2 * netsniff-ng - the packet sniffing beast
3 * Copyright 2009, 2010 Daniel Borkmann.
4 * Copyright 2014 Tobias Klauser
5 * Subject to the GPL, version 2.
10 #include <netinet/in.h>
11 #include <linux/if_ether.h>
14 #include "dissector_eth.h"
19 static inline bool is_multicast_ether_addr(const uint8_t *mac
)
24 static inline bool is_broadcast_ether_addr(const uint8_t *mac
)
26 return (mac
[0] & mac
[1] & mac
[2] & mac
[3] & mac
[4] & mac
[5]) == 0xff;
29 static const char *ether_lookup_addr(const uint8_t *mac
)
31 if (is_multicast_ether_addr(mac
)) {
32 if (is_broadcast_ether_addr(mac
))
38 /* found no matching address, so look up the vendor from OUI */
39 return lookup_vendor_str((mac
[0] << 16) | (mac
[1] << 8) | mac
[2]);
42 static void ethernet(struct pkt_buff
*pkt
)
45 uint8_t *src_mac
, *dst_mac
;
46 struct ethhdr
*eth
= (struct ethhdr
*) pkt_pull(pkt
, sizeof(*eth
));
51 src_mac
= eth
->h_source
;
52 dst_mac
= eth
->h_dest
;
55 tprintf("MAC (%.2x:%.2x:%.2x:%.2x:%.2x:%.2x => ",
56 src_mac
[0], src_mac
[1], src_mac
[2],
57 src_mac
[3], src_mac
[4], src_mac
[5]);
58 tprintf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x), ",
59 dst_mac
[0], dst_mac
[1], dst_mac
[2],
60 dst_mac
[3], dst_mac
[4], dst_mac
[5]);
61 tprintf("Proto (0x%.4x", ntohs(eth
->h_proto
));
63 type
= lookup_ether_type(ntohs(eth
->h_proto
));
65 tprintf(", %s%s%s", colorize_start(bold
), type
, colorize_end());
68 tprintf(" [ Vendor ");
69 tprintf("(%s => %s)", ether_lookup_addr(src_mac
), ether_lookup_addr(dst_mac
));
72 pkt_set_dissector(pkt
, ð_lay2
, ntohs(eth
->h_proto
));
75 static void ethernet_less(struct pkt_buff
*pkt
)
77 uint8_t *src_mac
, *dst_mac
;
78 struct ethhdr
*eth
= (struct ethhdr
*) pkt_pull(pkt
, sizeof(*eth
));
83 src_mac
= eth
->h_source
;
84 dst_mac
= eth
->h_dest
;
85 tprintf(" %s => %s ", ether_lookup_addr(src_mac
),
86 ether_lookup_addr(dst_mac
));
87 tprintf("%s%s%s", colorize_start(bold
),
88 lookup_ether_type(ntohs(eth
->h_proto
)), colorize_end());
90 pkt_set_dissector(pkt
, ð_lay2
, ntohs(eth
->h_proto
));
93 struct protocol ethernet_ops
= {
95 .print_full
= ethernet
,
96 .print_less
= ethernet_less
,