nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21  
22 #define NETDISSECT_REWORKED
23 #ifdef HAVE_CONFIG_H
24 #include "config.h"
25 #endif
26  
27 #include <tcpdump-stdinc.h>
28  
29 #include "interface.h"
30 #include "addrtoname.h"
31 #include "ethertype.h"
32 #include "extract.h"
33  
34 #include "ether.h"
35  
36 /*
37 * For captures on Linux cooked sockets, we construct a fake header
38 * that includes:
39 *
40 * a 2-byte "packet type" which is one of:
41 *
42 * LINUX_SLL_HOST packet was sent to us
43 * LINUX_SLL_BROADCAST packet was broadcast
44 * LINUX_SLL_MULTICAST packet was multicast
45 * LINUX_SLL_OTHERHOST packet was sent to somebody else
46 * LINUX_SLL_OUTGOING packet was sent *by* us;
47 *
48 * a 2-byte Ethernet protocol field;
49 *
50 * a 2-byte link-layer type;
51 *
52 * a 2-byte link-layer address length;
53 *
54 * an 8-byte source link-layer address, whose actual length is
55 * specified by the previous value.
56 *
57 * All fields except for the link-layer address are in network byte order.
58 *
59 * DO NOT change the layout of this structure, or change any of the
60 * LINUX_SLL_ values below. If you must change the link-layer header
61 * for a "cooked" Linux capture, introduce a new DLT_ type (ask
62 * "tcpdump-workers@lists.tcpdump.org" for one, so that you don't give it
63 * a value that collides with a value already being used), and use the
64 * new header in captures of that type, so that programs that can
65 * handle DLT_LINUX_SLL captures will continue to handle them correctly
66 * without any change, and so that capture files with different headers
67 * can be told apart and programs that read them can dissect the
68 * packets in them.
69 *
70 * This structure, and the #defines below, must be the same in the
71 * libpcap and tcpdump versions of "sll.h".
72 */
73  
74 /*
75 * A DLT_LINUX_SLL fake link-layer header.
76 */
77 #define SLL_HDR_LEN 16 /* total header length */
78 #define SLL_ADDRLEN 8 /* length of address field */
79  
80 struct sll_header {
81 uint16_t sll_pkttype; /* packet type */
82 uint16_t sll_hatype; /* link-layer address type */
83 uint16_t sll_halen; /* link-layer address length */
84 uint8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */
85 uint16_t sll_protocol; /* protocol */
86 };
87  
88 /*
89 * The LINUX_SLL_ values for "sll_pkttype"; these correspond to the
90 * PACKET_ values on Linux, but are defined here so that they're
91 * available even on systems other than Linux, and so that they
92 * don't change even if the PACKET_ values change.
93 */
94 #define LINUX_SLL_HOST 0
95 #define LINUX_SLL_BROADCAST 1
96 #define LINUX_SLL_MULTICAST 2
97 #define LINUX_SLL_OTHERHOST 3
98 #define LINUX_SLL_OUTGOING 4
99  
100 /*
101 * The LINUX_SLL_ values for "sll_protocol"; these correspond to the
102 * ETH_P_ values on Linux, but are defined here so that they're
103 * available even on systems other than Linux. We assume, for now,
104 * that the ETH_P_ values won't change in Linux; if they do, then:
105 *
106 * if we don't translate them in "pcap-linux.c", capture files
107 * won't necessarily be readable if captured on a system that
108 * defines ETH_P_ values that don't match these values;
109 *
110 * if we do translate them in "pcap-linux.c", that makes life
111 * unpleasant for the BPF code generator, as the values you test
112 * for in the kernel aren't the values that you test for when
113 * reading a capture file, so the fixup code run on BPF programs
114 * handed to the kernel ends up having to do more work.
115 *
116 * Add other values here as necessary, for handling packet types that
117 * might show up on non-Ethernet, non-802.x networks. (Not all the ones
118 * in the Linux "if_ether.h" will, I suspect, actually show up in
119 * captures.)
120 */
121 #define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */
122 #define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */
123  
124 static const struct tok sll_pkttype_values[] = {
125 { LINUX_SLL_HOST, "In" },
126 { LINUX_SLL_BROADCAST, "B" },
127 { LINUX_SLL_MULTICAST, "M" },
128 { LINUX_SLL_OTHERHOST, "P" },
129 { LINUX_SLL_OUTGOING, "Out" },
130 { 0, NULL}
131 };
132  
133 static inline void
134 sll_print(netdissect_options *ndo, register const struct sll_header *sllp, u_int length)
135 {
136 u_short ether_type;
137  
138 ND_PRINT((ndo, "%3s ",tok2str(sll_pkttype_values,"?",EXTRACT_16BITS(&sllp->sll_pkttype))));
139  
140 /*
141 * XXX - check the link-layer address type value?
142 * For now, we just assume 6 means Ethernet.
143 * XXX - print others as strings of hex?
144 */
145 if (EXTRACT_16BITS(&sllp->sll_halen) == 6)
146 ND_PRINT((ndo, "%s ", etheraddr_string(ndo, sllp->sll_addr)));
147  
148 if (!ndo->ndo_qflag) {
149 ether_type = EXTRACT_16BITS(&sllp->sll_protocol);
150  
151 if (ether_type <= ETHERMTU) {
152 /*
153 * Not an Ethernet type; what type is it?
154 */
155 switch (ether_type) {
156  
157 case LINUX_SLL_P_802_3:
158 /*
159 * Ethernet_802.3 IPX frame.
160 */
161 ND_PRINT((ndo, "802.3"));
162 break;
163  
164 case LINUX_SLL_P_802_2:
165 /*
166 * 802.2.
167 */
168 ND_PRINT((ndo, "802.2"));
169 break;
170  
171 default:
172 /*
173 * What is it?
174 */
175 ND_PRINT((ndo, "ethertype Unknown (0x%04x)",
176 ether_type));
177 break;
178 }
179 } else {
180 ND_PRINT((ndo, "ethertype %s (0x%04x)",
181 tok2str(ethertype_values, "Unknown", ether_type),
182 ether_type));
183 }
184 ND_PRINT((ndo, ", length %u: ", length));
185 }
186 }
187  
188 /*
189 * This is the top level routine of the printer. 'p' points to the
190 * Linux "cooked capture" header of the packet, 'h->ts' is the timestamp,
191 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
192 * is the number of bytes actually captured.
193 */
194 u_int
195 sll_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p)
196 {
197 u_int caplen = h->caplen;
198 u_int length = h->len;
199 register const struct sll_header *sllp;
200 u_short ether_type;
201 u_short extracted_ethertype;
202  
203 if (caplen < SLL_HDR_LEN) {
204 /*
205 * XXX - this "can't happen" because "pcap-linux.c" always
206 * adds this many bytes of header to every packet in a
207 * cooked socket capture.
208 */
209 ND_PRINT((ndo, "[|sll]"));
210 return (caplen);
211 }
212  
213 sllp = (const struct sll_header *)p;
214  
215 if (ndo->ndo_eflag)
216 sll_print(ndo, sllp, length);
217  
218 /*
219 * Go past the cooked-mode header.
220 */
221 length -= SLL_HDR_LEN;
222 caplen -= SLL_HDR_LEN;
223 p += SLL_HDR_LEN;
224  
225 ether_type = EXTRACT_16BITS(&sllp->sll_protocol);
226  
227 recurse:
228 /*
229 * Is it (gag) an 802.3 encapsulation, or some non-Ethernet
230 * packet type?
231 */
232 if (ether_type <= ETHERMTU) {
233 /*
234 * Yes - what type is it?
235 */
236 switch (ether_type) {
237  
238 case LINUX_SLL_P_802_3:
239 /*
240 * Ethernet_802.3 IPX frame.
241 */
242 ipx_print(ndo, p, length);
243 break;
244  
245 case LINUX_SLL_P_802_2:
246 /*
247 * 802.2.
248 * Try to print the LLC-layer header & higher layers.
249 */
250 if (llc_print(ndo, p, length, caplen, NULL, NULL,
251 &extracted_ethertype) == 0)
252 goto unknown; /* unknown LLC type */
253 break;
254  
255 default:
256 extracted_ethertype = 0;
257 /*FALLTHROUGH*/
258  
259 unknown:
260 /* ether_type not known, print raw packet */
261 if (!ndo->ndo_eflag)
262 sll_print(ndo, sllp, length + SLL_HDR_LEN);
263 if (extracted_ethertype) {
264 ND_PRINT((ndo, "(LLC %s) ",
265 etherproto_string(htons(extracted_ethertype))));
266 }
267 if (!ndo->ndo_suppress_default_print)
268 ND_DEFAULTPRINT(p, caplen);
269 break;
270 }
271 } else if (ether_type == ETHERTYPE_8021Q) {
272 /*
273 * Print VLAN information, and then go back and process
274 * the enclosed type field.
275 */
276 if (caplen < 4 || length < 4) {
277 ND_PRINT((ndo, "[|vlan]"));
278 return (SLL_HDR_LEN);
279 }
280 if (ndo->ndo_eflag) {
281 uint16_t tag = EXTRACT_16BITS(p);
282  
283 ND_PRINT((ndo, "%s, ", ieee8021q_tci_string(tag)));
284 }
285  
286 ether_type = EXTRACT_16BITS(p + 2);
287 if (ether_type <= ETHERMTU)
288 ether_type = LINUX_SLL_P_802_2;
289 if (!ndo->ndo_qflag) {
290 ND_PRINT((ndo, "ethertype %s, ",
291 tok2str(ethertype_values, "Unknown", ether_type)));
292 }
293 p += 4;
294 length -= 4;
295 caplen -= 4;
296 goto recurse;
297 } else {
298 if (ethertype_print(ndo, ether_type, p, length, caplen) == 0) {
299 /* ether_type not known, print raw packet */
300 if (!ndo->ndo_eflag)
301 sll_print(ndo, sllp, length + SLL_HDR_LEN);
302 if (!ndo->ndo_suppress_default_print)
303 ND_DEFAULTPRINT(p, caplen);
304 }
305 }
306  
307 return (SLL_HDR_LEN);
308 }