1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Format and print AppleTalk packets. 22 */ 23 24 #ifndef lint 25 static const char rcsid[] = 26 "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-atalk.c,v 1.5 1996/12/12 16:22:43 bitblt Exp $ (LBL)"; 27 #endif 28 29 #include <sys/param.h> 30 #include <sys/time.h> 31 #include <sys/socket.h> 32 33 #if __STDC__ 34 struct mbuf; 35 struct rtentry; 36 #endif 37 #include <net/if.h> 38 39 #include <netinet/in.h> 40 #include <netinet/in_systm.h> 41 #include <netinet/ip.h> 42 #include <netinet/ip_var.h> 43 #include <netinet/if_ether.h> 44 #include <netinet/udp.h> 45 #include <netinet/udp_var.h> 46 #include <netinet/tcp.h> 47 #include <netinet/tcpip.h> 48 49 #include <stdio.h> 50 #include <stdlib.h> 51 #include <string.h> 52 53 #include "interface.h" 54 #include "addrtoname.h" 55 #include "ethertype.h" 56 #include "extract.h" /* must come after interface.h */ 57 #include "appletalk.h" 58 59 static struct tok type2str[] = { 60 { ddpRTMP, "rtmp" }, 61 { ddpRTMPrequest, "rtmpReq" }, 62 { ddpECHO, "echo" }, 63 { ddpIP, "IP" }, 64 { ddpARP, "ARP" }, 65 { ddpKLAP, "KLAP" }, 66 { 0, NULL } 67 }; 68 69 struct aarp { 70 u_short htype, ptype; 71 u_char halen, palen; 72 u_short op; 73 u_char hsaddr[6]; 74 u_char psaddr[4]; 75 u_char hdaddr[6]; 76 u_char pdaddr[4]; 77 }; 78 79 static char tstr[] = "[|atalk]"; 80 81 static void atp_print(const struct atATP *, u_int); 82 static void atp_bitmap_print(u_char); 83 static void nbp_print(const struct atNBP *, u_int, u_short, u_char, u_char); 84 static const char *print_cstring(const char *, const u_char *); 85 static const struct atNBPtuple *nbp_tuple_print(const struct atNBPtuple *, 86 const u_char *, 87 u_short, u_char, u_char); 88 static const struct atNBPtuple *nbp_name_print(const struct atNBPtuple *, 89 const u_char *); 90 static const char *ataddr_string(u_short, u_char); 91 static void ddp_print(const u_char *, u_int, int, u_short, u_char, u_char); 92 static const char *ddpskt_string(int); 93 94 /* 95 * Print AppleTalk Datagram Delivery Protocol packets. 96 */ 97 void 98 atalk_print(register const u_char *bp, u_int length) 99 { 100 register const struct LAP *lp; 101 register const struct atDDP *dp; 102 register const struct atShortDDP *sdp; 103 u_short snet; 104 105 lp = (struct LAP *)bp; 106 bp += sizeof(*lp); 107 length -= sizeof(*lp); 108 switch (lp->type) { 109 110 case lapShortDDP: 111 if (length < ddpSSize) { 112 (void)printf(" [|sddp %d]", length); 113 return; 114 } 115 sdp = (const struct atShortDDP *)bp; 116 printf("%s.%s", 117 ataddr_string(0, lp->src), ddpskt_string(sdp->srcSkt)); 118 printf(" > %s.%s:", 119 ataddr_string(0, lp->dst), ddpskt_string(sdp->dstSkt)); 120 bp += ddpSSize; 121 length -= ddpSSize; 122 ddp_print(bp, length, sdp->type, 0, lp->src, sdp->srcSkt); 123 break; 124 125 case lapDDP: 126 if (length < ddpSize) { 127 (void)printf(" [|ddp %d]", length); 128 return; 129 } 130 dp = (const struct atDDP *)bp; 131 snet = EXTRACT_16BITS(&dp->srcNet); 132 printf("%s.%s", ataddr_string(snet, dp->srcNode), 133 ddpskt_string(dp->srcSkt)); 134 printf(" > %s.%s:", 135 ataddr_string(EXTRACT_16BITS(&dp->dstNet), dp->dstNode), 136 ddpskt_string(dp->dstSkt)); 137 bp += ddpSize; 138 length -= ddpSize; 139 ddp_print(bp, length, dp->type, snet, dp->srcNode, dp->srcSkt); 140 break; 141 142 #ifdef notdef 143 case lapKLAP: 144 klap_print(bp, length); 145 break; 146 #endif 147 148 default: 149 printf("%d > %d at-lap#%d %d", 150 lp->src, lp->dst, lp->type, length); 151 break; 152 } 153 } 154 155 /* XXX should probably pass in the snap header and do checks like arp_print() */ 156 void 157 aarp_print(register const u_char *bp, u_int length) 158 { 159 register const struct aarp *ap; 160 161 #define AT(member) ataddr_string((ap->member[1]<<8)|ap->member[2],ap->member[3]) 162 163 printf("aarp "); 164 ap = (const struct aarp *)bp; 165 if (ap->htype == 1 && ap->ptype == ETHERTYPE_ATALK && 166 ap->halen == 6 && ap->palen == 4 ) 167 switch (ap->op) { 168 169 case 1: /* request */ 170 (void)printf("who-has %s tell %s", 171 AT(pdaddr), AT(psaddr)); 172 return; 173 174 case 2: /* response */ 175 (void)printf("reply %s is-at %s", 176 AT(pdaddr), etheraddr_string(ap->hdaddr)); 177 return; 178 179 case 3: /* probe (oy!) */ 180 (void)printf("probe %s tell %s", 181 AT(pdaddr), AT(psaddr)); 182 return; 183 } 184 (void)printf("len %d op %d htype %d ptype %#x halen %d palen %d", 185 length, ap->op, ap->htype, ap->ptype, ap->halen, ap->palen ); 186 } 187 188 static void 189 ddp_print(register const u_char *bp, register u_int length, register int t, 190 register u_short snet, register u_char snode, u_char skt) 191 { 192 193 switch (t) { 194 195 case ddpNBP: 196 nbp_print((const struct atNBP *)bp, length, snet, snode, skt); 197 break; 198 199 case ddpATP: 200 atp_print((const struct atATP *)bp, length); 201 break; 202 203 default: 204 (void)printf(" at-%s %d", tok2str(type2str, NULL, t), length); 205 break; 206 } 207 } 208 209 static void 210 atp_print(register const struct atATP *ap, u_int length) 211 { 212 char c; 213 u_int32_t data; 214 215 if ((const u_char *)(ap + 1) > snapend) { 216 /* Just bail if we don't have the whole chunk. */ 217 fputs(tstr, stdout); 218 return; 219 } 220 length -= sizeof(*ap); 221 switch (ap->control & 0xc0) { 222 223 case atpReqCode: 224 (void)printf(" atp-req%s %d", 225 ap->control & atpXO? " " : "*", 226 EXTRACT_16BITS(&ap->transID)); 227 228 atp_bitmap_print(ap->bitmap); 229 230 if (length != 0) 231 (void)printf(" [len=%d]", length); 232 233 switch (ap->control & (atpEOM|atpSTS)) { 234 case atpEOM: 235 (void)printf(" [EOM]"); 236 break; 237 case atpSTS: 238 (void)printf(" [STS]"); 239 break; 240 case atpEOM|atpSTS: 241 (void)printf(" [EOM,STS]"); 242 break; 243 } 244 break; 245 246 case atpRspCode: 247 (void)printf(" atp-resp%s%d:%d (%d)", 248 ap->control & atpEOM? "*" : " ", 249 EXTRACT_16BITS(&ap->transID), ap->bitmap, length); 250 switch (ap->control & (atpXO|atpSTS)) { 251 case atpXO: 252 (void)printf(" [XO]"); 253 break; 254 case atpSTS: 255 (void)printf(" [STS]"); 256 break; 257 case atpXO|atpSTS: 258 (void)printf(" [XO,STS]"); 259 break; 260 } 261 break; 262 263 case atpRelCode: 264 (void)printf(" atp-rel %d", EXTRACT_16BITS(&ap->transID)); 265 266 atp_bitmap_print(ap->bitmap); 267 268 /* length should be zero */ 269 if (length) 270 (void)printf(" [len=%d]", length); 271 272 /* there shouldn't be any control flags */ 273 if (ap->control & (atpXO|atpEOM|atpSTS)) { 274 c = '['; 275 if (ap->control & atpXO) { 276 (void)printf("%cXO", c); 277 c = ','; 278 } 279 if (ap->control & atpEOM) { 280 (void)printf("%cEOM", c); 281 c = ','; 282 } 283 if (ap->control & atpSTS) { 284 (void)printf("%cSTS", c); 285 c = ','; 286 } 287 (void)printf("]"); 288 } 289 break; 290 291 default: 292 (void)printf(" atp-0x%x %d (%d)", ap->control, 293 EXTRACT_16BITS(&ap->transID), length); 294 break; 295 } 296 data = EXTRACT_32BITS(&ap->userData); 297 if (data != 0) 298 (void)printf(" 0x%x", data); 299 } 300 301 static void 302 atp_bitmap_print(register u_char bm) 303 { 304 register char c; 305 register int i; 306 307 /* 308 * The '& 0xff' below is needed for compilers that want to sign 309 * extend a u_char, which is the case with the Ultrix compiler. 310 * (gcc is smart enough to eliminate it, at least on the Sparc). 311 */ 312 if ((bm + 1) & (bm & 0xff)) { 313 c = '<'; 314 for (i = 0; bm; ++i) { 315 if (bm & 1) { 316 (void)printf("%c%d", c, i); 317 c = ','; 318 } 319 bm >>= 1; 320 } 321 (void)printf(">"); 322 } else { 323 for (i = 0; bm; ++i) 324 bm >>= 1; 325 if (i > 1) 326 (void)printf("<0-%d>", i - 1); 327 else 328 (void)printf("<0>"); 329 } 330 } 331 332 static void 333 nbp_print(register const struct atNBP *np, u_int length, register u_short snet, 334 register u_char snode, register u_char skt) 335 { 336 register const struct atNBPtuple *tp = 337 (struct atNBPtuple *)((u_char *)np + nbpHeaderSize); 338 int i; 339 const u_char *ep; 340 341 length -= nbpHeaderSize; 342 if (length < 8) { 343 /* must be room for at least one tuple */ 344 (void)printf(" truncated-nbp %d", length + nbpHeaderSize); 345 return; 346 } 347 /* ep points to end of available data */ 348 ep = snapend; 349 if ((const u_char *)tp > ep) { 350 fputs(tstr, stdout); 351 return; 352 } 353 switch (i = np->control & 0xf0) { 354 355 case nbpBrRq: 356 case nbpLkUp: 357 (void)printf(i == nbpLkUp? " nbp-lkup %d:":" nbp-brRq %d:", 358 np->id); 359 if ((const u_char *)(tp + 1) > ep) { 360 fputs(tstr, stdout); 361 return; 362 } 363 (void)nbp_name_print(tp, ep); 364 /* 365 * look for anomalies: the spec says there can only 366 * be one tuple, the address must match the source 367 * address and the enumerator should be zero. 368 */ 369 if ((np->control & 0xf) != 1) 370 (void)printf(" [ntup=%d]", np->control & 0xf); 371 if (tp->enumerator) 372 (void)printf(" [enum=%d]", tp->enumerator); 373 if (EXTRACT_16BITS(&tp->net) != snet || 374 tp->node != snode || tp->skt != skt) 375 (void)printf(" [addr=%s.%d]", 376 ataddr_string(EXTRACT_16BITS(&tp->net), 377 tp->node), tp->skt); 378 break; 379 380 case nbpLkUpReply: 381 (void)printf(" nbp-reply %d:", np->id); 382 383 /* print each of the tuples in the reply */ 384 for (i = np->control & 0xf; --i >= 0 && tp; ) 385 tp = nbp_tuple_print(tp, ep, snet, snode, skt); 386 break; 387 388 default: 389 (void)printf(" nbp-0x%x %d (%d)", np->control, np->id, 390 length); 391 break; 392 } 393 } 394 395 /* print a counted string */ 396 static const char * 397 print_cstring(register const char *cp, register const u_char *ep) 398 { 399 register u_int length; 400 401 if (cp >= (const char *)ep) { 402 fputs(tstr, stdout); 403 return (0); 404 } 405 length = *cp++; 406 407 /* Spec says string can be at most 32 bytes long */ 408 if (length < 0 || length > 32) { 409 (void)printf("[len=%d]", length); 410 return (0); 411 } 412 while (--length >= 0) { 413 if (cp >= (char *)ep) { 414 fputs(tstr, stdout); 415 return (0); 416 } 417 putchar(*cp++); 418 } 419 return (cp); 420 } 421 422 static const struct atNBPtuple * 423 nbp_tuple_print(register const struct atNBPtuple *tp, 424 register const u_char *ep, 425 register u_short snet, register u_char snode, 426 register u_char skt) 427 { 428 register const struct atNBPtuple *tpn; 429 430 if ((const u_char *)(tp + 1) > ep) { 431 fputs(tstr, stdout); 432 return 0; 433 } 434 tpn = nbp_name_print(tp, ep); 435 436 /* if the enumerator isn't 1, print it */ 437 if (tp->enumerator != 1) 438 (void)printf("(%d)", tp->enumerator); 439 440 /* if the socket doesn't match the src socket, print it */ 441 if (tp->skt != skt) 442 (void)printf(" %d", tp->skt); 443 444 /* if the address doesn't match the src address, it's an anomaly */ 445 if (EXTRACT_16BITS(&tp->net) != snet || tp->node != snode) 446 (void)printf(" [addr=%s]", 447 ataddr_string(EXTRACT_16BITS(&tp->net), tp->node)); 448 449 return (tpn); 450 } 451 452 static const struct atNBPtuple * 453 nbp_name_print(const struct atNBPtuple *tp, register const u_char *ep) 454 { 455 register const char *cp = (const char *)tp + nbpTupleSize; 456 457 putchar(' '); 458 459 /* Object */ 460 putchar('"'); 461 if ((cp = print_cstring(cp, ep)) != NULL) { 462 /* Type */ 463 putchar(':'); 464 if ((cp = print_cstring(cp, ep)) != NULL) { 465 /* Zone */ 466 putchar('@'); 467 if ((cp = print_cstring(cp, ep)) != NULL) 468 putchar('"'); 469 } 470 } 471 return ((const struct atNBPtuple *)cp); 472 } 473 474 475 #define HASHNAMESIZE 4096 476 477 struct hnamemem { 478 int addr; 479 char *name; 480 struct hnamemem *nxt; 481 }; 482 483 static struct hnamemem hnametable[HASHNAMESIZE]; 484 485 static const char * 486 ataddr_string(u_short atnet, u_char athost) 487 { 488 register struct hnamemem *tp, *tp2; 489 register int i = (atnet << 8) | athost; 490 char nambuf[256]; 491 static int first = 1; 492 FILE *fp; 493 494 /* 495 * if this is the first call, see if there's an AppleTalk 496 * number to name map file. 497 */ 498 if (first && (first = 0, !nflag) 499 && (fp = fopen("/etc/atalk.names", "r"))) { 500 char line[256]; 501 int i1, i2, i3; 502 503 while (fgets(line, sizeof(line), fp)) { 504 if (line[0] == '\n' || line[0] == 0 || line[0] == '#') 505 continue; 506 if (sscanf(line, "%d.%d.%d %s", &i1, &i2, &i3, 507 nambuf) == 4) 508 /* got a hostname. */ 509 i3 |= ((i1 << 8) | i2) << 8; 510 else if (sscanf(line, "%d.%d %s", &i1, &i2, 511 nambuf) == 3) 512 /* got a net name */ 513 i3 = (((i1 << 8) | i2) << 8) | 255; 514 else 515 continue; 516 517 for (tp = &hnametable[i3 & (HASHNAMESIZE-1)]; 518 tp->nxt; tp = tp->nxt) 519 ; 520 tp->addr = i3; 521 tp->nxt = newhnamemem(); 522 tp->name = savestr(nambuf); 523 } 524 fclose(fp); 525 } 526 527 for (tp = &hnametable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) 528 if (tp->addr == i) 529 return (tp->name); 530 531 /* didn't have the node name -- see if we've got the net name */ 532 i |= 255; 533 for (tp2 = &hnametable[i & (HASHNAMESIZE-1)]; tp2->nxt; tp2 = tp2->nxt) 534 if (tp2->addr == i) { 535 tp->addr = (atnet << 8) | athost; 536 tp->nxt = newhnamemem(); 537 (void)sprintf(nambuf, "%s.%d", tp2->name, athost); 538 tp->name = savestr(nambuf); 539 return (tp->name); 540 } 541 542 tp->addr = (atnet << 8) | athost; 543 tp->nxt = newhnamemem(); 544 if (athost != 255) 545 (void)sprintf(nambuf, "%d.%d.%d", 546 atnet >> 8, atnet & 0xff, athost); 547 else 548 (void)sprintf(nambuf, "%d.%d", atnet >> 8, atnet & 0xff); 549 tp->name = savestr(nambuf); 550 551 return (tp->name); 552 } 553 554 static struct tok skt2str[] = { 555 { rtmpSkt, "rtmp" }, /* routing table maintenance */ 556 { nbpSkt, "nis" }, /* name info socket */ 557 { echoSkt, "echo" }, /* AppleTalk echo protocol */ 558 { zipSkt, "zip" }, /* zone info protocol */ 559 { 0, NULL } 560 }; 561 562 static const char * 563 ddpskt_string(register int skt) 564 { 565 static char buf[8]; 566 567 if (nflag) { 568 (void)sprintf(buf, "%d", skt); 569 return (buf); 570 } 571 return (tok2str(skt2str, "%d", skt)); 572 } 573