From d00b89925b5d36fa1ddffe5a820c033680c89f41 Mon Sep 17 00:00:00 2001 From: mpi Date: Sat, 3 Feb 2018 13:39:48 +0000 Subject: [PATCH] Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark. ok deraadt@, dlg@ --- lib/libpcap/gencode.c | 4 +- lib/libpcap/pcap.c | 3 +- usr.sbin/tcpdump/Makefile | 4 +- usr.sbin/tcpdump/interface.h | 6 ++- usr.sbin/tcpdump/print-usbpcap.c | 73 ++++++++++++++++++++++++++++++++ usr.sbin/tcpdump/tcpdump.c | 3 +- 6 files changed, 86 insertions(+), 7 deletions(-) create mode 100644 usr.sbin/tcpdump/print-usbpcap.c diff --git a/lib/libpcap/gencode.c b/lib/libpcap/gencode.c index fcc3ebf7b92..fed5811dd24 100644 --- a/lib/libpcap/gencode.c +++ b/lib/libpcap/gencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gencode.c,v 1.46 2016/11/20 12:45:26 reyk Exp $ */ +/* $OpenBSD: gencode.c,v 1.47 2018/02/03 13:39:48 mpi Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 @@ -787,6 +787,8 @@ init_linktype(type) off_nl = 12; return; + case DLT_USBPCAP: + /* FALLTHROUGH */ case DLT_RAW: off_linktype = -1; off_nl = 0; diff --git a/lib/libpcap/pcap.c b/lib/libpcap/pcap.c index 41bda730f4d..fe6f4b88a19 100644 --- a/lib/libpcap/pcap.c +++ b/lib/libpcap/pcap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcap.c,v 1.20 2016/11/16 13:47:27 reyk Exp $ */ +/* $OpenBSD: pcap.c,v 1.21 2018/02/03 13:39:48 mpi Exp $ */ /* * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 @@ -326,6 +326,7 @@ DLT_CHOICE(DLT_IEEE802_11, "IEEE 802.11 wireless"), DLT_CHOICE(DLT_PFLOG, "Packet filter logging, by pcap people"), DLT_CHOICE(DLT_IEEE802_11_RADIO, "IEEE 802.11 plus WLAN header"), DLT_CHOICE(DLT_OPENFLOW, "OpenFlow"), +DLT_CHOICE(DLT_USBPCAP, "USB"), #undef DLT_CHOICE { NULL, NULL, -1} }; diff --git a/usr.sbin/tcpdump/Makefile b/usr.sbin/tcpdump/Makefile index 116ac823204..c128f0608f8 100644 --- a/usr.sbin/tcpdump/Makefile +++ b/usr.sbin/tcpdump/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.62 2017/10/30 10:07:44 mpi Exp $ +# $OpenBSD: Makefile,v 1.63 2018/02/03 13:39:48 mpi Exp $ # # Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994 # The Regents of the University of California. All rights reserved. @@ -49,7 +49,7 @@ SRCS= tcpdump.c addrtoname.c privsep.c privsep_fdpass.c privsep_pcap.c \ print-etherip.c print-lwres.c print-lldp.c print-cdp.c print-pflog.c \ print-pfsync.c pf_print_state.c print-ofp.c ofp_map.c \ print-udpencap.c print-carp.c \ - print-802_11.c print-iapp.c print-mpls.c print-slow.c \ + print-802_11.c print-iapp.c print-mpls.c print-slow.c print-usbpcap.c \ gmt2local.c savestr.c setsignal.c in_cksum.c # TCP OS Fingerprinting diff --git a/usr.sbin/tcpdump/interface.h b/usr.sbin/tcpdump/interface.h index 384f5277ca0..5037695640d 100644 --- a/usr.sbin/tcpdump/interface.h +++ b/usr.sbin/tcpdump/interface.h @@ -1,4 +1,4 @@ -/* $OpenBSD: interface.h,v 1.69 2016/11/16 13:47:27 reyk Exp $ */ +/* $OpenBSD: interface.h,v 1.70 2018/02/03 13:39:48 mpi Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -20,7 +20,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Id: interface.h,v 1.69 2016/11/16 13:47:27 reyk Exp $ (LBL) + * @(#) $Id: interface.h,v 1.70 2018/02/03 13:39:48 mpi Exp $ (LBL) */ #ifndef tcpdump_interface_h @@ -276,6 +276,8 @@ extern void slow_print(const u_char *, u_int); extern void gtp_print(const u_char *, u_int, u_short, u_short); extern void ofp_print(const u_char *, u_int); extern void ofp_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); +extern void usbpcap_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); #ifdef INET6 extern void ip6_print(const u_char *, u_int); diff --git a/usr.sbin/tcpdump/print-usbpcap.c b/usr.sbin/tcpdump/print-usbpcap.c new file mode 100644 index 00000000000..1ddc8575eec --- /dev/null +++ b/usr.sbin/tcpdump/print-usbpcap.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2018 Martin Pieuchot + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +#include "interface.h" + +#ifndef nitems +#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) +#endif + +const char *usbpcap_xfer_type[] = {"isoc", "intr", "ctrl", "bulk"}; + +void +usbpcap_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) +{ + u_int length = h->len; + u_int caplen = h->caplen; + const struct usbpcap_pkt_hdr *uph; + u_int16_t hdrlen; + + ts_print(&h->ts); + + /* check length */ + if (caplen < sizeof(uint16_t)) { + printf("[|usb]"); + goto out; + } + uph = (struct usbpcap_pkt_hdr *)p; + hdrlen = letoh16(uph->uph_hlen); + if (hdrlen < sizeof(*uph)) { + printf("[usb: invalid header length %u!]", hdrlen); + goto out; + } + + if (caplen < hdrlen) { + printf("[|usb]"); + goto out; + } + + printf("bus %u %c addr %u: ep%u", + letoh16(uph->uph_bus), + ((uph->uph_info & USBPCAP_INFO_DIRECTION_IN) ? '<' : '>'), + letoh16(uph->uph_devaddr), UE_GET_ADDR(uph->uph_epaddr)); + + if (uph->uph_xfertype < nitems(usbpcap_xfer_type)) + printf(" %s", usbpcap_xfer_type[uph->uph_xfertype]); + else + printf(" ??"); + + printf(" %u", letoh32(uph->uph_dlen)); + + if (xflag) + default_print(p + sizeof(*uph), length - sizeof(*uph)); +out: + putchar('\n'); +} diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index 378d1574edb..c40a8f4ed37 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.81 2017/12/08 17:04:15 deraadt Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.82 2018/02/03 13:39:48 mpi Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -127,6 +127,7 @@ static struct printer printers[] = { { ieee802_11_if_print, DLT_IEEE802_11 }, { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, { ofp_if_print, DLT_OPENFLOW }, + { usbpcap_if_print, DLT_USBPCAP }, { NULL, 0 }, }; -- 2.20.1