diff options
Diffstat (limited to 'contrib/tcpdump/print-null.c')
-rw-r--r-- | contrib/tcpdump/print-null.c | 100 |
1 files changed, 58 insertions, 42 deletions
diff --git a/contrib/tcpdump/print-null.c b/contrib/tcpdump/print-null.c index 64c7df3..8da9a95 100644 --- a/contrib/tcpdump/print-null.c +++ b/contrib/tcpdump/print-null.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.30 1999/12/22 06:27:21 itojun Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.40 2000/12/16 22:00:50 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -36,84 +36,100 @@ static const char rcsid[] = #include <sys/file.h> #include <sys/ioctl.h> -#if __STDC__ struct mbuf; struct rtentry; -#endif -#include <net/if.h> #include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <net/ethernet.h> -#include <netinet/ip_var.h> -#include <netinet/udp.h> -#include <netinet/udp_var.h> -#include <netinet/tcp.h> #include <pcap.h> #include <stdio.h> #include <string.h> -#ifdef INET6 -#include <netinet/ip6.h> -#endif - #include "interface.h" #include "addrtoname.h" +#include "ip.h" +#ifdef INET6 +#include "ip6.h" +#endif + #ifndef AF_NS #define AF_NS 6 /* XEROX NS protocols */ #endif /* - * The DLT_NULL packet header is 4 bytes long. It contains a network - * order 32 bit integer that specifies the family, e.g. AF_INET + * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order + * 32-bit integer that specifies the family, e.g. AF_INET. + * + * Note here that "host" refers to the host on which the packets were + * captured; that isn't necessarily *this* host. + * + * The OpenBSD DLT_LOOP packet header is the same, except that the integer + * is in network byte order. */ #define NULL_HDRLEN 4 static void -null_print(const u_char *p, const struct ip *ip, u_int length) +null_print(u_int family, u_int length) { - u_int family; - - memcpy((char *)&family, (char *)p, sizeof(family)); - - if (nflag) { - /* XXX just dump the header */ - return; - } - switch (family) { + if (nflag) + printf("AF %u ", family); + else { + switch (family) { - case AF_INET: - printf("ip: "); - break; + case AF_INET: + printf("ip "); + break; #ifdef INET6 - case AF_INET6: - printf("ip6: "); - break; + case AF_INET6: + printf("ip6 "); + break; #endif - case AF_NS: - printf("ns: "); - break; + case AF_NS: + printf("ns "); + break; - default: - printf("AF %d: ", family); - break; + default: + printf("AF %u ", family); + break; + } } + printf("%d: ", length); } +/* + * Byte-swap a 32-bit number. + * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on + * big-endian platforms.) + */ +#define SWAPLONG(y) \ +((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) + void null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int length = h->len; u_int caplen = h->caplen; const struct ip *ip; + u_int family; ts_print(&h->ts); + memcpy((char *)&family, (char *)p, sizeof(family)); + + /* + * This isn't necessarily in our host byte order; if this is + * a DLT_LOOP capture, it's in network byte order, and if + * this is a DLT_NULL capture from a machine with the opposite + * byte-order, it's in the opposite byte order from ours. + * + * If the upper 16 bits aren't all zero, assume it's byte-swapped. + */ + if ((family & 0xFFFF0000) != 0) + family = SWAPLONG(family); + /* * Some printers want to get back at the link level addresses, * and/or check that they're not walking off the end of the packet. @@ -127,9 +143,9 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ip = (struct ip *)(p + NULL_HDRLEN); if (eflag) - null_print(p, ip, length); + null_print(family, length); - switch (ip->ip_v) { + switch (IP_V(ip)) { case 4: ip_print((const u_char *)ip, length); break; @@ -139,7 +155,7 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) break; #endif /* INET6 */ default: - printf("ip v%d", ip->ip_v); + printf("ip v%d", IP_V(ip)); break; } |