]> The Tcpdump Group git mirrors - tcpdump/blob - print-ether.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert "Clean a bunch of fuzzed files not to fuzz the container."
[tcpdump] / print-ether.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Ethernet printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #define ND_LONGJMP_FROM_TCHECK
31 #include "netdissect.h"
32 #include "extract.h"
33 #include "addrtoname.h"
34 #include "ethertype.h"
35
36 /*
37 * Structure of an Ethernet header.
38 */
39 struct ether_header {
40 nd_mac_addr ether_dhost;
41 nd_mac_addr ether_shost;
42 nd_uint16_t ether_length_type;
43 };
44
45 /*
46 * Length of an Ethernet header; note that some compilers may pad
47 * "struct ether_header" to a multiple of 4 bytes, for example, so
48 * "sizeof (struct ether_header)" may not give the right answer.
49 */
50 #define ETHER_HDRLEN 14
51
52 const struct tok ethertype_values[] = {
53 { ETHERTYPE_IP, "IPv4" },
54 { ETHERTYPE_MPLS, "MPLS unicast" },
55 { ETHERTYPE_MPLS_MULTI, "MPLS multicast" },
56 { ETHERTYPE_IPV6, "IPv6" },
57 { ETHERTYPE_8021Q, "802.1Q" },
58 { ETHERTYPE_8021Q9100, "802.1Q-9100" },
59 { ETHERTYPE_8021QinQ, "802.1Q-QinQ" },
60 { ETHERTYPE_8021Q9200, "802.1Q-9200" },
61 { ETHERTYPE_MACSEC, "802.1AE MACsec" },
62 { ETHERTYPE_VMAN, "VMAN" },
63 { ETHERTYPE_PUP, "PUP" },
64 { ETHERTYPE_ARP, "ARP"},
65 { ETHERTYPE_REVARP, "Reverse ARP"},
66 { ETHERTYPE_NS, "NS" },
67 { ETHERTYPE_SPRITE, "Sprite" },
68 { ETHERTYPE_TRAIL, "Trail" },
69 { ETHERTYPE_MOPDL, "MOP DL" },
70 { ETHERTYPE_MOPRC, "MOP RC" },
71 { ETHERTYPE_DN, "DN" },
72 { ETHERTYPE_LAT, "LAT" },
73 { ETHERTYPE_SCA, "SCA" },
74 { ETHERTYPE_TEB, "TEB" },
75 { ETHERTYPE_LANBRIDGE, "Lanbridge" },
76 { ETHERTYPE_DECDNS, "DEC DNS" },
77 { ETHERTYPE_DECDTS, "DEC DTS" },
78 { ETHERTYPE_VEXP, "VEXP" },
79 { ETHERTYPE_VPROD, "VPROD" },
80 { ETHERTYPE_ATALK, "Appletalk" },
81 { ETHERTYPE_AARP, "Appletalk ARP" },
82 { ETHERTYPE_IPX, "IPX" },
83 { ETHERTYPE_PPP, "PPP" },
84 { ETHERTYPE_MPCP, "MPCP" },
85 { ETHERTYPE_SLOW, "Slow Protocols" },
86 { ETHERTYPE_PPPOED, "PPPoE D" },
87 { ETHERTYPE_PPPOES, "PPPoE S" },
88 { ETHERTYPE_EAPOL, "EAPOL" },
89 { ETHERTYPE_REALTEK, "Realtek protocols" },
90 { ETHERTYPE_MS_NLB_HB, "MS NLB heartbeat" },
91 { ETHERTYPE_JUMBO, "Jumbo" },
92 { ETHERTYPE_NSH, "NSH" },
93 { ETHERTYPE_LOOPBACK, "Loopback" },
94 { ETHERTYPE_ISO, "OSI" },
95 { ETHERTYPE_GRE_ISO, "GRE-OSI" },
96 { ETHERTYPE_CFM_OLD, "CFM (old)" },
97 { ETHERTYPE_CFM, "CFM" },
98 { ETHERTYPE_IEEE1905_1, "IEEE1905.1" },
99 { ETHERTYPE_LLDP, "LLDP" },
100 { ETHERTYPE_TIPC, "TIPC"},
101 { ETHERTYPE_GEONET_OLD, "GeoNet (old)"},
102 { ETHERTYPE_GEONET, "GeoNet"},
103 { ETHERTYPE_CALM_FAST, "CALM FAST"},
104 { ETHERTYPE_AOE, "AoE" },
105 { ETHERTYPE_PTP, "PTP" },
106 { ETHERTYPE_ARISTA, "Arista Vendor Specific Protocol" },
107 { 0, NULL}
108 };
109
110 static void
111 ether_addresses_print(netdissect_options *ndo, const u_char *src,
112 const u_char *dst)
113 {
114 ND_PRINT("%s > %s, ",
115 GET_ETHERADDR_STRING(src), GET_ETHERADDR_STRING(dst));
116 }
117
118 static void
119 ether_type_print(netdissect_options *ndo, uint16_t type)
120 {
121 if (!ndo->ndo_qflag)
122 ND_PRINT("ethertype %s (0x%04x)",
123 tok2str(ethertype_values, "Unknown", type), type);
124 else
125 ND_PRINT("%s",
126 tok2str(ethertype_values, "Unknown Ethertype (0x%04x)", type));
127 }
128
129 /*
130 * Common code for printing Ethernet frames.
131 *
132 * It can handle Ethernet headers with extra tag information inserted
133 * after the destination and source addresses, as is inserted by some
134 * switch chips, and extra encapsulation header information before
135 * printing Ethernet header information (such as a LANE ID for ATM LANE).
136 */
137 static u_int
138 ether_common_print(netdissect_options *ndo, const u_char *p, u_int length,
139 u_int caplen,
140 void (*print_switch_tag)(netdissect_options *ndo, const u_char *),
141 u_int switch_tag_len,
142 void (*print_encap_header)(netdissect_options *ndo, const u_char *),
143 const u_char *encap_header_arg)
144 {
145 const struct ether_header *ehp;
146 u_int orig_length;
147 u_int hdrlen;
148 u_short length_type;
149 int printed_length;
150 int llc_hdrlen;
151 struct lladdr_info src, dst;
152
153 if (length < caplen) {
154 ND_PRINT("[length %u < caplen %u]", length, caplen);
155 nd_print_invalid(ndo);
156 return length;
157 }
158 if (caplen < ETHER_HDRLEN + switch_tag_len) {
159 nd_print_trunc(ndo);
160 return caplen;
161 }
162
163 if (print_encap_header != NULL)
164 (*print_encap_header)(ndo, encap_header_arg);
165
166 orig_length = length;
167
168 /*
169 * Get the source and destination addresses, skip past them,
170 * and print them if we're printing the link-layer header.
171 */
172 ehp = (const struct ether_header *)p;
173 src.addr = ehp->ether_shost;
174 src.addr_string = etheraddr_string;
175 dst.addr = ehp->ether_dhost;
176 dst.addr_string = etheraddr_string;
177
178 length -= 2*MAC_ADDR_LEN;
179 caplen -= 2*MAC_ADDR_LEN;
180 p += 2*MAC_ADDR_LEN;
181 hdrlen = 2*MAC_ADDR_LEN;
182
183 if (ndo->ndo_eflag)
184 ether_addresses_print(ndo, src.addr, dst.addr);
185
186 /*
187 * Print the switch tag, if we have one, and skip past it.
188 */
189 if (print_switch_tag != NULL)
190 (*print_switch_tag)(ndo, p);
191
192 length -= switch_tag_len;
193 caplen -= switch_tag_len;
194 p += switch_tag_len;
195 hdrlen += switch_tag_len;
196
197 /*
198 * Get the length/type field, skip past it, and print it
199 * if we're printing the link-layer header.
200 */
201 recurse:
202 length_type = GET_BE_U_2(p);
203
204 length -= 2;
205 caplen -= 2;
206 p += 2;
207 hdrlen += 2;
208
209 /*
210 * Process 802.1AE MACsec headers.
211 */
212 printed_length = 0;
213 if (length_type == ETHERTYPE_MACSEC) {
214 /*
215 * MACsec, aka IEEE 802.1AE-2006
216 * Print the header, and try to print the payload if it's not encrypted
217 */
218 if (ndo->ndo_eflag) {
219 ether_type_print(ndo, length_type);
220 ND_PRINT(", length %u: ", orig_length);
221 printed_length = 1;
222 }
223
224 int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen,
225 &src, &dst);
226
227 if (ret == 0) {
228 /* Payload is encrypted; print it as raw data. */
229 if (!ndo->ndo_suppress_default_print)
230 ND_DEFAULTPRINT(p, caplen);
231 return hdrlen;
232 } else if (ret > 0) {
233 /* Problem printing the header; just quit. */
234 return ret;
235 } else {
236 /*
237 * Keep processing type/length fields.
238 */
239 length_type = GET_BE_U_2(p);
240
241 ND_ICHECK_U(caplen, <, 2);
242 length -= 2;
243 caplen -= 2;
244 p += 2;
245 hdrlen += 2;
246 }
247 }
248
249 /*
250 * Process VLAN tag types.
251 */
252 while (length_type == ETHERTYPE_8021Q ||
253 length_type == ETHERTYPE_8021Q9100 ||
254 length_type == ETHERTYPE_8021Q9200 ||
255 length_type == ETHERTYPE_8021QinQ) {
256 /*
257 * It has a VLAN tag.
258 * Print VLAN information, and then go back and process
259 * the enclosed type field.
260 */
261 if (caplen < 4) {
262 ndo->ndo_protocol = "vlan";
263 nd_print_trunc(ndo);
264 return hdrlen + caplen;
265 }
266 if (length < 4) {
267 ndo->ndo_protocol = "vlan";
268 nd_print_trunc(ndo);
269 return hdrlen + length;
270 }
271 if (ndo->ndo_eflag) {
272 uint16_t tag = GET_BE_U_2(p);
273
274 ether_type_print(ndo, length_type);
275 if (!printed_length) {
276 ND_PRINT(", length %u: ", orig_length);
277 printed_length = 1;
278 } else
279 ND_PRINT(", ");
280 ND_PRINT("%s, ", ieee8021q_tci_string(tag));
281 }
282
283 length_type = GET_BE_U_2(p + 2);
284 p += 4;
285 length -= 4;
286 caplen -= 4;
287 hdrlen += 4;
288 }
289
290 /*
291 * We now have the final length/type field.
292 */
293 if (length_type <= MAX_ETHERNET_LENGTH_VAL) {
294 /*
295 * It's a length field, containing the length of the
296 * remaining payload; use it as such, as long as
297 * it's not too large (bigger than the actual payload).
298 */
299 if (length_type < length) {
300 length = length_type;
301 if (caplen > length)
302 caplen = length;
303 }
304
305 /*
306 * Cut off the snapshot length to the end of the
307 * payload.
308 */
309 nd_push_snapend(ndo, p + length);
310
311 if (ndo->ndo_eflag) {
312 ND_PRINT("802.3");
313 if (!printed_length)
314 ND_PRINT(", length %u: ", length);
315 }
316
317 /*
318 * An LLC header follows the length. Print that and
319 * higher layers.
320 */
321 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
322 if (llc_hdrlen < 0) {
323 /* packet type not known, print raw packet */
324 if (!ndo->ndo_suppress_default_print)
325 ND_DEFAULTPRINT(p, caplen);
326 llc_hdrlen = -llc_hdrlen;
327 }
328 hdrlen += llc_hdrlen;
329 nd_pop_packet_info(ndo);
330 } else if (length_type == ETHERTYPE_JUMBO) {
331 /*
332 * It's a type field, with the type for Alteon jumbo frames.
333 * See
334 *
335 * https://tools.ietf.org/html/draft-ietf-isis-ext-eth-01
336 *
337 * which indicates that, following the type field,
338 * there's an LLC header and payload.
339 */
340 /* Try to print the LLC-layer header & higher layers */
341 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
342 if (llc_hdrlen < 0) {
343 /* packet type not known, print raw packet */
344 if (!ndo->ndo_suppress_default_print)
345 ND_DEFAULTPRINT(p, caplen);
346 llc_hdrlen = -llc_hdrlen;
347 }
348 hdrlen += llc_hdrlen;
349 } else if (length_type == ETHERTYPE_ARISTA) {
350 if (caplen < 2) {
351 ND_PRINT("[|arista]");
352 return hdrlen + caplen;
353 }
354 if (length < 2) {
355 ND_PRINT("[|arista]");
356 return hdrlen + length;
357 }
358 ether_type_print(ndo, length_type);
359 ND_PRINT(", length %u: ", orig_length);
360 int bytesConsumed = arista_ethertype_print(ndo, p, length);
361 if (bytesConsumed > 0) {
362 p += bytesConsumed;
363 length -= bytesConsumed;
364 caplen -= bytesConsumed;
365 hdrlen += bytesConsumed;
366 goto recurse;
367 } else {
368 /* subtype/version not known, print raw packet */
369 if (!ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) {
370 ether_addresses_print(ndo, src.addr, dst.addr);
371 ether_type_print(ndo, length_type);
372 ND_PRINT(", length %u: ", orig_length);
373 }
374 if (!ndo->ndo_suppress_default_print)
375 ND_DEFAULTPRINT(p, caplen);
376 }
377 } else {
378 /*
379 * It's a type field with some other value.
380 */
381 if (ndo->ndo_eflag) {
382 ether_type_print(ndo, length_type);
383 if (!printed_length)
384 ND_PRINT(", length %u: ", orig_length);
385 else
386 ND_PRINT(", ");
387 }
388 if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) {
389 /* type not known, print raw packet */
390 if (!ndo->ndo_eflag) {
391 /*
392 * We didn't print the full link-layer
393 * header, as -e wasn't specified, so
394 * print only the source and destination
395 * MAC addresses and the final Ethernet
396 * type.
397 */
398 ether_addresses_print(ndo, src.addr, dst.addr);
399 ether_type_print(ndo, length_type);
400 ND_PRINT(", length %u: ", orig_length);
401 }
402
403 if (!ndo->ndo_suppress_default_print)
404 ND_DEFAULTPRINT(p, caplen);
405 }
406 }
407 invalid:
408 return hdrlen;
409 }
410
411 /*
412 * Print an Ethernet frame while specyfing a non-standard Ethernet header
413 * length.
414 * This might be encapsulated within another frame; we might be passed
415 * a pointer to a function that can print header information for that
416 * frame's protocol, and an argument to pass to that function.
417 *
418 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
419 */
420 u_int
421 ether_switch_tag_print(netdissect_options *ndo, const u_char *p, u_int length,
422 u_int caplen,
423 void (*print_switch_tag)(netdissect_options *, const u_char *),
424 u_int switch_tag_len)
425 {
426 return ether_common_print(ndo, p, length, caplen, print_switch_tag,
427 switch_tag_len, NULL, NULL);
428 }
429
430 /*
431 * Print an Ethernet frame.
432 * This might be encapsulated within another frame; we might be passed
433 * a pointer to a function that can print header information for that
434 * frame's protocol, and an argument to pass to that function.
435 *
436 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
437 */
438 u_int
439 ether_print(netdissect_options *ndo,
440 const u_char *p, u_int length, u_int caplen,
441 void (*print_encap_header)(netdissect_options *ndo, const u_char *),
442 const u_char *encap_header_arg)
443 {
444 ndo->ndo_protocol = "ether";
445 return ether_common_print(ndo, p, length, caplen, NULL, 0,
446 print_encap_header, encap_header_arg);
447 }
448
449 /*
450 * This is the top level routine of the printer. 'p' points
451 * to the ether header of the packet, 'h->len' is the length
452 * of the packet off the wire, and 'h->caplen' is the number
453 * of bytes actually captured.
454 */
455 void
456 ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
457 const u_char *p)
458 {
459 ndo->ndo_protocol = "ether";
460 ndo->ndo_ll_hdr_len +=
461 ether_print(ndo, p, h->len, h->caplen, NULL, NULL);
462 }
463
464 /*
465 * This is the top level routine of the printer. 'p' points
466 * to the ether header of the packet, 'h->len' is the length
467 * of the packet off the wire, and 'h->caplen' is the number
468 * of bytes actually captured.
469 *
470 * This is for DLT_NETANALYZER, which has a 4-byte pseudo-header
471 * before the Ethernet header.
472 */
473 void
474 netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
475 const u_char *p)
476 {
477 /*
478 * Fail if we don't have enough data for the Hilscher pseudo-header.
479 */
480 ndo->ndo_protocol = "netanalyzer";
481 ND_TCHECK_LEN(p, 4);
482
483 /* Skip the pseudo-header. */
484 ndo->ndo_ll_hdr_len += 4;
485 ndo->ndo_ll_hdr_len +=
486 ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL);
487 }
488
489 /*
490 * This is the top level routine of the printer. 'p' points
491 * to the ether header of the packet, 'h->len' is the length
492 * of the packet off the wire, and 'h->caplen' is the number
493 * of bytes actually captured.
494 *
495 * This is for DLT_NETANALYZER_TRANSPARENT, which has a 4-byte
496 * pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF
497 * before the Ethernet header.
498 */
499 void
500 netanalyzer_transparent_if_print(netdissect_options *ndo,
501 const struct pcap_pkthdr *h,
502 const u_char *p)
503 {
504 /*
505 * Fail if we don't have enough data for the Hilscher pseudo-header,
506 * preamble, and SOF.
507 */
508 ndo->ndo_protocol = "netanalyzer_transparent";
509 ND_TCHECK_LEN(p, 12);
510
511 /* Skip the pseudo-header, preamble, and SOF. */
512 ndo->ndo_ll_hdr_len += 12;
513 ndo->ndo_ll_hdr_len +=
514 ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL);
515 }
516
517 /*
518 * Prints the packet payload, given an Ethernet type code for the payload's
519 * protocol.
520 *
521 * Returns non-zero if it can do so, zero if the ethertype is unknown.
522 */
523
524 int
525 ethertype_print(netdissect_options *ndo,
526 u_short ether_type, const u_char *p,
527 u_int length, u_int caplen,
528 const struct lladdr_info *src, const struct lladdr_info *dst)
529 {
530 switch (ether_type) {
531
532 case ETHERTYPE_IP:
533 ip_print(ndo, p, length);
534 return (1);
535
536 case ETHERTYPE_IPV6:
537 ip6_print(ndo, p, length);
538 return (1);
539
540 case ETHERTYPE_ARP:
541 case ETHERTYPE_REVARP:
542 arp_print(ndo, p, length, caplen);
543 return (1);
544
545 case ETHERTYPE_DN:
546 decnet_print(ndo, p, length, caplen);
547 return (1);
548
549 case ETHERTYPE_ATALK:
550 if (ndo->ndo_vflag)
551 ND_PRINT("et1 ");
552 atalk_print(ndo, p, length);
553 return (1);
554
555 case ETHERTYPE_AARP:
556 aarp_print(ndo, p, length);
557 return (1);
558
559 case ETHERTYPE_IPX:
560 ND_PRINT("(NOV-ETHII) ");
561 ipx_print(ndo, p, length);
562 return (1);
563
564 case ETHERTYPE_ISO:
565 if (length == 0 || caplen == 0) {
566 ndo->ndo_protocol = "isoclns";
567 nd_print_trunc(ndo);
568 return (1);
569 }
570 /* At least one byte is required */
571 /* FIXME: Reference for this byte? */
572 ND_TCHECK_1(p);
573 isoclns_print(ndo, p + 1, length - 1);
574 return(1);
575
576 case ETHERTYPE_PPPOED:
577 case ETHERTYPE_PPPOES:
578 case ETHERTYPE_PPPOED2:
579 case ETHERTYPE_PPPOES2:
580 pppoe_print(ndo, p, length);
581 return (1);
582
583 case ETHERTYPE_EAPOL:
584 eapol_print(ndo, p);
585 return (1);
586
587 case ETHERTYPE_REALTEK:
588 rtl_print(ndo, p, length, src, dst);
589 return (1);
590
591 case ETHERTYPE_PPP:
592 if (length) {
593 ND_PRINT(": ");
594 ppp_print(ndo, p, length);
595 }
596 return (1);
597
598 case ETHERTYPE_MPCP:
599 mpcp_print(ndo, p, length);
600 return (1);
601
602 case ETHERTYPE_SLOW:
603 slow_print(ndo, p, length);
604 return (1);
605
606 case ETHERTYPE_CFM:
607 case ETHERTYPE_CFM_OLD:
608 cfm_print(ndo, p, length);
609 return (1);
610
611 case ETHERTYPE_LLDP:
612 lldp_print(ndo, p, length);
613 return (1);
614
615 case ETHERTYPE_NSH:
616 nsh_print(ndo, p, length);
617 return (1);
618
619 case ETHERTYPE_LOOPBACK:
620 loopback_print(ndo, p, length);
621 return (1);
622
623 case ETHERTYPE_MPLS:
624 case ETHERTYPE_MPLS_MULTI:
625 mpls_print(ndo, p, length);
626 return (1);
627
628 case ETHERTYPE_TIPC:
629 tipc_print(ndo, p, length, caplen);
630 return (1);
631
632 case ETHERTYPE_MS_NLB_HB:
633 msnlb_print(ndo, p);
634 return (1);
635
636 case ETHERTYPE_GEONET_OLD:
637 case ETHERTYPE_GEONET:
638 geonet_print(ndo, p, length, src);
639 return (1);
640
641 case ETHERTYPE_CALM_FAST:
642 calm_fast_print(ndo, p, length, src);
643 return (1);
644
645 case ETHERTYPE_AOE:
646 aoe_print(ndo, p, length);
647 return (1);
648
649 case ETHERTYPE_PTP:
650 ptp_print(ndo, p, length);
651 return (1);
652
653 case ETHERTYPE_LAT:
654 case ETHERTYPE_SCA:
655 case ETHERTYPE_MOPRC:
656 case ETHERTYPE_MOPDL:
657 case ETHERTYPE_IEEE1905_1:
658 /* default_print for now */
659 default:
660 return (0);
661 }
662 }
[mirror] the TCPdump network dissector