2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
9 #include <netinet/in.h> /* for ntohs() */
13 #include "dissector_eth.h"
18 uint16_t ar_hrd
; /* format of hardware address */
19 uint16_t ar_pro
; /* format of protocol address */
20 uint8_t ar_hln
; /* length of hardware address */
21 uint8_t ar_pln
; /* length of protocol address */
22 uint16_t ar_op
; /* ARP opcode (command) */
23 uint8_t ar_sha
[6]; /* sender hardware address */
24 uint8_t ar_sip
[4]; /* sender IP address */
25 uint8_t ar_tha
[6]; /* target hardware address */
26 uint8_t ar_tip
[4]; /* target IP address */
29 #define ARPHRD_ETHER 1
30 #define ARPHRD_IEEE802 6
31 #define ARPHRD_ARCNET 7
33 #define ARPHRD_ATM2 19
34 #define ARPHRD_SERIAL 20
35 #define ARPHRD_ATM3 21
36 #define ARPHRD_IEEE1394 24
38 #define ARPOP_REQUEST 1 /* ARP request */
39 #define ARPOP_REPLY 2 /* ARP reply */
40 #define ARPOP_RREQUEST 3 /* RARP request */
41 #define ARPOP_RREPLY 4 /* RARP reply */
42 #define ARPOP_InREQUEST 8 /* InARP request */
43 #define ARPOP_InREPLY 9 /* InARP reply */
44 #define ARPOP_NAK 10 /* (ATM)ARP NAK */
46 static void arp(struct pkt_buff
*pkt
)
51 struct arphdr
*arp
= (struct arphdr
*) pkt_pull(pkt
, sizeof(*arp
));
56 switch (ntohs(arp
->ar_hrd
)) {
75 hrd
= "IEEE 1394.1995";
82 pro
= lookup_ether_type(ntohs(arp
->ar_pro
));
86 switch (ntohs(arp
->ar_op
)) {
88 opcode
= "ARP request";
94 opcode
= "RARP request";
97 opcode
= "RARP reply";
100 opcode
= "InARP request";
103 opcode
= "InARP reply";
106 opcode
= "(ATM) ARP NAK";
114 tprintf("Format HA (%u => %s), ", ntohs(arp
->ar_hrd
), hrd
);
115 tprintf("Format Proto (0x%.4x => %s), ", ntohs(arp
->ar_pro
), pro
);
116 tprintf("HA Len (%u), ", arp
->ar_hln
);
117 tprintf("Proto Len (%u), ", arp
->ar_pln
);
118 tprintf("Opcode (%u => %s)", ntohs(arp
->ar_op
), opcode
);
122 static void arp_less(struct pkt_buff
*pkt
)
125 struct arphdr
*arp
= (struct arphdr
*) pkt_pull(pkt
, sizeof(*arp
));
130 switch (ntohs(arp
->ar_op
)) {
132 opcode
= "ARP request";
135 opcode
= "ARP reply";
138 opcode
= "RARP request";
141 opcode
= "RARP reply";
143 case ARPOP_InREQUEST
:
144 opcode
= "InARP request";
147 opcode
= "InARP reply";
150 opcode
= "(ATM) ARP NAK";
157 tprintf(" Op %s", opcode
);
160 struct protocol arp_ops
= {
163 .print_less
= arp_less
,