mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-12-03 23:13:36 +08:00
b83e04bd09
"Text protocols" are protocols that have the general feel of FTP, with command lines with a command name and space-separated arguments and response lines beginning with a 3-digit reply code. They can also include HTTP-style headers and an entity body. We add support for the FTP control channel, HTTP, SMTP, and RTSP. We also change the SIP printer to use it.
890 lines
21 KiB
C
890 lines
21 KiB
C
/*
|
|
* Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that: (1) source code distributions
|
|
* retain the above copyright notice and this paragraph in its entirety, (2)
|
|
* distributions including binary code include the above copyright notice and
|
|
* this paragraph in its entirety in the documentation or other materials
|
|
* provided with the distribution, and (3) all advertising materials mentioning
|
|
* features or use of this software display the following acknowledgement:
|
|
* ``This product includes software developed by the University of California,
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
|
* the University nor the names of its contributors may be used to endorse
|
|
* or promote products derived from this software without specific prior
|
|
* written permission.
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
*/
|
|
|
|
/*
|
|
* txtproto_print() derived from original code by Hannes Gredler
|
|
* (hannes@juniper.net):
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that: (1) source code
|
|
* distributions retain the above copyright notice and this paragraph
|
|
* in its entirety, and (2) distributions including binary code include
|
|
* the above copyright notice and this paragraph in its entirety in
|
|
* the documentation or other materials provided with the distribution.
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
|
|
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
|
|
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE.
|
|
*/
|
|
|
|
#define NETDISSECT_REWORKED
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include <tcpdump-stdinc.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#ifdef HAVE_FCNTL_H
|
|
#include <fcntl.h>
|
|
#endif
|
|
#include <stdio.h>
|
|
#include <stdarg.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include "interface.h"
|
|
|
|
/*
|
|
* Print out a null-terminated filename (or other ascii string).
|
|
* If ep is NULL, assume no truncation check is needed.
|
|
* Return true if truncated.
|
|
*/
|
|
int
|
|
fn_print(netdissect_options *ndo,
|
|
register const u_char *s, register const u_char *ep)
|
|
{
|
|
register int ret;
|
|
register u_char c;
|
|
|
|
ret = 1; /* assume truncated */
|
|
while (ep == NULL || s < ep) {
|
|
c = *s++;
|
|
if (c == '\0') {
|
|
ret = 0;
|
|
break;
|
|
}
|
|
if (!ND_ISASCII(c)) {
|
|
c = ND_TOASCII(c);
|
|
ND_PRINT((ndo, "M-"));
|
|
}
|
|
if (!ND_ISPRINT(c)) {
|
|
c ^= 0x40; /* DEL to ?, others to alpha */
|
|
ND_PRINT((ndo, "^"));
|
|
}
|
|
ND_PRINT((ndo, "%c", c));
|
|
}
|
|
return(ret);
|
|
}
|
|
|
|
/*
|
|
* Print out a counted filename (or other ascii string).
|
|
* If ep is NULL, assume no truncation check is needed.
|
|
* Return true if truncated.
|
|
*/
|
|
int
|
|
fn_printn(netdissect_options *ndo,
|
|
register const u_char *s, register u_int n, register const u_char *ep)
|
|
{
|
|
register u_char c;
|
|
|
|
while (n > 0 && (ep == NULL || s < ep)) {
|
|
n--;
|
|
c = *s++;
|
|
if (!ND_ISASCII(c)) {
|
|
c = ND_TOASCII(c);
|
|
ND_PRINT((ndo, "M-"));
|
|
}
|
|
if (!ND_ISPRINT(c)) {
|
|
c ^= 0x40; /* DEL to ?, others to alpha */
|
|
ND_PRINT((ndo, "^"));
|
|
}
|
|
ND_PRINT((ndo, "%c", c));
|
|
}
|
|
return (n == 0) ? 0 : 1;
|
|
}
|
|
|
|
/*
|
|
* Print out a null-padded filename (or other ascii string).
|
|
* If ep is NULL, assume no truncation check is needed.
|
|
* Return true if truncated.
|
|
*/
|
|
int
|
|
fn_printzp(netdissect_options *ndo,
|
|
register const u_char *s, register u_int n,
|
|
register const u_char *ep)
|
|
{
|
|
register int ret;
|
|
register u_char c;
|
|
|
|
ret = 1; /* assume truncated */
|
|
while (n > 0 && (ep == NULL || s < ep)) {
|
|
n--;
|
|
c = *s++;
|
|
if (c == '\0') {
|
|
ret = 0;
|
|
break;
|
|
}
|
|
if (!ND_ISASCII(c)) {
|
|
c = ND_TOASCII(c);
|
|
ND_PRINT((ndo, "M-"));
|
|
}
|
|
if (!ND_ISPRINT(c)) {
|
|
c ^= 0x40; /* DEL to ?, others to alpha */
|
|
ND_PRINT((ndo, "^"));
|
|
}
|
|
ND_PRINT((ndo, "%c", c));
|
|
}
|
|
return (n == 0) ? 0 : ret;
|
|
}
|
|
|
|
/*
|
|
* Format the timestamp
|
|
*/
|
|
static char *
|
|
ts_format(netdissect_options *ndo
|
|
#ifndef HAVE_PCAP_SET_TSTAMP_PRECISION
|
|
_U_
|
|
#endif
|
|
, int sec, int usec)
|
|
{
|
|
static char buf[sizeof("00:00:00.000000000")];
|
|
const char *format;
|
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
|
switch (ndo->ndo_tstamp_precision) {
|
|
|
|
case PCAP_TSTAMP_PRECISION_MICRO:
|
|
format = "%02d:%02d:%02d.%06u";
|
|
break;
|
|
|
|
case PCAP_TSTAMP_PRECISION_NANO:
|
|
format = "%02d:%02d:%02d.%09u";
|
|
break;
|
|
|
|
default:
|
|
format = "%02d:%02d:%02d.{unknown precision}";
|
|
break;
|
|
}
|
|
#else
|
|
format = "%02d:%02d:%02d.%06u";
|
|
#endif
|
|
|
|
snprintf(buf, sizeof(buf), format,
|
|
sec / 3600, (sec % 3600) / 60, sec % 60, usec);
|
|
|
|
return buf;
|
|
}
|
|
|
|
/*
|
|
* Print the timestamp
|
|
*/
|
|
void
|
|
ts_print(netdissect_options *ndo,
|
|
register const struct timeval *tvp)
|
|
{
|
|
register int s;
|
|
struct tm *tm;
|
|
time_t Time;
|
|
static unsigned b_sec;
|
|
static unsigned b_usec;
|
|
int d_usec;
|
|
int d_sec;
|
|
|
|
switch (ndo->ndo_tflag) {
|
|
|
|
case 0: /* Default */
|
|
s = (tvp->tv_sec + thiszone) % 86400;
|
|
ND_PRINT((ndo, "%s ", ts_format(ndo, s, tvp->tv_usec)));
|
|
break;
|
|
|
|
case 1: /* No time stamp */
|
|
break;
|
|
|
|
case 2: /* Unix timeval style */
|
|
ND_PRINT((ndo, "%u.%06u ",
|
|
(unsigned)tvp->tv_sec,
|
|
(unsigned)tvp->tv_usec));
|
|
break;
|
|
|
|
case 3: /* Microseconds since previous packet */
|
|
case 5: /* Microseconds since first packet */
|
|
if (b_sec == 0) {
|
|
/* init timestamp for first packet */
|
|
b_usec = tvp->tv_usec;
|
|
b_sec = tvp->tv_sec;
|
|
}
|
|
|
|
d_usec = tvp->tv_usec - b_usec;
|
|
d_sec = tvp->tv_sec - b_sec;
|
|
|
|
while (d_usec < 0) {
|
|
d_usec += 1000000;
|
|
d_sec--;
|
|
}
|
|
|
|
ND_PRINT((ndo, "%s ", ts_format(ndo, d_sec, d_usec)));
|
|
|
|
if (ndo->ndo_tflag == 3) { /* set timestamp for last packet */
|
|
b_sec = tvp->tv_sec;
|
|
b_usec = tvp->tv_usec;
|
|
}
|
|
break;
|
|
|
|
case 4: /* Default + Date*/
|
|
s = (tvp->tv_sec + thiszone) % 86400;
|
|
Time = (tvp->tv_sec + thiszone) - s;
|
|
tm = gmtime (&Time);
|
|
if (!tm)
|
|
ND_PRINT((ndo, "Date fail "));
|
|
else
|
|
ND_PRINT((ndo, "%04d-%02d-%02d %s ",
|
|
tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday,
|
|
ts_format(ndo, s, tvp->tv_usec)));
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Print a relative number of seconds (e.g. hold time, prune timer)
|
|
* in the form 5m1s. This does no truncation, so 32230861 seconds
|
|
* is represented as 1y1w1d1h1m1s.
|
|
*/
|
|
void
|
|
relts_print(netdissect_options *ndo,
|
|
int secs)
|
|
{
|
|
static const char *lengths[] = {"y", "w", "d", "h", "m", "s"};
|
|
static const int seconds[] = {31536000, 604800, 86400, 3600, 60, 1};
|
|
const char **l = lengths;
|
|
const int *s = seconds;
|
|
|
|
if (secs == 0) {
|
|
ND_PRINT((ndo, "0s"));
|
|
return;
|
|
}
|
|
if (secs < 0) {
|
|
ND_PRINT((ndo, "-"));
|
|
secs = -secs;
|
|
}
|
|
while (secs > 0) {
|
|
if (secs >= *s) {
|
|
ND_PRINT((ndo, "%d%s", secs / *s, *l));
|
|
secs -= (secs / *s) * *s;
|
|
}
|
|
s++;
|
|
l++;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* this is a generic routine for printing unknown data;
|
|
* we pass on the linefeed plus indentation string to
|
|
* get a proper output - returns 0 on error
|
|
*/
|
|
|
|
int
|
|
print_unknown_data(netdissect_options *ndo, const u_char *cp,const char *ident,int len)
|
|
{
|
|
if (len < 0) {
|
|
ND_PRINT((ndo,"%sDissector error: print_unknown_data called with negative length",
|
|
ident));
|
|
return(0);
|
|
}
|
|
if (ndo->ndo_snapend - cp < len)
|
|
len = ndo->ndo_snapend - cp;
|
|
if (len < 0) {
|
|
ND_PRINT((ndo,"%sDissector error: print_unknown_data called with pointer past end of packet",
|
|
ident));
|
|
return(0);
|
|
}
|
|
hex_print(ndo, ident,cp,len);
|
|
return(1); /* everything is ok */
|
|
}
|
|
|
|
/*
|
|
* Convert a token value to a string; use "fmt" if not found.
|
|
*/
|
|
const char *
|
|
tok2strbuf(register const struct tok *lp, register const char *fmt,
|
|
register u_int v, char *buf, size_t bufsize)
|
|
{
|
|
if (lp != NULL) {
|
|
while (lp->s != NULL) {
|
|
if (lp->v == v)
|
|
return (lp->s);
|
|
++lp;
|
|
}
|
|
}
|
|
if (fmt == NULL)
|
|
fmt = "#%d";
|
|
|
|
(void)snprintf(buf, bufsize, fmt, v);
|
|
return (const char *)buf;
|
|
}
|
|
|
|
/*
|
|
* Convert a token value to a string; use "fmt" if not found.
|
|
*/
|
|
const char *
|
|
tok2str(register const struct tok *lp, register const char *fmt,
|
|
register int v)
|
|
{
|
|
static char buf[4][128];
|
|
static int idx = 0;
|
|
char *ret;
|
|
|
|
ret = buf[idx];
|
|
idx = (idx+1) & 3;
|
|
return tok2strbuf(lp, fmt, v, ret, sizeof(buf[0]));
|
|
}
|
|
|
|
/*
|
|
* Convert a bit token value to a string; use "fmt" if not found.
|
|
* this is useful for parsing bitfields, the output strings are seperated
|
|
* if the s field is positive.
|
|
*/
|
|
static char *
|
|
bittok2str_internal(register const struct tok *lp, register const char *fmt,
|
|
register int v, register int sep)
|
|
{
|
|
static char buf[256]; /* our stringbuffer */
|
|
int buflen=0;
|
|
register int rotbit; /* this is the bit we rotate through all bitpositions */
|
|
register int tokval;
|
|
const char * sepstr = "";
|
|
|
|
while (lp != NULL && lp->s != NULL) {
|
|
tokval=lp->v; /* load our first value */
|
|
rotbit=1;
|
|
while (rotbit != 0) {
|
|
/*
|
|
* lets AND the rotating bit with our token value
|
|
* and see if we have got a match
|
|
*/
|
|
if (tokval == (v&rotbit)) {
|
|
/* ok we have found something */
|
|
buflen+=snprintf(buf+buflen, sizeof(buf)-buflen, "%s%s",
|
|
sepstr, lp->s);
|
|
sepstr = sep ? ", " : "";
|
|
break;
|
|
}
|
|
rotbit=rotbit<<1; /* no match - lets shift and try again */
|
|
}
|
|
lp++;
|
|
}
|
|
|
|
if (buflen == 0)
|
|
/* bummer - lets print the "unknown" message as advised in the fmt string if we got one */
|
|
(void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%d" : fmt, v);
|
|
return (buf);
|
|
}
|
|
|
|
/*
|
|
* Convert a bit token value to a string; use "fmt" if not found.
|
|
* this is useful for parsing bitfields, the output strings are not seperated.
|
|
*/
|
|
char *
|
|
bittok2str_nosep(register const struct tok *lp, register const char *fmt,
|
|
register int v)
|
|
{
|
|
return (bittok2str_internal(lp, fmt, v, 0));
|
|
}
|
|
|
|
/*
|
|
* Convert a bit token value to a string; use "fmt" if not found.
|
|
* this is useful for parsing bitfields, the output strings are comma seperated.
|
|
*/
|
|
char *
|
|
bittok2str(register const struct tok *lp, register const char *fmt,
|
|
register int v)
|
|
{
|
|
return (bittok2str_internal(lp, fmt, v, 1));
|
|
}
|
|
|
|
/*
|
|
* Convert a value to a string using an array; the macro
|
|
* tok2strary() in <interface.h> is the public interface to
|
|
* this function and ensures that the second argument is
|
|
* correct for bounds-checking.
|
|
*/
|
|
const char *
|
|
tok2strary_internal(register const char **lp, int n, register const char *fmt,
|
|
register int v)
|
|
{
|
|
static char buf[128];
|
|
|
|
if (v >= 0 && v < n && lp[v] != NULL)
|
|
return lp[v];
|
|
if (fmt == NULL)
|
|
fmt = "#%d";
|
|
(void)snprintf(buf, sizeof(buf), fmt, v);
|
|
return (buf);
|
|
}
|
|
|
|
/*
|
|
* Convert a 32-bit netmask to prefixlen if possible
|
|
* the function returns the prefix-len; if plen == -1
|
|
* then conversion was not possible;
|
|
*/
|
|
|
|
int
|
|
mask2plen(uint32_t mask)
|
|
{
|
|
uint32_t bitmasks[33] = {
|
|
0x00000000,
|
|
0x80000000, 0xc0000000, 0xe0000000, 0xf0000000,
|
|
0xf8000000, 0xfc000000, 0xfe000000, 0xff000000,
|
|
0xff800000, 0xffc00000, 0xffe00000, 0xfff00000,
|
|
0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000,
|
|
0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000,
|
|
0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00,
|
|
0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0,
|
|
0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff
|
|
};
|
|
int prefix_len = 32;
|
|
|
|
/* let's see if we can transform the mask into a prefixlen */
|
|
while (prefix_len >= 0) {
|
|
if (bitmasks[prefix_len] == mask)
|
|
break;
|
|
prefix_len--;
|
|
}
|
|
return (prefix_len);
|
|
}
|
|
|
|
#ifdef INET6
|
|
int
|
|
mask62plen(const u_char *mask)
|
|
{
|
|
u_char bitmasks[9] = {
|
|
0x00,
|
|
0x80, 0xc0, 0xe0, 0xf0,
|
|
0xf8, 0xfc, 0xfe, 0xff
|
|
};
|
|
int byte;
|
|
int cidr_len = 0;
|
|
|
|
for (byte = 0; byte < 16; byte++) {
|
|
u_int bits;
|
|
|
|
for (bits = 0; bits < (sizeof (bitmasks) / sizeof (bitmasks[0])); bits++) {
|
|
if (mask[byte] == bitmasks[bits]) {
|
|
cidr_len += bits;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (mask[byte] != 0xff)
|
|
break;
|
|
}
|
|
return (cidr_len);
|
|
}
|
|
#endif /* INET6 */
|
|
|
|
/*
|
|
* Routine to print out information for text-based protocols such as FTP,
|
|
* HTTP, SMTP, RTSP, SIP, ....
|
|
*/
|
|
#define MAX_TOKEN 128
|
|
|
|
/*
|
|
* Fetch a token from a packet, starting at the specified index,
|
|
* and return the length of the token.
|
|
*
|
|
* Returns 0 on error; yes, this is indistinguishable from an empty
|
|
* token, but an "empty token" isn't a valid token - it just means
|
|
* either a space character at the beginning of the line (this
|
|
* includes a blank line) or no more tokens remaining on the line.
|
|
*/
|
|
static int
|
|
fetch_token(netdissect_options *ndo, const u_char *pptr, u_int idx, u_int len,
|
|
u_char *tbuf, size_t tbuflen)
|
|
{
|
|
size_t toklen = 0;
|
|
|
|
for (; idx < len; idx++) {
|
|
if (!ND_TTEST(*(pptr + idx))) {
|
|
/* ran past end of captured data */
|
|
return (0);
|
|
}
|
|
if (!isascii(*(pptr + idx))) {
|
|
/* not an ASCII character */
|
|
return (0);
|
|
}
|
|
if (isspace(*(pptr + idx))) {
|
|
/* end of token */
|
|
break;
|
|
}
|
|
if (!isprint(*(pptr + idx))) {
|
|
/* not part of a command token or response code */
|
|
return (0);
|
|
}
|
|
if (toklen + 2 > tbuflen) {
|
|
/* no room for this character and terminating '\0' */
|
|
return (0);
|
|
}
|
|
tbuf[toklen] = *(pptr + idx);
|
|
toklen++;
|
|
}
|
|
if (toklen == 0) {
|
|
/* no token */
|
|
return (0);
|
|
}
|
|
tbuf[toklen] = '\0';
|
|
|
|
/*
|
|
* Skip past any white space after the token, until we see
|
|
* an end-of-line (CR or LF).
|
|
*/
|
|
for (; idx < len; idx++) {
|
|
if (!ND_TTEST(*(pptr + idx))) {
|
|
/* ran past end of captured data */
|
|
break;
|
|
}
|
|
if (*(pptr + idx) == '\r' || *(pptr + idx) == '\n') {
|
|
/* end of line */
|
|
break;
|
|
}
|
|
if (!isascii(*(pptr + idx)) || !isprint(*(pptr + idx))) {
|
|
/* not a printable ASCII character */
|
|
break;
|
|
}
|
|
if (!isspace(*(pptr + idx))) {
|
|
/* beginning of next token */
|
|
break;
|
|
}
|
|
}
|
|
return (idx);
|
|
}
|
|
|
|
/*
|
|
* Scan a buffer looking for a line ending - LF or CR-LF.
|
|
* Return the index of the character after the line ending or 0 if
|
|
* we encounter a non-ASCII or non-printable character or don't find
|
|
* the line ending.
|
|
*/
|
|
static u_int
|
|
print_txt_line(netdissect_options *ndo, const char *protoname,
|
|
const char *prefix, const u_char *pptr, u_int idx, u_int len)
|
|
{
|
|
u_int startidx;
|
|
u_int linelen;
|
|
|
|
startidx = idx;
|
|
while (idx < len) {
|
|
ND_TCHECK(*(pptr+idx));
|
|
if (*(pptr+idx) == '\n') {
|
|
/*
|
|
* LF without CR; end of line.
|
|
* Skip the LF and print the line, with the
|
|
* exception of the LF.
|
|
*/
|
|
linelen = idx - startidx;
|
|
idx++;
|
|
goto print;
|
|
} else if (*(pptr+idx) == '\r') {
|
|
/* CR - any LF? */
|
|
if ((idx+1) >= len) {
|
|
/* not in this packet */
|
|
return (0);
|
|
}
|
|
ND_TCHECK(*(pptr+idx+1));
|
|
if (*(pptr+idx+1) == '\n') {
|
|
/*
|
|
* CR-LF; end of line.
|
|
* Skip the CR-LF and print the line, with
|
|
* the exception of the CR-LF.
|
|
*/
|
|
linelen = idx - startidx;
|
|
idx += 2;
|
|
goto print;
|
|
}
|
|
|
|
/*
|
|
* CR followed by something else; treat this
|
|
* as if it were binary data, and don't print
|
|
* it.
|
|
*/
|
|
return (0);
|
|
} else if (!isascii(*(pptr+idx)) ||
|
|
(!isprint(*(pptr+idx)) && *(pptr+idx) != '\t')) {
|
|
/*
|
|
* Not a printable ASCII character and not a tab;
|
|
* treat this as if it were binary data, and
|
|
* don't print it.
|
|
*/
|
|
return (0);
|
|
}
|
|
idx++;
|
|
}
|
|
|
|
/*
|
|
* All printable ASCII, but no line ending after that point
|
|
* in the buffer; treat this as if it were truncated.
|
|
*/
|
|
trunc:
|
|
ND_PRINT((ndo, "%s%.*s[!%s]", prefix, (int)linelen, pptr + startidx,
|
|
protoname));
|
|
return (0);
|
|
|
|
print:
|
|
ND_PRINT((ndo, "%s%.*s", prefix, (int)linelen, pptr + startidx));
|
|
return (idx);
|
|
}
|
|
|
|
void
|
|
txtproto_print(netdissect_options *ndo, const u_char *pptr, u_int len,
|
|
const char *protoname, const char **cmds, u_int flags)
|
|
{
|
|
u_int idx, eol;
|
|
u_char token[MAX_TOKEN+1];
|
|
const char *cmd;
|
|
int is_reqresp = 0;
|
|
const char *pnp;
|
|
|
|
if (cmds != NULL) {
|
|
/*
|
|
* This protocol has more than just request and
|
|
* response lines; see whether this looks like a
|
|
* request or response.
|
|
*/
|
|
idx = fetch_token(ndo, pptr, 0, len, token, sizeof(token));
|
|
if (idx != 0) {
|
|
/* Is this a valid request name? */
|
|
while ((cmd = *cmds++) != NULL) {
|
|
if (strcasecmp((const char *)token, cmd) == 0) {
|
|
/* Yes. */
|
|
is_reqresp = 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* No - is this a valid response code (3 digits)?
|
|
*
|
|
* Is this token the response code, or is the next
|
|
* token the response code?
|
|
*/
|
|
if (flags & RESP_CODE_SECOND_TOKEN) {
|
|
/*
|
|
* Next token - get it.
|
|
*/
|
|
idx = fetch_token(ndo, pptr, idx, len, token,
|
|
sizeof(token));
|
|
}
|
|
if (idx != 0) {
|
|
if (isdigit(token[0]) && isdigit(token[1]) &&
|
|
isdigit(token[2]) && token[3] == '\0') {
|
|
/* Yes. */
|
|
is_reqresp = 1;
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
/*
|
|
* This protocol has only request and response lines
|
|
* (e.g., FTP, where all the data goes over a
|
|
* different connection); assume the payload is
|
|
* a request or response.
|
|
*/
|
|
is_reqresp = 1;
|
|
}
|
|
|
|
/* Capitalize the protocol name */
|
|
for (pnp = protoname; *pnp != '\0'; pnp++)
|
|
ND_PRINT((ndo, "%c", toupper(*pnp)));
|
|
|
|
if (is_reqresp) {
|
|
/*
|
|
* In non-verbose mode, just print the protocol, followed
|
|
* by the first line as the request or response info.
|
|
*
|
|
* In verbose mode, print lines as text until we run out
|
|
* of characters or see something that's not a
|
|
* printable-ASCII line.
|
|
*/
|
|
if (ndo->ndo_vflag) {
|
|
/*
|
|
* We're going to print all the text lines in the
|
|
* request or response; just print the length
|
|
* on the first line of the output.
|
|
*/
|
|
ND_PRINT((ndo, ", length: %u", len));
|
|
for (idx = 0;
|
|
idx < len && (eol = print_txt_line(ndo, protoname, "\n\t", pptr, idx, len)) != 0;
|
|
idx = eol)
|
|
;
|
|
} else {
|
|
/*
|
|
* Just print the first text line.
|
|
*/
|
|
print_txt_line(ndo, protoname, ": ", pptr, 0, len);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* VARARGS */
|
|
void
|
|
error(const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
|
|
(void)fprintf(stderr, "%s: ", program_name);
|
|
va_start(ap, fmt);
|
|
(void)vfprintf(stderr, fmt, ap);
|
|
va_end(ap);
|
|
if (*fmt) {
|
|
fmt += strlen(fmt);
|
|
if (fmt[-1] != '\n')
|
|
(void)fputc('\n', stderr);
|
|
}
|
|
exit(1);
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/* VARARGS */
|
|
void
|
|
warning(const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
|
|
(void)fprintf(stderr, "%s: WARNING: ", program_name);
|
|
va_start(ap, fmt);
|
|
(void)vfprintf(stderr, fmt, ap);
|
|
va_end(ap);
|
|
if (*fmt) {
|
|
fmt += strlen(fmt);
|
|
if (fmt[-1] != '\n')
|
|
(void)fputc('\n', stderr);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Copy arg vector into a new buffer, concatenating arguments with spaces.
|
|
*/
|
|
char *
|
|
copy_argv(register char **argv)
|
|
{
|
|
register char **p;
|
|
register u_int len = 0;
|
|
char *buf;
|
|
char *src, *dst;
|
|
|
|
p = argv;
|
|
if (*p == 0)
|
|
return 0;
|
|
|
|
while (*p)
|
|
len += strlen(*p++) + 1;
|
|
|
|
buf = (char *)malloc(len);
|
|
if (buf == NULL)
|
|
error("copy_argv: malloc");
|
|
|
|
p = argv;
|
|
dst = buf;
|
|
while ((src = *p++) != NULL) {
|
|
while ((*dst++ = *src++) != '\0')
|
|
;
|
|
dst[-1] = ' ';
|
|
}
|
|
dst[-1] = '\0';
|
|
|
|
return buf;
|
|
}
|
|
|
|
/*
|
|
* On Windows, we need to open the file in binary mode, so that
|
|
* we get all the bytes specified by the size we get from "fstat()".
|
|
* On UNIX, that's not necessary. O_BINARY is defined on Windows;
|
|
* we define it as 0 if it's not defined, so it does nothing.
|
|
*/
|
|
#ifndef O_BINARY
|
|
#define O_BINARY 0
|
|
#endif
|
|
|
|
char *
|
|
read_infile(char *fname)
|
|
{
|
|
register int i, fd, cc;
|
|
register char *cp;
|
|
struct stat buf;
|
|
|
|
fd = open(fname, O_RDONLY|O_BINARY);
|
|
if (fd < 0)
|
|
error("can't open %s: %s", fname, pcap_strerror(errno));
|
|
|
|
if (fstat(fd, &buf) < 0)
|
|
error("can't stat %s: %s", fname, pcap_strerror(errno));
|
|
|
|
cp = malloc((u_int)buf.st_size + 1);
|
|
if (cp == NULL)
|
|
error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
|
|
fname, pcap_strerror(errno));
|
|
cc = read(fd, cp, (u_int)buf.st_size);
|
|
if (cc < 0)
|
|
error("read %s: %s", fname, pcap_strerror(errno));
|
|
if (cc != buf.st_size)
|
|
error("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
|
|
|
|
close(fd);
|
|
/* replace "# comment" with spaces */
|
|
for (i = 0; i < cc; i++) {
|
|
if (cp[i] == '#')
|
|
while (i < cc && cp[i] != '\n')
|
|
cp[i++] = ' ';
|
|
}
|
|
cp[cc] = '\0';
|
|
return (cp);
|
|
}
|
|
|
|
void
|
|
safeputs(netdissect_options *ndo,
|
|
const u_char *s, const u_int maxlen)
|
|
{
|
|
u_int idx = 0;
|
|
|
|
while (*s && idx < maxlen) {
|
|
safeputchar(ndo, *s);
|
|
idx++;
|
|
s++;
|
|
}
|
|
}
|
|
|
|
void
|
|
safeputchar(netdissect_options *ndo,
|
|
const u_char c)
|
|
{
|
|
ND_PRINT((ndo, (c < 0x80 && ND_ISPRINT(c)) ? "%c" : "\\0x%02x", c));
|
|
}
|
|
|
|
#ifdef LBL_ALIGN
|
|
/*
|
|
* Some compilers try to optimize memcpy(), using the alignment constraint
|
|
* on the argument pointer type. by using this function, we try to avoid the
|
|
* optimization.
|
|
*/
|
|
void
|
|
unaligned_memcpy(void *p, const void *q, size_t l)
|
|
{
|
|
memcpy(p, q, l);
|
|
}
|
|
|
|
/* As with memcpy(), so with memcmp(). */
|
|
int
|
|
unaligned_memcmp(const void *p, const void *q, size_t l)
|
|
{
|
|
return (memcmp(p, q, l));
|
|
}
|
|
#endif
|