture the protocol information you're interested in. Setting +decreases the amount of packet buffering. +This may cause packets to be +lost. +You should limit \fIsnaplen\fP to the smallest number that will +capture the protocol information you're interested in. +Setting \fIsnaplen\fP to 0 means use the required length to catch whole packets. .TP .B \-T Force packets selected by "\fIexpression\fP" to be interpreted the -specified \fItype\fR. Currently known types are +specified \fItype\fR. +Currently known types are \fBcnfp\fR (Cisco NetFlow protocol), \fBrpc\fR (Remote Procedure Call), \fBrtp\fR (Real-Time Applications protocol), @@ -235,15 +344,6 @@ specified \fItype\fR. Currently known types are and \fBwb\fR (distributed White Board). .TP -.B \-R -Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829). -If specified, \fItcpdump\fP will not print replay prevention field. -Since there is no protocol version field in ESP/AH specification, -\fItcpdump\fP cannot deduce the version of ESP/AH protocol. -.TP -.B \-S -Print absolute, rather than relative, TCP sequence numbers. -.TP .B \-t \fIDon't\fP print a timestamp on each dump line. .TP @@ -251,32 +351,39 @@ Print absolute, rather than relative, TCP sequence numbers. Print an unformatted timestamp on each dump line. .TP .B \-ttt -Print a delta (in micro-seconds) between current and previous line +Print a delta (in micro-seconds) between current and previous line on each dump line. .TP .B \-tttt Print a timestamp in default format proceeded by date on each dump line. +.B \-u +Print undecoded NFS handles. .TP .B \-v -(Slightly more) verbose output. For example, the time to live, +(Slightly more) verbose output. +For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. .TP .B \-vv -Even more verbose output. For example, additional fields are -printed from NFS reply packets. +Even more verbose output. +For example, additional fields are +printed from NFS reply packets, and SMB packets are fully decoded. .TP .B \-vvv -Even more verbose output. For example, +Even more verbose output. +For example, telnet \fBSB\fP ... \fBSE\fP options -are printed in full. With +are printed in full. +With .B \-X telnet options are printed in hex as well. .TP .B \-w Write the raw packets to \fIfile\fR rather than parsing and printing -them out. They can later be printed with the \-r option. +them out. +They can later be printed with the \-r option. Standard output is used if \fIfile\fR is ``-''. .TP .B \-x @@ -286,7 +393,8 @@ The smaller of the entire packet or bytes will be printed. .TP .B \-X -When printing hex, print ascii too. Thus if +When printing hex, print ascii too. +Thus if .B \-x is also set, the packet is printed in hex/ascii. This is very handy for analysing new protocols. @@ -296,15 +404,18 @@ is not also set, some parts of some packets may be printed in hex/ascii. .IP "\fI expression\fP" .RS -selects which packets will be dumped. If no \fIexpression\fP -is given, all packets on the net will be dumped. Otherwise, +selects which packets will be dumped. +If no \fIexpression\fP +is given, all packets on the net will be dumped. +Otherwise, only packets for which \fIexpression\fP is `true' will be dumped. .LP The \fIexpression\fP consists of one or more .I primitives. Primitives usually consist of an .I id -(name or number) preceded by one or more qualifiers. There are three +(name or number) preceded by one or more qualifiers. +There are three different kinds of qualifier: .IP \fItype\fP qualifiers say what kind of thing the id name or number refers to. @@ -313,7 +424,8 @@ Possible types are .B net and .BR port . -E.g., `host foo', `net 128.3', `port 20'. If there is no type +E.g., `host foo', `net 128.3', `port 20'. +If there is no type qualifier, .B host is assumed. @@ -327,7 +439,8 @@ Possible directions are and .B "src and" .BR dst . -E.g., `src foo', `dst net 128.3', `src or dst port ftp-data'. If +E.g., `src foo', `dst net 128.3', `src or dst port ftp-data'. +If there is no dir qualifier, .B "src or dst" is assumed. @@ -337,7 +450,8 @@ and .B outbound qualifiers can be used to specify a desired direction. .IP \fIproto\fP -qualifiers restrict the match to a particular protocol. Possible +qualifiers restrict the match to a particular protocol. +Possible protos are: .BR ether , .BR fddi , @@ -359,9 +473,11 @@ protos are: .B tcp and .BR udp . -E.g., `ether src foo', `arp net 128.3', `tcp port 21'. If there is +E.g., `ether src foo', `arp net 128.3', `tcp port 21'. +If there is no proto qualifier, all protocols consistent with the type are -assumed. E.g., `src foo' means `(ip or arp or rarp) src foo' +assumed. +E.g., `src foo' means `(ip or arp or rarp) src foo' (except the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port 53' means `(tcp or udp) port 53'. .LP @@ -370,7 +486,8 @@ identically as meaning ``the data link level used on the specified network interface.'' FDDI headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so you can filter on these FDDI fields just as with the -analogous Ethernet fields. FDDI headers also contain other fields, +analogous Ethernet fields. +FDDI headers also contain other fields, but you cannot name them explicitly in a filter expression. .LP Similarly, `tr' is an alias for `ether'; the previous paragraph's @@ -382,15 +499,18 @@ that don't follow the pattern: .BR broadcast , .BR less , .B greater -and arithmetic expressions. All of these are described below. +and arithmetic expressions. +All of these are described below. .LP More complex filter expressions are built up by using the words .BR and , .B or and .B not -to combine primitives. E.g., `host foo and not port ftp and not port ftp-data'. -To save typing, identical qualifier lists can be omitted. E.g., +to combine primitives. +E.g., `host foo and not port ftp and not port ftp-data'. +To save typing, identical qualifier lists can be omitted. +E.g., `tcp dst port ftp or ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'. .LP @@ -418,7 +538,8 @@ which is equivalent to: If \fIhost\fR is a name with multiple IP addresses, each address will be checked for a match. .IP "\fBether dst \fIehost\fP -True if the ethernet destination address is \fIehost\fP. \fIEhost\fP +True if the ethernet destination address is \fIehost\fP. +\fIEhost\fP may be either a name from /etc/ethers or a number (see .IR ethers (3N) for numeric format). @@ -427,11 +548,15 @@ True if the ethernet source address is \fIehost\fP. .IP "\fBether host \fIehost\fP True if either the ethernet source or destination address is \fIehost\fP. .IP "\fBgateway\fP \fIhost\fP -True if the packet used \fIhost\fP as a gateway. I.e., the ethernet +True if the packet used \fIhost\fP as a gateway. +I.e., the ethernet source or destination address was \fIhost\fP but neither the IP source -nor the IP destination was \fIhost\fP. \fIHost\fP must be a name and -must be found in both /etc/hosts and /etc/ethers. (An equivalent -expression is +nor the IP destination was \fIhost\fP. +\fIHost\fP must be a name and +must be found both by the machine's host-name-to-IP-address resolution +mechanisms (host name file, DNS, NIS, etc.) and by the machine's +host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.). +(An equivalent expression is .in +.5i .nf \fBether host \fIehost \fBand not host \fIhost\fR @@ -441,7 +566,8 @@ which can be used with either names or numbers for \fIhost / ehost\fP.) This syntax does not work in IPv6-enabled configuration at this moment. .IP "\fBdst net \fInet\fR" True if the IPv4/v6 destination address of the packet has a network -number of \fInet\fP. \fINet\fP may be either a name from /etc/networks +number of \fInet\fP. +\fINet\fP may be either a name from /etc/networks or a network number (see \fInetworks(4)\fP for details). .IP "\fBsrc net \fInet\fR" True if the IPv4/v6 source address of the packet has a network @@ -449,12 +575,13 @@ number of \fInet\fP. .IP "\fBnet \fInet\fR" True if either the IPv4/v6 source or destination address of the packet has a network number of \fInet\fP. -.IP "\fBnet \fInet\fR \fBmask \fImask\fR" -True if the IP address matches \fInet\fR with the specific netmask. +.IP "\fBnet \fInet\fR \fBmask \fInetmask\fR" +True if the IP address matches \fInet\fR with the specific \fInetmask\fR. May be qualified with \fBsrc\fR or \fBdst\fR. Note that this syntax is not valid for IPv6 \fInet\fR. .IP "\fBnet \fInet\fR/\fIlen\fR" -True if the IPv4/v6 address matches \fInet\fR a netmask \fIlen\fR bits wide. +True if the IPv4/v6 address matches \fInet\fR with a netmask \fIlen\fR +bits wide. May be qualified with \fBsrc\fR or \fBdst\fR. .IP "\fBdst port \fIport\fR" True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a @@ -464,7 +591,8 @@ The \fIport\fP can be a number or a name used in /etc/services (see and .IR udp (4P)). If a name is used, both the port -number and protocol are checked. If a number or ambiguous name is used, +number and protocol are checked. +If a number or ambiguous name is used, only the port number is checked (e.g., \fBdst port 513\fR will print both tcp/login traffic and udp/who traffic, and \fBport domain\fR will print both tcp/domain and udp/domain traffic). @@ -502,13 +630,13 @@ True if the packet is an IP packet (see of protocol type \fIprotocol\fP. \fIProtocol\fP can be a number or one of the names \fIicmp\fP, \fIicmp6\fP, \fIigmp\fP, \fIigrp\fP, \fIpim\fP, \fIah\fP, -\fIesp\fP, \fIudp\fP, or \fItcp\fP. +\fIesp\fP, \fIvrrp\fP, \fIudp\fP, or \fItcp\fP. Note that the identifiers \fItcp\fP, \fIudp\fP, and \fIicmp\fP are also keywords and must be escaped via backslash (\\), which is \\\\ in the C-shell. -Note that this primitive does not chase protocol header chain. +Note that this primitive does not chase the protocol header chain. .IP "\fBip6 proto \fIprotocol\fR" True if the packet is an IPv6 packet of protocol type \fIprotocol\fP. -Note that this primitive does not chase protocol header chain. +Note that this primitive does not chase the protocol header chain. .IP "\fBip6 protochain \fIprotocol\fR" True if the packet is IPv6 packet, and contains protocol header with type \fIprotocol\fR @@ -529,14 +657,17 @@ so this can be somewhat slow. .IP "\fBip protochain \fIprotocol\fR" Equivalent to \fBip6 protochain \fIprotocol\fR, but this is for IPv4. .IP "\fBether broadcast\fR" -True if the packet is an ethernet broadcast packet. The \fIether\fP +True if the packet is an ethernet broadcast packet. +The \fIether\fP keyword is optional. .IP "\fBip broadcast\fR" -True if the packet is an IP broadcast packet. It checks for both +True if the packet is an IP broadcast packet. +It checks for both the all-zeroes and all-ones broadcast conventions, and looks up the local subnet mask. .IP "\fBether multicast\fR" -True if the packet is an ethernet multicast packet. The \fIether\fP +True if the packet is an ethernet multicast packet. +The \fIether\fP keyword is optional. This is shorthand for `\fBether[0] & 1 != 0\fP'. .IP "\fBip multicast\fR" @@ -547,21 +678,46 @@ True if the packet is an IPv6 multicast packet. True if the packet is of ether type \fIprotocol\fR. \fIProtocol\fP can be a number or one of the names \fIip\fP, \fIip6\fP, \fIarp\fP, \fIrarp\fP, \fIatalk\fP, \fIaarp\fP, -\fIdecnet\fP, \fIsca\fP, \fIlat\fP, \fImopdl\fP, \fImoprc\fP, or -\fIiso\fP. +\fIdecnet\fP, \fIsca\fP, \fIlat\fP, \fImopdl\fP, \fImoprc\fP, +\fIiso\fP, \fIstp\fP, \fIipx\fP, or \fInetbeui\fP. Note these identifiers are also keywords and must be escaped via backslash (\\). -[In the case of FDDI (e.g., `\fBfddi protocol arp\fR'), the -protocol identification comes from the 802.2 Logical Link Control -(LLC) header, which is usually layered on top of the FDDI header. -\fITcpdump\fP assumes, when filtering on the protocol identifier, -that all FDDI packets include an LLC header, and that the LLC header -is in so-called SNAP format. The same applies to Token Ring.] +.IP +[In the case of FDDI (e.g., `\fBfddi protocol arp\fR') and Token Ring +(e.g., `\fBtr protocol arp\fR'), for most of those protocols, the +protocol identification comes from the 802.2 Logical Link Control (LLC) +header, which is usually layered on top of the FDDI or Token Ring +header. +.IP +When filtering for most protocol identifiers on FDDI or Token Ring, +\fItcpdump\fR checks only the protocol ID field of an LLC header in +so-called SNAP format with an Organizational Unit Identifier (OUI) of +0x000000, for encapsulated Ethernet; it doesn't check whether the packet +is in SNAP format with an OUI of 0x000000. +.IP +The exceptions are \fIiso\fP, for which it checks the DSAP (Destination +Service Access Point) and SSAP (Source Service Access Point) fields of +the LLC header, \fIstp\fP and \fInetbeui\fP, where it checks the DSAP of +the LLC header, and \fIatalk\fP, where it checks for a SNAP-format +packet with an OUI of 0x080007 and the Appletalk etype. +.IP +In the case of Ethernet, \fItcpdump\fR checks the Ethernet type field +for most of those protocols; the exceptions are \fIiso\fP, \fIsap\fP, +and \fInetbeui\fP, for which it checks for an 802.3 frame and then +checks the LLC header as it does for FDDI and Token Ring, \fIatalk\fP, +where it checks both for the Appletalk etype in an Ethernet frame and +for a SNAP-format packet as it does for FDDI and Token Ring, \fIaarp\fP, +where it checks for the Appletalk ARP etype in either an Ethernet frame +or an 802.2 SNAP frame with an OUI of 0x000000, and \fIipx\fP, where it +checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC +header, the 802.3 with no LLC header encapsulation of IPX, and the IPX +etype in a SNAP frame.] .IP "\fBdecnet src \fIhost\fR" True if the DECNET source address is .IR host , which may be an address of the form ``10.123'', or a DECNET host -name. [DECNET host name support is only available on Ultrix systems +name. +[DECNET host name support is only available on Ultrix systems that are configured to run DECNET.] .IP "\fBdecnet dst \fIhost\fR" True if the DECNET destination address is @@ -569,7 +725,7 @@ True if the DECNET destination address is .IP "\fBdecnet host \fIhost\fR" True if either the DECNET source or destination address is .IR host . -.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR" +.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR, \fBstp\fR, \fBipx\fR, \fInetbeui\fP" Abbreviations for: .in +.5i .nf @@ -641,7 +797,8 @@ length of the packet. For example, `\fBether[0] & 1 != 0\fP' catches all multicast traffic. The expression `\fBip[0] & 0xf != 5\fP' -catches all IP packets with options. The expression +catches all IP packets with options. +The expression `\fBip[6:2] & 0x1fff = 0\fP' catches only unfragmented datagrams and frag zero of fragmented datagrams. This check is implicitly applied to the \fBtcp\fP and \fBudp\fP @@ -649,6 +806,23 @@ index operations. For instance, \fBtcp[0]\fP always means the first byte of the TCP \fIheader\fP, and never means the first byte of an intervening fragment. + +Some offsets and field values may be expressed as names rather than +as numeric values. +The following protocol header field offsets are +available: \fBicmptype\fP (ICMP type field), \fBicmpcode\fP (ICMP +code field), and \fBtcpflags\fP (TCP flags field). + +The following ICMP type field values are available: \fBicmp-echoreply\fP, +\fBicmp-unreach\fP, \fBicmp-sourcequench\fP, \fBicmp-redirect\fP, +\fBicmp-echo\fP, \fBicmp-routeradvert\fP, \fBicmp-routersolicit\fP, +\fBicmp-timxceed\fP, \fBicmp-paramprob\fP, \fBicmp-tstamp\fP, +\fBicmp-tstampreply\fP, \fBicmp-ireq\fP, \fBicmp-ireqreply\fP, +\fBicmp-maskreq\fP, \fBicmp-maskreply\fP. + +The following TCP flags field values are available: \fBtcp-fin\fP, +\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP, \fBtcp-push\fP, +\fBtcp-ack\fP, \fBtcp-urg\fP. .LP Primitives may be combined using: .IP @@ -663,7 +837,8 @@ Alternation (`\fB||\fP' or `\fBor\fP'). .LP Negation has highest precedence. Alternation and concatenation have equal precedence and associate -left to right. Note that explicit \fBand\fR tokens, not juxtaposition, +left to right. +Note that explicit \fBand\fR tokens, not juxtaposition, are now required for concatenation. .LP If an identifier is given without a keyword, the most recent keyword @@ -748,7 +923,7 @@ TCP conversation that involves a non-local host. .RS .nf .B -tcpdump 'tcp[13] & 3 != 0 and not src and dst net \fIlocalnet\fP' +tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net \fIlocalnet\fP' .fi .RE .LP @@ -775,12 +950,13 @@ ping packets): .RS .nf .B -tcpdump 'icmp[0] != 8 and icmp[0] != 0' +tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply' .fi .RE .SH OUTPUT FORMAT .LP -The output of \fItcpdump\fP is protocol dependent. The following +The output of \fItcpdump\fP is protocol dependent. +The following gives a brief description and examples of most of the formats. .de HD .sp 1.5 @@ -795,18 +971,23 @@ and packet length are printed. .LP On FDDI networks, the '-e' option causes \fItcpdump\fP to print the `frame control' field, the source and destination addresses, -and the packet length. (The `frame control' field governs the -interpretation of the rest of the packet. Normal packets (such +and the packet length. +(The `frame control' field governs the +interpretation of the rest of the packet. +Normal packets (such as those containing IP datagrams) are `async' packets, with a priority -value between 0 and 7; for example, `\fBasync4\fR'. Such packets +value between 0 and 7; for example, `\fBasync4\fR'. +Such packets are assumed to contain an 802.2 Logical Link Control (LLC) packet; the LLC header is printed if it is \fInot\fR an ISO datagram or a so-called SNAP packet. .LP On Token Ring networks, the '-e' option causes \fItcpdump\fP to print the `access control' and `frame control' fields, the source and -destination addresses, and the packet length. As on FDDI networks, -packets are assumed to contain an LLC packet. Regardless of whether +destination addresses, and the packet length. +As on FDDI networks, +packets are assumed to contain an LLC packet. +Regardless of whether the '-e' option is specified or not, the source routing information is printed for source-routed packets. .LP @@ -843,7 +1024,8 @@ data and 6 bytes of compressed header: .HD ARP/RARP Packets .LP -Arp/rarp output shows the type of request and its arguments. The +Arp/rarp output shows the type of request and its arguments. +The format is intended to be self explanatory. Here is a short sample taken from the start of an `rlogin' from host \fIrtsg\fP to host \fIcsam\fP: @@ -856,11 +1038,12 @@ arp reply csam is-at CSAM\fR .fi .RE The first line says that rtsg sent an arp packet asking -for the ethernet address of internet host csam. Csam +for the ethernet address of internet host csam. +Csam replies with its ethernet address (in this example, ethernet addresses are in caps and internet addresses in lower case). .LP -This would look less redundant if we had done \fBtcpdump \-n\fP: +This would look less redundant if we had done \fItcpdump \-n\fP: .RS .nf .sp .5 @@ -869,7 +1052,7 @@ arp reply 128.3.254.6 is-at 02:07:01:00:01:c4\fP .fi .RE .LP -If we had done \fBtcpdump \-e\fP, the fact that the first packet is +If we had done \fItcpdump \-e\fP, the fact that the first packet is broadcast and the second is point-to-point would be visible: .RS .nf @@ -886,7 +1069,8 @@ contained hex 0806 (type ETHER_ARP) and the total length was 64 bytes. TCP Packets .LP \fI(N.B.:The following description assumes familiarity with -the TCP protocol described in RFC-793. If you are not familiar +the TCP protocol described in RFC-793. +If you are not familiar with the protocol, neither this description nor \fItcpdump\fP will be of much use to you.)\fP .LP @@ -899,7 +1083,8 @@ The general format of a tcp protocol line is: .fi .RE \fISrc\fP and \fIdst\fP are the source and destination IP -addresses and ports. \fIFlags\fP are some combination of S (SYN), +addresses and ports. +\fIFlags\fP are some combination of S (SYN), F (FIN), P (PUSH) or R (RST) or a single `.' (no flags). \fIData-seqno\fP describes the portion of sequence space covered by the data in this packet (see example below). @@ -910,7 +1095,8 @@ the other direction on this connection. \fIUrg\fP indicates there is `urgent' data in the packet. \fIOptions\fP are tcp options enclosed in angle brackets (e.g., <mss 1024>). .LP -\fISrc, dst\fP and \fIflags\fP are always present. The other fields +\fISrc, dst\fP and \fIflags\fP are always present. +The other fields depend on the contents of the packet's tcp protocol header and are output only if appropriate. .LP @@ -933,7 +1119,8 @@ csam.login > rtsg.1023: P 3:4(1) ack 21 win 4077 urg 1\fR\s+2 .RE The first line says that tcp port 1023 on rtsg sent a packet to port \fIlogin\fP -on csam. The \fBS\fP indicates that the \fISYN\fP flag was set. +on csam. +The \fBS\fP indicates that the \fISYN\fP flag was set. The packet sequence number was 768512 and it contained no data. (The notation is `first:last(nbytes)' which means `sequence numbers \fIfirst\fP @@ -943,25 +1130,31 @@ bytes and there was a max-segment-size option requesting an mss of 1024 bytes. .LP Csam replies with a similar packet except it includes a piggy-backed -ack for rtsg's SYN. Rtsg then acks csam's SYN. The `.' means no +ack for rtsg's SYN. +Rtsg then acks csam's SYN. +The `.' means no flags were set. The packet contained no data so there is no data sequence number. Note that the ack sequence -number is a small integer (1). The first time \fItcpdump\fP sees a +number is a small integer (1). +The first time \fItcpdump\fP sees a tcp `conversation', it prints the sequence number from the packet. On subsequent packets of the conversation, the difference between the current packet's sequence number and this initial sequence number -is printed. This means that sequence numbers after the +is printed. +This means that sequence numbers after the first can be interpreted as relative byte positions in the conversation's data stream (with the -first data byte each direction being `1'). `-S' will override this +first data byte each direction being `1'). +`-S' will override this feature, causing the original sequence numbers to be output. .LP On the 6th line, rtsg sends csam 19 bytes of data (bytes 2 through 20 in the rtsg \(-> csam side of the conversation). The PUSH flag is set in the packet. On the 7th line, csam says it's received data sent by rtsg up to -but not including byte 21. Most of this data is apparently sitting in the +but not including byte 21. +Most of this data is apparently sitting in the socket buffer since csam's receive window has gotten 19 bytes smaller. Csam also sends one byte of data to rtsg in this packet. On the 8th and 9th lines, @@ -970,22 +1163,25 @@ csam sends two bytes of urgent, pushed data to rtsg. If the snapshot was small enough that \fItcpdump\fP didn't capture the full TCP header, it interprets as much of the header as it can and then reports ``[|\fItcp\fP]'' to indicate the remainder could not -be interpreted. If the header contains a bogus option (one with a length +be interpreted. +If the header contains a bogus option (one with a length that's either too small or beyond the end of the header), \fItcpdump\fP reports it as ``[\fIbad opt\fP]'' and does not interpret any further -options (since it's impossible to tell where they start). If the header +options (since it's impossible to tell where they start). +If the header length indicates options are present but the IP datagram length is not long enough for the options to actually be there, \fItcpdump\fP reports it as ``[\fIbad hdr length\fP]''. .HD .B Capturing TCP packets with particular flag combinations (SYN-ACK, URG-ACK, etc.) .PP -There are 6 bits in the control bits section of the TCP header: +There are 8 bits in the control bits section of the TCP header: .IP -.I URG | ACK | PSH | RST | SYN | FIN +.I CWR | ECE | URG | ACK | PSH | RST | SYN | FIN .PP Let's assume that we want to watch packets used in establishing -a TCP connection. Recall that TCP uses a 3-way handshake protocol +a TCP connection. +Recall that TCP uses a 3-way handshake protocol when it initializes a new connection; the connection sequence with regard to the TCP control bits is .PP @@ -1000,8 +1196,10 @@ regard to the TCP control bits is .RE .PP Now we're interested in capturing packets that have only the -SYN bit set (Step 1). Note that we don't want packets from step 2 -(SYN-ACK), just a plain initial SYN. What we need is a correct filter +SYN bit set (Step 1). +Note that we don't want packets from step 2 +(SYN-ACK), just a plain initial SYN. +What we need is a correct filter expression for \fItcpdump\fP. .PP Recall the structure of a TCP header without options: @@ -1015,14 +1213,15 @@ Recall the structure of a TCP header without options: ----------------------------------------------------------------- | acknowledgment number | ----------------------------------------------------------------- -| HL | reserved |U|A|P|R|S|F| window size | +| HL | rsvd |C|E|U|A|P|R|S|F| window size | ----------------------------------------------------------------- | TCP checksum | urgent pointer | ----------------------------------------------------------------- .fi .PP A TCP header usually holds 20 octets of data, unless options are -present. The fist line of the graph contains octets 0 - 3, the +present. +The first line of the graph contains octets 0 - 3, the second line shows octets 4 - 7 etc. .PP Starting to count with 0, the relevant TCP control bits are contained @@ -1031,7 +1230,7 @@ in octet 13: .nf 0 7| 15| 23| 31 ----------------|---------------|---------------|---------------- -| HL | reserved |U|A|P|R|S|F| window size | +| HL | rsvd |C|E|U|A|P|R|S|F| window size | ----------------|---------------|---------------|---------------- | | 13th octet | | | .fi @@ -1041,15 +1240,14 @@ Let's have a closer look at octet no. 13: .nf | | |---------------| - | |U|A|P|R|S|F| + |C|E|U|A|P|R|S|F| |---------------| |7 5 3 0| .fi .PP -We see that this octet contains 2 bytes from the reserved field. -According to RFC 793 this field is reserved for future use and must -be 0. The remaining 6 bits are the TCP control bits we are interested -in. We have numbered the bits in this octet from 0 to 7, right to +These are the TCP control bits we are interested +in. +We have numbered the bits in this octet from 0 to 7, right to left, so the PSH bit is bit number 3, while the URG bit is number 5. .PP Recall that we want to capture packets with only SYN set. @@ -1057,15 +1255,14 @@ Let's see what happens to octet 13 if a TCP datagram arrives with the SYN bit set in its header: .PP .nf - | |U|A|P|R|S|F| + |C|E|U|A|P|R|S|F| |---------------| |0 0 0 0 0 0 1 0| |---------------| |7 6 5 4 3 2 1 0| .fi .PP -We already mentioned that bits number 7 and 6 belong to the -reserved field, so they must must be 0. Looking at the +Looking at the control bits section we see that only bit number 1 (SYN) is set. .PP Assuming that octet number 13 is an 8-bit unsigned integer in @@ -1102,18 +1299,20 @@ the decimal value 2", which is exactly what we want. .PP Now, let's assume that we need to capture SYN packets, but we don't care if ACK or any other TCP control bit is set at the -same time. Let's see what happens to octet 13 when a TCP datagram +same time. +Let's see what happens to octet 13 when a TCP datagram with SYN-ACK set arrives: .PP .nf - | |U|A|P|R|S|F| + |C|E|U|A|P|R|S|F| |---------------| |0 0 0 1 0 0 1 0| |---------------| |7 6 5 4 3 2 1 0| .fi .PP -Now bits 1 and 4 are set in the 13th octet. The binary value of +Now bits 1 and 4 are set in the 13th octet. +The binary value of octet 13 is .IP 00010010 @@ -1127,12 +1326,14 @@ which translates to decimal .PP Now we can't just use 'tcp[13] == 18' in the \fItcpdump\fP filter expression, because that would select only those packets that have -SYN-ACK set, but not those with only SYN set. Remember that we don't care +SYN-ACK set, but not those with only SYN set. +Remember that we don't care if ACK or any other control bit is set as long as SYN is set. .PP In order to achieve our goal, we need to logically AND the binary value of octet 13 with some other value to preserve -the SYN bit. We know that we want SYN to be set in any case, +the SYN bit. +We know that we want SYN to be set in any case, so we'll logically AND the value in the 13th octet with the binary value of a SYN: .PP @@ -1176,7 +1377,8 @@ UDP format is illustrated by this rwho packet: .RE This says that port \fIwho\fP on host \fIactinide\fP sent a udp datagram to port \fIwho\fP on host \fIbroadcast\fP, the Internet -broadcast address. The packet contained 84 bytes of user data. +broadcast address. +The packet contained 84 bytes of user data. .LP Some UDP services are recognized (from the source or destination port number) and the higher level protocol information printed. @@ -1186,7 +1388,8 @@ RPC calls (RFC-1050) to NFS. UDP Name Server Requests .LP \fI(N.B.:The following description assumes familiarity with -the Domain Service protocol described in RFC-1035. If you are not familiar +the Domain Service protocol described in RFC-1035. +If you are not familiar with the protocol, the following description will appear to be written in greek.)\fP .LP @@ -1202,18 +1405,23 @@ Name server requests are formatted as .RE Host \fIh2opolo\fP asked the domain server on \fIhelios\fP for an address record (qtype=A) associated with the name \fIucbvax.berkeley.edu.\fP -The query id was `3'. The `+' indicates the \fIrecursion desired\fP flag -was set. The query length was 37 bytes, not including the UDP and -IP protocol headers. The query operation was the normal one, \fIQuery\fP, -so the op field was omitted. If the op had been anything else, it would +The query id was `3'. +The `+' indicates the \fIrecursion desired\fP flag +was set. +The query length was 37 bytes, not including the UDP and +IP protocol headers. +The query operation was the normal one, \fIQuery\fP, +so the op field was omitted. +If the op had been anything else, it would have been printed between the `3' and the `+'. Similarly, the qclass was the normal one, -\fIC_IN\fP, and omitted. Any other qclass would have been printed +\fIC_IN\fP, and omitted. +Any other qclass would have been printed immediately after the `A'. .LP A few anomalies are checked and may result in extra fields enclosed in -square brackets: If a query contains an answer, name server or -authority section, +square brackets: If a query contains an answer, authority records or +additional records section, .IR ancount , .IR nscount , or @@ -1238,48 +1446,59 @@ helios.domain > h2opolo.1537: 2 NXDomain* 0/1/0 (97)\fR .fi .RE In the first example, \fIhelios\fP responds to query id 3 from \fIh2opolo\fP -with 3 answer records, 3 name server records and 7 authority records. +with 3 answer records, 3 name server records and 7 additional records. The first answer record is type A (address) and its data is internet -address 128.32.137.3. The total size of the response was 273 bytes, -excluding UDP and IP headers. The op (Query) and response code +address 128.32.137.3. +The total size of the response was 273 bytes, +excluding UDP and IP headers. +The op (Query) and response code (NoError) were omitted, as was the class (C_IN) of the A record. .LP In the second example, \fIhelios\fP responds to query 2 with a response code of non-existent domain (NXDomain) with no answers, -one name server and no authority records. The `*' indicates that -the \fIauthoritative answer\fP bit was set. Since there were no +one name server and no authority records. +The `*' indicates that +the \fIauthoritative answer\fP bit was set. +Since there were no answers, no type, class or data were printed. .LP Other flag characters that might appear are `\-' (recursion available, -RA, \fInot\fP set) and `|' (truncated message, TC, set). If the +RA, \fInot\fP set) and `|' (truncated message, TC, set). +If the `question' section doesn't contain exactly one entry, `[\fIn\fPq]' is printed. .LP Note that name server requests and responses tend to be large and the default \fIsnaplen\fP of 68 bytes may not capture enough of the packet -to print. Use the \fB\-s\fP flag to increase the snaplen if you -need to seriously investigate name server traffic. `\fB\-s 128\fP' +to print. +Use the \fB\-s\fP flag to increase the snaplen if you +need to seriously investigate name server traffic. +`\fB\-s 128\fP' has worked well for me. .HD SMB/CIFS decoding .LP \fItcpdump\fP now includes fairly extensive SMB/CIFS/NBT decoding for data -on UDP/137, UDP/138 and TCP/139. Some primitive decoding of IPX and -NetBEUI SMB data is also done. +on UDP/137, UDP/138 and TCP/139. +Some primitive decoding of IPX and +NetBEUI SMB data is also done. By default a fairly minimal decode is done, with a much more detailed -decode done if -v is used. Be warned that with -v a single SMB packet +decode done if -v is used. +Be warned that with -v a single SMB packet may take up a page or more, so only use -v if you really want all the gory details. If you are decoding SMB sessions containing unicode strings then you -may wish to set the environment variable USE_UNICODE to 1. A patch to +may wish to set the environment variable USE_UNICODE to 1. +A patch to auto-detect unicode srings would be welcome. For information on SMB packet formats and what all te fields mean see www.cifs.org or the pub/samba/specs/ directory on your favourite -samba.org mirror site. The SMB patches were written by Andrew Tridgell +samba.org mirror site. +The SMB patches were written by Andrew Tridgell (tridge@samba.org). .HD @@ -1305,8 +1524,10 @@ wrl.nfs > sushi.201b: .RE In the first line, host \fIsushi\fP sends a transaction with id \fI6709\fP to \fIwrl\fP (note that the number following the src host is a -transaction id, \fInot\fP the source port). The request was 112 bytes, -excluding the UDP and IP headers. The operation was a \fIreadlink\fP +transaction id, \fInot\fP the source port). +The request was 112 bytes, +excluding the UDP and IP headers. +The operation was a \fIreadlink\fP (read symbolic link) on file handle (\fIfh\fP) 21,24/10.731657119. (If one is lucky, as in this case, the file handle can be interpreted as a major,minor device number pair, followed by the inode number and @@ -1314,8 +1535,10 @@ generation number.) \fIWrl\fP replies `ok' with the contents of the link. .LP In the third line, \fIsushi\fP asks \fIwrl\fP to lookup the name -`\fIxcolors\fP' in directory file 9,74/4096.6878. Note that the data printed -depends on the operation type. The format is intended to be self +`\fIxcolors\fP' in directory file 9,74/4096.6878. +Note that the data printed +depends on the operation type. +The format is intended to be self explanatory if read in conjunction with an NFS protocol spec. .LP @@ -1336,11 +1559,13 @@ wrl.nfs > sushi.1372a: (\-v also prints the IP header TTL, ID, length, and fragmentation fields, which have been omitted from this example.) In the first line, \fIsushi\fP asks \fIwrl\fP to read 8192 bytes from file 21,11/12.195, -at byte offset 24576. \fIWrl\fP replies `ok'; the packet shown on the +at byte offset 24576. +\fIWrl\fP replies `ok'; the packet shown on the second line is the first fragment of the reply, and hence is only 1472 bytes long (the other bytes will follow in subsequent fragments, but these fragments do not have NFS or even UDP headers and so might not be -printed, depending on the filter expression used). Because the \-v flag +printed, depending on the filter expression used). +Because the \-v flag is given, some of the file attributes (which are returned in addition to the file data) are printed: the file type (``REG'', for regular file), the file mode (in octal), the uid and gid, and the file size. @@ -1348,12 +1573,15 @@ the file mode (in octal), the uid and gid, and the file size. If the \-v flag is given more than once, even more details are printed. .LP Note that NFS requests are very large and much of the detail won't be printed -unless \fIsnaplen\fP is increased. Try using `\fB\-s 192\fP' to watch +unless \fIsnaplen\fP is increased. +Try using `\fB\-s 192\fP' to watch NFS traffic. .LP -NFS reply packets do not explicitly identify the RPC operation. Instead, +NFS reply packets do not explicitly identify the RPC operation. +Instead, \fItcpdump\fP keeps track of ``recent'' requests, and matches them to the -replies using the transaction ID. If a reply does not closely follow the +replies using the transaction ID. +If a reply does not closely follow the corresponding request, it might not be parsable. .HD AFS Requests and Replies @@ -1377,15 +1605,19 @@ pike.afsfs > elvis.7001: rx data fs reply rename .sp .5 .fi .RE -In the first line, host elvis sends a RX packet to pike. This was +In the first line, host elvis sends a RX packet to pike. +This was a RX data packet to the fs (fileserver) service, and is the start of -an RPC call. The RPC call was a rename, with the old directory file id +an RPC call. +The RPC call was a rename, with the old directory file id of 536876964/1/1 and an old filename of `.newsrc.new', and a new directory -file id of 536876964/1/1 and a new filename of `.newsrc'. The host pike +file id of 536876964/1/1 and a new filename of `.newsrc'. +The host pike responds with a RPC reply to the rename call (which was successful, because it was a data packet and not an abort packet). .LP -In general, all AFS RPCs are decoded at least by RPC call name. Most +In general, all AFS RPCs are decoded at least by RPC call name. +Most AFS RPCs have at least some of the arguments decoded (generally only the `interesting' arguments, for some definition of interesting). .LP @@ -1409,12 +1641,15 @@ beacon packets (because abort packets are used to signify a yes vote for the Ubik protocol). .LP Note that AFS requests are very large and many of the arguments won't -be printed unless \fIsnaplen\fP is increased. Try using `\fB-s 256\fP' +be printed unless \fIsnaplen\fP is increased. +Try using `\fB-s 256\fP' to watch AFS traffic. .LP -AFS reply packets do not explicitly identify the RPC operation. Instead, +AFS reply packets do not explicitly identify the RPC operation. +Instead, \fItcpdump\fP keeps track of ``recent'' requests, and matches them to the -replies using the call number and service ID. If a reply does not closely +replies using the call number and service ID. +If a reply does not closely follow the corresponding request, it might not be parsable. @@ -1423,7 +1658,8 @@ KIP Appletalk (DDP in UDP) .LP Appletalk DDP packets encapsulated in UDP datagrams are de-encapsulated and dumped as DDP packets (i.e., all the UDP header information is -discarded). The file +discarded). +The file .I /etc/atalk.names is used to translate appletalk net and node numbers to names. Lines in this file have the form @@ -1438,7 +1674,8 @@ Lines in this file have the form .sp .5 .fi .RE -The first two lines give the names of appletalk networks. The third +The first two lines give the names of appletalk networks. +The third line gives the name of a particular host (a host is distinguished from a net by the 3rd octet in the number \- a net number \fImust\fP have two octets and a host number \fImust\fP @@ -1468,14 +1705,16 @@ host/net number, addresses are printed in numeric form.) In the first example, NBP (DDP port 2) on net 144.1 node 209 is sending to whatever is listening on port 220 of net icsd node 112. The second line is the same except the full name of the source node -is known (`office'). The third line is a send from port 235 on +is known (`office'). +The third line is a send from port 235 on net jssmag node 149 to broadcast on the icsd-net NBP port (note that the broadcast address (255) is indicated by a net name with no host number \- for this reason it's a good idea to keep node names and net names distinct in /etc/atalk.names). .LP NBP (name binding protocol) and ATP (Appletalk transaction protocol) -packets have their contents interpreted. Other protocols just dump +packets have their contents interpreted. +Other protocols just dump the protocol name (or number if no name is registered for the protocol) and packet size. @@ -1490,10 +1729,12 @@ techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186\fR\s+2 .fi .RE The first line is a name lookup request for laserwriters sent by net icsd host -112 and broadcast on net jssmag. The nbp id for the lookup is 190. +112 and broadcast on net jssmag. +The nbp id for the lookup is 190. The second line shows a reply for this request (note that it has the same id) from host jssmag.209 saying that it has a laserwriter -resource named "RM1140" registered on port 250. The third line is +resource named "RM1140" registered on port 250. +The third line is another reply to the same request saying host techpit has laserwriter "techpit" registered on port 186. @@ -1519,18 +1760,24 @@ jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002\fR\s+2 .fi .RE Jssmag.209 initiates transaction id 12266 with host helios by requesting -up to 8 packets (the `<0-7>'). The hex number at the end of the line +up to 8 packets (the `<0-7>'). +The hex number at the end of the line is the value of the `userdata' field in the request. .LP -Helios responds with 8 512-byte packets. The `:digit' following the +Helios responds with 8 512-byte packets. +The `:digit' following the transaction id gives the packet sequence number in the transaction and the number in parens is the amount of data in the packet, -excluding the atp header. The `*' on packet 7 indicates that the +excluding the atp header. +The `*' on packet 7 indicates that the EOM bit was set. .LP -Jssmag.209 then requests that packets 3 & 5 be retransmitted. Helios -resends them then jssmag.209 releases the transaction. Finally, -jssmag.209 initiates the next request. The `*' on the request +Jssmag.209 then requests that packets 3 & 5 be retransmitted. +Helios +resends them then jssmag.209 releases the transaction. +Finally, +jssmag.209 initiates the next request. +The `*' on the request indicates that XO (`exactly once') was \fInot\fP set. .HD @@ -1545,16 +1792,21 @@ Fragmented Internet datagrams are printed as .sp .5 .fi .RE -(The first form indicates there are more fragments. The second +(The first form indicates there are more fragments. +The second indicates this is the last fragment.) .LP -\fIId\fP is the fragment id. \fISize\fP is the fragment -size (in bytes) excluding the IP header. \fIOffset\fP is this +\fIId\fP is the fragment id. +\fISize\fP is the fragment +size (in bytes) excluding the IP header. +\fIOffset\fP is this fragment's offset (in bytes) in the original datagram. .LP -The fragment information is output for each fragment. The first +The fragment information is output for each fragment. +The first fragment contains the higher level protocol header and the frag -info is printed after the protocol info. Fragments +info is printed after the protocol info. +Fragments after the first contain no higher level protocol header and the frag info is printed after the source and destination addresses. For example, here is part of an ftp from arizona.edu to lbl-rtsg.arpa @@ -1569,12 +1821,14 @@ rtsg.1170 > arizona.ftp-data: . ack 1536 win 2560\fP\s+2 .fi .RE There are a couple of things to note here: First, addresses in the -2nd line don't include port numbers. This is because the TCP +2nd line don't include port numbers. +This is because the TCP protocol information is all in the first fragment and we have no idea what the port or sequence numbers are when we print the later fragments. Second, the tcp sequence information in the first line is printed as if there were 308 bytes of user data when, in fact, there are 512 bytes (308 in -the first frag and 204 in the second). If you are looking for holes +the first frag and 204 in the second). +If you are looking for holes in the sequence space or trying to match up acks with packets, this can fool you. .LP @@ -1583,7 +1837,8 @@ trailing \fB(DF)\fP. .HD Timestamps .LP -By default, all output lines are preceded by a timestamp. The timestamp +By default, all output lines are preceded by a timestamp. +The timestamp is the current clock time in the form .RS .nf @@ -1591,7 +1846,8 @@ is the current clock time in the form .fi .RE and is as accurate as the kernel's clock. -The timestamp reflects the time the kernel first saw the packet. No attempt +The timestamp reflects the time the kernel first saw the packet. +No attempt is made to account for the time lag between when the ethernet interface removed the packet from the wire and when the kernel serviced the `new packet' interrupt. @@ -1658,7 +1914,8 @@ to compute the right length for the higher level protocol. .LP Name server inverse queries are not dumped correctly: the (empty) question section is printed rather than real query in the answer -section. Some believe that inverse queries are themselves a bug and +section. +Some believe that inverse queries are themselves a bug and prefer to fix the program generating them rather than \fItcpdump\fP. .LP A packet trace that crosses a daylight savings time change will give @@ -1666,8 +1923,10 @@ skewed time stamps (the time change is ignored). .LP Filter expressions that manipulate FDDI or Token Ring headers assume that all FDDI and Token Ring packets are SNAP-encapsulated Ethernet -packets. This is true for IP, ARP, and DECNET Phase IV, but is not true -for protocols such as ISO CLNS. Therefore, the filter may inadvertently +packets. +This is true for IP, ARP, and DECNET Phase IV, but is not true +for protocols such as ISO CLNS. +Therefore, the filter may inadvertently accept certain packets that do not properly match the filter expression. .LP Filter expressions on fields other than those that manipulate Token Ring diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c index 423a8e7..673011c 100644 --- a/contrib/tcpdump/tcpdump.c +++ b/contrib/tcpdump/tcpdump.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 + * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -17,14 +17,20 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Support for splitting captures into multiple files with a maximum + * file size: + * + * Copyright (c) 2001 + * Seth Webster <swebster@sst.ll.mit.edu> */ #ifndef lint static const char copyright[] = - "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\ + "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.158 2000/12/21 10:43:24 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.173 2001/12/22 22:12:23 guy Exp $ (LBL)"; #endif /* $FreeBSD$ */ @@ -78,11 +84,14 @@ int uflag = 0; /* Print undecoded NFS handles */ int vflag; /* verbose */ int xflag; /* print packet in hex */ int Xflag; /* print packet in ascii as well as hex */ +off_t Cflag = 0; /* rotate dump files after this many bytes */ char *espsecret = NULL; /* ESP secret key */ int packettype; +int infodelay; +int infoprint; char *program_name; @@ -92,6 +101,12 @@ int32_t thiszone; /* seconds offset from gmt to local time */ static RETSIGTYPE cleanup(int); static void usage(void) __attribute__((noreturn)); +static void dump_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); + +#ifdef SIGINFO +RETSIGTYPE requestinfo(int); +#endif + /* Length of saved portion of packet. */ int snaplen = DEFAULT_SNAPLEN; @@ -101,6 +116,7 @@ struct printer { }; static struct printer printers[] = { + { arcnet_if_print, DLT_ARCNET }, { ether_if_print, DLT_EN10MB }, { token_if_print, DLT_IEEE802 }, #ifdef DLT_LANE8023 @@ -126,12 +142,24 @@ static struct printer printers[] = { #ifdef DLT_C_HDLC { chdlc_if_print, DLT_C_HDLC }, #endif +#ifdef DLT_HDLC + { chdlc_if_print, DLT_HDLC }, +#endif #ifdef DLT_PPP_SERIAL { ppp_hdlc_if_print, DLT_PPP_SERIAL }, #endif +#ifdef DLT_PPP_ETHER + { pppoe_if_print, DLT_PPP_ETHER }, +#endif #ifdef DLT_LINUX_SLL { sll_if_print, DLT_LINUX_SLL }, #endif +#ifdef DLT_IEEE802_11 + { ieee802_11_if_print, DLT_IEEE802_11}, +#endif +#ifdef DLT_LTALK + { ltalk_if_print, DLT_LTALK }, +#endif { NULL, 0 }, }; @@ -154,6 +182,12 @@ extern int optind; extern int opterr; extern char *optarg; +struct dump_info { + char *WFileName; + pcap_t *pd; + pcap_dumper_t *p; +}; + int main(int argc, char **argv) { @@ -163,6 +197,7 @@ main(int argc, char **argv) pcap_handler printer; struct bpf_program fcode; RETSIGTYPE (*oldhandler)(int); + struct dump_info dumpinfo; u_char *pcap_userdata; char ebuf[PCAP_ERRBUF_SIZE]; @@ -185,7 +220,7 @@ main(int argc, char **argv) opterr = 0; while ( - (op = getopt(argc, argv, "ac:deE:fF:i:lm:nNOpqr:Rs:StT:uvw:xXY")) != -1) + (op = getopt(argc, argv, "ac:C:deE:fF:i:lm:nNOpqr:Rs:StT:uvw:xXY")) != -1) switch (op) { case 'a': @@ -198,6 +233,12 @@ main(int argc, char **argv) error("invalid packet count %s", optarg); break; + case 'C': + Cflag = atoi(optarg) * 1000000; + if (Cflag < 0) + error("invalid file size %s", optarg); + break; + case 'd': ++dflag; break; @@ -374,9 +415,12 @@ main(int argc, char **argv) if (device == NULL) error("%s", ebuf); } + *ebuf = '\0'; pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); if (pd == NULL) error("%s", ebuf); + else if (*ebuf) + warning("%s", ebuf); i = pcap_snapshot(pd); if (snaplen < i) { warning("snaplen raised from %d to %d", snaplen, i); @@ -417,11 +461,22 @@ main(int argc, char **argv) pcap_dumper_t *p = pcap_dump_open(pd, WFileName); if (p == NULL) error("%s", pcap_geterr(pd)); - printer = pcap_dump; - pcap_userdata = (u_char *)p; + if (Cflag != 0) { + printer = dump_and_trunc; + dumpinfo.WFileName = WFileName; + dumpinfo.pd = pd; + dumpinfo.p = p; + pcap_userdata = (u_char *)&dumpinfo; + } else { + printer = pcap_dump; + pcap_userdata = (u_char *)p; + } } else { printer = lookup_printer(pcap_datalink(pd)); pcap_userdata = 0; +#ifdef SIGINFO + (void)setsignal(SIGINFO, requestinfo); +#endif } if (RFileName == NULL) { (void)fprintf(stderr, "%s: listening on %s\n", @@ -433,6 +488,8 @@ main(int argc, char **argv) program_name, pcap_geterr(pd)); exit(1); } + if (RFileName == NULL) + info(1); pcap_close(pd); exit(0); } @@ -441,25 +498,94 @@ main(int argc, char **argv) static RETSIGTYPE cleanup(int signo) { - struct pcap_stat stat; /* Can't print the summary if reading from a savefile */ if (pd != NULL && pcap_file(pd) == NULL) { (void)fflush(stdout); putc('\n', stderr); - if (pcap_stats(pd, &stat) < 0) - (void)fprintf(stderr, "pcap_stats: %s\n", - pcap_geterr(pd)); - else { - (void)fprintf(stderr, "%d packets received by filter\n", - stat.ps_recv); - (void)fprintf(stderr, "%d packets dropped by kernel\n", - stat.ps_drop); - } + info(1); } exit(0); } +void +info(register int verbose) +{ + struct pcap_stat stat; + + if (pcap_stats(pd, &stat) < 0) { + (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); + return; + } + if (!verbose) + fprintf(stderr, "%s: ", program_name); + (void)fprintf(stderr, "%d packets received by filter", stat.ps_recv); + if (!verbose) + fputs(", ", stderr); + else + putc('\n', stderr); + (void)fprintf(stderr, "%d packets dropped by kernel\n", stat.ps_drop); + infoprint = 0; +} + +static void +reverse(char *s) +{ + int i, j, c; + + for (i = 0, j = strlen(s) - 1; i < j; i++, j--) { + c = s[i]; + s[i] = s[j]; + s[j] = c; + } +} + + +static void +swebitoa(unsigned int n, char *s) +{ + unsigned int i; + + i = 0; + do { + s[i++] = n % 10 + '0'; + } while ((n /= 10) > 0); + + s[i] = '\0'; + reverse(s); +} + +static void +dump_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) +{ + struct dump_info *info; + static uint cnt = 2; + char *name; + + info = (struct dump_info *)user; + + /* + * XXX - this won't prevent capture files from getting + * larger than Cflag - the last packet written to the + * file could put it over Cflag. + */ + if (ftell((FILE *)info->p) > Cflag) { + name = (char *) malloc(strlen(info->WFileName) + 4); + if (name == NULL) + error("dump_and_trunc: malloc"); + strcpy(name, info->WFileName); + swebitoa(cnt, name + strlen(info->WFileName)); + cnt++; + pcap_dump_close(info->p); + info->p = pcap_dump_open(info->pd, name); + free(name); + if (info->p == NULL) + error("%s", pcap_geterr(pd)); + } + + pcap_dump((u_char *)info->p, h, sp); +} + /* Like default_print() but data need not be aligned */ void default_print_unaligned(register const u_char *cp, register u_int length) @@ -495,6 +621,16 @@ default_print(register const u_char *bp, register u_int length) default_print_unaligned(bp, length); } +#ifdef SIGINFO +RETSIGTYPE requestinfo(int signo) +{ + if (infodelay) + ++infoprint; + else + info(0); +} +#endif + static void usage(void) { @@ -504,10 +640,10 @@ usage(void) (void)fprintf(stderr, "%s version %s\n", program_name, version); (void)fprintf(stderr, "libpcap version %s\n", pcap_version); (void)fprintf(stderr, -"Usage: %s [-adeflnNOpqStuvxX] [-c count] [ -F file ]\n", program_name); +"Usage: %s [-adeflnNOpqRStuvxX] [ -c count ] [ -C file_size ]\n", program_name); (void)fprintf(stderr, -"\t\t[ -i interface ] [ -r file ] [ -s snaplen ]\n"); +"\t\t[ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ]\n"); (void)fprintf(stderr, -"\t\t[ -T type ] [ -w file ] [ expression ]\n"); - exit(-1); +"\t\t[ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]\n"); + exit(1); } diff --git a/contrib/tcpdump/token.h b/contrib/tcpdump/token.h index 98d2c59..1e9bd4f 100644 --- a/contrib/tcpdump/token.h +++ b/contrib/tcpdump/token.h @@ -1,3 +1,4 @@ +/* @(#) $Header: /tcpdump/master/tcpdump/token.h,v 1.3 2000/10/03 02:55:03 itojun Exp $ (LBL) */ /* * Copyright (c) 1998, Larry Lile * All rights reserved. @@ -24,36 +25,29 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * + * $FreeBSD$ */ -#define TOKEN_HDR_LEN 14 -#define TOKEN_RING_MAC_LEN 6 -#define ROUTING_SEGMENT_MAX 16 -#define IS_SOURCE_ROUTED (tp->ether_shost[0] & 0x80) -#define BROADCAST ((ntohs(tp->rcf) & 0xE000) >> 13) -#define RIF_LENGTH ((ntohs(tp->rcf) & 0x1f00) >> 8) -#define DIRECTION ((ntohs(tp->rcf) & 0x0080) >> 7) -#define LARGEST_FRAME ((ntohs(tp->rcf) & 0x0070) >> 4) -#define RING_NUMBER(x) ((ntohs(tp->rseg[x]) & 0xfff0) >> 4) -#define BRIDGE_NUMBER(x) ((ntohs(tp->rseg[x]) & 0x000f)) -#define SEGMENT_COUNT ((RIF_LENGTH - 2) / 2) - -char *broadcast_indicator[] = { "Non-Broadcast", "Non-Broadcast", - "Non-Broadcast", "Non-Broadcast", - "All-routes", "All-routes", - "Single-route", "Single-route"}; - -char *direction[] = { "Forward", "Backward"}; - -char *largest_frame[] = { "516", "1500", "2052", "4472", "8144", - "11407", "17800", ""}; +#define TOKEN_HDRLEN 14 +#define TOKEN_RING_MAC_LEN 6 +#define ROUTING_SEGMENT_MAX 16 +#define IS_SOURCE_ROUTED(trp) ((trp)->token_shost[0] & 0x80) +#define FRAME_TYPE(trp) (((trp)->token_fc & 0xC0) >> 6) +#define TOKEN_FC_LLC 1 +#define BROADCAST(trp) ((ntohs((trp)->token_rcf) & 0xE000) >> 13) +#define RIF_LENGTH(trp) ((ntohs((trp)->token_rcf) & 0x1f00) >> 8) +#define DIRECTION(trp) ((ntohs((trp)->token_rcf) & 0x0080) >> 7) +#define LARGEST_FRAME(trp) ((ntohs((trp)->token_rcf) & 0x0070) >> 4) +#define RING_NUMBER(trp, x) ((ntohs((trp)->token_rseg[x]) & 0xfff0) >> 4) +#define BRIDGE_NUMBER(trp, x) ((ntohs((trp)->token_rseg[x]) & 0x000f)) +#define SEGMENT_COUNT(trp) ((RIF_LENGTH(trp) - 2) / 2) struct token_header { - u_char ac; - u_char fc; - u_char ether_dhost[TOKEN_RING_MAC_LEN]; - u_char ether_shost[TOKEN_RING_MAC_LEN]; - u_short rcf; - u_short rseg[ROUTING_SEGMENT_MAX]; + u_int8_t token_ac; + u_int8_t token_fc; + u_int8_t token_dhost[TOKEN_RING_MAC_LEN]; + u_int8_t token_shost[TOKEN_RING_MAC_LEN]; + u_int16_t token_rcf; + u_int16_t token_rseg[ROUTING_SEGMENT_MAX]; }; |
