1 /*
2  * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  */
21 
22 /*
23  * txtproto_print() derived from original code by Hannes Gredler
24  * (hannes@gredler.at):
25  *
26  * Redistribution and use in source and binary forms, with or without
27  * modification, are permitted provided that: (1) source code
28  * distributions retain the above copyright notice and this paragraph
29  * in its entirety, and (2) distributions including binary code include
30  * the above copyright notice and this paragraph in its entirety in
31  * the documentation or other materials provided with the distribution.
32  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
33  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
34  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
35  * FOR A PARTICULAR PURPOSE.
36  */
37 
38 #ifdef HAVE_CONFIG_H
39 #include <config.h>
40 #endif
41 
42 #include "netdissect-stdinc.h"
43 
44 #include <sys/stat.h>
45 
46 #ifdef HAVE_FCNTL_H
47 #include <fcntl.h>
48 #endif
49 #include <stdio.h>
50 #include <stdarg.h>
51 #include <stdlib.h>
52 #include <string.h>
53 
54 #include "netdissect-ctype.h"
55 
56 #include "netdissect.h"
57 #include "extract.h"
58 #include "ascii_strcasecmp.h"
59 #include "timeval-operations.h"
60 
61 #define TOKBUFSIZE 128
62 
63 enum date_flag { WITHOUT_DATE = 0, WITH_DATE = 1 };
64 enum time_flag { UTC_TIME = 0, LOCAL_TIME = 1 };
65 
66 /*
67  * Print out a character, filtering out the non-printable ones
68  */
69 void
fn_print_char(netdissect_options * ndo,u_char c)70 fn_print_char(netdissect_options *ndo, u_char c)
71 {
72 	if (!ND_ISASCII(c)) {
73 		c = ND_TOASCII(c);
74 		ND_PRINT("M-");
75 	}
76 	if (!ND_ASCII_ISPRINT(c)) {
77 		c ^= 0x40;	/* DEL to ?, others to alpha */
78 		ND_PRINT("^");
79 	}
80 	ND_PRINT("%c", c);
81 }
82 
83 /*
84  * Print a null-terminated string, filtering out non-printable characters.
85  * DON'T USE IT with a pointer on the packet buffer because there is no
86  * truncation check. For this use, see the nd_printX() functions below.
87  */
88 void
fn_print_str(netdissect_options * ndo,const u_char * s)89 fn_print_str(netdissect_options *ndo, const u_char *s)
90 {
91 	while (*s != '\0') {
92 		fn_print_char(ndo, *s);
93 		s++;
94        }
95 }
96 
97 /*
98  * Print out a null-terminated filename (or other ASCII string) from
99  * a fixed-length field in the packet buffer, or from what remains of
100  * the packet.
101  *
102  * n is the length of the fixed-length field, or the number of bytes
103  * remaining in the packet based on its on-the-network length.
104  *
105  * If ep is non-null, it should point just past the last captured byte
106  * of the packet, e.g. ndo->ndo_snapend.  If ep is NULL, we assume no
107  * truncation check, other than the checks of the field length/remaining
108  * packet data length, is needed.
109  *
110  * Return the number of bytes of string processed, including the
111  * terminating null, if not truncated; as the terminating null is
112  * included in the count, and as there must be a terminating null,
113  * this will always be non-zero.  Return 0 if truncated.
114  */
115 u_int
nd_printztn(netdissect_options * ndo,const u_char * s,u_int n,const u_char * ep)116 nd_printztn(netdissect_options *ndo,
117          const u_char *s, u_int n, const u_char *ep)
118 {
119 	u_int bytes;
120 	u_char c;
121 
122 	bytes = 0;
123 	for (;;) {
124 		if (n == 0 || (ep != NULL && s >= ep)) {
125 			/*
126 			 * Truncated.  This includes "no null before we
127 			 * got to the end of the fixed-length buffer or
128 			 * the end of the packet".
129 			 *
130 			 * XXX - BOOTP says "null-terminated", which
131 			 * means the maximum length of the string, in
132 			 * bytes, is 1 less than the size of the buffer,
133 			 * as there must always be a terminating null.
134 			 */
135 			bytes = 0;
136 			break;
137 		}
138 
139 		c = GET_U_1(s);
140 		s++;
141 		bytes++;
142 		n--;
143 		if (c == '\0') {
144 			/* End of string */
145 			break;
146 		}
147 		fn_print_char(ndo, c);
148 	}
149 	return(bytes);
150 }
151 
152 /*
153  * Print out a counted filename (or other ASCII string), part of
154  * the packet buffer.
155  * If ep is NULL, assume no truncation check is needed.
156  * Return true if truncated.
157  * Stop at ep (if given) or after n bytes, whichever is first.
158  */
159 int
nd_printn(netdissect_options * ndo,const u_char * s,u_int n,const u_char * ep)160 nd_printn(netdissect_options *ndo,
161           const u_char *s, u_int n, const u_char *ep)
162 {
163 	u_char c;
164 
165 	while (n > 0 && (ep == NULL || s < ep)) {
166 		n--;
167 		c = GET_U_1(s);
168 		s++;
169 		fn_print_char(ndo, c);
170 	}
171 	return (n == 0) ? 0 : 1;
172 }
173 
174 /*
175  * Print a null-padded filename (or other ASCII string), part of
176  * the packet buffer, filtering out non-printable characters.
177  * Stop if truncated (via GET_U_1/longjmp) or after n bytes or before
178  * the null char, whichever occurs first.
179  * The suffix comes from: j:longJmp, n:after N bytes, p:null-Padded.
180  */
181 void
nd_printjnp(netdissect_options * ndo,const u_char * s,u_int n)182 nd_printjnp(netdissect_options *ndo, const u_char *s, u_int n)
183 {
184 	u_char c;
185 
186 	while (n > 0) {
187 		c = GET_U_1(s);
188 		if (c == '\0')
189 			break;
190 		fn_print_char(ndo, c);
191 		n--;
192 		s++;
193 	}
194 }
195 
196 /*
197  * Print the timestamp .FRAC part (Microseconds/nanoseconds)
198  */
199 static void
ts_frac_print(netdissect_options * ndo,long usec)200 ts_frac_print(netdissect_options *ndo, long usec)
201 {
202 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
203 	switch (ndo->ndo_tstamp_precision) {
204 
205 	case PCAP_TSTAMP_PRECISION_MICRO:
206 		ND_PRINT(".%06u", (unsigned)usec);
207 		break;
208 
209 	case PCAP_TSTAMP_PRECISION_NANO:
210 		ND_PRINT(".%09u", (unsigned)usec);
211 		break;
212 
213 	default:
214 		ND_PRINT(".{unknown}");
215 		break;
216 	}
217 #else
218 	ND_PRINT(".%06u", (unsigned)usec);
219 #endif
220 }
221 
222 /*
223  * Print the timestamp as [YY:MM:DD] HH:MM:SS.FRAC.
224  *   if time_flag == LOCAL_TIME print local time else UTC/GMT time
225  *   if date_flag == WITH_DATE print YY:MM:DD before HH:MM:SS.FRAC
226  */
227 static void
ts_date_hmsfrac_print(netdissect_options * ndo,long sec,long usec,enum date_flag date_flag,enum time_flag time_flag)228 ts_date_hmsfrac_print(netdissect_options *ndo, long sec, long usec,
229 		      enum date_flag date_flag, enum time_flag time_flag)
230 {
231 	time_t Time = sec;
232 	struct tm *tm;
233 	char timestr[32];
234 
235 	if ((unsigned)sec & 0x80000000) {
236 		ND_PRINT("[Error converting time]");
237 		return;
238 	}
239 
240 	if (time_flag == LOCAL_TIME)
241 		tm = localtime(&Time);
242 	else
243 		tm = gmtime(&Time);
244 
245 	if (!tm) {
246 		ND_PRINT("[Error converting time]");
247 		return;
248 	}
249 	if (date_flag == WITH_DATE)
250 		strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", tm);
251 	else
252 		strftime(timestr, sizeof(timestr), "%H:%M:%S", tm);
253 	ND_PRINT("%s", timestr);
254 
255 	ts_frac_print(ndo, usec);
256 }
257 
258 /*
259  * Print the timestamp - Unix timeval style, as SECS.FRAC.
260  */
261 static void
ts_unix_print(netdissect_options * ndo,long sec,long usec)262 ts_unix_print(netdissect_options *ndo, long sec, long usec)
263 {
264 	if ((unsigned)sec & 0x80000000) {
265 		ND_PRINT("[Error converting time]");
266 		return;
267 	}
268 
269 	ND_PRINT("%u", (unsigned)sec);
270 	ts_frac_print(ndo, usec);
271 }
272 
273 /*
274  * Print the timestamp
275  */
276 void
ts_print(netdissect_options * ndo,const struct timeval * tvp)277 ts_print(netdissect_options *ndo,
278          const struct timeval *tvp)
279 {
280 	static struct timeval tv_ref;
281 	struct timeval tv_result;
282 	int negative_offset;
283 	int nano_prec;
284 
285 	switch (ndo->ndo_tflag) {
286 
287 	case 0: /* Default */
288 		ts_date_hmsfrac_print(ndo, tvp->tv_sec, tvp->tv_usec,
289 				      WITHOUT_DATE, LOCAL_TIME);
290 		ND_PRINT(" ");
291 		break;
292 
293 	case 1: /* No time stamp */
294 		break;
295 
296 	case 2: /* Unix timeval style */
297 		ts_unix_print(ndo, tvp->tv_sec, tvp->tv_usec);
298 		ND_PRINT(" ");
299 		break;
300 
301 	case 3: /* Microseconds/nanoseconds since previous packet */
302         case 5: /* Microseconds/nanoseconds since first packet */
303 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
304 		switch (ndo->ndo_tstamp_precision) {
305 		case PCAP_TSTAMP_PRECISION_MICRO:
306 			nano_prec = 0;
307 			break;
308 		case PCAP_TSTAMP_PRECISION_NANO:
309 			nano_prec = 1;
310 			break;
311 		default:
312 			nano_prec = 0;
313 			break;
314 		}
315 #else
316 		nano_prec = 0;
317 #endif
318 		if (!(netdissect_timevalisset(&tv_ref)))
319 			tv_ref = *tvp; /* set timestamp for first packet */
320 
321 		negative_offset = netdissect_timevalcmp(tvp, &tv_ref, <);
322 		if (negative_offset)
323 			netdissect_timevalsub(&tv_ref, tvp, &tv_result, nano_prec);
324 		else
325 			netdissect_timevalsub(tvp, &tv_ref, &tv_result, nano_prec);
326 
327 		ND_PRINT((negative_offset ? "-" : " "));
328 		ts_date_hmsfrac_print(ndo, tv_result.tv_sec, tv_result.tv_usec,
329 				      WITHOUT_DATE, UTC_TIME);
330 		ND_PRINT(" ");
331 
332                 if (ndo->ndo_tflag == 3)
333 			tv_ref = *tvp; /* set timestamp for previous packet */
334 		break;
335 
336 	case 4: /* Date + Default */
337 		ts_date_hmsfrac_print(ndo, tvp->tv_sec, tvp->tv_usec,
338 				      WITH_DATE, LOCAL_TIME);
339 		ND_PRINT(" ");
340 		break;
341 	}
342 }
343 
344 /*
345  * Print an unsigned relative number of seconds (e.g. hold time, prune timer)
346  * in the form 5m1s.  This does no truncation, so 32230861 seconds
347  * is represented as 1y1w1d1h1m1s.
348  */
349 void
unsigned_relts_print(netdissect_options * ndo,uint32_t secs)350 unsigned_relts_print(netdissect_options *ndo,
351                      uint32_t secs)
352 {
353 	static const char *lengths[] = {"y", "w", "d", "h", "m", "s"};
354 	static const u_int seconds[] = {31536000, 604800, 86400, 3600, 60, 1};
355 	const char **l = lengths;
356 	const u_int *s = seconds;
357 
358 	if (secs == 0) {
359 		ND_PRINT("0s");
360 		return;
361 	}
362 	while (secs > 0) {
363 		if (secs >= *s) {
364 			ND_PRINT("%u%s", secs / *s, *l);
365 			secs -= (secs / *s) * *s;
366 		}
367 		s++;
368 		l++;
369 	}
370 }
371 
372 /*
373  * Print a signed relative number of seconds (e.g. hold time, prune timer)
374  * in the form 5m1s.  This does no truncation, so 32230861 seconds
375  * is represented as 1y1w1d1h1m1s.
376  */
377 void
signed_relts_print(netdissect_options * ndo,int32_t secs)378 signed_relts_print(netdissect_options *ndo,
379                    int32_t secs)
380 {
381 	if (secs < 0) {
382 		ND_PRINT("-");
383 		if (secs == INT32_MIN) {
384 			/*
385 			 * -2^31; you can't fit its absolute value into
386 			 * a 32-bit signed integer.
387 			 *
388 			 * Just directly pass said absolute value to
389 			 * unsigned_relts_print() directly.
390 			 *
391 			 * (XXX - does ISO C guarantee that -(-2^n),
392 			 * when calculated and cast to an n-bit unsigned
393 			 * integer type, will have the value 2^n?)
394 			 */
395 			unsigned_relts_print(ndo, 2147483648U);
396 		} else {
397 			/*
398 			 * We now know -secs will fit into an int32_t;
399 			 * negate it and pass that to unsigned_relts_print().
400 			 */
401 			unsigned_relts_print(ndo, -secs);
402 		}
403 		return;
404 	}
405 	unsigned_relts_print(ndo, secs);
406 }
407 
408 /* Print the truncated string */
nd_print_trunc(netdissect_options * ndo)409 void nd_print_trunc(netdissect_options *ndo)
410 {
411 	ND_PRINT(" [|%s]", ndo->ndo_protocol);
412 }
413 
414 /* Print the protocol name */
nd_print_protocol(netdissect_options * ndo)415 void nd_print_protocol(netdissect_options *ndo)
416 {
417 	ND_PRINT("%s", ndo->ndo_protocol);
418 }
419 
420 /* Print the protocol name in caps (uppercases) */
nd_print_protocol_caps(netdissect_options * ndo)421 void nd_print_protocol_caps(netdissect_options *ndo)
422 {
423 	const char *p;
424         for (p = ndo->ndo_protocol; *p != '\0'; p++)
425                 ND_PRINT("%c", ND_ASCII_TOUPPER(*p));
426 }
427 
428 /* Print the invalid string */
nd_print_invalid(netdissect_options * ndo)429 void nd_print_invalid(netdissect_options *ndo)
430 {
431 	ND_PRINT(" (invalid)");
432 }
433 
434 /*
435  *  this is a generic routine for printing unknown data;
436  *  we pass on the linefeed plus indentation string to
437  *  get a proper output - returns 0 on error
438  */
439 
440 int
print_unknown_data(netdissect_options * ndo,const u_char * cp,const char * ident,u_int len)441 print_unknown_data(netdissect_options *ndo, const u_char *cp,
442                    const char *ident, u_int len)
443 {
444 	u_int len_to_print;
445 
446 	len_to_print = len;
447 	if (!ND_TTEST_LEN(cp, 0)) {
448 		ND_PRINT("%sDissector error: print_unknown_data called with pointer past end of packet",
449 		    ident);
450 		return(0);
451 	}
452 	if (ND_BYTES_AVAILABLE_AFTER(cp) < len_to_print)
453 		len_to_print = ND_BYTES_AVAILABLE_AFTER(cp);
454 	hex_print(ndo, ident, cp, len_to_print);
455 	return(1); /* everything is ok */
456 }
457 
458 /*
459  * Convert a token value to a string; use "fmt" if not found.
460  */
461 const char *
tok2strbuf(const struct tok * lp,const char * fmt,u_int v,char * buf,size_t bufsize)462 tok2strbuf(const struct tok *lp, const char *fmt,
463 	   u_int v, char *buf, size_t bufsize)
464 {
465 	if (lp != NULL) {
466 		while (lp->s != NULL) {
467 			if (lp->v == v)
468 				return (lp->s);
469 			++lp;
470 		}
471 	}
472 	if (fmt == NULL)
473 		fmt = "#%d";
474 
475 	(void)snprintf(buf, bufsize, fmt, v);
476 	return (const char *)buf;
477 }
478 
479 /*
480  * Convert a token value to a string; use "fmt" if not found.
481  * Uses tok2strbuf() on one of four local static buffers of size TOKBUFSIZE
482  * in round-robin fashion.
483  */
484 const char *
tok2str(const struct tok * lp,const char * fmt,u_int v)485 tok2str(const struct tok *lp, const char *fmt,
486 	u_int v)
487 {
488 	static char buf[4][TOKBUFSIZE];
489 	static int idx = 0;
490 	char *ret;
491 
492 	ret = buf[idx];
493 	idx = (idx+1) & 3;
494 	return tok2strbuf(lp, fmt, v, ret, sizeof(buf[0]));
495 }
496 
497 /*
498  * Convert a bit token value to a string; use "fmt" if not found.
499  * this is useful for parsing bitfields, the output strings are separated
500  * if the s field is positive.
501  *
502  * A token matches iff it has one or more bits set and every bit that is set
503  * in the token is set in v. Consequently, a 0 token never matches.
504  */
505 static char *
bittok2str_internal(const struct tok * lp,const char * fmt,u_int v,const char * sep)506 bittok2str_internal(const struct tok *lp, const char *fmt,
507 	   u_int v, const char *sep)
508 {
509         static char buf[1024+1]; /* our string buffer */
510         char *bufp = buf;
511         size_t space_left = sizeof(buf), string_size;
512         const char * sepstr = "";
513 
514         while (lp != NULL && lp->s != NULL) {
515             if (lp->v && (v & lp->v) == lp->v) {
516                 /* ok we have found something */
517                 if (space_left <= 1)
518                     return (buf); /* only enough room left for NUL, if that */
519                 string_size = strlcpy(bufp, sepstr, space_left);
520                 if (string_size >= space_left)
521                     return (buf);    /* we ran out of room */
522                 bufp += string_size;
523                 space_left -= string_size;
524                 if (space_left <= 1)
525                     return (buf); /* only enough room left for NUL, if that */
526                 string_size = strlcpy(bufp, lp->s, space_left);
527                 if (string_size >= space_left)
528                     return (buf);    /* we ran out of room */
529                 bufp += string_size;
530                 space_left -= string_size;
531                 sepstr = sep;
532             }
533             lp++;
534         }
535 
536         if (bufp == buf)
537             /* bummer - lets print the "unknown" message as advised in the fmt string if we got one */
538             (void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%08x" : fmt, v);
539         return (buf);
540 }
541 
542 /*
543  * Convert a bit token value to a string; use "fmt" if not found.
544  * this is useful for parsing bitfields, the output strings are not separated.
545  */
546 char *
bittok2str_nosep(const struct tok * lp,const char * fmt,u_int v)547 bittok2str_nosep(const struct tok *lp, const char *fmt,
548 	   u_int v)
549 {
550     return (bittok2str_internal(lp, fmt, v, ""));
551 }
552 
553 /*
554  * Convert a bit token value to a string; use "fmt" if not found.
555  * this is useful for parsing bitfields, the output strings are comma separated.
556  */
557 char *
bittok2str(const struct tok * lp,const char * fmt,u_int v)558 bittok2str(const struct tok *lp, const char *fmt,
559 	   u_int v)
560 {
561     return (bittok2str_internal(lp, fmt, v, ", "));
562 }
563 
564 /*
565  * Convert a value to a string using an array; the macro
566  * tok2strary() in <netdissect.h> is the public interface to
567  * this function and ensures that the second argument is
568  * correct for bounds-checking.
569  */
570 const char *
tok2strary_internal(const char ** lp,int n,const char * fmt,int v)571 tok2strary_internal(const char **lp, int n, const char *fmt,
572 	int v)
573 {
574 	static char buf[TOKBUFSIZE];
575 
576 	if (v >= 0 && v < n && lp[v] != NULL)
577 		return lp[v];
578 	if (fmt == NULL)
579 		fmt = "#%d";
580 	(void)snprintf(buf, sizeof(buf), fmt, v);
581 	return (buf);
582 }
583 
584 const struct tok *
uint2tokary_internal(const struct uint_tokary dict[],const size_t size,const u_int val)585 uint2tokary_internal(const struct uint_tokary dict[], const size_t size,
586                      const u_int val)
587 {
588 	size_t i;
589 	/* Try a direct lookup before the full scan. */
590 	if (val < size && dict[val].uintval == val)
591 		return dict[val].tokary; /* OK if NULL */
592 	for (i = 0; i < size; i++)
593 		if (dict[i].uintval == val)
594 			return dict[i].tokary; /* OK if NULL */
595 	return NULL;
596 }
597 
598 /*
599  * Convert a 32-bit netmask to prefixlen if possible
600  * the function returns the prefix-len; if plen == -1
601  * then conversion was not possible;
602  */
603 
604 int
mask2plen(uint32_t mask)605 mask2plen(uint32_t mask)
606 {
607 	uint32_t bitmasks[33] = {
608 		0x00000000,
609 		0x80000000, 0xc0000000, 0xe0000000, 0xf0000000,
610 		0xf8000000, 0xfc000000, 0xfe000000, 0xff000000,
611 		0xff800000, 0xffc00000, 0xffe00000, 0xfff00000,
612 		0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000,
613 		0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000,
614 		0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00,
615 		0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0,
616 		0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff
617 	};
618 	int prefix_len = 32;
619 
620 	/* let's see if we can transform the mask into a prefixlen */
621 	while (prefix_len >= 0) {
622 		if (bitmasks[prefix_len] == mask)
623 			break;
624 		prefix_len--;
625 	}
626 	return (prefix_len);
627 }
628 
629 int
mask62plen(const u_char * mask)630 mask62plen(const u_char *mask)
631 {
632 	u_char bitmasks[9] = {
633 		0x00,
634 		0x80, 0xc0, 0xe0, 0xf0,
635 		0xf8, 0xfc, 0xfe, 0xff
636 	};
637 	int byte;
638 	int cidr_len = 0;
639 
640 	for (byte = 0; byte < 16; byte++) {
641 		u_int bits;
642 
643 		for (bits = 0; bits < (sizeof (bitmasks) / sizeof (bitmasks[0])); bits++) {
644 			if (mask[byte] == bitmasks[bits]) {
645 				cidr_len += bits;
646 				break;
647 			}
648 		}
649 
650 		if (mask[byte] != 0xff)
651 			break;
652 	}
653 	return (cidr_len);
654 }
655 
656 /*
657  * Routine to print out information for text-based protocols such as FTP,
658  * HTTP, SMTP, RTSP, SIP, ....
659  */
660 #define MAX_TOKEN	128
661 
662 /*
663  * Fetch a token from a packet, starting at the specified index,
664  * and return the length of the token.
665  *
666  * Returns 0 on error; yes, this is indistinguishable from an empty
667  * token, but an "empty token" isn't a valid token - it just means
668  * either a space character at the beginning of the line (this
669  * includes a blank line) or no more tokens remaining on the line.
670  */
671 static int
fetch_token(netdissect_options * ndo,const u_char * pptr,u_int idx,u_int len,u_char * tbuf,size_t tbuflen)672 fetch_token(netdissect_options *ndo, const u_char *pptr, u_int idx, u_int len,
673     u_char *tbuf, size_t tbuflen)
674 {
675 	size_t toklen = 0;
676 	u_char c;
677 
678 	for (; idx < len; idx++) {
679 		if (!ND_TTEST_1(pptr + idx)) {
680 			/* ran past end of captured data */
681 			return (0);
682 		}
683 		c = GET_U_1(pptr + idx);
684 		if (!ND_ISASCII(c)) {
685 			/* not an ASCII character */
686 			return (0);
687 		}
688 		if (c == ' ' || c == '\t' || c == '\r' || c == '\n') {
689 			/* end of token */
690 			break;
691 		}
692 		if (!ND_ASCII_ISPRINT(c)) {
693 			/* not part of a command token or response code */
694 			return (0);
695 		}
696 		if (toklen + 2 > tbuflen) {
697 			/* no room for this character and terminating '\0' */
698 			return (0);
699 		}
700 		tbuf[toklen] = c;
701 		toklen++;
702 	}
703 	if (toklen == 0) {
704 		/* no token */
705 		return (0);
706 	}
707 	tbuf[toklen] = '\0';
708 
709 	/*
710 	 * Skip past any white space after the token, until we see
711 	 * an end-of-line (CR or LF).
712 	 */
713 	for (; idx < len; idx++) {
714 		if (!ND_TTEST_1(pptr + idx)) {
715 			/* ran past end of captured data */
716 			break;
717 		}
718 		c = GET_U_1(pptr + idx);
719 		if (c == '\r' || c == '\n') {
720 			/* end of line */
721 			break;
722 		}
723 		if (!ND_ASCII_ISPRINT(c)) {
724 			/* not a printable ASCII character */
725 			break;
726 		}
727 		if (c != ' ' && c != '\t' && c != '\r' && c != '\n') {
728 			/* beginning of next token */
729 			break;
730 		}
731 	}
732 	return (idx);
733 }
734 
735 /*
736  * Scan a buffer looking for a line ending - LF or CR-LF.
737  * Return the index of the character after the line ending or 0 if
738  * we encounter a non-ASCII or non-printable character or don't find
739  * the line ending.
740  */
741 static u_int
print_txt_line(netdissect_options * ndo,const char * prefix,const u_char * pptr,u_int idx,u_int len)742 print_txt_line(netdissect_options *ndo, const char *prefix,
743 	       const u_char *pptr, u_int idx, u_int len)
744 {
745 	u_int startidx;
746 	u_int linelen;
747 	u_char c;
748 
749 	startidx = idx;
750 	while (idx < len) {
751 		c = GET_U_1(pptr + idx);
752 		if (c == '\n') {
753 			/*
754 			 * LF without CR; end of line.
755 			 * Skip the LF and print the line, with the
756 			 * exception of the LF.
757 			 */
758 			linelen = idx - startidx;
759 			idx++;
760 			goto print;
761 		} else if (c == '\r') {
762 			/* CR - any LF? */
763 			if ((idx+1) >= len) {
764 				/* not in this packet */
765 				return (0);
766 			}
767 			if (GET_U_1(pptr + idx + 1) == '\n') {
768 				/*
769 				 * CR-LF; end of line.
770 				 * Skip the CR-LF and print the line, with
771 				 * the exception of the CR-LF.
772 				 */
773 				linelen = idx - startidx;
774 				idx += 2;
775 				goto print;
776 			}
777 
778 			/*
779 			 * CR followed by something else; treat this
780 			 * as if it were binary data, and don't print
781 			 * it.
782 			 */
783 			return (0);
784 		} else if (!ND_ASCII_ISPRINT(c) && c != '\t') {
785 			/*
786 			 * Not a printable ASCII character and not a tab;
787 			 * treat this as if it were binary data, and
788 			 * don't print it.
789 			 */
790 			return (0);
791 		}
792 		idx++;
793 	}
794 
795 	/*
796 	 * All printable ASCII, but no line ending after that point
797 	 * in the buffer; treat this as if it were truncated.
798 	 */
799 	linelen = idx - startidx;
800 	ND_PRINT("%s%.*s", prefix, (int)linelen, pptr + startidx);
801 	nd_print_trunc(ndo);
802 	return (0);
803 
804 print:
805 	ND_PRINT("%s%.*s", prefix, (int)linelen, pptr + startidx);
806 	return (idx);
807 }
808 
809 /* Assign needed before calling txtproto_print(): ndo->ndo_protocol = "proto" */
810 void
txtproto_print(netdissect_options * ndo,const u_char * pptr,u_int len,const char ** cmds,u_int flags)811 txtproto_print(netdissect_options *ndo, const u_char *pptr, u_int len,
812 	       const char **cmds, u_int flags)
813 {
814 	u_int idx, eol;
815 	u_char token[MAX_TOKEN+1];
816 	const char *cmd;
817 	int print_this = 0;
818 
819 	if (cmds != NULL) {
820 		/*
821 		 * This protocol has more than just request and
822 		 * response lines; see whether this looks like a
823 		 * request or response and, if so, print it and,
824 		 * in verbose mode, print everything after it.
825 		 *
826 		 * This is for HTTP-like protocols, where we
827 		 * want to print requests and responses, but
828 		 * don't want to print continuations of request
829 		 * or response bodies in packets that don't
830 		 * contain the request or response line.
831 		 */
832 		idx = fetch_token(ndo, pptr, 0, len, token, sizeof(token));
833 		if (idx != 0) {
834 			/* Is this a valid request name? */
835 			while ((cmd = *cmds++) != NULL) {
836 				if (ascii_strcasecmp((const char *)token, cmd) == 0) {
837 					/* Yes. */
838 					print_this = 1;
839 					break;
840 				}
841 			}
842 
843 			/*
844 			 * No - is this a valid response code (3 digits)?
845 			 *
846 			 * Is this token the response code, or is the next
847 			 * token the response code?
848 			 */
849 			if (flags & RESP_CODE_SECOND_TOKEN) {
850 				/*
851 				 * Next token - get it.
852 				 */
853 				idx = fetch_token(ndo, pptr, idx, len, token,
854 				    sizeof(token));
855 			}
856 			if (idx != 0) {
857 				if (ND_ASCII_ISDIGIT(token[0]) && ND_ASCII_ISDIGIT(token[1]) &&
858 				    ND_ASCII_ISDIGIT(token[2]) && token[3] == '\0') {
859 					/* Yes. */
860 					print_this = 1;
861 				}
862 			}
863 		}
864 	} else {
865 		/*
866 		 * Either:
867 		 *
868 		 * 1) This protocol has only request and response lines
869 		 *    (e.g., FTP, where all the data goes over a different
870 		 *    connection); assume the payload is a request or
871 		 *    response.
872 		 *
873 		 * or
874 		 *
875 		 * 2) This protocol is just text, so that we should
876 		 *    always, at minimum, print the first line and,
877 		 *    in verbose mode, print all lines.
878 		 */
879 		print_this = 1;
880 	}
881 
882 	nd_print_protocol_caps(ndo);
883 
884 	if (print_this) {
885 		/*
886 		 * In non-verbose mode, just print the protocol, followed
887 		 * by the first line.
888 		 *
889 		 * In verbose mode, print lines as text until we run out
890 		 * of characters or see something that's not a
891 		 * printable-ASCII line.
892 		 */
893 		if (ndo->ndo_vflag) {
894 			/*
895 			 * We're going to print all the text lines in the
896 			 * request or response; just print the length
897 			 * on the first line of the output.
898 			 */
899 			ND_PRINT(", length: %u", len);
900 			for (idx = 0;
901 			    idx < len && (eol = print_txt_line(ndo, "\n\t", pptr, idx, len)) != 0;
902 			    idx = eol)
903 				;
904 		} else {
905 			/*
906 			 * Just print the first text line.
907 			 */
908 			print_txt_line(ndo, ": ", pptr, 0, len);
909 		}
910 	}
911 }
912 
913 #if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
914     (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
915     (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
916     (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
917     (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || \
918     defined(__vax__)
919 /*
920  * The procesor natively handles unaligned loads, so just use memcpy()
921  * and memcmp(), to enable those optimizations.
922  *
923  * XXX - are those all the x86 tests we need?
924  * XXX - do we need to worry about ARMv1 through ARMv5, which didn't
925  * support unaligned loads, and, if so, do we need to worry about all
926  * of them, or just some of them, e.g. ARMv5?
927  * XXX - are those the only 68k tests we need not to generated
928  * unaligned accesses if the target is the 68000 or 68010?
929  * XXX - are there any tests we don't need, because some definitions are for
930  * compilers that also predefine the GCC symbols?
931  * XXX - do we need to test for both 32-bit and 64-bit versions of those
932  * architectures in all cases?
933  */
934 #else
935 /*
936  * The processor doesn't natively handle unaligned loads,
937  * and the compiler might "helpfully" optimize memcpy()
938  * and memcmp(), when handed pointers that would normally
939  * be properly aligned, into sequences that assume proper
940  * alignment.
941  *
942  * Do copies and compares of possibly-unaligned data by
943  * calling routines that wrap memcpy() and memcmp(), to
944  * prevent that optimization.
945  */
946 void
unaligned_memcpy(void * p,const void * q,size_t l)947 unaligned_memcpy(void *p, const void *q, size_t l)
948 {
949 	memcpy(p, q, l);
950 }
951 
952 /* As with memcpy(), so with memcmp(). */
953 int
unaligned_memcmp(const void * p,const void * q,size_t l)954 unaligned_memcmp(const void *p, const void *q, size_t l)
955 {
956 	return (memcmp(p, q, l));
957 }
958 #endif
959 
960