17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
545916cd2Sjpk * Common Development and Distribution License (the "License").
645916cd2Sjpk * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22d04ccbb3Scarlsonj * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
24*12faddfcSRobert Mustacchi * Copyright 2015, Joyent, Inc.
257c478bd9Sstevel@tonic-gate */
267c478bd9Sstevel@tonic-gate
2745916cd2Sjpk #include <stdio.h>
2845916cd2Sjpk #include <stdlib.h>
2945916cd2Sjpk #include <strings.h>
307c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h>
317c478bd9Sstevel@tonic-gate #include <sys/types.h>
327c478bd9Sstevel@tonic-gate #include <sys/errno.h>
337c478bd9Sstevel@tonic-gate #include <setjmp.h>
347c478bd9Sstevel@tonic-gate #include <sys/socket.h>
357c478bd9Sstevel@tonic-gate #include <net/if.h>
367c478bd9Sstevel@tonic-gate #include <netinet/in_systm.h>
377c478bd9Sstevel@tonic-gate #include <netinet/in.h>
387c478bd9Sstevel@tonic-gate #include <netinet/ip.h>
397c478bd9Sstevel@tonic-gate #include <netinet/if_ether.h>
407c478bd9Sstevel@tonic-gate #include "snoop.h"
417c478bd9Sstevel@tonic-gate
427c478bd9Sstevel@tonic-gate struct porttable {
437c478bd9Sstevel@tonic-gate int pt_num;
447c478bd9Sstevel@tonic-gate char *pt_short;
457c478bd9Sstevel@tonic-gate };
467c478bd9Sstevel@tonic-gate
4745916cd2Sjpk static const struct porttable pt_udp[] = {
4845916cd2Sjpk { IPPORT_ECHO, "ECHO" },
4945916cd2Sjpk { IPPORT_DISCARD, "DISCARD" },
5045916cd2Sjpk { IPPORT_DAYTIME, "DAYTIME" },
51d04ccbb3Scarlsonj { IPPORT_CHARGEN, "CHARGEN" },
5245916cd2Sjpk { IPPORT_TIMESERVER, "TIME" },
5345916cd2Sjpk { IPPORT_NAMESERVER, "NAME" },
54d04ccbb3Scarlsonj { IPPORT_DOMAIN, "DNS" },
554b22b933Srs { IPPORT_MDNS, "MDNS" },
5645916cd2Sjpk { IPPORT_BOOTPS, "BOOTPS" },
5745916cd2Sjpk { IPPORT_BOOTPC, "BOOTPC" },
5845916cd2Sjpk { IPPORT_TFTP, "TFTP" },
5945916cd2Sjpk { IPPORT_FINGER, "FINGER" },
6045916cd2Sjpk /* { 111, "PORTMAP" }, Just Sun RPC */
61d04ccbb3Scarlsonj { IPPORT_NTP, "NTP" },
62d04ccbb3Scarlsonj { IPPORT_NETBIOS_NS, "NBNS" },
63d04ccbb3Scarlsonj { IPPORT_NETBIOS_DGM, "NBDG" },
64d04ccbb3Scarlsonj { IPPORT_LDAP, "LDAP" },
65d04ccbb3Scarlsonj { IPPORT_SLP, "SLP" },
667c478bd9Sstevel@tonic-gate /* Mobile IP defines a set of new control messages sent over UDP port 434 */
67d04ccbb3Scarlsonj { IPPORT_MIP, "Mobile IP" },
6845916cd2Sjpk { IPPORT_BIFFUDP, "BIFF" },
6945916cd2Sjpk { IPPORT_WHOSERVER, "WHO" },
70d04ccbb3Scarlsonj { IPPORT_SYSLOG, "SYSLOG" },
71d04ccbb3Scarlsonj { IPPORT_TALK, "TALK" },
7245916cd2Sjpk { IPPORT_ROUTESERVER, "RIP" },
73d04ccbb3Scarlsonj { IPPORT_RIPNG, "RIPng" },
74d04ccbb3Scarlsonj { IPPORT_DHCPV6C, "DHCPv6C" },
75d04ccbb3Scarlsonj { IPPORT_DHCPV6S, "DHCPv6S" },
7645916cd2Sjpk { 550, "NEW-RWHO" },
7745916cd2Sjpk { 560, "RMONITOR" },
7845916cd2Sjpk { 561, "MONITOR" },
79d04ccbb3Scarlsonj { IPPORT_SOCKS, "SOCKS" },
80*12faddfcSRobert Mustacchi { IPPORT_VXLAN, "VXLAN" },
8145916cd2Sjpk { 0, NULL }
827c478bd9Sstevel@tonic-gate };
837c478bd9Sstevel@tonic-gate
8445916cd2Sjpk static struct porttable pt_tcp[] = {
8545916cd2Sjpk { 1, "TCPMUX" },
8645916cd2Sjpk { IPPORT_ECHO, "ECHO" },
8745916cd2Sjpk { IPPORT_DISCARD, "DISCARD" },
8845916cd2Sjpk { IPPORT_SYSTAT, "SYSTAT" },
8945916cd2Sjpk { IPPORT_DAYTIME, "DAYTIME" },
9045916cd2Sjpk { IPPORT_NETSTAT, "NETSTAT" },
91d04ccbb3Scarlsonj { IPPORT_CHARGEN, "CHARGEN" },
9245916cd2Sjpk { 20, "FTP-DATA" },
9345916cd2Sjpk { IPPORT_FTP, "FTP" },
9445916cd2Sjpk { IPPORT_TELNET, "TELNET" },
9545916cd2Sjpk { IPPORT_SMTP, "SMTP" },
9645916cd2Sjpk { IPPORT_TIMESERVER, "TIME" },
9745916cd2Sjpk { 39, "RLP" },
9845916cd2Sjpk { IPPORT_NAMESERVER, "NAMESERVER" },
9945916cd2Sjpk { IPPORT_WHOIS, "NICNAME" },
100d04ccbb3Scarlsonj { IPPORT_DOMAIN, "DNS" },
10145916cd2Sjpk { 70, "GOPHER" },
10245916cd2Sjpk { IPPORT_RJE, "RJE" },
10345916cd2Sjpk { IPPORT_FINGER, "FINGER" },
104d04ccbb3Scarlsonj { IPPORT_HTTP, "HTTP" },
10545916cd2Sjpk { IPPORT_TTYLINK, "LINK" },
10645916cd2Sjpk { IPPORT_SUPDUP, "SUPDUP" },
10745916cd2Sjpk { 101, "HOSTNAME" },
10845916cd2Sjpk { 102, "ISO-TSAP" },
10945916cd2Sjpk { 103, "X400" },
11045916cd2Sjpk { 104, "X400-SND" },
11145916cd2Sjpk { 105, "CSNET-NS" },
11245916cd2Sjpk { 109, "POP-2" },
11345916cd2Sjpk /* { 111, "PORTMAP" }, Just Sun RPC */
11445916cd2Sjpk { 113, "AUTH" },
11545916cd2Sjpk { 117, "UUCP-PATH" },
11645916cd2Sjpk { 119, "NNTP" },
117d04ccbb3Scarlsonj { IPPORT_NTP, "NTP" },
118d04ccbb3Scarlsonj { IPPORT_NETBIOS_SSN, "NBT" },
11945916cd2Sjpk { 143, "IMAP" },
12045916cd2Sjpk { 144, "NeWS" },
121d04ccbb3Scarlsonj { IPPORT_LDAP, "LDAP" },
122d04ccbb3Scarlsonj { IPPORT_SLP, "SLP" },
12345916cd2Sjpk { 443, "HTTPS" },
12445916cd2Sjpk { 445, "SMB" },
12545916cd2Sjpk { IPPORT_EXECSERVER, "EXEC" },
12645916cd2Sjpk { IPPORT_LOGINSERVER, "RLOGIN" },
12745916cd2Sjpk { IPPORT_CMDSERVER, "RSHELL" },
128d04ccbb3Scarlsonj { IPPORT_PRINTER, "PRINTER" },
12945916cd2Sjpk { 530, "COURIER" },
13045916cd2Sjpk { 540, "UUCP" },
13145916cd2Sjpk { 600, "PCSERVER" },
132d04ccbb3Scarlsonj { IPPORT_SOCKS, "SOCKS" },
13345916cd2Sjpk { 1524, "INGRESLOCK" },
13445916cd2Sjpk { 2904, "M2UA" },
13545916cd2Sjpk { 2905, "M3UA" },
13645916cd2Sjpk { 6000, "XWIN" },
137d04ccbb3Scarlsonj { IPPORT_HTTP_ALT, "HTTP (proxy)" },
13845916cd2Sjpk { 9900, "IUA" },
13945916cd2Sjpk { 0, NULL },
1407c478bd9Sstevel@tonic-gate };
1417c478bd9Sstevel@tonic-gate
1427c478bd9Sstevel@tonic-gate char *
getportname(int proto,in_port_t port)1437c478bd9Sstevel@tonic-gate getportname(int proto, in_port_t port)
1447c478bd9Sstevel@tonic-gate {
14545916cd2Sjpk const struct porttable *p, *pt;
1467c478bd9Sstevel@tonic-gate
1477c478bd9Sstevel@tonic-gate switch (proto) {
1487c478bd9Sstevel@tonic-gate case IPPROTO_SCTP: /* fallthru */
1497c478bd9Sstevel@tonic-gate case IPPROTO_TCP: pt = pt_tcp; break;
1507c478bd9Sstevel@tonic-gate case IPPROTO_UDP: pt = pt_udp; break;
1517c478bd9Sstevel@tonic-gate default: return (NULL);
1527c478bd9Sstevel@tonic-gate }
1537c478bd9Sstevel@tonic-gate
1547c478bd9Sstevel@tonic-gate for (p = pt; p->pt_num; p++) {
1557c478bd9Sstevel@tonic-gate if (port == p->pt_num)
1567c478bd9Sstevel@tonic-gate return (p->pt_short);
1577c478bd9Sstevel@tonic-gate }
1587c478bd9Sstevel@tonic-gate return (NULL);
1597c478bd9Sstevel@tonic-gate }
1607c478bd9Sstevel@tonic-gate
1617c478bd9Sstevel@tonic-gate int
reservedport(int proto,int port)1627c478bd9Sstevel@tonic-gate reservedport(int proto, int port)
1637c478bd9Sstevel@tonic-gate {
16445916cd2Sjpk const struct porttable *p, *pt;
1657c478bd9Sstevel@tonic-gate
1667c478bd9Sstevel@tonic-gate switch (proto) {
1677c478bd9Sstevel@tonic-gate case IPPROTO_TCP: pt = pt_tcp; break;
1687c478bd9Sstevel@tonic-gate case IPPROTO_UDP: pt = pt_udp; break;
16995c74518SToomas Soome default: return (0);
1707c478bd9Sstevel@tonic-gate }
1717c478bd9Sstevel@tonic-gate for (p = pt; p->pt_num; p++) {
1727c478bd9Sstevel@tonic-gate if (port == p->pt_num)
1737c478bd9Sstevel@tonic-gate return (1);
1747c478bd9Sstevel@tonic-gate }
1757c478bd9Sstevel@tonic-gate return (0);
1767c478bd9Sstevel@tonic-gate }
1777c478bd9Sstevel@tonic-gate
1787c478bd9Sstevel@tonic-gate /*
1797c478bd9Sstevel@tonic-gate * Need to be able to register an
1807c478bd9Sstevel@tonic-gate * interpreter for transient ports.
1817c478bd9Sstevel@tonic-gate * See TFTP interpreter.
1827c478bd9Sstevel@tonic-gate */
1837c478bd9Sstevel@tonic-gate #define MAXTRANS 64
1845b8f338eSToomas Soome static struct ttable transients [MAXTRANS];
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate int
add_transient(int port,int (* proc)(int,void *,int))1875b8f338eSToomas Soome add_transient(int port, int (*proc)(int, void *, int))
1887c478bd9Sstevel@tonic-gate {
1897c478bd9Sstevel@tonic-gate static struct ttable *next = transients;
1907c478bd9Sstevel@tonic-gate
1917c478bd9Sstevel@tonic-gate next->t_port = port;
1927c478bd9Sstevel@tonic-gate next->t_proc = proc;
1937c478bd9Sstevel@tonic-gate
1947c478bd9Sstevel@tonic-gate if (++next >= &transients[MAXTRANS])
1957c478bd9Sstevel@tonic-gate next = transients;
1967c478bd9Sstevel@tonic-gate
1977c478bd9Sstevel@tonic-gate return (1);
1987c478bd9Sstevel@tonic-gate }
1997c478bd9Sstevel@tonic-gate
2005b8f338eSToomas Soome struct ttable *
is_transient(int port)2017c478bd9Sstevel@tonic-gate is_transient(int port)
2027c478bd9Sstevel@tonic-gate {
2037c478bd9Sstevel@tonic-gate struct ttable *p;
2047c478bd9Sstevel@tonic-gate
2057c478bd9Sstevel@tonic-gate for (p = transients; p->t_port && p < &transients[MAXTRANS]; p++) {
2067c478bd9Sstevel@tonic-gate if (port == p->t_port)
2077c478bd9Sstevel@tonic-gate return (p);
2087c478bd9Sstevel@tonic-gate }
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gate return (NULL);
2117c478bd9Sstevel@tonic-gate }
2127c478bd9Sstevel@tonic-gate
2137c478bd9Sstevel@tonic-gate void
del_transient(int port)2147c478bd9Sstevel@tonic-gate del_transient(int port)
2157c478bd9Sstevel@tonic-gate {
2167c478bd9Sstevel@tonic-gate struct ttable *p;
2177c478bd9Sstevel@tonic-gate
2187c478bd9Sstevel@tonic-gate for (p = transients; p->t_port && p < &transients[MAXTRANS]; p++) {
2197c478bd9Sstevel@tonic-gate if (port == p->t_port)
2207c478bd9Sstevel@tonic-gate p->t_port = -1;
2217c478bd9Sstevel@tonic-gate }
2227c478bd9Sstevel@tonic-gate }
2237c478bd9Sstevel@tonic-gate
2247c478bd9Sstevel@tonic-gate static void
interpret_syslog(int flags,char dir,int port,const char * syslogstr,int dlen)2257c478bd9Sstevel@tonic-gate interpret_syslog(int flags, char dir, int port, const char *syslogstr,
2267c478bd9Sstevel@tonic-gate int dlen)
2277c478bd9Sstevel@tonic-gate {
2287c478bd9Sstevel@tonic-gate static const char *pris[] = {
2297c478bd9Sstevel@tonic-gate "emerg", "alert", "crit", "error", "warn", "notice", "info", "debug"
2307c478bd9Sstevel@tonic-gate };
2317c478bd9Sstevel@tonic-gate static const char *facs[] = {
2327c478bd9Sstevel@tonic-gate "kern", "user", "mail", "daemon", "auth", "syslog", "lpr", "news",
2337c478bd9Sstevel@tonic-gate "uucp", NULL, NULL, NULL, NULL, "audit", NULL, "cron", "local0",
2347c478bd9Sstevel@tonic-gate "local1", "local2", "local3", "local4", "local5", "local6", "local7"
2357c478bd9Sstevel@tonic-gate };
2367c478bd9Sstevel@tonic-gate
2377c478bd9Sstevel@tonic-gate int composit;
2387c478bd9Sstevel@tonic-gate int pri = -1;
2397c478bd9Sstevel@tonic-gate int facil = -1;
2407c478bd9Sstevel@tonic-gate boolean_t bogus = B_TRUE;
2417c478bd9Sstevel@tonic-gate int priostrlen = 0;
2427c478bd9Sstevel@tonic-gate int datalen = dlen;
2437c478bd9Sstevel@tonic-gate char unknown[4]; /* for unrecognized ones */
2447c478bd9Sstevel@tonic-gate const char *facilstr = "BAD";
2457c478bd9Sstevel@tonic-gate const char *pristr = "FMT";
2467c478bd9Sstevel@tonic-gate const char *data = syslogstr;
2477c478bd9Sstevel@tonic-gate
2487c478bd9Sstevel@tonic-gate /*
2497c478bd9Sstevel@tonic-gate * Is there enough data to interpret (left bracket + at least 3 chars
2507c478bd9Sstevel@tonic-gate * which could be digits, right bracket, or space)?
2517c478bd9Sstevel@tonic-gate */
2527c478bd9Sstevel@tonic-gate if (datalen >= 4 && data != NULL) {
2537c478bd9Sstevel@tonic-gate if (*data == '<') {
2547c478bd9Sstevel@tonic-gate const int FACS_LEN = sizeof (facs) / sizeof (facs[0]);
2557c478bd9Sstevel@tonic-gate char buffer[4];
2567c478bd9Sstevel@tonic-gate char *end;
2577c478bd9Sstevel@tonic-gate
2587c478bd9Sstevel@tonic-gate data++;
2597c478bd9Sstevel@tonic-gate datalen--;
2607c478bd9Sstevel@tonic-gate
26145916cd2Sjpk (void) strlcpy(buffer, data, sizeof (buffer));
2627c478bd9Sstevel@tonic-gate composit = strtoul(buffer, &end, 0);
2637c478bd9Sstevel@tonic-gate data += end - buffer;
2647c478bd9Sstevel@tonic-gate if (*data == '>') {
2657c478bd9Sstevel@tonic-gate data++;
2667c478bd9Sstevel@tonic-gate datalen -= end - buffer + 1;
2677c478bd9Sstevel@tonic-gate
2687c478bd9Sstevel@tonic-gate pri = composit & 0x7;
2697c478bd9Sstevel@tonic-gate facil = (composit & 0xF8) >> 3;
2707c478bd9Sstevel@tonic-gate
2717c478bd9Sstevel@tonic-gate if ((facil >= FACS_LEN) ||
2727c478bd9Sstevel@tonic-gate (facs[facil] == NULL)) {
2737c478bd9Sstevel@tonic-gate snprintf(unknown, sizeof (unknown),
2747c478bd9Sstevel@tonic-gate "%d", facil);
2757c478bd9Sstevel@tonic-gate facilstr = unknown;
2767c478bd9Sstevel@tonic-gate } else {
2777c478bd9Sstevel@tonic-gate facilstr = facs[facil];
2787c478bd9Sstevel@tonic-gate }
2797c478bd9Sstevel@tonic-gate pristr = pris[pri];
2807c478bd9Sstevel@tonic-gate priostrlen = dlen - datalen;
2817c478bd9Sstevel@tonic-gate bogus = B_FALSE;
2827c478bd9Sstevel@tonic-gate } else {
2837c478bd9Sstevel@tonic-gate data = syslogstr;
2847c478bd9Sstevel@tonic-gate datalen = dlen;
2857c478bd9Sstevel@tonic-gate }
2867c478bd9Sstevel@tonic-gate }
2877c478bd9Sstevel@tonic-gate }
2887c478bd9Sstevel@tonic-gate
2897c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
2907c478bd9Sstevel@tonic-gate (void) snprintf(get_sum_line(), MAXLINE,
2917c478bd9Sstevel@tonic-gate "SYSLOG %c port=%d %s.%s: %s",
2927c478bd9Sstevel@tonic-gate dir, port, facilstr, pristr,
2937c478bd9Sstevel@tonic-gate show_string(syslogstr, dlen, 20));
2947c478bd9Sstevel@tonic-gate
2957c478bd9Sstevel@tonic-gate }
2967c478bd9Sstevel@tonic-gate
2977c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
2987c478bd9Sstevel@tonic-gate static char syslog[] = "SYSLOG: ";
2997c478bd9Sstevel@tonic-gate show_header(syslog, syslog, dlen);
3007c478bd9Sstevel@tonic-gate show_space();
30145916cd2Sjpk (void) snprintf(get_detail_line(0, 0), MAXLINE,
3027c478bd9Sstevel@tonic-gate "%s%sPriority: %.*s%s(%s.%s)", prot_nest_prefix, syslog,
3037c478bd9Sstevel@tonic-gate priostrlen, syslogstr, bogus ? "" : " ",
3047c478bd9Sstevel@tonic-gate facilstr, pristr);
30545916cd2Sjpk (void) snprintf(get_line(0, 0), get_line_remain(),
3064b22b933Srs "\"%s\"",
3074b22b933Srs show_string(syslogstr, dlen, 60));
3087c478bd9Sstevel@tonic-gate show_trailer();
3097c478bd9Sstevel@tonic-gate }
3107c478bd9Sstevel@tonic-gate }
3117c478bd9Sstevel@tonic-gate
3127c478bd9Sstevel@tonic-gate int src_port, dst_port, curr_proto;
3137c478bd9Sstevel@tonic-gate
3147c478bd9Sstevel@tonic-gate int
interpret_reserved(int flags,int proto,in_port_t src,in_port_t dst,char * data,int dlen)3157c478bd9Sstevel@tonic-gate interpret_reserved(int flags, int proto, in_port_t src, in_port_t dst,
3167c478bd9Sstevel@tonic-gate char *data, int dlen)
3177c478bd9Sstevel@tonic-gate {
31845916cd2Sjpk const char *pn;
3197c478bd9Sstevel@tonic-gate int dir, port, which;
3207c478bd9Sstevel@tonic-gate char pbuff[16], hbuff[32];
3217c478bd9Sstevel@tonic-gate struct ttable *ttabp;
3227c478bd9Sstevel@tonic-gate
3237c478bd9Sstevel@tonic-gate src_port = src;
3247c478bd9Sstevel@tonic-gate dst_port = dst;
3257c478bd9Sstevel@tonic-gate curr_proto = proto;
3267c478bd9Sstevel@tonic-gate
3277c478bd9Sstevel@tonic-gate pn = getportname(proto, src);
3287c478bd9Sstevel@tonic-gate if (pn != NULL) {
3297c478bd9Sstevel@tonic-gate dir = 'R';
3307c478bd9Sstevel@tonic-gate port = dst;
3317c478bd9Sstevel@tonic-gate which = src;
3327c478bd9Sstevel@tonic-gate } else {
3337c478bd9Sstevel@tonic-gate pn = getportname(proto, dst);
3347c478bd9Sstevel@tonic-gate if (pn == NULL) {
3357c478bd9Sstevel@tonic-gate ttabp = is_transient(src);
3367c478bd9Sstevel@tonic-gate if (ttabp) {
3377c478bd9Sstevel@tonic-gate (ttabp->t_proc)(flags, data, dlen);
3387c478bd9Sstevel@tonic-gate return (1);
3397c478bd9Sstevel@tonic-gate }
3407c478bd9Sstevel@tonic-gate ttabp = is_transient(dst);
3417c478bd9Sstevel@tonic-gate if (ttabp) {
3427c478bd9Sstevel@tonic-gate (ttabp->t_proc)(flags, data, dlen);
3437c478bd9Sstevel@tonic-gate return (1);
3447c478bd9Sstevel@tonic-gate }
3457c478bd9Sstevel@tonic-gate return (0);
3467c478bd9Sstevel@tonic-gate }
3477c478bd9Sstevel@tonic-gate
3487c478bd9Sstevel@tonic-gate dir = 'C';
3497c478bd9Sstevel@tonic-gate port = src;
3507c478bd9Sstevel@tonic-gate which = dst;
3517c478bd9Sstevel@tonic-gate }
3527c478bd9Sstevel@tonic-gate
3534b22b933Srs if ((dst == IPPORT_DOMAIN || src == IPPORT_DOMAIN ||
3544b22b933Srs dst == IPPORT_MDNS || src == IPPORT_MDNS) &&
355d04ccbb3Scarlsonj proto != IPPROTO_TCP) {
3564b22b933Srs interpret_dns(flags, proto, (uchar_t *)data, dlen, which);
3577c478bd9Sstevel@tonic-gate return (1);
3587c478bd9Sstevel@tonic-gate }
3597c478bd9Sstevel@tonic-gate
360d04ccbb3Scarlsonj if (dst == IPPORT_SYSLOG && proto != IPPROTO_TCP) {
3617c478bd9Sstevel@tonic-gate /*
3627c478bd9Sstevel@tonic-gate * TCP port 514 is rshell. UDP port 514 is syslog.
3637c478bd9Sstevel@tonic-gate */
3647c478bd9Sstevel@tonic-gate interpret_syslog(flags, dir, port, (const char *)data, dlen);
3657c478bd9Sstevel@tonic-gate return (1);
3667c478bd9Sstevel@tonic-gate }
3677c478bd9Sstevel@tonic-gate
3687c478bd9Sstevel@tonic-gate if (dlen > 0) {
3697c478bd9Sstevel@tonic-gate switch (which) {
37045916cd2Sjpk case IPPORT_BOOTPS:
37145916cd2Sjpk case IPPORT_BOOTPC:
37245916cd2Sjpk (void) interpret_dhcp(flags, (struct dhcp *)data,
37345916cd2Sjpk dlen);
3747c478bd9Sstevel@tonic-gate return (1);
375d04ccbb3Scarlsonj case IPPORT_DHCPV6S:
376d04ccbb3Scarlsonj case IPPORT_DHCPV6C:
377d04ccbb3Scarlsonj (void) interpret_dhcpv6(flags, (uint8_t *)data, dlen);
378d04ccbb3Scarlsonj return (1);
37945916cd2Sjpk case IPPORT_TFTP:
38045916cd2Sjpk (void) interpret_tftp(flags, (struct tftphdr *)data,
38145916cd2Sjpk dlen);
3827c478bd9Sstevel@tonic-gate return (1);
383d04ccbb3Scarlsonj case IPPORT_HTTP:
384d04ccbb3Scarlsonj case IPPORT_HTTP_ALT:
38545916cd2Sjpk (void) interpret_http(flags, data, dlen);
3867c478bd9Sstevel@tonic-gate return (1);
387d04ccbb3Scarlsonj case IPPORT_NTP:
38845916cd2Sjpk (void) interpret_ntp(flags, (struct ntpdata *)data,
38945916cd2Sjpk dlen);
3907c478bd9Sstevel@tonic-gate return (1);
391d04ccbb3Scarlsonj case IPPORT_NETBIOS_NS:
39245916cd2Sjpk interpret_netbios_ns(flags, (uchar_t *)data, dlen);
3937c478bd9Sstevel@tonic-gate return (1);
394d04ccbb3Scarlsonj case IPPORT_NETBIOS_DGM:
39545916cd2Sjpk interpret_netbios_datagram(flags, (uchar_t *)data,
39645916cd2Sjpk dlen);
3977c478bd9Sstevel@tonic-gate return (1);
398d04ccbb3Scarlsonj case IPPORT_NETBIOS_SSN:
3997c478bd9Sstevel@tonic-gate case 445:
4007c478bd9Sstevel@tonic-gate /*
4017c478bd9Sstevel@tonic-gate * SMB on port 445 is a subset of NetBIOS SMB
4027c478bd9Sstevel@tonic-gate * on port 139. The same interpreter can be used
4037c478bd9Sstevel@tonic-gate * for both.
4047c478bd9Sstevel@tonic-gate */
40545916cd2Sjpk interpret_netbios_ses(flags, (uchar_t *)data, dlen);
4067c478bd9Sstevel@tonic-gate return (1);
407d04ccbb3Scarlsonj case IPPORT_LDAP:
4087c478bd9Sstevel@tonic-gate interpret_ldap(flags, data, dlen, src, dst);
4097c478bd9Sstevel@tonic-gate return (1);
410d04ccbb3Scarlsonj case IPPORT_SLP:
4117c478bd9Sstevel@tonic-gate interpret_slp(flags, data, dlen);
4127c478bd9Sstevel@tonic-gate return (1);
413d04ccbb3Scarlsonj case IPPORT_MIP:
4147c478bd9Sstevel@tonic-gate interpret_mip_cntrlmsg(flags, (uchar_t *)data, dlen);
4157c478bd9Sstevel@tonic-gate return (1);
41645916cd2Sjpk case IPPORT_ROUTESERVER:
41745916cd2Sjpk (void) interpret_rip(flags, (struct rip *)data, dlen);
4187c478bd9Sstevel@tonic-gate return (1);
419d04ccbb3Scarlsonj case IPPORT_RIPNG:
42045916cd2Sjpk (void) interpret_rip6(flags, (struct rip6 *)data,
42145916cd2Sjpk dlen);
4227c478bd9Sstevel@tonic-gate return (1);
423d04ccbb3Scarlsonj case IPPORT_SOCKS:
4247c478bd9Sstevel@tonic-gate if (dir == 'C')
42545916cd2Sjpk (void) interpret_socks_call(flags, data, dlen);
4267c478bd9Sstevel@tonic-gate else
42745916cd2Sjpk (void) interpret_socks_reply(flags, data,
42845916cd2Sjpk dlen);
4297c478bd9Sstevel@tonic-gate return (1);
430*12faddfcSRobert Mustacchi case IPPORT_VXLAN:
431*12faddfcSRobert Mustacchi (void) interpret_vxlan(flags, data, dlen);
432*12faddfcSRobert Mustacchi return (1);
4337c478bd9Sstevel@tonic-gate }
4347c478bd9Sstevel@tonic-gate }
4357c478bd9Sstevel@tonic-gate
4367c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
43745916cd2Sjpk (void) snprintf(get_sum_line(), MAXLINE,
4384b22b933Srs "%s %c port=%d %s",
4394b22b933Srs pn, dir, port,
4404b22b933Srs show_string(data, dlen, 20));
4417c478bd9Sstevel@tonic-gate }
4427c478bd9Sstevel@tonic-gate
4437c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
44445916cd2Sjpk (void) snprintf(pbuff, sizeof (pbuff), "%s: ", pn);
44545916cd2Sjpk (void) snprintf(hbuff, sizeof (hbuff), "%s: ", pn);
4467c478bd9Sstevel@tonic-gate show_header(pbuff, hbuff, dlen);
4477c478bd9Sstevel@tonic-gate show_space();
44845916cd2Sjpk (void) snprintf(get_line(0, 0), get_line_remain(),
4494b22b933Srs "\"%s\"",
4504b22b933Srs show_string(data, dlen, 60));
4517c478bd9Sstevel@tonic-gate show_trailer();
4527c478bd9Sstevel@tonic-gate }
4537c478bd9Sstevel@tonic-gate return (1);
4547c478bd9Sstevel@tonic-gate }
455