Only in tcpdump-3.4a5.dicom: .nfs2A91 Common subdirectories: tcpdump-3.4a5/lbl and tcpdump-3.4a5.dicom/lbl Common subdirectories: tcpdump-3.4a5/linux-include and tcpdump-3.4a5.dicom/linux-include diff -r -c tcpdump-3.4a5/print-ip.c tcpdump-3.4a5.dicom/print-ip.c *** tcpdump-3.4a5/print-ip.c Wed May 28 14:51:45 1997 --- tcpdump-3.4a5.dicom/print-ip.c Tue Oct 14 19:02:03 1997 *************** *** 1,3 **** --- 1,5 ---- + #define DICOM + /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. *************** *** 329,335 **** --- 331,663 ---- return (sum); } + #ifdef DICOM /* + * print a DICOM command PDV. + */ + static void + print_dicom_command_pdv(const u_char *dp,long dlen,int indent) + { + char msg[65]; + char *indentstring; + switch (indent) { + case 0: indentstring=""; break; + case 1: indentstring="\t"; break; + case 2: indentstring="\t\t"; break; + case 3: indentstring="\t\t\t"; break; + default: indentstring="\t\t\t\t"; break; + } + + default_print_unaligned(dp,dlen); + + while (dlen > 0) { + unsigned short group; + unsigned short element; + unsigned long vl; + + if (dlen < 8) { + if (dlen == 1) + (void)printf("\n--DICOM-- %sMessage PDV one byte of trailing padding",indentstring,dlen); + else + (void)printf("\n--DICOM-- %sMessage PDV too short (%lu left) - incomplete attribute",indentstring,dlen); + break; + } + + #define EXTRACT16_DICOM_LE(p,i) (((unsigned short)p[i+1]<<8)+p[i]) + #define EXTRACT32_DICOM_LE(p,i) (((((((unsigned long)p[i+3]<<8)+p[i+2])<<8)+p[i+1])<<8)+p[i]) + + group=EXTRACT16_DICOM_LE(dp,0); + element=EXTRACT16_DICOM_LE(dp,2); + vl=EXTRACT32_DICOM_LE(dp,4); + + (void)printf("\n--DICOM-- %s(%04x,%04x) VL=%lu (0x%lx)\t",indentstring,group,element,vl,vl); + + if (group != 0) { + (void)printf(" non-command attribute - giving up parsing message",indentstring); + break; + } + else { + switch (element) { + case 0x0000: (void)printf(" Group Length"); + if (vl == 4) (void)printf(" = %lu",EXTRACT32_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x0002: (void)printf(" Affected SOP Class UID"); + if (vl > 0 && vl <= 64) { + strncpy(msg,dp+8,vl); + msg[vl]=0; + (void)printf(" = <%s>",msg); + } + else (void)printf(" bad length"); + break; + case 0x0003: (void)printf(" Requested SOP Class UID"); + if (vl > 0 && vl <= 64) { + strncpy(msg,dp+8,vl); + msg[vl]=0; + (void)printf(" = <%s>",msg); + } + else (void)printf(" bad length"); + break; + case 0x0100: (void)printf(" Command Field"); + if (vl == 2) { + unsigned short cmd=EXTRACT16_DICOM_LE(dp,8); + (void)printf(" = 0x%04x",cmd); + if (cmd == 0x0fff) + (void)printf(" C-CANCEL-xxxx-RQ"); + else { + switch(cmd & 0x7fff) { + case 0x0001: (void)printf(" C-STORE"); break; + case 0x0010: (void)printf(" C-GET"); break; + case 0x0020: (void)printf(" C-FIND"); break; + case 0x0021: (void)printf(" C-MOVE"); break; + case 0x0030: (void)printf(" C-ECHO"); break; + case 0x0100: (void)printf(" N-EVENT-REPORT"); break; + case 0x0110: (void)printf(" N-GET"); break; + case 0x0120: (void)printf(" N-SET"); break; + case 0x0130: (void)printf(" N-ACTION"); break; + case 0x0140: (void)printf(" N-CREATE"); break; + case 0x0150: (void)printf(" N-DELETE"); break; + } + (void)printf("-%s",(cmd&0x8000) ? "RSP" : "RQ"); + } + } + else (void)printf(" bad length"); + break; + case 0x0110: (void)printf(" Message ID"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x0120: (void)printf(" Message ID Being Responded To"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x0600: (void)printf(" Move Destination"); + if (vl > 0 && vl <= 16) { + strncpy(msg,dp+8,vl); + msg[vl]=0; + (void)printf(" = <%s>",msg); + } + else (void)printf(" bad length"); + break; + case 0x0700: (void)printf(" Priority"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x0800: (void)printf(" Data Set Type"); + if (vl == 2) (void)printf(" = 0x%04x",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x0900: (void)printf(" Status"); + if (vl == 2) (void)printf(" = 0x%04x",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x1000: (void)printf(" Affected SOP Instance UID"); + if (vl > 0 && vl <= 64) { + strncpy(msg,dp+8,vl); + msg[vl]=0; + (void)printf(" = <%s>",msg); + } + else (void)printf(" bad length"); + break; + case 0x1001: (void)printf(" Requested SOP Instance UID"); + if (vl > 0 && vl <= 64) { + strncpy(msg,dp+8,vl); + msg[vl]=0; + (void)printf(" = <%s>",msg); + } + else (void)printf(" bad length"); + break; + case 0x1002: (void)printf(" Event Type ID"); + if (vl == 2) (void)printf(" = 0x%04x",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x1005: (void)printf(" Attribute Identifier List"); + break; + case 0x1020: (void)printf(" Number Of Remaining Suboperations"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x1021: (void)printf(" Number Of Completed Suboperations"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x1022: (void)printf(" Number Of Failed Suboperations"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x1023: (void)printf(" Number Of Warning Suboperations"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + case 0x1030: (void)printf(" Move Originator Application Entity Title"); + if (vl > 0 && vl <= 16) { + strncpy(msg,dp+8,vl); + msg[vl]=0; + (void)printf(" = <%s>",msg); + } + else (void)printf(" bad length"); + break; + case 0x1031: (void)printf(" Move Originator Message ID"); + if (vl == 2) (void)printf(" = %u",EXTRACT16_DICOM_LE(dp,8)); + else (void)printf(" bad length"); + break; + default: + break; + } + } + + dlen-=(vl+8); + dp+=(vl+8); + } + } + #endif + + #ifdef DICOM + /* + * print a DICOM associate request/response item list. + */ + static void + print_dicom_associate_pdu(const u_char *dp,long dlen,int indent) + { + char msg[65]; + int msglen; + char *indentstring; + switch (indent) { + case 0: indentstring=""; break; + case 1: indentstring="\t"; break; + case 2: indentstring="\t\t"; break; + case 3: indentstring="\t\t\t"; break; + default: indentstring="\t\t\t\t"; break; + } + + while (dlen > 0) { + unsigned short ilen; + if (dlen < 4) { + (void)printf("\n--DICOM-- %sItem too short - no length",indentstring); + break; + } + else { + ilen=ntohs(EXTRACT_16BITS(dp+2)); + } + + (void)printf("\n--DICOM-- %sItem %02x (length %u)",indentstring,(unsigned short)*dp,ilen); + + if (ilen+4 > dlen) { + (void)printf("\n--DICOM-- %sItem too long - greater than what is left in PDU",indentstring); + break; + } + + switch (*dp) { /* Item Type */ + case 0x10: (void)printf(" Application Context"); + msglen=ilen > 64 ? 64 : ilen; + if (ilen) { + strncpy(msg,dp+4,msglen); + msg[msglen]=0; + (void)printf("\n--DICOM-- %s\tApplication Context Name=%s",indentstring,msg); + } + break; + case 0x20: (void)printf(" Presentation Context (offered)"); + (void)printf("\n--DICOM-- %s\tPresentation Context ID=%u",indentstring,(unsigned short)dp[4]); + if (!(dp[4] & 0x01)) + (void)printf("\n--DICOM-- %sPresentation Context ID should not be even :(",indentstring); + if (ilen > 4) + print_dicom_associate_pdu(dp+8,ilen-4,indent+1); + break; + case 0x21: (void)printf(" Presentation Context (accepted)"); + (void)printf("\n--DICOM-- %s\tPresentation Context ID=%u",indentstring,(unsigned short)dp[4]); + if (!(dp[4] & 0x01)) + (void)printf("\n--DICOM-- %sPresentation Context ID should not be even :(",indentstring); + (void)printf("\n--DICOM-- %s\tResult/Reason=%u",indentstring,(unsigned short)*(dp+6)); + switch(*(dp+6)) { + case 0: (void)printf(" (acceptance)"); break; + case 1: (void)printf(" (user rejection)"); break; + case 2: (void)printf(" (no reason - provider rejection)"); break; + case 3: (void)printf(" (Abstract Syntax not supported - provider rejection)"); break; + case 4: (void)printf(" (Transfer Syntaxes not supported - provider rejection)"); break; + default: (void)printf(" (unrecognized)"); break; + } + if (ilen > 4) + print_dicom_associate_pdu(dp+8,ilen-4,indent+1); + break; + case 0x30: (void)printf(" Abstract Syntax"); + msglen=ilen > 64 ? 64 : ilen; + if (ilen) { + strncpy(msg,dp+4,msglen); + msg[msglen]=0; + (void)printf("\n--DICOM-- %s\tAbstract Syntax Name=%s",indentstring,msg); + } + break; + case 0x40: (void)printf(" Transfer Syntax"); + msglen=ilen > 64 ? 64 : ilen; + if (ilen) { + strncpy(msg,dp+4,msglen); + msg[msglen]=0; + (void)printf("\n--DICOM-- %s\tTransfer Syntax Name=%s",indentstring,msg); + } + break; + case 0x50: (void)printf(" User"); + if (ilen > 4) + print_dicom_associate_pdu(dp+4,ilen,indent+1); + break; + case 0x51: (void)printf(" Maximum Length"); + if (ilen != 4) + (void)printf("\n--DICOM-- %sbad length :(",indentstring); + else + (void)printf("\n--DICOM-- %s\tMaximum Length Received=%lu",indentstring,ntohl(EXTRACT_32BITS(dp+4))); + break; + case 0x52: (void)printf(" Implementation Class UID"); + msglen=ilen > 64 ? 64 : ilen; + if (ilen) { + strncpy(msg,dp+4,msglen); + msg[msglen]=0; + (void)printf("\n--DICOM-- %s\tImplementation Class UID=%s",indentstring,msg); + } + break; + case 0x53: (void)printf(" Asynchronous Operations Window"); + if (ilen != 4) + (void)printf("\n--DICOM-- %sbad length :(",indentstring); + else { + (void)printf("\n--DICOM-- %s\tMaximum Number of Operations Invoked=%u",indentstring,ntohs(EXTRACT_16BITS(dp+4))); + (void)printf("\n--DICOM-- %s\tMaximum Number of Operations Performed=%u",indentstring,ntohs(EXTRACT_16BITS(dp+6))); + } + break; + case 0x54: (void)printf(" SCP/SCU Role Selection"); + if (ilen < 8) + (void)printf("\n--DICOM-- %sbad length :(",indentstring); + else { + u_char role; + unsigned short uidlen=ntohs(EXTRACT_16BITS(dp+4)); + (void)printf("\n--DICOM-- %s\tUID Length=%u",indentstring,uidlen); + msglen=uidlen > 64 ? 64 : uidlen; + if (uidlen) { + strncpy(msg,dp+6,msglen); + msg[msglen]=0; + (void)printf("\n--DICOM-- %s\tSOP Class UID=%s",indentstring,msg); + } + role=ntohs(EXTRACT_16BITS(dp+6+uidlen)); + (void)printf("\n--DICOM-- %s\tSCU Role=%u (%s)",indentstring,role,role ? "accept" : "reject"); + role=ntohs(EXTRACT_16BITS(dp+6+uidlen+1)); + (void)printf("\n--DICOM-- %s\tSCP Role=%u (%s)",indentstring,role,role ? "accept" : "reject"); + } + break; + case 0x55: (void)printf(" Implementation Version Name"); + msglen=ilen > 16 ? 16 : ilen; + if (ilen) { + strncpy(msg,dp+4,msglen); + msg[msglen]=0; + (void)printf("\n--DICOM-- %s\tImplementation Version Name=%s",indentstring,msg); + } + break; + default: (void)printf(" unrecognized"); + break; + } + dp+=(ilen+4); + dlen-=(ilen+4); + } + } + #endif + + /* * print an IP datagram. */ void *************** *** 521,524 **** --- 849,1006 ---- } printf(")"); } + #ifdef DICOM + if ((off & 0x1fff) == 0 && ip->ip_p == IPPROTO_TCP) { + unsigned short thlen; + unsigned short tlen; + const u_char *dp; + cp = (const u_char *)ip + hlen; + thlen=((cp[12] >> 4) & 0xf)*4; + tlen=len-thlen; + /* (void)printf("\n--DICOM-- TCP Header Length=%d",thlen); */ + /* (void)printf("\n--DICOM-- TCP Data Length=%d",tlen); */ + if (tlen) { + dp = (const u_char *)cp + thlen; + /* (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); */ + switch (dp[0]) { + case 1: { + /* Try to sure it is really a ASSOCIATE-RQ (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 >= tlen /* not == because may continue in next packet :( */ + && (unsigned long)(ntohl(EXTRACT_32BITS(dp+2)) + 6) <= 10000 /* arbitrary, but for sanity */ + && ntohl(EXTRACT_32BITS(dp+2)) >= 68 ) { + char msg[17]; + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" ASSOCIATE-RQ"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + (void)printf("\n--DICOM-- \tProtocol Version=%u",ntohs(EXTRACT_16BITS(dp+6))); + strncpy(msg,dp+10,16); msg[16]=0; + (void)printf("\n--DICOM-- \tCalled AE Title=%16s",msg); + strncpy(msg,dp+26,16); msg[16]=0; + (void)printf("\n--DICOM-- \tCalling AE Title=%16s",msg); + print_dicom_associate_pdu(dp+74,tlen-74,1); + } + } + break; + case 2: { + /* Try to sure it is really a ASSOCIATE-AC (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 >= tlen /* not == because may continue in next packet :( */ + && (unsigned long)(ntohl(EXTRACT_32BITS(dp+2)) + 6) <= 10000 /* arbitrary, but for sanity */ + && ntohl(EXTRACT_32BITS(dp+2)) >= 68 ) { + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" ASSOCIATE-AC"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + (void)printf("\n--DICOM-- \tProtocol Version=%u",ntohs(EXTRACT_16BITS(dp+6))); + print_dicom_associate_pdu(dp+74,tlen-74,1); + } + } + break; + case 3: { + /* Try to sure it is really a ASSOCIATE-RJ (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 == tlen + && ntohl(EXTRACT_32BITS(dp+2)) == 4 ) { + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" ASSOCIATE-RJ"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + (void)printf("\n--DICOM-- \tResult=%u (%s)",(u_char)*(dp+7), + (*(dp+7) == 1 ? "permanent" : + (*(dp+7) == 2 ? "transient" : "unrecognized" ) ) ); + (void)printf("\n--DICOM-- \tSource of rejection=%u",(u_char)*(dp+8)); + switch (*(dp+8)) { + case 0: (void)printf(" (user)"); + (void)printf("\n--DICOM-- \tReason=%u",(u_char)*(dp+9)); + switch(*(dp+9)) { + case 1: (void)printf(" (no reason given)"); break; + case 2: (void)printf(" (ACN unsupported)"); break; + case 3: (void)printf(" (Calling AET unrecognized)"); break; + case 7: (void)printf(" (Called AET unrecognized)"); break; + default: (void)printf(" (reserved or unrecognized)"); break; + } + break; + case 1: (void)printf(" (provider - ACSE)"); + (void)printf("\n--DICOM-- \tReason=%u",(u_char)*(dp+9)); + switch(*(dp+9)) { + case 1: (void)printf(" (no reason given)"); break; + case 2: (void)printf(" (protocol version unsupported)"); break; + default: (void)printf(" (reserved or unrecognized)"); break; + } + break; + case 2: (void)printf(" (provider - Presentation)"); + (void)printf("\n--DICOM-- \tReason=%u",(u_char)*(dp+9)); + switch(*(dp+9)) { + case 1: (void)printf(" (temporary congestion)"); break; + case 2: (void)printf(" (local limit exceeded)"); break; + default: (void)printf(" (reserved or unrecognized)"); break; + } + break; + default: (void)printf(" (unrecognized)"); + (void)printf("\n--DICOM-- \tReason=%u",(u_char)*(dp+9)); + break; + } + } + } + break; + case 4: { + /* Try to sure it is really a first P-DATA-TF (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 >= tlen /* not == because may continue in next packet :( */ + && ntohl(EXTRACT_32BITS(dp+6)) + 4 <= ntohl(EXTRACT_32BITS(dp+2)) ) { + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" P-DATA-TF"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + (void)printf("\n--DICOM-- \tFirst PDV Item Length=%lu",ntohl(EXTRACT_32BITS(dp+6))); + (void)printf("\n--DICOM-- \tFirst PDV Pres Ctx ID=%u",(u_char)*(dp+10)); + (void)printf("\n--DICOM-- \tFirst PDV Message Control Header=%02x (%s,%s)", + (u_char)*(dp+11), + (*(dp+11) & 0x01) ? "Command" : "Data", + (*(dp+11) & 0x02) ? "Last" : "Not Last"); + + if (*(dp+11) & 0x01) print_dicom_command_pdv(dp+12,ntohl(EXTRACT_32BITS(dp+6))-1,1); + } + } + break; + case 5: { + /* Try to sure it is really a A-RELEASE-RQ (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 == tlen + && ntohl(EXTRACT_32BITS(dp+2)) == 4 ) { + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" A-RELEASE-RQ"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + } + } + break; + case 6: { + /* Try to sure it is really a A-RELEASE-RP (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 == tlen + && ntohl(EXTRACT_32BITS(dp+2)) == 4 ) { + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" A-RELEASE-RP"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + } + } + break; + case 7: { + /* Try to sure it is really a A-ABORT (and not a later packet + in a P-DATA-TF PDU) by sanity check on lengths */ + if (ntohl(EXTRACT_32BITS(dp+2)) + 6 == tlen + && ntohl(EXTRACT_32BITS(dp+2)) == 4 ) { + (void)printf("\n--DICOM-- PDU Type=0x%02x",dp[0]); + (void)printf(" A-ABORT"); + (void)printf("\n--DICOM-- \tPDU Length=%lu",ntohl(EXTRACT_32BITS(dp+2))); + (void)printf("\n--DICOM-- \tSource of abort=%u (%s)",(u_char)*(dp+8), + (*(dp+8) == 0 ? "user" : + (*(dp+8) == 1 ? "rsvd" : + (*(dp+8) == 2 ? "provider" : "unrecognized" ) ) ) ); + } + } + break; + default: break; + } + } + } + #endif } diff -r -c tcpdump-3.4a5/tcpdump.c tcpdump-3.4a5.dicom/tcpdump.c *** tcpdump-3.4a5/tcpdump.c Fri Jun 13 15:10:44 1997 --- tcpdump-3.4a5.dicom/tcpdump.c Tue Oct 14 17:53:06 1997 *************** *** 1,3 **** --- 1,5 ---- + #define ALWAYSPRINTUNALIGNED + /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. *************** *** 385,406 **** void default_print_unaligned(register const u_char *cp, register u_int length) { ! register u_int i, s; register int nshorts; nshorts = (u_int) length / sizeof(u_short); i = 0; while (--nshorts >= 0) { ! if ((i++ % 8) == 0) ! (void)printf("\n\t\t\t"); ! s = *cp++; ! (void)printf(" %02x%02x", s, *cp++); } if (length & 1) { ! if ((i % 8) == 0) ! (void)printf("\n\t\t\t"); (void)printf(" %02x", *cp); } } /* --- 387,423 ---- void default_print_unaligned(register const u_char *cp, register u_int length) { ! register u_int i, s1, s2; register int nshorts; + char buffer[17]; + char *bp; nshorts = (u_int) length / sizeof(u_short); i = 0; + bp=buffer; + *bp=0; while (--nshorts >= 0) { ! if ((i++ % 8) == 0) { ! (void)printf("\t%s\n\t\t\t",buffer); ! bp=buffer; ! } ! s1 = *cp++; ! s2 = *cp++; ! *bp++=isprint(s1) ? (char)s1 : '.'; ! *bp++=isprint(s2) ? (char)s2 : '.'; ! *bp=0; ! (void)printf(" %02x%02x", s1, s2); } if (length & 1) { ! if ((i % 8) == 0) { ! (void)printf("\t%s\n\t\t\t",buffer); ! bp=buffer; ! } (void)printf(" %02x", *cp); + *bp++=isprint(*cp) ? *cp : '.'; + *bp=0; } + (void)printf("\t%s",buffer); } /* *************** *** 414,420 **** register const u_short *sp; register u_int i; register int nshorts; ! if ((long)bp & 1) { default_print_unaligned(bp, length); return; --- 431,439 ---- register const u_short *sp; register u_int i; register int nshorts; ! #ifdef ALWAYSPRINTUNALIGNED ! default_print_unaligned(bp, length); ! #else if ((long)bp & 1) { default_print_unaligned(bp, length); return; *************** *** 432,437 **** --- 451,457 ---- (void)printf("\n\t\t\t"); (void)printf(" %02x", *(u_char *)sp); } + #endif } __dead void diff -r -c tcpdump-3.4a5/tcpdump.dicom.README tcpdump-3.4a5.dicom/tcpdump.dicom.README *** tcpdump-3.4a5/tcpdump.dicom.README Thu Oct 16 11:56:14 1997 --- tcpdump-3.4a5.dicom/tcpdump.dicom.README Wed Oct 15 17:33:58 1997 *************** *** 0 **** --- 1,311 ---- + 971014 + + Patches to print-ip.c to (always) try to detect DICOM + packets, identify and parse them (to a limited extent). + + This is no substitute for CTN dcm_snoop, but does not rely + on the DICOM FSM to maintain synchronization, and does have + the advantage of all the other tcpdump goodies, as well as + its extreme portability to almost every Unix system. + + No command line option to turn this on or off yet. + + Also made -x (default_print_xx()) dump ascii as well (ugly and + slowdown may cause packet loss) but useful in (tcpdump.c). + + Note that there is no DICOM "protocol identifier" in each TCP/IP + packet ... one has to guess that the packet is the first of + a series of packets that may be written (without IP fragmentation) + as a consequence of having a long DICOM PDU size ... the data + just runs over into the next packet without any DICOM "header". + + Blech. Who missed this one ? + + Anyway, guestimates are made based on the possible PDU Types and + the corresponding sane combinations of lengths to identify + packets. Sometimes this errs and tries to describe a packet + that is a non-first packet of a P-DATA-TF PDU ... this is + usually pretty obvious from the resulting garbage. + + The parsing effort is pretty modest, but helpful, and is easily + extended. So far there is no effort to parse the DICOM dataset + in data (rather than command) PDVs, partly due to reluctance + to deal with the transfer syntax perumtations, although I + guess there aren't that many. + + The DICOM stuff is (mostly) identifiable by the "--DICOM--" + prefix ... the output is interspersed with all the normal + tcpdump output and all the usual tcpdump options still work. + + Note that if the snaplength is too short the parser will get + lost in each packet quickly ... the default is too short + for most commands and the ASSOCIATE-RQ. 1500 is a good value + and works on both Irix 6.2 and Solaris 5.5.1 as far as + I have tested. + + Note that even so, particularly long ASSOCIATE-RQ (and even + ASSOCIATE-AC) will sometimes span two packets, so you will + only see the first packet parsed and then truncated :( + + Nothing can be done about his without trying to preserve + state between packets which may in theory arrive in any + order, which is currently in the too hard category. + + You should be selective about the hosts and or ports on the + command line to reduce the chance of trying to parse non-DICOM + tcp/ip packets (which as mentioned are not identifiable in + any way except by where they go to/come from). + + Of course, you need to be root to run these. + + Examples: + + Capture to file and later dump: + + {c-aw4test}[124] tcpdump -w /tmp/crap -s 8192 host c-aw2 and host gsao-sun1 + ... + ^C + + {c-aw4test}[124] tcpdump -r /tmp/crap -x + ... + + Log to screen (note the detection of the bad C-STORE-RSP command PDV + at then end): + + {c-aw4test}[124] tcpdump -s 8192 host c-aw2 and host gsao-sun1 + tcpdump: listening on le0 + 17:22:31.096265 c-aw2.32893 > gsao-sun1.7002: S 2998972928:2998972928(0) win 8760 (DF) + 17:22:31.097851 gsao-sun1.7002 > c-aw2.32893: S 1829017897:1829017897(0) ack 2998972929 win 8760 (DF) + 17:22:31.098096 c-aw2.32893 > gsao-sun1.7002: . ack 1 win 8760 (DF) + 17:22:31.099385 c-aw2.32893 > gsao-sun1.7002: P 1:907(906) ack 1 win 8760 (DF) + --DICOM-- PDU Type=0x01 ASSOCIATE-RQ + --DICOM-- PDU Length=900 + --DICOM-- Protocol Version=1 + --DICOM-- Called AE Title=gsao-sun1 + --DICOM-- Calling AE Title=c-aw2 + --DICOM-- Item 10 (length 21) Application Context + --DICOM-- Application Context Name=1.2.840.10008.3.1.1.1 + --DICOM-- Item 20 (length 46) Presentation Context (offered) + --DICOM-- Presentation Context ID=1 + --DICOM-- Item 30 (length 17) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.1.1 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 54) Presentation Context (offered) + --DICOM-- Presentation Context ID=3 + --DICOM-- Item 30 (length 25) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.1 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 54) Presentation Context (offered) + --DICOM-- Presentation Context ID=5 + --DICOM-- Item 30 (length 25) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.2 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 54) Presentation Context (offered) + --DICOM-- Presentation Context ID=7 + --DICOM-- Item 30 (length 25) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.4 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 54) Presentation Context (offered) + --DICOM-- Presentation Context ID=9 + --DICOM-- Item 30 (length 25) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.7 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 54) Presentation Context (offered) + --DICOM-- Presentation Context ID=11 + --DICOM-- Item 30 (length 25) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.8 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 57) Presentation Context (offered) + --DICOM-- Presentation Context ID=13 + --DICOM-- Item 30 (length 28) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.12.1 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 57) Presentation Context (offered) + --DICOM-- Presentation Context ID=15 + --DICOM-- Item 30 (length 28) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.12.2 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 58) Presentation Context (offered) + --DICOM-- Presentation Context ID=17 + --DICOM-- Item 30 (length 29) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.481.1 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 58) Presentation Context (offered) + --DICOM-- Presentation Context ID=19 + --DICOM-- Item 30 (length 29) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.481.2 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 58) Presentation Context (offered) + --DICOM-- Presentation Context ID=21 + --DICOM-- Item 30 (length 29) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.481.3 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 58) Presentation Context (offered) + --DICOM-- Presentation Context ID=23 + --DICOM-- Item 30 (length 29) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.481.4 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 20 (length 58) Presentation Context (offered) + --DICOM-- Presentation Context ID=25 + --DICOM-- Item 30 (length 29) Abstract Syntax + --DICOM-- Abstract Syntax Name=1.2.840.10008.5.1.4.1.1.481.5 + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 50 (length 31) User + 17:22:31.116764 gsao-sun1.7002 > c-aw2.32893: P 1:539(538) ack 907 win 8760 (DF) + --DICOM-- PDU Type=0x02 ASSOCIATE-AC + --DICOM-- PDU Length=532 + --DICOM-- Protocol Version=1 + --DICOM-- Item 10 (length 21) Application Context + --DICOM-- Application Context Name=1.2.840.10008.3.1.1.1 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=1 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=3 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=5 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=7 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=9 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=11 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=13 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=15 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=17 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=19 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=21 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=23 + --DICOM-- Result/Reason=3 (Abstract Syntax not supported - provider rejection) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 21 (length 25) Presentation Context (accepted) + --DICOM-- Presentation Context ID=25 + --DICOM-- Result/Reason=0 (acceptance) + --DICOM-- Item 40 (length 17) Transfer Syntax + --DICOM-- Transfer Syntax Name=1.2.840.10008.1.2 + --DICOM-- Item 50 (length 58) User + 17:22:31.159358 c-aw2.32893 > gsao-sun1.7002: . ack 539 win 8760 (DF) + 17:22:31.184429 c-aw2.32893 > gsao-sun1.7002: P 907:1061(154) ack 539 win 8760 (DF) + --DICOM-- PDU Type=0x04 P-DATA-TF + --DICOM-- PDU Length=148 + --DICOM-- First PDV Item Length=144 + --DICOM-- First PDV Pres Ctx ID=7 + --DICOM-- First PDV Message Control Header=03 (Command,Last) ïÿïX + 0000 0000 0400 0000 8200 0000 0000 0200 ................ + 1a00 0000 312e 322e 3834 302e 3130 3030 ....1.2.840.1000 + 382e 352e 312e 342e 312e 312e 3400 0000 8.5.1.4.1.1.4... + 0001 0200 0000 0100 0000 1001 0200 0000 ................ + 0000 0000 0007 0200 0000 0000 0000 0008 ................ + 0200 0000 0000 0000 0010 3000 0000 312e ..........0...1. + 322e 3834 302e 3131 3336 3139 2e32 2e31 2.840.113619.2.1 + 2e31 2e33 3232 3938 3836 3538 2e35 3830 .1.322988658.580 + 2e37 3439 3832 3935 3835 2e31 3335 00 .749829585.135. + --DICOM-- (0000,0000) VL=4 (0x4) Group Length = 130 + --DICOM-- (0000,0002) VL=26 (0x1a) Affected SOP Class UID = <1.2.840.10008.5.1.4.1.1.4> + --DICOM-- (0000,0100) VL=2 (0x2) Command Field = 0x0001 C-STORE-RQ + --DICOM-- (0000,0110) VL=2 (0x2) Message ID = 0 + --DICOM-- (0000,0700) VL=2 (0x2) Priority = 0 + --DICOM-- (0000,0800) VL=2 (0x2) Data Set Type = 0x0000 + --DICOM-- (0000,1000) VL=48 (0x30) Affected SOP Instance UID = <1.2.840.113619.2.1.1.322988658.580.749829585.135> + --DICOM-- Message PDV one byte of trailing padding + 17:22:31.217814 c-aw2.32893 > gsao-sun1.7002: P 1061:2521(1460) ack 539 win 8760 (DF) + --DICOM-- PDU Type=0x04 P-DATA-TF + --DICOM-- PDU Length=16384 + --DICOM-- First PDV Item Length=16380 + --DICOM-- First PDV Pres Ctx ID=7 + --DICOM-- First PDV Message Control Header=00 (Data,Not Last) + 17:22:31.224237 gsao-sun1.7002 > c-aw2.32893: . ack 2521 win 8760 (DF) + 17:22:31.225627 c-aw2.32893 > gsao-sun1.7002: . 2521:3981(1460) ack 539 win 8760 (DF) + 17:22:31.226848 c-aw2.32893 > gsao-sun1.7002: . 3981:5441(1460) ack 539 win 8760 (DF) + 17:22:31.228071 c-aw2.32893 > gsao-sun1.7002: P 5441:6901(1460) ack 539 win 8760 (DF) + 17:22:31.230337 gsao-sun1.7002 > c-aw2.32893: . ack 5441 win 8760 (DF) + 17:22:31.231663 c-aw2.32893 > gsao-sun1.7002: . 6901:8361(1460) ack 539 win 8760 (DF) + 17:22:31.232890 c-aw2.32893 > gsao-sun1.7002: . 8361:9821(1460) ack 539 win 8760 (DF) + 17:22:31.234130 c-aw2.32893 > gsao-sun1.7002: P 9821:11281(1460) ack 539 win 8760 (DF) + 17:22:31.237198 gsao-sun1.7002 > c-aw2.32893: . ack 9821 win 8760 (DF) + 17:22:31.238541 c-aw2.32893 > gsao-sun1.7002: . 11281:12741(1460) ack 539 win 8760 (DF) + 17:22:31.239779 c-aw2.32893 > gsao-sun1.7002: . 12741:14201(1460) ack 539 win 8760 (DF) + 17:22:31.241032 c-aw2.32893 > gsao-sun1.7002: . 14201:15661(1460) ack 539 win 8760 (DF) + 17:22:31.242241 c-aw2.32893 > gsao-sun1.7002: P 15661:17121(1460) ack 539 win 8760 (DF) + 17:22:31.499482 gsao-sun1.7002 > c-aw2.32893: . ack 135101 win 8760 (DF) + 17:22:31.540437 gsao-sun1.7002 > c-aw2.32893: . ack 138861 win 8760 (DF) + 17:22:31.543457 gsao-sun1.7002 > c-aw2.32893: P 539:551(12) ack 138861 win 8760 (DF) + --DICOM-- PDU Type=0x04 P-DATA-TF + --DICOM-- PDU Length=148 + --DICOM-- First PDV Item Length=144 + --DICOM-- First PDV Pres Ctx ID=7 + --DICOM-- First PDV Message Control Header=03 (Command,Last) ïÿïX + 0000 0000 003c 0000 003c 0000 0054 0000 .....<...<...T.. + 0000 3443 f0a7 0008 a8a4 00e0 fea0 9020 ..4C........... + 0800 6908 9e09 0800 4510 0028 c524 4000 ..i.....E..(.$@. + 3c06 d6cc 0346 d003 0346 cc3f 03ff 0201 <....F...F.?.... + 3777 4d5f 72fd 8f4d 5010 ef88 905b 0000 7wM_r..MP....[.. + 61a0 9020 0800 0000 003c 0000 003c 0000 a.. .....<...<.. + 0054 0000 0000 3443 f0a7 0008 fe37 00e0 .T....4C.....7.. + fea0 9020 0800 2080 8d97 0800 4500 0028 ... .. .....E..( + 9353 4000 ff06 4582 0346 d010 0346 cc .S@...E..F...F. + --DICOM-- (0000,0000) VL=15360 (0x3c00) Group Length bad length + 17:22:31.589367 c-aw2.32893 > gsao-sun1.7002: . ack 551 win 8760 (DF) + 17:22:31.590389 gsao-sun1.7002 > c-aw2.32893: P 551:693(142) ack 138861 win 8760 (DF) + 17:22:31.593295 c-aw2.32893 > gsao-sun1.7002: P 138861:138871(10) ack 693 win 8760 (DF) + --DICOM-- PDU Type=0x05 A-RELEASE-RQ + --DICOM-- PDU Length=4 + 17:22:31.594692 gsao-sun1.7002 > c-aw2.32893: P 693:703(10) ack 138871 win 8760 (DF) + --DICOM-- PDU Type=0x06 A-RELEASE-RP + --DICOM-- PDU Length=4 + 17:22:31.595321 c-aw2.32893 > gsao-sun1.7002: F 138871:138871(0) ack 703 win 8760 (DF) + 17:22:31.596113 gsao-sun1.7002 > c-aw2.32893: . ack 138872 win 8760 (DF) + 17:22:31.596923 gsao-sun1.7002 > c-aw2.32893: F 703:703(0) ack 138872 win 8760 (DF) + 17:22:31.597092 c-aw2.32893 > gsao-sun1.7002: . ack 704 win 8760 (DF) Common subdirectories: tcpdump-3.4a5/linux-include/net and tcpdump-3.4a5.dicom/linux-include/net Common subdirectories: tcpdump-3.4a5/linux-include/netinet and tcpdump-3.4a5.dicom/linux-include/netinet Common subdirectories: tcpdump-3.4a5/linux-include/sys and tcpdump-3.4a5.dicom/linux-include/sys