]> The Tcpdump Group git mirrors - tcpdump/blob - print-ppp.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
PPP: Fix the output
[tcpdump] / print-ppp.c
1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Extensively modified by Motonori Shindo (mshindo@mshindo.net) for more
22 * complete PPP support.
23 */
24
25 /* \summary: Point to Point Protocol (PPP) printer */
26
27 /*
28 * TODO:
29 * o resolve XXX as much as possible
30 * o MP support
31 * o BAP support
32 */
33
34 #include <config.h>
35
36 #include "netdissect-stdinc.h"
37
38 #include <stdlib.h>
39
40 #include "netdissect.h"
41 #include "extract.h"
42 #include "addrtoname.h"
43 #include "ppp.h"
44 #include "chdlc.h"
45 #include "ethertype.h"
46 #include "oui.h"
47 #include "netdissect-alloc.h"
48
49 /*
50 * The following constants are defined by IANA. Please refer to
51 * https://www.isi.edu/in-notes/iana/assignments/ppp-numbers
52 * for the up-to-date information.
53 */
54
55 /* Protocol Codes defined in ppp.h */
56
57 static const struct tok ppptype2str[] = {
58 { PPP_IP, "IP" },
59 { PPP_OSI, "OSI" },
60 { PPP_NS, "NS" },
61 { PPP_DECNET, "DECNET" },
62 { PPP_APPLE, "APPLE" },
63 { PPP_IPX, "IPX" },
64 { PPP_VJC, "VJC IP" },
65 { PPP_VJNC, "VJNC IP" },
66 { PPP_BRPDU, "BRPDU" },
67 { PPP_STII, "STII" },
68 { PPP_VINES, "VINES" },
69 { PPP_MPLS_UCAST, "MPLS" },
70 { PPP_MPLS_MCAST, "MPLS" },
71 { PPP_COMP, "Compressed"},
72 { PPP_ML, "MLPPP"},
73 { PPP_IPV6, "IP6"},
74
75 { PPP_HELLO, "HELLO" },
76 { PPP_LUXCOM, "LUXCOM" },
77 { PPP_SNS, "SNS" },
78 { PPP_IPCP, "IPCP" },
79 { PPP_OSICP, "OSICP" },
80 { PPP_NSCP, "NSCP" },
81 { PPP_DECNETCP, "DECNETCP" },
82 { PPP_APPLECP, "APPLECP" },
83 { PPP_IPXCP, "IPXCP" },
84 { PPP_STIICP, "STIICP" },
85 { PPP_VINESCP, "VINESCP" },
86 { PPP_IPV6CP, "IP6CP" },
87 { PPP_MPLSCP, "MPLSCP" },
88
89 { PPP_LCP, "LCP" },
90 { PPP_PAP, "PAP" },
91 { PPP_LQM, "LQM" },
92 { PPP_CHAP, "CHAP" },
93 { PPP_EAP, "EAP" },
94 { PPP_SPAP, "SPAP" },
95 { PPP_SPAP_OLD, "Old-SPAP" },
96 { PPP_BACP, "BACP" },
97 { PPP_BAP, "BAP" },
98 { PPP_MPCP, "MLPPP-CP" },
99 { PPP_CCP, "CCP" },
100 { 0, NULL }
101 };
102
103 /* Control Protocols (LCP/IPCP/CCP etc.) Codes defined in RFC 1661 */
104
105 #define CPCODES_VEXT 0 /* Vendor-Specific (RFC2153) */
106 #define CPCODES_CONF_REQ 1 /* Configure-Request */
107 #define CPCODES_CONF_ACK 2 /* Configure-Ack */
108 #define CPCODES_CONF_NAK 3 /* Configure-Nak */
109 #define CPCODES_CONF_REJ 4 /* Configure-Reject */
110 #define CPCODES_TERM_REQ 5 /* Terminate-Request */
111 #define CPCODES_TERM_ACK 6 /* Terminate-Ack */
112 #define CPCODES_CODE_REJ 7 /* Code-Reject */
113 #define CPCODES_PROT_REJ 8 /* Protocol-Reject (LCP only) */
114 #define CPCODES_ECHO_REQ 9 /* Echo-Request (LCP only) */
115 #define CPCODES_ECHO_RPL 10 /* Echo-Reply (LCP only) */
116 #define CPCODES_DISC_REQ 11 /* Discard-Request (LCP only) */
117 #define CPCODES_ID 12 /* Identification (LCP only) RFC1570 */
118 #define CPCODES_TIME_REM 13 /* Time-Remaining (LCP only) RFC1570 */
119 #define CPCODES_RESET_REQ 14 /* Reset-Request (CCP only) RFC1962 */
120 #define CPCODES_RESET_REP 15 /* Reset-Reply (CCP only) */
121
122 static const struct tok cpcodes[] = {
123 {CPCODES_VEXT, "Vendor-Extension"}, /* RFC2153 */
124 {CPCODES_CONF_REQ, "Conf-Request"},
125 {CPCODES_CONF_ACK, "Conf-Ack"},
126 {CPCODES_CONF_NAK, "Conf-Nack"},
127 {CPCODES_CONF_REJ, "Conf-Reject"},
128 {CPCODES_TERM_REQ, "Term-Request"},
129 {CPCODES_TERM_ACK, "Term-Ack"},
130 {CPCODES_CODE_REJ, "Code-Reject"},
131 {CPCODES_PROT_REJ, "Prot-Reject"},
132 {CPCODES_ECHO_REQ, "Echo-Request"},
133 {CPCODES_ECHO_RPL, "Echo-Reply"},
134 {CPCODES_DISC_REQ, "Disc-Req"},
135 {CPCODES_ID, "Ident"}, /* RFC1570 */
136 {CPCODES_TIME_REM, "Time-Rem"}, /* RFC1570 */
137 {CPCODES_RESET_REQ, "Reset-Req"}, /* RFC1962 */
138 {CPCODES_RESET_REP, "Reset-Ack"}, /* RFC1962 */
139 {0, NULL}
140 };
141
142 /* LCP Config Options */
143
144 #define LCPOPT_VEXT 0
145 #define LCPOPT_MRU 1
146 #define LCPOPT_ACCM 2
147 #define LCPOPT_AP 3
148 #define LCPOPT_QP 4
149 #define LCPOPT_MN 5
150 #define LCPOPT_DEP6 6
151 #define LCPOPT_PFC 7
152 #define LCPOPT_ACFC 8
153 #define LCPOPT_FCSALT 9
154 #define LCPOPT_SDP 10
155 #define LCPOPT_NUMMODE 11
156 #define LCPOPT_DEP12 12
157 #define LCPOPT_CBACK 13
158 #define LCPOPT_DEP14 14
159 #define LCPOPT_DEP15 15
160 #define LCPOPT_DEP16 16
161 #define LCPOPT_MLMRRU 17
162 #define LCPOPT_MLSSNHF 18
163 #define LCPOPT_MLED 19
164 #define LCPOPT_PROP 20
165 #define LCPOPT_DCEID 21
166 #define LCPOPT_MPP 22
167 #define LCPOPT_LD 23
168 #define LCPOPT_LCPAOPT 24
169 #define LCPOPT_COBS 25
170 #define LCPOPT_PE 26
171 #define LCPOPT_MLHF 27
172 #define LCPOPT_I18N 28
173 #define LCPOPT_SDLOS 29
174 #define LCPOPT_PPPMUX 30
175
176 static const char *lcpconfopts[] = {
177 "Vend-Ext", /* (0) */
178 "MRU", /* (1) */
179 "ACCM", /* (2) */
180 "Auth-Prot", /* (3) */
181 "Qual-Prot", /* (4) */
182 "Magic-Num", /* (5) */
183 "deprecated(6)", /* used to be a Quality Protocol */
184 "PFC", /* (7) */
185 "ACFC", /* (8) */
186 "FCS-Alt", /* (9) */
187 "SDP", /* (10) */
188 "Num-Mode", /* (11) */
189 "deprecated(12)", /* used to be a Multi-Link-Procedure*/
190 "Call-Back", /* (13) */
191 "deprecated(14)", /* used to be a Connect-Time */
192 "deprecated(15)", /* used to be a Compound-Frames */
193 "deprecated(16)", /* used to be a Nominal-Data-Encap */
194 "MRRU", /* (17) */
195 "12-Bit seq #", /* (18) */
196 "End-Disc", /* (19) */
197 "Proprietary", /* (20) */
198 "DCE-Id", /* (21) */
199 "MP+", /* (22) */
200 "Link-Disc", /* (23) */
201 "LCP-Auth-Opt", /* (24) */
202 "COBS", /* (25) */
203 "Prefix-elision", /* (26) */
204 "Multilink-header-Form",/* (27) */
205 "I18N", /* (28) */
206 "SDL-over-SONET/SDH", /* (29) */
207 "PPP-Muxing", /* (30) */
208 };
209
210 #define NUM_LCPOPTS (sizeof(lcpconfopts) / sizeof(lcpconfopts[0]))
211
212 /* ECP - to be supported */
213
214 /* CCP Config Options */
215
216 #define CCPOPT_OUI 0 /* RFC1962 */
217 #define CCPOPT_PRED1 1 /* RFC1962 */
218 #define CCPOPT_PRED2 2 /* RFC1962 */
219 #define CCPOPT_PJUMP 3 /* RFC1962 */
220 /* 4-15 unassigned */
221 #define CCPOPT_HPPPC 16 /* RFC1962 */
222 #define CCPOPT_STACLZS 17 /* RFC1974 */
223 #define CCPOPT_MPPC 18 /* RFC2118 */
224 #define CCPOPT_GFZA 19 /* RFC1962 */
225 #define CCPOPT_V42BIS 20 /* RFC1962 */
226 #define CCPOPT_BSDCOMP 21 /* RFC1977 */
227 /* 22 unassigned */
228 #define CCPOPT_LZSDCP 23 /* RFC1967 */
229 #define CCPOPT_MVRCA 24 /* RFC1975 */
230 #define CCPOPT_DEC 25 /* RFC1976 */
231 #define CCPOPT_DEFLATE 26 /* RFC1979 */
232 /* 27-254 unassigned */
233 #define CCPOPT_RESV 255 /* RFC1962 */
234
235 static const struct tok ccpconfopts_values[] = {
236 { CCPOPT_OUI, "OUI" },
237 { CCPOPT_PRED1, "Pred-1" },
238 { CCPOPT_PRED2, "Pred-2" },
239 { CCPOPT_PJUMP, "Puddle" },
240 { CCPOPT_HPPPC, "HP-PPC" },
241 { CCPOPT_STACLZS, "Stac-LZS" },
242 { CCPOPT_MPPC, "MPPC" },
243 { CCPOPT_GFZA, "Gand-FZA" },
244 { CCPOPT_V42BIS, "V.42bis" },
245 { CCPOPT_BSDCOMP, "BSD-Comp" },
246 { CCPOPT_LZSDCP, "LZS-DCP" },
247 { CCPOPT_MVRCA, "MVRCA" },
248 { CCPOPT_DEC, "DEC" },
249 { CCPOPT_DEFLATE, "Deflate" },
250 { CCPOPT_RESV, "Reserved"},
251 {0, NULL}
252 };
253
254 /* BACP Config Options */
255
256 #define BACPOPT_FPEER 1 /* RFC2125 */
257
258 static const struct tok bacconfopts_values[] = {
259 { BACPOPT_FPEER, "Favored-Peer" },
260 {0, NULL}
261 };
262
263
264 /* SDCP - to be supported */
265
266 /* IPCP Config Options */
267 #define IPCPOPT_2ADDR 1 /* RFC1172, RFC1332 (deprecated) */
268 #define IPCPOPT_IPCOMP 2 /* RFC1332 */
269 #define IPCPOPT_ADDR 3 /* RFC1332 */
270 #define IPCPOPT_MOBILE4 4 /* RFC2290 */
271 #define IPCPOPT_PRIDNS 129 /* RFC1877 */
272 #define IPCPOPT_PRINBNS 130 /* RFC1877 */
273 #define IPCPOPT_SECDNS 131 /* RFC1877 */
274 #define IPCPOPT_SECNBNS 132 /* RFC1877 */
275
276 static const struct tok ipcpopt_values[] = {
277 { IPCPOPT_2ADDR, "IP-Addrs" },
278 { IPCPOPT_IPCOMP, "IP-Comp" },
279 { IPCPOPT_ADDR, "IP-Addr" },
280 { IPCPOPT_MOBILE4, "Home-Addr" },
281 { IPCPOPT_PRIDNS, "Pri-DNS" },
282 { IPCPOPT_PRINBNS, "Pri-NBNS" },
283 { IPCPOPT_SECDNS, "Sec-DNS" },
284 { IPCPOPT_SECNBNS, "Sec-NBNS" },
285 { 0, NULL }
286 };
287
288 #define IPCPOPT_IPCOMP_HDRCOMP 0x61 /* rfc3544 */
289 #define IPCPOPT_IPCOMP_MINLEN 14
290
291 static const struct tok ipcpopt_compproto_values[] = {
292 { PPP_VJC, "VJ-Comp" },
293 { IPCPOPT_IPCOMP_HDRCOMP, "IP Header Compression" },
294 { 0, NULL }
295 };
296
297 static const struct tok ipcpopt_compproto_subopt_values[] = {
298 { 1, "RTP-Compression" },
299 { 2, "Enhanced RTP-Compression" },
300 { 0, NULL }
301 };
302
303 /* IP6CP Config Options */
304 #define IP6CP_IFID 1
305
306 static const struct tok ip6cpopt_values[] = {
307 { IP6CP_IFID, "Interface-ID" },
308 { 0, NULL }
309 };
310
311 /* ATCP - to be supported */
312 /* OSINLCP - to be supported */
313 /* BVCP - to be supported */
314 /* BCP - to be supported */
315 /* IPXCP - to be supported */
316 /* MPLSCP - to be supported */
317
318 /* Auth Algorithms */
319
320 /* 0-4 Reserved (RFC1994) */
321 #define AUTHALG_CHAPMD5 5 /* RFC1994 */
322 #define AUTHALG_MSCHAP1 128 /* RFC2433 */
323 #define AUTHALG_MSCHAP2 129 /* RFC2795 */
324
325 static const struct tok authalg_values[] = {
326 { AUTHALG_CHAPMD5, "MD5" },
327 { AUTHALG_MSCHAP1, "MS-CHAPv1" },
328 { AUTHALG_MSCHAP2, "MS-CHAPv2" },
329 { 0, NULL }
330 };
331
332 /* FCS Alternatives - to be supported */
333
334 /* Multilink Endpoint Discriminator (RFC1717) */
335 #define MEDCLASS_NULL 0 /* Null Class */
336 #define MEDCLASS_LOCAL 1 /* Locally Assigned */
337 #define MEDCLASS_IPV4 2 /* Internet Protocol (IPv4) */
338 #define MEDCLASS_MAC 3 /* IEEE 802.1 global MAC address */
339 #define MEDCLASS_MNB 4 /* PPP Magic Number Block */
340 #define MEDCLASS_PSNDN 5 /* Public Switched Network Director Number */
341
342 /* PPP LCP Callback */
343 #define CALLBACK_AUTH 0 /* Location determined by user auth */
344 #define CALLBACK_DSTR 1 /* Dialing string */
345 #define CALLBACK_LID 2 /* Location identifier */
346 #define CALLBACK_E164 3 /* E.164 number */
347 #define CALLBACK_X500 4 /* X.500 distinguished name */
348 #define CALLBACK_CBCP 6 /* Location is determined during CBCP nego */
349
350 static const struct tok ppp_callback_values[] = {
351 { CALLBACK_AUTH, "UserAuth" },
352 { CALLBACK_DSTR, "DialString" },
353 { CALLBACK_LID, "LocalID" },
354 { CALLBACK_E164, "E.164" },
355 { CALLBACK_X500, "X.500" },
356 { CALLBACK_CBCP, "CBCP" },
357 { 0, NULL }
358 };
359
360 /* CHAP */
361
362 #define CHAP_CHAL 1
363 #define CHAP_RESP 2
364 #define CHAP_SUCC 3
365 #define CHAP_FAIL 4
366
367 static const struct tok chapcode_values[] = {
368 { CHAP_CHAL, "Challenge" },
369 { CHAP_RESP, "Response" },
370 { CHAP_SUCC, "Success" },
371 { CHAP_FAIL, "Fail" },
372 { 0, NULL}
373 };
374
375 /* PAP */
376
377 #define PAP_AREQ 1
378 #define PAP_AACK 2
379 #define PAP_ANAK 3
380
381 static const struct tok papcode_values[] = {
382 { PAP_AREQ, "Auth-Req" },
383 { PAP_AACK, "Auth-ACK" },
384 { PAP_ANAK, "Auth-NACK" },
385 { 0, NULL }
386 };
387
388 /* BAP */
389 #define BAP_CALLREQ 1
390 #define BAP_CALLRES 2
391 #define BAP_CBREQ 3
392 #define BAP_CBRES 4
393 #define BAP_LDQREQ 5
394 #define BAP_LDQRES 6
395 #define BAP_CSIND 7
396 #define BAP_CSRES 8
397
398 static u_int print_lcp_config_options(netdissect_options *, const u_char *p, u_int);
399 static u_int print_ipcp_config_options(netdissect_options *, const u_char *p, u_int);
400 static u_int print_ip6cp_config_options(netdissect_options *, const u_char *p, u_int);
401 static u_int print_ccp_config_options(netdissect_options *, const u_char *p, u_int);
402 static u_int print_bacp_config_options(netdissect_options *, const u_char *p, u_int);
403 static void handle_ppp(netdissect_options *, u_int proto, const u_char *p, u_int length);
404
405 /* generic Control Protocol (e.g. LCP, IPCP, CCP, etc.) handler */
406 static void
407 handle_ctrl_proto(netdissect_options *ndo,
408 u_int proto, const u_char *pptr, u_int length)
409 {
410 const char *typestr;
411 u_int code, len;
412 u_int (*pfunc)(netdissect_options *, const u_char *, u_int);
413 u_int tlen, advance;
414 const u_char *tptr;
415
416 tptr=pptr;
417
418 typestr = tok2str(ppptype2str, "unknown ctrl-proto (0x%04x)", proto);
419 ND_PRINT("%s, ", typestr);
420
421 if (length < 4) /* FIXME weak boundary checking */
422 goto trunc;
423 ND_TCHECK_2(tptr);
424
425 code = GET_U_1(tptr);
426 tptr++;
427
428 ND_PRINT("%s (0x%02x), id %u, length %u",
429 tok2str(cpcodes, "Unknown Opcode",code),
430 code,
431 GET_U_1(tptr), /* ID */
432 length + 2);
433 tptr++;
434
435 if (!ndo->ndo_vflag)
436 return;
437
438 len = GET_BE_U_2(tptr);
439 tptr += 2;
440
441 if (len < 4) {
442 ND_PRINT("\n\tencoded length %u (< 4))", len);
443 return;
444 }
445
446 if (len > length) {
447 ND_PRINT("\n\tencoded length %u (> packet length %u))", len, length);
448 return;
449 }
450 length = len;
451
452 ND_PRINT("\n\tencoded length %u (=Option(s) length %u)", len, len - 4);
453
454 if (length == 4)
455 return; /* there may be a NULL confreq etc. */
456
457 if (ndo->ndo_vflag > 1)
458 print_unknown_data(ndo, pptr - 2, "\n\t", 6);
459
460
461 switch (code) {
462 case CPCODES_VEXT:
463 if (length < 11)
464 break;
465 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
466 tptr += 4;
467 ND_PRINT(" Vendor: %s (%u)",
468 tok2str(oui_values,"Unknown",GET_BE_U_3(tptr)),
469 GET_BE_U_3(tptr));
470 /* XXX: need to decode Kind and Value(s)? */
471 break;
472 case CPCODES_CONF_REQ:
473 case CPCODES_CONF_ACK:
474 case CPCODES_CONF_NAK:
475 case CPCODES_CONF_REJ:
476 tlen = len - 4; /* Code(1), Identifier(1) and Length(2) */
477 do {
478 switch (proto) {
479 case PPP_LCP:
480 pfunc = print_lcp_config_options;
481 break;
482 case PPP_IPCP:
483 pfunc = print_ipcp_config_options;
484 break;
485 case PPP_IPV6CP:
486 pfunc = print_ip6cp_config_options;
487 break;
488 case PPP_CCP:
489 pfunc = print_ccp_config_options;
490 break;
491 case PPP_BACP:
492 pfunc = print_bacp_config_options;
493 break;
494 default:
495 /*
496 * No print routine for the options for
497 * this protocol.
498 */
499 pfunc = NULL;
500 break;
501 }
502
503 if (pfunc == NULL) /* catch the above null pointer if unknown CP */
504 break;
505
506 if ((advance = (*pfunc)(ndo, tptr, len)) == 0)
507 break;
508 if (tlen < advance) {
509 ND_PRINT(" [remaining options length %u < %u]",
510 tlen, advance);
511 nd_print_invalid(ndo);
512 break;
513 }
514 tlen -= advance;
515 tptr += advance;
516 } while (tlen != 0);
517 break;
518
519 case CPCODES_TERM_REQ:
520 case CPCODES_TERM_ACK:
521 /* XXX: need to decode Data? */
522 break;
523 case CPCODES_CODE_REJ:
524 /* XXX: need to decode Rejected-Packet? */
525 break;
526 case CPCODES_PROT_REJ:
527 if (length < 6)
528 break;
529 ND_PRINT("\n\t Rejected %s Protocol (0x%04x)",
530 tok2str(ppptype2str,"unknown", GET_BE_U_2(tptr)),
531 GET_BE_U_2(tptr));
532 /* XXX: need to decode Rejected-Information? - hexdump for now */
533 if (len > 6) {
534 ND_PRINT("\n\t Rejected Packet");
535 print_unknown_data(ndo, tptr + 2, "\n\t ", len - 2);
536 }
537 break;
538 case CPCODES_ECHO_REQ:
539 case CPCODES_ECHO_RPL:
540 case CPCODES_DISC_REQ:
541 if (length < 8)
542 break;
543 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
544 /* XXX: need to decode Data? - hexdump for now */
545 if (len > 8) {
546 ND_PRINT("\n\t -----trailing data-----");
547 ND_TCHECK_LEN(tptr + 4, len - 8);
548 print_unknown_data(ndo, tptr + 4, "\n\t ", len - 8);
549 }
550 break;
551 case CPCODES_ID:
552 if (length < 8)
553 break;
554 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
555 /* RFC 1661 says this is intended to be human readable */
556 if (len > 8) {
557 ND_PRINT("\n\t Message\n\t ");
558 if (nd_printn(ndo, tptr + 4, len - 4, ndo->ndo_snapend))
559 goto trunc;
560 }
561 break;
562 case CPCODES_TIME_REM:
563 if (length < 12)
564 break;
565 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
566 ND_PRINT(", Seconds-Remaining %us", GET_BE_U_4(tptr + 4));
567 /* XXX: need to decode Message? */
568 break;
569 default:
570 /* XXX this is dirty but we do not get the
571 * original pointer passed to the begin
572 * the PPP packet */
573 if (ndo->ndo_vflag <= 1)
574 print_unknown_data(ndo, pptr - 2, "\n\t ", length + 2);
575 break;
576 }
577 return;
578
579 trunc:
580 ND_PRINT("[|%s]", typestr);
581 }
582
583 /* LCP config options */
584 static u_int
585 print_lcp_config_options(netdissect_options *ndo,
586 const u_char *p, u_int length)
587 {
588 u_int opt, len;
589
590 if (length < 2)
591 return 0;
592 ND_TCHECK_2(p);
593 opt = GET_U_1(p);
594 len = GET_U_1(p + 1);
595 if (length < len)
596 return 0;
597 if (len < 2) {
598 if (opt < NUM_LCPOPTS)
599 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
600 lcpconfopts[opt], opt, len);
601 else
602 ND_PRINT("\n\tunknown LCP option 0x%02x", opt);
603 return 0;
604 }
605 if (opt < NUM_LCPOPTS)
606 ND_PRINT("\n\t %s Option (0x%02x), length %u", lcpconfopts[opt], opt, len);
607 else {
608 ND_PRINT("\n\tunknown LCP option 0x%02x", opt);
609 return len;
610 }
611
612 switch (opt) {
613 case LCPOPT_VEXT:
614 if (len < 6) {
615 ND_PRINT(" (length bogus, should be >= 6)");
616 return len;
617 }
618 ND_PRINT(": Vendor: %s (%u)",
619 tok2str(oui_values,"Unknown",GET_BE_U_3(p + 2)),
620 GET_BE_U_3(p + 2));
621 #if 0
622 ND_PRINT(", kind: 0x%02x", GET_U_1(p + 5));
623 ND_PRINT(", Value: 0x");
624 for (i = 0; i < len - 6; i++) {
625 ND_PRINT("%02x", GET_U_1(p + 6 + i));
626 }
627 #endif
628 break;
629 case LCPOPT_MRU:
630 if (len != 4) {
631 ND_PRINT(" (length bogus, should be = 4)");
632 return len;
633 }
634 ND_PRINT(": %u", GET_BE_U_2(p + 2));
635 break;
636 case LCPOPT_ACCM:
637 if (len != 6) {
638 ND_PRINT(" (length bogus, should be = 6)");
639 return len;
640 }
641 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2));
642 break;
643 case LCPOPT_AP:
644 if (len < 4) {
645 ND_PRINT(" (length bogus, should be >= 4)");
646 return len;
647 }
648 ND_PRINT(": %s",
649 tok2str(ppptype2str, "Unknown Auth Proto (0x04x)", GET_BE_U_2(p + 2)));
650
651 switch (GET_BE_U_2(p + 2)) {
652 case PPP_CHAP:
653 ND_PRINT(", %s",
654 tok2str(authalg_values, "Unknown Auth Alg %u", GET_U_1(p + 4)));
655 break;
656 case PPP_PAP: /* fall through */
657 case PPP_EAP:
658 case PPP_SPAP:
659 case PPP_SPAP_OLD:
660 break;
661 default:
662 print_unknown_data(ndo, p, "\n\t", len);
663 }
664 break;
665 case LCPOPT_QP:
666 if (len < 4) {
667 ND_PRINT(" (length bogus, should be >= 4)");
668 return 0;
669 }
670 if (GET_BE_U_2(p + 2) == PPP_LQM)
671 ND_PRINT(": LQR");
672 else
673 ND_PRINT(": unknown");
674 break;
675 case LCPOPT_MN:
676 if (len != 6) {
677 ND_PRINT(" (length bogus, should be = 6)");
678 return 0;
679 }
680 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2));
681 break;
682 case LCPOPT_PFC:
683 break;
684 case LCPOPT_ACFC:
685 break;
686 case LCPOPT_LD:
687 if (len != 4) {
688 ND_PRINT(" (length bogus, should be = 4)");
689 return 0;
690 }
691 ND_PRINT(": 0x%04x", GET_BE_U_2(p + 2));
692 break;
693 case LCPOPT_CBACK:
694 if (len < 3) {
695 ND_PRINT(" (length bogus, should be >= 3)");
696 return 0;
697 }
698 ND_PRINT(": Callback Operation %s (%u)",
699 tok2str(ppp_callback_values, "Unknown", GET_U_1(p + 2)),
700 GET_U_1(p + 2));
701 break;
702 case LCPOPT_MLMRRU:
703 if (len != 4) {
704 ND_PRINT(" (length bogus, should be = 4)");
705 return 0;
706 }
707 ND_PRINT(": %u", GET_BE_U_2(p + 2));
708 break;
709 case LCPOPT_MLED:
710 if (len < 3) {
711 ND_PRINT(" (length bogus, should be >= 3)");
712 return 0;
713 }
714 switch (GET_U_1(p + 2)) { /* class */
715 case MEDCLASS_NULL:
716 ND_PRINT(": Null");
717 break;
718 case MEDCLASS_LOCAL:
719 ND_PRINT(": Local"); /* XXX */
720 break;
721 case MEDCLASS_IPV4:
722 if (len != 7) {
723 ND_PRINT(" (length bogus, should be = 7)");
724 return 0;
725 }
726 ND_PRINT(": IPv4 %s", GET_IPADDR_STRING(p + 3));
727 break;
728 case MEDCLASS_MAC:
729 if (len != 9) {
730 ND_PRINT(" (length bogus, should be = 9)");
731 return 0;
732 }
733 ND_PRINT(": MAC %s", GET_MAC48_STRING(p + 3));
734 break;
735 case MEDCLASS_MNB:
736 ND_PRINT(": Magic-Num-Block"); /* XXX */
737 break;
738 case MEDCLASS_PSNDN:
739 ND_PRINT(": PSNDN"); /* XXX */
740 break;
741 default:
742 ND_PRINT(": Unknown class %u", GET_U_1(p + 2));
743 break;
744 }
745 break;
746
747 /* XXX: to be supported */
748 #if 0
749 case LCPOPT_DEP6:
750 case LCPOPT_FCSALT:
751 case LCPOPT_SDP:
752 case LCPOPT_NUMMODE:
753 case LCPOPT_DEP12:
754 case LCPOPT_DEP14:
755 case LCPOPT_DEP15:
756 case LCPOPT_DEP16:
757 case LCPOPT_MLSSNHF:
758 case LCPOPT_PROP:
759 case LCPOPT_DCEID:
760 case LCPOPT_MPP:
761 case LCPOPT_LCPAOPT:
762 case LCPOPT_COBS:
763 case LCPOPT_PE:
764 case LCPOPT_MLHF:
765 case LCPOPT_I18N:
766 case LCPOPT_SDLOS:
767 case LCPOPT_PPPMUX:
768 break;
769 #endif
770 default:
771 /*
772 * Unknown option; dump it as raw bytes now if we're
773 * not going to do so below.
774 */
775 if (ndo->ndo_vflag < 2)
776 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
777 break;
778 }
779
780 if (ndo->ndo_vflag > 1)
781 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
782
783 return len;
784
785 trunc:
786 ND_PRINT("[|lcp]");
787 return 0;
788 }
789
790 /* ML-PPP*/
791 static const struct tok ppp_ml_flag_values[] = {
792 { 0x80, "begin" },
793 { 0x40, "end" },
794 { 0, NULL }
795 };
796
797 static void
798 handle_mlppp(netdissect_options *ndo,
799 const u_char *p, u_int length)
800 {
801 if (!ndo->ndo_eflag)
802 ND_PRINT("MLPPP, ");
803
804 if (length < 2) {
805 ND_PRINT("[|mlppp]");
806 return;
807 }
808 if (!ND_TTEST_2(p)) {
809 ND_PRINT("[|mlppp]");
810 return;
811 }
812
813 ND_PRINT("seq 0x%03x, Flags [%s], length %u",
814 (GET_BE_U_2(p))&0x0fff,
815 /* only support 12-Bit sequence space for now */
816 bittok2str(ppp_ml_flag_values, "none", GET_U_1(p) & 0xc0),
817 length);
818 }
819
820 /* CHAP */
821 static void
822 handle_chap(netdissect_options *ndo,
823 const u_char *p, u_int length)
824 {
825 u_int code, len;
826 u_int val_size, name_size, msg_size;
827 const u_char *p0;
828 u_int i;
829
830 p0 = p;
831 if (length < 1) {
832 ND_PRINT("[|chap]");
833 return;
834 } else if (length < 4) {
835 ND_PRINT("[|chap 0x%02x]", GET_U_1(p));
836 return;
837 }
838
839 code = GET_U_1(p);
840 ND_PRINT("CHAP, %s (0x%02x)",
841 tok2str(chapcode_values,"unknown",code),
842 code);
843 p++;
844
845 ND_PRINT(", id %u", GET_U_1(p)); /* ID */
846 p++;
847
848 len = GET_BE_U_2(p);
849 p += 2;
850
851 /*
852 * Note that this is a generic CHAP decoding routine. Since we
853 * don't know which flavor of CHAP (i.e. CHAP-MD5, MS-CHAPv1,
854 * MS-CHAPv2) is used at this point, we can't decode packet
855 * specifically to each algorithms. Instead, we simply decode
856 * the GCD (Greatest Common Denominator) for all algorithms.
857 */
858 switch (code) {
859 case CHAP_CHAL:
860 case CHAP_RESP:
861 if (length - (p - p0) < 1)
862 return;
863 val_size = GET_U_1(p); /* value size */
864 p++;
865 if (length - (p - p0) < val_size)
866 return;
867 ND_PRINT(", Value ");
868 for (i = 0; i < val_size; i++) {
869 ND_PRINT("%02x", GET_U_1(p));
870 p++;
871 }
872 name_size = len - (u_int)(p - p0);
873 ND_PRINT(", Name ");
874 for (i = 0; i < name_size; i++) {
875 fn_print_char(ndo, GET_U_1(p));
876 p++;
877 }
878 break;
879 case CHAP_SUCC:
880 case CHAP_FAIL:
881 msg_size = len - (u_int)(p - p0);
882 ND_PRINT(", Msg ");
883 for (i = 0; i< msg_size; i++) {
884 fn_print_char(ndo, GET_U_1(p));
885 p++;
886 }
887 break;
888 }
889 }
890
891 /* PAP (see RFC 1334) */
892 static void
893 handle_pap(netdissect_options *ndo,
894 const u_char *p, u_int length)
895 {
896 u_int code, len;
897 u_int peerid_len, passwd_len, msg_len;
898 const u_char *p0;
899 u_int i;
900
901 p0 = p;
902 if (length < 1) {
903 ND_PRINT("[|pap]");
904 return;
905 } else if (length < 4) {
906 ND_PRINT("[|pap 0x%02x]", GET_U_1(p));
907 return;
908 }
909
910 code = GET_U_1(p);
911 ND_PRINT("PAP, %s (0x%02x)",
912 tok2str(papcode_values, "unknown", code),
913 code);
914 p++;
915
916 ND_PRINT(", id %u", GET_U_1(p)); /* ID */
917 p++;
918
919 len = GET_BE_U_2(p);
920 p += 2;
921
922 if (len > length) {
923 ND_PRINT(", length %u > packet size", len);
924 return;
925 }
926 length = len;
927 if (length < (size_t)(p - p0)) {
928 ND_PRINT(", length %u < PAP header length", length);
929 return;
930 }
931
932 switch (code) {
933 case PAP_AREQ:
934 /* A valid Authenticate-Request is 6 or more octets long. */
935 if (len < 6)
936 goto trunc;
937 if (length - (p - p0) < 1)
938 return;
939 peerid_len = GET_U_1(p); /* Peer-ID Length */
940 p++;
941 if (length - (p - p0) < peerid_len)
942 return;
943 ND_PRINT(", Peer ");
944 for (i = 0; i < peerid_len; i++) {
945 fn_print_char(ndo, GET_U_1(p));
946 p++;
947 }
948
949 if (length - (p - p0) < 1)
950 return;
951 passwd_len = GET_U_1(p); /* Password Length */
952 p++;
953 if (length - (p - p0) < passwd_len)
954 return;
955 ND_PRINT(", Name ");
956 for (i = 0; i < passwd_len; i++) {
957 fn_print_char(ndo, GET_U_1(p));
958 p++;
959 }
960 break;
961 case PAP_AACK:
962 case PAP_ANAK:
963 /* Although some implementations ignore truncation at
964 * this point and at least one generates a truncated
965 * packet, RFC 1334 section 2.2.2 clearly states that
966 * both AACK and ANAK are at least 5 bytes long.
967 */
968 if (len < 5)
969 goto trunc;
970 if (length - (p - p0) < 1)
971 return;
972 msg_len = GET_U_1(p); /* Msg-Length */
973 p++;
974 if (length - (p - p0) < msg_len)
975 return;
976 ND_PRINT(", Msg ");
977 for (i = 0; i< msg_len; i++) {
978 fn_print_char(ndo, GET_U_1(p));
979 p++;
980 }
981 break;
982 }
983 return;
984
985 trunc:
986 ND_PRINT("[|pap]");
987 }
988
989 /* BAP */
990 static void
991 handle_bap(netdissect_options *ndo _U_,
992 const u_char *p _U_, u_int length _U_)
993 {
994 /* XXX: to be supported!! */
995 }
996
997
998 /* IPCP config options */
999 static u_int
1000 print_ipcp_config_options(netdissect_options *ndo,
1001 const u_char *p, u_int length)
1002 {
1003 u_int opt, len;
1004 u_int compproto, ipcomp_subopttotallen, ipcomp_subopt, ipcomp_suboptlen;
1005
1006 if (length < 2)
1007 return 0;
1008 ND_TCHECK_2(p);
1009 opt = GET_U_1(p);
1010 len = GET_U_1(p + 1);
1011 if (length < len)
1012 return 0;
1013 if (len < 2) {
1014 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1015 tok2str(ipcpopt_values,"unknown",opt),
1016 opt,
1017 len);
1018 return 0;
1019 }
1020
1021 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1022 tok2str(ipcpopt_values,"unknown",opt),
1023 opt,
1024 len);
1025
1026 switch (opt) {
1027 case IPCPOPT_2ADDR: /* deprecated */
1028 if (len != 10) {
1029 ND_PRINT(" (length bogus, should be = 10)");
1030 return len;
1031 }
1032 ND_PRINT(": src %s, dst %s",
1033 GET_IPADDR_STRING(p + 2),
1034 GET_IPADDR_STRING(p + 6));
1035 break;
1036 case IPCPOPT_IPCOMP:
1037 if (len < 4) {
1038 ND_PRINT(" (length bogus, should be >= 4)");
1039 return 0;
1040 }
1041 compproto = GET_BE_U_2(p + 2);
1042
1043 ND_PRINT(": %s (0x%02x):",
1044 tok2str(ipcpopt_compproto_values, "Unknown", compproto),
1045 compproto);
1046
1047 switch (compproto) {
1048 case PPP_VJC:
1049 /* XXX: VJ-Comp parameters should be decoded */
1050 break;
1051 case IPCPOPT_IPCOMP_HDRCOMP:
1052 if (len < IPCPOPT_IPCOMP_MINLEN) {
1053 ND_PRINT(" (length bogus, should be >= %u)",
1054 IPCPOPT_IPCOMP_MINLEN);
1055 return 0;
1056 }
1057
1058 ND_TCHECK_LEN(p + 2, IPCPOPT_IPCOMP_MINLEN);
1059 ND_PRINT("\n\t TCP Space %u, non-TCP Space %u"
1060 ", maxPeriod %u, maxTime %u, maxHdr %u",
1061 GET_BE_U_2(p + 4),
1062 GET_BE_U_2(p + 6),
1063 GET_BE_U_2(p + 8),
1064 GET_BE_U_2(p + 10),
1065 GET_BE_U_2(p + 12));
1066
1067 /* suboptions present ? */
1068 if (len > IPCPOPT_IPCOMP_MINLEN) {
1069 ipcomp_subopttotallen = len - IPCPOPT_IPCOMP_MINLEN;
1070 p += IPCPOPT_IPCOMP_MINLEN;
1071
1072 ND_PRINT("\n\t Suboptions, length %u", ipcomp_subopttotallen);
1073
1074 while (ipcomp_subopttotallen >= 2) {
1075 ND_TCHECK_2(p);
1076 ipcomp_subopt = GET_U_1(p);
1077 ipcomp_suboptlen = GET_U_1(p + 1);
1078
1079 /* sanity check */
1080 if (ipcomp_subopt == 0 ||
1081 ipcomp_suboptlen == 0 )
1082 break;
1083
1084 /* XXX: just display the suboptions for now */
1085 ND_PRINT("\n\t\t%s Suboption #%u, length %u",
1086 tok2str(ipcpopt_compproto_subopt_values,
1087 "Unknown",
1088 ipcomp_subopt),
1089 ipcomp_subopt,
1090 ipcomp_suboptlen);
1091 if (ipcomp_subopttotallen < ipcomp_suboptlen) {
1092 ND_PRINT(" [remaining suboptions length %u < %u]",
1093 ipcomp_subopttotallen, ipcomp_suboptlen);
1094 nd_print_invalid(ndo);
1095 break;
1096 }
1097 ipcomp_subopttotallen -= ipcomp_suboptlen;
1098 p += ipcomp_suboptlen;
1099 }
1100 }
1101 break;
1102 default:
1103 break;
1104 }
1105 break;
1106
1107 case IPCPOPT_ADDR: /* those options share the same format - fall through */
1108 case IPCPOPT_MOBILE4:
1109 case IPCPOPT_PRIDNS:
1110 case IPCPOPT_PRINBNS:
1111 case IPCPOPT_SECDNS:
1112 case IPCPOPT_SECNBNS:
1113 if (len != 6) {
1114 ND_PRINT(" (length bogus, should be = 6)");
1115 return 0;
1116 }
1117 ND_PRINT(": %s", GET_IPADDR_STRING(p + 2));
1118 break;
1119 default:
1120 /*
1121 * Unknown option; dump it as raw bytes now if we're
1122 * not going to do so below.
1123 */
1124 if (ndo->ndo_vflag < 2)
1125 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1126 break;
1127 }
1128 if (ndo->ndo_vflag > 1 && ND_TTEST_LEN(p + 2, len - 2))
1129 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1130 return len;
1131
1132 trunc:
1133 ND_PRINT("[|ipcp]");
1134 return 0;
1135 }
1136
1137 /* IP6CP config options */
1138 static u_int
1139 print_ip6cp_config_options(netdissect_options *ndo,
1140 const u_char *p, u_int length)
1141 {
1142 u_int opt, len;
1143
1144 if (length < 2)
1145 return 0;
1146 ND_TCHECK_2(p);
1147 opt = GET_U_1(p);
1148 len = GET_U_1(p + 1);
1149 if (length < len)
1150 return 0;
1151 if (len < 2) {
1152 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1153 tok2str(ip6cpopt_values,"unknown",opt),
1154 opt,
1155 len);
1156 return 0;
1157 }
1158
1159 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1160 tok2str(ip6cpopt_values,"unknown",opt),
1161 opt,
1162 len);
1163
1164 switch (opt) {
1165 case IP6CP_IFID:
1166 if (len != 10) {
1167 ND_PRINT(" (length bogus, should be = 10)");
1168 return len;
1169 }
1170 ND_TCHECK_8(p + 2);
1171 ND_PRINT(": %04x:%04x:%04x:%04x",
1172 GET_BE_U_2(p + 2),
1173 GET_BE_U_2(p + 4),
1174 GET_BE_U_2(p + 6),
1175 GET_BE_U_2(p + 8));
1176 break;
1177 default:
1178 /*
1179 * Unknown option; dump it as raw bytes now if we're
1180 * not going to do so below.
1181 */
1182 if (ndo->ndo_vflag < 2)
1183 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1184 break;
1185 }
1186 if (ndo->ndo_vflag > 1)
1187 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1188
1189 return len;
1190
1191 trunc:
1192 ND_PRINT("[|ip6cp]");
1193 return 0;
1194 }
1195
1196
1197 /* CCP config options */
1198 static u_int
1199 print_ccp_config_options(netdissect_options *ndo,
1200 const u_char *p, u_int length)
1201 {
1202 u_int opt, len;
1203
1204 if (length < 2)
1205 return 0;
1206 ND_TCHECK_2(p);
1207 opt = GET_U_1(p);
1208 len = GET_U_1(p + 1);
1209 if (length < len)
1210 return 0;
1211 if (len < 2) {
1212 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1213 tok2str(ccpconfopts_values, "Unknown", opt),
1214 opt,
1215 len);
1216 return 0;
1217 }
1218
1219 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1220 tok2str(ccpconfopts_values, "Unknown", opt),
1221 opt,
1222 len);
1223
1224 switch (opt) {
1225 case CCPOPT_BSDCOMP:
1226 if (len < 3) {
1227 ND_PRINT(" (length bogus, should be >= 3)");
1228 return len;
1229 }
1230 ND_PRINT(": Version: %u, Dictionary Bits: %u",
1231 GET_U_1(p + 2) >> 5,
1232 GET_U_1(p + 2) & 0x1f);
1233 break;
1234 case CCPOPT_MVRCA:
1235 if (len < 4) {
1236 ND_PRINT(" (length bogus, should be >= 4)");
1237 return len;
1238 }
1239 ND_PRINT(": Features: %u, PxP: %s, History: %u, #CTX-ID: %u",
1240 (GET_U_1(p + 2) & 0xc0) >> 6,
1241 (GET_U_1(p + 2) & 0x20) ? "Enabled" : "Disabled",
1242 GET_U_1(p + 2) & 0x1f,
1243 GET_U_1(p + 3));
1244 break;
1245 case CCPOPT_DEFLATE:
1246 if (len < 4) {
1247 ND_PRINT(" (length bogus, should be >= 4)");
1248 return len;
1249 }
1250 ND_PRINT(": Window: %uK, Method: %s (0x%x), MBZ: %u, CHK: %u",
1251 (GET_U_1(p + 2) & 0xf0) >> 4,
1252 ((GET_U_1(p + 2) & 0x0f) == 8) ? "zlib" : "unknown",
1253 GET_U_1(p + 2) & 0x0f,
1254 (GET_U_1(p + 3) & 0xfc) >> 2,
1255 GET_U_1(p + 3) & 0x03);
1256 break;
1257
1258 /* XXX: to be supported */
1259 #if 0
1260 case CCPOPT_OUI:
1261 case CCPOPT_PRED1:
1262 case CCPOPT_PRED2:
1263 case CCPOPT_PJUMP:
1264 case CCPOPT_HPPPC:
1265 case CCPOPT_STACLZS:
1266 case CCPOPT_MPPC:
1267 case CCPOPT_GFZA:
1268 case CCPOPT_V42BIS:
1269 case CCPOPT_LZSDCP:
1270 case CCPOPT_DEC:
1271 case CCPOPT_RESV:
1272 break;
1273 #endif
1274 default:
1275 /*
1276 * Unknown option; dump it as raw bytes now if we're
1277 * not going to do so below.
1278 */
1279 if (ndo->ndo_vflag < 2)
1280 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1281 break;
1282 }
1283 if (ndo->ndo_vflag > 1)
1284 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1285
1286 return len;
1287
1288 trunc:
1289 ND_PRINT("[|ccp]");
1290 return 0;
1291 }
1292
1293 /* BACP config options */
1294 static u_int
1295 print_bacp_config_options(netdissect_options *ndo,
1296 const u_char *p, u_int length)
1297 {
1298 u_int opt, len;
1299
1300 if (length < 2)
1301 return 0;
1302 ND_TCHECK_2(p);
1303 opt = GET_U_1(p);
1304 len = GET_U_1(p + 1);
1305 if (length < len)
1306 return 0;
1307 if (len < 2) {
1308 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1309 tok2str(bacconfopts_values, "Unknown", opt),
1310 opt,
1311 len);
1312 return 0;
1313 }
1314
1315 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1316 tok2str(bacconfopts_values, "Unknown", opt),
1317 opt,
1318 len);
1319
1320 switch (opt) {
1321 case BACPOPT_FPEER:
1322 if (len != 6) {
1323 ND_PRINT(" (length bogus, should be = 6)");
1324 return len;
1325 }
1326 ND_PRINT(": Magic-Num 0x%08x", GET_BE_U_4(p + 2));
1327 break;
1328 default:
1329 /*
1330 * Unknown option; dump it as raw bytes now if we're
1331 * not going to do so below.
1332 */
1333 if (ndo->ndo_vflag < 2)
1334 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1335 break;
1336 }
1337 if (ndo->ndo_vflag > 1)
1338 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1339
1340 return len;
1341
1342 trunc:
1343 ND_PRINT("[|bacp]");
1344 return 0;
1345 }
1346
1347 /*
1348 * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
1349 * The length argument is the on-the-wire length, not the captured
1350 * length; we can only un-escape the captured part.
1351 */
1352 static void
1353 ppp_hdlc(netdissect_options *ndo,
1354 const u_char *p, u_int length)
1355 {
1356 u_int caplen = ND_BYTES_AVAILABLE_AFTER(p);
1357 u_char *b, *t, c;
1358 const u_char *s;
1359 u_int i, proto;
1360
1361 if (caplen == 0)
1362 return;
1363
1364 if (length == 0)
1365 return;
1366
1367 b = (u_char *)malloc(caplen);
1368 if (b == NULL) {
1369 (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
1370 "%s: malloc", __func__);
1371 }
1372
1373 /*
1374 * Unescape all the data into a temporary, private, buffer.
1375 * Do this so that we don't overwrite the original packet
1376 * contents.
1377 */
1378 for (s = p, t = b, i = caplen; i != 0; i--) {
1379 c = GET_U_1(s);
1380 s++;
1381 if (c == 0x7d) {
1382 if (i <= 1)
1383 break;
1384 i--;
1385 c = GET_U_1(s) ^ 0x20;
1386 s++;
1387 }
1388 *t++ = c;
1389 }
1390
1391 /*
1392 * Switch to the output buffer for dissection, and save it
1393 * on the buffer stack so it can be freed; our caller must
1394 * pop it when done.
1395 */
1396 if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) {
1397 free(b);
1398 (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
1399 "%s: can't push buffer on buffer stack", __func__);
1400 }
1401 length = ND_BYTES_AVAILABLE_AFTER(b);
1402
1403 /* now lets guess about the payload codepoint format */
1404 if (length < 1)
1405 goto trunc;
1406 proto = GET_U_1(b); /* start with a one-octet codepoint guess */
1407
1408 switch (proto) {
1409 case PPP_IP:
1410 ip_print(ndo, b + 1, length - 1);
1411 goto cleanup;
1412 case PPP_IPV6:
1413 ip6_print(ndo, b + 1, length - 1);
1414 goto cleanup;
1415 default: /* no luck - try next guess */
1416 break;
1417 }
1418
1419 if (length < 2)
1420 goto trunc;
1421 proto = GET_BE_U_2(b); /* next guess - load two octets */
1422
1423 switch (proto) {
1424 case (PPP_ADDRESS << 8 | PPP_CONTROL): /* looks like a PPP frame */
1425 if (length < 4)
1426 goto trunc;
1427 proto = GET_BE_U_2(b + 2); /* load the PPP proto-id */
1428 if ((proto & 0xff00) == 0x7e00)
1429 ND_PRINT("(protocol 0x%04x invalid)", proto);
1430 else
1431 handle_ppp(ndo, proto, b + 4, length - 4);
1432 break;
1433 default: /* last guess - proto must be a PPP proto-id */
1434 if ((proto & 0xff00) == 0x7e00)
1435 ND_PRINT("(protocol 0x%04x invalid)", proto);
1436 else
1437 handle_ppp(ndo, proto, b + 2, length - 2);
1438 break;
1439 }
1440
1441 cleanup:
1442 nd_pop_packet_info(ndo);
1443 return;
1444
1445 trunc:
1446 nd_pop_packet_info(ndo);
1447 nd_print_trunc(ndo);
1448 }
1449
1450
1451 /* PPP */
1452 static void
1453 handle_ppp(netdissect_options *ndo,
1454 u_int proto, const u_char *p, u_int length)
1455 {
1456 if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */
1457 ppp_hdlc(ndo, p - 1, length);
1458 return;
1459 }
1460
1461 switch (proto) {
1462 case PPP_LCP: /* fall through */
1463 case PPP_IPCP:
1464 case PPP_OSICP:
1465 case PPP_MPLSCP:
1466 case PPP_IPV6CP:
1467 case PPP_CCP:
1468 case PPP_BACP:
1469 handle_ctrl_proto(ndo, proto, p, length);
1470 break;
1471 case PPP_ML:
1472 handle_mlppp(ndo, p, length);
1473 break;
1474 case PPP_CHAP:
1475 handle_chap(ndo, p, length);
1476 break;
1477 case PPP_PAP:
1478 handle_pap(ndo, p, length);
1479 break;
1480 case PPP_BAP: /* XXX: not yet completed */
1481 handle_bap(ndo, p, length);
1482 break;
1483 case ETHERTYPE_IP: /*XXX*/
1484 case PPP_VJNC:
1485 case PPP_IP:
1486 ip_print(ndo, p, length);
1487 break;
1488 case ETHERTYPE_IPV6: /*XXX*/
1489 case PPP_IPV6:
1490 ip6_print(ndo, p, length);
1491 break;
1492 case ETHERTYPE_IPX: /*XXX*/
1493 case PPP_IPX:
1494 ipx_print(ndo, p, length);
1495 break;
1496 case PPP_OSI:
1497 isoclns_print(ndo, p, length);
1498 break;
1499 case PPP_MPLS_UCAST:
1500 case PPP_MPLS_MCAST:
1501 mpls_print(ndo, p, length);
1502 break;
1503 case PPP_COMP:
1504 ND_PRINT("compressed PPP data");
1505 break;
1506 default:
1507 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto));
1508 print_unknown_data(ndo, p, "\n\t", length);
1509 break;
1510 }
1511 }
1512
1513 /* Standard PPP printer */
1514 u_int
1515 ppp_print(netdissect_options *ndo,
1516 const u_char *p, u_int length)
1517 {
1518 u_int proto,ppp_header;
1519 u_int olen = length; /* _o_riginal length */
1520 u_int hdr_len = 0;
1521
1522 ndo->ndo_protocol = "ppp";
1523 /*
1524 * Here, we assume that p points to the Address and Control
1525 * field (if they present).
1526 */
1527 if (length < 2)
1528 goto trunc;
1529 ppp_header = GET_BE_U_2(p);
1530
1531 switch(ppp_header) {
1532 case (PPP_PPPD_IN << 8 | PPP_CONTROL):
1533 if (ndo->ndo_eflag) ND_PRINT("In ");
1534 p += 2;
1535 length -= 2;
1536 hdr_len += 2;
1537 break;
1538 case (PPP_PPPD_OUT << 8 | PPP_CONTROL):
1539 if (ndo->ndo_eflag) ND_PRINT("Out ");
1540 p += 2;
1541 length -= 2;
1542 hdr_len += 2;
1543 break;
1544 case (PPP_ADDRESS << 8 | PPP_CONTROL):
1545 p += 2; /* ACFC not used */
1546 length -= 2;
1547 hdr_len += 2;
1548 break;
1549
1550 default:
1551 break;
1552 }
1553
1554 if (length < 2)
1555 goto trunc;
1556 if (GET_U_1(p) % 2) {
1557 proto = GET_U_1(p); /* PFC is used */
1558 p++;
1559 length--;
1560 hdr_len++;
1561 } else {
1562 proto = GET_BE_U_2(p);
1563 p += 2;
1564 length -= 2;
1565 hdr_len += 2;
1566 }
1567
1568 if (ndo->ndo_eflag) {
1569 const char *typestr;
1570 typestr = tok2str(ppptype2str, "unknown", proto);
1571 ND_PRINT("%s (0x%04x), length %u",
1572 typestr,
1573 proto,
1574 olen);
1575 if (*typestr == 'u') /* "unknown" */
1576 return hdr_len;
1577
1578 ND_PRINT(": ");
1579 }
1580
1581 handle_ppp(ndo, proto, p, length);
1582 return (hdr_len);
1583 trunc:
1584 nd_print_trunc(ndo);
1585 return (0);
1586 }
1587
1588
1589 /* PPP I/F printer */
1590 void
1591 ppp_if_print(netdissect_options *ndo,
1592 const struct pcap_pkthdr *h, const u_char *p)
1593 {
1594 u_int length = h->len;
1595 u_int caplen = h->caplen;
1596
1597 ndo->ndo_protocol = "ppp";
1598 if (caplen < PPP_HDRLEN) {
1599 nd_print_trunc(ndo);
1600 ndo->ndo_ll_hdr_len += caplen;
1601 return;
1602 }
1603 ndo->ndo_ll_hdr_len += PPP_HDRLEN;
1604
1605 #if 0
1606 /*
1607 * XXX: seems to assume that there are 2 octets prepended to an
1608 * actual PPP frame. The 1st octet looks like Input/Output flag
1609 * while 2nd octet is unknown, at least to me
1610 * (mshindo@mshindo.net).
1611 *
1612 * That was what the original tcpdump code did.
1613 *
1614 * FreeBSD's "if_ppp.c" *does* set the first octet to 1 for outbound
1615 * packets and 0 for inbound packets - but only if the
1616 * protocol field has the 0x8000 bit set (i.e., it's a network
1617 * control protocol); it does so before running the packet through
1618 * "bpf_filter" to see if it should be discarded, and to see
1619 * if we should update the time we sent the most recent packet...
1620 *
1621 * ...but it puts the original address field back after doing
1622 * so.
1623 *
1624 * NetBSD's "if_ppp.c" doesn't set the first octet in that fashion.
1625 *
1626 * I don't know if any PPP implementation handed up to a BPF
1627 * device packets with the first octet being 1 for outbound and
1628 * 0 for inbound packets, so I (guy@alum.mit.edu) don't know
1629 * whether that ever needs to be checked or not.
1630 *
1631 * Note that NetBSD has a DLT_PPP_SERIAL, which it uses for PPP,
1632 * and its tcpdump appears to assume that the frame always
1633 * begins with an address field and a control field, and that
1634 * the address field might be 0x0f or 0x8f, for Cisco
1635 * point-to-point with HDLC framing as per section 4.3.1 of RFC
1636 * 1547, as well as 0xff, for PPP in HDLC-like framing as per
1637 * RFC 1662.
1638 *
1639 * (Is the Cisco framing in question what DLT_C_HDLC, in
1640 * BSD/OS, is?)
1641 */
1642 if (ndo->ndo_eflag)
1643 ND_PRINT("%c %4d %02x ", GET_U_1(p) ? 'O' : 'I',
1644 length, GET_U_1(p + 1));
1645 #endif
1646
1647 ppp_print(ndo, p, length);
1648 }
1649
1650 /*
1651 * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
1652 * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
1653 * is being used (i.e., we don't check for PPP_ADDRESS and PPP_CONTROL,
1654 * discard them *if* those are the first two octets, and parse the remaining
1655 * packet as a PPP packet, as "ppp_print()" does).
1656 *
1657 * This handles, for example, DLT_PPP_SERIAL in NetBSD.
1658 */
1659 void
1660 ppp_hdlc_if_print(netdissect_options *ndo,
1661 const struct pcap_pkthdr *h, const u_char *p)
1662 {
1663 u_int length = h->len;
1664 u_int caplen = h->caplen;
1665 u_int proto;
1666 u_int hdrlen = 0;
1667
1668 ndo->ndo_protocol = "ppp_hdlc";
1669 if (caplen < 2) {
1670 nd_print_trunc(ndo);
1671 ndo->ndo_ll_hdr_len += caplen;
1672 return;
1673 }
1674
1675 switch (GET_U_1(p)) {
1676
1677 case PPP_ADDRESS:
1678 if (caplen < 4) {
1679 nd_print_trunc(ndo);
1680 ndo->ndo_ll_hdr_len += caplen;
1681 return;
1682 }
1683
1684 if (ndo->ndo_eflag)
1685 ND_PRINT("%02x %02x %u ", GET_U_1(p),
1686 GET_U_1(p + 1), length);
1687 p += 2;
1688 length -= 2;
1689 hdrlen += 2;
1690
1691 proto = GET_BE_U_2(p);
1692 p += 2;
1693 length -= 2;
1694 hdrlen += 2;
1695 ND_PRINT("%s: ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto));
1696
1697 handle_ppp(ndo, proto, p, length);
1698 break;
1699
1700 case CHDLC_UNICAST:
1701 case CHDLC_BCAST:
1702 chdlc_if_print(ndo, h, p);
1703 return;
1704
1705 default:
1706 if (caplen < 4) {
1707 nd_print_trunc(ndo);
1708 ndo->ndo_ll_hdr_len += caplen;
1709 return;
1710 }
1711
1712 if (ndo->ndo_eflag)
1713 ND_PRINT("%02x %02x %u ", GET_U_1(p),
1714 GET_U_1(p + 1), length);
1715 p += 2;
1716 hdrlen += 2;
1717
1718 /*
1719 * XXX - NetBSD's "ppp_netbsd_serial_if_print()" treats
1720 * the next two octets as an Ethernet type; does that
1721 * ever happen?
1722 */
1723 ND_PRINT("unknown addr %02x; ctrl %02x", GET_U_1(p),
1724 GET_U_1(p + 1));
1725 break;
1726 }
1727
1728 ndo->ndo_ll_hdr_len += hdrlen;
1729 }
[mirror] the TCPdump network dissector