proto_ethernet.c

   1 /*
   2  * netsniff-ng - the packet sniffing beast
   3  * Copyright 2009, 2010 Daniel Borkmann.
   4  * Copyright 2014 Tobias Klauser
   5  * Subject to the GPL, version 2.
   6  */
   7
   8 #include <stdio.h>
   9 #include <stdint.h>
  10 #include <netinet/in.h>
  11 #include <linux/if_ether.h>
  12
  13 #include "proto.h"
  14 #include "dissector_eth.h"
  15 #include "pkt_buff.h"
  16 #include "oui.h"
  17
  18 static inline bool is_multicast_ether_addr(const uint8_t *mac)
  19 {
  20         return mac[0] & 0x01;
  21 }
  22
  23 static inline bool is_broadcast_ether_addr(const uint8_t *mac)
  24 {
  25         return (mac[0] & mac[1] & mac[2] & mac[3] & mac[4] & mac[5]) == 0xff;
  26 }
  27
  28 static const char *ether_lookup_addr(uint8_t *mac)
  29 {
  30         if (is_multicast_ether_addr(mac)) {
  31                 if (is_broadcast_ether_addr(mac))
  32                         return "Broadcast";
  33                 else
  34                         return "Multicast";
  35         }
  36
  37         /* found no matching address, so look up the vendor from OUI */
  38         return lookup_vendor_str((mac[0] << 16) | (mac[1] << 8) | mac[2]);
  39 }
  40
  41 static void ethernet(struct pkt_buff *pkt)
  42 {
  43         char *type;
  44         uint8_t *src_mac, *dst_mac;
  45         struct ethhdr *eth = (struct ethhdr *) pkt_pull(pkt, sizeof(*eth));
  46
  47         if (eth == NULL)
  48                 return;
  49
  50         src_mac = eth->h_source;
  51         dst_mac = eth->h_dest;
  52
  53         tprintf(" [ Eth ");
  54         tprintf("MAC (%.2x:%.2x:%.2x:%.2x:%.2x:%.2x => ",
  55                 src_mac[0], src_mac[1], src_mac[2],
  56                 src_mac[3], src_mac[4], src_mac[5]);
  57         tprintf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x), ",
  58                 dst_mac[0], dst_mac[1], dst_mac[2],
  59                 dst_mac[3], dst_mac[4], dst_mac[5]);
  60         tprintf("Proto (0x%.4x", ntohs(eth->h_proto));
  61
  62         type = lookup_ether_type(ntohs(eth->h_proto));
  63         if (type)
  64                 tprintf(", %s%s%s", colorize_start(bold), type, colorize_end());
  65
  66         tprintf(") ]\n");
  67         tprintf(" [ Vendor ");
  68         tprintf("(%s => %s)", ether_lookup_addr(src_mac), ether_lookup_addr(dst_mac));
  69         tprintf(" ]\n");
  70
  71         pkt_set_proto(pkt, &eth_lay2, ntohs(eth->h_proto));
  72 }
  73
  74 static void ethernet_less(struct pkt_buff *pkt)
  75 {
  76         uint8_t *src_mac, *dst_mac;
  77         struct ethhdr *eth = (struct ethhdr *) pkt_pull(pkt, sizeof(*eth));
  78
  79         if (eth == NULL)
  80                 return;
  81
  82         src_mac = eth->h_source;
  83         dst_mac = eth->h_dest;
  84         tprintf(" %s => %s ",
  85                 lookup_vendor_str((src_mac[0] << 16) | (src_mac[1] << 8) |
  86                               src_mac[2]),
  87                 lookup_vendor_str((dst_mac[0] << 16) | (dst_mac[1] << 8) |
  88                               dst_mac[2]));
  89         tprintf("%s%s%s", colorize_start(bold),
  90                 lookup_ether_type(ntohs(eth->h_proto)), colorize_end());
  91
  92         pkt_set_proto(pkt, &eth_lay2, ntohs(eth->h_proto));
  93 }
  94
  95 struct protocol ethernet_ops = {
  96         .key = 0,
  97         .print_full = ethernet,
  98         .print_less = ethernet_less,
  99 };