2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
13 #include <netinet/in.h> /* for ntohs() */
15 #include "proto_struct.h"
16 #include "dissector_eth.h"
23 #if defined(__LITTLE_ENDIAN_BITFIELD)
24 __extension__
uint16_t res1
:4,
34 #elif defined(__BIG_ENDIAN_BITFIELD)
35 __extension__
uint16_t doff
:4,
46 # error "Adjust your <asm/byteorder.h> defines"
51 } __attribute__((packed
));
53 static inline uint16_t tcp_port(uint16_t src
, uint16_t dst
)
60 /* XXX: Is there a better way to determine? */
61 if (src
< dst
&& src
< 1024) {
63 } else if (dst
< src
&& dst
< 1024) {
66 tmp1
= lookup_port_tcp(src
);
67 tmp2
= lookup_port_tcp(dst
);
70 } else if (!tmp1
&& tmp2
) {
81 static inline void tcp(uint8_t *packet
, size_t len
)
83 struct tcphdr
*tcp
= (struct tcphdr
*) packet
;
85 if (len
< sizeof(struct tcphdr
))
89 tprintf("Port (%u => %u, %s%s%s), ",
90 ntohs(tcp
->source
), ntohs(tcp
->dest
),
92 lookup_port_tcp(tcp_port(tcp
->source
, tcp
->dest
)),
94 tprintf("SN (0x%x), ", ntohl(tcp
->seq
));
95 tprintf("AN (0x%x), ", ntohl(tcp
->ack_seq
));
96 tprintf("DataOff (%u), ", tcp
->doff
);
97 tprintf("Res (%u), ", tcp
->res1
);
116 tprintf("Window (%u), ", ntohs(tcp
->window
));
117 tprintf("CSum (0x%.4x), ", ntohs(tcp
->check
));
118 tprintf("UrgPtr (%u)", ntohs(tcp
->urg_ptr
));
122 static inline void tcp_less(uint8_t *packet
, size_t len
)
124 struct tcphdr
*tcp
= (struct tcphdr
*) packet
;
126 if (len
< sizeof(struct tcphdr
))
129 tprintf(" TCP %s%s%s %u/%u F%s",
130 colorize_start(bold
),
131 lookup_port_tcp(tcp_port(tcp
->source
, tcp
->dest
)),
132 colorize_end(), ntohs(tcp
->source
), ntohs(tcp
->dest
),
133 colorize_start(bold
));
150 tprintf("%s Win %u S/A 0x%x/0x%x", colorize_end(),
151 ntohs(tcp
->window
), ntohl(tcp
->seq
), ntohl(tcp
->ack_seq
));
154 static inline void tcp_next(uint8_t *packet
, size_t len
,
155 struct hash_table
**table
,
156 unsigned int *key
, size_t *off
)
158 struct tcphdr
*tcp
= (struct tcphdr
*) packet
;
160 if (len
< sizeof(struct tcphdr
))
163 (*off
) = sizeof(struct tcphdr
);
164 (*key
) = tcp_port(tcp
->source
, tcp
->dest
);
165 (*table
) = ð_lay4
;
174 struct protocol tcp_ops
= {
176 .offset
= sizeof(struct tcphdr
),
178 .print_less
= tcp_less
,
179 .print_pay_ascii
= empty
,
180 .print_pay_hex
= empty
,
181 .print_pay_none
= tcp
,
182 .print_all_cstyle
= __hex2
,
183 .print_all_hex
= __hex
,
184 .proto_next
= tcp_next
,