2001-09-10 03:30:22 +08:00
|
|
|
/*
|
|
|
|
* Decode and print Zephyr packets.
|
|
|
|
*
|
2005-04-21 14:51:11 +08:00
|
|
|
* http://web.mit.edu/zephyr/doc/protocol
|
|
|
|
*
|
2001-09-10 03:30:22 +08:00
|
|
|
* Copyright (c) 2001 Nickolai Zeldovich <kolya@MIT.EDU>
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that: (1) source code
|
|
|
|
* distributions retain the above copyright notice and this paragraph
|
|
|
|
* in its entirety, and (2) distributions including binary code include
|
|
|
|
* the above copyright notice and this paragraph in its entirety in
|
|
|
|
* the documentation or other materials provided with the distribution.
|
|
|
|
* The name of the author(s) may not be used to endorse or promote
|
|
|
|
* products derived from this software without specific prior written
|
|
|
|
* permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY
|
|
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE.
|
|
|
|
*/
|
|
|
|
|
2003-11-16 17:36:07 +08:00
|
|
|
#ifndef lint
|
|
|
|
static const char rcsid[] _U_ =
|
2007-08-10 02:47:27 +08:00
|
|
|
"@(#) $Header: /tcpdump/master/tcpdump/print-zephyr.c,v 1.10 2007-08-09 18:47:27 hannes Exp $";
|
2003-11-16 17:36:07 +08:00
|
|
|
#endif
|
2001-09-11 10:37:12 +08:00
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2002-08-01 16:52:55 +08:00
|
|
|
#include <tcpdump-stdinc.h>
|
|
|
|
|
2001-09-10 03:30:22 +08:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
#include "interface.h"
|
|
|
|
|
|
|
|
struct z_packet {
|
|
|
|
char *version;
|
|
|
|
int numfields;
|
|
|
|
int kind;
|
|
|
|
char *uid;
|
|
|
|
int port;
|
|
|
|
int auth;
|
|
|
|
int authlen;
|
|
|
|
char *authdata;
|
|
|
|
char *class;
|
|
|
|
char *inst;
|
|
|
|
char *opcode;
|
|
|
|
char *sender;
|
Add a few more GCC warnings on GCC >= 2 for ".devel" builds.
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
2002-09-05 08:00:07 +08:00
|
|
|
const char *recipient;
|
2001-09-10 03:30:22 +08:00
|
|
|
char *format;
|
|
|
|
int cksum;
|
|
|
|
int multi;
|
|
|
|
char *multi_uid;
|
|
|
|
/* Other fields follow here.. */
|
|
|
|
};
|
|
|
|
|
2002-03-05 19:33:25 +08:00
|
|
|
enum z_packet_type {
|
2001-09-10 03:30:22 +08:00
|
|
|
Z_PACKET_UNSAFE = 0,
|
|
|
|
Z_PACKET_UNACKED,
|
|
|
|
Z_PACKET_ACKED,
|
|
|
|
Z_PACKET_HMACK,
|
|
|
|
Z_PACKET_HMCTL,
|
|
|
|
Z_PACKET_SERVACK,
|
|
|
|
Z_PACKET_SERVNAK,
|
|
|
|
Z_PACKET_CLIENTACK,
|
|
|
|
Z_PACKET_STAT
|
2002-03-05 19:33:25 +08:00
|
|
|
};
|
2001-09-10 03:30:22 +08:00
|
|
|
|
2013-09-25 00:46:24 +08:00
|
|
|
static const struct tok z_types[] = {
|
2001-09-10 03:30:22 +08:00
|
|
|
{ Z_PACKET_UNSAFE, "unsafe" },
|
|
|
|
{ Z_PACKET_UNACKED, "unacked" },
|
|
|
|
{ Z_PACKET_ACKED, "acked" },
|
|
|
|
{ Z_PACKET_HMACK, "hm-ack" },
|
|
|
|
{ Z_PACKET_HMCTL, "hm-ctl" },
|
|
|
|
{ Z_PACKET_SERVACK, "serv-ack" },
|
|
|
|
{ Z_PACKET_SERVNAK, "serv-nak" },
|
|
|
|
{ Z_PACKET_CLIENTACK, "client-ack" },
|
|
|
|
{ Z_PACKET_STAT, "stat" }
|
|
|
|
};
|
|
|
|
|
|
|
|
char z_buf[256];
|
|
|
|
|
|
|
|
static char *
|
|
|
|
parse_field(char **pptr, int *len)
|
|
|
|
{
|
|
|
|
char *s;
|
|
|
|
|
|
|
|
if (*len <= 0 || !pptr || !*pptr)
|
|
|
|
return NULL;
|
|
|
|
if (*pptr > (char *) snapend)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
s = *pptr;
|
|
|
|
while (*pptr <= (char *) snapend && *len >= 0 && **pptr) {
|
|
|
|
(*pptr)++;
|
|
|
|
(*len)--;
|
|
|
|
}
|
|
|
|
(*pptr)++;
|
|
|
|
(*len)--;
|
|
|
|
if (*len < 0 || *pptr > (char *) snapend)
|
|
|
|
return NULL;
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const char *
|
Add a few more GCC warnings on GCC >= 2 for ".devel" builds.
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
2002-09-05 08:00:07 +08:00
|
|
|
z_triple(char *class, char *inst, const char *recipient)
|
2001-09-10 03:30:22 +08:00
|
|
|
{
|
|
|
|
if (!*recipient)
|
|
|
|
recipient = "*";
|
|
|
|
snprintf(z_buf, sizeof(z_buf), "<%s,%s,%s>", class, inst, recipient);
|
|
|
|
z_buf[sizeof(z_buf)-1] = '\0';
|
|
|
|
return z_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const char *
|
|
|
|
str_to_lower(char *string)
|
|
|
|
{
|
|
|
|
strncpy(z_buf, string, sizeof(z_buf));
|
|
|
|
z_buf[sizeof(z_buf)-1] = '\0';
|
|
|
|
|
|
|
|
string = z_buf;
|
|
|
|
while (*string) {
|
2002-04-28 07:39:25 +08:00
|
|
|
*string = tolower((unsigned char)(*string));
|
2001-09-10 03:30:22 +08:00
|
|
|
string++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return z_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
zephyr_print(const u_char *cp, int length)
|
|
|
|
{
|
|
|
|
struct z_packet z;
|
|
|
|
char *parse = (char *) cp;
|
|
|
|
int parselen = length;
|
|
|
|
char *s;
|
|
|
|
int lose = 0;
|
|
|
|
|
2007-08-10 02:47:27 +08:00
|
|
|
/* squelch compiler warnings */
|
|
|
|
|
|
|
|
z.kind = 0;
|
|
|
|
z.class = 0;
|
|
|
|
z.inst = 0;
|
|
|
|
z.opcode = 0;
|
|
|
|
z.sender = 0;
|
|
|
|
z.recipient = 0;
|
|
|
|
|
2001-09-10 03:30:22 +08:00
|
|
|
#define PARSE_STRING \
|
|
|
|
s = parse_field(&parse, &parselen); \
|
|
|
|
if (!s) lose = 1;
|
|
|
|
|
|
|
|
#define PARSE_FIELD_INT(field) \
|
|
|
|
PARSE_STRING \
|
|
|
|
if (!lose) field = strtol(s, 0, 16);
|
|
|
|
|
|
|
|
#define PARSE_FIELD_STR(field) \
|
|
|
|
PARSE_STRING \
|
|
|
|
if (!lose) field = s;
|
|
|
|
|
|
|
|
PARSE_FIELD_STR(z.version);
|
|
|
|
if (lose) return;
|
|
|
|
if (strncmp(z.version, "ZEPH", 4))
|
|
|
|
return;
|
|
|
|
|
|
|
|
PARSE_FIELD_INT(z.numfields);
|
|
|
|
PARSE_FIELD_INT(z.kind);
|
|
|
|
PARSE_FIELD_STR(z.uid);
|
|
|
|
PARSE_FIELD_INT(z.port);
|
|
|
|
PARSE_FIELD_INT(z.auth);
|
|
|
|
PARSE_FIELD_INT(z.authlen);
|
|
|
|
PARSE_FIELD_STR(z.authdata);
|
|
|
|
PARSE_FIELD_STR(z.class);
|
|
|
|
PARSE_FIELD_STR(z.inst);
|
|
|
|
PARSE_FIELD_STR(z.opcode);
|
|
|
|
PARSE_FIELD_STR(z.sender);
|
|
|
|
PARSE_FIELD_STR(z.recipient);
|
|
|
|
PARSE_FIELD_STR(z.format);
|
|
|
|
PARSE_FIELD_INT(z.cksum);
|
|
|
|
PARSE_FIELD_INT(z.multi);
|
|
|
|
PARSE_FIELD_STR(z.multi_uid);
|
|
|
|
|
|
|
|
if (lose) {
|
|
|
|
printf(" [|zephyr] (%d)", length);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
printf(" zephyr");
|
|
|
|
if (strncmp(z.version+4, "0.2", 3)) {
|
|
|
|
printf(" v%s", z.version+4);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
printf(" %s", tok2str(z_types, "type %d", z.kind));
|
|
|
|
if (z.kind == Z_PACKET_SERVACK) {
|
|
|
|
/* Initialization to silence warnings */
|
|
|
|
char *ackdata = NULL;
|
|
|
|
PARSE_FIELD_STR(ackdata);
|
|
|
|
if (!lose && strcmp(ackdata, "SENT"))
|
|
|
|
printf("/%s", str_to_lower(ackdata));
|
|
|
|
}
|
|
|
|
if (*z.sender) printf(" %s", z.sender);
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "USER_LOCATE")) {
|
|
|
|
if (!strcmp(z.opcode, "USER_HIDE"))
|
|
|
|
printf(" hide");
|
|
|
|
else if (!strcmp(z.opcode, "USER_UNHIDE"))
|
|
|
|
printf(" unhide");
|
|
|
|
else
|
|
|
|
printf(" locate %s", z.inst);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "ZEPHYR_ADMIN")) {
|
|
|
|
printf(" zephyr-admin %s", str_to_lower(z.opcode));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "ZEPHYR_CTL")) {
|
|
|
|
if (!strcmp(z.inst, "CLIENT")) {
|
|
|
|
if (!strcmp(z.opcode, "SUBSCRIBE") ||
|
|
|
|
!strcmp(z.opcode, "SUBSCRIBE_NODEFS") ||
|
|
|
|
!strcmp(z.opcode, "UNSUBSCRIBE")) {
|
|
|
|
|
|
|
|
printf(" %ssub%s", strcmp(z.opcode, "SUBSCRIBE") ? "un" : "",
|
|
|
|
strcmp(z.opcode, "SUBSCRIBE_NODEFS") ? "" :
|
|
|
|
"-nodefs");
|
|
|
|
if (z.kind != Z_PACKET_SERVACK) {
|
|
|
|
/* Initialization to silence warnings */
|
|
|
|
char *c = NULL, *i = NULL, *r = NULL;
|
|
|
|
PARSE_FIELD_STR(c);
|
|
|
|
PARSE_FIELD_STR(i);
|
|
|
|
PARSE_FIELD_STR(r);
|
|
|
|
if (!lose) printf(" %s", z_triple(c, i, r));
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.opcode, "GIMME")) {
|
|
|
|
printf(" ret");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.opcode, "GIMMEDEFS")) {
|
|
|
|
printf(" gimme-defs");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.opcode, "CLEARSUB")) {
|
|
|
|
printf(" clear-subs");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
printf(" %s", str_to_lower(z.opcode));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.inst, "HM")) {
|
|
|
|
printf(" %s", str_to_lower(z.opcode));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.inst, "REALM")) {
|
|
|
|
if (!strcmp(z.opcode, "ADD_SUBSCRIBE"))
|
|
|
|
printf(" realm add-subs");
|
|
|
|
if (!strcmp(z.opcode, "REQ_SUBSCRIBE"))
|
|
|
|
printf(" realm req-subs");
|
|
|
|
if (!strcmp(z.opcode, "RLM_SUBSCRIBE"))
|
|
|
|
printf(" realm rlm-sub");
|
|
|
|
if (!strcmp(z.opcode, "RLM_UNSUBSCRIBE"))
|
|
|
|
printf(" realm rlm-unsub");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "HM_CTL")) {
|
|
|
|
printf(" hm_ctl %s", str_to_lower(z.inst));
|
|
|
|
printf(" %s", str_to_lower(z.opcode));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "HM_STAT")) {
|
|
|
|
if (!strcmp(z.inst, "HMST_CLIENT") && !strcmp(z.opcode, "GIMMESTATS")) {
|
|
|
|
printf(" get-client-stats");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "WG_CTL")) {
|
|
|
|
printf(" wg_ctl %s", str_to_lower(z.inst));
|
|
|
|
printf(" %s", str_to_lower(z.opcode));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.class, "LOGIN")) {
|
|
|
|
if (!strcmp(z.opcode, "USER_FLUSH")) {
|
|
|
|
printf(" flush_locs");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(z.opcode, "NONE") ||
|
|
|
|
!strcmp(z.opcode, "OPSTAFF") ||
|
|
|
|
!strcmp(z.opcode, "REALM-VISIBLE") ||
|
|
|
|
!strcmp(z.opcode, "REALM-ANNOUNCED") ||
|
|
|
|
!strcmp(z.opcode, "NET-VISIBLE") ||
|
|
|
|
!strcmp(z.opcode, "NET-ANNOUNCED")) {
|
|
|
|
printf(" set-exposure %s", str_to_lower(z.opcode));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!*z.recipient)
|
|
|
|
z.recipient = "*";
|
|
|
|
|
|
|
|
printf(" to %s", z_triple(z.class, z.inst, z.recipient));
|
|
|
|
if (*z.opcode)
|
|
|
|
printf(" op %s", z.opcode);
|
|
|
|
return;
|
|
|
|
}
|