2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
8 /* Needs a better rewrite! */
14 #include "dissector.h"
15 #include "dissector_eth.h"
19 struct hash_table eth_lay2
;
20 struct hash_table eth_lay3
;
21 struct hash_table eth_lay4
;
23 static struct hash_table eth_ether_types
;
24 static struct hash_table eth_ports_udp
;
25 static struct hash_table eth_ports_tcp
;
26 static struct hash_table eth_oui
;
31 struct vendor_id
*next
;
37 struct port_tcp
*next
;
43 struct port_udp
*next
;
49 struct ether_type
*next
;
52 char *lookup_vendor(unsigned int id
)
54 struct vendor_id
*entry
= lookup_hash(id
, ð_oui
);
55 while (entry
&& id
!= entry
->id
)
57 return (entry
&& id
== entry
->id
? entry
->vendor
: "Unknown");
60 char *lookup_port_udp(unsigned int id
)
62 struct port_udp
*entry
= lookup_hash(id
, ð_ports_udp
);
63 while (entry
&& id
!= entry
->id
)
65 return (entry
&& id
== entry
->id
? entry
->port
: "Unknown");
68 char *lookup_port_tcp(unsigned int id
)
70 struct port_tcp
*entry
= lookup_hash(id
, ð_ports_tcp
);
71 while (entry
&& id
!= entry
->id
)
73 return (entry
&& id
== entry
->id
? entry
->port
: "Unknown");
76 char *lookup_ether_type(unsigned int id
)
78 struct ether_type
*entry
= lookup_hash(id
, ð_ether_types
);
79 while (entry
&& id
!= entry
->id
)
81 return (entry
&& id
== entry
->id
? entry
->type
: "Unknown");
84 static inline void dissector_init_entry(int (*fnt
)(void *ptr
))
89 static inline void dissector_init_exit(int (*fnt
)(void *ptr
))
94 static void dissector_init_lay2(int (*fnt
)(void *ptr
))
97 INSERT_HASH_PROTOS(arp_ops
, eth_lay2
);
98 INSERT_HASH_PROTOS(vlan_ops
, eth_lay2
);
99 INSERT_HASH_PROTOS(ipv4_ops
, eth_lay2
);
100 INSERT_HASH_PROTOS(ipv6_ops
, eth_lay2
);
101 for_each_hash(ð_lay2
, fnt
);
104 static void dissector_init_lay3(int (*fnt
)(void *ptr
))
106 init_hash(ð_lay3
);
107 INSERT_HASH_PROTOS(icmp_ops
, eth_lay3
);
108 INSERT_HASH_PROTOS(udp_ops
, eth_lay3
);
109 INSERT_HASH_PROTOS(tcp_ops
, eth_lay3
);
110 for_each_hash(ð_lay3
, fnt
);
113 static void dissector_init_lay4(int (*fnt
)(void *ptr
))
115 init_hash(ð_lay4
);
116 for_each_hash(ð_lay4
, fnt
);
119 static void dissector_init_oui(void)
122 char buff
[512], *ptr
;
123 struct vendor_id
*ven
;
126 fp
= fopen("/etc/netsniff-ng/oui.conf", "r");
128 panic("No /etc/netsniff-ng/oui.conf found!\n");
129 memset(buff
, 0, sizeof(buff
));
130 while (fgets(buff
, sizeof(buff
), fp
) != NULL
) {
131 buff
[sizeof(buff
) - 1] = 0;
132 ven
= xmalloc(sizeof(*ven
));
135 ptr
= getuint(ptr
, &ven
->id
);
137 ptr
= skipchar(ptr
, ',');
139 ptr
= strtrim_right(ptr
, '\n');
140 ptr
= strtrim_right(ptr
, ' ');
141 ven
->vendor
= xstrdup(ptr
);
143 pos
= insert_hash(ven
->id
, ven
, ð_oui
);
148 memset(buff
, 0, sizeof(buff
));
154 static int dissector_cleanup_oui(void *ptr
)
156 struct vendor_id
*tmp
, *v
= ptr
;
161 while ((tmp
= v
->next
)) {
172 static void dissector_init_ports_udp(void)
175 char buff
[512], *ptr
;
176 struct port_udp
*pudp
;
179 fp
= fopen("/etc/netsniff-ng/udp.conf", "r");
181 panic("No /etc/netsniff-ng/udp.conf found!\n");
182 memset(buff
, 0, sizeof(buff
));
183 while (fgets(buff
, sizeof(buff
), fp
) != NULL
) {
184 buff
[sizeof(buff
) - 1] = 0;
185 pudp
= xmalloc(sizeof(*pudp
));
188 ptr
= getuint(ptr
, &pudp
->id
);
190 ptr
= skipchar(ptr
, ',');
192 ptr
= strtrim_right(ptr
, '\n');
193 ptr
= strtrim_right(ptr
, ' ');
194 pudp
->port
= xstrdup(ptr
);
196 pos
= insert_hash(pudp
->id
, pudp
, ð_ports_udp
);
201 memset(buff
, 0, sizeof(buff
));
207 static int dissector_cleanup_ports_udp(void *ptr
)
209 struct port_udp
*tmp
, *p
= ptr
;
214 while ((tmp
= p
->next
)) {
225 static void dissector_init_ports_tcp(void)
228 char buff
[512], *ptr
;
229 struct port_tcp
*ptcp
;
232 fp
= fopen("/etc/netsniff-ng/tcp.conf", "r");
234 panic("No /etc/netsniff-ng/tcp.conf found!\n");
235 memset(buff
, 0, sizeof(buff
));
236 while (fgets(buff
, sizeof(buff
), fp
) != NULL
) {
237 buff
[sizeof(buff
) - 1] = 0;
238 ptcp
= xmalloc(sizeof(*ptcp
));
241 ptr
= getuint(ptr
, &ptcp
->id
);
243 ptr
= skipchar(ptr
, ',');
245 ptr
= strtrim_right(ptr
, '\n');
246 ptr
= strtrim_right(ptr
, ' ');
247 ptcp
->port
= xstrdup(ptr
);
249 pos
= insert_hash(ptcp
->id
, ptcp
, ð_ports_tcp
);
254 memset(buff
, 0, sizeof(buff
));
260 static int dissector_cleanup_ports_tcp(void *ptr
)
262 struct port_tcp
*tmp
, *p
= ptr
;
267 while ((tmp
= p
->next
)) {
278 static void dissector_init_ether_types(void)
281 char buff
[512], *ptr
;
282 struct ether_type
*et
;
285 fp
= fopen("/etc/netsniff-ng/ether.conf", "r");
287 panic("No /etc/netsniff-ng/ether.conf found!\n");
288 memset(buff
, 0, sizeof(buff
));
289 while (fgets(buff
, sizeof(buff
), fp
) != NULL
) {
290 buff
[sizeof(buff
) - 1] = 0;
291 et
= xmalloc(sizeof(*et
));
294 ptr
= getuint(ptr
, &et
->id
);
296 ptr
= skipchar(ptr
, ',');
298 ptr
= strtrim_right(ptr
, '\n');
299 ptr
= strtrim_right(ptr
, ' ');
300 et
->type
= xstrdup(ptr
);
302 pos
= insert_hash(et
->id
, et
, ð_ether_types
);
307 memset(buff
, 0, sizeof(buff
));
313 static int dissector_cleanup_ether_types(void *ptr
)
315 struct ether_type
*tmp
, *p
= ptr
;
320 while ((tmp
= p
->next
)) {
331 void dissector_init_ethernet(int fnttype
)
333 int (*fnt
)(void *ptr
) = NULL
;
336 case FNTTYPE_PRINT_NORM
:
337 fnt
= dissector_set_print_norm
;
339 case FNTTYPE_PRINT_LESS
:
340 fnt
= dissector_set_print_less
;
342 case FNTTYPE_PRINT_HEX1
:
343 fnt
= dissector_set_print_payload_hex
;
345 case FNTTYPE_PRINT_HEX2
:
346 fnt
= dissector_set_print_all_hex
;
348 case FNTTYPE_PRINT_CHR1
:
349 fnt
= dissector_set_print_payload
;
351 case FNTTYPE_PRINT_NOPA
:
352 fnt
= dissector_set_print_no_payload
;
354 case FNTTYPE_PRINT_PAAC
:
355 fnt
= dissector_set_print_c_style
;
358 case FNTTYPE_PRINT_NONE
:
359 fnt
= dissector_set_print_none
;
363 dissector_init_entry(fnt
);
364 dissector_init_lay2(fnt
);
365 dissector_init_lay3(fnt
);
366 dissector_init_lay4(fnt
);
367 dissector_init_exit(fnt
);
369 info("OUI "); fflush(stdout
);
370 dissector_init_oui();
371 info("UDP "); fflush(stdout
);
372 dissector_init_ports_udp();
373 info("TCP "); fflush(stdout
);
374 dissector_init_ports_tcp();
375 info("ETH "); fflush(stdout
);
376 dissector_init_ether_types();
377 info("\n"); fflush(stdout
);
380 void dissector_cleanup_ethernet(void)
382 free_hash(ð_lay2
);
383 free_hash(ð_lay3
);
384 free_hash(ð_lay4
);
386 for_each_hash(ð_ether_types
, dissector_cleanup_ether_types
);
387 free_hash(ð_ether_types
);
388 for_each_hash(ð_ports_udp
, dissector_cleanup_ports_udp
);
389 free_hash(ð_ports_udp
);
390 for_each_hash(ð_ports_tcp
, dissector_cleanup_ports_tcp
);
391 free_hash(ð_ports_tcp
);
392 for_each_hash(ð_oui
, dissector_cleanup_oui
);