tcpdump-4.7.4/0000755000026300017510000000000012516003262011322 5ustar mcrmcrtcpdump-4.7.4/nfsfh.h0000644000026300017510000000510112431107727012603 0ustar mcrmcr/* * Copyright (c) 1993, 1994 Jeffrey C. Mogul, Digital Equipment Corporation, * Western Research Laboratory. All rights reserved. * Copyright (c) 2001 Compaq Computer Corporation. All rights reserved. * * Permission to use, copy, and modify this software and its * documentation is hereby granted only under the following terms and * conditions. Both the above copyright notice and this permission * notice must appear in all copies of the software, derivative works * or modified versions, and any portions thereof, and both notices * must appear in supporting documentation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * THE SOFTWARE IS PROVIDED "AS IS" AND COMPAQ COMPUTER CORPORATION * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO * EVENT SHALL COMPAQ COMPUTER CORPORATION BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ /* * nfsfh.h - NFS file handle definitions (for portable use) * * Jeffrey C. Mogul * Digital Equipment Corporation * Western Research Laboratory */ /* * Internal representation of dev_t, because different NFS servers * that we might be spying upon use different external representations. */ typedef struct { uint32_t Minor; /* upper case to avoid clashing with macro names */ uint32_t Major; } my_devt; #define dev_eq(a,b) ((a.Minor == b.Minor) && (a.Major == b.Major)) /* * Many file servers now use a large file system ID. This is * our internal representation of that. */ typedef struct { my_devt Fsid_dev; /* XXX avoid name conflict with AIX */ char Opaque_Handle[2 * 32 + 1]; uint32_t fsid_code; } my_fsid; #define fsid_eq(a,b) ((a.fsid_code == b.fsid_code) &&\ dev_eq(a.Fsid_dev, b.Fsid_dev)) extern void Parse_fh(const unsigned char *, int, my_fsid *, uint32_t *, const char **, const char **, int); tcpdump-4.7.4/llc.h0000644000026300017510000000733712431107727012266 0ustar mcrmcr/* * Copyright (c) 1993, 1994, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* * Definitions for information in the LLC header. */ #define LLC_U_FMT 3 #define LLC_GSAP 1 #define LLC_IG 1 /* Individual / Group */ #define LLC_S_FMT 1 #define LLC_U_POLL 0x10 #define LLC_IS_POLL 0x0100 #define LLC_XID_FI 0x81 #define LLC_U_CMD(u) ((u) & 0xef) #define LLC_UI 0x03 #define LLC_UA 0x63 #define LLC_DISC 0x43 #define LLC_DM 0x0f #define LLC_SABME 0x6f #define LLC_TEST 0xe3 #define LLC_XID 0xaf #define LLC_FRMR 0x87 #define LLC_S_CMD(is) (((is) >> 2) & 0x03) #define LLC_RR 0x0001 #define LLC_RNR 0x0005 #define LLC_REJ 0x0009 #define LLC_IS_NR(is) (((is) >> 9) & 0x7f) #define LLC_I_NS(is) (((is) >> 1) & 0x7f) #ifndef LLCSAP_NULL #define LLCSAP_NULL 0x00 #endif #ifndef LLCSAP_GLOBAL #define LLCSAP_GLOBAL 0xff #endif #ifndef LLCSAP_8021B_I #define LLCSAP_8021B_I 0x02 #endif #ifndef LLCSAP_8021B_G #define LLCSAP_8021B_G 0x03 #endif #ifndef LLCSAP_SNA #define LLCSAP_SNA 0x04 #endif #ifndef LLCSAP_IP #define LLCSAP_IP 0x06 #endif #ifndef LLCSAP_PROWAYNM #define LLCSAP_PROWAYNM 0x0e #endif #ifndef LLCSAP_8021D #define LLCSAP_8021D 0x42 #endif #ifndef LLCSAP_RS511 #define LLCSAP_RS511 0x4e #endif #ifndef LLCSAP_ISO8208 #define LLCSAP_ISO8208 0x7e #endif #ifndef LLCSAP_PROWAY #define LLCSAP_PROWAY 0x8e #endif #ifndef LLCSAP_SNAP #define LLCSAP_SNAP 0xaa #endif #ifndef LLCSAP_IPX #define LLCSAP_IPX 0xe0 #endif #ifndef LLCSAP_NETBEUI #define LLCSAP_NETBEUI 0xf0 #endif #ifndef LLCSAP_ISONS #define LLCSAP_ISONS 0xfe #endif /* * PIDs for use with OUI_CISCO. */ #define PID_CISCO_CDP 0x2000 /* Cisco Discovery Protocol */ #define PID_CISCO_VTP 0x2003 /* Cisco VLAN Trunk Protocol */ #define PID_CISCO_DTP 0x2004 /* Cisco Dynamic Trunk Protocol */ #define PID_CISCO_UDLD 0x0111 /* Unidirectional Link Detection */ #define PID_CISCO_PVST 0x010b /* Per VLAN Spanning Tree+ and RPVST+ */ #define PID_CISCO_VLANBRIDGE 0x010c /* "VLAN Bridge", according to Wireshark */ /* * PIDs for use with OUI_RFC2684. */ #define PID_RFC2684_ETH_FCS 0x0001 /* Ethernet, with FCS */ #define PID_RFC2684_ETH_NOFCS 0x0007 /* Ethernet, without FCS */ #define PID_RFC2684_802_4_FCS 0x0002 /* 802.4, with FCS */ #define PID_RFC2684_802_4_NOFCS 0x0008 /* 802.4, without FCS */ #define PID_RFC2684_802_5_FCS 0x0003 /* 802.5, with FCS */ #define PID_RFC2684_802_5_NOFCS 0x0009 /* 802.5, without FCS */ #define PID_RFC2684_FDDI_FCS 0x0004 /* FDDI, with FCS */ #define PID_RFC2684_FDDI_NOFCS 0x000a /* FDDI, without FCS */ #define PID_RFC2684_802_6_FCS 0x0005 /* 802.6, with FCS */ #define PID_RFC2684_802_6_NOFCS 0x000b /* 802.6, without FCS */ #define PID_RFC2684_BPDU 0x000e /* BPDUs */ tcpdump-4.7.4/print-lwres.c0000644000026300017510000003403412431107727013767 0ustar mcrmcr/* * Copyright (C) 2001 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "nameser.h" #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* must come after interface.h */ /* BIND9 lib/lwres/include/lwres */ typedef uint32_t lwres_uint32_t; typedef uint16_t lwres_uint16_t; typedef uint8_t lwres_uint8_t; struct lwres_lwpacket { lwres_uint32_t length; lwres_uint16_t version; lwres_uint16_t pktflags; lwres_uint32_t serial; lwres_uint32_t opcode; lwres_uint32_t result; lwres_uint32_t recvlength; lwres_uint16_t authtype; lwres_uint16_t authlength; }; #define LWRES_LWPACKETFLAG_RESPONSE 0x0001U /* if set, pkt is a response */ #define LWRES_LWPACKETVERSION_0 0 #define LWRES_FLAG_TRUSTNOTREQUIRED 0x00000001U #define LWRES_FLAG_SECUREDATA 0x00000002U /* * no-op */ #define LWRES_OPCODE_NOOP 0x00000000U typedef struct { /* public */ lwres_uint16_t datalength; /* data follows */ } lwres_nooprequest_t; typedef struct { /* public */ lwres_uint16_t datalength; /* data follows */ } lwres_noopresponse_t; /* * get addresses by name */ #define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U typedef struct lwres_addr lwres_addr_t; struct lwres_addr { lwres_uint32_t family; lwres_uint16_t length; /* address folows */ }; typedef struct { /* public */ lwres_uint32_t flags; lwres_uint32_t addrtypes; lwres_uint16_t namelen; /* name follows */ } lwres_gabnrequest_t; typedef struct { /* public */ lwres_uint32_t flags; lwres_uint16_t naliases; lwres_uint16_t naddrs; lwres_uint16_t realnamelen; /* aliases follows */ /* addrs follows */ /* realname follows */ } lwres_gabnresponse_t; /* * get name by address */ #define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U typedef struct { /* public */ lwres_uint32_t flags; lwres_addr_t addr; /* addr body follows */ } lwres_gnbarequest_t; typedef struct { /* public */ lwres_uint32_t flags; lwres_uint16_t naliases; lwres_uint16_t realnamelen; /* aliases follows */ /* realname follows */ } lwres_gnbaresponse_t; /* * get rdata by name */ #define LWRES_OPCODE_GETRDATABYNAME 0x00010003U typedef struct { /* public */ lwres_uint32_t flags; lwres_uint16_t rdclass; lwres_uint16_t rdtype; lwres_uint16_t namelen; /* name follows */ } lwres_grbnrequest_t; typedef struct { /* public */ lwres_uint32_t flags; lwres_uint16_t rdclass; lwres_uint16_t rdtype; lwres_uint32_t ttl; lwres_uint16_t nrdatas; lwres_uint16_t nsigs; /* realname here (len + name) */ /* rdata here (len + name) */ /* signatures here (len + name) */ } lwres_grbnresponse_t; #define LWRDATA_VALIDATED 0x00000001 #define LWRES_ADDRTYPE_V4 0x00000001U /* ipv4 */ #define LWRES_ADDRTYPE_V6 0x00000002U /* ipv6 */ #define LWRES_MAX_ALIASES 16 /* max # of aliases */ #define LWRES_MAX_ADDRS 64 /* max # of addrs */ static const struct tok opcode[] = { { LWRES_OPCODE_NOOP, "noop", }, { LWRES_OPCODE_GETADDRSBYNAME, "getaddrsbyname", }, { LWRES_OPCODE_GETNAMEBYADDR, "getnamebyaddr", }, { LWRES_OPCODE_GETRDATABYNAME, "getrdatabyname", }, { 0, NULL, }, }; /* print-domain.c */ extern const struct tok ns_type2str[]; extern const struct tok ns_class2str[]; static int lwres_printname(netdissect_options *ndo, size_t l, const char *p0) { const char *p; size_t i; p = p0; /* + 1 for terminating \0 */ if (p + l + 1 > (const char *)ndo->ndo_snapend) goto trunc; ND_PRINT((ndo, " ")); for (i = 0; i < l; i++) safeputchar(ndo, *p++); p++; /* skip terminating \0 */ return p - p0; trunc: return -1; } static int lwres_printnamelen(netdissect_options *ndo, const char *p) { uint16_t l; int advance; if (p + 2 > (const char *)ndo->ndo_snapend) goto trunc; l = EXTRACT_16BITS(p); advance = lwres_printname(ndo, l, p + 2); if (advance < 0) goto trunc; return 2 + advance; trunc: return -1; } static int lwres_printbinlen(netdissect_options *ndo, const char *p0) { const char *p; uint16_t l; int i; p = p0; if (p + 2 > (const char *)ndo->ndo_snapend) goto trunc; l = EXTRACT_16BITS(p); if (p + 2 + l > (const char *)ndo->ndo_snapend) goto trunc; p += 2; for (i = 0; i < l; i++) ND_PRINT((ndo, "%02x", *p++)); return p - p0; trunc: return -1; } static int lwres_printaddr(netdissect_options *ndo, lwres_addr_t *ap) { uint16_t l; const char *p; int i; ND_TCHECK(ap->length); l = EXTRACT_16BITS(&ap->length); /* XXX ap points to packed struct */ p = (const char *)&ap->length + sizeof(ap->length); ND_TCHECK2(*p, l); switch (EXTRACT_32BITS(&ap->family)) { case 1: /* IPv4 */ if (l < 4) return -1; ND_PRINT((ndo, " %s", ipaddr_string(ndo, p))); p += sizeof(struct in_addr); break; #ifdef INET6 case 2: /* IPv6 */ if (l < 16) return -1; ND_PRINT((ndo, " %s", ip6addr_string(ndo, p))); p += sizeof(struct in6_addr); break; #endif default: ND_PRINT((ndo, " %u/", EXTRACT_32BITS(&ap->family))); for (i = 0; i < l; i++) ND_PRINT((ndo, "%02x", *p++)); } return p - (const char *)ap; trunc: return -1; } void lwres_print(netdissect_options *ndo, register const u_char *bp, u_int length) { const struct lwres_lwpacket *np; uint32_t v; const char *s; int response; int advance; int unsupported = 0; np = (const struct lwres_lwpacket *)bp; ND_TCHECK(np->authlength); ND_PRINT((ndo, " lwres")); v = EXTRACT_16BITS(&np->version); if (ndo->ndo_vflag || v != LWRES_LWPACKETVERSION_0) ND_PRINT((ndo, " v%u", v)); if (v != LWRES_LWPACKETVERSION_0) { s = (const char *)np + EXTRACT_32BITS(&np->length); goto tail; } response = EXTRACT_16BITS(&np->pktflags) & LWRES_LWPACKETFLAG_RESPONSE; /* opcode and pktflags */ v = EXTRACT_32BITS(&np->opcode); s = tok2str(opcode, "#0x%x", v); ND_PRINT((ndo, " %s%s", s, response ? "" : "?")); /* pktflags */ v = EXTRACT_16BITS(&np->pktflags); if (v & ~LWRES_LWPACKETFLAG_RESPONSE) ND_PRINT((ndo, "[0x%x]", v)); if (ndo->ndo_vflag > 1) { ND_PRINT((ndo, " (")); /*)*/ ND_PRINT((ndo, "serial:0x%x", EXTRACT_32BITS(&np->serial))); ND_PRINT((ndo, " result:0x%x", EXTRACT_32BITS(&np->result))); ND_PRINT((ndo, " recvlen:%u", EXTRACT_32BITS(&np->recvlength))); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " authtype:0x%x", EXTRACT_16BITS(&np->authtype))); ND_PRINT((ndo, " authlen:%u", EXTRACT_16BITS(&np->authlength))); } /*(*/ ND_PRINT((ndo, ")")); } /* per-opcode content */ if (!response) { /* * queries */ lwres_gabnrequest_t *gabn; lwres_gnbarequest_t *gnba; lwres_grbnrequest_t *grbn; uint32_t l; gabn = NULL; gnba = NULL; grbn = NULL; switch (EXTRACT_32BITS(&np->opcode)) { case LWRES_OPCODE_NOOP: break; case LWRES_OPCODE_GETADDRSBYNAME: gabn = (lwres_gabnrequest_t *)(np + 1); ND_TCHECK(gabn->namelen); /* XXX gabn points to packed struct */ s = (const char *)&gabn->namelen + sizeof(gabn->namelen); l = EXTRACT_16BITS(&gabn->namelen); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " flags:0x%x", EXTRACT_32BITS(&gabn->flags))); } v = EXTRACT_32BITS(&gabn->addrtypes); switch (v & (LWRES_ADDRTYPE_V4 | LWRES_ADDRTYPE_V6)) { case LWRES_ADDRTYPE_V4: ND_PRINT((ndo, " IPv4")); break; case LWRES_ADDRTYPE_V6: ND_PRINT((ndo, " IPv6")); break; case LWRES_ADDRTYPE_V4 | LWRES_ADDRTYPE_V6: ND_PRINT((ndo, " IPv4/6")); break; } if (v & ~(LWRES_ADDRTYPE_V4 | LWRES_ADDRTYPE_V6)) ND_PRINT((ndo, "[0x%x]", v)); advance = lwres_printname(ndo, l, s); if (advance < 0) goto trunc; s += advance; break; case LWRES_OPCODE_GETNAMEBYADDR: gnba = (lwres_gnbarequest_t *)(np + 1); ND_TCHECK(gnba->addr); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " flags:0x%x", EXTRACT_32BITS(&gnba->flags))); } s = (const char *)&gnba->addr; advance = lwres_printaddr(ndo, &gnba->addr); if (advance < 0) goto trunc; s += advance; break; case LWRES_OPCODE_GETRDATABYNAME: /* XXX no trace, not tested */ grbn = (lwres_grbnrequest_t *)(np + 1); ND_TCHECK(grbn->namelen); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " flags:0x%x", EXTRACT_32BITS(&grbn->flags))); } ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", EXTRACT_16BITS(&grbn->rdtype)))); if (EXTRACT_16BITS(&grbn->rdclass) != C_IN) { ND_PRINT((ndo, " %s", tok2str(ns_class2str, "Class%d", EXTRACT_16BITS(&grbn->rdclass)))); } /* XXX grbn points to packed struct */ s = (const char *)&grbn->namelen + sizeof(grbn->namelen); l = EXTRACT_16BITS(&grbn->namelen); advance = lwres_printname(ndo, l, s); if (advance < 0) goto trunc; s += advance; break; default: unsupported++; break; } } else { /* * responses */ lwres_gabnresponse_t *gabn; lwres_gnbaresponse_t *gnba; lwres_grbnresponse_t *grbn; uint32_t l, na; uint32_t i; gabn = NULL; gnba = NULL; grbn = NULL; switch (EXTRACT_32BITS(&np->opcode)) { case LWRES_OPCODE_NOOP: break; case LWRES_OPCODE_GETADDRSBYNAME: gabn = (lwres_gabnresponse_t *)(np + 1); ND_TCHECK(gabn->realnamelen); /* XXX gabn points to packed struct */ s = (const char *)&gabn->realnamelen + sizeof(gabn->realnamelen); l = EXTRACT_16BITS(&gabn->realnamelen); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " flags:0x%x", EXTRACT_32BITS(&gabn->flags))); } ND_PRINT((ndo, " %u/%u", EXTRACT_16BITS(&gabn->naliases), EXTRACT_16BITS(&gabn->naddrs))); advance = lwres_printname(ndo, l, s); if (advance < 0) goto trunc; s += advance; /* aliases */ na = EXTRACT_16BITS(&gabn->naliases); for (i = 0; i < na; i++) { advance = lwres_printnamelen(ndo, s); if (advance < 0) goto trunc; s += advance; } /* addrs */ na = EXTRACT_16BITS(&gabn->naddrs); for (i = 0; i < na; i++) { advance = lwres_printaddr(ndo, (lwres_addr_t *)s); if (advance < 0) goto trunc; s += advance; } break; case LWRES_OPCODE_GETNAMEBYADDR: gnba = (lwres_gnbaresponse_t *)(np + 1); ND_TCHECK(gnba->realnamelen); /* XXX gnba points to packed struct */ s = (const char *)&gnba->realnamelen + sizeof(gnba->realnamelen); l = EXTRACT_16BITS(&gnba->realnamelen); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " flags:0x%x", EXTRACT_32BITS(&gnba->flags))); } ND_PRINT((ndo, " %u", EXTRACT_16BITS(&gnba->naliases))); advance = lwres_printname(ndo, l, s); if (advance < 0) goto trunc; s += advance; /* aliases */ na = EXTRACT_16BITS(&gnba->naliases); for (i = 0; i < na; i++) { advance = lwres_printnamelen(ndo, s); if (advance < 0) goto trunc; s += advance; } break; case LWRES_OPCODE_GETRDATABYNAME: /* XXX no trace, not tested */ grbn = (lwres_grbnresponse_t *)(np + 1); ND_TCHECK(grbn->nsigs); /* BIND910: not used */ if (ndo->ndo_vflag > 2) { ND_PRINT((ndo, " flags:0x%x", EXTRACT_32BITS(&grbn->flags))); } ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", EXTRACT_16BITS(&grbn->rdtype)))); if (EXTRACT_16BITS(&grbn->rdclass) != C_IN) { ND_PRINT((ndo, " %s", tok2str(ns_class2str, "Class%d", EXTRACT_16BITS(&grbn->rdclass)))); } ND_PRINT((ndo, " TTL ")); relts_print(ndo, EXTRACT_32BITS(&grbn->ttl)); ND_PRINT((ndo, " %u/%u", EXTRACT_16BITS(&grbn->nrdatas), EXTRACT_16BITS(&grbn->nsigs))); /* XXX grbn points to packed struct */ s = (const char *)&grbn->nsigs+ sizeof(grbn->nsigs); advance = lwres_printnamelen(ndo, s); if (advance < 0) goto trunc; s += advance; /* rdatas */ na = EXTRACT_16BITS(&grbn->nrdatas); for (i = 0; i < na; i++) { /* XXX should decode resource data */ advance = lwres_printbinlen(ndo, s); if (advance < 0) goto trunc; s += advance; } /* sigs */ na = EXTRACT_16BITS(&grbn->nsigs); for (i = 0; i < na; i++) { /* XXX how should we print it? */ advance = lwres_printbinlen(ndo, s); if (advance < 0) goto trunc; s += advance; } break; default: unsupported++; break; } } tail: /* length mismatch */ if (EXTRACT_32BITS(&np->length) != length) { ND_PRINT((ndo, " [len: %u != %u]", EXTRACT_32BITS(&np->length), length)); } if (!unsupported && s < (const char *)np + EXTRACT_32BITS(&np->length)) ND_PRINT((ndo, "[extra]")); return; trunc: ND_PRINT((ndo, "[|lwres]")); } tcpdump-4.7.4/l2vpn.h0000644000026300017510000000133612431107727012546 0ustar mcrmcr/* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * Original code by Hannes Gredler (hannes@juniper.net) */ extern const struct tok l2vpn_encaps_values[]; tcpdump-4.7.4/Makefile-devel-adds0000644000026300017510000000114612431107727015001 0ustar mcrmcr# # Auto-regenerate configure script or Makefile when things change. # From autoconf.info . Works best with GNU Make. # ${srcdir}/configure: configure.in aclocal.m4 cd ${srcdir} && autoconf # autoheader might not change config.h.in, so touch a stamp file. ${srcdir}/config.h.in: ${srcdir}/stamp-h.in ${srcdir}/stamp-h.in: configure.in aclocal.m4 cd ${srcdir} && autoheader echo timestamp > ${srcdir}/stamp-h.in config.h: stamp-h stamp-h: ${srcdir}/config.h.in config.status ./config.status Makefile: Makefile.in config.status ./config.status config.status: ${srcdir}/configure ./config.status --recheck tcpdump-4.7.4/print-m3ua.c0000644000026300017510000002563112431107727013503 0ustar mcrmcr/* Copyright (c) 2013, The TCPDUMP project * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" static const char tstr[] = " [|m3ua]"; static const char cstr[] = " (corrupt)"; /* RFC 4666 */ #define M3UA_REL_1_0 1 struct m3ua_common_header { uint8_t v; uint8_t reserved; uint8_t msg_class; uint8_t msg_type; uint32_t len; }; struct m3ua_param_header { uint16_t tag; uint16_t len; }; /* message classes */ #define M3UA_MSGC_MGMT 0 #define M3UA_MSGC_TRANSFER 1 #define M3UA_MSGC_SSNM 2 #define M3UA_MSGC_ASPSM 3 #define M3UA_MSGC_ASPTM 4 /* reserved values */ #define M3UA_MSGC_RKM 9 static const struct tok MessageClasses[] = { { M3UA_MSGC_MGMT, "Management" }, { M3UA_MSGC_TRANSFER, "Transfer" }, { M3UA_MSGC_SSNM, "SS7" }, { M3UA_MSGC_ASPSM, "ASP" }, { M3UA_MSGC_ASPTM, "ASP" }, { M3UA_MSGC_RKM, "Routing Key Managment" }, { 0, NULL } }; /* management messages */ #define M3UA_MGMT_ERROR 0 #define M3UA_MGMT_NOTIFY 1 static const struct tok MgmtMessages[] = { { M3UA_MGMT_ERROR, "Error" }, { M3UA_MGMT_NOTIFY, "Notify" }, { 0, NULL } }; /* transfer messages */ #define M3UA_TRANSFER_DATA 1 static const struct tok TransferMessages[] = { { M3UA_TRANSFER_DATA, "Data" }, { 0, NULL } }; /* SS7 Signaling Network Management messages */ #define M3UA_SSNM_DUNA 1 #define M3UA_SSNM_DAVA 2 #define M3UA_SSNM_DAUD 3 #define M3UA_SSNM_SCON 4 #define M3UA_SSNM_DUPU 5 #define M3UA_SSNM_DRST 6 static const struct tok SS7Messages[] = { { M3UA_SSNM_DUNA, "Destination Unavailable" }, { M3UA_SSNM_DAVA, "Destination Available" }, { M3UA_SSNM_DAUD, "Destination State Audit" }, { M3UA_SSNM_SCON, "Signalling Congestion" }, { M3UA_SSNM_DUPU, "Destination User Part Unavailable" }, { M3UA_SSNM_DRST, "Destination Restricted" }, { 0, NULL } }; /* ASP State Maintenance messages */ #define M3UA_ASP_UP 1 #define M3UA_ASP_DN 2 #define M3UA_ASP_BEAT 3 #define M3UA_ASP_UP_ACK 4 #define M3UA_ASP_DN_ACK 5 #define M3UA_ASP_BEAT_ACK 6 static const struct tok ASPStateMessages[] = { { M3UA_ASP_UP, "Up" }, { M3UA_ASP_DN, "Down" }, { M3UA_ASP_BEAT, "Heartbeat" }, { M3UA_ASP_UP_ACK, "Up Acknowledgement" }, { M3UA_ASP_DN_ACK, "Down Acknowledgement" }, { M3UA_ASP_BEAT_ACK, "Heartbeat Acknowledgement" }, { 0, NULL } }; /* ASP Traffic Maintenance messages */ #define M3UA_ASP_AC 1 #define M3UA_ASP_IA 2 #define M3UA_ASP_AC_ACK 3 #define M3UA_ASP_IA_ACK 4 static const struct tok ASPTrafficMessages[] = { { M3UA_ASP_AC, "Active" }, { M3UA_ASP_IA, "Inactive" }, { M3UA_ASP_AC_ACK, "Active Acknowledgement" }, { M3UA_ASP_IA_ACK, "Inactive Acknowledgement" }, { 0, NULL } }; /* Routing Key Management messages */ #define M3UA_RKM_REQ 1 #define M3UA_RKM_RSP 2 #define M3UA_RKM_DEREQ 3 #define M3UA_RKM_DERSP 4 static const struct tok RoutingKeyMgmtMessages[] = { { M3UA_RKM_REQ, "Registration Request" }, { M3UA_RKM_RSP, "Registration Response" }, { M3UA_RKM_DEREQ, "Deregistration Request" }, { M3UA_RKM_DERSP, "Deregistration Response" }, { 0, NULL } }; /* M3UA Parameters */ #define M3UA_PARAM_INFO 0x0004 #define M3UA_PARAM_ROUTING_CTX 0x0006 #define M3UA_PARAM_DIAGNOSTIC 0x0007 #define M3UA_PARAM_HB_DATA 0x0009 #define M3UA_PARAM_TRAFFIC_MODE_TYPE 0x000b #define M3UA_PARAM_ERROR_CODE 0x000c #define M3UA_PARAM_STATUS 0x000d #define M3UA_PARAM_ASP_ID 0x0011 #define M3UA_PARAM_AFFECTED_POINT_CODE 0x0012 #define M3UA_PARAM_CORR_ID 0x0013 #define M3UA_PARAM_NETWORK_APPEARANCE 0x0200 #define M3UA_PARAM_USER 0x0204 #define M3UA_PARAM_CONGESTION_INDICATION 0x0205 #define M3UA_PARAM_CONCERNED_DST 0x0206 #define M3UA_PARAM_ROUTING_KEY 0x0207 #define M3UA_PARAM_REG_RESULT 0x0208 #define M3UA_PARAM_DEREG_RESULT 0x0209 #define M3UA_PARAM_LOCAL_ROUTING_KEY_ID 0x020a #define M3UA_PARAM_DST_POINT_CODE 0x020b #define M3UA_PARAM_SI 0x020c #define M3UA_PARAM_ORIGIN_POINT_CODE_LIST 0x020e #define M3UA_PARAM_PROTO_DATA 0x0210 #define M3UA_PARAM_REG_STATUS 0x0212 #define M3UA_PARAM_DEREG_STATUS 0x0213 static const struct tok ParamName[] = { { M3UA_PARAM_INFO, "INFO String" }, { M3UA_PARAM_ROUTING_CTX, "Routing Context" }, { M3UA_PARAM_DIAGNOSTIC, "Diagnostic Info" }, { M3UA_PARAM_HB_DATA, "Heartbeat Data" }, { M3UA_PARAM_TRAFFIC_MODE_TYPE, "Traffic Mode Type" }, { M3UA_PARAM_ERROR_CODE, "Error Code" }, { M3UA_PARAM_STATUS, "Status" }, { M3UA_PARAM_ASP_ID, "ASP Identifier" }, { M3UA_PARAM_AFFECTED_POINT_CODE, "Affected Point Code" }, { M3UA_PARAM_CORR_ID, "Correlation ID" }, { M3UA_PARAM_NETWORK_APPEARANCE, "Network Appearance" }, { M3UA_PARAM_USER, "User/Cause" }, { M3UA_PARAM_CONGESTION_INDICATION, "Congestion Indications" }, { M3UA_PARAM_CONCERNED_DST, "Concerned Destination" }, { M3UA_PARAM_ROUTING_KEY, "Routing Key" }, { M3UA_PARAM_REG_RESULT, "Registration Result" }, { M3UA_PARAM_DEREG_RESULT, "Deregistration Result" }, { M3UA_PARAM_LOCAL_ROUTING_KEY_ID, "Local Routing Key Identifier" }, { M3UA_PARAM_DST_POINT_CODE, "Destination Point Code" }, { M3UA_PARAM_SI, "Service Indicators" }, { M3UA_PARAM_ORIGIN_POINT_CODE_LIST, "Originating Point Code List" }, { M3UA_PARAM_PROTO_DATA, "Protocol Data" }, { M3UA_PARAM_REG_STATUS, "Registration Status" }, { M3UA_PARAM_DEREG_STATUS, "Deregistration Status" }, { 0, NULL } }; static void tag_value_print(netdissect_options *ndo, const u_char *buf, const uint16_t tag, const uint16_t size) { switch (tag) { case M3UA_PARAM_NETWORK_APPEARANCE: case M3UA_PARAM_ROUTING_CTX: case M3UA_PARAM_CORR_ID: /* buf and size don't include the header */ if (size < 4) goto corrupt; ND_TCHECK2(*buf, size); ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(buf))); break; /* ... */ default: ND_PRINT((ndo, "(length %u)", size + (u_int)sizeof(struct m3ua_param_header))); ND_TCHECK2(*buf, size); } return; corrupt: ND_PRINT((ndo, "%s", cstr)); ND_TCHECK2(*buf, size); return; trunc: ND_PRINT((ndo, "%s", tstr)); } /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Parameter Tag | Parameter Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * \ \ * / Parameter Value / * \ \ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ static void m3ua_tags_print(netdissect_options *ndo, const u_char *buf, const u_int size) { const u_char *p = buf; int align; uint16_t hdr_tag; uint16_t hdr_len; while (p < buf + size) { if (p + sizeof(struct m3ua_param_header) > buf + size) goto corrupt; ND_TCHECK2(*p, sizeof(struct m3ua_param_header)); /* Parameter Tag */ hdr_tag = EXTRACT_16BITS(p); ND_PRINT((ndo, "\n\t\t\t%s: ", tok2str(ParamName, "Unknown Parameter (0x%04x)", hdr_tag))); /* Parameter Length */ hdr_len = EXTRACT_16BITS(p + 2); if (hdr_len < sizeof(struct m3ua_param_header)) goto corrupt; /* Parameter Value */ align = (p + hdr_len - buf) % 4; align = align ? 4 - align : 0; ND_TCHECK2(*p, hdr_len + align); tag_value_print(ndo, p, hdr_tag, hdr_len - sizeof(struct m3ua_param_header)); p += hdr_len + align; } return; corrupt: ND_PRINT((ndo, "%s", cstr)); ND_TCHECK2(*buf, size); return; trunc: ND_PRINT((ndo, "%s", tstr)); } /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Version | Reserved | Message Class | Message Type | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Message Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * \ \ * / / */ void m3ua_print(netdissect_options *ndo, const u_char *buf, const u_int size) { const struct m3ua_common_header *hdr = (const struct m3ua_common_header *) buf; const struct tok *dict; /* size includes the header */ if (size < sizeof(struct m3ua_common_header)) goto corrupt; ND_TCHECK(*hdr); if (hdr->v != M3UA_REL_1_0) return; dict = hdr->msg_class == M3UA_MSGC_MGMT ? MgmtMessages : hdr->msg_class == M3UA_MSGC_TRANSFER ? TransferMessages : hdr->msg_class == M3UA_MSGC_SSNM ? SS7Messages : hdr->msg_class == M3UA_MSGC_ASPSM ? ASPStateMessages : hdr->msg_class == M3UA_MSGC_ASPTM ? ASPTrafficMessages : hdr->msg_class == M3UA_MSGC_RKM ? RoutingKeyMgmtMessages : NULL; ND_PRINT((ndo, "\n\t\t%s", tok2str(MessageClasses, "Unknown message class %i", hdr->msg_class))); if (dict != NULL) ND_PRINT((ndo, " %s Message", tok2str(dict, "Unknown (0x%02x)", hdr->msg_type))); if (size != EXTRACT_32BITS(&hdr->len)) ND_PRINT((ndo, "\n\t\t\t@@@@@@ Corrupted length %u of message @@@@@@", EXTRACT_32BITS(&hdr->len))); else m3ua_tags_print(ndo, buf + sizeof(struct m3ua_common_header), EXTRACT_32BITS(&hdr->len) - sizeof(struct m3ua_common_header)); return; corrupt: ND_PRINT((ndo, "%s", cstr)); ND_TCHECK2(*buf, size); return; trunc: ND_PRINT((ndo, "%s", tstr)); } tcpdump-4.7.4/af.h0000644000026300017510000000342312431107727012072 0ustar mcrmcr/* * Copyright (c) 1998-2006 The TCPDUMP project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * Original code by Hannes Gredler (hannes@juniper.net) */ extern const struct tok af_values[]; extern const struct tok bsd_af_values[]; /* RFC1700 address family numbers */ #define AFNUM_INET 1 #define AFNUM_INET6 2 #define AFNUM_NSAP 3 #define AFNUM_HDLC 4 #define AFNUM_BBN1822 5 #define AFNUM_802 6 #define AFNUM_E163 7 #define AFNUM_E164 8 #define AFNUM_F69 9 #define AFNUM_X121 10 #define AFNUM_IPX 11 #define AFNUM_ATALK 12 #define AFNUM_DECNET 13 #define AFNUM_BANYAN 14 #define AFNUM_E164NSAP 15 #define AFNUM_VPLS 25 /* draft-kompella-ppvpn-l2vpn */ #define AFNUM_L2VPN 196 /* still to be approved by IANA */ /* * BSD AF_ values. * * Unfortunately, the BSDs don't all use the same value for AF_INET6, * so, because we want to be able to read captures from all of the BSDs, * we check for all of them. */ #define BSD_AFNUM_INET 2 #define BSD_AFNUM_NS 6 /* XEROX NS protocols */ #define BSD_AFNUM_ISO 7 #define BSD_AFNUM_APPLETALK 16 #define BSD_AFNUM_IPX 23 #define BSD_AFNUM_INET6_BSD 24 /* OpenBSD (and probably NetBSD), BSD/OS */ #define BSD_AFNUM_INET6_FREEBSD 28 #define BSD_AFNUM_INET6_DARWIN 30 tcpdump-4.7.4/print-icmp6.c0000644000026300017510000016703512477367525013677 0ustar mcrmcr/* * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #ifdef INET6 #include #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "ip6.h" #include "ipproto.h" #include "udp.h" #include "ah.h" /* NetBSD: icmp6.h,v 1.13 2000/08/03 16:30:37 itojun Exp */ /* $KAME: icmp6.h,v 1.22 2000/08/03 15:25:16 jinmei Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ struct icmp6_hdr { uint8_t icmp6_type; /* type field */ uint8_t icmp6_code; /* code field */ uint16_t icmp6_cksum; /* checksum field */ union { uint32_t icmp6_un_data32[1]; /* type-specific field */ uint16_t icmp6_un_data16[2]; /* type-specific field */ uint8_t icmp6_un_data8[4]; /* type-specific field */ } icmp6_dataun; }; #define icmp6_data32 icmp6_dataun.icmp6_un_data32 #define icmp6_data16 icmp6_dataun.icmp6_un_data16 #define icmp6_data8 icmp6_dataun.icmp6_un_data8 #define icmp6_pptr icmp6_data32[0] /* parameter prob */ #define icmp6_mtu icmp6_data32[0] /* packet too big */ #define icmp6_id icmp6_data16[0] /* echo request/reply */ #define icmp6_seq icmp6_data16[1] /* echo request/reply */ #define icmp6_maxdelay icmp6_data16[0] /* mcast group membership */ #define ICMP6_DST_UNREACH 1 /* dest unreachable, codes: */ #define ICMP6_PACKET_TOO_BIG 2 /* packet too big */ #define ICMP6_TIME_EXCEEDED 3 /* time exceeded, code: */ #define ICMP6_PARAM_PROB 4 /* ip6 header bad */ #define ICMP6_ECHO_REQUEST 128 /* echo service */ #define ICMP6_ECHO_REPLY 129 /* echo reply */ #define ICMP6_MEMBERSHIP_QUERY 130 /* group membership query */ #define MLD6_LISTENER_QUERY 130 /* multicast listener query */ #define ICMP6_MEMBERSHIP_REPORT 131 /* group membership report */ #define MLD6_LISTENER_REPORT 131 /* multicast listener report */ #define ICMP6_MEMBERSHIP_REDUCTION 132 /* group membership termination */ #define MLD6_LISTENER_DONE 132 /* multicast listener done */ #define ND_ROUTER_SOLICIT 133 /* router solicitation */ #define ND_ROUTER_ADVERT 134 /* router advertisement */ #define ND_NEIGHBOR_SOLICIT 135 /* neighbor solicitation */ #define ND_NEIGHBOR_ADVERT 136 /* neighbor advertisement */ #define ND_REDIRECT 137 /* redirect */ #define ICMP6_ROUTER_RENUMBERING 138 /* router renumbering */ #define ICMP6_WRUREQUEST 139 /* who are you request */ #define ICMP6_WRUREPLY 140 /* who are you reply */ #define ICMP6_FQDN_QUERY 139 /* FQDN query */ #define ICMP6_FQDN_REPLY 140 /* FQDN reply */ #define ICMP6_NI_QUERY 139 /* node information request */ #define ICMP6_NI_REPLY 140 /* node information reply */ #define IND_SOLICIT 141 /* inverse neighbor solicitation */ #define IND_ADVERT 142 /* inverse neighbor advertisement */ #define ICMP6_V2_MEMBERSHIP_REPORT 143 /* v2 membership report */ #define MLDV2_LISTENER_REPORT 143 /* v2 multicast listener report */ #define ICMP6_HADISCOV_REQUEST 144 #define ICMP6_HADISCOV_REPLY 145 #define ICMP6_MOBILEPREFIX_SOLICIT 146 #define ICMP6_MOBILEPREFIX_ADVERT 147 #define MLD6_MTRACE_RESP 200 /* mtrace response(to sender) */ #define MLD6_MTRACE 201 /* mtrace messages */ #define ICMP6_MAXTYPE 201 #define ICMP6_DST_UNREACH_NOROUTE 0 /* no route to destination */ #define ICMP6_DST_UNREACH_ADMIN 1 /* administratively prohibited */ #define ICMP6_DST_UNREACH_NOTNEIGHBOR 2 /* not a neighbor(obsolete) */ #define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */ #define ICMP6_DST_UNREACH_ADDR 3 /* address unreachable */ #define ICMP6_DST_UNREACH_NOPORT 4 /* port unreachable */ #define ICMP6_TIME_EXCEED_TRANSIT 0 /* ttl==0 in transit */ #define ICMP6_TIME_EXCEED_REASSEMBLY 1 /* ttl==0 in reass */ #define ICMP6_PARAMPROB_HEADER 0 /* erroneous header field */ #define ICMP6_PARAMPROB_NEXTHEADER 1 /* unrecognized next header */ #define ICMP6_PARAMPROB_OPTION 2 /* unrecognized option */ #define ICMP6_INFOMSG_MASK 0x80 /* all informational messages */ #define ICMP6_NI_SUBJ_IPV6 0 /* Query Subject is an IPv6 address */ #define ICMP6_NI_SUBJ_FQDN 1 /* Query Subject is a Domain name */ #define ICMP6_NI_SUBJ_IPV4 2 /* Query Subject is an IPv4 address */ #define ICMP6_NI_SUCCESS 0 /* node information successful reply */ #define ICMP6_NI_REFUSED 1 /* node information request is refused */ #define ICMP6_NI_UNKNOWN 2 /* unknown Qtype */ #define ICMP6_ROUTER_RENUMBERING_COMMAND 0 /* rr command */ #define ICMP6_ROUTER_RENUMBERING_RESULT 1 /* rr result */ #define ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET 255 /* rr seq num reset */ /* Used in kernel only */ #define ND_REDIRECT_ONLINK 0 /* redirect to an on-link node */ #define ND_REDIRECT_ROUTER 1 /* redirect to a better router */ /* * Multicast Listener Discovery */ struct mld6_hdr { struct icmp6_hdr mld6_hdr; struct in6_addr mld6_addr; /* multicast address */ }; #define mld6_type mld6_hdr.icmp6_type #define mld6_code mld6_hdr.icmp6_code #define mld6_cksum mld6_hdr.icmp6_cksum #define mld6_maxdelay mld6_hdr.icmp6_data16[0] #define mld6_reserved mld6_hdr.icmp6_data16[1] #define MLD_MINLEN 24 #define MLDV2_MINLEN 28 /* * Neighbor Discovery */ struct nd_router_solicit { /* router solicitation */ struct icmp6_hdr nd_rs_hdr; /* could be followed by options */ }; #define nd_rs_type nd_rs_hdr.icmp6_type #define nd_rs_code nd_rs_hdr.icmp6_code #define nd_rs_cksum nd_rs_hdr.icmp6_cksum #define nd_rs_reserved nd_rs_hdr.icmp6_data32[0] struct nd_router_advert { /* router advertisement */ struct icmp6_hdr nd_ra_hdr; uint32_t nd_ra_reachable; /* reachable time */ uint32_t nd_ra_retransmit; /* retransmit timer */ /* could be followed by options */ }; #define nd_ra_type nd_ra_hdr.icmp6_type #define nd_ra_code nd_ra_hdr.icmp6_code #define nd_ra_cksum nd_ra_hdr.icmp6_cksum #define nd_ra_curhoplimit nd_ra_hdr.icmp6_data8[0] #define nd_ra_flags_reserved nd_ra_hdr.icmp6_data8[1] #define ND_RA_FLAG_MANAGED 0x80 #define ND_RA_FLAG_OTHER 0x40 #define ND_RA_FLAG_HOME_AGENT 0x20 /* * Router preference values based on draft-draves-ipngwg-router-selection-01. * These are non-standard definitions. */ #define ND_RA_FLAG_RTPREF_MASK 0x18 /* 00011000 */ #define ND_RA_FLAG_RTPREF_HIGH 0x08 /* 00001000 */ #define ND_RA_FLAG_RTPREF_MEDIUM 0x00 /* 00000000 */ #define ND_RA_FLAG_RTPREF_LOW 0x18 /* 00011000 */ #define ND_RA_FLAG_RTPREF_RSV 0x10 /* 00010000 */ #define nd_ra_router_lifetime nd_ra_hdr.icmp6_data16[1] struct nd_neighbor_solicit { /* neighbor solicitation */ struct icmp6_hdr nd_ns_hdr; struct in6_addr nd_ns_target; /*target address */ /* could be followed by options */ }; #define nd_ns_type nd_ns_hdr.icmp6_type #define nd_ns_code nd_ns_hdr.icmp6_code #define nd_ns_cksum nd_ns_hdr.icmp6_cksum #define nd_ns_reserved nd_ns_hdr.icmp6_data32[0] struct nd_neighbor_advert { /* neighbor advertisement */ struct icmp6_hdr nd_na_hdr; struct in6_addr nd_na_target; /* target address */ /* could be followed by options */ }; #define nd_na_type nd_na_hdr.icmp6_type #define nd_na_code nd_na_hdr.icmp6_code #define nd_na_cksum nd_na_hdr.icmp6_cksum #define nd_na_flags_reserved nd_na_hdr.icmp6_data32[0] #define ND_NA_FLAG_ROUTER 0x80000000 #define ND_NA_FLAG_SOLICITED 0x40000000 #define ND_NA_FLAG_OVERRIDE 0x20000000 struct nd_redirect { /* redirect */ struct icmp6_hdr nd_rd_hdr; struct in6_addr nd_rd_target; /* target address */ struct in6_addr nd_rd_dst; /* destination address */ /* could be followed by options */ }; #define nd_rd_type nd_rd_hdr.icmp6_type #define nd_rd_code nd_rd_hdr.icmp6_code #define nd_rd_cksum nd_rd_hdr.icmp6_cksum #define nd_rd_reserved nd_rd_hdr.icmp6_data32[0] struct nd_opt_hdr { /* Neighbor discovery option header */ uint8_t nd_opt_type; uint8_t nd_opt_len; /* followed by option specific data*/ }; #define ND_OPT_SOURCE_LINKADDR 1 #define ND_OPT_TARGET_LINKADDR 2 #define ND_OPT_PREFIX_INFORMATION 3 #define ND_OPT_REDIRECTED_HEADER 4 #define ND_OPT_MTU 5 #define ND_OPT_ADVINTERVAL 7 #define ND_OPT_HOMEAGENT_INFO 8 #define ND_OPT_ROUTE_INFO 24 /* RFC4191 */ #define ND_OPT_RDNSS 25 #define ND_OPT_DNSSL 31 struct nd_opt_prefix_info { /* prefix information */ uint8_t nd_opt_pi_type; uint8_t nd_opt_pi_len; uint8_t nd_opt_pi_prefix_len; uint8_t nd_opt_pi_flags_reserved; uint8_t nd_opt_pi_valid_time[4]; uint8_t nd_opt_pi_preferred_time[4]; uint8_t nd_opt_pi_reserved2[4]; struct in6_addr nd_opt_pi_prefix; }; #define ND_OPT_PI_FLAG_ONLINK 0x80 #define ND_OPT_PI_FLAG_AUTO 0x40 #define ND_OPT_PI_FLAG_ROUTER 0x20 /*2292bis*/ struct nd_opt_rd_hdr { /* redirected header */ uint8_t nd_opt_rh_type; uint8_t nd_opt_rh_len; uint16_t nd_opt_rh_reserved1; uint32_t nd_opt_rh_reserved2; /* followed by IP header and data */ }; struct nd_opt_mtu { /* MTU option */ uint8_t nd_opt_mtu_type; uint8_t nd_opt_mtu_len; uint16_t nd_opt_mtu_reserved; uint32_t nd_opt_mtu_mtu; }; struct nd_opt_rdnss { /* RDNSS RFC 6106 5.1 */ uint8_t nd_opt_rdnss_type; uint8_t nd_opt_rdnss_len; uint16_t nd_opt_rdnss_reserved; uint32_t nd_opt_rdnss_lifetime; struct in6_addr nd_opt_rdnss_addr[1]; /* variable-length */ }; struct nd_opt_dnssl { /* DNSSL RFC 6106 5.2 */ uint8_t nd_opt_dnssl_type; uint8_t nd_opt_dnssl_len; uint16_t nd_opt_dnssl_reserved; uint32_t nd_opt_dnssl_lifetime; /* followed by list of DNS search domains, variable-length */ }; struct nd_opt_advinterval { /* Advertisement interval option */ uint8_t nd_opt_adv_type; uint8_t nd_opt_adv_len; uint16_t nd_opt_adv_reserved; uint32_t nd_opt_adv_interval; }; struct nd_opt_homeagent_info { /* Home Agent info */ uint8_t nd_opt_hai_type; uint8_t nd_opt_hai_len; uint16_t nd_opt_hai_reserved; int16_t nd_opt_hai_preference; uint16_t nd_opt_hai_lifetime; }; struct nd_opt_route_info { /* route info */ uint8_t nd_opt_rti_type; uint8_t nd_opt_rti_len; uint8_t nd_opt_rti_prefixlen; uint8_t nd_opt_rti_flags; uint32_t nd_opt_rti_lifetime; /* prefix follows */ }; /* * icmp6 namelookup */ struct icmp6_namelookup { struct icmp6_hdr icmp6_nl_hdr; uint8_t icmp6_nl_nonce[8]; int32_t icmp6_nl_ttl; #if 0 uint8_t icmp6_nl_len; uint8_t icmp6_nl_name[3]; #endif /* could be followed by options */ }; /* * icmp6 node information */ struct icmp6_nodeinfo { struct icmp6_hdr icmp6_ni_hdr; uint8_t icmp6_ni_nonce[8]; /* could be followed by reply data */ }; #define ni_type icmp6_ni_hdr.icmp6_type #define ni_code icmp6_ni_hdr.icmp6_code #define ni_cksum icmp6_ni_hdr.icmp6_cksum #define ni_qtype icmp6_ni_hdr.icmp6_data16[0] #define ni_flags icmp6_ni_hdr.icmp6_data16[1] #define NI_QTYPE_NOOP 0 /* NOOP */ #define NI_QTYPE_SUPTYPES 1 /* Supported Qtypes */ #define NI_QTYPE_FQDN 2 /* FQDN (draft 04) */ #define NI_QTYPE_DNSNAME 2 /* DNS Name */ #define NI_QTYPE_NODEADDR 3 /* Node Addresses */ #define NI_QTYPE_IPV4ADDR 4 /* IPv4 Addresses */ /* network endian */ #define NI_SUPTYPE_FLAG_COMPRESS ((uint16_t)htons(0x1)) #define NI_FQDN_FLAG_VALIDTTL ((uint16_t)htons(0x1)) /* network endian */ #define NI_NODEADDR_FLAG_TRUNCATE ((uint16_t)htons(0x1)) #define NI_NODEADDR_FLAG_ALL ((uint16_t)htons(0x2)) #define NI_NODEADDR_FLAG_COMPAT ((uint16_t)htons(0x4)) #define NI_NODEADDR_FLAG_LINKLOCAL ((uint16_t)htons(0x8)) #define NI_NODEADDR_FLAG_SITELOCAL ((uint16_t)htons(0x10)) #define NI_NODEADDR_FLAG_GLOBAL ((uint16_t)htons(0x20)) #define NI_NODEADDR_FLAG_ANYCAST ((uint16_t)htons(0x40)) /* just experimental. not in spec */ struct ni_reply_fqdn { uint32_t ni_fqdn_ttl; /* TTL */ uint8_t ni_fqdn_namelen; /* length in octets of the FQDN */ uint8_t ni_fqdn_name[3]; /* XXX: alignment */ }; /* * Router Renumbering. as router-renum-08.txt */ struct icmp6_router_renum { /* router renumbering header */ struct icmp6_hdr rr_hdr; uint8_t rr_segnum; uint8_t rr_flags; uint16_t rr_maxdelay; uint32_t rr_reserved; }; #define ICMP6_RR_FLAGS_TEST 0x80 #define ICMP6_RR_FLAGS_REQRESULT 0x40 #define ICMP6_RR_FLAGS_FORCEAPPLY 0x20 #define ICMP6_RR_FLAGS_SPECSITE 0x10 #define ICMP6_RR_FLAGS_PREVDONE 0x08 #define rr_type rr_hdr.icmp6_type #define rr_code rr_hdr.icmp6_code #define rr_cksum rr_hdr.icmp6_cksum #define rr_seqnum rr_hdr.icmp6_data32[0] struct rr_pco_match { /* match prefix part */ uint8_t rpm_code; uint8_t rpm_len; uint8_t rpm_ordinal; uint8_t rpm_matchlen; uint8_t rpm_minlen; uint8_t rpm_maxlen; uint16_t rpm_reserved; struct in6_addr rpm_prefix; }; #define RPM_PCO_ADD 1 #define RPM_PCO_CHANGE 2 #define RPM_PCO_SETGLOBAL 3 #define RPM_PCO_MAX 4 struct rr_pco_use { /* use prefix part */ uint8_t rpu_uselen; uint8_t rpu_keeplen; uint8_t rpu_ramask; uint8_t rpu_raflags; uint32_t rpu_vltime; uint32_t rpu_pltime; uint32_t rpu_flags; struct in6_addr rpu_prefix; }; #define ICMP6_RR_PCOUSE_RAFLAGS_ONLINK 0x80 #define ICMP6_RR_PCOUSE_RAFLAGS_AUTO 0x40 /* network endian */ #define ICMP6_RR_PCOUSE_FLAGS_DECRVLTIME ((uint32_t)htonl(0x80000000)) #define ICMP6_RR_PCOUSE_FLAGS_DECRPLTIME ((uint32_t)htonl(0x40000000)) struct rr_result { /* router renumbering result message */ uint16_t rrr_flags; uint8_t rrr_ordinal; uint8_t rrr_matchedlen; uint32_t rrr_ifid; struct in6_addr rrr_prefix; }; /* network endian */ #define ICMP6_RR_RESULT_FLAGS_OOB ((uint16_t)htons(0x0002)) #define ICMP6_RR_RESULT_FLAGS_FORBIDDEN ((uint16_t)htons(0x0001)) static const char *get_rtpref(u_int); static const char *get_lifetime(uint32_t); static void print_lladdr(netdissect_options *ndo, const u_char *, size_t); static void icmp6_opt_print(netdissect_options *ndo, const u_char *, int); static void mld6_print(netdissect_options *ndo, const u_char *); static void mldv2_report_print(netdissect_options *ndo, const u_char *, u_int); static void mldv2_query_print(netdissect_options *ndo, const u_char *, u_int); static const struct udphdr *get_upperlayer(netdissect_options *ndo, const u_char *, u_int *); static void dnsname_print(netdissect_options *ndo, const u_char *, const u_char *); static void icmp6_nodeinfo_print(netdissect_options *ndo, u_int, const u_char *, const u_char *); static void icmp6_rrenum_print(netdissect_options *ndo, const u_char *, const u_char *); #ifndef abs #define abs(a) ((0 < (a)) ? (a) : -(a)) #endif #include "rpl.h" static const struct tok icmp6_type_values[] = { { ICMP6_DST_UNREACH, "destination unreachable"}, { ICMP6_PACKET_TOO_BIG, "packet too big"}, { ICMP6_TIME_EXCEEDED, "time exceeded in-transit"}, { ICMP6_PARAM_PROB, "parameter problem"}, { ICMP6_ECHO_REQUEST, "echo request"}, { ICMP6_ECHO_REPLY, "echo reply"}, { MLD6_LISTENER_QUERY, "multicast listener query"}, { MLD6_LISTENER_REPORT, "multicast listener report"}, { MLD6_LISTENER_DONE, "multicast listener done"}, { ND_ROUTER_SOLICIT, "router solicitation"}, { ND_ROUTER_ADVERT, "router advertisement"}, { ND_NEIGHBOR_SOLICIT, "neighbor solicitation"}, { ND_NEIGHBOR_ADVERT, "neighbor advertisement"}, { ND_REDIRECT, "redirect"}, { ICMP6_ROUTER_RENUMBERING, "router renumbering"}, { IND_SOLICIT, "inverse neighbor solicitation"}, { IND_ADVERT, "inverse neighbor advertisement"}, { MLDV2_LISTENER_REPORT, "multicast listener report v2"}, { ICMP6_HADISCOV_REQUEST, "ha discovery request"}, { ICMP6_HADISCOV_REPLY, "ha discovery reply"}, { ICMP6_MOBILEPREFIX_SOLICIT, "mobile router solicitation"}, { ICMP6_MOBILEPREFIX_ADVERT, "mobile router advertisement"}, { ICMP6_WRUREQUEST, "who-are-you request"}, { ICMP6_WRUREPLY, "who-are-you reply"}, { ICMP6_NI_QUERY, "node information query"}, { ICMP6_NI_REPLY, "node information reply"}, { MLD6_MTRACE, "mtrace message"}, { MLD6_MTRACE_RESP, "mtrace response"}, { ND_RPL_MESSAGE, "RPL"}, { 0, NULL } }; static const struct tok icmp6_dst_unreach_code_values[] = { { ICMP6_DST_UNREACH_NOROUTE, "unreachable route" }, { ICMP6_DST_UNREACH_ADMIN, " unreachable prohibited"}, { ICMP6_DST_UNREACH_BEYONDSCOPE, "beyond scope"}, { ICMP6_DST_UNREACH_ADDR, "unreachable address"}, { ICMP6_DST_UNREACH_NOPORT, "unreachable port"}, { 0, NULL } }; static const struct tok icmp6_opt_pi_flag_values[] = { { ND_OPT_PI_FLAG_ONLINK, "onlink" }, { ND_OPT_PI_FLAG_AUTO, "auto" }, { ND_OPT_PI_FLAG_ROUTER, "router" }, { 0, NULL } }; static const struct tok icmp6_opt_ra_flag_values[] = { { ND_RA_FLAG_MANAGED, "managed" }, { ND_RA_FLAG_OTHER, "other stateful"}, { ND_RA_FLAG_HOME_AGENT, "home agent"}, { 0, NULL } }; static const struct tok icmp6_nd_na_flag_values[] = { { ND_NA_FLAG_ROUTER, "router" }, { ND_NA_FLAG_SOLICITED, "solicited" }, { ND_NA_FLAG_OVERRIDE, "override" }, { 0, NULL } }; static const struct tok icmp6_opt_values[] = { { ND_OPT_SOURCE_LINKADDR, "source link-address"}, { ND_OPT_TARGET_LINKADDR, "destination link-address"}, { ND_OPT_PREFIX_INFORMATION, "prefix info"}, { ND_OPT_REDIRECTED_HEADER, "redirected header"}, { ND_OPT_MTU, "mtu"}, { ND_OPT_RDNSS, "rdnss"}, { ND_OPT_DNSSL, "dnssl"}, { ND_OPT_ADVINTERVAL, "advertisement interval"}, { ND_OPT_HOMEAGENT_INFO, "homeagent information"}, { ND_OPT_ROUTE_INFO, "route info"}, { 0, NULL } }; /* mldv2 report types */ static const struct tok mldv2report2str[] = { { 1, "is_in" }, { 2, "is_ex" }, { 3, "to_in" }, { 4, "to_ex" }, { 5, "allow" }, { 6, "block" }, { 0, NULL } }; static const char * get_rtpref(u_int v) { static const char *rtpref_str[] = { "medium", /* 00 */ "high", /* 01 */ "rsv", /* 10 */ "low" /* 11 */ }; return rtpref_str[((v & ND_RA_FLAG_RTPREF_MASK) >> 3) & 0xff]; } static const char * get_lifetime(uint32_t v) { static char buf[20]; if (v == (uint32_t)~0UL) return "infinity"; else { snprintf(buf, sizeof(buf), "%us", v); return buf; } } static void print_lladdr(netdissect_options *ndo, const uint8_t *p, size_t l) { const uint8_t *ep, *q; q = p; ep = p + l; while (l > 0 && q < ep) { if (q > p) ND_PRINT((ndo,":")); ND_PRINT((ndo,"%02x", *q++)); l--; } } static int icmp6_cksum(const struct ip6_hdr *ip6, const struct icmp6_hdr *icp, u_int len) { return nextproto6_cksum(ip6, (const uint8_t *)(void *)icp, len, len, IPPROTO_ICMPV6); } const struct tok rpl_mop_values[] = { { RPL_DIO_NONSTORING, "nonstoring"}, { RPL_DIO_STORING, "storing"}, { RPL_DIO_NONSTORING_MULTICAST, "nonstoring-multicast"}, { RPL_DIO_STORING_MULTICAST, "storing-multicast"}, { 0, NULL}, }; const struct tok rpl_subopt_values[] = { { RPL_OPT_PAD0, "pad0"}, { RPL_OPT_PADN, "padN"}, { RPL_DIO_METRICS, "metrics"}, { RPL_DIO_ROUTINGINFO, "routinginfo"}, { RPL_DIO_CONFIG, "config"}, { RPL_DAO_RPLTARGET, "rpltarget"}, { RPL_DAO_TRANSITINFO, "transitinfo"}, { RPL_DIO_DESTPREFIX, "destprefix"}, { RPL_DAO_RPLTARGET_DESC, "rpltargetdesc"}, { 0, NULL}, }; static void rpl_format_dagid(char dagid_str[65], const u_char *dagid) { char *d = dagid_str; int i; for(i=0;i<16;i++) { if(isprint(dagid[i])) { *d++ = dagid[i]; } else { snprintf(d,5,"0x%02x", dagid[i]); /* 4 + null char */ d += 4; } } *d++ = '\0'; } static void rpl_dio_printopt(netdissect_options *ndo, const struct rpl_dio_genoption *opt, u_int length) { if(length < RPL_DIO_GENOPTION_LEN) return; length -= RPL_DIO_GENOPTION_LEN; ND_TCHECK(opt->rpl_dio_len); while((opt->rpl_dio_type == RPL_OPT_PAD0 && (u_char *)opt < ndo->ndo_snapend) || ND_TTEST2(*opt,(opt->rpl_dio_len+2))) { unsigned int optlen = opt->rpl_dio_len+2; if(opt->rpl_dio_type == RPL_OPT_PAD0) { optlen = 1; ND_PRINT((ndo, " opt:pad0")); } else { ND_PRINT((ndo, " opt:%s len:%u ", tok2str(rpl_subopt_values, "%subopt:%u", opt->rpl_dio_type), optlen)); if(ndo->ndo_vflag > 2) { unsigned int paylen = opt->rpl_dio_len; if(paylen > length) paylen = length; hex_print(ndo, " ", ((uint8_t *)opt) + RPL_DIO_GENOPTION_LEN, /* content of DIO option */ paylen); } } opt = (struct rpl_dio_genoption *)(((char *)opt) + optlen); length -= optlen; } return; trunc: ND_PRINT((ndo," [|truncated]")); return; } static void rpl_dio_print(netdissect_options *ndo, const u_char *bp, u_int length) { const struct nd_rpl_dio *dio = (struct nd_rpl_dio *)bp; char dagid_str[65]; ND_TCHECK(*dio); rpl_format_dagid(dagid_str, dio->rpl_dagid); ND_PRINT((ndo, " [dagid:%s,seq:%u,instance:%u,rank:%u,%smop:%s,prf:%u]", dagid_str, dio->rpl_dtsn, dio->rpl_instanceid, EXTRACT_16BITS(&dio->rpl_dagrank), RPL_DIO_GROUNDED(dio->rpl_mopprf) ? "grounded,":"", tok2str(rpl_mop_values, "mop%u", RPL_DIO_MOP(dio->rpl_mopprf)), RPL_DIO_PRF(dio->rpl_mopprf))); if(ndo->ndo_vflag > 1) { struct rpl_dio_genoption *opt = (struct rpl_dio_genoption *)&dio[1]; rpl_dio_printopt(ndo, opt, length); } return; trunc: ND_PRINT((ndo," [|truncated]")); return; } static void rpl_dao_print(netdissect_options *ndo, const u_char *bp, u_int length) { const struct nd_rpl_dao *dao = (struct nd_rpl_dao *)bp; char dagid_str[65]; ND_TCHECK(*dao); if (length < ND_RPL_DAO_MIN_LEN) goto tooshort; strcpy(dagid_str,""); bp += ND_RPL_DAO_MIN_LEN; length -= ND_RPL_DAO_MIN_LEN; if(RPL_DAO_D(dao->rpl_flags)) { ND_TCHECK2(dao->rpl_dagid, DAGID_LEN); if (length < DAGID_LEN) goto tooshort; rpl_format_dagid(dagid_str, dao->rpl_dagid); bp += DAGID_LEN; length -= DAGID_LEN; } ND_PRINT((ndo, " [dagid:%s,seq:%u,instance:%u%s%s,%02x]", dagid_str, dao->rpl_daoseq, dao->rpl_instanceid, RPL_DAO_K(dao->rpl_flags) ? ",acK":"", RPL_DAO_D(dao->rpl_flags) ? ",Dagid":"", dao->rpl_flags)); if(ndo->ndo_vflag > 1) { const struct rpl_dio_genoption *opt = (struct rpl_dio_genoption *)bp; rpl_dio_printopt(ndo, opt, length); } return; trunc: ND_PRINT((ndo," [|truncated]")); return; tooshort: ND_PRINT((ndo," [|length too short]")); return; } static void rpl_daoack_print(netdissect_options *ndo, const u_char *bp, u_int length) { const struct nd_rpl_daoack *daoack = (struct nd_rpl_daoack *)bp; char dagid_str[65]; ND_TCHECK2(*daoack, ND_RPL_DAOACK_MIN_LEN); if (length < ND_RPL_DAOACK_MIN_LEN) goto tooshort; strcpy(dagid_str,""); bp += ND_RPL_DAOACK_MIN_LEN; length -= ND_RPL_DAOACK_MIN_LEN; if(RPL_DAOACK_D(daoack->rpl_flags)) { ND_TCHECK2(daoack->rpl_dagid, 16); if (length < DAGID_LEN) goto tooshort; rpl_format_dagid(dagid_str, daoack->rpl_dagid); bp += DAGID_LEN; length -= DAGID_LEN; } ND_PRINT((ndo, " [dagid:%s,seq:%u,instance:%u,status:%u]", dagid_str, daoack->rpl_daoseq, daoack->rpl_instanceid, daoack->rpl_status)); /* no officially defined options for DAOACK, but print any we find */ if(ndo->ndo_vflag > 1) { const struct rpl_dio_genoption *opt = (struct rpl_dio_genoption *)bp; rpl_dio_printopt(ndo, opt, length); } return; trunc: ND_PRINT((ndo," [|dao-truncated]")); return; tooshort: ND_PRINT((ndo," [|dao-length too short]")); return; } static void rpl_print(netdissect_options *ndo, const struct icmp6_hdr *hdr, const u_char *bp, u_int length) { int secured = hdr->icmp6_code & 0x80; int basecode= hdr->icmp6_code & 0x7f; if(secured) { ND_PRINT((ndo, ", (SEC) [worktodo]")); /* XXX * the next header pointer needs to move forward to * skip the secure part. */ return; } else { ND_PRINT((ndo, ", (CLR)")); } switch(basecode) { case ND_RPL_DAG_IS: ND_PRINT((ndo, "DODAG Information Solicitation")); if(ndo->ndo_vflag) { } break; case ND_RPL_DAG_IO: ND_PRINT((ndo, "DODAG Information Object")); if(ndo->ndo_vflag) { rpl_dio_print(ndo, bp, length); } break; case ND_RPL_DAO: ND_PRINT((ndo, "Destination Advertisement Object")); if(ndo->ndo_vflag) { rpl_dao_print(ndo, bp, length); } break; case ND_RPL_DAO_ACK: ND_PRINT((ndo, "Destination Advertisement Object Ack")); if(ndo->ndo_vflag) { rpl_daoack_print(ndo, bp, length); } break; default: ND_PRINT((ndo, "RPL message, unknown code %u",hdr->icmp6_code)); break; } return; #if 0 trunc: ND_PRINT((ndo," [|truncated]")); return; #endif } void icmp6_print(netdissect_options *ndo, const u_char *bp, u_int length, const u_char *bp2, int fragmented) { const struct icmp6_hdr *dp; const struct ip6_hdr *ip; const struct ip6_hdr *oip; const struct udphdr *ouh; int dport; const u_char *ep; u_int prot; dp = (struct icmp6_hdr *)bp; ip = (struct ip6_hdr *)bp2; oip = (struct ip6_hdr *)(dp + 1); /* 'ep' points to the end of available data. */ ep = ndo->ndo_snapend; ND_TCHECK(dp->icmp6_cksum); if (ndo->ndo_vflag && !fragmented) { uint16_t sum, udp_sum; if (ND_TTEST2(bp[0], length)) { udp_sum = EXTRACT_16BITS(&dp->icmp6_cksum); sum = icmp6_cksum(ip, dp, length); if (sum != 0) ND_PRINT((ndo,"[bad icmp6 cksum 0x%04x -> 0x%04x!] ", udp_sum, in_cksum_shouldbe(udp_sum, sum))); else ND_PRINT((ndo,"[icmp6 sum ok] ")); } } ND_PRINT((ndo,"ICMP6, %s", tok2str(icmp6_type_values,"unknown icmp6 type (%u)",dp->icmp6_type))); /* display cosmetics: print the packet length for printer that use the vflag now */ if (ndo->ndo_vflag && (dp->icmp6_type == ND_ROUTER_SOLICIT || dp->icmp6_type == ND_ROUTER_ADVERT || dp->icmp6_type == ND_NEIGHBOR_ADVERT || dp->icmp6_type == ND_NEIGHBOR_SOLICIT || dp->icmp6_type == ND_REDIRECT || dp->icmp6_type == ICMP6_HADISCOV_REPLY || dp->icmp6_type == ICMP6_MOBILEPREFIX_ADVERT )) ND_PRINT((ndo,", length %u", length)); switch (dp->icmp6_type) { case ICMP6_DST_UNREACH: ND_TCHECK(oip->ip6_dst); ND_PRINT((ndo,", %s", tok2str(icmp6_dst_unreach_code_values,"unknown unreach code (%u)",dp->icmp6_code))); switch (dp->icmp6_code) { case ICMP6_DST_UNREACH_NOROUTE: /* fall through */ case ICMP6_DST_UNREACH_ADMIN: case ICMP6_DST_UNREACH_ADDR: ND_PRINT((ndo," %s",ip6addr_string(ndo, &oip->ip6_dst))); break; case ICMP6_DST_UNREACH_BEYONDSCOPE: ND_PRINT((ndo," %s, source address %s", ip6addr_string(ndo, &oip->ip6_dst), ip6addr_string(ndo, &oip->ip6_src))); break; case ICMP6_DST_UNREACH_NOPORT: if ((ouh = get_upperlayer(ndo, (u_char *)oip, &prot)) == NULL) goto trunc; dport = EXTRACT_16BITS(&ouh->uh_dport); switch (prot) { case IPPROTO_TCP: ND_PRINT((ndo,", %s tcp port %s", ip6addr_string(ndo, &oip->ip6_dst), tcpport_string(dport))); break; case IPPROTO_UDP: ND_PRINT((ndo,", %s udp port %s", ip6addr_string(ndo, &oip->ip6_dst), udpport_string(dport))); break; default: ND_PRINT((ndo,", %s protocol %d port %d unreachable", ip6addr_string(ndo, &oip->ip6_dst), oip->ip6_nxt, dport)); break; } break; default: if (ndo->ndo_vflag <= 1) { print_unknown_data(ndo, bp,"\n\t",length); return; } break; } break; case ICMP6_PACKET_TOO_BIG: ND_TCHECK(dp->icmp6_mtu); ND_PRINT((ndo,", mtu %u", EXTRACT_32BITS(&dp->icmp6_mtu))); break; case ICMP6_TIME_EXCEEDED: ND_TCHECK(oip->ip6_dst); switch (dp->icmp6_code) { case ICMP6_TIME_EXCEED_TRANSIT: ND_PRINT((ndo," for %s", ip6addr_string(ndo, &oip->ip6_dst))); break; case ICMP6_TIME_EXCEED_REASSEMBLY: ND_PRINT((ndo," (reassembly)")); break; default: ND_PRINT((ndo,", unknown code (%u)", dp->icmp6_code)); break; } break; case ICMP6_PARAM_PROB: ND_TCHECK(oip->ip6_dst); switch (dp->icmp6_code) { case ICMP6_PARAMPROB_HEADER: ND_PRINT((ndo,", erroneous - octet %u", EXTRACT_32BITS(&dp->icmp6_pptr))); break; case ICMP6_PARAMPROB_NEXTHEADER: ND_PRINT((ndo,", next header - octet %u", EXTRACT_32BITS(&dp->icmp6_pptr))); break; case ICMP6_PARAMPROB_OPTION: ND_PRINT((ndo,", option - octet %u", EXTRACT_32BITS(&dp->icmp6_pptr))); break; default: ND_PRINT((ndo,", code-#%d", dp->icmp6_code)); break; } break; case ICMP6_ECHO_REQUEST: case ICMP6_ECHO_REPLY: ND_TCHECK(dp->icmp6_seq); ND_PRINT((ndo,", seq %u", EXTRACT_16BITS(&dp->icmp6_seq))); break; case ICMP6_MEMBERSHIP_QUERY: if (length == MLD_MINLEN) { mld6_print(ndo, (const u_char *)dp); } else if (length >= MLDV2_MINLEN) { ND_PRINT((ndo," v2")); mldv2_query_print(ndo, (const u_char *)dp, length); } else { ND_PRINT((ndo," unknown-version (len %u) ", length)); } break; case ICMP6_MEMBERSHIP_REPORT: mld6_print(ndo, (const u_char *)dp); break; case ICMP6_MEMBERSHIP_REDUCTION: mld6_print(ndo, (const u_char *)dp); break; case ND_ROUTER_SOLICIT: #define RTSOLLEN 8 if (ndo->ndo_vflag) { icmp6_opt_print(ndo, (const u_char *)dp + RTSOLLEN, length - RTSOLLEN); } break; case ND_ROUTER_ADVERT: #define RTADVLEN 16 if (ndo->ndo_vflag) { struct nd_router_advert *p; p = (struct nd_router_advert *)dp; ND_TCHECK(p->nd_ra_retransmit); ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ ", pref %s, router lifetime %us, reachable time %us, retrans time %us", (u_int)p->nd_ra_curhoplimit, bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), get_rtpref(p->nd_ra_flags_reserved), EXTRACT_16BITS(&p->nd_ra_router_lifetime), EXTRACT_32BITS(&p->nd_ra_reachable), EXTRACT_32BITS(&p->nd_ra_retransmit))); icmp6_opt_print(ndo, (const u_char *)dp + RTADVLEN, length - RTADVLEN); } break; case ND_NEIGHBOR_SOLICIT: { struct nd_neighbor_solicit *p; p = (struct nd_neighbor_solicit *)dp; ND_TCHECK(p->nd_ns_target); ND_PRINT((ndo,", who has %s", ip6addr_string(ndo, &p->nd_ns_target))); if (ndo->ndo_vflag) { #define NDSOLLEN 24 icmp6_opt_print(ndo, (const u_char *)dp + NDSOLLEN, length - NDSOLLEN); } } break; case ND_NEIGHBOR_ADVERT: { struct nd_neighbor_advert *p; p = (struct nd_neighbor_advert *)dp; ND_TCHECK(p->nd_na_target); ND_PRINT((ndo,", tgt is %s", ip6addr_string(ndo, &p->nd_na_target))); if (ndo->ndo_vflag) { ND_PRINT((ndo,", Flags [%s]", bittok2str(icmp6_nd_na_flag_values, "none", EXTRACT_32BITS(&p->nd_na_flags_reserved)))); #define NDADVLEN 24 icmp6_opt_print(ndo, (const u_char *)dp + NDADVLEN, length - NDADVLEN); #undef NDADVLEN } } break; case ND_REDIRECT: #define RDR(i) ((struct nd_redirect *)(i)) ND_TCHECK(RDR(dp)->nd_rd_dst); ND_PRINT((ndo,", %s", getname6(ndo, (const u_char *)&RDR(dp)->nd_rd_dst))); ND_TCHECK(RDR(dp)->nd_rd_target); ND_PRINT((ndo," to %s", getname6(ndo, (const u_char*)&RDR(dp)->nd_rd_target))); #define REDIRECTLEN 40 if (ndo->ndo_vflag) { icmp6_opt_print(ndo, (const u_char *)dp + REDIRECTLEN, length - REDIRECTLEN); } break; #undef REDIRECTLEN #undef RDR case ICMP6_ROUTER_RENUMBERING: icmp6_rrenum_print(ndo, bp, ep); break; case ICMP6_NI_QUERY: case ICMP6_NI_REPLY: icmp6_nodeinfo_print(ndo, length, bp, ep); break; case IND_SOLICIT: case IND_ADVERT: break; case ICMP6_V2_MEMBERSHIP_REPORT: mldv2_report_print(ndo, (const u_char *) dp, length); break; case ICMP6_MOBILEPREFIX_SOLICIT: /* fall through */ case ICMP6_HADISCOV_REQUEST: ND_TCHECK(dp->icmp6_data16[0]); ND_PRINT((ndo,", id 0x%04x", EXTRACT_16BITS(&dp->icmp6_data16[0]))); break; case ICMP6_HADISCOV_REPLY: if (ndo->ndo_vflag) { struct in6_addr *in6; u_char *cp; ND_TCHECK(dp->icmp6_data16[0]); ND_PRINT((ndo,", id 0x%04x", EXTRACT_16BITS(&dp->icmp6_data16[0]))); cp = (u_char *)dp + length; in6 = (struct in6_addr *)(dp + 1); for (; (u_char *)in6 < cp; in6++) { ND_TCHECK(*in6); ND_PRINT((ndo,", %s", ip6addr_string(ndo, in6))); } } break; case ICMP6_MOBILEPREFIX_ADVERT: if (ndo->ndo_vflag) { ND_TCHECK(dp->icmp6_data16[0]); ND_PRINT((ndo,", id 0x%04x", EXTRACT_16BITS(&dp->icmp6_data16[0]))); if (dp->icmp6_data16[1] & 0xc0) ND_PRINT((ndo," ")); if (dp->icmp6_data16[1] & 0x80) ND_PRINT((ndo,"M")); if (dp->icmp6_data16[1] & 0x40) ND_PRINT((ndo,"O")); #define MPADVLEN 8 icmp6_opt_print(ndo, (const u_char *)dp + MPADVLEN, length - MPADVLEN); } break; case ND_RPL_MESSAGE: /* plus 4, because struct icmp6_hdr contains 4 bytes of icmp payload */ rpl_print(ndo, dp, &dp->icmp6_data8[0], length-sizeof(struct icmp6_hdr)+4); break; default: ND_PRINT((ndo,", length %u", length)); if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, bp,"\n\t", length); return; } if (!ndo->ndo_vflag) ND_PRINT((ndo,", length %u", length)); return; trunc: ND_PRINT((ndo, "[|icmp6]")); } static const struct udphdr * get_upperlayer(netdissect_options *ndo, const u_char *bp, u_int *prot) { const u_char *ep; const struct ip6_hdr *ip6 = (struct ip6_hdr *)bp; const struct udphdr *uh; const struct ip6_hbh *hbh; const struct ip6_frag *fragh; const struct ah *ah; u_int nh; int hlen; /* 'ep' points to the end of available data. */ ep = ndo->ndo_snapend; if (!ND_TTEST(ip6->ip6_nxt)) return NULL; nh = ip6->ip6_nxt; hlen = sizeof(struct ip6_hdr); while (bp < ep) { bp += hlen; switch(nh) { case IPPROTO_UDP: case IPPROTO_TCP: uh = (struct udphdr *)bp; if (ND_TTEST(uh->uh_dport)) { *prot = nh; return(uh); } else return(NULL); /* NOTREACHED */ case IPPROTO_HOPOPTS: case IPPROTO_DSTOPTS: case IPPROTO_ROUTING: hbh = (struct ip6_hbh *)bp; if (!ND_TTEST(hbh->ip6h_len)) return(NULL); nh = hbh->ip6h_nxt; hlen = (hbh->ip6h_len + 1) << 3; break; case IPPROTO_FRAGMENT: /* this should be odd, but try anyway */ fragh = (struct ip6_frag *)bp; if (!ND_TTEST(fragh->ip6f_offlg)) return(NULL); /* fragments with non-zero offset are meaningless */ if ((EXTRACT_16BITS(&fragh->ip6f_offlg) & IP6F_OFF_MASK) != 0) return(NULL); nh = fragh->ip6f_nxt; hlen = sizeof(struct ip6_frag); break; case IPPROTO_AH: ah = (struct ah *)bp; if (!ND_TTEST(ah->ah_len)) return(NULL); nh = ah->ah_nxt; hlen = (ah->ah_len + 2) << 2; break; default: /* unknown or undecodable header */ *prot = nh; /* meaningless, but set here anyway */ return(NULL); } } return(NULL); /* should be notreached, though */ } static void icmp6_opt_print(netdissect_options *ndo, const u_char *bp, int resid) { const struct nd_opt_hdr *op; const struct nd_opt_prefix_info *opp; const struct nd_opt_mtu *opm; const struct nd_opt_rdnss *oprd; const struct nd_opt_dnssl *opds; const struct nd_opt_advinterval *opa; const struct nd_opt_homeagent_info *oph; const struct nd_opt_route_info *opri; const u_char *cp, *ep, *domp; struct in6_addr in6, *in6p; size_t l; u_int i; #define ECHECK(var) if ((u_char *)&(var) > ep - sizeof(var)) return cp = bp; /* 'ep' points to the end of available data. */ ep = ndo->ndo_snapend; while (cp < ep) { op = (struct nd_opt_hdr *)cp; ECHECK(op->nd_opt_len); if (resid <= 0) return; if (op->nd_opt_len == 0) goto trunc; if (cp + (op->nd_opt_len << 3) > ep) goto trunc; ND_PRINT((ndo,"\n\t %s option (%u), length %u (%u): ", tok2str(icmp6_opt_values, "unknown", op->nd_opt_type), op->nd_opt_type, op->nd_opt_len << 3, op->nd_opt_len)); switch (op->nd_opt_type) { case ND_OPT_SOURCE_LINKADDR: l = (op->nd_opt_len << 3) - 2; print_lladdr(ndo, cp + 2, l); break; case ND_OPT_TARGET_LINKADDR: l = (op->nd_opt_len << 3) - 2; print_lladdr(ndo, cp + 2, l); break; case ND_OPT_PREFIX_INFORMATION: opp = (struct nd_opt_prefix_info *)op; ND_TCHECK(opp->nd_opt_pi_prefix); ND_PRINT((ndo,"%s/%u%s, Flags [%s], valid time %s", ip6addr_string(ndo, &opp->nd_opt_pi_prefix), opp->nd_opt_pi_prefix_len, (op->nd_opt_len != 4) ? "badlen" : "", bittok2str(icmp6_opt_pi_flag_values, "none", opp->nd_opt_pi_flags_reserved), get_lifetime(EXTRACT_32BITS(&opp->nd_opt_pi_valid_time)))); ND_PRINT((ndo,", pref. time %s", get_lifetime(EXTRACT_32BITS(&opp->nd_opt_pi_preferred_time)))); break; case ND_OPT_REDIRECTED_HEADER: print_unknown_data(ndo, bp,"\n\t ",op->nd_opt_len<<3); /* xxx */ break; case ND_OPT_MTU: opm = (struct nd_opt_mtu *)op; ND_TCHECK(opm->nd_opt_mtu_mtu); ND_PRINT((ndo," %u%s", EXTRACT_32BITS(&opm->nd_opt_mtu_mtu), (op->nd_opt_len != 1) ? "bad option length" : "" )); break; case ND_OPT_RDNSS: oprd = (struct nd_opt_rdnss *)op; l = (op->nd_opt_len - 1) / 2; ND_PRINT((ndo," lifetime %us,", EXTRACT_32BITS(&oprd->nd_opt_rdnss_lifetime))); for (i = 0; i < l; i++) { ND_TCHECK(oprd->nd_opt_rdnss_addr[i]); ND_PRINT((ndo," addr: %s", ip6addr_string(ndo, &oprd->nd_opt_rdnss_addr[i]))); } break; case ND_OPT_DNSSL: opds = (struct nd_opt_dnssl *)op; ND_PRINT((ndo," lifetime %us, domain(s):", EXTRACT_32BITS(&opds->nd_opt_dnssl_lifetime))); domp = cp + 8; /* domain names, variable-sized, RFC1035-encoded */ while (domp < cp + (op->nd_opt_len << 3) && *domp != '\0') { ND_PRINT((ndo, " ")); if ((domp = ns_nprint (ndo, domp, bp)) == NULL) goto trunc; } break; case ND_OPT_ADVINTERVAL: opa = (struct nd_opt_advinterval *)op; ND_TCHECK(opa->nd_opt_adv_interval); ND_PRINT((ndo," %ums", EXTRACT_32BITS(&opa->nd_opt_adv_interval))); break; case ND_OPT_HOMEAGENT_INFO: oph = (struct nd_opt_homeagent_info *)op; ND_TCHECK(oph->nd_opt_hai_lifetime); ND_PRINT((ndo," preference %u, lifetime %u", EXTRACT_16BITS(&oph->nd_opt_hai_preference), EXTRACT_16BITS(&oph->nd_opt_hai_lifetime))); break; case ND_OPT_ROUTE_INFO: opri = (struct nd_opt_route_info *)op; ND_TCHECK(opri->nd_opt_rti_lifetime); memset(&in6, 0, sizeof(in6)); in6p = (struct in6_addr *)(opri + 1); switch (op->nd_opt_len) { case 1: break; case 2: ND_TCHECK2(*in6p, 8); memcpy(&in6, opri + 1, 8); break; case 3: ND_TCHECK(*in6p); memcpy(&in6, opri + 1, sizeof(in6)); break; default: goto trunc; } ND_PRINT((ndo," %s/%u", ip6addr_string(ndo, &in6), opri->nd_opt_rti_prefixlen)); ND_PRINT((ndo,", pref=%s", get_rtpref(opri->nd_opt_rti_flags))); ND_PRINT((ndo,", lifetime=%s", get_lifetime(EXTRACT_32BITS(&opri->nd_opt_rti_lifetime)))); break; default: if (ndo->ndo_vflag <= 1) { print_unknown_data(ndo,cp+2,"\n\t ", (op->nd_opt_len << 3) - 2); /* skip option header */ return; } break; } /* do we want to see an additional hexdump ? */ if (ndo->ndo_vflag> 1) print_unknown_data(ndo, cp+2,"\n\t ", (op->nd_opt_len << 3) - 2); /* skip option header */ cp += op->nd_opt_len << 3; resid -= op->nd_opt_len << 3; } return; trunc: ND_PRINT((ndo, "[ndp opt]")); return; #undef ECHECK } static void mld6_print(netdissect_options *ndo, const u_char *bp) { const struct mld6_hdr *mp = (struct mld6_hdr *)bp; const u_char *ep; /* 'ep' points to the end of available data. */ ep = ndo->ndo_snapend; if ((u_char *)mp + sizeof(*mp) > ep) return; ND_PRINT((ndo,"max resp delay: %d ", EXTRACT_16BITS(&mp->mld6_maxdelay))); ND_PRINT((ndo,"addr: %s", ip6addr_string(ndo, &mp->mld6_addr))); } static void mldv2_report_print(netdissect_options *ndo, const u_char *bp, u_int len) { struct icmp6_hdr *icp = (struct icmp6_hdr *) bp; u_int group, nsrcs, ngroups; u_int i, j; /* Minimum len is 8 */ if (len < 8) { ND_PRINT((ndo," [invalid len %d]", len)); return; } ND_TCHECK(icp->icmp6_data16[1]); ngroups = EXTRACT_16BITS(&icp->icmp6_data16[1]); ND_PRINT((ndo,", %d group record(s)", ngroups)); if (ndo->ndo_vflag > 0) { /* Print the group records */ group = 8; for (i = 0; i < ngroups; i++) { /* type(1) + auxlen(1) + numsrc(2) + grp(16) */ if (len < group + 20) { ND_PRINT((ndo," [invalid number of groups]")); return; } ND_TCHECK2(bp[group + 4], sizeof(struct in6_addr)); ND_PRINT((ndo," [gaddr %s", ip6addr_string(ndo, &bp[group + 4]))); ND_PRINT((ndo," %s", tok2str(mldv2report2str, " [v2-report-#%d]", bp[group]))); nsrcs = (bp[group + 2] << 8) + bp[group + 3]; /* Check the number of sources and print them */ if (len < group + 20 + (nsrcs * sizeof(struct in6_addr))) { ND_PRINT((ndo," [invalid number of sources %d]", nsrcs)); return; } if (ndo->ndo_vflag == 1) ND_PRINT((ndo,", %d source(s)", nsrcs)); else { /* Print the sources */ ND_PRINT((ndo," {")); for (j = 0; j < nsrcs; j++) { ND_TCHECK2(bp[group + 20 + j * sizeof(struct in6_addr)], sizeof(struct in6_addr)); ND_PRINT((ndo," %s", ip6addr_string(ndo, &bp[group + 20 + j * sizeof(struct in6_addr)]))); } ND_PRINT((ndo," }")); } /* Next group record */ group += 20 + nsrcs * sizeof(struct in6_addr); ND_PRINT((ndo,"]")); } } return; trunc: ND_PRINT((ndo,"[|icmp6]")); return; } static void mldv2_query_print(netdissect_options *ndo, const u_char *bp, u_int len) { struct icmp6_hdr *icp = (struct icmp6_hdr *) bp; u_int mrc; int mrt, qqi; u_int nsrcs; register u_int i; /* Minimum len is 28 */ if (len < 28) { ND_PRINT((ndo," [invalid len %d]", len)); return; } ND_TCHECK(icp->icmp6_data16[0]); mrc = EXTRACT_16BITS(&icp->icmp6_data16[0]); if (mrc < 32768) { mrt = mrc; } else { mrt = ((mrc & 0x0fff) | 0x1000) << (((mrc & 0x7000) >> 12) + 3); } if (ndo->ndo_vflag) { ND_PRINT((ndo," [max resp delay=%d]", mrt)); } ND_TCHECK2(bp[8], sizeof(struct in6_addr)); ND_PRINT((ndo," [gaddr %s", ip6addr_string(ndo, &bp[8]))); if (ndo->ndo_vflag) { ND_TCHECK(bp[25]); if (bp[24] & 0x08) { ND_PRINT((ndo," sflag")); } if (bp[24] & 0x07) { ND_PRINT((ndo," robustness=%d", bp[24] & 0x07)); } if (bp[25] < 128) { qqi = bp[25]; } else { qqi = ((bp[25] & 0x0f) | 0x10) << (((bp[25] & 0x70) >> 4) + 3); } ND_PRINT((ndo," qqi=%d", qqi)); } ND_TCHECK2(bp[26], 2); nsrcs = EXTRACT_16BITS(&bp[26]); if (nsrcs > 0) { if (len < 28 + nsrcs * sizeof(struct in6_addr)) ND_PRINT((ndo," [invalid number of sources]")); else if (ndo->ndo_vflag > 1) { ND_PRINT((ndo," {")); for (i = 0; i < nsrcs; i++) { ND_TCHECK2(bp[28 + i * sizeof(struct in6_addr)], sizeof(struct in6_addr)); ND_PRINT((ndo," %s", ip6addr_string(ndo, &bp[28 + i * sizeof(struct in6_addr)]))); } ND_PRINT((ndo," }")); } else ND_PRINT((ndo,", %d source(s)", nsrcs)); } ND_PRINT((ndo,"]")); return; trunc: ND_PRINT((ndo,"[|icmp6]")); return; } static void dnsname_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { int i; /* DNS name decoding - no decompression */ ND_PRINT((ndo,", \"")); while (cp < ep) { i = *cp++; if (i) { if (i > ep - cp) { ND_PRINT((ndo,"???")); break; } while (i-- && cp < ep) { safeputchar(ndo, *cp); cp++; } if (cp + 1 < ep && *cp) ND_PRINT((ndo,".")); } else { if (cp == ep) { /* FQDN */ ND_PRINT((ndo,".")); } else if (cp + 1 == ep && *cp == '\0') { /* truncated */ } else { /* invalid */ ND_PRINT((ndo,"???")); } break; } } ND_PRINT((ndo,"\"")); } static void icmp6_nodeinfo_print(netdissect_options *ndo, u_int icmp6len, const u_char *bp, const u_char *ep) { const struct icmp6_nodeinfo *ni6; const struct icmp6_hdr *dp; const u_char *cp; size_t siz, i; int needcomma; if (ep < bp) return; dp = (struct icmp6_hdr *)bp; ni6 = (struct icmp6_nodeinfo *)bp; siz = ep - bp; switch (ni6->ni_type) { case ICMP6_NI_QUERY: if (siz == sizeof(*dp) + 4) { /* KAME who-are-you */ ND_PRINT((ndo," who-are-you request")); break; } ND_PRINT((ndo," node information query")); ND_TCHECK2(*dp, sizeof(*ni6)); ni6 = (struct icmp6_nodeinfo *)dp; ND_PRINT((ndo," (")); /*)*/ switch (EXTRACT_16BITS(&ni6->ni_qtype)) { case NI_QTYPE_NOOP: ND_PRINT((ndo,"noop")); break; case NI_QTYPE_SUPTYPES: ND_PRINT((ndo,"supported qtypes")); i = EXTRACT_16BITS(&ni6->ni_flags); if (i) ND_PRINT((ndo," [%s]", (i & 0x01) ? "C" : "")); break; case NI_QTYPE_FQDN: ND_PRINT((ndo,"DNS name")); break; case NI_QTYPE_NODEADDR: ND_PRINT((ndo,"node addresses")); i = ni6->ni_flags; if (!i) break; /* NI_NODEADDR_FLAG_TRUNCATE undefined for query */ ND_PRINT((ndo," [%s%s%s%s%s%s]", (i & NI_NODEADDR_FLAG_ANYCAST) ? "a" : "", (i & NI_NODEADDR_FLAG_GLOBAL) ? "G" : "", (i & NI_NODEADDR_FLAG_SITELOCAL) ? "S" : "", (i & NI_NODEADDR_FLAG_LINKLOCAL) ? "L" : "", (i & NI_NODEADDR_FLAG_COMPAT) ? "C" : "", (i & NI_NODEADDR_FLAG_ALL) ? "A" : "")); break; default: ND_PRINT((ndo,"unknown")); break; } if (ni6->ni_qtype == NI_QTYPE_NOOP || ni6->ni_qtype == NI_QTYPE_SUPTYPES) { if (siz != sizeof(*ni6)) if (ndo->ndo_vflag) ND_PRINT((ndo,", invalid len")); /*(*/ ND_PRINT((ndo,")")); break; } /* XXX backward compat, icmp-name-lookup-03 */ if (siz == sizeof(*ni6)) { ND_PRINT((ndo,", 03 draft")); /*(*/ ND_PRINT((ndo,")")); break; } switch (ni6->ni_code) { case ICMP6_NI_SUBJ_IPV6: if (!ND_TTEST2(*dp, sizeof(*ni6) + sizeof(struct in6_addr))) break; if (siz != sizeof(*ni6) + sizeof(struct in6_addr)) { if (ndo->ndo_vflag) ND_PRINT((ndo,", invalid subject len")); break; } ND_PRINT((ndo,", subject=%s", getname6(ndo, (const u_char *)(ni6 + 1)))); break; case ICMP6_NI_SUBJ_FQDN: ND_PRINT((ndo,", subject=DNS name")); cp = (const u_char *)(ni6 + 1); if (cp[0] == ep - cp - 1) { /* icmp-name-lookup-03, pascal string */ if (ndo->ndo_vflag) ND_PRINT((ndo,", 03 draft")); cp++; ND_PRINT((ndo,", \"")); while (cp < ep) { safeputchar(ndo, *cp); cp++; } ND_PRINT((ndo,"\"")); } else dnsname_print(ndo, cp, ep); break; case ICMP6_NI_SUBJ_IPV4: if (!ND_TTEST2(*dp, sizeof(*ni6) + sizeof(struct in_addr))) break; if (siz != sizeof(*ni6) + sizeof(struct in_addr)) { if (ndo->ndo_vflag) ND_PRINT((ndo,", invalid subject len")); break; } ND_PRINT((ndo,", subject=%s", getname(ndo, (const u_char *)(ni6 + 1)))); break; default: ND_PRINT((ndo,", unknown subject")); break; } /*(*/ ND_PRINT((ndo,")")); break; case ICMP6_NI_REPLY: if (icmp6len > siz) { ND_PRINT((ndo,"[|icmp6: node information reply]")); break; } needcomma = 0; ni6 = (struct icmp6_nodeinfo *)dp; ND_PRINT((ndo," node information reply")); ND_PRINT((ndo," (")); /*)*/ switch (ni6->ni_code) { case ICMP6_NI_SUCCESS: if (ndo->ndo_vflag) { ND_PRINT((ndo,"success")); needcomma++; } break; case ICMP6_NI_REFUSED: ND_PRINT((ndo,"refused")); needcomma++; if (siz != sizeof(*ni6)) if (ndo->ndo_vflag) ND_PRINT((ndo,", invalid length")); break; case ICMP6_NI_UNKNOWN: ND_PRINT((ndo,"unknown")); needcomma++; if (siz != sizeof(*ni6)) if (ndo->ndo_vflag) ND_PRINT((ndo,", invalid length")); break; } if (ni6->ni_code != ICMP6_NI_SUCCESS) { /*(*/ ND_PRINT((ndo,")")); break; } switch (EXTRACT_16BITS(&ni6->ni_qtype)) { case NI_QTYPE_NOOP: if (needcomma) ND_PRINT((ndo,", ")); ND_PRINT((ndo,"noop")); if (siz != sizeof(*ni6)) if (ndo->ndo_vflag) ND_PRINT((ndo,", invalid length")); break; case NI_QTYPE_SUPTYPES: if (needcomma) ND_PRINT((ndo,", ")); ND_PRINT((ndo,"supported qtypes")); i = EXTRACT_16BITS(&ni6->ni_flags); if (i) ND_PRINT((ndo," [%s]", (i & 0x01) ? "C" : "")); break; case NI_QTYPE_FQDN: if (needcomma) ND_PRINT((ndo,", ")); ND_PRINT((ndo,"DNS name")); cp = (const u_char *)(ni6 + 1) + 4; if (cp[0] == ep - cp - 1) { /* icmp-name-lookup-03, pascal string */ if (ndo->ndo_vflag) ND_PRINT((ndo,", 03 draft")); cp++; ND_PRINT((ndo,", \"")); while (cp < ep) { safeputchar(ndo, *cp); cp++; } ND_PRINT((ndo,"\"")); } else dnsname_print(ndo, cp, ep); if ((EXTRACT_16BITS(&ni6->ni_flags) & 0x01) != 0) ND_PRINT((ndo," [TTL=%u]", *(uint32_t *)(ni6 + 1))); break; case NI_QTYPE_NODEADDR: if (needcomma) ND_PRINT((ndo,", ")); ND_PRINT((ndo,"node addresses")); i = sizeof(*ni6); while (i < siz) { if (i + sizeof(struct in6_addr) + sizeof(int32_t) > siz) break; ND_PRINT((ndo," %s", getname6(ndo, bp + i))); i += sizeof(struct in6_addr); ND_PRINT((ndo,"(%d)", (int32_t)EXTRACT_32BITS(bp + i))); i += sizeof(int32_t); } i = ni6->ni_flags; if (!i) break; ND_PRINT((ndo," [%s%s%s%s%s%s%s]", (i & NI_NODEADDR_FLAG_ANYCAST) ? "a" : "", (i & NI_NODEADDR_FLAG_GLOBAL) ? "G" : "", (i & NI_NODEADDR_FLAG_SITELOCAL) ? "S" : "", (i & NI_NODEADDR_FLAG_LINKLOCAL) ? "L" : "", (i & NI_NODEADDR_FLAG_COMPAT) ? "C" : "", (i & NI_NODEADDR_FLAG_ALL) ? "A" : "", (i & NI_NODEADDR_FLAG_TRUNCATE) ? "T" : "")); break; default: if (needcomma) ND_PRINT((ndo,", ")); ND_PRINT((ndo,"unknown")); break; } /*(*/ ND_PRINT((ndo,")")); break; } return; trunc: ND_PRINT((ndo, "[|icmp6]")); } static void icmp6_rrenum_print(netdissect_options *ndo, const u_char *bp, const u_char *ep) { const struct icmp6_router_renum *rr6; const char *cp; struct rr_pco_match *match; struct rr_pco_use *use; char hbuf[NI_MAXHOST]; int n; if (ep < bp) return; rr6 = (struct icmp6_router_renum *)bp; cp = (const char *)(rr6 + 1); ND_TCHECK(rr6->rr_reserved); switch (rr6->rr_code) { case ICMP6_ROUTER_RENUMBERING_COMMAND: ND_PRINT((ndo,"router renum: command")); break; case ICMP6_ROUTER_RENUMBERING_RESULT: ND_PRINT((ndo,"router renum: result")); break; case ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET: ND_PRINT((ndo,"router renum: sequence number reset")); break; default: ND_PRINT((ndo,"router renum: code-#%d", rr6->rr_code)); break; } ND_PRINT((ndo,", seq=%u", EXTRACT_32BITS(&rr6->rr_seqnum))); if (ndo->ndo_vflag) { #define F(x, y) ((rr6->rr_flags) & (x) ? (y) : "") ND_PRINT((ndo,"[")); /*]*/ if (rr6->rr_flags) { ND_PRINT((ndo,"%s%s%s%s%s,", F(ICMP6_RR_FLAGS_TEST, "T"), F(ICMP6_RR_FLAGS_REQRESULT, "R"), F(ICMP6_RR_FLAGS_FORCEAPPLY, "A"), F(ICMP6_RR_FLAGS_SPECSITE, "S"), F(ICMP6_RR_FLAGS_PREVDONE, "P"))); } ND_PRINT((ndo,"seg=%u,", rr6->rr_segnum)); ND_PRINT((ndo,"maxdelay=%u", EXTRACT_16BITS(&rr6->rr_maxdelay))); if (rr6->rr_reserved) ND_PRINT((ndo,"rsvd=0x%x", EXTRACT_32BITS(&rr6->rr_reserved))); /*[*/ ND_PRINT((ndo,"]")); #undef F } if (rr6->rr_code == ICMP6_ROUTER_RENUMBERING_COMMAND) { match = (struct rr_pco_match *)cp; cp = (const char *)(match + 1); ND_TCHECK(match->rpm_prefix); if (ndo->ndo_vflag > 1) ND_PRINT((ndo,"\n\t")); else ND_PRINT((ndo," ")); ND_PRINT((ndo,"match(")); /*)*/ switch (match->rpm_code) { case RPM_PCO_ADD: ND_PRINT((ndo,"add")); break; case RPM_PCO_CHANGE: ND_PRINT((ndo,"change")); break; case RPM_PCO_SETGLOBAL: ND_PRINT((ndo,"setglobal")); break; default: ND_PRINT((ndo,"#%u", match->rpm_code)); break; } if (ndo->ndo_vflag) { ND_PRINT((ndo,",ord=%u", match->rpm_ordinal)); ND_PRINT((ndo,",min=%u", match->rpm_minlen)); ND_PRINT((ndo,",max=%u", match->rpm_maxlen)); } if (inet_ntop(AF_INET6, &match->rpm_prefix, hbuf, sizeof(hbuf))) ND_PRINT((ndo,",%s/%u", hbuf, match->rpm_matchlen)); else ND_PRINT((ndo,",?/%u", match->rpm_matchlen)); /*(*/ ND_PRINT((ndo,")")); n = match->rpm_len - 3; if (n % 4) goto trunc; n /= 4; while (n-- > 0) { use = (struct rr_pco_use *)cp; cp = (const char *)(use + 1); ND_TCHECK(use->rpu_prefix); if (ndo->ndo_vflag > 1) ND_PRINT((ndo,"\n\t")); else ND_PRINT((ndo," ")); ND_PRINT((ndo,"use(")); /*)*/ if (use->rpu_flags) { #define F(x, y) ((use->rpu_flags) & (x) ? (y) : "") ND_PRINT((ndo,"%s%s,", F(ICMP6_RR_PCOUSE_FLAGS_DECRVLTIME, "V"), F(ICMP6_RR_PCOUSE_FLAGS_DECRPLTIME, "P"))); #undef F } if (ndo->ndo_vflag) { ND_PRINT((ndo,"mask=0x%x,", use->rpu_ramask)); ND_PRINT((ndo,"raflags=0x%x,", use->rpu_raflags)); if (~use->rpu_vltime == 0) ND_PRINT((ndo,"vltime=infty,")); else ND_PRINT((ndo,"vltime=%u,", EXTRACT_32BITS(&use->rpu_vltime))); if (~use->rpu_pltime == 0) ND_PRINT((ndo,"pltime=infty,")); else ND_PRINT((ndo,"pltime=%u,", EXTRACT_32BITS(&use->rpu_pltime))); } if (inet_ntop(AF_INET6, &use->rpu_prefix, hbuf, sizeof(hbuf))) ND_PRINT((ndo,"%s/%u/%u", hbuf, use->rpu_uselen, use->rpu_keeplen)); else ND_PRINT((ndo,"?/%u/%u", use->rpu_uselen, use->rpu_keeplen)); /*(*/ ND_PRINT((ndo,")")); } } return; trunc: ND_PRINT((ndo,"[|icmp6]")); } #endif /* INET6 */ /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/gmt2local.c0000644000026300017510000000404012431107727013357 0ustar mcrmcr/* * Copyright (c) 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #include "gmt2local.h" /* * Returns the difference between gmt and local time in seconds. * Use gmtime() and localtime() to keep things simple. */ int32_t gmt2local(time_t t) { register int dt, dir; register struct tm *gmt, *loc; struct tm sgmt; if (t == 0) t = time(NULL); gmt = &sgmt; *gmt = *gmtime(&t); loc = localtime(&t); dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 + (loc->tm_min - gmt->tm_min) * 60; /* * If the year or julian day is different, we span 00:00 GMT * and must add or subtract a day. Check the year first to * avoid problems when the julian day wraps. */ dir = loc->tm_year - gmt->tm_year; if (dir == 0) dir = loc->tm_yday - gmt->tm_yday; dt += dir * 24 * 60 * 60; return (dt); } tcpdump-4.7.4/print-pppoe.c0000644000026300017510000001321312431107727013752 0ustar mcrmcr/* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Original code by Greg Stark */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" /* must come after interface.h */ /* Codes */ enum { PPPOE_PADI = 0x09, PPPOE_PADO = 0x07, PPPOE_PADR = 0x19, PPPOE_PADS = 0x65, PPPOE_PADT = 0xa7 }; static const struct tok pppoecode2str[] = { { PPPOE_PADI, "PADI" }, { PPPOE_PADO, "PADO" }, { PPPOE_PADR, "PADR" }, { PPPOE_PADS, "PADS" }, { PPPOE_PADT, "PADT" }, { 0, "" }, /* PPP Data */ { 0, NULL } }; /* Tags */ enum { PPPOE_EOL = 0, PPPOE_SERVICE_NAME = 0x0101, PPPOE_AC_NAME = 0x0102, PPPOE_HOST_UNIQ = 0x0103, PPPOE_AC_COOKIE = 0x0104, PPPOE_VENDOR = 0x0105, PPPOE_RELAY_SID = 0x0110, PPPOE_MAX_PAYLOAD = 0x0120, PPPOE_SERVICE_NAME_ERROR = 0x0201, PPPOE_AC_SYSTEM_ERROR = 0x0202, PPPOE_GENERIC_ERROR = 0x0203 }; static const struct tok pppoetag2str[] = { { PPPOE_EOL, "EOL" }, { PPPOE_SERVICE_NAME, "Service-Name" }, { PPPOE_AC_NAME, "AC-Name" }, { PPPOE_HOST_UNIQ, "Host-Uniq" }, { PPPOE_AC_COOKIE, "AC-Cookie" }, { PPPOE_VENDOR, "Vendor-Specific" }, { PPPOE_RELAY_SID, "Relay-Session-ID" }, { PPPOE_MAX_PAYLOAD, "PPP-Max-Payload" }, { PPPOE_SERVICE_NAME_ERROR, "Service-Name-Error" }, { PPPOE_AC_SYSTEM_ERROR, "AC-System-Error" }, { PPPOE_GENERIC_ERROR, "Generic-Error" }, { 0, NULL } }; #define PPPOE_HDRLEN 6 #define MAXTAGPRINT 80 u_int pppoe_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { return (pppoe_print(ndo, p, h->len)); } u_int pppoe_print(netdissect_options *ndo, register const u_char *bp, u_int length) { uint16_t pppoe_ver, pppoe_type, pppoe_code, pppoe_sessionid; u_int pppoe_length; const u_char *pppoe_packet, *pppoe_payload; if (length < PPPOE_HDRLEN) { ND_PRINT((ndo, "truncated-pppoe %u", length)); return (length); } length -= PPPOE_HDRLEN; pppoe_packet = bp; ND_TCHECK2(*pppoe_packet, PPPOE_HDRLEN); pppoe_ver = (pppoe_packet[0] & 0xF0) >> 4; pppoe_type = (pppoe_packet[0] & 0x0F); pppoe_code = pppoe_packet[1]; pppoe_sessionid = EXTRACT_16BITS(pppoe_packet + 2); pppoe_length = EXTRACT_16BITS(pppoe_packet + 4); pppoe_payload = pppoe_packet + PPPOE_HDRLEN; if (pppoe_ver != 1) { ND_PRINT((ndo, " [ver %d]",pppoe_ver)); } if (pppoe_type != 1) { ND_PRINT((ndo, " [type %d]",pppoe_type)); } ND_PRINT((ndo, "PPPoE %s", tok2str(pppoecode2str, "PAD-%x", pppoe_code))); if (pppoe_code == PPPOE_PADI && pppoe_length > 1484 - PPPOE_HDRLEN) { ND_PRINT((ndo, " [len %u!]",pppoe_length)); } if (pppoe_length > length) { ND_PRINT((ndo, " [len %u > %u!]", pppoe_length, length)); pppoe_length = length; } if (pppoe_sessionid) { ND_PRINT((ndo, " [ses 0x%x]", pppoe_sessionid)); } if (pppoe_code) { /* PPP session packets don't contain tags */ u_short tag_type = 0xffff, tag_len; const u_char *p = pppoe_payload; /* * loop invariant: * p points to current tag, * tag_type is previous tag or 0xffff for first iteration */ while (tag_type && p < pppoe_payload + pppoe_length) { ND_TCHECK2(*p, 4); tag_type = EXTRACT_16BITS(p); tag_len = EXTRACT_16BITS(p + 2); p += 4; /* p points to tag_value */ if (tag_len) { unsigned isascii = 0, isgarbage = 0; const u_char *v; char tag_str[MAXTAGPRINT]; unsigned tag_str_len = 0; /* TODO print UTF-8 decoded text */ ND_TCHECK2(*p, tag_len); for (v = p; v < p + tag_len && tag_str_len < MAXTAGPRINT-1; v++) if (*v >= 32 && *v < 127) { tag_str[tag_str_len++] = *v; isascii++; } else { tag_str[tag_str_len++] = '.'; isgarbage++; } tag_str[tag_str_len] = 0; if (isascii > isgarbage) { ND_PRINT((ndo, " [%s \"%*.*s\"]", tok2str(pppoetag2str, "TAG-0x%x", tag_type), (int)tag_str_len, (int)tag_str_len, tag_str)); } else { /* Print hex, not fast to abuse printf but this doesn't get used much */ ND_PRINT((ndo, " [%s 0x", tok2str(pppoetag2str, "TAG-0x%x", tag_type))); for (v=p; v, not any of the RPC * header files * * and * * 2) if _XOPEN_SOURCE_EXTENDED is defined, doesn't declare * it * * so we undefine it. */ #undef _XOPEN_SOURCE_EXTENDED #include #if defined(HAVE_GETRPCBYNUMBER) && defined(HAVE_RPC_RPC_H) #include #ifdef HAVE_RPC_RPCENT_H #include #endif /* HAVE_RPC_RPCENT_H */ #endif /* defined(HAVE_GETRPCBYNUMBER) && defined(HAVE_RPC_RPC_H) */ #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "ip.h" #ifdef INET6 #include "ip6.h" #endif #include "rpc_auth.h" #include "rpc_msg.h" /* * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape * media and as a part of the software program in whole or part. Users * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 * * from: @(#)pmap_prot.h 1.14 88/02/08 SMI * from: @(#)pmap_prot.h 2.1 88/07/29 4.0 RPCSRC * $FreeBSD: src/include/rpc/pmap_prot.h,v 1.9.2.1 1999/08/29 14:39:05 peter Exp $ */ /* * pmap_prot.h * Protocol for the local binder service, or pmap. * * Copyright (C) 1984, Sun Microsystems, Inc. * * The following procedures are supported by the protocol: * * PMAPPROC_NULL() returns () * takes nothing, returns nothing * * PMAPPROC_SET(struct pmap) returns (bool_t) * TRUE is success, FALSE is failure. Registers the tuple * [prog, vers, prot, port]. * * PMAPPROC_UNSET(struct pmap) returns (bool_t) * TRUE is success, FALSE is failure. Un-registers pair * [prog, vers]. prot and port are ignored. * * PMAPPROC_GETPORT(struct pmap) returns (long unsigned). * 0 is failure. Otherwise returns the port number where the pair * [prog, vers] is registered. It may lie! * * PMAPPROC_DUMP() RETURNS (struct pmaplist *) * * PMAPPROC_CALLIT(unsigned, unsigned, unsigned, string<>) * RETURNS (port, string<>); * usage: encapsulatedresults = PMAPPROC_CALLIT(prog, vers, proc, encapsulatedargs); * Calls the procedure on the local machine. If it is not registered, * this procedure is quite; ie it does not return error information!!! * This procedure only is supported on rpc/udp and calls via * rpc/udp. This routine only passes null authentication parameters. * This file has no interface to xdr routines for PMAPPROC_CALLIT. * * The service supports remote procedure calls on udp/ip or tcp/ip socket 111. */ #define SUNRPC_PMAPPORT ((uint16_t)111) #define SUNRPC_PMAPPROG ((uint32_t)100000) #define SUNRPC_PMAPVERS ((uint32_t)2) #define SUNRPC_PMAPVERS_PROTO ((uint32_t)2) #define SUNRPC_PMAPVERS_ORIG ((uint32_t)1) #define SUNRPC_PMAPPROC_NULL ((uint32_t)0) #define SUNRPC_PMAPPROC_SET ((uint32_t)1) #define SUNRPC_PMAPPROC_UNSET ((uint32_t)2) #define SUNRPC_PMAPPROC_GETPORT ((uint32_t)3) #define SUNRPC_PMAPPROC_DUMP ((uint32_t)4) #define SUNRPC_PMAPPROC_CALLIT ((uint32_t)5) struct sunrpc_pmap { uint32_t pm_prog; uint32_t pm_vers; uint32_t pm_prot; uint32_t pm_port; }; static const struct tok proc2str[] = { { SUNRPC_PMAPPROC_NULL, "null" }, { SUNRPC_PMAPPROC_SET, "set" }, { SUNRPC_PMAPPROC_UNSET, "unset" }, { SUNRPC_PMAPPROC_GETPORT, "getport" }, { SUNRPC_PMAPPROC_DUMP, "dump" }, { SUNRPC_PMAPPROC_CALLIT, "call" }, { 0, NULL } }; /* Forwards */ static char *progstr(uint32_t); void sunrpcrequest_print(netdissect_options *ndo, register const u_char *bp, register u_int length, register const u_char *bp2) { register const struct sunrpc_msg *rp; register const struct ip *ip; #ifdef INET6 register const struct ip6_hdr *ip6; #endif uint32_t x; char srcid[20], dstid[20]; /*fits 32bit*/ rp = (struct sunrpc_msg *)bp; if (!ndo->ndo_nflag) { snprintf(srcid, sizeof(srcid), "0x%x", EXTRACT_32BITS(&rp->rm_xid)); strlcpy(dstid, "sunrpc", sizeof(dstid)); } else { snprintf(srcid, sizeof(srcid), "0x%x", EXTRACT_32BITS(&rp->rm_xid)); snprintf(dstid, sizeof(dstid), "0x%x", SUNRPC_PMAPPORT); } switch (IP_V((struct ip *)bp2)) { case 4: ip = (struct ip *)bp2; ND_PRINT((ndo, "%s.%s > %s.%s: %d", ipaddr_string(ndo, &ip->ip_src), srcid, ipaddr_string(ndo, &ip->ip_dst), dstid, length)); break; #ifdef INET6 case 6: ip6 = (struct ip6_hdr *)bp2; ND_PRINT((ndo, "%s.%s > %s.%s: %d", ip6addr_string(ndo, &ip6->ip6_src), srcid, ip6addr_string(ndo, &ip6->ip6_dst), dstid, length)); break; #endif default: ND_PRINT((ndo, "%s.%s > %s.%s: %d", "?", srcid, "?", dstid, length)); break; } ND_PRINT((ndo, " %s", tok2str(proc2str, " proc #%u", EXTRACT_32BITS(&rp->rm_call.cb_proc)))); x = EXTRACT_32BITS(&rp->rm_call.cb_rpcvers); if (x != 2) ND_PRINT((ndo, " [rpcver %u]", x)); switch (EXTRACT_32BITS(&rp->rm_call.cb_proc)) { case SUNRPC_PMAPPROC_SET: case SUNRPC_PMAPPROC_UNSET: case SUNRPC_PMAPPROC_GETPORT: case SUNRPC_PMAPPROC_CALLIT: x = EXTRACT_32BITS(&rp->rm_call.cb_prog); if (!ndo->ndo_nflag) ND_PRINT((ndo, " %s", progstr(x))); else ND_PRINT((ndo, " %u", x)); ND_PRINT((ndo, ".%u", EXTRACT_32BITS(&rp->rm_call.cb_vers))); break; } } static char * progstr(uint32_t prog) { #if defined(HAVE_GETRPCBYNUMBER) && defined(HAVE_RPC_RPC_H) register struct rpcent *rp; #endif static char buf[32]; static uint32_t lastprog = 0; if (lastprog != 0 && prog == lastprog) return (buf); #if defined(HAVE_GETRPCBYNUMBER) && defined(HAVE_RPC_RPC_H) rp = getrpcbynumber(prog); if (rp == NULL) #endif (void) snprintf(buf, sizeof(buf), "#%u", prog); #if defined(HAVE_GETRPCBYNUMBER) && defined(HAVE_RPC_RPC_H) else strlcpy(buf, rp->r_name, sizeof(buf)); #endif return (buf); } tcpdump-4.7.4/udp.h0000644000026300017510000001041112477367525012305 0ustar mcrmcr/* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)udp.h 8.1 (Berkeley) 6/10/93 */ /* * Udp protocol header. * Per RFC 768, September, 1981. */ struct udphdr { uint16_t uh_sport; /* source port */ uint16_t uh_dport; /* destination port */ uint16_t uh_ulen; /* udp length */ uint16_t uh_sum; /* udp checksum */ }; #define BOOTPS_PORT 67 /* RFC951 */ #define BOOTPC_PORT 68 /* RFC951 */ #define TFTP_PORT 69 /*XXX*/ #define KERBEROS_PORT 88 /*XXX*/ #define SUNRPC_PORT 111 /*XXX*/ #define SNMP_PORT 161 /*XXX*/ #define NTP_PORT 123 /*XXX*/ #define SNMPTRAP_PORT 162 /*XXX*/ #define ISAKMP_PORT 500 /*XXX*/ #define SYSLOG_PORT 514 /* rfc3164 */ #define TIMED_PORT 525 /*XXX*/ #define RIP_PORT 520 /*XXX*/ #define LDP_PORT 646 #define AODV_PORT 654 /*XXX*/ #define OLSR_PORT 698 /* rfc3626 */ #define KERBEROS_SEC_PORT 750 /*XXX*/ #define L2TP_PORT 1701 /*XXX*/ #define SIP_PORT 5060 #define ISAKMP_PORT_NATT 4500 /* rfc3948 */ #define ISAKMP_PORT_USER1 7500 /*XXX - nonstandard*/ #define ISAKMP_PORT_USER2 8500 /*XXX - nonstandard*/ #define RX_PORT_LOW 7000 /*XXX*/ #define RX_PORT_HIGH 7009 /*XXX*/ #define NETBIOS_NS_PORT 137 #define NETBIOS_DGRAM_PORT 138 #define CISCO_AUTORP_PORT 496 /*XXX*/ #define RADIUS_PORT 1645 #define RADIUS_NEW_PORT 1812 #define RADIUS_ACCOUNTING_PORT 1646 #define RADIUS_NEW_ACCOUNTING_PORT 1813 #define RADIUS_COA_PORT 3799 #define HSRP_PORT 1985 /*XXX*/ #define LMP_PORT 701 /* rfc4204 */ #define LWRES_PORT 921 #define VQP_PORT 1589 #define ZEPHYR_SRV_PORT 2103 #define ZEPHYR_CLT_PORT 2104 #define VAT_PORT 3456 #define MPLS_LSP_PING_PORT 3503 /* draft-ietf-mpls-lsp-ping-02.txt */ #define BFD_CONTROL_PORT 3784 /* draft-katz-ward-bfd-v4v6-1hop-00.txt */ #define BFD_ECHO_PORT 3785 /* draft-katz-ward-bfd-v4v6-1hop-00.txt */ #define WB_PORT 4567 #define SFLOW_PORT 6343 /* http://www.sflow.org/developers/specifications.php */ #define LWAPP_DATA_PORT 12222 /* RFC 5412 */ #define LWAPP_CONTROL_PORT 12223 /* RFC 5412 */ #define OTV_PORT 8472 /* draft-hasmit-otv-04 */ #define VXLAN_PORT 4789 /* RFC 7348 */ #define GENEVE_PORT 6081 /* draft-gross-geneve-02 */ #ifdef INET6 #define RIPNG_PORT 521 /* RFC 2080 */ #define DHCP6_SERV_PORT 546 /*XXX*/ #define DHCP6_CLI_PORT 547 /*XXX*/ #define AHCP_PORT 5359 /* draft-chroboczek-ahcp-00 */ #define BABEL_PORT 6696 /* RFC 6126 errata */ #define BABEL_PORT_OLD 6697 /* RFC 6126 */ #endif tcpdump-4.7.4/print-radius.c0000644000026300017510000010557712431107727014135 0ustar mcrmcr/* * Copyright (C) 2000 Alfredo Andres Omella. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * 3. The names of the authors may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* * Radius printer routines as specified on: * * RFC 2865: * "Remote Authentication Dial In User Service (RADIUS)" * * RFC 2866: * "RADIUS Accounting" * * RFC 2867: * "RADIUS Accounting Modifications for Tunnel Protocol Support" * * RFC 2868: * "RADIUS Attributes for Tunnel Protocol Support" * * RFC 2869: * "RADIUS Extensions" * * RFC 4675: * "RADIUS Attributes for Virtual LAN and Priority Support" * * RFC 5176: * "Dynamic Authorization Extensions to RADIUS" * * Alfredo Andres Omella (aandres@s21sec.com) v0.1 2000/09/15 * * TODO: Among other things to print ok MacIntosh and Vendor values */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "oui.h" static const char tstr[] = " [|radius]"; #define TAM_SIZE(x) (sizeof(x)/sizeof(x[0]) ) #define PRINT_HEX(bytes_len, ptr_data) \ while(bytes_len) \ { \ ND_PRINT((ndo, "%02X", *ptr_data )); \ ptr_data++; \ bytes_len--; \ } /* Radius packet codes */ #define RADCMD_ACCESS_REQ 1 /* Access-Request */ #define RADCMD_ACCESS_ACC 2 /* Access-Accept */ #define RADCMD_ACCESS_REJ 3 /* Access-Reject */ #define RADCMD_ACCOUN_REQ 4 /* Accounting-Request */ #define RADCMD_ACCOUN_RES 5 /* Accounting-Response */ #define RADCMD_ACCESS_CHA 11 /* Access-Challenge */ #define RADCMD_STATUS_SER 12 /* Status-Server */ #define RADCMD_STATUS_CLI 13 /* Status-Client */ #define RADCMD_DISCON_REQ 40 /* Disconnect-Request */ #define RADCMD_DISCON_ACK 41 /* Disconnect-ACK */ #define RADCMD_DISCON_NAK 42 /* Disconnect-NAK */ #define RADCMD_COA_REQ 43 /* CoA-Request */ #define RADCMD_COA_ACK 44 /* CoA-ACK */ #define RADCMD_COA_NAK 45 /* CoA-NAK */ #define RADCMD_RESERVED 255 /* Reserved */ static const struct tok radius_command_values[] = { { RADCMD_ACCESS_REQ, "Access-Request" }, { RADCMD_ACCESS_ACC, "Access-Accept" }, { RADCMD_ACCESS_REJ, "Access-Reject" }, { RADCMD_ACCOUN_REQ, "Accounting-Request" }, { RADCMD_ACCOUN_RES, "Accounting-Response" }, { RADCMD_ACCESS_CHA, "Access-Challenge" }, { RADCMD_STATUS_SER, "Status-Server" }, { RADCMD_STATUS_CLI, "Status-Client" }, { RADCMD_DISCON_REQ, "Disconnect-Request" }, { RADCMD_DISCON_ACK, "Disconnect-ACK" }, { RADCMD_DISCON_NAK, "Disconnect-NAK" }, { RADCMD_COA_REQ, "CoA-Request" }, { RADCMD_COA_ACK, "CoA-ACK" }, { RADCMD_COA_NAK, "CoA-NAK" }, { RADCMD_RESERVED, "Reserved" }, { 0, NULL} }; /********************************/ /* Begin Radius Attribute types */ /********************************/ #define SERV_TYPE 6 #define FRM_IPADDR 8 #define LOG_IPHOST 14 #define LOG_SERVICE 15 #define FRM_IPX 23 #define SESSION_TIMEOUT 27 #define IDLE_TIMEOUT 28 #define FRM_ATALK_LINK 37 #define FRM_ATALK_NETWORK 38 #define ACCT_DELAY 41 #define ACCT_SESSION_TIME 46 #define EGRESS_VLAN_ID 56 #define EGRESS_VLAN_NAME 58 #define TUNNEL_TYPE 64 #define TUNNEL_MEDIUM 65 #define TUNNEL_CLIENT_END 66 #define TUNNEL_SERVER_END 67 #define TUNNEL_PASS 69 #define ARAP_PASS 70 #define ARAP_FEATURES 71 #define TUNNEL_PRIV_GROUP 81 #define TUNNEL_ASSIGN_ID 82 #define TUNNEL_PREFERENCE 83 #define ARAP_CHALLENGE_RESP 84 #define ACCT_INT_INTERVAL 85 #define TUNNEL_CLIENT_AUTH 90 #define TUNNEL_SERVER_AUTH 91 /********************************/ /* End Radius Attribute types */ /********************************/ #define RFC4675_TAGGED 0x31 #define RFC4675_UNTAGGED 0x32 static const struct tok rfc4675_tagged[] = { { RFC4675_TAGGED, "Tagged" }, { RFC4675_UNTAGGED, "Untagged" }, { 0, NULL} }; static void print_attr_string(netdissect_options *, register u_char *, u_int, u_short ); static void print_attr_num(netdissect_options *, register u_char *, u_int, u_short ); static void print_vendor_attr(netdissect_options *, register u_char *, u_int, u_short ); static void print_attr_address(netdissect_options *, register u_char *, u_int, u_short); static void print_attr_time(netdissect_options *, register u_char *, u_int, u_short); static void print_attr_strange(netdissect_options *, register u_char *, u_int, u_short); struct radius_hdr { uint8_t code; /* Radius packet code */ uint8_t id; /* Radius packet id */ uint16_t len; /* Radius total length */ uint8_t auth[16]; /* Authenticator */ }; #define MIN_RADIUS_LEN 20 struct radius_attr { uint8_t type; /* Attribute type */ uint8_t len; /* Attribute length */ }; /* Service-Type Attribute standard values */ static const char *serv_type[]={ NULL, "Login", "Framed", "Callback Login", "Callback Framed", "Outbound", "Administrative", "NAS Prompt", "Authenticate Only", "Callback NAS Prompt", "Call Check", "Callback Administrative", }; /* Framed-Protocol Attribute standard values */ static const char *frm_proto[]={ NULL, "PPP", "SLIP", "ARAP", "Gandalf proprietary", "Xylogics IPX/SLIP", "X.75 Synchronous", }; /* Framed-Routing Attribute standard values */ static const char *frm_routing[]={ "None", "Send", "Listen", "Send&Listen", }; /* Framed-Compression Attribute standard values */ static const char *frm_comp[]={ "None", "VJ TCP/IP", "IPX", "Stac-LZS", }; /* Login-Service Attribute standard values */ static const char *login_serv[]={ "Telnet", "Rlogin", "TCP Clear", "PortMaster(proprietary)", "LAT", "X.25-PAD", "X.25-T3POS", "Unassigned", "TCP Clear Quiet", }; /* Termination-Action Attribute standard values */ static const char *term_action[]={ "Default", "RADIUS-Request", }; /* Ingress-Filters Attribute standard values */ static const char *ingress_filters[]={ NULL, "Enabled", "Disabled", }; /* NAS-Port-Type Attribute standard values */ static const char *nas_port_type[]={ "Async", "Sync", "ISDN Sync", "ISDN Async V.120", "ISDN Async V.110", "Virtual", "PIAFS", "HDLC Clear Channel", "X.25", "X.75", "G.3 Fax", "SDSL", "ADSL-CAP", "ADSL-DMT", "ISDN-DSL", "Ethernet", "xDSL", "Cable", "Wireless - Other", "Wireless - IEEE 802.11", }; /* Acct-Status-Type Accounting Attribute standard values */ static const char *acct_status[]={ NULL, "Start", "Stop", "Interim-Update", "Unassigned", "Unassigned", "Unassigned", "Accounting-On", "Accounting-Off", "Tunnel-Start", "Tunnel-Stop", "Tunnel-Reject", "Tunnel-Link-Start", "Tunnel-Link-Stop", "Tunnel-Link-Reject", "Failed", }; /* Acct-Authentic Accounting Attribute standard values */ static const char *acct_auth[]={ NULL, "RADIUS", "Local", "Remote", }; /* Acct-Terminate-Cause Accounting Attribute standard values */ static const char *acct_term[]={ NULL, "User Request", "Lost Carrier", "Lost Service", "Idle Timeout", "Session Timeout", "Admin Reset", "Admin Reboot", "Port Error", "NAS Error", "NAS Request", "NAS Reboot", "Port Unneeded", "Port Preempted", "Port Suspended", "Service Unavailable", "Callback", "User Error", "Host Request", }; /* Tunnel-Type Attribute standard values */ static const char *tunnel_type[]={ NULL, "PPTP", "L2F", "L2TP", "ATMP", "VTP", "AH", "IP-IP", "MIN-IP-IP", "ESP", "GRE", "DVS", "IP-in-IP Tunneling", }; /* Tunnel-Medium-Type Attribute standard values */ static const char *tunnel_medium[]={ NULL, "IPv4", "IPv6", "NSAP", "HDLC", "BBN 1822", "802", "E.163", "E.164", "F.69", "X.121", "IPX", "Appletalk", "Decnet IV", "Banyan Vines", "E.164 with NSAP subaddress", }; /* ARAP-Zone-Access Attribute standard values */ static const char *arap_zone[]={ NULL, "Only access to dfl zone", "Use zone filter inc.", "Not used", "Use zone filter exc.", }; static const char *prompt[]={ "No Echo", "Echo", }; struct attrtype { const char *name; /* Attribute name */ const char **subtypes; /* Standard Values (if any) */ u_char siz_subtypes; /* Size of total standard values */ u_char first_subtype; /* First standard value is 0 or 1 */ void (*print_func)(netdissect_options *, register u_char *, u_int, u_short); } attr_type[]= { { NULL, NULL, 0, 0, NULL }, { "User-Name", NULL, 0, 0, print_attr_string }, { "User-Password", NULL, 0, 0, NULL }, { "CHAP-Password", NULL, 0, 0, NULL }, { "NAS-IP-Address", NULL, 0, 0, print_attr_address }, { "NAS-Port", NULL, 0, 0, print_attr_num }, { "Service-Type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num }, { "Framed-Protocol", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num }, { "Framed-IP-Address", NULL, 0, 0, print_attr_address }, { "Framed-IP-Netmask", NULL, 0, 0, print_attr_address }, { "Framed-Routing", frm_routing, TAM_SIZE(frm_routing), 0, print_attr_num }, { "Filter-Id", NULL, 0, 0, print_attr_string }, { "Framed-MTU", NULL, 0, 0, print_attr_num }, { "Framed-Compression", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num }, { "Login-IP-Host", NULL, 0, 0, print_attr_address }, { "Login-Service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num }, { "Login-TCP-Port", NULL, 0, 0, print_attr_num }, { "Unassigned", NULL, 0, 0, NULL }, /*17*/ { "Reply-Message", NULL, 0, 0, print_attr_string }, { "Callback-Number", NULL, 0, 0, print_attr_string }, { "Callback-Id", NULL, 0, 0, print_attr_string }, { "Unassigned", NULL, 0, 0, NULL }, /*21*/ { "Framed-Route", NULL, 0, 0, print_attr_string }, { "Framed-IPX-Network", NULL, 0, 0, print_attr_num }, { "State", NULL, 0, 0, print_attr_string }, { "Class", NULL, 0, 0, print_attr_string }, { "Vendor-Specific", NULL, 0, 0, print_vendor_attr }, { "Session-Timeout", NULL, 0, 0, print_attr_num }, { "Idle-Timeout", NULL, 0, 0, print_attr_num }, { "Termination-Action", term_action, TAM_SIZE(term_action), 0, print_attr_num }, { "Called-Station-Id", NULL, 0, 0, print_attr_string }, { "Calling-Station-Id", NULL, 0, 0, print_attr_string }, { "NAS-Identifier", NULL, 0, 0, print_attr_string }, { "Proxy-State", NULL, 0, 0, print_attr_string }, { "Login-LAT-Service", NULL, 0, 0, print_attr_string }, { "Login-LAT-Node", NULL, 0, 0, print_attr_string }, { "Login-LAT-Group", NULL, 0, 0, print_attr_string }, { "Framed-AppleTalk-Link", NULL, 0, 0, print_attr_num }, { "Framed-AppleTalk-Network", NULL, 0, 0, print_attr_num }, { "Framed-AppleTalk-Zone", NULL, 0, 0, print_attr_string }, { "Acct-Status-Type", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num }, { "Acct-Delay-Time", NULL, 0, 0, print_attr_num }, { "Acct-Input-Octets", NULL, 0, 0, print_attr_num }, { "Acct-Output-Octets", NULL, 0, 0, print_attr_num }, { "Acct-Session-Id", NULL, 0, 0, print_attr_string }, { "Acct-Authentic", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num }, { "Acct-Session-Time", NULL, 0, 0, print_attr_num }, { "Acct-Input-Packets", NULL, 0, 0, print_attr_num }, { "Acct-Output-Packets", NULL, 0, 0, print_attr_num }, { "Acct-Terminate-Cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num }, { "Acct-Multi-Session-Id", NULL, 0, 0, print_attr_string }, { "Acct-Link-Count", NULL, 0, 0, print_attr_num }, { "Acct-Input-Gigawords", NULL, 0, 0, print_attr_num }, { "Acct-Output-Gigawords", NULL, 0, 0, print_attr_num }, { "Unassigned", NULL, 0, 0, NULL }, /*54*/ { "Event-Timestamp", NULL, 0, 0, print_attr_time }, { "Egress-VLANID", NULL, 0, 0, print_attr_num }, { "Ingress-Filters", ingress_filters, TAM_SIZE(ingress_filters)-1, 1, print_attr_num }, { "Egress-VLAN-Name", NULL, 0, 0, print_attr_string }, { "User-Priority-Table", NULL, 0, 0, NULL }, { "CHAP-Challenge", NULL, 0, 0, print_attr_string }, { "NAS-Port-Type", nas_port_type, TAM_SIZE(nas_port_type), 0, print_attr_num }, { "Port-Limit", NULL, 0, 0, print_attr_num }, { "Login-LAT-Port", NULL, 0, 0, print_attr_string }, /*63*/ { "Tunnel-Type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num }, { "Tunnel-Medium-Type", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1, print_attr_num }, { "Tunnel-Client-Endpoint", NULL, 0, 0, print_attr_string }, { "Tunnel-Server-Endpoint", NULL, 0, 0, print_attr_string }, { "Acct-Tunnel-Connection", NULL, 0, 0, print_attr_string }, { "Tunnel-Password", NULL, 0, 0, print_attr_string }, { "ARAP-Password", NULL, 0, 0, print_attr_strange }, { "ARAP-Features", NULL, 0, 0, print_attr_strange }, { "ARAP-Zone-Access", arap_zone, TAM_SIZE(arap_zone)-1, 1, print_attr_num }, /*72*/ { "ARAP-Security", NULL, 0, 0, print_attr_string }, { "ARAP-Security-Data", NULL, 0, 0, print_attr_string }, { "Password-Retry", NULL, 0, 0, print_attr_num }, { "Prompt", prompt, TAM_SIZE(prompt), 0, print_attr_num }, { "Connect-Info", NULL, 0, 0, print_attr_string }, { "Configuration-Token", NULL, 0, 0, print_attr_string }, { "EAP-Message", NULL, 0, 0, print_attr_string }, { "Message-Authenticator", NULL, 0, 0, print_attr_string }, /*80*/ { "Tunnel-Private-Group-ID", NULL, 0, 0, print_attr_string }, { "Tunnel-Assignment-ID", NULL, 0, 0, print_attr_string }, { "Tunnel-Preference", NULL, 0, 0, print_attr_num }, { "ARAP-Challenge-Response", NULL, 0, 0, print_attr_strange }, { "Acct-Interim-Interval", NULL, 0, 0, print_attr_num }, { "Acct-Tunnel-Packets-Lost", NULL, 0, 0, print_attr_num }, /*86*/ { "NAS-Port-Id", NULL, 0, 0, print_attr_string }, { "Framed-Pool", NULL, 0, 0, print_attr_string }, { "CUI", NULL, 0, 0, print_attr_string }, { "Tunnel-Client-Auth-ID", NULL, 0, 0, print_attr_string }, { "Tunnel-Server-Auth-ID", NULL, 0, 0, print_attr_string }, { "Unassigned", NULL, 0, 0, NULL }, /*92*/ { "Unassigned", NULL, 0, 0, NULL } /*93*/ }; /*****************************/ /* Print an attribute string */ /* value pointed by 'data' */ /* and 'length' size. */ /*****************************/ /* Returns nothing. */ /*****************************/ static void print_attr_string(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code) { register u_int i; ND_TCHECK2(data[0],length); switch(attr_code) { case TUNNEL_PASS: if (length < 3) { ND_PRINT((ndo, "%s", tstr)); return; } if (*data && (*data <=0x1F) ) ND_PRINT((ndo, "Tag[%u] ", *data)); else ND_PRINT((ndo, "Tag[Unused] ")); data++; length--; ND_PRINT((ndo, "Salt %u ", EXTRACT_16BITS(data))); data+=2; length-=2; break; case TUNNEL_CLIENT_END: case TUNNEL_SERVER_END: case TUNNEL_PRIV_GROUP: case TUNNEL_ASSIGN_ID: case TUNNEL_CLIENT_AUTH: case TUNNEL_SERVER_AUTH: if (*data <= 0x1F) { if (length < 1) { ND_PRINT((ndo, "%s", tstr)); return; } if (*data) ND_PRINT((ndo, "Tag[%u] ", *data)); else ND_PRINT((ndo, "Tag[Unused] ")); data++; length--; } break; case EGRESS_VLAN_NAME: ND_PRINT((ndo, "%s (0x%02x) ", tok2str(rfc4675_tagged,"Unknown tag",*data), *data)); data++; length--; break; } for (i=0; *data && i < length ; i++, data++) ND_PRINT((ndo, "%c", (*data < 32 || *data > 128) ? '.' : *data)); return; trunc: ND_PRINT((ndo, "%s", tstr)); } /* * print vendor specific attributes */ static void print_vendor_attr(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code _U_) { u_int idx; u_int vendor_id; u_int vendor_type; u_int vendor_length; if (length < 4) goto trunc; ND_TCHECK2(*data, 4); vendor_id = EXTRACT_32BITS(data); data+=4; length-=4; ND_PRINT((ndo, "Vendor: %s (%u)", tok2str(smi_values,"Unknown",vendor_id), vendor_id)); while (length >= 2) { ND_TCHECK2(*data, 2); vendor_type = *(data); vendor_length = *(data+1); if (vendor_length < 2) { ND_PRINT((ndo, "\n\t Vendor Attribute: %u, Length: %u (bogus, must be >= 2)", vendor_type, vendor_length)); return; } if (vendor_length > length) { ND_PRINT((ndo, "\n\t Vendor Attribute: %u, Length: %u (bogus, goes past end of vendor-specific attribute)", vendor_type, vendor_length)); return; } data+=2; vendor_length-=2; length-=2; ND_TCHECK2(*data, vendor_length); ND_PRINT((ndo, "\n\t Vendor Attribute: %u, Length: %u, Value: ", vendor_type, vendor_length)); for (idx = 0; idx < vendor_length ; idx++, data++) ND_PRINT((ndo, "%c", (*data < 32 || *data > 128) ? '.' : *data)); length-=vendor_length; } return; trunc: ND_PRINT((ndo, "%s", tstr)); } /******************************/ /* Print an attribute numeric */ /* value pointed by 'data' */ /* and 'length' size. */ /******************************/ /* Returns nothing. */ /******************************/ static void print_attr_num(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code) { uint32_t timeout; if (length != 4) { ND_PRINT((ndo, "ERROR: length %u != 4", length)); return; } ND_TCHECK2(data[0],4); /* This attribute has standard values */ if (attr_type[attr_code].siz_subtypes) { static const char **table; uint32_t data_value; table = attr_type[attr_code].subtypes; if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) ) { if (!*data) ND_PRINT((ndo, "Tag[Unused] ")); else ND_PRINT((ndo, "Tag[%d] ", *data)); data++; data_value = EXTRACT_24BITS(data); } else { data_value = EXTRACT_32BITS(data); } if ( data_value <= (uint32_t)(attr_type[attr_code].siz_subtypes - 1 + attr_type[attr_code].first_subtype) && data_value >= attr_type[attr_code].first_subtype ) ND_PRINT((ndo, "%s", table[data_value])); else ND_PRINT((ndo, "#%u", data_value)); } else { switch(attr_code) /* Be aware of special cases... */ { case FRM_IPX: if (EXTRACT_32BITS( data) == 0xFFFFFFFE ) ND_PRINT((ndo, "NAS Select")); else ND_PRINT((ndo, "%d", EXTRACT_32BITS(data))); break; case SESSION_TIMEOUT: case IDLE_TIMEOUT: case ACCT_DELAY: case ACCT_SESSION_TIME: case ACCT_INT_INTERVAL: timeout = EXTRACT_32BITS( data); if ( timeout < 60 ) ND_PRINT((ndo, "%02d secs", timeout)); else { if ( timeout < 3600 ) ND_PRINT((ndo, "%02d:%02d min", timeout / 60, timeout % 60)); else ND_PRINT((ndo, "%02d:%02d:%02d hours", timeout / 3600, (timeout % 3600) / 60, timeout % 60)); } break; case FRM_ATALK_LINK: if (EXTRACT_32BITS(data) ) ND_PRINT((ndo, "%d", EXTRACT_32BITS(data))); else ND_PRINT((ndo, "Unnumbered")); break; case FRM_ATALK_NETWORK: if (EXTRACT_32BITS(data) ) ND_PRINT((ndo, "%d", EXTRACT_32BITS(data))); else ND_PRINT((ndo, "NAS assigned")); break; case TUNNEL_PREFERENCE: if (*data) ND_PRINT((ndo, "Tag[%d] ", *data)); else ND_PRINT((ndo, "Tag[Unused] ")); data++; ND_PRINT((ndo, "%d", EXTRACT_24BITS(data))); break; case EGRESS_VLAN_ID: ND_PRINT((ndo, "%s (0x%02x) ", tok2str(rfc4675_tagged,"Unknown tag",*data), *data)); data++; ND_PRINT((ndo, "%d", EXTRACT_24BITS(data))); break; default: ND_PRINT((ndo, "%d", EXTRACT_32BITS(data))); break; } /* switch */ } /* if-else */ return; trunc: ND_PRINT((ndo, "%s", tstr)); } /*****************************/ /* Print an attribute IPv4 */ /* address value pointed by */ /* 'data' and 'length' size. */ /*****************************/ /* Returns nothing. */ /*****************************/ static void print_attr_address(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code) { if (length != 4) { ND_PRINT((ndo, "ERROR: length %u != 4", length)); return; } ND_TCHECK2(data[0],4); switch(attr_code) { case FRM_IPADDR: case LOG_IPHOST: if (EXTRACT_32BITS(data) == 0xFFFFFFFF ) ND_PRINT((ndo, "User Selected")); else if (EXTRACT_32BITS(data) == 0xFFFFFFFE ) ND_PRINT((ndo, "NAS Select")); else ND_PRINT((ndo, "%s",ipaddr_string(ndo, data))); break; default: ND_PRINT((ndo, "%s", ipaddr_string(ndo, data))); break; } return; trunc: ND_PRINT((ndo, "%s", tstr)); } /*************************************/ /* Print an attribute of 'secs since */ /* January 1, 1970 00:00 UTC' value */ /* pointed by 'data' and 'length' */ /* size. */ /*************************************/ /* Returns nothing. */ /*************************************/ static void print_attr_time(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code _U_) { time_t attr_time; char string[26]; if (length != 4) { ND_PRINT((ndo, "ERROR: length %u != 4", length)); return; } ND_TCHECK2(data[0],4); attr_time = EXTRACT_32BITS(data); strlcpy(string, ctime(&attr_time), sizeof(string)); /* Get rid of the newline */ string[24] = '\0'; ND_PRINT((ndo, "%.24s", string)); return; trunc: ND_PRINT((ndo, "%s", tstr)); } /***********************************/ /* Print an attribute of 'strange' */ /* data format pointed by 'data' */ /* and 'length' size. */ /***********************************/ /* Returns nothing. */ /***********************************/ static void print_attr_strange(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code) { u_short len_data; switch(attr_code) { case ARAP_PASS: if (length != 16) { ND_PRINT((ndo, "ERROR: length %u != 16", length)); return; } ND_PRINT((ndo, "User_challenge (")); ND_TCHECK2(data[0],8); len_data = 8; PRINT_HEX(len_data, data); ND_PRINT((ndo, ") User_resp(")); ND_TCHECK2(data[0],8); len_data = 8; PRINT_HEX(len_data, data); ND_PRINT((ndo, ")")); break; case ARAP_FEATURES: if (length != 14) { ND_PRINT((ndo, "ERROR: length %u != 14", length)); return; } ND_TCHECK2(data[0],1); if (*data) ND_PRINT((ndo, "User can change password")); else ND_PRINT((ndo, "User cannot change password")); data++; ND_TCHECK2(data[0],1); ND_PRINT((ndo, ", Min password length: %d", *data)); data++; ND_PRINT((ndo, ", created at: ")); ND_TCHECK2(data[0],4); len_data = 4; PRINT_HEX(len_data, data); ND_PRINT((ndo, ", expires in: ")); ND_TCHECK2(data[0],4); len_data = 4; PRINT_HEX(len_data, data); ND_PRINT((ndo, ", Current Time: ")); ND_TCHECK2(data[0],4); len_data = 4; PRINT_HEX(len_data, data); break; case ARAP_CHALLENGE_RESP: if (length < 8) { ND_PRINT((ndo, "ERROR: length %u != 8", length)); return; } ND_TCHECK2(data[0],8); len_data = 8; PRINT_HEX(len_data, data); break; } return; trunc: ND_PRINT((ndo, "%s", tstr)); } static void radius_attrs_print(netdissect_options *ndo, register const u_char *attr, u_int length) { register const struct radius_attr *rad_attr = (struct radius_attr *)attr; const char *attr_string; while (length > 0) { if (length < 2) goto trunc; ND_TCHECK(*rad_attr); if (rad_attr->type > 0 && rad_attr->type < TAM_SIZE(attr_type)) attr_string = attr_type[rad_attr->type].name; else attr_string = "Unknown"; if (rad_attr->len < 2) { ND_PRINT((ndo, "\n\t %s Attribute (%u), length: %u (bogus, must be >= 2)", attr_string, rad_attr->type, rad_attr->len)); return; } if (rad_attr->len > length) { ND_PRINT((ndo, "\n\t %s Attribute (%u), length: %u (bogus, goes past end of packet)", attr_string, rad_attr->type, rad_attr->len)); return; } ND_PRINT((ndo, "\n\t %s Attribute (%u), length: %u, Value: ", attr_string, rad_attr->type, rad_attr->len)); if (rad_attr->type < TAM_SIZE(attr_type)) { if (rad_attr->len > 2) { if ( attr_type[rad_attr->type].print_func ) (*attr_type[rad_attr->type].print_func)( ndo, ((u_char *)(rad_attr+1)), rad_attr->len - 2, rad_attr->type); } } /* do we also want to see a hex dump ? */ if (ndo->ndo_vflag> 1) print_unknown_data(ndo, (u_char *)rad_attr+2, "\n\t ", (rad_attr->len)-2); length-=(rad_attr->len); rad_attr = (struct radius_attr *)( ((char *)(rad_attr))+rad_attr->len); } return; trunc: ND_PRINT((ndo, "%s", tstr)); } void radius_print(netdissect_options *ndo, const u_char *dat, u_int length) { register const struct radius_hdr *rad; u_int len, auth_idx; ND_TCHECK2(*dat, MIN_RADIUS_LEN); rad = (struct radius_hdr *)dat; len = EXTRACT_16BITS(&rad->len); if (len < MIN_RADIUS_LEN) { ND_PRINT((ndo, "%s", tstr)); return; } if (len > length) len = length; if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, "RADIUS, %s (%u), id: 0x%02x length: %u", tok2str(radius_command_values,"Unknown Command",rad->code), rad->code, rad->id, len)); return; } else { ND_PRINT((ndo, "RADIUS, length: %u\n\t%s (%u), id: 0x%02x, Authenticator: ", len, tok2str(radius_command_values,"Unknown Command",rad->code), rad->code, rad->id)); for(auth_idx=0; auth_idx < 16; auth_idx++) ND_PRINT((ndo, "%02x", rad->auth[auth_idx])); } if (len > MIN_RADIUS_LEN) radius_attrs_print(ndo, dat + MIN_RADIUS_LEN, len - MIN_RADIUS_LEN); return; trunc: ND_PRINT((ndo, "%s", tstr)); } tcpdump-4.7.4/print-ip.c0000644000026300017510000004135012477367525013260 0ustar mcrmcr/* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* must come after interface.h */ #include "ip.h" #include "ipproto.h" static const char tstr[] = "[|ip]"; static const struct tok ip_option_values[] = { { IPOPT_EOL, "EOL" }, { IPOPT_NOP, "NOP" }, { IPOPT_TS, "timestamp" }, { IPOPT_SECURITY, "security" }, { IPOPT_RR, "RR" }, { IPOPT_SSRR, "SSRR" }, { IPOPT_LSRR, "LSRR" }, { IPOPT_RA, "RA" }, { IPOPT_RFC1393, "traceroute" }, { 0, NULL } }; /* * print the recorded route in an IP RR, LSRR or SSRR option. */ static void ip_printroute(netdissect_options *ndo, register const u_char *cp, u_int length) { register u_int ptr; register u_int len; if (length < 3) { ND_PRINT((ndo, " [bad length %u]", length)); return; } if ((length + 1) & 3) ND_PRINT((ndo, " [bad length %u]", length)); ptr = cp[2] - 1; if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) ND_PRINT((ndo, " [bad ptr %u]", cp[2])); for (len = 3; len < length; len += 4) { ND_PRINT((ndo, " %s", ipaddr_string(ndo, &cp[len]))); if (ptr > len) ND_PRINT((ndo, ",")); } } /* * If source-routing is present and valid, return the final destination. * Otherwise, return IP destination. * * This is used for UDP and TCP pseudo-header in the checksum * calculation. */ static uint32_t ip_finddst(netdissect_options *ndo, const struct ip *ip) { int length; int len; const u_char *cp; uint32_t retval; cp = (const u_char *)(ip + 1); length = (IP_HL(ip) << 2) - sizeof(struct ip); for (; length > 0; cp += len, length -= len) { int tt; ND_TCHECK(*cp); tt = *cp; if (tt == IPOPT_EOL) break; else if (tt == IPOPT_NOP) len = 1; else { ND_TCHECK(cp[1]); len = cp[1]; if (len < 2) break; } ND_TCHECK2(*cp, len); switch (tt) { case IPOPT_SSRR: case IPOPT_LSRR: if (len < 7) break; UNALIGNED_MEMCPY(&retval, cp + len - 4, 4); return retval; } } trunc: UNALIGNED_MEMCPY(&retval, &ip->ip_dst.s_addr, sizeof(uint32_t)); return retval; } /* * Compute a V4-style checksum by building a pseudoheader. */ int nextproto4_cksum(netdissect_options *ndo, const struct ip *ip, const uint8_t *data, u_int len, u_int covlen, u_int next_proto) { struct phdr { uint32_t src; uint32_t dst; u_char mbz; u_char proto; uint16_t len; } ph; struct cksum_vec vec[2]; /* pseudo-header.. */ ph.len = htons((uint16_t)len); ph.mbz = 0; ph.proto = next_proto; UNALIGNED_MEMCPY(&ph.src, &ip->ip_src.s_addr, sizeof(uint32_t)); if (IP_HL(ip) == 5) UNALIGNED_MEMCPY(&ph.dst, &ip->ip_dst.s_addr, sizeof(uint32_t)); else ph.dst = ip_finddst(ndo, ip); vec[0].ptr = (const uint8_t *)(void *)&ph; vec[0].len = sizeof(ph); vec[1].ptr = data; vec[1].len = covlen; return (in_cksum(vec, 2)); } static void ip_printts(netdissect_options *ndo, register const u_char *cp, u_int length) { register u_int ptr; register u_int len; int hoplen; const char *type; if (length < 4) { ND_PRINT((ndo, "[bad length %u]", length)); return; } ND_PRINT((ndo, " TS{")); hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; if ((length - 4) & (hoplen-1)) ND_PRINT((ndo, "[bad length %u]", length)); ptr = cp[2] - 1; len = 0; if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) ND_PRINT((ndo, "[bad ptr %u]", cp[2])); switch (cp[3]&0xF) { case IPOPT_TS_TSONLY: ND_PRINT((ndo, "TSONLY")); break; case IPOPT_TS_TSANDADDR: ND_PRINT((ndo, "TS+ADDR")); break; /* * prespecified should really be 3, but some ones might send 2 * instead, and the IPOPT_TS_PRESPEC constant can apparently * have both values, so we have to hard-code it here. */ case 2: ND_PRINT((ndo, "PRESPEC2.0")); break; case 3: /* IPOPT_TS_PRESPEC */ ND_PRINT((ndo, "PRESPEC")); break; default: ND_PRINT((ndo, "[bad ts type %d]", cp[3]&0xF)); goto done; } type = " "; for (len = 4; len < length; len += hoplen) { if (ptr == len) type = " ^ "; ND_PRINT((ndo, "%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]), hoplen!=8 ? "" : ipaddr_string(ndo, &cp[len]))); type = " "; } done: ND_PRINT((ndo, "%s", ptr == len ? " ^ " : "")); if (cp[3]>>4) ND_PRINT((ndo, " [%d hops not recorded]} ", cp[3]>>4)); else ND_PRINT((ndo, "}")); } /* * print IP options. */ static void ip_optprint(netdissect_options *ndo, register const u_char *cp, u_int length) { register u_int option_len; const char *sep = ""; for (; length > 0; cp += option_len, length -= option_len) { u_int option_code; ND_PRINT((ndo, "%s", sep)); sep = ","; ND_TCHECK(*cp); option_code = *cp; ND_PRINT((ndo, "%s", tok2str(ip_option_values,"unknown %u",option_code))); if (option_code == IPOPT_NOP || option_code == IPOPT_EOL) option_len = 1; else { ND_TCHECK(cp[1]); option_len = cp[1]; if (option_len < 2) { ND_PRINT((ndo, " [bad length %u]", option_len)); return; } } if (option_len > length) { ND_PRINT((ndo, " [bad length %u]", option_len)); return; } ND_TCHECK2(*cp, option_len); switch (option_code) { case IPOPT_EOL: return; case IPOPT_TS: ip_printts(ndo, cp, option_len); break; case IPOPT_RR: /* fall through */ case IPOPT_SSRR: case IPOPT_LSRR: ip_printroute(ndo, cp, option_len); break; case IPOPT_RA: if (option_len < 4) { ND_PRINT((ndo, " [bad length %u]", option_len)); break; } ND_TCHECK(cp[3]); if (EXTRACT_16BITS(&cp[2]) != 0) ND_PRINT((ndo, " value %u", EXTRACT_16BITS(&cp[2]))); break; case IPOPT_NOP: /* nothing to print - fall through */ case IPOPT_SECURITY: default: break; } } return; trunc: ND_PRINT((ndo, "%s", tstr)); } #define IP_RES 0x8000 static const struct tok ip_frag_values[] = { { IP_MF, "+" }, { IP_DF, "DF" }, { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */ { 0, NULL } }; struct ip_print_demux_state { const struct ip *ip; const u_char *cp; u_int len, off; u_char nh; int advance; }; static void ip_print_demux(netdissect_options *ndo, struct ip_print_demux_state *ipds) { struct protoent *proto; struct cksum_vec vec[1]; again: switch (ipds->nh) { case IPPROTO_AH: ipds->nh = *ipds->cp; ipds->advance = ah_print(ndo, ipds->cp); if (ipds->advance <= 0) break; ipds->cp += ipds->advance; ipds->len -= ipds->advance; goto again; case IPPROTO_ESP: { int enh, padlen; ipds->advance = esp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, &enh, &padlen); if (ipds->advance <= 0) break; ipds->cp += ipds->advance; ipds->len -= ipds->advance + padlen; ipds->nh = enh & 0xff; goto again; } case IPPROTO_IPCOMP: { int enh; ipds->advance = ipcomp_print(ndo, ipds->cp, &enh); if (ipds->advance <= 0) break; ipds->cp += ipds->advance; ipds->len -= ipds->advance; ipds->nh = enh & 0xff; goto again; } case IPPROTO_SCTP: sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); break; case IPPROTO_DCCP: dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); break; case IPPROTO_TCP: /* pass on the MF bit plus the offset to detect fragments */ tcp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, ipds->off & (IP_MF|IP_OFFMASK)); break; case IPPROTO_UDP: /* pass on the MF bit plus the offset to detect fragments */ udp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, ipds->off & (IP_MF|IP_OFFMASK)); break; case IPPROTO_ICMP: /* pass on the MF bit plus the offset to detect fragments */ icmp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, ipds->off & (IP_MF|IP_OFFMASK)); break; case IPPROTO_PIGP: /* * XXX - the current IANA protocol number assignments * page lists 9 as "any private interior gateway * (used by Cisco for their IGRP)" and 88 as * "EIGRP" from Cisco. * * Recent BSD headers define * IP_PROTO_PIGP as 9 and IP_PROTO_IGRP as 88. * We define IP_PROTO_PIGP as 9 and * IP_PROTO_EIGRP as 88; those names better * match was the current protocol number * assignments say. */ igrp_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_EIGRP: eigrp_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_ND: ND_PRINT((ndo, " nd %d", ipds->len)); break; case IPPROTO_EGP: egp_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_OSPF: ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); break; case IPPROTO_IGMP: igmp_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_IPV4: /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ ip_print(ndo, ipds->cp, ipds->len); if (! ndo->ndo_vflag) { ND_PRINT((ndo, " (ipip-proto-4)")); return; } break; case IPPROTO_IPV6: /* ip6-in-ip encapsulation */ ip6_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_RSVP: rsvp_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_GRE: /* do it */ gre_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_MOBILE: mobile_print(ndo, ipds->cp, ipds->len); break; case IPPROTO_PIM: vec[0].ptr = ipds->cp; vec[0].len = ipds->len; pim_print(ndo, ipds->cp, ipds->len, in_cksum(vec, 1)); break; case IPPROTO_VRRP: if (ndo->ndo_packettype == PT_CARP) { if (ndo->ndo_vflag) ND_PRINT((ndo, "carp %s > %s: ", ipaddr_string(ndo, &ipds->ip->ip_src), ipaddr_string(ndo, &ipds->ip->ip_dst))); carp_print(ndo, ipds->cp, ipds->len, ipds->ip->ip_ttl); } else { if (ndo->ndo_vflag) ND_PRINT((ndo, "vrrp %s > %s: ", ipaddr_string(ndo, &ipds->ip->ip_src), ipaddr_string(ndo, &ipds->ip->ip_dst))); vrrp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, ipds->ip->ip_ttl); } break; case IPPROTO_PGM: pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); break; default: if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL) ND_PRINT((ndo, " %s", proto->p_name)); else ND_PRINT((ndo, " ip-proto-%d", ipds->nh)); ND_PRINT((ndo, " %d", ipds->len)); break; } } void ip_print_inner(netdissect_options *ndo, const u_char *bp, u_int length, u_int nh, const u_char *bp2) { struct ip_print_demux_state ipd; ipd.ip = (const struct ip *)bp2; ipd.cp = bp; ipd.len = length; ipd.off = 0; ipd.nh = nh; ipd.advance = 0; ip_print_demux(ndo, &ipd); } /* * print an IP datagram. */ void ip_print(netdissect_options *ndo, const u_char *bp, u_int length) { struct ip_print_demux_state ipd; struct ip_print_demux_state *ipds=&ipd; const u_char *ipend; u_int hlen; struct cksum_vec vec[1]; uint16_t sum, ip_sum; struct protoent *proto; ipds->ip = (const struct ip *)bp; ND_TCHECK(ipds->ip->ip_vhl); if (IP_V(ipds->ip) != 4) { /* print version if != 4 */ if (IP_V(ipds->ip) == 6) ND_PRINT((ndo, "IP6, wrong link-layer encapsulation ")); else ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip))); } else if (!ndo->ndo_eflag) ND_PRINT((ndo, "IP ")); ND_TCHECK(*ipds->ip); if (length < sizeof (struct ip)) { ND_PRINT((ndo, "truncated-ip %u", length)); return; } hlen = IP_HL(ipds->ip) * 4; if (hlen < sizeof (struct ip)) { ND_PRINT((ndo, "bad-hlen %u", hlen)); return; } ipds->len = EXTRACT_16BITS(&ipds->ip->ip_len); if (length < ipds->len) ND_PRINT((ndo, "truncated-ip - %u bytes missing! ", ipds->len - length)); if (ipds->len < hlen) { #ifdef GUESS_TSO if (ipds->len) { ND_PRINT((ndo, "bad-len %u", ipds->len)); return; } else { /* we guess that it is a TSO send */ ipds->len = length; } #else ND_PRINT((ndo, "bad-len %u", ipds->len)); return; #endif /* GUESS_TSO */ } /* * Cut off the snapshot length to the end of the IP payload. */ ipend = bp + ipds->len; if (ipend < ndo->ndo_snapend) ndo->ndo_snapend = ipend; ipds->len -= hlen; ipds->off = EXTRACT_16BITS(&ipds->ip->ip_off); if (ndo->ndo_vflag) { ND_PRINT((ndo, "(tos 0x%x", (int)ipds->ip->ip_tos)); /* ECN bits */ if (ipds->ip->ip_tos & 0x03) { switch (ipds->ip->ip_tos & 0x03) { case 1: ND_PRINT((ndo, ",ECT(1)")); break; case 2: ND_PRINT((ndo, ",ECT(0)")); break; case 3: ND_PRINT((ndo, ",CE")); } } if (ipds->ip->ip_ttl >= 1) ND_PRINT((ndo, ", ttl %u", ipds->ip->ip_ttl)); /* * for the firewall guys, print id, offset. * On all but the last stick a "+" in the flags portion. * For unfragmented datagrams, note the don't fragment flag. */ ND_PRINT((ndo, ", id %u, offset %u, flags [%s], proto %s (%u)", EXTRACT_16BITS(&ipds->ip->ip_id), (ipds->off & 0x1fff) * 8, bittok2str(ip_frag_values, "none", ipds->off&0xe000), tok2str(ipproto_values,"unknown",ipds->ip->ip_p), ipds->ip->ip_p)); ND_PRINT((ndo, ", length %u", EXTRACT_16BITS(&ipds->ip->ip_len))); if ((hlen - sizeof(struct ip)) > 0) { ND_PRINT((ndo, ", options (")); ip_optprint(ndo, (u_char *)(ipds->ip + 1), hlen - sizeof(struct ip)); ND_PRINT((ndo, ")")); } if (!ndo->ndo_Kflag && (u_char *)ipds->ip + hlen <= ndo->ndo_snapend) { vec[0].ptr = (const uint8_t *)(void *)ipds->ip; vec[0].len = hlen; sum = in_cksum(vec, 1); if (sum != 0) { ip_sum = EXTRACT_16BITS(&ipds->ip->ip_sum); ND_PRINT((ndo, ", bad cksum %x (->%x)!", ip_sum, in_cksum_shouldbe(ip_sum, sum))); } } ND_PRINT((ndo, ")\n ")); } /* * If this is fragment zero, hand it to the next higher * level protocol. */ if ((ipds->off & 0x1fff) == 0) { ipds->cp = (const u_char *)ipds->ip + hlen; ipds->nh = ipds->ip->ip_p; if (ipds->nh != IPPROTO_TCP && ipds->nh != IPPROTO_UDP && ipds->nh != IPPROTO_SCTP && ipds->nh != IPPROTO_DCCP) { ND_PRINT((ndo, "%s > %s: ", ipaddr_string(ndo, &ipds->ip->ip_src), ipaddr_string(ndo, &ipds->ip->ip_dst))); } ip_print_demux(ndo, ipds); } else { /* Ultra quiet now means that all this stuff should be suppressed */ if (ndo->ndo_qflag > 1) return; /* * if this isn't the first frag, we're missing the * next level protocol header. print the ip addr * and the protocol. */ if (ipds->off & 0x1fff) { ND_PRINT((ndo, "%s > %s:", ipaddr_string(ndo, &ipds->ip->ip_src), ipaddr_string(ndo, &ipds->ip->ip_dst))); if (!ndo->ndo_nflag && (proto = getprotobynumber(ipds->ip->ip_p)) != NULL) ND_PRINT((ndo, " %s", proto->p_name)); else ND_PRINT((ndo, " ip-proto-%d", ipds->ip->ip_p)); } } return; trunc: ND_PRINT((ndo, "%s", tstr)); return; } void ipN_print(netdissect_options *ndo, register const u_char *bp, register u_int length) { struct ip hdr; if (length < 4) { ND_PRINT((ndo, "truncated-ip %d", length)); return; } memcpy (&hdr, bp, 4); switch (IP_V(&hdr)) { case 4: ip_print (ndo, bp, length); return; case 6: ip6_print (ndo, bp, length); return; default: ND_PRINT((ndo, "unknown ip %d", IP_V(&hdr))); return; } } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-otv.c0000644000026300017510000000376112431107727013446 0ustar mcrmcr/* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * Original code by Francesco Fondelli (francesco dot fondelli, gmail dot com) */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" /* * OTV header, draft-hasmit-otv-04 * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |R|R|R|R|I|R|R|R| Overlay ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Instance ID | Reserved | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ void otv_print(netdissect_options *ndo, const u_char *bp, u_int len) { uint8_t flags; uint32_t overlay_id; uint32_t instance_id; if (len < 8) { ND_PRINT((ndo, "[|OTV]")); return; } flags = *bp; bp += 1; overlay_id = EXTRACT_24BITS(bp); bp += 3; instance_id = EXTRACT_24BITS(bp); bp += 4; ND_PRINT((ndo, "OTV, ")); ND_PRINT((ndo, "flags [%s] (0x%02x), ", flags & 0x08 ? "I" : ".", flags)); ND_PRINT((ndo, "overlay %u, ", overlay_id)); ND_PRINT((ndo, "instance %u\n", instance_id)); ether_print(ndo, bp, len - 8, len - 8, NULL, NULL); } tcpdump-4.7.4/print-calm-fast.c0000644000026300017510000000307412431107727014502 0ustar mcrmcr/* * Copyright (c) 2013 The TCPDUMP project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * Original code by Ola Martin Lykkja (ola.lykkja@q-free.com) */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "addrtoname.h" /* ISO 29281:2009 Intelligent Transport Systems . Communications access for land mobiles (CALM) CALM non-IP networking */ /* * This is the top level routine of the printer. 'bp' points * to the calm header of the packet. */ void calm_fast_print(netdissect_options *ndo, const u_char *eth, const u_char *bp, u_int length) { int srcNwref = bp[0]; int dstNwref = bp[1]; length -= 2; bp += 2; ND_PRINT((ndo, "CALM FAST src:%s; ", etheraddr_string(ndo, eth+6))); ND_PRINT((ndo, "SrcNwref:%d; ", srcNwref)); ND_PRINT((ndo, "DstNwref:%d; ", dstNwref)); if (ndo->ndo_vflag) ND_DEFAULTPRINT(bp, length); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/pcap_dump_ftell.c0000644000026300017510000000245212431107727014636 0ustar mcrmcr/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #include #include #include "pcap-missing.h" long pcap_dump_ftell(pcap_dumper_t *p) { return (ftell((FILE *)p)); } tcpdump-4.7.4/addrtoname.h0000644000026300017510000000475012477367524013643 0ustar mcrmcr/* * Copyright (c) 1990, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* Name to address translation routines. */ enum { LINKADDR_ETHER, LINKADDR_FRELAY, LINKADDR_IEEE1394, LINKADDR_ATM }; #define BUFSIZE 128 extern const char *linkaddr_string(netdissect_options *, const u_char *, const unsigned int, const unsigned int); extern const char *etheraddr_string(netdissect_options *, const u_char *); extern const char *le64addr_string(const u_char *); extern const char *etherproto_string(u_short); extern const char *tcpport_string(u_short); extern const char *udpport_string(u_short); extern const char *isonsap_string(const u_char *, register u_int); extern const char *dnaddr_string(netdissect_options *, u_short); extern const char *protoid_string(const u_char *); extern const char *ipxsap_string(u_short); extern const char *getname(netdissect_options *, const u_char *); #ifdef INET6 extern const char *getname6(netdissect_options *, const u_char *); #endif extern const char *intoa(uint32_t); extern void init_addrtoname(netdissect_options *, uint32_t, uint32_t); extern struct hnamemem *newhnamemem(void); #ifdef INET6 extern struct h6namemem *newh6namemem(void); #endif extern const char * ieee8021q_tci_string(const uint16_t); #define ipaddr_string(ndo, p) getname(ndo, (const u_char *)(p)) #ifdef INET6 #define ip6addr_string(ndo, p) getname6(ndo, (const u_char *)(p)) #endif tcpdump-4.7.4/aclocal.m40000644000026300017510000012264212477367524013215 0ustar mcrmcrdnl Copyright (c) 1995, 1996, 1997, 1998 dnl The Regents of the University of California. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without dnl modification, are permitted provided that: (1) source code distributions dnl retain the above copyright notice and this paragraph in its entirety, (2) dnl distributions including binary code include the above copyright notice and dnl this paragraph in its entirety in the documentation or other materials dnl provided with the distribution, and (3) all advertising materials mentioning dnl features or use of this software display the following acknowledgement: dnl ``This product includes software developed by the University of California, dnl Lawrence Berkeley Laboratory and its contributors.'' Neither the name of dnl the University nor the names of its contributors may be used to endorse dnl or promote products derived from this software without specific prior dnl written permission. dnl THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED dnl WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. dnl dnl LBL autoconf macros dnl dnl dnl Do whatever AC_LBL_C_INIT work is necessary before using AC_PROG_CC. dnl dnl It appears that newer versions of autoconf (2.64 and later) will, dnl if you use AC_TRY_COMPILE in a macro, stick AC_PROG_CC at the dnl beginning of the macro, even if the macro itself calls AC_PROG_CC. dnl See the "Prerequisite Macros" and "Expanded Before Required" sections dnl in the Autoconf documentation. dnl dnl This causes a steaming heap of fail in our case, as we were, in dnl AC_LBL_C_INIT, doing the tests we now do in AC_LBL_C_INIT_BEFORE_CC, dnl calling AC_PROG_CC, and then doing the tests we now do in dnl AC_LBL_C_INIT. Now, we run AC_LBL_C_INIT_BEFORE_CC, AC_PROG_CC, dnl and AC_LBL_C_INIT at the top level. dnl AC_DEFUN(AC_LBL_C_INIT_BEFORE_CC, [ AC_BEFORE([$0], [AC_LBL_C_INIT]) AC_BEFORE([$0], [AC_PROG_CC]) AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) AC_BEFORE([$0], [AC_LBL_DEVEL]) AC_ARG_WITH(gcc, [ --without-gcc don't use gcc]) $1="" if test "${srcdir}" != "." ; then $1="-I$srcdir" fi if test "${CFLAGS+set}" = set; then LBL_CFLAGS="$CFLAGS" fi if test -z "$CC" ; then case "$host_os" in bsdi*) AC_CHECK_PROG(SHLICC2, shlicc2, yes, no) if test $SHLICC2 = yes ; then CC=shlicc2 export CC fi ;; esac fi if test -z "$CC" -a "$with_gcc" = no ; then CC=cc export CC fi ]) dnl dnl Determine which compiler we're using (cc or gcc) dnl If using gcc, determine the version number dnl If using cc: dnl require that it support ansi prototypes dnl use -O (AC_PROG_CC will use -g -O2 on gcc, so we don't need to dnl do that ourselves for gcc) dnl add -g flags, as appropriate dnl explicitly specify /usr/local/include dnl dnl NOTE WELL: with newer versions of autoconf, "gcc" means any compiler dnl that defines __GNUC__, which means clang, for example, counts as "gcc". dnl dnl usage: dnl dnl AC_LBL_C_INIT(copt, incls) dnl dnl results: dnl dnl $1 (copt set) dnl $2 (incls set) dnl CC dnl LDFLAGS dnl LBL_CFLAGS dnl AC_DEFUN(AC_LBL_C_INIT, [ AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) AC_BEFORE([$0], [AC_LBL_DEVEL]) AC_BEFORE([$0], [AC_LBL_SHLIBS_INIT]) if test "$GCC" = yes ; then # # -Werror forces warnings to be errors. # ac_lbl_cc_force_warning_errors=-Werror # # Use -ffloat-store so that, on 32-bit x86, we don't # do 80-bit arithmetic with the FPU; that way we should # get the same results for floating-point calculations # on x86-32 and x86-64. # AC_LBL_CHECK_COMPILER_OPT($1, -ffloat-store) else $2="$$2 -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" case "$host_os" in darwin*) # # This is assumed either to be GCC or clang, both # of which use -Werror to force warnings to be errors. # ac_lbl_cc_force_warning_errors=-Werror ;; hpux*) # # HP C, which is what we presume we're using, doesn't # exit with a non-zero exit status if we hand it an # invalid -W flag, can't be forced to do so even with # +We, and doesn't handle GCC-style -W flags, so we # don't want to try using GCC-style -W flags. # ac_lbl_cc_dont_try_gcc_dashW=yes ;; irix*) # # MIPS C, which is what we presume we're using, doesn't # necessarily exit with a non-zero exit status if we # hand it an invalid -W flag, can't be forced to do # so, and doesn't handle GCC-style -W flags, so we # don't want to try using GCC-style -W flags. # ac_lbl_cc_dont_try_gcc_dashW=yes # # It also, apparently, defaults to "char" being # unsigned, unlike most other C implementations; # I suppose we could say "signed char" whenever # we want to guarantee a signed "char", but let's # just force signed chars. # # -xansi is normally the default, but the # configure script was setting it; perhaps -cckr # was the default in the Old Days. (Then again, # that would probably be for backwards compatibility # in the days when ANSI C was Shiny and New, i.e. # 1989 and the early '90's, so maybe we can just # drop support for those compilers.) # # -g is equivalent to -g2, which turns off # optimization; we choose -g3, which generates # debugging information but doesn't turn off # optimization (even if the optimization would # cause inaccuracies in debugging). # $1="$$1 -xansi -signed -g3" ;; osf*) # # Presumed to be DEC OSF/1, Digital UNIX, or # Tru64 UNIX. # # The DEC C compiler, which is what we presume we're # using, doesn't exit with a non-zero exit status if we # hand it an invalid -W flag, can't be forced to do # so, and doesn't handle GCC-style -W flags, so we # don't want to try using GCC-style -W flags. # ac_lbl_cc_dont_try_gcc_dashW=yes # # -g is equivalent to -g2, which turns off # optimization; we choose -g3, which generates # debugging information but doesn't turn off # optimization (even if the optimization would # cause inaccuracies in debugging). # $1="$$1 -g3" ;; solaris*) # # Assumed to be Sun C, which requires -errwarn to force # warnings to be treated as errors. # ac_lbl_cc_force_warning_errors=-errwarn ;; ultrix*) AC_MSG_CHECKING(that Ultrix $CC hacks const in prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_const_proto, AC_TRY_COMPILE( [#include ], [struct a { int b; }; void c(const struct a *)], ac_cv_lbl_cc_const_proto=yes, ac_cv_lbl_cc_const_proto=no)) AC_MSG_RESULT($ac_cv_lbl_cc_const_proto) if test $ac_cv_lbl_cc_const_proto = no ; then AC_DEFINE(const,[], [to handle Ultrix compilers that don't support const in prototypes]) fi ;; esac $1="$$1 -O" fi ]) dnl dnl Check whether the compiler option specified as the second argument dnl is supported by the compiler and, if so, add it to the macro dnl specified as the first argument dnl AC_DEFUN(AC_LBL_CHECK_COMPILER_OPT, [ AC_MSG_CHECKING([whether the compiler supports the $2 option]) save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $ac_lbl_cc_force_warning_errors $2" AC_TRY_COMPILE( [], [return 0], [ AC_MSG_RESULT([yes]) CFLAGS="$save_CFLAGS" $1="$$1 $2" ], [ AC_MSG_RESULT([no]) CFLAGS="$save_CFLAGS" ]) ]) dnl dnl Check whether the compiler supports an option to generate dnl Makefile-style dependency lines dnl dnl GCC uses -M for this. Non-GCC compilers that support this dnl use a variety of flags, including but not limited to -M. dnl dnl We test whether the flag in question is supported, as older dnl versions of compilers might not support it. dnl dnl We don't try all the possible flags, just in case some flag means dnl "generate dependencies" on one compiler but means something else dnl on another compiler. dnl dnl Most compilers that support this send the output to the standard dnl output by default. IBM's XLC, however, supports -M but sends dnl the output to {sourcefile-basename}.u, and AIX has no /dev/stdout dnl to work around that, so we don't bother with XLC. dnl AC_DEFUN(AC_LBL_CHECK_DEPENDENCY_GENERATION_OPT, [ AC_MSG_CHECKING([whether the compiler supports generating dependencies]) if test "$GCC" = yes ; then # # GCC, or a compiler deemed to be GCC by AC_PROG_CC (even # though it's not); we assume that, in this case, the flag # would be -M. # ac_lbl_dependency_flag="-M" else # # Not GCC or a compiler deemed to be GCC; what platform is # this? (We're assuming that if the compiler isn't GCC # it's the compiler from the vendor of the OS; that won't # necessarily be true for x86 platforms, where it might be # the Intel C compiler.) # case "$host_os" in irix*|osf*|darwin*) # # MIPS C for IRIX, DEC C, and clang all use -M. # ac_lbl_dependency_flag="-M" ;; solaris*) # # Sun C uses -xM. # ac_lbl_dependency_flag="-xM" ;; hpux*) # # HP's older C compilers don't support this. # HP's newer C compilers support this with # either +M or +Make; the older compilers # interpret +M as something completely # different, so we use +Make so we don't # think it works with the older compilers. # ac_lbl_dependency_flag="+Make" ;; *) # # Not one of the above; assume no support for # generating dependencies. # ac_lbl_dependency_flag="" ;; esac fi # # Is ac_lbl_dependency_flag defined and, if so, does the compiler # complain about it? # # Note: clang doesn't seem to exit with an error status when handed # an unknown non-warning error, even if you pass it # -Werror=unknown-warning-option. However, it always supports # -M, so the fact that this test always succeeds with clang # isn't an issue. # if test ! -z "$ac_lbl_dependency_flag"; then AC_LANG_CONFTEST( [AC_LANG_SOURCE([[int main(void) { return 0; }]])]) echo "$CC" $ac_lbl_dependency_flag conftest.c >&5 if "$CC" $ac_lbl_dependency_flag conftest.c >/dev/null 2>&1; then AC_MSG_RESULT([yes, with $ac_lbl_dependency_flag]) DEPENDENCY_CFLAG="$ac_lbl_dependency_flag" MKDEP='${srcdir}/mkdep' else AC_MSG_RESULT([no]) # # We can't run mkdep, so have "make depend" do # nothing. # MKDEP=: fi rm -rf conftest* else AC_MSG_RESULT([no]) # # We can't run mkdep, so have "make depend" do # nothing. # MKDEP=: fi AC_SUBST(DEPENDENCY_CFLAG) AC_SUBST(MKDEP) ]) # # Try compiling a sample of the type of code that appears in # gencode.c with "inline", "__inline__", and "__inline". # # Autoconf's AC_C_INLINE, at least in autoconf 2.13, isn't good enough, # as it just tests whether a function returning "int" can be inlined; # at least some versions of HP's C compiler can inline that, but can't # inline a function that returns a struct pointer. # # Make sure we use the V_CCOPT flags, because some of those might # disable inlining. # AC_DEFUN(AC_LBL_C_INLINE, [AC_MSG_CHECKING(for inline) save_CFLAGS="$CFLAGS" CFLAGS="$V_CCOPT" AC_CACHE_VAL(ac_cv_lbl_inline, [ ac_cv_lbl_inline="" ac_lbl_cc_inline=no for ac_lbl_inline in inline __inline__ __inline do AC_TRY_COMPILE( [#define inline $ac_lbl_inline static inline struct iltest *foo(void); struct iltest { int iltest1; int iltest2; }; static inline struct iltest * foo() { static struct iltest xxx; return &xxx; }],,ac_lbl_cc_inline=yes,) if test "$ac_lbl_cc_inline" = yes ; then break; fi done if test "$ac_lbl_cc_inline" = yes ; then ac_cv_lbl_inline=$ac_lbl_inline fi]) CFLAGS="$save_CFLAGS" if test ! -z "$ac_cv_lbl_inline" ; then AC_MSG_RESULT($ac_cv_lbl_inline) else AC_MSG_RESULT(no) fi AC_DEFINE_UNQUOTED(inline, $ac_cv_lbl_inline, [Define as token for inline if inlining supported])]) dnl dnl Use pfopen.c if available and pfopen() not in standard libraries dnl Require libpcap dnl Look for libpcap in .. dnl Use the installed libpcap if there is no local version dnl dnl usage: dnl dnl AC_LBL_LIBPCAP(pcapdep, incls) dnl dnl results: dnl dnl $1 (pcapdep set) dnl $2 (incls appended) dnl LIBS dnl LBL_LIBS dnl AC_DEFUN(AC_LBL_LIBPCAP, [AC_REQUIRE([AC_LBL_LIBRARY_NET]) dnl dnl save a copy before locating libpcap.a dnl LBL_LIBS="$LIBS" pfopen=/usr/examples/packetfilter/pfopen.c if test -f $pfopen ; then AC_CHECK_FUNCS(pfopen) if test $ac_cv_func_pfopen = "no" ; then AC_MSG_RESULT(Using $pfopen) LIBS="$LIBS $pfopen" fi fi libpcap=FAIL AC_MSG_CHECKING(for local pcap library) AC_ARG_WITH([system-libpcap], [AS_HELP_STRING([--with-system-libpcap], [don't use local pcap library])]) if test "x$with_system_libpcap" != xyes ; then lastdir=FAIL places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ egrep '/libpcap-[[0-9]]+\.[[0-9]]+(\.[[0-9]]*)?([[ab]][[0-9]]*|-PRE-GIT)?$'` places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ egrep '/libpcap-[[0-9]]+\.[[0-9]]+(\.[[0-9]]*)?([[ab]][[0-9]]*|-PRE-GIT)?$'` for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//' | \ sed -e 's/-PRE-GIT$//' ` if test $lastdir = $basedir ; then dnl skip alphas when an actual release is present continue; fi lastdir=$dir if test -r $dir/libpcap.a ; then libpcap=$dir/libpcap.a d=$dir dnl continue and select the last one that exists fi done fi if test $libpcap = FAIL ; then AC_MSG_RESULT(not found) # # Look for pcap-config. # AC_PATH_TOOL(PCAP_CONFIG, pcap-config) if test -n "$PCAP_CONFIG" ; then # # Found - use it to get the include flags for # libpcap and the flags to link with libpcap. # # Please read section 11.6 "Shell Substitutions" # in the autoconf manual before doing anything # to this that involves quoting. Especially note # the statement "There is just no portable way to use # double-quoted strings inside double-quoted back-quoted # expressions (pfew!)." # cflags=`"$PCAP_CONFIG" --cflags` $2="$cflags $$2" libpcap=`"$PCAP_CONFIG" --libs` else # # Not found; look for pcap. # AC_CHECK_LIB(pcap, main, libpcap="-lpcap") if test $libpcap = FAIL ; then AC_MSG_ERROR(see the INSTALL doc for more info) fi dnl dnl Some versions of Red Hat Linux put "pcap.h" in dnl "/usr/include/pcap"; had the LBL folks done so, dnl that would have been a good idea, but for dnl the Red Hat folks to do so just breaks source dnl compatibility with other systems. dnl dnl We work around this by assuming that, as we didn't dnl find a local libpcap, libpcap is in /usr/lib or dnl /usr/local/lib and that the corresponding header dnl file is under one of those directories; if we don't dnl find it in either of those directories, we check to dnl see if it's in a "pcap" subdirectory of them and, dnl if so, add that subdirectory to the "-I" list. dnl dnl (We now also put pcap.h in /usr/include/pcap, but we dnl leave behind a /usr/include/pcap.h that includes it, dnl so you can still just include .) dnl AC_MSG_CHECKING(for extraneous pcap header directories) if test \( ! -r /usr/local/include/pcap.h \) -a \ \( ! -r /usr/include/pcap.h \); then if test -r /usr/local/include/pcap/pcap.h; then d="/usr/local/include/pcap" elif test -r /usr/include/pcap/pcap.h; then d="/usr/include/pcap" fi fi if test -z "$d" ; then AC_MSG_RESULT(not found) else $2="-I$d $$2" AC_MSG_RESULT(found -- -I$d added) fi fi else $1=$libpcap places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ egrep '/libpcap-[[0-9]]*.[[0-9]]*(.[[0-9]]*)?([[ab]][[0-9]]*)?$'` places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ egrep '/libpcap-[[0-9]]*.[[0-9]]*(.[[0-9]]*)?([[ab]][[0-9]]*)?$'` pcapH=FAIL if test -r $d/pcap.h; then pcapH=$d else for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do if test -r $dir/pcap.h ; then pcapH=$dir fi done fi if test $pcapH = FAIL ; then AC_MSG_ERROR(cannot find pcap.h: see INSTALL) fi $2="-I$pcapH $$2" AC_MSG_RESULT($libpcap) AC_PATH_PROG(PCAP_CONFIG, pcap-config,, $d) if test -n "$PCAP_CONFIG"; then # # The libpcap directory has a pcap-config script. # Use it to get any additioal libraries needed # to link with the libpcap archive library in # that directory. # # Please read section 11.6 "Shell Substitutions" # in the autoconf manual before doing anything # to this that involves quoting. Especially note # the statement "There is just no portable way to use # double-quoted strings inside double-quoted back-quoted # expressions (pfew!)." # additional_libs=`"$PCAP_CONFIG" --additional-libs --static` libpcap="$libpcap $additional_libs" fi fi LIBS="$libpcap $LIBS" if ! test -n "$PCAP_CONFIG" ; then # # We don't have pcap-config; find out any additional link flags # we need. (If we have pcap-config, we assume it tells us what # we need.) # case "$host_os" in aix*) # # If libpcap is DLPI-based, we have to use /lib/pse.exp if # present, as we use the STREAMS routines. # # (XXX - true only if we're linking with a static libpcap?) # pseexe="/lib/pse.exp" AC_MSG_CHECKING(for $pseexe) if test -f $pseexe ; then AC_MSG_RESULT(yes) LIBS="$LIBS -I:$pseexe" fi # # If libpcap is BPF-based, we need "-lodm" and "-lcfg", as # we use them to load the BPF module. # # (XXX - true only if we're linking with a static libpcap?) # LIBS="$LIBS -lodm -lcfg" ;; esac fi dnl dnl Check for "pcap_loop()", to make sure we found a working dnl libpcap and have all the right other libraries with which dnl to link. (Otherwise, the checks below will fail, not dnl because the routines are missing from the library, but dnl because we aren't linking properly with libpcap, and dnl that will cause confusing errors at build time.) dnl AC_CHECK_FUNC(pcap_loop,, [ AC_MSG_ERROR( [Report this to tcpdump-workers@lists.tcpdump.org, and include the config.log file in your report. If you have downloaded libpcap from tcpdump.org, and built it yourself, please also include the config.log file from the libpcap source directory, the Makefile from the libpcap source directory, and the output of the make process for libpcap, as this could be a problem with the libpcap that was built, and we will not be able to determine why this is happening, and thus will not be able to fix it, without that information, as we have not been able to reproduce this problem ourselves.]) ]) ]) dnl dnl Define RETSIGTYPE and RETSIGVAL dnl dnl usage: dnl dnl AC_LBL_TYPE_SIGNAL dnl dnl results: dnl dnl RETSIGTYPE (defined) dnl RETSIGVAL (defined) dnl AC_DEFUN(AC_LBL_TYPE_SIGNAL, [AC_BEFORE([$0], [AC_LBL_LIBPCAP]) AC_TYPE_SIGNAL if test "$ac_cv_type_signal" = void ; then AC_DEFINE(RETSIGVAL,[],[return value of signal handlers]) else AC_DEFINE(RETSIGVAL,(0),[return value of signal handlers]) fi case "$host_os" in irix*) AC_DEFINE(_BSD_SIGNALS,1,[get BSD semantics on Irix]) ;; *) dnl prefer sigaction() to sigset() AC_CHECK_FUNCS(sigaction) if test $ac_cv_func_sigaction = no ; then AC_CHECK_FUNCS(sigset) fi ;; esac]) dnl dnl If using gcc, make sure we have ANSI ioctl definitions dnl dnl usage: dnl dnl AC_LBL_FIXINCLUDES dnl AC_DEFUN(AC_LBL_FIXINCLUDES, [if test "$GCC" = yes ; then AC_MSG_CHECKING(for ANSI ioctl definitions) AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes, AC_TRY_COMPILE( [/* * This generates a "duplicate case value" when fixincludes * has not be run. */ # include # include # include # ifdef HAVE_SYS_IOCCOM_H # include # endif], [switch (0) { case _IO('A', 1):; case _IO('B', 1):; }], ac_cv_lbl_gcc_fixincludes=yes, ac_cv_lbl_gcc_fixincludes=no)) AC_MSG_RESULT($ac_cv_lbl_gcc_fixincludes) if test $ac_cv_lbl_gcc_fixincludes = no ; then # Don't cache failure unset ac_cv_lbl_gcc_fixincludes AC_MSG_ERROR(see the INSTALL for more info) fi fi]) dnl dnl Checks to see if union wait is used with WEXITSTATUS() dnl dnl usage: dnl dnl AC_LBL_UNION_WAIT dnl dnl results: dnl dnl DECLWAITSTATUS (defined) dnl AC_DEFUN(AC_LBL_UNION_WAIT, [AC_MSG_CHECKING(if union wait is used) AC_CACHE_VAL(ac_cv_lbl_union_wait, AC_TRY_COMPILE([ # include # include ], [int status; u_int i = WEXITSTATUS(status); u_int j = waitpid(0, &status, 0);], ac_cv_lbl_union_wait=no, ac_cv_lbl_union_wait=yes)) AC_MSG_RESULT($ac_cv_lbl_union_wait) if test $ac_cv_lbl_union_wait = yes ; then AC_DEFINE(DECLWAITSTATUS,union wait,[type for wait]) else AC_DEFINE(DECLWAITSTATUS,int,[type for wait]) fi]) dnl dnl Checks to see if the sockaddr struct has the 4.4 BSD sa_len member dnl dnl usage: dnl dnl AC_LBL_SOCKADDR_SA_LEN dnl dnl results: dnl dnl HAVE_SOCKADDR_SA_LEN (defined) dnl AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN, [AC_MSG_CHECKING(if sockaddr struct has the sa_len member) AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len, AC_TRY_COMPILE([ # include # include ], [u_int i = sizeof(((struct sockaddr *)0)->sa_len)], ac_cv_lbl_sockaddr_has_sa_len=yes, ac_cv_lbl_sockaddr_has_sa_len=no)) AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len) if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then AC_DEFINE(HAVE_SOCKADDR_SA_LEN,1,[if struct sockaddr has the sa_len member]) fi]) dnl dnl Checks to see if -R is used dnl dnl usage: dnl dnl AC_LBL_HAVE_RUN_PATH dnl dnl results: dnl dnl ac_cv_lbl_have_run_path (yes or no) dnl AC_DEFUN(AC_LBL_HAVE_RUN_PATH, [AC_MSG_CHECKING(for ${CC-cc} -R) AC_CACHE_VAL(ac_cv_lbl_have_run_path, [echo 'main(){}' > conftest.c ${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1 if test ! -s conftest.out ; then ac_cv_lbl_have_run_path=yes else ac_cv_lbl_have_run_path=no fi rm -f -r conftest*]) AC_MSG_RESULT($ac_cv_lbl_have_run_path) ]) dnl dnl Check whether a given format can be used to print 64-bit integers dnl AC_DEFUN(AC_LBL_CHECK_64BIT_FORMAT, [ AC_MSG_CHECKING([whether %$1x can be used to format 64-bit integers]) AC_RUN_IFELSE( [ AC_LANG_SOURCE( [[ # ifdef HAVE_INTTYPES_H #include # endif #include #include main() { uint64_t t = 1; char strbuf[16+1]; sprintf(strbuf, "%016$1x", t << 32); if (strcmp(strbuf, "0000000100000000") == 0) exit(0); else exit(1); } ]]) ], [ AC_DEFINE(PRId64, "$1d", [define if the platform doesn't define PRId64]) AC_DEFINE(PRIo64, "$1o", [define if the platform doesn't define PRIo64]) AC_DEFINE(PRIx64, "$1x", [define if the platform doesn't define PRIu64]) AC_DEFINE(PRIu64, "$1u", [define if the platform doesn't define PRIx64]) AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) $2 ]) ]) dnl dnl Checks to see if unaligned memory accesses fail dnl dnl usage: dnl dnl AC_LBL_UNALIGNED_ACCESS dnl dnl results: dnl dnl LBL_ALIGN (DEFINED) dnl AC_DEFUN(AC_LBL_UNALIGNED_ACCESS, [AC_MSG_CHECKING(if unaligned accesses fail) AC_CACHE_VAL(ac_cv_lbl_unaligned_fail, [case "$host_cpu" in # # These are CPU types where: # # the CPU faults on an unaligned access, but at least some # OSes that support that CPU catch the fault and simulate # the unaligned access (e.g., Alpha/{Digital,Tru64} UNIX) - # the simulation is slow, so we don't want to use it; # # the CPU, I infer (from the old # # XXX: should also check that they don't do weird things (like on arm) # # comment) doesn't fault on unaligned accesses, but doesn't # do a normal unaligned fetch, either (e.g., presumably, ARM); # # for whatever reason, the test program doesn't work # (this has been claimed to be the case for several of those # CPUs - I don't know what the problem is; the problem # was reported as "the test program dumps core" for SuperH, # but that's what the test program is *supposed* to do - # it dumps core before it writes anything, so the test # for an empty output file should find an empty output # file and conclude that unaligned accesses don't work). # # This run-time test won't work if you're cross-compiling, so # in order to support cross-compiling for a particular CPU, # we have to wire in the list of CPU types anyway, as far as # I know, so perhaps we should just have a set of CPUs on # which we know it doesn't work, a set of CPUs on which we # know it does work, and have the script just fail on other # cpu types and update it when such a failure occurs. # alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1) ac_cv_lbl_unaligned_fail=yes ;; *) cat >conftest.c < # include # include unsigned char a[[5]] = { 1, 2, 3, 4, 5 }; main() { unsigned int i; pid_t pid; int status; /* avoid "core dumped" message */ pid = fork(); if (pid < 0) exit(2); if (pid > 0) { /* parent */ pid = waitpid(pid, &status, 0); if (pid < 0) exit(3); exit(!WIFEXITED(status)); } /* child */ i = *(unsigned int *)&a[[1]]; printf("%d\n", i); exit(0); } EOF ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \ conftest.c $LIBS >/dev/null 2>&1 if test ! -x conftest ; then dnl failed to compile for some reason ac_cv_lbl_unaligned_fail=yes else ./conftest >conftest.out if test ! -s conftest.out ; then ac_cv_lbl_unaligned_fail=yes else ac_cv_lbl_unaligned_fail=no fi fi rm -f -r conftest* core core.conftest ;; esac]) AC_MSG_RESULT($ac_cv_lbl_unaligned_fail) if test $ac_cv_lbl_unaligned_fail = yes ; then AC_DEFINE(LBL_ALIGN,1,[if unaligned access fails]) fi]) dnl dnl If the file .devel exists: dnl Add some warning flags if the compiler supports them dnl If an os prototype include exists, symlink os-proto.h to it dnl dnl usage: dnl dnl AC_LBL_DEVEL(copt) dnl dnl results: dnl dnl $1 (copt appended) dnl HAVE_OS_PROTO_H (defined) dnl os-proto.h (symlinked) dnl AC_DEFUN(AC_LBL_DEVEL, [rm -f os-proto.h if test "${LBL_CFLAGS+set}" = set; then $1="$$1 ${LBL_CFLAGS}" fi if test -f .devel ; then # # Skip all the warning option stuff on some compilers. # if test "$ac_lbl_cc_dont_try_gcc_dashW" != yes; then AC_LBL_CHECK_COMPILER_OPT($1, -Wall) AC_LBL_CHECK_COMPILER_OPT($1, -Wmissing-prototypes) AC_LBL_CHECK_COMPILER_OPT($1, -Wstrict-prototypes) AC_LBL_CHECK_COMPILER_OPT($1, -Wwrite-strings) AC_LBL_CHECK_COMPILER_OPT($1, -Wpointer-arith) AC_LBL_CHECK_COMPILER_OPT($1, -W) fi AC_LBL_CHECK_DEPENDENCY_GENERATION_OPT() # # We used to set -n32 for IRIX 6 when not using GCC (presumed # to mean that we're using MIPS C or MIPSpro C); it specified # the "new" faster 32-bit ABI, introduced in IRIX 6.2. I'm # not sure why that would be something to do *only* with a # .devel file; why should the ABI for which we produce code # depend on .devel? # os=`echo $host_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'` name="lbl/os-$os.h" if test -f $name ; then ln -s $name os-proto.h AC_DEFINE(HAVE_OS_PROTO_H, 1, [if there's an os_proto.h for this platform, to use additional prototypes]) else AC_MSG_WARN(can't find $name) fi fi]) dnl dnl Improved version of AC_CHECK_LIB dnl dnl Thanks to John Hawkinson (jhawk@mit.edu) dnl dnl usage: dnl dnl AC_LBL_CHECK_LIB(LIBRARY, FUNCTION [, ACTION-IF-FOUND [, dnl ACTION-IF-NOT-FOUND [, OTHER-LIBRARIES]]]) dnl dnl results: dnl dnl LIBS dnl dnl XXX - "AC_LBL_LIBRARY_NET" was redone to use "AC_SEARCH_LIBS" dnl rather than "AC_LBL_CHECK_LIB", so this isn't used any more. dnl We keep it around for reference purposes in case it's ever dnl useful in the future. dnl define(AC_LBL_CHECK_LIB, [AC_MSG_CHECKING([for $2 in -l$1]) dnl Use a cache variable name containing the library, function dnl name, and extra libraries to link with, because the test really is dnl for library $1 defining function $2, when linked with potinal dnl library $5, not just for library $1. Separate tests with the same dnl $1 and different $2's or $5's may have different results. ac_lib_var=`echo $1['_']$2['_']$5 | sed 'y%./+- %__p__%'` AC_CACHE_VAL(ac_cv_lbl_lib_$ac_lib_var, [ac_save_LIBS="$LIBS" LIBS="-l$1 $5 $LIBS" AC_TRY_LINK(dnl ifelse([$2], [main], , dnl Avoid conflicting decl of main. [/* Override any gcc2 internal prototype to avoid an error. */ ]ifelse(AC_LANG, CPLUSPLUS, [#ifdef __cplusplus extern "C" #endif ])dnl [/* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $2(); ]), [$2()], eval "ac_cv_lbl_lib_$ac_lib_var=yes", eval "ac_cv_lbl_lib_$ac_lib_var=no") LIBS="$ac_save_LIBS" ])dnl if eval "test \"`echo '$ac_cv_lbl_lib_'$ac_lib_var`\" = yes"; then AC_MSG_RESULT(yes) ifelse([$3], , [changequote(, )dnl ac_tr_lib=HAVE_LIB`echo $1 | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` changequote([, ])dnl AC_DEFINE_UNQUOTED($ac_tr_lib) LIBS="-l$1 $LIBS" ], [$3]) else AC_MSG_RESULT(no) ifelse([$4], , , [$4 ])dnl fi ]) dnl dnl AC_LBL_LIBRARY_NET dnl dnl This test is for network applications that need socket() and dnl gethostbyname() -ish functions. Under Solaris, those applications dnl need to link with "-lsocket -lnsl". Under IRIX, they need to link dnl with "-lnsl" but should *not* link with "-lsocket" because dnl libsocket.a breaks a number of things (for instance: dnl gethostbyname() under IRIX 5.2, and snoop sockets under most dnl versions of IRIX). dnl dnl Unfortunately, many application developers are not aware of this, dnl and mistakenly write tests that cause -lsocket to be used under dnl IRIX. It is also easy to write tests that cause -lnsl to be used dnl under operating systems where neither are necessary (or useful), dnl such as SunOS 4.1.4, which uses -lnsl for TLI. dnl dnl This test exists so that every application developer does not test dnl this in a different, and subtly broken fashion. dnl It has been argued that this test should be broken up into two dnl seperate tests, one for the resolver libraries, and one for the dnl libraries necessary for using Sockets API. Unfortunately, the two dnl are carefully intertwined and allowing the autoconf user to use dnl them independantly potentially results in unfortunate ordering dnl dependancies -- as such, such component macros would have to dnl carefully use indirection and be aware if the other components were dnl executed. Since other autoconf macros do not go to this trouble, dnl and almost no applications use sockets without the resolver, this dnl complexity has not been implemented. dnl dnl The check for libresolv is in case you are attempting to link dnl statically and happen to have a libresolv.a lying around (and no dnl libnsl.a). dnl AC_DEFUN(AC_LBL_LIBRARY_NET, [ # Most operating systems have gethostbyname() in the default searched # libraries (i.e. libc): # Some OSes (eg. Solaris) place it in libnsl # Some strange OSes (SINIX) have it in libsocket: AC_SEARCH_LIBS(gethostbyname, nsl socket resolv) # Unfortunately libsocket sometimes depends on libnsl and # AC_SEARCH_LIBS isn't up to the task of handling dependencies like this. if test "$ac_cv_search_gethostbyname" = "no" then AC_CHECK_LIB(socket, gethostbyname, LIBS="-lsocket -lnsl $LIBS", , -lnsl) fi AC_SEARCH_LIBS(socket, socket, , AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , -lnsl)) # DLPI needs putmsg under HPUX so test for -lstr while we're at it AC_SEARCH_LIBS(putmsg, str) ]) dnl Copyright (c) 1999 WIDE Project. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without dnl modification, are permitted provided that the following conditions dnl are met: dnl 1. Redistributions of source code must retain the above copyright dnl notice, this list of conditions and the following disclaimer. dnl 2. Redistributions in binary form must reproduce the above copyright dnl notice, this list of conditions and the following disclaimer in the dnl documentation and/or other materials provided with the distribution. dnl 3. Neither the name of the project nor the names of its contributors dnl may be used to endorse or promote products derived from this software dnl without specific prior written permission. dnl dnl THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND dnl ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE dnl ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE dnl FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL dnl DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS dnl OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) dnl HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT dnl LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY dnl OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF dnl SUCH DAMAGE. dnl dnl Checks to see if AF_INET6 is defined AC_DEFUN(AC_CHECK_AF_INET6, [ AC_MSG_CHECKING(for AF_INET6) AC_CACHE_VAL($1, AC_TRY_COMPILE([ # include # include ], [int a = AF_INET6], $1=yes, $1=no)) AC_MSG_RESULT($$1) if test $$1 = yes ; then AC_DEFINE(HAVE_AF_INET6) fi ]) dnl dnl Checks to see if the sockaddr struct has the 4.4 BSD sa_len member dnl borrowed from LBL libpcap AC_DEFUN(AC_CHECK_SA_LEN, [ AC_MSG_CHECKING(if sockaddr struct has sa_len member) AC_CACHE_VAL($1, AC_TRY_COMPILE([ # include # include ], [u_int i = sizeof(((struct sockaddr *)0)->sa_len)], $1=yes, $1=no)) AC_MSG_RESULT($$1) if test $$1 = yes ; then AC_DEFINE(HAVE_SOCKADDR_SA_LEN) fi ]) dnl dnl Checks for addrinfo structure AC_DEFUN(AC_STRUCT_ADDRINFO, [ AC_MSG_CHECKING(for addrinfo) AC_CACHE_VAL($1, AC_TRY_COMPILE([ # include ], [struct addrinfo a], $1=yes, $1=no)) AC_MSG_RESULT($$1) if test $$1 = yes; then AC_DEFINE(HAVE_ADDRINFO, 1, [define if you have the addrinfo function]) else AC_DEFINE(NEED_ADDRINFO_H, 1, [define if you need to include missing/addrinfo.h]) fi ]) dnl dnl Checks for NI_MAXSERV AC_DEFUN(AC_NI_MAXSERV, [ AC_MSG_CHECKING(for NI_MAXSERV) AC_CACHE_VAL($1, AC_EGREP_CPP(yes, [#include #ifdef NI_MAXSERV yes #endif], $1=yes, $1=no)) AC_MSG_RESULT($$1) if test $$1 != yes; then AC_DEFINE(NEED_ADDRINFO_H) fi ]) dnl dnl Checks for NI_NAMEREQD AC_DEFUN(AC_NI_NAMEREQD, [ AC_MSG_CHECKING(for NI_NAMEREQD) AC_CACHE_VAL($1, AC_EGREP_CPP(yes, [#include #ifdef NI_NOFQDN yes #endif], $1=yes, $1=no)) AC_MSG_RESULT($$1) if test $$1 != yes; then AC_DEFINE(NEED_ADDRINFO_H) fi ]) dnl dnl Checks for sockaddr_storage structure AC_DEFUN(AC_STRUCT_SA_STORAGE, [ AC_MSG_CHECKING(for sockaddr_storage) AC_CACHE_VAL($1, AC_TRY_COMPILE([ # include # include ], [struct sockaddr_storage s], $1=yes, $1=no)) AC_MSG_RESULT($$1) if test $$1 = yes; then AC_DEFINE(HAVE_SOCKADDR_STORAGE, 1, [define if you have struct sockaddr_storage]) fi ]) dnl dnl check for h_errno AC_DEFUN(AC_VAR_H_ERRNO, [ AC_MSG_CHECKING(for h_errno) AC_CACHE_VAL(ac_cv_var_h_errno, AC_TRY_COMPILE([ # include # include ], [int foo = h_errno;], ac_cv_var_h_errno=yes, ac_cv_var_h_errno=no)) AC_MSG_RESULT($ac_cv_var_h_errno) if test "$ac_cv_var_h_errno" = "yes"; then AC_DEFINE(HAVE_H_ERRNO, 1, [define if you have the h_errno variable]) fi ]) dnl dnl Test for __attribute__ dnl AC_DEFUN(AC_C___ATTRIBUTE__, [ AC_MSG_CHECKING(for __attribute__) AC_CACHE_VAL(ac_cv___attribute__, [ AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ #include static void foo(void) __attribute__ ((noreturn)); static void foo(void) { exit(1); } int main(int argc, char **argv) { foo(); } ]])], ac_cv___attribute__=yes, ac_cv___attribute__=no)]) if test "$ac_cv___attribute__" = "yes"; then AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__]) else # # We can't use __attribute__, so we can't use __attribute__((unused)), # so we define _U_ to an empty string. # V_DEFS="$V_DEFS -D_U_=\"\"" fi AC_MSG_RESULT($ac_cv___attribute__) ]) dnl dnl Test whether __attribute__((unused)) can be used without warnings dnl AC_DEFUN(AC_C___ATTRIBUTE___UNUSED, [ AC_MSG_CHECKING([whether __attribute__((unused)) can be used without warnings]) AC_CACHE_VAL(ac_cv___attribute___unused, [ save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $ac_lbl_cc_force_warning_errors" AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ #include #include int main(int argc __attribute((unused)), char **argv __attribute((unused))) { printf("Hello, world!\n"); return 0; } ]])], ac_cv___attribute___unused=yes, ac_cv___attribute___unused=no)]) CFLAGS="$save_CFLAGS" if test "$ac_cv___attribute___unused" = "yes"; then V_DEFS="$V_DEFS -D_U_=\"__attribute__((unused))\"" else V_DEFS="$V_DEFS -D_U_=\"\"" fi AC_MSG_RESULT($ac_cv___attribute___unused) ]) dnl dnl Test whether __attribute__((format)) can be used without warnings dnl AC_DEFUN(AC_C___ATTRIBUTE___FORMAT, [ AC_MSG_CHECKING([whether __attribute__((format)) can be used without warnings]) AC_CACHE_VAL(ac_cv___attribute___format, [ save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $ac_lbl_cc_force_warning_errors" AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ #include extern int foo(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); int main(int argc, char **argv) { foo("%s", "test"); } ]])], ac_cv___attribute___format=yes, ac_cv___attribute___format=no)]) CFLAGS="$save_CFLAGS" if test "$ac_cv___attribute___format" = "yes"; then AC_DEFINE(__ATTRIBUTE___FORMAT_OK, 1, [define if your compiler allows __attribute__((format)) without a warning]) fi AC_MSG_RESULT($ac_cv___attribute___format) ]) dnl dnl Test whether __attribute__((format)) can be applied to function dnl pointers dnl AC_DEFUN(AC_C___ATTRIBUTE___FORMAT_FUNCTION_POINTER, [ AC_MSG_CHECKING([whether __attribute__((format)) can be applied to function pointers]) AC_CACHE_VAL(ac_cv___attribute___format_function_pointer, [ AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ #include extern int (*foo)(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); int main(int argc, char **argv) { (*foo)("%s", "test"); } ]])], ac_cv___attribute___format_function_pointer=yes, ac_cv___attribute___format_function_pointer=no)]) if test "$ac_cv___attribute___format_function_pointer" = "yes"; then AC_DEFINE(__ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS, 1, [define if your compiler allows __attribute__((format)) to be applied to function pointers]) fi AC_MSG_RESULT($ac_cv___attribute___format_function_pointer) ]) AC_DEFUN(AC_C___ATTRIBUTE___NORETURN_FUNCTION_POINTER, [ AC_MSG_CHECKING([whether __attribute__((noreturn)) can be applied to function pointers without warnings]) AC_CACHE_VAL(ac_cv___attribute___noreturn_function_pointer, [ save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $ac_lbl_cc_force_warning_errors" AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ #include extern int (*foo)(int i) __attribute__ ((noreturn)); int main(int argc, char **argv) { (*foo)(1); } ]])], ac_cv___attribute___noreturn_function_pointer=yes, ac_cv___attribute___noreturn_function_pointer=no)]) CFLAGS="$save_CFLAGS" if test "$ac_cv___attribute___noreturn_function_pointer" = "yes"; then AC_DEFINE(__ATTRIBUTE___NORETURN_OK_FOR_FUNCTION_POINTERS, 1, [define if your compiler allows __attribute__((noreturn)) to be applied to function pointers]) fi AC_MSG_RESULT($ac_cv___attribute___noreturn_function_pointer) ]) AC_DEFUN(AC_LBL_SSLEAY, [ # # Find the last component of $libdir; it's not necessarily # "lib" - it might be "lib64" on, for example, x86-64 # Linux systems. # # We assume the directory in which we're looking for # libcrypto has a subdirectory with that as its name. # tmplib=`echo "$libdir" | sed 's,.*/,,'` # # XXX - is there a better way to check if a given library is # in a given directory than checking each of the possible # shared library suffixes? # # Are there any other suffixes we need to look for? Do we # have to worry about ".so.{version}"? # # Or should we just look for "libcrypto.*"? # if test -d "$1/$tmplib" -a \( -f "$1/$tmplib/libcrypto.a" -o \ -f "$1/$tmplib/libcrypto.so" -o \ -f "$1/$tmplib/libcrypto.sl" -o \ -f "$1/$tmplib/libcrypto.dylib" \); then ac_cv_ssleay_path="$1" fi # # Make sure we have the headers as well. # if test -d "$1/include/openssl" -a -f "$1/include/openssl/des.h"; then incdir="-I$1/include" fi ]) tcpdump-4.7.4/print-ipx.c0000644000026300017510000001467112431107727013440 0ustar mcrmcr/* * Copyright (c) 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Format and print Novell IPX packets. * Contributed by Brad Parker (brad@fcr.com). */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* well-known sockets */ #define IPX_SKT_NCP 0x0451 #define IPX_SKT_SAP 0x0452 #define IPX_SKT_RIP 0x0453 #define IPX_SKT_NETBIOS 0x0455 #define IPX_SKT_DIAGNOSTICS 0x0456 #define IPX_SKT_NWLINK_DGM 0x0553 /* NWLink datagram, may contain SMB */ #define IPX_SKT_EIGRP 0x85be /* Cisco EIGRP over IPX */ /* IPX transport header */ struct ipxHdr { uint16_t cksum; /* Checksum */ uint16_t length; /* Length, in bytes, including header */ uint8_t tCtl; /* Transport Control (i.e. hop count) */ uint8_t pType; /* Packet Type (i.e. level 2 protocol) */ uint16_t dstNet[2]; /* destination net */ uint8_t dstNode[6]; /* destination node */ uint16_t dstSkt; /* destination socket */ uint16_t srcNet[2]; /* source net */ uint8_t srcNode[6]; /* source node */ uint16_t srcSkt; /* source socket */ }; #define ipxSize 30 static const char *ipxaddr_string(uint32_t, const u_char *); static void ipx_decode(netdissect_options *, const struct ipxHdr *, const u_char *, u_int); static void ipx_sap_print(netdissect_options *, const u_short *, u_int); static void ipx_rip_print(netdissect_options *, const u_short *, u_int); /* * Print IPX datagram packets. */ void ipx_print(netdissect_options *ndo, const u_char *p, u_int length) { const struct ipxHdr *ipx = (const struct ipxHdr *)p; if (!ndo->ndo_eflag) ND_PRINT((ndo, "IPX ")); ND_TCHECK(ipx->srcSkt); ND_PRINT((ndo, "%s.%04x > ", ipxaddr_string(EXTRACT_32BITS(ipx->srcNet), ipx->srcNode), EXTRACT_16BITS(&ipx->srcSkt))); ND_PRINT((ndo, "%s.%04x: ", ipxaddr_string(EXTRACT_32BITS(ipx->dstNet), ipx->dstNode), EXTRACT_16BITS(&ipx->dstSkt))); /* take length from ipx header */ ND_TCHECK(ipx->length); length = EXTRACT_16BITS(&ipx->length); ipx_decode(ndo, ipx, (u_char *)ipx + ipxSize, length - ipxSize); return; trunc: ND_PRINT((ndo, "[|ipx %d]", length)); } static const char * ipxaddr_string(uint32_t net, const u_char *node) { static char line[256]; snprintf(line, sizeof(line), "%08x.%02x:%02x:%02x:%02x:%02x:%02x", net, node[0], node[1], node[2], node[3], node[4], node[5]); return line; } static void ipx_decode(netdissect_options *ndo, const struct ipxHdr *ipx, const u_char *datap, u_int length) { register u_short dstSkt; dstSkt = EXTRACT_16BITS(&ipx->dstSkt); switch (dstSkt) { case IPX_SKT_NCP: ND_PRINT((ndo, "ipx-ncp %d", length)); break; case IPX_SKT_SAP: ipx_sap_print(ndo, (u_short *)datap, length); break; case IPX_SKT_RIP: ipx_rip_print(ndo, (u_short *)datap, length); break; case IPX_SKT_NETBIOS: ND_PRINT((ndo, "ipx-netbios %d", length)); #ifdef TCPDUMP_DO_SMB ipx_netbios_print(ndo, datap, length); #endif break; case IPX_SKT_DIAGNOSTICS: ND_PRINT((ndo, "ipx-diags %d", length)); break; case IPX_SKT_NWLINK_DGM: ND_PRINT((ndo, "ipx-nwlink-dgm %d", length)); #ifdef TCPDUMP_DO_SMB ipx_netbios_print(ndo, datap, length); #endif break; case IPX_SKT_EIGRP: eigrp_print(ndo, datap, length); break; default: ND_PRINT((ndo, "ipx-#%x %d", dstSkt, length)); break; } } static void ipx_sap_print(netdissect_options *ndo, const u_short *ipx, u_int length) { int command, i; ND_TCHECK(ipx[0]); command = EXTRACT_16BITS(ipx); ipx++; length -= 2; switch (command) { case 1: case 3: if (command == 1) ND_PRINT((ndo, "ipx-sap-req")); else ND_PRINT((ndo, "ipx-sap-nearest-req")); ND_TCHECK(ipx[0]); ND_PRINT((ndo, " %s", ipxsap_string(htons(EXTRACT_16BITS(&ipx[0]))))); break; case 2: case 4: if (command == 2) ND_PRINT((ndo, "ipx-sap-resp")); else ND_PRINT((ndo, "ipx-sap-nearest-resp")); for (i = 0; i < 8 && length > 0; i++) { ND_TCHECK(ipx[0]); ND_PRINT((ndo, " %s '", ipxsap_string(htons(EXTRACT_16BITS(&ipx[0]))))); if (fn_printzp(ndo, (u_char *)&ipx[1], 48, ndo->ndo_snapend)) { ND_PRINT((ndo, "'")); goto trunc; } ND_TCHECK2(ipx[25], 10); ND_PRINT((ndo, "' addr %s", ipxaddr_string(EXTRACT_32BITS(&ipx[25]), (u_char *)&ipx[27]))); ipx += 32; length -= 64; } break; default: ND_PRINT((ndo, "ipx-sap-?%x", command)); break; } return; trunc: ND_PRINT((ndo, "[|ipx %d]", length)); } static void ipx_rip_print(netdissect_options *ndo, const u_short *ipx, u_int length) { int command, i; ND_TCHECK(ipx[0]); command = EXTRACT_16BITS(ipx); ipx++; length -= 2; switch (command) { case 1: ND_PRINT((ndo, "ipx-rip-req")); if (length > 0) { ND_TCHECK(ipx[3]); ND_PRINT((ndo, " %08x/%d.%d", EXTRACT_32BITS(&ipx[0]), EXTRACT_16BITS(&ipx[2]), EXTRACT_16BITS(&ipx[3]))); } break; case 2: ND_PRINT((ndo, "ipx-rip-resp")); for (i = 0; i < 50 && length > 0; i++) { ND_TCHECK(ipx[3]); ND_PRINT((ndo, " %08x/%d.%d", EXTRACT_32BITS(&ipx[0]), EXTRACT_16BITS(&ipx[2]), EXTRACT_16BITS(&ipx[3]))); ipx += 4; length -= 8; } break; default: ND_PRINT((ndo, "ipx-rip-?%x", command)); break; } return; trunc: ND_PRINT((ndo, "[|ipx %d]", length)); } tcpdump-4.7.4/print-ascii.c0000644000026300017510000001432512431107727013724 0ustar mcrmcr/* $NetBSD: print-ascii.c,v 1.1 1999/09/30 14:49:12 sjg Exp $ */ /*- * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Alan Barrett and Simon J. Gerraty. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the NetBSD * Foundation, Inc. and its contributors. * 4. Neither the name of The NetBSD Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #define ASCII_LINELENGTH 300 #define HEXDUMP_BYTES_PER_LINE 16 #define HEXDUMP_SHORTS_PER_LINE (HEXDUMP_BYTES_PER_LINE / 2) #define HEXDUMP_HEXSTUFF_PER_SHORT 5 /* 4 hex digits and a space */ #define HEXDUMP_HEXSTUFF_PER_LINE \ (HEXDUMP_HEXSTUFF_PER_SHORT * HEXDUMP_SHORTS_PER_LINE) void ascii_print(netdissect_options *ndo, const u_char *cp, u_int length) { u_int caplength; register u_char s; caplength = (ndo->ndo_snapend >= cp) ? ndo->ndo_snapend - cp : 0; if (length > caplength) length = caplength; ND_PRINT((ndo, "\n")); while (length > 0) { s = *cp++; length--; if (s == '\r') { /* * Don't print CRs at the end of the line; they * don't belong at the ends of lines on UN*X, * and the standard I/O library will give us one * on Windows so we don't need to print one * ourselves. * * In the middle of a line, just print a '.'. */ if (length > 1 && *cp != '\n') ND_PRINT((ndo, ".")); } else { if (!ND_ISGRAPH(s) && (s != '\t' && s != ' ' && s != '\n')) ND_PRINT((ndo, ".")); else ND_PRINT((ndo, "%c", s)); } } } void hex_and_ascii_print_with_offset(netdissect_options *ndo, register const char *ident, register const u_char *cp, register u_int length, register u_int oset) { u_int caplength; register u_int i; register int s1, s2; register int nshorts; char hexstuff[HEXDUMP_SHORTS_PER_LINE*HEXDUMP_HEXSTUFF_PER_SHORT+1], *hsp; char asciistuff[ASCII_LINELENGTH+1], *asp; caplength = (ndo->ndo_snapend >= cp) ? ndo->ndo_snapend - cp : 0; if (length > caplength) length = caplength; nshorts = length / sizeof(u_short); i = 0; hsp = hexstuff; asp = asciistuff; while (--nshorts >= 0) { s1 = *cp++; s2 = *cp++; (void)snprintf(hsp, sizeof(hexstuff) - (hsp - hexstuff), " %02x%02x", s1, s2); hsp += HEXDUMP_HEXSTUFF_PER_SHORT; *(asp++) = (ND_ISGRAPH(s1) ? s1 : '.'); *(asp++) = (ND_ISGRAPH(s2) ? s2 : '.'); i++; if (i >= HEXDUMP_SHORTS_PER_LINE) { *hsp = *asp = '\0'; ND_PRINT((ndo, "%s0x%04x: %-*s %s", ident, oset, HEXDUMP_HEXSTUFF_PER_LINE, hexstuff, asciistuff)); i = 0; hsp = hexstuff; asp = asciistuff; oset += HEXDUMP_BYTES_PER_LINE; } } if (length & 1) { s1 = *cp++; (void)snprintf(hsp, sizeof(hexstuff) - (hsp - hexstuff), " %02x", s1); hsp += 3; *(asp++) = (ND_ISGRAPH(s1) ? s1 : '.'); ++i; } if (i > 0) { *hsp = *asp = '\0'; ND_PRINT((ndo, "%s0x%04x: %-*s %s", ident, oset, HEXDUMP_HEXSTUFF_PER_LINE, hexstuff, asciistuff)); } } void hex_and_ascii_print(netdissect_options *ndo, register const char *ident, register const u_char *cp, register u_int length) { hex_and_ascii_print_with_offset(ndo, ident, cp, length, 0); } /* * telnet_print() wants this. It is essentially default_print_unaligned() */ void hex_print_with_offset(netdissect_options *ndo, const char *ident, const u_char *cp, u_int length, u_int oset) { u_int caplength; register u_int i, s; register int nshorts; caplength = (ndo->ndo_snapend >= cp) ? ndo->ndo_snapend - cp : 0; if (length > caplength) length = caplength; nshorts = (u_int) length / sizeof(u_short); i = 0; while (--nshorts >= 0) { if ((i++ % 8) == 0) { ND_PRINT((ndo,"%s0x%04x: ", ident, oset)); oset += HEXDUMP_BYTES_PER_LINE; } s = *cp++; ND_PRINT((ndo," %02x%02x", s, *cp++)); } if (length & 1) { if ((i % 8) == 0) ND_PRINT((ndo,"%s0x%04x: ", ident, oset)); ND_PRINT((ndo," %02x", *cp)); } } /* * just for completeness */ void hex_print(netdissect_options *ndo,const char *ident, const u_char *cp, u_int length) { hex_print_with_offset(ndo, ident, cp, length, 0); } #ifdef MAIN int main(int argc, char *argv[]) { hex_print("\n\t", "Hello, World!\n", 14); printf("\n"); hex_and_ascii_print("\n\t", "Hello, World!\n", 14); printf("\n"); ascii_print("Hello, World!\n", 14); printf("\n"); #define TMSG "Now is the winter of our discontent...\n" hex_print_with_offset("\n\t", TMSG, sizeof(TMSG) - 1, 0x100); printf("\n"); hex_and_ascii_print_with_offset("\n\t", TMSG, sizeof(TMSG) - 1, 0x100); printf("\n"); exit(0); } #endif /* MAIN */ tcpdump-4.7.4/print-atalk.c0000644000026300017510000003746212431107727013737 0ustar mcrmcr/* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Format and print AppleTalk packets. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "interface.h" #include "addrtoname.h" #include "ethertype.h" #include "extract.h" /* must come after interface.h */ #include "appletalk.h" static const char tstr[] = "[|atalk]"; static const struct tok type2str[] = { { ddpRTMP, "rtmp" }, { ddpRTMPrequest, "rtmpReq" }, { ddpECHO, "echo" }, { ddpIP, "IP" }, { ddpARP, "ARP" }, { ddpKLAP, "KLAP" }, { 0, NULL } }; struct aarp { uint16_t htype, ptype; uint8_t halen, palen; uint16_t op; uint8_t hsaddr[6]; uint8_t psaddr[4]; uint8_t hdaddr[6]; uint8_t pdaddr[4]; }; static void atp_print(netdissect_options *, const struct atATP *, u_int); static void atp_bitmap_print(netdissect_options *, u_char); static void nbp_print(netdissect_options *, const struct atNBP *, u_int, u_short, u_char, u_char); static const struct atNBPtuple *nbp_tuple_print(netdissect_options *ndo, const struct atNBPtuple *, const u_char *, u_short, u_char, u_char); static const struct atNBPtuple *nbp_name_print(netdissect_options *, const struct atNBPtuple *, const u_char *); static const char *ataddr_string(netdissect_options *, u_short, u_char); static void ddp_print(netdissect_options *, const u_char *, u_int, int, u_short, u_char, u_char); static const char *ddpskt_string(netdissect_options *, int); /* * Print LLAP packets received on a physical LocalTalk interface. */ u_int ltalk_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { return (llap_print(ndo, p, h->caplen)); } /* * Print AppleTalk LLAP packets. */ u_int llap_print(netdissect_options *ndo, register const u_char *bp, u_int length) { register const struct LAP *lp; register const struct atDDP *dp; register const struct atShortDDP *sdp; u_short snet; u_int hdrlen; if (length < sizeof(*lp)) { ND_PRINT((ndo, " [|llap %u]", length)); return (length); } lp = (const struct LAP *)bp; bp += sizeof(*lp); length -= sizeof(*lp); hdrlen = sizeof(*lp); switch (lp->type) { case lapShortDDP: if (length < ddpSSize) { ND_PRINT((ndo, " [|sddp %u]", length)); return (length); } sdp = (const struct atShortDDP *)bp; ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, 0, lp->src), ddpskt_string(ndo, sdp->srcSkt))); ND_PRINT((ndo, " > %s.%s:", ataddr_string(ndo, 0, lp->dst), ddpskt_string(ndo, sdp->dstSkt))); bp += ddpSSize; length -= ddpSSize; hdrlen += ddpSSize; ddp_print(ndo, bp, length, sdp->type, 0, lp->src, sdp->srcSkt); break; case lapDDP: if (length < ddpSize) { ND_PRINT((ndo, " [|ddp %u]", length)); return (length); } dp = (const struct atDDP *)bp; snet = EXTRACT_16BITS(&dp->srcNet); ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, snet, dp->srcNode), ddpskt_string(ndo, dp->srcSkt))); ND_PRINT((ndo, " > %s.%s:", ataddr_string(ndo, EXTRACT_16BITS(&dp->dstNet), dp->dstNode), ddpskt_string(ndo, dp->dstSkt))); bp += ddpSize; length -= ddpSize; hdrlen += ddpSize; ddp_print(ndo, bp, length, dp->type, snet, dp->srcNode, dp->srcSkt); break; #ifdef notdef case lapKLAP: klap_print(bp, length); break; #endif default: ND_PRINT((ndo, "%d > %d at-lap#%d %u", lp->src, lp->dst, lp->type, length)); break; } return (hdrlen); } /* * Print EtherTalk/TokenTalk packets (or FDDITalk, or whatever it's called * when it runs over FDDI; yes, I've seen FDDI captures with AppleTalk * packets in them). */ void atalk_print(netdissect_options *ndo, register const u_char *bp, u_int length) { register const struct atDDP *dp; u_short snet; if(!ndo->ndo_eflag) ND_PRINT((ndo, "AT ")); if (length < ddpSize) { ND_PRINT((ndo, " [|ddp %u]", length)); return; } dp = (const struct atDDP *)bp; snet = EXTRACT_16BITS(&dp->srcNet); ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, snet, dp->srcNode), ddpskt_string(ndo, dp->srcSkt))); ND_PRINT((ndo, " > %s.%s: ", ataddr_string(ndo, EXTRACT_16BITS(&dp->dstNet), dp->dstNode), ddpskt_string(ndo, dp->dstSkt))); bp += ddpSize; length -= ddpSize; ddp_print(ndo, bp, length, dp->type, snet, dp->srcNode, dp->srcSkt); } /* XXX should probably pass in the snap header and do checks like arp_print() */ void aarp_print(netdissect_options *ndo, register const u_char *bp, u_int length) { register const struct aarp *ap; #define AT(member) ataddr_string(ndo, (ap->member[1]<<8)|ap->member[2],ap->member[3]) ND_PRINT((ndo, "aarp ")); ap = (const struct aarp *)bp; if (EXTRACT_16BITS(&ap->htype) == 1 && EXTRACT_16BITS(&ap->ptype) == ETHERTYPE_ATALK && ap->halen == 6 && ap->palen == 4 ) switch (EXTRACT_16BITS(&ap->op)) { case 1: /* request */ ND_PRINT((ndo, "who-has %s tell %s", AT(pdaddr), AT(psaddr))); return; case 2: /* response */ ND_PRINT((ndo, "reply %s is-at %s", AT(psaddr), etheraddr_string(ndo, ap->hsaddr))); return; case 3: /* probe (oy!) */ ND_PRINT((ndo, "probe %s tell %s", AT(pdaddr), AT(psaddr))); return; } ND_PRINT((ndo, "len %u op %u htype %u ptype %#x halen %u palen %u", length, EXTRACT_16BITS(&ap->op), EXTRACT_16BITS(&ap->htype), EXTRACT_16BITS(&ap->ptype), ap->halen, ap->palen)); } /* * Print AppleTalk Datagram Delivery Protocol packets. */ static void ddp_print(netdissect_options *ndo, register const u_char *bp, register u_int length, register int t, register u_short snet, register u_char snode, u_char skt) { switch (t) { case ddpNBP: nbp_print(ndo, (const struct atNBP *)bp, length, snet, snode, skt); break; case ddpATP: atp_print(ndo, (const struct atATP *)bp, length); break; case ddpEIGRP: eigrp_print(ndo, bp, length); break; default: ND_PRINT((ndo, " at-%s %d", tok2str(type2str, NULL, t), length)); break; } } static void atp_print(netdissect_options *ndo, register const struct atATP *ap, u_int length) { char c; uint32_t data; if ((const u_char *)(ap + 1) > ndo->ndo_snapend) { /* Just bail if we don't have the whole chunk. */ ND_PRINT((ndo, "%s", tstr)); return; } if (length < sizeof(*ap)) { ND_PRINT((ndo, " [|atp %u]", length)); return; } length -= sizeof(*ap); switch (ap->control & 0xc0) { case atpReqCode: ND_PRINT((ndo, " atp-req%s %d", ap->control & atpXO? " " : "*", EXTRACT_16BITS(&ap->transID))); atp_bitmap_print(ndo, ap->bitmap); if (length != 0) ND_PRINT((ndo, " [len=%u]", length)); switch (ap->control & (atpEOM|atpSTS)) { case atpEOM: ND_PRINT((ndo, " [EOM]")); break; case atpSTS: ND_PRINT((ndo, " [STS]")); break; case atpEOM|atpSTS: ND_PRINT((ndo, " [EOM,STS]")); break; } break; case atpRspCode: ND_PRINT((ndo, " atp-resp%s%d:%d (%u)", ap->control & atpEOM? "*" : " ", EXTRACT_16BITS(&ap->transID), ap->bitmap, length)); switch (ap->control & (atpXO|atpSTS)) { case atpXO: ND_PRINT((ndo, " [XO]")); break; case atpSTS: ND_PRINT((ndo, " [STS]")); break; case atpXO|atpSTS: ND_PRINT((ndo, " [XO,STS]")); break; } break; case atpRelCode: ND_PRINT((ndo, " atp-rel %d", EXTRACT_16BITS(&ap->transID))); atp_bitmap_print(ndo, ap->bitmap); /* length should be zero */ if (length) ND_PRINT((ndo, " [len=%u]", length)); /* there shouldn't be any control flags */ if (ap->control & (atpXO|atpEOM|atpSTS)) { c = '['; if (ap->control & atpXO) { ND_PRINT((ndo, "%cXO", c)); c = ','; } if (ap->control & atpEOM) { ND_PRINT((ndo, "%cEOM", c)); c = ','; } if (ap->control & atpSTS) { ND_PRINT((ndo, "%cSTS", c)); c = ','; } ND_PRINT((ndo, "]")); } break; default: ND_PRINT((ndo, " atp-0x%x %d (%u)", ap->control, EXTRACT_16BITS(&ap->transID), length)); break; } data = EXTRACT_32BITS(&ap->userData); if (data != 0) ND_PRINT((ndo, " 0x%x", data)); } static void atp_bitmap_print(netdissect_options *ndo, register u_char bm) { register char c; register int i; /* * The '& 0xff' below is needed for compilers that want to sign * extend a u_char, which is the case with the Ultrix compiler. * (gcc is smart enough to eliminate it, at least on the Sparc). */ if ((bm + 1) & (bm & 0xff)) { c = '<'; for (i = 0; bm; ++i) { if (bm & 1) { ND_PRINT((ndo, "%c%d", c, i)); c = ','; } bm >>= 1; } ND_PRINT((ndo, ">")); } else { for (i = 0; bm; ++i) bm >>= 1; if (i > 1) ND_PRINT((ndo, "<0-%d>", i - 1)); else ND_PRINT((ndo, "<0>")); } } static void nbp_print(netdissect_options *ndo, register const struct atNBP *np, u_int length, register u_short snet, register u_char snode, register u_char skt) { register const struct atNBPtuple *tp = (const struct atNBPtuple *)((u_char *)np + nbpHeaderSize); int i; const u_char *ep; if (length < nbpHeaderSize) { ND_PRINT((ndo, " truncated-nbp %u", length)); return; } length -= nbpHeaderSize; if (length < 8) { /* must be room for at least one tuple */ ND_PRINT((ndo, " truncated-nbp %u", length + nbpHeaderSize)); return; } /* ep points to end of available data */ ep = ndo->ndo_snapend; if ((const u_char *)tp > ep) { ND_PRINT((ndo, "%s", tstr)); return; } switch (i = np->control & 0xf0) { case nbpBrRq: case nbpLkUp: ND_PRINT((ndo, i == nbpLkUp? " nbp-lkup %d:":" nbp-brRq %d:", np->id)); if ((const u_char *)(tp + 1) > ep) { ND_PRINT((ndo, "%s", tstr)); return; } (void)nbp_name_print(ndo, tp, ep); /* * look for anomalies: the spec says there can only * be one tuple, the address must match the source * address and the enumerator should be zero. */ if ((np->control & 0xf) != 1) ND_PRINT((ndo, " [ntup=%d]", np->control & 0xf)); if (tp->enumerator) ND_PRINT((ndo, " [enum=%d]", tp->enumerator)); if (EXTRACT_16BITS(&tp->net) != snet || tp->node != snode || tp->skt != skt) ND_PRINT((ndo, " [addr=%s.%d]", ataddr_string(ndo, EXTRACT_16BITS(&tp->net), tp->node), tp->skt)); break; case nbpLkUpReply: ND_PRINT((ndo, " nbp-reply %d:", np->id)); /* print each of the tuples in the reply */ for (i = np->control & 0xf; --i >= 0 && tp; ) tp = nbp_tuple_print(ndo, tp, ep, snet, snode, skt); break; default: ND_PRINT((ndo, " nbp-0x%x %d (%u)", np->control, np->id, length)); break; } } /* print a counted string */ static const char * print_cstring(netdissect_options *ndo, register const char *cp, register const u_char *ep) { register u_int length; if (cp >= (const char *)ep) { ND_PRINT((ndo, "%s", tstr)); return (0); } length = *cp++; /* Spec says string can be at most 32 bytes long */ if (length > 32) { ND_PRINT((ndo, "[len=%u]", length)); return (0); } while ((int)--length >= 0) { if (cp >= (const char *)ep) { ND_PRINT((ndo, "%s", tstr)); return (0); } ND_PRINT((ndo, "%c", *cp++)); } return (cp); } static const struct atNBPtuple * nbp_tuple_print(netdissect_options *ndo, register const struct atNBPtuple *tp, register const u_char *ep, register u_short snet, register u_char snode, register u_char skt) { register const struct atNBPtuple *tpn; if ((const u_char *)(tp + 1) > ep) { ND_PRINT((ndo, "%s", tstr)); return 0; } tpn = nbp_name_print(ndo, tp, ep); /* if the enumerator isn't 1, print it */ if (tp->enumerator != 1) ND_PRINT((ndo, "(%d)", tp->enumerator)); /* if the socket doesn't match the src socket, print it */ if (tp->skt != skt) ND_PRINT((ndo, " %d", tp->skt)); /* if the address doesn't match the src address, it's an anomaly */ if (EXTRACT_16BITS(&tp->net) != snet || tp->node != snode) ND_PRINT((ndo, " [addr=%s]", ataddr_string(ndo, EXTRACT_16BITS(&tp->net), tp->node))); return (tpn); } static const struct atNBPtuple * nbp_name_print(netdissect_options *ndo, const struct atNBPtuple *tp, register const u_char *ep) { register const char *cp = (const char *)tp + nbpTupleSize; ND_PRINT((ndo, " ")); /* Object */ ND_PRINT((ndo, "\"")); if ((cp = print_cstring(ndo, cp, ep)) != NULL) { /* Type */ ND_PRINT((ndo, ":")); if ((cp = print_cstring(ndo, cp, ep)) != NULL) { /* Zone */ ND_PRINT((ndo, "@")); if ((cp = print_cstring(ndo, cp, ep)) != NULL) ND_PRINT((ndo, "\"")); } } return ((const struct atNBPtuple *)cp); } #define HASHNAMESIZE 4096 struct hnamemem { int addr; char *name; struct hnamemem *nxt; }; static struct hnamemem hnametable[HASHNAMESIZE]; static const char * ataddr_string(netdissect_options *ndo, u_short atnet, u_char athost) { register struct hnamemem *tp, *tp2; register int i = (atnet << 8) | athost; char nambuf[256+1]; static int first = 1; FILE *fp; /* * if this is the first call, see if there's an AppleTalk * number to name map file. */ if (first && (first = 0, !ndo->ndo_nflag) && (fp = fopen("/etc/atalk.names", "r"))) { char line[256]; int i1, i2; while (fgets(line, sizeof(line), fp)) { if (line[0] == '\n' || line[0] == 0 || line[0] == '#') continue; if (sscanf(line, "%d.%d %256s", &i1, &i2, nambuf) == 3) /* got a hostname. */ i2 |= (i1 << 8); else if (sscanf(line, "%d %256s", &i1, nambuf) == 2) /* got a net name */ i2 = (i1 << 8) | 255; else continue; for (tp = &hnametable[i2 & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) ; tp->addr = i2; tp->nxt = newhnamemem(); tp->name = strdup(nambuf); } fclose(fp); } for (tp = &hnametable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) if (tp->addr == i) return (tp->name); /* didn't have the node name -- see if we've got the net name */ i |= 255; for (tp2 = &hnametable[i & (HASHNAMESIZE-1)]; tp2->nxt; tp2 = tp2->nxt) if (tp2->addr == i) { tp->addr = (atnet << 8) | athost; tp->nxt = newhnamemem(); (void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost); tp->name = strdup(nambuf); return (tp->name); } tp->addr = (atnet << 8) | athost; tp->nxt = newhnamemem(); if (athost != 255) (void)snprintf(nambuf, sizeof(nambuf), "%d.%d", atnet, athost); else (void)snprintf(nambuf, sizeof(nambuf), "%d", atnet); tp->name = strdup(nambuf); return (tp->name); } static const struct tok skt2str[] = { { rtmpSkt, "rtmp" }, /* routing table maintenance */ { nbpSkt, "nis" }, /* name info socket */ { echoSkt, "echo" }, /* AppleTalk echo protocol */ { zipSkt, "zip" }, /* zone info protocol */ { 0, NULL } }; static const char * ddpskt_string(netdissect_options *ndo, register int skt) { static char buf[8]; if (ndo->ndo_nflag) { (void)snprintf(buf, sizeof(buf), "%d", skt); return (buf); } return (tok2str(skt2str, "%d", skt)); } tcpdump-4.7.4/print-sl.c0000644000026300017510000001421412477367525013265 0ustar mcrmcr/* * Copyright (c) 1989, 1990, 1991, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" /* must come after interface.h */ #include "ip.h" #include "tcp.h" #include "slcompress.h" /* * definitions of the pseudo- link-level header attached to slip * packets grabbed by the packet filter (bpf) traffic monitor. */ #define SLIP_HDRLEN 16 #define SLX_DIR 0 #define SLX_CHDR 1 #define CHDR_LEN 15 #define SLIPDIR_IN 0 #define SLIPDIR_OUT 1 static const char tstr[] = "[|slip]"; static u_int lastlen[2][256]; static u_int lastconn = 255; static void sliplink_print(netdissect_options *, const u_char *, const struct ip *, u_int); static void compressed_sl_print(netdissect_options *, const u_char *, const struct ip *, u_int, int); u_int sl_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { register u_int caplen = h->caplen; register u_int length = h->len; register const struct ip *ip; if (caplen < SLIP_HDRLEN || length < SLIP_HDRLEN) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } length -= SLIP_HDRLEN; ip = (struct ip *)(p + SLIP_HDRLEN); if (ndo->ndo_eflag) sliplink_print(ndo, p, ip, length); switch (IP_V(ip)) { case 4: ip_print(ndo, (u_char *)ip, length); break; case 6: ip6_print(ndo, (u_char *)ip, length); break; default: ND_PRINT((ndo, "ip v%d", IP_V(ip))); } return (SLIP_HDRLEN); } u_int sl_bsdos_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { register u_int caplen = h->caplen; register u_int length = h->len; register const struct ip *ip; if (caplen < SLIP_HDRLEN) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } length -= SLIP_HDRLEN; ip = (struct ip *)(p + SLIP_HDRLEN); #ifdef notdef if (ndo->ndo_eflag) sliplink_print(ndo, p, ip, length); #endif ip_print(ndo, (u_char *)ip, length); return (SLIP_HDRLEN); } static void sliplink_print(netdissect_options *ndo, register const u_char *p, register const struct ip *ip, register u_int length) { int dir; u_int hlen; dir = p[SLX_DIR]; ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O ")); if (ndo->ndo_nflag) { /* XXX just dump the header */ register int i; for (i = SLX_CHDR; i < SLX_CHDR + CHDR_LEN - 1; ++i) ND_PRINT((ndo, "%02x.", p[i])); ND_PRINT((ndo, "%02x: ", p[SLX_CHDR + CHDR_LEN - 1])); return; } switch (p[SLX_CHDR] & 0xf0) { case TYPE_IP: ND_PRINT((ndo, "ip %d: ", length + SLIP_HDRLEN)); break; case TYPE_UNCOMPRESSED_TCP: /* * The connection id is stored in the IP protocol field. * Get it from the link layer since sl_uncompress_tcp() * has restored the IP header copy to IPPROTO_TCP. */ lastconn = ((struct ip *)&p[SLX_CHDR])->ip_p; hlen = IP_HL(ip); hlen += TH_OFF((struct tcphdr *)&((int *)ip)[hlen]); lastlen[dir][lastconn] = length - (hlen << 2); ND_PRINT((ndo, "utcp %d: ", lastconn)); break; default: if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) { compressed_sl_print(ndo, &p[SLX_CHDR], ip, length, dir); ND_PRINT((ndo, ": ")); } else ND_PRINT((ndo, "slip-%d!: ", p[SLX_CHDR])); } } static const u_char * print_sl_change(netdissect_options *ndo, const char *str, register const u_char *cp) { register u_int i; if ((i = *cp++) == 0) { i = EXTRACT_16BITS(cp); cp += 2; } ND_PRINT((ndo, " %s%d", str, i)); return (cp); } static const u_char * print_sl_winchange(netdissect_options *ndo, register const u_char *cp) { register short i; if ((i = *cp++) == 0) { i = EXTRACT_16BITS(cp); cp += 2; } if (i >= 0) ND_PRINT((ndo, " W+%d", i)); else ND_PRINT((ndo, " W%d", i)); return (cp); } static void compressed_sl_print(netdissect_options *ndo, const u_char *chdr, const struct ip *ip, u_int length, int dir) { register const u_char *cp = chdr; register u_int flags, hlen; flags = *cp++; if (flags & NEW_C) { lastconn = *cp++; ND_PRINT((ndo, "ctcp %d", lastconn)); } else ND_PRINT((ndo, "ctcp *")); /* skip tcp checksum */ cp += 2; switch (flags & SPECIALS_MASK) { case SPECIAL_I: ND_PRINT((ndo, " *SA+%d", lastlen[dir][lastconn])); break; case SPECIAL_D: ND_PRINT((ndo, " *S+%d", lastlen[dir][lastconn])); break; default: if (flags & NEW_U) cp = print_sl_change(ndo, "U=", cp); if (flags & NEW_W) cp = print_sl_winchange(ndo, cp); if (flags & NEW_A) cp = print_sl_change(ndo, "A+", cp); if (flags & NEW_S) cp = print_sl_change(ndo, "S+", cp); break; } if (flags & NEW_I) cp = print_sl_change(ndo, "I+", cp); /* * 'hlen' is the length of the uncompressed TCP/IP header (in words). * 'cp - chdr' is the length of the compressed header. * 'length - hlen' is the amount of data in the packet. */ hlen = IP_HL(ip); hlen += TH_OFF((struct tcphdr *)&((int32_t *)ip)[hlen]); lastlen[dir][lastconn] = length - (hlen << 2); ND_PRINT((ndo, " %d (%ld)", lastlen[dir][lastconn], (long)(cp - chdr))); } tcpdump-4.7.4/print-tcp.c0000644000026300017510000010404512477367525013437 0ustar mcrmcr/* $NetBSD: print-tcp.c,v 1.9 2007/07/26 18:15:12 plunky Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Copyright (c) 1999-2004 The tcpdump.org project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint #else __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); #endif #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "tcp.h" #include "ip.h" #ifdef INET6 #include "ip6.h" #endif #include "ipproto.h" #include "rpc_auth.h" #include "rpc_msg.h" #include "nameser.h" #ifdef HAVE_LIBCRYPTO #include #include static int tcp_verify_signature(netdissect_options *ndo, const struct ip *ip, const struct tcphdr *tp, const u_char *data, int length, const u_char *rcvsig); #endif static void print_tcp_rst_data(netdissect_options *, register const u_char *sp, u_int length); #define MAX_RST_DATA_LEN 30 struct tha { struct in_addr src; struct in_addr dst; u_int port; }; struct tcp_seq_hash { struct tcp_seq_hash *nxt; struct tha addr; tcp_seq seq; tcp_seq ack; }; #ifdef INET6 struct tha6 { struct in6_addr src; struct in6_addr dst; u_int port; }; struct tcp_seq_hash6 { struct tcp_seq_hash6 *nxt; struct tha6 addr; tcp_seq seq; tcp_seq ack; }; #endif #define TSEQ_HASHSIZE 919 /* These tcp optinos do not have the size octet */ #define ZEROLENOPT(o) ((o) == TCPOPT_EOL || (o) == TCPOPT_NOP) static struct tcp_seq_hash tcp_seq_hash4[TSEQ_HASHSIZE]; #ifdef INET6 static struct tcp_seq_hash6 tcp_seq_hash6[TSEQ_HASHSIZE]; #endif static const struct tok tcp_flag_values[] = { { TH_FIN, "F" }, { TH_SYN, "S" }, { TH_RST, "R" }, { TH_PUSH, "P" }, { TH_ACK, "." }, { TH_URG, "U" }, { TH_ECNECHO, "E" }, { TH_CWR, "W" }, { 0, NULL } }; static const struct tok tcp_option_values[] = { { TCPOPT_EOL, "eol" }, { TCPOPT_NOP, "nop" }, { TCPOPT_MAXSEG, "mss" }, { TCPOPT_WSCALE, "wscale" }, { TCPOPT_SACKOK, "sackOK" }, { TCPOPT_SACK, "sack" }, { TCPOPT_ECHO, "echo" }, { TCPOPT_ECHOREPLY, "echoreply" }, { TCPOPT_TIMESTAMP, "TS" }, { TCPOPT_CC, "cc" }, { TCPOPT_CCNEW, "ccnew" }, { TCPOPT_CCECHO, "" }, { TCPOPT_SIGNATURE, "md5" }, { TCPOPT_AUTH, "enhanced auth" }, { TCPOPT_UTO, "uto" }, { TCPOPT_MPTCP, "mptcp" }, { TCPOPT_EXPERIMENT2, "exp" }, { 0, NULL } }; static int tcp_cksum(netdissect_options *ndo, register const struct ip *ip, register const struct tcphdr *tp, register u_int len) { return nextproto4_cksum(ndo, ip, (const uint8_t *)tp, len, len, IPPROTO_TCP); } void tcp_print(netdissect_options *ndo, register const u_char *bp, register u_int length, register const u_char *bp2, int fragmented) { register const struct tcphdr *tp; register const struct ip *ip; register u_char flags; register u_int hlen; register char ch; uint16_t sport, dport, win, urp; uint32_t seq, ack, thseq, thack; u_int utoval; uint16_t magic; register int rev; #ifdef INET6 register const struct ip6_hdr *ip6; #endif tp = (struct tcphdr *)bp; ip = (struct ip *)bp2; #ifdef INET6 if (IP_V(ip) == 6) ip6 = (struct ip6_hdr *)bp2; else ip6 = NULL; #endif /*INET6*/ ch = '\0'; if (!ND_TTEST(tp->th_dport)) { ND_PRINT((ndo, "%s > %s: [|tcp]", ipaddr_string(ndo, &ip->ip_src), ipaddr_string(ndo, &ip->ip_dst))); return; } sport = EXTRACT_16BITS(&tp->th_sport); dport = EXTRACT_16BITS(&tp->th_dport); hlen = TH_OFF(tp) * 4; #ifdef INET6 if (ip6) { if (ip6->ip6_nxt == IPPROTO_TCP) { ND_PRINT((ndo, "%s.%s > %s.%s: ", ip6addr_string(ndo, &ip6->ip6_src), tcpport_string(sport), ip6addr_string(ndo, &ip6->ip6_dst), tcpport_string(dport))); } else { ND_PRINT((ndo, "%s > %s: ", tcpport_string(sport), tcpport_string(dport))); } } else #endif /*INET6*/ { if (ip->ip_p == IPPROTO_TCP) { ND_PRINT((ndo, "%s.%s > %s.%s: ", ipaddr_string(ndo, &ip->ip_src), tcpport_string(sport), ipaddr_string(ndo, &ip->ip_dst), tcpport_string(dport))); } else { ND_PRINT((ndo, "%s > %s: ", tcpport_string(sport), tcpport_string(dport))); } } if (hlen < sizeof(*tp)) { ND_PRINT((ndo, " tcp %d [bad hdr length %u - too short, < %lu]", length - hlen, hlen, (unsigned long)sizeof(*tp))); return; } ND_TCHECK(*tp); seq = EXTRACT_32BITS(&tp->th_seq); ack = EXTRACT_32BITS(&tp->th_ack); win = EXTRACT_16BITS(&tp->th_win); urp = EXTRACT_16BITS(&tp->th_urp); if (ndo->ndo_qflag) { ND_PRINT((ndo, "tcp %d", length - hlen)); if (hlen > length) { ND_PRINT((ndo, " [bad hdr length %u - too long, > %u]", hlen, length)); } return; } flags = tp->th_flags; ND_PRINT((ndo, "Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags))); if (!ndo->ndo_Sflag && (flags & TH_ACK)) { /* * Find (or record) the initial sequence numbers for * this conversation. (we pick an arbitrary * collating order so there's only one entry for * both directions). */ rev = 0; #ifdef INET6 if (ip6) { register struct tcp_seq_hash6 *th; struct tcp_seq_hash6 *tcp_seq_hash; const struct in6_addr *src, *dst; struct tha6 tha; tcp_seq_hash = tcp_seq_hash6; src = &ip6->ip6_src; dst = &ip6->ip6_dst; if (sport > dport) rev = 1; else if (sport == dport) { if (UNALIGNED_MEMCMP(src, dst, sizeof ip6->ip6_dst) > 0) rev = 1; } if (rev) { UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip6->ip6_dst); UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip6->ip6_src); tha.port = dport << 16 | sport; } else { UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip6->ip6_dst); UNALIGNED_MEMCPY(&tha.src, src, sizeof ip6->ip6_src); tha.port = sport << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; th->nxt; th = th->nxt) if (memcmp((char *)&tha, (char *)&th->addr, sizeof(th->addr)) == 0) break; if (!th->nxt || (flags & TH_SYN)) { /* didn't find it or new conversation */ if (th->nxt == NULL) { th->nxt = (struct tcp_seq_hash6 *) calloc(1, sizeof(*th)); if (th->nxt == NULL) error("tcp_print: calloc"); } th->addr = tha; if (rev) th->ack = seq, th->seq = ack - 1; else th->seq = seq, th->ack = ack - 1; } else { if (rev) seq -= th->ack, ack -= th->seq; else seq -= th->seq, ack -= th->ack; } thseq = th->seq; thack = th->ack; } else { #else /*INET6*/ { #endif /*INET6*/ register struct tcp_seq_hash *th; struct tcp_seq_hash *tcp_seq_hash; const struct in_addr *src, *dst; struct tha tha; tcp_seq_hash = tcp_seq_hash4; src = &ip->ip_src; dst = &ip->ip_dst; if (sport > dport) rev = 1; else if (sport == dport) { if (UNALIGNED_MEMCMP(src, dst, sizeof ip->ip_dst) > 0) rev = 1; } if (rev) { UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip->ip_dst); UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip->ip_src); tha.port = dport << 16 | sport; } else { UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip->ip_dst); UNALIGNED_MEMCPY(&tha.src, src, sizeof ip->ip_src); tha.port = sport << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; th->nxt; th = th->nxt) if (memcmp((char *)&tha, (char *)&th->addr, sizeof(th->addr)) == 0) break; if (!th->nxt || (flags & TH_SYN)) { /* didn't find it or new conversation */ if (th->nxt == NULL) { th->nxt = (struct tcp_seq_hash *) calloc(1, sizeof(*th)); if (th->nxt == NULL) error("tcp_print: calloc"); } th->addr = tha; if (rev) th->ack = seq, th->seq = ack - 1; else th->seq = seq, th->ack = ack - 1; } else { if (rev) seq -= th->ack, ack -= th->seq; else seq -= th->seq, ack -= th->ack; } thseq = th->seq; thack = th->ack; } } else { /*fool gcc*/ thseq = thack = rev = 0; } if (hlen > length) { ND_PRINT((ndo, " [bad hdr length %u - too long, > %u]", hlen, length)); return; } if (ndo->ndo_vflag && !ndo->ndo_Kflag && !fragmented) { /* Check the checksum, if possible. */ uint16_t sum, tcp_sum; if (IP_V(ip) == 4) { if (ND_TTEST2(tp->th_sport, length)) { sum = tcp_cksum(ndo, ip, tp, length); tcp_sum = EXTRACT_16BITS(&tp->th_sum); ND_PRINT((ndo, ", cksum 0x%04x", tcp_sum)); if (sum != 0) ND_PRINT((ndo, " (incorrect -> 0x%04x)", in_cksum_shouldbe(tcp_sum, sum))); else ND_PRINT((ndo, " (correct)")); } } #ifdef INET6 else if (IP_V(ip) == 6 && ip6->ip6_plen) { if (ND_TTEST2(tp->th_sport, length)) { sum = nextproto6_cksum(ip6, (const uint8_t *)tp, length, length, IPPROTO_TCP); tcp_sum = EXTRACT_16BITS(&tp->th_sum); ND_PRINT((ndo, ", cksum 0x%04x", tcp_sum)); if (sum != 0) ND_PRINT((ndo, " (incorrect -> 0x%04x)", in_cksum_shouldbe(tcp_sum, sum))); else ND_PRINT((ndo, " (correct)")); } } #endif } length -= hlen; if (ndo->ndo_vflag > 1 || length > 0 || flags & (TH_SYN | TH_FIN | TH_RST)) { ND_PRINT((ndo, ", seq %u", seq)); if (length > 0) { ND_PRINT((ndo, ":%u", seq + length)); } } if (flags & TH_ACK) { ND_PRINT((ndo, ", ack %u", ack)); } ND_PRINT((ndo, ", win %d", win)); if (flags & TH_URG) ND_PRINT((ndo, ", urg %d", urp)); /* * Handle any options. */ if (hlen > sizeof(*tp)) { register const u_char *cp; register u_int i, opt, datalen; register u_int len; hlen -= sizeof(*tp); cp = (const u_char *)tp + sizeof(*tp); ND_PRINT((ndo, ", options [")); while (hlen > 0) { if (ch != '\0') ND_PRINT((ndo, "%c", ch)); ND_TCHECK(*cp); opt = *cp++; if (ZEROLENOPT(opt)) len = 1; else { ND_TCHECK(*cp); len = *cp++; /* total including type, len */ if (len < 2 || len > hlen) goto bad; --hlen; /* account for length byte */ } --hlen; /* account for type byte */ datalen = 0; /* Bail if "l" bytes of data are not left or were not captured */ #define LENCHECK(l) { if ((l) > hlen) goto bad; ND_TCHECK2(*cp, l); } ND_PRINT((ndo, "%s", tok2str(tcp_option_values, "unknown-%u", opt))); switch (opt) { case TCPOPT_MAXSEG: datalen = 2; LENCHECK(datalen); ND_PRINT((ndo, " %u", EXTRACT_16BITS(cp))); break; case TCPOPT_WSCALE: datalen = 1; LENCHECK(datalen); ND_PRINT((ndo, " %u", *cp)); break; case TCPOPT_SACK: datalen = len - 2; if (datalen % 8 != 0) { ND_PRINT((ndo, "malformed sack")); } else { uint32_t s, e; ND_PRINT((ndo, " %d ", datalen / 8)); for (i = 0; i < datalen; i += 8) { LENCHECK(i + 4); s = EXTRACT_32BITS(cp + i); LENCHECK(i + 8); e = EXTRACT_32BITS(cp + i + 4); if (rev) { s -= thseq; e -= thseq; } else { s -= thack; e -= thack; } ND_PRINT((ndo, "{%u:%u}", s, e)); } } break; case TCPOPT_CC: case TCPOPT_CCNEW: case TCPOPT_CCECHO: case TCPOPT_ECHO: case TCPOPT_ECHOREPLY: /* * those options share their semantics. * fall through */ datalen = 4; LENCHECK(datalen); ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); break; case TCPOPT_TIMESTAMP: datalen = 8; LENCHECK(datalen); ND_PRINT((ndo, " val %u ecr %u", EXTRACT_32BITS(cp), EXTRACT_32BITS(cp + 4))); break; case TCPOPT_SIGNATURE: datalen = TCP_SIGLEN; LENCHECK(datalen); #ifdef HAVE_LIBCRYPTO switch (tcp_verify_signature(ndo, ip, tp, bp + TH_OFF(tp) * 4, length, cp)) { case SIGNATURE_VALID: ND_PRINT((ndo, "valid")); break; case SIGNATURE_INVALID: ND_PRINT((ndo, "invalid")); break; case CANT_CHECK_SIGNATURE: ND_PRINT((ndo, "can't check - ")); for (i = 0; i < TCP_SIGLEN; ++i) ND_PRINT((ndo, "%02x", cp[i])); break; } #else for (i = 0; i < TCP_SIGLEN; ++i) ND_PRINT((ndo, "%02x", cp[i])); #endif break; case TCPOPT_AUTH: ND_PRINT((ndo, "keyid %d", *cp++)); datalen = len - 3; for (i = 0; i < datalen; ++i) { LENCHECK(i); ND_PRINT((ndo, "%02x", cp[i])); } break; case TCPOPT_EOL: case TCPOPT_NOP: case TCPOPT_SACKOK: /* * Nothing interesting. * fall through */ break; case TCPOPT_UTO: datalen = 2; LENCHECK(datalen); utoval = EXTRACT_16BITS(cp); ND_PRINT((ndo, "0x%x", utoval)); if (utoval & 0x0001) utoval = (utoval >> 1) * 60; else utoval >>= 1; ND_PRINT((ndo, " %u", utoval)); break; case TCPOPT_MPTCP: datalen = len - 2; LENCHECK(datalen); if (!mptcp_print(ndo, cp-2, len, flags)) goto bad; break; case TCPOPT_EXPERIMENT2: datalen = len - 2; LENCHECK(datalen); if (datalen < 2) goto bad; /* RFC6994 */ magic = EXTRACT_16BITS(cp); ND_PRINT((ndo, "-")); switch(magic) { case 0xf989: /* TCP Fast Open: RFC 7413 */ if (datalen == 2) { /* Fast Open Cookie Request */ ND_PRINT((ndo, "tfo cookiereq")); } else { /* Fast Open Cookie */ if (datalen % 2 != 0 || datalen < 6 || datalen > 18) { ND_PRINT((ndo, "tfo malformed")); } else { ND_PRINT((ndo, "tfo cookie ")); for (i = 2; i < datalen; ++i) ND_PRINT((ndo, "%02x", cp[i])); } } break; default: /* Unknown magic number */ ND_PRINT((ndo, "%04x", magic)); break; } break; default: datalen = len - 2; if (datalen) ND_PRINT((ndo, " 0x")); for (i = 0; i < datalen; ++i) { LENCHECK(i); ND_PRINT((ndo, "%02x", cp[i])); } break; } /* Account for data printed */ cp += datalen; hlen -= datalen; /* Check specification against observed length */ ++datalen; /* option octet */ if (!ZEROLENOPT(opt)) ++datalen; /* size octet */ if (datalen != len) ND_PRINT((ndo, "[len %d]", len)); ch = ','; if (opt == TCPOPT_EOL) break; } ND_PRINT((ndo, "]")); } /* * Print length field before crawling down the stack. */ ND_PRINT((ndo, ", length %u", length)); if (length <= 0) return; /* * Decode payload if necessary. */ bp += TH_OFF(tp) * 4; if ((flags & TH_RST) && ndo->ndo_vflag) { print_tcp_rst_data(ndo, bp, length); return; } if (ndo->ndo_packettype) { switch (ndo->ndo_packettype) { case PT_ZMTP1: zmtp1_print(ndo, bp, length); break; } return; } if (sport == TELNET_PORT || dport == TELNET_PORT) { telnet_print(ndo, bp, length); } else if (sport == SMTP_PORT || dport == SMTP_PORT) { ND_PRINT((ndo, ": ")); smtp_print(ndo, bp, length); } else if (sport == BGP_PORT || dport == BGP_PORT) bgp_print(ndo, bp, length); else if (sport == PPTP_PORT || dport == PPTP_PORT) pptp_print(ndo, bp); #ifdef TCPDUMP_DO_SMB else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT) nbt_tcp_print(ndo, bp, length); else if (sport == SMB_PORT || dport == SMB_PORT) smb_tcp_print(ndo, bp, length); #endif else if (sport == BEEP_PORT || dport == BEEP_PORT) beep_print(ndo, bp, length); else if (sport == OPENFLOW_PORT_OLD || dport == OPENFLOW_PORT_OLD || sport == OPENFLOW_PORT_IANA || dport == OPENFLOW_PORT_IANA) openflow_print(ndo, bp, length); else if (sport == FTP_PORT || dport == FTP_PORT) { ND_PRINT((ndo, ": ")); ftp_print(ndo, bp, length); } else if (sport == HTTP_PORT || dport == HTTP_PORT || sport == HTTP_PORT_ALT || dport == HTTP_PORT_ALT) { ND_PRINT((ndo, ": ")); http_print(ndo, bp, length); } else if (sport == RTSP_PORT || dport == RTSP_PORT || sport == RTSP_PORT_ALT || dport == RTSP_PORT_ALT) { ND_PRINT((ndo, ": ")); rtsp_print(ndo, bp, length); } else if (length > 2 && (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT || sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) { /* * TCP DNS query has 2byte length at the head. * XXX packet could be unaligned, it can go strange */ ns_print(ndo, bp + 2, length - 2, 0); } else if (sport == MSDP_PORT || dport == MSDP_PORT) { msdp_print(ndo, bp, length); } else if (sport == RPKI_RTR_PORT || dport == RPKI_RTR_PORT) { rpki_rtr_print(ndo, bp, length); } else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) { ldp_print(ndo, bp, length); } else if ((sport == NFS_PORT || dport == NFS_PORT) && length >= 4 && ND_TTEST2(*bp, 4)) { /* * If data present, header length valid, and NFS port used, * assume NFS. * Pass offset of data plus 4 bytes for RPC TCP msg length * to NFS print routines. */ uint32_t fraglen; register struct sunrpc_msg *rp; enum sunrpc_msg_type direction; fraglen = EXTRACT_32BITS(bp) & 0x7FFFFFFF; if (fraglen > (length) - 4) fraglen = (length) - 4; rp = (struct sunrpc_msg *)(bp + 4); if (ND_TTEST(rp->rm_direction)) { direction = (enum sunrpc_msg_type)EXTRACT_32BITS(&rp->rm_direction); if (dport == NFS_PORT && direction == SUNRPC_CALL) { ND_PRINT((ndo, ": NFS request xid %u ", EXTRACT_32BITS(&rp->rm_xid))); nfsreq_print_noaddr(ndo, (u_char *)rp, fraglen, (u_char *)ip); return; } if (sport == NFS_PORT && direction == SUNRPC_REPLY) { ND_PRINT((ndo, ": NFS reply xid %u ", EXTRACT_32BITS(&rp->rm_xid))); nfsreply_print_noaddr(ndo, (u_char *)rp, fraglen, (u_char *)ip); return; } } } return; bad: ND_PRINT((ndo, "[bad opt]")); if (ch != '\0') ND_PRINT((ndo, ">")); return; trunc: ND_PRINT((ndo, "[|tcp]")); if (ch != '\0') ND_PRINT((ndo, ">")); } /* * RFC1122 says the following on data in RST segments: * * 4.2.2.12 RST Segment: RFC-793 Section 3.4 * * A TCP SHOULD allow a received RST segment to include data. * * DISCUSSION * It has been suggested that a RST segment could contain * ASCII text that encoded and explained the cause of the * RST. No standard has yet been established for such * data. * */ static void print_tcp_rst_data(netdissect_options *ndo, register const u_char *sp, u_int length) { int c; ND_PRINT((ndo, ND_TTEST2(*sp, length) ? " [RST" : " [!RST")); if (length > MAX_RST_DATA_LEN) { length = MAX_RST_DATA_LEN; /* can use -X for longer */ ND_PRINT((ndo, "+")); /* indicate we truncate */ } ND_PRINT((ndo, " ")); while (length-- && sp <= ndo->ndo_snapend) { c = *sp++; safeputchar(ndo, c); } ND_PRINT((ndo, "]")); } #ifdef HAVE_LIBCRYPTO USES_APPLE_DEPRECATED_API static int tcp_verify_signature(netdissect_options *ndo, const struct ip *ip, const struct tcphdr *tp, const u_char *data, int length, const u_char *rcvsig) { struct tcphdr tp1; u_char sig[TCP_SIGLEN]; char zero_proto = 0; MD5_CTX ctx; uint16_t savecsum, tlen; #ifdef INET6 struct ip6_hdr *ip6; uint32_t len32; uint8_t nxt; #endif if (data + length > ndo->ndo_snapend) { ND_PRINT((ndo, "snaplen too short, ")); return (CANT_CHECK_SIGNATURE); } tp1 = *tp; if (ndo->ndo_sigsecret == NULL) { ND_PRINT((ndo, "shared secret not supplied with -M, ")); return (CANT_CHECK_SIGNATURE); } MD5_Init(&ctx); /* * Step 1: Update MD5 hash with IP pseudo-header. */ if (IP_V(ip) == 4) { MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src)); MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst)); MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto)); MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p)); tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4; tlen = htons(tlen); MD5_Update(&ctx, (char *)&tlen, sizeof(tlen)); #ifdef INET6 } else if (IP_V(ip) == 6) { ip6 = (struct ip6_hdr *)ip; MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen)); MD5_Update(&ctx, (char *)&len32, sizeof(len32)); nxt = 0; MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); nxt = IPPROTO_TCP; MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); #endif } else { #ifdef INET6 ND_PRINT((ndo, "IP version not 4 or 6, ")); #else ND_PRINT((ndo, "IP version not 4, ")); #endif return (CANT_CHECK_SIGNATURE); } /* * Step 2: Update MD5 hash with TCP header, excluding options. * The TCP checksum must be set to zero. */ savecsum = tp1.th_sum; tp1.th_sum = 0; MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr)); tp1.th_sum = savecsum; /* * Step 3: Update MD5 hash with TCP segment data, if present. */ if (length > 0) MD5_Update(&ctx, data, length); /* * Step 4: Update MD5 hash with shared secret. */ MD5_Update(&ctx, ndo->ndo_sigsecret, strlen(ndo->ndo_sigsecret)); MD5_Final(sig, &ctx); if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0) return (SIGNATURE_VALID); else return (SIGNATURE_INVALID); } USES_APPLE_RST #endif /* HAVE_LIBCRYPTO */ /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-vtp.c0000644000026300017510000003034012431107727013440 0ustar mcrmcr/* * Copyright (c) 1998-2007 The TCPDUMP project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * VLAN TRUNKING PROTOCOL (VTP) * * Reference documentation: * http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml * http://www.cisco.com/warp/public/473/21.html * http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm * * Original code ode by Carles Kishimoto */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #define VTP_HEADER_LEN 36 #define VTP_DOMAIN_NAME_LEN 32 #define VTP_MD5_DIGEST_LEN 16 #define VTP_UPDATE_TIMESTAMP_LEN 12 #define VTP_VLAN_INFO_OFFSET 12 #define VTP_SUMMARY_ADV 0x01 #define VTP_SUBSET_ADV 0x02 #define VTP_ADV_REQUEST 0x03 #define VTP_JOIN_MESSAGE 0x04 struct vtp_vlan_ { uint8_t len; uint8_t status; uint8_t type; uint8_t name_len; uint16_t vlanid; uint16_t mtu; uint32_t index; }; static const struct tok vtp_message_type_values[] = { { VTP_SUMMARY_ADV, "Summary advertisement"}, { VTP_SUBSET_ADV, "Subset advertisement"}, { VTP_ADV_REQUEST, "Advertisement request"}, { VTP_JOIN_MESSAGE, "Join message"}, { 0, NULL } }; static const struct tok vtp_header_values[] = { { 0x01, "Followers"}, /* On Summary advertisement, 3rd byte is Followers */ { 0x02, "Seq number"}, /* On Subset advertisement, 3rd byte is Sequence number */ { 0x03, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ { 0x04, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ { 0, NULL } }; static const struct tok vtp_vlan_type_values[] = { { 0x01, "Ethernet"}, { 0x02, "FDDI"}, { 0x03, "TrCRF"}, { 0x04, "FDDI-net"}, { 0x05, "TrBRF"}, { 0, NULL } }; static const struct tok vtp_vlan_status[] = { { 0x00, "Operational"}, { 0x01, "Suspended"}, { 0, NULL } }; #define VTP_VLAN_SOURCE_ROUTING_RING_NUMBER 0x01 #define VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER 0x02 #define VTP_VLAN_STP_TYPE 0x03 #define VTP_VLAN_PARENT_VLAN 0x04 #define VTP_VLAN_TRANS_BRIDGED_VLAN 0x05 #define VTP_VLAN_PRUNING 0x06 #define VTP_VLAN_BRIDGE_TYPE 0x07 #define VTP_VLAN_ARP_HOP_COUNT 0x08 #define VTP_VLAN_STE_HOP_COUNT 0x09 #define VTP_VLAN_BACKUP_CRF_MODE 0x0A static const struct tok vtp_vlan_tlv_values[] = { { VTP_VLAN_SOURCE_ROUTING_RING_NUMBER, "Source-Routing Ring Number TLV"}, { VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER, "Source-Routing Bridge Number TLV"}, { VTP_VLAN_STP_TYPE, "STP type TLV"}, { VTP_VLAN_PARENT_VLAN, "Parent VLAN TLV"}, { VTP_VLAN_TRANS_BRIDGED_VLAN, "Translationally bridged VLANs TLV"}, { VTP_VLAN_PRUNING, "Pruning TLV"}, { VTP_VLAN_BRIDGE_TYPE, "Bridge Type TLV"}, { VTP_VLAN_ARP_HOP_COUNT, "Max ARP Hop Count TLV"}, { VTP_VLAN_STE_HOP_COUNT, "Max STE Hop Count TLV"}, { VTP_VLAN_BACKUP_CRF_MODE, "Backup CRF Mode TLV"}, { 0, NULL } }; static const struct tok vtp_stp_type_values[] = { { 1, "SRT"}, { 2, "SRB"}, { 3, "Auto"}, { 0, NULL } }; void vtp_print (netdissect_options *ndo, const u_char *pptr, u_int length) { int type, len, tlv_len, tlv_value; const u_char *tptr; const struct vtp_vlan_ *vtp_vlan; if (length < VTP_HEADER_LEN) goto trunc; tptr = pptr; ND_TCHECK2(*tptr, VTP_HEADER_LEN); type = *(tptr+1); ND_PRINT((ndo, "VTPv%u, Message %s (0x%02x), length %u", *tptr, tok2str(vtp_message_type_values,"Unknown message type", type), *(tptr+1), length)); /* In non-verbose mode, just print version and message type */ if (ndo->ndo_vflag < 1) { return; } /* verbose mode print all fields */ ND_PRINT((ndo, "\n\tDomain name: %s, %s: %u", (tptr+4), tok2str(vtp_header_values,"Unknown",*(tptr+1)), *(tptr+2))); tptr += VTP_HEADER_LEN; switch (type) { case VTP_SUMMARY_ADV: /* * SUMMARY ADVERTISEMENT * * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Version | Code | Followers | MmgtD Len | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Management Domain Name | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Configuration revision number | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Updater Identity IP address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Update Timestamp (12 bytes) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | MD5 digest (16 bytes) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ ND_PRINT((ndo, "\n\t Config Rev %x, Updater %s", EXTRACT_32BITS(tptr), ipaddr_string(ndo, tptr+4))); tptr += 8; ND_PRINT((ndo, ", Timestamp 0x%08x 0x%08x 0x%08x", EXTRACT_32BITS(tptr), EXTRACT_32BITS(tptr + 4), EXTRACT_32BITS(tptr + 8))); tptr += VTP_UPDATE_TIMESTAMP_LEN; ND_PRINT((ndo, ", MD5 digest: %08x%08x%08x%08x", EXTRACT_32BITS(tptr), EXTRACT_32BITS(tptr + 4), EXTRACT_32BITS(tptr + 8), EXTRACT_32BITS(tptr + 12))); tptr += VTP_MD5_DIGEST_LEN; break; case VTP_SUBSET_ADV: /* * SUBSET ADVERTISEMENT * * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Version | Code | Seq number | MmgtD Len | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Management Domain Name | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Configuration revision number | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | VLAN info field 1 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | ................ | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | VLAN info field N | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ ND_PRINT((ndo, ", Config Rev %x", EXTRACT_32BITS(tptr))); /* * VLAN INFORMATION * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | V info len | Status | VLAN type | VLAN name len | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | ISL vlan id | MTU size | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | 802.10 index (SAID) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | VLAN name | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ tptr += 4; while (tptr < (pptr+length)) { len = *tptr; if (len == 0) break; ND_TCHECK2(*tptr, len); vtp_vlan = (struct vtp_vlan_*)tptr; ND_PRINT((ndo, "\n\tVLAN info status %s, type %s, VLAN-id %u, MTU %u, SAID 0x%08x, Name %s", tok2str(vtp_vlan_status,"Unknown",vtp_vlan->status), tok2str(vtp_vlan_type_values,"Unknown",vtp_vlan->type), EXTRACT_16BITS(&vtp_vlan->vlanid), EXTRACT_16BITS(&vtp_vlan->mtu), EXTRACT_32BITS(&vtp_vlan->index), (tptr + VTP_VLAN_INFO_OFFSET))); /* * Vlan names are aligned to 32-bit boundaries. */ len -= VTP_VLAN_INFO_OFFSET + 4*((vtp_vlan->name_len + 3)/4); tptr += VTP_VLAN_INFO_OFFSET + 4*((vtp_vlan->name_len + 3)/4); /* TLV information follows */ while (len > 0) { /* * Cisco specs says 2 bytes for type + 2 bytes for length, take only 1 * See: http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm */ type = *tptr; tlv_len = *(tptr+1); ND_PRINT((ndo, "\n\t\t%s (0x%04x) TLV", tok2str(vtp_vlan_tlv_values, "Unknown", type), type)); /* * infinite loop check */ if (type == 0 || tlv_len == 0) { return; } ND_TCHECK2(*tptr, tlv_len * 2 +2); tlv_value = EXTRACT_16BITS(tptr+2); switch (type) { case VTP_VLAN_STE_HOP_COUNT: ND_PRINT((ndo, ", %u", tlv_value)); break; case VTP_VLAN_PRUNING: ND_PRINT((ndo, ", %s (%u)", tlv_value == 1 ? "Enabled" : "Disabled", tlv_value)); break; case VTP_VLAN_STP_TYPE: ND_PRINT((ndo, ", %s (%u)", tok2str(vtp_stp_type_values, "Unknown", tlv_value), tlv_value)); break; case VTP_VLAN_BRIDGE_TYPE: ND_PRINT((ndo, ", %s (%u)", tlv_value == 1 ? "SRB" : "SRT", tlv_value)); break; case VTP_VLAN_BACKUP_CRF_MODE: ND_PRINT((ndo, ", %s (%u)", tlv_value == 1 ? "Backup" : "Not backup", tlv_value)); break; /* * FIXME those are the defined TLVs that lack a decoder * you are welcome to contribute code ;-) */ case VTP_VLAN_SOURCE_ROUTING_RING_NUMBER: case VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER: case VTP_VLAN_PARENT_VLAN: case VTP_VLAN_TRANS_BRIDGED_VLAN: case VTP_VLAN_ARP_HOP_COUNT: default: print_unknown_data(ndo, tptr, "\n\t\t ", 2 + tlv_len*2); break; } len -= 2 + tlv_len*2; tptr += 2 + tlv_len*2; } } break; case VTP_ADV_REQUEST: /* * ADVERTISEMENT REQUEST * * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Version | Code | Reserved | MmgtD Len | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Management Domain Name | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Start value | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ ND_PRINT((ndo, "\n\tStart value: %u", EXTRACT_32BITS(tptr))); break; case VTP_JOIN_MESSAGE: /* FIXME - Could not find message format */ break; default: break; } return; trunc: ND_PRINT((ndo, "[|vtp]")); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 4 * End: */ tcpdump-4.7.4/lbl/0000755000026300017510000000000012516003261012072 5ustar mcrmcrtcpdump-4.7.4/lbl/os-solaris2.h0000644000026300017510000000261412431107727014433 0ustar mcrmcr/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* Prototypes missing in SunOS 5 */ #if defined(_STDIO_H) && defined(HAVE_SETLINEBUF) int setlinebuf(FILE *); #endif char *strerror(int); int snprintf(char *, size_t, const char *, ...); int strcasecmp(const char *, const char *); tcpdump-4.7.4/lbl/os-sunos4.h0000644000026300017510000001402212431107727014124 0ustar mcrmcr/* * Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* Prototypes missing in SunOS 4 */ #ifdef FILE int _filbuf(FILE *); int _flsbuf(u_char, FILE *); int fclose(FILE *); int fflush(FILE *); int fgetc(FILE *); int fprintf(FILE *, const char *, ...); int fputc(int, FILE *); int fputs(const char *, FILE *); u_int fread(void *, u_int, u_int, FILE *); int fseek(FILE *, long, int); u_int fwrite(const void *, u_int, u_int, FILE *); int pclose(FILE *); void rewind(FILE *); void setbuf(FILE *, char *); int setlinebuf(FILE *); int ungetc(int, FILE *); int vfprintf(FILE *, const char *, ...); int vprintf(const char *, ...); #endif #if __GNUC__ <= 1 int read(int, char *, u_int); int write(int, char *, u_int); #endif long a64l(const char *); #ifdef __STDC__ struct sockaddr; #endif int accept(int, struct sockaddr *, int *); int bind(int, struct sockaddr *, int); int bcmp(const void *, const void *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, int); int chroot(const char *); int close(int); void closelog(void); int connect(int, struct sockaddr *, int); char *crypt(const char *, const char *); int daemon(int, int); int fchmod(int, int); int fchown(int, int, int); void endgrent(void); void endpwent(void); void endservent(void); #ifdef __STDC__ struct ether_addr; #endif struct ether_addr *ether_aton(const char *); int flock(int, int); #ifdef __STDC__ struct stat; #endif int fstat(int, struct stat *); #ifdef __STDC__ struct statfs; #endif int fstatfs(int, struct statfs *); int fsync(int); #ifdef __STDC__ struct timeb; #endif int ftime(struct timeb *); int ftruncate(int, off_t); int getdtablesize(void); long gethostid(void); int gethostname(char *, int); int getopt(int, char * const *, const char *); int getpagesize(void); char *getpass(char *); int getpeername(int, struct sockaddr *, int *); int getpriority(int, int); #ifdef __STDC__ struct rlimit; #endif int getrlimit(int, struct rlimit *); int getsockname(int, struct sockaddr *, int *); int getsockopt(int, int, int, char *, int *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); char *getusershell(void); char *getwd(char *); int initgroups(const char *, int); int ioctl(int, int, caddr_t); int iruserok(u_long, int, char *, char *); int isatty(int); int killpg(int, int); int listen(int, int); #ifdef __STDC__ struct utmp; #endif void login(struct utmp *); int logout(const char *); off_t lseek(int, off_t, int); int lstat(const char *, struct stat *); int mkstemp(char *); char *mktemp(char *); int munmap(caddr_t, int); void openlog(const char *, int, int); void perror(const char *); int printf(const char *, ...); int puts(const char *); long random(void); int readlink(const char *, char *, int); #ifdef __STDC__ struct iovec; #endif int readv(int, struct iovec *, int); int recv(int, char *, u_int, int); int recvfrom(int, char *, u_int, int, struct sockaddr *, int *); int rename(const char *, const char *); int rcmd(char **, u_short, char *, char *, char *, int *); int rresvport(int *); int send(int, char *, u_int, int); int sendto(int, char *, u_int, int, struct sockaddr *, int); int setenv(const char *, const char *, int); int seteuid(int); int setpriority(int, int, int); int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); int setpgrp(int, int); void setpwent(void); int setrlimit(int, struct rlimit *); void setservent(int); int setsockopt(int, int, int, char *, int); int shutdown(int, int); int sigblock(int); void (*signal (int, void (*) (int))) (int); int sigpause(int); int sigsetmask(int); #ifdef __STDC__ struct sigvec; #endif int sigvec(int, struct sigvec *, struct sigvec*); int snprintf(char *, size_t, const char *, ...); int socket(int, int, int); int socketpair(int, int, int, int *); int symlink(const char *, const char *); void srandom(int); int sscanf(char *, const char *, ...); int stat(const char *, struct stat *); int statfs(char *, struct statfs *); char *strerror(int); int strcasecmp(const char *, const char *); #ifdef __STDC__ struct tm; #endif int strftime(char *, int, char *, struct tm *); int strncasecmp(const char *, const char *, int); long strtol(const char *, char **, int); void sync(void); void syslog(int, const char *, ...); int system(const char *); long tell(int); time_t time(time_t *); char *timezone(int, int); int tolower(int); int toupper(int); int truncate(char *, off_t); void unsetenv(const char *); int vfork(void); int vsprintf(char *, const char *, ...); int writev(int, struct iovec *, int); #ifdef __STDC__ struct rusage; #endif int utimes(const char *, struct timeval *); #if __GNUC__ <= 1 int wait(int *); pid_t wait3(int *, int, struct rusage *); #endif /* Ugly signal hacking */ #ifdef SIG_ERR #undef SIG_ERR #define SIG_ERR (void (*)(int))-1 #undef SIG_DFL #define SIG_DFL (void (*)(int))0 #undef SIG_IGN #define SIG_IGN (void (*)(int))1 #ifdef KERNEL #undef SIG_CATCH #define SIG_CATCH (void (*)(int))2 #endif #undef SIG_HOLD #define SIG_HOLD (void (*)(int))3 #endif tcpdump-4.7.4/lbl/os-osf4.h0000644000026300017510000000246612431107727013555 0ustar mcrmcr/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* Prototypes missing in Digital UNIX 4.x */ int snprintf(char *, size_t, const char *, ...); int vsnprintf(char *, size_t, const char *, va_list); tcpdump-4.7.4/lbl/os-ultrix4.h0000644000026300017510000000320312431107727014303 0ustar mcrmcr/* * Copyright (c) 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* Prototypes missing in Ultrix 4 */ int bcmp(const char *, const char *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, u_int); void endservent(void); int getopt(int, char * const *, const char *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); int ioctl(int, int, caddr_t); int pfopen(char *, int); int setlinebuf(FILE *); int socket(int, int, int); int strcasecmp(const char *, const char *); tcpdump-4.7.4/rpl.h0000644000026300017510000001160412431107727012301 0ustar mcrmcr#ifndef _RPL_H_ /* * NOTE: the contents of this file are an interpretation of RFC6550. * no copyright is asserted on this file, as it transcribes * a public specification. * */ /* * DIO: Updated to RFC6550, as published in 2012: section 6. (page 30) */ #define ND_RPL_MESSAGE 155 /* 0x9B */ enum ND_RPL_CODE { ND_RPL_DAG_IS=0x00, ND_RPL_DAG_IO=0x01, ND_RPL_DAO =0x02, ND_RPL_DAO_ACK=0x03, ND_RPL_SEC_DAG_IS = 0x80, ND_RPL_SEC_DAG_IO = 0x81, ND_RPL_SEC_DAG = 0x82, ND_RPL_SEC_DAG_ACK= 0x83, ND_RPL_SEC_CONSIST= 0x84, }; enum ND_RPL_DIO_FLAGS { ND_RPL_DIO_GROUNDED = 0x80, ND_RPL_DIO_DATRIG = 0x40, ND_RPL_DIO_DASUPPORT= 0x20, ND_RPL_DIO_RES4 = 0x10, ND_RPL_DIO_RES3 = 0x08, ND_RPL_DIO_PRF_MASK = 0x07, /* 3-bit preference */ }; #define DAGID_LEN 16 /* section 6 of draft-ietf-roll-rpl-19 */ struct nd_rpl_security { uint8_t rpl_sec_t_reserved; /* bit 7 is T-bit */ uint8_t rpl_sec_algo; uint16_t rpl_sec_kim_lvl_flags; /* bit 15/14, KIM */ /* bit 10-8, LVL, bit 7-0 flags */ uint32_t rpl_sec_counter; #if 0 uint8_t rpl_sec_ki[0]; /* depends upon kim */ #endif }; /* section 6.2.1, DODAG Information Solication (DIS_IS) */ struct nd_rpl_dis_is { uint8_t rpl_dis_flags; uint8_t rpl_dis_reserved; #if 0 uint8_t rpl_dis_options[0]; #endif }; /* section 6.3.1, DODAG Information Object (DIO) */ struct nd_rpl_dio { uint8_t rpl_instanceid; uint8_t rpl_version; uint16_t rpl_dagrank; uint8_t rpl_mopprf; /* bit 7=G, 5-3=MOP, 2-0=PRF */ uint8_t rpl_dtsn; /* Dest. Advertisement Trigger Sequence Number */ uint8_t rpl_flags; /* no flags defined yet */ uint8_t rpl_resv1; uint8_t rpl_dagid[DAGID_LEN]; }; #define RPL_DIO_GROUND_FLAG 0x80 #define RPL_DIO_MOP_SHIFT 3 #define RPL_DIO_MOP_MASK (7 << RPL_DIO_MOP_SHIFT) #define RPL_DIO_PRF_SHIFT 0 #define RPL_DIO_PRF_MASK (7 << RPL_DIO_PRF_SHIFT) #define RPL_DIO_GROUNDED(X) ((X)&RPL_DIO_GROUND_FLAG) #define RPL_DIO_MOP(X) (enum RPL_DIO_MOP)(((X)&RPL_DIO_MOP_MASK) >> RPL_DIO_MOP_SHIFT) #define RPL_DIO_PRF(X) (((X)&RPL_DIO_PRF_MASK) >> RPL_DIO_PRF_SHIFT) enum RPL_DIO_MOP { RPL_DIO_NONSTORING= 0x0, RPL_DIO_STORING = 0x1, RPL_DIO_NONSTORING_MULTICAST = 0x2, RPL_DIO_STORING_MULTICAST = 0x3, }; enum RPL_SUBOPT { RPL_OPT_PAD0 = 0, RPL_OPT_PADN = 1, RPL_DIO_METRICS = 2, RPL_DIO_ROUTINGINFO = 3, RPL_DIO_CONFIG = 4, RPL_DAO_RPLTARGET = 5, RPL_DAO_TRANSITINFO = 6, RPL_DIO_DESTPREFIX = 8, RPL_DAO_RPLTARGET_DESC=9, }; struct rpl_dio_genoption { uint8_t rpl_dio_type; uint8_t rpl_dio_len; /* suboption length, not including type/len */ }; #define RPL_DIO_GENOPTION_LEN 2 #define RPL_DIO_LIFETIME_INFINITE 0xffffffff #define RPL_DIO_LIFETIME_DISCONNECT 0 struct rpl_dio_destprefix { uint8_t rpl_dio_type; uint8_t rpl_dio_len; uint8_t rpl_dio_prefixlen; /* in bits */ uint8_t rpl_dio_prf; /* flags, including Route Preference */ uint32_t rpl_dio_prefixlifetime; /* in seconds */ #if 0 uint8_t rpl_dio_prefix[0]; /* variable number of bytes */ #endif }; /* section 6.4.1, DODAG Information Object (DIO) */ struct nd_rpl_dao { uint8_t rpl_instanceid; uint8_t rpl_flags; /* bit 7=K, 6=D */ uint8_t rpl_resv; uint8_t rpl_daoseq; uint8_t rpl_dagid[DAGID_LEN]; /* present when D set. */ }; #define ND_RPL_DAO_MIN_LEN 4 /* length without DAGID */ /* indicates if this DAO is to be acK'ed */ #define RPL_DAO_K_SHIFT 7 #define RPL_DAO_K_MASK (1 << RPL_DAO_K_SHIFT) #define RPL_DAO_K(X) (((X)&RPL_DAO_K_MASK) >> RPL_DAO_K_SHIFT) /* indicates if the DAGID is present */ #define RPL_DAO_D_SHIFT 6 #define RPL_DAO_D_MASK (1 << RPL_DAO_D_SHIFT) #define RPL_DAO_D(X) (((X)&RPL_DAO_D_MASK) >> RPL_DAO_D_SHIFT) struct rpl_dao_target { uint8_t rpl_dao_type; uint8_t rpl_dao_len; uint8_t rpl_dao_flags; /* unused */ uint8_t rpl_dao_prefixlen; /* in bits */ #if 0 uint8_t rpl_dao_prefix[0]; /* variable number of bytes */ #endif }; /* section 6.5.1, Destination Advertisement Object Acknowledgement (DAO-ACK) */ struct nd_rpl_daoack { uint8_t rpl_instanceid; uint8_t rpl_flags; /* bit 7=D */ uint8_t rpl_daoseq; uint8_t rpl_status; uint8_t rpl_dagid[DAGID_LEN]; /* present when D set. */ }; #define ND_RPL_DAOACK_MIN_LEN 4 /* length without DAGID */ /* indicates if the DAGID is present */ #define RPL_DAOACK_D_SHIFT 7 #define RPL_DAOACK_D_MASK (1 << RPL_DAOACK_D_SHIFT) #define RPL_DAOACK_D(X) (((X)&RPL_DAOACK_D_MASK) >> RPL_DAOACK_D_SHIFT) #define _RPL_H_ #endif /* _RPL_H_ */ /* * Local Variables: * c-basic-offset:4 * c-style: whitesmith * End: */ tcpdump-4.7.4/print-cip.c0000644000026300017510000000511512431107727013404 0ustar mcrmcr/* * Marko Kiiskila carnil@cs.tut.fi * * Tampere University of Technology - Telecommunications Laboratory * * Permission to use, copy, modify and distribute this * software and its documentation is hereby granted, * provided that both the copyright notice and this * permission notice appear in all copies of the software, * derivative works or modified versions, and any portions * thereof, that both notices appear in supporting * documentation, and that the use of this software is * acknowledged in any publications resulting from using * the software. * * TUT ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" * CONDITION AND DISCLAIMS ANY LIABILITY OF ANY KIND FOR * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS * SOFTWARE. * */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #include "addrtoname.h" #define RFC1483LLC_LEN 8 static const unsigned char rfcllc[] = { 0xaa, /* DSAP: non-ISO */ 0xaa, /* SSAP: non-ISO */ 0x03, /* Ctrl: Unnumbered Information Command PDU */ 0x00, /* OUI: EtherType */ 0x00, 0x00 }; static inline void cip_print(netdissect_options *ndo, int length) { /* * There is no MAC-layer header, so just print the length. */ ND_PRINT((ndo, "%d: ", length)); } /* * This is the top level routine of the printer. 'p' points * to the LLC/SNAP or raw header of the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int cip_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; u_short extracted_ethertype; if (memcmp(rfcllc, p, sizeof(rfcllc))==0 && caplen < RFC1483LLC_LEN) { ND_PRINT((ndo, "[|cip]")); return (0); } if (ndo->ndo_eflag) cip_print(ndo, length); if (memcmp(rfcllc, p, sizeof(rfcllc)) == 0) { /* * LLC header is present. Try to print it & higher layers. */ if (llc_print(ndo, p, length, caplen, NULL, NULL, &extracted_ethertype) == 0) { /* ether_type not known, print raw packet */ if (!ndo->ndo_eflag) cip_print(ndo, length); if (extracted_ethertype) { ND_PRINT((ndo, "(LLC %s) ", etherproto_string(htons(extracted_ethertype)))); } if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } } else { /* * LLC header is absent; treat it as just IP. */ ip_print(ndo, p, length); } return (0); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-lspping.c0000644000026300017510000012260012477367525014322 0ustar mcrmcr/* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * Original code by Hannes Gredler (hannes@juniper.net) */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" #include "addrtoname.h" #include "l2vpn.h" #include "oui.h" /* * LSPPING common header * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Version Number | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Message Type | Reply mode | Return Code | Return Subcode| * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Sender's Handle | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Sequence Number | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | TimeStamp Sent (seconds) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | TimeStamp Sent (microseconds) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | TimeStamp Received (seconds) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | TimeStamp Received (microseconds) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | TLVs ... | * . . * . . * . . */ struct lspping_common_header { uint8_t version[2]; uint8_t reserved[2]; uint8_t msg_type; uint8_t reply_mode; uint8_t return_code; uint8_t return_subcode; uint8_t sender_handle[4]; uint8_t seq_number[4]; uint8_t ts_sent_sec[4]; uint8_t ts_sent_usec[4]; uint8_t ts_rcvd_sec[4]; uint8_t ts_rcvd_usec[4]; }; #define LSPPING_VERSION 1 static const struct tok lspping_msg_type_values[] = { { 1, "MPLS Echo Request"}, { 2, "MPLS Echo Reply"}, { 0, NULL} }; static const struct tok lspping_reply_mode_values[] = { { 1, "Do not reply"}, { 2, "Reply via an IPv4/IPv6 UDP packet"}, { 3, "Reply via an IPv4/IPv6 UDP packet with Router Alert"}, { 4, "Reply via application level control channel"}, { 0, NULL} }; static const struct tok lspping_return_code_values[] = { { 0, "No return code or return code contained in the Error Code TLV"}, { 1, "Malformed echo request received"}, { 2, "One or more of the TLVs was not understood"}, { 3, "Replying router is an egress for the FEC at stack depth"}, { 4, "Replying router has no mapping for the FEC at stack depth"}, { 5, "Reserved"}, { 6, "Reserved"}, { 7, "Reserved"}, { 8, "Label switched at stack-depth"}, { 9, "Label switched but no MPLS forwarding at stack-depth"}, { 10, "Mapping for this FEC is not the given label at stack depth"}, { 11, "No label entry at stack-depth"}, { 12, "Protocol not associated with interface at FEC stack depth"}, }; /* * LSPPING TLV header * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Type | Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Value | * . . * . . * . . * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_header { uint8_t type[2]; uint8_t length[2]; }; #define LSPPING_TLV_TARGET_FEC_STACK 1 #define LSPPING_TLV_DOWNSTREAM_MAPPING 2 #define LSPPING_TLV_PAD 3 #define LSPPING_TLV_VENDOR_ENTERPRISE 5 #define LSPPING_TLV_VENDOR_ENTERPRISE_LEN 4 #define LSPPING_TLV_INTERFACE_LABEL_STACK 7 #define LSPPING_TLV_ERROR_CODE 9 #define LSPPING_TLV_REPLY_TOS_BYTE 10 #define LSPPING_TLV_BFD_DISCRIMINATOR 15 /* draft-ietf-bfd-mpls-02 */ #define LSPPING_TLV_BFD_DISCRIMINATOR_LEN 4 #define LSPPING_TLV_VENDOR_PRIVATE 0xfc00 static const struct tok lspping_tlv_values[] = { { LSPPING_TLV_TARGET_FEC_STACK, "Target FEC Stack" }, { LSPPING_TLV_DOWNSTREAM_MAPPING, "Downstream Mapping" }, { LSPPING_TLV_PAD, "Pad" }, { LSPPING_TLV_ERROR_CODE, "Error Code" }, { LSPPING_TLV_VENDOR_ENTERPRISE, "Vendor Enterprise Code" }, { LSPPING_TLV_INTERFACE_LABEL_STACK, "Interface Label Stack" }, { LSPPING_TLV_REPLY_TOS_BYTE, "Reply TOS Byte" }, { LSPPING_TLV_BFD_DISCRIMINATOR, "BFD Discriminator" }, { LSPPING_TLV_VENDOR_PRIVATE, "Vendor Private Code" }, { 0, NULL} }; #define LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4 1 #define LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV6 2 #define LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV4 3 #define LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV6 4 #define LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4 6 #define LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6 7 #define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT 8 #define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID_OLD 9 #define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID 10 #define LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4 11 #define LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6 12 static const struct tok lspping_tlvtargetfec_subtlv_values[] = { { LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4, "LDP IPv4 prefix"}, { LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV6, "LDP IPv6 prefix"}, { LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV4, "RSVP IPv4 Session Query"}, { LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV6, "RSVP IPv6 Session Query"}, { 5, "Reserved"}, { LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4, "VPN IPv4 prefix"}, { LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6, "VPN IPv6 prefix"}, { LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT, "L2 VPN endpoint"}, { LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID_OLD, "L2 circuit ID (old)"}, { LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID, "L2 circuit ID"}, { LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4, "BGP labeled IPv4 prefix"}, { LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6, "BGP labeled IPv6 prefix"}, { 0, NULL} }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv4 prefix | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Prefix Length | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_ldp_ipv4_t { uint8_t prefix [4]; uint8_t prefix_len; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv6 prefix | * | (16 octets) | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Prefix Length | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_ldp_ipv6_t { uint8_t prefix [16]; uint8_t prefix_len; }; /* * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Sender identifier | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv4 prefix | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Prefix Length | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t { uint8_t sender_id [4]; uint8_t prefix [4]; uint8_t prefix_len; }; /* * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Sender identifier | * | (16 octets) | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv6 prefix | * | (16 octets) | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Prefix Length | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t { uint8_t sender_id [16]; uint8_t prefix [16]; uint8_t prefix_len; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv4 tunnel end point address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Must Be Zero | Tunnel ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Extended Tunnel ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv4 tunnel sender address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Must Be Zero | LSP ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_rsvp_ipv4_t { uint8_t tunnel_endpoint [4]; uint8_t res[2]; uint8_t tunnel_id[2]; uint8_t extended_tunnel_id[4]; uint8_t tunnel_sender [4]; uint8_t res2[2]; uint8_t lsp_id [2]; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv6 tunnel end point address | * | | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Must Be Zero | Tunnel ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Extended Tunnel ID | * | | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv6 tunnel sender address | * | | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Must Be Zero | LSP ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_rsvp_ipv6_t { uint8_t tunnel_endpoint [16]; uint8_t res[2]; uint8_t tunnel_id[2]; uint8_t extended_tunnel_id[16]; uint8_t tunnel_sender [16]; uint8_t res2[2]; uint8_t lsp_id [2]; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Route Distinguisher | * | (8 octets) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv4 prefix | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Prefix Length | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_l3vpn_ipv4_t { uint8_t rd [8]; uint8_t prefix [4]; uint8_t prefix_len; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Route Distinguisher | * | (8 octets) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | IPv6 prefix | * | (16 octets) | * | | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Prefix Length | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_l3vpn_ipv6_t { uint8_t rd [8]; uint8_t prefix [16]; uint8_t prefix_len; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Route Distinguisher | * | (8 octets) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Sender's CE ID | Receiver's CE ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Encapsulation Type | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * 0 1 2 3 */ struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t { uint8_t rd [8]; uint8_t sender_ce_id [2]; uint8_t receiver_ce_id [2]; uint8_t encapsulation[2]; }; /* * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Remote PE Address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | VC ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Encapsulation Type | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_old_t { uint8_t remote_pe_address [4]; uint8_t vc_id [4]; uint8_t encapsulation[2]; }; /* * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Sender's PE Address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Remote PE Address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | VC ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Encapsulation Type | Must Be Zero | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_t { uint8_t sender_pe_address [4]; uint8_t remote_pe_address [4]; uint8_t vc_id [4]; uint8_t encapsulation[2]; }; /* * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | MTU | Address Type | Resvd (SBZ) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Downstream IP Address (4 or 16 octets) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Downstream Interface Address (4 or 16 octets) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Hash Key Type | Depth Limit | Multipath Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * . . * . (Multipath Information) . * . . * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Downstream Label | Protocol | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * . . * . . * . . * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Downstream Label | Protocol | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct lspping_tlv_downstream_map_ipv4_t { uint8_t mtu [2]; uint8_t address_type; uint8_t res; uint8_t downstream_ip[4]; uint8_t downstream_interface[4]; }; struct lspping_tlv_downstream_map_ipv6_t { uint8_t mtu [2]; uint8_t address_type; uint8_t res; uint8_t downstream_ip[16]; uint8_t downstream_interface[16]; }; struct lspping_tlv_downstream_map_info_t { uint8_t hash_key_type; uint8_t depth_limit; uint8_t multipath_length [2]; }; #define LSPPING_AFI_IPV4 1 #define LSPPING_AFI_UNMB 2 #define LSPPING_AFI_IPV6 3 static const struct tok lspping_tlv_downstream_addr_values[] = { { LSPPING_AFI_IPV4, "IPv4"}, { LSPPING_AFI_IPV6, "IPv6"}, { LSPPING_AFI_UNMB, "Unnumbered"}, { 0, NULL} }; void lspping_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { const struct lspping_common_header *lspping_com_header; const struct lspping_tlv_header *lspping_tlv_header; const struct lspping_tlv_header *lspping_subtlv_header; const u_char *tptr,*tlv_tptr,*subtlv_tptr; int tlen,lspping_tlv_len,lspping_tlv_type,tlv_tlen; int tlv_hexdump,subtlv_hexdump; int lspping_subtlv_len,lspping_subtlv_type; struct timeval timestamp; union { const struct lspping_tlv_downstream_map_ipv4_t *lspping_tlv_downstream_map_ipv4; const struct lspping_tlv_downstream_map_ipv6_t *lspping_tlv_downstream_map_ipv6; const struct lspping_tlv_downstream_map_info_t *lspping_tlv_downstream_map_info; } tlv_ptr; union { const struct lspping_tlv_targetfec_subtlv_ldp_ipv4_t *lspping_tlv_targetfec_subtlv_ldp_ipv4; const struct lspping_tlv_targetfec_subtlv_ldp_ipv6_t *lspping_tlv_targetfec_subtlv_ldp_ipv6; const struct lspping_tlv_targetfec_subtlv_rsvp_ipv4_t *lspping_tlv_targetfec_subtlv_rsvp_ipv4; const struct lspping_tlv_targetfec_subtlv_rsvp_ipv6_t *lspping_tlv_targetfec_subtlv_rsvp_ipv6; const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv4_t *lspping_tlv_targetfec_subtlv_l3vpn_ipv4; const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv6_t *lspping_tlv_targetfec_subtlv_l3vpn_ipv6; const struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t *lspping_tlv_targetfec_subtlv_l2vpn_endpt; const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_old_t *lspping_tlv_targetfec_subtlv_l2vpn_vcid_old; const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_t *lspping_tlv_targetfec_subtlv_l2vpn_vcid; const struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t *lspping_tlv_targetfec_subtlv_bgp_ipv4; const struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t *lspping_tlv_targetfec_subtlv_bgp_ipv6; } subtlv_ptr; tptr=pptr; lspping_com_header = (const struct lspping_common_header *)pptr; ND_TCHECK(*lspping_com_header); /* * Sanity checking of the header. */ if (EXTRACT_16BITS(&lspping_com_header->version[0]) != LSPPING_VERSION) { ND_PRINT((ndo, "LSP-PING version %u packet not supported", EXTRACT_16BITS(&lspping_com_header->version[0]))); return; } /* in non-verbose mode just lets print the basic Message Type*/ if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, "LSP-PINGv%u, %s, seq %u, length: %u", EXTRACT_16BITS(&lspping_com_header->version[0]), tok2str(lspping_msg_type_values, "unknown (%u)",lspping_com_header->msg_type), EXTRACT_32BITS(lspping_com_header->seq_number), len)); return; } /* ok they seem to want to know everything - lets fully decode it */ tlen=len; ND_PRINT((ndo, "\n\tLSP-PINGv%u, msg-type: %s (%u), length: %u\n\t reply-mode: %s (%u)", EXTRACT_16BITS(&lspping_com_header->version[0]), tok2str(lspping_msg_type_values, "unknown",lspping_com_header->msg_type), lspping_com_header->msg_type, len, tok2str(lspping_reply_mode_values, "unknown",lspping_com_header->reply_mode), lspping_com_header->reply_mode)); /* * the following return codes require that the subcode is attached * at the end of the translated token output */ if (lspping_com_header->return_code == 3 || lspping_com_header->return_code == 4 || lspping_com_header->return_code == 8 || lspping_com_header->return_code == 10 || lspping_com_header->return_code == 11 || lspping_com_header->return_code == 12 ) ND_PRINT((ndo, "\n\t Return Code: %s %u (%u)\n\t Return Subcode: (%u)", tok2str(lspping_return_code_values, "unknown",lspping_com_header->return_code), lspping_com_header->return_subcode, lspping_com_header->return_code, lspping_com_header->return_subcode)); else ND_PRINT((ndo, "\n\t Return Code: %s (%u)\n\t Return Subcode: (%u)", tok2str(lspping_return_code_values, "unknown",lspping_com_header->return_code), lspping_com_header->return_code, lspping_com_header->return_subcode)); ND_PRINT((ndo, "\n\t Sender Handle: 0x%08x, Sequence: %u", EXTRACT_32BITS(lspping_com_header->sender_handle), EXTRACT_32BITS(lspping_com_header->seq_number))); timestamp.tv_sec=EXTRACT_32BITS(lspping_com_header->ts_sent_sec); timestamp.tv_usec=EXTRACT_32BITS(lspping_com_header->ts_sent_usec); ND_PRINT((ndo, "\n\t Sender Timestamp: ")); ts_print(ndo, ×tamp); timestamp.tv_sec=EXTRACT_32BITS(lspping_com_header->ts_rcvd_sec); timestamp.tv_usec=EXTRACT_32BITS(lspping_com_header->ts_rcvd_usec); ND_PRINT((ndo, "Receiver Timestamp: ")); if ((timestamp.tv_sec != 0) && (timestamp.tv_usec != 0)) ts_print(ndo, ×tamp); else ND_PRINT((ndo, "no timestamp")); tptr+=sizeof(const struct lspping_common_header); tlen-=sizeof(const struct lspping_common_header); while(tlen>(int)sizeof(struct lspping_tlv_header)) { /* did we capture enough for fully decoding the tlv header ? */ ND_TCHECK2(*tptr, sizeof(struct lspping_tlv_header)); lspping_tlv_header = (const struct lspping_tlv_header *)tptr; lspping_tlv_type=EXTRACT_16BITS(lspping_tlv_header->type); lspping_tlv_len=EXTRACT_16BITS(lspping_tlv_header->length); /* some little sanity checking */ if (lspping_tlv_type == 0 || lspping_tlv_len == 0) return; if(lspping_tlv_len < 4) { ND_PRINT((ndo, "\n\t ERROR: TLV %u bogus size %u",lspping_tlv_type,lspping_tlv_len)); return; } ND_PRINT((ndo, "\n\t %s TLV (%u), length: %u", tok2str(lspping_tlv_values, "Unknown", lspping_tlv_type), lspping_tlv_type, lspping_tlv_len)); tlv_tptr=tptr+sizeof(struct lspping_tlv_header); tlv_tlen=lspping_tlv_len; /* header not included -> no adjustment */ /* did we capture enough for fully decoding the tlv ? */ ND_TCHECK2(*tptr, lspping_tlv_len); tlv_hexdump=FALSE; switch(lspping_tlv_type) { case LSPPING_TLV_TARGET_FEC_STACK: while(tlv_tlen>(int)sizeof(struct lspping_tlv_header)) { /* did we capture enough for fully decoding the subtlv header ? */ ND_TCHECK2(*tptr, sizeof(struct lspping_tlv_header)); subtlv_hexdump=FALSE; lspping_subtlv_header = (const struct lspping_tlv_header *)tlv_tptr; lspping_subtlv_type=EXTRACT_16BITS(lspping_subtlv_header->type); lspping_subtlv_len=EXTRACT_16BITS(lspping_subtlv_header->length); subtlv_tptr=tlv_tptr+sizeof(struct lspping_tlv_header); if (lspping_subtlv_len == 0) break; ND_PRINT((ndo, "\n\t %s subTLV (%u), length: %u", tok2str(lspping_tlvtargetfec_subtlv_values, "Unknown", lspping_subtlv_type), lspping_subtlv_type, lspping_subtlv_len)); switch(lspping_subtlv_type) { case LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4: subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4 = \ (const struct lspping_tlv_targetfec_subtlv_ldp_ipv4_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t %s/%u", ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4->prefix), subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4->prefix_len)); break; #ifdef INET6 case LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV6: subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6 = \ (const struct lspping_tlv_targetfec_subtlv_ldp_ipv6_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t %s/%u", ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6->prefix), subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6->prefix_len)); break; #endif case LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4: subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4 = \ (const struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t %s/%u, sender-id %s", ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->prefix), subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->prefix_len, ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->sender_id))); break; #ifdef INET6 case LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6: subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6 = \ (const struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t %s/%u, sender-id %s", ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->prefix), subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->prefix_len, ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->sender_id))); break; #endif case LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV4: subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4 = \ (const struct lspping_tlv_targetfec_subtlv_rsvp_ipv4_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t tunnel end-point %s, tunnel sender %s, lsp-id 0x%04x" \ "\n\t tunnel-id 0x%04x, extended tunnel-id %s", ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_endpoint), ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_sender), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->lsp_id), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_id), ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->extended_tunnel_id))); break; #ifdef INET6 case LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV6: subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6 = \ (const struct lspping_tlv_targetfec_subtlv_rsvp_ipv6_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t tunnel end-point %s, tunnel sender %s, lsp-id 0x%04x" \ "\n\t tunnel-id 0x%04x, extended tunnel-id %s", ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_endpoint), ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_sender), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->lsp_id), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_id), ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->extended_tunnel_id))); break; #endif case LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4: subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4 = \ (const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv4_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t RD: %s, %s/%u", bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->rd), ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->prefix), subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->prefix_len)); break; #ifdef INET6 case LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6: subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6 = \ (const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv6_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t RD: %s, %s/%u", bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->rd), ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->prefix), subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->prefix_len)); break; #endif case LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT: subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt = \ (const struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t RD: %s, Sender CE-ID: %u, Receiver CE-ID: %u" \ "\n\t Encapsulation Type: %s (%u)", bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->rd), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->sender_ce_id), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->receiver_ce_id), tok2str(l2vpn_encaps_values, "unknown", EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->encapsulation)), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->encapsulation))); break; /* the old L2VPN VCID subTLV does not have support for the sender field */ case LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID_OLD: subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old = \ (const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_old_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t Remote PE: %s" \ "\n\t VC-ID: 0x%08x, Encapsulation Type: %s (%u)", ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->remote_pe_address), EXTRACT_32BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->vc_id), tok2str(l2vpn_encaps_values, "unknown", EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->encapsulation)), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->encapsulation))); break; case LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID: subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid = \ (const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_t *)subtlv_tptr; ND_PRINT((ndo, "\n\t Sender PE: %s, Remote PE: %s" \ "\n\t VC-ID: 0x%08x, Encapsulation Type: %s (%u)", ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->sender_pe_address), ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->remote_pe_address), EXTRACT_32BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->vc_id), tok2str(l2vpn_encaps_values, "unknown", EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->encapsulation)), EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->encapsulation))); break; default: subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */ break; } /* do we want to see an additionally subtlv hexdump ? */ if (ndo->ndo_vflag > 1 || subtlv_hexdump==TRUE) print_unknown_data(ndo, tlv_tptr+sizeof(struct lspping_tlv_header), \ "\n\t ", lspping_subtlv_len); tlv_tptr+=lspping_subtlv_len; tlv_tlen-=lspping_subtlv_len+sizeof(struct lspping_tlv_header); } break; case LSPPING_TLV_DOWNSTREAM_MAPPING: /* that strange thing with the downstream map TLV is that until now * we do not know if its IPv4 or IPv6 , after we found the address-type * lets recast the tlv_tptr and move on */ tlv_ptr.lspping_tlv_downstream_map_ipv4= \ (const struct lspping_tlv_downstream_map_ipv4_t *)tlv_tptr; tlv_ptr.lspping_tlv_downstream_map_ipv6= \ (const struct lspping_tlv_downstream_map_ipv6_t *)tlv_tptr; ND_PRINT((ndo, "\n\t MTU: %u, Address-Type: %s (%u)", EXTRACT_16BITS(tlv_ptr.lspping_tlv_downstream_map_ipv4->mtu), tok2str(lspping_tlv_downstream_addr_values, "unknown", tlv_ptr.lspping_tlv_downstream_map_ipv4->address_type), tlv_ptr.lspping_tlv_downstream_map_ipv4->address_type)); switch(tlv_ptr.lspping_tlv_downstream_map_ipv4->address_type) { case LSPPING_AFI_IPV4: ND_PRINT((ndo, "\n\t Downstream IP: %s" \ "\n\t Downstream Interface IP: %s", ipaddr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_ip), ipaddr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_interface))); tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv4_t); tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv4_t); break; #ifdef INET6 case LSPPING_AFI_IPV6: ND_PRINT((ndo, "\n\t Downstream IP: %s" \ "\n\t Downstream Interface IP: %s", ip6addr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv6->downstream_ip), ip6addr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv6->downstream_interface))); tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv6_t); tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv6_t); break; #endif case LSPPING_AFI_UNMB: ND_PRINT((ndo, "\n\t Downstream IP: %s" \ "\n\t Downstream Interface Index: 0x%08x", ipaddr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_ip), EXTRACT_32BITS(tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_interface))); tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv4_t); tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv4_t); break; default: /* should not happen ! - no error message - tok2str() has barked already */ break; } tlv_ptr.lspping_tlv_downstream_map_info= \ (const struct lspping_tlv_downstream_map_info_t *)tlv_tptr; /* FIXME add hash-key type, depth limit, multipath processing */ tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_info_t); tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_info_t); /* FIXME print downstream labels */ tlv_hexdump=TRUE; /* dump the TLV until code complete */ break; case LSPPING_TLV_BFD_DISCRIMINATOR: tptr += sizeof(struct lspping_tlv_header); ND_TCHECK2(*tptr, LSPPING_TLV_BFD_DISCRIMINATOR_LEN); ND_PRINT((ndo, "\n\t BFD Discriminator 0x%08x", EXTRACT_32BITS(tptr))); break; case LSPPING_TLV_VENDOR_ENTERPRISE: { uint32_t vendor_id; ND_TCHECK2(*tptr, LSPPING_TLV_VENDOR_ENTERPRISE_LEN); vendor_id = EXTRACT_32BITS(tlv_tptr); ND_PRINT((ndo, "\n\t Vendor: %s (0x%04x)", tok2str(smi_values, "Unknown", vendor_id), vendor_id)); } break; /* * FIXME those are the defined TLVs that lack a decoder * you are welcome to contribute code ;-) */ case LSPPING_TLV_PAD: case LSPPING_TLV_ERROR_CODE: case LSPPING_TLV_VENDOR_PRIVATE: default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tlv_tptr, "\n\t ", tlv_tlen); break; } /* do we want to see an additionally tlv hexdump ? */ if (ndo->ndo_vflag > 1 || tlv_hexdump==TRUE) print_unknown_data(ndo, tptr+sizeof(struct lspping_tlv_header), "\n\t ", lspping_tlv_len); /* All TLVs are aligned to four octet boundary */ if (lspping_tlv_len % 4) { lspping_tlv_len += (4 - lspping_tlv_len % 4); } tptr+=lspping_tlv_len+sizeof(struct lspping_tlv_header); tlen-=lspping_tlv_len+sizeof(struct lspping_tlv_header); } return; trunc: ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-udld.c0000644000026300017510000001070312431107727013560 0ustar mcrmcr/* * Copyright (c) 1998-2007 The TCPDUMP project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * UNIDIRECTIONAL LINK DETECTION (UDLD) as per * http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt * * Original code by Carles Kishimoto */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" #define UDLD_HEADER_LEN 4 #define UDLD_DEVICE_ID_TLV 0x0001 #define UDLD_PORT_ID_TLV 0x0002 #define UDLD_ECHO_TLV 0x0003 #define UDLD_MESSAGE_INTERVAL_TLV 0x0004 #define UDLD_TIMEOUT_INTERVAL_TLV 0x0005 #define UDLD_DEVICE_NAME_TLV 0x0006 #define UDLD_SEQ_NUMBER_TLV 0x0007 static const struct tok udld_tlv_values[] = { { UDLD_DEVICE_ID_TLV, "Device-ID TLV"}, { UDLD_PORT_ID_TLV, "Port-ID TLV"}, { UDLD_ECHO_TLV, "Echo TLV"}, { UDLD_MESSAGE_INTERVAL_TLV, "Message Interval TLV"}, { UDLD_TIMEOUT_INTERVAL_TLV, "Timeout Interval TLV"}, { UDLD_DEVICE_NAME_TLV, "Device Name TLV"}, { UDLD_SEQ_NUMBER_TLV,"Sequence Number TLV"}, { 0, NULL} }; static const struct tok udld_code_values[] = { { 0x00, "Reserved"}, { 0x01, "Probe message"}, { 0x02, "Echo message"}, { 0x03, "Flush message"}, { 0, NULL} }; static const struct tok udld_flags_values[] = { { 0x00, "RT"}, { 0x01, "RSY"}, { 0, NULL} }; /* * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Ver | Opcode | Flags | Checksum | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | List of TLVs (variable length list) | * | ... | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ #define UDLD_EXTRACT_VERSION(x) (((x)&0xe0)>>5) #define UDLD_EXTRACT_OPCODE(x) ((x)&0x1f) void udld_print (netdissect_options *ndo, const u_char *pptr, u_int length) { int code, type, len; const u_char *tptr; if (length < UDLD_HEADER_LEN) goto trunc; tptr = pptr; ND_TCHECK2(*tptr, UDLD_HEADER_LEN); code = UDLD_EXTRACT_OPCODE(*tptr); ND_PRINT((ndo, "UDLDv%u, Code %s (%x), Flags [%s] (0x%02x), length %u", UDLD_EXTRACT_VERSION(*tptr), tok2str(udld_code_values, "Reserved", code), code, bittok2str(udld_flags_values, "none", *(tptr+1)), *(tptr+1), length)); /* * In non-verbose mode, just print version and opcode type */ if (ndo->ndo_vflag < 1) { return; } ND_PRINT((ndo, "\n\tChecksum 0x%04x (unverified)", EXTRACT_16BITS(tptr+2))); tptr += UDLD_HEADER_LEN; while (tptr < (pptr+length)) { ND_TCHECK2(*tptr, 4); type = EXTRACT_16BITS(tptr); len = EXTRACT_16BITS(tptr+2); len -= 4; tptr += 4; /* infinite loop check */ if (type == 0 || len == 0) { return; } ND_PRINT((ndo, "\n\t%s (0x%04x) TLV, length %u", tok2str(udld_tlv_values, "Unknown", type), type, len)); switch (type) { case UDLD_DEVICE_ID_TLV: case UDLD_PORT_ID_TLV: case UDLD_ECHO_TLV: case UDLD_DEVICE_NAME_TLV: ND_PRINT((ndo, ", %s", tptr)); break; case UDLD_MESSAGE_INTERVAL_TLV: case UDLD_TIMEOUT_INTERVAL_TLV: ND_PRINT((ndo, ", %us", (*tptr))); break; case UDLD_SEQ_NUMBER_TLV: ND_PRINT((ndo, ", %u", EXTRACT_32BITS(tptr))); break; default: break; } tptr += len; } return; trunc: ND_PRINT((ndo, "[|udld]")); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 4 * End: */ tcpdump-4.7.4/gmpls.h0000644000026300017510000000260412431107727012626 0ustar mcrmcr/* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * Original code by Hannes Gredler (hannes@juniper.net) */ #define GMPLS_PSC1 1 #define GMPLS_PSC2 2 #define GMPLS_PSC3 3 #define GMPLS_PSC4 4 #define GMPLS_L2SC 51 #define GMPLS_TSC 100 #define GMPLS_LSC 150 #define GMPLS_FSC 200 extern const struct tok gmpls_link_prot_values[]; extern const struct tok gmpls_switch_cap_values[]; extern const struct tok gmpls_switch_cap_tsc_indication_values[]; extern const struct tok gmpls_encoding_values[]; extern const struct tok gmpls_payload_values[]; extern const struct tok diffserv_te_bc_values[]; extern const struct tok lmp_sd_service_config_cpsa_link_type_values[]; extern const struct tok lmp_sd_service_config_cpsa_signal_type_sdh_values[]; extern const struct tok lmp_sd_service_config_cpsa_signal_type_sonet_values[]; tcpdump-4.7.4/print-802_11.c0000644000026300017510000024622212431107727013451 0ustar mcrmcr/* * Copyright (c) 2001 * Fortress Technologies, Inc. All rights reserved. * Charlie Lenahan (clenahan@fortresstech.com) * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "cpack.h" /* Lengths of 802.11 header components. */ #define IEEE802_11_FC_LEN 2 #define IEEE802_11_DUR_LEN 2 #define IEEE802_11_DA_LEN 6 #define IEEE802_11_SA_LEN 6 #define IEEE802_11_BSSID_LEN 6 #define IEEE802_11_RA_LEN 6 #define IEEE802_11_TA_LEN 6 #define IEEE802_11_SEQ_LEN 2 #define IEEE802_11_CTL_LEN 2 #define IEEE802_11_IV_LEN 3 #define IEEE802_11_KID_LEN 1 /* Frame check sequence length. */ #define IEEE802_11_FCS_LEN 4 /* Lengths of beacon components. */ #define IEEE802_11_TSTAMP_LEN 8 #define IEEE802_11_BCNINT_LEN 2 #define IEEE802_11_CAPINFO_LEN 2 #define IEEE802_11_LISTENINT_LEN 2 #define IEEE802_11_AID_LEN 2 #define IEEE802_11_STATUS_LEN 2 #define IEEE802_11_REASON_LEN 2 /* Length of previous AP in reassocation frame */ #define IEEE802_11_AP_LEN 6 #define T_MGMT 0x0 /* management */ #define T_CTRL 0x1 /* control */ #define T_DATA 0x2 /* data */ #define T_RESV 0x3 /* reserved */ #define ST_ASSOC_REQUEST 0x0 #define ST_ASSOC_RESPONSE 0x1 #define ST_REASSOC_REQUEST 0x2 #define ST_REASSOC_RESPONSE 0x3 #define ST_PROBE_REQUEST 0x4 #define ST_PROBE_RESPONSE 0x5 /* RESERVED 0x6 */ /* RESERVED 0x7 */ #define ST_BEACON 0x8 #define ST_ATIM 0x9 #define ST_DISASSOC 0xA #define ST_AUTH 0xB #define ST_DEAUTH 0xC #define ST_ACTION 0xD /* RESERVED 0xE */ /* RESERVED 0xF */ static const struct tok st_str[] = { { ST_ASSOC_REQUEST, "Assoc Request" }, { ST_ASSOC_RESPONSE, "Assoc Response" }, { ST_REASSOC_REQUEST, "ReAssoc Request" }, { ST_REASSOC_RESPONSE, "ReAssoc Response" }, { ST_PROBE_REQUEST, "Probe Request" }, { ST_PROBE_RESPONSE, "Probe Response" }, { ST_BEACON, "Beacon" }, { ST_ATIM, "ATIM" }, { ST_DISASSOC, "Disassociation" }, { ST_AUTH, "Authentication" }, { ST_DEAUTH, "DeAuthentication" }, { ST_ACTION, "Action" }, { 0, NULL } }; #define CTRL_CONTROL_WRAPPER 0x7 #define CTRL_BAR 0x8 #define CTRL_BA 0x9 #define CTRL_PS_POLL 0xA #define CTRL_RTS 0xB #define CTRL_CTS 0xC #define CTRL_ACK 0xD #define CTRL_CF_END 0xE #define CTRL_END_ACK 0xF static const struct tok ctrl_str[] = { { CTRL_CONTROL_WRAPPER, "Control Wrapper" }, { CTRL_BAR, "BAR" }, { CTRL_BA, "BA" }, { CTRL_PS_POLL, "Power Save-Poll" }, { CTRL_RTS, "Request-To-Send" }, { CTRL_CTS, "Clear-To-Send" }, { CTRL_ACK, "Acknowledgment" }, { CTRL_CF_END, "CF-End" }, { CTRL_END_ACK, "CF-End+CF-Ack" }, { 0, NULL } }; #define DATA_DATA 0x0 #define DATA_DATA_CF_ACK 0x1 #define DATA_DATA_CF_POLL 0x2 #define DATA_DATA_CF_ACK_POLL 0x3 #define DATA_NODATA 0x4 #define DATA_NODATA_CF_ACK 0x5 #define DATA_NODATA_CF_POLL 0x6 #define DATA_NODATA_CF_ACK_POLL 0x7 #define DATA_QOS_DATA 0x8 #define DATA_QOS_DATA_CF_ACK 0x9 #define DATA_QOS_DATA_CF_POLL 0xA #define DATA_QOS_DATA_CF_ACK_POLL 0xB #define DATA_QOS_NODATA 0xC #define DATA_QOS_CF_POLL_NODATA 0xE #define DATA_QOS_CF_ACK_POLL_NODATA 0xF /* * The subtype field of a data frame is, in effect, composed of 4 flag * bits - CF-Ack, CF-Poll, Null (means the frame doesn't actually have * any data), and QoS. */ #define DATA_FRAME_IS_CF_ACK(x) ((x) & 0x01) #define DATA_FRAME_IS_CF_POLL(x) ((x) & 0x02) #define DATA_FRAME_IS_NULL(x) ((x) & 0x04) #define DATA_FRAME_IS_QOS(x) ((x) & 0x08) /* * Bits in the frame control field. */ #define FC_VERSION(fc) ((fc) & 0x3) #define FC_TYPE(fc) (((fc) >> 2) & 0x3) #define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF) #define FC_TO_DS(fc) ((fc) & 0x0100) #define FC_FROM_DS(fc) ((fc) & 0x0200) #define FC_MORE_FLAG(fc) ((fc) & 0x0400) #define FC_RETRY(fc) ((fc) & 0x0800) #define FC_POWER_MGMT(fc) ((fc) & 0x1000) #define FC_MORE_DATA(fc) ((fc) & 0x2000) #define FC_WEP(fc) ((fc) & 0x4000) #define FC_ORDER(fc) ((fc) & 0x8000) struct mgmt_header_t { uint16_t fc; uint16_t duration; uint8_t da[6]; uint8_t sa[6]; uint8_t bssid[6]; uint16_t seq_ctrl; }; #define MGMT_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\ IEEE802_11_DA_LEN+IEEE802_11_SA_LEN+\ IEEE802_11_BSSID_LEN+IEEE802_11_SEQ_LEN) #define CAPABILITY_ESS(cap) ((cap) & 0x0001) #define CAPABILITY_IBSS(cap) ((cap) & 0x0002) #define CAPABILITY_CFP(cap) ((cap) & 0x0004) #define CAPABILITY_CFP_REQ(cap) ((cap) & 0x0008) #define CAPABILITY_PRIVACY(cap) ((cap) & 0x0010) struct ssid_t { uint8_t element_id; uint8_t length; u_char ssid[33]; /* 32 + 1 for null */ }; struct rates_t { uint8_t element_id; uint8_t length; uint8_t rate[16]; }; struct challenge_t { uint8_t element_id; uint8_t length; uint8_t text[254]; /* 1-253 + 1 for null */ }; struct fh_t { uint8_t element_id; uint8_t length; uint16_t dwell_time; uint8_t hop_set; uint8_t hop_pattern; uint8_t hop_index; }; struct ds_t { uint8_t element_id; uint8_t length; uint8_t channel; }; struct cf_t { uint8_t element_id; uint8_t length; uint8_t count; uint8_t period; uint16_t max_duration; uint16_t dur_remaing; }; struct tim_t { uint8_t element_id; uint8_t length; uint8_t count; uint8_t period; uint8_t bitmap_control; uint8_t bitmap[251]; }; #define E_SSID 0 #define E_RATES 1 #define E_FH 2 #define E_DS 3 #define E_CF 4 #define E_TIM 5 #define E_IBSS 6 /* reserved 7 */ /* reserved 8 */ /* reserved 9 */ /* reserved 10 */ /* reserved 11 */ /* reserved 12 */ /* reserved 13 */ /* reserved 14 */ /* reserved 15 */ /* reserved 16 */ #define E_CHALLENGE 16 /* reserved 17 */ /* reserved 18 */ /* reserved 19 */ /* reserved 16 */ /* reserved 16 */ struct mgmt_body_t { uint8_t timestamp[IEEE802_11_TSTAMP_LEN]; uint16_t beacon_interval; uint16_t listen_interval; uint16_t status_code; uint16_t aid; u_char ap[IEEE802_11_AP_LEN]; uint16_t reason_code; uint16_t auth_alg; uint16_t auth_trans_seq_num; int challenge_present; struct challenge_t challenge; uint16_t capability_info; int ssid_present; struct ssid_t ssid; int rates_present; struct rates_t rates; int ds_present; struct ds_t ds; int cf_present; struct cf_t cf; int fh_present; struct fh_t fh; int tim_present; struct tim_t tim; }; struct ctrl_rts_t { uint16_t fc; uint16_t duration; uint8_t ra[6]; uint8_t ta[6]; uint8_t fcs[4]; }; #define CTRL_RTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\ IEEE802_11_RA_LEN+IEEE802_11_TA_LEN) struct ctrl_cts_t { uint16_t fc; uint16_t duration; uint8_t ra[6]; uint8_t fcs[4]; }; #define CTRL_CTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN) struct ctrl_ack_t { uint16_t fc; uint16_t duration; uint8_t ra[6]; uint8_t fcs[4]; }; #define CTRL_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN) struct ctrl_ps_poll_t { uint16_t fc; uint16_t aid; uint8_t bssid[6]; uint8_t ta[6]; uint8_t fcs[4]; }; #define CTRL_PS_POLL_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_AID_LEN+\ IEEE802_11_BSSID_LEN+IEEE802_11_TA_LEN) struct ctrl_end_t { uint16_t fc; uint16_t duration; uint8_t ra[6]; uint8_t bssid[6]; uint8_t fcs[4]; }; #define CTRL_END_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\ IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN) struct ctrl_end_ack_t { uint16_t fc; uint16_t duration; uint8_t ra[6]; uint8_t bssid[6]; uint8_t fcs[4]; }; #define CTRL_END_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\ IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN) struct ctrl_ba_t { uint16_t fc; uint16_t duration; uint8_t ra[6]; uint8_t fcs[4]; }; #define CTRL_BA_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN) struct ctrl_bar_t { uint16_t fc; uint16_t dur; uint8_t ra[6]; uint8_t ta[6]; uint16_t ctl; uint16_t seq; uint8_t fcs[4]; }; #define CTRL_BAR_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\ IEEE802_11_RA_LEN+IEEE802_11_TA_LEN+\ IEEE802_11_CTL_LEN+IEEE802_11_SEQ_LEN) struct meshcntl_t { uint8_t flags; uint8_t ttl; uint8_t seq[4]; uint8_t addr4[6]; uint8_t addr5[6]; uint8_t addr6[6]; }; #define IV_IV(iv) ((iv) & 0xFFFFFF) #define IV_PAD(iv) (((iv) >> 24) & 0x3F) #define IV_KEYID(iv) (((iv) >> 30) & 0x03) /* $FreeBSD: src/sys/net80211/ieee80211_radiotap.h,v 1.5 2005/01/22 20:12:05 sam Exp $ */ /* NetBSD: ieee802_11_radio.h,v 1.2 2006/02/26 03:04:03 dyoung Exp */ /*- * Copyright (c) 2003, 2004 David Young. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of David Young may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. */ /* A generic radio capture format is desirable. It must be * rigidly defined (e.g., units for fields should be given), * and easily extensible. * * The following is an extensible radio capture format. It is * based on a bitmap indicating which fields are present. * * I am trying to describe precisely what the application programmer * should expect in the following, and for that reason I tell the * units and origin of each measurement (where it applies), or else I * use sufficiently weaselly language ("is a monotonically nondecreasing * function of...") that I cannot set false expectations for lawyerly * readers. */ /* * The radio capture header precedes the 802.11 header. * * Note well: all radiotap fields are little-endian. */ struct ieee80211_radiotap_header { uint8_t it_version; /* Version 0. Only increases * for drastic changes, * introduction of compatible * new fields does not count. */ uint8_t it_pad; uint16_t it_len; /* length of the whole * header in bytes, including * it_version, it_pad, * it_len, and data fields. */ uint32_t it_present; /* A bitmap telling which * fields are present. Set bit 31 * (0x80000000) to extend the * bitmap by another 32 bits. * Additional extensions are made * by setting bit 31. */ }; /* Name Data type Units * ---- --------- ----- * * IEEE80211_RADIOTAP_TSFT uint64_t microseconds * * Value in microseconds of the MAC's 64-bit 802.11 Time * Synchronization Function timer when the first bit of the * MPDU arrived at the MAC. For received frames, only. * * IEEE80211_RADIOTAP_CHANNEL 2 x uint16_t MHz, bitmap * * Tx/Rx frequency in MHz, followed by flags (see below). * Note that IEEE80211_RADIOTAP_XCHANNEL must be used to * represent an HT channel as there is not enough room in * the flags word. * * IEEE80211_RADIOTAP_FHSS uint16_t see below * * For frequency-hopping radios, the hop set (first byte) * and pattern (second byte). * * IEEE80211_RADIOTAP_RATE uint8_t 500kb/s or index * * Tx/Rx data rate. If bit 0x80 is set then it represents an * an MCS index and not an IEEE rate. * * IEEE80211_RADIOTAP_DBM_ANTSIGNAL int8_t decibels from * one milliwatt (dBm) * * RF signal power at the antenna, decibel difference from * one milliwatt. * * IEEE80211_RADIOTAP_DBM_ANTNOISE int8_t decibels from * one milliwatt (dBm) * * RF noise power at the antenna, decibel difference from one * milliwatt. * * IEEE80211_RADIOTAP_DB_ANTSIGNAL uint8_t decibel (dB) * * RF signal power at the antenna, decibel difference from an * arbitrary, fixed reference. * * IEEE80211_RADIOTAP_DB_ANTNOISE uint8_t decibel (dB) * * RF noise power at the antenna, decibel difference from an * arbitrary, fixed reference point. * * IEEE80211_RADIOTAP_LOCK_QUALITY uint16_t unitless * * Quality of Barker code lock. Unitless. Monotonically * nondecreasing with "better" lock strength. Called "Signal * Quality" in datasheets. (Is there a standard way to measure * this?) * * IEEE80211_RADIOTAP_TX_ATTENUATION uint16_t unitless * * Transmit power expressed as unitless distance from max * power set at factory calibration. 0 is max power. * Monotonically nondecreasing with lower power levels. * * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t decibels (dB) * * Transmit power expressed as decibel distance from max power * set at factory calibration. 0 is max power. Monotonically * nondecreasing with lower power levels. * * IEEE80211_RADIOTAP_DBM_TX_POWER int8_t decibels from * one milliwatt (dBm) * * Transmit power expressed as dBm (decibels from a 1 milliwatt * reference). This is the absolute power level measured at * the antenna port. * * IEEE80211_RADIOTAP_FLAGS uint8_t bitmap * * Properties of transmitted and received frames. See flags * defined below. * * IEEE80211_RADIOTAP_ANTENNA uint8_t antenna index * * Unitless indication of the Rx/Tx antenna for this packet. * The first antenna is antenna 0. * * IEEE80211_RADIOTAP_RX_FLAGS uint16_t bitmap * * Properties of received frames. See flags defined below. * * IEEE80211_RADIOTAP_XCHANNEL uint32_t bitmap * uint16_t MHz * uint8_t channel number * uint8_t .5 dBm * * Extended channel specification: flags (see below) followed by * frequency in MHz, the corresponding IEEE channel number, and * finally the maximum regulatory transmit power cap in .5 dBm * units. This property supersedes IEEE80211_RADIOTAP_CHANNEL * and only one of the two should be present. * * IEEE80211_RADIOTAP_MCS uint8_t known * uint8_t flags * uint8_t mcs * * Bitset indicating which fields have known values, followed * by bitset of flag values, followed by the MCS rate index as * in IEEE 802.11n. * * IEEE80211_RADIOTAP_VENDOR_NAMESPACE * uint8_t OUI[3] * uint8_t subspace * uint16_t length * * The Vendor Namespace Field contains three sub-fields. The first * sub-field is 3 bytes long. It contains the vendor's IEEE 802 * Organizationally Unique Identifier (OUI). The fourth byte is a * vendor-specific "namespace selector." * */ enum ieee80211_radiotap_type { IEEE80211_RADIOTAP_TSFT = 0, IEEE80211_RADIOTAP_FLAGS = 1, IEEE80211_RADIOTAP_RATE = 2, IEEE80211_RADIOTAP_CHANNEL = 3, IEEE80211_RADIOTAP_FHSS = 4, IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5, IEEE80211_RADIOTAP_DBM_ANTNOISE = 6, IEEE80211_RADIOTAP_LOCK_QUALITY = 7, IEEE80211_RADIOTAP_TX_ATTENUATION = 8, IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9, IEEE80211_RADIOTAP_DBM_TX_POWER = 10, IEEE80211_RADIOTAP_ANTENNA = 11, IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12, IEEE80211_RADIOTAP_DB_ANTNOISE = 13, IEEE80211_RADIOTAP_RX_FLAGS = 14, /* NB: gap for netbsd definitions */ IEEE80211_RADIOTAP_XCHANNEL = 18, IEEE80211_RADIOTAP_MCS = 19, IEEE80211_RADIOTAP_NAMESPACE = 29, IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30, IEEE80211_RADIOTAP_EXT = 31 }; /* channel attributes */ #define IEEE80211_CHAN_TURBO 0x00010 /* Turbo channel */ #define IEEE80211_CHAN_CCK 0x00020 /* CCK channel */ #define IEEE80211_CHAN_OFDM 0x00040 /* OFDM channel */ #define IEEE80211_CHAN_2GHZ 0x00080 /* 2 GHz spectrum channel. */ #define IEEE80211_CHAN_5GHZ 0x00100 /* 5 GHz spectrum channel */ #define IEEE80211_CHAN_PASSIVE 0x00200 /* Only passive scan allowed */ #define IEEE80211_CHAN_DYN 0x00400 /* Dynamic CCK-OFDM channel */ #define IEEE80211_CHAN_GFSK 0x00800 /* GFSK channel (FHSS PHY) */ #define IEEE80211_CHAN_GSM 0x01000 /* 900 MHz spectrum channel */ #define IEEE80211_CHAN_STURBO 0x02000 /* 11a static turbo channel only */ #define IEEE80211_CHAN_HALF 0x04000 /* Half rate channel */ #define IEEE80211_CHAN_QUARTER 0x08000 /* Quarter rate channel */ #define IEEE80211_CHAN_HT20 0x10000 /* HT 20 channel */ #define IEEE80211_CHAN_HT40U 0x20000 /* HT 40 channel w/ ext above */ #define IEEE80211_CHAN_HT40D 0x40000 /* HT 40 channel w/ ext below */ /* Useful combinations of channel characteristics, borrowed from Ethereal */ #define IEEE80211_CHAN_A \ (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM) #define IEEE80211_CHAN_B \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK) #define IEEE80211_CHAN_G \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN) #define IEEE80211_CHAN_TA \ (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM | IEEE80211_CHAN_TURBO) #define IEEE80211_CHAN_TG \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN | IEEE80211_CHAN_TURBO) /* For IEEE80211_RADIOTAP_FLAGS */ #define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received * during CFP */ #define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received * with short * preamble */ #define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received * with WEP encryption */ #define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received * with fragmentation */ #define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */ #define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between * 802.11 header and payload * (to 32-bit boundary) */ #define IEEE80211_RADIOTAP_F_BADFCS 0x40 /* does not pass FCS check */ /* For IEEE80211_RADIOTAP_RX_FLAGS */ #define IEEE80211_RADIOTAP_F_RX_BADFCS 0x0001 /* frame failed crc check */ #define IEEE80211_RADIOTAP_F_RX_PLCP_CRC 0x0002 /* frame failed PLCP CRC check */ /* For IEEE80211_RADIOTAP_MCS known */ #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN 0x01 #define IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN 0x02 /* MCS index field */ #define IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN 0x04 #define IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN 0x08 #define IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN 0x10 #define IEEE80211_RADIOTAP_MCS_STBC_KNOWN 0x20 /* For IEEE80211_RADIOTAP_MCS flags */ #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK 0x03 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20 0 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 1 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20L 2 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20U 3 #define IEEE80211_RADIOTAP_MCS_SHORT_GI 0x04 /* short guard interval */ #define IEEE80211_RADIOTAP_MCS_HT_GREENFIELD 0x08 #define IEEE80211_RADIOTAP_MCS_FEC_LDPC 0x10 #define IEEE80211_RADIOTAP_MCS_STBC_MASK 0x60 #define IEEE80211_RADIOTAP_MCS_STBC_1 1 #define IEEE80211_RADIOTAP_MCS_STBC_2 2 #define IEEE80211_RADIOTAP_MCS_STBC_3 3 #define IEEE80211_RADIOTAP_MCS_STBC_SHIFT 5 static const char tstr[] = "[|802.11]"; /* Radiotap state */ /* This is used to save state when parsing/processing parameters */ struct radiotap_state { uint32_t present; uint8_t rate; }; #define PRINT_SSID(p) \ if (p.ssid_present) { \ ND_PRINT((ndo, " (")); \ fn_print(ndo, p.ssid.ssid, NULL); \ ND_PRINT((ndo, ")")); \ } #define PRINT_RATE(_sep, _r, _suf) \ ND_PRINT((ndo, "%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)) #define PRINT_RATES(p) \ if (p.rates_present) { \ int z; \ const char *sep = " ["; \ for (z = 0; z < p.rates.length ; z++) { \ PRINT_RATE(sep, p.rates.rate[z], \ (p.rates.rate[z] & 0x80 ? "*" : "")); \ sep = " "; \ } \ if (p.rates.length != 0) \ ND_PRINT((ndo, " Mbit]")); \ } #define PRINT_DS_CHANNEL(p) \ if (p.ds_present) \ ND_PRINT((ndo, " CH: %u", p.ds.channel)); \ ND_PRINT((ndo, "%s", \ CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "")); #define MAX_MCS_INDEX 76 /* * Indices are: * * the MCS index (0-76); * * 0 for 20 MHz, 1 for 40 MHz; * * 0 for a long guard interval, 1 for a short guard interval. */ static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = { /* MCS 0 */ { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, }, /* 40 Mhz */ { 13.5, /* SGI */ 15.0, }, }, /* MCS 1 */ { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, }, /* 40 Mhz */ { 27.0, /* SGI */ 30.0, }, }, /* MCS 2 */ { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, }, /* 40 Mhz */ { 40.5, /* SGI */ 45.0, }, }, /* MCS 3 */ { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, }, /* MCS 4 */ { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, }, /* MCS 5 */ { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, }, /* MCS 6 */ { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, }, /* MCS 7 */ { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, }, /* MCS 8 */ { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, }, /* 40 Mhz */ { 27.0, /* SGI */ 30.0, }, }, /* MCS 9 */ { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, }, /* MCS 10 */ { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, }, /* MCS 11 */ { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, }, /* MCS 12 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 13 */ { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, }, /* MCS 14 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 15 */ { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, }, /* MCS 16 */ { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, }, /* 40 Mhz */ { 40.5, /* SGI */ 45.0, }, }, /* MCS 17 */ { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, }, /* MCS 18 */ { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, }, /* MCS 19 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 20 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 21 */ { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, }, /* MCS 22 */ { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, }, /* MCS 23 */ { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, }, /* MCS 24 */ { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, }, /* MCS 25 */ { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, }, /* MCS 26 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 27 */ { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, }, /* MCS 28 */ { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, }, /* MCS 29 */ { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, }, /* 40 Mhz */ { 432.0, /* SGI */ 480.0, }, }, /* MCS 30 */ { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, }, /* 40 Mhz */ { 486.0, /* SGI */ 540.0, }, }, /* MCS 31 */ { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, }, /* 40 Mhz */ { 540.0, /* SGI */ 600.0, }, }, /* MCS 32 */ { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */ /* 40 Mhz */ { 6.0, /* SGI */ 6.7, }, }, /* MCS 33 */ { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, }, /* MCS 34 */ { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, }, /* MCS 35 */ { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, }, /* MCS 36 */ { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, }, /* MCS 37 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 38 */ { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, }, /* MCS 39 */ { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, }, /* MCS 40 */ { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, }, /* MCS 41 */ { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, }, /* MCS 42 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 43 */ { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, }, /* MCS 44 */ { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, }, /* MCS 45 */ { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, }, /* MCS 46 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 47 */ { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, }, /* MCS 48 */ { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, }, /* MCS 49 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 50 */ { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, }, /* MCS 51 */ { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, }, /* MCS 52 */ { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, }, /* MCS 53 */ { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, }, /* MCS 54 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 55 */ { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, }, /* MCS 56 */ { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, }, /* MCS 57 */ { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, }, /* MCS 58 */ { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, }, /* MCS 59 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 60 */ { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, }, /* MCS 61 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 62 */ { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, }, /* MCS 63 */ { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, }, /* MCS 64 */ { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, }, /* 40 Mhz */ { 297.0, /* SGI */ 330.0, }, }, /* MCS 65 */ { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, }, /* MCS 66 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 67 */ { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, }, /* MCS 68 */ { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, }, /* MCS 69 */ { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, }, /* MCS 70 */ { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, }, /* MCS 71 */ { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, }, /* MCS 72 */ { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, }, /* MCS 73 */ { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, }, /* MCS 74 */ { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, }, /* MCS 75 */ { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, }, /* MCS 76 */ { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, }, /* 40 Mhz */ { 445.5, /* SGI */ 495.0, }, }, }; static const char *auth_alg_text[]={"Open System","Shared Key","EAP"}; #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0]) static const char *status_text[] = { "Successful", /* 0 */ "Unspecified failure", /* 1 */ "Reserved", /* 2 */ "Reserved", /* 3 */ "Reserved", /* 4 */ "Reserved", /* 5 */ "Reserved", /* 6 */ "Reserved", /* 7 */ "Reserved", /* 8 */ "Reserved", /* 9 */ "Cannot Support all requested capabilities in the Capability " "Information field", /* 10 */ "Reassociation denied due to inability to confirm that association " "exists", /* 11 */ "Association denied due to reason outside the scope of the " "standard", /* 12 */ "Responding station does not support the specified authentication " "algorithm ", /* 13 */ "Received an Authentication frame with authentication transaction " "sequence number out of expected sequence", /* 14 */ "Authentication rejected because of challenge failure", /* 15 */ "Authentication rejected due to timeout waiting for next frame in " "sequence", /* 16 */ "Association denied because AP is unable to handle additional" "associated stations", /* 17 */ "Association denied due to requesting station not supporting all of " "the data rates in BSSBasicRateSet parameter", /* 18 */ "Association denied due to requesting station not supporting " "short preamble operation", /* 19 */ "Association denied due to requesting station not supporting " "PBCC encoding", /* 20 */ "Association denied due to requesting station not supporting " "channel agility", /* 21 */ "Association request rejected because Spectrum Management " "capability is required", /* 22 */ "Association request rejected because the information in the " "Power Capability element is unacceptable", /* 23 */ "Association request rejected because the information in the " "Supported Channels element is unacceptable", /* 24 */ "Association denied due to requesting station not supporting " "short slot operation", /* 25 */ "Association denied due to requesting station not supporting " "DSSS-OFDM operation", /* 26 */ "Association denied because the requested STA does not support HT " "features", /* 27 */ "Reserved", /* 28 */ "Association denied because the requested STA does not support " "the PCO transition time required by the AP", /* 29 */ "Reserved", /* 30 */ "Reserved", /* 31 */ "Unspecified, QoS-related failure", /* 32 */ "Association denied due to QAP having insufficient bandwidth " "to handle another QSTA", /* 33 */ "Association denied due to excessive frame loss rates and/or " "poor conditions on current operating channel", /* 34 */ "Association (with QBSS) denied due to requesting station not " "supporting the QoS facility", /* 35 */ "Association denied due to requesting station not supporting " "Block Ack", /* 36 */ "The request has been declined", /* 37 */ "The request has not been successful as one or more parameters " "have invalid values", /* 38 */ "The TS has not been created because the request cannot be honored. " "Try again with the suggested changes to the TSPEC", /* 39 */ "Invalid Information Element", /* 40 */ "Group Cipher is not valid", /* 41 */ "Pairwise Cipher is not valid", /* 42 */ "AKMP is not valid", /* 43 */ "Unsupported RSN IE version", /* 44 */ "Invalid RSN IE Capabilities", /* 45 */ "Cipher suite is rejected per security policy", /* 46 */ "The TS has not been created. However, the HC may be capable of " "creating a TS, in response to a request, after the time indicated " "in the TS Delay element", /* 47 */ "Direct Link is not allowed in the BSS by policy", /* 48 */ "Destination STA is not present within this QBSS.", /* 49 */ "The Destination STA is not a QSTA.", /* 50 */ }; #define NUM_STATUSES (sizeof status_text / sizeof status_text[0]) static const char *reason_text[] = { "Reserved", /* 0 */ "Unspecified reason", /* 1 */ "Previous authentication no longer valid", /* 2 */ "Deauthenticated because sending station is leaving (or has left) " "IBSS or ESS", /* 3 */ "Disassociated due to inactivity", /* 4 */ "Disassociated because AP is unable to handle all currently " " associated stations", /* 5 */ "Class 2 frame received from nonauthenticated station", /* 6 */ "Class 3 frame received from nonassociated station", /* 7 */ "Disassociated because sending station is leaving " "(or has left) BSS", /* 8 */ "Station requesting (re)association is not authenticated with " "responding station", /* 9 */ "Disassociated because the information in the Power Capability " "element is unacceptable", /* 10 */ "Disassociated because the information in the SupportedChannels " "element is unacceptable", /* 11 */ "Invalid Information Element", /* 12 */ "Reserved", /* 13 */ "Michael MIC failure", /* 14 */ "4-Way Handshake timeout", /* 15 */ "Group key update timeout", /* 16 */ "Information element in 4-Way Handshake different from (Re)Association" "Request/Probe Response/Beacon", /* 17 */ "Group Cipher is not valid", /* 18 */ "AKMP is not valid", /* 20 */ "Unsupported RSN IE version", /* 21 */ "Invalid RSN IE Capabilities", /* 22 */ "IEEE 802.1X Authentication failed", /* 23 */ "Cipher suite is rejected per security policy", /* 24 */ "Reserved", /* 25 */ "Reserved", /* 26 */ "Reserved", /* 27 */ "Reserved", /* 28 */ "Reserved", /* 29 */ "Reserved", /* 30 */ "TS deleted because QoS AP lacks sufficient bandwidth for this " "QoS STA due to a change in BSS service characteristics or " "operational mode (e.g. an HT BSS change from 40 MHz channel " "to 20 MHz channel)", /* 31 */ "Disassociated for unspecified, QoS-related reason", /* 32 */ "Disassociated because QoS AP lacks sufficient bandwidth for this " "QoS STA", /* 33 */ "Disassociated because of excessive number of frames that need to be " "acknowledged, but are not acknowledged for AP transmissions " "and/or poor channel conditions", /* 34 */ "Disassociated because STA is transmitting outside the limits " "of its TXOPs", /* 35 */ "Requested from peer STA as the STA is leaving the BSS " "(or resetting)", /* 36 */ "Requested from peer STA as it does not want to use the " "mechanism", /* 37 */ "Requested from peer STA as the STA received frames using the " "mechanism for which a set up is required", /* 38 */ "Requested from peer STA due to time out", /* 39 */ "Reserved", /* 40 */ "Reserved", /* 41 */ "Reserved", /* 42 */ "Reserved", /* 43 */ "Reserved", /* 44 */ "Peer STA does not support the requested cipher suite", /* 45 */ "Association denied due to requesting STA not supporting HT " "features", /* 46 */ }; #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0]) static int wep_print(netdissect_options *ndo, const u_char *p) { uint32_t iv; if (!ND_TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN)) return 0; iv = EXTRACT_LE_32BITS(p); ND_PRINT((ndo, "Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv), IV_KEYID(iv))); return 1; } static int parse_elements(netdissect_options *ndo, struct mgmt_body_t *pbody, const u_char *p, int offset, u_int length) { u_int elementlen; struct ssid_t ssid; struct challenge_t challenge; struct rates_t rates; struct ds_t ds; struct cf_t cf; struct tim_t tim; /* * We haven't seen any elements yet. */ pbody->challenge_present = 0; pbody->ssid_present = 0; pbody->rates_present = 0; pbody->ds_present = 0; pbody->cf_present = 0; pbody->tim_present = 0; while (length != 0) { /* Make sure we at least have the element ID and length. */ if (!ND_TTEST2(*(p + offset), 2)) return 0; if (length < 2) return 0; elementlen = *(p + offset + 1); /* Make sure we have the entire element. */ if (!ND_TTEST2(*(p + offset + 2), elementlen)) return 0; if (length < elementlen + 2) return 0; switch (*(p + offset)) { case E_SSID: memcpy(&ssid, p + offset, 2); offset += 2; length -= 2; if (ssid.length != 0) { if (ssid.length > sizeof(ssid.ssid) - 1) return 0; if (!ND_TTEST2(*(p + offset), ssid.length)) return 0; if (length < ssid.length) return 0; memcpy(&ssid.ssid, p + offset, ssid.length); offset += ssid.length; length -= ssid.length; } ssid.ssid[ssid.length] = '\0'; /* * Present and not truncated. * * If we haven't already seen an SSID IE, * copy this one, otherwise ignore this one, * so we later report the first one we saw. */ if (!pbody->ssid_present) { pbody->ssid = ssid; pbody->ssid_present = 1; } break; case E_CHALLENGE: memcpy(&challenge, p + offset, 2); offset += 2; length -= 2; if (challenge.length != 0) { if (challenge.length > sizeof(challenge.text) - 1) return 0; if (!ND_TTEST2(*(p + offset), challenge.length)) return 0; if (length < challenge.length) return 0; memcpy(&challenge.text, p + offset, challenge.length); offset += challenge.length; length -= challenge.length; } challenge.text[challenge.length] = '\0'; /* * Present and not truncated. * * If we haven't already seen a challenge IE, * copy this one, otherwise ignore this one, * so we later report the first one we saw. */ if (!pbody->challenge_present) { pbody->challenge = challenge; pbody->challenge_present = 1; } break; case E_RATES: memcpy(&rates, p + offset, 2); offset += 2; length -= 2; if (rates.length != 0) { if (rates.length > sizeof rates.rate) return 0; if (!ND_TTEST2(*(p + offset), rates.length)) return 0; if (length < rates.length) return 0; memcpy(&rates.rate, p + offset, rates.length); offset += rates.length; length -= rates.length; } /* * Present and not truncated. * * If we haven't already seen a rates IE, * copy this one if it's not zero-length, * otherwise ignore this one, so we later * report the first one we saw. * * We ignore zero-length rates IEs as some * devices seem to put a zero-length rates * IE, followed by an SSID IE, followed by * a non-zero-length rates IE into frames, * even though IEEE Std 802.11-2007 doesn't * seem to indicate that a zero-length rates * IE is valid. */ if (!pbody->rates_present && rates.length != 0) { pbody->rates = rates; pbody->rates_present = 1; } break; case E_DS: memcpy(&ds, p + offset, 2); offset += 2; length -= 2; if (ds.length != 1) { offset += ds.length; length -= ds.length; break; } ds.channel = *(p + offset); offset += 1; length -= 1; /* * Present and not truncated. * * If we haven't already seen a DS IE, * copy this one, otherwise ignore this one, * so we later report the first one we saw. */ if (!pbody->ds_present) { pbody->ds = ds; pbody->ds_present = 1; } break; case E_CF: memcpy(&cf, p + offset, 2); offset += 2; length -= 2; if (cf.length != 6) { offset += cf.length; length -= cf.length; break; } memcpy(&cf.count, p + offset, 6); offset += 6; length -= 6; /* * Present and not truncated. * * If we haven't already seen a CF IE, * copy this one, otherwise ignore this one, * so we later report the first one we saw. */ if (!pbody->cf_present) { pbody->cf = cf; pbody->cf_present = 1; } break; case E_TIM: memcpy(&tim, p + offset, 2); offset += 2; length -= 2; if (tim.length <= 3) { offset += tim.length; length -= tim.length; break; } if (tim.length - 3 > (int)sizeof tim.bitmap) return 0; memcpy(&tim.count, p + offset, 3); offset += 3; length -= 3; memcpy(tim.bitmap, p + (tim.length - 3), (tim.length - 3)); offset += tim.length - 3; length -= tim.length - 3; /* * Present and not truncated. * * If we haven't already seen a TIM IE, * copy this one, otherwise ignore this one, * so we later report the first one we saw. */ if (!pbody->tim_present) { pbody->tim = tim; pbody->tim_present = 1; } break; default: #if 0 ND_PRINT((ndo, "(1) unhandled element_id (%d) ", *(p + offset))); #endif offset += 2 + elementlen; length -= 2 + elementlen; break; } } /* No problems found. */ return 1; } /********************************************************************************* * Print Handle functions for the management frame types *********************************************************************************/ static int handle_beacon(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN)) return 0; if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN) return 0; memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); offset += IEEE802_11_TSTAMP_LEN; length -= IEEE802_11_TSTAMP_LEN; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_BCNINT_LEN; length -= IEEE802_11_BCNINT_LEN; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; ret = parse_elements(ndo, &pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); ND_PRINT((ndo, " %s", CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS")); PRINT_DS_CHANNEL(pbody); return ret; } static int handle_assoc_request(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)) return 0; if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_LISTENINT_LEN; length -= IEEE802_11_LISTENINT_LEN; ret = parse_elements(ndo, &pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); return ret; } static int handle_assoc_response(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + IEEE802_11_AID_LEN)) return 0; if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + IEEE802_11_AID_LEN) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; pbody.status_code = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_STATUS_LEN; length -= IEEE802_11_STATUS_LEN; pbody.aid = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_AID_LEN; length -= IEEE802_11_AID_LEN; ret = parse_elements(ndo, &pbody, p, offset, length); ND_PRINT((ndo, " AID(%x) :%s: %s", ((uint16_t)(pbody.aid << 2 )) >> 2 , CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "", (pbody.status_code < NUM_STATUSES ? status_text[pbody.status_code] : "n/a"))); return ret; } static int handle_reassoc_request(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + IEEE802_11_AP_LEN)) return 0; if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + IEEE802_11_AP_LEN) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_LISTENINT_LEN; length -= IEEE802_11_LISTENINT_LEN; memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN); offset += IEEE802_11_AP_LEN; length -= IEEE802_11_AP_LEN; ret = parse_elements(ndo, &pbody, p, offset, length); PRINT_SSID(pbody); ND_PRINT((ndo, " AP : %s", etheraddr_string(ndo, pbody.ap ))); return ret; } static int handle_reassoc_response(netdissect_options *ndo, const u_char *p, u_int length) { /* Same as a Association Reponse */ return handle_assoc_response(ndo, p, length); } static int handle_probe_request(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); ret = parse_elements(ndo, &pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); return ret; } static int handle_probe_response(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN)) return 0; if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN) return 0; memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); offset += IEEE802_11_TSTAMP_LEN; length -= IEEE802_11_TSTAMP_LEN; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_BCNINT_LEN; length -= IEEE802_11_BCNINT_LEN; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; ret = parse_elements(ndo, &pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); PRINT_DS_CHANNEL(pbody); return ret; } static int handle_atim(void) { /* the frame body for ATIM is null. */ return 1; } static int handle_disassoc(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_REASON_LEN)) return 0; if (length < IEEE802_11_REASON_LEN) return 0; pbody.reason_code = EXTRACT_LE_16BITS(p); ND_PRINT((ndo, ": %s", (pbody.reason_code < NUM_REASONS) ? reason_text[pbody.reason_code] : "Reserved")); return 1; } static int handle_auth(netdissect_options *ndo, const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, 6)) return 0; if (length < 6) return 0; pbody.auth_alg = EXTRACT_LE_16BITS(p); offset += 2; length -= 2; pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset); offset += 2; length -= 2; pbody.status_code = EXTRACT_LE_16BITS(p + offset); offset += 2; length -= 2; ret = parse_elements(ndo, &pbody, p, offset, length); if ((pbody.auth_alg == 1) && ((pbody.auth_trans_seq_num == 2) || (pbody.auth_trans_seq_num == 3))) { ND_PRINT((ndo, " (%s)-%x [Challenge Text] %s", (pbody.auth_alg < NUM_AUTH_ALGS) ? auth_alg_text[pbody.auth_alg] : "Reserved", pbody.auth_trans_seq_num, ((pbody.auth_trans_seq_num % 2) ? ((pbody.status_code < NUM_STATUSES) ? status_text[pbody.status_code] : "n/a") : ""))); return ret; } ND_PRINT((ndo, " (%s)-%x: %s", (pbody.auth_alg < NUM_AUTH_ALGS) ? auth_alg_text[pbody.auth_alg] : "Reserved", pbody.auth_trans_seq_num, (pbody.auth_trans_seq_num % 2) ? ((pbody.status_code < NUM_STATUSES) ? status_text[pbody.status_code] : "n/a") : "")); return ret; } static int handle_deauth(netdissect_options *ndo, const struct mgmt_header_t *pmh, const u_char *p, u_int length) { struct mgmt_body_t pbody; const char *reason = NULL; memset(&pbody, 0, sizeof(pbody)); if (!ND_TTEST2(*p, IEEE802_11_REASON_LEN)) return 0; if (length < IEEE802_11_REASON_LEN) return 0; pbody.reason_code = EXTRACT_LE_16BITS(p); reason = (pbody.reason_code < NUM_REASONS) ? reason_text[pbody.reason_code] : "Reserved"; if (ndo->ndo_eflag) { ND_PRINT((ndo, ": %s", reason)); } else { ND_PRINT((ndo, " (%s): %s", etheraddr_string(ndo, pmh->sa), reason)); } return 1; } #define PRINT_HT_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "TxChWidth")) : \ (v) == 1 ? ND_PRINT((ndo, "MIMOPwrSave")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_BA_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "ADDBA Request")) : \ (v) == 1 ? ND_PRINT((ndo, "ADDBA Response")) : \ (v) == 2 ? ND_PRINT((ndo, "DELBA")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_MESHLINK_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "Request")) : \ (v) == 1 ? ND_PRINT((ndo, "Report")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_MESHPEERING_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "Open")) : \ (v) == 1 ? ND_PRINT((ndo, "Confirm")) : \ (v) == 2 ? ND_PRINT((ndo, "Close")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_MESHPATH_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "Request")) : \ (v) == 1 ? ND_PRINT((ndo, "Report")) : \ (v) == 2 ? ND_PRINT((ndo, "Error")) : \ (v) == 3 ? ND_PRINT((ndo, "RootAnnouncement")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_MESH_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "MeshLink")) : \ (v) == 1 ? ND_PRINT((ndo, "HWMP")) : \ (v) == 2 ? ND_PRINT((ndo, "Gate Announcement")) : \ (v) == 3 ? ND_PRINT((ndo, "Congestion Control")) : \ (v) == 4 ? ND_PRINT((ndo, "MCCA Setup Request")) : \ (v) == 5 ? ND_PRINT((ndo, "MCCA Setup Reply")) : \ (v) == 6 ? ND_PRINT((ndo, "MCCA Advertisement Request")) : \ (v) == 7 ? ND_PRINT((ndo, "MCCA Advertisement")) : \ (v) == 8 ? ND_PRINT((ndo, "MCCA Teardown")) : \ (v) == 9 ? ND_PRINT((ndo, "TBTT Adjustment Request")) : \ (v) == 10 ? ND_PRINT((ndo, "TBTT Adjustment Response")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_MULTIHOP_ACTION(v) (\ (v) == 0 ? ND_PRINT((ndo, "Proxy Update")) : \ (v) == 1 ? ND_PRINT((ndo, "Proxy Update Confirmation")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) #define PRINT_SELFPROT_ACTION(v) (\ (v) == 1 ? ND_PRINT((ndo, "Peering Open")) : \ (v) == 2 ? ND_PRINT((ndo, "Peering Confirm")) : \ (v) == 3 ? ND_PRINT((ndo, "Peering Close")) : \ (v) == 4 ? ND_PRINT((ndo, "Group Key Inform")) : \ (v) == 5 ? ND_PRINT((ndo, "Group Key Acknowledge")) : \ ND_PRINT((ndo, "Act#%d", (v))) \ ) static int handle_action(netdissect_options *ndo, const struct mgmt_header_t *pmh, const u_char *p, u_int length) { if (!ND_TTEST2(*p, 2)) return 0; if (length < 2) return 0; if (ndo->ndo_eflag) { ND_PRINT((ndo, ": ")); } else { ND_PRINT((ndo, " (%s): ", etheraddr_string(ndo, pmh->sa))); } switch (p[0]) { case 0: ND_PRINT((ndo, "Spectrum Management Act#%d", p[1])); break; case 1: ND_PRINT((ndo, "QoS Act#%d", p[1])); break; case 2: ND_PRINT((ndo, "DLS Act#%d", p[1])); break; case 3: ND_PRINT((ndo, "BA ")); PRINT_BA_ACTION(p[1]); break; case 7: ND_PRINT((ndo, "HT ")); PRINT_HT_ACTION(p[1]); break; case 13: ND_PRINT((ndo, "MeshAction ")); PRINT_MESH_ACTION(p[1]); break; case 14: ND_PRINT((ndo, "MultiohopAction ")); PRINT_MULTIHOP_ACTION(p[1]); break; case 15: ND_PRINT((ndo, "SelfprotectAction ")); PRINT_SELFPROT_ACTION(p[1]); break; case 127: ND_PRINT((ndo, "Vendor Act#%d", p[1])); break; default: ND_PRINT((ndo, "Reserved(%d) Act#%d", p[0], p[1])); break; } return 1; } /********************************************************************************* * Print Body funcs *********************************************************************************/ static int mgmt_body_print(netdissect_options *ndo, uint16_t fc, const struct mgmt_header_t *pmh, const u_char *p, u_int length) { ND_PRINT((ndo, "%s", tok2str(st_str, "Unhandled Management subtype(%x)", FC_SUBTYPE(fc)))); switch (FC_SUBTYPE(fc)) { case ST_ASSOC_REQUEST: return handle_assoc_request(ndo, p, length); case ST_ASSOC_RESPONSE: return handle_assoc_response(ndo, p, length); case ST_REASSOC_REQUEST: return handle_reassoc_request(ndo, p, length); case ST_REASSOC_RESPONSE: return handle_reassoc_response(ndo, p, length); case ST_PROBE_REQUEST: return handle_probe_request(ndo, p, length); case ST_PROBE_RESPONSE: return handle_probe_response(ndo, p, length); case ST_BEACON: return handle_beacon(ndo, p, length); case ST_ATIM: return handle_atim(); case ST_DISASSOC: return handle_disassoc(ndo, p, length); case ST_AUTH: if (!ND_TTEST2(*p, 3)) return 0; if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) { ND_PRINT((ndo, "Authentication (Shared-Key)-3 ")); return wep_print(ndo, p); } return handle_auth(ndo, p, length); case ST_DEAUTH: return handle_deauth(ndo, pmh, p, length); case ST_ACTION: return handle_action(ndo, pmh, p, length); default: return 1; } } /********************************************************************************* * Handles printing all the control frame types *********************************************************************************/ static int ctrl_body_print(netdissect_options *ndo, uint16_t fc, const u_char *p) { ND_PRINT((ndo, "%s", tok2str(ctrl_str, "Unknown Ctrl Subtype", FC_SUBTYPE(fc)))); switch (FC_SUBTYPE(fc)) { case CTRL_CONTROL_WRAPPER: /* XXX - requires special handling */ break; case CTRL_BAR: if (!ND_TTEST2(*p, CTRL_BAR_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " RA:%s TA:%s CTL(%x) SEQ(%u) ", etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ra), etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ta), EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)))); break; case CTRL_BA: if (!ND_TTEST2(*p, CTRL_BA_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " RA:%s ", etheraddr_string(ndo, ((const struct ctrl_ba_t *)p)->ra))); break; case CTRL_PS_POLL: if (!ND_TTEST2(*p, CTRL_PS_POLL_HDRLEN)) return 0; ND_PRINT((ndo, " AID(%x)", EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid)))); break; case CTRL_RTS: if (!ND_TTEST2(*p, CTRL_RTS_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " TA:%s ", etheraddr_string(ndo, ((const struct ctrl_rts_t *)p)->ta))); break; case CTRL_CTS: if (!ND_TTEST2(*p, CTRL_CTS_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " RA:%s ", etheraddr_string(ndo, ((const struct ctrl_cts_t *)p)->ra))); break; case CTRL_ACK: if (!ND_TTEST2(*p, CTRL_ACK_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " RA:%s ", etheraddr_string(ndo, ((const struct ctrl_ack_t *)p)->ra))); break; case CTRL_CF_END: if (!ND_TTEST2(*p, CTRL_END_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " RA:%s ", etheraddr_string(ndo, ((const struct ctrl_end_t *)p)->ra))); break; case CTRL_END_ACK: if (!ND_TTEST2(*p, CTRL_END_ACK_HDRLEN)) return 0; if (!ndo->ndo_eflag) ND_PRINT((ndo, " RA:%s ", etheraddr_string(ndo, ((const struct ctrl_end_ack_t *)p)->ra))); break; } return 1; } /* * Print Header funcs */ /* * Data Frame - Address field contents * * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4 * 0 | 0 | DA | SA | BSSID | n/a * 0 | 1 | DA | BSSID | SA | n/a * 1 | 0 | BSSID | SA | DA | n/a * 1 | 1 | RA | TA | DA | SA */ static void data_header_print(netdissect_options *ndo, uint16_t fc, const u_char *p, const uint8_t **srcp, const uint8_t **dstp) { u_int subtype = FC_SUBTYPE(fc); if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) || DATA_FRAME_IS_QOS(subtype)) { ND_PRINT((ndo, "CF ")); if (DATA_FRAME_IS_CF_ACK(subtype)) { if (DATA_FRAME_IS_CF_POLL(subtype)) ND_PRINT((ndo, "Ack/Poll")); else ND_PRINT((ndo, "Ack")); } else { if (DATA_FRAME_IS_CF_POLL(subtype)) ND_PRINT((ndo, "Poll")); } if (DATA_FRAME_IS_QOS(subtype)) ND_PRINT((ndo, "+QoS")); ND_PRINT((ndo, " ")); } #define ADDR1 (p + 4) #define ADDR2 (p + 10) #define ADDR3 (p + 16) #define ADDR4 (p + 24) if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) { if (srcp != NULL) *srcp = ADDR2; if (dstp != NULL) *dstp = ADDR1; if (!ndo->ndo_eflag) return; ND_PRINT((ndo, "DA:%s SA:%s BSSID:%s ", etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2), etheraddr_string(ndo, ADDR3))); } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) { if (srcp != NULL) *srcp = ADDR3; if (dstp != NULL) *dstp = ADDR1; if (!ndo->ndo_eflag) return; ND_PRINT((ndo, "DA:%s BSSID:%s SA:%s ", etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2), etheraddr_string(ndo, ADDR3))); } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) { if (srcp != NULL) *srcp = ADDR2; if (dstp != NULL) *dstp = ADDR3; if (!ndo->ndo_eflag) return; ND_PRINT((ndo, "BSSID:%s SA:%s DA:%s ", etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2), etheraddr_string(ndo, ADDR3))); } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) { if (srcp != NULL) *srcp = ADDR4; if (dstp != NULL) *dstp = ADDR3; if (!ndo->ndo_eflag) return; ND_PRINT((ndo, "RA:%s TA:%s DA:%s SA:%s ", etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2), etheraddr_string(ndo, ADDR3), etheraddr_string(ndo, ADDR4))); } #undef ADDR1 #undef ADDR2 #undef ADDR3 #undef ADDR4 } static void mgmt_header_print(netdissect_options *ndo, const u_char *p, const uint8_t **srcp, const uint8_t **dstp) { const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p; if (srcp != NULL) *srcp = hp->sa; if (dstp != NULL) *dstp = hp->da; if (!ndo->ndo_eflag) return; ND_PRINT((ndo, "BSSID:%s DA:%s SA:%s ", etheraddr_string(ndo, (hp)->bssid), etheraddr_string(ndo, (hp)->da), etheraddr_string(ndo, (hp)->sa))); } static void ctrl_header_print(netdissect_options *ndo, uint16_t fc, const u_char *p, const uint8_t **srcp, const uint8_t **dstp) { if (srcp != NULL) *srcp = NULL; if (dstp != NULL) *dstp = NULL; if (!ndo->ndo_eflag) return; switch (FC_SUBTYPE(fc)) { case CTRL_BAR: ND_PRINT((ndo, " RA:%s TA:%s CTL(%x) SEQ(%u) ", etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ra), etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ta), EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)))); break; case CTRL_BA: ND_PRINT((ndo, "RA:%s ", etheraddr_string(ndo, ((const struct ctrl_ba_t *)p)->ra))); break; case CTRL_PS_POLL: ND_PRINT((ndo, "BSSID:%s TA:%s ", etheraddr_string(ndo, ((const struct ctrl_ps_poll_t *)p)->bssid), etheraddr_string(ndo, ((const struct ctrl_ps_poll_t *)p)->ta))); break; case CTRL_RTS: ND_PRINT((ndo, "RA:%s TA:%s ", etheraddr_string(ndo, ((const struct ctrl_rts_t *)p)->ra), etheraddr_string(ndo, ((const struct ctrl_rts_t *)p)->ta))); break; case CTRL_CTS: ND_PRINT((ndo, "RA:%s ", etheraddr_string(ndo, ((const struct ctrl_cts_t *)p)->ra))); break; case CTRL_ACK: ND_PRINT((ndo, "RA:%s ", etheraddr_string(ndo, ((const struct ctrl_ack_t *)p)->ra))); break; case CTRL_CF_END: ND_PRINT((ndo, "RA:%s BSSID:%s ", etheraddr_string(ndo, ((const struct ctrl_end_t *)p)->ra), etheraddr_string(ndo, ((const struct ctrl_end_t *)p)->bssid))); break; case CTRL_END_ACK: ND_PRINT((ndo, "RA:%s BSSID:%s ", etheraddr_string(ndo, ((const struct ctrl_end_ack_t *)p)->ra), etheraddr_string(ndo, ((const struct ctrl_end_ack_t *)p)->bssid))); break; default: ND_PRINT((ndo, "(H) Unknown Ctrl Subtype")); break; } } static int extract_header_length(netdissect_options *ndo, uint16_t fc) { int len; switch (FC_TYPE(fc)) { case T_MGMT: return MGMT_HDRLEN; case T_CTRL: switch (FC_SUBTYPE(fc)) { case CTRL_BAR: return CTRL_BAR_HDRLEN; case CTRL_PS_POLL: return CTRL_PS_POLL_HDRLEN; case CTRL_RTS: return CTRL_RTS_HDRLEN; case CTRL_CTS: return CTRL_CTS_HDRLEN; case CTRL_ACK: return CTRL_ACK_HDRLEN; case CTRL_CF_END: return CTRL_END_HDRLEN; case CTRL_END_ACK: return CTRL_END_ACK_HDRLEN; default: return 0; } case T_DATA: len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24; if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) len += 2; return len; default: ND_PRINT((ndo, "unknown IEEE802.11 frame type (%d)", FC_TYPE(fc))); return 0; } } static int extract_mesh_header_length(const u_char *p) { return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3)); } /* * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp" * to point to the source and destination MAC addresses in any case if * "srcp" and "dstp" aren't null. */ static void ieee_802_11_hdr_print(netdissect_options *ndo, uint16_t fc, const u_char *p, u_int hdrlen, u_int meshdrlen, const uint8_t **srcp, const uint8_t **dstp) { if (ndo->ndo_vflag) { if (FC_MORE_DATA(fc)) ND_PRINT((ndo, "More Data ")); if (FC_MORE_FLAG(fc)) ND_PRINT((ndo, "More Fragments ")); if (FC_POWER_MGMT(fc)) ND_PRINT((ndo, "Pwr Mgmt ")); if (FC_RETRY(fc)) ND_PRINT((ndo, "Retry ")); if (FC_ORDER(fc)) ND_PRINT((ndo, "Strictly Ordered ")); if (FC_WEP(fc)) ND_PRINT((ndo, "WEP Encrypted ")); if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL) ND_PRINT((ndo, "%dus ", EXTRACT_LE_16BITS( &((const struct mgmt_header_t *)p)->duration))); } if (meshdrlen != 0) { const struct meshcntl_t *mc = (const struct meshcntl_t *)&p[hdrlen - meshdrlen]; int ae = mc->flags & 3; ND_PRINT((ndo, "MeshData (AE %d TTL %u seq %u", ae, mc->ttl, EXTRACT_LE_32BITS(mc->seq))); if (ae > 0) ND_PRINT((ndo, " A4:%s", etheraddr_string(ndo, mc->addr4))); if (ae > 1) ND_PRINT((ndo, " A5:%s", etheraddr_string(ndo, mc->addr5))); if (ae > 2) ND_PRINT((ndo, " A6:%s", etheraddr_string(ndo, mc->addr6))); ND_PRINT((ndo, ") ")); } switch (FC_TYPE(fc)) { case T_MGMT: mgmt_header_print(ndo, p, srcp, dstp); break; case T_CTRL: ctrl_header_print(ndo, fc, p, srcp, dstp); break; case T_DATA: data_header_print(ndo, fc, p, srcp, dstp); break; default: ND_PRINT((ndo, "(header) unknown IEEE802.11 frame type (%d)", FC_TYPE(fc))); *srcp = NULL; *dstp = NULL; break; } } #ifndef roundup2 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */ #endif static u_int ieee802_11_print(netdissect_options *ndo, const u_char *p, u_int length, u_int orig_caplen, int pad, u_int fcslen) { uint16_t fc; u_int caplen, hdrlen, meshdrlen; const uint8_t *src, *dst; u_short extracted_ethertype; caplen = orig_caplen; /* Remove FCS, if present */ if (length < fcslen) { ND_PRINT((ndo, "%s", tstr)); return caplen; } length -= fcslen; if (caplen > length) { /* Amount of FCS in actual packet data, if any */ fcslen = caplen - length; caplen -= fcslen; ndo->ndo_snapend -= fcslen; } if (caplen < IEEE802_11_FC_LEN) { ND_PRINT((ndo, "%s", tstr)); return orig_caplen; } fc = EXTRACT_LE_16BITS(p); hdrlen = extract_header_length(ndo, fc); if (pad) hdrlen = roundup2(hdrlen, 4); if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA && DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { meshdrlen = extract_mesh_header_length(p+hdrlen); hdrlen += meshdrlen; } else meshdrlen = 0; if (caplen < hdrlen) { ND_PRINT((ndo, "%s", tstr)); return hdrlen; } ieee_802_11_hdr_print(ndo, fc, p, hdrlen, meshdrlen, &src, &dst); /* * Go past the 802.11 header. */ length -= hdrlen; caplen -= hdrlen; p += hdrlen; switch (FC_TYPE(fc)) { case T_MGMT: if (!mgmt_body_print(ndo, fc, (const struct mgmt_header_t *)(p - hdrlen), p, length)) { ND_PRINT((ndo, "%s", tstr)); return hdrlen; } break; case T_CTRL: if (!ctrl_body_print(ndo, fc, p - hdrlen)) { ND_PRINT((ndo, "%s", tstr)); return hdrlen; } break; case T_DATA: if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc))) return hdrlen; /* no-data frame */ /* There may be a problem w/ AP not having this bit set */ if (FC_WEP(fc)) { if (!wep_print(ndo, p)) { ND_PRINT((ndo, "%s", tstr)); return hdrlen; } } else if (llc_print(ndo, p, length, caplen, dst, src, &extracted_ethertype) == 0) { /* * Some kinds of LLC packet we cannot * handle intelligently */ if (!ndo->ndo_eflag) ieee_802_11_hdr_print(ndo, fc, p - hdrlen, hdrlen, meshdrlen, NULL, NULL); if (extracted_ethertype) ND_PRINT((ndo, "(LLC %s) ", etherproto_string( htons(extracted_ethertype)))); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } break; default: ND_PRINT((ndo, "unknown 802.11 frame type (%d)", FC_TYPE(fc))); break; } return hdrlen; } /* * This is the top level routine of the printer. 'p' points * to the 802.11 header of the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int ieee802_11_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { return ieee802_11_print(ndo, p, h->len, h->caplen, 0, 0); } #define IEEE80211_CHAN_FHSS \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK) #define IEEE80211_CHAN_A \ (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM) #define IEEE80211_CHAN_B \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK) #define IEEE80211_CHAN_PUREG \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM) #define IEEE80211_CHAN_G \ (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN) #define IS_CHAN_FHSS(flags) \ ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS) #define IS_CHAN_A(flags) \ ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A) #define IS_CHAN_B(flags) \ ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B) #define IS_CHAN_PUREG(flags) \ ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG) #define IS_CHAN_G(flags) \ ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G) #define IS_CHAN_ANYG(flags) \ (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags)) static void print_chaninfo(netdissect_options *ndo, int freq, int flags) { ND_PRINT((ndo, "%u MHz", freq)); if (IS_CHAN_FHSS(flags)) ND_PRINT((ndo, " FHSS")); if (IS_CHAN_A(flags)) { if (flags & IEEE80211_CHAN_HALF) ND_PRINT((ndo, " 11a/10Mhz")); else if (flags & IEEE80211_CHAN_QUARTER) ND_PRINT((ndo, " 11a/5Mhz")); else ND_PRINT((ndo, " 11a")); } if (IS_CHAN_ANYG(flags)) { if (flags & IEEE80211_CHAN_HALF) ND_PRINT((ndo, " 11g/10Mhz")); else if (flags & IEEE80211_CHAN_QUARTER) ND_PRINT((ndo, " 11g/5Mhz")); else ND_PRINT((ndo, " 11g")); } else if (IS_CHAN_B(flags)) ND_PRINT((ndo, " 11b")); if (flags & IEEE80211_CHAN_TURBO) ND_PRINT((ndo, " Turbo")); if (flags & IEEE80211_CHAN_HT20) ND_PRINT((ndo, " ht/20")); else if (flags & IEEE80211_CHAN_HT40D) ND_PRINT((ndo, " ht/40-")); else if (flags & IEEE80211_CHAN_HT40U) ND_PRINT((ndo, " ht/40+")); ND_PRINT((ndo, " ")); } static int print_radiotap_field(netdissect_options *ndo, struct cpack_state *s, uint32_t bit, uint8_t *flags, struct radiotap_state *state, uint32_t presentflags) { union { int8_t i8; uint8_t u8; int16_t i16; uint16_t u16; uint32_t u32; uint64_t u64; } u, u2, u3, u4; int rc; switch (bit) { case IEEE80211_RADIOTAP_FLAGS: rc = cpack_uint8(s, &u.u8); if (rc != 0) break; *flags = u.u8; break; case IEEE80211_RADIOTAP_RATE: rc = cpack_uint8(s, &u.u8); if (rc != 0) break; /* Save state rate */ state->rate = u.u8; break; case IEEE80211_RADIOTAP_DB_ANTSIGNAL: case IEEE80211_RADIOTAP_DB_ANTNOISE: case IEEE80211_RADIOTAP_ANTENNA: rc = cpack_uint8(s, &u.u8); break; case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: case IEEE80211_RADIOTAP_DBM_ANTNOISE: rc = cpack_int8(s, &u.i8); break; case IEEE80211_RADIOTAP_CHANNEL: rc = cpack_uint16(s, &u.u16); if (rc != 0) break; rc = cpack_uint16(s, &u2.u16); break; case IEEE80211_RADIOTAP_FHSS: case IEEE80211_RADIOTAP_LOCK_QUALITY: case IEEE80211_RADIOTAP_TX_ATTENUATION: case IEEE80211_RADIOTAP_RX_FLAGS: rc = cpack_uint16(s, &u.u16); break; case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: rc = cpack_uint8(s, &u.u8); break; case IEEE80211_RADIOTAP_DBM_TX_POWER: rc = cpack_int8(s, &u.i8); break; case IEEE80211_RADIOTAP_TSFT: rc = cpack_uint64(s, &u.u64); break; case IEEE80211_RADIOTAP_XCHANNEL: rc = cpack_uint32(s, &u.u32); if (rc != 0) break; rc = cpack_uint16(s, &u2.u16); if (rc != 0) break; rc = cpack_uint8(s, &u3.u8); if (rc != 0) break; rc = cpack_uint8(s, &u4.u8); break; case IEEE80211_RADIOTAP_MCS: rc = cpack_uint8(s, &u.u8); if (rc != 0) break; rc = cpack_uint8(s, &u2.u8); if (rc != 0) break; rc = cpack_uint8(s, &u3.u8); break; case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: { uint8_t vns[3]; uint16_t length; uint8_t subspace; if ((cpack_align_and_reserve(s, 2)) == NULL) { rc = -1; break; } rc = cpack_uint8(s, &vns[0]); if (rc != 0) break; rc = cpack_uint8(s, &vns[1]); if (rc != 0) break; rc = cpack_uint8(s, &vns[2]); if (rc != 0) break; rc = cpack_uint8(s, &subspace); if (rc != 0) break; rc = cpack_uint16(s, &length); if (rc != 0) break; /* Skip up to length */ s->c_next += length; break; } default: /* this bit indicates a field whose * size we do not know, so we cannot * proceed. Just print the bit number. */ ND_PRINT((ndo, "[bit %u] ", bit)); return -1; } if (rc != 0) { ND_PRINT((ndo, "%s", tstr)); return rc; } /* Preserve the state present flags */ state->present = presentflags; switch (bit) { case IEEE80211_RADIOTAP_CHANNEL: /* * If CHANNEL and XCHANNEL are both present, skip * CHANNEL. */ if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL)) break; print_chaninfo(ndo, u.u16, u2.u16); break; case IEEE80211_RADIOTAP_FHSS: ND_PRINT((ndo, "fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff)); break; case IEEE80211_RADIOTAP_RATE: /* * XXX On FreeBSD rate & 0x80 means we have an MCS. On * Linux and AirPcap it does not. (What about * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?) * * This is an issue either for proprietary extensions * to 11a or 11g, which do exist, or for 11n * implementations that stuff a rate value into * this field, which also appear to exist. * * We currently handle that by assuming that * if the 0x80 bit is set *and* the remaining * bits have a value between 0 and 15 it's * an MCS value, otherwise it's a rate. If * there are cases where systems that use * "0x80 + MCS index" for MCS indices > 15, * or stuff a rate value here between 64 and * 71.5 Mb/s in here, we'll need a preference * setting. Such rates do exist, e.g. 11n * MCS 7 at 20 MHz with a long guard interval. */ if (u.u8 >= 0x80 && u.u8 <= 0x8f) { /* * XXX - we don't know the channel width * or guard interval length, so we can't * convert this to a data rate. * * If you want us to show a data rate, * use the MCS field, not the Rate field; * the MCS field includes not only the * MCS index, it also includes bandwidth * and guard interval information. * * XXX - can we get the channel width * from XChannel and the guard interval * information from Flags, at least on * FreeBSD? */ ND_PRINT((ndo, "MCS %u ", u.u8 & 0x7f)); } else ND_PRINT((ndo, "%2.1f Mb/s ", .5 * u.u8)); break; case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: ND_PRINT((ndo, "%ddB signal ", u.i8)); break; case IEEE80211_RADIOTAP_DBM_ANTNOISE: ND_PRINT((ndo, "%ddB noise ", u.i8)); break; case IEEE80211_RADIOTAP_DB_ANTSIGNAL: ND_PRINT((ndo, "%ddB signal ", u.u8)); break; case IEEE80211_RADIOTAP_DB_ANTNOISE: ND_PRINT((ndo, "%ddB noise ", u.u8)); break; case IEEE80211_RADIOTAP_LOCK_QUALITY: ND_PRINT((ndo, "%u sq ", u.u16)); break; case IEEE80211_RADIOTAP_TX_ATTENUATION: ND_PRINT((ndo, "%d tx power ", -(int)u.u16)); break; case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: ND_PRINT((ndo, "%ddB tx power ", -(int)u.u8)); break; case IEEE80211_RADIOTAP_DBM_TX_POWER: ND_PRINT((ndo, "%ddBm tx power ", u.i8)); break; case IEEE80211_RADIOTAP_FLAGS: if (u.u8 & IEEE80211_RADIOTAP_F_CFP) ND_PRINT((ndo, "cfp ")); if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE) ND_PRINT((ndo, "short preamble ")); if (u.u8 & IEEE80211_RADIOTAP_F_WEP) ND_PRINT((ndo, "wep ")); if (u.u8 & IEEE80211_RADIOTAP_F_FRAG) ND_PRINT((ndo, "fragmented ")); if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS) ND_PRINT((ndo, "bad-fcs ")); break; case IEEE80211_RADIOTAP_ANTENNA: ND_PRINT((ndo, "antenna %d ", u.u8)); break; case IEEE80211_RADIOTAP_TSFT: ND_PRINT((ndo, "%" PRIu64 "us tsft ", u.u64)); break; case IEEE80211_RADIOTAP_RX_FLAGS: /* Do nothing for now */ break; case IEEE80211_RADIOTAP_XCHANNEL: print_chaninfo(ndo, u2.u16, u.u32); break; case IEEE80211_RADIOTAP_MCS: { static const char *bandwidth[4] = { "20 MHz", "40 MHz", "20 MHz (L)", "20 MHz (U)" }; float htrate; if (u.u8 & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) { /* * We know the MCS index. */ if (u3.u8 <= MAX_MCS_INDEX) { /* * And it's in-range. */ if (u.u8 & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) { /* * And we know both the bandwidth and * the guard interval, so we can look * up the rate. */ htrate = ieee80211_float_htrates \ [u3.u8] \ [((u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \ [((u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)]; } else { /* * We don't know both the bandwidth * and the guard interval, so we can * only report the MCS index. */ htrate = 0.0; } } else { /* * The MCS value is out of range. */ htrate = 0.0; } if (htrate != 0.0) { /* * We have the rate. * Print it. */ ND_PRINT((ndo, "%.1f Mb/s MCS %u ", htrate, u3.u8)); } else { /* * We at least have the MCS index. * Print it. */ ND_PRINT((ndo, "MCS %u ", u3.u8)); } } if (u.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) { ND_PRINT((ndo, "%s ", bandwidth[u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK])); } if (u.u8 & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) { ND_PRINT((ndo, "%s GI ", (u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? "short" : "lon")); } if (u.u8 & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) { ND_PRINT((ndo, "%s ", (u2.u8 & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ? "greenfield" : "mixed")); } if (u.u8 & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) { ND_PRINT((ndo, "%s FEC ", (u2.u8 & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ? "LDPC" : "BCC")); } if (u.u8 & IEEE80211_RADIOTAP_MCS_STBC_KNOWN) { ND_PRINT((ndo, "RX-STBC%u ", (u2.u8 & IEEE80211_RADIOTAP_MCS_STBC_MASK) >> IEEE80211_RADIOTAP_MCS_STBC_SHIFT)); } break; } } return 0; } static u_int ieee802_11_radio_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x))) #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x))) #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x))) #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x))) #define BITNO_2(x) (((x) & 2) ? 1 : 0) #define BIT(n) (1U << n) #define IS_EXTENDED(__p) \ (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0 struct cpack_state cpacker; struct ieee80211_radiotap_header *hdr; uint32_t present, next_present; uint32_t presentflags = 0; uint32_t *presentp, *last_presentp; enum ieee80211_radiotap_type bit; int bit0; u_int len; uint8_t flags; int pad; u_int fcslen; struct radiotap_state state; if (caplen < sizeof(*hdr)) { ND_PRINT((ndo, "%s", tstr)); return caplen; } hdr = (struct ieee80211_radiotap_header *)p; len = EXTRACT_LE_16BITS(&hdr->it_len); if (caplen < len) { ND_PRINT((ndo, "%s", tstr)); return caplen; } cpack_init(&cpacker, (uint8_t *)hdr, len); /* align against header start */ cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */ for (last_presentp = &hdr->it_present; IS_EXTENDED(last_presentp) && (u_char*)(last_presentp + 1) <= p + len; last_presentp++) cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */ /* are there more bitmap extensions than bytes in header? */ if (IS_EXTENDED(last_presentp)) { ND_PRINT((ndo, "%s", tstr)); return caplen; } /* Assume no flags */ flags = 0; /* Assume no Atheros padding between 802.11 header and body */ pad = 0; /* Assume no FCS at end of frame */ fcslen = 0; for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp; presentp++, bit0 += 32) { presentflags = EXTRACT_LE_32BITS(presentp); /* Clear state. */ memset(&state, 0, sizeof(state)); for (present = EXTRACT_LE_32BITS(presentp); present; present = next_present) { /* clear the least significant bit that is set */ next_present = present & (present - 1); /* extract the least significant bit that is set */ bit = (enum ieee80211_radiotap_type) (bit0 + BITNO_32(present ^ next_present)); if (print_radiotap_field(ndo, &cpacker, bit, &flags, &state, presentflags) != 0) goto out; } } out: if (flags & IEEE80211_RADIOTAP_F_DATAPAD) pad = 1; /* Atheros padding */ if (flags & IEEE80211_RADIOTAP_F_FCS) fcslen = 4; /* FCS at end of packet */ return len + ieee802_11_print(ndo, p + len, length - len, caplen - len, pad, fcslen); #undef BITNO_32 #undef BITNO_16 #undef BITNO_8 #undef BITNO_4 #undef BITNO_2 #undef BIT } static u_int ieee802_11_avs_radio_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { uint32_t caphdr_len; if (caplen < 8) { ND_PRINT((ndo, "%s", tstr)); return caplen; } caphdr_len = EXTRACT_32BITS(p + 4); if (caphdr_len < 8) { /* * Yow! The capture header length is claimed not * to be large enough to include even the version * cookie or capture header length! */ ND_PRINT((ndo, "%s", tstr)); return caplen; } if (caplen < caphdr_len) { ND_PRINT((ndo, "%s", tstr)); return caplen; } return caphdr_len + ieee802_11_print(ndo, p + caphdr_len, length - caphdr_len, caplen - caphdr_len, 0, 0); } #define PRISM_HDR_LEN 144 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002 /* * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header, * containing information such as radio information, which we * currently ignore. * * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS * (currently, on Linux, there's no ARPHRD_ type for * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for * the AVS header, and the first 4 bytes of the header are used to * indicate whether it's a Prism header or an AVS header). */ u_int prism_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; uint32_t msgcode; if (caplen < 4) { ND_PRINT((ndo, "%s", tstr)); return caplen; } msgcode = EXTRACT_32BITS(p); if (msgcode == WLANCAP_MAGIC_COOKIE_V1 || msgcode == WLANCAP_MAGIC_COOKIE_V2) return ieee802_11_avs_radio_print(ndo, p, length, caplen); if (caplen < PRISM_HDR_LEN) { ND_PRINT((ndo, "%s", tstr)); return caplen; } return PRISM_HDR_LEN + ieee802_11_print(ndo, p + PRISM_HDR_LEN, length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0); } /* * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra * header, containing information such as radio information. */ u_int ieee802_11_radio_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { return ieee802_11_radio_print(ndo, p, h->len, h->caplen); } /* * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an * extra header, containing information such as radio information, * which we currently ignore. */ u_int ieee802_11_radio_avs_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { return ieee802_11_avs_radio_print(ndo, p, h->len, h->caplen); } tcpdump-4.7.4/print-smtp.c0000644000026300017510000000162612431107727013617 0ustar mcrmcr/* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "netdissect.h" #include "extract.h" void smtp_print(netdissect_options *ndo, const u_char *pptr, u_int len) { txtproto_print(ndo, pptr, len, "smtp", NULL, 0); } tcpdump-4.7.4/nfs.h0000644000026300017510000003257012431107727012277 0ustar mcrmcr/* NetBSD: nfs.h,v 1.1 1996/05/23 22:49:53 fvdl Exp */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Rick Macklem at The University of Guelph. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)nfsproto.h 8.2 (Berkeley) 3/30/95 */ /* * nfs definitions as per the Version 2 and 3 specs */ /* * Constants as defined in the Sun NFS Version 2 and 3 specs. * "NFS: Network File System Protocol Specification" RFC1094 * and in the "NFS: Network File System Version 3 Protocol * Specification" */ #define NFS_PORT 2049 #define NFS_PROG 100003 #define NFS_VER2 2 #define NFS_VER3 3 #define NFS_V2MAXDATA 8192 #define NFS_MAXDGRAMDATA 16384 #define NFS_MAXDATA 32768 #define NFS_MAXPATHLEN 1024 #define NFS_MAXNAMLEN 255 #define NFS_MAXPKTHDR 404 #define NFS_MAXPACKET (NFS_MAXPKTHDR + NFS_MAXDATA) #define NFS_MINPACKET 20 #define NFS_FABLKSIZE 512 /* Size in bytes of a block wrt fa_blocks */ /* Stat numbers for rpc returns (version 2 and 3) */ #define NFS_OK 0 #define NFSERR_PERM 1 #define NFSERR_NOENT 2 #define NFSERR_IO 5 #define NFSERR_NXIO 6 #define NFSERR_ACCES 13 #define NFSERR_EXIST 17 #define NFSERR_XDEV 18 /* Version 3 only */ #define NFSERR_NODEV 19 #define NFSERR_NOTDIR 20 #define NFSERR_ISDIR 21 #define NFSERR_INVAL 22 /* Version 3 only */ #define NFSERR_FBIG 27 #define NFSERR_NOSPC 28 #define NFSERR_ROFS 30 #define NFSERR_MLINK 31 /* Version 3 only */ #define NFSERR_NAMETOL 63 #define NFSERR_NOTEMPTY 66 #define NFSERR_DQUOT 69 #define NFSERR_STALE 70 #define NFSERR_REMOTE 71 /* Version 3 only */ #define NFSERR_WFLUSH 99 /* Version 2 only */ #define NFSERR_BADHANDLE 10001 /* The rest Version 3 only */ #define NFSERR_NOT_SYNC 10002 #define NFSERR_BAD_COOKIE 10003 #define NFSERR_NOTSUPP 10004 #define NFSERR_TOOSMALL 10005 #define NFSERR_SERVERFAULT 10006 #define NFSERR_BADTYPE 10007 #define NFSERR_JUKEBOX 10008 #define NFSERR_TRYLATER NFSERR_JUKEBOX #define NFSERR_STALEWRITEVERF 30001 /* Fake return for nfs_commit() */ #define NFSERR_RETVOID 0x20000000 /* Return void, not error */ #define NFSERR_AUTHERR 0x40000000 /* Mark an authentication error */ #define NFSERR_RETERR 0x80000000 /* Mark an error return for V3 */ /* Sizes in bytes of various nfs rpc components */ #define NFSX_UNSIGNED 4 /* specific to NFS Version 2 */ #define NFSX_V2FH 32 #define NFSX_V2FATTR 68 #define NFSX_V2SATTR 32 #define NFSX_V2COOKIE 4 #define NFSX_V2STATFS 20 /* specific to NFS Version 3 */ #if 0 #define NFSX_V3FH (sizeof (fhandle_t)) /* size this server uses */ #endif #define NFSX_V3FHMAX 64 /* max. allowed by protocol */ #define NFSX_V3FATTR 84 #define NFSX_V3SATTR 60 /* max. all fields filled in */ #define NFSX_V3SRVSATTR (sizeof (struct nfsv3_sattr)) #define NFSX_V3POSTOPATTR (NFSX_V3FATTR + NFSX_UNSIGNED) #define NFSX_V3WCCDATA (NFSX_V3POSTOPATTR + 8 * NFSX_UNSIGNED) #define NFSX_V3COOKIEVERF 8 #define NFSX_V3WRITEVERF 8 #define NFSX_V3CREATEVERF 8 #define NFSX_V3STATFS 52 #define NFSX_V3FSINFO 48 #define NFSX_V3PATHCONF 24 /* variants for both versions */ #define NFSX_FH(v3) ((v3) ? (NFSX_V3FHMAX + NFSX_UNSIGNED) : \ NFSX_V2FH) #define NFSX_SRVFH(v3) ((v3) ? NFSX_V3FH : NFSX_V2FH) #define NFSX_FATTR(v3) ((v3) ? NFSX_V3FATTR : NFSX_V2FATTR) #define NFSX_PREOPATTR(v3) ((v3) ? (7 * NFSX_UNSIGNED) : 0) #define NFSX_POSTOPATTR(v3) ((v3) ? (NFSX_V3FATTR + NFSX_UNSIGNED) : 0) #define NFSX_POSTOPORFATTR(v3) ((v3) ? (NFSX_V3FATTR + NFSX_UNSIGNED) : \ NFSX_V2FATTR) #define NFSX_WCCDATA(v3) ((v3) ? NFSX_V3WCCDATA : 0) #define NFSX_WCCORFATTR(v3) ((v3) ? NFSX_V3WCCDATA : NFSX_V2FATTR) #define NFSX_SATTR(v3) ((v3) ? NFSX_V3SATTR : NFSX_V2SATTR) #define NFSX_COOKIEVERF(v3) ((v3) ? NFSX_V3COOKIEVERF : 0) #define NFSX_WRITEVERF(v3) ((v3) ? NFSX_V3WRITEVERF : 0) #define NFSX_READDIR(v3) ((v3) ? (5 * NFSX_UNSIGNED) : \ (2 * NFSX_UNSIGNED)) #define NFSX_STATFS(v3) ((v3) ? NFSX_V3STATFS : NFSX_V2STATFS) /* nfs rpc procedure numbers (before version mapping) */ #define NFSPROC_NULL 0 #define NFSPROC_GETATTR 1 #define NFSPROC_SETATTR 2 #define NFSPROC_LOOKUP 3 #define NFSPROC_ACCESS 4 #define NFSPROC_READLINK 5 #define NFSPROC_READ 6 #define NFSPROC_WRITE 7 #define NFSPROC_CREATE 8 #define NFSPROC_MKDIR 9 #define NFSPROC_SYMLINK 10 #define NFSPROC_MKNOD 11 #define NFSPROC_REMOVE 12 #define NFSPROC_RMDIR 13 #define NFSPROC_RENAME 14 #define NFSPROC_LINK 15 #define NFSPROC_READDIR 16 #define NFSPROC_READDIRPLUS 17 #define NFSPROC_FSSTAT 18 #define NFSPROC_FSINFO 19 #define NFSPROC_PATHCONF 20 #define NFSPROC_COMMIT 21 /* And leasing (nqnfs) procedure numbers (must be last) */ #define NQNFSPROC_GETLEASE 22 #define NQNFSPROC_VACATED 23 #define NQNFSPROC_EVICTED 24 #define NFSPROC_NOOP 25 #define NFS_NPROCS 26 /* Actual Version 2 procedure numbers */ #define NFSV2PROC_NULL 0 #define NFSV2PROC_GETATTR 1 #define NFSV2PROC_SETATTR 2 #define NFSV2PROC_NOOP 3 #define NFSV2PROC_ROOT NFSV2PROC_NOOP /* Obsolete */ #define NFSV2PROC_LOOKUP 4 #define NFSV2PROC_READLINK 5 #define NFSV2PROC_READ 6 #define NFSV2PROC_WRITECACHE NFSV2PROC_NOOP /* Obsolete */ #define NFSV2PROC_WRITE 8 #define NFSV2PROC_CREATE 9 #define NFSV2PROC_REMOVE 10 #define NFSV2PROC_RENAME 11 #define NFSV2PROC_LINK 12 #define NFSV2PROC_SYMLINK 13 #define NFSV2PROC_MKDIR 14 #define NFSV2PROC_RMDIR 15 #define NFSV2PROC_READDIR 16 #define NFSV2PROC_STATFS 17 /* * Constants used by the Version 3 protocol for various RPCs */ #define NFSV3SATTRTIME_DONTCHANGE 0 #define NFSV3SATTRTIME_TOSERVER 1 #define NFSV3SATTRTIME_TOCLIENT 2 #define NFSV3ATTRTIME_NMODES 3 #define NFSV3ACCESS_READ 0x01 #define NFSV3ACCESS_LOOKUP 0x02 #define NFSV3ACCESS_MODIFY 0x04 #define NFSV3ACCESS_EXTEND 0x08 #define NFSV3ACCESS_DELETE 0x10 #define NFSV3ACCESS_EXECUTE 0x20 #define NFSV3ACCESS_FULL 0x3f #define NFSV3WRITE_UNSTABLE 0 #define NFSV3WRITE_DATASYNC 1 #define NFSV3WRITE_FILESYNC 2 #define NFSV3WRITE_NMODES 3 #define NFSV3CREATE_UNCHECKED 0 #define NFSV3CREATE_GUARDED 1 #define NFSV3CREATE_EXCLUSIVE 2 #define NFSV3CREATE_NMODES 3 #define NFSV3FSINFO_LINK 0x01 #define NFSV3FSINFO_SYMLINK 0x02 #define NFSV3FSINFO_HOMOGENEOUS 0x08 #define NFSV3FSINFO_CANSETTIME 0x10 /* Conversion macros */ #define vtonfsv2_mode(t,m) \ txdr_unsigned(((t) == VFIFO) ? MAKEIMODE(VCHR, (m)) : \ MAKEIMODE((t), (m))) #define vtonfsv3_mode(m) txdr_unsigned((m) & 07777) #define nfstov_mode(a) (fxdr_unsigned(uint16_t, (a))&07777) #define vtonfsv2_type(a) txdr_unsigned(nfsv2_type[((int32_t)(a))]) #define vtonfsv3_type(a) txdr_unsigned(nfsv3_type[((int32_t)(a))]) #define nfsv2tov_type(a) nv2tov_type[fxdr_unsigned(uint32_t,(a))&0x7] #define nfsv3tov_type(a) nv3tov_type[fxdr_unsigned(uint32_t,(a))&0x7] /* File types */ typedef enum { NFNON=0, NFREG=1, NFDIR=2, NFBLK=3, NFCHR=4, NFLNK=5, NFSOCK=6, NFFIFO=7 } nfs_type; /* Structs for common parts of the rpc's */ /* * File Handle (32 bytes for version 2), variable up to 64 for version 3. * File Handles of up to NFS_SMALLFH in size are stored directly in the * nfs node, whereas larger ones are malloc'd. (This never happens when * NFS_SMALLFH is set to 64.) * NFS_SMALLFH should be in the range of 32 to 64 and be divisible by 4. */ #ifndef NFS_SMALLFH #define NFS_SMALLFH 64 #endif union nfsfh { /* fhandle_t fh_generic; */ u_char fh_bytes[NFS_SMALLFH]; }; typedef union nfsfh nfsfh_t; struct nfsv2_time { uint32_t nfsv2_sec; uint32_t nfsv2_usec; }; typedef struct nfsv2_time nfstime2; struct nfsv3_time { uint32_t nfsv3_sec; uint32_t nfsv3_nsec; }; typedef struct nfsv3_time nfstime3; /* * Quads are defined as arrays of 2 longs to ensure dense packing for the * protocol and to facilitate xdr conversion. */ struct nfs_uquad { uint32_t nfsuquad[2]; }; typedef struct nfs_uquad nfsuint64; /* * NFS Version 3 special file number. */ struct nfsv3_spec { uint32_t specdata1; uint32_t specdata2; }; typedef struct nfsv3_spec nfsv3spec; /* * File attributes and setable attributes. These structures cover both * NFS version 2 and the version 3 protocol. Note that the union is only * used so that one pointer can refer to both variants. These structures * go out on the wire and must be densely packed, so no quad data types * are used. (all fields are longs or u_longs or structures of same) * NB: You can't do sizeof(struct nfs_fattr), you must use the * NFSX_FATTR(v3) macro. */ struct nfs_fattr { uint32_t fa_type; uint32_t fa_mode; uint32_t fa_nlink; uint32_t fa_uid; uint32_t fa_gid; union { struct { uint32_t nfsv2fa_size; uint32_t nfsv2fa_blocksize; uint32_t nfsv2fa_rdev; uint32_t nfsv2fa_blocks; uint32_t nfsv2fa_fsid; uint32_t nfsv2fa_fileid; nfstime2 nfsv2fa_atime; nfstime2 nfsv2fa_mtime; nfstime2 nfsv2fa_ctime; } fa_nfsv2; struct { nfsuint64 nfsv3fa_size; nfsuint64 nfsv3fa_used; nfsv3spec nfsv3fa_rdev; nfsuint64 nfsv3fa_fsid; nfsuint64 nfsv3fa_fileid; nfstime3 nfsv3fa_atime; nfstime3 nfsv3fa_mtime; nfstime3 nfsv3fa_ctime; } fa_nfsv3; } fa_un; }; /* and some ugly defines for accessing union components */ #define fa2_size fa_un.fa_nfsv2.nfsv2fa_size #define fa2_blocksize fa_un.fa_nfsv2.nfsv2fa_blocksize #define fa2_rdev fa_un.fa_nfsv2.nfsv2fa_rdev #define fa2_blocks fa_un.fa_nfsv2.nfsv2fa_blocks #define fa2_fsid fa_un.fa_nfsv2.nfsv2fa_fsid #define fa2_fileid fa_un.fa_nfsv2.nfsv2fa_fileid #define fa2_atime fa_un.fa_nfsv2.nfsv2fa_atime #define fa2_mtime fa_un.fa_nfsv2.nfsv2fa_mtime #define fa2_ctime fa_un.fa_nfsv2.nfsv2fa_ctime #define fa3_size fa_un.fa_nfsv3.nfsv3fa_size #define fa3_used fa_un.fa_nfsv3.nfsv3fa_used #define fa3_rdev fa_un.fa_nfsv3.nfsv3fa_rdev #define fa3_fsid fa_un.fa_nfsv3.nfsv3fa_fsid #define fa3_fileid fa_un.fa_nfsv3.nfsv3fa_fileid #define fa3_atime fa_un.fa_nfsv3.nfsv3fa_atime #define fa3_mtime fa_un.fa_nfsv3.nfsv3fa_mtime #define fa3_ctime fa_un.fa_nfsv3.nfsv3fa_ctime struct nfsv2_sattr { uint32_t sa_mode; uint32_t sa_uid; uint32_t sa_gid; uint32_t sa_size; nfstime2 sa_atime; nfstime2 sa_mtime; }; /* * NFS Version 3 sattr structure for the new node creation case. */ struct nfsv3_sattr { uint32_t sa_modeset; uint32_t sa_mode; uint32_t sa_uidset; uint32_t sa_uid; uint32_t sa_gidset; uint32_t sa_gid; uint32_t sa_sizeset; uint32_t sa_size; uint32_t sa_atimetype; nfstime3 sa_atime; uint32_t sa_mtimetype; nfstime3 sa_mtime; }; struct nfs_statfs { union { struct { uint32_t nfsv2sf_tsize; uint32_t nfsv2sf_bsize; uint32_t nfsv2sf_blocks; uint32_t nfsv2sf_bfree; uint32_t nfsv2sf_bavail; } sf_nfsv2; struct { nfsuint64 nfsv3sf_tbytes; nfsuint64 nfsv3sf_fbytes; nfsuint64 nfsv3sf_abytes; nfsuint64 nfsv3sf_tfiles; nfsuint64 nfsv3sf_ffiles; nfsuint64 nfsv3sf_afiles; uint32_t nfsv3sf_invarsec; } sf_nfsv3; } sf_un; }; #define sf_tsize sf_un.sf_nfsv2.nfsv2sf_tsize #define sf_bsize sf_un.sf_nfsv2.nfsv2sf_bsize #define sf_blocks sf_un.sf_nfsv2.nfsv2sf_blocks #define sf_bfree sf_un.sf_nfsv2.nfsv2sf_bfree #define sf_bavail sf_un.sf_nfsv2.nfsv2sf_bavail #define sf_tbytes sf_un.sf_nfsv3.nfsv3sf_tbytes #define sf_fbytes sf_un.sf_nfsv3.nfsv3sf_fbytes #define sf_abytes sf_un.sf_nfsv3.nfsv3sf_abytes #define sf_tfiles sf_un.sf_nfsv3.nfsv3sf_tfiles #define sf_ffiles sf_un.sf_nfsv3.nfsv3sf_ffiles #define sf_afiles sf_un.sf_nfsv3.nfsv3sf_afiles #define sf_invarsec sf_un.sf_nfsv3.nfsv3sf_invarsec struct nfsv3_fsinfo { uint32_t fs_rtmax; uint32_t fs_rtpref; uint32_t fs_rtmult; uint32_t fs_wtmax; uint32_t fs_wtpref; uint32_t fs_wtmult; uint32_t fs_dtpref; nfsuint64 fs_maxfilesize; nfstime3 fs_timedelta; uint32_t fs_properties; }; struct nfsv3_pathconf { uint32_t pc_linkmax; uint32_t pc_namemax; uint32_t pc_notrunc; uint32_t pc_chownrestricted; uint32_t pc_caseinsensitive; uint32_t pc_casepreserving; }; tcpdump-4.7.4/print-pflog.c0000644000026300017510000001140712431107727013741 0ustar mcrmcr/* * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #ifndef HAVE_NET_PFVAR_H #error "No pf headers available" #endif #include #include #include #include #include #include #include "interface.h" #include "extract.h" static const char tstr[] = "[|pflog]"; static const struct tok pf_reasons[] = { { 0, "0(match)" }, { 1, "1(bad-offset)" }, { 2, "2(fragment)" }, { 3, "3(short)" }, { 4, "4(normalize)" }, { 5, "5(memory)" }, { 6, "6(bad-timestamp)" }, { 7, "7(congestion)" }, { 8, "8(ip-option)" }, { 9, "9(proto-cksum)" }, { 10, "10(state-mismatch)" }, { 11, "11(state-insert)" }, { 12, "12(state-limit)" }, { 13, "13(src-limit)" }, { 14, "14(synproxy)" }, { 0, NULL } }; static const struct tok pf_actions[] = { { PF_PASS, "pass" }, { PF_DROP, "block" }, { PF_SCRUB, "scrub" }, { PF_NAT, "nat" }, { PF_NONAT, "nat" }, { PF_BINAT, "binat" }, { PF_NOBINAT, "binat" }, { PF_RDR, "rdr" }, { PF_NORDR, "rdr" }, { PF_SYNPROXY_DROP, "synproxy-drop" }, { 0, NULL } }; static const struct tok pf_directions[] = { { PF_INOUT, "in/out" }, { PF_IN, "in" }, { PF_OUT, "out" }, { 0, NULL } }; /* For reading capture files on other systems */ #define OPENBSD_AF_INET 2 #define OPENBSD_AF_INET6 24 static void pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr) { uint32_t rulenr, subrulenr; rulenr = EXTRACT_32BITS(&hdr->rulenr); subrulenr = EXTRACT_32BITS(&hdr->subrulenr); if (subrulenr == (uint32_t)-1) ND_PRINT((ndo, "rule %u/", rulenr)); else ND_PRINT((ndo, "rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr)); ND_PRINT((ndo, "%s: %s %s on %s: ", tok2str(pf_reasons, "unkn(%u)", hdr->reason), tok2str(pf_actions, "unkn(%u)", hdr->action), tok2str(pf_directions, "unkn(%u)", hdr->dir), hdr->ifname)); } u_int pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { u_int length = h->len; u_int hdrlen; u_int caplen = h->caplen; const struct pfloghdr *hdr; uint8_t af; /* check length */ if (caplen < sizeof(uint8_t)) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } #define MIN_PFLOG_HDRLEN 45 hdr = (struct pfloghdr *)p; if (hdr->length < MIN_PFLOG_HDRLEN) { ND_PRINT((ndo, "[pflog: invalid header length!]")); return (hdr->length); /* XXX: not really */ } hdrlen = BPF_WORDALIGN(hdr->length); if (caplen < hdrlen) { ND_PRINT((ndo, "%s", tstr)); return (hdrlen); /* XXX: true? */ } /* print what we know */ hdr = (struct pfloghdr *)p; ND_TCHECK(*hdr); if (ndo->ndo_eflag) pflog_print(ndo, hdr); /* skip to the real packet */ af = hdr->af; length -= hdrlen; caplen -= hdrlen; p += hdrlen; switch (af) { case AF_INET: #if OPENBSD_AF_INET != AF_INET case OPENBSD_AF_INET: /* XXX: read pcap files */ #endif ip_print(ndo, p, length); break; #if defined(AF_INET6) || defined(OPENBSD_AF_INET6) #ifdef AF_INET6 case AF_INET6: #endif /* AF_INET6 */ #if !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 case OPENBSD_AF_INET6: /* XXX: read pcap files */ #endif /* !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 */ ip6_print(ndo, p, length); break; #endif /* defined(AF_INET6) || defined(OPENBSD_AF_INET6) */ default: /* address family not handled, print raw packet */ if (!ndo->ndo_eflag) pflog_print(ndo, hdr); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } return (hdrlen); trunc: ND_PRINT((ndo, "%s", tstr)); return (hdrlen); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-slow.c0000644000026300017510000005512512477367525013641 0ustar mcrmcr/* * Copyright (c) 1998-2006 The TCPDUMP project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * support for the IEEE "slow protocols" LACP, MARKER as per 802.3ad * OAM as per 802.3ah * * Original code by Hannes Gredler (hannes@juniper.net) */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "extract.h" #include "addrtoname.h" #include "ether.h" #include "oui.h" struct slow_common_header_t { uint8_t proto_subtype; uint8_t version; }; #define SLOW_PROTO_LACP 1 #define SLOW_PROTO_MARKER 2 #define SLOW_PROTO_OAM 3 #define LACP_VERSION 1 #define MARKER_VERSION 1 static const struct tok slow_proto_values[] = { { SLOW_PROTO_LACP, "LACP" }, { SLOW_PROTO_MARKER, "MARKER" }, { SLOW_PROTO_OAM, "OAM" }, { 0, NULL} }; static const struct tok slow_oam_flag_values[] = { { 0x0001, "Link Fault" }, { 0x0002, "Dying Gasp" }, { 0x0004, "Critical Event" }, { 0x0008, "Local Evaluating" }, { 0x0010, "Local Stable" }, { 0x0020, "Remote Evaluating" }, { 0x0040, "Remote Stable" }, { 0, NULL} }; #define SLOW_OAM_CODE_INFO 0x00 #define SLOW_OAM_CODE_EVENT_NOTIF 0x01 #define SLOW_OAM_CODE_VAR_REQUEST 0x02 #define SLOW_OAM_CODE_VAR_RESPONSE 0x03 #define SLOW_OAM_CODE_LOOPBACK_CTRL 0x04 #define SLOW_OAM_CODE_PRIVATE 0xfe static const struct tok slow_oam_code_values[] = { { SLOW_OAM_CODE_INFO, "Information" }, { SLOW_OAM_CODE_EVENT_NOTIF, "Event Notification" }, { SLOW_OAM_CODE_VAR_REQUEST, "Variable Request" }, { SLOW_OAM_CODE_VAR_RESPONSE, "Variable Response" }, { SLOW_OAM_CODE_LOOPBACK_CTRL, "Loopback Control" }, { SLOW_OAM_CODE_PRIVATE, "Vendor Private" }, { 0, NULL} }; struct slow_oam_info_t { uint8_t info_type; uint8_t info_length; uint8_t oam_version; uint8_t revision[2]; uint8_t state; uint8_t oam_config; uint8_t oam_pdu_config[2]; uint8_t oui[3]; uint8_t vendor_private[4]; }; #define SLOW_OAM_INFO_TYPE_END_OF_TLV 0x00 #define SLOW_OAM_INFO_TYPE_LOCAL 0x01 #define SLOW_OAM_INFO_TYPE_REMOTE 0x02 #define SLOW_OAM_INFO_TYPE_ORG_SPECIFIC 0xfe static const struct tok slow_oam_info_type_values[] = { { SLOW_OAM_INFO_TYPE_END_OF_TLV, "End of TLV marker" }, { SLOW_OAM_INFO_TYPE_LOCAL, "Local" }, { SLOW_OAM_INFO_TYPE_REMOTE, "Remote" }, { SLOW_OAM_INFO_TYPE_ORG_SPECIFIC, "Organization specific" }, { 0, NULL} }; #define OAM_INFO_TYPE_PARSER_MASK 0x3 static const struct tok slow_oam_info_type_state_parser_values[] = { { 0x00, "forwarding" }, { 0x01, "looping back" }, { 0x02, "discarding" }, { 0x03, "reserved" }, { 0, NULL} }; #define OAM_INFO_TYPE_MUX_MASK 0x4 static const struct tok slow_oam_info_type_state_mux_values[] = { { 0x00, "forwarding" }, { 0x04, "discarding" }, { 0, NULL} }; static const struct tok slow_oam_info_type_oam_config_values[] = { { 0x01, "Active" }, { 0x02, "Unidirectional" }, { 0x04, "Remote-Loopback" }, { 0x08, "Link-Events" }, { 0x10, "Variable-Retrieval" }, { 0, NULL} }; /* 11 Bits */ #define OAM_INFO_TYPE_PDU_SIZE_MASK 0x7ff #define SLOW_OAM_LINK_EVENT_END_OF_TLV 0x00 #define SLOW_OAM_LINK_EVENT_ERR_SYM_PER 0x01 #define SLOW_OAM_LINK_EVENT_ERR_FRM 0x02 #define SLOW_OAM_LINK_EVENT_ERR_FRM_PER 0x03 #define SLOW_OAM_LINK_EVENT_ERR_FRM_SUMM 0x04 #define SLOW_OAM_LINK_EVENT_ORG_SPECIFIC 0xfe static const struct tok slow_oam_link_event_values[] = { { SLOW_OAM_LINK_EVENT_END_OF_TLV, "End of TLV marker" }, { SLOW_OAM_LINK_EVENT_ERR_SYM_PER, "Errored Symbol Period Event" }, { SLOW_OAM_LINK_EVENT_ERR_FRM, "Errored Frame Event" }, { SLOW_OAM_LINK_EVENT_ERR_FRM_PER, "Errored Frame Period Event" }, { SLOW_OAM_LINK_EVENT_ERR_FRM_SUMM, "Errored Frame Seconds Summary Event" }, { SLOW_OAM_LINK_EVENT_ORG_SPECIFIC, "Organization specific" }, { 0, NULL} }; struct slow_oam_link_event_t { uint8_t event_type; uint8_t event_length; uint8_t time_stamp[2]; uint8_t window[8]; uint8_t threshold[8]; uint8_t errors[8]; uint8_t errors_running_total[8]; uint8_t event_running_total[4]; }; struct slow_oam_variablerequest_t { uint8_t branch; uint8_t leaf[2]; }; struct slow_oam_variableresponse_t { uint8_t branch; uint8_t leaf[2]; uint8_t length; }; struct slow_oam_loopbackctrl_t { uint8_t command; }; static const struct tok slow_oam_loopbackctrl_cmd_values[] = { { 0x01, "Enable OAM Remote Loopback" }, { 0x02, "Disable OAM Remote Loopback" }, { 0, NULL} }; struct tlv_header_t { uint8_t type; uint8_t length; }; #define LACP_TLV_TERMINATOR 0x00 #define LACP_TLV_ACTOR_INFO 0x01 #define LACP_TLV_PARTNER_INFO 0x02 #define LACP_TLV_COLLECTOR_INFO 0x03 #define MARKER_TLV_TERMINATOR 0x00 #define MARKER_TLV_MARKER_INFO 0x01 static const struct tok slow_tlv_values[] = { { (SLOW_PROTO_LACP << 8) + LACP_TLV_TERMINATOR, "Terminator"}, { (SLOW_PROTO_LACP << 8) + LACP_TLV_ACTOR_INFO, "Actor Information"}, { (SLOW_PROTO_LACP << 8) + LACP_TLV_PARTNER_INFO, "Partner Information"}, { (SLOW_PROTO_LACP << 8) + LACP_TLV_COLLECTOR_INFO, "Collector Information"}, { (SLOW_PROTO_MARKER << 8) + MARKER_TLV_TERMINATOR, "Terminator"}, { (SLOW_PROTO_MARKER << 8) + MARKER_TLV_MARKER_INFO, "Marker Information"}, { 0, NULL} }; struct lacp_tlv_actor_partner_info_t { uint8_t sys_pri[2]; uint8_t sys[ETHER_ADDR_LEN]; uint8_t key[2]; uint8_t port_pri[2]; uint8_t port[2]; uint8_t state; uint8_t pad[3]; }; static const struct tok lacp_tlv_actor_partner_info_state_values[] = { { 0x01, "Activity"}, { 0x02, "Timeout"}, { 0x04, "Aggregation"}, { 0x08, "Synchronization"}, { 0x10, "Collecting"}, { 0x20, "Distributing"}, { 0x40, "Default"}, { 0x80, "Expired"}, { 0, NULL} }; struct lacp_tlv_collector_info_t { uint8_t max_delay[2]; uint8_t pad[12]; }; struct marker_tlv_marker_info_t { uint8_t req_port[2]; uint8_t req_sys[ETHER_ADDR_LEN]; uint8_t req_trans_id[4]; uint8_t pad[2]; }; struct lacp_marker_tlv_terminator_t { uint8_t pad[50]; }; static void slow_marker_lacp_print(netdissect_options *, register const u_char *, register u_int); static void slow_oam_print(netdissect_options *, register const u_char *, register u_int); const struct slow_common_header_t *slow_com_header; void slow_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { int print_version; slow_com_header = (const struct slow_common_header_t *)pptr; ND_TCHECK(*slow_com_header); /* * Sanity checking of the header. */ switch (slow_com_header->proto_subtype) { case SLOW_PROTO_LACP: if (slow_com_header->version != LACP_VERSION) { ND_PRINT((ndo, "LACP version %u packet not supported",slow_com_header->version)); return; } print_version = 1; break; case SLOW_PROTO_MARKER: if (slow_com_header->version != MARKER_VERSION) { ND_PRINT((ndo, "MARKER version %u packet not supported",slow_com_header->version)); return; } print_version = 1; break; case SLOW_PROTO_OAM: /* fall through */ print_version = 0; break; default: /* print basic information and exit */ print_version = -1; break; } if (print_version) { ND_PRINT((ndo, "%sv%u, length %u", tok2str(slow_proto_values, "unknown (%u)",slow_com_header->proto_subtype), slow_com_header->version, len)); } else { /* some slow protos don't have a version number in the header */ ND_PRINT((ndo, "%s, length %u", tok2str(slow_proto_values, "unknown (%u)",slow_com_header->proto_subtype), len)); } /* unrecognized subtype */ if (print_version == -1) { print_unknown_data(ndo, pptr, "\n\t", len); return; } if (!ndo->ndo_vflag) return; switch (slow_com_header->proto_subtype) { default: /* should not happen */ break; case SLOW_PROTO_OAM: /* skip proto_subtype */ slow_oam_print(ndo, pptr+1, len-1); break; case SLOW_PROTO_LACP: /* LACP and MARKER share the same semantics */ case SLOW_PROTO_MARKER: /* skip slow_common_header */ len -= sizeof(const struct slow_common_header_t); pptr += sizeof(const struct slow_common_header_t); slow_marker_lacp_print(ndo, pptr, len); break; } return; trunc: ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); } static void slow_marker_lacp_print(netdissect_options *ndo, register const u_char *tptr, register u_int tlen) { const struct tlv_header_t *tlv_header; const u_char *tlv_tptr; u_int tlv_len, tlv_tlen; union { const struct lacp_marker_tlv_terminator_t *lacp_marker_tlv_terminator; const struct lacp_tlv_actor_partner_info_t *lacp_tlv_actor_partner_info; const struct lacp_tlv_collector_info_t *lacp_tlv_collector_info; const struct marker_tlv_marker_info_t *marker_tlv_marker_info; } tlv_ptr; while(tlen>0) { /* did we capture enough for fully decoding the tlv header ? */ ND_TCHECK2(*tptr, sizeof(struct tlv_header_t)); tlv_header = (const struct tlv_header_t *)tptr; tlv_len = tlv_header->length; ND_PRINT((ndo, "\n\t%s TLV (0x%02x), length %u", tok2str(slow_tlv_values, "Unknown", (slow_com_header->proto_subtype << 8) + tlv_header->type), tlv_header->type, tlv_len)); if ((tlv_len < sizeof(struct tlv_header_t) || tlv_len > tlen) && tlv_header->type != LACP_TLV_TERMINATOR && tlv_header->type != MARKER_TLV_TERMINATOR) { ND_PRINT((ndo, "\n\t-----trailing data-----")); print_unknown_data(ndo, tptr+sizeof(struct tlv_header_t), "\n\t ", tlen); return; } tlv_tptr=tptr+sizeof(struct tlv_header_t); tlv_tlen=tlv_len-sizeof(struct tlv_header_t); /* did we capture enough for fully decoding the tlv ? */ ND_TCHECK2(*tptr, tlv_len); switch((slow_com_header->proto_subtype << 8) + tlv_header->type) { /* those two TLVs have the same structure -> fall through */ case ((SLOW_PROTO_LACP << 8) + LACP_TLV_ACTOR_INFO): case ((SLOW_PROTO_LACP << 8) + LACP_TLV_PARTNER_INFO): tlv_ptr.lacp_tlv_actor_partner_info = (const struct lacp_tlv_actor_partner_info_t *)tlv_tptr; ND_PRINT((ndo, "\n\t System %s, System Priority %u, Key %u" \ ", Port %u, Port Priority %u\n\t State Flags [%s]", etheraddr_string(ndo, tlv_ptr.lacp_tlv_actor_partner_info->sys), EXTRACT_16BITS(tlv_ptr.lacp_tlv_actor_partner_info->sys_pri), EXTRACT_16BITS(tlv_ptr.lacp_tlv_actor_partner_info->key), EXTRACT_16BITS(tlv_ptr.lacp_tlv_actor_partner_info->port), EXTRACT_16BITS(tlv_ptr.lacp_tlv_actor_partner_info->port_pri), bittok2str(lacp_tlv_actor_partner_info_state_values, "none", tlv_ptr.lacp_tlv_actor_partner_info->state))); break; case ((SLOW_PROTO_LACP << 8) + LACP_TLV_COLLECTOR_INFO): tlv_ptr.lacp_tlv_collector_info = (const struct lacp_tlv_collector_info_t *)tlv_tptr; ND_PRINT((ndo, "\n\t Max Delay %u", EXTRACT_16BITS(tlv_ptr.lacp_tlv_collector_info->max_delay))); break; case ((SLOW_PROTO_MARKER << 8) + MARKER_TLV_MARKER_INFO): tlv_ptr.marker_tlv_marker_info = (const struct marker_tlv_marker_info_t *)tlv_tptr; ND_PRINT((ndo, "\n\t Request System %s, Request Port %u, Request Transaction ID 0x%08x", etheraddr_string(ndo, tlv_ptr.marker_tlv_marker_info->req_sys), EXTRACT_16BITS(tlv_ptr.marker_tlv_marker_info->req_port), EXTRACT_32BITS(tlv_ptr.marker_tlv_marker_info->req_trans_id))); break; /* those two TLVs have the same structure -> fall through */ case ((SLOW_PROTO_LACP << 8) + LACP_TLV_TERMINATOR): case ((SLOW_PROTO_MARKER << 8) + LACP_TLV_TERMINATOR): tlv_ptr.lacp_marker_tlv_terminator = (const struct lacp_marker_tlv_terminator_t *)tlv_tptr; if (tlv_len == 0) { tlv_len = sizeof(tlv_ptr.lacp_marker_tlv_terminator->pad) + sizeof(struct tlv_header_t); /* tell the user that we modified the length field */ if (ndo->ndo_vflag>1) ND_PRINT((ndo, " (=%u)", tlv_len)); /* we have messed around with the length field - now we need to check * again if there are enough bytes on the wire for the hexdump */ ND_TCHECK2(tlv_ptr.lacp_marker_tlv_terminator->pad[0], sizeof(tlv_ptr.lacp_marker_tlv_terminator->pad)); } break; default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tlv_tptr, "\n\t ", tlv_tlen); break; } /* do we want to see an additional hexdump ? */ if (ndo->ndo_vflag > 1) { print_unknown_data(ndo, tptr+sizeof(struct tlv_header_t), "\n\t ", tlv_len-sizeof(struct tlv_header_t)); } tptr+=tlv_len; tlen-=tlv_len; } return; trunc: ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); } static void slow_oam_print(netdissect_options *ndo, register const u_char *tptr, register u_int tlen) { u_int hexdump; struct slow_oam_common_header_t { uint8_t flags[2]; uint8_t code; }; struct slow_oam_tlv_header_t { uint8_t type; uint8_t length; }; union { const struct slow_oam_common_header_t *slow_oam_common_header; const struct slow_oam_tlv_header_t *slow_oam_tlv_header; } ptr; union { const struct slow_oam_info_t *slow_oam_info; const struct slow_oam_link_event_t *slow_oam_link_event; const struct slow_oam_variablerequest_t *slow_oam_variablerequest; const struct slow_oam_variableresponse_t *slow_oam_variableresponse; const struct slow_oam_loopbackctrl_t *slow_oam_loopbackctrl; } tlv; ptr.slow_oam_common_header = (struct slow_oam_common_header_t *)tptr; tptr += sizeof(struct slow_oam_common_header_t); tlen -= sizeof(struct slow_oam_common_header_t); ND_PRINT((ndo, "\n\tCode %s OAM PDU, Flags [%s]", tok2str(slow_oam_code_values, "Unknown (%u)", ptr.slow_oam_common_header->code), bittok2str(slow_oam_flag_values, "none", EXTRACT_16BITS(&ptr.slow_oam_common_header->flags)))); switch (ptr.slow_oam_common_header->code) { case SLOW_OAM_CODE_INFO: while (tlen > 0) { ptr.slow_oam_tlv_header = (const struct slow_oam_tlv_header_t *)tptr; ND_PRINT((ndo, "\n\t %s Information Type (%u), length %u", tok2str(slow_oam_info_type_values, "Reserved", ptr.slow_oam_tlv_header->type), ptr.slow_oam_tlv_header->type, ptr.slow_oam_tlv_header->length)); hexdump = FALSE; switch (ptr.slow_oam_tlv_header->type) { case SLOW_OAM_INFO_TYPE_END_OF_TLV: if (ptr.slow_oam_tlv_header->length != 0) { ND_PRINT((ndo, "\n\t ERROR: illegal length - should be 0")); } return; case SLOW_OAM_INFO_TYPE_LOCAL: /* identical format - fall through */ case SLOW_OAM_INFO_TYPE_REMOTE: tlv.slow_oam_info = (const struct slow_oam_info_t *)tptr; if (tlv.slow_oam_info->info_length != sizeof(struct slow_oam_info_t)) { ND_PRINT((ndo, "\n\t ERROR: illegal length - should be %lu", (unsigned long) sizeof(struct slow_oam_info_t))); return; } ND_PRINT((ndo, "\n\t OAM-Version %u, Revision %u", tlv.slow_oam_info->oam_version, EXTRACT_16BITS(&tlv.slow_oam_info->revision))); ND_PRINT((ndo, "\n\t State-Parser-Action %s, State-MUX-Action %s", tok2str(slow_oam_info_type_state_parser_values, "Reserved", tlv.slow_oam_info->state & OAM_INFO_TYPE_PARSER_MASK), tok2str(slow_oam_info_type_state_mux_values, "Reserved", tlv.slow_oam_info->state & OAM_INFO_TYPE_MUX_MASK))); ND_PRINT((ndo, "\n\t OAM-Config Flags [%s], OAM-PDU-Config max-PDU size %u", bittok2str(slow_oam_info_type_oam_config_values, "none", tlv.slow_oam_info->oam_config), EXTRACT_16BITS(&tlv.slow_oam_info->oam_pdu_config) & OAM_INFO_TYPE_PDU_SIZE_MASK)); ND_PRINT((ndo, "\n\t OUI %s (0x%06x), Vendor-Private 0x%08x", tok2str(oui_values, "Unknown", EXTRACT_24BITS(&tlv.slow_oam_info->oui)), EXTRACT_24BITS(&tlv.slow_oam_info->oui), EXTRACT_32BITS(&tlv.slow_oam_info->vendor_private))); break; case SLOW_OAM_INFO_TYPE_ORG_SPECIFIC: hexdump = TRUE; break; default: hexdump = TRUE; break; } /* infinite loop check */ if (!ptr.slow_oam_tlv_header->length) { return; } /* do we also want to see a hex dump ? */ if (ndo->ndo_vflag > 1 || hexdump==TRUE) { print_unknown_data(ndo, tptr, "\n\t ", ptr.slow_oam_tlv_header->length); } tlen -= ptr.slow_oam_tlv_header->length; tptr += ptr.slow_oam_tlv_header->length; } break; case SLOW_OAM_CODE_EVENT_NOTIF: while (tlen > 0) { ptr.slow_oam_tlv_header = (const struct slow_oam_tlv_header_t *)tptr; ND_PRINT((ndo, "\n\t %s Link Event Type (%u), length %u", tok2str(slow_oam_link_event_values, "Reserved", ptr.slow_oam_tlv_header->type), ptr.slow_oam_tlv_header->type, ptr.slow_oam_tlv_header->length)); hexdump = FALSE; switch (ptr.slow_oam_tlv_header->type) { case SLOW_OAM_LINK_EVENT_END_OF_TLV: if (ptr.slow_oam_tlv_header->length != 0) { ND_PRINT((ndo, "\n\t ERROR: illegal length - should be 0")); } return; case SLOW_OAM_LINK_EVENT_ERR_SYM_PER: /* identical format - fall through */ case SLOW_OAM_LINK_EVENT_ERR_FRM: case SLOW_OAM_LINK_EVENT_ERR_FRM_PER: case SLOW_OAM_LINK_EVENT_ERR_FRM_SUMM: tlv.slow_oam_link_event = (const struct slow_oam_link_event_t *)tptr; if (tlv.slow_oam_link_event->event_length != sizeof(struct slow_oam_link_event_t)) { ND_PRINT((ndo, "\n\t ERROR: illegal length - should be %lu", (unsigned long) sizeof(struct slow_oam_link_event_t))); return; } ND_PRINT((ndo, "\n\t Timestamp %u ms, Errored Window %" PRIu64 "\n\t Errored Threshold %" PRIu64 "\n\t Errors %" PRIu64 "\n\t Error Running Total %" PRIu64 "\n\t Event Running Total %u", EXTRACT_16BITS(&tlv.slow_oam_link_event->time_stamp)*100, EXTRACT_64BITS(&tlv.slow_oam_link_event->window), EXTRACT_64BITS(&tlv.slow_oam_link_event->threshold), EXTRACT_64BITS(&tlv.slow_oam_link_event->errors), EXTRACT_64BITS(&tlv.slow_oam_link_event->errors_running_total), EXTRACT_32BITS(&tlv.slow_oam_link_event->event_running_total))); break; case SLOW_OAM_LINK_EVENT_ORG_SPECIFIC: hexdump = TRUE; break; default: hexdump = TRUE; break; } /* infinite loop check */ if (!ptr.slow_oam_tlv_header->length) { return; } /* do we also want to see a hex dump ? */ if (ndo->ndo_vflag > 1 || hexdump==TRUE) { print_unknown_data(ndo, tptr, "\n\t ", ptr.slow_oam_tlv_header->length); } tlen -= ptr.slow_oam_tlv_header->length; tptr += ptr.slow_oam_tlv_header->length; } break; case SLOW_OAM_CODE_LOOPBACK_CTRL: tlv.slow_oam_loopbackctrl = (const struct slow_oam_loopbackctrl_t *)tptr; ND_PRINT((ndo, "\n\t Command %s (%u)", tok2str(slow_oam_loopbackctrl_cmd_values, "Unknown", tlv.slow_oam_loopbackctrl->command), tlv.slow_oam_loopbackctrl->command)); tptr ++; tlen --; break; /* * FIXME those are the defined codes that lack a decoder * you are welcome to contribute code ;-) */ case SLOW_OAM_CODE_VAR_REQUEST: case SLOW_OAM_CODE_VAR_RESPONSE: case SLOW_OAM_CODE_PRIVATE: default: if (ndo->ndo_vflag <= 1) { print_unknown_data(ndo, tptr, "\n\t ", tlen); } break; } return; } tcpdump-4.7.4/util.c0000644000026300017510000005157712516002520012456 0ustar mcrmcr/* * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* * txtproto_print() derived from original code by Hannes Gredler * (hannes@juniper.net): * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #ifdef HAVE_FCNTL_H #include #endif #include #include #include #include #include "interface.h" /* * Print out a null-terminated filename (or other ascii string). * If ep is NULL, assume no truncation check is needed. * Return true if truncated. */ int fn_print(netdissect_options *ndo, register const u_char *s, register const u_char *ep) { register int ret; register u_char c; ret = 1; /* assume truncated */ while (ep == NULL || s < ep) { c = *s++; if (c == '\0') { ret = 0; break; } if (!ND_ISASCII(c)) { c = ND_TOASCII(c); ND_PRINT((ndo, "M-")); } if (!ND_ISPRINT(c)) { c ^= 0x40; /* DEL to ?, others to alpha */ ND_PRINT((ndo, "^")); } ND_PRINT((ndo, "%c", c)); } return(ret); } /* * Print out a counted filename (or other ascii string). * If ep is NULL, assume no truncation check is needed. * Return true if truncated. */ int fn_printn(netdissect_options *ndo, register const u_char *s, register u_int n, register const u_char *ep) { register u_char c; while (n > 0 && (ep == NULL || s < ep)) { n--; c = *s++; if (!ND_ISASCII(c)) { c = ND_TOASCII(c); ND_PRINT((ndo, "M-")); } if (!ND_ISPRINT(c)) { c ^= 0x40; /* DEL to ?, others to alpha */ ND_PRINT((ndo, "^")); } ND_PRINT((ndo, "%c", c)); } return (n == 0) ? 0 : 1; } /* * Print out a null-padded filename (or other ascii string). * If ep is NULL, assume no truncation check is needed. * Return true if truncated. */ int fn_printzp(netdissect_options *ndo, register const u_char *s, register u_int n, register const u_char *ep) { register int ret; register u_char c; ret = 1; /* assume truncated */ while (n > 0 && (ep == NULL || s < ep)) { n--; c = *s++; if (c == '\0') { ret = 0; break; } if (!ND_ISASCII(c)) { c = ND_TOASCII(c); ND_PRINT((ndo, "M-")); } if (!ND_ISPRINT(c)) { c ^= 0x40; /* DEL to ?, others to alpha */ ND_PRINT((ndo, "^")); } ND_PRINT((ndo, "%c", c)); } return (n == 0) ? 0 : ret; } /* * Format the timestamp */ static char * ts_format(netdissect_options *ndo #ifndef HAVE_PCAP_SET_TSTAMP_PRECISION _U_ #endif , int sec, int usec) { static char buf[sizeof("00:00:00.000000000")]; const char *format; #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION switch (ndo->ndo_tstamp_precision) { case PCAP_TSTAMP_PRECISION_MICRO: format = "%02d:%02d:%02d.%06u"; break; case PCAP_TSTAMP_PRECISION_NANO: format = "%02d:%02d:%02d.%09u"; break; default: format = "%02d:%02d:%02d.{unknown precision}"; break; } #else format = "%02d:%02d:%02d.%06u"; #endif snprintf(buf, sizeof(buf), format, sec / 3600, (sec % 3600) / 60, sec % 60, usec); return buf; } /* * Print the timestamp */ void ts_print(netdissect_options *ndo, register const struct timeval *tvp) { register int s; struct tm *tm; time_t Time; static unsigned b_sec; static unsigned b_usec; int d_usec; int d_sec; switch (ndo->ndo_tflag) { case 0: /* Default */ s = (tvp->tv_sec + thiszone) % 86400; ND_PRINT((ndo, "%s ", ts_format(ndo, s, tvp->tv_usec))); break; case 1: /* No time stamp */ break; case 2: /* Unix timeval style */ ND_PRINT((ndo, "%u.%06u ", (unsigned)tvp->tv_sec, (unsigned)tvp->tv_usec)); break; case 3: /* Microseconds since previous packet */ case 5: /* Microseconds since first packet */ if (b_sec == 0) { /* init timestamp for first packet */ b_usec = tvp->tv_usec; b_sec = tvp->tv_sec; } d_usec = tvp->tv_usec - b_usec; d_sec = tvp->tv_sec - b_sec; while (d_usec < 0) { d_usec += 1000000; d_sec--; } ND_PRINT((ndo, "%s ", ts_format(ndo, d_sec, d_usec))); if (ndo->ndo_tflag == 3) { /* set timestamp for last packet */ b_sec = tvp->tv_sec; b_usec = tvp->tv_usec; } break; case 4: /* Default + Date*/ s = (tvp->tv_sec + thiszone) % 86400; Time = (tvp->tv_sec + thiszone) - s; tm = gmtime (&Time); if (!tm) ND_PRINT((ndo, "Date fail ")); else ND_PRINT((ndo, "%04d-%02d-%02d %s ", tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, ts_format(ndo, s, tvp->tv_usec))); break; } } /* * Print a relative number of seconds (e.g. hold time, prune timer) * in the form 5m1s. This does no truncation, so 32230861 seconds * is represented as 1y1w1d1h1m1s. */ void relts_print(netdissect_options *ndo, int secs) { static const char *lengths[] = {"y", "w", "d", "h", "m", "s"}; static const int seconds[] = {31536000, 604800, 86400, 3600, 60, 1}; const char **l = lengths; const int *s = seconds; if (secs == 0) { ND_PRINT((ndo, "0s")); return; } if (secs < 0) { ND_PRINT((ndo, "-")); secs = -secs; } while (secs > 0) { if (secs >= *s) { ND_PRINT((ndo, "%d%s", secs / *s, *l)); secs -= (secs / *s) * *s; } s++; l++; } } /* * this is a generic routine for printing unknown data; * we pass on the linefeed plus indentation string to * get a proper output - returns 0 on error */ int print_unknown_data(netdissect_options *ndo, const u_char *cp,const char *ident,int len) { if (len < 0) { ND_PRINT((ndo,"%sDissector error: print_unknown_data called with negative length", ident)); return(0); } if (ndo->ndo_snapend - cp < len) len = ndo->ndo_snapend - cp; if (len < 0) { ND_PRINT((ndo,"%sDissector error: print_unknown_data called with pointer past end of packet", ident)); return(0); } hex_print(ndo, ident,cp,len); return(1); /* everything is ok */ } /* * Convert a token value to a string; use "fmt" if not found. */ const char * tok2strbuf(register const struct tok *lp, register const char *fmt, register u_int v, char *buf, size_t bufsize) { if (lp != NULL) { while (lp->s != NULL) { if (lp->v == v) return (lp->s); ++lp; } } if (fmt == NULL) fmt = "#%d"; (void)snprintf(buf, bufsize, fmt, v); return (const char *)buf; } /* * Convert a token value to a string; use "fmt" if not found. */ const char * tok2str(register const struct tok *lp, register const char *fmt, register u_int v) { static char buf[4][128]; static int idx = 0; char *ret; ret = buf[idx]; idx = (idx+1) & 3; return tok2strbuf(lp, fmt, v, ret, sizeof(buf[0])); } /* * Convert a bit token value to a string; use "fmt" if not found. * this is useful for parsing bitfields, the output strings are seperated * if the s field is positive. */ static char * bittok2str_internal(register const struct tok *lp, register const char *fmt, register u_int v, const char *sep) { static char buf[256]; /* our stringbuffer */ int buflen=0; register u_int rotbit; /* this is the bit we rotate through all bitpositions */ register u_int tokval; const char * sepstr = ""; while (lp != NULL && lp->s != NULL) { tokval=lp->v; /* load our first value */ rotbit=1; while (rotbit != 0) { /* * lets AND the rotating bit with our token value * and see if we have got a match */ if (tokval == (v&rotbit)) { /* ok we have found something */ buflen+=snprintf(buf+buflen, sizeof(buf)-buflen, "%s%s", sepstr, lp->s); sepstr = sep; break; } rotbit=rotbit<<1; /* no match - lets shift and try again */ } lp++; } if (buflen == 0) /* bummer - lets print the "unknown" message as advised in the fmt string if we got one */ (void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%08x" : fmt, v); return (buf); } /* * Convert a bit token value to a string; use "fmt" if not found. * this is useful for parsing bitfields, the output strings are not seperated. */ char * bittok2str_nosep(register const struct tok *lp, register const char *fmt, register u_int v) { return (bittok2str_internal(lp, fmt, v, "")); } /* * Convert a bit token value to a string; use "fmt" if not found. * this is useful for parsing bitfields, the output strings are comma seperated. */ char * bittok2str(register const struct tok *lp, register const char *fmt, register u_int v) { return (bittok2str_internal(lp, fmt, v, ", ")); } /* * Convert a value to a string using an array; the macro * tok2strary() in is the public interface to * this function and ensures that the second argument is * correct for bounds-checking. */ const char * tok2strary_internal(register const char **lp, int n, register const char *fmt, register int v) { static char buf[128]; if (v >= 0 && v < n && lp[v] != NULL) return lp[v]; if (fmt == NULL) fmt = "#%d"; (void)snprintf(buf, sizeof(buf), fmt, v); return (buf); } /* * Convert a 32-bit netmask to prefixlen if possible * the function returns the prefix-len; if plen == -1 * then conversion was not possible; */ int mask2plen(uint32_t mask) { uint32_t bitmasks[33] = { 0x00000000, 0x80000000, 0xc0000000, 0xe0000000, 0xf0000000, 0xf8000000, 0xfc000000, 0xfe000000, 0xff000000, 0xff800000, 0xffc00000, 0xffe00000, 0xfff00000, 0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000, 0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000, 0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00, 0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0, 0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff }; int prefix_len = 32; /* let's see if we can transform the mask into a prefixlen */ while (prefix_len >= 0) { if (bitmasks[prefix_len] == mask) break; prefix_len--; } return (prefix_len); } #ifdef INET6 int mask62plen(const u_char *mask) { u_char bitmasks[9] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff }; int byte; int cidr_len = 0; for (byte = 0; byte < 16; byte++) { u_int bits; for (bits = 0; bits < (sizeof (bitmasks) / sizeof (bitmasks[0])); bits++) { if (mask[byte] == bitmasks[bits]) { cidr_len += bits; break; } } if (mask[byte] != 0xff) break; } return (cidr_len); } #endif /* INET6 */ /* * Routine to print out information for text-based protocols such as FTP, * HTTP, SMTP, RTSP, SIP, .... */ #define MAX_TOKEN 128 /* * Fetch a token from a packet, starting at the specified index, * and return the length of the token. * * Returns 0 on error; yes, this is indistinguishable from an empty * token, but an "empty token" isn't a valid token - it just means * either a space character at the beginning of the line (this * includes a blank line) or no more tokens remaining on the line. */ static int fetch_token(netdissect_options *ndo, const u_char *pptr, u_int idx, u_int len, u_char *tbuf, size_t tbuflen) { size_t toklen = 0; for (; idx < len; idx++) { if (!ND_TTEST(*(pptr + idx))) { /* ran past end of captured data */ return (0); } if (!isascii(*(pptr + idx))) { /* not an ASCII character */ return (0); } if (isspace(*(pptr + idx))) { /* end of token */ break; } if (!isprint(*(pptr + idx))) { /* not part of a command token or response code */ return (0); } if (toklen + 2 > tbuflen) { /* no room for this character and terminating '\0' */ return (0); } tbuf[toklen] = *(pptr + idx); toklen++; } if (toklen == 0) { /* no token */ return (0); } tbuf[toklen] = '\0'; /* * Skip past any white space after the token, until we see * an end-of-line (CR or LF). */ for (; idx < len; idx++) { if (!ND_TTEST(*(pptr + idx))) { /* ran past end of captured data */ break; } if (*(pptr + idx) == '\r' || *(pptr + idx) == '\n') { /* end of line */ break; } if (!isascii(*(pptr + idx)) || !isprint(*(pptr + idx))) { /* not a printable ASCII character */ break; } if (!isspace(*(pptr + idx))) { /* beginning of next token */ break; } } return (idx); } /* * Scan a buffer looking for a line ending - LF or CR-LF. * Return the index of the character after the line ending or 0 if * we encounter a non-ASCII or non-printable character or don't find * the line ending. */ static u_int print_txt_line(netdissect_options *ndo, const char *protoname, const char *prefix, const u_char *pptr, u_int idx, u_int len) { u_int startidx; u_int linelen; startidx = idx; while (idx < len) { ND_TCHECK(*(pptr+idx)); if (*(pptr+idx) == '\n') { /* * LF without CR; end of line. * Skip the LF and print the line, with the * exception of the LF. */ linelen = idx - startidx; idx++; goto print; } else if (*(pptr+idx) == '\r') { /* CR - any LF? */ if ((idx+1) >= len) { /* not in this packet */ return (0); } ND_TCHECK(*(pptr+idx+1)); if (*(pptr+idx+1) == '\n') { /* * CR-LF; end of line. * Skip the CR-LF and print the line, with * the exception of the CR-LF. */ linelen = idx - startidx; idx += 2; goto print; } /* * CR followed by something else; treat this * as if it were binary data, and don't print * it. */ return (0); } else if (!isascii(*(pptr+idx)) || (!isprint(*(pptr+idx)) && *(pptr+idx) != '\t')) { /* * Not a printable ASCII character and not a tab; * treat this as if it were binary data, and * don't print it. */ return (0); } idx++; } /* * All printable ASCII, but no line ending after that point * in the buffer; treat this as if it were truncated. */ trunc: linelen = idx - startidx; ND_PRINT((ndo, "%s%.*s[!%s]", prefix, (int)linelen, pptr + startidx, protoname)); return (0); print: ND_PRINT((ndo, "%s%.*s", prefix, (int)linelen, pptr + startidx)); return (idx); } void txtproto_print(netdissect_options *ndo, const u_char *pptr, u_int len, const char *protoname, const char **cmds, u_int flags) { u_int idx, eol; u_char token[MAX_TOKEN+1]; const char *cmd; int is_reqresp = 0; const char *pnp; if (cmds != NULL) { /* * This protocol has more than just request and * response lines; see whether this looks like a * request or response. */ idx = fetch_token(ndo, pptr, 0, len, token, sizeof(token)); if (idx != 0) { /* Is this a valid request name? */ while ((cmd = *cmds++) != NULL) { if (strcasecmp((const char *)token, cmd) == 0) { /* Yes. */ is_reqresp = 1; break; } } /* * No - is this a valid response code (3 digits)? * * Is this token the response code, or is the next * token the response code? */ if (flags & RESP_CODE_SECOND_TOKEN) { /* * Next token - get it. */ idx = fetch_token(ndo, pptr, idx, len, token, sizeof(token)); } if (idx != 0) { if (isdigit(token[0]) && isdigit(token[1]) && isdigit(token[2]) && token[3] == '\0') { /* Yes. */ is_reqresp = 1; } } } } else { /* * This protocol has only request and response lines * (e.g., FTP, where all the data goes over a * different connection); assume the payload is * a request or response. */ is_reqresp = 1; } /* Capitalize the protocol name */ for (pnp = protoname; *pnp != '\0'; pnp++) ND_PRINT((ndo, "%c", toupper(*pnp))); if (is_reqresp) { /* * In non-verbose mode, just print the protocol, followed * by the first line as the request or response info. * * In verbose mode, print lines as text until we run out * of characters or see something that's not a * printable-ASCII line. */ if (ndo->ndo_vflag) { /* * We're going to print all the text lines in the * request or response; just print the length * on the first line of the output. */ ND_PRINT((ndo, ", length: %u", len)); for (idx = 0; idx < len && (eol = print_txt_line(ndo, protoname, "\n\t", pptr, idx, len)) != 0; idx = eol) ; } else { /* * Just print the first text line. */ print_txt_line(ndo, protoname, ": ", pptr, 0, len); } } } /* VARARGS */ void error(const char *fmt, ...) { va_list ap; (void)fprintf(stderr, "%s: ", program_name); va_start(ap, fmt); (void)vfprintf(stderr, fmt, ap); va_end(ap); if (*fmt) { fmt += strlen(fmt); if (fmt[-1] != '\n') (void)fputc('\n', stderr); } exit(1); /* NOTREACHED */ } /* VARARGS */ void warning(const char *fmt, ...) { va_list ap; (void)fprintf(stderr, "%s: WARNING: ", program_name); va_start(ap, fmt); (void)vfprintf(stderr, fmt, ap); va_end(ap); if (*fmt) { fmt += strlen(fmt); if (fmt[-1] != '\n') (void)fputc('\n', stderr); } } /* * Copy arg vector into a new buffer, concatenating arguments with spaces. */ char * copy_argv(register char **argv) { register char **p; register u_int len = 0; char *buf; char *src, *dst; p = argv; if (*p == 0) return 0; while (*p) len += strlen(*p++) + 1; buf = (char *)malloc(len); if (buf == NULL) error("copy_argv: malloc"); p = argv; dst = buf; while ((src = *p++) != NULL) { while ((*dst++ = *src++) != '\0') ; dst[-1] = ' '; } dst[-1] = '\0'; return buf; } /* * On Windows, we need to open the file in binary mode, so that * we get all the bytes specified by the size we get from "fstat()". * On UNIX, that's not necessary. O_BINARY is defined on Windows; * we define it as 0 if it's not defined, so it does nothing. */ #ifndef O_BINARY #define O_BINARY 0 #endif char * read_infile(char *fname) { register int i, fd, cc; register char *cp; struct stat buf; fd = open(fname, O_RDONLY|O_BINARY); if (fd < 0) error("can't open %s: %s", fname, pcap_strerror(errno)); if (fstat(fd, &buf) < 0) error("can't stat %s: %s", fname, pcap_strerror(errno)); cp = malloc((u_int)buf.st_size + 1); if (cp == NULL) error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1, fname, pcap_strerror(errno)); cc = read(fd, cp, (u_int)buf.st_size); if (cc < 0) error("read %s: %s", fname, pcap_strerror(errno)); if (cc != buf.st_size) error("short read %s (%d != %d)", fname, cc, (int)buf.st_size); close(fd); /* replace "# comment" with spaces */ for (i = 0; i < cc; i++) { if (cp[i] == '#') while (i < cc && cp[i] != '\n') cp[i++] = ' '; } cp[cc] = '\0'; return (cp); } void safeputs(netdissect_options *ndo, const u_char *s, const u_int maxlen) { u_int idx = 0; while (*s && idx < maxlen) { safeputchar(ndo, *s); idx++; s++; } } void safeputchar(netdissect_options *ndo, const u_char c) { ND_PRINT((ndo, (c < 0x80 && ND_ISPRINT(c)) ? "%c" : "\\0x%02x", c)); } #ifdef LBL_ALIGN /* * Some compilers try to optimize memcpy(), using the alignment constraint * on the argument pointer type. by using this function, we try to avoid the * optimization. */ void unaligned_memcpy(void *p, const void *q, size_t l) { memcpy(p, q, l); } /* As with memcpy(), so with memcmp(). */ int unaligned_memcmp(const void *p, const void *q, size_t l) { return (memcmp(p, q, l)); } #endif tcpdump-4.7.4/machdep.h0000644000026300017510000000236012431107727013104 0ustar mcrmcr/* * Copyright (c) 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef tcpdump_machdep_h #define tcpdump_machdep_h int abort_on_misalignment(char *, size_t); #endif tcpdump-4.7.4/CHANGES0000644000026300017510000012476412516002575012341 0ustar mcrmcrFriday April 10, 2015 guy@alum.mit.edu Summary for 4.7.4 tcpdump release RPKI to Router Protocol: Fix Segmentation Faults and other problems RPKI to Router Protocol: print strings with fn_printn() wb: fix some bounds checks Wednesday March 11, 2015 mcr@sandelman.ca Summary for 4.7.3 tcpdump release Capsicum fixes for FreeBSD 10 Tuesday March 10, 2015 mcr@sandelman.ca Summary for 4.7.2 tcpdump release DCCP: update Packet Types with RFC4340/IANA names fixes for CVE-2015-0261: IPv6 mobility header check issue fixes for CVE-2015-2153, 2154, 2155: kday packets Friday Nov. 12, 2014 guy@alum.mit.edu Summary for 4.7.0 tcpdump release changes to hex printing of CDP packets Fix PPI printing Radius: update Packet Type Codes and Attribute Types with RFC/IANA names Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support. improvements to telnet printer, even if not -v omit length for bcp, print-tcp uses it formatting fixes for a bunch of protocols new bounds checks for a number of protocols split netflow 1,6, and 6 dissector up. added geneve dissector CVE-2014-9140 PPP dissector fixed. Tuesday Sep. 2, 2014 mcr@sandelman.ca Summary for 4.6.2 tcpdump release fix out-of-source-tree builds: find libpcap that is out of source better configure check for libsmi Saturday Jul. 19, 2014 mcr@sandelman.ca Summary for 4.6.1 tcpdump release added FreeBSD capsicum add a short option '#', same as long option '--number' Wednesday Jul. 2, 2014 mcr@sandelman.ca Summary for 4.6.0 tcpdump release all of tcpdump is now using the new "NDO" code base (Thanks Denis!) nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes M3UA decode added. many new test cases: 82 in 4.5.1 to 133 in 4.6.0 many improvements to travis continuous integration system: OSX, and Coverity options cleaned up some unnecessary header files Added bittok2str(). a number of unaligned access faults fixed -A flag does not consider CR to be printable anymore fx.lebail took over coverity baby sitting default snapshot size increased to 256K for accomodate USB captures WARNING: this release contains a lot of very worthwhile code churn. Wednesday Jan. 15, 2014 guy@alum.mit.edu Summary for 4.5.2 tcpdump release Man page fix Fix crashes on SPARC Monday Nov. 11, 2013 mcr@sandelman.ca Summary for 4.5.1 tcpdump release CREDITS file fixes Thursday Nov. 7, 2013 mcr@sandelman.ca and guy@alum.mit.edu. Summary for 4.5.0 tcpdump release some NFSv4 fixes for printing fix printing of unknown TCP options, and tcp fast-open fixes for syslog parser some gcc-version-specific flag tuning adopt MacOS deprecation workarounds for openssl improvements to babel printing add OpenFlow 1.0 (no SSL) and test cases GeoNet printer. added STBC Rx support improvements to DHCPv6 decoder clarify which autoconf is needed Point users to the the-tcpdump-group repository on GitHub rather than the mcr repository Add MSDP printer. Fixed IPv6 check on Solaris and other OSes requiring extra networking libraries. Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03), and add "vxlan" as an option for -T. Add support for OTV (draft-hasmit-otv-04). fixes for DLT_IEEE802_11_RADIO datalink types added MPTCP decoder Saturday April 6, 2013 guy@alum.mit.edu. Summary for 4.4.0 tcpdump release RPKI-RTR (RFC6810) is now official (TCP Port 323) Fix detection of OpenSSL libcrypto. Add DNSSL (RFC6106) support. Add "radius" as an option for -T. Update Action codes for handle_action function according to 802.11s amendment. Decode DHCPv6 AFTR-Name option (RFC6334). Updates for Babel. Fix printing of infinite lifetime in ICMPv6. Added support for SPB, SPBM Service Identifier, and Unicast Address sub-TLV in ISIS. Decode RIPv2 authentication up to RFC4822. Fix RIP Request/full table decoding issues. On Linux systems with cap-ng.h, drop root privileges using Linux Capabilities. Add support for reading multiple files. Add MS NLB heartbeat printer. Separate multiple nexthops in BGP. Wednesday November 28, 2012 guy@alum.mit.edu. Summary for 4.3.1 tcpdump release Print "LLDP, length N" for LLDP packets even when not in verbose mode, so something is printed even if only the timestamp is present Document "-T carp" Print NTP poll interval correctly (it's an exponent, so print both its raw value and 2^value) Document that "-e" is used to get MAC addresses More clearly document that you need to escape or quote backslashes in filter expressions on the command line Fix some "the the" in the man page Use the right maximum path length Don't treat 192_1_2, when passed to -i, as an interface number Friday April 3, 2012. mcr@sandelman.ca. Summary for 4.3.0 tcpdump release fixes for forces: SPARSE data (per RFC 5810) some more test cases added updates to documentation on -l, -U and -w flags. Fix printing of BGP optional headers. Tried to include DLT_PFSYNC support, failed due to headers required. added TIPC support. Fix LLDP Network Policy bit definitions. fixes for IGMPv3's Max Response Time: it is in units of 0.1 second. SIGUSR1 can be used rather than SIGINFO for stats permit -n flag to affect print-ip for protocol numbers ND_OPT_ADVINTERVAL is in milliseconds, not seconds Teach PPPoE parser about RFC 4638 Friday December 9, 2011. guy@alum.mit.edu. Summary for 4.2.1 tcpdump release Only build the Babel printer if IPv6 is enabled. Support Babel on port 6696 as well as 6697. Include ppi.h in release tarball. Include all the test files in the release tarball, and don't "include" test files that no longer exist. Don't assume we have - check for it. Support "-T carp" as a way of dissecting IP protocol 112 as CARP rather than VRRP. Support Hilscher NetAnalyzer link-layer header format. Constify some pointers and fix compiler warnings. Get rid of never-true test. Fix an unintended fall-through in a case statement in the ARP printer. Fix several cases where sizeof(sizeof(XXX)) was used when just sizeof(XXX) was intended. Make stricter sanity checks in the ES-IS printer. Get rid of some GCCisms that caused builds to fai with compilers that don't support them. Fix typo in man page. Added length checks to Babel printer. Sunday July 24, 2011. mcr@sandelman.ca. Summary for 4.2.+ merged 802.15.4 decoder from Dmitry Eremin-Solenikov updates to forces for new port numbers Use "-H", not "-h", for the 802.11s option. (-h always help) Better ICMPv6 checksum handling. add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12 get rid of uuencoded pcap test files, git can do binary. sFlow changes for 64-bit counters. fixes for PPI packet header handling and printing. Add DCB Exchange protocol (DCBX) version 1.01. Babel dissector, from Juliusz Chroboczek and Grégoire Henry. improvements to radiotap for rate values > 127. Many improvements to ForCES decode, including fix SCTP TML port updated RPL type code to RPL-17 draft Improve printout of DHCPv6 options. added support and test case for QinQ (802.1q VLAN) packets Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4. Build fixes for Sparc and other machines with alignment restrictions. Merged changes from Debian package. PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options. Build fixes for OSX (Snow Leopard and others) Add support for IEEE 802.15.4 packets Tue. July 20, 2010. guy@alum.mit.edu. Summary for 4.1.2 tcpdump release If -U is specified, flush the file after creating it, so it's not zero-length Fix TCP flags output description, and some typoes, in the man page Add a -h flag, and only attempt to recognize 802.11s mesh headers if it's set When printing the link-layer type list, send *all* output to stderr Include the CFLAGS setting when configure was run in the compiler flags Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6) Mon. October 27, 2008. ken@netfunctional.ca. Summary for 4.0.0 tcpdump release Add support for Bluetooth Sniffing Add support for Realtek Remote Control Protocol (openrrcp.org.ru) Add support for 802.11 AVS Add support for SMB over TCP Add support for 4 byte BGP AS printing Add support for compiling on case-insensitive file systems Add support for ikev2 printing Update support for decoding AFS Update DHCPv6 printer Use newer libpcap API's (allows -B option on all platforms) Add -I to turn on monitor mode Bugfixes in lldp, lspping, dccp, ESP, NFS printers Cleanup unused files and various cruft Mon. September 10, 2007. ken@xelerance.com. Summary for 3.9.8 tcpdump release Rework ARP printer Rework OSPFv3 printer Add support for Frame-Relay ARP Decode DHCP Option 121 (RFC 3442 Classless Static Route) Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121 TLV: Add support for Juniper .pcap extensions Print EGP header in new-world-order style Converted print-isakmp.c to NETDISSECT Moved AF specific stuff into af.h Test subsystem now table driven, and saves outputs and diffs to one place Require for pf definitions - allows reading of pflog formatted libpcap files on an OS other than where the file was generated Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release NFS: Print unsigned values as such. RX: parse safely. BGP: fixes for IPv6-less builds. 801.1ag: use standard codepoint. use /dev/bpf on systems with such a device. 802.11: print QoS data, avoid dissect of no-data frame, ignore padding. smb: make sure that we haven't gone past the end of the captured data. smb: squelch an uninitialized complaint from coverity. NFS: from NetBSD; don't interpret the reply as a possible NFS reply if it got MSG_DENIED. BGP: don't print TLV values that didn't fit, from www.digit-labs.org. revised INSTALL.txt about libpcap dependancy. Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release Update man page to reflect changes to libpcap Changes to both TCP and IP Printer Output Fix a potential buffer overflow in the 802.11 printer Print basic info about a few more Cisco LAN protocols. mDNS cleanup ICMP MPLS rework of the extension code bugfix: use the correct codepoint for the OSPF simple text auth token entry, and use safeputs to print the password. Add support in pflog for additional values Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects Add support for the Message-id NACK c-type. Add support for 802.3ah loopback ctrl msg Add support for Multiple-STP as per 802.1s Add support for rapid-SPT as per 802.1w Add support for CFM Link-trace msg, Link-trace-Reply msg, Sender-ID tlv, private tlv, port, interface status Add support for unidirectional link detection as per http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt Add support for the olsr protocol as per RFC 3626 plus the LQ extensions from olsr.org Add support for variable-length checksum in DCCP, as per section 9 of RFC 4340. Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree Add support for Multiple-STP as per 802.1s Add support for the cisco propriatry 'dynamic trunking protocol' Add support for the cisco proprietary VTP protocol Update dhcp6 options table as per IETF standardization activities Tue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release Fix compiling on AIX (, at end of ENUM) Updated list of DNS RR typecodes Use local Ethernet defs on WIN32 Add support for Frame-Relay ARP Fixes for compiling under MSVC++ Add support for parsing Juniper .pcap files Add support for FRF.16 Multilink Frame-Relay (DLT_MFR) Rework the OSPFv3 printer Fix printing for 4.4BSD/NetBSD NFS Filehandles Add support for Cisco style NLPID encapsulation Add cisco prop. eigrp related, extended communities Add support for BGP signaled VPLS Cleanup the bootp printer Add support for PPP over Frame-Relay Add some bounds checking to the IP options code, and clean up the options output a bit. Add additional modp groups to ISAKMP printer Add support for Address-Withdraw and Label-Withdraw Msgs Add support for the BFD Discriminator TLV Fixes for 64bit compiling Add support for PIMv2 checksum verification Add support for further dissection of the IPCP Compression Option Add support for Cisco's proposed VQP protocol Add basic support for keyed authentication TCP option Lots of minor cosmetic changes to output printers Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release Decoder support for more Juniper link-layer types Fix a potential buffer overflow (although it can't occur in practice). Fix the handling of unknown management frame types in the 802.11 printer. Add FRF.16 support, fix various Frame Relay bugs. Add support for RSVP integrity objects, update fast-reroute object printer to latest spec. Clean up documentation of vlan filter expression, document mpls filter expression. Document new pppoed and pppoes filter expressions. Update diffserver-TE codepoints as per RFC 4124. Spelling fixes in ICMPv6. Don't require any fields other than flags to be present in IS-IS restart signaling TLVs, and only print the system ID in those TLVs as system IDs, not as node IDs. Support for DCCP. Tue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release Option to chroot() when dropping privs Fixes for compiling on nearly every platform, including improved 64bit support Many new testcases Support for sending packets Many compliation fixes on most platforms Fixes for recent version of GCC to eliminate warnings Improved Unicode support Decoders & DLT Changes, Updates and New: AES ESP support Juniper ATM, FRF.15, FRF.16, PPPoE, ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC GGSN,ES,MONITOR,SERVICES L2VPN Axent Raptor/Symantec Firewall TCP-MD5 (RFC 2385) ESP-in-UDP (RFC 3948) ATM OAM LMP, LMP Service Discovery IP over FC IP over IEEE 1394 BACnet MS/TP SS7 LDP over TCP LACP, MARKER as per 802.3ad PGM (RFC 3208) LSP-PING G.7041/Y.1303 Generic Framing Procedure EIGRP-IP, EIGRP-IPX ICMP6 Radio - via radiotap DHCPv6 HDLC over PPP Tue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release No changes from 3.8.2. Version bumped only to maintain consistency with libpcap 0.8.3. Mon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release Fixes for print-isakmp.c CVE: CAN-2004-0183, CAN-2004-0184 http://www.rapid7.com/advisories/R7-0017.html IP-over-IEEE1394 printing. some MINGW32 changes. updates for autoconf 2.5 fixes for print-aodv.c - check for too short packets formatting changes to print-ascii for hex output. check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c, print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c, print-ip.c, print-lwres.c, print-ospf.c, print-pim.c, print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c print-ether.c - better handling of unknown types. print-isoclns.c - additional decoding of types. print-llc.c - strings for LLC names added. print-pfloc.c - various enhancements print-radius.c - better decoding to strings. Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release changed syntax of -E argument so that multiple SAs can be decrypted fixes for Digital Unix headers and Documentation __attribute__ fixes CDP changes from Terry Kennedy . IPv6 mobility updates from Kazushi Sugyo Fixes for ASN.1 decoder for 2.100.3 forms. Added a count of packets received and processed to clarify numbers. Incorporated WinDUMP patches for Win32 builds. PPPoE payload length headers. Fixes for HP C compiler builds. Use new pcap_breakloop() and pcap_findalldevs() if we can. BGP output split into multiple lines. Fixes to 802.11 decoding. Fixes to PIM decoder. SuperH is a CPU that can't handle unaligned access. Many fixes for unaligned access work. Fixes to Frame-Relay decoder for Q.933/922 frames. Clarified when Solaris can do captures as non-root. Added tests/ subdir for examples/regression tests. New -U flag. -flush stdout after every packet New -A flag -print ascii only support for decoding IS-IS inside Cisco HDLC Frames more verbosity for tftp decoder mDNS decoder new BFD decoder cross compilation patches RFC 3561 AODV support. UDP/TCP pseudo-checksum properly for source-route options. sanitized all files to modified BSD license Add support for RFC 2625 IP-over-Fibre Channel. fixes for DECnet support. Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI. RFC 2684 encapsulation of BPDUs. Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release Fixed infinite loop when parsing malformed isakmp packets. (reported by iDefense; already fixed in CVS) Fixed infinite loop when parsing malformed BGP packets. Fixed buffer overflow with certain malformed NFS packets. Pretty-print unprintable network names in 802.11 printer. Handle truncated nbp (appletalk) packets. Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt Print IP protocol name even if we don't have a printer for it. Print IP protocol name or number for fragments. Print the whole MPLS label stack, not just the top label. Print request header and file handle for NFS v3 FSINFO and PATHCONF requests. Fix NFS packet truncation checks. Handle "old" DR-Priority and Bidir-Capable PIM HELLO options. Handle unknown RADIUS attributes properly. Fix an ASN.1 parsing error that would cause e.g. the OID 2.100.3 to be misrepresented as 4.20.3 . Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log. keyword "ipx" added. Better OSI/802.2 support on Linux. IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net. LLC SAP support for FDDI/token ring/RFC-1483 style ATM BXXP protocol was replaced by the BEEP protocol; improvements to SNAP demux. Changes to "any" interface documentation. Documentation on pcap_stats() counters. Fix a memory leak found by Miklos Szeredi - pcap_ether_aton(). Added MPLS encapsulation decoding per RFC3032. DNS dissector handles TKEY, TSIG and IXFR. adaptive SLIP interface patch from Igor Khristophorov SMB printing has much improved bounds checks OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging Zephyr support, from Nickolai Zeldovich . Solaris - devices with digits in them. Stefan Hudson IPX socket 0x85be is for Cisco EIGRP over IPX. Improvements to fragmented ESP handling. SCTP support from Armando L. Caro Jr. Linux ARPHDR_ATM support fixed. Added a "netbeui" keyword, which selects NetBEUI packets. IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option. Handle ARPHDR_HDLC from Marcus Felipe Pereira . Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm" Better Linux libc5 compat. BIND9 lwres dissector added. MIPS and SPARC get strict alignment macros (affects print-bgp.c) Apple LocalTalk LINKTYPE_ reserved. New time stamp formats documented. DHCP6 updated to draft-22.txt spec. ICMP types/codes now accept symbolic names. Add SIGINFO handler from LBL encrypted CIPE tunnels in IRIX, from Franz Schaefer . now we are -Wstrict-prototype clean. NetBSD DLT_PPP_ETHER; adapted from Martin Husemann . PPPoE dissector cleaned up. Support for LocalTalk hardware, from Uns Lider . In dissector, now the caller prints the IP addresses rather than proto. cjclark@alum.mit.edu: print the IP proto for non-initial fragments. LLC frames with a DSAP and LSAP of 0xe0 are IPX frames. Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX. captures on the "any" device won't be done in promiscuous mode Token Ring support on DLPI - Onno van der Linden ARCNet support, from NetBSD. HSRP dissector, from Julian Cowley . Handle (GRE-encapsulated) PPTP added -C option to rotate save file every optarg * 1,000,000 bytes. support for "vrrp" name - NetBSD, by Klaus Klein . PPTP support, from Motonori Shindo . IS-IS over PPP support, from Hannes Gredler . CNFP support for IPv6,format. Harry Raaymakers . ESP printing updated to RFC2406. HP-UX can now handle large number of PPAs. MSDP printer added. L2TP dissector improvements from Motonori Shindo. Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release Cleaned up documentation. Promisc mode fixes for Linux IPsec changes/cleanups. Alignment fixes for picky architectures Removed dependency on native headers for packet dissectors. Removed Linux specific headers that were shipped libpcap changes provide for exchanging capture files between systems. Save files now have well known PACKET_ values instead of depending upon system dependant mappings of DLT_* types. Support for computing/checking IP and UDP/TCP checksums. Updated autoconf stock files. IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6, Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp, timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk Added filtering support for: VLANs, ESIS, ISIS Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP, L2TP, PPPoE HP-UX 11.0 -- find the right dlpi device. Solaris 8 - IPv6 works Linux - Added support for an "any" device to capture on all interfaces Security fixes: buffer overrun audit done. Strcpy replaced with strlcpy, sprintf replaced with snprintf. Look for lex problems, and warn about them. v3.5 Fri Jan 28 18:00:00 PST 2000 Bill Fenner - switch to config.h for autoconf - unify RCSID strings - Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser - Really fix the RIP printer - Fix MAC address -> name translation. - some -Wall -Wformat fixes - update makemib to parse much of SMIv2 - Print TCP sequence # with -vv even if you normally wouldn't - Print as much of IP/TCP/UDP headers as possible even if truncated. itojun@iijlab.net - -X will make a ascii dump. from netbsd. - telnet command sequence decoder (ff xx xx). from netbsd. - print-bgp.c: improve options printing. ugly code exists for unaligned option parsing (need some fix). - const poisoning in SMB decoder. - -Wall -Werror clean checks. - bring in KAME IPv6/IPsec decoding code. Assar Westerlund - SNMPv2 and SNMPv3 printer - If compiled with libsmi, tcpdump can load MIBs on the fly to decode SNMP packets. - Incorporate NFS parsing code from NetBSD. Adds support for nfsv3. - portability fixes - permit building in different directories. Ken Hornstein - bring in code at /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing AFS3 packets Andrew Tridgell - SMB printing code Love - print-rx.c: add code for printing MakeDir and StoreStatus. Also change date format to the right one. Michael C. Richardson - Created tcpdump.org repository v3.4 Sat Jul 25 12:40:55 PDT 1998 - Hardwire Linux slip support since it's too hard to detect. - Redo configuration of "network" libraries (-lsocket and -lnsl) to deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu) - Added -a which tries to translate network and broadcast addresses to names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl) - Added a configure option to disable gcc. - Added a "raw" packet printer. - Not having an interface address is no longer fatal. Requested by John Hawkinson. - Rework signal setup to accommodate Linux. - OSPF truncation check fix. Also display the type of OSPF packets using MD5 authentication. Thanks to Brian Wellington (bwelling@tis.com) - Fix truncation check bugs in the Kerberos printer. Reported by Ezra Peisach (epeisach@mit.edu) - Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka (plonka@mfa.com) - Specify full install target as a way of detecting if install directory does not exist. Thanks to Dave Plonka. - Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie (paul@vix.com) - Fix off-by-one bug when testing size of ethernet packets. Thanks to Marty Leisner (leisner@sdsp.mc.xerox.com) - Add a local autoconf macro to check for routines in libraries; the autoconf version is broken (it only puts the library name in the cache variable name). Thanks to John Hawkinson. - Add a local autoconf macro to check for types; the autoconf version is broken (it uses grep instead of actually compiling a code fragment). - Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header formats. - Extend OSF ip header workaround to versions 1 and 2. - Fix some signed problems in the nfs printer. As reported by David Sacerdote (davids@silence.secnet.com) - Detect group wheel and use it as the default since BSD/OS' install can't hack numeric groups. Reported by David Sacerdote. - AIX needs special loader options. Thanks to Jonathan I. Kamens (jik@cam.ov.com) - Fixed the nfs printer to print port numbers in decimal. Thanks to Kent Vander Velden (graphix@iastate.edu) - Find installed libpcap in /usr/local/lib when not using gcc. - Disallow network masks with non-network bits set. - Attempt to detect "egcs" versions of gcc. - Add missing closing double quotes when displaying bootp strings. Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca) v3.3 Sat Nov 30 20:56:27 PST 1996 - Added Linux support. - GRE encapsulated packet printer thanks to John Hawkinson (jhawk@mit.edu) - Rewrite gmt2local() to avoid problematic os dependencies. - Suppress nfs truncation message on errors. - Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro. Reported by Joachim Ott (ott@ardala.han.de) - Enable "ip_hl vs. ip_vhl" workaround for OSF4 too. - Print arp hardware type in host order. Thanks to Onno van der Linden (onno@simplex.nl) - Avoid solaris compiler warnings. Thanks to Bruce Barnett (barnett@grymoire.crd.ge.com) - Fix rip printer to not print one more route than is actually in the packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and Bill Fenner (fenner@parc.xerox.com) - Use autoconf endian detection since BYTE_ORDER isn't defined on all systems. - Fix dvmrp printer truncation checks and add a dvmrp probe printer. Thanks to Danny J. Mitzel (mitzel@ipsilon.com) - Rewrite ospf printer to improve truncation checks. - Don't parse tcp options past the EOL. As noted by David Sacerdote (davids@secnet.com). Also, check tcp options to make sure they ar actually in the tcp header (in addition to the normal truncation checks). Fix the SACK code to print the N blocks (instead of the first block N times). - Don't say really small UDP packets are truncated just because they aren't big enough to be a RPC. As noted by David Sacerdote. v3.2.1 Sun Jul 14 03:02:26 PDT 1996 - Added rfc1716 icmp codes as suggested by Martin Fredriksson (martin@msp.se) - Print mtu for icmp unreach need frag packets. Thanks to John Hawkinson (jhawk@mit.edu) - Decode icmp router discovery messages. Thanks to Jeffrey Honig (jch@bsdi.com) - Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida (kushida@trl.ibm.co.jp) - Check igmp checksum if possible. Thanks to John Hawkinson. - Made changes for SINIX. Thanks to Andrej Borsenkow (borsenkow.msk@sni.de) - Use autoconf's idea of the top level directory in install targets. Thanks to John Hawkinson. - Avoid infinite loop in tcp options printing code. Thanks to Jeffrey Mogul (mogul@pa.dec.com) - Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. Thanks to John Hawkinson. - Added some more packet truncation checks. - On systems that have it, use sigset() instead of signal() since signal() has different semantics on these systems. - Fixed some more alignment problems on the alpha. - Add code to massage unprintable characters in the domain and ipx printers. Thanks to John Hawkinson. - Added explicit netmask support. Thanks to Steve Nuchia (steve@research.oknet.com) - Add "sca" keyword (for DEC cluster services) as suggested by Terry Kennedy (terry@spcvxa.spc.edu) - Add "atalk" keyword as suggested by John Hawkinson. - Added an igrp printer. Thanks to Francis Dupont (francis.dupont@inria.fr) - Print IPX net numbers in hex a la Novell Netware. Thanks to Terry Kennedy (terry@spcvxa.spc.edu) - Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin (pascal.hennequin@hugo.int-evry.fr) - Added some ETHERTYPEs missing on some systems. - Added truncated packet macros and various checks. - Fixed endian problems with the DECnet printer. - Use $CC when checking gcc version. Thanks to Carl Lindberg (carl_lindberg@blacksmith.com) - Fixes for AIX (although this system is not yet supported). Thanks to John Hawkinson. - Fix bugs in the autoconf misaligned accesses code fragment. - Include sys/param.h to get BYTE_ORDER in a few places. Thanks to Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) v3.2 Sun Jun 23 02:28:10 PDT 1996 - Print new icmp unreachable codes as suggested by Martin Fredriksson (martin@msp.se). Also print code value when unknown for icmp redirect and time exceeded. - Fix an alignment endian bug in getname(). Thanks to John Hawkinson. - Define "new" domain record types if not found in arpa/nameserv.h. Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also fixed an endian bug when printing mx record and added some new record types. - Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) - Added T/TCP options printing. As suggested by Richard Stevens (rstevens@noao.edu) - Use autoconf to detect architectures that can't handle misaligned accesses. v3.1 Thu Jun 13 20:59:32 PDT 1996 - Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd and bind (as suggested by Charles Hannum). - Port to GNU autoconf. - Add support for printing DVMRP and PIM traffic thanks to Havard Eidnes (Havard.Eidnes@runit.sintef.no). - Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian define being referenced. Reported by Terry Kennedy. - Minor fixes to the man page thanks to Mark Andrews. - Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah (bmah@cs.berkeley.edu). - Added support for new dns types, thanks to Rainer Orth. - Fixed tftp_print() to print the block number for ACKs. - Document -dd and -ddd. Resulted from a bug report from Charlie Slater (cslater@imatek.com). - Check return status from malloc/calloc/etc. - Check return status from pcap_loop() so we can print an error and exit with a bad status if there were problems. - Bail if ip option length is <= 0. Resulted from a bug report from Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). - Print out a little more information for sun rpc packets. - Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). - Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were wrong on little endian machines). - Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford (crawdad@fnal.gov). - Fix ntp_print() to not print garbage when the stratum is "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). - Rewrote tcp options printer code to check for truncation. Added selective acknowledgment case. - Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig (jch@bsdi.com) - Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one octet for the sa_family member. Thanks to Yoshitaka Tokugawa (toku@dit.co.jp) - Don't checksum ip header if we don't have all of it. Thanks to John Hawkinson (jhawk@mit.edu). - Print out hostnames if possible in egp printer. Thanks to Jeffrey Honig (jhc@bsdi.com) v3.1a1 Wed May 3 19:21:11 PDT 1995 - Include time.h when SVR4 is defined to avoid problems under Solaris 2.3. - Fix etheraddr_string() in the ETHER_SERVICE to return the saved strings, not the local buffer. Thanks to Stefan Petri (petri@ibr.cs.tu-bs.de). - Detect when pcap raises the snaplen (e.g. with snit). Print a warning that the selected value was not used. Thanks to Pascal Hennequin (Pascal.Hennequin@hugo.int-evry.fr). - Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. - BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). v3.0.3 Sun Oct 1 18:35:00 GMT 1995 - Although there never was a 3.0.3 release, the linux boys cleverly "released" one in late 1995. v3.0.2 Thu Apr 20 21:28:16 PDT 1995 - Change configuration to not use gcc v2 flags with gcc v1. - Redo gmt2local() so that it works under BSDI (which seems to return an empty timezone struct from gettimeofday()). Based on report from Terry Kennedy (terry@spcvxa.spc.edu). - Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based on report from Mark Andrews (mandrews@alias.com). - Don't pass cc flags to gcc. Resulted from a bug report from Rainer Orth (ro@techfak.uni-bielefeld.de). - Fixed printout of connection id for uncompressed tcp slip packets. Resulted from a bug report from Richard Stevens (rstevens@noao.edu). - Hack around deficiency in Ultrix's make. - Add ETHERTYPE_TRAIL define which is missing from irix5. v3.0.1 Wed Aug 31 22:42:26 PDT 1994 - Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. v3.0 Mon Jun 20 19:23:27 PDT 1994 - Added support for printing tcp option timestamps thanks to Mark Andrews (mandrews@alias.com). - Reorganize protocol dumpers to take const pointers to packets so they never change the contents (i.e., they used to do endian conversions in place). Previously, whenever more than one pass was taken over the packet, the packet contents would be dumped incorrectly (i.e., the output form -x would be wrong on little endian machines because the protocol dumpers would modify the data). Thanks to Charles Hannum (mycroft@gnu.ai.mit.edu) for reporting this problem. - Added support for decnet protocol dumping thanks to Jeff Mogul (mogul@pa.dec.com). - Fix bug that caused length of packet to be incorrectly printed (off by ether header size) for unknown ethernet types thanks to Greg Miller (gmiller@kayak.mitre.org). - Added support for IPX protocol dumping thanks to Brad Parker (brad@fcr.com). - Added check to verify IP header checksum under -v thanks to Brad Parker (brad@fcr.com). - Move packet capture code to new libpcap library (which is packaged separately). - Prototype everything and assume an ansi compiler. - print-arp.c: Print hardware ethernet addresses if they're not what we expect. - print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). - print-fddi.c: Improvements. Thanks to Jeffrey Mogul (mogul@pa.dec.com). - print-icmp.c: Byte swap netmask before printing. Thanks to Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. - print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. By default, only the inner packet is dumped, appended with the token "(encap)". Under -v, both the inner and output packets are dumped (on the same line). Note that the filter applies to the original packet, not the encapsulated packet. So if you run tcpdump on a net with an IP Multicast tunnel, you cannot filter out the datagrams using the conventional syntax. (You can filter away all the ip-in-ip traffic with "not ip proto 4".) - print-nfs.c: Keep pending rpc's in circular table. Add generic nfs header and remove os dependences. Thanks to Jeffrey Mogul. - print-ospf.c: Improvements. Thanks to Jeffrey Mogul. - tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords Add && and || operators v2.2.1 Tue Jun 6 17:57:22 PDT 1992 - Fix bug with -c flag. v2.2 Fri May 22 17:19:41 PDT 1992 - savefile.c: Remove hack that shouldn't have been exported. Add truncate checks. - Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' matches non-echo/reply ICMP packets. - Many improvements to filter code optimizer. - Added 'multicast' keyword and extended the 'broadcast' keyword can now be so that protocol qualifications are allowed. For example, "ip broadcast" and "ether multicast" are valid filters. - Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel patches to netinet/if_loop.c. - Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. - Added EGP and OSPF printers, thanks to Jeffrey Honig. v2.1 Tue Jan 28 11:00:14 PST 1992 - Internal release (never publically exported). v2.0.1 Sun Jan 26 21:10:10 PDT - Various byte ordering fixes. - Add truncation checks. - inet.c: Support BSD style SIOCGIFCONF. - nametoaddr.c: Handle multi addresses for single host. - optimize.c: Rewritten. - pcap-bpf.c: don't choke when we get ptraced. only set promiscuous for broadcast nets. - print-atal.c: Fix an alignment bug (thanks to stanonik@nprdc.navy.mil) Add missing printf() argument. - print-bootp.c: First attempt at decoding the vendor buffer. - print-domain.c: Fix truncation checks. - print-icmp.c: Calculate length of packets from the ip header. - print-ip.c: Print frag id in decimal (so it's easier to match up with non-frags). Add support for ospf, egp and igmp. - print-nfs.c: Lots of changes. - print-ntp.c: Make some verbose output depend on -v. - print-snmp.c: New version from John LoVerso. - print-tcp.c: Print rfc1072 tcp options. - tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits (microseconds) worth of precision. Fix uid bugs. - A packet dumper has been added (thanks to Jeff Mogul of DECWRL). With this option, you can create an architecture independent binary trace file in real time, without the overhead of the packet printer. At a later time, the packets can be filtered (again) and printed. - BSD is supported. You must have BPF in your kernel. Since the filtering is now done in the kernel, fewer packets are dropped. In fact, with BPF and the packet dumper option, a measly Sun 3/50 can keep up with a busy network. - Compressed SLIP packets can now be dumped, provided you use our SLIP software and BPF. These packets are dumped as any other IP packet; the compressed headers are dumped with the '-e' option. - Machines with little-endian byte ordering are supported (thanks to Jeff Mogul). - Ultrix 4.0 is supported (also thanks to Jeff Mogul). - IBM RT and Stanford Enetfilter support has been added by Rayan Zachariassen . Tcpdump has been tested under both the vanilla Enetfilter interface, and the extended interface (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. - TFTP packets are now printed (requests only). - BOOTP packets are now printed. - SNMP packets are now printed. (thanks to John LoVerso of Xylogics). - Sparc architectures, including the Sparcstation-1, are now supported thanks to Steve McCanne and Craig Leres. - SunOS 4 is now supported thanks to Micky Liu of Columbia University (micky@cunixc.cc.columbia.edu). - IP options are now printed. - RIP packets are now printed. - There's a -v flag that prints out more information than the default (e.g., it will enable printing of IP ttl, tos and id) and -q flag that prints out less (e.g., it will disable interpretation of AppleTalk-in-UDP). - The grammar has undergone substantial changes (if you have an earlier version of tcpdump, you should re-read the manual entry). The most useful change is the addition of an expression syntax that lets you filter on arbitrary fields or values in the packet. E.g., "ip[0] > 0x45" would print only packets with IP options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN packets. The most painful change is that concatenation no longer means "and" -- e.g., you have to say "host foo and port bar" instead of "host foo port bar". The up side to this down is that repeated qualifiers can be omitted, making most filter expressions shorter. E.g., you can now say "ip host foo and (bar or baz)" to look at ip traffic between hosts foo and bar or between hosts foo and baz. [The old way of saying this was "ip host foo and (ip host bar or ip host baz)".] v2.0 Sun Jan 13 12:20:40 PST 1991 - Initial public release. tcpdump-4.7.4/print-icmp.c0000644000026300017510000005455312477706777013617 0ustar mcrmcr/* * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* must come after interface.h */ #include "ip.h" #include "udp.h" #include "ipproto.h" #include "mpls.h" /* * Interface Control Message Protocol Definitions. * Per RFC 792, September 1981. */ /* * Structure of an icmp header. */ struct icmp { uint8_t icmp_type; /* type of message, see below */ uint8_t icmp_code; /* type sub code */ uint16_t icmp_cksum; /* ones complement cksum of struct */ union { uint8_t ih_pptr; /* ICMP_PARAMPROB */ struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ struct ih_idseq { uint16_t icd_id; uint16_t icd_seq; } ih_idseq; uint32_t ih_void; } icmp_hun; #define icmp_pptr icmp_hun.ih_pptr #define icmp_gwaddr icmp_hun.ih_gwaddr #define icmp_id icmp_hun.ih_idseq.icd_id #define icmp_seq icmp_hun.ih_idseq.icd_seq #define icmp_void icmp_hun.ih_void union { struct id_ts { uint32_t its_otime; uint32_t its_rtime; uint32_t its_ttime; } id_ts; struct id_ip { struct ip idi_ip; /* options and then 64 bits of data */ } id_ip; uint32_t id_mask; uint8_t id_data[1]; } icmp_dun; #define icmp_otime icmp_dun.id_ts.its_otime #define icmp_rtime icmp_dun.id_ts.its_rtime #define icmp_ttime icmp_dun.id_ts.its_ttime #define icmp_ip icmp_dun.id_ip.idi_ip #define icmp_mask icmp_dun.id_mask #define icmp_data icmp_dun.id_data }; #define ICMP_MPLS_EXT_EXTRACT_VERSION(x) (((x)&0xf0)>>4) #define ICMP_MPLS_EXT_VERSION 2 /* * Lower bounds on packet lengths for various types. * For the error advice packets must first insure that the * packet is large enought to contain the returned ip header. * Only then can we do the check to see if 64 bits of packet * data have been returned, since we need to check the returned * ip header length. */ #define ICMP_MINLEN 8 /* abs minimum */ #define ICMP_EXTD_MINLEN (156 - sizeof (struct ip)) /* draft-bonica-internet-icmp-08 */ #define ICMP_TSLEN (8 + 3 * sizeof (uint32_t)) /* timestamp */ #define ICMP_MASKLEN 12 /* address mask */ #define ICMP_ADVLENMIN (8 + sizeof (struct ip) + 8) /* min */ #define ICMP_ADVLEN(p) (8 + (IP_HL(&(p)->icmp_ip) << 2) + 8) /* N.B.: must separately check that ip_hl >= 5 */ /* * Definition of type and code field values. */ #define ICMP_ECHOREPLY 0 /* echo reply */ #define ICMP_UNREACH 3 /* dest unreachable, codes: */ #define ICMP_UNREACH_NET 0 /* bad net */ #define ICMP_UNREACH_HOST 1 /* bad host */ #define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */ #define ICMP_UNREACH_PORT 3 /* bad port */ #define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */ #define ICMP_UNREACH_SRCFAIL 5 /* src route failed */ #define ICMP_UNREACH_NET_UNKNOWN 6 /* unknown net */ #define ICMP_UNREACH_HOST_UNKNOWN 7 /* unknown host */ #define ICMP_UNREACH_ISOLATED 8 /* src host isolated */ #define ICMP_UNREACH_NET_PROHIB 9 /* prohibited access */ #define ICMP_UNREACH_HOST_PROHIB 10 /* ditto */ #define ICMP_UNREACH_TOSNET 11 /* bad tos for net */ #define ICMP_UNREACH_TOSHOST 12 /* bad tos for host */ #define ICMP_SOURCEQUENCH 4 /* packet lost, slow down */ #define ICMP_REDIRECT 5 /* shorter route, codes: */ #define ICMP_REDIRECT_NET 0 /* for network */ #define ICMP_REDIRECT_HOST 1 /* for host */ #define ICMP_REDIRECT_TOSNET 2 /* for tos and net */ #define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */ #define ICMP_ECHO 8 /* echo service */ #define ICMP_ROUTERADVERT 9 /* router advertisement */ #define ICMP_ROUTERSOLICIT 10 /* router solicitation */ #define ICMP_TIMXCEED 11 /* time exceeded, code: */ #define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */ #define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */ #define ICMP_PARAMPROB 12 /* ip header bad */ #define ICMP_PARAMPROB_OPTABSENT 1 /* req. opt. absent */ #define ICMP_TSTAMP 13 /* timestamp request */ #define ICMP_TSTAMPREPLY 14 /* timestamp reply */ #define ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_ERRTYPE(type) \ ((type) == ICMP_UNREACH || (type) == ICMP_SOURCEQUENCH || \ (type) == ICMP_REDIRECT || (type) == ICMP_TIMXCEED || \ (type) == ICMP_PARAMPROB) #define ICMP_MPLS_EXT_TYPE(type) \ ((type) == ICMP_UNREACH || \ (type) == ICMP_TIMXCEED || \ (type) == ICMP_PARAMPROB) /* rfc1700 */ #ifndef ICMP_UNREACH_NET_UNKNOWN #define ICMP_UNREACH_NET_UNKNOWN 6 /* destination net unknown */ #endif #ifndef ICMP_UNREACH_HOST_UNKNOWN #define ICMP_UNREACH_HOST_UNKNOWN 7 /* destination host unknown */ #endif #ifndef ICMP_UNREACH_ISOLATED #define ICMP_UNREACH_ISOLATED 8 /* source host isolated */ #endif #ifndef ICMP_UNREACH_NET_PROHIB #define ICMP_UNREACH_NET_PROHIB 9 /* admin prohibited net */ #endif #ifndef ICMP_UNREACH_HOST_PROHIB #define ICMP_UNREACH_HOST_PROHIB 10 /* admin prohibited host */ #endif #ifndef ICMP_UNREACH_TOSNET #define ICMP_UNREACH_TOSNET 11 /* tos prohibited net */ #endif #ifndef ICMP_UNREACH_TOSHOST #define ICMP_UNREACH_TOSHOST 12 /* tos prohibited host */ #endif /* rfc1716 */ #ifndef ICMP_UNREACH_FILTER_PROHIB #define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohibited filter */ #endif #ifndef ICMP_UNREACH_HOST_PRECEDENCE #define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host precedence violation */ #endif #ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* precedence cutoff */ #endif /* Most of the icmp types */ static const struct tok icmp2str[] = { { ICMP_ECHOREPLY, "echo reply" }, { ICMP_SOURCEQUENCH, "source quench" }, { ICMP_ECHO, "echo request" }, { ICMP_ROUTERSOLICIT, "router solicitation" }, { ICMP_TSTAMP, "time stamp request" }, { ICMP_TSTAMPREPLY, "time stamp reply" }, { ICMP_IREQ, "information request" }, { ICMP_IREQREPLY, "information reply" }, { ICMP_MASKREQ, "address mask request" }, { 0, NULL } }; /* Formats for most of the ICMP_UNREACH codes */ static const struct tok unreach2str[] = { { ICMP_UNREACH_NET, "net %s unreachable" }, { ICMP_UNREACH_HOST, "host %s unreachable" }, { ICMP_UNREACH_SRCFAIL, "%s unreachable - source route failed" }, { ICMP_UNREACH_NET_UNKNOWN, "net %s unreachable - unknown" }, { ICMP_UNREACH_HOST_UNKNOWN, "host %s unreachable - unknown" }, { ICMP_UNREACH_ISOLATED, "%s unreachable - source host isolated" }, { ICMP_UNREACH_NET_PROHIB, "net %s unreachable - admin prohibited" }, { ICMP_UNREACH_HOST_PROHIB, "host %s unreachable - admin prohibited" }, { ICMP_UNREACH_TOSNET, "net %s unreachable - tos prohibited" }, { ICMP_UNREACH_TOSHOST, "host %s unreachable - tos prohibited" }, { ICMP_UNREACH_FILTER_PROHIB, "host %s unreachable - admin prohibited filter" }, { ICMP_UNREACH_HOST_PRECEDENCE, "host %s unreachable - host precedence violation" }, { ICMP_UNREACH_PRECEDENCE_CUTOFF, "host %s unreachable - precedence cutoff" }, { 0, NULL } }; /* Formats for the ICMP_REDIRECT codes */ static const struct tok type2str[] = { { ICMP_REDIRECT_NET, "redirect %s to net %s" }, { ICMP_REDIRECT_HOST, "redirect %s to host %s" }, { ICMP_REDIRECT_TOSNET, "redirect-tos %s to net %s" }, { ICMP_REDIRECT_TOSHOST, "redirect-tos %s to host %s" }, { 0, NULL } }; /* rfc1191 */ struct mtu_discovery { uint16_t unused; uint16_t nexthopmtu; }; /* rfc1256 */ struct ih_rdiscovery { uint8_t ird_addrnum; uint8_t ird_addrsiz; uint16_t ird_lifetime; }; struct id_rdiscovery { uint32_t ird_addr; uint32_t ird_pref; }; /* * draft-bonica-internet-icmp-08 * * The Destination Unreachable, Time Exceeded * and Parameter Problem messages are slighly changed as per * the above draft. A new Length field gets added to give * the caller an idea about the length of the piggypacked * IP packet before the MPLS extension header starts. * * The Length field represents length of the padded "original datagram" * field measured in 32-bit words. * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Type | Code | Checksum | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | unused | Length | unused | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Internet Header + leading octets of original datagram | * | | * | // | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct icmp_ext_t { uint8_t icmp_type; uint8_t icmp_code; uint8_t icmp_checksum[2]; uint8_t icmp_reserved; uint8_t icmp_length; uint8_t icmp_reserved2[2]; uint8_t icmp_ext_legacy_header[128]; /* extension header starts 128 bytes after ICMP header */ uint8_t icmp_ext_version_res[2]; uint8_t icmp_ext_checksum[2]; uint8_t icmp_ext_data[1]; }; struct icmp_mpls_ext_object_header_t { uint8_t length[2]; uint8_t class_num; uint8_t ctype; }; static const struct tok icmp_mpls_ext_obj_values[] = { { 1, "MPLS Stack Entry" }, { 2, "Extended Payload" }, { 0, NULL} }; /* prototypes */ const char *icmp_tstamp_print(u_int); /* print the milliseconds since midnight UTC */ const char * icmp_tstamp_print(u_int tstamp) { u_int msec,sec,min,hrs; static char buf[64]; msec = tstamp % 1000; sec = tstamp / 1000; min = sec / 60; sec -= min * 60; hrs = min / 60; min -= hrs * 60; snprintf(buf, sizeof(buf), "%02u:%02u:%02u.%03u",hrs,min,sec,msec); return buf; } void icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char *bp2, int fragmented) { char *cp; const struct icmp *dp; const struct icmp_ext_t *ext_dp; const struct ip *ip; const char *str, *fmt; const struct ip *oip; const struct udphdr *ouh; const uint8_t *obj_tptr; uint32_t raw_label; const u_char *snapend_save; const struct icmp_mpls_ext_object_header_t *icmp_mpls_ext_object_header; u_int hlen, dport, mtu, obj_tlen, obj_class_num, obj_ctype; char buf[MAXHOSTNAMELEN + 100]; struct cksum_vec vec[1]; dp = (struct icmp *)bp; ext_dp = (struct icmp_ext_t *)bp; ip = (struct ip *)bp2; str = buf; ND_TCHECK(dp->icmp_code); switch (dp->icmp_type) { case ICMP_ECHO: case ICMP_ECHOREPLY: ND_TCHECK(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), "echo %s, id %u, seq %u", dp->icmp_type == ICMP_ECHO ? "request" : "reply", EXTRACT_16BITS(&dp->icmp_id), EXTRACT_16BITS(&dp->icmp_seq)); break; case ICMP_UNREACH: ND_TCHECK(dp->icmp_ip.ip_dst); switch (dp->icmp_code) { case ICMP_UNREACH_PROTOCOL: ND_TCHECK(dp->icmp_ip.ip_p); (void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable", ipaddr_string(ndo, &dp->icmp_ip.ip_dst), dp->icmp_ip.ip_p); break; case ICMP_UNREACH_PORT: ND_TCHECK(dp->icmp_ip.ip_p); oip = &dp->icmp_ip; hlen = IP_HL(oip) * 4; ouh = (struct udphdr *)(((u_char *)oip) + hlen); ND_TCHECK(ouh->uh_dport); dport = EXTRACT_16BITS(&ouh->uh_dport); switch (oip->ip_p) { case IPPROTO_TCP: (void)snprintf(buf, sizeof(buf), "%s tcp port %s unreachable", ipaddr_string(ndo, &oip->ip_dst), tcpport_string(dport)); break; case IPPROTO_UDP: (void)snprintf(buf, sizeof(buf), "%s udp port %s unreachable", ipaddr_string(ndo, &oip->ip_dst), udpport_string(dport)); break; default: (void)snprintf(buf, sizeof(buf), "%s protocol %d port %d unreachable", ipaddr_string(ndo, &oip->ip_dst), oip->ip_p, dport); break; } break; case ICMP_UNREACH_NEEDFRAG: { register const struct mtu_discovery *mp; mp = (struct mtu_discovery *)(u_char *)&dp->icmp_void; mtu = EXTRACT_16BITS(&mp->nexthopmtu); if (mtu) { (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag (mtu %d)", ipaddr_string(ndo, &dp->icmp_ip.ip_dst), mtu); } else { (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag", ipaddr_string(ndo, &dp->icmp_ip.ip_dst)); } } break; default: fmt = tok2str(unreach2str, "#%d %%s unreachable", dp->icmp_code); (void)snprintf(buf, sizeof(buf), fmt, ipaddr_string(ndo, &dp->icmp_ip.ip_dst)); break; } break; case ICMP_REDIRECT: ND_TCHECK(dp->icmp_ip.ip_dst); fmt = tok2str(type2str, "redirect-#%d %%s to net %%s", dp->icmp_code); (void)snprintf(buf, sizeof(buf), fmt, ipaddr_string(ndo, &dp->icmp_ip.ip_dst), ipaddr_string(ndo, &dp->icmp_gwaddr)); break; case ICMP_ROUTERADVERT: { register const struct ih_rdiscovery *ihp; register const struct id_rdiscovery *idp; u_int lifetime, num, size; (void)snprintf(buf, sizeof(buf), "router advertisement"); cp = buf + strlen(buf); ihp = (struct ih_rdiscovery *)&dp->icmp_void; ND_TCHECK(*ihp); (void)strncpy(cp, " lifetime ", sizeof(buf) - (cp - buf)); cp = buf + strlen(buf); lifetime = EXTRACT_16BITS(&ihp->ird_lifetime); if (lifetime < 60) { (void)snprintf(cp, sizeof(buf) - (cp - buf), "%u", lifetime); } else if (lifetime < 60 * 60) { (void)snprintf(cp, sizeof(buf) - (cp - buf), "%u:%02u", lifetime / 60, lifetime % 60); } else { (void)snprintf(cp, sizeof(buf) - (cp - buf), "%u:%02u:%02u", lifetime / 3600, (lifetime % 3600) / 60, lifetime % 60); } cp = buf + strlen(buf); num = ihp->ird_addrnum; (void)snprintf(cp, sizeof(buf) - (cp - buf), " %d:", num); cp = buf + strlen(buf); size = ihp->ird_addrsiz; if (size != 2) { (void)snprintf(cp, sizeof(buf) - (cp - buf), " [size %d]", size); break; } idp = (struct id_rdiscovery *)&dp->icmp_data; while (num-- > 0) { ND_TCHECK(*idp); (void)snprintf(cp, sizeof(buf) - (cp - buf), " {%s %u}", ipaddr_string(ndo, &idp->ird_addr), EXTRACT_32BITS(&idp->ird_pref)); cp = buf + strlen(buf); ++idp; } } break; case ICMP_TIMXCEED: ND_TCHECK(dp->icmp_ip.ip_dst); switch (dp->icmp_code) { case ICMP_TIMXCEED_INTRANS: str = "time exceeded in-transit"; break; case ICMP_TIMXCEED_REASS: str = "ip reassembly time exceeded"; break; default: (void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code); break; } break; case ICMP_PARAMPROB: if (dp->icmp_code) (void)snprintf(buf, sizeof(buf), "parameter problem - code %d", dp->icmp_code); else { ND_TCHECK(dp->icmp_pptr); (void)snprintf(buf, sizeof(buf), "parameter problem - octet %d", dp->icmp_pptr); } break; case ICMP_MASKREPLY: ND_TCHECK(dp->icmp_mask); (void)snprintf(buf, sizeof(buf), "address mask is 0x%08x", EXTRACT_32BITS(&dp->icmp_mask)); break; case ICMP_TSTAMP: ND_TCHECK(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), "time stamp query id %u seq %u", EXTRACT_16BITS(&dp->icmp_id), EXTRACT_16BITS(&dp->icmp_seq)); break; case ICMP_TSTAMPREPLY: ND_TCHECK(dp->icmp_ttime); (void)snprintf(buf, sizeof(buf), "time stamp reply id %u seq %u: org %s", EXTRACT_16BITS(&dp->icmp_id), EXTRACT_16BITS(&dp->icmp_seq), icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_otime))); (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", recv %s", icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_rtime))); (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", xmit %s", icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_ttime))); break; default: str = tok2str(icmp2str, "type-#%d", dp->icmp_type); break; } ND_PRINT((ndo, "ICMP %s, length %u", str, plen)); if (ndo->ndo_vflag && !fragmented) { /* don't attempt checksumming if this is a frag */ uint16_t sum, icmp_sum; struct cksum_vec vec[1]; if (ND_TTEST2(*bp, plen)) { vec[0].ptr = (const uint8_t *)(void *)dp; vec[0].len = plen; sum = in_cksum(vec, 1); if (sum != 0) { icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum); ND_PRINT((ndo, " (wrong icmp cksum %x (->%x)!)", icmp_sum, in_cksum_shouldbe(icmp_sum, sum))); } } } /* * print the remnants of the IP packet. * save the snaplength as this may get overidden in the IP printer. */ if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(dp->icmp_type)) { bp += 8; ND_PRINT((ndo, "\n\t")); ip = (struct ip *)bp; ndo->ndo_snaplen = ndo->ndo_snapend - bp; snapend_save = ndo->ndo_snapend; ip_print(ndo, bp, EXTRACT_16BITS(&ip->ip_len)); ndo->ndo_snapend = snapend_save; } /* * Attempt to decode the MPLS extensions only for some ICMP types. */ if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MPLS_EXT_TYPE(dp->icmp_type)) { ND_TCHECK(*ext_dp); /* * Check first if the mpls extension header shows a non-zero length. * If the length field is not set then silently verify the checksum * to check if an extension header is present. This is expedient, * however not all implementations set the length field proper. */ if (!ext_dp->icmp_length) { vec[0].ptr = (const uint8_t *)(void *)&ext_dp->icmp_ext_version_res; vec[0].len = plen - ICMP_EXTD_MINLEN; if (in_cksum(vec, 1)) { return; } } ND_PRINT((ndo, "\n\tMPLS extension v%u", ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)))); /* * Sanity checking of the header. */ if (ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != ICMP_MPLS_EXT_VERSION) { ND_PRINT((ndo, " packet not supported")); return; } hlen = plen - ICMP_EXTD_MINLEN; vec[0].ptr = (const uint8_t *)(void *)&ext_dp->icmp_ext_version_res; vec[0].len = hlen; ND_PRINT((ndo, ", checksum 0x%04x (%scorrect), length %u", EXTRACT_16BITS(ext_dp->icmp_ext_checksum), in_cksum(vec, 1) ? "in" : "", hlen)); hlen -= 4; /* subtract common header size */ obj_tptr = (uint8_t *)ext_dp->icmp_ext_data; while (hlen > sizeof(struct icmp_mpls_ext_object_header_t)) { icmp_mpls_ext_object_header = (struct icmp_mpls_ext_object_header_t *)obj_tptr; ND_TCHECK(*icmp_mpls_ext_object_header); obj_tlen = EXTRACT_16BITS(icmp_mpls_ext_object_header->length); obj_class_num = icmp_mpls_ext_object_header->class_num; obj_ctype = icmp_mpls_ext_object_header->ctype; obj_tptr += sizeof(struct icmp_mpls_ext_object_header_t); ND_PRINT((ndo, "\n\t %s Object (%u), Class-Type: %u, length %u", tok2str(icmp_mpls_ext_obj_values,"unknown",obj_class_num), obj_class_num, obj_ctype, obj_tlen)); hlen-=sizeof(struct icmp_mpls_ext_object_header_t); /* length field includes tlv header */ /* infinite loop protection */ if ((obj_class_num == 0) || (obj_tlen < sizeof(struct icmp_mpls_ext_object_header_t))) { return; } obj_tlen-=sizeof(struct icmp_mpls_ext_object_header_t); switch (obj_class_num) { case 1: switch(obj_ctype) { case 1: ND_TCHECK2(*obj_tptr, 4); raw_label = EXTRACT_32BITS(obj_tptr); ND_PRINT((ndo, "\n\t label %u, exp %u", MPLS_LABEL(raw_label), MPLS_EXP(raw_label))); if (MPLS_STACK(raw_label)) ND_PRINT((ndo, ", [S]")); ND_PRINT((ndo, ", ttl %u", MPLS_TTL(raw_label))); break; default: print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); } break; /* * FIXME those are the defined objects that lack a decoder * you are welcome to contribute code ;-) */ case 2: default: print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); break; } if (hlen < obj_tlen) break; hlen -= obj_tlen; obj_tptr += obj_tlen; } } return; trunc: ND_PRINT((ndo, "[|icmp]")); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-arp.c0000644000026300017510000003230412477367524013430 0ustar mcrmcr/* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "interface.h" #include "addrtoname.h" #include "ether.h" #include "ethertype.h" #include "extract.h" /* must come after interface.h */ static const char tstr[] = "[|ARP]"; /* * Address Resolution Protocol. * * See RFC 826 for protocol description. ARP packets are variable * in size; the arphdr structure defines the fixed-length portion. * Protocol type values are the same as those for 10 Mb/s Ethernet. * It is followed by the variable-sized fields ar_sha, arp_spa, * arp_tha and arp_tpa in that order, according to the lengths * specified. Field names used correspond to RFC 826. */ struct arp_pkthdr { u_short ar_hrd; /* format of hardware address */ #define ARPHRD_ETHER 1 /* ethernet hardware format */ #define ARPHRD_IEEE802 6 /* token-ring hardware format */ #define ARPHRD_ARCNET 7 /* arcnet hardware format */ #define ARPHRD_FRELAY 15 /* frame relay hardware format */ #define ARPHRD_ATM2225 19 /* ATM (RFC 2225) */ #define ARPHRD_STRIP 23 /* Ricochet Starmode Radio hardware format */ #define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */ u_short ar_pro; /* format of protocol address */ u_char ar_hln; /* length of hardware address */ u_char ar_pln; /* length of protocol address */ u_short ar_op; /* one of: */ #define ARPOP_REQUEST 1 /* request to resolve address */ #define ARPOP_REPLY 2 /* response to previous request */ #define ARPOP_REVREQUEST 3 /* request protocol address given hardware */ #define ARPOP_REVREPLY 4 /* response giving protocol address */ #define ARPOP_INVREQUEST 8 /* request to identify peer */ #define ARPOP_INVREPLY 9 /* response identifying peer */ #define ARPOP_NAK 10 /* NAK - only valif for ATM ARP */ /* * The remaining fields are variable in size, * according to the sizes above. */ #ifdef COMMENT_ONLY u_char ar_sha[]; /* sender hardware address */ u_char ar_spa[]; /* sender protocol address */ u_char ar_tha[]; /* target hardware address */ u_char ar_tpa[]; /* target protocol address */ #endif #define ar_sha(ap) (((const u_char *)((ap)+1))+0) #define ar_spa(ap) (((const u_char *)((ap)+1))+ (ap)->ar_hln) #define ar_tha(ap) (((const u_char *)((ap)+1))+ (ap)->ar_hln+(ap)->ar_pln) #define ar_tpa(ap) (((const u_char *)((ap)+1))+2*(ap)->ar_hln+(ap)->ar_pln) }; #define ARP_HDRLEN 8 #define HRD(ap) EXTRACT_16BITS(&(ap)->ar_hrd) #define HRD_LEN(ap) ((ap)->ar_hln) #define PROTO_LEN(ap) ((ap)->ar_pln) #define OP(ap) EXTRACT_16BITS(&(ap)->ar_op) #define PRO(ap) EXTRACT_16BITS(&(ap)->ar_pro) #define SHA(ap) (ar_sha(ap)) #define SPA(ap) (ar_spa(ap)) #define THA(ap) (ar_tha(ap)) #define TPA(ap) (ar_tpa(ap)) static const struct tok arpop_values[] = { { ARPOP_REQUEST, "Request" }, { ARPOP_REPLY, "Reply" }, { ARPOP_REVREQUEST, "Reverse Request" }, { ARPOP_REVREPLY, "Reverse Reply" }, { ARPOP_INVREQUEST, "Inverse Request" }, { ARPOP_INVREPLY, "Inverse Reply" }, { ARPOP_NAK, "NACK Reply" }, { 0, NULL } }; static const struct tok arphrd_values[] = { { ARPHRD_ETHER, "Ethernet" }, { ARPHRD_IEEE802, "TokenRing" }, { ARPHRD_ARCNET, "ArcNet" }, { ARPHRD_FRELAY, "FrameRelay" }, { ARPHRD_STRIP, "Strip" }, { ARPHRD_IEEE1394, "IEEE 1394" }, { ARPHRD_ATM2225, "ATM" }, { 0, NULL } }; /* * ATM Address Resolution Protocol. * * See RFC 2225 for protocol description. ATMARP packets are similar * to ARP packets, except that there are no length fields for the * protocol address - instead, there are type/length fields for * the ATM number and subaddress - and the hardware addresses consist * of an ATM number and an ATM subaddress. */ struct atmarp_pkthdr { u_short aar_hrd; /* format of hardware address */ u_short aar_pro; /* format of protocol address */ u_char aar_shtl; /* length of source ATM number */ u_char aar_sstl; /* length of source ATM subaddress */ #define ATMARP_IS_E164 0x40 /* bit in type/length for E.164 format */ #define ATMARP_LEN_MASK 0x3F /* length of {sub}address in type/length */ u_short aar_op; /* same as regular ARP */ u_char aar_spln; /* length of source protocol address */ u_char aar_thtl; /* length of target ATM number */ u_char aar_tstl; /* length of target ATM subaddress */ u_char aar_tpln; /* length of target protocol address */ /* * The remaining fields are variable in size, * according to the sizes above. */ #ifdef COMMENT_ONLY u_char aar_sha[]; /* source ATM number */ u_char aar_ssa[]; /* source ATM subaddress */ u_char aar_spa[]; /* sender protocol address */ u_char aar_tha[]; /* target ATM number */ u_char aar_tsa[]; /* target ATM subaddress */ u_char aar_tpa[]; /* target protocol address */ #endif #define ATMHRD(ap) EXTRACT_16BITS(&(ap)->aar_hrd) #define ATMSHRD_LEN(ap) ((ap)->aar_shtl & ATMARP_LEN_MASK) #define ATMSSLN(ap) ((ap)->aar_sstl & ATMARP_LEN_MASK) #define ATMSPROTO_LEN(ap) ((ap)->aar_spln) #define ATMOP(ap) EXTRACT_16BITS(&(ap)->aar_op) #define ATMPRO(ap) EXTRACT_16BITS(&(ap)->aar_pro) #define ATMTHRD_LEN(ap) ((ap)->aar_thtl & ATMARP_LEN_MASK) #define ATMTSLN(ap) ((ap)->aar_tstl & ATMARP_LEN_MASK) #define ATMTPROTO_LEN(ap) ((ap)->aar_tpln) #define aar_sha(ap) ((const u_char *)((ap)+1)) #define aar_ssa(ap) (aar_sha(ap) + ATMSHRD_LEN(ap)) #define aar_spa(ap) (aar_ssa(ap) + ATMSSLN(ap)) #define aar_tha(ap) (aar_spa(ap) + ATMSPROTO_LEN(ap)) #define aar_tsa(ap) (aar_tha(ap) + ATMTHRD_LEN(ap)) #define aar_tpa(ap) (aar_tsa(ap) + ATMTSLN(ap)) }; #define ATMSHA(ap) (aar_sha(ap)) #define ATMSSA(ap) (aar_ssa(ap)) #define ATMSPA(ap) (aar_spa(ap)) #define ATMTHA(ap) (aar_tha(ap)) #define ATMTSA(ap) (aar_tsa(ap)) #define ATMTPA(ap) (aar_tpa(ap)) static u_char ezero[6]; static void atmarp_addr_print(netdissect_options *ndo, const u_char *ha, u_int ha_len, const u_char *srca, u_int srca_len) { if (ha_len == 0) ND_PRINT((ndo, "")); else { ND_PRINT((ndo, "%s", linkaddr_string(ndo, ha, LINKADDR_ATM, ha_len))); if (srca_len != 0) ND_PRINT((ndo, ",%s", linkaddr_string(ndo, srca, LINKADDR_ATM, srca_len))); } } static void atmarp_print(netdissect_options *ndo, const u_char *bp, u_int length, u_int caplen) { const struct atmarp_pkthdr *ap; u_short pro, hrd, op; ap = (const struct atmarp_pkthdr *)bp; ND_TCHECK(*ap); hrd = ATMHRD(ap); pro = ATMPRO(ap); op = ATMOP(ap); if (!ND_TTEST2(*aar_tpa(ap), ATMTPROTO_LEN(ap))) { ND_PRINT((ndo, "%s", tstr)); ND_DEFAULTPRINT((const u_char *)ap, length); return; } if (!ndo->ndo_eflag) { ND_PRINT((ndo, "ARP, ")); } if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) || ATMSPROTO_LEN(ap) != 4 || ATMTPROTO_LEN(ap) != 4 || ndo->ndo_vflag) { ND_PRINT((ndo, "%s, %s (len %u/%u)", tok2str(arphrd_values, "Unknown Hardware (%u)", hrd), tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro), ATMSPROTO_LEN(ap), ATMTPROTO_LEN(ap))); /* don't know know about the address formats */ if (!ndo->ndo_vflag) { goto out; } } /* print operation */ ND_PRINT((ndo, "%s%s ", ndo->ndo_vflag ? ", " : "", tok2str(arpop_values, "Unknown (%u)", op))); switch (op) { case ARPOP_REQUEST: ND_PRINT((ndo, "who-has %s", ipaddr_string(ndo, ATMTPA(ap)))); if (ATMTHRD_LEN(ap) != 0) { ND_PRINT((ndo, " (")); atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap), ATMTSA(ap), ATMTSLN(ap)); ND_PRINT((ndo, ")")); } ND_PRINT((ndo, "tell %s", ipaddr_string(ndo, ATMSPA(ap)))); break; case ARPOP_REPLY: ND_PRINT((ndo, "%s is-at ", ipaddr_string(ndo, ATMSPA(ap)))); atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap), ATMSSLN(ap)); break; case ARPOP_INVREQUEST: ND_PRINT((ndo, "who-is ")); atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap), ATMTSA(ap), ATMTSLN(ap)); ND_PRINT((ndo, " tell ")); atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap), ATMSSLN(ap)); break; case ARPOP_INVREPLY: atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap), ATMSSLN(ap)); ND_PRINT((ndo, "at %s", ipaddr_string(ndo, ATMSPA(ap)))); break; case ARPOP_NAK: ND_PRINT((ndo, "for %s", ipaddr_string(ndo, ATMSPA(ap)))); break; default: ND_DEFAULTPRINT((const u_char *)ap, caplen); return; } out: ND_PRINT((ndo, ", length %u", length)); return; trunc: ND_PRINT((ndo, "%s", tstr)); } void arp_print(netdissect_options *ndo, const u_char *bp, u_int length, u_int caplen) { const struct arp_pkthdr *ap; u_short pro, hrd, op, linkaddr; ap = (const struct arp_pkthdr *)bp; ND_TCHECK(*ap); hrd = HRD(ap); pro = PRO(ap); op = OP(ap); /* if its ATM then call the ATM ARP printer for Frame-relay ARP most of the fields are similar to Ethernet so overload the Ethernet Printer and set the linkaddr type for linkaddr_string(ndo, ) accordingly */ switch(hrd) { case ARPHRD_ATM2225: atmarp_print(ndo, bp, length, caplen); return; case ARPHRD_FRELAY: linkaddr = LINKADDR_FRELAY; break; default: linkaddr = LINKADDR_ETHER; break; } if (!ND_TTEST2(*ar_tpa(ap), PROTO_LEN(ap))) { ND_PRINT((ndo, "%s", tstr)); ND_DEFAULTPRINT((const u_char *)ap, length); return; } if (!ndo->ndo_eflag) { ND_PRINT((ndo, "ARP, ")); } /* print hardware type/len and proto type/len */ if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) || PROTO_LEN(ap) != 4 || HRD_LEN(ap) == 0 || ndo->ndo_vflag) { ND_PRINT((ndo, "%s (len %u), %s (len %u)", tok2str(arphrd_values, "Unknown Hardware (%u)", hrd), HRD_LEN(ap), tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro), PROTO_LEN(ap))); /* don't know know about the address formats */ if (!ndo->ndo_vflag) { goto out; } } /* print operation */ ND_PRINT((ndo, "%s%s ", ndo->ndo_vflag ? ", " : "", tok2str(arpop_values, "Unknown (%u)", op))); switch (op) { case ARPOP_REQUEST: ND_PRINT((ndo, "who-has %s", ipaddr_string(ndo, TPA(ap)))); if (memcmp((const char *)ezero, (const char *)THA(ap), HRD_LEN(ap)) != 0) ND_PRINT((ndo, " (%s)", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)))); ND_PRINT((ndo, " tell %s", ipaddr_string(ndo, SPA(ap)))); break; case ARPOP_REPLY: ND_PRINT((ndo, "%s is-at %s", ipaddr_string(ndo, SPA(ap)), linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)))); break; case ARPOP_REVREQUEST: ND_PRINT((ndo, "who-is %s tell %s", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)))); break; case ARPOP_REVREPLY: ND_PRINT((ndo, "%s at %s", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), ipaddr_string(ndo, TPA(ap)))); break; case ARPOP_INVREQUEST: ND_PRINT((ndo, "who-is %s tell %s", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)))); break; case ARPOP_INVREPLY: ND_PRINT((ndo,"%s at %s", linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)), ipaddr_string(ndo, SPA(ap)))); break; default: ND_DEFAULTPRINT((const u_char *)ap, caplen); return; } out: ND_PRINT((ndo, ", length %u", length)); return; trunc: ND_PRINT((ndo, "%s", tstr)); } /* * Local Variables: * c-style: bsd * End: */ tcpdump-4.7.4/print-dhcp6.c0000644000026300017510000005444312431107727013645 0ustar mcrmcr/* * Copyright (C) 1998 and 1999 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * RFC3315: DHCPv6 * supported DHCPv6 options: * RFC3319: Session Initiation Protocol (SIP) Servers options, * RFC3633: IPv6 Prefix options, * RFC3646: DNS Configuration options, * RFC3898: Network Information Service (NIS) Configuration options, * RFC4075: Simple Network Time Protocol (SNTP) Configuration option, * RFC4242: Information Refresh Time option, * RFC4280: Broadcast and Multicast Control Servers options, * RFC5908: Network Time Protocol (NTP) Server Option for DHCPv6 * RFC6334: Dual-Stack Lite option, */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* lease duration */ #define DHCP6_DURATION_INFINITE 0xffffffff /* Error Values */ #define DH6ERR_FAILURE 16 #define DH6ERR_AUTHFAIL 17 #define DH6ERR_POORLYFORMED 18 #define DH6ERR_UNAVAIL 19 #define DH6ERR_OPTUNAVAIL 20 /* Message type */ #define DH6_SOLICIT 1 #define DH6_ADVERTISE 2 #define DH6_REQUEST 3 #define DH6_CONFIRM 4 #define DH6_RENEW 5 #define DH6_REBIND 6 #define DH6_REPLY 7 #define DH6_RELEASE 8 #define DH6_DECLINE 9 #define DH6_RECONFIGURE 10 #define DH6_INFORM_REQ 11 #define DH6_RELAY_FORW 12 #define DH6_RELAY_REPLY 13 #define DH6_LEASEQUERY 14 #define DH6_LQ_REPLY 15 static const struct tok dh6_msgtype_str[] = { { DH6_SOLICIT, "solicit" }, { DH6_ADVERTISE, "advertise" }, { DH6_REQUEST, "request" }, { DH6_CONFIRM, "confirm" }, { DH6_RENEW, "renew" }, { DH6_REBIND, "rebind" }, { DH6_REPLY, "reply" }, { DH6_RELEASE, "release" }, { DH6_DECLINE, "decline" }, { DH6_RECONFIGURE, "reconfigure" }, { DH6_INFORM_REQ, "inf-req" }, { DH6_RELAY_FORW, "relay-fwd" }, { DH6_RELAY_REPLY, "relay-reply" }, { DH6_LEASEQUERY, "leasequery" }, { DH6_LQ_REPLY, "leasequery-reply" }, { 0, NULL } }; /* DHCP6 base packet format */ struct dhcp6 { union { uint8_t m; uint32_t x; } dh6_msgtypexid; /* options follow */ }; #define dh6_msgtype dh6_msgtypexid.m #define dh6_xid dh6_msgtypexid.x #define DH6_XIDMASK 0x00ffffff /* DHCPv6 relay messages */ struct dhcp6_relay { uint8_t dh6relay_msgtype; uint8_t dh6relay_hcnt; uint8_t dh6relay_linkaddr[16]; /* XXX: badly aligned */ uint8_t dh6relay_peeraddr[16]; /* options follow */ }; /* options */ #define DH6OPT_CLIENTID 1 #define DH6OPT_SERVERID 2 #define DH6OPT_IA_NA 3 #define DH6OPT_IA_TA 4 #define DH6OPT_IA_ADDR 5 #define DH6OPT_ORO 6 #define DH6OPT_PREFERENCE 7 # define DH6OPT_PREF_MAX 255 #define DH6OPT_ELAPSED_TIME 8 #define DH6OPT_RELAY_MSG 9 /*#define DH6OPT_SERVER_MSG 10 deprecated */ #define DH6OPT_AUTH 11 # define DH6OPT_AUTHPROTO_DELAYED 2 # define DH6OPT_AUTHPROTO_RECONFIG 3 # define DH6OPT_AUTHALG_HMACMD5 1 # define DH6OPT_AUTHRDM_MONOCOUNTER 0 # define DH6OPT_AUTHRECONFIG_KEY 1 # define DH6OPT_AUTHRECONFIG_HMACMD5 2 #define DH6OPT_UNICAST 12 #define DH6OPT_STATUS_CODE 13 # define DH6OPT_STCODE_SUCCESS 0 # define DH6OPT_STCODE_UNSPECFAIL 1 # define DH6OPT_STCODE_NOADDRAVAIL 2 # define DH6OPT_STCODE_NOBINDING 3 # define DH6OPT_STCODE_NOTONLINK 4 # define DH6OPT_STCODE_USEMULTICAST 5 # define DH6OPT_STCODE_NOPREFIXAVAIL 6 # define DH6OPT_STCODE_UNKNOWNQUERYTYPE 7 # define DH6OPT_STCODE_MALFORMEDQUERY 8 # define DH6OPT_STCODE_NOTCONFIGURED 9 # define DH6OPT_STCODE_NOTALLOWED 10 #define DH6OPT_RAPID_COMMIT 14 #define DH6OPT_USER_CLASS 15 #define DH6OPT_VENDOR_CLASS 16 #define DH6OPT_VENDOR_OPTS 17 #define DH6OPT_INTERFACE_ID 18 #define DH6OPT_RECONF_MSG 19 #define DH6OPT_RECONF_ACCEPT 20 #define DH6OPT_SIP_SERVER_D 21 #define DH6OPT_SIP_SERVER_A 22 #define DH6OPT_DNS_SERVERS 23 #define DH6OPT_DOMAIN_LIST 24 #define DH6OPT_IA_PD 25 #define DH6OPT_IA_PD_PREFIX 26 #define DH6OPT_NIS_SERVERS 27 #define DH6OPT_NISP_SERVERS 28 #define DH6OPT_NIS_NAME 29 #define DH6OPT_NISP_NAME 30 #define DH6OPT_SNTP_SERVERS 31 #define DH6OPT_LIFETIME 32 #define DH6OPT_BCMCS_SERVER_D 33 #define DH6OPT_BCMCS_SERVER_A 34 #define DH6OPT_GEOCONF_CIVIC 36 #define DH6OPT_REMOTE_ID 37 #define DH6OPT_SUBSCRIBER_ID 38 #define DH6OPT_CLIENT_FQDN 39 #define DH6OPT_PANA_AGENT 40 #define DH6OPT_NEW_POSIX_TIMEZONE 41 #define DH6OPT_NEW_TZDB_TIMEZONE 42 #define DH6OPT_ERO 43 #define DH6OPT_LQ_QUERY 44 #define DH6OPT_CLIENT_DATA 45 #define DH6OPT_CLT_TIME 46 #define DH6OPT_LQ_RELAY_DATA 47 #define DH6OPT_LQ_CLIENT_LINK 48 #define DH6OPT_NTP_SERVER 56 # define DH6OPT_NTP_SUBOPTION_SRV_ADDR 1 # define DH6OPT_NTP_SUBOPTION_MC_ADDR 2 # define DH6OPT_NTP_SUBOPTION_SRV_FQDN 3 #define DH6OPT_AFTR_NAME 64 static const struct tok dh6opt_str[] = { { DH6OPT_CLIENTID, "client-ID" }, { DH6OPT_SERVERID, "server-ID" }, { DH6OPT_IA_NA, "IA_NA" }, { DH6OPT_IA_TA, "IA_TA" }, { DH6OPT_IA_ADDR, "IA_ADDR" }, { DH6OPT_ORO, "option-request" }, { DH6OPT_PREFERENCE, "preference" }, { DH6OPT_ELAPSED_TIME, "elapsed-time" }, { DH6OPT_RELAY_MSG, "relay-message" }, { DH6OPT_AUTH, "authentication" }, { DH6OPT_UNICAST, "server-unicast" }, { DH6OPT_STATUS_CODE, "status-code" }, { DH6OPT_RAPID_COMMIT, "rapid-commit" }, { DH6OPT_USER_CLASS, "user-class" }, { DH6OPT_VENDOR_CLASS, "vendor-class" }, { DH6OPT_VENDOR_OPTS, "vendor-specific-info" }, { DH6OPT_INTERFACE_ID, "interface-ID" }, { DH6OPT_RECONF_MSG, "reconfigure-message" }, { DH6OPT_RECONF_ACCEPT, "reconfigure-accept" }, { DH6OPT_SIP_SERVER_D, "SIP-servers-domain" }, { DH6OPT_SIP_SERVER_A, "SIP-servers-address" }, { DH6OPT_DNS_SERVERS, "DNS-server" }, { DH6OPT_DOMAIN_LIST, "DNS-search-list" }, { DH6OPT_IA_PD, "IA_PD" }, { DH6OPT_IA_PD_PREFIX, "IA_PD-prefix" }, { DH6OPT_SNTP_SERVERS, "SNTP-servers" }, { DH6OPT_LIFETIME, "lifetime" }, { DH6OPT_NIS_SERVERS, "NIS-server" }, { DH6OPT_NISP_SERVERS, "NIS+-server" }, { DH6OPT_NIS_NAME, "NIS-domain-name" }, { DH6OPT_NISP_NAME, "NIS+-domain-name" }, { DH6OPT_BCMCS_SERVER_D, "BCMCS-domain-name" }, { DH6OPT_BCMCS_SERVER_A, "BCMCS-server" }, { DH6OPT_GEOCONF_CIVIC, "Geoconf-Civic" }, { DH6OPT_REMOTE_ID, "Remote-ID" }, { DH6OPT_SUBSCRIBER_ID, "Subscriber-ID" }, { DH6OPT_CLIENT_FQDN, "Client-FQDN" }, { DH6OPT_PANA_AGENT, "PANA-agent" }, { DH6OPT_NEW_POSIX_TIMEZONE, "POSIX-timezone" }, { DH6OPT_NEW_TZDB_TIMEZONE, "POSIX-tz-database" }, { DH6OPT_ERO, "Echo-request-option" }, { DH6OPT_LQ_QUERY, "Lease-query" }, { DH6OPT_CLIENT_DATA, "LQ-client-data" }, { DH6OPT_CLT_TIME, "Clt-time" }, { DH6OPT_LQ_RELAY_DATA, "LQ-relay-data" }, { DH6OPT_LQ_CLIENT_LINK, "LQ-client-link" }, { DH6OPT_NTP_SERVER, "NTP-server" }, { DH6OPT_AFTR_NAME, "AFTR-Name" }, { 0, NULL } }; static const struct tok dh6opt_stcode_str[] = { { DH6OPT_STCODE_SUCCESS, "success" }, { DH6OPT_STCODE_UNSPECFAIL, "unspec failure" }, { DH6OPT_STCODE_NOADDRAVAIL, "no addresses" }, { DH6OPT_STCODE_NOBINDING, "no binding" }, { DH6OPT_STCODE_NOTONLINK, "not on-link" }, { DH6OPT_STCODE_USEMULTICAST, "use multicast" }, { DH6OPT_STCODE_NOPREFIXAVAIL, "no prefixes" }, { DH6OPT_STCODE_UNKNOWNQUERYTYPE, "unknown query type" }, { DH6OPT_STCODE_MALFORMEDQUERY, "malformed query" }, { DH6OPT_STCODE_NOTCONFIGURED, "not configured" }, { DH6OPT_STCODE_NOTALLOWED, "not allowed" }, { 0, NULL } }; struct dhcp6opt { uint16_t dh6opt_type; uint16_t dh6opt_len; /* type-dependent data follows */ }; static const char * dhcp6stcode(const uint16_t code) { return code > 255 ? "INVALID code" : tok2str(dh6opt_stcode_str, "code%u", code); } static void dhcp6opt_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { const struct dhcp6opt *dh6o; const u_char *tp; size_t i; uint16_t opttype; size_t optlen; uint8_t auth_proto; u_int authinfolen, authrealmlen; int remain_len; /* Length of remaining options */ int label_len; /* Label length */ uint16_t subopt_code; uint16_t subopt_len; if (cp == ep) return; while (cp < ep) { if (ep < cp + sizeof(*dh6o)) goto trunc; dh6o = (struct dhcp6opt *)cp; ND_TCHECK(*dh6o); optlen = EXTRACT_16BITS(&dh6o->dh6opt_len); if (ep < cp + sizeof(*dh6o) + optlen) goto trunc; opttype = EXTRACT_16BITS(&dh6o->dh6opt_type); ND_PRINT((ndo, " (%s", tok2str(dh6opt_str, "opt_%u", opttype))); switch (opttype) { case DH6OPT_CLIENTID: case DH6OPT_SERVERID: if (optlen < 2) { /*(*/ ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); switch (EXTRACT_16BITS(tp)) { case 1: if (optlen >= 2 + 6) { ND_PRINT((ndo, " hwaddr/time type %u time %u ", EXTRACT_16BITS(&tp[2]), EXTRACT_32BITS(&tp[4]))); for (i = 8; i < optlen; i++) ND_PRINT((ndo, "%02x", tp[i])); /*(*/ ND_PRINT((ndo, ")")); } else { /*(*/ ND_PRINT((ndo, " ?)")); } break; case 2: if (optlen >= 2 + 8) { ND_PRINT((ndo, " vid ")); for (i = 2; i < 2 + 8; i++) ND_PRINT((ndo, "%02x", tp[i])); /*(*/ ND_PRINT((ndo, ")")); } else { /*(*/ ND_PRINT((ndo, " ?)")); } break; case 3: if (optlen >= 2 + 2) { ND_PRINT((ndo, " hwaddr type %u ", EXTRACT_16BITS(&tp[2]))); for (i = 4; i < optlen; i++) ND_PRINT((ndo, "%02x", tp[i])); /*(*/ ND_PRINT((ndo, ")")); } else { /*(*/ ND_PRINT((ndo, " ?)")); } break; default: ND_PRINT((ndo, " type %d)", EXTRACT_16BITS(tp))); break; } break; case DH6OPT_IA_ADDR: if (optlen < 24) { /*(*/ ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %s", ip6addr_string(ndo, &tp[0]))); ND_PRINT((ndo, " pltime:%u vltime:%u", EXTRACT_32BITS(&tp[16]), EXTRACT_32BITS(&tp[20]))); if (optlen > 24) { /* there are sub-options */ dhcp6opt_print(ndo, tp + 24, tp + optlen); } ND_PRINT((ndo, ")")); break; case DH6OPT_ORO: case DH6OPT_ERO: if (optlen % 2) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); for (i = 0; i < optlen; i += 2) { ND_PRINT((ndo, " %s", tok2str(dh6opt_str, "opt_%u", EXTRACT_16BITS(&tp[i])))); } ND_PRINT((ndo, ")")); break; case DH6OPT_PREFERENCE: if (optlen != 1) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %d)", *tp)); break; case DH6OPT_ELAPSED_TIME: if (optlen != 2) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %d)", EXTRACT_16BITS(tp))); break; case DH6OPT_RELAY_MSG: ND_PRINT((ndo, " (")); tp = (u_char *)(dh6o + 1); dhcp6_print(ndo, tp, optlen); ND_PRINT((ndo, ")")); break; case DH6OPT_AUTH: if (optlen < 11) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); auth_proto = *tp; switch (auth_proto) { case DH6OPT_AUTHPROTO_DELAYED: ND_PRINT((ndo, " proto: delayed")); break; case DH6OPT_AUTHPROTO_RECONFIG: ND_PRINT((ndo, " proto: reconfigure")); break; default: ND_PRINT((ndo, " proto: %d", auth_proto)); break; } tp++; switch (*tp) { case DH6OPT_AUTHALG_HMACMD5: /* XXX: may depend on the protocol */ ND_PRINT((ndo, ", alg: HMAC-MD5")); break; default: ND_PRINT((ndo, ", alg: %d", *tp)); break; } tp++; switch (*tp) { case DH6OPT_AUTHRDM_MONOCOUNTER: ND_PRINT((ndo, ", RDM: mono")); break; default: ND_PRINT((ndo, ", RDM: %d", *tp)); break; } tp++; ND_PRINT((ndo, ", RD:")); for (i = 0; i < 4; i++, tp += 2) ND_PRINT((ndo, " %04x", EXTRACT_16BITS(tp))); /* protocol dependent part */ authinfolen = optlen - 11; switch (auth_proto) { case DH6OPT_AUTHPROTO_DELAYED: if (authinfolen == 0) break; if (authinfolen < 20) { ND_PRINT((ndo, " ??")); break; } authrealmlen = authinfolen - 20; if (authrealmlen > 0) { ND_PRINT((ndo, ", realm: ")); } for (i = 0; i < authrealmlen; i++, tp++) ND_PRINT((ndo, "%02x", *tp)); ND_PRINT((ndo, ", key ID: %08x", EXTRACT_32BITS(tp))); tp += 4; ND_PRINT((ndo, ", HMAC-MD5:")); for (i = 0; i < 4; i++, tp+= 4) ND_PRINT((ndo, " %08x", EXTRACT_32BITS(tp))); break; case DH6OPT_AUTHPROTO_RECONFIG: if (authinfolen != 17) { ND_PRINT((ndo, " ??")); break; } switch (*tp++) { case DH6OPT_AUTHRECONFIG_KEY: ND_PRINT((ndo, " reconfig-key")); break; case DH6OPT_AUTHRECONFIG_HMACMD5: ND_PRINT((ndo, " type: HMAC-MD5")); break; default: ND_PRINT((ndo, " type: ??")); break; } ND_PRINT((ndo, " value:")); for (i = 0; i < 4; i++, tp+= 4) ND_PRINT((ndo, " %08x", EXTRACT_32BITS(tp))); break; default: ND_PRINT((ndo, " ??")); break; } ND_PRINT((ndo, ")")); break; case DH6OPT_RAPID_COMMIT: /* nothing todo */ ND_PRINT((ndo, ")")); break; case DH6OPT_INTERFACE_ID: case DH6OPT_SUBSCRIBER_ID: /* * Since we cannot predict the encoding, print hex dump * at most 10 characters. */ tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " ")); for (i = 0; i < optlen && i < 10; i++) ND_PRINT((ndo, "%02x", tp[i])); ND_PRINT((ndo, "...)")); break; case DH6OPT_RECONF_MSG: tp = (u_char *)(dh6o + 1); switch (*tp) { case DH6_RENEW: ND_PRINT((ndo, " for renew)")); break; case DH6_INFORM_REQ: ND_PRINT((ndo, " for inf-req)")); break; default: ND_PRINT((ndo, " for ?\?\?(%02x))", *tp)); break; } break; case DH6OPT_RECONF_ACCEPT: /* nothing todo */ ND_PRINT((ndo, ")")); break; case DH6OPT_SIP_SERVER_A: case DH6OPT_DNS_SERVERS: case DH6OPT_SNTP_SERVERS: case DH6OPT_NIS_SERVERS: case DH6OPT_NISP_SERVERS: case DH6OPT_BCMCS_SERVER_A: case DH6OPT_PANA_AGENT: case DH6OPT_LQ_CLIENT_LINK: if (optlen % 16) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); for (i = 0; i < optlen; i += 16) ND_PRINT((ndo, " %s", ip6addr_string(ndo, &tp[i]))); ND_PRINT((ndo, ")")); break; case DH6OPT_SIP_SERVER_D: case DH6OPT_DOMAIN_LIST: tp = (u_char *)(dh6o + 1); while (tp < cp + sizeof(*dh6o) + optlen) { ND_PRINT((ndo, " ")); if ((tp = ns_nprint(ndo, tp, cp + sizeof(*dh6o) + optlen)) == NULL) goto trunc; } ND_PRINT((ndo, ")")); break; case DH6OPT_STATUS_CODE: if (optlen < 2) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %s)", dhcp6stcode(EXTRACT_16BITS(&tp[0])))); break; case DH6OPT_IA_NA: case DH6OPT_IA_PD: if (optlen < 12) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " IAID:%u T1:%u T2:%u", EXTRACT_32BITS(&tp[0]), EXTRACT_32BITS(&tp[4]), EXTRACT_32BITS(&tp[8]))); if (optlen > 12) { /* there are sub-options */ dhcp6opt_print(ndo, tp + 12, tp + optlen); } ND_PRINT((ndo, ")")); break; case DH6OPT_IA_TA: if (optlen < 4) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " IAID:%u", EXTRACT_32BITS(tp))); if (optlen > 4) { /* there are sub-options */ dhcp6opt_print(ndo, tp + 4, tp + optlen); } ND_PRINT((ndo, ")")); break; case DH6OPT_IA_PD_PREFIX: if (optlen < 25) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %s/%d", ip6addr_string(ndo, &tp[9]), tp[8])); ND_PRINT((ndo, " pltime:%u vltime:%u", EXTRACT_32BITS(&tp[0]), EXTRACT_32BITS(&tp[4]))); if (optlen > 25) { /* there are sub-options */ dhcp6opt_print(ndo, tp + 25, tp + optlen); } ND_PRINT((ndo, ")")); break; case DH6OPT_LIFETIME: case DH6OPT_CLT_TIME: if (optlen != 4) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %d)", EXTRACT_32BITS(tp))); break; case DH6OPT_REMOTE_ID: if (optlen < 4) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %d ", EXTRACT_32BITS(tp))); /* * Print hex dump first 10 characters. */ for (i = 4; i < optlen && i < 14; i++) ND_PRINT((ndo, "%02x", tp[i])); ND_PRINT((ndo, "...)")); break; case DH6OPT_LQ_QUERY: if (optlen < 17) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); switch (*tp) { case 1: ND_PRINT((ndo, " by-address")); break; case 2: ND_PRINT((ndo, " by-clientID")); break; default: ND_PRINT((ndo, " type_%d", (int)*tp)); break; } ND_PRINT((ndo, " %s", ip6addr_string(ndo, &tp[1]))); if (optlen > 17) { /* there are query-options */ dhcp6opt_print(ndo, tp + 17, tp + optlen); } ND_PRINT((ndo, ")")); break; case DH6OPT_CLIENT_DATA: tp = (u_char *)(dh6o + 1); if (optlen > 0) { /* there are encapsulated options */ dhcp6opt_print(ndo, tp, tp + optlen); } ND_PRINT((ndo, ")")); break; case DH6OPT_LQ_RELAY_DATA: if (optlen < 16) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); ND_PRINT((ndo, " %s ", ip6addr_string(ndo, &tp[0]))); /* * Print hex dump first 10 characters. */ for (i = 16; i < optlen && i < 26; i++) ND_PRINT((ndo, "%02x", tp[i])); ND_PRINT((ndo, "...)")); break; case DH6OPT_NTP_SERVER: if (optlen < 4) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); while (tp < cp + sizeof(*dh6o) + optlen - 4) { subopt_code = EXTRACT_16BITS(tp); tp += 2; subopt_len = EXTRACT_16BITS(tp); tp += 2; if (tp + subopt_len > cp + sizeof(*dh6o) + optlen) goto trunc; ND_PRINT((ndo, " subopt:%d", subopt_code)); switch (subopt_code) { case DH6OPT_NTP_SUBOPTION_SRV_ADDR: case DH6OPT_NTP_SUBOPTION_MC_ADDR: if (subopt_len != 16) { ND_PRINT((ndo, " ?")); break; } ND_PRINT((ndo, " %s", ip6addr_string(ndo, &tp[0]))); break; case DH6OPT_NTP_SUBOPTION_SRV_FQDN: ND_PRINT((ndo, " ")); if (ns_nprint(ndo, tp, tp + subopt_len) == NULL) goto trunc; break; default: ND_PRINT((ndo, " ?")); break; } tp += subopt_len; } ND_PRINT((ndo, ")")); break; case DH6OPT_AFTR_NAME: if (optlen < 3) { ND_PRINT((ndo, " ?)")); break; } tp = (u_char *)(dh6o + 1); remain_len = optlen; ND_PRINT((ndo, " ")); /* Encoding is described in section 3.1 of RFC 1035 */ while (remain_len && *tp) { label_len = *tp++; if (label_len < remain_len - 1) { ND_PRINT((ndo, "%.*s", label_len, tp)); tp += label_len; remain_len -= (label_len + 1); if(*tp) ND_PRINT((ndo, ".")); } else { ND_PRINT((ndo, " ?")); break; } } ND_PRINT((ndo, ")")); break; default: ND_PRINT((ndo, ")")); break; } cp += sizeof(*dh6o) + optlen; } return; trunc: ND_PRINT((ndo, "[|dhcp6ext]")); } /* * Print dhcp6 packets */ void dhcp6_print(netdissect_options *ndo, const u_char *cp, u_int length) { struct dhcp6 *dh6; struct dhcp6_relay *dh6relay; const u_char *ep; u_char *extp; const char *name; ND_PRINT((ndo, "dhcp6")); ep = (u_char *)ndo->ndo_snapend; if (cp + length < ep) ep = cp + length; dh6 = (struct dhcp6 *)cp; dh6relay = (struct dhcp6_relay *)cp; ND_TCHECK(dh6->dh6_xid); name = tok2str(dh6_msgtype_str, "msgtype-%u", dh6->dh6_msgtype); if (!ndo->ndo_vflag) { ND_PRINT((ndo, " %s", name)); return; } /* XXX relay agent messages have to be handled differently */ ND_PRINT((ndo, " %s (", name)); /*)*/ if (dh6->dh6_msgtype != DH6_RELAY_FORW && dh6->dh6_msgtype != DH6_RELAY_REPLY) { ND_PRINT((ndo, "xid=%x", EXTRACT_32BITS(&dh6->dh6_xid) & DH6_XIDMASK)); extp = (u_char *)(dh6 + 1); dhcp6opt_print(ndo, extp, ep); } else { /* relay messages */ struct in6_addr addr6; ND_TCHECK(dh6relay->dh6relay_peeraddr); memcpy(&addr6, dh6relay->dh6relay_linkaddr, sizeof (addr6)); ND_PRINT((ndo, "linkaddr=%s", ip6addr_string(ndo, &addr6))); memcpy(&addr6, dh6relay->dh6relay_peeraddr, sizeof (addr6)); ND_PRINT((ndo, " peeraddr=%s", ip6addr_string(ndo, &addr6))); dhcp6opt_print(ndo, (u_char *)(dh6relay + 1), ep); } /*(*/ ND_PRINT((ndo, ")")); return; trunc: ND_PRINT((ndo, "[|dhcp6]")); } tcpdump-4.7.4/print-ripng.c0000644000026300017510000001332512431107727013752 0ustar mcrmcr/* * Copyright (c) 1989, 1990, 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #ifdef INET6 #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* * Copyright (C) 1995, 1996, 1997 and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #define RIP6_VERSION 1 #define RIP6_REQUEST 1 #define RIP6_RESPONSE 2 struct netinfo6 { struct in6_addr rip6_dest; uint16_t rip6_tag; uint8_t rip6_plen; uint8_t rip6_metric; }; struct rip6 { uint8_t rip6_cmd; uint8_t rip6_vers; uint8_t rip6_res1[2]; union { struct netinfo6 ru6_nets[1]; char ru6_tracefile[1]; } rip6un; #define rip6_nets rip6un.ru6_nets #define rip6_tracefile rip6un.ru6_tracefile }; #define HOPCNT_INFINITY6 16 #if !defined(IN6_IS_ADDR_UNSPECIFIED) && !defined(_MSC_VER) /* MSVC inline */ static int IN6_IS_ADDR_UNSPECIFIED(const struct in6_addr *addr) { static const struct in6_addr in6addr_any; /* :: */ return (memcmp(addr, &in6addr_any, sizeof(*addr)) == 0); } #endif static int rip6_entry_print(netdissect_options *ndo, register const struct netinfo6 *ni, int metric) { int l; l = ND_PRINT((ndo, "%s/%d", ip6addr_string(ndo, &ni->rip6_dest), ni->rip6_plen)); if (ni->rip6_tag) l += ND_PRINT((ndo, " [%d]", EXTRACT_16BITS(&ni->rip6_tag))); if (metric) l += ND_PRINT((ndo, " (%d)", ni->rip6_metric)); return l; } void ripng_print(netdissect_options *ndo, const u_char *dat, unsigned int length) { register const struct rip6 *rp = (struct rip6 *)dat; register const struct netinfo6 *ni; register u_int amt; register u_int i; int j; int trunc; if (ndo->ndo_snapend < dat) return; amt = ndo->ndo_snapend - dat; i = min(length, amt); if (i < (sizeof(struct rip6) - sizeof(struct netinfo6))) return; i -= (sizeof(struct rip6) - sizeof(struct netinfo6)); switch (rp->rip6_cmd) { case RIP6_REQUEST: j = length / sizeof(*ni); if (j == 1 && rp->rip6_nets->rip6_metric == HOPCNT_INFINITY6 && IN6_IS_ADDR_UNSPECIFIED(&rp->rip6_nets->rip6_dest)) { ND_PRINT((ndo, " ripng-req dump")); break; } if (j * sizeof(*ni) != length - 4) ND_PRINT((ndo, " ripng-req %d[%u]:", j, length)); else ND_PRINT((ndo, " ripng-req %d:", j)); trunc = ((i / sizeof(*ni)) * sizeof(*ni) != i); for (ni = rp->rip6_nets; i >= sizeof(*ni); i -= sizeof(*ni), ++ni) { if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n\t")); else ND_PRINT((ndo, " ")); rip6_entry_print(ndo, ni, 0); } break; case RIP6_RESPONSE: j = length / sizeof(*ni); if (j * sizeof(*ni) != length - 4) ND_PRINT((ndo, " ripng-resp %d[%u]:", j, length)); else ND_PRINT((ndo, " ripng-resp %d:", j)); trunc = ((i / sizeof(*ni)) * sizeof(*ni) != i); for (ni = rp->rip6_nets; i >= sizeof(*ni); i -= sizeof(*ni), ++ni) { if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n\t")); else ND_PRINT((ndo, " ")); rip6_entry_print(ndo, ni, ni->rip6_metric); } if (trunc) ND_PRINT((ndo, "[|ripng]")); break; default: ND_PRINT((ndo, " ripng-%d ?? %u", rp->rip6_cmd, length)); break; } if (rp->rip6_vers != RIP6_VERSION) ND_PRINT((ndo, " [vers %d]", rp->rip6_vers)); } #endif /* INET6 */ tcpdump-4.7.4/print-hsrp.c0000644000026300017510000001077312431107727013613 0ustar mcrmcr/* * Copyright (C) 2001 Julian Cowley * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* Cisco Hot Standby Router Protocol (HSRP). */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "addrtoname.h" /* HSRP op code types. */ static const char *op_code_str[] = { "hello", "coup", "resign" }; /* HSRP states and associated names. */ static const struct tok states[] = { { 0, "initial" }, { 1, "learn" }, { 2, "listen" }, { 4, "speak" }, { 8, "standby" }, { 16, "active" }, { 0, NULL } }; /* * RFC 2281: * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Version | Op Code | State | Hellotime | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Holdtime | Priority | Group | Reserved | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Authentication Data | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Authentication Data | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Virtual IP Address | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ #define HSRP_AUTH_SIZE 8 /* HSRP protocol header. */ struct hsrp { uint8_t hsrp_version; uint8_t hsrp_op_code; uint8_t hsrp_state; uint8_t hsrp_hellotime; uint8_t hsrp_holdtime; uint8_t hsrp_priority; uint8_t hsrp_group; uint8_t hsrp_reserved; uint8_t hsrp_authdata[HSRP_AUTH_SIZE]; struct in_addr hsrp_virtaddr; }; void hsrp_print(netdissect_options *ndo, register const uint8_t *bp, register u_int len) { struct hsrp *hp = (struct hsrp *) bp; ND_TCHECK(hp->hsrp_version); ND_PRINT((ndo, "HSRPv%d", hp->hsrp_version)); if (hp->hsrp_version != 0) return; ND_TCHECK(hp->hsrp_op_code); ND_PRINT((ndo, "-")); ND_PRINT((ndo, "%s ", tok2strary(op_code_str, "unknown (%d)", hp->hsrp_op_code))); ND_PRINT((ndo, "%d: ", len)); ND_TCHECK(hp->hsrp_state); ND_PRINT((ndo, "state=%s ", tok2str(states, "Unknown (%d)", hp->hsrp_state))); ND_TCHECK(hp->hsrp_group); ND_PRINT((ndo, "group=%d ", hp->hsrp_group)); ND_TCHECK(hp->hsrp_reserved); if (hp->hsrp_reserved != 0) { ND_PRINT((ndo, "[reserved=%d!] ", hp->hsrp_reserved)); } ND_TCHECK(hp->hsrp_virtaddr); ND_PRINT((ndo, "addr=%s", ipaddr_string(ndo, &hp->hsrp_virtaddr))); if (ndo->ndo_vflag) { ND_PRINT((ndo, " hellotime=")); relts_print(ndo, hp->hsrp_hellotime); ND_PRINT((ndo, " holdtime=")); relts_print(ndo, hp->hsrp_holdtime); ND_PRINT((ndo, " priority=%d", hp->hsrp_priority)); ND_PRINT((ndo, " auth=\"")); if (fn_printn(ndo, hp->hsrp_authdata, sizeof(hp->hsrp_authdata), ndo->ndo_snapend)) { ND_PRINT((ndo, "\"")); goto trunc; } ND_PRINT((ndo, "\"")); } return; trunc: ND_PRINT((ndo, "[|hsrp]")); } tcpdump-4.7.4/openflow.h0000644000026300017510000000422112477367524013347 0ustar mcrmcr/* * Copyright (c) 2013 The TCPDUMP project * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /* OpenFlow: protocol between controller and datapath. */ /* for netdissect_options */ #include "netdissect.h" #define OF_HEADER_LEN 8 #define ONF_EXP_ONF 0x4f4e4600 #define ONF_EXP_BUTE 0xff000001 #define ONF_EXP_NOVIFLOW 0xff000002 #define ONF_EXP_L3 0xff000003 #define ONF_EXP_L4L7 0xff000004 #define ONF_EXP_WMOB 0xff000005 #define ONF_EXP_FABS 0xff000006 #define ONF_EXP_OTRANS 0xff000007 extern const struct tok onf_exp_str[]; /* * Routines to print packets for various versions of OpenFlow. */ extern const u_char *of10_header_body_print(netdissect_options *ndo, const u_char *, const u_char *, const uint8_t, const uint16_t, const uint32_t); extern const char * of_vendor_name(const uint32_t); tcpdump-4.7.4/print-bgp.c0000644000026300017510000027652212477706777013441 0ustar mcrmcr/* * Copyright (C) 1999 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * Extensively modified by Hannes Gredler (hannes@juniper.net) for more * complete BGP support. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "af.h" #include "l2vpn.h" struct bgp { uint8_t bgp_marker[16]; uint16_t bgp_len; uint8_t bgp_type; }; #define BGP_SIZE 19 /* unaligned */ #define BGP_OPEN 1 #define BGP_UPDATE 2 #define BGP_NOTIFICATION 3 #define BGP_KEEPALIVE 4 #define BGP_ROUTE_REFRESH 5 static const struct tok bgp_msg_values[] = { { BGP_OPEN, "Open"}, { BGP_UPDATE, "Update"}, { BGP_NOTIFICATION, "Notification"}, { BGP_KEEPALIVE, "Keepalive"}, { BGP_ROUTE_REFRESH, "Route Refresh"}, { 0, NULL} }; struct bgp_open { uint8_t bgpo_marker[16]; uint16_t bgpo_len; uint8_t bgpo_type; uint8_t bgpo_version; uint16_t bgpo_myas; uint16_t bgpo_holdtime; uint32_t bgpo_id; uint8_t bgpo_optlen; /* options should follow */ }; #define BGP_OPEN_SIZE 29 /* unaligned */ struct bgp_opt { uint8_t bgpopt_type; uint8_t bgpopt_len; /* variable length */ }; #define BGP_OPT_SIZE 2 /* some compilers may pad to 4 bytes */ #define BGP_CAP_HEADER_SIZE 2 /* some compilers may pad to 4 bytes */ struct bgp_notification { uint8_t bgpn_marker[16]; uint16_t bgpn_len; uint8_t bgpn_type; uint8_t bgpn_major; uint8_t bgpn_minor; }; #define BGP_NOTIFICATION_SIZE 21 /* unaligned */ struct bgp_route_refresh { uint8_t bgp_marker[16]; uint16_t len; uint8_t type; uint8_t afi[2]; /* the compiler messes this structure up */ uint8_t res; /* when doing misaligned sequences of int8 and int16 */ uint8_t safi; /* afi should be int16 - so we have to access it using */ }; /* EXTRACT_16BITS(&bgp_route_refresh->afi) (sigh) */ #define BGP_ROUTE_REFRESH_SIZE 23 #define bgp_attr_lenlen(flags, p) \ (((flags) & 0x10) ? 2 : 1) #define bgp_attr_len(flags, p) \ (((flags) & 0x10) ? EXTRACT_16BITS(p) : *(p)) #define BGPTYPE_ORIGIN 1 #define BGPTYPE_AS_PATH 2 #define BGPTYPE_NEXT_HOP 3 #define BGPTYPE_MULTI_EXIT_DISC 4 #define BGPTYPE_LOCAL_PREF 5 #define BGPTYPE_ATOMIC_AGGREGATE 6 #define BGPTYPE_AGGREGATOR 7 #define BGPTYPE_COMMUNITIES 8 /* RFC1997 */ #define BGPTYPE_ORIGINATOR_ID 9 /* RFC1998 */ #define BGPTYPE_CLUSTER_LIST 10 /* RFC1998 */ #define BGPTYPE_DPA 11 /* draft-ietf-idr-bgp-dpa */ #define BGPTYPE_ADVERTISERS 12 /* RFC1863 */ #define BGPTYPE_RCID_PATH 13 /* RFC1863 */ #define BGPTYPE_MP_REACH_NLRI 14 /* RFC2283 */ #define BGPTYPE_MP_UNREACH_NLRI 15 /* RFC2283 */ #define BGPTYPE_EXTD_COMMUNITIES 16 /* draft-ietf-idr-bgp-ext-communities */ #define BGPTYPE_AS4_PATH 17 /* RFC4893 */ #define BGPTYPE_AGGREGATOR4 18 /* RFC4893 */ #define BGPTYPE_PMSI_TUNNEL 22 /* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */ #define BGPTYPE_ATTR_SET 128 /* draft-marques-ppvpn-ibgp */ #define BGP_MP_NLRI_MINSIZE 3 /* End of RIB Marker detection */ static const struct tok bgp_attr_values[] = { { BGPTYPE_ORIGIN, "Origin"}, { BGPTYPE_AS_PATH, "AS Path"}, { BGPTYPE_AS4_PATH, "AS4 Path"}, { BGPTYPE_NEXT_HOP, "Next Hop"}, { BGPTYPE_MULTI_EXIT_DISC, "Multi Exit Discriminator"}, { BGPTYPE_LOCAL_PREF, "Local Preference"}, { BGPTYPE_ATOMIC_AGGREGATE, "Atomic Aggregate"}, { BGPTYPE_AGGREGATOR, "Aggregator"}, { BGPTYPE_AGGREGATOR4, "Aggregator4"}, { BGPTYPE_COMMUNITIES, "Community"}, { BGPTYPE_ORIGINATOR_ID, "Originator ID"}, { BGPTYPE_CLUSTER_LIST, "Cluster List"}, { BGPTYPE_DPA, "DPA"}, { BGPTYPE_ADVERTISERS, "Advertisers"}, { BGPTYPE_RCID_PATH, "RCID Path / Cluster ID"}, { BGPTYPE_MP_REACH_NLRI, "Multi-Protocol Reach NLRI"}, { BGPTYPE_MP_UNREACH_NLRI, "Multi-Protocol Unreach NLRI"}, { BGPTYPE_EXTD_COMMUNITIES, "Extended Community"}, { BGPTYPE_PMSI_TUNNEL, "PMSI Tunnel"}, { BGPTYPE_ATTR_SET, "Attribute Set"}, { 255, "Reserved for development"}, { 0, NULL} }; #define BGP_AS_SET 1 #define BGP_AS_SEQUENCE 2 #define BGP_CONFED_AS_SEQUENCE 3 /* draft-ietf-idr-rfc3065bis-01 */ #define BGP_CONFED_AS_SET 4 /* draft-ietf-idr-rfc3065bis-01 */ #define BGP_AS_SEG_TYPE_MIN BGP_AS_SET #define BGP_AS_SEG_TYPE_MAX BGP_CONFED_AS_SET static const struct tok bgp_as_path_segment_open_values[] = { { BGP_AS_SEQUENCE, ""}, { BGP_AS_SET, "{ "}, { BGP_CONFED_AS_SEQUENCE, "( "}, { BGP_CONFED_AS_SET, "({ "}, { 0, NULL} }; static const struct tok bgp_as_path_segment_close_values[] = { { BGP_AS_SEQUENCE, ""}, { BGP_AS_SET, "}"}, { BGP_CONFED_AS_SEQUENCE, ")"}, { BGP_CONFED_AS_SET, "})"}, { 0, NULL} }; #define BGP_OPT_AUTH 1 #define BGP_OPT_CAP 2 static const struct tok bgp_opt_values[] = { { BGP_OPT_AUTH, "Authentication Information"}, { BGP_OPT_CAP, "Capabilities Advertisement"}, { 0, NULL} }; #define BGP_CAPCODE_MP 1 #define BGP_CAPCODE_RR 2 #define BGP_CAPCODE_ORF 3 /* XXX */ #define BGP_CAPCODE_RESTART 64 /* draft-ietf-idr-restart-05 */ #define BGP_CAPCODE_AS_NEW 65 /* XXX */ #define BGP_CAPCODE_DYN_CAP 67 /* XXX */ #define BGP_CAPCODE_RR_CISCO 128 static const struct tok bgp_capcode_values[] = { { BGP_CAPCODE_MP, "Multiprotocol Extensions"}, { BGP_CAPCODE_RR, "Route Refresh"}, { BGP_CAPCODE_ORF, "Cooperative Route Filtering"}, { BGP_CAPCODE_RESTART, "Graceful Restart"}, { BGP_CAPCODE_AS_NEW, "32-Bit AS Number"}, { BGP_CAPCODE_DYN_CAP, "Dynamic Capability"}, { BGP_CAPCODE_RR_CISCO, "Route Refresh (Cisco)"}, { 0, NULL} }; #define BGP_NOTIFY_MAJOR_MSG 1 #define BGP_NOTIFY_MAJOR_OPEN 2 #define BGP_NOTIFY_MAJOR_UPDATE 3 #define BGP_NOTIFY_MAJOR_HOLDTIME 4 #define BGP_NOTIFY_MAJOR_FSM 5 #define BGP_NOTIFY_MAJOR_CEASE 6 #define BGP_NOTIFY_MAJOR_CAP 7 static const struct tok bgp_notify_major_values[] = { { BGP_NOTIFY_MAJOR_MSG, "Message Header Error"}, { BGP_NOTIFY_MAJOR_OPEN, "OPEN Message Error"}, { BGP_NOTIFY_MAJOR_UPDATE, "UPDATE Message Error"}, { BGP_NOTIFY_MAJOR_HOLDTIME,"Hold Timer Expired"}, { BGP_NOTIFY_MAJOR_FSM, "Finite State Machine Error"}, { BGP_NOTIFY_MAJOR_CEASE, "Cease"}, { BGP_NOTIFY_MAJOR_CAP, "Capability Message Error"}, { 0, NULL} }; /* draft-ietf-idr-cease-subcode-02 */ #define BGP_NOTIFY_MINOR_CEASE_MAXPRFX 1 static const struct tok bgp_notify_minor_cease_values[] = { { BGP_NOTIFY_MINOR_CEASE_MAXPRFX, "Maximum Number of Prefixes Reached"}, { 2, "Administratively Shutdown"}, { 3, "Peer Unconfigured"}, { 4, "Administratively Reset"}, { 5, "Connection Rejected"}, { 6, "Other Configuration Change"}, { 7, "Connection Collision Resolution"}, { 0, NULL} }; static const struct tok bgp_notify_minor_msg_values[] = { { 1, "Connection Not Synchronized"}, { 2, "Bad Message Length"}, { 3, "Bad Message Type"}, { 0, NULL} }; static const struct tok bgp_notify_minor_open_values[] = { { 1, "Unsupported Version Number"}, { 2, "Bad Peer AS"}, { 3, "Bad BGP Identifier"}, { 4, "Unsupported Optional Parameter"}, { 5, "Authentication Failure"}, { 6, "Unacceptable Hold Time"}, { 7, "Capability Message Error"}, { 0, NULL} }; static const struct tok bgp_notify_minor_update_values[] = { { 1, "Malformed Attribute List"}, { 2, "Unrecognized Well-known Attribute"}, { 3, "Missing Well-known Attribute"}, { 4, "Attribute Flags Error"}, { 5, "Attribute Length Error"}, { 6, "Invalid ORIGIN Attribute"}, { 7, "AS Routing Loop"}, { 8, "Invalid NEXT_HOP Attribute"}, { 9, "Optional Attribute Error"}, { 10, "Invalid Network Field"}, { 11, "Malformed AS_PATH"}, { 0, NULL} }; static const struct tok bgp_notify_minor_cap_values[] = { { 1, "Invalid Action Value" }, { 2, "Invalid Capability Length" }, { 3, "Malformed Capability Value" }, { 4, "Unsupported Capability Code" }, { 0, NULL } }; static const struct tok bgp_origin_values[] = { { 0, "IGP"}, { 1, "EGP"}, { 2, "Incomplete"}, { 0, NULL} }; #define BGP_PMSI_TUNNEL_RSVP_P2MP 1 #define BGP_PMSI_TUNNEL_LDP_P2MP 2 #define BGP_PMSI_TUNNEL_PIM_SSM 3 #define BGP_PMSI_TUNNEL_PIM_SM 4 #define BGP_PMSI_TUNNEL_PIM_BIDIR 5 #define BGP_PMSI_TUNNEL_INGRESS 6 #define BGP_PMSI_TUNNEL_LDP_MP2MP 7 static const struct tok bgp_pmsi_tunnel_values[] = { { BGP_PMSI_TUNNEL_RSVP_P2MP, "RSVP-TE P2MP LSP"}, { BGP_PMSI_TUNNEL_LDP_P2MP, "LDP P2MP LSP"}, { BGP_PMSI_TUNNEL_PIM_SSM, "PIM-SSM Tree"}, { BGP_PMSI_TUNNEL_PIM_SM, "PIM-SM Tree"}, { BGP_PMSI_TUNNEL_PIM_BIDIR, "PIM-Bidir Tree"}, { BGP_PMSI_TUNNEL_INGRESS, "Ingress Replication"}, { BGP_PMSI_TUNNEL_LDP_MP2MP, "LDP MP2MP LSP"}, { 0, NULL} }; static const struct tok bgp_pmsi_flag_values[] = { { 0x01, "Leaf Information required"}, { 0, NULL} }; /* Subsequent address family identifier, RFC2283 section 7 */ #define SAFNUM_RES 0 #define SAFNUM_UNICAST 1 #define SAFNUM_MULTICAST 2 #define SAFNUM_UNIMULTICAST 3 /* labeled BGP RFC3107 */ #define SAFNUM_LABUNICAST 4 /* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */ #define SAFNUM_MULTICAST_VPN 5 #define SAFNUM_TUNNEL 64 /* XXX */ #define SAFNUM_VPLS 65 /* XXX */ /* draft-nalawade-idr-mdt-safi-03 */ #define SAFNUM_MDT 66 /* Section 4.3.4 of draft-rosen-rfc2547bis-03.txt */ #define SAFNUM_VPNUNICAST 128 #define SAFNUM_VPNMULTICAST 129 #define SAFNUM_VPNUNIMULTICAST 130 /* draft-marques-ppvpn-rt-constrain-01.txt */ #define SAFNUM_RT_ROUTING_INFO 132 #define BGP_VPN_RD_LEN 8 static const struct tok bgp_safi_values[] = { { SAFNUM_RES, "Reserved"}, { SAFNUM_UNICAST, "Unicast"}, { SAFNUM_MULTICAST, "Multicast"}, { SAFNUM_UNIMULTICAST, "Unicast+Multicast"}, { SAFNUM_LABUNICAST, "labeled Unicast"}, { SAFNUM_TUNNEL, "Tunnel"}, { SAFNUM_VPLS, "VPLS"}, { SAFNUM_MDT, "MDT"}, { SAFNUM_VPNUNICAST, "labeled VPN Unicast"}, { SAFNUM_VPNMULTICAST, "labeled VPN Multicast"}, { SAFNUM_VPNUNIMULTICAST, "labeled VPN Unicast+Multicast"}, { SAFNUM_RT_ROUTING_INFO, "Route Target Routing Information"}, { SAFNUM_MULTICAST_VPN, "Multicast VPN"}, { 0, NULL } }; /* well-known community */ #define BGP_COMMUNITY_NO_EXPORT 0xffffff01 #define BGP_COMMUNITY_NO_ADVERT 0xffffff02 #define BGP_COMMUNITY_NO_EXPORT_SUBCONFED 0xffffff03 /* Extended community type - draft-ietf-idr-bgp-ext-communities-05 */ #define BGP_EXT_COM_RT_0 0x0002 /* Route Target,Format AS(2bytes):AN(4bytes) */ #define BGP_EXT_COM_RT_1 0x0102 /* Route Target,Format IP address:AN(2bytes) */ #define BGP_EXT_COM_RT_2 0x0202 /* Route Target,Format AN(4bytes):local(2bytes) */ #define BGP_EXT_COM_RO_0 0x0003 /* Route Origin,Format AS(2bytes):AN(4bytes) */ #define BGP_EXT_COM_RO_1 0x0103 /* Route Origin,Format IP address:AN(2bytes) */ #define BGP_EXT_COM_RO_2 0x0203 /* Route Origin,Format AN(4bytes):local(2bytes) */ #define BGP_EXT_COM_LINKBAND 0x4004 /* Link Bandwidth,Format AS(2B):Bandwidth(4B) */ /* rfc2547 bgp-mpls-vpns */ #define BGP_EXT_COM_VPN_ORIGIN 0x0005 /* OSPF Domain ID / VPN of Origin - draft-rosen-vpns-ospf-bgp-mpls */ #define BGP_EXT_COM_VPN_ORIGIN2 0x0105 /* duplicate - keep for backwards compatability */ #define BGP_EXT_COM_VPN_ORIGIN3 0x0205 /* duplicate - keep for backwards compatability */ #define BGP_EXT_COM_VPN_ORIGIN4 0x8005 /* duplicate - keep for backwards compatability */ #define BGP_EXT_COM_OSPF_RTYPE 0x0306 /* OSPF Route Type,Format Area(4B):RouteType(1B):Options(1B) */ #define BGP_EXT_COM_OSPF_RTYPE2 0x8000 /* duplicate - keep for backwards compatability */ #define BGP_EXT_COM_OSPF_RID 0x0107 /* OSPF Router ID,Format RouterID(4B):Unused(2B) */ #define BGP_EXT_COM_OSPF_RID2 0x8001 /* duplicate - keep for backwards compatability */ #define BGP_EXT_COM_L2INFO 0x800a /* draft-kompella-ppvpn-l2vpn */ #define BGP_EXT_COM_SOURCE_AS 0x0009 /* RFC-ietf-l3vpn-2547bis-mcast-bgp-08.txt */ #define BGP_EXT_COM_VRF_RT_IMP 0x010b /* RFC-ietf-l3vpn-2547bis-mcast-bgp-08.txt */ #define BGP_EXT_COM_L2VPN_RT_0 0x000a /* L2VPN Identifier,Format AS(2bytes):AN(4bytes) */ #define BGP_EXT_COM_L2VPN_RT_1 0xF10a /* L2VPN Identifier,Format IP address:AN(2bytes) */ /* http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a00801eb09a.shtml */ #define BGP_EXT_COM_EIGRP_GEN 0x8800 #define BGP_EXT_COM_EIGRP_METRIC_AS_DELAY 0x8801 #define BGP_EXT_COM_EIGRP_METRIC_REL_NH_BW 0x8802 #define BGP_EXT_COM_EIGRP_METRIC_LOAD_MTU 0x8803 #define BGP_EXT_COM_EIGRP_EXT_REMAS_REMID 0x8804 #define BGP_EXT_COM_EIGRP_EXT_REMPROTO_REMMETRIC 0x8805 static const struct tok bgp_extd_comm_flag_values[] = { { 0x8000, "vendor-specific"}, { 0x4000, "non-transitive"}, { 0, NULL}, }; static const struct tok bgp_extd_comm_subtype_values[] = { { BGP_EXT_COM_RT_0, "target"}, { BGP_EXT_COM_RT_1, "target"}, { BGP_EXT_COM_RT_2, "target"}, { BGP_EXT_COM_RO_0, "origin"}, { BGP_EXT_COM_RO_1, "origin"}, { BGP_EXT_COM_RO_2, "origin"}, { BGP_EXT_COM_LINKBAND, "link-BW"}, { BGP_EXT_COM_VPN_ORIGIN, "ospf-domain"}, { BGP_EXT_COM_VPN_ORIGIN2, "ospf-domain"}, { BGP_EXT_COM_VPN_ORIGIN3, "ospf-domain"}, { BGP_EXT_COM_VPN_ORIGIN4, "ospf-domain"}, { BGP_EXT_COM_OSPF_RTYPE, "ospf-route-type"}, { BGP_EXT_COM_OSPF_RTYPE2, "ospf-route-type"}, { BGP_EXT_COM_OSPF_RID, "ospf-router-id"}, { BGP_EXT_COM_OSPF_RID2, "ospf-router-id"}, { BGP_EXT_COM_L2INFO, "layer2-info"}, { BGP_EXT_COM_EIGRP_GEN , "eigrp-general-route (flag, tag)" }, { BGP_EXT_COM_EIGRP_METRIC_AS_DELAY , "eigrp-route-metric (AS, delay)" }, { BGP_EXT_COM_EIGRP_METRIC_REL_NH_BW , "eigrp-route-metric (reliability, nexthop, bandwidth)" }, { BGP_EXT_COM_EIGRP_METRIC_LOAD_MTU , "eigrp-route-metric (load, MTU)" }, { BGP_EXT_COM_EIGRP_EXT_REMAS_REMID , "eigrp-external-route (remote-AS, remote-ID)" }, { BGP_EXT_COM_EIGRP_EXT_REMPROTO_REMMETRIC , "eigrp-external-route (remote-proto, remote-metric)" }, { BGP_EXT_COM_SOURCE_AS, "source-AS" }, { BGP_EXT_COM_VRF_RT_IMP, "vrf-route-import"}, { BGP_EXT_COM_L2VPN_RT_0, "l2vpn-id"}, { BGP_EXT_COM_L2VPN_RT_1, "l2vpn-id"}, { 0, NULL}, }; /* OSPF codes for BGP_EXT_COM_OSPF_RTYPE draft-rosen-vpns-ospf-bgp-mpls */ #define BGP_OSPF_RTYPE_RTR 1 /* OSPF Router LSA */ #define BGP_OSPF_RTYPE_NET 2 /* OSPF Network LSA */ #define BGP_OSPF_RTYPE_SUM 3 /* OSPF Summary LSA */ #define BGP_OSPF_RTYPE_EXT 5 /* OSPF External LSA, note that ASBR doesn't apply to MPLS-VPN */ #define BGP_OSPF_RTYPE_NSSA 7 /* OSPF NSSA External*/ #define BGP_OSPF_RTYPE_SHAM 129 /* OSPF-MPLS-VPN Sham link */ #define BGP_OSPF_RTYPE_METRIC_TYPE 0x1 /* LSB of RTYPE Options Field */ static const struct tok bgp_extd_comm_ospf_rtype_values[] = { { BGP_OSPF_RTYPE_RTR, "Router" }, { BGP_OSPF_RTYPE_NET, "Network" }, { BGP_OSPF_RTYPE_SUM, "Summary" }, { BGP_OSPF_RTYPE_EXT, "External" }, { BGP_OSPF_RTYPE_NSSA,"NSSA External" }, { BGP_OSPF_RTYPE_SHAM,"MPLS-VPN Sham" }, { 0, NULL }, }; #define TOKBUFSIZE 128 static char astostr[20]; /* * as_printf * * Convert an AS number into a string and return string pointer. * * Depending on bflag is set or not, AS number is converted into ASDOT notation * or plain number notation. * */ static char * as_printf(netdissect_options *ndo, char *str, int size, u_int asnum) { if (!ndo->ndo_bflag || asnum <= 0xFFFF) { snprintf(str, size, "%u", asnum); } else { snprintf(str, size, "%u.%u", asnum >> 16, asnum & 0xFFFF); } return str; } #define ITEMCHECK(minlen) if (itemlen < minlen) goto badtlv; int decode_prefix4(netdissect_options *ndo, const u_char *pptr, u_int itemlen, char *buf, u_int buflen) { struct in_addr addr; u_int plen, plenbytes; ND_TCHECK(pptr[0]); ITEMCHECK(1); plen = pptr[0]; if (32 < plen) return -1; itemlen -= 1; memset(&addr, 0, sizeof(addr)); plenbytes = (plen + 7) / 8; ND_TCHECK2(pptr[1], plenbytes); ITEMCHECK(plenbytes); memcpy(&addr, &pptr[1], plenbytes); if (plen % 8) { ((u_char *)&addr)[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "%s/%d", getname(ndo, (u_char *)&addr), plen); return 1 + plenbytes; trunc: return -2; badtlv: return -3; } static int decode_labeled_prefix4(netdissect_options *ndo, const u_char *pptr, u_int itemlen, char *buf, u_int buflen) { struct in_addr addr; u_int plen, plenbytes; /* prefix length and label = 4 bytes */ ND_TCHECK2(pptr[0], 4); ITEMCHECK(4); plen = pptr[0]; /* get prefix length */ /* this is one of the weirdnesses of rfc3107 the label length (actually the label + COS bits) is added to the prefix length; we also do only read out just one label - there is no real application for advertisement of stacked labels in a single BGP message */ if (24 > plen) return -1; plen-=24; /* adjust prefixlen - labellength */ if (32 < plen) return -1; itemlen -= 4; memset(&addr, 0, sizeof(addr)); plenbytes = (plen + 7) / 8; ND_TCHECK2(pptr[4], plenbytes); ITEMCHECK(plenbytes); memcpy(&addr, &pptr[4], plenbytes); if (plen % 8) { ((u_char *)&addr)[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "%s/%d, label:%u %s", getname(ndo, (u_char *)&addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); return 4 + plenbytes; trunc: return -2; badtlv: return -3; } /* * bgp_vpn_ip_print * * print an ipv4 or ipv6 address into a buffer dependend on address length. */ static char * bgp_vpn_ip_print(netdissect_options *ndo, const u_char *pptr, u_int addr_length) { /* worst case string is s fully formatted v6 address */ static char addr[sizeof("1234:5678:89ab:cdef:1234:5678:89ab:cdef")]; char *pos = addr; switch(addr_length) { case (sizeof(struct in_addr) << 3): /* 32 */ ND_TCHECK2(pptr[0], sizeof(struct in_addr)); snprintf(pos, sizeof(addr), "%s", ipaddr_string(ndo, pptr)); break; #ifdef INET6 case (sizeof(struct in6_addr) << 3): /* 128 */ ND_TCHECK2(pptr[0], sizeof(struct in6_addr)); snprintf(pos, sizeof(addr), "%s", ip6addr_string(ndo, pptr)); break; #endif default: snprintf(pos, sizeof(addr), "bogus address length %u", addr_length); break; } pos += strlen(pos); trunc: *(pos) = '\0'; return (addr); } /* * bgp_vpn_sg_print * * print an multicast s,g entry into a buffer. * the s,g entry is encoded like this. * * +-----------------------------------+ * | Multicast Source Length (1 octet) | * +-----------------------------------+ * | Multicast Source (Variable) | * +-----------------------------------+ * | Multicast Group Length (1 octet) | * +-----------------------------------+ * | Multicast Group (Variable) | * +-----------------------------------+ * * return the number of bytes read from the wire. */ static int bgp_vpn_sg_print(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { uint8_t addr_length; u_int total_length, offset; total_length = 0; /* Source address length, encoded in bits */ ND_TCHECK2(pptr[0], 1); addr_length = *pptr++; /* Source address */ ND_TCHECK2(pptr[0], (addr_length >> 3)); total_length += (addr_length >> 3) + 1; offset = strlen(buf); if (addr_length) { snprintf(buf + offset, buflen - offset, ", Source %s", bgp_vpn_ip_print(ndo, pptr, addr_length)); pptr += (addr_length >> 3); } /* Group address length, encoded in bits */ ND_TCHECK2(pptr[0], 1); addr_length = *pptr++; /* Group address */ ND_TCHECK2(pptr[0], (addr_length >> 3)); total_length += (addr_length >> 3) + 1; offset = strlen(buf); if (addr_length) { snprintf(buf + offset, buflen - offset, ", Group %s", bgp_vpn_ip_print(ndo, pptr, addr_length)); pptr += (addr_length >> 3); } trunc: return (total_length); } /* RDs and RTs share the same semantics * we use bgp_vpn_rd_print for * printing route targets inside a NLRI */ char * bgp_vpn_rd_print(netdissect_options *ndo, const u_char *pptr) { /* allocate space for the largest possible string */ static char rd[sizeof("xxxxxxxxxx:xxxxx (xxx.xxx.xxx.xxx:xxxxx)")]; char *pos = rd; /* ok lets load the RD format */ switch (EXTRACT_16BITS(pptr)) { /* 2-byte-AS:number fmt*/ case 0: snprintf(pos, sizeof(rd) - (pos - rd), "%u:%u (= %u.%u.%u.%u)", EXTRACT_16BITS(pptr+2), EXTRACT_32BITS(pptr+4), *(pptr+4), *(pptr+5), *(pptr+6), *(pptr+7)); break; /* IP-address:AS fmt*/ case 1: snprintf(pos, sizeof(rd) - (pos - rd), "%u.%u.%u.%u:%u", *(pptr+2), *(pptr+3), *(pptr+4), *(pptr+5), EXTRACT_16BITS(pptr+6)); break; /* 4-byte-AS:number fmt*/ case 2: snprintf(pos, sizeof(rd) - (pos - rd), "%s:%u (%u.%u.%u.%u:%u)", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr+2)), EXTRACT_16BITS(pptr+6), *(pptr+2), *(pptr+3), *(pptr+4), *(pptr+5), EXTRACT_16BITS(pptr+6)); break; default: snprintf(pos, sizeof(rd) - (pos - rd), "unknown RD format"); break; } pos += strlen(pos); *(pos) = '\0'; return (rd); } static int decode_rt_routing_info(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { uint8_t route_target[8]; u_int plen; ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ if (0 == plen) { snprintf(buf, buflen, "default route target"); return 1; } if (32 > plen) return -1; plen-=32; /* adjust prefix length */ if (64 < plen) return -1; memset(&route_target, 0, sizeof(route_target)); ND_TCHECK2(pptr[1], (plen + 7) / 8); memcpy(&route_target, &pptr[1], (plen + 7) / 8); if (plen % 8) { ((u_char *)&route_target)[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "origin AS: %s, route target %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr+1)), bgp_vpn_rd_print(ndo, (u_char *)&route_target)); return 5 + (plen + 7) / 8; trunc: return -2; } static int decode_labeled_vpn_prefix4(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { struct in_addr addr; u_int plen; ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ if ((24+64) > plen) return -1; plen-=(24+64); /* adjust prefixlen - labellength - RD len*/ if (32 < plen) return -1; memset(&addr, 0, sizeof(addr)); ND_TCHECK2(pptr[12], (plen + 7) / 8); memcpy(&addr, &pptr[12], (plen + 7) / 8); if (plen % 8) { ((u_char *)&addr)[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s", bgp_vpn_rd_print(ndo, pptr+4), getname(ndo, (u_char *)&addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); return 12 + (plen + 7) / 8; trunc: return -2; } /* * +-------------------------------+ * | | * | RD:IPv4-address (12 octets) | * | | * +-------------------------------+ * | MDT Group-address (4 octets) | * +-------------------------------+ */ #define MDT_VPN_NLRI_LEN 16 static int decode_mdt_vpn_nlri(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { const u_char *rd; const u_char *vpn_ip; ND_TCHECK(pptr[0]); /* if the NLRI is not predefined length, quit.*/ if (*pptr != MDT_VPN_NLRI_LEN * 8) return -1; pptr++; /* RD */ ND_TCHECK2(pptr[0], 8); rd = pptr; pptr+=8; /* IPv4 address */ ND_TCHECK2(pptr[0], sizeof(struct in_addr)); vpn_ip = pptr; pptr+=sizeof(struct in_addr); /* MDT Group Address */ ND_TCHECK2(pptr[0], sizeof(struct in_addr)); snprintf(buf, buflen, "RD: %s, VPN IP Address: %s, MC Group Address: %s", bgp_vpn_rd_print(ndo, rd), ipaddr_string(ndo, vpn_ip), ipaddr_string(ndo, pptr)); return MDT_VPN_NLRI_LEN + 1; trunc: return -2; } #define BGP_MULTICAST_VPN_ROUTE_TYPE_INTRA_AS_I_PMSI 1 #define BGP_MULTICAST_VPN_ROUTE_TYPE_INTER_AS_I_PMSI 2 #define BGP_MULTICAST_VPN_ROUTE_TYPE_S_PMSI 3 #define BGP_MULTICAST_VPN_ROUTE_TYPE_INTRA_AS_SEG_LEAF 4 #define BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE 5 #define BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN 6 #define BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN 7 static const struct tok bgp_multicast_vpn_route_type_values[] = { { BGP_MULTICAST_VPN_ROUTE_TYPE_INTRA_AS_I_PMSI, "Intra-AS I-PMSI"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_INTER_AS_I_PMSI, "Inter-AS I-PMSI"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_S_PMSI, "S-PMSI"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_INTRA_AS_SEG_LEAF, "Intra-AS Segment-Leaf"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE, "Source-Active"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN, "Shared Tree Join"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN, "Source Tree Join"}, }; static int decode_multicast_vpn(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { uint8_t route_type, route_length, addr_length, sg_length; u_int offset; ND_TCHECK2(pptr[0], 2); route_type = *pptr++; route_length = *pptr++; snprintf(buf, buflen, "Route-Type: %s (%u), length: %u", tok2str(bgp_multicast_vpn_route_type_values, "Unknown", route_type), route_type, route_length); switch(route_type) { case BGP_MULTICAST_VPN_ROUTE_TYPE_INTRA_AS_I_PMSI: ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s, Originator %s", bgp_vpn_rd_print(ndo, pptr), bgp_vpn_ip_print(ndo, pptr + BGP_VPN_RD_LEN, (route_length - BGP_VPN_RD_LEN) << 3)); break; case BGP_MULTICAST_VPN_ROUTE_TYPE_INTER_AS_I_PMSI: ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN + 4); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s, Source-AS %s", bgp_vpn_rd_print(ndo, pptr), as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr + BGP_VPN_RD_LEN))); break; case BGP_MULTICAST_VPN_ROUTE_TYPE_S_PMSI: ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s", bgp_vpn_rd_print(ndo, pptr)); pptr += BGP_VPN_RD_LEN; sg_length = bgp_vpn_sg_print(ndo, pptr, buf, buflen); addr_length = route_length - sg_length; ND_TCHECK2(pptr[0], addr_length); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", Originator %s", bgp_vpn_ip_print(ndo, pptr, addr_length << 3)); break; case BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE: ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s", bgp_vpn_rd_print(ndo, pptr)); pptr += BGP_VPN_RD_LEN; bgp_vpn_sg_print(ndo, pptr, buf, buflen); break; case BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN: /* fall through */ case BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN: ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s, Source-AS %s", bgp_vpn_rd_print(ndo, pptr), as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr + BGP_VPN_RD_LEN))); pptr += BGP_VPN_RD_LEN; bgp_vpn_sg_print(ndo, pptr, buf, buflen); break; /* * no per route-type printing yet. */ case BGP_MULTICAST_VPN_ROUTE_TYPE_INTRA_AS_SEG_LEAF: default: break; } return route_length + 2; trunc: return -2; } /* * As I remember, some versions of systems have an snprintf() that * returns -1 if the buffer would have overflowed. If the return * value is negative, set buflen to 0, to indicate that we've filled * the buffer up. * * If the return value is greater than buflen, that means that * the buffer would have overflowed; again, set buflen to 0 in * that case. */ #define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \ if (strlen<0) \ buflen=0; \ else if ((u_int)strlen>buflen) \ buflen=0; \ else { \ buflen-=strlen; \ buf+=strlen; \ } static int decode_labeled_vpn_l2(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { int plen,tlen,strlen,tlv_type,tlv_len,ttlv_len; ND_TCHECK2(pptr[0], 2); plen=EXTRACT_16BITS(pptr); tlen=plen; pptr+=2; /* Old and new L2VPN NLRI share AFI/SAFI * -> Assume a 12 Byte-length NLRI is auto-discovery-only * and > 17 as old format. Complain for the middle case */ if (plen==12) { /* assume AD-only with RD, BGPNH */ ND_TCHECK2(pptr[0],12); buf[0]='\0'; strlen=snprintf(buf, buflen, "RD: %s, BGPNH: %s", bgp_vpn_rd_print(ndo, pptr), /* need something like getname(ndo, ) here */ getname(ndo, pptr+8) ); UPDATE_BUF_BUFLEN(buf, buflen, strlen); pptr+=12; tlen-=12; return plen; } else if (plen>17) { /* assume old format */ /* RD, ID, LBLKOFF, LBLBASE */ ND_TCHECK2(pptr[0],15); buf[0]='\0'; strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u", bgp_vpn_rd_print(ndo, pptr), EXTRACT_16BITS(pptr+8), EXTRACT_16BITS(pptr+10), EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */ UPDATE_BUF_BUFLEN(buf, buflen, strlen); pptr+=15; tlen-=15; /* ok now the variable part - lets read out TLVs*/ while (tlen>0) { if (tlen < 3) return -1; ND_TCHECK2(pptr[0], 3); tlv_type=*pptr++; tlv_len=EXTRACT_16BITS(pptr); ttlv_len=tlv_len; pptr+=2; switch(tlv_type) { case 1: if (buflen!=0) { strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x", tlv_type, tlv_len); UPDATE_BUF_BUFLEN(buf, buflen, strlen); } ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */ while (ttlv_len>0) { ND_TCHECK(pptr[0]); if (buflen!=0) { strlen=snprintf(buf,buflen, "%02x",*pptr++); UPDATE_BUF_BUFLEN(buf, buflen, strlen); } ttlv_len--; } break; default: if (buflen!=0) { strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u", tlv_type, tlv_len); UPDATE_BUF_BUFLEN(buf, buflen, strlen); } break; } tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it right */ } return plen+2; } else { /* complain bitterly ? */ /* fall through */ goto trunc; } trunc: return -2; } #ifdef INET6 int decode_prefix6(netdissect_options *ndo, const u_char *pd, u_int itemlen, char *buf, u_int buflen) { struct in6_addr addr; u_int plen, plenbytes; ND_TCHECK(pd[0]); ITEMCHECK(1); plen = pd[0]; if (128 < plen) return -1; itemlen -= 1; memset(&addr, 0, sizeof(addr)); plenbytes = (plen + 7) / 8; ND_TCHECK2(pd[1], plenbytes); ITEMCHECK(plenbytes); memcpy(&addr, &pd[1], plenbytes); if (plen % 8) { addr.s6_addr[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "%s/%d", getname6(ndo, (u_char *)&addr), plen); return 1 + plenbytes; trunc: return -2; badtlv: return -3; } static int decode_labeled_prefix6(netdissect_options *ndo, const u_char *pptr, u_int itemlen, char *buf, u_int buflen) { struct in6_addr addr; u_int plen, plenbytes; /* prefix length and label = 4 bytes */ ND_TCHECK2(pptr[0], 4); ITEMCHECK(4); plen = pptr[0]; /* get prefix length */ if (24 > plen) return -1; plen-=24; /* adjust prefixlen - labellength */ if (128 < plen) return -1; itemlen -= 4; memset(&addr, 0, sizeof(addr)); plenbytes = (plen + 7) / 8; ND_TCHECK2(pptr[4], plenbytes); memcpy(&addr, &pptr[4], plenbytes); if (plen % 8) { addr.s6_addr[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "%s/%d, label:%u %s", getname6(ndo, (u_char *)&addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); return 4 + plenbytes; trunc: return -2; badtlv: return -3; } static int decode_labeled_vpn_prefix6(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { struct in6_addr addr; u_int plen; ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ if ((24+64) > plen) return -1; plen-=(24+64); /* adjust prefixlen - labellength - RD len*/ if (128 < plen) return -1; memset(&addr, 0, sizeof(addr)); ND_TCHECK2(pptr[12], (plen + 7) / 8); memcpy(&addr, &pptr[12], (plen + 7) / 8); if (plen % 8) { addr.s6_addr[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s", bgp_vpn_rd_print(ndo, pptr+4), getname6(ndo, (u_char *)&addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); return 12 + (plen + 7) / 8; trunc: return -2; } #endif static int decode_clnp_prefix(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { uint8_t addr[19]; u_int plen; ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ if (152 < plen) return -1; memset(&addr, 0, sizeof(addr)); ND_TCHECK2(pptr[4], (plen + 7) / 8); memcpy(&addr, &pptr[4], (plen + 7) / 8); if (plen % 8) { addr[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "%s/%d", isonsap_string(addr,(plen + 7) / 8), plen); return 1 + (plen + 7) / 8; trunc: return -2; } static int decode_labeled_vpn_clnp_prefix(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { uint8_t addr[19]; u_int plen; ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ if ((24+64) > plen) return -1; plen-=(24+64); /* adjust prefixlen - labellength - RD len*/ if (152 < plen) return -1; memset(&addr, 0, sizeof(addr)); ND_TCHECK2(pptr[12], (plen + 7) / 8); memcpy(&addr, &pptr[12], (plen + 7) / 8); if (plen % 8) { addr[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s", bgp_vpn_rd_print(ndo, pptr+4), isonsap_string(addr,(plen + 7) / 8), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); return 12 + (plen + 7) / 8; trunc: return -2; } /* * bgp_attr_get_as_size * * Try to find the size of the ASs encoded in an as-path. It is not obvious, as * both Old speakers that do not support 4 byte AS, and the new speakers that do * support, exchange AS-Path with the same path-attribute type value 0x02. */ static int bgp_attr_get_as_size(netdissect_options *ndo, uint8_t bgpa_type, const u_char *pptr, int len) { const u_char *tptr = pptr; /* * If the path attribute is the optional AS4 path type, then we already * know, that ASs must be encoded in 4 byte format. */ if (bgpa_type == BGPTYPE_AS4_PATH) { return 4; } /* * Let us assume that ASs are of 2 bytes in size, and check if the AS-Path * TLV is good. If not, ask the caller to try with AS encoded as 4 bytes * each. */ while (tptr < pptr + len) { ND_TCHECK(tptr[0]); /* * If we do not find a valid segment type, our guess might be wrong. */ if (tptr[0] < BGP_AS_SEG_TYPE_MIN || tptr[0] > BGP_AS_SEG_TYPE_MAX) { goto trunc; } ND_TCHECK(tptr[1]); tptr += 2 + tptr[1] * 2; } /* * If we correctly reached end of the AS path attribute data content, * then most likely ASs were indeed encoded as 2 bytes. */ if (tptr == pptr + len) { return 2; } trunc: /* * We can come here, either we did not have enough data, or if we * try to decode 4 byte ASs in 2 byte format. Either way, return 4, * so that calller can try to decode each AS as of 4 bytes. If indeed * there was not enough data, it will crib and end the parse anyways. */ return 4; } static int bgp_attr_print(netdissect_options *ndo, u_int atype, const u_char *pptr, u_int len) { int i; uint16_t af; uint8_t safi, snpa, nhlen; union { /* copy buffer for bandwidth values */ float f; uint32_t i; } bw; int advance; u_int tlen; const u_char *tptr; char buf[MAXHOSTNAMELEN + 100]; char tokbuf[TOKBUFSIZE]; int as_size; tptr = pptr; tlen=len; switch (atype) { case BGPTYPE_ORIGIN: if (len != 1) ND_PRINT((ndo, "invalid len")); else { ND_TCHECK(*tptr); ND_PRINT((ndo, "%s", tok2strbuf(bgp_origin_values, "Unknown Origin Typecode", tptr[0], tokbuf, sizeof(tokbuf)))); } break; /* * Process AS4 byte path and AS2 byte path attributes here. */ case BGPTYPE_AS4_PATH: case BGPTYPE_AS_PATH: if (len % 2) { ND_PRINT((ndo, "invalid len")); break; } if (!len) { ND_PRINT((ndo, "empty")); break; } /* * BGP updates exchanged between New speakers that support 4 * byte AS, ASs are always encoded in 4 bytes. There is no * definitive way to find this, just by the packet's * contents. So, check for packet's TLV's sanity assuming * 2 bytes first, and it does not pass, assume that ASs are * encoded in 4 bytes format and move on. */ as_size = bgp_attr_get_as_size(ndo, atype, pptr, len); while (tptr < pptr + len) { ND_TCHECK(tptr[0]); ND_PRINT((ndo, "%s", tok2strbuf(bgp_as_path_segment_open_values, "?", tptr[0], tokbuf, sizeof(tokbuf)))); for (i = 0; i < tptr[1] * as_size; i += as_size) { ND_TCHECK2(tptr[2 + i], as_size); ND_PRINT((ndo, "%s ", as_printf(ndo, astostr, sizeof(astostr), as_size == 2 ? EXTRACT_16BITS(&tptr[2 + i]) : EXTRACT_32BITS(&tptr[2 + i])))); } ND_TCHECK(tptr[0]); ND_PRINT((ndo, "%s", tok2strbuf(bgp_as_path_segment_close_values, "?", tptr[0], tokbuf, sizeof(tokbuf)))); ND_TCHECK(tptr[1]); tptr += 2 + tptr[1] * as_size; } break; case BGPTYPE_NEXT_HOP: if (len != 4) ND_PRINT((ndo, "invalid len")); else { ND_TCHECK2(tptr[0], 4); ND_PRINT((ndo, "%s", getname(ndo, tptr))); } break; case BGPTYPE_MULTI_EXIT_DISC: case BGPTYPE_LOCAL_PREF: if (len != 4) ND_PRINT((ndo, "invalid len")); else { ND_TCHECK2(tptr[0], 4); ND_PRINT((ndo, "%u", EXTRACT_32BITS(tptr))); } break; case BGPTYPE_ATOMIC_AGGREGATE: if (len != 0) ND_PRINT((ndo, "invalid len")); break; case BGPTYPE_AGGREGATOR: /* * Depending on the AS encoded is of 2 bytes or of 4 bytes, * the length of this PA can be either 6 bytes or 8 bytes. */ if (len != 6 && len != 8) { ND_PRINT((ndo, "invalid len")); break; } ND_TCHECK2(tptr[0], len); if (len == 6) { ND_PRINT((ndo, " AS #%s, origin %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_16BITS(tptr)), getname(ndo, tptr + 2))); } else { ND_PRINT((ndo, " AS #%s, origin %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)), getname(ndo, tptr + 4))); } break; case BGPTYPE_AGGREGATOR4: if (len != 8) { ND_PRINT((ndo, "invalid len")); break; } ND_TCHECK2(tptr[0], 8); ND_PRINT((ndo, " AS #%s, origin %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)), getname(ndo, tptr + 4))); break; case BGPTYPE_COMMUNITIES: if (len % 4) { ND_PRINT((ndo, "invalid len")); break; } while (tlen>0) { uint32_t comm; ND_TCHECK2(tptr[0], 4); comm = EXTRACT_32BITS(tptr); switch (comm) { case BGP_COMMUNITY_NO_EXPORT: ND_PRINT((ndo, " NO_EXPORT")); break; case BGP_COMMUNITY_NO_ADVERT: ND_PRINT((ndo, " NO_ADVERTISE")); break; case BGP_COMMUNITY_NO_EXPORT_SUBCONFED: ND_PRINT((ndo, " NO_EXPORT_SUBCONFED")); break; default: ND_PRINT((ndo, "%u:%u%s", (comm >> 16) & 0xffff, comm & 0xffff, (tlen>4) ? ", " : "")); break; } tlen -=4; tptr +=4; } break; case BGPTYPE_ORIGINATOR_ID: if (len != 4) { ND_PRINT((ndo, "invalid len")); break; } ND_TCHECK2(tptr[0], 4); ND_PRINT((ndo, "%s",getname(ndo, tptr))); break; case BGPTYPE_CLUSTER_LIST: if (len % 4) { ND_PRINT((ndo, "invalid len")); break; } while (tlen>0) { ND_TCHECK2(tptr[0], 4); ND_PRINT((ndo, "%s%s", getname(ndo, tptr), (tlen>4) ? ", " : "")); tlen -=4; tptr +=4; } break; case BGPTYPE_MP_REACH_NLRI: ND_TCHECK2(tptr[0], 3); af = EXTRACT_16BITS(tptr); safi = tptr[2]; ND_PRINT((ndo, "\n\t AFI: %s (%u), %sSAFI: %s (%u)", tok2strbuf(af_values, "Unknown AFI", af, tokbuf, sizeof(tokbuf)), af, (safi>128) ? "vendor specific " : "", /* 128 is meanwhile wellknown */ tok2strbuf(bgp_safi_values, "Unknown SAFI", safi, tokbuf, sizeof(tokbuf)), safi)); switch(af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): case (AFNUM_INET<<8 | SAFNUM_UNIMULTICAST): case (AFNUM_INET<<8 | SAFNUM_LABUNICAST): case (AFNUM_INET<<8 | SAFNUM_RT_ROUTING_INFO): case (AFNUM_INET<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET<<8 | SAFNUM_VPNUNIMULTICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST_VPN): case (AFNUM_INET<<8 | SAFNUM_MDT): #ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_LABUNICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNUNIMULTICAST): #endif case (AFNUM_NSAP<<8 | SAFNUM_UNICAST): case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNUNICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNUNIMULTICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNIMULTICAST): case (AFNUM_VPLS<<8 | SAFNUM_VPLS): break; default: ND_TCHECK2(tptr[0], tlen); ND_PRINT((ndo, "\n\t no AFI %u / SAFI %u decoder", af, safi)); if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tptr, "\n\t ", tlen); goto done; break; } tptr +=3; ND_TCHECK(tptr[0]); nhlen = tptr[0]; tlen = nhlen; tptr++; if (tlen) { int nnh = 0; ND_PRINT((ndo, "\n\t nexthop: ")); while (tlen > 0) { if ( nnh++ > 0 ) { ND_PRINT((ndo, ", " )); } switch(af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): case (AFNUM_INET<<8 | SAFNUM_UNIMULTICAST): case (AFNUM_INET<<8 | SAFNUM_LABUNICAST): case (AFNUM_INET<<8 | SAFNUM_RT_ROUTING_INFO): case (AFNUM_INET<<8 | SAFNUM_MULTICAST_VPN): case (AFNUM_INET<<8 | SAFNUM_MDT): if (tlen < (int)sizeof(struct in_addr)) { ND_PRINT((ndo, "invalid len")); tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in_addr)); ND_PRINT((ndo, "%s",getname(ndo, tptr))); tlen -= sizeof(struct in_addr); tptr += sizeof(struct in_addr); } break; case (AFNUM_INET<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET<<8 | SAFNUM_VPNUNIMULTICAST): if (tlen < (int)(sizeof(struct in_addr)+BGP_VPN_RD_LEN)) { ND_PRINT((ndo, "invalid len")); tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in_addr)+BGP_VPN_RD_LEN); ND_PRINT((ndo, "RD: %s, %s", bgp_vpn_rd_print(ndo, tptr), getname(ndo, tptr+BGP_VPN_RD_LEN))); tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN); tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN); } break; #ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_LABUNICAST): if (tlen < (int)sizeof(struct in6_addr)) { ND_PRINT((ndo, "invalid len")); tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in6_addr)); ND_PRINT((ndo, "%s", getname6(ndo, tptr))); tlen -= sizeof(struct in6_addr); tptr += sizeof(struct in6_addr); } break; case (AFNUM_INET6<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNUNIMULTICAST): if (tlen < (int)(sizeof(struct in6_addr)+BGP_VPN_RD_LEN)) { ND_PRINT((ndo, "invalid len")); tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in6_addr)+BGP_VPN_RD_LEN); ND_PRINT((ndo, "RD: %s, %s", bgp_vpn_rd_print(ndo, tptr), getname6(ndo, tptr+BGP_VPN_RD_LEN))); tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN); tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN); } break; #endif case (AFNUM_VPLS<<8 | SAFNUM_VPLS): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNIMULTICAST): if (tlen < (int)sizeof(struct in_addr)) { ND_PRINT((ndo, "invalid len")); tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in_addr)); ND_PRINT((ndo, "%s", getname(ndo, tptr))); tlen -= (sizeof(struct in_addr)); tptr += (sizeof(struct in_addr)); } break; case (AFNUM_NSAP<<8 | SAFNUM_UNICAST): case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST): ND_TCHECK2(tptr[0], tlen); ND_PRINT((ndo, "%s", isonsap_string(tptr, tlen))); tptr += tlen; tlen = 0; break; case (AFNUM_NSAP<<8 | SAFNUM_VPNUNICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNUNIMULTICAST): if (tlen < BGP_VPN_RD_LEN+1) { ND_PRINT((ndo, "invalid len")); tlen = 0; } else { ND_TCHECK2(tptr[0], tlen); ND_PRINT((ndo, "RD: %s, %s", bgp_vpn_rd_print(ndo, tptr), isonsap_string(tptr+BGP_VPN_RD_LEN,tlen-BGP_VPN_RD_LEN))); /* rfc986 mapped IPv4 address ? */ if (EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) == 0x47000601) ND_PRINT((ndo, " = %s", getname(ndo, tptr+BGP_VPN_RD_LEN+4))); #ifdef INET6 /* rfc1888 mapped IPv6 address ? */ else if (EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) == 0x350000) ND_PRINT((ndo, " = %s", getname6(ndo, tptr+BGP_VPN_RD_LEN+3))); #endif tptr += tlen; tlen = 0; } break; default: ND_TCHECK2(tptr[0], tlen); ND_PRINT((ndo, "no AFI %u/SAFI %u decoder", af, safi)); if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tptr, "\n\t ", tlen); tptr += tlen; tlen = 0; goto done; break; } } } ND_PRINT((ndo, ", nh-length: %u", nhlen)); tptr += tlen; ND_TCHECK(tptr[0]); snpa = tptr[0]; tptr++; if (snpa) { ND_PRINT((ndo, "\n\t %u SNPA", snpa)); for (/*nothing*/; snpa > 0; snpa--) { ND_TCHECK(tptr[0]); ND_PRINT((ndo, "\n\t %d bytes", tptr[0])); tptr += tptr[0] + 1; } } else { ND_PRINT((ndo, ", no SNPA")); } while (len - (tptr - pptr) > 0) { switch (af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): case (AFNUM_INET<<8 | SAFNUM_UNIMULTICAST): advance = decode_prefix4(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_LABUNICAST): advance = decode_labeled_prefix4(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_prefix4(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_RT_ROUTING_INFO): advance = decode_rt_routing_info(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_MULTICAST_VPN): /* fall through */ case (AFNUM_INET6<<8 | SAFNUM_MULTICAST_VPN): advance = decode_multicast_vpn(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_MDT): advance = decode_mdt_vpn_nlri(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; #ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): advance = decode_prefix6(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET6<<8 | SAFNUM_LABUNICAST): advance = decode_labeled_prefix6(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET6<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_prefix6(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; #endif case (AFNUM_VPLS<<8 | SAFNUM_VPLS): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_l2(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_NSAP<<8 | SAFNUM_UNICAST): case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST): advance = decode_clnp_prefix(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_NSAP<<8 | SAFNUM_VPNUNICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_clnp_prefix(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; default: ND_TCHECK2(*tptr,tlen); ND_PRINT((ndo, "\n\t no AFI %u / SAFI %u decoder", af, safi)); if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tptr, "\n\t ", tlen); advance = 0; tptr = pptr + len; break; } if (advance < 0) break; tptr += advance; } done: break; case BGPTYPE_MP_UNREACH_NLRI: ND_TCHECK2(tptr[0], BGP_MP_NLRI_MINSIZE); af = EXTRACT_16BITS(tptr); safi = tptr[2]; ND_PRINT((ndo, "\n\t AFI: %s (%u), %sSAFI: %s (%u)", tok2strbuf(af_values, "Unknown AFI", af, tokbuf, sizeof(tokbuf)), af, (safi>128) ? "vendor specific " : "", /* 128 is meanwhile wellknown */ tok2strbuf(bgp_safi_values, "Unknown SAFI", safi, tokbuf, sizeof(tokbuf)), safi)); if (len == BGP_MP_NLRI_MINSIZE) ND_PRINT((ndo, "\n\t End-of-Rib Marker (empty NLRI)")); tptr += 3; while (len - (tptr - pptr) > 0) { switch (af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): case (AFNUM_INET<<8 | SAFNUM_UNIMULTICAST): advance = decode_prefix4(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_LABUNICAST): advance = decode_labeled_prefix4(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_prefix4(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; #ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): advance = decode_prefix6(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET6<<8 | SAFNUM_LABUNICAST): advance = decode_labeled_prefix6(ndo, tptr, len, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else if (advance == -3) break; /* bytes left, but not enough */ else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET6<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_prefix6(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; #endif case (AFNUM_VPLS<<8 | SAFNUM_VPLS): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_l2(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_NSAP<<8 | SAFNUM_UNICAST): case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST): advance = decode_clnp_prefix(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_NSAP<<8 | SAFNUM_VPNUNICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_VPNUNIMULTICAST): advance = decode_labeled_vpn_clnp_prefix(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_MDT): advance = decode_mdt_vpn_nlri(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; case (AFNUM_INET<<8 | SAFNUM_MULTICAST_VPN): /* fall through */ case (AFNUM_INET6<<8 | SAFNUM_MULTICAST_VPN): advance = decode_multicast_vpn(ndo, tptr, buf, sizeof(buf)); if (advance == -1) ND_PRINT((ndo, "\n\t (illegal prefix length)")); else if (advance == -2) goto trunc; else ND_PRINT((ndo, "\n\t %s", buf)); break; default: ND_TCHECK2(*(tptr-3),tlen); ND_PRINT((ndo, "no AFI %u / SAFI %u decoder", af, safi)); if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tptr-3, "\n\t ", tlen); advance = 0; tptr = pptr + len; break; } if (advance < 0) break; tptr += advance; } break; case BGPTYPE_EXTD_COMMUNITIES: if (len % 8) { ND_PRINT((ndo, "invalid len")); break; } while (tlen>0) { uint16_t extd_comm; ND_TCHECK2(tptr[0], 2); extd_comm=EXTRACT_16BITS(tptr); ND_PRINT((ndo, "\n\t %s (0x%04x), Flags [%s]", tok2strbuf(bgp_extd_comm_subtype_values, "unknown extd community typecode", extd_comm, tokbuf, sizeof(tokbuf)), extd_comm, bittok2str(bgp_extd_comm_flag_values, "none", extd_comm))); ND_TCHECK2(*(tptr+2), 6); switch(extd_comm) { case BGP_EXT_COM_RT_0: case BGP_EXT_COM_RO_0: case BGP_EXT_COM_L2VPN_RT_0: ND_PRINT((ndo, ": %u:%u (= %s)", EXTRACT_16BITS(tptr+2), EXTRACT_32BITS(tptr+4), getname(ndo, tptr+4))); break; case BGP_EXT_COM_RT_1: case BGP_EXT_COM_RO_1: case BGP_EXT_COM_L2VPN_RT_1: case BGP_EXT_COM_VRF_RT_IMP: ND_PRINT((ndo, ": %s:%u", getname(ndo, tptr+2), EXTRACT_16BITS(tptr+6))); break; case BGP_EXT_COM_RT_2: case BGP_EXT_COM_RO_2: ND_PRINT((ndo, ": %s:%u", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr+2)), EXTRACT_16BITS(tptr+6))); break; case BGP_EXT_COM_LINKBAND: bw.i = EXTRACT_32BITS(tptr+2); ND_PRINT((ndo, ": bandwidth: %.3f Mbps", bw.f*8/1000000)); break; case BGP_EXT_COM_VPN_ORIGIN: case BGP_EXT_COM_VPN_ORIGIN2: case BGP_EXT_COM_VPN_ORIGIN3: case BGP_EXT_COM_VPN_ORIGIN4: case BGP_EXT_COM_OSPF_RID: case BGP_EXT_COM_OSPF_RID2: ND_PRINT((ndo, "%s", getname(ndo, tptr+2))); break; case BGP_EXT_COM_OSPF_RTYPE: case BGP_EXT_COM_OSPF_RTYPE2: ND_PRINT((ndo, ": area:%s, router-type:%s, metric-type:%s%s", getname(ndo, tptr+2), tok2strbuf(bgp_extd_comm_ospf_rtype_values, "unknown (0x%02x)", *(tptr+6), tokbuf, sizeof(tokbuf)), (*(tptr+7) & BGP_OSPF_RTYPE_METRIC_TYPE) ? "E2" : "", ((*(tptr+6) == BGP_OSPF_RTYPE_EXT) || (*(tptr+6) == BGP_OSPF_RTYPE_NSSA)) ? "E1" : "")); break; case BGP_EXT_COM_L2INFO: ND_PRINT((ndo, ": %s Control Flags [0x%02x]:MTU %u", tok2strbuf(l2vpn_encaps_values, "unknown encaps", *(tptr+2), tokbuf, sizeof(tokbuf)), *(tptr+3), EXTRACT_16BITS(tptr+4))); break; case BGP_EXT_COM_SOURCE_AS: ND_PRINT((ndo, ": AS %u", EXTRACT_16BITS(tptr+2))); break; default: ND_TCHECK2(*tptr,8); print_unknown_data(ndo, tptr, "\n\t ", 8); break; } tlen -=8; tptr +=8; } break; case BGPTYPE_PMSI_TUNNEL: { uint8_t tunnel_type, flags; tunnel_type = *(tptr+1); flags = *tptr; tlen = len; ND_TCHECK2(tptr[0], 5); ND_PRINT((ndo, "\n\t Tunnel-type %s (%u), Flags [%s], MPLS Label %u", tok2str(bgp_pmsi_tunnel_values, "Unknown", tunnel_type), tunnel_type, bittok2str(bgp_pmsi_flag_values, "none", flags), EXTRACT_24BITS(tptr+2)>>4)); tptr +=5; tlen -= 5; switch (tunnel_type) { case BGP_PMSI_TUNNEL_PIM_SM: /* fall through */ case BGP_PMSI_TUNNEL_PIM_BIDIR: ND_TCHECK2(tptr[0], 8); ND_PRINT((ndo, "\n\t Sender %s, P-Group %s", ipaddr_string(ndo, tptr), ipaddr_string(ndo, tptr+4))); break; case BGP_PMSI_TUNNEL_PIM_SSM: ND_TCHECK2(tptr[0], 8); ND_PRINT((ndo, "\n\t Root-Node %s, P-Group %s", ipaddr_string(ndo, tptr), ipaddr_string(ndo, tptr+4))); break; case BGP_PMSI_TUNNEL_INGRESS: ND_TCHECK2(tptr[0], 4); ND_PRINT((ndo, "\n\t Tunnel-Endpoint %s", ipaddr_string(ndo, tptr))); break; case BGP_PMSI_TUNNEL_LDP_P2MP: /* fall through */ case BGP_PMSI_TUNNEL_LDP_MP2MP: ND_TCHECK2(tptr[0], 8); ND_PRINT((ndo, "\n\t Root-Node %s, LSP-ID 0x%08x", ipaddr_string(ndo, tptr), EXTRACT_32BITS(tptr+4))); break; case BGP_PMSI_TUNNEL_RSVP_P2MP: ND_TCHECK2(tptr[0], 8); ND_PRINT((ndo, "\n\t Extended-Tunnel-ID %s, P2MP-ID 0x%08x", ipaddr_string(ndo, tptr), EXTRACT_32BITS(tptr+4))); break; default: if (ndo->ndo_vflag <= 1) { print_unknown_data(ndo, tptr, "\n\t ", tlen); } } break; } case BGPTYPE_ATTR_SET: ND_TCHECK2(tptr[0], 4); if (len < 4) goto trunc; ND_PRINT((ndo, "\n\t Origin AS: %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)))); tptr+=4; len -=4; while (len) { u_int aflags, atype, alenlen, alen; ND_TCHECK2(tptr[0], 2); if (len < 2) goto trunc; aflags = *tptr; atype = *(tptr + 1); tptr += 2; len -= 2; alenlen = bgp_attr_lenlen(aflags, tptr); ND_TCHECK2(tptr[0], alenlen); if (len < alenlen) goto trunc; alen = bgp_attr_len(aflags, tptr); tptr += alenlen; len -= alenlen; ND_PRINT((ndo, "\n\t %s (%u), length: %u", tok2strbuf(bgp_attr_values, "Unknown Attribute", atype, tokbuf, sizeof(tokbuf)), atype, alen)); if (aflags) { ND_PRINT((ndo, ", Flags [%s%s%s%s", aflags & 0x80 ? "O" : "", aflags & 0x40 ? "T" : "", aflags & 0x20 ? "P" : "", aflags & 0x10 ? "E" : "")); if (aflags & 0xf) ND_PRINT((ndo, "+%x", aflags & 0xf)); ND_PRINT((ndo, "]: ")); } /* FIXME check for recursion */ if (!bgp_attr_print(ndo, atype, tptr, alen)) return 0; tptr += alen; len -= alen; } break; default: ND_TCHECK2(*pptr,len); ND_PRINT((ndo, "\n\t no Attribute %u decoder", atype)); /* we have no decoder for the attribute */ if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, pptr, "\n\t ", len); break; } if (ndo->ndo_vflag > 1 && len) { /* omit zero length attributes*/ ND_TCHECK2(*pptr,len); print_unknown_data(ndo, pptr, "\n\t ", len); } return 1; trunc: return 0; } static void bgp_capabilities_print(netdissect_options *ndo, const u_char *opt, int caps_len) { char tokbuf[TOKBUFSIZE]; char tokbuf2[TOKBUFSIZE]; int cap_type, cap_len, tcap_len, cap_offset; int i = 0; while (i < caps_len) { ND_TCHECK2(opt[i], BGP_CAP_HEADER_SIZE); cap_type=opt[i]; cap_len=opt[i+1]; tcap_len=cap_len; ND_PRINT((ndo, "\n\t %s (%u), length: %u", tok2strbuf(bgp_capcode_values, "Unknown", cap_type, tokbuf, sizeof(tokbuf)), cap_type, cap_len)); ND_TCHECK2(opt[i+2], cap_len); switch (cap_type) { case BGP_CAPCODE_MP: ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u)", tok2strbuf(af_values, "Unknown", EXTRACT_16BITS(opt+i+2), tokbuf, sizeof(tokbuf)), EXTRACT_16BITS(opt+i+2), tok2strbuf(bgp_safi_values, "Unknown", opt[i+5], tokbuf, sizeof(tokbuf)), opt[i+5])); break; case BGP_CAPCODE_RESTART: ND_PRINT((ndo, "\n\t\tRestart Flags: [%s], Restart Time %us", ((opt[i+2])&0x80) ? "R" : "none", EXTRACT_16BITS(opt+i+2)&0xfff)); tcap_len-=2; cap_offset=4; while(tcap_len>=4) { ND_PRINT((ndo, "\n\t\t AFI %s (%u), SAFI %s (%u), Forwarding state preserved: %s", tok2strbuf(af_values,"Unknown", EXTRACT_16BITS(opt+i+cap_offset), tokbuf, sizeof(tokbuf)), EXTRACT_16BITS(opt+i+cap_offset), tok2strbuf(bgp_safi_values,"Unknown", opt[i+cap_offset+2], tokbuf2, sizeof(tokbuf2)), opt[i+cap_offset+2], ((opt[i+cap_offset+3])&0x80) ? "yes" : "no" )); tcap_len-=4; cap_offset+=4; } break; case BGP_CAPCODE_RR: case BGP_CAPCODE_RR_CISCO: break; case BGP_CAPCODE_AS_NEW: /* * Extract the 4 byte AS number encoded. */ if (cap_len == 4) { ND_PRINT((ndo, "\n\t\t 4 Byte AS %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(opt + i + 2)))); } break; default: ND_PRINT((ndo, "\n\t\tno decoder for Capability %u", cap_type)); if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, &opt[i+2], "\n\t\t", cap_len); break; } if (ndo->ndo_vflag > 1 && cap_len > 0) { print_unknown_data(ndo, &opt[i+2], "\n\t\t", cap_len); } i += BGP_CAP_HEADER_SIZE + cap_len; } return; trunc: ND_PRINT((ndo, "[|BGP]")); } static void bgp_open_print(netdissect_options *ndo, const u_char *dat, int length) { struct bgp_open bgpo; struct bgp_opt bgpopt; const u_char *opt; int i; char tokbuf[TOKBUFSIZE]; ND_TCHECK2(dat[0], BGP_OPEN_SIZE); memcpy(&bgpo, dat, BGP_OPEN_SIZE); ND_PRINT((ndo, "\n\t Version %d, ", bgpo.bgpo_version)); ND_PRINT((ndo, "my AS %s, ", as_printf(ndo, astostr, sizeof(astostr), ntohs(bgpo.bgpo_myas)))); ND_PRINT((ndo, "Holdtime %us, ", ntohs(bgpo.bgpo_holdtime))); ND_PRINT((ndo, "ID %s", getname(ndo, (u_char *)&bgpo.bgpo_id))); ND_PRINT((ndo, "\n\t Optional parameters, length: %u", bgpo.bgpo_optlen)); /* some little sanity checking */ if (length < bgpo.bgpo_optlen+BGP_OPEN_SIZE) return; /* ugly! */ opt = &((const struct bgp_open *)dat)->bgpo_optlen; opt++; i = 0; while (i < bgpo.bgpo_optlen) { ND_TCHECK2(opt[i], BGP_OPT_SIZE); memcpy(&bgpopt, &opt[i], BGP_OPT_SIZE); if (i + 2 + bgpopt.bgpopt_len > bgpo.bgpo_optlen) { ND_PRINT((ndo, "\n\t Option %d, length: %u", bgpopt.bgpopt_type, bgpopt.bgpopt_len)); break; } ND_PRINT((ndo, "\n\t Option %s (%u), length: %u", tok2strbuf(bgp_opt_values,"Unknown", bgpopt.bgpopt_type, tokbuf, sizeof(tokbuf)), bgpopt.bgpopt_type, bgpopt.bgpopt_len)); /* now let's decode the options we know*/ switch(bgpopt.bgpopt_type) { case BGP_OPT_CAP: bgp_capabilities_print(ndo, &opt[i+BGP_OPT_SIZE], bgpopt.bgpopt_len); break; case BGP_OPT_AUTH: default: ND_PRINT((ndo, "\n\t no decoder for option %u", bgpopt.bgpopt_type)); break; } i += BGP_OPT_SIZE + bgpopt.bgpopt_len; } return; trunc: ND_PRINT((ndo, "[|BGP]")); } static void bgp_update_print(netdissect_options *ndo, const u_char *dat, int length) { struct bgp bgp; const u_char *p; int withdrawn_routes_len; int len; int i; char tokbuf[TOKBUFSIZE]; #ifndef INET6 char buf[MAXHOSTNAMELEN + 100]; int wpfx; #endif ND_TCHECK2(dat[0], BGP_SIZE); if (length < BGP_SIZE) goto trunc; memcpy(&bgp, dat, BGP_SIZE); p = dat + BGP_SIZE; /*XXX*/ length -= BGP_SIZE; /* Unfeasible routes */ ND_TCHECK2(p[0], 2); if (length < 2) goto trunc; withdrawn_routes_len = EXTRACT_16BITS(p); p += 2; length -= 2; if (withdrawn_routes_len) { /* * Without keeping state from the original NLRI message, * it's not possible to tell if this a v4 or v6 route, * so only try to decode it if we're not v6 enabled. */ ND_TCHECK2(p[0], withdrawn_routes_len); if (length < withdrawn_routes_len) goto trunc; #ifdef INET6 ND_PRINT((ndo, "\n\t Withdrawn routes: %d bytes", withdrawn_routes_len)); p += withdrawn_routes_len; length -= withdrawn_routes_len; #else if (withdrawn_routes_len < 2) goto trunc; length -= 2; withdrawn_routes_len -= 2; ND_PRINT((ndo, "\n\t Withdrawn routes:")); while(withdrawn_routes_len > 0) { wpfx = decode_prefix4(ndo, p, withdrawn_routes_len, buf, sizeof(buf)); if (wpfx == -1) { ND_PRINT((ndo, "\n\t (illegal prefix length)")); break; } else if (wpfx == -2) goto trunc; else if (wpfx == -3) goto trunc; /* bytes left, but not enough */ else { ND_PRINT((ndo, "\n\t %s", buf)); p += wpfx; length -= wpfx; withdrawn_routes_len -= wpfx; } } #endif } ND_TCHECK2(p[0], 2); if (length < 2) goto trunc; len = EXTRACT_16BITS(p); p += 2; length -= 2; if (withdrawn_routes_len == 0 && len == 0 && length == 0) { /* No withdrawn routes, no path attributes, no NLRI */ ND_PRINT((ndo, "\n\t End-of-Rib Marker (empty NLRI)")); return; } if (len) { /* do something more useful!*/ while (len) { int aflags, atype, alenlen, alen; ND_TCHECK2(p[0], 2); if (len < 2) goto trunc; if (length < 2) goto trunc; aflags = *p; atype = *(p + 1); p += 2; len -= 2; length -= 2; alenlen = bgp_attr_lenlen(aflags, p); ND_TCHECK2(p[0], alenlen); if (len < alenlen) goto trunc; if (length < alenlen) goto trunc; alen = bgp_attr_len(aflags, p); p += alenlen; len -= alenlen; length -= alenlen; ND_PRINT((ndo, "\n\t %s (%u), length: %u", tok2strbuf(bgp_attr_values, "Unknown Attribute", atype, tokbuf, sizeof(tokbuf)), atype, alen)); if (aflags) { ND_PRINT((ndo, ", Flags [%s%s%s%s", aflags & 0x80 ? "O" : "", aflags & 0x40 ? "T" : "", aflags & 0x20 ? "P" : "", aflags & 0x10 ? "E" : "")); if (aflags & 0xf) ND_PRINT((ndo, "+%x", aflags & 0xf)); ND_PRINT((ndo, "]: ")); } if (len < alen) goto trunc; if (length < alen) goto trunc; if (!bgp_attr_print(ndo, atype, p, alen)) goto trunc; p += alen; len -= alen; length -= alen; } } if (length) { /* * XXX - what if they're using the "Advertisement of * Multiple Paths in BGP" feature: * * https://datatracker.ietf.org/doc/draft-ietf-idr-add-paths/ * * http://tools.ietf.org/html/draft-ietf-idr-add-paths-06 */ ND_PRINT((ndo, "\n\t Updated routes:")); while (length) { char buf[MAXHOSTNAMELEN + 100]; i = decode_prefix4(ndo, p, length, buf, sizeof(buf)); if (i == -1) { ND_PRINT((ndo, "\n\t (illegal prefix length)")); break; } else if (i == -2) goto trunc; else if (i == -3) goto trunc; /* bytes left, but not enough */ else { ND_PRINT((ndo, "\n\t %s", buf)); p += i; length -= i; } } } return; trunc: ND_PRINT((ndo, "[|BGP]")); } static void bgp_notification_print(netdissect_options *ndo, const u_char *dat, int length) { struct bgp_notification bgpn; const u_char *tptr; char tokbuf[TOKBUFSIZE]; char tokbuf2[TOKBUFSIZE]; ND_TCHECK2(dat[0], BGP_NOTIFICATION_SIZE); memcpy(&bgpn, dat, BGP_NOTIFICATION_SIZE); /* some little sanity checking */ if (length= BGP_NOTIFICATION_SIZE + 7) { tptr = dat + BGP_NOTIFICATION_SIZE; ND_TCHECK2(*tptr, 7); ND_PRINT((ndo, ", AFI %s (%u), SAFI %s (%u), Max Prefixes: %u", tok2strbuf(af_values, "Unknown", EXTRACT_16BITS(tptr), tokbuf, sizeof(tokbuf)), EXTRACT_16BITS(tptr), tok2strbuf(bgp_safi_values, "Unknown", *(tptr+2), tokbuf2, sizeof(tokbuf)), *(tptr+2), EXTRACT_32BITS(tptr+3))); } break; default: break; } return; trunc: ND_PRINT((ndo, "[|BGP]")); } static void bgp_route_refresh_print(netdissect_options *ndo, const u_char *pptr, int len) { const struct bgp_route_refresh *bgp_route_refresh_header; char tokbuf[TOKBUFSIZE]; char tokbuf2[TOKBUFSIZE]; ND_TCHECK2(pptr[0], BGP_ROUTE_REFRESH_SIZE); /* some little sanity checking */ if (lenafi), tokbuf, sizeof(tokbuf)), EXTRACT_16BITS(&bgp_route_refresh_header->afi), tok2strbuf(bgp_safi_values,"Unknown", bgp_route_refresh_header->safi, tokbuf2, sizeof(tokbuf2)), bgp_route_refresh_header->safi)); if (ndo->ndo_vflag > 1) { ND_TCHECK2(*pptr, len); print_unknown_data(ndo, pptr, "\n\t ", len); } return; trunc: ND_PRINT((ndo, "[|BGP]")); } static int bgp_header_print(netdissect_options *ndo, const u_char *dat, int length) { struct bgp bgp; char tokbuf[TOKBUFSIZE]; ND_TCHECK2(dat[0], BGP_SIZE); memcpy(&bgp, dat, BGP_SIZE); ND_PRINT((ndo, "\n\t%s Message (%u), length: %u", tok2strbuf(bgp_msg_values, "Unknown", bgp.bgp_type, tokbuf, sizeof(tokbuf)), bgp.bgp_type, length)); switch (bgp.bgp_type) { case BGP_OPEN: bgp_open_print(ndo, dat, length); break; case BGP_UPDATE: bgp_update_print(ndo, dat, length); break; case BGP_NOTIFICATION: bgp_notification_print(ndo, dat, length); break; case BGP_KEEPALIVE: break; case BGP_ROUTE_REFRESH: bgp_route_refresh_print(ndo, dat, length); break; default: /* we have no decoder for the BGP message */ ND_TCHECK2(*dat, length); ND_PRINT((ndo, "\n\t no Message %u decoder", bgp.bgp_type)); print_unknown_data(ndo, dat, "\n\t ", length); break; } return 1; trunc: ND_PRINT((ndo, "[|BGP]")); return 0; } void bgp_print(netdissect_options *ndo, const u_char *dat, int length) { const u_char *p; const u_char *ep; const u_char *start; const u_char marker[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, }; struct bgp bgp; uint16_t hlen; char tokbuf[TOKBUFSIZE]; ep = dat + length; if (ndo->ndo_snapend < dat + length) ep = ndo->ndo_snapend; ND_PRINT((ndo, ": BGP")); if (ndo->ndo_vflag < 1) /* lets be less chatty */ return; p = dat; start = p; while (p < ep) { if (!ND_TTEST2(p[0], 1)) break; if (p[0] != 0xff) { p++; continue; } if (!ND_TTEST2(p[0], sizeof(marker))) break; if (memcmp(p, marker, sizeof(marker)) != 0) { p++; continue; } /* found BGP header */ ND_TCHECK2(p[0], BGP_SIZE); /*XXX*/ memcpy(&bgp, p, BGP_SIZE); if (start != p) ND_PRINT((ndo, " [|BGP]")); hlen = ntohs(bgp.bgp_len); if (hlen < BGP_SIZE) { ND_PRINT((ndo, "\n[|BGP Bogus header length %u < %u]", hlen, BGP_SIZE)); break; } if (ND_TTEST2(p[0], hlen)) { if (!bgp_header_print(ndo, p, hlen)) return; p += hlen; start = p; } else { ND_PRINT((ndo, "\n[|BGP %s]", tok2strbuf(bgp_msg_values, "Unknown Message Type", bgp.bgp_type, tokbuf, sizeof(tokbuf)))); break; } } return; trunc: ND_PRINT((ndo, " [|BGP]")); } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 4 * End: */ tcpdump-4.7.4/print-fr.c0000644000026300017510000006773512477707026013270 0ustar mcrmcr/* * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include #include "interface.h" #include "addrtoname.h" #include "ethertype.h" #include "llc.h" #include "nlpid.h" #include "extract.h" #include "oui.h" static void frf15_print(netdissect_options *ndo, const u_char *, u_int); /* * the frame relay header has a variable length * * the EA bit determines if there is another byte * in the header * * minimum header length is 2 bytes * maximum header length is 4 bytes * * 7 6 5 4 3 2 1 0 * +----+----+----+----+----+----+----+----+ * | DLCI (6 bits) | CR | EA | * +----+----+----+----+----+----+----+----+ * | DLCI (4 bits) |FECN|BECN| DE | EA | * +----+----+----+----+----+----+----+----+ * | DLCI (7 bits) | EA | * +----+----+----+----+----+----+----+----+ * | DLCI (6 bits) |SDLC| EA | * +----+----+----+----+----+----+----+----+ */ #define FR_EA_BIT 0x01 #define FR_CR_BIT 0x02000000 #define FR_DE_BIT 0x00020000 #define FR_BECN_BIT 0x00040000 #define FR_FECN_BIT 0x00080000 #define FR_SDLC_BIT 0x00000002 static const struct tok fr_header_flag_values[] = { { FR_CR_BIT, "C!" }, { FR_DE_BIT, "DE" }, { FR_BECN_BIT, "BECN" }, { FR_FECN_BIT, "FECN" }, { FR_SDLC_BIT, "sdlcore" }, { 0, NULL } }; /* FRF.15 / FRF.16 */ #define MFR_B_BIT 0x80 #define MFR_E_BIT 0x40 #define MFR_C_BIT 0x20 #define MFR_BEC_MASK (MFR_B_BIT | MFR_E_BIT | MFR_C_BIT) #define MFR_CTRL_FRAME (MFR_B_BIT | MFR_E_BIT | MFR_C_BIT) #define MFR_FRAG_FRAME (MFR_B_BIT | MFR_E_BIT ) static const struct tok frf_flag_values[] = { { MFR_B_BIT, "Begin" }, { MFR_E_BIT, "End" }, { MFR_C_BIT, "Control" }, { 0, NULL } }; /* Finds out Q.922 address length, DLCI and flags. Returns 1 on success, * 0 on invalid address, -1 on truncated packet * save the flags dep. on address length */ static int parse_q922_addr(netdissect_options *ndo, const u_char *p, u_int *dlci, u_int *addr_len, uint8_t *flags, u_int length) { if (!ND_TTEST(p[0]) || length < 1) return -1; if ((p[0] & FR_EA_BIT)) return 0; if (!ND_TTEST(p[1]) || length < 2) return -1; *addr_len = 2; *dlci = ((p[0] & 0xFC) << 2) | ((p[1] & 0xF0) >> 4); flags[0] = p[0] & 0x02; /* populate the first flag fields */ flags[1] = p[1] & 0x0c; flags[2] = 0; /* clear the rest of the flags */ flags[3] = 0; if (p[1] & FR_EA_BIT) return 1; /* 2-byte Q.922 address */ p += 2; length -= 2; if (!ND_TTEST(p[0]) || length < 1) return -1; (*addr_len)++; /* 3- or 4-byte Q.922 address */ if ((p[0] & FR_EA_BIT) == 0) { *dlci = (*dlci << 7) | (p[0] >> 1); (*addr_len)++; /* 4-byte Q.922 address */ p++; length--; } if (!ND_TTEST(p[0]) || length < 1) return -1; if ((p[0] & FR_EA_BIT) == 0) return 0; /* more than 4 bytes of Q.922 address? */ flags[3] = p[0] & 0x02; *dlci = (*dlci << 6) | (p[0] >> 2); return 1; } char * q922_string(netdissect_options *ndo, const u_char *p, u_int length) { static u_int dlci, addr_len; static uint8_t flags[4]; static char buffer[sizeof("DLCI xxxxxxxxxx")]; memset(buffer, 0, sizeof(buffer)); if (parse_q922_addr(ndo, p, &dlci, &addr_len, flags, length) == 1){ snprintf(buffer, sizeof(buffer), "DLCI %u", dlci); } return buffer; } /* Frame Relay packet structure, with flags and CRC removed +---------------------------+ | Q.922 Address* | +-- --+ | | +---------------------------+ | Control (UI = 0x03) | +---------------------------+ | Optional Pad (0x00) | +---------------------------+ | NLPID | +---------------------------+ | . | | . | | . | | Data | | . | | . | +---------------------------+ * Q.922 addresses, as presently defined, are two octets and contain a 10-bit DLCI. In some networks Q.922 addresses may optionally be increased to three or four octets. */ static void fr_hdr_print(netdissect_options *ndo, int length, u_int addr_len, u_int dlci, uint8_t *flags, uint16_t nlpid) { if (ndo->ndo_qflag) { ND_PRINT((ndo, "Q.922, DLCI %u, length %u: ", dlci, length)); } else { if (nlpid <= 0xff) /* if its smaller than 256 then its a NLPID */ ND_PRINT((ndo, "Q.922, hdr-len %u, DLCI %u, Flags [%s], NLPID %s (0x%02x), length %u: ", addr_len, dlci, bittok2str(fr_header_flag_values, "none", EXTRACT_32BITS(flags)), tok2str(nlpid_values,"unknown", nlpid), nlpid, length)); else /* must be an ethertype */ ND_PRINT((ndo, "Q.922, hdr-len %u, DLCI %u, Flags [%s], cisco-ethertype %s (0x%04x), length %u: ", addr_len, dlci, bittok2str(fr_header_flag_values, "none", EXTRACT_32BITS(flags)), tok2str(ethertype_values, "unknown", nlpid), nlpid, length)); } } u_int fr_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { register u_int length = h->len; register u_int caplen = h->caplen; ND_TCHECK2(*p, 4); /* minimum frame header length */ if ((length = fr_print(ndo, p, length)) == 0) return (0); else return length; trunc: ND_PRINT((ndo, "[|fr]")); return caplen; } u_int fr_print(netdissect_options *ndo, register const u_char *p, u_int length) { int ret; uint16_t extracted_ethertype; u_int dlci; u_int addr_len; uint16_t nlpid; u_int hdr_len; uint8_t flags[4]; ret = parse_q922_addr(ndo, p, &dlci, &addr_len, flags, length); if (ret == -1) goto trunc; if (ret == 0) { ND_PRINT((ndo, "Q.922, invalid address")); return 0; } ND_TCHECK(p[addr_len]); if (length < addr_len + 1) goto trunc; if (p[addr_len] != LLC_UI && dlci != 0) { /* * Let's figure out if we have Cisco-style encapsulation, * with an Ethernet type (Cisco HDLC type?) following the * address. */ if (!ND_TTEST2(p[addr_len], 2) || length < addr_len + 2) { /* no Ethertype */ ND_PRINT((ndo, "UI %02x! ", p[addr_len])); } else { extracted_ethertype = EXTRACT_16BITS(p+addr_len); if (ndo->ndo_eflag) fr_hdr_print(ndo, length, addr_len, dlci, flags, extracted_ethertype); if (ethertype_print(ndo, extracted_ethertype, p+addr_len+ETHERTYPE_LEN, length-addr_len-ETHERTYPE_LEN, length-addr_len-ETHERTYPE_LEN) == 0) /* ether_type not known, probably it wasn't one */ ND_PRINT((ndo, "UI %02x! ", p[addr_len])); else return addr_len + 2; } } ND_TCHECK(p[addr_len+1]); if (length < addr_len + 2) goto trunc; if (p[addr_len + 1] == 0) { /* * Assume a pad byte after the control (UI) byte. * A pad byte should only be used with 3-byte Q.922. */ if (addr_len != 3) ND_PRINT((ndo, "Pad! ")); hdr_len = addr_len + 1 /* UI */ + 1 /* pad */ + 1 /* NLPID */; } else { /* * Not a pad byte. * A pad byte should be used with 3-byte Q.922. */ if (addr_len == 3) ND_PRINT((ndo, "No pad! ")); hdr_len = addr_len + 1 /* UI */ + 1 /* NLPID */; } ND_TCHECK(p[hdr_len - 1]); if (length < hdr_len) goto trunc; nlpid = p[hdr_len - 1]; if (ndo->ndo_eflag) fr_hdr_print(ndo, length, addr_len, dlci, flags, nlpid); p += hdr_len; length -= hdr_len; switch (nlpid) { case NLPID_IP: ip_print(ndo, p, length); break; case NLPID_IP6: ip6_print(ndo, p, length); break; case NLPID_CLNP: case NLPID_ESIS: case NLPID_ISIS: isoclns_print(ndo, p - 1, length + 1, length + 1); /* OSI printers need the NLPID field */ break; case NLPID_SNAP: if (snap_print(ndo, p, length, length, 0) == 0) { /* ether_type not known, print raw packet */ if (!ndo->ndo_eflag) fr_hdr_print(ndo, length + hdr_len, hdr_len, dlci, flags, nlpid); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p - hdr_len, length + hdr_len); } break; case NLPID_Q933: q933_print(ndo, p, length); break; case NLPID_MFR: frf15_print(ndo, p, length); break; case NLPID_PPP: ppp_print(ndo, p, length); break; default: if (!ndo->ndo_eflag) fr_hdr_print(ndo, length + hdr_len, addr_len, dlci, flags, nlpid); if (!ndo->ndo_xflag) ND_DEFAULTPRINT(p, length); } return hdr_len; trunc: ND_PRINT((ndo, "[|fr]")); return 0; } u_int mfr_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { register u_int length = h->len; register u_int caplen = h->caplen; ND_TCHECK2(*p, 2); /* minimum frame header length */ if ((length = mfr_print(ndo, p, length)) == 0) return (0); else return length; trunc: ND_PRINT((ndo, "[|mfr]")); return caplen; } #define MFR_CTRL_MSG_ADD_LINK 1 #define MFR_CTRL_MSG_ADD_LINK_ACK 2 #define MFR_CTRL_MSG_ADD_LINK_REJ 3 #define MFR_CTRL_MSG_HELLO 4 #define MFR_CTRL_MSG_HELLO_ACK 5 #define MFR_CTRL_MSG_REMOVE_LINK 6 #define MFR_CTRL_MSG_REMOVE_LINK_ACK 7 static const struct tok mfr_ctrl_msg_values[] = { { MFR_CTRL_MSG_ADD_LINK, "Add Link" }, { MFR_CTRL_MSG_ADD_LINK_ACK, "Add Link ACK" }, { MFR_CTRL_MSG_ADD_LINK_REJ, "Add Link Reject" }, { MFR_CTRL_MSG_HELLO, "Hello" }, { MFR_CTRL_MSG_HELLO_ACK, "Hello ACK" }, { MFR_CTRL_MSG_REMOVE_LINK, "Remove Link" }, { MFR_CTRL_MSG_REMOVE_LINK_ACK, "Remove Link ACK" }, { 0, NULL } }; #define MFR_CTRL_IE_BUNDLE_ID 1 #define MFR_CTRL_IE_LINK_ID 2 #define MFR_CTRL_IE_MAGIC_NUM 3 #define MFR_CTRL_IE_TIMESTAMP 5 #define MFR_CTRL_IE_VENDOR_EXT 6 #define MFR_CTRL_IE_CAUSE 7 static const struct tok mfr_ctrl_ie_values[] = { { MFR_CTRL_IE_BUNDLE_ID, "Bundle ID"}, { MFR_CTRL_IE_LINK_ID, "Link ID"}, { MFR_CTRL_IE_MAGIC_NUM, "Magic Number"}, { MFR_CTRL_IE_TIMESTAMP, "Timestamp"}, { MFR_CTRL_IE_VENDOR_EXT, "Vendor Extension"}, { MFR_CTRL_IE_CAUSE, "Cause"}, { 0, NULL } }; #define MFR_ID_STRING_MAXLEN 50 struct ie_tlv_header_t { uint8_t ie_type; uint8_t ie_len; }; u_int mfr_print(netdissect_options *ndo, register const u_char *p, u_int length) { u_int tlen,idx,hdr_len = 0; uint16_t sequence_num; uint8_t ie_type,ie_len; const uint8_t *tptr; /* * FRF.16 Link Integrity Control Frame * * 7 6 5 4 3 2 1 0 * +----+----+----+----+----+----+----+----+ * | B | E | C=1| 0 0 0 0 | EA | * +----+----+----+----+----+----+----+----+ * | 0 0 0 0 0 0 0 0 | * +----+----+----+----+----+----+----+----+ * | message type | * +----+----+----+----+----+----+----+----+ */ ND_TCHECK2(*p, 4); /* minimum frame header length */ if ((p[0] & MFR_BEC_MASK) == MFR_CTRL_FRAME && p[1] == 0) { ND_PRINT((ndo, "FRF.16 Control, Flags [%s], %s, length %u", bittok2str(frf_flag_values,"none",(p[0] & MFR_BEC_MASK)), tok2str(mfr_ctrl_msg_values,"Unknown Message (0x%02x)",p[2]), length)); tptr = p + 3; tlen = length -3; hdr_len = 3; if (!ndo->ndo_vflag) return hdr_len; while (tlen>sizeof(struct ie_tlv_header_t)) { ND_TCHECK2(*tptr, sizeof(struct ie_tlv_header_t)); ie_type=tptr[0]; ie_len=tptr[1]; ND_PRINT((ndo, "\n\tIE %s (%u), length %u: ", tok2str(mfr_ctrl_ie_values,"Unknown",ie_type), ie_type, ie_len)); /* infinite loop check */ if (ie_type == 0 || ie_len <= sizeof(struct ie_tlv_header_t)) return hdr_len; ND_TCHECK2(*tptr, ie_len); tptr+=sizeof(struct ie_tlv_header_t); /* tlv len includes header */ ie_len-=sizeof(struct ie_tlv_header_t); tlen-=sizeof(struct ie_tlv_header_t); switch (ie_type) { case MFR_CTRL_IE_MAGIC_NUM: ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(tptr))); break; case MFR_CTRL_IE_BUNDLE_ID: /* same message format */ case MFR_CTRL_IE_LINK_ID: for (idx = 0; idx < ie_len && idx < MFR_ID_STRING_MAXLEN; idx++) { if (*(tptr+idx) != 0) /* don't print null termination */ safeputchar(ndo, *(tptr + idx)); else break; } break; case MFR_CTRL_IE_TIMESTAMP: if (ie_len == sizeof(struct timeval)) { ts_print(ndo, (const struct timeval *)tptr); break; } /* fall through and hexdump if no unix timestamp */ /* * FIXME those are the defined IEs that lack a decoder * you are welcome to contribute code ;-) */ case MFR_CTRL_IE_VENDOR_EXT: case MFR_CTRL_IE_CAUSE: default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, tptr, "\n\t ", ie_len); break; } /* do we want to see a hexdump of the IE ? */ if (ndo->ndo_vflag > 1 ) print_unknown_data(ndo, tptr, "\n\t ", ie_len); tlen-=ie_len; tptr+=ie_len; } return hdr_len; } /* * FRF.16 Fragmentation Frame * * 7 6 5 4 3 2 1 0 * +----+----+----+----+----+----+----+----+ * | B | E | C=0|seq. (high 4 bits) | EA | * +----+----+----+----+----+----+----+----+ * | sequence (low 8 bits) | * +----+----+----+----+----+----+----+----+ * | DLCI (6 bits) | CR | EA | * +----+----+----+----+----+----+----+----+ * | DLCI (4 bits) |FECN|BECN| DE | EA | * +----+----+----+----+----+----+----+----+ */ sequence_num = (p[0]&0x1e)<<7 | p[1]; /* whole packet or first fragment ? */ if ((p[0] & MFR_BEC_MASK) == MFR_FRAG_FRAME || (p[0] & MFR_BEC_MASK) == MFR_B_BIT) { ND_PRINT((ndo, "FRF.16 Frag, seq %u, Flags [%s], ", sequence_num, bittok2str(frf_flag_values,"none",(p[0] & MFR_BEC_MASK)))); hdr_len = 2; fr_print(ndo, p+hdr_len,length-hdr_len); return hdr_len; } /* must be a middle or the last fragment */ ND_PRINT((ndo, "FRF.16 Frag, seq %u, Flags [%s]", sequence_num, bittok2str(frf_flag_values,"none",(p[0] & MFR_BEC_MASK)))); print_unknown_data(ndo, p, "\n\t", length); return hdr_len; trunc: ND_PRINT((ndo, "[|mfr]")); return length; } /* an NLPID of 0xb1 indicates a 2-byte * FRF.15 header * * 7 6 5 4 3 2 1 0 * +----+----+----+----+----+----+----+----+ * ~ Q.922 header ~ * +----+----+----+----+----+----+----+----+ * | NLPID (8 bits) | NLPID=0xb1 * +----+----+----+----+----+----+----+----+ * | B | E | C |seq. (high 4 bits) | R | * +----+----+----+----+----+----+----+----+ * | sequence (low 8 bits) | * +----+----+----+----+----+----+----+----+ */ #define FR_FRF15_FRAGTYPE 0x01 static void frf15_print(netdissect_options *ndo, const u_char *p, u_int length) { uint16_t sequence_num, flags; flags = p[0]&MFR_BEC_MASK; sequence_num = (p[0]&0x1e)<<7 | p[1]; ND_PRINT((ndo, "FRF.15, seq 0x%03x, Flags [%s],%s Fragmentation, length %u", sequence_num, bittok2str(frf_flag_values,"none",flags), p[0]&FR_FRF15_FRAGTYPE ? "Interface" : "End-to-End", length)); /* TODO: * depending on all permutations of the B, E and C bit * dig as deep as we can - e.g. on the first (B) fragment * there is enough payload to print the IP header * on non (B) fragments it depends if the fragmentation * model is end-to-end or interface based wether we want to print * another Q.922 header */ } /* * Q.933 decoding portion for framerelay specific. */ /* Q.933 packet format Format of Other Protocols using Q.933 NLPID +-------------------------------+ | Q.922 Address | +---------------+---------------+ |Control 0x03 | NLPID 0x08 | +---------------+---------------+ | L2 Protocol ID | | octet 1 | octet 2 | +-------------------------------+ | L3 Protocol ID | | octet 2 | octet 2 | +-------------------------------+ | Protocol Data | +-------------------------------+ | FCS | +-------------------------------+ */ /* L2 (Octet 1)- Call Reference Usually is 0x0 */ /* * L2 (Octet 2)- Message Types definition 1 byte long. */ /* Call Establish */ #define MSG_TYPE_ESC_TO_NATIONAL 0x00 #define MSG_TYPE_ALERT 0x01 #define MSG_TYPE_CALL_PROCEEDING 0x02 #define MSG_TYPE_CONNECT 0x07 #define MSG_TYPE_CONNECT_ACK 0x0F #define MSG_TYPE_PROGRESS 0x03 #define MSG_TYPE_SETUP 0x05 /* Call Clear */ #define MSG_TYPE_DISCONNECT 0x45 #define MSG_TYPE_RELEASE 0x4D #define MSG_TYPE_RELEASE_COMPLETE 0x5A #define MSG_TYPE_RESTART 0x46 #define MSG_TYPE_RESTART_ACK 0x4E /* Status */ #define MSG_TYPE_STATUS 0x7D #define MSG_TYPE_STATUS_ENQ 0x75 static const struct tok fr_q933_msg_values[] = { { MSG_TYPE_ESC_TO_NATIONAL, "ESC to National" }, { MSG_TYPE_ALERT, "Alert" }, { MSG_TYPE_CALL_PROCEEDING, "Call proceeding" }, { MSG_TYPE_CONNECT, "Connect" }, { MSG_TYPE_CONNECT_ACK, "Connect ACK" }, { MSG_TYPE_PROGRESS, "Progress" }, { MSG_TYPE_SETUP, "Setup" }, { MSG_TYPE_DISCONNECT, "Disconnect" }, { MSG_TYPE_RELEASE, "Release" }, { MSG_TYPE_RELEASE_COMPLETE, "Release Complete" }, { MSG_TYPE_RESTART, "Restart" }, { MSG_TYPE_RESTART_ACK, "Restart ACK" }, { MSG_TYPE_STATUS, "Status Reply" }, { MSG_TYPE_STATUS_ENQ, "Status Enquiry" }, { 0, NULL } }; #define MSG_ANSI_LOCKING_SHIFT 0x95 #define FR_LMI_ANSI_REPORT_TYPE_IE 0x01 #define FR_LMI_ANSI_LINK_VERIFY_IE_91 0x19 /* details? */ #define FR_LMI_ANSI_LINK_VERIFY_IE 0x03 #define FR_LMI_ANSI_PVC_STATUS_IE 0x07 #define FR_LMI_CCITT_REPORT_TYPE_IE 0x51 #define FR_LMI_CCITT_LINK_VERIFY_IE 0x53 #define FR_LMI_CCITT_PVC_STATUS_IE 0x57 static const struct tok fr_q933_ie_values_codeset5[] = { { FR_LMI_ANSI_REPORT_TYPE_IE, "ANSI Report Type" }, { FR_LMI_ANSI_LINK_VERIFY_IE_91, "ANSI Link Verify" }, { FR_LMI_ANSI_LINK_VERIFY_IE, "ANSI Link Verify" }, { FR_LMI_ANSI_PVC_STATUS_IE, "ANSI PVC Status" }, { FR_LMI_CCITT_REPORT_TYPE_IE, "CCITT Report Type" }, { FR_LMI_CCITT_LINK_VERIFY_IE, "CCITT Link Verify" }, { FR_LMI_CCITT_PVC_STATUS_IE, "CCITT PVC Status" }, { 0, NULL } }; #define FR_LMI_REPORT_TYPE_IE_FULL_STATUS 0 #define FR_LMI_REPORT_TYPE_IE_LINK_VERIFY 1 #define FR_LMI_REPORT_TYPE_IE_ASYNC_PVC 2 static const struct tok fr_lmi_report_type_ie_values[] = { { FR_LMI_REPORT_TYPE_IE_FULL_STATUS, "Full Status" }, { FR_LMI_REPORT_TYPE_IE_LINK_VERIFY, "Link verify" }, { FR_LMI_REPORT_TYPE_IE_ASYNC_PVC, "Async PVC Status" }, { 0, NULL } }; /* array of 16 codepages - currently we only support codepage 1,5 */ static const struct tok *fr_q933_ie_codesets[] = { NULL, fr_q933_ie_values_codeset5, NULL, NULL, NULL, fr_q933_ie_values_codeset5, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static int fr_q933_print_ie_codeset5(netdissect_options *ndo, const struct ie_tlv_header_t *ie_p, const u_char *p); typedef int (*codeset_pr_func_t)(netdissect_options *, const struct ie_tlv_header_t *ie_p, const u_char *p); /* array of 16 codepages - currently we only support codepage 1,5 */ static const codeset_pr_func_t fr_q933_print_ie_codeset[] = { NULL, fr_q933_print_ie_codeset5, NULL, NULL, NULL, fr_q933_print_ie_codeset5, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; void q933_print(netdissect_options *ndo, const u_char *p, u_int length) { const u_char *ptemp = p; struct ie_tlv_header_t *ie_p; int olen; int is_ansi = 0; u_int codeset; u_int ie_is_known = 0; if (length < 9) { /* shortest: Q.933a LINK VERIFY */ ND_PRINT((ndo, "[|q.933]")); return; } codeset = p[2]&0x0f; /* extract the codeset */ if (p[2] == MSG_ANSI_LOCKING_SHIFT) { is_ansi = 1; } ND_PRINT((ndo, "%s", ndo->ndo_eflag ? "" : "Q.933, ")); /* printing out header part */ ND_PRINT((ndo, "%s, codeset %u", is_ansi ? "ANSI" : "CCITT", codeset)); if (p[0]) { ND_PRINT((ndo, ", Call Ref: 0x%02x", p[0])); } if (ndo->ndo_vflag) { ND_PRINT((ndo, ", %s (0x%02x), length %u", tok2str(fr_q933_msg_values, "unknown message", p[1]), p[1], length)); } else { ND_PRINT((ndo, ", %s", tok2str(fr_q933_msg_values, "unknown message 0x%02x", p[1]))); } olen = length; /* preserve the original length for non verbose mode */ if (length < (u_int)(2 - is_ansi)) { ND_PRINT((ndo, "[|q.933]")); return; } length -= 2 + is_ansi; ptemp += 2 + is_ansi; /* Loop through the rest of IE */ while (length > sizeof(struct ie_tlv_header_t)) { ie_p = (struct ie_tlv_header_t *)ptemp; if (length < sizeof(struct ie_tlv_header_t) || length < sizeof(struct ie_tlv_header_t) + ie_p->ie_len) { if (ndo->ndo_vflag) { /* not bark if there is just a trailer */ ND_PRINT((ndo, "\n[|q.933]")); } else { ND_PRINT((ndo, ", length %u", olen)); } return; } /* lets do the full IE parsing only in verbose mode * however some IEs (DLCI Status, Link Verify) * are also interestting in non-verbose mode */ if (ndo->ndo_vflag) { ND_PRINT((ndo, "\n\t%s IE (0x%02x), length %u: ", tok2str(fr_q933_ie_codesets[codeset], "unknown", ie_p->ie_type), ie_p->ie_type, ie_p->ie_len)); } /* sanity check */ if (ie_p->ie_type == 0 || ie_p->ie_len == 0) { return; } if (fr_q933_print_ie_codeset[codeset] != NULL) { ie_is_known = fr_q933_print_ie_codeset[codeset](ndo, ie_p, ptemp); } if (ndo->ndo_vflag >= 1 && !ie_is_known) { print_unknown_data(ndo, ptemp+2, "\n\t", ie_p->ie_len); } /* do we want to see a hexdump of the IE ? */ if (ndo->ndo_vflag> 1 && ie_is_known) { print_unknown_data(ndo, ptemp+2, "\n\t ", ie_p->ie_len); } length = length - ie_p->ie_len - 2; ptemp = ptemp + ie_p->ie_len + 2; } if (!ndo->ndo_vflag) { ND_PRINT((ndo, ", length %u", olen)); } } static int fr_q933_print_ie_codeset5(netdissect_options *ndo, const struct ie_tlv_header_t *ie_p, const u_char *p) { u_int dlci; switch (ie_p->ie_type) { case FR_LMI_ANSI_REPORT_TYPE_IE: /* fall through */ case FR_LMI_CCITT_REPORT_TYPE_IE: if (ndo->ndo_vflag) { ND_PRINT((ndo, "%s (%u)", tok2str(fr_lmi_report_type_ie_values,"unknown",p[2]), p[2])); } return 1; case FR_LMI_ANSI_LINK_VERIFY_IE: /* fall through */ case FR_LMI_CCITT_LINK_VERIFY_IE: case FR_LMI_ANSI_LINK_VERIFY_IE_91: if (!ndo->ndo_vflag) { ND_PRINT((ndo, ", ")); } ND_PRINT((ndo, "TX Seq: %3d, RX Seq: %3d", p[2], p[3])); return 1; case FR_LMI_ANSI_PVC_STATUS_IE: /* fall through */ case FR_LMI_CCITT_PVC_STATUS_IE: if (!ndo->ndo_vflag) { ND_PRINT((ndo, ", ")); } /* now parse the DLCI information element. */ if ((ie_p->ie_len < 3) || (p[2] & 0x80) || ((ie_p->ie_len == 3) && !(p[3] & 0x80)) || ((ie_p->ie_len == 4) && ((p[3] & 0x80) || !(p[4] & 0x80))) || ((ie_p->ie_len == 5) && ((p[3] & 0x80) || (p[4] & 0x80) || !(p[5] & 0x80))) || (ie_p->ie_len > 5) || !(p[ie_p->ie_len + 1] & 0x80)) { ND_PRINT((ndo, "Invalid DLCI IE")); } dlci = ((p[2] & 0x3F) << 4) | ((p[3] & 0x78) >> 3); if (ie_p->ie_len == 4) { dlci = (dlci << 6) | ((p[4] & 0x7E) >> 1); } else if (ie_p->ie_len == 5) { dlci = (dlci << 13) | (p[4] & 0x7F) | ((p[5] & 0x7E) >> 1); } ND_PRINT((ndo, "DLCI %u: status %s%s", dlci, p[ie_p->ie_len + 1] & 0x8 ? "New, " : "", p[ie_p->ie_len + 1] & 0x2 ? "Active" : "Inactive")); return 1; } return 0; } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ tcpdump-4.7.4/print-sunatm.c0000644000026300017510000000637512431107727014151 0ustar mcrmcr/* * Copyright (c) 1997 Yen Yen Lim and North Dakota State University * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Yen Yen Lim and North Dakota State University * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include struct mbuf; struct rtentry; #include "interface.h" #include "extract.h" #include "atm.h" /* SunATM header for ATM packet */ #define DIR_POS 0 /* Direction (0x80 = transmit, 0x00 = receive) */ #define VPI_POS 1 /* VPI */ #define VCI_POS 2 /* VCI */ #define PKT_BEGIN_POS 4 /* Start of the ATM packet */ /* Protocol type values in the bottom for bits of the byte at SUNATM_DIR_POS. */ #define PT_LANE 0x01 /* LANE */ #define PT_LLC 0x02 /* LLC encapsulation */ /* * This is the top level routine of the printer. 'p' points * to the SunATM pseudo-header for the packet, 'h->ts' is the timestamp, * 'h->len' is the length of the packet off the wire, and 'h->caplen' * is the number of bytes actually captured. */ u_int sunatm_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; u_short vci; u_char vpi; u_int traftype; if (caplen < PKT_BEGIN_POS) { ND_PRINT((ndo, "[|atm]")); return (caplen); } if (ndo->ndo_eflag) { ND_PRINT((ndo, p[DIR_POS] & 0x80 ? "Tx: " : "Rx: ")); } switch (p[DIR_POS] & 0x0f) { case PT_LANE: traftype = ATM_LANE; break; case PT_LLC: traftype = ATM_LLC; break; default: traftype = ATM_UNKNOWN; break; } vci = EXTRACT_16BITS(&p[VCI_POS]); vpi = p[VPI_POS]; p += PKT_BEGIN_POS; caplen -= PKT_BEGIN_POS; length -= PKT_BEGIN_POS; atm_print(ndo, vpi, vci, traftype, p, length, caplen); return (PKT_BEGIN_POS); } tcpdump-4.7.4/print-ospf.c0000644000026300017510000011330312477367525013615 0ustar mcrmcr/* * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * OSPF support contributed by Jeffrey Honig (jch@mitchell.cit.cornell.edu) */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "addrtoname.h" #include "extract.h" #include "gmpls.h" #include "ospf.h" static const char tstr[] = " [|ospf2]"; static const struct tok ospf_option_values[] = { { OSPF_OPTION_T, "MultiTopology" }, /* draft-ietf-ospf-mt-09 */ { OSPF_OPTION_E, "External" }, { OSPF_OPTION_MC, "Multicast" }, { OSPF_OPTION_NP, "NSSA" }, { OSPF_OPTION_L, "LLS" }, { OSPF_OPTION_DC, "Demand Circuit" }, { OSPF_OPTION_O, "Opaque" }, { OSPF_OPTION_DN, "Up/Down" }, { 0, NULL } }; static const struct tok ospf_authtype_values[] = { { OSPF_AUTH_NONE, "none" }, { OSPF_AUTH_SIMPLE, "simple" }, { OSPF_AUTH_MD5, "MD5" }, { 0, NULL } }; static const struct tok ospf_rla_flag_values[] = { { RLA_FLAG_B, "ABR" }, { RLA_FLAG_E, "ASBR" }, { RLA_FLAG_W1, "Virtual" }, { RLA_FLAG_W2, "W2" }, { 0, NULL } }; static const struct tok type2str[] = { { OSPF_TYPE_UMD, "UMD" }, { OSPF_TYPE_HELLO, "Hello" }, { OSPF_TYPE_DD, "Database Description" }, { OSPF_TYPE_LS_REQ, "LS-Request" }, { OSPF_TYPE_LS_UPDATE, "LS-Update" }, { OSPF_TYPE_LS_ACK, "LS-Ack" }, { 0, NULL } }; static const struct tok lsa_values[] = { { LS_TYPE_ROUTER, "Router" }, { LS_TYPE_NETWORK, "Network" }, { LS_TYPE_SUM_IP, "Summary" }, { LS_TYPE_SUM_ABR, "ASBR Summary" }, { LS_TYPE_ASE, "External" }, { LS_TYPE_GROUP, "Multicast Group" }, { LS_TYPE_NSSA, "NSSA" }, { LS_TYPE_OPAQUE_LL, "Link Local Opaque" }, { LS_TYPE_OPAQUE_AL, "Area Local Opaque" }, { LS_TYPE_OPAQUE_DW, "Domain Wide Opaque" }, { 0, NULL } }; static const struct tok ospf_dd_flag_values[] = { { OSPF_DB_INIT, "Init" }, { OSPF_DB_MORE, "More" }, { OSPF_DB_MASTER, "Master" }, { OSPF_DB_RESYNC, "OOBResync" }, { 0, NULL } }; static const struct tok lsa_opaque_values[] = { { LS_OPAQUE_TYPE_TE, "Traffic Engineering" }, { LS_OPAQUE_TYPE_GRACE, "Graceful restart" }, { LS_OPAQUE_TYPE_RI, "Router Information" }, { 0, NULL } }; static const struct tok lsa_opaque_te_tlv_values[] = { { LS_OPAQUE_TE_TLV_ROUTER, "Router Address" }, { LS_OPAQUE_TE_TLV_LINK, "Link" }, { 0, NULL } }; static const struct tok lsa_opaque_te_link_tlv_subtlv_values[] = { { LS_OPAQUE_TE_LINK_SUBTLV_LINK_TYPE, "Link Type" }, { LS_OPAQUE_TE_LINK_SUBTLV_LINK_ID, "Link ID" }, { LS_OPAQUE_TE_LINK_SUBTLV_LOCAL_IP, "Local Interface IP address" }, { LS_OPAQUE_TE_LINK_SUBTLV_REMOTE_IP, "Remote Interface IP address" }, { LS_OPAQUE_TE_LINK_SUBTLV_TE_METRIC, "Traffic Engineering Metric" }, { LS_OPAQUE_TE_LINK_SUBTLV_MAX_BW, "Maximum Bandwidth" }, { LS_OPAQUE_TE_LINK_SUBTLV_MAX_RES_BW, "Maximum Reservable Bandwidth" }, { LS_OPAQUE_TE_LINK_SUBTLV_UNRES_BW, "Unreserved Bandwidth" }, { LS_OPAQUE_TE_LINK_SUBTLV_ADMIN_GROUP, "Administrative Group" }, { LS_OPAQUE_TE_LINK_SUBTLV_LINK_LOCAL_REMOTE_ID, "Link Local/Remote Identifier" }, { LS_OPAQUE_TE_LINK_SUBTLV_LINK_PROTECTION_TYPE, "Link Protection Type" }, { LS_OPAQUE_TE_LINK_SUBTLV_INTF_SW_CAP_DESCR, "Interface Switching Capability" }, { LS_OPAQUE_TE_LINK_SUBTLV_SHARED_RISK_GROUP, "Shared Risk Link Group" }, { LS_OPAQUE_TE_LINK_SUBTLV_BW_CONSTRAINTS, "Bandwidth Constraints" }, { 0, NULL } }; static const struct tok lsa_opaque_grace_tlv_values[] = { { LS_OPAQUE_GRACE_TLV_PERIOD, "Grace Period" }, { LS_OPAQUE_GRACE_TLV_REASON, "Graceful restart Reason" }, { LS_OPAQUE_GRACE_TLV_INT_ADDRESS, "IPv4 interface address" }, { 0, NULL } }; static const struct tok lsa_opaque_grace_tlv_reason_values[] = { { LS_OPAQUE_GRACE_TLV_REASON_UNKNOWN, "Unknown" }, { LS_OPAQUE_GRACE_TLV_REASON_SW_RESTART, "Software Restart" }, { LS_OPAQUE_GRACE_TLV_REASON_SW_UPGRADE, "Software Reload/Upgrade" }, { LS_OPAQUE_GRACE_TLV_REASON_CP_SWITCH, "Control Processor Switch" }, { 0, NULL } }; static const struct tok lsa_opaque_te_tlv_link_type_sub_tlv_values[] = { { LS_OPAQUE_TE_LINK_SUBTLV_LINK_TYPE_PTP, "Point-to-point" }, { LS_OPAQUE_TE_LINK_SUBTLV_LINK_TYPE_MA, "Multi-Access" }, { 0, NULL } }; static const struct tok lsa_opaque_ri_tlv_values[] = { { LS_OPAQUE_RI_TLV_CAP, "Router Capabilities" }, { 0, NULL } }; static const struct tok lsa_opaque_ri_tlv_cap_values[] = { { 1, "Reserved" }, { 2, "Reserved" }, { 4, "Reserved" }, { 8, "Reserved" }, { 16, "graceful restart capable" }, { 32, "graceful restart helper" }, { 64, "Stub router support" }, { 128, "Traffic engineering" }, { 256, "p2p over LAN" }, { 512, "path computation server" }, { 0, NULL } }; static const struct tok ospf_lls_tlv_values[] = { { OSPF_LLS_EO, "Extended Options" }, { OSPF_LLS_MD5, "MD5 Authentication" }, { 0, NULL } }; static const struct tok ospf_lls_eo_options[] = { { OSPF_LLS_EO_LR, "LSDB resync" }, { OSPF_LLS_EO_RS, "Restart" }, { 0, NULL } }; int ospf_print_grace_lsa(netdissect_options *ndo, const uint8_t *tptr, u_int ls_length) { u_int tlv_type, tlv_length; while (ls_length > 0) { ND_TCHECK2(*tptr, 4); if (ls_length < 4) { ND_PRINT((ndo, "\n\t Remaining LS length %u < 4", ls_length)); return -1; } tlv_type = EXTRACT_16BITS(tptr); tlv_length = EXTRACT_16BITS(tptr+2); tptr+=4; ls_length-=4; ND_PRINT((ndo, "\n\t %s TLV (%u), length %u, value: ", tok2str(lsa_opaque_grace_tlv_values,"unknown",tlv_type), tlv_type, tlv_length)); if (tlv_length > ls_length) { ND_PRINT((ndo, "\n\t Bogus length %u > %u", tlv_length, ls_length)); return -1; } /* Infinite loop protection. */ if (tlv_type == 0 || tlv_length ==0) { return -1; } ND_TCHECK2(*tptr, tlv_length); switch(tlv_type) { case LS_OPAQUE_GRACE_TLV_PERIOD: if (tlv_length != 4) { ND_PRINT((ndo, "\n\t Bogus length %u != 4", tlv_length)); return -1; } ND_PRINT((ndo, "%us", EXTRACT_32BITS(tptr))); break; case LS_OPAQUE_GRACE_TLV_REASON: if (tlv_length != 1) { ND_PRINT((ndo, "\n\t Bogus length %u != 1", tlv_length)); return -1; } ND_PRINT((ndo, "%s (%u)", tok2str(lsa_opaque_grace_tlv_reason_values, "Unknown", *tptr), *tptr)); break; case LS_OPAQUE_GRACE_TLV_INT_ADDRESS: if (tlv_length != 4) { ND_PRINT((ndo, "\n\t Bogus length %u != 4", tlv_length)); return -1; } ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr))); break; default: if (ndo->ndo_vflag <= 1) { if (!print_unknown_data(ndo, tptr, "\n\t ", tlv_length)) return -1; } break; } /* in OSPF everything has to be 32-bit aligned, including TLVs */ if (tlv_length%4 != 0) tlv_length+=4-(tlv_length%4); ls_length-=tlv_length; tptr+=tlv_length; } return 0; trunc: return -1; } int ospf_print_te_lsa(netdissect_options *ndo, const uint8_t *tptr, u_int ls_length) { u_int tlv_type, tlv_length, subtlv_type, subtlv_length; u_int priority_level, te_class, count_srlg; union { /* int to float conversion buffer for several subTLVs */ float f; uint32_t i; } bw; while (ls_length != 0) { ND_TCHECK2(*tptr, 4); if (ls_length < 4) { ND_PRINT((ndo, "\n\t Remaining LS length %u < 4", ls_length)); return -1; } tlv_type = EXTRACT_16BITS(tptr); tlv_length = EXTRACT_16BITS(tptr+2); tptr+=4; ls_length-=4; ND_PRINT((ndo, "\n\t %s TLV (%u), length: %u", tok2str(lsa_opaque_te_tlv_values,"unknown",tlv_type), tlv_type, tlv_length)); if (tlv_length > ls_length) { ND_PRINT((ndo, "\n\t Bogus length %u > %u", tlv_length, ls_length)); return -1; } /* Infinite loop protection. */ if (tlv_type == 0 || tlv_length ==0) { return -1; } switch(tlv_type) { case LS_OPAQUE_TE_TLV_LINK: while (tlv_length >= sizeof(subtlv_type) + sizeof(subtlv_length)) { if (tlv_length < 4) { ND_PRINT((ndo, "\n\t Remaining TLV length %u < 4", tlv_length)); return -1; } ND_TCHECK2(*tptr, 4); subtlv_type = EXTRACT_16BITS(tptr); subtlv_length = EXTRACT_16BITS(tptr+2); tptr+=4; tlv_length-=4; ND_PRINT((ndo, "\n\t %s subTLV (%u), length: %u", tok2str(lsa_opaque_te_link_tlv_subtlv_values,"unknown",subtlv_type), subtlv_type, subtlv_length)); ND_TCHECK2(*tptr, subtlv_length); switch(subtlv_type) { case LS_OPAQUE_TE_LINK_SUBTLV_ADMIN_GROUP: ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_LINK_ID: case LS_OPAQUE_TE_LINK_SUBTLV_LINK_LOCAL_REMOTE_ID: ND_PRINT((ndo, ", %s (0x%08x)", ipaddr_string(ndo, tptr), EXTRACT_32BITS(tptr))); if (subtlv_length == 8) /* rfc4203 */ ND_PRINT((ndo, ", %s (0x%08x)", ipaddr_string(ndo, tptr+4), EXTRACT_32BITS(tptr + 4))); break; case LS_OPAQUE_TE_LINK_SUBTLV_LOCAL_IP: case LS_OPAQUE_TE_LINK_SUBTLV_REMOTE_IP: ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_MAX_BW: case LS_OPAQUE_TE_LINK_SUBTLV_MAX_RES_BW: bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ", %.3f Mbps", bw.f * 8 / 1000000)); break; case LS_OPAQUE_TE_LINK_SUBTLV_UNRES_BW: for (te_class = 0; te_class < 8; te_class++) { bw.i = EXTRACT_32BITS(tptr+te_class*4); ND_PRINT((ndo, "\n\t\tTE-Class %u: %.3f Mbps", te_class, bw.f * 8 / 1000000)); } break; case LS_OPAQUE_TE_LINK_SUBTLV_BW_CONSTRAINTS: ND_PRINT((ndo, "\n\t\tBandwidth Constraints Model ID: %s (%u)", tok2str(diffserv_te_bc_values, "unknown", *tptr), *tptr)); /* decode BCs until the subTLV ends */ for (te_class = 0; te_class < (subtlv_length-4)/4; te_class++) { bw.i = EXTRACT_32BITS(tptr+4+te_class*4); ND_PRINT((ndo, "\n\t\t Bandwidth constraint CT%u: %.3f Mbps", te_class, bw.f * 8 / 1000000)); } break; case LS_OPAQUE_TE_LINK_SUBTLV_TE_METRIC: ND_PRINT((ndo, ", Metric %u", EXTRACT_32BITS(tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_LINK_PROTECTION_TYPE: ND_PRINT((ndo, ", %s, Priority %u", bittok2str(gmpls_link_prot_values, "none", *tptr), *(tptr + 1))); break; case LS_OPAQUE_TE_LINK_SUBTLV_INTF_SW_CAP_DESCR: ND_PRINT((ndo, "\n\t\tInterface Switching Capability: %s", tok2str(gmpls_switch_cap_values, "Unknown", *(tptr)))); ND_PRINT((ndo, "\n\t\tLSP Encoding: %s\n\t\tMax LSP Bandwidth:", tok2str(gmpls_encoding_values, "Unknown", *(tptr + 1)))); for (priority_level = 0; priority_level < 8; priority_level++) { bw.i = EXTRACT_32BITS(tptr+4+(priority_level*4)); ND_PRINT((ndo, "\n\t\t priority level %d: %.3f Mbps", priority_level, bw.f * 8 / 1000000)); } break; case LS_OPAQUE_TE_LINK_SUBTLV_LINK_TYPE: ND_PRINT((ndo, ", %s (%u)", tok2str(lsa_opaque_te_tlv_link_type_sub_tlv_values,"unknown",*tptr), *tptr)); break; case LS_OPAQUE_TE_LINK_SUBTLV_SHARED_RISK_GROUP: count_srlg = subtlv_length / 4; if (count_srlg != 0) ND_PRINT((ndo, "\n\t\t Shared risk group: ")); while (count_srlg > 0) { bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, "%d", bw.i)); tptr+=4; count_srlg--; if (count_srlg > 0) ND_PRINT((ndo, ", ")); } break; default: if (ndo->ndo_vflag <= 1) { if (!print_unknown_data(ndo, tptr, "\n\t\t", subtlv_length)) return -1; } break; } /* in OSPF everything has to be 32-bit aligned, including subTLVs */ if (subtlv_length%4 != 0) subtlv_length+=4-(subtlv_length%4); tlv_length-=subtlv_length; tptr+=subtlv_length; } break; case LS_OPAQUE_TE_TLV_ROUTER: if (tlv_length < 4) { ND_PRINT((ndo, "\n\t TLV length %u < 4", tlv_length)); return -1; } ND_TCHECK2(*tptr, 4); ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr))); break; default: if (ndo->ndo_vflag <= 1) { if (!print_unknown_data(ndo, tptr, "\n\t ", tlv_length)) return -1; } break; } /* in OSPF everything has to be 32-bit aligned, including TLVs */ if (tlv_length%4 != 0) tlv_length+=4-(tlv_length%4); ls_length-=tlv_length; tptr+=tlv_length; } return 0; trunc: return -1; } static int ospf_print_lshdr(netdissect_options *ndo, register const struct lsa_hdr *lshp) { u_int ls_length; ND_TCHECK(lshp->ls_length); ls_length = EXTRACT_16BITS(&lshp->ls_length); if (ls_length < sizeof(struct lsa_hdr)) { ND_PRINT((ndo, "\n\t Bogus length %u < header (%lu)", ls_length, (unsigned long)sizeof(struct lsa_hdr))); return(-1); } ND_TCHECK(lshp->ls_seq); /* XXX - ls_length check checked this */ ND_PRINT((ndo, "\n\t Advertising Router %s, seq 0x%08x, age %us, length %u", ipaddr_string(ndo, &lshp->ls_router), EXTRACT_32BITS(&lshp->ls_seq), EXTRACT_16BITS(&lshp->ls_age), ls_length - (u_int)sizeof(struct lsa_hdr))); ND_TCHECK(lshp->ls_type); /* XXX - ls_length check checked this */ switch (lshp->ls_type) { /* the LSA header for opaque LSAs was slightly changed */ case LS_TYPE_OPAQUE_LL: case LS_TYPE_OPAQUE_AL: case LS_TYPE_OPAQUE_DW: ND_PRINT((ndo, "\n\t %s LSA (%d), Opaque-Type %s LSA (%u), Opaque-ID %u", tok2str(lsa_values,"unknown",lshp->ls_type), lshp->ls_type, tok2str(lsa_opaque_values, "unknown", *(&lshp->un_lsa_id.opaque_field.opaque_type)), *(&lshp->un_lsa_id.opaque_field.opaque_type), EXTRACT_24BITS(&lshp->un_lsa_id.opaque_field.opaque_id) )); break; /* all other LSA types use regular style LSA headers */ default: ND_PRINT((ndo, "\n\t %s LSA (%d), LSA-ID: %s", tok2str(lsa_values,"unknown",lshp->ls_type), lshp->ls_type, ipaddr_string(ndo, &lshp->un_lsa_id.lsa_id))); break; } ND_TCHECK(lshp->ls_options); /* XXX - ls_length check checked this */ ND_PRINT((ndo, "\n\t Options: [%s]", bittok2str(ospf_option_values, "none", lshp->ls_options))); return (ls_length); trunc: return (-1); } /* draft-ietf-ospf-mt-09 */ static const struct tok ospf_topology_values[] = { { 0, "default " }, { 1, "multicast " }, { 2, "management " }, { 0, NULL } }; /* * Print all the per-topology metrics. */ static void ospf_print_tos_metrics(netdissect_options *ndo, const union un_tos *tos) { int metric_count; int toscount; toscount = tos->link.link_tos_count+1; metric_count = 0; /* * All but the first metric contain a valid topology id. */ while (toscount) { ND_PRINT((ndo, "\n\t\ttopology %s(%u), metric %u", tok2str(ospf_topology_values, "", metric_count ? tos->metrics.tos_type : 0), metric_count ? tos->metrics.tos_type : 0, EXTRACT_16BITS(&tos->metrics.tos_metric))); metric_count++; tos++; toscount--; } } /* * Print a single link state advertisement. If truncated or if LSA length * field is less than the length of the LSA header, return NULl, else * return pointer to data past end of LSA. */ static const uint8_t * ospf_print_lsa(netdissect_options *ndo, register const struct lsa *lsap) { register const uint8_t *ls_end; register const struct rlalink *rlp; register const struct in_addr *ap; register const struct aslametric *almp; register const struct mcla *mcp; register const uint32_t *lp; register int j, tlv_type, tlv_length, topology; register int ls_length; const uint8_t *tptr; tptr = (uint8_t *)lsap->lsa_un.un_unknown; /* squelch compiler warnings */ ls_length = ospf_print_lshdr(ndo, &lsap->ls_hdr); if (ls_length == -1) return(NULL); ls_end = (uint8_t *)lsap + ls_length; ls_length -= sizeof(struct lsa_hdr); switch (lsap->ls_hdr.ls_type) { case LS_TYPE_ROUTER: ND_TCHECK(lsap->lsa_un.un_rla.rla_flags); ND_PRINT((ndo, "\n\t Router LSA Options: [%s]", bittok2str(ospf_rla_flag_values, "none", lsap->lsa_un.un_rla.rla_flags))); ND_TCHECK(lsap->lsa_un.un_rla.rla_count); j = EXTRACT_16BITS(&lsap->lsa_un.un_rla.rla_count); ND_TCHECK(lsap->lsa_un.un_rla.rla_link); rlp = lsap->lsa_un.un_rla.rla_link; while (j--) { ND_TCHECK(*rlp); switch (rlp->un_tos.link.link_type) { case RLA_TYPE_VIRTUAL: ND_PRINT((ndo, "\n\t Virtual Link: Neighbor Router-ID: %s, Interface Address: %s", ipaddr_string(ndo, &rlp->link_id), ipaddr_string(ndo, &rlp->link_data))); break; case RLA_TYPE_ROUTER: ND_PRINT((ndo, "\n\t Neighbor Router-ID: %s, Interface Address: %s", ipaddr_string(ndo, &rlp->link_id), ipaddr_string(ndo, &rlp->link_data))); break; case RLA_TYPE_TRANSIT: ND_PRINT((ndo, "\n\t Neighbor Network-ID: %s, Interface Address: %s", ipaddr_string(ndo, &rlp->link_id), ipaddr_string(ndo, &rlp->link_data))); break; case RLA_TYPE_STUB: ND_PRINT((ndo, "\n\t Stub Network: %s, Mask: %s", ipaddr_string(ndo, &rlp->link_id), ipaddr_string(ndo, &rlp->link_data))); break; default: ND_PRINT((ndo, "\n\t Unknown Router Link Type (%u)", rlp->un_tos.link.link_type)); return (ls_end); } ospf_print_tos_metrics(ndo, &rlp->un_tos); rlp = (struct rlalink *)((u_char *)(rlp + 1) + ((rlp->un_tos.link.link_tos_count) * sizeof(union un_tos))); } break; case LS_TYPE_NETWORK: ND_TCHECK(lsap->lsa_un.un_nla.nla_mask); ND_PRINT((ndo, "\n\t Mask %s\n\t Connected Routers:", ipaddr_string(ndo, &lsap->lsa_un.un_nla.nla_mask))); ap = lsap->lsa_un.un_nla.nla_router; while ((u_char *)ap < ls_end) { ND_TCHECK(*ap); ND_PRINT((ndo, "\n\t %s", ipaddr_string(ndo, ap))); ++ap; } break; case LS_TYPE_SUM_IP: ND_TCHECK(lsap->lsa_un.un_nla.nla_mask); ND_PRINT((ndo, "\n\t Mask %s", ipaddr_string(ndo, &lsap->lsa_un.un_sla.sla_mask))); ND_TCHECK(lsap->lsa_un.un_sla.sla_tosmetric); lp = lsap->lsa_un.un_sla.sla_tosmetric; while ((u_char *)lp < ls_end) { register uint32_t ul; ND_TCHECK(*lp); ul = EXTRACT_32BITS(lp); topology = (ul & SLA_MASK_TOS) >> SLA_SHIFT_TOS; ND_PRINT((ndo, "\n\t\ttopology %s(%u) metric %d", tok2str(ospf_topology_values, "", topology), topology, ul & SLA_MASK_METRIC)); ++lp; } break; case LS_TYPE_SUM_ABR: ND_TCHECK(lsap->lsa_un.un_sla.sla_tosmetric); lp = lsap->lsa_un.un_sla.sla_tosmetric; while ((u_char *)lp < ls_end) { register uint32_t ul; ND_TCHECK(*lp); ul = EXTRACT_32BITS(lp); topology = (ul & SLA_MASK_TOS) >> SLA_SHIFT_TOS; ND_PRINT((ndo, "\n\t\ttopology %s(%u) metric %d", tok2str(ospf_topology_values, "", topology), topology, ul & SLA_MASK_METRIC)); ++lp; } break; case LS_TYPE_ASE: case LS_TYPE_NSSA: /* fall through - those LSAs share the same format */ ND_TCHECK(lsap->lsa_un.un_nla.nla_mask); ND_PRINT((ndo, "\n\t Mask %s", ipaddr_string(ndo, &lsap->lsa_un.un_asla.asla_mask))); ND_TCHECK(lsap->lsa_un.un_sla.sla_tosmetric); almp = lsap->lsa_un.un_asla.asla_metric; while ((u_char *)almp < ls_end) { register uint32_t ul; ND_TCHECK(almp->asla_tosmetric); ul = EXTRACT_32BITS(&almp->asla_tosmetric); topology = ((ul & ASLA_MASK_TOS) >> ASLA_SHIFT_TOS); ND_PRINT((ndo, "\n\t\ttopology %s(%u), type %d, metric", tok2str(ospf_topology_values, "", topology), topology, (ul & ASLA_FLAG_EXTERNAL) ? 2 : 1)); if ((ul & ASLA_MASK_METRIC) == 0xffffff) ND_PRINT((ndo, " infinite")); else ND_PRINT((ndo, " %d", (ul & ASLA_MASK_METRIC))); ND_TCHECK(almp->asla_forward); if (almp->asla_forward.s_addr) { ND_PRINT((ndo, ", forward %s", ipaddr_string(ndo, &almp->asla_forward))); } ND_TCHECK(almp->asla_tag); if (almp->asla_tag.s_addr) { ND_PRINT((ndo, ", tag %s", ipaddr_string(ndo, &almp->asla_tag))); } ++almp; } break; case LS_TYPE_GROUP: /* Multicast extensions as of 23 July 1991 */ mcp = lsap->lsa_un.un_mcla; while ((u_char *)mcp < ls_end) { ND_TCHECK(mcp->mcla_vid); switch (EXTRACT_32BITS(&mcp->mcla_vtype)) { case MCLA_VERTEX_ROUTER: ND_PRINT((ndo, "\n\t Router Router-ID %s", ipaddr_string(ndo, &mcp->mcla_vid))); break; case MCLA_VERTEX_NETWORK: ND_PRINT((ndo, "\n\t Network Designated Router %s", ipaddr_string(ndo, &mcp->mcla_vid))); break; default: ND_PRINT((ndo, "\n\t unknown VertexType (%u)", EXTRACT_32BITS(&mcp->mcla_vtype))); break; } ++mcp; } break; case LS_TYPE_OPAQUE_LL: /* fall through */ case LS_TYPE_OPAQUE_AL: case LS_TYPE_OPAQUE_DW: switch (*(&lsap->ls_hdr.un_lsa_id.opaque_field.opaque_type)) { case LS_OPAQUE_TYPE_RI: tptr = (uint8_t *)(&lsap->lsa_un.un_ri_tlv.type); while (ls_length != 0) { ND_TCHECK2(*tptr, 4); if (ls_length < 4) { ND_PRINT((ndo, "\n\t Remaining LS length %u < 4", ls_length)); return(ls_end); } tlv_type = EXTRACT_16BITS(tptr); tlv_length = EXTRACT_16BITS(tptr+2); tptr+=4; ls_length-=4; ND_PRINT((ndo, "\n\t %s TLV (%u), length: %u, value: ", tok2str(lsa_opaque_ri_tlv_values,"unknown",tlv_type), tlv_type, tlv_length)); if (tlv_length > ls_length) { ND_PRINT((ndo, "\n\t Bogus length %u > %u", tlv_length, ls_length)); return(ls_end); } ND_TCHECK2(*tptr, tlv_length); switch(tlv_type) { case LS_OPAQUE_RI_TLV_CAP: if (tlv_length != 4) { ND_PRINT((ndo, "\n\t Bogus length %u != 4", tlv_length)); return(ls_end); } ND_PRINT((ndo, "Capabilities: %s", bittok2str(lsa_opaque_ri_tlv_cap_values, "Unknown", EXTRACT_32BITS(tptr)))); break; default: if (ndo->ndo_vflag <= 1) { if (!print_unknown_data(ndo, tptr, "\n\t ", tlv_length)) return(ls_end); } break; } tptr+=tlv_length; ls_length-=tlv_length; } break; case LS_OPAQUE_TYPE_GRACE: if (ospf_print_grace_lsa(ndo, (uint8_t *)(&lsap->lsa_un.un_grace_tlv.type), ls_length) == -1) { return(ls_end); } break; case LS_OPAQUE_TYPE_TE: if (ospf_print_te_lsa(ndo, (uint8_t *)(&lsap->lsa_un.un_te_lsa_tlv.type), ls_length) == -1) { return(ls_end); } break; default: if (ndo->ndo_vflag <= 1) { if (!print_unknown_data(ndo, (uint8_t *)lsap->lsa_un.un_unknown, "\n\t ", ls_length)) return(ls_end); } break; } } /* do we want to see an additionally hexdump ? */ if (ndo->ndo_vflag> 1) if (!print_unknown_data(ndo, (uint8_t *)lsap->lsa_un.un_unknown, "\n\t ", ls_length)) { return(ls_end); } return (ls_end); trunc: return (NULL); } static int ospf_decode_lls(netdissect_options *ndo, register const struct ospfhdr *op, register u_int length) { register const u_char *dptr; register const u_char *dataend; register u_int length2; register uint16_t lls_type, lls_len; register uint32_t lls_flags; switch (op->ospf_type) { case OSPF_TYPE_HELLO: if (!(op->ospf_hello.hello_options & OSPF_OPTION_L)) return (0); break; case OSPF_TYPE_DD: if (!(op->ospf_db.db_options & OSPF_OPTION_L)) return (0); break; default: return (0); } /* dig deeper if LLS data is available; see RFC4813 */ length2 = EXTRACT_16BITS(&op->ospf_len); dptr = (u_char *)op + length2; dataend = (u_char *)op + length; if (EXTRACT_16BITS(&op->ospf_authtype) == OSPF_AUTH_MD5) { dptr = dptr + op->ospf_authdata[3]; length2 += op->ospf_authdata[3]; } if (length2 >= length) { ND_PRINT((ndo, "\n\t[LLS truncated]")); return (1); } ND_TCHECK2(*dptr, 2); ND_PRINT((ndo, "\n\t LLS: checksum: 0x%04x", (u_int)EXTRACT_16BITS(dptr))); dptr += 2; ND_TCHECK2(*dptr, 2); length2 = EXTRACT_16BITS(dptr); ND_PRINT((ndo, ", length: %u", length2)); dptr += 2; ND_TCHECK(*dptr); while (dptr < dataend) { ND_TCHECK2(*dptr, 2); lls_type = EXTRACT_16BITS(dptr); ND_PRINT((ndo, "\n\t %s (%u)", tok2str(ospf_lls_tlv_values,"Unknown TLV",lls_type), lls_type)); dptr += 2; ND_TCHECK2(*dptr, 2); lls_len = EXTRACT_16BITS(dptr); ND_PRINT((ndo, ", length: %u", lls_len)); dptr += 2; switch (lls_type) { case OSPF_LLS_EO: if (lls_len != 4) { ND_PRINT((ndo, " [should be 4]")); lls_len = 4; } ND_TCHECK2(*dptr, 4); lls_flags = EXTRACT_32BITS(dptr); ND_PRINT((ndo, "\n\t Options: 0x%08x [%s]", lls_flags, bittok2str(ospf_lls_eo_options, "?", lls_flags))); break; case OSPF_LLS_MD5: if (lls_len != 20) { ND_PRINT((ndo, " [should be 20]")); lls_len = 20; } ND_TCHECK2(*dptr, 4); ND_PRINT((ndo, "\n\t Sequence number: 0x%08x", EXTRACT_32BITS(dptr))); break; } dptr += lls_len; } return (0); trunc: return (1); } static int ospf_decode_v2(netdissect_options *ndo, register const struct ospfhdr *op, register const u_char *dataend) { register const struct in_addr *ap; register const struct lsr *lsrp; register const struct lsa_hdr *lshp; register const struct lsa *lsap; register uint32_t lsa_count,lsa_count_max; switch (op->ospf_type) { case OSPF_TYPE_UMD: /* * Rob Coltun's special monitoring packets; * do nothing */ break; case OSPF_TYPE_HELLO: ND_PRINT((ndo, "\n\tOptions [%s]", bittok2str(ospf_option_values,"none",op->ospf_hello.hello_options))); ND_TCHECK(op->ospf_hello.hello_deadint); ND_PRINT((ndo, "\n\t Hello Timer %us, Dead Timer %us, Mask %s, Priority %u", EXTRACT_16BITS(&op->ospf_hello.hello_helloint), EXTRACT_32BITS(&op->ospf_hello.hello_deadint), ipaddr_string(ndo, &op->ospf_hello.hello_mask), op->ospf_hello.hello_priority)); ND_TCHECK(op->ospf_hello.hello_dr); if (op->ospf_hello.hello_dr.s_addr != 0) ND_PRINT((ndo, "\n\t Designated Router %s", ipaddr_string(ndo, &op->ospf_hello.hello_dr))); ND_TCHECK(op->ospf_hello.hello_bdr); if (op->ospf_hello.hello_bdr.s_addr != 0) ND_PRINT((ndo, ", Backup Designated Router %s", ipaddr_string(ndo, &op->ospf_hello.hello_bdr))); ap = op->ospf_hello.hello_neighbor; if ((u_char *)ap < dataend) ND_PRINT((ndo, "\n\t Neighbor List:")); while ((u_char *)ap < dataend) { ND_TCHECK(*ap); ND_PRINT((ndo, "\n\t %s", ipaddr_string(ndo, ap))); ++ap; } break; /* HELLO */ case OSPF_TYPE_DD: ND_TCHECK(op->ospf_db.db_options); ND_PRINT((ndo, "\n\tOptions [%s]", bittok2str(ospf_option_values, "none", op->ospf_db.db_options))); ND_TCHECK(op->ospf_db.db_flags); ND_PRINT((ndo, ", DD Flags [%s]", bittok2str(ospf_dd_flag_values, "none", op->ospf_db.db_flags))); ND_TCHECK(op->ospf_db.db_ifmtu); if (op->ospf_db.db_ifmtu) { ND_PRINT((ndo, ", MTU: %u", EXTRACT_16BITS(&op->ospf_db.db_ifmtu))); } ND_TCHECK(op->ospf_db.db_seq); ND_PRINT((ndo, ", Sequence: 0x%08x", EXTRACT_32BITS(&op->ospf_db.db_seq))); /* Print all the LS adv's */ lshp = op->ospf_db.db_lshdr; while (((u_char *)lshp < dataend) && ospf_print_lshdr(ndo, lshp) != -1) { ++lshp; } break; case OSPF_TYPE_LS_REQ: lsrp = op->ospf_lsr; while ((u_char *)lsrp < dataend) { ND_TCHECK(*lsrp); ND_PRINT((ndo, "\n\t Advertising Router: %s, %s LSA (%u)", ipaddr_string(ndo, &lsrp->ls_router), tok2str(lsa_values,"unknown",EXTRACT_32BITS(lsrp->ls_type)), EXTRACT_32BITS(&lsrp->ls_type))); switch (EXTRACT_32BITS(lsrp->ls_type)) { /* the LSA header for opaque LSAs was slightly changed */ case LS_TYPE_OPAQUE_LL: case LS_TYPE_OPAQUE_AL: case LS_TYPE_OPAQUE_DW: ND_PRINT((ndo, ", Opaque-Type: %s LSA (%u), Opaque-ID: %u", tok2str(lsa_opaque_values, "unknown",lsrp->un_ls_stateid.opaque_field.opaque_type), lsrp->un_ls_stateid.opaque_field.opaque_type, EXTRACT_24BITS(&lsrp->un_ls_stateid.opaque_field.opaque_id))); break; default: ND_PRINT((ndo, ", LSA-ID: %s", ipaddr_string(ndo, &lsrp->un_ls_stateid.ls_stateid))); break; } ++lsrp; } break; case OSPF_TYPE_LS_UPDATE: lsap = op->ospf_lsu.lsu_lsa; ND_TCHECK(op->ospf_lsu.lsu_count); lsa_count_max = EXTRACT_32BITS(&op->ospf_lsu.lsu_count); ND_PRINT((ndo, ", %d LSA%s", lsa_count_max, PLURAL_SUFFIX(lsa_count_max))); for (lsa_count=1;lsa_count <= lsa_count_max;lsa_count++) { ND_PRINT((ndo, "\n\t LSA #%u", lsa_count)); lsap = (const struct lsa *)ospf_print_lsa(ndo, lsap); if (lsap == NULL) goto trunc; } break; case OSPF_TYPE_LS_ACK: lshp = op->ospf_lsa.lsa_lshdr; while (ospf_print_lshdr(ndo, lshp) != -1) { ++lshp; } break; default: break; } return (0); trunc: return (1); } void ospf_print(netdissect_options *ndo, register const u_char *bp, register u_int length, const u_char *bp2 _U_) { register const struct ospfhdr *op; register const u_char *dataend; register const char *cp; op = (struct ospfhdr *)bp; /* XXX Before we do anything else, strip off the MD5 trailer */ ND_TCHECK(op->ospf_authtype); if (EXTRACT_16BITS(&op->ospf_authtype) == OSPF_AUTH_MD5) { length -= OSPF_AUTH_MD5_LEN; ndo->ndo_snapend -= OSPF_AUTH_MD5_LEN; } /* If the type is valid translate it, or just print the type */ /* value. If it's not valid, say so and return */ ND_TCHECK(op->ospf_type); cp = tok2str(type2str, "unknown LS-type", op->ospf_type); ND_PRINT((ndo, "OSPFv%u, %s, length %u", op->ospf_version, cp, length)); if (*cp == 'u') return; if (!ndo->ndo_vflag) { /* non verbose - so lets bail out here */ return; } ND_TCHECK(op->ospf_len); if (length != EXTRACT_16BITS(&op->ospf_len)) { ND_PRINT((ndo, " [len %d]", EXTRACT_16BITS(&op->ospf_len))); } if (length > EXTRACT_16BITS(&op->ospf_len)) { dataend = bp + EXTRACT_16BITS(&op->ospf_len); } else { dataend = bp + length; } ND_TCHECK(op->ospf_routerid); ND_PRINT((ndo, "\n\tRouter-ID %s", ipaddr_string(ndo, &op->ospf_routerid))); ND_TCHECK(op->ospf_areaid); if (op->ospf_areaid.s_addr != 0) ND_PRINT((ndo, ", Area %s", ipaddr_string(ndo, &op->ospf_areaid))); else ND_PRINT((ndo, ", Backbone Area")); if (ndo->ndo_vflag) { /* Print authentication data (should we really do this?) */ ND_TCHECK2(op->ospf_authdata[0], sizeof(op->ospf_authdata)); ND_PRINT((ndo, ", Authentication Type: %s (%u)", tok2str(ospf_authtype_values, "unknown", EXTRACT_16BITS(&op->ospf_authtype)), EXTRACT_16BITS(&op->ospf_authtype))); switch (EXTRACT_16BITS(&op->ospf_authtype)) { case OSPF_AUTH_NONE: break; case OSPF_AUTH_SIMPLE: ND_PRINT((ndo, "\n\tSimple text password: ")); safeputs(ndo, op->ospf_authdata, OSPF_AUTH_SIMPLE_LEN); break; case OSPF_AUTH_MD5: ND_PRINT((ndo, "\n\tKey-ID: %u, Auth-Length: %u, Crypto Sequence Number: 0x%08x", *((op->ospf_authdata) + 2), *((op->ospf_authdata) + 3), EXTRACT_32BITS((op->ospf_authdata) + 4))); break; default: return; } } /* Do rest according to version. */ switch (op->ospf_version) { case 2: /* ospf version 2 */ if (ospf_decode_v2(ndo, op, dataend)) goto trunc; if (length > EXTRACT_16BITS(&op->ospf_len)) { if (ospf_decode_lls(ndo, op, length)) goto trunc; } break; default: ND_PRINT((ndo, " ospf [version %d]", op->ospf_version)); break; } /* end switch on version */ return; trunc: ND_PRINT((ndo, "%s", tstr)); } tcpdump-4.7.4/print-aodv.c0000644000026300017510000004156012431107727013566 0ustar mcrmcr/* * Copyright (c) 2003 Bruce M. Simpson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Bruce M. Simpson. * 4. Neither the name of Bruce M. Simpson nor the names of co- * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY Bruce M. Simpson AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Bruce M. Simpson OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" #include "addrtoname.h" #include "extract.h" /* must come after interface.h */ struct aodv_rreq { uint8_t rreq_type; /* AODV message type (1) */ uint8_t rreq_flags; /* various flags */ uint8_t rreq_zero0; /* reserved, set to zero */ uint8_t rreq_hops; /* number of hops from originator */ uint32_t rreq_id; /* request ID */ uint32_t rreq_da; /* destination IPv4 address */ uint32_t rreq_ds; /* destination sequence number */ uint32_t rreq_oa; /* originator IPv4 address */ uint32_t rreq_os; /* originator sequence number */ }; #ifdef INET6 struct aodv_rreq6 { uint8_t rreq_type; /* AODV message type (1) */ uint8_t rreq_flags; /* various flags */ uint8_t rreq_zero0; /* reserved, set to zero */ uint8_t rreq_hops; /* number of hops from originator */ uint32_t rreq_id; /* request ID */ struct in6_addr rreq_da; /* destination IPv6 address */ uint32_t rreq_ds; /* destination sequence number */ struct in6_addr rreq_oa; /* originator IPv6 address */ uint32_t rreq_os; /* originator sequence number */ }; struct aodv_rreq6_draft_01 { uint8_t rreq_type; /* AODV message type (16) */ uint8_t rreq_flags; /* various flags */ uint8_t rreq_zero0; /* reserved, set to zero */ uint8_t rreq_hops; /* number of hops from originator */ uint32_t rreq_id; /* request ID */ uint32_t rreq_ds; /* destination sequence number */ uint32_t rreq_os; /* originator sequence number */ struct in6_addr rreq_da; /* destination IPv6 address */ struct in6_addr rreq_oa; /* originator IPv6 address */ }; #endif #define RREQ_JOIN 0x80 /* join (reserved for multicast */ #define RREQ_REPAIR 0x40 /* repair (reserved for multicast */ #define RREQ_GRAT 0x20 /* gratuitous RREP */ #define RREQ_DEST 0x10 /* destination only */ #define RREQ_UNKNOWN 0x08 /* unknown destination sequence num */ #define RREQ_FLAGS_MASK 0xF8 /* mask for rreq_flags */ struct aodv_rrep { uint8_t rrep_type; /* AODV message type (2) */ uint8_t rrep_flags; /* various flags */ uint8_t rrep_ps; /* prefix size */ uint8_t rrep_hops; /* number of hops from o to d */ uint32_t rrep_da; /* destination IPv4 address */ uint32_t rrep_ds; /* destination sequence number */ uint32_t rrep_oa; /* originator IPv4 address */ uint32_t rrep_life; /* lifetime of this route */ }; #ifdef INET6 struct aodv_rrep6 { uint8_t rrep_type; /* AODV message type (2) */ uint8_t rrep_flags; /* various flags */ uint8_t rrep_ps; /* prefix size */ uint8_t rrep_hops; /* number of hops from o to d */ struct in6_addr rrep_da; /* destination IPv6 address */ uint32_t rrep_ds; /* destination sequence number */ struct in6_addr rrep_oa; /* originator IPv6 address */ uint32_t rrep_life; /* lifetime of this route */ }; struct aodv_rrep6_draft_01 { uint8_t rrep_type; /* AODV message type (17) */ uint8_t rrep_flags; /* various flags */ uint8_t rrep_ps; /* prefix size */ uint8_t rrep_hops; /* number of hops from o to d */ uint32_t rrep_ds; /* destination sequence number */ struct in6_addr rrep_da; /* destination IPv6 address */ struct in6_addr rrep_oa; /* originator IPv6 address */ uint32_t rrep_life; /* lifetime of this route */ }; #endif #define RREP_REPAIR 0x80 /* repair (reserved for multicast */ #define RREP_ACK 0x40 /* acknowledgement required */ #define RREP_FLAGS_MASK 0xC0 /* mask for rrep_flags */ #define RREP_PREFIX_MASK 0x1F /* mask for prefix size */ struct rerr_unreach { uint32_t u_da; /* IPv4 address */ uint32_t u_ds; /* sequence number */ }; #ifdef INET6 struct rerr_unreach6 { struct in6_addr u_da; /* IPv6 address */ uint32_t u_ds; /* sequence number */ }; struct rerr_unreach6_draft_01 { struct in6_addr u_da; /* IPv6 address */ uint32_t u_ds; /* sequence number */ }; #endif struct aodv_rerr { uint8_t rerr_type; /* AODV message type (3 or 18) */ uint8_t rerr_flags; /* various flags */ uint8_t rerr_zero0; /* reserved, set to zero */ uint8_t rerr_dc; /* destination count */ }; #define RERR_NODELETE 0x80 /* don't delete the link */ #define RERR_FLAGS_MASK 0x80 /* mask for rerr_flags */ struct aodv_rrep_ack { uint8_t ra_type; uint8_t ra_zero0; }; #define AODV_RREQ 1 /* route request */ #define AODV_RREP 2 /* route response */ #define AODV_RERR 3 /* error report */ #define AODV_RREP_ACK 4 /* route response acknowledgement */ #define AODV_V6_DRAFT_01_RREQ 16 /* IPv6 route request */ #define AODV_V6_DRAFT_01_RREP 17 /* IPv6 route response */ #define AODV_V6_DRAFT_01_RERR 18 /* IPv6 error report */ #define AODV_V6_DRAFT_01_RREP_ACK 19 /* IPV6 route response acknowledgment */ struct aodv_ext { uint8_t type; /* extension type */ uint8_t length; /* extension length */ }; struct aodv_hello { struct aodv_ext eh; /* extension header */ uint8_t interval[4]; /* expect my next hello in * (n) ms * NOTE: this is not aligned */ }; #define AODV_EXT_HELLO 1 static void aodv_extension(netdissect_options *ndo, const struct aodv_ext *ep, u_int length) { const struct aodv_hello *ah; switch (ep->type) { case AODV_EXT_HELLO: ah = (const struct aodv_hello *)(const void *)ep; ND_TCHECK(*ah); if (length < sizeof(struct aodv_hello)) goto trunc; ND_PRINT((ndo, "\n\text HELLO %ld ms", (unsigned long)EXTRACT_32BITS(&ah->interval))); break; default: ND_PRINT((ndo, "\n\text %u %u", ep->type, ep->length)); break; } return; trunc: ND_PRINT((ndo, " [|hello]")); } static void aodv_rreq(netdissect_options *ndo, const u_char *dat, u_int length) { u_int i; const struct aodv_rreq *ap = (const struct aodv_rreq *)dat; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, ap->rreq_type & RREQ_JOIN ? "[J]" : "", ap->rreq_type & RREQ_REPAIR ? "[R]" : "", ap->rreq_type & RREQ_GRAT ? "[G]" : "", ap->rreq_type & RREQ_DEST ? "[D]" : "", ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", ap->rreq_hops, (unsigned long)EXTRACT_32BITS(&ap->rreq_id), ipaddr_string(ndo, &ap->rreq_da), (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), ipaddr_string(ndo, &ap->rreq_oa), (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); return; trunc: ND_PRINT((ndo, " [|rreq")); } static void aodv_rrep(netdissect_options *ndo, const u_char *dat, u_int length) { u_int i; const struct aodv_rrep *ap = (const struct aodv_rrep *)dat; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, ap->rrep_type & RREP_REPAIR ? "[R]" : "", ap->rrep_type & RREP_ACK ? "[A] " : " ", ap->rrep_ps & RREP_PREFIX_MASK, ap->rrep_hops, ipaddr_string(ndo, &ap->rrep_da), (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), ipaddr_string(ndo, &ap->rrep_oa), (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); return; trunc: ND_PRINT((ndo, " [|rreq")); } static void aodv_rerr(netdissect_options *ndo, const u_char *dat, u_int length) { u_int i, dc; const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; const struct rerr_unreach *dp; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rerr %s [items %u] [%u]:", ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ap->rerr_dc, length)); dp = (struct rerr_unreach *)(dat + sizeof(*ap)); i = length - sizeof(*ap); for (dc = ap->rerr_dc; dc != 0; dc--) { ND_TCHECK(*dp); if (i < sizeof(*dp)) goto trunc; ND_PRINT((ndo, " {%s}(%ld)", ipaddr_string(ndo, &dp->u_da), (unsigned long)EXTRACT_32BITS(&dp->u_ds))); dp++; i -= sizeof(*dp); } return; trunc: ND_PRINT((ndo, "[|rerr]")); } static void #ifdef INET6 aodv_v6_rreq(netdissect_options *ndo, const u_char *dat, u_int length) #else aodv_v6_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; const struct aodv_rreq6 *ap = (const struct aodv_rreq6 *)dat; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " v6 rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, ap->rreq_type & RREQ_JOIN ? "[J]" : "", ap->rreq_type & RREQ_REPAIR ? "[R]" : "", ap->rreq_type & RREQ_GRAT ? "[G]" : "", ap->rreq_type & RREQ_DEST ? "[D]" : "", ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", ap->rreq_hops, (unsigned long)EXTRACT_32BITS(&ap->rreq_id), ip6addr_string(ndo, &ap->rreq_da), (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), ip6addr_string(ndo, &ap->rreq_oa), (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); return; trunc: ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " v6 rreq %u", length)); #endif } static void #ifdef INET6 aodv_v6_rrep(netdissect_options *ndo, const u_char *dat, u_int length) #else aodv_v6_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; const struct aodv_rrep6 *ap = (const struct aodv_rrep6 *)dat; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, ap->rrep_type & RREP_REPAIR ? "[R]" : "", ap->rrep_type & RREP_ACK ? "[A] " : " ", ap->rrep_ps & RREP_PREFIX_MASK, ap->rrep_hops, ip6addr_string(ndo, &ap->rrep_da), (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), ip6addr_string(ndo, &ap->rrep_oa), (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); return; trunc: ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " rrep %u", length)); #endif } static void #ifdef INET6 aodv_v6_rerr(netdissect_options *ndo, const u_char *dat, u_int length) #else aodv_v6_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i, dc; const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; const struct rerr_unreach6 *dp6; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rerr %s [items %u] [%u]:", ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ap->rerr_dc, length)); dp6 = (struct rerr_unreach6 *)(void *)(ap + 1); i = length - sizeof(*ap); for (dc = ap->rerr_dc; dc != 0; dc--) { ND_TCHECK(*dp6); if (i < sizeof(*dp6)) goto trunc; ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds))); dp6++; i -= sizeof(*dp6); } return; trunc: ND_PRINT((ndo, "[|rerr]")); #else ND_PRINT((ndo, " rerr %u", length)); #endif } static void #ifdef INET6 aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat, u_int length) #else aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; const struct aodv_rreq6_draft_01 *ap = (const struct aodv_rreq6_draft_01 *)dat; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, ap->rreq_type & RREQ_JOIN ? "[J]" : "", ap->rreq_type & RREQ_REPAIR ? "[R]" : "", ap->rreq_type & RREQ_GRAT ? "[G]" : "", ap->rreq_type & RREQ_DEST ? "[D]" : "", ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", ap->rreq_hops, (unsigned long)EXTRACT_32BITS(&ap->rreq_id), ip6addr_string(ndo, &ap->rreq_da), (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), ip6addr_string(ndo, &ap->rreq_oa), (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); return; trunc: ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " rreq %u", length)); #endif } static void #ifdef INET6 aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat, u_int length) #else aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; const struct aodv_rrep6_draft_01 *ap = (const struct aodv_rrep6_draft_01 *)dat; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, ap->rrep_type & RREP_REPAIR ? "[R]" : "", ap->rrep_type & RREP_ACK ? "[A] " : " ", ap->rrep_ps & RREP_PREFIX_MASK, ap->rrep_hops, ip6addr_string(ndo, &ap->rrep_da), (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), ip6addr_string(ndo, &ap->rrep_oa), (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); return; trunc: ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " rrep %u", length)); #endif } static void #ifdef INET6 aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat, u_int length) #else aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i, dc; const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; const struct rerr_unreach6_draft_01 *dp6; ND_TCHECK(*ap); if (length < sizeof(*ap)) goto trunc; ND_PRINT((ndo, " rerr %s [items %u] [%u]:", ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ap->rerr_dc, length)); dp6 = (struct rerr_unreach6_draft_01 *)(void *)(ap + 1); i = length - sizeof(*ap); for (dc = ap->rerr_dc; dc != 0; dc--) { ND_TCHECK(*dp6); if (i < sizeof(*dp6)) goto trunc; ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds))); dp6++; i -= sizeof(*dp6); } return; trunc: ND_PRINT((ndo, "[|rerr]")); #else ND_PRINT((ndo, " rerr %u", length)); #endif } void aodv_print(netdissect_options *ndo, const u_char *dat, u_int length, int is_ip6) { uint8_t msg_type; /* * The message type is the first byte; make sure we have it * and then fetch it. */ ND_TCHECK(*dat); msg_type = *dat; ND_PRINT((ndo, " aodv")); switch (msg_type) { case AODV_RREQ: if (is_ip6) aodv_v6_rreq(ndo, dat, length); else aodv_rreq(ndo, dat, length); break; case AODV_RREP: if (is_ip6) aodv_v6_rrep(ndo, dat, length); else aodv_rrep(ndo, dat, length); break; case AODV_RERR: if (is_ip6) aodv_v6_rerr(ndo, dat, length); else aodv_rerr(ndo, dat, length); break; case AODV_RREP_ACK: ND_PRINT((ndo, " rrep-ack %u", length)); break; case AODV_V6_DRAFT_01_RREQ: aodv_v6_draft_01_rreq(ndo, dat, length); break; case AODV_V6_DRAFT_01_RREP: aodv_v6_draft_01_rrep(ndo, dat, length); break; case AODV_V6_DRAFT_01_RERR: aodv_v6_draft_01_rerr(ndo, dat, length); break; case AODV_V6_DRAFT_01_RREP_ACK: ND_PRINT((ndo, " rrep-ack %u", length)); break; default: ND_PRINT((ndo, " type %u %u", msg_type, length)); } return; trunc: ND_PRINT((ndo, " [|aodv]")); } tcpdump-4.7.4/strcasecmp.c0000644000026300017510000000654312431107727013651 0ustar mcrmcr/* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and that due credit is given * to the University of California at Berkeley. The name of the University * may not be used to endorse or promote products derived from this * software without specific written prior permission. This software * is provided ``as is'' without express or implied warranty. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "interface.h" /* * This array is designed for mapping upper and lower case letter * together for a case independent comparison. The mappings are * based upon ascii character sequences. */ static const u_char charmap[] = { '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347', '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337', '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', }; int strcasecmp(s1, s2) const char *s1, *s2; { register const u_char *cm = charmap, *us1 = (u_char *)s1, *us2 = (u_char *)s2; while (cm[*us1] == cm[*us2++]) if (*us1++ == '\0') return(0); return(cm[*us1] - cm[*--us2]); } int strncasecmp(s1, s2, n) const char *s1, *s2; register int n; { register const u_char *cm = charmap, *us1 = (u_char *)s1, *us2 = (u_char *)s2; while (--n >= 0 && cm[*us1] == cm[*us2++]) if (*us1++ == '\0') return(0); return(n < 0 ? 0 : cm[*us1] - cm[*--us2]); } tcpdump-4.7.4/README.md0000644000026300017510000002302312431107727012610 0ustar mcrmcr# tcpdump [![Build Status](https://travis-ci.org/the-tcpdump-group/tcpdump.png)](https://travis-ci.org/the-tcpdump-group/tcpdump) TCPDUMP 4.x.y Now maintained by "The Tcpdump Group" See www.tcpdump.org Please send inquiries/comments/reports to: * tcpdump-workers@lists.tcpdump.org Anonymous Git is available via: git clone git://bpf.tcpdump.org/tcpdump Please submit patches by forking the branch on GitHub at: * http://github.com/the-tcpdump-group/tcpdump/tree/master and issuing a pull request. formerly from Lawrence Berkeley National Laboratory Network Research Group ftp://ftp.ee.lbl.gov/old/tcpdump.tar.Z (3.4) This directory contains source code for tcpdump, a tool for network monitoring and data acquisition. This software was originally developed by the Network Research Group at the Lawrence Berkeley National Laboratory. The original distribution is available via anonymous ftp to `ftp.ee.lbl.gov`, in `tcpdump.tar.Z`. More recent development is performed at tcpdump.org, http://www.tcpdump.org/ Tcpdump uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also originally from LBL and now being maintained by tcpdump.org; see http://www.tcpdump.org/ . Once libpcap is built (either install it or make sure it's in `../libpcap`), you can build tcpdump using the procedure in the `INSTALL.txt` file. The program is loosely based on SMI's "etherfind" although none of the etherfind code remains. It was originally written by Van Jacobson as part of an ongoing research project to investigate and improve tcp and internet gateway performance. The parts of the program originally taken from Sun's etherfind were later re-written by Steven McCanne of LBL. To insure that there would be no vestige of proprietary code in tcpdump, Steve wrote these pieces from the specification given by the manual entry, with no access to the source of tcpdump or etherfind. Over the past few years, tcpdump has been steadily improved by the excellent contributions from the Internet community (just browse through the `CHANGES` file). We are grateful for all the input. Richard Stevens gives an excellent treatment of the Internet protocols in his book *"TCP/IP Illustrated, Volume 1"*. If you want to learn more about tcpdump and how to interpret its output, pick up this book. Some tools for viewing and analyzing tcpdump trace files are available from the Internet Traffic Archive: * http://www.sigcomm.org/ITA/ Another tool that tcpdump users might find useful is tcpslice: * https://github.com/the-tcpdump-group/tcpslice It is a program that can be used to extract portions of tcpdump binary trace files. See the above distribution for further details and documentation. Problems, bugs, questions, desirable enhancements, etc. should be sent to the address "tcpdump-workers@lists.tcpdump.org". Bugs, support requests, and feature requests may also be submitted on the GitHub issue tracker for tcpdump at: * https://github.com/the-tcpdump-group/tcpdump/issues Source code contributions, etc. should be sent to the email address above or submitted by forking the branch on GitHub at: * http://github.com/the-tcpdump-group/tcpdump/tree/master and issuing a pull request. Current versions can be found at www.tcpdump.org. - The TCPdump team original text by: Steve McCanne, Craig Leres, Van Jacobson ------------------------------------- ``` This directory also contains some short awk programs intended as examples of ways to reduce tcpdump data when you're tracking particular network problems: send-ack.awk Simplifies the tcpdump trace for an ftp (or other unidirectional tcp transfer). Since we assume that one host only sends and the other only acks, all address information is left off and we just note if the packet is a "send" or an "ack". There is one output line per line of the original trace. Field 1 is the packet time in decimal seconds, relative to the start of the conversation. Field 2 is delta-time from last packet. Field 3 is packet type/direction. "Send" means data going from sender to receiver, "ack" means an ack going from the receiver to the sender. A preceding "*" indicates that the data is a retransmission. A preceding "-" indicates a hole in the sequence space (i.e., missing packet(s)), a "#" means an odd-size (not max seg size) packet. Field 4 has the packet flags (same format as raw trace). Field 5 is the sequence number (start seq. num for sender, next expected seq number for acks). The number in parens following an ack is the delta-time from the first send of the packet to the ack. A number in parens following a send is the delta-time from the first send of the packet to the current send (on duplicate packets only). Duplicate sends or acks have a number in square brackets showing the number of duplicates so far. Here is a short sample from near the start of an ftp: 3.00 0.20 send . 512 3.20 0.20 ack . 1024 (0.20) 3.20 0.00 send P 1024 3.40 0.20 ack . 1536 (0.20) 3.80 0.40 * send . 0 (3.80) [2] 3.82 0.02 * ack . 1536 (0.62) [2] Three seconds into the conversation, bytes 512 through 1023 were sent. 200ms later they were acked. Shortly thereafter bytes 1024-1535 were sent and again acked after 200ms. Then, for no apparent reason, 0-511 is retransmitted, 3.8 seconds after its initial send (the round trip time for this ftp was 1sec, +-500ms). Since the receiver is expecting 1536, 1536 is re-acked when 0 arrives. packetdat.awk Computes chunk summary data for an ftp (or similar unidirectional tcp transfer). [A "chunk" refers to a chunk of the sequence space -- essentially the packet sequence number divided by the max segment size.] A summary line is printed showing the number of chunks, the number of packets it took to send that many chunks (if there are no lost or duplicated packets, the number of packets should equal the number of chunks) and the number of acks. Following the summary line is one line of information per chunk. The line contains eight fields: 1 - the chunk number 2 - the start sequence number for this chunk 3 - time of first send 4 - time of last send 5 - time of first ack 6 - time of last ack 7 - number of times chunk was sent 8 - number of times chunk was acked (all times are in decimal seconds, relative to the start of the conversation.) As an example, here is the first part of the output for an ftp trace: # 134 chunks. 536 packets sent. 508 acks. 1 1 0.00 5.80 0.20 0.20 4 1 2 513 0.28 6.20 0.40 0.40 4 1 3 1025 1.16 6.32 1.20 1.20 4 1 4 1561 1.86 15.00 2.00 2.00 6 1 5 2049 2.16 15.44 2.20 2.20 5 1 6 2585 2.64 16.44 2.80 2.80 5 1 7 3073 3.00 16.66 3.20 3.20 4 1 8 3609 3.20 17.24 3.40 5.82 4 11 9 4097 6.02 6.58 6.20 6.80 2 5 This says that 134 chunks were transferred (about 70K since the average packet size was 512 bytes). It took 536 packets to transfer the data (i.e., on the average each chunk was transmitted four times). Looking at, say, chunk 4, we see it represents the 512 bytes of sequence space from 1561 to 2048. It was first sent 1.86 seconds into the conversation. It was last sent 15 seconds into the conversation and was sent a total of 6 times (i.e., it was retransmitted every 2 seconds on the average). It was acked once, 140ms after it first arrived. stime.awk atime.awk Output one line per send or ack, respectively, in the form