diff options
Diffstat (limited to 'contrib')
29 files changed, 1527 insertions, 1119 deletions
diff --git a/contrib/tcpdump/acsite.m4 b/contrib/tcpdump/acsite.m4 deleted file mode 100644 index 746faf1..0000000 --- a/contrib/tcpdump/acsite.m4 +++ /dev/null @@ -1,505 +0,0 @@ -dnl @(#) $Header: acsite.m4,v 1.41 96/11/29 15:30:40 leres Exp $ (LBL) -dnl -dnl Copyright (c) 1995, 1996 -dnl The Regents of the University of California. All rights reserved. -dnl -dnl Redistribution and use in source and binary forms, with or without -dnl modification, are permitted provided that: (1) source code distributions -dnl retain the above copyright notice and this paragraph in its entirety, (2) -dnl distributions including binary code include the above copyright notice and -dnl this paragraph in its entirety in the documentation or other materials -dnl provided with the distribution, and (3) all advertising materials mentioning -dnl features or use of this software display the following acknowledgement: -dnl ``This product includes software developed by the University of California, -dnl Lawrence Berkeley Laboratory and its contributors.'' Neither the name of -dnl the University nor the names of its contributors may be used to endorse -dnl or promote products derived from this software without specific prior -dnl written permission. -dnl THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -dnl WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -dnl -dnl LBL autoconf macros -dnl - -dnl -dnl Determine which compiler we're using (cc or gcc) -dnl If using gcc, determine the version number -dnl If using cc, require that it support ansi prototypes -dnl If using gcc, use -O2 (otherwise use -O) -dnl If using cc, explicitly specify /usr/local/include -dnl -dnl usage: -dnl -dnl AC_LBL_C_INIT(copt, incls) -dnl -dnl results: -dnl -dnl $1 (copt set) -dnl $2 (incls set) -dnl CC -dnl ac_cv_gcc_vers -dnl LBL_CFLAGS -dnl -dnl XXX need to add test to make sure ac_prog_cc hasn't been called -AC_DEFUN(AC_LBL_C_INIT, - [AC_PREREQ(2.12) - $1=-O - $2="" - if test "${CFLAGS+set}" = set; then - LBL_CFLAGS="$CFLAGS" - fi - if test -z "$CC" ; then - case "$target_os" in - - bsdi*) - AC_CHECK_PROG(SHLICC2, shlicc2, yes, no) - if test $SHLICC2 = yes ; then - CC=shlicc2 - export CC - fi - ;; - esac - fi - AC_PROG_CC - if test $ac_cv_prog_gcc = yes ; then - if test "$SHLICC2" = yes ; then - ac_cv_gcc_vers=2 - $1=-O2 - else - AC_MSG_CHECKING(gcc version) - AC_CACHE_VAL(ac_cv_gcc_vers, - ac_cv_gcc_vers=`$CC -v 2>&1 | \ - sed -n -e '$s/.* //' -e '$s/\..*//p'`) - AC_MSG_RESULT($ac_cv_gcc_vers) - if test $ac_cv_gcc_vers -gt 1 ; then - $1=-O2 - fi - fi - else - AC_MSG_CHECKING(that $CC handles ansi prototypes) - AC_CACHE_VAL(ac_cv_cc_ansi_prototypes, - AC_TRY_COMPILE( - [#include <sys/types.h>], - [int frob(int, char *)], - ac_cv_cc_ansi_prototypes=yes, - ac_cv_cc_ansi_prototypes=no)) - AC_MSG_RESULT($ac_cv_cc_ansi_prototypes) - if test $ac_cv_cc_ansi_prototypes = no ; then - case "$target_os" in - - hpux*) - AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)) - savedcflags="$CFLAGS" - CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" - AC_CACHE_VAL(ac_cv_cc_hpux_cc_aa, - AC_TRY_COMPILE( - [#include <sys/types.h>], - [int frob(int, char *)], - ac_cv_cc_hpux_cc_aa=yes, - ac_cv_cc_hpux_cc_aa=no)) - AC_MSG_RESULT($ac_cv_cc_hpux_cc_aa) - if test $ac_cv_cc_hpux_cc_aa = no ; then - AC_MSG_ERROR(see the INSTALL for more info) - fi - CFLAGS="$savedcflags" - V_CCOPT="-Aa $V_CCOPT" - AC_DEFINE(_HPUX_SOURCE) - ;; - - *) - AC_MSG_ERROR(see the INSTALL for more info) - ;; - esac - fi - $2=-I/usr/local/include - - case "$target_os" in - - irix*) - V_CCOPT="$V_CCOPT -xansi -signed -g3" - ;; - - osf*) - V_CCOPT="$V_CCOPT -g3" - ;; - - ultrix*) - AC_MSG_CHECKING(that Ultrix $CC hacks const in prototypes) - AC_CACHE_VAL(ac_cv_cc_const_proto, - AC_TRY_COMPILE( - [#include <sys/types.h>], - [struct a { int b; }; - void c(const struct a *)], - ac_cv_cc_const_proto=yes, - ac_cv_cc_const_proto=no)) - AC_MSG_RESULT($ac_cv_cc_const_proto) - if test $ac_cv_cc_const_proto = no ; then - AC_DEFINE(const,) - fi - ;; - esac - fi -]) - -dnl -dnl Use pfopen.c if available and pfopen() not in standard libraries -dnl Require libpcap -dnl Look for libpcap in .. -dnl Use the installed libpcap if there is no local version -dnl -dnl usage: -dnl -dnl AC_LBL_LIBPCAP(pcapdep, incls) -dnl -dnl results: -dnl -dnl $1 (pcapdep set) -dnl $2 (incls appended) -dnl LIBS -dnl -AC_DEFUN(AC_LBL_LIBPCAP, - [pfopen=/usr/examples/packetfilter/pfopen.c - if test -f $pfopen ; then - AC_CHECK_FUNCS(pfopen) - if test $ac_cv_func_pfopen = "no" ; then - AC_MSG_RESULT(Using $pfopen) - LIBS="$LIBS $pfopen" - fi - fi - AC_MSG_CHECKING(for local pcap library) - libpcap=FAIL - lastdir=FAIL - places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \ - egrep '/libpcap-[[0-9]]*\.[[0-9]]*(\.[[0-9]]*)?([[ab]][[0-9]]*)?$'` - for dir in $places ../libpcap libpcap ; do - basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//'` - if test $lastdir = $basedir ; then - dnl skip alphas when an actual release is present - continue; - fi - lastdir=$dir - if test -r $dir/pcap.c ; then - libpcap=$dir/libpcap.a - d=$dir - dnl continue and select the last one that exists - fi - done - if test $libpcap = FAIL ; then - AC_MSG_RESULT(not found) - AC_CHECK_LIB(pcap, main, libpcap="-lpcap") - if test $libpcap = FAIL ; then - AC_MSG_ERROR(see the INSTALL doc for more info) - fi - else - $1=$libpcap - $2="-I$d $$2" - AC_MSG_RESULT($libpcap) - fi - LIBS="$libpcap $LIBS"]) - -dnl -dnl Define RETSIGTYPE and RETSIGVAL -dnl -dnl usage: -dnl -dnl AC_LBL_TYPE_SIGNAL -dnl -dnl results: -dnl -dnl RETSIGTYPE (defined) -dnl RETSIGVAL (defined) -dnl -AC_DEFUN(AC_LBL_TYPE_SIGNAL, - [AC_TYPE_SIGNAL - if test "$ac_cv_type_signal" = void ; then - AC_DEFINE(RETSIGVAL,) - else - AC_DEFINE(RETSIGVAL,(0)) - fi - case "$target_os" in - - irix*) - AC_DEFINE(_BSD_SIGNALS) - ;; - - *) - AC_CHECK_FUNCS(sigset) - if test $ac_cv_func_sigset = yes ; then - AC_DEFINE(signal, sigset) - fi - ;; - esac]) - -dnl -dnl If using gcc, see if fixincludes should be run -dnl -dnl usage: -dnl -dnl AC_LBL_FIXINCLUDES -dnl -AC_DEFUN(AC_LBL_FIXINCLUDES, - [if test $ac_cv_prog_gcc = yes ; then - AC_MSG_CHECKING(if fixincludes is needed) - AC_CACHE_VAL(ac_cv_gcc_fixincludes, - AC_TRY_COMPILE( - [/* - * This generates a "duplicate case value" when fixincludes - * has not be run. - */ -# include <sys/types.h> -# include <sys/time.h> -# include <sys/ioctl.h> -# ifdef HAVE_SYS_IOCCOM_H -# include <sys/ioccom.h> -# endif], - [switch (0) { - case _IO('A', 1):; - case _IO('B', 1):; - }], - ac_cv_gcc_fixincludes=yes, - ac_cv_gcc_fixincludes=no)) - AC_MSG_RESULT($ac_cv_gcc_fixincludes) - if test $ac_cv_gcc_fixincludes = no ; then - # Don't cache failure - unset ac_cv_gcc_fixincludes - AC_MSG_ERROR(see the INSTALL for more info) - fi - fi]) - -dnl -dnl Check for flex, default to lex -dnl Require flex 2.4 or higher -dnl Check for bison, default to yacc -dnl Default to lex/yacc if both flex and bison are not available -dnl Define the yy prefix string if using flex and bison -dnl -dnl usage: -dnl -dnl AC_LBL_LEX_AND_YACC(lex, yacc, yyprefix) -dnl -dnl results: -dnl -dnl $1 (lex set) -dnl $2 (yacc appended) -dnl $3 (optional flex and bison -P prefix) -dnl -AC_DEFUN(AC_LBL_LEX_AND_YACC, - [AC_CHECK_PROGS($1, flex, lex) - if test "$$1" = flex ; then - # The -V flag was added in 2.4 - AC_MSG_CHECKING(for flex 2.4 or higher) - AC_CACHE_VAL(ac_cv_flex_v24, - if flex -V >/dev/null 2>&1; then - ac_cv_flex_v24=yes - else - ac_cv_flex_v24=no - fi) - AC_MSG_RESULT($ac_cv_flex_v24) - if test $ac_cv_flex_v24 = no ; then - s="2.4 or higher required" - AC_MSG_WARN(ignoring obsolete flex executable ($s)) - $1=lex - fi - fi - AC_CHECK_PROGS($2, bison, yacc) - if test "$$2" = bison ; then - $2="$$2 -y" - fi - if test "$$1" != lex -a "$$2" = yacc -o "$$1" = lex -a "$$2" != yacc ; then - AC_MSG_WARN(don't have both flex and bison; reverting to lex/yacc) - $1=lex - $2=yacc - fi - if test "$$1" = flex -a -n "$3" ; then - $1="$$1 -P$3" - $2="$$2 -p $3" - fi]) - -dnl -dnl Checks to see if union wait is used with WEXITSTATUS() -dnl -dnl usage: -dnl -dnl AC_LBL_UNION_WAIT -dnl -dnl results: -dnl -dnl DECLWAITSTATUS (defined) -dnl -AC_DEFUN(AC_LBL_UNION_WAIT, - [AC_MSG_CHECKING(if union wait is used) - AC_CACHE_VAL(ac_cv_union_wait, - AC_TRY_COMPILE([ -# include <sys/types.h> -# include <sys/wait.h>], - [int status; - u_int i = WEXITSTATUS(status); - u_int j = waitpid(0, &status, 0);], - ac_cv_union_wait=no, - ac_cv_union_wait=yes)) - AC_MSG_RESULT($ac_cv_union_wait) - if test $ac_cv_union_wait = yes ; then - AC_DEFINE(DECLWAITSTATUS,union wait) - else - AC_DEFINE(DECLWAITSTATUS,int) - fi]) - -dnl -dnl Checks to see if the sockaddr struct has the 4.4 BSD sa_len member -dnl -dnl usage: -dnl -dnl AC_LBL_SOCKADDR_SA_LEN -dnl -dnl results: -dnl -dnl HAVE_SOCKADDR_SA_LEN (defined) -dnl -AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN, - [AC_MSG_CHECKING(if sockaddr struct has sa_len member) - AC_CACHE_VAL(ac_cv_sockaddr_has_sa_len, - AC_TRY_COMPILE([ -# include <sys/types.h> -# include <sys/socket.h>], - [u_int i = sizeof(((struct sockaddr *)0)->sa_len)], - ac_cv_sockaddr_has_sa_len=yes, - ac_cv_sockaddr_has_sa_len=no)) - AC_MSG_RESULT($ac_cv_sockaddr_has_sa_len) - if test $ac_cv_sockaddr_has_sa_len = yes ; then - AC_DEFINE(HAVE_SOCKADDR_SA_LEN) - fi]) - -dnl -dnl Checks to see if -R is used -dnl -dnl usage: -dnl -dnl AC_LBL_HAVE_RUN_PATH -dnl -dnl results: -dnl -dnl ac_cv_have_run_path (yes or no) -dnl -AC_DEFUN(AC_LBL_HAVE_RUN_PATH, - [AC_MSG_CHECKING(for ${CC-cc} -R) - AC_CACHE_VAL(ac_cv_have_run_path, - [echo 'main(){}' > conftest.c - ${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1 - if test ! -s conftest.out ; then - ac_cv_have_run_path=yes - else - ac_cv_have_run_path=no - fi - rm -f conftest*]) - AC_MSG_RESULT($ac_cv_have_run_path) - ]) - -dnl -dnl Checks to see if unaligned memory accesses fail -dnl -dnl usage: -dnl -dnl AC_LBL_UNALIGNED_ACCESS -dnl -dnl results: -dnl -dnl LBL_ALIGN (DEFINED) -dnl -AC_DEFUN(AC_LBL_UNALIGNED_ACCESS, - [AC_MSG_CHECKING(if unaligned accesses fail) - AC_CACHE_VAL(ac_cv_unaligned_fail, - [case "$target_cpu" in - - alpha|hp*|mips|sparc) - ac_cv_unaligned_fail=yes - ;; - - *) - cat >conftest.c <<EOF -# include <sys/types.h> -# include <sys/wait.h> -# include <stdio.h> - unsigned char a[[5]] = { 1, 2, 3, 4, 5 }; - main() { - unsigned int i; - pid_t pid; - int status; - /* avoid "core dumped" message */ - pid = fork(); - if (pid < 0) - exit(2); - if (pid > 0) { - /* parent */ - pid = waitpid(pid, &status, 0); - if (pid < 0) - exit(3); - exit(!WIFEXITED(status)); - } - /* child */ - i = *(unsigned int *)&a[[1]]; - printf("%d\n", i); - exit(0); - } -EOF - ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \ - conftest.c $LIBS >/dev/null 2>&1 - if test ! -x conftest ; then - dnl failed to compile for some reason - ac_cv_unaligned_fail=yes - else - ./conftest >conftest.out - if test ! -s conftest.out ; then - ac_cv_unaligned_fail=yes - else - ac_cv_unaligned_fail=no - fi - fi - rm -f conftest* core core.conftest - ;; - esac]) - AC_MSG_RESULT($ac_cv_unaligned_fail) - if test $ac_cv_unaligned_fail = yes ; then - AC_DEFINE(LBL_ALIGN) - fi]) - -dnl -dnl If using gcc and the file .devel exists: -dnl Compile with -g (if supported) and -Wall -dnl If using gcc 2, do extra prototype checking -dnl If an os prototype include exists, symlink os-proto.h to it -dnl -dnl usage: -dnl -dnl AC_LBL_DEVEL(copt) -dnl -dnl results: -dnl -dnl $1 (copt appended) -dnl HAVE_OS_PROTO_H (defined) -dnl os-proto.h (symlinked) -dnl -AC_DEFUN(AC_LBL_DEVEL, - [rm -f os-proto.h - if test "${LBL_CFLAGS+set}" = set; then - $1="$$1 ${LBL_CFLAGS}" - fi - if test $ac_cv_prog_gcc = yes -a -f .devel ; then - if test "${LBL_CFLAGS+set}" != set; then - if test "$ac_cv_prog_cc_g" = yes ; then - $1="-g $$1" - fi - $1="$$1 -Wall" - if test $ac_cv_gcc_vers -gt 1 ; then - $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" - fi - fi - os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'` - name="lbl/os-$os.h" - if test -f $name ; then - ln -s $name os-proto.h - AC_DEFINE(HAVE_OS_PROTO_H) - else - AC_MSG_WARN(can't find $name) - fi - fi]) diff --git a/contrib/tcpdump/addrtoname.c b/contrib/tcpdump/addrtoname.c index 4067f96..4ed24fc 100644 --- a/contrib/tcpdump/addrtoname.c +++ b/contrib/tcpdump/addrtoname.c @@ -20,10 +20,16 @@ * * Internet, ethernet, port, and protocol string to address * and address to string conversion routines + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: addrtoname.c,v 1.61 97/06/15 13:20:18 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/addrtoname.c,v 1.64 1999/11/21 09:36:44 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/types.h> @@ -39,6 +45,10 @@ struct rtentry; #include <netinet/in.h> #include <net/ethernet.h> +#ifdef INET6 +#include <netinet6/ip6.h> +#endif + #include <arpa/inet.h> #include <ctype.h> @@ -85,6 +95,16 @@ struct hnamemem eprototable[HASHNAMESIZE]; struct hnamemem dnaddrtable[HASHNAMESIZE]; struct hnamemem llcsaptable[HASHNAMESIZE]; +#ifdef INET6 +struct h6namemem { + struct in6_addr addr; + char *name; + struct h6namemem *nxt; +}; + +struct h6namemem h6nametable[HASHNAMESIZE]; +#endif /* INET6 */ + struct enamemem { u_short e_addr0; u_short e_addr1; @@ -171,39 +191,7 @@ getname(const u_char *ap) #ifndef LBL_ALIGN addr = *(const u_int32_t *)ap; #else - /* - * Extract 32 bits in network order, dealing with alignment. - */ - switch ((long)ap & 3) { - - case 0: - addr = *(u_int32_t *)ap; - break; - - case 2: -#ifdef WORDS_BIGENDIAN - addr = ((u_int32_t)*(u_short *)ap << 16) | - (u_int32_t)*(u_short *)(ap + 2); -#else - addr = ((u_int32_t)*(u_short *)(ap + 2) << 16) | - (u_int32_t)*(u_short *)ap; -#endif - break; - - default: -#ifdef WORDS_BIGENDIAN - addr = ((u_int32_t)ap[0] << 24) | - ((u_int32_t)ap[1] << 16) | - ((u_int32_t)ap[2] << 8) | - (u_int32_t)ap[3]; -#else - addr = ((u_int32_t)ap[3] << 24) | - ((u_int32_t)ap[2] << 16) | - ((u_int32_t)ap[1] << 8) | - (u_int32_t)ap[0]; -#endif - break; - } + memcpy(&addr, ap, sizeof(addr)); #endif p = &hnametable[addr & (HASHNAMESIZE-1)]; for (; p->nxt; p = p->nxt) { @@ -249,6 +237,71 @@ getname(const u_char *ap) return (p->name); } +#ifdef INET6 +/* + * Return a name for the IP6 address pointed to by ap. This address + * is assumed to be in network byte order. + */ +char * +getname6(const u_char *ap) +{ + register struct hostent *hp; + struct in6_addr addr; + static struct h6namemem *p; /* static for longjmp() */ + register char *cp; + char ntop_buf[INET6_ADDRSTRLEN]; + + memcpy(&addr, ap, sizeof(addr)); + p = &h6nametable[*(u_int16_t *)&addr.s6_addr[14] & (HASHNAMESIZE-1)]; + for (; p->nxt; p = p->nxt) { + if (memcmp(&p->addr, &addr, sizeof(addr)) == 0) + return (p->name); + } + p->addr = addr; + p->nxt = newh6namemem(); + + /* + * Only print names when: + * (1) -n was not given. + * (2) Address is foreign and -f was given. (If -f was not + * give, f_netmask and f_local are 0 and the test + * evaluates to true) + * (3) -a was given or the host portion is not all ones + * nor all zeros (i.e. not a network or broadcast address) + */ + if (!nflag +#if 0 + && + (addr & f_netmask) == f_localnet && + (aflag || + !((addr & ~netmask) == 0 || (addr | netmask) == 0xffffffff)) +#endif + ) { + if (!setjmp(getname_env)) { + (void)setsignal(SIGALRM, nohostname); + (void)alarm(20); + hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); + (void)alarm(0); + if (hp) { + char *dotp; + + p->name = savestr(hp->h_name); + if (Nflag) { + /* Remove domain qualifications */ + dotp = strchr(p->name, '.'); + if (dotp) + *dotp = '\0'; + } + return (p->name); + } + } + } + cp = (char *)inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); + p->name = savestr(cp); + return (p->name); +} +#endif /* INET6 */ + static char hex[] = "0123456789abcdef"; @@ -765,3 +818,24 @@ newhnamemem(void) p = ptr++; return (p); } + +#ifdef INET6 +/* Return a zero'ed h6namemem struct and cuts down on calloc() overhead */ +struct h6namemem * +newh6namemem(void) +{ + register struct h6namemem *p; + static struct h6namemem *ptr = NULL; + static u_int num = 0; + + if (num <= 0) { + num = 64; + ptr = (struct h6namemem *)calloc(num, sizeof (*ptr)); + if (ptr == NULL) + error("newh6namemem: calloc"); + } + --num; + p = ptr++; + return (p); +} +#endif /* INET6 */ diff --git a/contrib/tcpdump/ethertype.h b/contrib/tcpdump/ethertype.h index 487183a..56bfa3c 100644 --- a/contrib/tcpdump/ethertype.h +++ b/contrib/tcpdump/ethertype.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: ethertype.h,v 1.6 96/07/14 18:21:49 leres Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/ethertype.h,v 1.7.2.1 2000/01/29 22:00:12 fenner Exp $ (LBL) * $FreeBSD$ */ @@ -72,14 +72,20 @@ #ifndef ETHERTYPE_AARP #define ETHERTYPE_AARP 0x80f3 #endif +#ifndef ETHERTYPE_8021Q +#define ETHERTYPE_8021Q 0x8100 +#endif #ifndef ETHERTYPE_IPX #define ETHERTYPE_IPX 0x8137 #endif -#ifndef ETHERTYPE_PPPOE_DISC -#define ETHERTYPE_PPPOE_DISC 0x8863 +#ifndef ETHERTYPE_IPV6 +#define ETHERTYPE_IPV6 0x86dd +#endif +#ifndef ETHERTYPE_PPPOED +#define ETHERTYPE_PPPOED 0x8863 #endif -#ifndef ETHERTYPE_PPPOE_SESS -#define ETHERTYPE_PPPOE_SESS 0x8864 +#ifndef ETHERTYPE_PPPOES +#define ETHERTYPE_PPPOES 0x8864 #endif #ifndef ETHERTYPE_LOOPBACK #define ETHERTYPE_LOOPBACK 0x9000 diff --git a/contrib/tcpdump/interface.h b/contrib/tcpdump/interface.h index 7287a48..f9081bb7 100644 --- a/contrib/tcpdump/interface.h +++ b/contrib/tcpdump/interface.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: interface.h,v 1.105 97/04/26 13:39:58 leres Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.118 1999/12/22 15:44:09 itojun Exp $ (LBL) * $FreeBSD$ */ @@ -42,10 +42,16 @@ extern int fflag; /* don't translate "foreign" IP address */ extern int nflag; /* leave addresses as numbers */ extern int Nflag; /* remove domains from printed host names */ extern int qflag; /* quick (shorter) output */ +extern int Rflag; /* print sequence # field in AH/ESP*/ +extern int sflag; /* use the libsmi to translate OIDs */ extern int Sflag; /* print raw TCP sequence numbers */ extern int tflag; /* print packet arrival time */ extern int vflag; /* verbose */ extern int xflag; /* print packet in hex */ +extern int Xflag; /* print packet in hex/ascii */ + +extern char *ahsecret; +extern char *espsecret; extern int packettype; /* as specified by -T */ #define PT_VAT 1 /* Visual Audio Tool */ @@ -53,6 +59,7 @@ extern int packettype; /* as specified by -T */ #define PT_RPC 3 /* Remote Procedure Call */ #define PT_RTP 4 /* Real-Time Applications protocol */ #define PT_RTCP 5 /* Real-Time Applications control protocol */ +#define PT_SNMP 6 /* Simple Network Management Protocol */ #ifndef min #define min(a,b) ((a)>(b)?(b):(a)) @@ -61,6 +68,7 @@ extern int packettype; /* as specified by -T */ #define max(a,b) ((b)>(a)?(b):(a)) #endif +#ifndef INET6 /* * The default snapshot length. This value allows most printers to print * useful information while keeping the amount of unwanted data down. @@ -68,6 +76,9 @@ extern int packettype; /* as specified by -T */ * 14 bytes of data (assuming no ip options). */ #define DEFAULT_SNAPLEN 68 +#else +#define DEFAULT_SNAPLEN 96 +#endif #ifndef BIG_ENDIAN #define BIG_ENDIAN 4321 @@ -133,6 +144,7 @@ struct timeval; #endif extern void ts_print(const struct timeval *); +extern void relts_print(int); extern int fn_print(const u_char *, const u_char *); extern int fn_printn(const u_char *, u_int, const u_char *); @@ -162,6 +174,11 @@ extern char *dnnum_string(u_short); struct pcap_pkthdr; #endif +extern void ascii_print_with_offset(const u_char *, u_int, u_int); +extern void ascii_print(const u_char *, u_int); +extern void hex_print_with_offset(const u_char *, u_int, u_int); +extern void telnet_print(const u_char *, u_int); +extern void hex_print(const u_char *, u_int); extern int ether_encap_print(u_short, const u_char *, u_int, u_int); extern int llc_print(const u_char *, u_int, u_int, const u_char *, const u_char *); @@ -170,6 +187,7 @@ extern void arp_print(const u_char *, u_int, u_int); extern void atalk_print(const u_char *, u_int); extern void atm_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void bootp_print(const u_char *, u_int, u_short, u_short); +extern void bgp_print(const u_char *, int); extern void decnet_print(const u_char *, u_int, u_int); extern void default_print(const u_char *, u_int); extern void default_print_unaligned(const u_char *, u_int); @@ -181,7 +199,7 @@ extern void token_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void fddi_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void gre_print(const u_char *, u_int); -extern void icmp_print(const u_char *, const u_char *); +extern void icmp_print(const u_char *, u_int, const u_char *); extern void igrp_print(const u_char *, u_int, const u_char *); extern void ip_print(const u_char *, u_int); extern void ipx_print(const u_char *, u_int); @@ -194,19 +212,55 @@ extern void ns_print(const u_char *, u_int); extern void ntp_print(const u_char *, u_int); extern void null_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void ospf_print(const u_char *, u_int, const u_char *); +extern void pimv1_print(const u_char *, u_int); +extern void cisco_autorp_print(const u_char *, u_int); +extern void mobile_print(const u_char *, u_int); extern void pim_print(const u_char *, u_int); +extern void pppoe_print(const u_char *, u_int); extern void ppp_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void ppp_bsdos_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); -extern void pppoe_print(const u_char *, u_int); +extern int vjc_print(register const char *, register u_int, u_short); extern void raw_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void rip_print(const u_char *, u_int); extern void sl_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); +extern void lane_if_print(u_char *, const struct pcap_pkthdr *,const u_char *); +extern void cip_if_print(u_char *, const struct pcap_pkthdr *,const u_char *); extern void sl_bsdos_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); +extern void chdlc_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); extern void snmp_print(const u_char *, u_int); extern void sunrpcrequest_print(const u_char *, u_int, const u_char *); extern void tcp_print(const u_char *, u_int, const u_char *); extern void tftp_print(const u_char *, u_int); extern void udp_print(const u_char *, u_int, const u_char *); extern void wb_print(const void *, u_int); +extern int ah_print(register const u_char *, register const u_char *); +extern int esp_print(register const u_char *, register const u_char *, int *); +extern void isakmp_print(const u_char *, u_int, const u_char *); +extern int ipcomp_print(register const u_char *, register const u_char *, int *); +extern void rx_print(register const u_char *, int, int, int, u_char *); +extern void netbeui_print(const u_char *, const u_char *); +extern void ipx_netbios_print(const u_char *, const u_char *); +extern void nbt_tcp_print(const u_char *, int); +extern void nbt_udp137_print(const u_char *data, int); +extern void nbt_udp138_print(const u_char *data, int); +extern char *smb_errstr(int, int); +extern void print_data(const unsigned char *, int); +extern void l2tp_print(const u_char *, u_int); +extern void lcp_print(const u_char *, u_int); + +#ifdef INET6 +extern void ip6_print(const u_char *, int); +extern void ip6_opt_print(const u_char *, int); +extern int hbhopt_print(const u_char *); +extern int dstopt_print(const u_char *); +extern int frag6_print(const u_char *, const u_char *); +extern void icmp6_print(const u_char *, const u_char *); +extern void ripng_print(const u_char *, int); +extern int rt6_print(const u_char *, const u_char *); +extern void ospf6_print(const u_char *, u_int); +extern void dhcp6_print(const u_char *, u_int, u_short, u_short); +#endif /*INET6*/ +extern u_short in_cksum(const u_short *addr, register int len, u_short csum); diff --git a/contrib/tcpdump/nfs.h b/contrib/tcpdump/nfs.h index 045ebb1..0887148 100644 --- a/contrib/tcpdump/nfs.h +++ b/contrib/tcpdump/nfs.h @@ -35,6 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * + * $FreeBSD$ * @(#)nfsproto.h 8.2 (Berkeley) 3/30/95 */ @@ -285,6 +286,10 @@ struct nfs_uquad { }; typedef struct nfs_uquad nfsuint64; +#if 0 /* XXX - this doesn't seemed to be used and it doesn't work + * with non-gcc, so comment it out for now. + */ + /* * Used to convert between two u_longs and a u_quad_t. */ @@ -294,6 +299,8 @@ union nfs_quadconvert { }; typedef union nfs_quadconvert nfsquad_t; +#endif + /* * NFS Version 3 special file number. */ diff --git a/contrib/tcpdump/nfsfh.h b/contrib/tcpdump/nfsfh.h index b295bc4..8a4541e 100644 --- a/contrib/tcpdump/nfsfh.h +++ b/contrib/tcpdump/nfsfh.h @@ -1,12 +1,13 @@ /* - * $Header: nfsfh.h,v 1.6 96/12/16 03:40:31 leres Exp $ + * $Header: /tcpdump/master/tcpdump/nfsfh.h,v 1.8 1999/12/15 06:49:05 fenner Exp $ * * nfsfh.h - NFS file handle definitions (for portable use) * * Jeffrey C. Mogul * Digital Equipment Corporation * Western Research Laboratory - */ + * $FreeBSD$ + * $NetBSD: nfsfh.h,v 1.1.1.2 1997/10/03 17:25:13 christos Exp $ */ /* * Internal representation of dev_t, because different NFS servers diff --git a/contrib/tcpdump/parsenfsfh.c b/contrib/tcpdump/parsenfsfh.c index 8a9d78a..c59ad6a 100644 --- a/contrib/tcpdump/parsenfsfh.c +++ b/contrib/tcpdump/parsenfsfh.c @@ -5,11 +5,17 @@ * Jeffrey C. Mogul * Digital Equipment Corporation * Western Research Laboratory + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: parsenfsfh.c,v 1.14 97/06/15 13:20:27 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/parsenfsfh.c,v 1.16 1999/11/21 09:36:47 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/types.h> diff --git a/contrib/tcpdump/ppp.h b/contrib/tcpdump/ppp.h index 8bf94e3..da79154 100644 --- a/contrib/tcpdump/ppp.h +++ b/contrib/tcpdump/ppp.h @@ -1,4 +1,4 @@ -/* @(#) $Header: ppp.h,v 1.7 95/05/04 17:52:46 mccanne Exp $ (LBL) */ +/* @(#) $Header: /tcpdump/master/tcpdump/ppp.h,v 1.8 1999/11/21 03:43:56 assar Exp $ (LBL) */ /* * Point to Point Protocol (PPP) RFC1331 * @@ -56,3 +56,4 @@ #define PPP_PAP 0xc023 /* Password Authentication Protocol */ #define PPP_LQM 0xc025 /* Link Quality Monitoring */ #define PPP_CHAP 0xc223 /* Challenge Handshake Authentication Protocol */ +extern struct tok ppptype2str[]; diff --git a/contrib/tcpdump/print-arp.c b/contrib/tcpdump/print-arp.c index c7578fe..2af4bc1 100644 --- a/contrib/tcpdump/print-arp.c +++ b/contrib/tcpdump/print-arp.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-arp.c,v 1.43 97/06/15 13:20:27 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-arp.c,v 1.44 1999/11/21 09:36:48 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> diff --git a/contrib/tcpdump/print-atalk.c b/contrib/tcpdump/print-atalk.c index ba369d9..869881f 100644 --- a/contrib/tcpdump/print-atalk.c +++ b/contrib/tcpdump/print-atalk.c @@ -19,11 +19,17 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Format and print AppleTalk packets. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-atalk.c,v 1.48 97/05/28 12:50:58 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-atalk.c,v 1.51 1999/11/21 09:36:48 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -44,7 +50,6 @@ struct rtentry; #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #include <stdio.h> #include <stdlib.h> diff --git a/contrib/tcpdump/print-atm.c b/contrib/tcpdump/print-atm.c index c4629e2..8fb95e7 100644 --- a/contrib/tcpdump/print-atm.c +++ b/contrib/tcpdump/print-atm.c @@ -17,10 +17,16 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-atm.c,v 1.9 97/05/28 12:52:40 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-atm.c,v 1.12 1999/11/21 09:36:48 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -43,7 +49,6 @@ struct rtentry; #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #include <stdio.h> #include <pcap.h> @@ -119,6 +124,12 @@ atm_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ip_print(p, length); break; +#ifdef INET6 + case ETHERTYPE_IPV6: + ip6_print(p, length); + break; +#endif /*INET6*/ + /*XXX this probably isn't right */ case ETHERTYPE_ARP: case ETHERTYPE_REVARP: diff --git a/contrib/tcpdump/print-bootp.c b/contrib/tcpdump/print-bootp.c index c9eb72b..7e15815 100644 --- a/contrib/tcpdump/print-bootp.c +++ b/contrib/tcpdump/print-bootp.c @@ -19,10 +19,16 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Format and print bootp packets. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-bootp.c,v 1.46 98/07/18 13:33:58 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-bootp.c,v 1.48 1999/11/21 09:36:49 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -102,6 +108,8 @@ bootp_print(register const u_char *cp, u_int length, printf(" xid:0x%x", (u_int32_t)ntohl(bp->bp_xid)); if (bp->bp_secs) printf(" secs:%d", ntohs(bp->bp_secs)); + if (bp->bp_flags) + printf(" flags:0x%x", ntohs(bp->bp_flags)); /* Client's ip address */ TCHECK(bp->bp_ciaddr); @@ -207,6 +215,63 @@ static struct tok tag2str[] = { { TAG_SWAP_SERVER, "iSS" }, { TAG_ROOTPATH, "aRP" }, { TAG_EXTPATH, "aEP" }, +/* RFC2132 tags */ + { TAG_IP_FORWARD, "BIPF" }, + { TAG_NL_SRCRT, "BSRT" }, + { TAG_PFILTERS, "pPF" }, + { TAG_REASS_SIZE, "sRSZ" }, + { TAG_DEF_TTL, "bTTL" }, + { TAG_MTU_TIMEOUT, "lMA" }, + { TAG_MTU_TABLE, "sMT" }, + { TAG_INT_MTU, "sMTU" }, + { TAG_LOCAL_SUBNETS, "BLSN" }, + { TAG_BROAD_ADDR, "iBR" }, + { TAG_DO_MASK_DISC, "BMD" }, + { TAG_SUPPLY_MASK, "BMS" }, + { TAG_DO_RDISC, "BRD" }, + { TAG_RTR_SOL_ADDR, "iRSA" }, + { TAG_STATIC_ROUTE, "pSR" }, + { TAG_USE_TRAILERS, "BUT" }, + { TAG_ARP_TIMEOUT, "lAT" }, + { TAG_ETH_ENCAP, "BIE" }, + { TAG_TCP_TTL, "bTT" }, + { TAG_TCP_KEEPALIVE, "lKI" }, + { TAG_KEEPALIVE_GO, "BKG" }, + { TAG_NIS_DOMAIN, "aYD" }, + { TAG_NIS_SERVERS, "iYS" }, + { TAG_NTP_SERVERS, "iNTP" }, + { TAG_VENDOR_OPTS, "bVO" }, + { TAG_NETBIOS_NS, "iWNS" }, + { TAG_NETBIOS_DDS, "iWDD" }, + { TAG_NETBIOS_NODE, "bWNT" }, + { TAG_NETBIOS_SCOPE, "aWSC" }, + { TAG_XWIN_FS, "iXFS" }, + { TAG_XWIN_DM, "iXDM" }, + { TAG_NIS_P_DOMAIN, "sN+D" }, + { TAG_NIS_P_SERVERS, "iN+S" }, + { TAG_MOBILE_HOME, "iMH" }, + { TAG_SMPT_SERVER, "iSMTP" }, + { TAG_POP3_SERVER, "iPOP3" }, + { TAG_NNTP_SERVER, "iNNTP" }, + { TAG_WWW_SERVER, "iWWW" }, + { TAG_FINGER_SERVER, "iFG" }, + { TAG_IRC_SERVER, "iIRC" }, + { TAG_STREETTALK_SRVR, "iSTS" }, + { TAG_STREETTALK_STDA, "iSTDA" }, + { TAG_REQUESTED_IP, "iRQ" }, + { TAG_IP_LEASE, "lLT" }, + { TAG_OPT_OVERLOAD, "bOO" }, + { TAG_TFTP_SERVER, "aTFTP" }, + { TAG_BOOTFILENAME, "aBF" }, + { TAG_DHCP_MESSAGE, " DHCP" }, + { TAG_SERVER_ID, "iSID" }, + { TAG_PARM_REQUEST, "bPR" }, + { TAG_MESSAGE, "aMSG" }, + { TAG_MAX_MSG_SIZE, "sMSZ" }, + { TAG_RENEWAL_TIME, "lRN" }, + { TAG_REBIND_TIME, "lRB" }, + { TAG_VENDOR_CLASS, "bVC" }, + { TAG_CLIENT_ID, "bCID" }, { 0, NULL } }; @@ -248,6 +313,35 @@ rfc1048_print(register const u_char *bp, register u_int length) return; } + if (tag == TAG_DHCP_MESSAGE && len == 1) { + c = *bp++; + switch (c) { + case DHCPDISCOVER: printf("DISCOVER"); break; + case DHCPOFFER: printf("OFFER"); break; + case DHCPREQUEST: printf("REQUEST"); break; + case DHCPDECLINE: printf("DECLINE"); break; + case DHCPACK: printf("ACK"); break; + case DHCPNAK: printf("NACK"); break; + case DHCPRELEASE: printf("RELEASE"); break; + case DHCPINFORM: printf("INFORM"); break; + default: printf("%u", c); break; + } + continue; + } + + if (tag == TAG_PARM_REQUEST) { + first = 1; + while (len-- > 0) { + c = *bp++; + cp = tok2str(tag2str, "?%d", c); + if (!first) + putchar('+'); + printf("%s", cp + 1); + first = 0; + } + continue; + } + /* Print data */ size = len; if (c == '?') { @@ -288,6 +382,22 @@ rfc1048_print(register const u_char *bp, register u_int length) } break; + case 'p': + /* IP address pairs */ + while (size >= 2*sizeof(ul)) { + if (!first) + putchar(','); + memcpy((char *)&ul, (char *)bp, sizeof(ul)); + printf("(%s:", ipaddr_string(&ul)); + bp += sizeof(ul); + memcpy((char *)&ul, (char *)bp, sizeof(ul)); + printf("%s)", ipaddr_string(&ul)); + bp += sizeof(ul); + size -= 2*sizeof(ul); + first = 0; + } + break; + case 's': /* shorts */ while (size >= sizeof(us)) { @@ -301,6 +411,28 @@ rfc1048_print(register const u_char *bp, register u_int length) } break; + case 'B': + /* boolean */ + while (size > 0) { + if (!first) + putchar(','); + switch (*bp) { + case 0: + putchar('N'); + break; + case 1: + putchar('Y'); + break; + default: + printf("%d?", *bp); + break; + } + ++bp; + --size; + first = 0; + } + break; + case 'b': default: /* Bytes */ diff --git a/contrib/tcpdump/print-domain.c b/contrib/tcpdump/print-domain.c index 7eb2e0c..50f2ce2 100644 --- a/contrib/tcpdump/print-domain.c +++ b/contrib/tcpdump/print-domain.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-domain.c,v 1.39 97/06/13 12:56:28 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.42 1999/11/21 09:36:50 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -42,7 +48,6 @@ struct rtentry; #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #ifdef NOERROR #undef NOERROR /* Solaris sucks */ @@ -53,6 +58,7 @@ struct rtentry; #include <arpa/nameser.h> #include <stdio.h> +#include <string.h> #include "interface.h" #include "addrtoname.h" @@ -101,6 +107,27 @@ struct rtentry; #ifndef T_LOC #define T_LOC 29 /* Location Information */ #endif +#ifndef T_NXT +#define T_NXT 30 /* Next Valid Name in Zone */ +#endif +#ifndef T_EID +#define T_EID 31 /* Endpoint identifier */ +#endif +#ifndef T_NIMLOC +#define T_NIMLOC 32 /* Nimrod locator */ +#endif +#ifndef T_SRV +#define T_SRV 33 /* Server selection */ +#endif +#ifndef T_ATMA +#define T_ATMA 34 /* ATM Address */ +#endif +#ifndef T_NAPTR +#define T_NAPTR 35 /* Naming Authority PoinTeR */ +#endif +#ifndef T_A6 +#define T_A6 38 /* IP6 address (ipngwg-dns-lookups) */ +#endif #ifndef T_UNSPEC #define T_UNSPEC 103 /* Unspecified format (binary data) */ @@ -219,7 +246,14 @@ static struct tok type2str[] = { { T_PX, "PX" }, { T_GPOS, "GPOS" }, { T_AAAA, "AAAA" }, - { T_LOC , "LOC " }, + { T_LOC, "LOC " }, + { T_NXT, "NXT " }, + { T_EID, "EID " }, + { T_NIMLOC, "NIMLOC " }, + { T_SRV, "SRV " }, + { T_ATMA, "ATMA " }, + { T_NAPTR, "NAPTR " }, + { T_A6, "A6 " }, #ifndef T_UINFO #define T_UINFO 100 #endif @@ -317,6 +351,9 @@ ns_rprint(register const u_char *cp, register const u_char *bp) case T_NS: case T_CNAME: case T_PTR: +#ifdef T_DNAME + case T_DNAME: /*XXX not checked as there's no server support yet*/ +#endif putchar(' '); (void)ns_nprint(cp, bp); break; @@ -332,6 +369,25 @@ ns_rprint(register const u_char *cp, register const u_char *bp) (void)ns_cprint(cp, bp); break; +#ifdef INET6 + case T_AAAA: + printf(" %s", ip6addr_string(cp)); + break; + + case T_A6: /*XXX not checked as there's no server support yet*/ + { + struct in6_addr a; + int pbyte; + + pbyte = (*cp + 7) / 8; + memset(&a, 0, sizeof(a)); + memcpy(&a, cp + 1, pbyte); + printf(" %u %s ", *cp, ip6addr_string(&a)); + (void)ns_nprint(cp + 1 + pbyte, bp); + break; + } +#endif /*INET6*/ + case T_UNSPECA: /* One long string */ printf(" %.*s", len, cp); break; diff --git a/contrib/tcpdump/print-ether.c b/contrib/tcpdump/print-ether.c index 4f267ea..d33028d 100644 --- a/contrib/tcpdump/print-ether.c +++ b/contrib/tcpdump/print-ether.c @@ -22,7 +22,11 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-ether.c,v 1.44 97/05/26 17:18:13 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ether.c,v 1.48 1999/11/21 09:36:51 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -43,11 +47,14 @@ struct rtentry; #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #include <stdio.h> #include <pcap.h> +#ifdef INET6 +#include <netinet/ip6.h> +#endif + #include "interface.h" #include "addrtoname.h" #include "ethertype.h" @@ -74,10 +81,12 @@ ether_print(register const u_char *bp, u_int length) length); } +static u_short extracted_ethertype; + /* * This is the top level routine of the printer. 'p' is the points - * to the ether header of the packet, 'tvp' is the timestamp, - * 'length' is the length of the packet off the wire, and 'caplen' + * to the ether header of the packet, 'h->tv' is the timestamp, + * 'h->length' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ void @@ -87,7 +96,6 @@ ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) u_int length = h->len; struct ether_header *ep; u_short ether_type; - extern u_short extracted_ethertype; ts_print(&h->ts); @@ -154,19 +162,11 @@ ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) * that might want to know what it is. */ -u_short extracted_ethertype; - int ether_encap_print(u_short ethertype, const u_char *p, u_int length, u_int caplen) { - if (ethertype == 0x8100) { /* IEEE 802.1Q vlan tagging encapsulation */ - printf ("[vlan %d] ", ntohs(*(u_short *)p) & 0x17ff); - ethertype = ntohs(((u_short *)p)[1]); - p += 4; - length -= 4; - caplen -= 4; - } + recurse: extracted_ethertype = ethertype; switch (ethertype) { @@ -175,6 +175,12 @@ ether_encap_print(u_short ethertype, const u_char *p, ip_print(p, length); return (1); +#ifdef INET6 + case ETHERTYPE_IPV6: + ip6_print(p, length); + return (1); +#endif /*INET6*/ + case ETHERTYPE_ARP: case ETHERTYPE_REVARP: arp_print(p, length, caplen); @@ -198,11 +204,38 @@ ether_encap_print(u_short ethertype, const u_char *p, ipx_print(p, length); return (1); - case ETHERTYPE_PPPOE_DISC: - case ETHERTYPE_PPPOE_SESS: - pppoe_print(p, length); + case ETHERTYPE_8021Q: + printf("802.1Q vlan#%d P%d%s", + ntohs(*(unsigned short*)p)&0xFFF, + ntohs(*(unsigned short*)p)>>13, + (ntohs(*(unsigned short*)p)&0x1000) ? " CFI" : ""); + ethertype = ntohs(*(unsigned short*)(p+2)); + p += 4; + length -= 4; + caplen -= 4; + if (ethertype > ETHERMTU) + goto recurse; + + extracted_ethertype = 0; + + if (llc_print(p, length, caplen, p-18, p-12) == 0) { + /* ether_type not known, print raw packet */ + if (!eflag) + ether_print(p-18, length+4); + if (extracted_ethertype) { + printf("(LLC %s) ", + etherproto_string(htons(extracted_ethertype))); + } + if (!xflag && !qflag) + default_print(p-18, caplen+4); + } return (1); + case ETHERTYPE_PPPOED: + case ETHERTYPE_PPPOES: + pppoe_print(p, length); + return (1); + case ETHERTYPE_LAT: case ETHERTYPE_SCA: case ETHERTYPE_MOPRC: diff --git a/contrib/tcpdump/print-fddi.c b/contrib/tcpdump/print-fddi.c index 1f3dde6..d2526fa 100644 --- a/contrib/tcpdump/print-fddi.c +++ b/contrib/tcpdump/print-fddi.c @@ -17,14 +17,19 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-fddi.c,v 1.36 97/05/26 17:13:35 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-fddi.c,v 1.40 1999/12/14 16:49:02 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif -#ifdef HAVE_FDDI #include <sys/param.h> #include <sys/time.h> #include <sys/socket.h> @@ -57,7 +62,7 @@ struct rtentry; /* * Some FDDI interfaces use bit-swapped addresses. */ -#if defined(ultrix) || defined(__alpha) || defined(__bsdi) +#if defined(ultrix) || defined(__alpha) || defined(__bsdi) || defined(__NetBSD__) int fddi_bitswap = 0; #else int fddi_bitswap = 1; @@ -266,8 +271,8 @@ fddi_if_print(u_char *pcap, const struct pcap_pkthdr *h, u_int caplen = h->caplen; u_int length = h->len; const struct fddi_header *fddip = (struct fddi_header *)p; - extern u_short extracted_ethertype; struct ether_header ehdr; + u_short extracted_ethertype; ts_print(&h->ts); @@ -335,19 +340,3 @@ fddi_if_print(u_char *pcap, const struct pcap_pkthdr *h, out: putchar('\n'); } -#else -#include <sys/types.h> -#include <sys/time.h> - -#include <stdio.h> - -#include "interface.h" -void -fddi_if_print(u_char *pcap, const struct pcap_pkthdr *h, - register const u_char *p) -{ - - error("not configured for fddi"); - /* NOTREACHED */ -} -#endif diff --git a/contrib/tcpdump/print-icmp.c b/contrib/tcpdump/print-icmp.c index 70139e0..ca2bf07 100644 --- a/contrib/tcpdump/print-icmp.c +++ b/contrib/tcpdump/print-icmp.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-icmp.c,v 1.38 96/09/26 23:36:44 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-icmp.c,v 1.43 1999/11/22 04:28:21 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -43,7 +49,6 @@ struct rtentry; #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #include <stdio.h> #include <string.h> @@ -163,7 +168,7 @@ struct id_rdiscovery { }; void -icmp_print(register const u_char *bp, register const u_char *bp2) +icmp_print(register const u_char *bp, u_int plen, register const u_char *bp2) { register char *cp; register const struct icmp *dp; @@ -178,9 +183,11 @@ icmp_print(register const u_char *bp, register const u_char *bp2) ip = (struct ip *)bp2; str = buf; +#if 0 (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); +#endif TCHECK(dp->icmp_code); switch (dp->icmp_type) { @@ -348,6 +355,19 @@ icmp_print(register const u_char *bp, register const u_char *bp2) break; } (void)printf("icmp: %s", str); + if (vflag) { + if (TTEST2(*bp, plen)) { + if (in_cksum((u_short*)dp, plen, 0)) + printf(" (wrong icmp csum)"); + } + } + if (vflag > 1 && !ICMP_INFOTYPE(dp->icmp_type)) { + bp += 8; + (void)printf(" for "); + ip = (struct ip *)bp; + snaplen = snapend - bp; + ip_print(bp, ntohs(ip->ip_len)); + } return; trunc: fputs("[|icmp]", stdout); diff --git a/contrib/tcpdump/print-ip.c b/contrib/tcpdump/print-ip.c index ebe06a5..fe06efd 100644 --- a/contrib/tcpdump/print-ip.c +++ b/contrib/tcpdump/print-ip.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-ip.c,v 1.66 97/05/28 12:51:43 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.79 1999/12/22 06:27:21 itojun Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -35,7 +41,6 @@ static const char rcsid[] = #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #ifdef HAVE_MALLOC_H #include <malloc.h> @@ -67,21 +72,11 @@ struct tr_query { u_int tr_src; /* traceroute source */ u_int tr_dst; /* traceroute destination */ u_int tr_raddr; /* traceroute response address */ -#ifdef WORDS_BIGENDIAN - struct { - u_int ttl : 8; /* traceroute response ttl */ - u_int qid : 24; /* traceroute query id */ - } q; -#else - struct { - u_int qid : 24; /* traceroute query id */ - u_int ttl : 8; /* traceroute response ttl */ - } q; -#endif + u_int tr_rttlqid; /* response ttl and qid */ }; -#define tr_rttl q.ttl -#define tr_qid q.qid +#define TR_GETTTL(x) (int)(((x) >> 24) & 0xff) +#define TR_GETQID(x) ((x) & 0x00ffffff) /* * Traceroute response format. A traceroute response has a tr_query at the @@ -126,22 +121,24 @@ static void print_mtrace(register const u_char *bp, register u_int len) { register struct tr_query *tr = (struct tr_query *)(bp + 8); - printf("mtrace %d: %s to %s reply-to %s", tr->tr_qid, + printf("mtrace %lu: %s to %s reply-to %s", + (u_long)TR_GETQID(ntohl(tr->tr_rttlqid)), ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst), ipaddr_string(&tr->tr_raddr)); if (IN_CLASSD(ntohl(tr->tr_raddr))) - printf(" with-ttl %d", tr->tr_rttl); + printf(" with-ttl %d", TR_GETTTL(ntohl(tr->tr_rttlqid))); } static void print_mresp(register const u_char *bp, register u_int len) { register struct tr_query *tr = (struct tr_query *)(bp + 8); - printf("mresp %d: %s to %s reply-to %s", tr->tr_qid, + printf("mresp %lu: %s to %s reply-to %s", + (u_long)TR_GETQID(ntohl(tr->tr_rttlqid)), ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst), ipaddr_string(&tr->tr_raddr)); if (IN_CLASSD(ntohl(tr->tr_raddr))) - printf(" with-ttl %d", tr->tr_rttl); + printf(" with-ttl %d", TR_GETTTL(ntohl(tr->tr_rttlqid))); } static void @@ -155,13 +152,19 @@ igmp_print(register const u_char *bp, register u_int len, ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); + if (qflag) { + (void)printf("igmp"); + return; + } + TCHECK2(bp[0], 8); switch (bp[0]) { case 0x11: (void)printf("igmp %s query", bp[1] ? "v2" : "v1"); if (bp[1] && bp[1] != 100) (void)printf(" [intvl %d]", bp[1]); - if (*(int *)&bp[4]) + (void)printf("igmp query"); + if (EXTRACT_32BITS(&bp[4])) (void)printf(" [gaddr %s]", ipaddr_string(&bp[4])); if (len != 8) (void)printf(" [len %d]", len); @@ -191,8 +194,8 @@ igmp_print(register const u_char *bp, register u_int len, dvmrp_print(bp, len); break; case 0x14: - (void)printf("igmp pim"); - pim_print(bp, len); + (void)printf("igmp pimv1"); + pimv1_print(bp, len); break; case 0x1e: print_mresp(bp, len); @@ -207,21 +210,9 @@ igmp_print(register const u_char *bp, register u_int len, break; } - TCHECK2(bp[0], len); - if (vflag) { + if (vflag && TTEST2(bp[0], len)) { /* Check the IGMP checksum */ - u_int32_t sum = 0; - int count; - const u_short *sp = (u_short *)bp; - - for (count = len / 2; --count >= 0; ) - sum += *sp++; - if (len & 1) - sum += ntohs(*(u_char *) sp << 8); - while (sum >> 16) - sum = (sum & 0xffff) + (sum >> 16); - sum = 0xffff & ~sum; - if (sum != 0) + if (in_cksum((const u_short*)bp, len, 0)) printf(" bad igmp cksum %x!", EXTRACT_16BITS(&bp[2])); } return; @@ -254,6 +245,62 @@ ip_printroute(const char *type, register const u_char *cp, u_int length) printf("%s}", ptr == len? "#" : ""); } +static void +ip_printts(register const u_char *cp, u_int length) +{ + register u_int ptr = cp[2] - 1; + register u_int len = 0; + int hoplen; + char *type; + + printf(" TS{"); + hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; + if ((length - 4) & (hoplen-1)) + printf("[bad length %d]", length); + if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) + printf("[bad ptr %d]", cp[2]); + switch (cp[3]&0xF) { + case IPOPT_TS_TSONLY: + printf("TSONLY"); + break; + case IPOPT_TS_TSANDADDR: + printf("TS+ADDR"); + break; + /* + * prespecified should really be 3, but some ones might send 2 + * instead, and the IPOPT_TS_PRESPEC constant can apparently + * have both values, so we have to hard-code it here. + */ + + case 2: + printf("PRESPEC2.0"); + break; + case 3: /* IPOPT_TS_PRESPEC */ + printf("PRESPEC"); + break; + default: + printf("[bad ts type %d]", cp[3]&0xF); + goto done; + } + + type = " "; + for (len = 4; len < length; len += hoplen) { + if (ptr == len) + type = " ^ "; + printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]), + hoplen!=8 ? "" : ipaddr_string(&cp[len])); + type = " "; + } + +done: + printf("%s", ptr == len ? " ^ " : ""); + + if (cp[3]>>4) + printf(" [%d hops not recorded]} ", cp[3]>>4); + else + printf("}"); +} + /* * print IP options. */ @@ -287,15 +334,17 @@ ip_optprint(register const u_char *cp, u_int length) break; case IPOPT_TS: - printf(" TS{%d}", len); + ip_printts(cp, len); break; +#ifndef IPOPT_SECURITY +#define IPOPT_SECURITY 130 +#endif /* IPOPT_SECURITY */ case IPOPT_SECURITY: printf(" SECURITY{%d}", len); break; case IPOPT_RR: - printf(" RR{%d}=", len); ip_printroute("RR", cp, len); break; @@ -307,11 +356,16 @@ ip_optprint(register const u_char *cp, u_int length) ip_printroute("LSRR", cp, len); break; +#ifndef IPOPT_RA +#define IPOPT_RA 148 /* router alert */ +#endif case IPOPT_RA: - printf(" RA{%d}", len); - if (cp[2] != 0 || cp[3] != 0) - printf(" [b23=0x04%x]", cp[2] << 8 | cp[3]); - break; + printf(" RA"); + if (len != 4) + printf("{%d}", len); + else if (cp[2] || cp[3]) + printf("%d.%d", cp[2], cp[3]); + break; default: printf(" IPOPT-%d{%d}", cp[0], len); @@ -324,23 +378,34 @@ ip_optprint(register const u_char *cp, u_int length) * compute an IP header checksum. * don't modifiy the packet. */ -static int -in_cksum(const struct ip *ip) +u_short +in_cksum(const u_short *addr, register int len, u_short csum) { - register const u_short *sp = (u_short *)ip; - register u_int32_t sum = 0; - register int count; + int nleft = len; + const u_short *w = addr; + u_short answer; + int sum = csum; + + /* + * Our algorithm is simple, using a 32 bit accumulator (sum), + * we add sequential 16 bit words to it, and at the end, fold + * back all the carry bits from the top 16 bits into the lower + * 16 bits. + */ + while (nleft > 1) { + sum += *w++; + nleft -= 2; + } + if (nleft == 1) + sum += htons(*(u_char *)w<<8); /* - * No need for endian conversions. + * add back carry outs from top 16 bits to low 16 bits */ - for (count = ip->ip_hl * 2; --count >= 0; ) - sum += *sp++; - while (sum > 0xffff) - sum = (sum & 0xffff) + (sum >> 16); - sum = ~sum & 0xffff; - - return (sum); + sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ + sum += (sum >> 16); /* add carry */ + answer = ~sum; /* truncate to 16 bits */ + return (answer); } /* @@ -350,8 +415,10 @@ void ip_print(register const u_char *bp, register u_int length) { register const struct ip *ip; - register u_int hlen, len, off; + register u_int hlen, len, len0, off; register const u_char *cp; + u_char nh; + int advance; ip = (const struct ip *)bp; #ifdef LBL_ALIGN @@ -395,6 +462,7 @@ ip_print(register const u_char *bp, register u_int length) (void)printf("truncated-ip - %d bytes missing!", len - length); len -= hlen; + len0 = len; /* * If this is fragment zero, hand it to the next higher @@ -403,7 +471,54 @@ ip_print(register const u_char *bp, register u_int length) off = ntohs(ip->ip_off); if ((off & 0x1fff) == 0) { cp = (const u_char *)ip + hlen; - switch (ip->ip_p) { + nh = ip->ip_p; + + if (nh != IPPROTO_TCP && nh != IPPROTO_UDP) { + (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); + } +again: + switch (nh) { + +#ifndef IPPROTO_AH +#define IPPROTO_AH 51 +#endif + case IPPROTO_AH: + nh = *cp; + advance = ah_print(cp, (const u_char *)ip); + cp += advance; + len -= advance; + goto again; + +#ifndef IPPROTO_ESP +#define IPPROTO_ESP 50 +#endif + case IPPROTO_ESP: + { + int enh; + advance = esp_print(cp, (const u_char *)ip, &enh); + cp += advance; + len -= advance; + if (enh < 0) + break; + nh = enh & 0xff; + goto again; + } + +#ifndef IPPROTO_IPCOMP +#define IPPROTO_IPCOMP 108 +#endif + case IPPROTO_IPCOMP: + { + int enh; + advance = ipcomp_print(cp, (const u_char *)ip, &enh); + cp += advance; + len -= advance; + if (enh < 0) + break; + nh = enh & 0xff; + goto again; + } case IPPROTO_TCP: tcp_print(cp, len, (const u_char *)ip); @@ -414,7 +529,7 @@ ip_print(register const u_char *bp, register u_int length) break; case IPPROTO_ICMP: - icmp_print(cp, (const u_char *)ip); + icmp_print(cp, len, (const u_char *)ip); break; #ifndef IPPROTO_IGRP @@ -425,8 +540,10 @@ ip_print(register const u_char *bp, register u_int length) break; case IPPROTO_ND: +#if 0 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); +#endif (void)printf(" nd %d", len); break; @@ -450,10 +567,12 @@ ip_print(register const u_char *bp, register u_int length) case 4: /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ +#if 0 if (vflag) (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); +#endif ip_print(cp, len); if (! vflag) { printf(" (ipip)"); @@ -461,6 +580,27 @@ ip_print(register const u_char *bp, register u_int length) } break; +#ifdef INET6 +#ifndef IP6PROTO_ENCAP +#define IP6PROTO_ENCAP 41 +#endif + case IP6PROTO_ENCAP: + /* ip6-in-ip encapsulation */ +#if 0 + if (vflag) + (void)printf("%s > %s: ", + ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); +#endif + ip6_print(cp, len); + if (! vflag) { + printf(" (encap)"); + return; + } + break; +#endif /*INET6*/ + + #ifndef IPPROTO_GRE #define IPPROTO_GRE 47 #endif @@ -477,18 +617,49 @@ ip_print(register const u_char *bp, register u_int length) } break; +#ifndef IPPROTO_MOBILE +#define IPPROTO_MOBILE 55 +#endif + case IPPROTO_MOBILE: + if (vflag) + (void)printf("mobile %s > %s: ", + ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); + mobile_print(cp, len); + if (! vflag) { + printf(" (mobile encap)"); + return; + } + break; + +#ifndef IPPROTO_PIM +#define IPPROTO_PIM 103 +#endif + case IPPROTO_PIM: + pim_print(cp, len); + break; + default: +#if 0 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); - (void)printf(" ip-proto-%d %d", ip->ip_p, len); +#endif + (void)printf(" ip-proto-%d %d", nh, len); break; } } + + /* Ultra quiet now means that all this stuff should be suppressed */ + /* res 3-Nov-98 */ + if (qflag > 1) return; + + /* * for fragmented datagrams, print id:size@offset. On all * but the last stick a "+". For unfragmented datagrams, note * the don't fragment flag. */ + len = len0; /* get the original length */ if (off & 0x3fff) { /* * if this isn't the first frag, we're missing the @@ -497,14 +668,30 @@ ip_print(register const u_char *bp, register u_int length) if (off & 0x1fff) (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); - (void)printf(" (frag %d:%d@%d%s)", ntohs(ip->ip_id), len, +#ifndef IP_MF +#define IP_MF 0x2000 +#endif /* IP_MF */ +#ifndef IP_DF +#define IP_DF 0x4000 +#endif /* IP_DF */ + (void)printf(" (frag %d:%u@%d%s)", ntohs(ip->ip_id), len, (off & 0x1fff) * 8, (off & IP_MF)? "+" : ""); + } else if (off & IP_DF) (void)printf(" (DF)"); - if (ip->ip_tos) - (void)printf(" [tos 0x%x]", (int)ip->ip_tos); + if (ip->ip_tos) { + (void)printf(" [tos 0x%x", (int)ip->ip_tos); + /* ECN bits */ + if (ip->ip_tos&0x02) { + (void)printf(",ECT"); + if (ip->ip_tos&0x01) + (void)printf(",CE"); + } + (void)printf("] "); + } + if (ip->ip_ttl <= 1) (void)printf(" [ttl %d]", (int)ip->ip_ttl); @@ -522,7 +709,7 @@ ip_print(register const u_char *bp, register u_int length) sep = ", "; } if ((u_char *)ip + hlen <= snapend) { - sum = in_cksum(ip); + sum = in_cksum((const u_short *)ip, hlen, 0); if (sum != 0) { (void)printf("%sbad cksum %x!", sep, ntohs(ip->ip_sum)); diff --git a/contrib/tcpdump/print-ipx.c b/contrib/tcpdump/print-ipx.c index d49bcb7..c178123 100644 --- a/contrib/tcpdump/print-ipx.c +++ b/contrib/tcpdump/print-ipx.c @@ -20,11 +20,17 @@ * * Format and print Novell IPX packets. * Contributed by Brad Parker (brad@fcr.com). + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-ipx.c,v 1.19 96/12/10 23:23:52 leres Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ipx.c,v 1.22 1999/11/21 09:36:54 fenner Exp $"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -38,7 +44,6 @@ static const char rcsid[] = #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #ifdef __STDC__ #include <stdlib.h> diff --git a/contrib/tcpdump/print-isoclns.c b/contrib/tcpdump/print-isoclns.c index 7af4f8f..399ec8b 100644 --- a/contrib/tcpdump/print-isoclns.c +++ b/contrib/tcpdump/print-isoclns.c @@ -19,11 +19,17 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Original code by Matt Thomas, Digital Equipment Corporation + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-isoclns.c,v 1.15 96/12/31 21:27:41 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.16 1999/11/21 09:36:55 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/types.h> diff --git a/contrib/tcpdump/print-llc.c b/contrib/tcpdump/print-llc.c index 183c357..3216f4d 100644 --- a/contrib/tcpdump/print-llc.c +++ b/contrib/tcpdump/print-llc.c @@ -20,11 +20,17 @@ * * Code by Matt Thomas, Digital Equipment Corporation * with an awful lot of hacking by Jeffrey Mogul, DECWRL + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-llc.c,v 1.24 97/01/01 20:56:48 leres Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.27 1999/12/22 06:27:21 itojun Exp $"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -79,10 +85,15 @@ llc_print(const u_char *p, u_int length, u_int caplen, ipx_print(p, length); return (1); } -#ifdef notyet - else if (p[0] == 0xf0 && p[1] == 0xf0) - netbios_print(p, length); -#endif + if (llc.ssap == 0xf0 && llc.dsap == 0xf0) { + /* + * we don't actually have a full netbeui parser yet, but the + * smb parser can handle many smb-in-netbeui packets, which + * is very useful, so we call that + */ + netbeui_print(p + 2, p + min(caplen, length)); + return (1); + } if (llc.ssap == LLCSAP_ISONS && llc.dsap == LLCSAP_ISONS && llc.llcui == LLC_UI) { isoclns_print(p + 3, length - 3, caplen - 3, esrc, edst); @@ -92,9 +103,9 @@ llc_print(const u_char *p, u_int length, u_int caplen, if (llc.ssap == LLCSAP_SNAP && llc.dsap == LLCSAP_SNAP && llc.llcui == LLC_UI) { if (caplen < sizeof(llc)) { - (void)printf("[|llc-snap]"); - default_print((u_char *)p, caplen); - return (0); + (void)printf("[|llc-snap]"); + default_print((u_char *)p, caplen); + return (0); } if (vflag) (void)printf("snap %s ", protoid_string(llc.llcpi)); @@ -136,11 +147,11 @@ llc_print(const u_char *p, u_int length, u_int caplen, char f; m = tok2str(cmd2str, "%02x", LLC_U_CMD(llc.llcu)); switch ((llc.ssap & LLC_GSAP) | (llc.llcu & LLC_U_POLL)) { - case 0: f = 'C'; break; - case LLC_GSAP: f = 'R'; break; - case LLC_U_POLL: f = 'P'; break; - case LLC_GSAP|LLC_U_POLL: f = 'F'; break; - default: f = '?'; break; + case 0: f = 'C'; break; + case LLC_GSAP: f = 'R'; break; + case LLC_U_POLL: f = 'P'; break; + case LLC_GSAP|LLC_U_POLL: f = 'F'; break; + default: f = '?'; break; } printf("%s/%c", m, f); @@ -150,22 +161,31 @@ llc_print(const u_char *p, u_int length, u_int caplen, caplen -= 3; if ((llc.llcu & ~LLC_U_POLL) == LLC_XID) { - if (*p == LLC_XID_FI) { - printf(": %02x %02x", p[1], p[2]); - p += 3; - length -= 3; - caplen -= 3; - } + if (*p == LLC_XID_FI) { + printf(": %02x %02x", p[1], p[2]); + p += 3; + length -= 3; + caplen -= 3; + } + } + + if (!strcmp(m,"ui") && f=='C') { + /* + * we don't have a proper ipx decoder yet, but there + * is a partial one in the smb code + */ + ipx_netbios_print(p,p+min(caplen,length)); } + } else { char f; llc.llcis = ntohs(llc.llcis); switch ((llc.ssap & LLC_GSAP) | (llc.llcu & LLC_U_POLL)) { - case 0: f = 'C'; break; - case LLC_GSAP: f = 'R'; break; - case LLC_U_POLL: f = 'P'; break; - case LLC_GSAP|LLC_U_POLL: f = 'F'; break; - default: f = '?'; break; + case 0: f = 'C'; break; + case LLC_GSAP: f = 'R'; break; + case LLC_U_POLL: f = 'P'; break; + case LLC_GSAP|LLC_U_POLL: f = 'F'; break; + default: f = '?'; break; } if ((llc.llcu & LLC_S_FMT) == LLC_S_FMT) { diff --git a/contrib/tcpdump/print-ntp.c b/contrib/tcpdump/print-ntp.c index 696bb42..1009872 100644 --- a/contrib/tcpdump/print-ntp.c +++ b/contrib/tcpdump/print-ntp.c @@ -21,11 +21,17 @@ * Format and print ntp packets. * By Jeffrey Mogul/DECWRL * loosely based on print-bootp.c + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-ntp.c,v 1.26 97/06/13 12:56:37 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ntp.c,v 1.27 1999/11/21 09:36:57 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> diff --git a/contrib/tcpdump/print-null.c b/contrib/tcpdump/print-null.c index f1469ab..64c7df3 100644 --- a/contrib/tcpdump/print-null.c +++ b/contrib/tcpdump/print-null.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-null.c,v 1.24 97/05/28 12:52:47 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-null.c,v 1.30 1999/12/22 06:27:21 itojun Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -44,12 +50,15 @@ struct rtentry; #include <netinet/udp.h> #include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #include <pcap.h> #include <stdio.h> #include <string.h> +#ifdef INET6 +#include <netinet/ip6.h> +#endif + #include "interface.h" #include "addrtoname.h" @@ -80,6 +89,12 @@ null_print(const u_char *p, const struct ip *ip, u_int length) printf("ip: "); break; +#ifdef INET6 + case AF_INET6: + printf("ip6: "); + break; +#endif + case AF_NS: printf("ns: "); break; @@ -114,7 +129,19 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) if (eflag) null_print(p, ip, length); - ip_print((const u_char *)ip, length); + switch (ip->ip_v) { + case 4: + ip_print((const u_char *)ip, length); + break; +#ifdef INET6 + case 6: + ip6_print((const u_char *)ip, length); + break; +#endif /* INET6 */ + default: + printf("ip v%d", ip->ip_v); + break; + } if (xflag) default_print((const u_char *)ip, caplen - NULL_HDRLEN); diff --git a/contrib/tcpdump/print-ppp.c b/contrib/tcpdump/print-ppp.c index b5052c7..3c831d3 100644 --- a/contrib/tcpdump/print-ppp.c +++ b/contrib/tcpdump/print-ppp.c @@ -23,7 +23,11 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-ppp.c,v 1.26 97/06/12 14:21:29 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.33.2.1 2000/01/29 07:31:17 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -41,17 +45,23 @@ struct rtentry; #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> +#include <netinet/if_ether.h> #include <ctype.h> #include <netdb.h> #include <pcap.h> #include <stdio.h> +#ifdef __bsdi__ +#include <net/slcompress.h> +#include <net/if_ppp.h> +#endif #include <net/ethernet.h> #include "ethertype.h" #include <net/ppp_defs.h> #include "interface.h" +#include "extract.h" #include "addrtoname.h" #include "ppp.h" @@ -191,54 +201,13 @@ static char *papcode[] = { #define IPCP_CP 2 #define IPCP_ADDR 3 -/* PPPoE */ - -struct typenames { - u_short type; - char *name; -}; +static void do_ppp_print __P((const u_char *, u_int, u_int)); +static void handle_lcp __P((const u_char *p, int length)); +static int print_lcp_config_options __P((const u_char *p)); +static void handle_chap __P((const u_char *p, int length)); +static void handle_ipcp __P((const u_char *p, int length)); +static void handle_pap __P((const u_char *p, int length)); -static struct typenames typenames[] = { - /* - * PPPoE type field values - */ - 0x00, "DATA", /* PPPoE Data packet */ - 0x09, "PADI", /* Active Discovery Initiation */ - 0x07, "PADO", /* Active Discovery Offer */ - 0x19, "PADR", /* Active Discovery Request */ - 0x65, "PADS", /* Active Discovery Session-Confirm */ - 0xa7, "PADT", /* Active Discovery Terminate */ -}; - -struct tagnames { - u_short tag; - char *name; - int isascii; -}; - -static struct tagnames tagnames[] = { - /* - * PPPoE tag field values - */ - 0x0000, "End-Of-List", 0, /* Optional last tag (len 0) */ - 0x0101, "Service-Name", 1, /* The (ascii) service */ - 0x0102, "AC-Name", -1, /* Access Concentrator */ - 0x0103, "Host-Uniq", 0, /* Associate PAD[OS] with PAD[IR] */ - 0x0104, "AC-Cookie", 0, /* Optional at PADO time */ - 0x0105, "Vendor-Specific", 0, /* First 4 bytes special (ignore) */ - 0x0110, "Relay-Session-Id", 0, /* Max 12 octets, added by gateway */ - 0x0201, "Service-Name-Error", -1, /* Request not honoured */ - 0x0203, "Generic-Error", 1 /* Access Concentrator error */ -}; - -static int handle_lcp(const u_char *p, int length); -static int print_lcp_config_options(u_char *p); -static int handle_chap(const u_char *p, int length); -static int handle_ipcp(const u_char *p, int length); -static int handle_pap(const u_char *p, int length); -static void do_ppp_print(const u_char *p, u_int length, u_int caplen); - -/* Standard PPP printer */ void ppp_hdlc_print(const u_char *p, int length) { @@ -247,7 +216,7 @@ ppp_hdlc_print(const u_char *p, int length) u_char *ptr; printf("ID-%03d ", *(p+5)); - + for (i = (sizeof(protonames) / sizeof(protonames[0])) - 1; i >= 0; --i) { if (proto == protonames[i].protocol) @@ -279,257 +248,235 @@ ppp_hdlc_print(const u_char *p, int length) } /* print LCP frame */ - -static int +static void handle_lcp(const u_char *p, int length) { int x, j; - u_char *ptr; + const u_char *ptr; - x = *(p+4); + x = p[4]; - if((x >= LCP_MIN) && (x <= LCP_MAX)) - { - printf("%s", lcpcodes[x-1]); - } - else - { + if ((x >= LCP_MIN) && (x <= LCP_MAX)) + printf("%s", lcpcodes[x - 1]); + else { printf("0x%02x", x); return; } length -= 4; - switch(x) - { - case LCP_CONF_REQ: - case LCP_CONF_ACK: - case LCP_CONF_NAK: - case LCP_CONF_REJ: - x = length; - ptr = (u_char *)p+8; - do - { - if((j = print_lcp_config_options(ptr)) == 0) - break; - x -= j; - ptr += j; - } - while(x > 0); - break; + switch (x) { + case LCP_CONF_REQ: + case LCP_CONF_ACK: + case LCP_CONF_NAK: + case LCP_CONF_REJ: + x = length; + ptr = p + 8; + do { + if ((j = print_lcp_config_options(ptr)) == 0) + break; + x -= j; + ptr += j; + } while (x > 0); + break; - case LCP_ECHO_REQ: - case LCP_ECHO_RPL: - printf(", Magic-Number=%d", ((*(p+8) << 24) + (*(p+9) << 16) + (*(p+10) << 8) + (*(p+11)))); - break; - case LCP_TERM_REQ: - case LCP_TERM_ACK: - case LCP_CODE_REJ: - case LCP_PROT_REJ: - case LCP_DISC_REQ: - default: - break; + case LCP_ECHO_REQ: + case LCP_ECHO_RPL: + printf(", Magic-Number=%u", + EXTRACT_32BITS(p+8)); + break; + case LCP_TERM_REQ: + case LCP_TERM_ACK: + case LCP_CODE_REJ: + case LCP_PROT_REJ: + case LCP_DISC_REQ: + default: + break; } } /* LCP config options */ - static int -print_lcp_config_options(u_char *p) +print_lcp_config_options(const u_char *p) { - int len = *(p+1); - int opt = *p; + int len = p[1]; + int opt = p[0]; - if((opt >= LCPOPT_MIN) && (opt <= LCPOPT_MAX)) + if ((opt >= LCPOPT_MIN) && (opt <= LCPOPT_MAX)) printf(", %s", lcpconfopts[opt]); - switch(opt) - { - case LCPOPT_MRU: - if(len == 4) - printf("=%d", (*(p+2) << 8) + *(p+3)); - break; - case LCPOPT_AP: - if(len >= 4) - { - if(*(p+2) == 0xc0 && *(p+3) == 0x23) - { - printf(" PAP"); - } - else if(*(p+2) == 0xc2 && *(p+3) == 0x23) - { - printf(" CHAP/"); - switch(*(p+4)) - { - default: - printf("unknown-algorithm-%d", *(p+4)); - break; - case 5: - printf("MD5"); - break; - case 0x80: - printf("Microsoft"); - break; - } - } - else if(*(p+2) == 0xc2 && *(p+3) == 0x27) - { - printf(" EAP"); - } - else if(*(p+2) == 0xc0 && *(p+3) == 0x27) - { - printf(" SPAP"); - } - else if(*(p+2) == 0xc1 && *(p+3) == 0x23) - { - printf(" Old-SPAP"); - } - else - { - printf("unknown"); + switch (opt) { + case LCPOPT_MRU: + if (len == 4) + printf("=%d", (*(p+2) << 8) + *(p+3)); + break; + case LCPOPT_AP: + if (len >= 4) { + if (p[2] == 0xc0 && p[3] == 0x23) + printf(" PAP"); + else if (p[2] == 0xc2 && p[3] == 0x23) { + printf(" CHAP/"); + switch (p[4]) { + default: + printf("unknown-algorithm-%u", p[4]); + break; + case 5: + printf("MD5"); + break; + case 0x80: + printf("Microsoft"); + break; } } - break; - case LCPOPT_QP: - if(len >= 4) - { - if(*(p+2) == 0xc0 && *(p+3) == 0x25) - printf(" LQR"); - else - printf(" unknown"); - } - break; - case LCPOPT_MN: - if(len == 6) - { - printf("=%d", ((*(p+2) << 24) + (*(p+3) << 16) + (*(p+4) << 8) + (*(p+5)))); - } - break; - case LCPOPT_PFC: - printf(" PFC"); - break; - case LCPOPT_ACFC: - printf(" ACFC"); - break; + else if (p[2] == 0xc2 && p[3] == 0x27) + printf(" EAP"); + else if (p[2] == 0xc0 && p[3] == 0x27) + printf(" SPAP"); + else if (p[2] == 0xc1 && p[3] == 0x23) + printf(" Old-SPAP"); + else + printf("unknown"); + } + break; + case LCPOPT_QP: + if (len >= 4) { + if (p[2] == 0xc0 && p[3] == 0x25) + printf(" LQR"); + else + printf(" unknown"); + } + break; + case LCPOPT_MN: + if (len == 6) + printf("=%u", EXTRACT_32BITS(p+2)); + break; + case LCPOPT_PFC: + printf(" PFC"); + break; + case LCPOPT_ACFC: + printf(" ACFC"); + break; } - return(len); + return len; } /* CHAP */ - -static int +static void handle_chap(const u_char *p, int length) { - int x, j; - u_char *ptr; + int x; + const u_char *ptr; - x = *(p+4); + x = p[4]; - if((x >= CHAP_CODEMIN) && (x <= CHAP_CODEMAX)) - { - printf("%s", chapcode[x-1]); - } - else - { + if ((x >= CHAP_CODEMIN) && (x <= CHAP_CODEMAX)) + printf("%s", chapcode[x - 1]); + else { printf("0x%02x", x); return; } length -= 4; - switch(x) - { - case CHAP_CHAL: - case CHAP_RESP: - printf(", Value="); - x = *(p+8); /* value size */ - ptr = (u_char *)p+9; - while(--x >= 0) - printf("%02x", *ptr++); - x = length - *(p+8) - 1; - printf(", Name="); - while(--x >= 0) - printf("%c", *ptr++); - break; + switch (p[4]) { + case CHAP_CHAL: + case CHAP_RESP: + printf(", Value="); + x = p[8]; /* value size */ + ptr = p + 9; + while (--x >= 0) + printf("%02x", *ptr++); + x = length - p[8] - 1; + printf(", Name="); + while (--x >= 0) { + if (isprint(*ptr)) + printf("%c", *ptr); + else + printf("\\%03o", *ptr); + ptr++; + } + break; } } /* PAP */ - -static int +static void handle_pap(const u_char *p, int length) { - int x, j; - u_char *ptr; + int x; + const u_char *ptr; - x = *(p+4); + x = p[4]; - if((x >= PAP_CODEMIN) && (x <= PAP_CODEMAX)) - { - printf("%s", papcode[x-1]); - } - else - { + if ((x >= PAP_CODEMIN) && (x <= PAP_CODEMAX)) + printf("%s", papcode[x - 1]); + else { printf("0x%02x", x); return; } length -= 4; - switch(x) - { - case PAP_AREQ: - printf(", Peer-Id="); - x = *(p+8); /* peerid size */ - ptr = (u_char *)p+9; - while(--x >= 0) - printf("%c", *ptr++); - x = *ptr++; - printf(", Passwd="); - while(--x >= 0) - printf("%c", *ptr++); - break; - case PAP_AACK: - case PAP_ANAK: - break; + switch (x) { + case PAP_AREQ: + printf(", Peer-Id="); + x = p[8]; /* peerid size */ + ptr = p + 9; + while (--x >= 0) { + if (isprint(*ptr)) + printf("%c", *ptr); + else + printf("\\%03o", *ptr); + ptr++; + } + x = *ptr++; + printf(", Passwd="); + while (--x >= 0) { + if (isprint(*ptr)) + printf("%c", *ptr); + else + printf("\\%03o", *ptr); + ptr++; + } + break; + case PAP_AACK: + case PAP_ANAK: + break; } } /* IPCP */ - -static int +static void handle_ipcp(const u_char *p, int length) { - int x, j; - - x = *(p+8); - length -= 4; - switch(x) - { - case IPCP_2ADDR: - printf("IP-Addresses"); - printf(", Src=%d.%d.%d.%d", *(p+10), *(p+11), *(p+12), *(p+13)); - printf(", Dst=%d.%d.%d.%d", *(p+14), *(p+15), *(p+16), *(p+17)); - break; - - case IPCP_CP: - printf("IP-Compression-Protocol"); - break; + switch (p[8]) { + case IPCP_2ADDR: + printf("IP-Addresses"); + printf(", src=%s", ipaddr_string(p + 10)); + printf(", drc=%s", ipaddr_string(p + 14)); + break; + + case IPCP_CP: + printf("IP-Compression-Protocol"); + break; - case IPCP_ADDR: - printf("IP-Address=%d.%d.%d.%d", *(p+10), *(p+11), *(p+12), *(p+13)); - break; + case IPCP_ADDR: + printf("IP-Address=%s", ipaddr_string(p + 10)); + break; } } +/* Standard PPP printer */ void ppp_if_print(u_char *user, const struct pcap_pkthdr *h, register const u_char *p) { register u_int length = h->len; register u_int caplen = h->caplen; + const struct ip *ip; + u_int proto; ts_print(&h->ts); @@ -543,6 +490,7 @@ ppp_if_print(u_char *user, const struct pcap_pkthdr *h, * and/or check that they're not walking off the end of the packet. * Rather than pass them all the way down, we set these globals. */ + proto = ntohs(*(u_short *)&p[2]); packetp = p; snapend = p + caplen; @@ -550,107 +498,6 @@ ppp_if_print(u_char *user, const struct pcap_pkthdr *h, } /* - * Print PPPoE discovery & session packets - */ -void -pppoe_print(const u_char *p, u_int length) -{ - u_short tag, len, tlen; - u_char type; - int f, asc; - - fputs("PPPoE ", stdout); - - /* - * A PPPoE header: - * - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | VER | TYPE | CODE | SESSION_ID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | LENGTH | payload ~ - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - - type = p[1]; - for (f = sizeof typenames / sizeof typenames[0] - 1; f >= 0; f--) - if (typenames[f].type == type) { - fputs(typenames[f].name, stdout); - break; - } - - if (f == -1) { - printf("<0x%02x>\n", type); - } - - len = ntohs(*(u_short *)(p + 4)); - printf(" v%d, type %d, sess %d len %d", p[0] >> 4, p[0] & 0xf, - ntohs(*(u_short *)(p + 2)), len); - - if (type == 0x00) { - /* This is a data packet */ - p += 4; - fputs("] ", stdout); - /* If eflag is set, ignore the trailing 2 bytes for LCP... */ - do_ppp_print(p, eflag ? len - 2 : len + 2, len + 4); - return; - } - - p += 6; - length -= 6; - if (len > length) - len = length; /* puke ! */ - - /* - * A PPPoE tag: - * - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | TAG_TYPE | TAG_LENGTH | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | TAG_VALUE ... ~ - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - - while (len >= 4) { - tag = ntohs(*(u_short *)p); - tlen = ntohs(*(u_short *)(p + 2)); - - fputs(" [", stdout); - for (f = sizeof tagnames / sizeof tagnames[0] - 1; f >= 0; f--) - if (tagnames[f].tag == tag) { - asc = tagnames[f].isascii; - fputs(tagnames[f].name, stdout); - break; - } - - if (f == -1) { - printf("<0x%04x>", tag); - asc = -1; - } - - p += 4; - if (tlen > 0) { - if (asc == -1) { - for (f = 0; f < tlen; f++) - if (!isascii(p[f])) - break; - asc = f == tlen; - } - fputc(' ', stdout); - if (asc) - printf("%.*s", (int)tlen, p); - else for (f = 0; f < tlen; f++) - printf("%02x", p[f]); - } - fputc(']', stdout); - - p += tlen; - len -= tlen + 4; - } -} - -/* * Actually do the job */ static void @@ -670,6 +517,14 @@ do_ppp_print(const u_char *p, u_int length, u_int caplen) case ETHERTYPE_IPX: ipx_print((const u_char *)(p + PPP_HDRLEN), length); break; +#ifdef INET6 + case ETHERTYPE_IPV6: /*XXX*/ +#ifdef PPP_IPV6 + case PPP_IPV6: +#endif + ip6_print((const u_char *)(p + PPP_HDRLEN), length); + break; +#endif default: if(!eflag) @@ -686,13 +541,35 @@ out: putchar('\n'); } -/* proto type to string mapping */ -static struct tok ptype2str[] = { +struct tok ppptype2str[] = { + { PPP_IP, "IP" }, + { PPP_OSI, "OSI" }, + { PPP_NS, "NS" }, + { PPP_DECNET, "DECNET" }, + { PPP_APPLE, "APPLE" }, + { PPP_IPX, "IPX" }, { PPP_VJC, "VJC" }, { PPP_VJNC, "VJNC" }, - { PPP_OSI, "OSI" }, - { PPP_LCP, "LCP" }, + { PPP_BRPDU, "BRPDU" }, + { PPP_STII, "STII" }, + { PPP_VINES, "VINES" }, + + { PPP_HELLO, "HELLO" }, + { PPP_LUXCOM, "LUXCOM" }, + { PPP_SNS, "SNS" }, { PPP_IPCP, "IPCP" }, + { PPP_OSICP, "OSICP" }, + { PPP_NSCP, "NSCP" }, + { PPP_DECNETCP, "DECNETCP" }, + { PPP_APPLECP, "APPLECP" }, + { PPP_IPXCP, "IPXCP" }, + { PPP_STIICP, "STIICP" }, + { PPP_VINESCP, "VINESCP" }, + + { PPP_LCP, "LCP" }, + { PPP_PAP, "PAP" }, + { PPP_LQM, "LQM" }, + { PPP_CHAP, "CHAP" }, { 0, NULL } }; @@ -703,10 +580,13 @@ void ppp_bsdos_if_print(u_char *user, const struct pcap_pkthdr *h, register const u_char *p) { +#ifdef __bsdi__ register u_int length = h->len; register u_int caplen = h->caplen; register int hdrlength; u_short ptype; + const u_char *q; + int i; ts_print(&h->ts); @@ -724,6 +604,7 @@ ppp_bsdos_if_print(u_char *user, const struct pcap_pkthdr *h, snapend = p + caplen; hdrlength = 0; +#if 0 if (p[0] == PPP_ADDRESS && p[1] == PPP_CONTROL) { if (eflag) printf("%02x %02x ", p[0], p[1]); @@ -749,16 +630,80 @@ ppp_bsdos_if_print(u_char *user, const struct pcap_pkthdr *h, p += 2; hdrlength += 2; } - +#else + ptype = 0; /*XXX*/ + if (eflag) + printf("%c ", p[SLC_DIR] ? 'O' : 'I'); + if (p[SLC_LLHL]) { + /* link level header */ + struct ppp_header *ph; + + q = p + SLC_BPFHDRLEN; + ph = (struct ppp_header *)q; + if (ph->phdr_addr == PPP_ADDRESS + && ph->phdr_ctl == PPP_CONTROL) { + if (eflag) + printf("%02x %02x ", q[0], q[1]); + ptype = ntohs(ph->phdr_type); + if (eflag && (ptype == PPP_VJC || ptype == PPP_VJNC)) { + printf("%s ", tok2str(ppptype2str, + "proto-#%d", ptype)); + } + } else { + if (eflag) { + printf("LLH=["); + for (i = 0; i < p[SLC_LLHL]; i++) + printf("%02x", q[i]); + printf("] "); + } + } + if (eflag) + printf("%d ", length); + } + if (p[SLC_CHL]) { + q = p + SLC_BPFHDRLEN + p[SLC_LLHL]; + + switch (ptype) { + case PPP_VJC: + ptype = vjc_print(q, length - (q - p), ptype); + hdrlength = PPP_BSDI_HDRLEN; + p += hdrlength; + if (ptype == PPP_IP) + ip_print(p, length); + goto printx; + case PPP_VJNC: + ptype = vjc_print(q, length - (q - p), ptype); + hdrlength = PPP_BSDI_HDRLEN; + p += hdrlength; + if (ptype == PPP_IP) + ip_print(p, length); + goto printx; + default: + if (eflag) { + printf("CH=["); + for (i = 0; i < p[SLC_LLHL]; i++) + printf("%02x", q[i]); + printf("] "); + } + break; + } + } + + hdrlength = PPP_BSDI_HDRLEN; +#endif + length -= hdrlength; + p += hdrlength; if (ptype == PPP_IP) ip_print(p, length); else - printf("%s ", tok2str(ptype2str, "proto-#%d", ptype)); + printf("%s ", tok2str(ppptype2str, "proto-#%d", ptype)); +printx: if (xflag) default_print((const u_char *)p, caplen - hdrlength); out: putchar('\n'); +#endif /* __bsdi__ */ } diff --git a/contrib/tcpdump/print-sl.c b/contrib/tcpdump/print-sl.c index 7e52352..c2f622b 100644 --- a/contrib/tcpdump/print-sl.c +++ b/contrib/tcpdump/print-sl.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-sl.c,v 1.42 97/06/12 14:21:35 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-sl.c,v 1.46 1999/11/21 12:38:24 itojun Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #ifdef HAVE_NET_SLIP_H @@ -44,9 +50,7 @@ struct rtentry; #include <net/ethernet.h> #include <netinet/ip_var.h> #include <netinet/udp.h> -#include <netinet/udp_var.h> #include <netinet/tcp.h> -#include <netinet/tcpip.h> #include <net/slcompress.h> #include <net/slip.h> @@ -104,7 +108,18 @@ sl_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) if (eflag) sliplink_print(p, ip, length); - ip_print((u_char *)ip, length); + switch (ip->ip_v) { + case 4: + ip_print((u_char *)ip, length); + break; +#ifdef INET6 + case 6: + ip6_print((u_char *)ip, length); + break; +#endif + default: + printf ("ip v%d", ip->ip_v); + } if (xflag) default_print((u_char *)ip, caplen - SLIP_HDRLEN); diff --git a/contrib/tcpdump/print-sunrpc.c b/contrib/tcpdump/print-sunrpc.c index ecc4426..54dcf66 100644 --- a/contrib/tcpdump/print-sunrpc.c +++ b/contrib/tcpdump/print-sunrpc.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-sunrpc.c,v 1.26 96/12/31 21:27:43 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-sunrpc.c,v 1.29 1999/11/21 09:37:02 fenner Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> diff --git a/contrib/tcpdump/print-token.c b/contrib/tcpdump/print-token.c index fed384f..0edbf2f 100644 --- a/contrib/tcpdump/print-token.c +++ b/contrib/tcpdump/print-token.c @@ -19,6 +19,8 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Hacked version of print-ether.c Larry Lile <lile@stdio.com> + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = @@ -107,7 +109,7 @@ token_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) u_int length = h->len; struct token_header *tp; u_short ether_type; - extern u_short extracted_ethertype; + u_short extracted_ethertype; u_int route_len = 0, seg; struct llc *lp; diff --git a/contrib/tcpdump/print-udp.c b/contrib/tcpdump/print-udp.c index c75446f..9a64fb3 100644 --- a/contrib/tcpdump/print-udp.c +++ b/contrib/tcpdump/print-udp.c @@ -17,11 +17,17 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: print-udp.c,v 1.60 97/07/27 21:58:48 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-udp.c,v 1.70 1999/12/22 06:27:23 itojun Exp $ (LBL)"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" #endif #include <sys/param.h> @@ -51,6 +57,10 @@ static const char rcsid[] = #include <stdio.h> +#ifdef INET6 +#include <netinet/ip6.h> +#endif + #include "interface.h" #include "addrtoname.h" #include "appletalk.h" @@ -291,8 +301,23 @@ rtcp_print(const u_char *hdr, const u_char *ep) #define SNMP_PORT 161 /*XXX*/ #define NTP_PORT 123 /*XXX*/ #define SNMPTRAP_PORT 162 /*XXX*/ +#define ISAKMP_PORT 500 /*XXX*/ #define RIP_PORT 520 /*XXX*/ #define KERBEROS_SEC_PORT 750 /*XXX*/ +#define L2TP_PORT 1701 /*XXX*/ +#define ISAKMP_PORT_USER1 7500 /*??? - nonstandard*/ +#define ISAKMP_PORT_USER2 8500 /*??? - nonstandard*/ +#define RX_PORT_LOW 7000 /*XXX*/ +#define RX_PORT_HIGH 7009 /*XXX*/ +#define NETBIOS_NS_PORT 137 +#define NETBIOS_DGRAM_PORT 138 +#define CISCO_AUTORP_PORT 496 /*XXX*/ + +#ifdef INET6 +#define RIPNG_PORT 521 /*XXX*/ +#define DHCP6_SERV_PORT 546 /*XXX*/ +#define DHCP6_CLI_PORT 547 /*XXX*/ +#endif void udp_print(register const u_char *bp, u_int length, register const u_char *bp2) @@ -302,18 +327,30 @@ udp_print(register const u_char *bp, u_int length, register const u_char *bp2) register const u_char *cp; register const u_char *ep = bp + length; u_short sport, dport, ulen; +#ifdef INET6 + register const struct ip6_hdr *ip6; +#endif if (ep > snapend) ep = snapend; up = (struct udphdr *)bp; ip = (struct ip *)bp2; +#ifdef INET6 + if (ip->ip_v == 6) + ip6 = (struct ip6_hdr *)bp2; + else + ip6 = NULL; +#endif /*INET6*/ cp = (u_char *)(up + 1); if (cp > snapend) { - printf("[|udp]"); + (void)printf("%s > %s: [|udp]", + ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); return; } if (length < sizeof(struct udphdr)) { - (void)printf(" truncated-udp %d", length); + (void)printf("%s > %s: truncated-udp %d", + ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst), + length); return; } length -= sizeof(struct udphdr); @@ -374,6 +411,15 @@ udp_print(register const u_char *bp, u_int length, register const u_char *bp2) while (cp < ep) cp = rtcp_print(cp, ep); break; + + case PT_SNMP: + (void)printf("%s.%s > %s.%s:", + ipaddr_string(&ip->ip_src), + udpport_string(sport), + ipaddr_string(&ip->ip_dst), + udpport_string(dport)); + snmp_print((const u_char *)(up + 1), length); + break; } return; } @@ -411,9 +457,38 @@ udp_print(register const u_char *bp, u_int length, register const u_char *bp2) return; } } +#if 0 (void)printf("%s.%s > %s.%s:", ipaddr_string(&ip->ip_src), udpport_string(sport), ipaddr_string(&ip->ip_dst), udpport_string(dport)); +#else +#ifdef INET6 + if (ip6) { + if (ip6->ip6_nxt == IPPROTO_UDP) { + (void)printf("%s.%s > %s.%s: ", + ip6addr_string(&ip6->ip6_src), + udpport_string(sport), + ip6addr_string(&ip6->ip6_dst), + udpport_string(dport)); + } else { + (void)printf("%s > %s: ", + udpport_string(sport), udpport_string(dport)); + } + } else +#endif /*INET6*/ + { + if (ip->ip_p == IPPROTO_UDP) { + (void)printf("%s.%s > %s.%s: ", + ipaddr_string(&ip->ip_src), + udpport_string(sport), + ipaddr_string(&ip->ip_dst), + udpport_string(dport)); + } else { + (void)printf("%s > %s: ", + udpport_string(sport), udpport_string(dport)); + } + } +#endif if (!qflag) { #define ISPORT(p) (dport == (p) || sport == (p)) @@ -426,19 +501,51 @@ udp_print(register const u_char *bp, u_int length, register const u_char *bp2) sport, dport); else if (ISPORT(RIP_PORT)) rip_print((const u_char *)(up + 1), length); + else if (ISPORT(ISAKMP_PORT)) + isakmp_print((const u_char *)(up + 1), length, bp2); +#if 1 /*???*/ + else if (ISPORT(ISAKMP_PORT_USER1) || ISPORT(ISAKMP_PORT_USER2)) + isakmp_print((const u_char *)(up + 1), length, bp2); +#endif else if (ISPORT(SNMP_PORT) || ISPORT(SNMPTRAP_PORT)) snmp_print((const u_char *)(up + 1), length); else if (ISPORT(NTP_PORT)) ntp_print((const u_char *)(up + 1), length); else if (ISPORT(KERBEROS_PORT) || ISPORT(KERBEROS_SEC_PORT)) krb_print((const void *)(up + 1), length); + else if (ISPORT(L2TP_PORT)) + l2tp_print((const u_char *)(up + 1), length); + else if (ISPORT(NETBIOS_NS_PORT)) { + nbt_udp137_print((const u_char *)(up + 1), length); + } + else if (ISPORT(NETBIOS_DGRAM_PORT)) { + nbt_udp138_print((const u_char *)(up + 1), length); + } else if (dport == 3456) vat_print((const void *)(up + 1), length, up); + /* + * Since there are 10 possible ports to check, I think + * a <> test would be more efficient + */ + else if ((sport >= RX_PORT_LOW && sport <= RX_PORT_HIGH) || + (dport >= RX_PORT_LOW && dport <= RX_PORT_HIGH)) + rx_print((const void *)(up + 1), length, sport, dport, + (u_char *) ip); +#ifdef INET6 + else if (ISPORT(RIPNG_PORT)) + ripng_print((const u_char *)(up + 1), length); + else if (ISPORT(DHCP6_SERV_PORT) || ISPORT(DHCP6_CLI_PORT)) { + dhcp6_print((const u_char *)(up + 1), length, + sport, dport); + } +#endif /*INET6*/ /* * Kludge in test for whiteboard packets. */ else if (dport == 4567) wb_print((const void *)(up + 1), length); + else if (ISPORT(CISCO_AUTORP_PORT)) + cisco_autorp_print((const void *)(up + 1), length); else (void)printf(" udp %u", (u_int32_t)(ulen - sizeof(*up))); diff --git a/contrib/tcpdump/tcpdump.1 b/contrib/tcpdump/tcpdump.1 index cf0f625..500bb00 100644 --- a/contrib/tcpdump/tcpdump.1 +++ b/contrib/tcpdump/tcpdump.1 @@ -1,4 +1,4 @@ -.\" @(#) $Header: tcpdump.1,v 1.67 97/06/30 16:31:50 leres Exp $ (LBL) +.\" @(#) $Header: /tcpdump/master/tcpdump/tcpdump.1,v 1.72.2.2 2000/01/29 16:42:03 itojun Exp $ (LBL) .\" .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ tcpdump \- dump traffic on a network .na .B tcpdump [ -.B \-adeflnNOpqStvxX +.B \-adeflnNOpqRStvxX ] [ .B \-c .I count @@ -42,16 +42,21 @@ tcpdump \- dump traffic on a network [ .B \-i .I interface -] [ +] +[ +.B \-m +.I module +] +[ .B \-r .I file ] +.br +.ti +8 [ .B \-s .I snaplen ] -.br -.ti +8 [ .B \-T .I type @@ -60,6 +65,8 @@ tcpdump \- dump traffic on a network .B \-w .I file ] +.br +.ti +8 [ .I expression ] @@ -148,6 +155,10 @@ Don't print domain name qualification of host names. E.g., if you give this flag then \fItcpdump\fP will print ``nic'' instead of ``nic.ddn.mil''. .TP +.B \-m +Load SMI MIB module definitions from file \fImodule\fR. This option +can be used several times to load several MIB modules into tcpdump. +.TP .B \-O Do not run the packet-matching code optimizer. This is useful only if you suspect a bug in the optimizer. @@ -186,10 +197,17 @@ specified \fItype\fR. Currently known types are \fBrpc\fR (Remote Procedure Call), \fBrtp\fR (Real-Time Applications protocol), \fBrtcp\fR (Real-Time Applications control protocol), +\fBsnmp\fR (Simple Network Management Protocol), \fBvat\fR (Visual Audio Tool), and \fBwb\fR (distributed White Board). .TP +.B \-R +Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829). +If specified, \fItcpdump\fP will not print replay prevention field. +Since there is no protocol version field in ESP/AH specification, +\fItcpdump\fP cannot deduce the version of ESP/AH protocol. +.TP .B \-S Print absolute, rather than relative, TCP sequence numbers. .TP @@ -207,6 +225,13 @@ and type of service information in an IP packet is printed. Even more verbose output. For example, additional fields are printed from NFS reply packets. .TP +.B \-vvv +Even more verbose output. For example, +telnet \fBSB\fP ... \fBSE\fP options +are printed in full. With +.B \-X +telnet options are printed in hex as well. +.TP .B \-w Write the raw packets to \fIfile\fR rather than parsing and printing them out. They can later be printed with the \-r option. @@ -219,9 +244,14 @@ The smaller of the entire packet or bytes will be printed. .TP .B \-X -Like +When printing hex, print ascii too. Thus if +.B \-x +is also set, the packet is printed in hex/ascii. +This is very handy for analysing new protocols. +Even if .B \-x -but dumps the packet in emacs-hexl like format with ASCII decoding. +is not also set, some parts of some packets may be printed +in hex/ascii. .IP "\fI expression\fP" .RS selects which packets will be dumped. If no \fIexpression\fP @@ -270,6 +300,7 @@ protos are: .BR ether , .BR fddi , .BR ip , +.BR ip6 , .BR arp , .BR rarp , .BR decnet , @@ -280,6 +311,8 @@ protos are: .BR iso , .BR esis , .BR isis , +.BR icmp , +.BR icmp6 , .B tcp and .BR udp . @@ -317,14 +350,14 @@ To save typing, identical qualifier lists can be omitted. E.g., .LP Allowable primitives are: .IP "\fBdst host \fIhost\fR" -True if the IP destination field of the packet is \fIhost\fP, +True if the IPv4/v6 destination field of the packet is \fIhost\fP, which may be either an address or a name. .IP "\fBsrc host \fIhost\fR" -True if the IP source field of the packet is \fIhost\fP. +True if the IPv4/v6 source field of the packet is \fIhost\fP. .IP "\fBhost \fIhost\fP -True if either the IP source or destination of the packet is \fIhost\fP. +True if either the IPv4/v6 source or destination of the packet is \fIhost\fP. Any of the above host expressions can be prepended with the keywords, -\fBip\fP, \fBarp\fP, or \fBrarp\fP as in: +\fBip\fP, \fBarp\fP, \fBrarp\fP, or \fBip6\fP as in: .in +.5i .nf \fBip host \fIhost\fR @@ -359,24 +392,26 @@ expression is .fi .in -.5i which can be used with either names or numbers for \fIhost / ehost\fP.) +This syntax does not work in IPv6-enabled configuration at this moment. .IP "\fBdst net \fInet\fR" -True if the IP destination address of the packet has a network +True if the IPv4/v6 destination address of the packet has a network number of \fInet\fP. \fINet\fP may be either a name from /etc/networks or a network number (see \fInetworks(4)\fP for details). .IP "\fBsrc net \fInet\fR" -True if the IP source address of the packet has a network +True if the IPv4/v6 source address of the packet has a network number of \fInet\fP. .IP "\fBnet \fInet\fR" -True if either the IP source or destination address of the packet has a network +True if either the IPv4/v6 source or destination address of the packet has a network number of \fInet\fP. .IP "\fBnet \fInet\fR \fBmask \fImask\fR" True if the IP address matches \fInet\fR with the specific netmask. May be qualified with \fBsrc\fR or \fBdst\fR. +Note that this syntax is not valid for IPv6 \fInet\fR. .IP "\fBnet \fInet\fR/\fIlen\fR" -True if the IP address matches \fInet\fR a netmask \fIlen\fR bits wide. +True if the IPv4/v6 address matches \fInet\fR a netmask \fIlen\fR bits wide. May be qualified with \fBsrc\fR or \fBdst\fR. .IP "\fBdst port \fIport\fR" -True if the packet is ip/tcp or ip/udp and has a +True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port value of \fIport\fP. The \fIport\fP can be a number or a name used in /etc/services (see .IR tcp (4P) @@ -423,6 +458,29 @@ of protocol type \fIprotocol\fP. \fIicmp\fP, \fIigrp\fP, \fIudp\fP, \fInd\fP, or \fItcp\fP. Note that the identifiers \fItcp\fP, \fIudp\fP, and \fIicmp\fP are also keywords and must be escaped via backslash (\\), which is \\\\ in the C-shell. +Note that this primitive does not chase protocol header chain. +.IP "\fBip6 proto \fIprotocol\fR" +True if the packet is an IPv6 packet of protocol type \fIprotocol\fP. +Note that this primitive does not chase protocol header chain. +.IP "\fBip6 protochain \fIprotocol\fR" +True if the packet is IPv6 packet, +and contains protocol header with type \fIprotocol\fR +in its protocol header chain. +For example, +.in +.5i +.nf +\fBip6 protochain 6\fR +.fi +.in -.5i +matches any IPv6 packet with TCP protocol header in the protocol header chain. +The packet may contain, for example, +authentication header, routing header, or hop-by-hop option header, +between IPv6 header and TCP header. +The BPF code emitted by this primitive is complex and +cannot be optimized by BPF optimizer code in \fItcpdump\fP, +so this can be somewhat slow. +.IP "\fBip protochain \fIprotocol\fR" +Equivalent to \fBip6 protochain \fIprotocol\fR, but this is for IPv4. .IP "\fBether broadcast\fR" True if the packet is an ethernet broadcast packet. The \fIether\fP keyword is optional. @@ -436,10 +494,12 @@ keyword is optional. This is shorthand for `\fBether[0] & 1 != 0\fP'. .IP "\fBip multicast\fR" True if the packet is an IP multicast packet. +.IP "\fBip6 multicast\fR" +True if the packet is an IPv6 multicast packet. .IP "\fBether proto \fIprotocol\fR" True if the packet is of ether type \fIprotocol\fR. \fIProtocol\fP can be a number or a name like -\fIip\fP, \fIarp\fP, or \fIrarp\fP. +\fIip\fP, \fIip6\fP, \fIarp\fP, or \fIrarp\fP. Note these identifiers are also keywords and must be escaped via backslash (\\). [In the case of FDDI (e.g., `\fBfddi protocol arp\fR'), the @@ -460,7 +520,7 @@ True if the DECNET destination address is .IP "\fBdecnet host \fIhost\fR" True if either the DECNET source or destination address is .IR host . -.IP "\fBip\fR, \fBarp\fR, \fBrarp\fR, \fBdecnet\fR, \fBiso\fR" +.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBdecnet\fR, \fBiso\fR" Abbreviations for: .in +.5i .nf @@ -482,7 +542,7 @@ Note that Abbreviations for: .in +.5i .nf -\fBip proto \fIp\fR +\fBip proto \fIp\fR\fB or ip6 proto \fIp\fR .fi .in -.5i where \fIp\fR is one of the above protocols. @@ -508,8 +568,10 @@ data inside the packet, use the following syntax: .fi .in -.5i \fIProto\fR is one of \fBether, fddi, -ip, arp, rarp, tcp, udp, \fRor \fBicmp\fR, and +ip, arp, rarp, tcp, udp, icmp\fR or \fBip6\fR, and indicates the protocol layer for the index operation. +Note that \fItcp, udp\fR and other upper-layer protocol types only +apply to IPv4, not IPv6 (this will be fixed in the future). The byte offset, relative to the indicated protocol layer, is given by \fIexpr\fR. \fISize\fR is optional and indicates the number of bytes in the @@ -947,6 +1009,27 @@ need to seriously investigate name server traffic. `\fB\-s 128\fP' has worked well for me. .HD +SMB/CIFS decoding +.LP +tcpdump now includes fairly extensive SMB/CIFS/NBT decoding for data +on UDP/137, UDP/138 and TCP/139. Some primitive decoding of IPX and +NetBEUI SMB data is also done. + +By default a fairly minimal decode is done, with a much more detailed +decode done if -v is used. Be warned that with -v a single SMB packet +may take up a page or more, so only use -v if you really want all the +gory details. + +If you are decoding SMB sessions containing unicode strings then you +may wish to set the environment variable USE_UNICODE to 1. A patch to +auto-detect unicode srings would be welcome. + +For information on SMB packet formats and what all te fields mean see +www.cifs.org or the pub/samba/specs/ directory on your favourite +samba.org mirror site. The SMB patches were written by Andrew Tridgell +(tridge@samba.org). + +.HD NFS Requests and Replies .LP Sun NFS (Network File System) requests and replies are printed as: @@ -1020,6 +1103,64 @@ NFS reply packets do not explicitly identify the RPC operation. Instead, replies using the transaction ID. If a reply does not closely follow the corresponding request, it might not be parsable. .HD +AFS Request and Replies +.LP +Transarc AFS (Andrew File System) requests and replies are printed +as: +.HD +.RS +.nf +.sp .5 +\fIsrc.sport > dst.dport: rx packet-type\fP +\fIsrc.sport > dst.dport: rx packet-type service call call-name args\fP +\fIsrc.sport > dst.dport: rx packet-type service reply call-name args\fP +.sp .5 +\f(CW +elvis.7001 > pike.afsfs: + rx data fs call rename old fid 536876964/1/1 ".newsrc.new" + new fid 536876964/1/1 ".newsrc" +pike.afsfs > elvis.7001: rx data fs reply rename +\fP +.sp .5 +.fi +.RE +In the first line, host elvis sends a RX packet to pike. This was +a RX data packet to the fs (fileserver) service, and is the start of +an RPC call. The RPC call was a rename, with the old directory file id +of 536876964/1/1 and an old filename of `.newsrc.new', and a new directory +file id of 536876964/1/1 and a new filename of `.newsrc'. The host pike +responds with a RPC reply to the rename call (which was successful, because +it was a data packet and not an abort packet). +.LP +In general, all AFS RPCs are decoded at least by RPC call name. Most +AFS RPCs have at least some of the arguments decoded (generally only +the `interesting' arguments, for some definition of interesting). +.LP +The format is intended to be self-describing, but it will probably +not be useful to people who are not familiar with the workings of +AFS and RX. +.LP +If the -v (verbose) flag is given twice, additional information is printed, +such as the the RX call ID, call number, sequence number, serial number, +and the RX packet flags. +.LP +If the -v flag is given again, the security index and service id are printed. +.LP +Error codes are printed for abort packets, with the exception of Ubik +beacon packets (because abort packets are used to signify a yes vote +for the Ubik protocol). +.LP +Note that AFS requests are very large and many of the arguments won't +be printed unless \fIsnaplen\fP is increased. Try using `\fB-s 256\fP' +to watch AFS traffic. +.LP +AFS reply packets do not explicitly identify the RPC operation. Instead, +\fItcpdump\fP keeps track of ``recent'' requests, and matches them to the +replies using the call number and service ID. If a reply does not closely +follow the +corresponding request, it might not be parsable. + +.HD KIP Appletalk (DDP in UDP) .LP Appletalk DDP packets encapsulated in UDP datagrams are de-encapsulated @@ -1209,6 +1350,9 @@ The current version is available via anonymous ftp: .RS .I ftp://ftp.ee.lbl.gov/tcpdump.tar.Z .RE +.LP +IPv6/IPsec support is added by WIDE/KAME project. +This program uses Eric Young's SSLeay library, under specific configuration. .SH BUGS Please send bug reports to tcpdump@ee.lbl.gov. .LP @@ -1237,3 +1381,14 @@ packets are encapsulated Ethernet packets. This is true for IP, ARP, and DECNET Phase IV, but is not true for protocols such as ISO CLNS. Therefore, the filter may inadvertently accept certain packets that do not properly match the filter expression. +.LP +.BR "ip6 proto" +should chase header chain, but at this moment it does not. +.BR tcp +or +.BR udp +should chase header chain too. +.LP +Arithmetic expression against transport layer headers, like \fBtcp[0]\fP, +does not work against IPv6 packets. +It only looks at IPv4 packets. diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c index 925f52a..daf95fe 100644 --- a/contrib/tcpdump/tcpdump.c +++ b/contrib/tcpdump/tcpdump.c @@ -24,7 +24,7 @@ static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Header: tcpdump.c,v 1.129 97/06/13 13:10:11 leres Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.138.2.1 2000/01/11 07:34:00 fenner Exp $ (LBL)"; #endif /* $FreeBSD$ */ @@ -37,6 +37,10 @@ static const char rcsid[] = * combined efforts of Van, Steve McCanne and Craig Leres of LBL. */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include <sys/types.h> #include <sys/time.h> @@ -48,6 +52,10 @@ static const char rcsid[] = #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <ctype.h> + +#include <netinet/in_systm.h> +#include <netinet/ip.h> #include "interface.h" #include "addrtoname.h" @@ -64,11 +72,16 @@ int Nflag; /* remove domains from printed host names */ int Oflag = 1; /* run filter code optimizer */ int pflag; /* don't go promiscuous */ int qflag; /* quick (shorter) output */ +int Rflag = 1; /* print sequence # field in AH/ESP*/ +int sflag = 0; /* use the libsmi to translate OIDs */ int Sflag; /* print raw TCP sequence numbers */ int tflag = 1; /* print packet arrival time */ int vflag; /* verbose */ int xflag; /* print packet in hex */ -int Xflag; /* print packet in emacs-hexl style */ +int Xflag; /* print packet in ascii as well as hex */ + +char *ahsecret = NULL; /* AH secret key */ +char *espsecret = NULL; /* ESP secret key */ int packettype; @@ -95,6 +108,12 @@ struct printer { static struct printer printers[] = { { ether_if_print, DLT_EN10MB }, { token_if_print, DLT_IEEE802 }, +#ifdef DLT_LANE8023 + { lane_if_print, DLT_LANE8023 }, +#endif +#ifdef DLT_CIP + { cip_if_print, DLT_CIP }, +#endif { sl_if_print, DLT_SLIP }, { sl_bsdos_if_print, DLT_SLIP_BSDOS }, { ppp_if_print, DLT_PPP }, @@ -103,6 +122,9 @@ static struct printer printers[] = { { null_if_print, DLT_NULL }, { raw_if_print, DLT_RAW }, { atm_if_print, DLT_ATM_RFC1483 }, +#ifdef DLT_CHDLC + { chdlc_if_print, DLT_CHDLC }, +#endif { NULL, 0 }, }; @@ -150,15 +172,28 @@ main(int argc, char **argv) if (abort_on_misalignment(ebuf) < 0) error("%s", ebuf); +#ifdef LIBSMI + smiInit("tcpdump"); +#endif + opterr = 0; while ( - (op = getopt(argc, argv, "ac:defF:i:lnNOpqr:s:StT:vw:xXY")) != EOF) + (op = getopt(argc, argv, "ac:deE:fF:i:lnNm:Opqr:Rs:StT:vw:xXY")) != EOF) switch (op) { case 'a': ++aflag; break; +#if 0 + case 'A': +#ifndef CRYPTO + warning("crypto code not compiled in"); +#endif + ahsecret = optarg; + break; +#endif + case 'c': cnt = atoi(optarg); if (cnt <= 0) @@ -173,6 +208,13 @@ main(int argc, char **argv) ++eflag; break; + case 'E': +#ifndef CRYPTO + warning("crypto code not compiled in"); +#endif + espsecret = optarg; + break; + case 'f': ++fflag; break; @@ -201,6 +243,18 @@ main(int argc, char **argv) ++Nflag; break; + case 'm': +#ifdef LIBSMI + if (smiLoadModule(optarg) == 0) { + error("could not load MIB module %s", optarg); + } + sflag = 1; +#else + (void)fprintf(stderr, "%s: ignoring option `-m %s' ", + program_name, optarg); + (void)fprintf(stderr, "(no libsmi support)\n"); +#endif + case 'O': Oflag = 0; break; @@ -217,6 +271,10 @@ main(int argc, char **argv) RFileName = optarg; break; + case 'R': + Rflag = 0; + break; + case 's': snaplen = atoi(optarg); if (snaplen <= 0) @@ -242,6 +300,8 @@ main(int argc, char **argv) packettype = PT_RTP; else if (strcasecmp(optarg, "rtcp") == 0) packettype = PT_RTCP; + else if (strcasecmp(optarg, "snmp") == 0) + packettype = PT_SNMP; else error("unknown packet type `%s'", optarg); break; @@ -253,6 +313,16 @@ main(int argc, char **argv) case 'w': WFileName = optarg; break; + + case 'x': + ++xflag; + break; + + case 'X': + ++xflag; + ++Xflag; + break; + #ifdef YYDEBUG case 'Y': { @@ -262,15 +332,6 @@ main(int argc, char **argv) } break; #endif - case 'x': - ++xflag; - break; - - case 'X': - ++Xflag; - if (xflag == 0) ++xflag; - break; - default: usage(); /* NOTREACHED */ @@ -446,61 +507,31 @@ default_print_unaligned(register const u_char *cp, register u_int length) register int nshorts; if (Xflag) { - /* dump the buffer in `emacs-hexl' style */ - default_print_hexl(cp, length, 0); - } else { - /* dump the buffer in old tcpdump style */ - nshorts = (u_int) length / sizeof(u_short); - i = 0; - while (--nshorts >= 0) { - if ((i++ % 8) == 0) - (void)printf("\n\t\t\t"); - s = *cp++; - (void)printf(" %02x%02x", s, *cp++); - } - if (length & 1) { - if ((i % 8) == 0) - (void)printf("\n\t\t\t"); - (void)printf(" %02x", *cp); - } + ascii_print(cp, length); + return; + } + nshorts = (u_int) length / sizeof(u_short); + i = 0; + while (--nshorts >= 0) { + if ((i++ % 8) == 0) + (void)printf("\n\t\t\t"); + s = *cp++; + (void)printf(" %02x%02x", s, *cp++); + } + if (length & 1) { + if ((i % 8) == 0) + (void)printf("\n\t\t\t"); + (void)printf(" %02x", *cp); } } /* * By default, print the packet out in hex. - * - * (BTW, please don't send us patches to print the packet out in ascii) */ void default_print(register const u_char *bp, register u_int length) { - register const u_short *sp; - register u_int i; - register int nshorts; - - if (Xflag) { - /* dump the buffer in `emacs-hexl' style */ - default_print_hexl(bp, length, 0); - } else { - /* dump the buffer in old tcpdump style */ - if ((long)bp & 1) { - default_print_unaligned(bp, length); - return; - } - sp = (u_short *)bp; - nshorts = (u_int) length / sizeof(u_short); - i = 0; - while (--nshorts >= 0) { - if ((i++ % 8) == 0) - (void)printf("\n\t\t\t"); - (void)printf(" %04x", ntohs(*sp++)); - } - if (length & 1) { - if ((i % 8) == 0) - (void)printf("\n\t\t\t"); - (void)printf(" %02x", *(u_char *)sp); - } - } + default_print_unaligned(bp, length); } __dead void |