1/* 2 * Copyright (c) 1988-1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Copyright (c) 1998-2004 Michael Richardson <mcr@tcpdump.org> 6 * The TCPDUMP project 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that: (1) source code distributions 10 * retain the above copyright notice and this paragraph in its entirety, (2) 11 * distributions including binary code include the above copyright notice and 12 * this paragraph in its entirety in the documentation or other materials 13 * provided with the distribution, and (3) all advertising materials mentioning 14 * features or use of this software display the following acknowledgement: 15 * ``This product includes software developed by the University of California, 16 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 17 * the University nor the names of its contributors may be used to endorse 18 * or promote products derived from this software without specific prior 19 * written permission. 20 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 21 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 22 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 23 * 24 * @(#) $Header: /tcpdump/master/tcpdump/netdissect.h,v 1.27 2008-08-16 11:36:20 hannes Exp $ (LBL) 25 */ 26 27#ifndef netdissect_h 28#define netdissect_h 29 30#ifdef HAVE_OS_PROTO_H 31#include "os-proto.h" 32#endif 33#include <sys/types.h> 34 35#ifndef HAVE___ATTRIBUTE__ 36#define __attribute__(x) 37#endif 38 39/* snprintf et al */ 40 41#include <stdarg.h> 42 43#if !defined(HAVE_SNPRINTF) 44int snprintf (char *str, size_t sz, const char *format, ...) 45 __attribute__ ((format (printf, 3, 4))); 46#endif 47 48#if !defined(HAVE_VSNPRINTF) 49int vsnprintf (char *str, size_t sz, const char *format, va_list ap) 50 __attribute__((format (printf, 3, 0))); 51#endif 52 53#ifndef HAVE_STRLCAT 54extern size_t strlcat (char *, const char *, size_t); 55#endif 56#ifndef HAVE_STRLCPY 57extern size_t strlcpy (char *, const char *, size_t); 58#endif 59 60#ifndef HAVE_STRDUP 61extern char *strdup (const char *str); 62#endif 63 64#ifndef HAVE_STRSEP 65extern char *strsep(char **, const char *); 66#endif 67 68struct tok { 69 int v; /* value */ 70 const char *s; /* string */ 71}; 72 73#define TOKBUFSIZE 128 74extern const char *tok2strbuf(const struct tok *, const char *, int, 75 char *buf, size_t bufsize); 76 77/* tok2str is deprecated */ 78extern const char *tok2str(const struct tok *, const char *, int); 79extern char *bittok2str(const struct tok *, const char *, int); 80extern char *bittok2str_nosep(const struct tok *, const char *, int); 81 82typedef struct netdissect_options netdissect_options; 83 84struct netdissect_options { 85 int ndo_aflag; /* translate network and broadcast addresses */ 86 int ndo_bflag; /* print 4 byte ASes in ASDOT notation */ 87 int ndo_eflag; /* print ethernet header */ 88 int ndo_fflag; /* don't translate "foreign" IP address */ 89#ifdef __APPLE__ 90 int ndo_kflag; /* don't print the libpcap comment field */ 91#endif 92 int ndo_Kflag; /* don't check TCP checksums */ 93 int ndo_nflag; /* leave addresses as numbers */ 94 int ndo_Nflag; /* remove domains from printed host names */ 95 int ndo_qflag; /* quick (shorter) output */ 96 int ndo_Rflag; /* print sequence # field in AH/ESP*/ 97 int ndo_sflag; /* use the libsmi to translate OIDs */ 98 int ndo_Sflag; /* print raw TCP sequence numbers */ 99 int ndo_tflag; /* print packet arrival time */ 100 int ndo_t0flag; /* default time stamp */ 101 int ndo_t1flag; /* no time stamp */ 102 int ndo_t2flag; /* Unix timeval style */ 103 int ndo_t3flag; /* Microseconds since previous packet */ 104 int ndo_t4flag; /* Default time stamp + Date */ 105 int ndo_t5flag; /* Microseconds since first packet */ 106 int ndo_Uflag; /* "unbuffered" output of dump files */ 107 int ndo_uflag; /* Print undecoded NFS handles */ 108 int ndo_Vflag; /* Print packet number */ 109 int ndo_vflag; /* verbose */ 110 int ndo_xflag; /* print packet in hex */ 111 int ndo_Xflag; /* print packet in hex/ascii */ 112 int ndo_Aflag; /* print packet only in ascii observing TAB, 113 * LF, CR and SPACE as graphical chars 114 */ 115 int ndo_Bflag; /* buffer size */ 116 int ndo_Iflag; /* rfmon (monitor) mode */ 117 int ndo_Oflag; /* run filter code optimizer */ 118 int ndo_dlt; /* if != -1, ask libpcap for the DLT it names*/ 119 int ndo_jflag; /* packet time stamp source */ 120#ifdef __APPLE__ 121 int ndo_Pflag; /* pcap-ng file format */ 122#endif 123 int ndo_pflag; /* don't go promiscuous */ 124 125 int ndo_Cflag; /* rotate dump files after this many bytes */ 126 int ndo_Cflag_count; /* Keep track of which file number we're writing */ 127#ifdef __APPLE__ 128 int ndo_gflag; /* no line break in verbose mode for easier grepping */ 129#endif 130 int ndo_Gflag; /* rotate dump files after this many seconds */ 131 int ndo_Gflag_count; /* number of files created with Gflag rotation */ 132 time_t ndo_Gflag_time; /* The last time_t the dump file was rotated. */ 133 int ndo_Wflag; /* recycle output files after this number of files */ 134 int ndo_WflagChars; 135 int ndo_Hflag; /* dissect 802.11s draft mesh standard */ 136 int ndo_suppress_default_print; /* don't use default_print() for unknown packet types */ 137 const char *ndo_dltname; 138 139 char *ndo_espsecret; 140 struct sa_list *ndo_sa_list_head; /* used by print-esp.c */ 141 struct sa_list *ndo_sa_default; 142 143 char *ndo_sigsecret; /* Signature verification secret key */ 144 145 struct esp_algorithm *ndo_espsecret_xform; /* cache of decoded */ 146 char *ndo_espsecret_key; 147 148 int ndo_packettype; /* as specified by -T */ 149 150 char *ndo_program_name; /*used to generate self-identifying messages */ 151 152 int32_t ndo_thiszone; /* seconds offset from gmt to local time */ 153 154 int ndo_snaplen; 155 156 void *ndo_pcap; /* For data captured in host byte order (e.g. PCAP-NG) */ 157 158 /*global pointers to beginning and end of current packet (during printing) */ 159 const u_char *ndo_packetp; 160 const u_char *ndo_snapend; 161 162 /* bookkeeping for ^T output */ 163 int ndo_infodelay; 164 165 /* pointer to void function to output stuff */ 166 void (*ndo_default_print)(netdissect_options *, 167 register const u_char *bp, register u_int length); 168 void (*ndo_info)(netdissect_options *, int verbose); 169 170 int (*ndo_printf)(netdissect_options *, 171 const char *fmt, ...) 172#ifdef __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS 173 __attribute__ ((format (printf, 2, 3))) 174#endif 175 ; 176 void (*ndo_error)(netdissect_options *, 177 const char *fmt, ...) 178#ifdef __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS 179 __attribute__ ((noreturn, format (printf, 2, 3))) 180#endif 181 ; 182 void (*ndo_warning)(netdissect_options *, 183 const char *fmt, ...) 184#ifdef __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS 185 __attribute__ ((format (printf, 2, 3))) 186#endif 187 ; 188}; 189 190#define PT_VAT 1 /* Visual Audio Tool */ 191#define PT_WB 2 /* distributed White Board */ 192#define PT_RPC 3 /* Remote Procedure Call */ 193#define PT_RTP 4 /* Real-Time Applications protocol */ 194#define PT_RTCP 5 /* Real-Time Applications control protocol */ 195#define PT_SNMP 6 /* Simple Network Management Protocol */ 196#define PT_CNFP 7 /* Cisco NetFlow protocol */ 197 198#ifndef min 199#define min(a,b) ((a)>(b)?(b):(a)) 200#endif 201#ifndef max 202#define max(a,b) ((b)>(a)?(b):(a)) 203#endif 204 205#ifdef __APPLE__ 206/* 207 * Values of ndo_flags that control printing of packet metadata 208 */ 209#define PRMD_NONE 0x0000 210#define PRMD_IF 0x0001 211#define PRMD_PNAME 0x0002 212#define PRMD_PID 0x0004 213#define PRMD_SVC 0x0008 214#define PRMD_DIR 0x0010 215#define PRMD_COMMENT 0x0020 216#define PRMD_ALL 0xffff 217#endif /* __APPLE__ */ 218 219/* 220 * Maximum snapshot length. This should be enough to capture the full 221 * packet on most network interfaces. 222 * 223 * XXX - could it be larger? If so, should it? Some applications might 224 * use the snapshot length in a savefile header to control the size of 225 * the buffer they allocate, so a size of, say, 2^31-1 might not work 226 * well. 227 */ 228#define MAXIMUM_SNAPLEN 65535 229 230/* 231 * The default snapshot length is the maximum. 232 */ 233#define DEFAULT_SNAPLEN MAXIMUM_SNAPLEN 234 235#define ESRC(ep) ((ep)->ether_shost) 236#define EDST(ep) ((ep)->ether_dhost) 237 238#ifndef NTOHL 239#define NTOHL(x) (x) = ntohl(x) 240#define NTOHS(x) (x) = ntohs(x) 241#define HTONL(x) (x) = htonl(x) 242#define HTONS(x) (x) = htons(x) 243#endif 244 245/* 246 * True if "l" bytes of "var" were captured. 247 * 248 * The "ndo->ndo_snapend - (l) <= ndo->ndo_snapend" checks to make sure 249 * "l" isn't so large that "ndo->ndo_snapend - (l)" underflows. 250 * 251 * The check is for <= rather than < because "l" might be 0. 252 */ 253#define ND_TTEST2(var, l) (ndo->ndo_snapend - (l) <= ndo->ndo_snapend && \ 254 (const u_char *)&(var) <= ndo->ndo_snapend - (l)) 255 256/* True if "var" was captured */ 257#define ND_TTEST(var) ND_TTEST2(var, sizeof(var)) 258 259/* Bail if "l" bytes of "var" were not captured */ 260#define ND_TCHECK2(var, l) if (!ND_TTEST2(var, l)) goto trunc 261 262/* Bail if "var" was not captured */ 263#define ND_TCHECK(var) ND_TCHECK2(var, sizeof(var)) 264 265#define ND_PRINT(STUFF) (*ndo->ndo_printf)STUFF 266#define ND_DEFAULTPRINT(ap, length) (*ndo->ndo_default_print)(ndo, ap, length) 267 268#if 0 269extern void ts_print(netdissect_options *ipdo, 270 const struct timeval *); 271extern void relts_print(int); 272#endif 273 274extern int fn_print(const u_char *, const u_char *); 275extern int fn_printn(const u_char *, u_int, const u_char *); 276extern const char *tok2str(const struct tok *, const char *, int); 277 278extern void wrapup(int); 279 280#if 0 281extern char *read_infile(netdissect_options *, char *); 282extern char *copy_argv(netdissect_options *, char **); 283#endif 284 285extern void safeputchar(int); 286extern void safeputs(const char *, int); 287 288#define PLURAL_SUFFIX(n) \ 289 (((n) != 1) ? "s" : "") 290 291#if 0 292extern const char *isonsap_string(netdissect_options *, const u_char *); 293extern const char *protoid_string(netdissect_options *, const u_char *); 294extern const char *dnname_string(netdissect_options *, u_short); 295extern const char *dnnum_string(netdissect_options *, u_short); 296#endif 297 298/* The printer routines. */ 299 300#include <pcap.h> 301 302typedef u_int (*if_ndo_printer)(struct netdissect_options *ndo, 303 const struct pcap_pkthdr *, const u_char *); 304typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *); 305 306extern if_ndo_printer lookup_ndo_printer(int); 307extern if_printer lookup_printer(int); 308 309extern void eap_print(netdissect_options *,const u_char *, u_int); 310extern int esp_print(netdissect_options *, 311 register const u_char *bp, int len, register const u_char *bp2, 312 int *nhdr, int *padlen); 313extern void arp_print(netdissect_options *,const u_char *, u_int, u_int); 314extern void tipc_print(netdissect_options *, const u_char *, u_int, u_int); 315extern void icmp6_print(netdissect_options *ndo, const u_char *, 316 u_int, const u_char *, int); 317extern void isakmp_print(netdissect_options *,const u_char *, 318 u_int, const u_char *); 319extern void isakmp_rfc3948_print(netdissect_options *,const u_char *, 320 u_int, const u_char *); 321extern void ip_print(netdissect_options *,const u_char *, u_int); 322extern void ip_print_inner(netdissect_options *ndo, 323 const u_char *bp, u_int length, u_int nh, 324 const u_char *bp2); 325extern void rrcp_print(netdissect_options *,const u_char *, u_int); 326 327extern void ether_print(netdissect_options *, 328 const u_char *, u_int, u_int, 329 void (*)(netdissect_options *, const u_char *), 330 const u_char *); 331 332extern u_int ether_if_print(netdissect_options *, 333 const struct pcap_pkthdr *,const u_char *); 334extern u_int netanalyzer_if_print(netdissect_options *, 335 const struct pcap_pkthdr *,const u_char *); 336extern u_int netanalyzer_transparent_if_print(netdissect_options *, 337 const struct pcap_pkthdr *, 338 const u_char *); 339extern u_int pktap_if_print(struct netdissect_options *, 340 const struct pcap_pkthdr *, 341 const u_char *); 342extern u_int pcapng_print(struct netdissect_options *, 343 const struct pcap_pkthdr *, 344 const u_char *); 345 346extern int ethertype_print(netdissect_options *,u_short, const u_char *, 347 u_int, u_int); 348 349/* stuff that has not yet been rototiled */ 350#if 0 351extern void ascii_print(netdissect_options *,u_int); 352extern void hex_and_ascii_print_with_offset(netdissect_options *,const char *, 353 u_int, u_int); 354extern void hex_and_ascii_print(netdissect_options *,const char *, u_int); 355extern void hex_print_with_offset(netdissect_options *,const char *, 356 u_int, u_int); 357extern void hex_print(netdissect_options *,const char *, u_int); 358extern void telnet_print(netdissect_options *,const u_char *, u_int); 359extern int llc_print(netdissect_options *, 360 const u_char *, u_int, u_int, const u_char *, 361 const u_char *, u_short *); 362extern void aarp_print(netdissect_options *,const u_char *, u_int); 363extern void atalk_print(netdissect_options *,const u_char *, u_int); 364extern void atm_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 365extern void bootp_print(netdissect_options *,const u_char *, 366 u_int, u_short, u_short); 367extern void bgp_print(netdissect_options *,const u_char *, int); 368extern void bxxp_print(netdissect_options *,const u_char *, u_int); 369extern void chdlc_if_print(u_char *user, const struct pcap_pkthdr *h, 370 register const u_char *p); 371extern void chdlc_print(netdissect_options *ndo, 372 register const u_char *p, u_int length, u_int caplen); 373extern void cisco_autorp_print(netdissect_options *, 374 const u_char *, u_int); 375extern void cnfp_print(netdissect_options *,const u_char *cp, 376 u_int len, const u_char *bp); 377extern void decnet_print(netdissect_options *,const u_char *, 378 u_int, u_int); 379extern void default_print(netdissect_options *,const u_char *, u_int); 380extern void dvmrp_print(netdissect_options *,const u_char *, u_int); 381extern void egp_print(netdissect_options *,const u_char *, u_int, 382 const u_char *); 383 384extern void arcnet_if_print(u_char*,const struct pcap_pkthdr *,const u_char *); 385extern void token_if_print(u_char *,const struct pcap_pkthdr *,const u_char *); 386extern void fddi_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 387 388extern void gre_print(netdissect_options *,const u_char *, u_int); 389extern void icmp_print(netdissect_options *,const u_char *, u_int, 390 const u_char *); 391extern void hsrp_print(netdissect_options *ndo, 392 register const u_char *bp, register u_int len); 393extern void ieee802_11_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 394extern void igmp_print(netdissect_options *, 395 register const u_char *, u_int); 396extern void igrp_print(netdissect_options *,const u_char *, u_int, 397 const u_char *); 398extern int nextproto4_cksum(const struct ip *, const u_int8_t *, u_int, u_int); 399extern void ipN_print(netdissect_options *,const u_char *, u_int); 400extern void ipx_print(netdissect_options *,const u_char *, u_int); 401extern void isoclns_print(netdissect_options *,const u_char *, 402 u_int, u_int, const u_char *, const u_char *); 403extern void krb_print(netdissect_options *,const u_char *, u_int); 404extern void llap_print(netdissect_options *,const u_char *, u_int); 405extern const char *linkaddr_string(netdissect_options *ndo, 406 const u_char *ep, const unsigned int len); 407extern void ltalk_if_print(netdissect_options *ndo, 408 u_char *user, const struct pcap_pkthdr *h, 409 const u_char *p); 410extern void mpls_print(netdissect_options *ndo, 411 const u_char *bp, u_int length); 412extern void msdp_print(netdissect_options *ndo, 413 const unsigned char *sp, u_int length); 414extern void nfsreply_print(netdissect_options *,const u_char *, 415 u_int, const u_char *); 416extern void nfsreq_print(netdissect_options *,const u_char *, 417 u_int, const u_char *); 418extern void ns_print(netdissect_options *,const u_char *, u_int); 419extern void ntp_print(netdissect_options *,const u_char *, u_int); 420extern void null_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 421extern void ospf_print(netdissect_options *,const u_char *, 422 u_int, const u_char *); 423extern void pimv1_print(netdissect_options *,const u_char *, u_int); 424extern void mobile_print(netdissect_options *,const u_char *, u_int); 425extern void pim_print(netdissect_options *,const u_char *, u_int, u_int); 426extern void pppoe_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 427extern void pppoe_print(netdissect_options *,const u_char *, u_int); 428extern void ppp_print(netdissect_options *, 429 register const u_char *, u_int); 430 431extern void ppp_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 432extern void ppp_hdlc_if_print(u_char *, 433 const struct pcap_pkthdr *, const u_char *); 434extern void ppp_bsdos_if_print(u_char *, 435 const struct pcap_pkthdr *, const u_char *); 436 437extern int vjc_print(netdissect_options *,register const char *, 438 register u_int, u_short); 439 440extern void raw_if_print(u_char *, 441 const struct pcap_pkthdr *, const u_char *); 442 443extern void rip_print(netdissect_options *,const u_char *, u_int); 444extern void rpki_rtr_print(netdissect_options *,const u_char *, u_int); 445 446extern void sctp_print(netdissect_options *ndo, 447 const u_char *bp, const u_char *bp2, 448 u_int sctpPacketLength); 449 450extern void sl_if_print(u_char *,const struct pcap_pkthdr *, const u_char *); 451 452extern void lane_if_print(u_char *,const struct pcap_pkthdr *,const u_char *); 453extern void cip_if_print(u_char *,const struct pcap_pkthdr *,const u_char *); 454extern void sl_bsdos_if_print(u_char *, 455 const struct pcap_pkthdr *, const u_char *); 456extern void sll_if_print(u_char *, 457 const struct pcap_pkthdr *, const u_char *); 458 459extern void snmp_print(netdissect_options *,const u_char *, u_int); 460extern void sunrpcrequest_print(netdissect_options *,const u_char *, 461 u_int, const u_char *); 462extern void tcp_print(netdissect_options *,const u_char *, u_int, 463 const u_char *, int); 464extern void tftp_print(netdissect_options *,const u_char *, u_int); 465extern void timed_print(netdissect_options *,const u_char *, u_int); 466extern void udp_print(netdissect_options *,const u_char *, u_int, 467 const u_char *, int); 468extern void wb_print(netdissect_options *,const void *, u_int); 469extern int ah_print(netdissect_options *,register const u_char *, 470 register const u_char *); 471extern void esp_print_decodesecret(netdissect_options *ndo); 472extern int ipcomp_print(netdissect_options *,register const u_char *, 473 register const u_char *, int *); 474extern void rx_print(netdissect_options *,register const u_char *, 475 int, int, int, u_char *); 476extern void netbeui_print(netdissect_options *,u_short, 477 const u_char *, int); 478extern void ipx_netbios_print(netdissect_options *,const u_char *, u_int); 479extern void nbt_tcp_print(netdissect_options *,const u_char *, int); 480extern void nbt_udp137_print(netdissect_options *, 481 const u_char *data, int); 482extern void nbt_udp138_print(netdissect_options *, 483 const u_char *data, int); 484extern char *smb_errstr(netdissect_options *,int, int); 485extern const char *nt_errstr(netdissect_options *, u_int32_t); 486extern void print_data(netdissect_options *,const unsigned char *, int); 487extern void l2tp_print(netdissect_options *,const u_char *, u_int); 488extern void lcp_print(netdissect_options *,const u_char *, u_int); 489extern void vrrp_print(netdissect_options *,const u_char *bp, 490 u_int len, int ttl); 491extern void carp_print(netdissect_options *,const u_char *bp, 492 u_int len, int ttl); 493extern void cdp_print(netdissect_options *,const u_char *, 494 u_int, u_int, const u_char *, const u_char *); 495extern void stp_print(netdissect_options *,const u_char *p, u_int length); 496extern void radius_print(netdissect_options *,const u_char *, u_int); 497extern void lwres_print(netdissect_options *,const u_char *, u_int); 498extern void pptp_print(netdissect_options *,const u_char *, u_int); 499#endif 500 501extern u_int ipnet_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *); 502extern u_int ppi_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *); 503 504extern u_int ieee802_15_4_if_print(netdissect_options *,const struct pcap_pkthdr *, const u_char *); 505 506#ifdef INET6 507extern void ip6_print(netdissect_options *,const u_char *, u_int); 508#if 0 509extern void ip6_opt_print(netdissect_options *,const u_char *, int); 510extern int nextproto6_cksum(const struct ip6_hdr *, const u_int8_t *, u_int, u_int); 511extern int hbhopt_print(netdissect_options *,const u_char *); 512extern int dstopt_print(netdissect_options *,const u_char *); 513extern int frag6_print(netdissect_options *,const u_char *, 514 const u_char *); 515extern void icmp6_print(netdissect_options *,const u_char *, 516 const u_char *); 517extern void ripng_print(netdissect_options *,const u_char *, int); 518extern int rt6_print(netdissect_options *,const u_char *, const u_char *); 519extern void ospf6_print(netdissect_options *,const u_char *, u_int); 520extern void dhcp6_print(netdissect_options *,const u_char *, 521 u_int, u_int16_t, u_int16_t); 522 523extern void zephyr_print(netdissect_options * ndo, 524 const u_char *cp, int length); 525#endif /* 0 */ 526 527#endif /*INET6*/ 528 529#if 0 530struct cksum_vec { 531 const u_int8_t *ptr; 532 int len; 533}; 534extern u_int16_t in_cksum(const struct cksum_vec *, int); 535extern u_int16_t in_cksum_shouldbe(u_int16_t, u_int16_t); 536#endif 537 538extern void esp_print_decodesecret(netdissect_options *ndo); 539extern int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, 540 int initiator, 541 u_char spii[8], u_char spir[8], 542 u_char *buf, u_char *end); 543 544 545#endif /* netdissect_h */ 546