_null.c

This directory contains source code for tcpdump, a tool for network monitoring and data acquisition

/* 
 * Copyright (c) 1991, 1993, 1994, 1995, 1996
 *      The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that: (1) source code distributions
 * retain the above copyright notice and this paragraph in its entirety, (2)
 * distributions including binary code include the above copyright notice and
 * this paragraph in its entirety in the documentation or other materials
 * provided with the distribution, and (3) all advertising materials mentioning
 * features or use of this software display the following acknowledgement:
 * ``This product includes software developed by the University of California,
 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
 * the University nor the names of its contributors may be used to endorse
 * or promote products derived from this software without specific prior
 * written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#include <stdio.h>
#include <string.h>
#include <time.h>

#include "interfac.h"
#include "a2name.h"
#include "ip.h"
#include "ip6.h"

/*
 * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order
 * 32-bit integer that specifies the family, e.g. AF_INET.
 *
 * Note here that "host" refers to the host on which the packets were
 * captured; that isn't necessarily *this* host.
 *
 * The OpenBSD DLT_LOOP packet header is the same, except that the integer
 * is in network byte order.
 */
#define NULL_HDRLEN  4

/*
 * BSD AF_ values.
 *
 * Unfortunately, the BSDs don't all use the same value for AF_INET6,
 * so, because we want to be able to read captures from all of the BSDs,
 * we check for all of them.
 */
#define BSD_AF_INET           2
#define BSD_AF_NS             6    /* XEROX NS protocols */
#define BSD_AF_ISO            7
#define BSD_AF_APPLETALK      16
#define BSD_AF_IPX            23
#define BSD_AF_INET6_BSD      24   /* OpenBSD (and probably NetBSD), BSD/OS */
#define BSD_AF_INET6_FREEBSD  28
#define BSD_AF_INET6_DARWIN   30


static void null_print (u_int family, u_int length)
{
  if (nflag)
     PRINTF ("AF %u ", family);

  else switch (family)
  {
    case BSD_AF_INET:
         PUTS ("ip: ");
         break;

    case BSD_AF_INET6_BSD:
    case BSD_AF_INET6_FREEBSD:
    case BSD_AF_INET6_DARWIN:
         PUTS ("ipv6: ");
         break;

    case BSD_AF_NS:
         PUTS ("ns: ");
         break;

    case BSD_AF_ISO:
         PRINTF ("osi ");
         break;

    case BSD_AF_APPLETALK:
         PRINTF ("atalk ");
         break;

    case BSD_AF_IPX:
         PRINTF ("ipx ");
         break;

    default:
         PRINTF ("AF %d: ", family);
         break;
  }
  PRINTF ("%u: ", length);
}

/*
 * Byte-swap a 32-bit number.
 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
 * big-endian platforms.)
 */
#define SWAPLONG(y) ((((y) & 0x000000ff) << 24) | \
                     (((y) & 0x0000ff00) << 8)  | \
                     (((y) & 0x00ff0000) >> 8)  | \
                     (((y) >> 24) & 0xff))

/*
 * This is the top level routine of the printer.  'p' points
 * to the ether header of the packet, 'h->ts' is the timestamp,
 * 'h->length' is the length of the packet off the wire, and 'h->caplen'
 * is the number of bytes actually captured.
 */
void null_if_print (u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
  u_int length = h->len;
  u_int caplen = h->caplen;
  DWORD family;

  if (caplen < NULL_HDRLEN)
  {
    PRINTF ("[|null]");
    return;
  }
  family = *(DWORD*)p;

  /*
   * This isn't necessarily in our host byte order; if this is
   * a DLT_LOOP capture, it's in network byte order, and if
   * this is a DLT_NULL capture from a machine with the opposite
   * byte-order, it's in the opposite byte order from ours.
   *
   * If the upper 16 bits aren't all zero, assume it's byte-swapped.
   */
  if ((family & 0xFFFF0000) != 0)
     family = SWAPLONG (family);

  length -= NULL_HDRLEN;
  caplen -= NULL_HDRLEN;
  p      += NULL_HDRLEN;

  if (eflag)
     null_print (family, length);

  switch (family)
  {
    case BSD_AF_INET:
         ip_print (p, length);
         break;

#ifdef INET6
    case BSD_AF_INET6_BSD:
    case BSD_AF_INET6_FREEBSD:
    case BSD_AF_INET6_DARWIN:
         ip6_print (p, length);
         break;
#endif

    case BSD_AF_ISO:
         isoclns_print (p, length, caplen, "000000", "000000");
         break;

    case BSD_AF_APPLETALK:
         atalk_print (p, length);
         break;

    case BSD_AF_IPX:
         ipx_print (p, length);
         break;

    default: /* unknown AF_ value */
         if (!eflag)
            null_print (family, length + NULL_HDRLEN);
         if (!xflag && !qflag)
            default_print (p, caplen);
  }
  ARGSUSED (user);
}