1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /*
23 * txtproto_print() derived from original code by Hannes Gredler
24 * (hannes@gredler.at):
25 *
26 * Redistribution and use in source and binary forms, with or without
27 * modification, are permitted provided that: (1) source code
28 * distributions retain the above copyright notice and this paragraph
29 * in its entirety, and (2) distributions including binary code include
30 * the above copyright notice and this paragraph in its entirety in
31 * the documentation or other materials provided with the distribution.
32 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
33 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
34 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
35 * FOR A PARTICULAR PURPOSE.
36 */
37
38 #include <sys/cdefs.h>
39 #ifndef lint
40 __RCSID("$NetBSD: util-print.c,v 1.8 2024/09/02 16:15:33 christos Exp $");
41 #endif
42
43 #include <config.h>
44
45 #include "netdissect-stdinc.h"
46
47 #include <sys/stat.h>
48
49 #include <stdio.h>
50 #include <stdarg.h>
51 #include <stdlib.h>
52 #include <string.h>
53
54 #include "netdissect-ctype.h"
55
56 #include "netdissect.h"
57 #include "extract.h"
58 #include "ascii_strcasecmp.h"
59 #include "timeval-operations.h"
60
61 #define TOKBUFSIZE 128
62
63 enum date_flag { WITHOUT_DATE = 0, WITH_DATE = 1 };
64 enum time_flag { UTC_TIME = 0, LOCAL_TIME = 1 };
65
66 /*
67 * Print out a character, filtering out the non-printable ones
68 */
69 void
fn_print_char(netdissect_options * ndo,u_char c)70 fn_print_char(netdissect_options *ndo, u_char c)
71 {
72 if (!ND_ISASCII(c)) {
73 c = ND_TOASCII(c);
74 ND_PRINT("M-");
75 }
76 if (!ND_ASCII_ISPRINT(c)) {
77 c ^= 0x40; /* DEL to ?, others to alpha */
78 ND_PRINT("^");
79 }
80 ND_PRINT("%c", c);
81 }
82
83 /*
84 * Print a null-terminated string, filtering out non-printable characters.
85 * DON'T USE IT with a pointer on the packet buffer because there is no
86 * truncation check. For this use, see the nd_printX() functions below.
87 */
88 void
fn_print_str(netdissect_options * ndo,const u_char * s)89 fn_print_str(netdissect_options *ndo, const u_char *s)
90 {
91 while (*s != '\0') {
92 fn_print_char(ndo, *s);
93 s++;
94 }
95 }
96
97 /*
98 * Print out a null-terminated filename (or other ASCII string) from
99 * a fixed-length field in the packet buffer, or from what remains of
100 * the packet.
101 *
102 * n is the length of the fixed-length field, or the number of bytes
103 * remaining in the packet based on its on-the-network length.
104 *
105 * If ep is non-null, it should point just past the last captured byte
106 * of the packet, e.g. ndo->ndo_snapend. If ep is NULL, we assume no
107 * truncation check, other than the checks of the field length/remaining
108 * packet data length, is needed.
109 *
110 * Return the number of bytes of string processed, including the
111 * terminating null, if not truncated; as the terminating null is
112 * included in the count, and as there must be a terminating null,
113 * this will always be non-zero. Return 0 if truncated.
114 */
115 u_int
nd_printztn(netdissect_options * ndo,const u_char * s,u_int n,const u_char * ep)116 nd_printztn(netdissect_options *ndo,
117 const u_char *s, u_int n, const u_char *ep)
118 {
119 u_int bytes;
120 u_char c;
121
122 bytes = 0;
123 for (;;) {
124 if (n == 0 || (ep != NULL && s >= ep)) {
125 /*
126 * Truncated. This includes "no null before we
127 * got to the end of the fixed-length buffer or
128 * the end of the packet".
129 *
130 * XXX - BOOTP says "null-terminated", which
131 * means the maximum length of the string, in
132 * bytes, is 1 less than the size of the buffer,
133 * as there must always be a terminating null.
134 */
135 bytes = 0;
136 break;
137 }
138
139 c = GET_U_1(s);
140 s++;
141 bytes++;
142 n--;
143 if (c == '\0') {
144 /* End of string */
145 break;
146 }
147 fn_print_char(ndo, c);
148 }
149 return(bytes);
150 }
151
152 /*
153 * Print out a counted filename (or other ASCII string), part of
154 * the packet buffer.
155 * If ep is NULL, assume no truncation check is needed.
156 * Return true if truncated.
157 * Stop at ep (if given) or after n bytes, whichever is first.
158 */
159 int
nd_printn(netdissect_options * ndo,const u_char * s,u_int n,const u_char * ep)160 nd_printn(netdissect_options *ndo,
161 const u_char *s, u_int n, const u_char *ep)
162 {
163 u_char c;
164
165 while (n > 0 && (ep == NULL || s < ep)) {
166 n--;
167 c = GET_U_1(s);
168 s++;
169 fn_print_char(ndo, c);
170 }
171 return (n == 0) ? 0 : 1;
172 }
173
174 /*
175 * Print a counted filename (or other ASCII string), part of
176 * the packet buffer, filtering out non-printable characters.
177 * Stop if truncated (via GET_U_1/longjmp) or after n bytes,
178 * whichever is first.
179 * The suffix comes from: j:longJmp, n:after N bytes.
180 */
181 void
nd_printjn(netdissect_options * ndo,const u_char * s,u_int n)182 nd_printjn(netdissect_options *ndo, const u_char *s, u_int n)
183 {
184 while (n > 0) {
185 fn_print_char(ndo, GET_U_1(s));
186 n--;
187 s++;
188 }
189 }
190
191 /*
192 * Print a null-padded filename (or other ASCII string), part of
193 * the packet buffer, filtering out non-printable characters.
194 * Stop if truncated (via GET_U_1/longjmp) or after n bytes or before
195 * the null char, whichever occurs first.
196 * The suffix comes from: j:longJmp, n:after N bytes, p:null-Padded.
197 */
198 void
nd_printjnp(netdissect_options * ndo,const u_char * s,u_int n)199 nd_printjnp(netdissect_options *ndo, const u_char *s, u_int n)
200 {
201 u_char c;
202
203 while (n > 0) {
204 c = GET_U_1(s);
205 if (c == '\0')
206 break;
207 fn_print_char(ndo, c);
208 n--;
209 s++;
210 }
211 }
212
213 /*
214 * Print the timestamp .FRAC part (Microseconds/nanoseconds)
215 */
216 static void
ts_frac_print(netdissect_options * ndo,const struct timeval * tv)217 ts_frac_print(netdissect_options *ndo, const struct timeval *tv)
218 {
219 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
220 switch (ndo->ndo_tstamp_precision) {
221
222 case PCAP_TSTAMP_PRECISION_MICRO:
223 ND_PRINT(".%06u", (unsigned)tv->tv_usec);
224 break;
225
226 case PCAP_TSTAMP_PRECISION_NANO:
227 ND_PRINT(".%09u", (unsigned)tv->tv_usec);
228 break;
229
230 default:
231 ND_PRINT(".{unknown}");
232 break;
233 }
234 #else
235 ND_PRINT(".%06u", (unsigned)tv->tv_usec);
236 #endif
237 }
238
239 /*
240 * Print the timestamp as [YY:MM:DD] HH:MM:SS.FRAC.
241 * if time_flag == LOCAL_TIME print local time else UTC/GMT time
242 * if date_flag == WITH_DATE print YY:MM:DD before HH:MM:SS.FRAC
243 */
244 static void
ts_date_hmsfrac_print(netdissect_options * ndo,const struct timeval * tv,enum date_flag date_flag,enum time_flag time_flag)245 ts_date_hmsfrac_print(netdissect_options *ndo, const struct timeval *tv,
246 enum date_flag date_flag, enum time_flag time_flag)
247 {
248 struct tm *tm;
249 char timebuf[32];
250 const char *timestr;
251
252 if (tv->tv_sec < 0) {
253 ND_PRINT("[timestamp < 1970-01-01 00:00:00 UTC]");
254 return;
255 }
256
257 if (time_flag == LOCAL_TIME)
258 tm = localtime(&tv->tv_sec);
259 else
260 tm = gmtime(&tv->tv_sec);
261
262 if (date_flag == WITH_DATE) {
263 timestr = nd_format_time(timebuf, sizeof(timebuf),
264 "%Y-%m-%d %H:%M:%S", tm);
265 } else {
266 timestr = nd_format_time(timebuf, sizeof(timebuf),
267 "%H:%M:%S", tm);
268 }
269 ND_PRINT("%s", timestr);
270
271 ts_frac_print(ndo, tv);
272 }
273
274 /*
275 * Print the timestamp - Unix timeval style, as SECS.FRAC.
276 */
277 static void
ts_unix_print(netdissect_options * ndo,const struct timeval * tv)278 ts_unix_print(netdissect_options *ndo, const struct timeval *tv)
279 {
280 if (tv->tv_sec < 0) {
281 ND_PRINT("[timestamp < 1970-01-01 00:00:00 UTC]");
282 return;
283 }
284
285 ND_PRINT("%u", (unsigned)tv->tv_sec);
286 ts_frac_print(ndo, tv);
287 }
288
289 /*
290 * Print the timestamp
291 */
292 void
ts_print(netdissect_options * ndo,const struct timeval * tvp)293 ts_print(netdissect_options *ndo,
294 const struct timeval *tvp)
295 {
296 static struct timeval tv_ref;
297 struct timeval tv_result;
298 int negative_offset;
299 int nano_prec;
300
301 switch (ndo->ndo_tflag) {
302
303 case 0: /* Default */
304 ts_date_hmsfrac_print(ndo, tvp, WITHOUT_DATE, LOCAL_TIME);
305 ND_PRINT(" ");
306 break;
307
308 case 1: /* No time stamp */
309 break;
310
311 case 2: /* Unix timeval style */
312 ts_unix_print(ndo, tvp);
313 ND_PRINT(" ");
314 break;
315
316 case 3: /* Microseconds/nanoseconds since previous packet */
317 case 5: /* Microseconds/nanoseconds since first packet */
318 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
319 switch (ndo->ndo_tstamp_precision) {
320 case PCAP_TSTAMP_PRECISION_MICRO:
321 nano_prec = 0;
322 break;
323 case PCAP_TSTAMP_PRECISION_NANO:
324 nano_prec = 1;
325 break;
326 default:
327 nano_prec = 0;
328 break;
329 }
330 #else
331 nano_prec = 0;
332 #endif
333 if (!(netdissect_timevalisset(&tv_ref)))
334 tv_ref = *tvp; /* set timestamp for first packet */
335
336 negative_offset = netdissect_timevalcmp(tvp, &tv_ref, <);
337 if (negative_offset)
338 netdissect_timevalsub(&tv_ref, tvp, &tv_result, nano_prec);
339 else
340 netdissect_timevalsub(tvp, &tv_ref, &tv_result, nano_prec);
341
342 ND_PRINT((negative_offset ? "-" : " "));
343 ts_date_hmsfrac_print(ndo, &tv_result, WITHOUT_DATE, UTC_TIME);
344 ND_PRINT(" ");
345
346 if (ndo->ndo_tflag == 3)
347 tv_ref = *tvp; /* set timestamp for previous packet */
348 break;
349
350 case 4: /* Date + Default */
351 ts_date_hmsfrac_print(ndo, tvp, WITH_DATE, LOCAL_TIME);
352 ND_PRINT(" ");
353 break;
354 }
355 }
356
357 /*
358 * Print an unsigned relative number of seconds (e.g. hold time, prune timer)
359 * in the form 5m1s. This does no truncation, so 32230861 seconds
360 * is represented as 1y1w1d1h1m1s.
361 */
362 void
unsigned_relts_print(netdissect_options * ndo,uint32_t secs)363 unsigned_relts_print(netdissect_options *ndo,
364 uint32_t secs)
365 {
366 static const char *lengths[] = {"y", "w", "d", "h", "m", "s"};
367 static const u_int seconds[] = {31536000, 604800, 86400, 3600, 60, 1};
368 const char **l = lengths;
369 const u_int *s = seconds;
370
371 if (secs == 0) {
372 ND_PRINT("0s");
373 return;
374 }
375 while (secs > 0) {
376 if (secs >= *s) {
377 ND_PRINT("%u%s", secs / *s, *l);
378 secs -= (secs / *s) * *s;
379 }
380 s++;
381 l++;
382 }
383 }
384
385 /*
386 * Print a signed relative number of seconds (e.g. hold time, prune timer)
387 * in the form 5m1s. This does no truncation, so 32230861 seconds
388 * is represented as 1y1w1d1h1m1s.
389 */
390 void
signed_relts_print(netdissect_options * ndo,int32_t secs)391 signed_relts_print(netdissect_options *ndo,
392 int32_t secs)
393 {
394 if (secs < 0) {
395 ND_PRINT("-");
396 if (secs == INT32_MIN) {
397 /*
398 * -2^31; you can't fit its absolute value into
399 * a 32-bit signed integer.
400 *
401 * Just directly pass said absolute value to
402 * unsigned_relts_print() directly.
403 *
404 * (XXX - does ISO C guarantee that -(-2^n),
405 * when calculated and cast to an n-bit unsigned
406 * integer type, will have the value 2^n?)
407 */
408 unsigned_relts_print(ndo, 2147483648U);
409 } else {
410 /*
411 * We now know -secs will fit into an int32_t;
412 * negate it and pass that to unsigned_relts_print().
413 */
414 unsigned_relts_print(ndo, -secs);
415 }
416 return;
417 }
418 unsigned_relts_print(ndo, secs);
419 }
420
421 /*
422 * Format a struct tm with strftime().
423 * If the pointer to the struct tm is null, that means that the
424 * routine to convert a time_t to a struct tm failed; the localtime()
425 * and gmtime() in the Microsoft Visual Studio C library will fail,
426 * returning null, if the value is before the UNIX Epoch.
427 */
428 const char *
nd_format_time(char * buf,size_t bufsize,const char * format,const struct tm * timeptr)429 nd_format_time(char *buf, size_t bufsize, const char *format,
430 const struct tm *timeptr)
431 {
432 if (timeptr != NULL) {
433 if (strftime(buf, bufsize, format, timeptr) != 0)
434 return (buf);
435 else
436 return ("[nd_format_time() buffer is too small]");
437 } else
438 return ("[localtime() or gmtime() couldn't convert the date and time]");
439 }
440
441 /* Print the truncated string */
nd_print_trunc(netdissect_options * ndo)442 void nd_print_trunc(netdissect_options *ndo)
443 {
444 ND_PRINT(" [|%s]", ndo->ndo_protocol);
445 }
446
447 /* Print the protocol name */
nd_print_protocol(netdissect_options * ndo)448 void nd_print_protocol(netdissect_options *ndo)
449 {
450 ND_PRINT("%s", ndo->ndo_protocol);
451 }
452
453 /* Print the protocol name in caps (uppercases) */
nd_print_protocol_caps(netdissect_options * ndo)454 void nd_print_protocol_caps(netdissect_options *ndo)
455 {
456 const char *p;
457 for (p = ndo->ndo_protocol; *p != '\0'; p++)
458 ND_PRINT("%c", ND_ASCII_TOUPPER(*p));
459 }
460
461 /* Print the invalid string */
nd_print_invalid(netdissect_options * ndo)462 void nd_print_invalid(netdissect_options *ndo)
463 {
464 ND_PRINT(" (invalid)");
465 }
466
467 /*
468 * this is a generic routine for printing unknown data;
469 * we pass on the linefeed plus indentation string to
470 * get a proper output - returns 0 on error
471 */
472
473 int
print_unknown_data(netdissect_options * ndo,const u_char * cp,const char * ident,u_int len)474 print_unknown_data(netdissect_options *ndo, const u_char *cp,
475 const char *ident, u_int len)
476 {
477 u_int len_to_print;
478
479 len_to_print = len;
480 if (!ND_TTEST_LEN(cp, 0)) {
481 ND_PRINT("%sDissector error: print_unknown_data called with pointer past end of packet",
482 ident);
483 return(0);
484 }
485 if (ND_BYTES_AVAILABLE_AFTER(cp) < len_to_print)
486 len_to_print = ND_BYTES_AVAILABLE_AFTER(cp);
487 hex_print(ndo, ident, cp, len_to_print);
488 return(1); /* everything is ok */
489 }
490
491 /*
492 * Convert a token value to a string; use "fmt" if not found.
493 */
494 static const char *
tok2strbuf(const struct tok * lp,const char * fmt,u_int v,char * buf,size_t bufsize)495 tok2strbuf(const struct tok *lp, const char *fmt,
496 u_int v, char *buf, size_t bufsize)
497 {
498 if (lp != NULL) {
499 while (lp->s != NULL) {
500 if (lp->v == v)
501 return (lp->s);
502 ++lp;
503 }
504 }
505 if (fmt == NULL)
506 fmt = "#%d";
507
508 (void)snprintf(buf, bufsize, fmt, v);
509 return (const char *)buf;
510 }
511
512 /*
513 * Convert a token value to a string; use "fmt" if not found.
514 * Uses tok2strbuf() on one of four local static buffers of size TOKBUFSIZE
515 * in round-robin fashion.
516 */
517 const char *
tok2str(const struct tok * lp,const char * fmt,u_int v)518 tok2str(const struct tok *lp, const char *fmt,
519 u_int v)
520 {
521 static char buf[4][TOKBUFSIZE];
522 static int idx = 0;
523 char *ret;
524
525 ret = buf[idx];
526 idx = (idx+1) & 3;
527 return tok2strbuf(lp, fmt, v, ret, sizeof(buf[0]));
528 }
529
530 /*
531 * Convert a bit token value to a string; use "fmt" if not found.
532 * this is useful for parsing bitfields, the output strings are separated
533 * if the s field is positive.
534 *
535 * A token matches iff it has one or more bits set and every bit that is set
536 * in the token is set in v. Consequently, a 0 token never matches.
537 */
538 static char *
bittok2str_internal(const struct tok * lp,const char * fmt,u_int v,const char * sep)539 bittok2str_internal(const struct tok *lp, const char *fmt,
540 u_int v, const char *sep)
541 {
542 static char buf[1024+1]; /* our string buffer */
543 char *bufp = buf;
544 size_t space_left = sizeof(buf), string_size;
545 const char * sepstr = "";
546
547 while (lp != NULL && lp->s != NULL) {
548 if (lp->v && (v & lp->v) == lp->v) {
549 /* ok we have found something */
550 if (space_left <= 1)
551 return (buf); /* only enough room left for NUL, if that */
552 string_size = strlcpy(bufp, sepstr, space_left);
553 if (string_size >= space_left)
554 return (buf); /* we ran out of room */
555 bufp += string_size;
556 space_left -= string_size;
557 if (space_left <= 1)
558 return (buf); /* only enough room left for NUL, if that */
559 string_size = strlcpy(bufp, lp->s, space_left);
560 if (string_size >= space_left)
561 return (buf); /* we ran out of room */
562 bufp += string_size;
563 space_left -= string_size;
564 sepstr = sep;
565 }
566 lp++;
567 }
568
569 if (bufp == buf)
570 /* bummer - lets print the "unknown" message as advised in the fmt string if we got one */
571 (void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%08x" : fmt, v);
572 return (buf);
573 }
574
575 /*
576 * Convert a bit token value to a string; use "fmt" if not found.
577 * this is useful for parsing bitfields, the output strings are not separated.
578 */
579 char *
bittok2str_nosep(const struct tok * lp,const char * fmt,u_int v)580 bittok2str_nosep(const struct tok *lp, const char *fmt,
581 u_int v)
582 {
583 return (bittok2str_internal(lp, fmt, v, ""));
584 }
585
586 /*
587 * Convert a bit token value to a string; use "fmt" if not found.
588 * this is useful for parsing bitfields, the output strings are comma separated.
589 */
590 char *
bittok2str(const struct tok * lp,const char * fmt,u_int v)591 bittok2str(const struct tok *lp, const char *fmt,
592 u_int v)
593 {
594 return (bittok2str_internal(lp, fmt, v, ", "));
595 }
596
597 /*
598 * Convert a value to a string using an array; the macro
599 * tok2strary() in <netdissect.h> is the public interface to
600 * this function and ensures that the second argument is
601 * correct for bounds-checking.
602 */
603 const char *
tok2strary_internal(const char ** lp,int n,const char * fmt,int v)604 tok2strary_internal(const char **lp, int n, const char *fmt,
605 int v)
606 {
607 static char buf[TOKBUFSIZE];
608
609 if (v >= 0 && v < n && lp[v] != NULL)
610 return lp[v];
611 if (fmt == NULL)
612 fmt = "#%d";
613 (void)snprintf(buf, sizeof(buf), fmt, v);
614 return (buf);
615 }
616
617 const struct tok *
uint2tokary_internal(const struct uint_tokary dict[],const size_t size,const u_int val)618 uint2tokary_internal(const struct uint_tokary dict[], const size_t size,
619 const u_int val)
620 {
621 size_t i;
622 /* Try a direct lookup before the full scan. */
623 if (val < size && dict[val].uintval == val)
624 return dict[val].tokary; /* OK if NULL */
625 for (i = 0; i < size; i++)
626 if (dict[i].uintval == val)
627 return dict[i].tokary; /* OK if NULL */
628 return NULL;
629 }
630
631 /*
632 * Convert a 32-bit netmask to prefixlen if possible
633 * the function returns the prefix-len; if plen == -1
634 * then conversion was not possible;
635 */
636
637 int
mask2plen(uint32_t mask)638 mask2plen(uint32_t mask)
639 {
640 const uint32_t bitmasks[33] = {
641 0x00000000,
642 0x80000000, 0xc0000000, 0xe0000000, 0xf0000000,
643 0xf8000000, 0xfc000000, 0xfe000000, 0xff000000,
644 0xff800000, 0xffc00000, 0xffe00000, 0xfff00000,
645 0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000,
646 0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000,
647 0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00,
648 0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0,
649 0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff
650 };
651 int prefix_len = 32;
652
653 /* let's see if we can transform the mask into a prefixlen */
654 while (prefix_len >= 0) {
655 if (bitmasks[prefix_len] == mask)
656 break;
657 prefix_len--;
658 }
659 return (prefix_len);
660 }
661
662 int
mask62plen(const u_char * mask)663 mask62plen(const u_char *mask)
664 {
665 u_char bitmasks[9] = {
666 0x00,
667 0x80, 0xc0, 0xe0, 0xf0,
668 0xf8, 0xfc, 0xfe, 0xff
669 };
670 int byte;
671 int cidr_len = 0;
672
673 for (byte = 0; byte < 16; byte++) {
674 u_int bits;
675
676 for (bits = 0; bits < (sizeof (bitmasks) / sizeof (bitmasks[0])); bits++) {
677 if (mask[byte] == bitmasks[bits]) {
678 cidr_len += bits;
679 break;
680 }
681 }
682
683 if (mask[byte] != 0xff)
684 break;
685 }
686 return (cidr_len);
687 }
688
689 /*
690 * Routine to print out information for text-based protocols such as FTP,
691 * HTTP, SMTP, RTSP, SIP, ....
692 */
693 #define MAX_TOKEN 128
694
695 /*
696 * Fetch a token from a packet, starting at the specified index,
697 * and return the length of the token.
698 *
699 * Returns 0 on error; yes, this is indistinguishable from an empty
700 * token, but an "empty token" isn't a valid token - it just means
701 * either a space character at the beginning of the line (this
702 * includes a blank line) or no more tokens remaining on the line.
703 */
704 static int
fetch_token(netdissect_options * ndo,const u_char * pptr,u_int idx,u_int len,u_char * tbuf,size_t tbuflen)705 fetch_token(netdissect_options *ndo, const u_char *pptr, u_int idx, u_int len,
706 u_char *tbuf, size_t tbuflen)
707 {
708 size_t toklen = 0;
709 u_char c;
710
711 for (; idx < len; idx++) {
712 if (!ND_TTEST_1(pptr + idx)) {
713 /* ran past end of captured data */
714 return (0);
715 }
716 c = GET_U_1(pptr + idx);
717 if (!ND_ISASCII(c)) {
718 /* not an ASCII character */
719 return (0);
720 }
721 if (c == ' ' || c == '\t' || c == '\r' || c == '\n') {
722 /* end of token */
723 break;
724 }
725 if (!ND_ASCII_ISPRINT(c)) {
726 /* not part of a command token or response code */
727 return (0);
728 }
729 if (toklen + 2 > tbuflen) {
730 /* no room for this character and terminating '\0' */
731 return (0);
732 }
733 tbuf[toklen] = c;
734 toklen++;
735 }
736 if (toklen == 0) {
737 /* no token */
738 return (0);
739 }
740 tbuf[toklen] = '\0';
741
742 /*
743 * Skip past any white space after the token, until we see
744 * an end-of-line (CR or LF).
745 */
746 for (; idx < len; idx++) {
747 if (!ND_TTEST_1(pptr + idx)) {
748 /* ran past end of captured data */
749 break;
750 }
751 c = GET_U_1(pptr + idx);
752 if (c == '\r' || c == '\n') {
753 /* end of line */
754 break;
755 }
756 if (!ND_ASCII_ISPRINT(c)) {
757 /* not a printable ASCII character */
758 break;
759 }
760 if (c != ' ' && c != '\t' && c != '\r' && c != '\n') {
761 /* beginning of next token */
762 break;
763 }
764 }
765 return (idx);
766 }
767
768 /*
769 * Scan a buffer looking for a line ending - LF or CR-LF.
770 * Return the index of the character after the line ending or 0 if
771 * we encounter a non-ASCII or non-printable character or don't find
772 * the line ending.
773 */
774 static u_int
print_txt_line(netdissect_options * ndo,const char * prefix,const u_char * pptr,u_int idx,u_int len)775 print_txt_line(netdissect_options *ndo, const char *prefix,
776 const u_char *pptr, u_int idx, u_int len)
777 {
778 u_int startidx;
779 u_int linelen;
780 u_char c;
781
782 startidx = idx;
783 while (idx < len) {
784 c = GET_U_1(pptr + idx);
785 if (c == '\n') {
786 /*
787 * LF without CR; end of line.
788 * Skip the LF and print the line, with the
789 * exception of the LF.
790 */
791 linelen = idx - startidx;
792 idx++;
793 goto print;
794 } else if (c == '\r') {
795 /* CR - any LF? */
796 if ((idx+1) >= len) {
797 /* not in this packet */
798 return (0);
799 }
800 if (GET_U_1(pptr + idx + 1) == '\n') {
801 /*
802 * CR-LF; end of line.
803 * Skip the CR-LF and print the line, with
804 * the exception of the CR-LF.
805 */
806 linelen = idx - startidx;
807 idx += 2;
808 goto print;
809 }
810
811 /*
812 * CR followed by something else; treat this
813 * as if it were binary data, and don't print
814 * it.
815 */
816 return (0);
817 } else if (!ND_ASCII_ISPRINT(c) && c != '\t') {
818 /*
819 * Not a printable ASCII character and not a tab;
820 * treat this as if it were binary data, and
821 * don't print it.
822 */
823 return (0);
824 }
825 idx++;
826 }
827
828 /*
829 * All printable ASCII, but no line ending after that point
830 * in the buffer.
831 */
832 linelen = idx - startidx;
833 ND_PRINT("%s%.*s", prefix, (int)linelen, pptr + startidx);
834 return (0);
835
836 print:
837 ND_PRINT("%s%.*s", prefix, (int)linelen, pptr + startidx);
838 return (idx);
839 }
840
841 /* Assign needed before calling txtproto_print(): ndo->ndo_protocol = "proto" */
842 void
txtproto_print(netdissect_options * ndo,const u_char * pptr,u_int len,const char ** cmds,u_int flags)843 txtproto_print(netdissect_options *ndo, const u_char *pptr, u_int len,
844 const char **cmds, u_int flags)
845 {
846 u_int idx, eol;
847 u_char token[MAX_TOKEN+1];
848 const char *cmd;
849 int print_this = 0;
850
851 if (cmds != NULL) {
852 /*
853 * This protocol has more than just request and
854 * response lines; see whether this looks like a
855 * request or response and, if so, print it and,
856 * in verbose mode, print everything after it.
857 *
858 * This is for HTTP-like protocols, where we
859 * want to print requests and responses, but
860 * don't want to print continuations of request
861 * or response bodies in packets that don't
862 * contain the request or response line.
863 */
864 idx = fetch_token(ndo, pptr, 0, len, token, sizeof(token));
865 if (idx != 0) {
866 /* Is this a valid request name? */
867 while ((cmd = *cmds++) != NULL) {
868 if (ascii_strcasecmp((const char *)token, cmd) == 0) {
869 /* Yes. */
870 print_this = 1;
871 break;
872 }
873 }
874
875 /*
876 * No - is this a valid response code (3 digits)?
877 *
878 * Is this token the response code, or is the next
879 * token the response code?
880 */
881 if (flags & RESP_CODE_SECOND_TOKEN) {
882 /*
883 * Next token - get it.
884 */
885 idx = fetch_token(ndo, pptr, idx, len, token,
886 sizeof(token));
887 }
888 if (idx != 0) {
889 if (ND_ASCII_ISDIGIT(token[0]) && ND_ASCII_ISDIGIT(token[1]) &&
890 ND_ASCII_ISDIGIT(token[2]) && token[3] == '\0') {
891 /* Yes. */
892 print_this = 1;
893 }
894 }
895 }
896 } else {
897 /*
898 * Either:
899 *
900 * 1) This protocol has only request and response lines
901 * (e.g., FTP, where all the data goes over a different
902 * connection); assume the payload is a request or
903 * response.
904 *
905 * or
906 *
907 * 2) This protocol is just text, so that we should
908 * always, at minimum, print the first line and,
909 * in verbose mode, print all lines.
910 */
911 print_this = 1;
912 }
913
914 nd_print_protocol_caps(ndo);
915
916 if (print_this) {
917 /*
918 * In non-verbose mode, just print the protocol, followed
919 * by the first line.
920 *
921 * In verbose mode, print lines as text until we run out
922 * of characters or see something that's not a
923 * printable-ASCII line.
924 */
925 if (ndo->ndo_vflag) {
926 /*
927 * We're going to print all the text lines in the
928 * request or response; just print the length
929 * on the first line of the output.
930 */
931 ND_PRINT(", length: %u", len);
932 for (idx = 0;
933 idx < len && (eol = print_txt_line(ndo, "\n\t", pptr, idx, len)) != 0;
934 idx = eol)
935 ;
936 } else {
937 /*
938 * Just print the first text line.
939 */
940 print_txt_line(ndo, ": ", pptr, 0, len);
941 }
942 }
943 }
944
945 #if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
946 (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
947 (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
948 (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
949 (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || \
950 defined(__vax__)
951 /*
952 * The processor natively handles unaligned loads, so just use memcpy()
953 * and memcmp(), to enable those optimizations.
954 *
955 * XXX - are those all the x86 tests we need?
956 * XXX - do we need to worry about ARMv1 through ARMv5, which didn't
957 * support unaligned loads, and, if so, do we need to worry about all
958 * of them, or just some of them, e.g. ARMv5?
959 * XXX - are those the only 68k tests we need not to generated
960 * unaligned accesses if the target is the 68000 or 68010?
961 * XXX - are there any tests we don't need, because some definitions are for
962 * compilers that also predefine the GCC symbols?
963 * XXX - do we need to test for both 32-bit and 64-bit versions of those
964 * architectures in all cases?
965 */
966 #else
967 /*
968 * The processor doesn't natively handle unaligned loads,
969 * and the compiler might "helpfully" optimize memcpy()
970 * and memcmp(), when handed pointers that would normally
971 * be properly aligned, into sequences that assume proper
972 * alignment.
973 *
974 * Do copies and compares of possibly-unaligned data by
975 * calling routines that wrap memcpy() and memcmp(), to
976 * prevent that optimization.
977 */
978 void
unaligned_memcpy(void * p,const void * q,size_t l)979 unaligned_memcpy(void *p, const void *q, size_t l)
980 {
981 memcpy(p, q, l);
982 }
983
984 /* As with memcpy(), so with memcmp(). */
985 int
unaligned_memcmp(const void * p,const void * q,size_t l)986 unaligned_memcmp(const void *p, const void *q, size_t l)
987 {
988 return (memcmp(p, q, l));
989 }
990 #endif
991
992