proto_arp.c

   1 /*
   2  * netsniff-ng - the packet sniffing beast
   3  * Copyright 2009, 2010 Daniel Borkmann.
   4  * Subject to the GPL, version 2.
   5  */
   6
   7 #include <stdint.h>
   8 #include <netinet/in.h>    /* for ntohs() */
   9
  10 #include "proto.h"
  11 #include "dissector_eth.h"
  12 #include "pkt_buff.h"
  13 #include "built_in.h"
  14
  15 struct arphdr {
  16         uint16_t ar_hrd;   /* format of hardware address */
  17         uint16_t ar_pro;   /* format of protocol address */
  18         uint8_t ar_hln;    /* length of hardware address */
  19         uint8_t ar_pln;    /* length of protocol address */
  20         uint16_t ar_op;    /* ARP opcode (command)       */
  21         uint8_t ar_sha[6]; /* sender hardware address    */
  22         uint8_t ar_sip[4]; /* sender IP address          */
  23         uint8_t ar_tha[6]; /* target hardware address    */
  24         uint8_t ar_tip[4]; /* target IP address          */
  25 } __packed;
  26
  27 #define ARPHRD_ETHER    1
  28 #define ARPHRD_IEEE802  6
  29 #define ARPHRD_ARCNET   7
  30 #define ARPHRD_ATM      16
  31 #define ARPHRD_ATM2     19
  32 #define ARPHRD_SERIAL   20
  33 #define ARPHRD_ATM3     21
  34 #define ARPHRD_IEEE1394 24
  35
  36 #define ARPOP_REQUEST   1  /* ARP request                */
  37 #define ARPOP_REPLY     2  /* ARP reply                  */
  38 #define ARPOP_RREQUEST  3  /* RARP request               */
  39 #define ARPOP_RREPLY    4  /* RARP reply                 */
  40 #define ARPOP_InREQUEST 8  /* InARP request              */
  41 #define ARPOP_InREPLY   9  /* InARP reply                */
  42 #define ARPOP_NAK       10 /* (ATM)ARP NAK               */
  43
  44 static void arp(struct pkt_buff *pkt)
  45 {
  46         char *hrd;
  47         char *pro;
  48         char *opcode;
  49         struct arphdr *arp = (struct arphdr *) pkt_pull(pkt, sizeof(*arp));
  50
  51         if (arp == NULL)
  52                 return;
  53
  54         switch (ntohs(arp->ar_hrd)) {
  55         case ARPHRD_ETHER:
  56                 hrd = "Ethernet";
  57                 break;
  58         case ARPHRD_IEEE802:
  59                 hrd = "IEEE 802";
  60                 break;
  61         case ARPHRD_ARCNET:
  62                 hrd = "ARCNET";
  63                 break;
  64         case ARPHRD_ATM:
  65         case ARPHRD_ATM2:
  66         case ARPHRD_ATM3:
  67                 hrd = "ATM";
  68                 break;
  69         case ARPHRD_SERIAL:
  70                 hrd = "Serial Line";
  71                 break;
  72         case ARPHRD_IEEE1394:
  73                 hrd = "IEEE 1394.1995";
  74                 break;
  75         default:
  76                 hrd = "Unknown";
  77                 break;
  78         }
  79
  80         pro = lookup_ether_type(ntohs(arp->ar_pro));
  81         if (pro == NULL)
  82                 pro = "Unknown";
  83
  84         switch (ntohs(arp->ar_op)) {
  85         case ARPOP_REQUEST:
  86                 opcode = "ARP request";
  87                 break;
  88         case ARPOP_REPLY:
  89                 opcode = "ARP reply";
  90                 break;
  91         case ARPOP_RREQUEST:
  92                 opcode = "RARP request";
  93                 break;
  94         case ARPOP_RREPLY:
  95                 opcode = "RARP reply";
  96                 break;
  97         case ARPOP_InREQUEST:
  98                 opcode = "InARP request";
  99                 break;
 100         case ARPOP_InREPLY:
 101                 opcode = "InARP reply";
 102                 break;
 103         case ARPOP_NAK:
 104                 opcode = "(ATM) ARP NAK";
 105                 break;
 106         default:
 107                 opcode = "Unknown";
 108                 break;
 109         };
 110
 111         tprintf(" [ ARP ");
 112         tprintf("Format HA (%u => %s), ", ntohs(arp->ar_hrd), hrd);
 113         tprintf("Format Proto (0x%.4x => %s), ", ntohs(arp->ar_pro), pro);
 114         tprintf("HA Len (%u), ", arp->ar_hln);
 115         tprintf("Proto Len (%u), ", arp->ar_pln);
 116         tprintf("Opcode (%u => %s)", ntohs(arp->ar_op), opcode);
 117         tprintf(" ]\n");
 118 }
 119
 120 static void arp_less(struct pkt_buff *pkt)
 121 {
 122         char *opcode = NULL;
 123         struct arphdr *arp = (struct arphdr *) pkt_pull(pkt, sizeof(*arp));
 124
 125         if (arp == NULL)
 126                 return;
 127
 128         switch (ntohs(arp->ar_op)) {
 129         case ARPOP_REQUEST:
 130                 opcode = "ARP request";
 131                 break;
 132         case ARPOP_REPLY:
 133                 opcode = "ARP reply";
 134                 break;
 135         case ARPOP_RREQUEST:
 136                 opcode = "RARP request";
 137                 break;
 138         case ARPOP_RREPLY:
 139                 opcode = "RARP reply";
 140                 break;
 141         case ARPOP_InREQUEST:
 142                 opcode = "InARP request";
 143                 break;
 144         case ARPOP_InREPLY:
 145                 opcode = "InARP reply";
 146                 break;
 147         case ARPOP_NAK:
 148                 opcode = "(ATM) ARP NAK";
 149                 break;
 150         default:
 151                 opcode = "Unknown";
 152                 break;
 153         };
 154
 155         tprintf(" Op %s", opcode);
 156 }
 157
 158 struct protocol arp_ops = {
 159         .key = 0x0806,
 160         .print_full = arp,
 161         .print_less = arp_less,
 162 };