]> The Tcpdump Group git mirrors - tcpdump/blob - print-arp.c
projects / tcpdump / blob


7cbe781628a69fd355392ee6c805a14e5222870e
[tcpdump] / print-arp.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Address Resolution Protocol (ARP) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #define ND_LONGJMP_FROM_TCHECK
33 #include "netdissect.h"
34 #include "addrtoname.h"
35 #include "ethertype.h"
36 #include "extract.h"
37
38
39 /*
40 * Address Resolution Protocol.
41 *
42 * See RFC 826 for protocol description. ARP packets are variable
43 * in size; the arphdr structure defines the fixed-length portion.
44 * Protocol type values are the same as those for 10 Mb/s Ethernet.
45 * It is followed by the variable-sized fields ar_sha, arp_spa,
46 * arp_tha and arp_tpa in that order, according to the lengths
47 * specified. Field names used correspond to RFC 826.
48 */
49 struct arp_pkthdr {
50 nd_uint16_t ar_hrd; /* format of hardware address */
51 #define ARPHRD_ETHER 1 /* ethernet hardware format */
52 #define ARPHRD_IEEE802 6 /* token-ring hardware format */
53 #define ARPHRD_ARCNET 7 /* arcnet hardware format */
54 #define ARPHRD_FRELAY 15 /* frame relay hardware format */
55 #define ARPHRD_ATM2225 19 /* ATM (RFC 2225) */
56 #define ARPHRD_STRIP 23 /* Ricochet Starmode Radio hardware format */
57 #define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */
58 #define ARPHRD_INFINIBAND 32 /* InfiniBand RFC 4391 */
59 nd_uint16_t ar_pro; /* format of protocol address */
60 nd_uint8_t ar_hln; /* length of hardware address */
61 nd_uint8_t ar_pln; /* length of protocol address */
62 nd_uint16_t ar_op; /* one of: */
63 #define ARPOP_REQUEST 1 /* request to resolve address */
64 #define ARPOP_REPLY 2 /* response to previous request */
65 #define ARPOP_REVREQUEST 3 /* request protocol address given hardware */
66 #define ARPOP_REVREPLY 4 /* response giving protocol address */
67 #define ARPOP_INVREQUEST 8 /* request to identify peer */
68 #define ARPOP_INVREPLY 9 /* response identifying peer */
69 #define ARPOP_NAK 10 /* NAK - only valif for ATM ARP */
70
71 /*
72 * The remaining fields are variable in size,
73 * according to the sizes above.
74 */
75 #ifdef COMMENT_ONLY
76 nd_byte ar_sha[]; /* sender hardware address */
77 nd_byte ar_spa[]; /* sender protocol address */
78 nd_byte ar_tha[]; /* target hardware address */
79 nd_byte ar_tpa[]; /* target protocol address */
80 #endif
81 #define ar_sha(ap) (((const u_char *)((ap)+1))+ 0)
82 #define ar_spa(ap) (((const u_char *)((ap)+1))+ GET_U_1((ap)->ar_hln))
83 #define ar_tha(ap) (((const u_char *)((ap)+1))+ GET_U_1((ap)->ar_hln)+GET_U_1((ap)->ar_pln))
84 #define ar_tpa(ap) (((const u_char *)((ap)+1))+2*GET_U_1((ap)->ar_hln)+GET_U_1((ap)->ar_pln))
85 };
86
87 #define ARP_HDRLEN 8
88
89 #define HRD(ap) GET_BE_U_2((ap)->ar_hrd)
90 #define HRD_LEN(ap) GET_U_1((ap)->ar_hln)
91 #define PROTO_LEN(ap) GET_U_1((ap)->ar_pln)
92 #define OP(ap) GET_BE_U_2((ap)->ar_op)
93 #define PRO(ap) GET_BE_U_2((ap)->ar_pro)
94 #define SHA(ap) (ar_sha(ap))
95 #define SPA(ap) (ar_spa(ap))
96 #define THA(ap) (ar_tha(ap))
97 #define TPA(ap) (ar_tpa(ap))
98
99
100 static const struct tok arpop_values[] = {
101 { ARPOP_REQUEST, "Request" },
102 { ARPOP_REPLY, "Reply" },
103 { ARPOP_REVREQUEST, "Reverse Request" },
104 { ARPOP_REVREPLY, "Reverse Reply" },
105 { ARPOP_INVREQUEST, "Inverse Request" },
106 { ARPOP_INVREPLY, "Inverse Reply" },
107 { ARPOP_NAK, "NACK Reply" },
108 { 0, NULL }
109 };
110
111 static const struct tok arphrd_values[] = {
112 { ARPHRD_ETHER, "Ethernet" },
113 { ARPHRD_IEEE802, "TokenRing" },
114 { ARPHRD_ARCNET, "ArcNet" },
115 { ARPHRD_FRELAY, "FrameRelay" },
116 { ARPHRD_STRIP, "Strip" },
117 { ARPHRD_IEEE1394, "IEEE 1394" },
118 { ARPHRD_ATM2225, "ATM" },
119 { ARPHRD_INFINIBAND, "InfiniBand" },
120 { 0, NULL }
121 };
122
123 /*
124 * ATM Address Resolution Protocol.
125 *
126 * See RFC 2225 for protocol description. ATMARP packets are similar
127 * to ARP packets, except that there are no length fields for the
128 * protocol address - instead, there are type/length fields for
129 * the ATM number and subaddress - and the hardware addresses consist
130 * of an ATM number and an ATM subaddress.
131 */
132 struct atmarp_pkthdr {
133 nd_uint16_t aar_hrd; /* format of hardware address */
134 nd_uint16_t aar_pro; /* format of protocol address */
135 nd_uint8_t aar_shtl; /* length of source ATM number */
136 nd_uint8_t aar_sstl; /* length of source ATM subaddress */
137 #define ATMARP_IS_E164 0x40 /* bit in type/length for E.164 format */
138 #define ATMARP_LEN_MASK 0x3F /* length of {sub}address in type/length */
139 nd_uint16_t aar_op; /* same as regular ARP */
140 nd_uint8_t aar_spln; /* length of source protocol address */
141 nd_uint8_t aar_thtl; /* length of target ATM number */
142 nd_uint8_t aar_tstl; /* length of target ATM subaddress */
143 nd_uint8_t aar_tpln; /* length of target protocol address */
144 /*
145 * The remaining fields are variable in size,
146 * according to the sizes above.
147 */
148 #ifdef COMMENT_ONLY
149 nd_byte aar_sha[]; /* source ATM number */
150 nd_byte aar_ssa[]; /* source ATM subaddress */
151 nd_byte aar_spa[]; /* sender protocol address */
152 nd_byte aar_tha[]; /* target ATM number */
153 nd_byte aar_tsa[]; /* target ATM subaddress */
154 nd_byte aar_tpa[]; /* target protocol address */
155 #endif
156
157 #define ATMHRD(ap) GET_BE_U_2((ap)->aar_hrd)
158 #define ATMSHRD_LEN(ap) (GET_U_1((ap)->aar_shtl) & ATMARP_LEN_MASK)
159 #define ATMSSLN(ap) (GET_U_1((ap)->aar_sstl) & ATMARP_LEN_MASK)
160 #define ATMSPROTO_LEN(ap) GET_U_1((ap)->aar_spln)
161 #define ATMOP(ap) GET_BE_U_2((ap)->aar_op)
162 #define ATMPRO(ap) GET_BE_U_2((ap)->aar_pro)
163 #define ATMTHRD_LEN(ap) (GET_U_1((ap)->aar_thtl) & ATMARP_LEN_MASK)
164 #define ATMTSLN(ap) (GET_U_1((ap)->aar_tstl) & ATMARP_LEN_MASK)
165 #define ATMTPROTO_LEN(ap) GET_U_1((ap)->aar_tpln)
166 #define aar_sha(ap) ((const u_char *)((ap)+1))
167 #define aar_ssa(ap) (aar_sha(ap) + ATMSHRD_LEN(ap))
168 #define aar_spa(ap) (aar_ssa(ap) + ATMSSLN(ap))
169 #define aar_tha(ap) (aar_spa(ap) + ATMSPROTO_LEN(ap))
170 #define aar_tsa(ap) (aar_tha(ap) + ATMTHRD_LEN(ap))
171 #define aar_tpa(ap) (aar_tsa(ap) + ATMTSLN(ap))
172 };
173
174 #define ATMSHA(ap) (aar_sha(ap))
175 #define ATMSSA(ap) (aar_ssa(ap))
176 #define ATMSPA(ap) (aar_spa(ap))
177 #define ATMTHA(ap) (aar_tha(ap))
178 #define ATMTSA(ap) (aar_tsa(ap))
179 #define ATMTPA(ap) (aar_tpa(ap))
180
181 static int
182 isnonzero(netdissect_options *ndo, const u_char *a, size_t len)
183 {
184 while (len > 0) {
185 if (GET_U_1(a) != 0)
186 return (1);
187 a++;
188 len--;
189 }
190 return (0);
191 }
192
193 static void
194 tpaddr_print_ip(netdissect_options *ndo,
195 const struct arp_pkthdr *ap, u_short pro)
196 {
197 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
198 ND_PRINT("<wrong proto type>");
199 else if (PROTO_LEN(ap) != 4)
200 ND_PRINT("<wrong len>");
201 else
202 ND_PRINT("%s", GET_IPADDR_STRING(TPA(ap)));
203 }
204
205 static void
206 spaddr_print_ip(netdissect_options *ndo,
207 const struct arp_pkthdr *ap, u_short pro)
208 {
209 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
210 ND_PRINT("<wrong proto type>");
211 else if (PROTO_LEN(ap) != 4)
212 ND_PRINT("<wrong len>");
213 else
214 ND_PRINT("%s", GET_IPADDR_STRING(SPA(ap)));
215 }
216
217 static void
218 atmarp_addr_print(netdissect_options *ndo,
219 const u_char *ha, u_int ha_len, const u_char *srca,
220 u_int srca_len)
221 {
222 if (ha_len == 0)
223 ND_PRINT("<No address>");
224 else {
225 ND_PRINT("%s", GET_LINKADDR_STRING(ha, LINKADDR_ATM, ha_len));
226 if (srca_len != 0)
227 ND_PRINT(",%s",
228 GET_LINKADDR_STRING(srca, LINKADDR_ATM, srca_len));
229 }
230 }
231
232 static void
233 atmarp_tpaddr_print(netdissect_options *ndo,
234 const struct atmarp_pkthdr *ap, u_short pro)
235 {
236 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
237 ND_PRINT("<wrong proto type>");
238 else if (ATMTPROTO_LEN(ap) != 4)
239 ND_PRINT("<wrong tplen>");
240 else
241 ND_PRINT("%s", GET_IPADDR_STRING(ATMTPA(ap)));
242 }
243
244 static void
245 atmarp_spaddr_print(netdissect_options *ndo,
246 const struct atmarp_pkthdr *ap, u_short pro)
247 {
248 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
249 ND_PRINT("<wrong proto type>");
250 else if (ATMSPROTO_LEN(ap) != 4)
251 ND_PRINT("<wrong splen>");
252 else
253 ND_PRINT("%s", GET_IPADDR_STRING(ATMSPA(ap)));
254 }
255
256 static void
257 atmarp_print(netdissect_options *ndo,
258 const u_char *bp, u_int length, u_int caplen)
259 {
260 const struct atmarp_pkthdr *ap;
261 u_short pro, hrd, op;
262
263 ap = (const struct atmarp_pkthdr *)bp;
264 ND_TCHECK_SIZE(ap);
265
266 hrd = ATMHRD(ap);
267 pro = ATMPRO(ap);
268 op = ATMOP(ap);
269
270 ND_TCHECK_LEN(ATMTPA(ap), ATMTPROTO_LEN(ap));
271
272 if (!ndo->ndo_eflag) {
273 ND_PRINT("ARP, ");
274 }
275
276 if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) ||
277 ATMSPROTO_LEN(ap) != 4 ||
278 ATMTPROTO_LEN(ap) != 4 ||
279 ndo->ndo_vflag) {
280 ND_PRINT("%s, %s (len %u/%u)",
281 tok2str(arphrd_values, "Unknown Hardware (%u)", hrd),
282 tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro),
283 ATMSPROTO_LEN(ap),
284 ATMTPROTO_LEN(ap));
285
286 /* don't know about the address formats */
287 if (!ndo->ndo_vflag) {
288 goto out;
289 }
290 }
291
292 /* print operation */
293 ND_PRINT("%s%s ",
294 ndo->ndo_vflag ? ", " : "",
295 tok2str(arpop_values, "Unknown (%u)", op));
296
297 switch (op) {
298
299 case ARPOP_REQUEST:
300 ND_PRINT("who-has ");
301 atmarp_tpaddr_print(ndo, ap, pro);
302 if (ATMTHRD_LEN(ap) != 0) {
303 ND_PRINT(" (");
304 atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap),
305 ATMTSA(ap), ATMTSLN(ap));
306 ND_PRINT(")");
307 }
308 ND_PRINT(" tell ");
309 atmarp_spaddr_print(ndo, ap, pro);
310 break;
311
312 case ARPOP_REPLY:
313 atmarp_spaddr_print(ndo, ap, pro);
314 ND_PRINT(" is-at ");
315 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap),
316 ATMSSLN(ap));
317 break;
318
319 case ARPOP_INVREQUEST:
320 ND_PRINT("who-is ");
321 atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap), ATMTSA(ap),
322 ATMTSLN(ap));
323 ND_PRINT(" tell ");
324 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap),
325 ATMSSLN(ap));
326 break;
327
328 case ARPOP_INVREPLY:
329 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap),
330 ATMSSLN(ap));
331 ND_PRINT("at ");
332 atmarp_spaddr_print(ndo, ap, pro);
333 break;
334
335 case ARPOP_NAK:
336 ND_PRINT("for ");
337 atmarp_spaddr_print(ndo, ap, pro);
338 break;
339
340 default:
341 ND_DEFAULTPRINT((const u_char *)ap, caplen);
342 return;
343 }
344
345 out:
346 ND_PRINT(", length %u", length);
347 }
348
349 void
350 arp_print(netdissect_options *ndo,
351 const u_char *bp, u_int length, u_int caplen)
352 {
353 const struct arp_pkthdr *ap;
354 u_short pro, hrd, op, linkaddr;
355
356 ndo->ndo_protocol = "arp";
357 ap = (const struct arp_pkthdr *)bp;
358 ND_TCHECK_SIZE(ap);
359
360 hrd = HRD(ap);
361 pro = PRO(ap);
362 op = OP(ap);
363
364
365 /* if its ATM then call the ATM ARP printer
366 for Frame-relay ARP most of the fields
367 are similar to Ethernet so overload the Ethernet Printer
368 and set the linkaddr type for GET_LINKADDR_STRING() accordingly */
369
370 switch(hrd) {
371 case ARPHRD_ATM2225:
372 atmarp_print(ndo, bp, length, caplen);
373 return;
374 case ARPHRD_FRELAY:
375 linkaddr = LINKADDR_FRELAY;
376 break;
377 default:
378 linkaddr = LINKADDR_ETHER;
379 break;
380 }
381
382 ND_TCHECK_LEN(TPA(ap), PROTO_LEN(ap));
383
384 if (!ndo->ndo_eflag) {
385 ND_PRINT("ARP, ");
386 }
387
388 /* print hardware type/len and proto type/len */
389 if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) ||
390 PROTO_LEN(ap) != 4 ||
391 HRD_LEN(ap) == 0 ||
392 ndo->ndo_vflag) {
393 ND_PRINT("%s (len %u), %s (len %u)",
394 tok2str(arphrd_values, "Unknown Hardware (%u)", hrd),
395 HRD_LEN(ap),
396 tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro),
397 PROTO_LEN(ap));
398
399 /* don't know about the address formats */
400 if (!ndo->ndo_vflag) {
401 goto out;
402 }
403 }
404
405 /* print operation */
406 ND_PRINT("%s%s ",
407 ndo->ndo_vflag ? ", " : "",
408 tok2str(arpop_values, "Unknown (%u)", op));
409
410 switch (op) {
411
412 case ARPOP_REQUEST:
413 ND_PRINT("who-has ");
414 tpaddr_print_ip(ndo, ap, pro);
415 if (isnonzero(ndo, (const u_char *)THA(ap), HRD_LEN(ap)))
416 ND_PRINT(" (%s)",
417 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap)));
418 ND_PRINT(" tell ");
419 spaddr_print_ip(ndo, ap, pro);
420 break;
421
422 case ARPOP_REPLY:
423 spaddr_print_ip(ndo, ap, pro);
424 ND_PRINT(" is-at %s",
425 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap)));
426 break;
427
428 case ARPOP_REVREQUEST:
429 ND_PRINT("who-is %s tell %s",
430 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap)),
431 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap)));
432 break;
433
434 case ARPOP_REVREPLY:
435 ND_PRINT("%s at ",
436 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap)));
437 tpaddr_print_ip(ndo, ap, pro);
438 break;
439
440 case ARPOP_INVREQUEST:
441 ND_PRINT("who-is %s tell %s",
442 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap)),
443 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap)));
444 break;
445
446 case ARPOP_INVREPLY:
447 ND_PRINT("%s at ",
448 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap)));
449 spaddr_print_ip(ndo, ap, pro);
450 break;
451
452 default:
453 ND_DEFAULTPRINT((const u_char *)ap, caplen);
454 return;
455 }
456
457 out:
458 ND_PRINT(", length %u", length);
459 }
[mirror] the TCPdump network dissector