1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /*
23 * txtproto_print() derived from original code by Hannes Gredler
24 * (hannes@gredler.at):
25 *
26 * Redistribution and use in source and binary forms, with or without
27 * modification, are permitted provided that: (1) source code
28 * distributions retain the above copyright notice and this paragraph
29 * in its entirety, and (2) distributions including binary code include
30 * the above copyright notice and this paragraph in its entirety in
31 * the documentation or other materials provided with the distribution.
32 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
33 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
34 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
35 * FOR A PARTICULAR PURPOSE.
36 */
37
38 #ifdef HAVE_CONFIG_H
39 #include <config.h>
40 #endif
41
42 #include "netdissect-stdinc.h"
43
44 #include <sys/stat.h>
45
46 #ifdef HAVE_FCNTL_H
47 #include <fcntl.h>
48 #endif
49 #include <stdio.h>
50 #include <stdarg.h>
51 #include <stdlib.h>
52 #include <string.h>
53
54 #include "netdissect-ctype.h"
55
56 #include "netdissect.h"
57 #include "extract.h"
58 #include "ascii_strcasecmp.h"
59 #include "timeval-operations.h"
60
61 #define TOKBUFSIZE 128
62
63 enum date_flag { WITHOUT_DATE = 0, WITH_DATE = 1 };
64 enum time_flag { UTC_TIME = 0, LOCAL_TIME = 1 };
65
66 /*
67 * Print out a character, filtering out the non-printable ones
68 */
69 void
fn_print_char(netdissect_options * ndo,u_char c)70 fn_print_char(netdissect_options *ndo, u_char c)
71 {
72 if (!ND_ISASCII(c)) {
73 c = ND_TOASCII(c);
74 ND_PRINT("M-");
75 }
76 if (!ND_ASCII_ISPRINT(c)) {
77 c ^= 0x40; /* DEL to ?, others to alpha */
78 ND_PRINT("^");
79 }
80 ND_PRINT("%c", c);
81 }
82
83 /*
84 * Print a null-terminated string, filtering out non-printable characters.
85 * DON'T USE IT with a pointer on the packet buffer because there is no
86 * truncation check. For this use, see the nd_printX() functions below.
87 */
88 void
fn_print_str(netdissect_options * ndo,const u_char * s)89 fn_print_str(netdissect_options *ndo, const u_char *s)
90 {
91 while (*s != '\0') {
92 fn_print_char(ndo, *s);
93 s++;
94 }
95 }
96
97 /*
98 * Print out a null-terminated filename (or other ASCII string) from
99 * a fixed-length field in the packet buffer, or from what remains of
100 * the packet.
101 *
102 * n is the length of the fixed-length field, or the number of bytes
103 * remaining in the packet based on its on-the-network length.
104 *
105 * If ep is non-null, it should point just past the last captured byte
106 * of the packet, e.g. ndo->ndo_snapend. If ep is NULL, we assume no
107 * truncation check, other than the checks of the field length/remaining
108 * packet data length, is needed.
109 *
110 * Return the number of bytes of string processed, including the
111 * terminating null, if not truncated; as the terminating null is
112 * included in the count, and as there must be a terminating null,
113 * this will always be non-zero. Return 0 if truncated.
114 */
115 u_int
nd_printztn(netdissect_options * ndo,const u_char * s,u_int n,const u_char * ep)116 nd_printztn(netdissect_options *ndo,
117 const u_char *s, u_int n, const u_char *ep)
118 {
119 u_int bytes;
120 u_char c;
121
122 bytes = 0;
123 for (;;) {
124 if (n == 0 || (ep != NULL && s >= ep)) {
125 /*
126 * Truncated. This includes "no null before we
127 * got to the end of the fixed-length buffer or
128 * the end of the packet".
129 *
130 * XXX - BOOTP says "null-terminated", which
131 * means the maximum length of the string, in
132 * bytes, is 1 less than the size of the buffer,
133 * as there must always be a terminating null.
134 */
135 bytes = 0;
136 break;
137 }
138
139 c = GET_U_1(s);
140 s++;
141 bytes++;
142 n--;
143 if (c == '\0') {
144 /* End of string */
145 break;
146 }
147 fn_print_char(ndo, c);
148 }
149 return(bytes);
150 }
151
152 /*
153 * Print out a counted filename (or other ASCII string), part of
154 * the packet buffer.
155 * If ep is NULL, assume no truncation check is needed.
156 * Return true if truncated.
157 * Stop at ep (if given) or after n bytes, whichever is first.
158 */
159 int
nd_printn(netdissect_options * ndo,const u_char * s,u_int n,const u_char * ep)160 nd_printn(netdissect_options *ndo,
161 const u_char *s, u_int n, const u_char *ep)
162 {
163 u_char c;
164
165 while (n > 0 && (ep == NULL || s < ep)) {
166 n--;
167 c = GET_U_1(s);
168 s++;
169 fn_print_char(ndo, c);
170 }
171 return (n == 0) ? 0 : 1;
172 }
173
174 /*
175 * Print a null-padded filename (or other ASCII string), part of
176 * the packet buffer, filtering out non-printable characters.
177 * Stop if truncated (via GET_U_1/longjmp) or after n bytes or before
178 * the null char, whichever occurs first.
179 * The suffix comes from: j:longJmp, n:after N bytes, p:null-Padded.
180 */
181 void
nd_printjnp(netdissect_options * ndo,const u_char * s,u_int n)182 nd_printjnp(netdissect_options *ndo, const u_char *s, u_int n)
183 {
184 u_char c;
185
186 while (n > 0) {
187 c = GET_U_1(s);
188 if (c == '\0')
189 break;
190 fn_print_char(ndo, c);
191 n--;
192 s++;
193 }
194 }
195
196 /*
197 * Print the timestamp .FRAC part (Microseconds/nanoseconds)
198 */
199 static void
ts_frac_print(netdissect_options * ndo,long usec)200 ts_frac_print(netdissect_options *ndo, long usec)
201 {
202 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
203 switch (ndo->ndo_tstamp_precision) {
204
205 case PCAP_TSTAMP_PRECISION_MICRO:
206 ND_PRINT(".%06u", (unsigned)usec);
207 break;
208
209 case PCAP_TSTAMP_PRECISION_NANO:
210 ND_PRINT(".%09u", (unsigned)usec);
211 break;
212
213 default:
214 ND_PRINT(".{unknown}");
215 break;
216 }
217 #else
218 ND_PRINT(".%06u", (unsigned)usec);
219 #endif
220 }
221
222 /*
223 * Print the timestamp as [YY:MM:DD] HH:MM:SS.FRAC.
224 * if time_flag == LOCAL_TIME print local time else UTC/GMT time
225 * if date_flag == WITH_DATE print YY:MM:DD before HH:MM:SS.FRAC
226 */
227 static void
ts_date_hmsfrac_print(netdissect_options * ndo,long sec,long usec,enum date_flag date_flag,enum time_flag time_flag)228 ts_date_hmsfrac_print(netdissect_options *ndo, long sec, long usec,
229 enum date_flag date_flag, enum time_flag time_flag)
230 {
231 time_t Time = sec;
232 struct tm *tm;
233 char timebuf[32];
234 const char *timestr;
235
236 if ((unsigned)sec & 0x80000000) {
237 ND_PRINT("[Error converting time]");
238 return;
239 }
240
241 if (time_flag == LOCAL_TIME)
242 tm = localtime(&Time);
243 else
244 tm = gmtime(&Time);
245
246 if (date_flag == WITH_DATE) {
247 timestr = nd_format_time(timebuf, sizeof(timebuf),
248 "%Y-%m-%d %H:%M:%S", tm);
249 } else {
250 timestr = nd_format_time(timebuf, sizeof(timebuf),
251 "%H:%M:%S", tm);
252 }
253 ND_PRINT("%s", timestr);
254
255 ts_frac_print(ndo, usec);
256 }
257
258 /*
259 * Print the timestamp - Unix timeval style, as SECS.FRAC.
260 */
261 static void
ts_unix_print(netdissect_options * ndo,long sec,long usec)262 ts_unix_print(netdissect_options *ndo, long sec, long usec)
263 {
264 if ((unsigned)sec & 0x80000000) {
265 ND_PRINT("[Error converting time]");
266 return;
267 }
268
269 ND_PRINT("%u", (unsigned)sec);
270 ts_frac_print(ndo, usec);
271 }
272
273 /*
274 * Print the timestamp
275 */
276 void
ts_print(netdissect_options * ndo,const struct timeval * tvp)277 ts_print(netdissect_options *ndo,
278 const struct timeval *tvp)
279 {
280 static struct timeval tv_ref;
281 struct timeval tv_result;
282 int negative_offset;
283 int nano_prec;
284
285 switch (ndo->ndo_tflag) {
286
287 case 0: /* Default */
288 ts_date_hmsfrac_print(ndo, tvp->tv_sec, tvp->tv_usec,
289 WITHOUT_DATE, LOCAL_TIME);
290 ND_PRINT(" ");
291 break;
292
293 case 1: /* No time stamp */
294 break;
295
296 case 2: /* Unix timeval style */
297 ts_unix_print(ndo, tvp->tv_sec, tvp->tv_usec);
298 ND_PRINT(" ");
299 break;
300
301 case 3: /* Microseconds/nanoseconds since previous packet */
302 case 5: /* Microseconds/nanoseconds since first packet */
303 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
304 switch (ndo->ndo_tstamp_precision) {
305 case PCAP_TSTAMP_PRECISION_MICRO:
306 nano_prec = 0;
307 break;
308 case PCAP_TSTAMP_PRECISION_NANO:
309 nano_prec = 1;
310 break;
311 default:
312 nano_prec = 0;
313 break;
314 }
315 #else
316 nano_prec = 0;
317 #endif
318 if (!(netdissect_timevalisset(&tv_ref)))
319 tv_ref = *tvp; /* set timestamp for first packet */
320
321 negative_offset = netdissect_timevalcmp(tvp, &tv_ref, <);
322 if (negative_offset)
323 netdissect_timevalsub(&tv_ref, tvp, &tv_result, nano_prec);
324 else
325 netdissect_timevalsub(tvp, &tv_ref, &tv_result, nano_prec);
326
327 ND_PRINT((negative_offset ? "-" : " "));
328 ts_date_hmsfrac_print(ndo, tv_result.tv_sec, tv_result.tv_usec,
329 WITHOUT_DATE, UTC_TIME);
330 ND_PRINT(" ");
331
332 if (ndo->ndo_tflag == 3)
333 tv_ref = *tvp; /* set timestamp for previous packet */
334 break;
335
336 case 4: /* Date + Default */
337 ts_date_hmsfrac_print(ndo, tvp->tv_sec, tvp->tv_usec,
338 WITH_DATE, LOCAL_TIME);
339 ND_PRINT(" ");
340 break;
341 }
342 }
343
344 /*
345 * Print an unsigned relative number of seconds (e.g. hold time, prune timer)
346 * in the form 5m1s. This does no truncation, so 32230861 seconds
347 * is represented as 1y1w1d1h1m1s.
348 */
349 void
unsigned_relts_print(netdissect_options * ndo,uint32_t secs)350 unsigned_relts_print(netdissect_options *ndo,
351 uint32_t secs)
352 {
353 static const char *lengths[] = {"y", "w", "d", "h", "m", "s"};
354 static const u_int seconds[] = {31536000, 604800, 86400, 3600, 60, 1};
355 const char **l = lengths;
356 const u_int *s = seconds;
357
358 if (secs == 0) {
359 ND_PRINT("0s");
360 return;
361 }
362 while (secs > 0) {
363 if (secs >= *s) {
364 ND_PRINT("%u%s", secs / *s, *l);
365 secs -= (secs / *s) * *s;
366 }
367 s++;
368 l++;
369 }
370 }
371
372 /*
373 * Print a signed relative number of seconds (e.g. hold time, prune timer)
374 * in the form 5m1s. This does no truncation, so 32230861 seconds
375 * is represented as 1y1w1d1h1m1s.
376 */
377 void
signed_relts_print(netdissect_options * ndo,int32_t secs)378 signed_relts_print(netdissect_options *ndo,
379 int32_t secs)
380 {
381 if (secs < 0) {
382 ND_PRINT("-");
383 if (secs == INT32_MIN) {
384 /*
385 * -2^31; you can't fit its absolute value into
386 * a 32-bit signed integer.
387 *
388 * Just directly pass said absolute value to
389 * unsigned_relts_print() directly.
390 *
391 * (XXX - does ISO C guarantee that -(-2^n),
392 * when calculated and cast to an n-bit unsigned
393 * integer type, will have the value 2^n?)
394 */
395 unsigned_relts_print(ndo, 2147483648U);
396 } else {
397 /*
398 * We now know -secs will fit into an int32_t;
399 * negate it and pass that to unsigned_relts_print().
400 */
401 unsigned_relts_print(ndo, -secs);
402 }
403 return;
404 }
405 unsigned_relts_print(ndo, secs);
406 }
407
408 /*
409 * Format a struct tm with strftime().
410 * If the pointer to the struct tm is null, that means that the
411 * routine to convert a time_t to a struct tm failed; the localtime()
412 * and gmtime() in the Microsoft Visual Studio C library will fail,
413 * returning null, if the value is before the UNIX Epoch.
414 */
415 const char *
nd_format_time(char * buf,size_t bufsize,const char * format,const struct tm * timeptr)416 nd_format_time(char *buf, size_t bufsize, const char *format,
417 const struct tm *timeptr)
418 {
419 if (timeptr != NULL) {
420 if (strftime(buf, bufsize, format, timeptr) != 0)
421 return (buf);
422 else
423 return ("[nd_format_time() buffer is too small]");
424 } else
425 return ("[localtime() or gmtime() couldn't convert the date and time]");
426 }
427
428 /* Print the truncated string */
nd_print_trunc(netdissect_options * ndo)429 void nd_print_trunc(netdissect_options *ndo)
430 {
431 ND_PRINT(" [|%s]", ndo->ndo_protocol);
432 }
433
434 /* Print the protocol name */
nd_print_protocol(netdissect_options * ndo)435 void nd_print_protocol(netdissect_options *ndo)
436 {
437 ND_PRINT("%s", ndo->ndo_protocol);
438 }
439
440 /* Print the protocol name in caps (uppercases) */
nd_print_protocol_caps(netdissect_options * ndo)441 void nd_print_protocol_caps(netdissect_options *ndo)
442 {
443 const char *p;
444 for (p = ndo->ndo_protocol; *p != '\0'; p++)
445 ND_PRINT("%c", ND_ASCII_TOUPPER(*p));
446 }
447
448 /* Print the invalid string */
nd_print_invalid(netdissect_options * ndo)449 void nd_print_invalid(netdissect_options *ndo)
450 {
451 ND_PRINT(" (invalid)");
452 }
453
454 /*
455 * this is a generic routine for printing unknown data;
456 * we pass on the linefeed plus indentation string to
457 * get a proper output - returns 0 on error
458 */
459
460 int
print_unknown_data(netdissect_options * ndo,const u_char * cp,const char * ident,u_int len)461 print_unknown_data(netdissect_options *ndo, const u_char *cp,
462 const char *ident, u_int len)
463 {
464 u_int len_to_print;
465
466 len_to_print = len;
467 if (!ND_TTEST_LEN(cp, 0)) {
468 ND_PRINT("%sDissector error: print_unknown_data called with pointer past end of packet",
469 ident);
470 return(0);
471 }
472 if (ND_BYTES_AVAILABLE_AFTER(cp) < len_to_print)
473 len_to_print = ND_BYTES_AVAILABLE_AFTER(cp);
474 hex_print(ndo, ident, cp, len_to_print);
475 return(1); /* everything is ok */
476 }
477
478 /*
479 * Convert a token value to a string; use "fmt" if not found.
480 */
481 static const char *
tok2strbuf(const struct tok * lp,const char * fmt,u_int v,char * buf,size_t bufsize)482 tok2strbuf(const struct tok *lp, const char *fmt,
483 u_int v, char *buf, size_t bufsize)
484 {
485 if (lp != NULL) {
486 while (lp->s != NULL) {
487 if (lp->v == v)
488 return (lp->s);
489 ++lp;
490 }
491 }
492 if (fmt == NULL)
493 fmt = "#%d";
494
495 (void)snprintf(buf, bufsize, fmt, v);
496 return (const char *)buf;
497 }
498
499 /*
500 * Convert a token value to a string; use "fmt" if not found.
501 * Uses tok2strbuf() on one of four local static buffers of size TOKBUFSIZE
502 * in round-robin fashion.
503 */
504 const char *
tok2str(const struct tok * lp,const char * fmt,u_int v)505 tok2str(const struct tok *lp, const char *fmt,
506 u_int v)
507 {
508 static char buf[4][TOKBUFSIZE];
509 static int idx = 0;
510 char *ret;
511
512 ret = buf[idx];
513 idx = (idx+1) & 3;
514 return tok2strbuf(lp, fmt, v, ret, sizeof(buf[0]));
515 }
516
517 /*
518 * Convert a bit token value to a string; use "fmt" if not found.
519 * this is useful for parsing bitfields, the output strings are separated
520 * if the s field is positive.
521 *
522 * A token matches iff it has one or more bits set and every bit that is set
523 * in the token is set in v. Consequently, a 0 token never matches.
524 */
525 static char *
bittok2str_internal(const struct tok * lp,const char * fmt,u_int v,const char * sep)526 bittok2str_internal(const struct tok *lp, const char *fmt,
527 u_int v, const char *sep)
528 {
529 static char buf[1024+1]; /* our string buffer */
530 char *bufp = buf;
531 size_t space_left = sizeof(buf), string_size;
532 const char * sepstr = "";
533
534 while (lp != NULL && lp->s != NULL) {
535 if (lp->v && (v & lp->v) == lp->v) {
536 /* ok we have found something */
537 if (space_left <= 1)
538 return (buf); /* only enough room left for NUL, if that */
539 string_size = strlcpy(bufp, sepstr, space_left);
540 if (string_size >= space_left)
541 return (buf); /* we ran out of room */
542 bufp += string_size;
543 space_left -= string_size;
544 if (space_left <= 1)
545 return (buf); /* only enough room left for NUL, if that */
546 string_size = strlcpy(bufp, lp->s, space_left);
547 if (string_size >= space_left)
548 return (buf); /* we ran out of room */
549 bufp += string_size;
550 space_left -= string_size;
551 sepstr = sep;
552 }
553 lp++;
554 }
555
556 if (bufp == buf)
557 /* bummer - lets print the "unknown" message as advised in the fmt string if we got one */
558 (void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%08x" : fmt, v);
559 return (buf);
560 }
561
562 /*
563 * Convert a bit token value to a string; use "fmt" if not found.
564 * this is useful for parsing bitfields, the output strings are not separated.
565 */
566 char *
bittok2str_nosep(const struct tok * lp,const char * fmt,u_int v)567 bittok2str_nosep(const struct tok *lp, const char *fmt,
568 u_int v)
569 {
570 return (bittok2str_internal(lp, fmt, v, ""));
571 }
572
573 /*
574 * Convert a bit token value to a string; use "fmt" if not found.
575 * this is useful for parsing bitfields, the output strings are comma separated.
576 */
577 char *
bittok2str(const struct tok * lp,const char * fmt,u_int v)578 bittok2str(const struct tok *lp, const char *fmt,
579 u_int v)
580 {
581 return (bittok2str_internal(lp, fmt, v, ", "));
582 }
583
584 /*
585 * Convert a value to a string using an array; the macro
586 * tok2strary() in <netdissect.h> is the public interface to
587 * this function and ensures that the second argument is
588 * correct for bounds-checking.
589 */
590 const char *
tok2strary_internal(const char ** lp,int n,const char * fmt,int v)591 tok2strary_internal(const char **lp, int n, const char *fmt,
592 int v)
593 {
594 static char buf[TOKBUFSIZE];
595
596 if (v >= 0 && v < n && lp[v] != NULL)
597 return lp[v];
598 if (fmt == NULL)
599 fmt = "#%d";
600 (void)snprintf(buf, sizeof(buf), fmt, v);
601 return (buf);
602 }
603
604 const struct tok *
uint2tokary_internal(const struct uint_tokary dict[],const size_t size,const u_int val)605 uint2tokary_internal(const struct uint_tokary dict[], const size_t size,
606 const u_int val)
607 {
608 size_t i;
609 /* Try a direct lookup before the full scan. */
610 if (val < size && dict[val].uintval == val)
611 return dict[val].tokary; /* OK if NULL */
612 for (i = 0; i < size; i++)
613 if (dict[i].uintval == val)
614 return dict[i].tokary; /* OK if NULL */
615 return NULL;
616 }
617
618 /*
619 * Convert a 32-bit netmask to prefixlen if possible
620 * the function returns the prefix-len; if plen == -1
621 * then conversion was not possible;
622 */
623
624 int
mask2plen(uint32_t mask)625 mask2plen(uint32_t mask)
626 {
627 const uint32_t bitmasks[33] = {
628 0x00000000,
629 0x80000000, 0xc0000000, 0xe0000000, 0xf0000000,
630 0xf8000000, 0xfc000000, 0xfe000000, 0xff000000,
631 0xff800000, 0xffc00000, 0xffe00000, 0xfff00000,
632 0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000,
633 0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000,
634 0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00,
635 0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0,
636 0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff
637 };
638 int prefix_len = 32;
639
640 /* let's see if we can transform the mask into a prefixlen */
641 while (prefix_len >= 0) {
642 if (bitmasks[prefix_len] == mask)
643 break;
644 prefix_len--;
645 }
646 return (prefix_len);
647 }
648
649 int
mask62plen(const u_char * mask)650 mask62plen(const u_char *mask)
651 {
652 u_char bitmasks[9] = {
653 0x00,
654 0x80, 0xc0, 0xe0, 0xf0,
655 0xf8, 0xfc, 0xfe, 0xff
656 };
657 int byte;
658 int cidr_len = 0;
659
660 for (byte = 0; byte < 16; byte++) {
661 u_int bits;
662
663 for (bits = 0; bits < (sizeof (bitmasks) / sizeof (bitmasks[0])); bits++) {
664 if (mask[byte] == bitmasks[bits]) {
665 cidr_len += bits;
666 break;
667 }
668 }
669
670 if (mask[byte] != 0xff)
671 break;
672 }
673 return (cidr_len);
674 }
675
676 /*
677 * Routine to print out information for text-based protocols such as FTP,
678 * HTTP, SMTP, RTSP, SIP, ....
679 */
680 #define MAX_TOKEN 128
681
682 /*
683 * Fetch a token from a packet, starting at the specified index,
684 * and return the length of the token.
685 *
686 * Returns 0 on error; yes, this is indistinguishable from an empty
687 * token, but an "empty token" isn't a valid token - it just means
688 * either a space character at the beginning of the line (this
689 * includes a blank line) or no more tokens remaining on the line.
690 */
691 static int
fetch_token(netdissect_options * ndo,const u_char * pptr,u_int idx,u_int len,u_char * tbuf,size_t tbuflen)692 fetch_token(netdissect_options *ndo, const u_char *pptr, u_int idx, u_int len,
693 u_char *tbuf, size_t tbuflen)
694 {
695 size_t toklen = 0;
696 u_char c;
697
698 for (; idx < len; idx++) {
699 if (!ND_TTEST_1(pptr + idx)) {
700 /* ran past end of captured data */
701 return (0);
702 }
703 c = GET_U_1(pptr + idx);
704 if (!ND_ISASCII(c)) {
705 /* not an ASCII character */
706 return (0);
707 }
708 if (c == ' ' || c == '\t' || c == '\r' || c == '\n') {
709 /* end of token */
710 break;
711 }
712 if (!ND_ASCII_ISPRINT(c)) {
713 /* not part of a command token or response code */
714 return (0);
715 }
716 if (toklen + 2 > tbuflen) {
717 /* no room for this character and terminating '\0' */
718 return (0);
719 }
720 tbuf[toklen] = c;
721 toklen++;
722 }
723 if (toklen == 0) {
724 /* no token */
725 return (0);
726 }
727 tbuf[toklen] = '\0';
728
729 /*
730 * Skip past any white space after the token, until we see
731 * an end-of-line (CR or LF).
732 */
733 for (; idx < len; idx++) {
734 if (!ND_TTEST_1(pptr + idx)) {
735 /* ran past end of captured data */
736 break;
737 }
738 c = GET_U_1(pptr + idx);
739 if (c == '\r' || c == '\n') {
740 /* end of line */
741 break;
742 }
743 if (!ND_ASCII_ISPRINT(c)) {
744 /* not a printable ASCII character */
745 break;
746 }
747 if (c != ' ' && c != '\t' && c != '\r' && c != '\n') {
748 /* beginning of next token */
749 break;
750 }
751 }
752 return (idx);
753 }
754
755 /*
756 * Scan a buffer looking for a line ending - LF or CR-LF.
757 * Return the index of the character after the line ending or 0 if
758 * we encounter a non-ASCII or non-printable character or don't find
759 * the line ending.
760 */
761 static u_int
print_txt_line(netdissect_options * ndo,const char * prefix,const u_char * pptr,u_int idx,u_int len)762 print_txt_line(netdissect_options *ndo, const char *prefix,
763 const u_char *pptr, u_int idx, u_int len)
764 {
765 u_int startidx;
766 u_int linelen;
767 u_char c;
768
769 startidx = idx;
770 while (idx < len) {
771 c = GET_U_1(pptr + idx);
772 if (c == '\n') {
773 /*
774 * LF without CR; end of line.
775 * Skip the LF and print the line, with the
776 * exception of the LF.
777 */
778 linelen = idx - startidx;
779 idx++;
780 goto print;
781 } else if (c == '\r') {
782 /* CR - any LF? */
783 if ((idx+1) >= len) {
784 /* not in this packet */
785 return (0);
786 }
787 if (GET_U_1(pptr + idx + 1) == '\n') {
788 /*
789 * CR-LF; end of line.
790 * Skip the CR-LF and print the line, with
791 * the exception of the CR-LF.
792 */
793 linelen = idx - startidx;
794 idx += 2;
795 goto print;
796 }
797
798 /*
799 * CR followed by something else; treat this
800 * as if it were binary data, and don't print
801 * it.
802 */
803 return (0);
804 } else if (!ND_ASCII_ISPRINT(c) && c != '\t') {
805 /*
806 * Not a printable ASCII character and not a tab;
807 * treat this as if it were binary data, and
808 * don't print it.
809 */
810 return (0);
811 }
812 idx++;
813 }
814
815 /*
816 * All printable ASCII, but no line ending after that point
817 * in the buffer; treat this as if it were truncated.
818 */
819 linelen = idx - startidx;
820 ND_PRINT("%s%.*s", prefix, (int)linelen, pptr + startidx);
821 nd_print_trunc(ndo);
822 return (0);
823
824 print:
825 ND_PRINT("%s%.*s", prefix, (int)linelen, pptr + startidx);
826 return (idx);
827 }
828
829 /* Assign needed before calling txtproto_print(): ndo->ndo_protocol = "proto" */
830 void
txtproto_print(netdissect_options * ndo,const u_char * pptr,u_int len,const char ** cmds,u_int flags)831 txtproto_print(netdissect_options *ndo, const u_char *pptr, u_int len,
832 const char **cmds, u_int flags)
833 {
834 u_int idx, eol;
835 u_char token[MAX_TOKEN+1];
836 const char *cmd;
837 int print_this = 0;
838
839 if (cmds != NULL) {
840 /*
841 * This protocol has more than just request and
842 * response lines; see whether this looks like a
843 * request or response and, if so, print it and,
844 * in verbose mode, print everything after it.
845 *
846 * This is for HTTP-like protocols, where we
847 * want to print requests and responses, but
848 * don't want to print continuations of request
849 * or response bodies in packets that don't
850 * contain the request or response line.
851 */
852 idx = fetch_token(ndo, pptr, 0, len, token, sizeof(token));
853 if (idx != 0) {
854 /* Is this a valid request name? */
855 while ((cmd = *cmds++) != NULL) {
856 if (ascii_strcasecmp((const char *)token, cmd) == 0) {
857 /* Yes. */
858 print_this = 1;
859 break;
860 }
861 }
862
863 /*
864 * No - is this a valid response code (3 digits)?
865 *
866 * Is this token the response code, or is the next
867 * token the response code?
868 */
869 if (flags & RESP_CODE_SECOND_TOKEN) {
870 /*
871 * Next token - get it.
872 */
873 idx = fetch_token(ndo, pptr, idx, len, token,
874 sizeof(token));
875 }
876 if (idx != 0) {
877 if (ND_ASCII_ISDIGIT(token[0]) && ND_ASCII_ISDIGIT(token[1]) &&
878 ND_ASCII_ISDIGIT(token[2]) && token[3] == '\0') {
879 /* Yes. */
880 print_this = 1;
881 }
882 }
883 }
884 } else {
885 /*
886 * Either:
887 *
888 * 1) This protocol has only request and response lines
889 * (e.g., FTP, where all the data goes over a different
890 * connection); assume the payload is a request or
891 * response.
892 *
893 * or
894 *
895 * 2) This protocol is just text, so that we should
896 * always, at minimum, print the first line and,
897 * in verbose mode, print all lines.
898 */
899 print_this = 1;
900 }
901
902 nd_print_protocol_caps(ndo);
903
904 if (print_this) {
905 /*
906 * In non-verbose mode, just print the protocol, followed
907 * by the first line.
908 *
909 * In verbose mode, print lines as text until we run out
910 * of characters or see something that's not a
911 * printable-ASCII line.
912 */
913 if (ndo->ndo_vflag) {
914 /*
915 * We're going to print all the text lines in the
916 * request or response; just print the length
917 * on the first line of the output.
918 */
919 ND_PRINT(", length: %u", len);
920 for (idx = 0;
921 idx < len && (eol = print_txt_line(ndo, "\n\t", pptr, idx, len)) != 0;
922 idx = eol)
923 ;
924 } else {
925 /*
926 * Just print the first text line.
927 */
928 print_txt_line(ndo, ": ", pptr, 0, len);
929 }
930 }
931 }
932
933 #if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
934 (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
935 (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
936 (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
937 (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || \
938 defined(__vax__)
939 /*
940 * The processor natively handles unaligned loads, so just use memcpy()
941 * and memcmp(), to enable those optimizations.
942 *
943 * XXX - are those all the x86 tests we need?
944 * XXX - do we need to worry about ARMv1 through ARMv5, which didn't
945 * support unaligned loads, and, if so, do we need to worry about all
946 * of them, or just some of them, e.g. ARMv5?
947 * XXX - are those the only 68k tests we need not to generated
948 * unaligned accesses if the target is the 68000 or 68010?
949 * XXX - are there any tests we don't need, because some definitions are for
950 * compilers that also predefine the GCC symbols?
951 * XXX - do we need to test for both 32-bit and 64-bit versions of those
952 * architectures in all cases?
953 */
954 #else
955 /*
956 * The processor doesn't natively handle unaligned loads,
957 * and the compiler might "helpfully" optimize memcpy()
958 * and memcmp(), when handed pointers that would normally
959 * be properly aligned, into sequences that assume proper
960 * alignment.
961 *
962 * Do copies and compares of possibly-unaligned data by
963 * calling routines that wrap memcpy() and memcmp(), to
964 * prevent that optimization.
965 */
966 void
unaligned_memcpy(void * p,const void * q,size_t l)967 unaligned_memcpy(void *p, const void *q, size_t l)
968 {
969 memcpy(p, q, l);
970 }
971
972 /* As with memcpy(), so with memcmp(). */
973 int
unaligned_memcmp(const void * p,const void * q,size_t l)974 unaligned_memcmp(const void *p, const void *q, size_t l)
975 {
976 return (memcmp(p, q, l));
977 }
978 #endif
979
980