]> The Tcpdump Group git mirrors - tcpdump/blob - print-ether.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CVE-2017-12897/ISO CLNS: Use ND_TTEST() for the bounds checks in isoclns_print().
[tcpdump] / print-ether.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Ethernet printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <netdissect-stdinc.h>
29
30 #include "netdissect.h"
31 #include "extract.h"
32 #include "addrtoname.h"
33 #include "ethertype.h"
34 #include "ether.h"
35
36 const struct tok ethertype_values[] = {
37 { ETHERTYPE_IP, "IPv4" },
38 { ETHERTYPE_MPLS, "MPLS unicast" },
39 { ETHERTYPE_MPLS_MULTI, "MPLS multicast" },
40 { ETHERTYPE_IPV6, "IPv6" },
41 { ETHERTYPE_8021Q, "802.1Q" },
42 { ETHERTYPE_8021Q9100, "802.1Q-9100" },
43 { ETHERTYPE_8021QinQ, "802.1Q-QinQ" },
44 { ETHERTYPE_8021Q9200, "802.1Q-9200" },
45 { ETHERTYPE_VMAN, "VMAN" },
46 { ETHERTYPE_PUP, "PUP" },
47 { ETHERTYPE_ARP, "ARP"},
48 { ETHERTYPE_REVARP, "Reverse ARP"},
49 { ETHERTYPE_NS, "NS" },
50 { ETHERTYPE_SPRITE, "Sprite" },
51 { ETHERTYPE_TRAIL, "Trail" },
52 { ETHERTYPE_MOPDL, "MOP DL" },
53 { ETHERTYPE_MOPRC, "MOP RC" },
54 { ETHERTYPE_DN, "DN" },
55 { ETHERTYPE_LAT, "LAT" },
56 { ETHERTYPE_SCA, "SCA" },
57 { ETHERTYPE_TEB, "TEB" },
58 { ETHERTYPE_LANBRIDGE, "Lanbridge" },
59 { ETHERTYPE_DECDNS, "DEC DNS" },
60 { ETHERTYPE_DECDTS, "DEC DTS" },
61 { ETHERTYPE_VEXP, "VEXP" },
62 { ETHERTYPE_VPROD, "VPROD" },
63 { ETHERTYPE_ATALK, "Appletalk" },
64 { ETHERTYPE_AARP, "Appletalk ARP" },
65 { ETHERTYPE_IPX, "IPX" },
66 { ETHERTYPE_PPP, "PPP" },
67 { ETHERTYPE_MPCP, "MPCP" },
68 { ETHERTYPE_SLOW, "Slow Protocols" },
69 { ETHERTYPE_PPPOED, "PPPoE D" },
70 { ETHERTYPE_PPPOES, "PPPoE S" },
71 { ETHERTYPE_EAPOL, "EAPOL" },
72 { ETHERTYPE_RRCP, "RRCP" },
73 { ETHERTYPE_MS_NLB_HB, "MS NLB heartbeat" },
74 { ETHERTYPE_JUMBO, "Jumbo" },
75 { ETHERTYPE_NSH, "NSH" },
76 { ETHERTYPE_LOOPBACK, "Loopback" },
77 { ETHERTYPE_ISO, "OSI" },
78 { ETHERTYPE_GRE_ISO, "GRE-OSI" },
79 { ETHERTYPE_CFM_OLD, "CFM (old)" },
80 { ETHERTYPE_CFM, "CFM" },
81 { ETHERTYPE_IEEE1905_1, "IEEE1905.1" },
82 { ETHERTYPE_LLDP, "LLDP" },
83 { ETHERTYPE_TIPC, "TIPC"},
84 { ETHERTYPE_GEONET_OLD, "GeoNet (old)"},
85 { ETHERTYPE_GEONET, "GeoNet"},
86 { ETHERTYPE_CALM_FAST, "CALM FAST"},
87 { ETHERTYPE_AOE, "AoE" },
88 { ETHERTYPE_MEDSA, "MEDSA" },
89 { 0, NULL}
90 };
91
92 static inline void
93 ether_hdr_print(netdissect_options *ndo,
94 const u_char *bp, u_int length)
95 {
96 register const struct ether_header *ep;
97 uint16_t length_type;
98
99 ep = (const struct ether_header *)bp;
100
101 ND_PRINT((ndo, "%s > %s",
102 etheraddr_string(ndo, ESRC(ep)),
103 etheraddr_string(ndo, EDST(ep))));
104
105 length_type = EXTRACT_16BITS(&ep->ether_length_type);
106 if (!ndo->ndo_qflag) {
107 if (length_type <= ETHERMTU) {
108 ND_PRINT((ndo, ", 802.3"));
109 length = length_type;
110 } else
111 ND_PRINT((ndo, ", ethertype %s (0x%04x)",
112 tok2str(ethertype_values,"Unknown", length_type),
113 length_type));
114 } else {
115 if (length_type <= ETHERMTU) {
116 ND_PRINT((ndo, ", 802.3"));
117 length = length_type;
118 } else
119 ND_PRINT((ndo, ", %s", tok2str(ethertype_values,"Unknown Ethertype (0x%04x)", length_type)));
120 }
121
122 ND_PRINT((ndo, ", length %u: ", length));
123 }
124
125 /*
126 * Print an Ethernet frame.
127 * This might be encapsulated within another frame; we might be passed
128 * a pointer to a function that can print header information for that
129 * frame's protocol, and an argument to pass to that function.
130 *
131 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
132 */
133 u_int
134 ether_print(netdissect_options *ndo,
135 const u_char *p, u_int length, u_int caplen,
136 void (*print_encap_header)(netdissect_options *ndo, const u_char *), const u_char *encap_header_arg)
137 {
138 const struct ether_header *ep;
139 u_int orig_length;
140 u_short length_type;
141 u_int hdrlen;
142 int llc_hdrlen;
143 struct lladdr_info src, dst;
144
145 if (caplen < ETHER_HDRLEN) {
146 ND_PRINT((ndo, "[|ether]"));
147 return (caplen);
148 }
149 if (length < ETHER_HDRLEN) {
150 ND_PRINT((ndo, "[|ether]"));
151 return (length);
152 }
153
154 if (ndo->ndo_eflag) {
155 if (print_encap_header != NULL)
156 (*print_encap_header)(ndo, encap_header_arg);
157 ether_hdr_print(ndo, p, length);
158 }
159 orig_length = length;
160
161 length -= ETHER_HDRLEN;
162 caplen -= ETHER_HDRLEN;
163 ep = (const struct ether_header *)p;
164 p += ETHER_HDRLEN;
165 hdrlen = ETHER_HDRLEN;
166
167 src.addr = ESRC(ep);
168 src.addr_string = etheraddr_string;
169 dst.addr = EDST(ep);
170 dst.addr_string = etheraddr_string;
171 length_type = EXTRACT_16BITS(&ep->ether_length_type);
172
173 recurse:
174 /*
175 * Is it (gag) an 802.3 encapsulation?
176 */
177 if (length_type <= ETHERMTU) {
178 /* Try to print the LLC-layer header & higher layers */
179 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
180 if (llc_hdrlen < 0) {
181 /* packet type not known, print raw packet */
182 if (!ndo->ndo_suppress_default_print)
183 ND_DEFAULTPRINT(p, caplen);
184 llc_hdrlen = -llc_hdrlen;
185 }
186 hdrlen += llc_hdrlen;
187 } else if (length_type == ETHERTYPE_8021Q ||
188 length_type == ETHERTYPE_8021Q9100 ||
189 length_type == ETHERTYPE_8021Q9200 ||
190 length_type == ETHERTYPE_8021QinQ) {
191 /*
192 * Print VLAN information, and then go back and process
193 * the enclosed type field.
194 */
195 if (caplen < 4) {
196 ND_PRINT((ndo, "[|vlan]"));
197 return (hdrlen + caplen);
198 }
199 if (length < 4) {
200 ND_PRINT((ndo, "[|vlan]"));
201 return (hdrlen + length);
202 }
203 if (ndo->ndo_eflag) {
204 uint16_t tag = EXTRACT_16BITS(p);
205
206 ND_PRINT((ndo, "%s, ", ieee8021q_tci_string(tag)));
207 }
208
209 length_type = EXTRACT_16BITS(p + 2);
210 if (ndo->ndo_eflag && length_type > ETHERMTU)
211 ND_PRINT((ndo, "ethertype %s, ", tok2str(ethertype_values,"0x%04x", length_type)));
212 p += 4;
213 length -= 4;
214 caplen -= 4;
215 hdrlen += 4;
216 goto recurse;
217 } else if (length_type == ETHERTYPE_JUMBO) {
218 /*
219 * Alteon jumbo frames.
220 * See
221 *
222 * http://tools.ietf.org/html/draft-ietf-isis-ext-eth-01
223 *
224 * which indicates that, following the type field,
225 * there's an LLC header and payload.
226 */
227 /* Try to print the LLC-layer header & higher layers */
228 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
229 if (llc_hdrlen < 0) {
230 /* packet type not known, print raw packet */
231 if (!ndo->ndo_suppress_default_print)
232 ND_DEFAULTPRINT(p, caplen);
233 llc_hdrlen = -llc_hdrlen;
234 }
235 hdrlen += llc_hdrlen;
236 } else {
237 if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) {
238 /* type not known, print raw packet */
239 if (!ndo->ndo_eflag) {
240 if (print_encap_header != NULL)
241 (*print_encap_header)(ndo, encap_header_arg);
242 ether_hdr_print(ndo, (const u_char *)ep, orig_length);
243 }
244
245 if (!ndo->ndo_suppress_default_print)
246 ND_DEFAULTPRINT(p, caplen);
247 }
248 }
249 return (hdrlen);
250 }
251
252 /*
253 * This is the top level routine of the printer. 'p' points
254 * to the ether header of the packet, 'h->len' is the length
255 * of the packet off the wire, and 'h->caplen' is the number
256 * of bytes actually captured.
257 */
258 u_int
259 ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
260 const u_char *p)
261 {
262 return (ether_print(ndo, p, h->len, h->caplen, NULL, NULL));
263 }
264
265 /*
266 * This is the top level routine of the printer. 'p' points
267 * to the ether header of the packet, 'h->len' is the length
268 * of the packet off the wire, and 'h->caplen' is the number
269 * of bytes actually captured.
270 *
271 * This is for DLT_NETANALYZER, which has a 4-byte pseudo-header
272 * before the Ethernet header.
273 */
274 u_int
275 netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
276 const u_char *p)
277 {
278 /*
279 * Fail if we don't have enough data for the Hilscher pseudo-header.
280 */
281 if (h->len < 4 || h->caplen < 4) {
282 ND_PRINT((ndo, "[|netanalyzer]"));
283 return (h->caplen);
284 }
285
286 /* Skip the pseudo-header. */
287 return (4 + ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL));
288 }
289
290 /*
291 * This is the top level routine of the printer. 'p' points
292 * to the ether header of the packet, 'h->len' is the length
293 * of the packet off the wire, and 'h->caplen' is the number
294 * of bytes actually captured.
295 *
296 * This is for DLT_NETANALYZER_TRANSPARENT, which has a 4-byte
297 * pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF
298 * before the Ethernet header.
299 */
300 u_int
301 netanalyzer_transparent_if_print(netdissect_options *ndo,
302 const struct pcap_pkthdr *h,
303 const u_char *p)
304 {
305 /*
306 * Fail if we don't have enough data for the Hilscher pseudo-header,
307 * preamble, and SOF.
308 */
309 if (h->len < 12 || h->caplen < 12) {
310 ND_PRINT((ndo, "[|netanalyzer-transparent]"));
311 return (h->caplen);
312 }
313
314 /* Skip the pseudo-header, preamble, and SOF. */
315 return (12 + ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL));
316 }
317
318 /*
319 * Prints the packet payload, given an Ethernet type code for the payload's
320 * protocol.
321 *
322 * Returns non-zero if it can do so, zero if the ethertype is unknown.
323 */
324
325 int
326 ethertype_print(netdissect_options *ndo,
327 u_short ether_type, const u_char *p,
328 u_int length, u_int caplen,
329 const struct lladdr_info *src, const struct lladdr_info *dst)
330 {
331 switch (ether_type) {
332
333 case ETHERTYPE_IP:
334 ip_print(ndo, p, length);
335 return (1);
336
337 case ETHERTYPE_IPV6:
338 ip6_print(ndo, p, length);
339 return (1);
340
341 case ETHERTYPE_ARP:
342 case ETHERTYPE_REVARP:
343 arp_print(ndo, p, length, caplen);
344 return (1);
345
346 case ETHERTYPE_DN:
347 decnet_print(ndo, p, length, caplen);
348 return (1);
349
350 case ETHERTYPE_ATALK:
351 if (ndo->ndo_vflag)
352 ND_PRINT((ndo, "et1 "));
353 atalk_print(ndo, p, length);
354 return (1);
355
356 case ETHERTYPE_AARP:
357 aarp_print(ndo, p, length);
358 return (1);
359
360 case ETHERTYPE_IPX:
361 ND_PRINT((ndo, "(NOV-ETHII) "));
362 ipx_print(ndo, p, length);
363 return (1);
364
365 case ETHERTYPE_ISO:
366 if (length == 0 || caplen == 0) {
367 ND_PRINT((ndo, " [|osi]"));
368 return (1);
369 }
370 isoclns_print(ndo, p + 1, length - 1);
371 return(1);
372
373 case ETHERTYPE_PPPOED:
374 case ETHERTYPE_PPPOES:
375 case ETHERTYPE_PPPOED2:
376 case ETHERTYPE_PPPOES2:
377 pppoe_print(ndo, p, length);
378 return (1);
379
380 case ETHERTYPE_EAPOL:
381 eap_print(ndo, p, length);
382 return (1);
383
384 case ETHERTYPE_RRCP:
385 rrcp_print(ndo, p, length, src, dst);
386 return (1);
387
388 case ETHERTYPE_PPP:
389 if (length) {
390 ND_PRINT((ndo, ": "));
391 ppp_print(ndo, p, length);
392 }
393 return (1);
394
395 case ETHERTYPE_MPCP:
396 mpcp_print(ndo, p, length);
397 return (1);
398
399 case ETHERTYPE_SLOW:
400 slow_print(ndo, p, length);
401 return (1);
402
403 case ETHERTYPE_CFM:
404 case ETHERTYPE_CFM_OLD:
405 cfm_print(ndo, p, length);
406 return (1);
407
408 case ETHERTYPE_LLDP:
409 lldp_print(ndo, p, length);
410 return (1);
411
412 case ETHERTYPE_NSH:
413 nsh_print(ndo, p, length);
414 return (1);
415
416 case ETHERTYPE_LOOPBACK:
417 loopback_print(ndo, p, length);
418 return (1);
419
420 case ETHERTYPE_MPLS:
421 case ETHERTYPE_MPLS_MULTI:
422 mpls_print(ndo, p, length);
423 return (1);
424
425 case ETHERTYPE_TIPC:
426 tipc_print(ndo, p, length, caplen);
427 return (1);
428
429 case ETHERTYPE_MS_NLB_HB:
430 msnlb_print(ndo, p);
431 return (1);
432
433 case ETHERTYPE_GEONET_OLD:
434 case ETHERTYPE_GEONET:
435 geonet_print(ndo, p, length, src);
436 return (1);
437
438 case ETHERTYPE_CALM_FAST:
439 calm_fast_print(ndo, p, length, src);
440 return (1);
441
442 case ETHERTYPE_AOE:
443 aoe_print(ndo, p, length);
444 return (1);
445
446 case ETHERTYPE_MEDSA:
447 medsa_print(ndo, p, length, caplen, src, dst);
448 return (1);
449
450 case ETHERTYPE_LAT:
451 case ETHERTYPE_SCA:
452 case ETHERTYPE_MOPRC:
453 case ETHERTYPE_MOPDL:
454 case ETHERTYPE_IEEE1905_1:
455 /* default_print for now */
456 default:
457 return (0);
458 }
459 }
460
461
462 /*
463 * Local Variables:
464 * c-style: whitesmith
465 * c-basic-offset: 8
466 * End:
467 */
468
[mirror] the TCPdump network dissector