]> The Tcpdump Group git mirrors - tcpdump/blob - print-gre.c
projects / tcpdump / blob


368bf8bb9e0666058d99f91717a81a6606012122
[tcpdump] / print-gre.c
1 /* $OpenBSD: print-gre.c,v 1.6 2002/10/30 03:04:04 fgsch Exp $ */
2
3 /*
4 * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /* \summary: Generic Routing Encapsulation (GRE) printer */
30
31 /*
32 * netdissect printer for GRE - Generic Routing Encapsulation
33 * RFC 1701 (GRE), RFC 1702 (GRE IPv4), RFC 2637 (PPTP, which
34 * has an extended form of GRE), RFC 2784 (revised GRE, with
35 * R, K, S, and s bits and Recur and Offset fields now reserved
36 * in the header, and no optional Key or Sequence number in the
37 * header), and RFC 2890 (proposal to add back the K and S bits
38 * and the optional Key and Sequence number).
39 *
40 * The RFC 2637 PPTP GRE repurposes the Key field to hold a
41 * 16-bit Payload Length and a 16-bit Call ID.
42 *
43 * RFC 7637 (NVGRE) repurposes the Key field to hold a 24-bit
44 * Virtual Subnet ID (VSID) and an 8-bit FlowID.
45 */
46
47 #ifdef HAVE_CONFIG_H
48 #include <config.h>
49 #endif
50
51 #include "netdissect-stdinc.h"
52
53 #define ND_LONGJMP_FROM_TCHECK
54 #include "netdissect.h"
55 #include "addrtostr.h"
56 #include "extract.h"
57 #include "ethertype.h"
58 #include "gre.h"
59
60 static const struct tok gre_flag_values[] = {
61 { GRE_CP, "checksum present"},
62 { GRE_RP, "routing present"},
63 { GRE_KP, "key present"},
64 { GRE_SP, "sequence# present"},
65 { GRE_sP, "source routing present"},
66 { GRE_AP, "ack present"},
67 { 0, NULL }
68 };
69
70 #define GRE_RECRS_MASK 0x0700 /* recursion count */
71 #define GRE_VERS_MASK 0x0007 /* protocol version */
72
73 /* source route entry types */
74 #define GRESRE_IP 0x0800 /* IP */
75 #define GRESRE_ASN 0xfffe /* ASN */
76
77 /*
78 * Ethertype values used for GRE (but not elsewhere?).
79 */
80 #define GRE_CDP 0x2000 /* Cisco Discovery Protocol */
81 #define GRE_NHRP 0x2001 /* Next Hop Resolution Protocol */
82 #define GRE_MIKROTIK_EOIP 0x6400 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
83 #define GRE_ERSPAN_III 0x22eb
84 #define GRE_WCCP 0x883e /* Web Cache C* Protocol */
85 #define GRE_ERSPAN_I_II 0x88be
86
87 struct wccp_redirect {
88 nd_uint8_t flags;
89 #define WCCP_T (1 << 7)
90 #define WCCP_A (1 << 6)
91 #define WCCP_U (1 << 5)
92 nd_uint8_t ServiceId;
93 nd_uint8_t AltBucket;
94 nd_uint8_t PriBucket;
95 };
96
97 static void gre_print_0(netdissect_options *, const u_char *, u_int);
98 static void gre_print_1(netdissect_options *, const u_char *, u_int);
99 static int gre_sre_print(netdissect_options *, uint16_t, uint8_t, uint8_t, const u_char *, u_int);
100 static int gre_sre_ip_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
101 static int gre_sre_asn_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
102
103 void
104 gre_print(netdissect_options *ndo, const u_char *bp, u_int length)
105 {
106 u_int vers;
107
108 ndo->ndo_protocol = "gre";
109 nd_print_protocol_caps(ndo);
110 ND_ICHECK_U(length, <, 2);
111 vers = GET_BE_U_2(bp) & GRE_VERS_MASK;
112 ND_PRINT("v%u",vers);
113
114 switch(vers) {
115 case 0:
116 gre_print_0(ndo, bp, length);
117 break;
118 case 1:
119 gre_print_1(ndo, bp, length);
120 break;
121 default:
122 ND_PRINT(" ERROR: unknown-version");
123 break;
124 }
125 return;
126
127 invalid:
128 nd_print_invalid(ndo);
129 }
130
131 static void
132 gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length)
133 {
134 u_int len = length;
135 uint16_t flags, prot;
136
137 ND_ICHECK_U(len, <, 2);
138 flags = GET_BE_U_2(bp);
139 if (ndo->ndo_vflag)
140 ND_PRINT(", Flags [%s]",
141 bittok2str(gre_flag_values,"none",flags));
142
143 len -= 2;
144 bp += 2;
145
146 ND_ICHECK_U(len, <, 2);
147 prot = GET_BE_U_2(bp);
148 len -= 2;
149 bp += 2;
150
151 if ((flags & GRE_CP) | (flags & GRE_RP)) {
152 uint16_t sum;
153
154 ND_ICHECK_U(len, <, 2);
155 sum = GET_BE_U_2(bp);
156 if (ndo->ndo_vflag)
157 ND_PRINT(", sum 0x%x", sum);
158 bp += 2;
159 len -= 2;
160
161 ND_ICHECK_U(len, <, 2);
162 ND_PRINT(", off 0x%x", GET_BE_U_2(bp));
163 bp += 2;
164 len -= 2;
165 }
166
167 if (flags & GRE_KP) {
168 uint32_t key;
169
170 ND_ICHECK_U(len, <, 4);
171 key = GET_BE_U_4(bp);
172 bp += 4;
173 len -= 4;
174
175 /*
176 * OpenBSD shows this as both a 32-bit
177 * (decimal) key value and a VSID+FlowID
178 * pair, with the VSID in decimal and
179 * the FlowID in hex, as key=<Key>|<VSID>+<FlowID>,
180 * in case this is NVGRE.
181 */
182 ND_PRINT(", key=0x%x", key);
183 }
184
185 if (flags & GRE_SP) {
186 ND_ICHECK_U(len, <, 4);
187 ND_PRINT(", seq %u", GET_BE_U_4(bp));
188 bp += 4;
189 len -= 4;
190 }
191
192 if (flags & GRE_RP) {
193 for (;;) {
194 uint16_t af;
195 uint8_t sreoff;
196 uint8_t srelen;
197
198 ND_ICHECK_U(len, <, 4);
199 af = GET_BE_U_2(bp);
200 sreoff = GET_U_1(bp + 2);
201 srelen = GET_U_1(bp + 3);
202 bp += 4;
203 len -= 4;
204
205 if (af == 0 && srelen == 0)
206 break;
207
208 if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len))
209 goto invalid;
210
211 ND_ICHECK_U(len, <, srelen);
212 bp += srelen;
213 len -= srelen;
214 }
215 }
216
217 if (ndo->ndo_eflag)
218 ND_PRINT(", proto %s (0x%04x)",
219 tok2str(ethertype_values,"unknown",prot), prot);
220
221 ND_PRINT(", length %u",length);
222
223 if (ndo->ndo_vflag < 1)
224 ND_PRINT(": "); /* put in a colon as protocol demarc */
225 else
226 ND_PRINT("\n\t"); /* if verbose go multiline */
227
228 switch (prot) {
229 case 0x0000:
230 /*
231 * 0x0000 is reserved, but Cisco, at least, appears to
232 * use it for keep-alives; see, for example,
233 * https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html#anc1
234 */
235 ND_PRINT("keep-alive");
236 break;
237 case GRE_WCCP:
238 /*
239 * This is a bit weird.
240 *
241 * This may either just mean "IPv4" or it may mean
242 * "IPv4 preceded by a WCCP redirect header". We
243 * check to see if the first octet looks like the
244 * beginning of an IPv4 header and, if not, dissect
245 * it "IPv4 preceded by a WCCP redirect header",
246 * otherwise we dissect it as just IPv4.
247 *
248 * See "Packet redirection" in draft-forster-wrec-wccp-v1-00,
249 * section 4.12 "Traffic Forwarding" in
250 * draft-wilson-wrec-wccp-v2-01, and section 3.12.1
251 * "Forwarding using GRE Encapsulation" in
252 * draft-param-wccp-v2rev1-01.
253 */
254 ND_PRINT("wccp ");
255
256 ND_ICHECK_U(len, <, 1);
257 if (GET_U_1(bp) >> 4 != 4) {
258 /*
259 * First octet isn't 0x4*, so it's not IPv4.
260 */
261 const struct wccp_redirect *wccp;
262 uint8_t wccp_flags;
263
264 ND_ICHECK_ZU(len, <, sizeof(*wccp));
265 wccp = (const struct wccp_redirect *)bp;
266 wccp_flags = GET_U_1(wccp->flags);
267
268 ND_PRINT("T:%c A:%c U:%c SId:%u Alt:%u Pri:%u",
269 (wccp_flags & WCCP_T) ? '1' : '0',
270 (wccp_flags & WCCP_A) ? '1' : '0',
271 (wccp_flags & WCCP_U) ? '1' : '0',
272 GET_U_1(wccp->ServiceId),
273 GET_U_1(wccp->AltBucket),
274 GET_U_1(wccp->PriBucket));
275
276 bp += sizeof(*wccp);
277 len -= sizeof(*wccp);
278
279 ND_PRINT(": ");
280 }
281 /* FALLTHROUGH */
282 case ETHERTYPE_IP:
283 ip_print(ndo, bp, len);
284 break;
285 case ETHERTYPE_IPV6:
286 ip6_print(ndo, bp, len);
287 break;
288 case ETHERTYPE_MPLS:
289 case ETHERTYPE_MPLS_MULTI:
290 mpls_print(ndo, bp, len);
291 break;
292 case ETHERTYPE_IPX:
293 ipx_print(ndo, bp, len);
294 break;
295 case ETHERTYPE_ATALK:
296 atalk_print(ndo, bp, len);
297 break;
298 case ETHERTYPE_GRE_ISO:
299 isoclns_print(ndo, bp, len);
300 break;
301 case ETHERTYPE_TEB:
302 ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
303 break;
304 case ETHERTYPE_NSH:
305 nsh_print(ndo, bp, len);
306 break;
307 case GRE_ERSPAN_I_II:
308 erspan_print(ndo, flags, bp, len);
309 break;
310 case GRE_CDP:
311 cdp_print(ndo, bp, len);
312 break;
313 case GRE_NHRP:
314 nhrp_print(ndo, bp, len);
315 break;
316 default:
317 ND_PRINT("gre-proto-0x%x", prot);
318 }
319 return;
320
321 invalid:
322 nd_print_invalid(ndo);
323 }
324
325 static void
326 gre_print_1(netdissect_options *ndo, const u_char *bp, u_int length)
327 {
328 u_int len = length;
329 uint16_t flags, prot;
330
331 ND_ICHECK_U(len, <, 2);
332 flags = GET_BE_U_2(bp);
333 len -= 2;
334 bp += 2;
335
336 if (ndo->ndo_vflag)
337 ND_PRINT(", Flags [%s]",
338 bittok2str(gre_flag_values,"none",flags));
339
340 ND_ICHECK_U(len, <, 2);
341 prot = GET_BE_U_2(bp);
342 len -= 2;
343 bp += 2;
344
345 /*
346 * This version is used for two purposes:
347 *
348 * RFC 2637 PPTP;
349 * Some Mikrotik Ethernet-over-IP hack.
350 */
351 switch (prot) {
352 case GRE_MIKROTIK_EOIP:
353 /*
354 * The MikroTik hack uses only the key field, and uses it
355 * for its own purposes. If anything other than the version
356 * and K bit are set, report an error and give up.
357 */
358 if ((flags & ~GRE_VERS_MASK) != GRE_KP) {
359 ND_PRINT(" unknown-eoip-flags-%04x!", flags);
360 return;
361 }
362 break;
363 default:
364 /*
365 * XXX - what should we do if it's not ETHERTYPE_PPP?
366 */
367 break;
368 }
369
370 if (flags & GRE_KP) {
371 /* Skip payload length? */
372 ND_ICHECK_U(len, <, 2);
373 ND_TCHECK_LEN(bp, 2);
374 len -= 2;
375 bp += 2;
376
377 ND_ICHECK_U(len, <, 2);
378 if (prot == GRE_MIKROTIK_EOIP) {
379 /* Non-standard */
380 ND_PRINT(", tunnel-id %u", GET_BE_U_2(bp));
381 } else
382 ND_PRINT(", call %u", GET_BE_U_2(bp));
383 len -= 2;
384 bp += 2;
385 } else
386 ND_PRINT(", (ERROR: K flag not set)");
387
388 if (flags & GRE_SP) {
389 ND_ICHECK_U(len, <, 4);
390 ND_PRINT(", seq %u", GET_BE_U_4(bp));
391 bp += 4;
392 len -= 4;
393 }
394
395 if (flags & GRE_AP) {
396 ND_ICHECK_U(len, <, 4);
397 ND_PRINT(", ack %u", GET_BE_U_4(bp));
398 bp += 4;
399 len -= 4;
400 }
401
402 /*
403 * More non-standard EoIP behavior.
404 */
405 if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
406 ND_PRINT(", no-payload");
407
408 if (ndo->ndo_eflag)
409 ND_PRINT(", proto %s (0x%04x)",
410 tok2str(ethertype_values,"unknown",prot), prot);
411
412 ND_PRINT(", length %u",length);
413
414 /*
415 * More non-standard EoIP behavior.
416 */
417 if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
418 return;
419
420 if (ndo->ndo_vflag < 1)
421 ND_PRINT(": "); /* put in a colon as protocol demarc */
422 else
423 ND_PRINT("\n\t"); /* if verbose go multiline */
424
425 switch (prot) {
426 case ETHERTYPE_PPP:
427 ppp_print(ndo, bp, len);
428 break;
429 case GRE_MIKROTIK_EOIP:
430 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
431 if (len == 0)
432 ND_PRINT("keepalive");
433 else
434 ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
435 break;
436 default:
437 ND_PRINT("gre-proto-0x%x", prot);
438 break;
439 }
440 return;
441
442 invalid:
443 nd_print_invalid(ndo);
444 }
445
446 static int
447 gre_sre_print(netdissect_options *ndo, uint16_t af, uint8_t sreoff,
448 uint8_t srelen, const u_char *bp, u_int len)
449 {
450 int ret;
451
452 switch (af) {
453 case GRESRE_IP:
454 ND_PRINT(", (rtaf=ip");
455 ret = gre_sre_ip_print(ndo, sreoff, srelen, bp, len);
456 ND_PRINT(")");
457 break;
458 case GRESRE_ASN:
459 ND_PRINT(", (rtaf=asn");
460 ret = gre_sre_asn_print(ndo, sreoff, srelen, bp, len);
461 ND_PRINT(")");
462 break;
463 default:
464 ND_PRINT(", (rtaf=0x%x)", af);
465 ret = 1;
466 }
467 return (ret);
468 }
469
470 static int
471 gre_sre_ip_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
472 const u_char *bp, u_int len)
473 {
474 const u_char *up = bp;
475 char buf[INET_ADDRSTRLEN];
476
477 if (sreoff & 3) {
478 ND_PRINT(", badoffset=%u", sreoff);
479 goto invalid;
480 }
481 if (srelen & 3) {
482 ND_PRINT(", badlength=%u", srelen);
483 goto invalid;
484 }
485 if (sreoff >= srelen) {
486 ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
487 goto invalid;
488 }
489
490 while (srelen != 0) {
491 ND_ICHECK_U(len, <, 4);
492
493 ND_TCHECK_LEN(bp, sizeof(nd_ipv4));
494 addrtostr(bp, buf, sizeof(buf));
495 ND_PRINT(" %s%s",
496 ((bp - up) == sreoff) ? "*" : "", buf);
497
498 bp += 4;
499 len -= 4;
500 srelen -= 4;
501 }
502 return 1;
503
504 invalid:
505 return 0;
506 }
507
508 static int
509 gre_sre_asn_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
510 const u_char *bp, u_int len)
511 {
512 const u_char *up = bp;
513
514 if (sreoff & 1) {
515 ND_PRINT(", badoffset=%u", sreoff);
516 goto invalid;
517 }
518 if (srelen & 1) {
519 ND_PRINT(", badlength=%u", srelen);
520 goto invalid;
521 }
522 if (sreoff >= srelen) {
523 ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
524 goto invalid;
525 }
526
527 while (srelen != 0) {
528 ND_ICHECK_U(len, <, 2);
529
530 ND_PRINT(" %s%x",
531 ((bp - up) == sreoff) ? "*" : "", GET_BE_U_2(bp));
532
533 bp += 2;
534 len -= 2;
535 srelen -= 2;
536 }
537 return 1;
538
539 invalid:
540 return 0;
541 }
[mirror] the TCPdump network dissector