Add --lengths option to print the captured and original packet lengths

fxlb · fxlb · commit 4c5bef9603c8 · 2023-12-26T12:50:38.000Z
The lengths will be printed at the beginning of the line or after the
packet number, if any.

'caplen' is the captured length.
'len' is the original (on wire) length.

Examples
1) With -#n
    1  caplen 80 len 98 14:41:53.503612 IP 192.168.1.11.43966 &gt; [...]
2) With -n
caplen 80 len 98 14:43:38.185603 IP 192.168.1.11.43966 &gt; [...]

Add a test file with one packet not truncated, the other truncated.

[skip ci]
diff --git a/CHANGES b/CHANGES
@@ -21,6 +21,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
     User interface:
       Add optional unit suffix on -C file size.
       Add --print-sampling to print every Nth packet instead of all.
+      Add --lengths option to print the captured and original packet lengths.
     Source code:
       Use %zu when printing a sizeof to squelch compiler warnings
       Remove unused missing/snprintf.c.
diff --git a/netdissect.h b/netdissect.h
@@ -228,6 +228,7 @@ struct netdissect_options {
   jmp_buf ndo_early_end;	/* jmp_buf for setjmp()/longjmp() */
   void *ndo_last_mem_p;		/* pointer to the last allocated memory chunk */
   int ndo_packet_number;	/* print a packet number in the beginning of line */
+  int ndo_lengths;		/* print packet header caplen and len */
   int ndo_print_sampling;	/* print every Nth packet */
   int ndo_suppress_default_print; /* don't use default_print() for unknown packet types */
   int ndo_tstamp_precision;	/* requested time stamp precision */
diff --git a/print.c b/print.c
@@ -329,6 +329,9 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
 	if (ndo->ndo_packet_number)
 		ND_PRINT("%5u  ", packets_captured);
 
+	if (ndo->ndo_lengths)
+		ND_PRINT("caplen %u len %u ", h->caplen, h->len);
+
 	/* Sanity checks on packet length / capture length */
 	if (h->caplen == 0) {
 		invalid_header = 1;
diff --git a/tcpdump.1.in b/tcpdump.1.in
@@ -70,6 +70,10 @@ tcpdump \- dump traffic on a network
 .B \-j
 .I tstamp_type
 ]
+.ti +8
+[
+.BI \-\-lengths
+]
 [
 .B \-m
 .I module
@@ -610,6 +614,13 @@ and another set of data link types when in monitor mode (for example, it
 might support 802.11 headers, or 802.11 headers with radio information,
 only in monitor mode).
 .TP
+.BI \-\-lengths
+Print the captured and original packet lengths.
+The lengths are printed at the beginning of the line or after the packet
+number, if any.
+\fIcaplen\fP is the captured packet length (See \fB-s\fP option).
+\fIlen\fP is the original (on wire) packet length.
+.TP
 .BI \-m " module"
 Load SMI MIB module definitions from file \fImodule\fR.
 This option
diff --git a/tcpdump.c b/tcpdump.c
@@ -705,6 +705,7 @@ show_remote_devices_and_exit(void)
 #define OPTION_FP_TYPE			135
 #define OPTION_COUNT			136
 #define OPTION_PRINT_SAMPLING		137
+#define OPTION_LENGTHS			138
 
 static const struct option longopts[] = {
 #if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
@@ -753,12 +754,13 @@ static const struct option longopts[] = {
 	{ "number", no_argument, NULL, '#' },
 	{ "print", no_argument, NULL, OPTION_PRINT },
 	{ "print-sampling", required_argument, NULL, OPTION_PRINT_SAMPLING },
+	{ "lengths", no_argument, NULL, OPTION_LENGTHS },
 	{ "version", no_argument, NULL, OPTION_VERSION },
 	{ NULL, 0, NULL, 0 }
 };
 
 #ifdef HAVE_PCAP_FINDALLDEVS_EX
-#define LIST_REMOTE_INTERFACES_USAGE "[ --list-remote-interfaces remote-source ]"
+#define LIST_REMOTE_INTERFACES_USAGE " [ --list-remote-interfaces remote-source ]"
 #else
 #define LIST_REMOTE_INTERFACES_USAGE
 #endif
@@ -1990,6 +1992,10 @@ main(int argc, char **argv)
 			ndo->ndo_packet_number = 1;
 			break;
 
+		case OPTION_LENGTHS:
+			ndo->ndo_lengths = 1;
+			break;
+
 		case OPTION_VERSION:
 			print_version(stdout);
 			exit_tcpdump(S_SUCCESS);
@@ -3340,7 +3346,7 @@ print_usage(FILE *f)
 "\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
 #ifdef HAVE_PCAP_FINDALLDEVS_EX
 	(void)fprintf(f,
-"\t\t" LIST_REMOTE_INTERFACES_USAGE "\n");
+"\t\t[ --lengths ]" LIST_REMOTE_INTERFACES_USAGE "\n");
 #endif
 #ifdef USE_LIBSMI
 	(void)fprintf(f,
diff --git a/tests/TESTLIST b/tests/TESTLIST
@@ -347,6 +347,9 @@ dns_tcp_8053-T dns_tcp_8053.pcap dns_tcp_8053-T.out -vv -T domain
 dns_udp_8053 dns_udp_8053.pcap dns_udp_8053.out -vv
 dns_udp_8053-T dns_udp_8053.pcap dns_udp_8053-T.out -vv -T domain
 
+# test with --lengths option
+dns_udp_2--lengths dns_udp_2.pcap dns_udp_2.out --lengths -vv
+
 # DNSSEC from https://bugzilla.redhat.com/show_bug.cgi?id=205842, -vv exposes EDNS DO
 dnssec-vv	dnssec.pcap		dnssec-vv.out		-vv
 
diff --git a/tests/dns_udp_2.out b/tests/dns_udp_2.out
@@ -0,0 +1,4 @@
+    1  caplen 98 len 98 09:37:33.129402 IP (tos 0x0, ttl 64, id 22989, offset 0, flags [none], proto UDP (17), length 84)
+    192.168.1.11.43966 > 209.87.249.18.53: [udp sum ok] 22836+ [1au] A? www.tcpdump.org. ar: . OPT UDPsize=4096 [COOKIE 42f5d00996f90b13] (56)
+    2  caplen 98 len 266 09:37:33.259762 IP (tos 0x0, ttl 128, id 45, offset 0, flags [none], proto UDP (17), length 252)
+    209.87.249.18.53 > 192.168.1.11.43966: 22836*- q: A? www.tcpdump.org. 2/2/5 www.tcpdump.org. A 192.139.46.66, www.tcpdump.org. [|domain]
diff --git a/tests/dns_udp_2.pcap b/tests/dns_udp_2.pcap
