1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Internet, ethernet, port, and protocol string to address
22 * and address to string conversion routines
23 */
24
25 #define NETDISSECT_REWORKED
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29
30 #include <tcpdump-stdinc.h>
31
32 #ifdef USE_ETHER_NTOHOST
33 #ifdef HAVE_NETINET_IF_ETHER_H
34 struct mbuf; /* Squelch compiler warnings on some platforms for */
35 struct rtentry; /* declarations in <net/if.h> */
36 #include <net/if.h> /* for "struct ifnet" in "struct arpcom" on Solaris */
37 #include <netinet/if_ether.h>
38 #endif /* HAVE_NETINET_IF_ETHER_H */
39 #ifdef NETINET_ETHER_H_DECLARES_ETHER_NTOHOST
40 #include <netinet/ether.h>
41 #endif /* NETINET_ETHER_H_DECLARES_ETHER_NTOHOST */
42
43 #if !defined(HAVE_DECL_ETHER_NTOHOST) || !HAVE_DECL_ETHER_NTOHOST
44 #ifndef HAVE_STRUCT_ETHER_ADDR
45 struct ether_addr {
46 unsigned char ether_addr_octet[6];
47 };
48 #endif
49 extern int ether_ntohost(char *, const struct ether_addr *);
50 #endif
51
52 #endif /* USE_ETHER_NTOHOST */
53
54 #include <pcap.h>
55 #include <pcap-namedb.h>
56 #include <signal.h>
57 #include <stdio.h>
58 #include <string.h>
59 #include <stdlib.h>
60
61 #include "interface.h"
62 #include "addrtoname.h"
63 #include "llc.h"
64 #include "setsignal.h"
65 #include "extract.h"
66 #include "oui.h"
67
68 #ifndef ETHER_ADDR_LEN
69 #define ETHER_ADDR_LEN 6
70 #endif
71
72 /*
73 * hash tables for whatever-to-name translations
74 *
75 * XXX there has to be error checks against strdup(3) failure
76 */
77
78 #define HASHNAMESIZE 4096
79
80 struct hnamemem {
81 uint32_t addr;
82 const char *name;
83 struct hnamemem *nxt;
84 };
85
86 static struct hnamemem hnametable[HASHNAMESIZE];
87 static struct hnamemem tporttable[HASHNAMESIZE];
88 static struct hnamemem uporttable[HASHNAMESIZE];
89 static struct hnamemem eprototable[HASHNAMESIZE];
90 static struct hnamemem dnaddrtable[HASHNAMESIZE];
91 static struct hnamemem ipxsaptable[HASHNAMESIZE];
92
93 #if defined(INET6) && defined(WIN32)
94 /*
95 * fake gethostbyaddr for Win2k/XP
96 * gethostbyaddr() returns incorrect value when AF_INET6 is passed
97 * to 3rd argument.
98 *
99 * h_name in struct hostent is only valid.
100 */
101 static struct hostent *
win32_gethostbyaddr(const char * addr,int len,int type)102 win32_gethostbyaddr(const char *addr, int len, int type)
103 {
104 static struct hostent host;
105 static char hostbuf[NI_MAXHOST];
106 char hname[NI_MAXHOST];
107 struct sockaddr_in6 addr6;
108
109 host.h_name = hostbuf;
110 switch (type) {
111 case AF_INET:
112 return gethostbyaddr(addr, len, type);
113 break;
114 case AF_INET6:
115 memset(&addr6, 0, sizeof(addr6));
116 addr6.sin6_family = AF_INET6;
117 memcpy(&addr6.sin6_addr, addr, len);
118 if (getnameinfo((struct sockaddr *)&addr6, sizeof(addr6),
119 hname, sizeof(hname), NULL, 0, 0)) {
120 return NULL;
121 } else {
122 strcpy(host.h_name, hname);
123 return &host;
124 }
125 break;
126 default:
127 return NULL;
128 }
129 }
130 #define gethostbyaddr win32_gethostbyaddr
131 #endif /* INET6 & WIN32 */
132
133 #ifdef INET6
134 struct h6namemem {
135 struct in6_addr addr;
136 char *name;
137 struct h6namemem *nxt;
138 };
139
140 static struct h6namemem h6nametable[HASHNAMESIZE];
141 #endif /* INET6 */
142
143 struct enamemem {
144 u_short e_addr0;
145 u_short e_addr1;
146 u_short e_addr2;
147 const char *e_name;
148 u_char *e_nsap; /* used only for nsaptable[] */
149 #define e_bs e_nsap /* for bytestringtable */
150 struct enamemem *e_nxt;
151 };
152
153 static struct enamemem enametable[HASHNAMESIZE];
154 static struct enamemem nsaptable[HASHNAMESIZE];
155 static struct enamemem bytestringtable[HASHNAMESIZE];
156
157 struct protoidmem {
158 uint32_t p_oui;
159 u_short p_proto;
160 const char *p_name;
161 struct protoidmem *p_nxt;
162 };
163
164 static struct protoidmem protoidtable[HASHNAMESIZE];
165
166 /*
167 * A faster replacement for inet_ntoa().
168 */
169 const char *
intoa(uint32_t addr)170 intoa(uint32_t addr)
171 {
172 register char *cp;
173 register u_int byte;
174 register int n;
175 static char buf[sizeof(".xxx.xxx.xxx.xxx")];
176
177 NTOHL(addr);
178 cp = buf + sizeof(buf);
179 *--cp = '\0';
180
181 n = 4;
182 do {
183 byte = addr & 0xff;
184 *--cp = byte % 10 + '0';
185 byte /= 10;
186 if (byte > 0) {
187 *--cp = byte % 10 + '0';
188 byte /= 10;
189 if (byte > 0)
190 *--cp = byte + '0';
191 }
192 *--cp = '.';
193 addr >>= 8;
194 } while (--n > 0);
195
196 return cp + 1;
197 }
198
199 static uint32_t f_netmask;
200 static uint32_t f_localnet;
201
202 /*
203 * Return a name for the IP address pointed to by ap. This address
204 * is assumed to be in network byte order.
205 *
206 * NOTE: ap is *NOT* necessarily part of the packet data (not even if
207 * this is being called with the "ipaddr_string()" macro), so you
208 * *CANNOT* use the TCHECK{2}/TTEST{2} macros on it. Furthermore,
209 * even in cases where it *is* part of the packet data, the caller
210 * would still have to check for a null return value, even if it's
211 * just printing the return value with "%s" - not all versions of
212 * printf print "(null)" with "%s" and a null pointer, some of them
213 * don't check for a null pointer and crash in that case.
214 *
215 * The callers of this routine should, before handing this routine
216 * a pointer to packet data, be sure that the data is present in
217 * the packet buffer. They should probably do those checks anyway,
218 * as other data at that layer might not be IP addresses, and it
219 * also needs to check whether they're present in the packet buffer.
220 */
221 const char *
getname(netdissect_options * ndo,const u_char * ap)222 getname(netdissect_options *ndo, const u_char *ap)
223 {
224 register struct hostent *hp;
225 uint32_t addr;
226 static struct hnamemem *p; /* static for longjmp() */
227
228 memcpy(&addr, ap, sizeof(addr));
229 p = &hnametable[addr & (HASHNAMESIZE-1)];
230 for (; p->nxt; p = p->nxt) {
231 if (p->addr == addr)
232 return (p->name);
233 }
234 p->addr = addr;
235 p->nxt = newhnamemem();
236
237 /*
238 * Print names unless:
239 * (1) -n was given.
240 * (2) Address is foreign and -f was given. (If -f was not
241 * given, f_netmask and f_localnet are 0 and the test
242 * evaluates to true)
243 */
244 if (!ndo->ndo_nflag &&
245 (addr & f_netmask) == f_localnet) {
246 hp = gethostbyaddr((char *)&addr, 4, AF_INET);
247 if (hp) {
248 char *dotp;
249
250 p->name = strdup(hp->h_name);
251 if (ndo->ndo_Nflag) {
252 /* Remove domain qualifications */
253 dotp = strchr(p->name, '.');
254 if (dotp)
255 *dotp = '\0';
256 }
257 return (p->name);
258 }
259 }
260 p->name = strdup(intoa(addr));
261 return (p->name);
262 }
263
264 #ifdef INET6
265 /*
266 * Return a name for the IP6 address pointed to by ap. This address
267 * is assumed to be in network byte order.
268 */
269 const char *
getname6(netdissect_options * ndo,const u_char * ap)270 getname6(netdissect_options *ndo, const u_char *ap)
271 {
272 register struct hostent *hp;
273 union {
274 struct in6_addr addr;
275 struct for_hash_addr {
276 char fill[14];
277 uint16_t d;
278 } addra;
279 } addr;
280 static struct h6namemem *p; /* static for longjmp() */
281 register const char *cp;
282 char ntop_buf[INET6_ADDRSTRLEN];
283
284 memcpy(&addr, ap, sizeof(addr));
285 p = &h6nametable[addr.addra.d & (HASHNAMESIZE-1)];
286 for (; p->nxt; p = p->nxt) {
287 if (memcmp(&p->addr, &addr, sizeof(addr)) == 0)
288 return (p->name);
289 }
290 p->addr = addr.addr;
291 p->nxt = newh6namemem();
292
293 /*
294 * Do not print names if -n was given.
295 */
296 if (!ndo->ndo_nflag) {
297 hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
298 if (hp) {
299 char *dotp;
300
301 p->name = strdup(hp->h_name);
302 if (ndo->ndo_Nflag) {
303 /* Remove domain qualifications */
304 dotp = strchr(p->name, '.');
305 if (dotp)
306 *dotp = '\0';
307 }
308 return (p->name);
309 }
310 }
311 cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf));
312 p->name = strdup(cp);
313 return (p->name);
314 }
315 #endif /* INET6 */
316
317 static const char hex[] = "0123456789abcdef";
318
319
320 /* Find the hash node that corresponds the ether address 'ep' */
321
322 static inline struct enamemem *
lookup_emem(const u_char * ep)323 lookup_emem(const u_char *ep)
324 {
325 register u_int i, j, k;
326 struct enamemem *tp;
327
328 k = (ep[0] << 8) | ep[1];
329 j = (ep[2] << 8) | ep[3];
330 i = (ep[4] << 8) | ep[5];
331
332 tp = &enametable[(i ^ j) & (HASHNAMESIZE-1)];
333 while (tp->e_nxt)
334 if (tp->e_addr0 == i &&
335 tp->e_addr1 == j &&
336 tp->e_addr2 == k)
337 return tp;
338 else
339 tp = tp->e_nxt;
340 tp->e_addr0 = i;
341 tp->e_addr1 = j;
342 tp->e_addr2 = k;
343 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
344 if (tp->e_nxt == NULL)
345 error("lookup_emem: calloc");
346
347 return tp;
348 }
349
350 /*
351 * Find the hash node that corresponds to the bytestring 'bs'
352 * with length 'nlen'
353 */
354
355 static inline struct enamemem *
lookup_bytestring(register const u_char * bs,const unsigned int nlen)356 lookup_bytestring(register const u_char *bs, const unsigned int nlen)
357 {
358 struct enamemem *tp;
359 register u_int i, j, k;
360
361 if (nlen >= 6) {
362 k = (bs[0] << 8) | bs[1];
363 j = (bs[2] << 8) | bs[3];
364 i = (bs[4] << 8) | bs[5];
365 } else if (nlen >= 4) {
366 k = (bs[0] << 8) | bs[1];
367 j = (bs[2] << 8) | bs[3];
368 i = 0;
369 } else
370 i = j = k = 0;
371
372 tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)];
373 while (tp->e_nxt)
374 if (tp->e_addr0 == i &&
375 tp->e_addr1 == j &&
376 tp->e_addr2 == k &&
377 memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0)
378 return tp;
379 else
380 tp = tp->e_nxt;
381
382 tp->e_addr0 = i;
383 tp->e_addr1 = j;
384 tp->e_addr2 = k;
385
386 tp->e_bs = (u_char *) calloc(1, nlen + 1);
387 if (tp->e_bs == NULL)
388 error("lookup_bytestring: calloc");
389
390 memcpy(tp->e_bs, bs, nlen);
391 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
392 if (tp->e_nxt == NULL)
393 error("lookup_bytestring: calloc");
394
395 return tp;
396 }
397
398 /* Find the hash node that corresponds the NSAP 'nsap' */
399
400 static inline struct enamemem *
lookup_nsap(register const u_char * nsap)401 lookup_nsap(register const u_char *nsap)
402 {
403 register u_int i, j, k;
404 unsigned int nlen = *nsap;
405 struct enamemem *tp;
406 const u_char *ensap = nsap + nlen - 6;
407
408 if (nlen > 6) {
409 k = (ensap[0] << 8) | ensap[1];
410 j = (ensap[2] << 8) | ensap[3];
411 i = (ensap[4] << 8) | ensap[5];
412 }
413 else
414 i = j = k = 0;
415
416 tp = &nsaptable[(i ^ j) & (HASHNAMESIZE-1)];
417 while (tp->e_nxt)
418 if (tp->e_addr0 == i &&
419 tp->e_addr1 == j &&
420 tp->e_addr2 == k &&
421 tp->e_nsap[0] == nlen &&
422 memcmp((const char *)&(nsap[1]),
423 (char *)&(tp->e_nsap[1]), nlen) == 0)
424 return tp;
425 else
426 tp = tp->e_nxt;
427 tp->e_addr0 = i;
428 tp->e_addr1 = j;
429 tp->e_addr2 = k;
430 tp->e_nsap = (u_char *)malloc(nlen + 1);
431 if (tp->e_nsap == NULL)
432 error("lookup_nsap: malloc");
433 memcpy((char *)tp->e_nsap, (const char *)nsap, nlen + 1);
434 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
435 if (tp->e_nxt == NULL)
436 error("lookup_nsap: calloc");
437
438 return tp;
439 }
440
441 /* Find the hash node that corresponds the protoid 'pi'. */
442
443 static inline struct protoidmem *
lookup_protoid(const u_char * pi)444 lookup_protoid(const u_char *pi)
445 {
446 register u_int i, j;
447 struct protoidmem *tp;
448
449 /* 5 octets won't be aligned */
450 i = (((pi[0] << 8) + pi[1]) << 8) + pi[2];
451 j = (pi[3] << 8) + pi[4];
452 /* XXX should be endian-insensitive, but do big-endian testing XXX */
453
454 tp = &protoidtable[(i ^ j) & (HASHNAMESIZE-1)];
455 while (tp->p_nxt)
456 if (tp->p_oui == i && tp->p_proto == j)
457 return tp;
458 else
459 tp = tp->p_nxt;
460 tp->p_oui = i;
461 tp->p_proto = j;
462 tp->p_nxt = (struct protoidmem *)calloc(1, sizeof(*tp));
463 if (tp->p_nxt == NULL)
464 error("lookup_protoid: calloc");
465
466 return tp;
467 }
468
469 const char *
etheraddr_string(netdissect_options * ndo,register const u_char * ep)470 etheraddr_string(netdissect_options *ndo, register const u_char *ep)
471 {
472 register int i;
473 register char *cp;
474 register struct enamemem *tp;
475 int oui;
476 char buf[BUFSIZE];
477
478 tp = lookup_emem(ep);
479 if (tp->e_name)
480 return (tp->e_name);
481 #ifdef USE_ETHER_NTOHOST
482 if (!ndo->ndo_nflag) {
483 char buf2[BUFSIZE];
484
485 /*
486 * We don't cast it to "const struct ether_addr *"
487 * because some systems fail to declare the second
488 * argument as a "const" pointer, even though they
489 * don't modify what it points to.
490 */
491 if (ether_ntohost(buf2, (struct ether_addr *)ep) == 0) {
492 tp->e_name = strdup(buf2);
493 return (tp->e_name);
494 }
495 }
496 #endif
497 cp = buf;
498 oui = EXTRACT_24BITS(ep);
499 *cp++ = hex[*ep >> 4 ];
500 *cp++ = hex[*ep++ & 0xf];
501 for (i = 5; --i >= 0;) {
502 *cp++ = ':';
503 *cp++ = hex[*ep >> 4 ];
504 *cp++ = hex[*ep++ & 0xf];
505 }
506
507 if (!ndo->ndo_nflag) {
508 snprintf(cp, BUFSIZE - (2 + 5*3), " (oui %s)",
509 tok2str(oui_values, "Unknown", oui));
510 } else
511 *cp = '\0';
512 tp->e_name = strdup(buf);
513 return (tp->e_name);
514 }
515
516 const char *
le64addr_string(const u_char * ep)517 le64addr_string(const u_char *ep)
518 {
519 const unsigned int len = 8;
520 register u_int i;
521 register char *cp;
522 register struct enamemem *tp;
523 char buf[BUFSIZE];
524
525 tp = lookup_bytestring(ep, len);
526 if (tp->e_name)
527 return (tp->e_name);
528
529 cp = buf;
530 for (i = len; i > 0 ; --i) {
531 *cp++ = hex[*(ep + i - 1) >> 4];
532 *cp++ = hex[*(ep + i - 1) & 0xf];
533 *cp++ = ':';
534 }
535 cp --;
536
537 *cp = '\0';
538
539 tp->e_name = strdup(buf);
540
541 return (tp->e_name);
542 }
543
544 const char *
linkaddr_string(netdissect_options * ndo,const u_char * ep,const unsigned int type,const unsigned int len)545 linkaddr_string(netdissect_options *ndo, const u_char *ep, const unsigned int type, const unsigned int len)
546 {
547 register u_int i;
548 register char *cp;
549 register struct enamemem *tp;
550
551 if (len == 0)
552 return ("<empty>");
553
554 if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN)
555 return (etheraddr_string(ndo, ep));
556
557 if (type == LINKADDR_FRELAY)
558 return (q922_string(ndo, ep, len));
559
560 tp = lookup_bytestring(ep, len);
561 if (tp->e_name)
562 return (tp->e_name);
563
564 tp->e_name = cp = (char *)malloc(len*3);
565 if (tp->e_name == NULL)
566 error("linkaddr_string: malloc");
567 *cp++ = hex[*ep >> 4];
568 *cp++ = hex[*ep++ & 0xf];
569 for (i = len-1; i > 0 ; --i) {
570 *cp++ = ':';
571 *cp++ = hex[*ep >> 4];
572 *cp++ = hex[*ep++ & 0xf];
573 }
574 *cp = '\0';
575 return (tp->e_name);
576 }
577
578 const char *
etherproto_string(u_short port)579 etherproto_string(u_short port)
580 {
581 register char *cp;
582 register struct hnamemem *tp;
583 register uint32_t i = port;
584 char buf[sizeof("0000")];
585
586 for (tp = &eprototable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
587 if (tp->addr == i)
588 return (tp->name);
589
590 tp->addr = i;
591 tp->nxt = newhnamemem();
592
593 cp = buf;
594 NTOHS(port);
595 *cp++ = hex[port >> 12 & 0xf];
596 *cp++ = hex[port >> 8 & 0xf];
597 *cp++ = hex[port >> 4 & 0xf];
598 *cp++ = hex[port & 0xf];
599 *cp++ = '\0';
600 tp->name = strdup(buf);
601 return (tp->name);
602 }
603
604 const char *
protoid_string(register const u_char * pi)605 protoid_string(register const u_char *pi)
606 {
607 register u_int i, j;
608 register char *cp;
609 register struct protoidmem *tp;
610 char buf[sizeof("00:00:00:00:00")];
611
612 tp = lookup_protoid(pi);
613 if (tp->p_name)
614 return tp->p_name;
615
616 cp = buf;
617 if ((j = *pi >> 4) != 0)
618 *cp++ = hex[j];
619 *cp++ = hex[*pi++ & 0xf];
620 for (i = 4; (int)--i >= 0;) {
621 *cp++ = ':';
622 if ((j = *pi >> 4) != 0)
623 *cp++ = hex[j];
624 *cp++ = hex[*pi++ & 0xf];
625 }
626 *cp = '\0';
627 tp->p_name = strdup(buf);
628 return (tp->p_name);
629 }
630
631 #define ISONSAP_MAX_LENGTH 20
632 const char *
isonsap_string(const u_char * nsap,register u_int nsap_length)633 isonsap_string(const u_char *nsap, register u_int nsap_length)
634 {
635 register u_int nsap_idx;
636 register char *cp;
637 register struct enamemem *tp;
638
639 if (nsap_length < 1 || nsap_length > ISONSAP_MAX_LENGTH)
640 return ("isonsap_string: illegal length");
641
642 tp = lookup_nsap(nsap);
643 if (tp->e_name)
644 return tp->e_name;
645
646 tp->e_name = cp = (char *)malloc(sizeof("xx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xx"));
647 if (cp == NULL)
648 error("isonsap_string: malloc");
649
650 for (nsap_idx = 0; nsap_idx < nsap_length; nsap_idx++) {
651 *cp++ = hex[*nsap >> 4];
652 *cp++ = hex[*nsap++ & 0xf];
653 if (((nsap_idx & 1) == 0) &&
654 (nsap_idx + 1 < nsap_length)) {
655 *cp++ = '.';
656 }
657 }
658 *cp = '\0';
659 return (tp->e_name);
660 }
661
662 const char *
tcpport_string(u_short port)663 tcpport_string(u_short port)
664 {
665 register struct hnamemem *tp;
666 register uint32_t i = port;
667 char buf[sizeof("00000")];
668
669 for (tp = &tporttable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
670 if (tp->addr == i)
671 return (tp->name);
672
673 tp->addr = i;
674 tp->nxt = newhnamemem();
675
676 (void)snprintf(buf, sizeof(buf), "%u", i);
677 tp->name = strdup(buf);
678 return (tp->name);
679 }
680
681 const char *
udpport_string(register u_short port)682 udpport_string(register u_short port)
683 {
684 register struct hnamemem *tp;
685 register uint32_t i = port;
686 char buf[sizeof("00000")];
687
688 for (tp = &uporttable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
689 if (tp->addr == i)
690 return (tp->name);
691
692 tp->addr = i;
693 tp->nxt = newhnamemem();
694
695 (void)snprintf(buf, sizeof(buf), "%u", i);
696 tp->name = strdup(buf);
697 return (tp->name);
698 }
699
700 const char *
ipxsap_string(u_short port)701 ipxsap_string(u_short port)
702 {
703 register char *cp;
704 register struct hnamemem *tp;
705 register uint32_t i = port;
706 char buf[sizeof("0000")];
707
708 for (tp = &ipxsaptable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
709 if (tp->addr == i)
710 return (tp->name);
711
712 tp->addr = i;
713 tp->nxt = newhnamemem();
714
715 cp = buf;
716 NTOHS(port);
717 *cp++ = hex[port >> 12 & 0xf];
718 *cp++ = hex[port >> 8 & 0xf];
719 *cp++ = hex[port >> 4 & 0xf];
720 *cp++ = hex[port & 0xf];
721 *cp++ = '\0';
722 tp->name = strdup(buf);
723 return (tp->name);
724 }
725
726 static void
init_servarray(netdissect_options * ndo)727 init_servarray(netdissect_options *ndo)
728 {
729 struct servent *sv;
730 register struct hnamemem *table;
731 register int i;
732 char buf[sizeof("0000000000")];
733
734 while ((sv = getservent()) != NULL) {
735 int port = ntohs(sv->s_port);
736 i = port & (HASHNAMESIZE-1);
737 if (strcmp(sv->s_proto, "tcp") == 0)
738 table = &tporttable[i];
739 else if (strcmp(sv->s_proto, "udp") == 0)
740 table = &uporttable[i];
741 else
742 continue;
743
744 while (table->name)
745 table = table->nxt;
746 if (ndo->ndo_nflag) {
747 (void)snprintf(buf, sizeof(buf), "%d", port);
748 table->name = strdup(buf);
749 } else
750 table->name = strdup(sv->s_name);
751 table->addr = port;
752 table->nxt = newhnamemem();
753 }
754 endservent();
755 }
756
757 /* in libpcap.a (nametoaddr.c) */
758 #if defined(WIN32) && !defined(USE_STATIC_LIBPCAP)
759 extern __declspec(dllimport)
760 #else
761 extern
762 #endif
763 const struct eproto {
764 const char *s;
765 u_short p;
766 } eproto_db[];
767
768 static void
init_eprotoarray(void)769 init_eprotoarray(void)
770 {
771 register int i;
772 register struct hnamemem *table;
773
774 for (i = 0; eproto_db[i].s; i++) {
775 int j = htons(eproto_db[i].p) & (HASHNAMESIZE-1);
776 table = &eprototable[j];
777 while (table->name)
778 table = table->nxt;
779 table->name = eproto_db[i].s;
780 table->addr = htons(eproto_db[i].p);
781 table->nxt = newhnamemem();
782 }
783 }
784
785 static const struct protoidlist {
786 const u_char protoid[5];
787 const char *name;
788 } protoidlist[] = {
789 {{ 0x00, 0x00, 0x0c, 0x01, 0x07 }, "CiscoMLS" },
790 {{ 0x00, 0x00, 0x0c, 0x20, 0x00 }, "CiscoCDP" },
791 {{ 0x00, 0x00, 0x0c, 0x20, 0x01 }, "CiscoCGMP" },
792 {{ 0x00, 0x00, 0x0c, 0x20, 0x03 }, "CiscoVTP" },
793 {{ 0x00, 0xe0, 0x2b, 0x00, 0xbb }, "ExtremeEDP" },
794 {{ 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL }
795 };
796
797 /*
798 * SNAP proto IDs with org code 0:0:0 are actually encapsulated Ethernet
799 * types.
800 */
801 static void
init_protoidarray(void)802 init_protoidarray(void)
803 {
804 register int i;
805 register struct protoidmem *tp;
806 const struct protoidlist *pl;
807 u_char protoid[5];
808
809 protoid[0] = 0;
810 protoid[1] = 0;
811 protoid[2] = 0;
812 for (i = 0; eproto_db[i].s; i++) {
813 u_short etype = htons(eproto_db[i].p);
814
815 memcpy((char *)&protoid[3], (char *)&etype, 2);
816 tp = lookup_protoid(protoid);
817 tp->p_name = strdup(eproto_db[i].s);
818 }
819 /* Hardwire some SNAP proto ID names */
820 for (pl = protoidlist; pl->name != NULL; ++pl) {
821 tp = lookup_protoid(pl->protoid);
822 /* Don't override existing name */
823 if (tp->p_name != NULL)
824 continue;
825
826 tp->p_name = pl->name;
827 }
828 }
829
830 static const struct etherlist {
831 const u_char addr[6];
832 const char *name;
833 } etherlist[] = {
834 {{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, "Broadcast" },
835 {{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL }
836 };
837
838 /*
839 * Initialize the ethers hash table. We take two different approaches
840 * depending on whether or not the system provides the ethers name
841 * service. If it does, we just wire in a few names at startup,
842 * and etheraddr_string() fills in the table on demand. If it doesn't,
843 * then we suck in the entire /etc/ethers file at startup. The idea
844 * is that parsing the local file will be fast, but spinning through
845 * all the ethers entries via NIS & next_etherent might be very slow.
846 *
847 * XXX pcap_next_etherent doesn't belong in the pcap interface, but
848 * since the pcap module already does name-to-address translation,
849 * it's already does most of the work for the ethernet address-to-name
850 * translation, so we just pcap_next_etherent as a convenience.
851 */
852 static void
init_etherarray(void)853 init_etherarray(void)
854 {
855 register const struct etherlist *el;
856 register struct enamemem *tp;
857 #ifdef USE_ETHER_NTOHOST
858 char name[256];
859 #else
860 register struct pcap_etherent *ep;
861 register FILE *fp;
862
863 /* Suck in entire ethers file */
864 fp = fopen(PCAP_ETHERS_FILE, "r");
865 if (fp != NULL) {
866 while ((ep = pcap_next_etherent(fp)) != NULL) {
867 tp = lookup_emem(ep->addr);
868 tp->e_name = strdup(ep->name);
869 }
870 (void)fclose(fp);
871 }
872 #endif
873
874 /* Hardwire some ethernet names */
875 for (el = etherlist; el->name != NULL; ++el) {
876 tp = lookup_emem(el->addr);
877 /* Don't override existing name */
878 if (tp->e_name != NULL)
879 continue;
880
881 #ifdef USE_ETHER_NTOHOST
882 /*
883 * Use YP/NIS version of name if available.
884 *
885 * We don't cast it to "const struct ether_addr *"
886 * because some systems don't modify the Ethernet
887 * address but fail to declare the second argument
888 * as a "const" pointer.
889 */
890 if (ether_ntohost(name, (struct ether_addr *)el->addr) == 0) {
891 tp->e_name = strdup(name);
892 continue;
893 }
894 #endif
895 tp->e_name = el->name;
896 }
897 }
898
899 static const struct tok ipxsap_db[] = {
900 { 0x0000, "Unknown" },
901 { 0x0001, "User" },
902 { 0x0002, "User Group" },
903 { 0x0003, "PrintQueue" },
904 { 0x0004, "FileServer" },
905 { 0x0005, "JobServer" },
906 { 0x0006, "Gateway" },
907 { 0x0007, "PrintServer" },
908 { 0x0008, "ArchiveQueue" },
909 { 0x0009, "ArchiveServer" },
910 { 0x000a, "JobQueue" },
911 { 0x000b, "Administration" },
912 { 0x000F, "Novell TI-RPC" },
913 { 0x0017, "Diagnostics" },
914 { 0x0020, "NetBIOS" },
915 { 0x0021, "NAS SNA Gateway" },
916 { 0x0023, "NACS AsyncGateway" },
917 { 0x0024, "RemoteBridge/RoutingService" },
918 { 0x0026, "BridgeServer" },
919 { 0x0027, "TCP/IP Gateway" },
920 { 0x0028, "Point-to-point X.25 BridgeServer" },
921 { 0x0029, "3270 Gateway" },
922 { 0x002a, "CHI Corp" },
923 { 0x002c, "PC Chalkboard" },
924 { 0x002d, "TimeSynchServer" },
925 { 0x002e, "ARCserve5.0/PalindromeBackup" },
926 { 0x0045, "DI3270 Gateway" },
927 { 0x0047, "AdvertisingPrintServer" },
928 { 0x004a, "NetBlazerModems" },
929 { 0x004b, "BtrieveVAP" },
930 { 0x004c, "NetwareSQL" },
931 { 0x004d, "XtreeNetwork" },
932 { 0x0050, "BtrieveVAP4.11" },
933 { 0x0052, "QuickLink" },
934 { 0x0053, "PrintQueueUser" },
935 { 0x0058, "Multipoint X.25 Router" },
936 { 0x0060, "STLB/NLM" },
937 { 0x0064, "ARCserve" },
938 { 0x0066, "ARCserve3.0" },
939 { 0x0072, "WAN CopyUtility" },
940 { 0x007a, "TES-NetwareVMS" },
941 { 0x0092, "WATCOM Debugger/EmeraldTapeBackupServer" },
942 { 0x0095, "DDA OBGYN" },
943 { 0x0098, "NetwareAccessServer" },
944 { 0x009a, "Netware for VMS II/NamedPipeServer" },
945 { 0x009b, "NetwareAccessServer" },
946 { 0x009e, "PortableNetwareServer/SunLinkNVT" },
947 { 0x00a1, "PowerchuteAPC UPS" },
948 { 0x00aa, "LAWserve" },
949 { 0x00ac, "CompaqIDA StatusMonitor" },
950 { 0x0100, "PIPE STAIL" },
951 { 0x0102, "LAN ProtectBindery" },
952 { 0x0103, "OracleDataBaseServer" },
953 { 0x0107, "Netware386/RSPX RemoteConsole" },
954 { 0x010f, "NovellSNA Gateway" },
955 { 0x0111, "TestServer" },
956 { 0x0112, "HP PrintServer" },
957 { 0x0114, "CSA MUX" },
958 { 0x0115, "CSA LCA" },
959 { 0x0116, "CSA CM" },
960 { 0x0117, "CSA SMA" },
961 { 0x0118, "CSA DBA" },
962 { 0x0119, "CSA NMA" },
963 { 0x011a, "CSA SSA" },
964 { 0x011b, "CSA STATUS" },
965 { 0x011e, "CSA APPC" },
966 { 0x0126, "SNA TEST SSA Profile" },
967 { 0x012a, "CSA TRACE" },
968 { 0x012b, "NetwareSAA" },
969 { 0x012e, "IKARUS VirusScan" },
970 { 0x0130, "CommunicationsExecutive" },
971 { 0x0133, "NNS DomainServer/NetwareNamingServicesDomain" },
972 { 0x0135, "NetwareNamingServicesProfile" },
973 { 0x0137, "Netware386 PrintQueue/NNS PrintQueue" },
974 { 0x0141, "LAN SpoolServer" },
975 { 0x0152, "IRMALAN Gateway" },
976 { 0x0154, "NamedPipeServer" },
977 { 0x0166, "NetWareManagement" },
978 { 0x0168, "Intel PICKIT CommServer/Intel CAS TalkServer" },
979 { 0x0173, "Compaq" },
980 { 0x0174, "Compaq SNMP Agent" },
981 { 0x0175, "Compaq" },
982 { 0x0180, "XTreeServer/XTreeTools" },
983 { 0x018A, "NASI ServicesBroadcastServer" },
984 { 0x01b0, "GARP Gateway" },
985 { 0x01b1, "Binfview" },
986 { 0x01bf, "IntelLanDeskManager" },
987 { 0x01ca, "AXTEC" },
988 { 0x01cb, "ShivaNetModem/E" },
989 { 0x01cc, "ShivaLanRover/E" },
990 { 0x01cd, "ShivaLanRover/T" },
991 { 0x01ce, "ShivaUniversal" },
992 { 0x01d8, "CastelleFAXPressServer" },
993 { 0x01da, "CastelleLANPressPrintServer" },
994 { 0x01dc, "CastelleFAX/Xerox7033 FaxServer/ExcelLanFax" },
995 { 0x01f0, "LEGATO" },
996 { 0x01f5, "LEGATO" },
997 { 0x0233, "NMS Agent/NetwareManagementAgent" },
998 { 0x0237, "NMS IPX Discovery/LANternReadWriteChannel" },
999 { 0x0238, "NMS IP Discovery/LANternTrapAlarmChannel" },
1000 { 0x023a, "LANtern" },
1001 { 0x023c, "MAVERICK" },
1002 { 0x023f, "NovellSMDR" },
1003 { 0x024e, "NetwareConnect" },
1004 { 0x024f, "NASI ServerBroadcast Cisco" },
1005 { 0x026a, "NMS ServiceConsole" },
1006 { 0x026b, "TimeSynchronizationServer Netware 4.x" },
1007 { 0x0278, "DirectoryServer Netware 4.x" },
1008 { 0x027b, "NetwareManagementAgent" },
1009 { 0x0280, "Novell File and Printer Sharing Service for PC" },
1010 { 0x0304, "NovellSAA Gateway" },
1011 { 0x0308, "COM/VERMED" },
1012 { 0x030a, "GalacticommWorldgroupServer" },
1013 { 0x030c, "IntelNetport2/HP JetDirect/HP Quicksilver" },
1014 { 0x0320, "AttachmateGateway" },
1015 { 0x0327, "MicrosoftDiagnostiocs" },
1016 { 0x0328, "WATCOM SQL Server" },
1017 { 0x0335, "MultiTechSystems MultisynchCommServer" },
1018 { 0x0343, "Xylogics RemoteAccessServer/LANModem" },
1019 { 0x0355, "ArcadaBackupExec" },
1020 { 0x0358, "MSLCD1" },
1021 { 0x0361, "NETINELO" },
1022 { 0x037e, "Powerchute UPS Monitoring" },
1023 { 0x037f, "ViruSafeNotify" },
1024 { 0x0386, "HP Bridge" },
1025 { 0x0387, "HP Hub" },
1026 { 0x0394, "NetWare SAA Gateway" },
1027 { 0x039b, "LotusNotes" },
1028 { 0x03b7, "CertusAntiVirus" },
1029 { 0x03c4, "ARCserve4.0" },
1030 { 0x03c7, "LANspool3.5" },
1031 { 0x03d7, "LexmarkPrinterServer" },
1032 { 0x03d8, "LexmarkXLE PrinterServer" },
1033 { 0x03dd, "BanyanENS NetwareClient" },
1034 { 0x03de, "GuptaSequelBaseServer/NetWareSQL" },
1035 { 0x03e1, "UnivelUnixware" },
1036 { 0x03e4, "UnivelUnixware" },
1037 { 0x03fc, "IntelNetport" },
1038 { 0x03fd, "PrintServerQueue" },
1039 { 0x040A, "ipnServer" },
1040 { 0x040D, "LVERRMAN" },
1041 { 0x040E, "LVLIC" },
1042 { 0x0414, "NET Silicon (DPI)/Kyocera" },
1043 { 0x0429, "SiteLockVirus" },
1044 { 0x0432, "UFHELPR???" },
1045 { 0x0433, "Synoptics281xAdvancedSNMPAgent" },
1046 { 0x0444, "MicrosoftNT SNA Server" },
1047 { 0x0448, "Oracle" },
1048 { 0x044c, "ARCserve5.01" },
1049 { 0x0457, "CanonGP55" },
1050 { 0x045a, "QMS Printers" },
1051 { 0x045b, "DellSCSI Array" },
1052 { 0x0491, "NetBlazerModems" },
1053 { 0x04ac, "OnTimeScheduler" },
1054 { 0x04b0, "CD-Net" },
1055 { 0x0513, "EmulexNQA" },
1056 { 0x0520, "SiteLockChecks" },
1057 { 0x0529, "SiteLockChecks" },
1058 { 0x052d, "CitrixOS2 AppServer" },
1059 { 0x0535, "Tektronix" },
1060 { 0x0536, "Milan" },
1061 { 0x055d, "Attachmate SNA gateway" },
1062 { 0x056b, "IBM8235 ModemServer" },
1063 { 0x056c, "ShivaLanRover/E PLUS" },
1064 { 0x056d, "ShivaLanRover/T PLUS" },
1065 { 0x0580, "McAfeeNetShield" },
1066 { 0x05B8, "NLM to workstation communication (Revelation Software)" },
1067 { 0x05BA, "CompatibleSystemsRouters" },
1068 { 0x05BE, "CheyenneHierarchicalStorageManager" },
1069 { 0x0606, "JCWatermarkImaging" },
1070 { 0x060c, "AXISNetworkPrinter" },
1071 { 0x0610, "AdaptecSCSIManagement" },
1072 { 0x0621, "IBM AntiVirus" },
1073 { 0x0640, "Windows95 RemoteRegistryService" },
1074 { 0x064e, "MicrosoftIIS" },
1075 { 0x067b, "Microsoft Win95/98 File and Print Sharing for NetWare" },
1076 { 0x067c, "Microsoft Win95/98 File and Print Sharing for NetWare" },
1077 { 0x076C, "Xerox" },
1078 { 0x079b, "ShivaLanRover/E 115" },
1079 { 0x079c, "ShivaLanRover/T 115" },
1080 { 0x07B4, "CubixWorldDesk" },
1081 { 0x07c2, "Quarterdeck IWare Connect V2.x NLM" },
1082 { 0x07c1, "Quarterdeck IWare Connect V3.x NLM" },
1083 { 0x0810, "ELAN License Server Demo" },
1084 { 0x0824, "ShivaLanRoverAccessSwitch/E" },
1085 { 0x086a, "ISSC Collector" },
1086 { 0x087f, "ISSC DAS AgentAIX" },
1087 { 0x0880, "Intel Netport PRO" },
1088 { 0x0881, "Intel Netport PRO" },
1089 { 0x0b29, "SiteLock" },
1090 { 0x0c29, "SiteLockApplications" },
1091 { 0x0c2c, "LicensingServer" },
1092 { 0x2101, "PerformanceTechnologyInstantInternet" },
1093 { 0x2380, "LAI SiteLock" },
1094 { 0x238c, "MeetingMaker" },
1095 { 0x4808, "SiteLockServer/SiteLockMetering" },
1096 { 0x5555, "SiteLockUser" },
1097 { 0x6312, "Tapeware" },
1098 { 0x6f00, "RabbitGateway" },
1099 { 0x7703, "MODEM" },
1100 { 0x8002, "NetPortPrinters" },
1101 { 0x8008, "WordPerfectNetworkVersion" },
1102 { 0x85BE, "Cisco EIGRP" },
1103 { 0x8888, "WordPerfectNetworkVersion/QuickNetworkManagement" },
1104 { 0x9000, "McAfeeNetShield" },
1105 { 0x9604, "CSA-NT_MON" },
1106 { 0xb6a8, "OceanIsleReachoutRemoteControl" },
1107 { 0xf11f, "SiteLockMetering" },
1108 { 0xf1ff, "SiteLock" },
1109 { 0xf503, "Microsoft SQL Server" },
1110 { 0xF905, "IBM TimeAndPlace" },
1111 { 0xfbfb, "TopCallIII FaxServer" },
1112 { 0xffff, "AnyService/Wildcard" },
1113 { 0, (char *)0 }
1114 };
1115
1116 static void
init_ipxsaparray(void)1117 init_ipxsaparray(void)
1118 {
1119 register int i;
1120 register struct hnamemem *table;
1121
1122 for (i = 0; ipxsap_db[i].s != NULL; i++) {
1123 int j = htons(ipxsap_db[i].v) & (HASHNAMESIZE-1);
1124 table = &ipxsaptable[j];
1125 while (table->name)
1126 table = table->nxt;
1127 table->name = ipxsap_db[i].s;
1128 table->addr = htons(ipxsap_db[i].v);
1129 table->nxt = newhnamemem();
1130 }
1131 }
1132
1133 /*
1134 * Initialize the address to name translation machinery. We map all
1135 * non-local IP addresses to numeric addresses if ndo->ndo_fflag is true
1136 * (i.e., to prevent blocking on the nameserver). localnet is the IP address
1137 * of the local network. mask is its subnet mask.
1138 */
1139 void
init_addrtoname(netdissect_options * ndo,uint32_t localnet,uint32_t mask)1140 init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
1141 {
1142 if (ndo->ndo_fflag) {
1143 f_localnet = localnet;
1144 f_netmask = mask;
1145 }
1146 if (ndo->ndo_nflag)
1147 /*
1148 * Simplest way to suppress names.
1149 */
1150 return;
1151
1152 init_etherarray();
1153 init_servarray(ndo);
1154 init_eprotoarray();
1155 init_protoidarray();
1156 init_ipxsaparray();
1157 }
1158
1159 const char *
dnaddr_string(netdissect_options * ndo,u_short dnaddr)1160 dnaddr_string(netdissect_options *ndo, u_short dnaddr)
1161 {
1162 register struct hnamemem *tp;
1163
1164 for (tp = &dnaddrtable[dnaddr & (HASHNAMESIZE-1)]; tp->nxt != 0;
1165 tp = tp->nxt)
1166 if (tp->addr == dnaddr)
1167 return (tp->name);
1168
1169 tp->addr = dnaddr;
1170 tp->nxt = newhnamemem();
1171 if (ndo->ndo_nflag)
1172 tp->name = dnnum_string(dnaddr);
1173 else
1174 tp->name = dnname_string(dnaddr);
1175
1176 return(tp->name);
1177 }
1178
1179 /* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */
1180 struct hnamemem *
newhnamemem(void)1181 newhnamemem(void)
1182 {
1183 register struct hnamemem *p;
1184 static struct hnamemem *ptr = NULL;
1185 static u_int num = 0;
1186
1187 if (num <= 0) {
1188 num = 64;
1189 ptr = (struct hnamemem *)calloc(num, sizeof (*ptr));
1190 if (ptr == NULL)
1191 error("newhnamemem: calloc");
1192 }
1193 --num;
1194 p = ptr++;
1195 return (p);
1196 }
1197
1198 #ifdef INET6
1199 /* Return a zero'ed h6namemem struct and cuts down on calloc() overhead */
1200 struct h6namemem *
newh6namemem(void)1201 newh6namemem(void)
1202 {
1203 register struct h6namemem *p;
1204 static struct h6namemem *ptr = NULL;
1205 static u_int num = 0;
1206
1207 if (num <= 0) {
1208 num = 64;
1209 ptr = (struct h6namemem *)calloc(num, sizeof (*ptr));
1210 if (ptr == NULL)
1211 error("newh6namemem: calloc");
1212 }
1213 --num;
1214 p = ptr++;
1215 return (p);
1216 }
1217 #endif /* INET6 */
1218
1219 /* Represent TCI part of the 802.1Q 4-octet tag as text. */
1220 const char *
ieee8021q_tci_string(const uint16_t tci)1221 ieee8021q_tci_string(const uint16_t tci)
1222 {
1223 static char buf[128];
1224 snprintf(buf, sizeof(buf), "vlan %u, p %u%s",
1225 tci & 0xfff,
1226 tci >> 13,
1227 (tci & 0x1000) ? ", DEI" : "");
1228 return buf;
1229 }
1230