search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lookup: Move UDP/TCP port and Ethernet type lookup into own module
[netsniff-ng.git] / dissector.h
blobf4963c9a56c46281107d2887b090cf28b8ff3662
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * Copyright 2009 - 2013 Daniel Borkmann.
4 * Subject to the GPL, version 2.
5 */
6
7 #ifndef DISSECTOR_H
8 #define DISSECTOR_H
9
10 #include <stdlib.h>
11 #include <stdint.h>
12 #include <sys/socket.h>
13 #include <linux/if_packet.h>
14 #include <linux/if.h>
15 #include <libnl3/netlink/msg.h>
16
17 #include "ring.h"
18 #include "tprintf.h"
19
20 #define PRINT_NORM 0
21 #define PRINT_LESS 1
22 #define PRINT_HEX 2
23 #define PRINT_ASCII 3
24 #define PRINT_HEX_ASCII 4
25 #define PRINT_NONE 5
26
27 extern char *if_indextoname(unsigned ifindex, char *ifname);
28
29 static const char * const packet_types[256] = {
30 [0 ... 255] = "?", /* Unknown */
31 [PACKET_HOST] = "<", /* Incoming */
32 [PACKET_BROADCAST] = "B", /* Broadcast */
33 [PACKET_MULTICAST] = "M", /* Multicast */
34 [PACKET_OTHERHOST] = "P", /* Promisc */
35 [PACKET_OUTGOING] = ">", /* Outgoing */
36 [PACKET_USER] = ">U", /* To Userspace */
37 [PACKET_KERNEL] = ">K", /* To Kernelspace */
38 };
39
40 static inline const char *__show_ts_source(uint32_t status)
41 {
42 if (status & TP_STATUS_TS_RAW_HARDWARE)
43 return "(raw hw ts)";
44 else if (status & TP_STATUS_TS_SYS_HARDWARE)
45 return "(sys hw ts)";
46 else if (status & TP_STATUS_TS_SOFTWARE)
47 return "(sw ts)";
48 else
49 return "";
50 }
51
52 static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype,
53 struct sockaddr_ll *s_ll, void *raw_hdr,
54 int mode, bool v3)
55 {
56 char tmp[IFNAMSIZ];
57 union tpacket_uhdr hdr;
58 uint8_t pkttype = s_ll->sll_pkttype;
59
60 if (mode == PRINT_NONE)
61 return;
62
63 /*
64 * If we're capturing on nlmon0, all packets will have sll_pkttype set
65 * to PACKET_OUTGOING, but we actually want PACKET_USER/PACKET_KERNEL as
66 * it originally was set in the kernel. Thus, use nlmsghdr->nlmsg_pid to
67 * restore the type.
68 */
69 if (linktype == AF_NETLINK && len >= sizeof(struct nlmsghdr)) {
70 struct nlmsghdr *hdr = (struct nlmsghdr *) packet;
71 pkttype = hdr->nlmsg_pid == 0 ? PACKET_KERNEL : PACKET_USER;
72 }
73
74 hdr.raw = raw_hdr;
75 switch (mode) {
76 case PRINT_LESS:
77 tprintf("%s %s %u",
78 packet_types[pkttype] ? : "?",
79 if_indextoname(s_ll->sll_ifindex, tmp) ? : "?",
80 v3 ? hdr.h3->tp_len : hdr.h2->tp_len);
81 break;
82 default:
83 tprintf("%s %s %u %us.%uns %s\n",
84 packet_types[pkttype] ? : "?",
85 if_indextoname(s_ll->sll_ifindex, tmp) ? : "?",
86 v3 ? hdr.h3->tp_len : hdr.h2->tp_len,
87 v3 ? hdr.h3->tp_sec : hdr.h2->tp_sec,
88 v3 ? hdr.h3->tp_nsec : hdr.h2->tp_nsec,
89 v3 ? "" : __show_ts_source(hdr.h2->tp_status));
90 break;
91 }
92 }
93
94 static inline void show_frame_hdr(uint8_t *packet, size_t len, int linktype,
95 struct frame_map *hdr, int mode)
96 {
97 __show_frame_hdr(packet, len, linktype, &hdr->s_ll, &hdr->tp_h, mode, false);
98 }
99
100 extern void dissector_init_all(int fnttype);
101 extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode);
102 extern void dissector_cleanup_all(void);
103 extern int dissector_set_print_type(void *ptr, int type);
104
105 #endif /* DISSECTOR_H */
netsniff-ng toolkit, the packet sniffing beast, staging tree