]> The Tcpdump Group git mirrors - tcpdump/blob - print-ppp.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #492 from vel21ripn/nflog-print
[tcpdump] / print-ppp.c
1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Extensively modified by Motonori Shindo (mshindo@mshindo.net) for more
22 * complete PPP support.
23 */
24
25 /* \summary: Point to Point Protocol (PPP) printer */
26
27 /*
28 * TODO:
29 * o resolve XXX as much as possible
30 * o MP support
31 * o BAP support
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 #include "netdissect-stdinc.h"
39
40 #ifdef __bsdi__
41 #include <net/slcompress.h>
42 #include <net/if_ppp.h>
43 #endif
44
45 #include <stdlib.h>
46
47 #include "netdissect.h"
48 #include "extract.h"
49 #include "addrtoname.h"
50 #include "ppp.h"
51 #include "chdlc.h"
52 #include "ethertype.h"
53 #include "oui.h"
54 #include "netdissect-alloc.h"
55
56 /*
57 * The following constants are defined by IANA. Please refer to
58 * https://www.isi.edu/in-notes/iana/assignments/ppp-numbers
59 * for the up-to-date information.
60 */
61
62 /* Protocol Codes defined in ppp.h */
63
64 static const struct tok ppptype2str[] = {
65 { PPP_IP, "IP" },
66 { PPP_OSI, "OSI" },
67 { PPP_NS, "NS" },
68 { PPP_DECNET, "DECNET" },
69 { PPP_APPLE, "APPLE" },
70 { PPP_IPX, "IPX" },
71 { PPP_VJC, "VJC IP" },
72 { PPP_VJNC, "VJNC IP" },
73 { PPP_BRPDU, "BRPDU" },
74 { PPP_STII, "STII" },
75 { PPP_VINES, "VINES" },
76 { PPP_MPLS_UCAST, "MPLS" },
77 { PPP_MPLS_MCAST, "MPLS" },
78 { PPP_COMP, "Compressed"},
79 { PPP_ML, "MLPPP"},
80 { PPP_IPV6, "IP6"},
81
82 { PPP_HELLO, "HELLO" },
83 { PPP_LUXCOM, "LUXCOM" },
84 { PPP_SNS, "SNS" },
85 { PPP_IPCP, "IPCP" },
86 { PPP_OSICP, "OSICP" },
87 { PPP_NSCP, "NSCP" },
88 { PPP_DECNETCP, "DECNETCP" },
89 { PPP_APPLECP, "APPLECP" },
90 { PPP_IPXCP, "IPXCP" },
91 { PPP_STIICP, "STIICP" },
92 { PPP_VINESCP, "VINESCP" },
93 { PPP_IPV6CP, "IP6CP" },
94 { PPP_MPLSCP, "MPLSCP" },
95
96 { PPP_LCP, "LCP" },
97 { PPP_PAP, "PAP" },
98 { PPP_LQM, "LQM" },
99 { PPP_CHAP, "CHAP" },
100 { PPP_EAP, "EAP" },
101 { PPP_SPAP, "SPAP" },
102 { PPP_SPAP_OLD, "Old-SPAP" },
103 { PPP_BACP, "BACP" },
104 { PPP_BAP, "BAP" },
105 { PPP_MPCP, "MLPPP-CP" },
106 { PPP_CCP, "CCP" },
107 { 0, NULL }
108 };
109
110 /* Control Protocols (LCP/IPCP/CCP etc.) Codes defined in RFC 1661 */
111
112 #define CPCODES_VEXT 0 /* Vendor-Specific (RFC2153) */
113 #define CPCODES_CONF_REQ 1 /* Configure-Request */
114 #define CPCODES_CONF_ACK 2 /* Configure-Ack */
115 #define CPCODES_CONF_NAK 3 /* Configure-Nak */
116 #define CPCODES_CONF_REJ 4 /* Configure-Reject */
117 #define CPCODES_TERM_REQ 5 /* Terminate-Request */
118 #define CPCODES_TERM_ACK 6 /* Terminate-Ack */
119 #define CPCODES_CODE_REJ 7 /* Code-Reject */
120 #define CPCODES_PROT_REJ 8 /* Protocol-Reject (LCP only) */
121 #define CPCODES_ECHO_REQ 9 /* Echo-Request (LCP only) */
122 #define CPCODES_ECHO_RPL 10 /* Echo-Reply (LCP only) */
123 #define CPCODES_DISC_REQ 11 /* Discard-Request (LCP only) */
124 #define CPCODES_ID 12 /* Identification (LCP only) RFC1570 */
125 #define CPCODES_TIME_REM 13 /* Time-Remaining (LCP only) RFC1570 */
126 #define CPCODES_RESET_REQ 14 /* Reset-Request (CCP only) RFC1962 */
127 #define CPCODES_RESET_REP 15 /* Reset-Reply (CCP only) */
128
129 static const struct tok cpcodes[] = {
130 {CPCODES_VEXT, "Vendor-Extension"}, /* RFC2153 */
131 {CPCODES_CONF_REQ, "Conf-Request"},
132 {CPCODES_CONF_ACK, "Conf-Ack"},
133 {CPCODES_CONF_NAK, "Conf-Nack"},
134 {CPCODES_CONF_REJ, "Conf-Reject"},
135 {CPCODES_TERM_REQ, "Term-Request"},
136 {CPCODES_TERM_ACK, "Term-Ack"},
137 {CPCODES_CODE_REJ, "Code-Reject"},
138 {CPCODES_PROT_REJ, "Prot-Reject"},
139 {CPCODES_ECHO_REQ, "Echo-Request"},
140 {CPCODES_ECHO_RPL, "Echo-Reply"},
141 {CPCODES_DISC_REQ, "Disc-Req"},
142 {CPCODES_ID, "Ident"}, /* RFC1570 */
143 {CPCODES_TIME_REM, "Time-Rem"}, /* RFC1570 */
144 {CPCODES_RESET_REQ, "Reset-Req"}, /* RFC1962 */
145 {CPCODES_RESET_REP, "Reset-Ack"}, /* RFC1962 */
146 {0, NULL}
147 };
148
149 /* LCP Config Options */
150
151 #define LCPOPT_VEXT 0
152 #define LCPOPT_MRU 1
153 #define LCPOPT_ACCM 2
154 #define LCPOPT_AP 3
155 #define LCPOPT_QP 4
156 #define LCPOPT_MN 5
157 #define LCPOPT_DEP6 6
158 #define LCPOPT_PFC 7
159 #define LCPOPT_ACFC 8
160 #define LCPOPT_FCSALT 9
161 #define LCPOPT_SDP 10
162 #define LCPOPT_NUMMODE 11
163 #define LCPOPT_DEP12 12
164 #define LCPOPT_CBACK 13
165 #define LCPOPT_DEP14 14
166 #define LCPOPT_DEP15 15
167 #define LCPOPT_DEP16 16
168 #define LCPOPT_MLMRRU 17
169 #define LCPOPT_MLSSNHF 18
170 #define LCPOPT_MLED 19
171 #define LCPOPT_PROP 20
172 #define LCPOPT_DCEID 21
173 #define LCPOPT_MPP 22
174 #define LCPOPT_LD 23
175 #define LCPOPT_LCPAOPT 24
176 #define LCPOPT_COBS 25
177 #define LCPOPT_PE 26
178 #define LCPOPT_MLHF 27
179 #define LCPOPT_I18N 28
180 #define LCPOPT_SDLOS 29
181 #define LCPOPT_PPPMUX 30
182
183 static const char *lcpconfopts[] = {
184 "Vend-Ext", /* (0) */
185 "MRU", /* (1) */
186 "ACCM", /* (2) */
187 "Auth-Prot", /* (3) */
188 "Qual-Prot", /* (4) */
189 "Magic-Num", /* (5) */
190 "deprecated(6)", /* used to be a Quality Protocol */
191 "PFC", /* (7) */
192 "ACFC", /* (8) */
193 "FCS-Alt", /* (9) */
194 "SDP", /* (10) */
195 "Num-Mode", /* (11) */
196 "deprecated(12)", /* used to be a Multi-Link-Procedure*/
197 "Call-Back", /* (13) */
198 "deprecated(14)", /* used to be a Connect-Time */
199 "deprecated(15)", /* used to be a Compund-Frames */
200 "deprecated(16)", /* used to be a Nominal-Data-Encap */
201 "MRRU", /* (17) */
202 "12-Bit seq #", /* (18) */
203 "End-Disc", /* (19) */
204 "Proprietary", /* (20) */
205 "DCE-Id", /* (21) */
206 "MP+", /* (22) */
207 "Link-Disc", /* (23) */
208 "LCP-Auth-Opt", /* (24) */
209 "COBS", /* (25) */
210 "Prefix-elision", /* (26) */
211 "Multilink-header-Form",/* (27) */
212 "I18N", /* (28) */
213 "SDL-over-SONET/SDH", /* (29) */
214 "PPP-Muxing", /* (30) */
215 };
216
217 #define NUM_LCPOPTS (sizeof(lcpconfopts) / sizeof(lcpconfopts[0]))
218
219 /* ECP - to be supported */
220
221 /* CCP Config Options */
222
223 #define CCPOPT_OUI 0 /* RFC1962 */
224 #define CCPOPT_PRED1 1 /* RFC1962 */
225 #define CCPOPT_PRED2 2 /* RFC1962 */
226 #define CCPOPT_PJUMP 3 /* RFC1962 */
227 /* 4-15 unassigned */
228 #define CCPOPT_HPPPC 16 /* RFC1962 */
229 #define CCPOPT_STACLZS 17 /* RFC1974 */
230 #define CCPOPT_MPPC 18 /* RFC2118 */
231 #define CCPOPT_GFZA 19 /* RFC1962 */
232 #define CCPOPT_V42BIS 20 /* RFC1962 */
233 #define CCPOPT_BSDCOMP 21 /* RFC1977 */
234 /* 22 unassigned */
235 #define CCPOPT_LZSDCP 23 /* RFC1967 */
236 #define CCPOPT_MVRCA 24 /* RFC1975 */
237 #define CCPOPT_DEC 25 /* RFC1976 */
238 #define CCPOPT_DEFLATE 26 /* RFC1979 */
239 /* 27-254 unassigned */
240 #define CCPOPT_RESV 255 /* RFC1962 */
241
242 static const struct tok ccpconfopts_values[] = {
243 { CCPOPT_OUI, "OUI" },
244 { CCPOPT_PRED1, "Pred-1" },
245 { CCPOPT_PRED2, "Pred-2" },
246 { CCPOPT_PJUMP, "Puddle" },
247 { CCPOPT_HPPPC, "HP-PPC" },
248 { CCPOPT_STACLZS, "Stac-LZS" },
249 { CCPOPT_MPPC, "MPPC" },
250 { CCPOPT_GFZA, "Gand-FZA" },
251 { CCPOPT_V42BIS, "V.42bis" },
252 { CCPOPT_BSDCOMP, "BSD-Comp" },
253 { CCPOPT_LZSDCP, "LZS-DCP" },
254 { CCPOPT_MVRCA, "MVRCA" },
255 { CCPOPT_DEC, "DEC" },
256 { CCPOPT_DEFLATE, "Deflate" },
257 { CCPOPT_RESV, "Reserved"},
258 {0, NULL}
259 };
260
261 /* BACP Config Options */
262
263 #define BACPOPT_FPEER 1 /* RFC2125 */
264
265 static const struct tok bacconfopts_values[] = {
266 { BACPOPT_FPEER, "Favored-Peer" },
267 {0, NULL}
268 };
269
270
271 /* SDCP - to be supported */
272
273 /* IPCP Config Options */
274 #define IPCPOPT_2ADDR 1 /* RFC1172, RFC1332 (deprecated) */
275 #define IPCPOPT_IPCOMP 2 /* RFC1332 */
276 #define IPCPOPT_ADDR 3 /* RFC1332 */
277 #define IPCPOPT_MOBILE4 4 /* RFC2290 */
278 #define IPCPOPT_PRIDNS 129 /* RFC1877 */
279 #define IPCPOPT_PRINBNS 130 /* RFC1877 */
280 #define IPCPOPT_SECDNS 131 /* RFC1877 */
281 #define IPCPOPT_SECNBNS 132 /* RFC1877 */
282
283 static const struct tok ipcpopt_values[] = {
284 { IPCPOPT_2ADDR, "IP-Addrs" },
285 { IPCPOPT_IPCOMP, "IP-Comp" },
286 { IPCPOPT_ADDR, "IP-Addr" },
287 { IPCPOPT_MOBILE4, "Home-Addr" },
288 { IPCPOPT_PRIDNS, "Pri-DNS" },
289 { IPCPOPT_PRINBNS, "Pri-NBNS" },
290 { IPCPOPT_SECDNS, "Sec-DNS" },
291 { IPCPOPT_SECNBNS, "Sec-NBNS" },
292 { 0, NULL }
293 };
294
295 #define IPCPOPT_IPCOMP_HDRCOMP 0x61 /* rfc3544 */
296 #define IPCPOPT_IPCOMP_MINLEN 14
297
298 static const struct tok ipcpopt_compproto_values[] = {
299 { PPP_VJC, "VJ-Comp" },
300 { IPCPOPT_IPCOMP_HDRCOMP, "IP Header Compression" },
301 { 0, NULL }
302 };
303
304 static const struct tok ipcpopt_compproto_subopt_values[] = {
305 { 1, "RTP-Compression" },
306 { 2, "Enhanced RTP-Compression" },
307 { 0, NULL }
308 };
309
310 /* IP6CP Config Options */
311 #define IP6CP_IFID 1
312
313 static const struct tok ip6cpopt_values[] = {
314 { IP6CP_IFID, "Interface-ID" },
315 { 0, NULL }
316 };
317
318 /* ATCP - to be supported */
319 /* OSINLCP - to be supported */
320 /* BVCP - to be supported */
321 /* BCP - to be supported */
322 /* IPXCP - to be supported */
323 /* MPLSCP - to be supported */
324
325 /* Auth Algorithms */
326
327 /* 0-4 Reserved (RFC1994) */
328 #define AUTHALG_CHAPMD5 5 /* RFC1994 */
329 #define AUTHALG_MSCHAP1 128 /* RFC2433 */
330 #define AUTHALG_MSCHAP2 129 /* RFC2795 */
331
332 static const struct tok authalg_values[] = {
333 { AUTHALG_CHAPMD5, "MD5" },
334 { AUTHALG_MSCHAP1, "MS-CHAPv1" },
335 { AUTHALG_MSCHAP2, "MS-CHAPv2" },
336 { 0, NULL }
337 };
338
339 /* FCS Alternatives - to be supported */
340
341 /* Multilink Endpoint Discriminator (RFC1717) */
342 #define MEDCLASS_NULL 0 /* Null Class */
343 #define MEDCLASS_LOCAL 1 /* Locally Assigned */
344 #define MEDCLASS_IPV4 2 /* Internet Protocol (IPv4) */
345 #define MEDCLASS_MAC 3 /* IEEE 802.1 global MAC address */
346 #define MEDCLASS_MNB 4 /* PPP Magic Number Block */
347 #define MEDCLASS_PSNDN 5 /* Public Switched Network Director Number */
348
349 /* PPP LCP Callback */
350 #define CALLBACK_AUTH 0 /* Location determined by user auth */
351 #define CALLBACK_DSTR 1 /* Dialing string */
352 #define CALLBACK_LID 2 /* Location identifier */
353 #define CALLBACK_E164 3 /* E.164 number */
354 #define CALLBACK_X500 4 /* X.500 distinguished name */
355 #define CALLBACK_CBCP 6 /* Location is determined during CBCP nego */
356
357 static const struct tok ppp_callback_values[] = {
358 { CALLBACK_AUTH, "UserAuth" },
359 { CALLBACK_DSTR, "DialString" },
360 { CALLBACK_LID, "LocalID" },
361 { CALLBACK_E164, "E.164" },
362 { CALLBACK_X500, "X.500" },
363 { CALLBACK_CBCP, "CBCP" },
364 { 0, NULL }
365 };
366
367 /* CHAP */
368
369 #define CHAP_CHAL 1
370 #define CHAP_RESP 2
371 #define CHAP_SUCC 3
372 #define CHAP_FAIL 4
373
374 static const struct tok chapcode_values[] = {
375 { CHAP_CHAL, "Challenge" },
376 { CHAP_RESP, "Response" },
377 { CHAP_SUCC, "Success" },
378 { CHAP_FAIL, "Fail" },
379 { 0, NULL}
380 };
381
382 /* PAP */
383
384 #define PAP_AREQ 1
385 #define PAP_AACK 2
386 #define PAP_ANAK 3
387
388 static const struct tok papcode_values[] = {
389 { PAP_AREQ, "Auth-Req" },
390 { PAP_AACK, "Auth-ACK" },
391 { PAP_ANAK, "Auth-NACK" },
392 { 0, NULL }
393 };
394
395 /* BAP */
396 #define BAP_CALLREQ 1
397 #define BAP_CALLRES 2
398 #define BAP_CBREQ 3
399 #define BAP_CBRES 4
400 #define BAP_LDQREQ 5
401 #define BAP_LDQRES 6
402 #define BAP_CSIND 7
403 #define BAP_CSRES 8
404
405 static u_int print_lcp_config_options(netdissect_options *, const u_char *p, u_int);
406 static u_int print_ipcp_config_options(netdissect_options *, const u_char *p, u_int);
407 static u_int print_ip6cp_config_options(netdissect_options *, const u_char *p, u_int);
408 static u_int print_ccp_config_options(netdissect_options *, const u_char *p, u_int);
409 static u_int print_bacp_config_options(netdissect_options *, const u_char *p, u_int);
410 static void handle_ppp(netdissect_options *, u_int proto, const u_char *p, u_int length);
411
412 /* generic Control Protocol (e.g. LCP, IPCP, CCP, etc.) handler */
413 static void
414 handle_ctrl_proto(netdissect_options *ndo,
415 u_int proto, const u_char *pptr, u_int length)
416 {
417 const char *typestr;
418 u_int code, len;
419 u_int (*pfunc)(netdissect_options *, const u_char *, u_int);
420 u_int tlen, advance;
421 const u_char *tptr;
422
423 tptr=pptr;
424
425 typestr = tok2str(ppptype2str, "unknown ctrl-proto (0x%04x)", proto);
426 ND_PRINT("%s, ", typestr);
427
428 if (length < 4) /* FIXME weak boundary checking */
429 goto trunc;
430 ND_TCHECK_2(tptr);
431
432 code = GET_U_1(tptr);
433 tptr++;
434
435 ND_PRINT("%s (0x%02x), id %u, length %u",
436 tok2str(cpcodes, "Unknown Opcode",code),
437 code,
438 GET_U_1(tptr), /* ID */
439 length + 2);
440 tptr++;
441
442 if (!ndo->ndo_vflag)
443 return;
444
445 ND_TCHECK_2(tptr);
446 len = GET_BE_U_2(tptr);
447 tptr += 2;
448
449 if (len < 4) {
450 ND_PRINT("\n\tencoded length %u (< 4))", len);
451 return;
452 }
453
454 if (len > length) {
455 ND_PRINT("\n\tencoded length %u (> packet length %u))", len, length);
456 return;
457 }
458 length = len;
459
460 ND_PRINT("\n\tencoded length %u (=Option(s) length %u)", len, len - 4);
461
462 if (length == 4)
463 return; /* there may be a NULL confreq etc. */
464
465 if (ndo->ndo_vflag > 1)
466 print_unknown_data(ndo, pptr - 2, "\n\t", 6);
467
468
469 switch (code) {
470 case CPCODES_VEXT:
471 if (length < 11)
472 break;
473 ND_TCHECK_4(tptr);
474 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
475 tptr += 4;
476 ND_TCHECK_3(tptr);
477 ND_PRINT(" Vendor: %s (%u)",
478 tok2str(oui_values,"Unknown",GET_BE_U_3(tptr)),
479 GET_BE_U_3(tptr));
480 /* XXX: need to decode Kind and Value(s)? */
481 break;
482 case CPCODES_CONF_REQ:
483 case CPCODES_CONF_ACK:
484 case CPCODES_CONF_NAK:
485 case CPCODES_CONF_REJ:
486 tlen = len - 4; /* Code(1), Identifier(1) and Length(2) */
487 do {
488 switch (proto) {
489 case PPP_LCP:
490 pfunc = print_lcp_config_options;
491 break;
492 case PPP_IPCP:
493 pfunc = print_ipcp_config_options;
494 break;
495 case PPP_IPV6CP:
496 pfunc = print_ip6cp_config_options;
497 break;
498 case PPP_CCP:
499 pfunc = print_ccp_config_options;
500 break;
501 case PPP_BACP:
502 pfunc = print_bacp_config_options;
503 break;
504 default:
505 /*
506 * No print routine for the options for
507 * this protocol.
508 */
509 pfunc = NULL;
510 break;
511 }
512
513 if (pfunc == NULL) /* catch the above null pointer if unknown CP */
514 break;
515
516 if ((advance = (*pfunc)(ndo, tptr, len)) == 0)
517 break;
518 if (tlen < advance) {
519 ND_PRINT(" [remaining options length %u < %u]",
520 tlen, advance);
521 nd_print_invalid(ndo);
522 break;
523 }
524 tlen -= advance;
525 tptr += advance;
526 } while (tlen != 0);
527 break;
528
529 case CPCODES_TERM_REQ:
530 case CPCODES_TERM_ACK:
531 /* XXX: need to decode Data? */
532 break;
533 case CPCODES_CODE_REJ:
534 /* XXX: need to decode Rejected-Packet? */
535 break;
536 case CPCODES_PROT_REJ:
537 if (length < 6)
538 break;
539 ND_TCHECK_2(tptr);
540 ND_PRINT("\n\t Rejected %s Protocol (0x%04x)",
541 tok2str(ppptype2str,"unknown", GET_BE_U_2(tptr)),
542 GET_BE_U_2(tptr));
543 /* XXX: need to decode Rejected-Information? - hexdump for now */
544 if (len > 6) {
545 ND_PRINT("\n\t Rejected Packet");
546 print_unknown_data(ndo, tptr + 2, "\n\t ", len - 2);
547 }
548 break;
549 case CPCODES_ECHO_REQ:
550 case CPCODES_ECHO_RPL:
551 case CPCODES_DISC_REQ:
552 if (length < 8)
553 break;
554 ND_TCHECK_4(tptr);
555 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
556 /* XXX: need to decode Data? - hexdump for now */
557 if (len > 8) {
558 ND_PRINT("\n\t -----trailing data-----");
559 ND_TCHECK_LEN(tptr + 4, len - 8);
560 print_unknown_data(ndo, tptr + 4, "\n\t ", len - 8);
561 }
562 break;
563 case CPCODES_ID:
564 if (length < 8)
565 break;
566 ND_TCHECK_4(tptr);
567 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
568 /* RFC 1661 says this is intended to be human readable */
569 if (len > 8) {
570 ND_PRINT("\n\t Message\n\t ");
571 if (nd_printn(ndo, tptr + 4, len - 4, ndo->ndo_snapend))
572 goto trunc;
573 }
574 break;
575 case CPCODES_TIME_REM:
576 if (length < 12)
577 break;
578 ND_TCHECK_4(tptr);
579 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
580 ND_TCHECK_4(tptr + 4);
581 ND_PRINT(", Seconds-Remaining %us", GET_BE_U_4(tptr + 4));
582 /* XXX: need to decode Message? */
583 break;
584 default:
585 /* XXX this is dirty but we do not get the
586 * original pointer passed to the begin
587 * the PPP packet */
588 if (ndo->ndo_vflag <= 1)
589 print_unknown_data(ndo, pptr - 2, "\n\t ", length + 2);
590 break;
591 }
592 return;
593
594 trunc:
595 ND_PRINT("[|%s]", typestr);
596 }
597
598 /* LCP config options */
599 static u_int
600 print_lcp_config_options(netdissect_options *ndo,
601 const u_char *p, u_int length)
602 {
603 u_int opt, len;
604
605 if (length < 2)
606 return 0;
607 ND_TCHECK_2(p);
608 opt = GET_U_1(p);
609 len = GET_U_1(p + 1);
610 if (length < len)
611 return 0;
612 if (len < 2) {
613 if (opt < NUM_LCPOPTS)
614 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
615 lcpconfopts[opt], opt, len);
616 else
617 ND_PRINT("\n\tunknown LCP option 0x%02x", opt);
618 return 0;
619 }
620 if (opt < NUM_LCPOPTS)
621 ND_PRINT("\n\t %s Option (0x%02x), length %u", lcpconfopts[opt], opt, len);
622 else {
623 ND_PRINT("\n\tunknown LCP option 0x%02x", opt);
624 return len;
625 }
626
627 switch (opt) {
628 case LCPOPT_VEXT:
629 if (len < 6) {
630 ND_PRINT(" (length bogus, should be >= 6)");
631 return len;
632 }
633 ND_TCHECK_3(p + 2);
634 ND_PRINT(": Vendor: %s (%u)",
635 tok2str(oui_values,"Unknown",GET_BE_U_3(p + 2)),
636 GET_BE_U_3(p + 2));
637 #if 0
638 ND_TCHECK_1(p + 5);
639 ND_PRINT(", kind: 0x%02x", GET_U_1(p + 5));
640 ND_PRINT(", Value: 0x");
641 for (i = 0; i < len - 6; i++) {
642 ND_TCHECK_1(p + 6 + i);
643 ND_PRINT("%02x", GET_U_1(p + 6 + i));
644 }
645 #endif
646 break;
647 case LCPOPT_MRU:
648 if (len != 4) {
649 ND_PRINT(" (length bogus, should be = 4)");
650 return len;
651 }
652 ND_TCHECK_2(p + 2);
653 ND_PRINT(": %u", GET_BE_U_2(p + 2));
654 break;
655 case LCPOPT_ACCM:
656 if (len != 6) {
657 ND_PRINT(" (length bogus, should be = 6)");
658 return len;
659 }
660 ND_TCHECK_4(p + 2);
661 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2));
662 break;
663 case LCPOPT_AP:
664 if (len < 4) {
665 ND_PRINT(" (length bogus, should be >= 4)");
666 return len;
667 }
668 ND_TCHECK_2(p + 2);
669 ND_PRINT(": %s",
670 tok2str(ppptype2str, "Unknown Auth Proto (0x04x)", GET_BE_U_2(p + 2)));
671
672 switch (GET_BE_U_2(p + 2)) {
673 case PPP_CHAP:
674 ND_TCHECK_1(p + 4);
675 ND_PRINT(", %s",
676 tok2str(authalg_values, "Unknown Auth Alg %u", GET_U_1(p + 4)));
677 break;
678 case PPP_PAP: /* fall through */
679 case PPP_EAP:
680 case PPP_SPAP:
681 case PPP_SPAP_OLD:
682 break;
683 default:
684 print_unknown_data(ndo, p, "\n\t", len);
685 }
686 break;
687 case LCPOPT_QP:
688 if (len < 4) {
689 ND_PRINT(" (length bogus, should be >= 4)");
690 return 0;
691 }
692 ND_TCHECK_2(p + 2);
693 if (GET_BE_U_2(p + 2) == PPP_LQM)
694 ND_PRINT(": LQR");
695 else
696 ND_PRINT(": unknown");
697 break;
698 case LCPOPT_MN:
699 if (len != 6) {
700 ND_PRINT(" (length bogus, should be = 6)");
701 return 0;
702 }
703 ND_TCHECK_4(p + 2);
704 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2));
705 break;
706 case LCPOPT_PFC:
707 break;
708 case LCPOPT_ACFC:
709 break;
710 case LCPOPT_LD:
711 if (len != 4) {
712 ND_PRINT(" (length bogus, should be = 4)");
713 return 0;
714 }
715 ND_TCHECK_2(p + 2);
716 ND_PRINT(": 0x%04x", GET_BE_U_2(p + 2));
717 break;
718 case LCPOPT_CBACK:
719 if (len < 3) {
720 ND_PRINT(" (length bogus, should be >= 3)");
721 return 0;
722 }
723 ND_PRINT(": ");
724 ND_TCHECK_1(p + 2);
725 ND_PRINT(": Callback Operation %s (%u)",
726 tok2str(ppp_callback_values, "Unknown", GET_U_1(p + 2)),
727 GET_U_1(p + 2));
728 break;
729 case LCPOPT_MLMRRU:
730 if (len != 4) {
731 ND_PRINT(" (length bogus, should be = 4)");
732 return 0;
733 }
734 ND_TCHECK_2(p + 2);
735 ND_PRINT(": %u", GET_BE_U_2(p + 2));
736 break;
737 case LCPOPT_MLED:
738 if (len < 3) {
739 ND_PRINT(" (length bogus, should be >= 3)");
740 return 0;
741 }
742 ND_TCHECK_1(p + 2);
743 switch (GET_U_1(p + 2)) { /* class */
744 case MEDCLASS_NULL:
745 ND_PRINT(": Null");
746 break;
747 case MEDCLASS_LOCAL:
748 ND_PRINT(": Local"); /* XXX */
749 break;
750 case MEDCLASS_IPV4:
751 if (len != 7) {
752 ND_PRINT(" (length bogus, should be = 7)");
753 return 0;
754 }
755 ND_TCHECK_4(p + 3);
756 ND_PRINT(": IPv4 %s", GET_IPADDR_STRING(p + 3));
757 break;
758 case MEDCLASS_MAC:
759 if (len != 9) {
760 ND_PRINT(" (length bogus, should be = 9)");
761 return 0;
762 }
763 ND_TCHECK_6(p + 3);
764 ND_PRINT(": MAC %s", GET_ETHERADDR_STRING(p + 3));
765 break;
766 case MEDCLASS_MNB:
767 ND_PRINT(": Magic-Num-Block"); /* XXX */
768 break;
769 case MEDCLASS_PSNDN:
770 ND_PRINT(": PSNDN"); /* XXX */
771 break;
772 default:
773 ND_PRINT(": Unknown class %u", GET_U_1(p + 2));
774 break;
775 }
776 break;
777
778 /* XXX: to be supported */
779 #if 0
780 case LCPOPT_DEP6:
781 case LCPOPT_FCSALT:
782 case LCPOPT_SDP:
783 case LCPOPT_NUMMODE:
784 case LCPOPT_DEP12:
785 case LCPOPT_DEP14:
786 case LCPOPT_DEP15:
787 case LCPOPT_DEP16:
788 case LCPOPT_MLSSNHF:
789 case LCPOPT_PROP:
790 case LCPOPT_DCEID:
791 case LCPOPT_MPP:
792 case LCPOPT_LCPAOPT:
793 case LCPOPT_COBS:
794 case LCPOPT_PE:
795 case LCPOPT_MLHF:
796 case LCPOPT_I18N:
797 case LCPOPT_SDLOS:
798 case LCPOPT_PPPMUX:
799 break;
800 #endif
801 default:
802 /*
803 * Unknown option; dump it as raw bytes now if we're
804 * not going to do so below.
805 */
806 if (ndo->ndo_vflag < 2)
807 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
808 break;
809 }
810
811 if (ndo->ndo_vflag > 1)
812 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
813
814 return len;
815
816 trunc:
817 ND_PRINT("[|lcp]");
818 return 0;
819 }
820
821 /* ML-PPP*/
822 static const struct tok ppp_ml_flag_values[] = {
823 { 0x80, "begin" },
824 { 0x40, "end" },
825 { 0, NULL }
826 };
827
828 static void
829 handle_mlppp(netdissect_options *ndo,
830 const u_char *p, u_int length)
831 {
832 if (!ndo->ndo_eflag)
833 ND_PRINT("MLPPP, ");
834
835 if (length < 2) {
836 ND_PRINT("[|mlppp]");
837 return;
838 }
839 if (!ND_TTEST_2(p)) {
840 ND_PRINT("[|mlppp]");
841 return;
842 }
843
844 ND_PRINT("seq 0x%03x, Flags [%s], length %u",
845 (GET_BE_U_2(p))&0x0fff,
846 /* only support 12-Bit sequence space for now */
847 bittok2str(ppp_ml_flag_values, "none", GET_U_1(p) & 0xc0),
848 length);
849 }
850
851 /* CHAP */
852 static void
853 handle_chap(netdissect_options *ndo,
854 const u_char *p, u_int length)
855 {
856 u_int code, len;
857 u_int val_size, name_size, msg_size;
858 const u_char *p0;
859 u_int i;
860
861 p0 = p;
862 if (length < 1) {
863 ND_PRINT("[|chap]");
864 return;
865 } else if (length < 4) {
866 ND_TCHECK_1(p);
867 ND_PRINT("[|chap 0x%02x]", GET_U_1(p));
868 return;
869 }
870
871 ND_TCHECK_1(p);
872 code = GET_U_1(p);
873 ND_PRINT("CHAP, %s (0x%02x)",
874 tok2str(chapcode_values,"unknown",code),
875 code);
876 p++;
877
878 ND_TCHECK_1(p);
879 ND_PRINT(", id %u", GET_U_1(p)); /* ID */
880 p++;
881
882 ND_TCHECK_2(p);
883 len = GET_BE_U_2(p);
884 p += 2;
885
886 /*
887 * Note that this is a generic CHAP decoding routine. Since we
888 * don't know which flavor of CHAP (i.e. CHAP-MD5, MS-CHAPv1,
889 * MS-CHAPv2) is used at this point, we can't decode packet
890 * specifically to each algorithms. Instead, we simply decode
891 * the GCD (Gratest Common Denominator) for all algorithms.
892 */
893 switch (code) {
894 case CHAP_CHAL:
895 case CHAP_RESP:
896 if (length - (p - p0) < 1)
897 return;
898 ND_TCHECK_1(p);
899 val_size = GET_U_1(p); /* value size */
900 p++;
901 if (length - (p - p0) < val_size)
902 return;
903 ND_PRINT(", Value ");
904 for (i = 0; i < val_size; i++) {
905 ND_TCHECK_1(p);
906 ND_PRINT("%02x", GET_U_1(p));
907 p++;
908 }
909 name_size = len - (u_int)(p - p0);
910 ND_PRINT(", Name ");
911 for (i = 0; i < name_size; i++) {
912 ND_TCHECK_1(p);
913 fn_print_char(ndo, GET_U_1(p));
914 p++;
915 }
916 break;
917 case CHAP_SUCC:
918 case CHAP_FAIL:
919 msg_size = len - (u_int)(p - p0);
920 ND_PRINT(", Msg ");
921 for (i = 0; i< msg_size; i++) {
922 ND_TCHECK_1(p);
923 fn_print_char(ndo, GET_U_1(p));
924 p++;
925 }
926 break;
927 }
928 return;
929
930 trunc:
931 ND_PRINT("[|chap]");
932 }
933
934 /* PAP (see RFC 1334) */
935 static void
936 handle_pap(netdissect_options *ndo,
937 const u_char *p, u_int length)
938 {
939 u_int code, len;
940 u_int peerid_len, passwd_len, msg_len;
941 const u_char *p0;
942 u_int i;
943
944 p0 = p;
945 if (length < 1) {
946 ND_PRINT("[|pap]");
947 return;
948 } else if (length < 4) {
949 ND_TCHECK_1(p);
950 ND_PRINT("[|pap 0x%02x]", GET_U_1(p));
951 return;
952 }
953
954 ND_TCHECK_1(p);
955 code = GET_U_1(p);
956 ND_PRINT("PAP, %s (0x%02x)",
957 tok2str(papcode_values, "unknown", code),
958 code);
959 p++;
960
961 ND_TCHECK_1(p);
962 ND_PRINT(", id %u", GET_U_1(p)); /* ID */
963 p++;
964
965 ND_TCHECK_2(p);
966 len = GET_BE_U_2(p);
967 p += 2;
968
969 if (len > length) {
970 ND_PRINT(", length %u > packet size", len);
971 return;
972 }
973 length = len;
974 if (length < (size_t)(p - p0)) {
975 ND_PRINT(", length %u < PAP header length", length);
976 return;
977 }
978
979 switch (code) {
980 case PAP_AREQ:
981 /* A valid Authenticate-Request is 6 or more octets long. */
982 if (len < 6)
983 goto trunc;
984 if (length - (p - p0) < 1)
985 return;
986 ND_TCHECK_1(p);
987 peerid_len = GET_U_1(p); /* Peer-ID Length */
988 p++;
989 if (length - (p - p0) < peerid_len)
990 return;
991 ND_PRINT(", Peer ");
992 for (i = 0; i < peerid_len; i++) {
993 ND_TCHECK_1(p);
994 fn_print_char(ndo, GET_U_1(p));
995 p++;
996 }
997
998 if (length - (p - p0) < 1)
999 return;
1000 ND_TCHECK_1(p);
1001 passwd_len = GET_U_1(p); /* Password Length */
1002 p++;
1003 if (length - (p - p0) < passwd_len)
1004 return;
1005 ND_PRINT(", Name ");
1006 for (i = 0; i < passwd_len; i++) {
1007 ND_TCHECK_1(p);
1008 fn_print_char(ndo, GET_U_1(p));
1009 p++;
1010 }
1011 break;
1012 case PAP_AACK:
1013 case PAP_ANAK:
1014 /* Although some implementations ignore truncation at
1015 * this point and at least one generates a truncated
1016 * packet, RFC 1334 section 2.2.2 clearly states that
1017 * both AACK and ANAK are at least 5 bytes long.
1018 */
1019 if (len < 5)
1020 goto trunc;
1021 if (length - (p - p0) < 1)
1022 return;
1023 ND_TCHECK_1(p);
1024 msg_len = GET_U_1(p); /* Msg-Length */
1025 p++;
1026 if (length - (p - p0) < msg_len)
1027 return;
1028 ND_PRINT(", Msg ");
1029 for (i = 0; i< msg_len; i++) {
1030 ND_TCHECK_1(p);
1031 fn_print_char(ndo, GET_U_1(p));
1032 p++;
1033 }
1034 break;
1035 }
1036 return;
1037
1038 trunc:
1039 ND_PRINT("[|pap]");
1040 }
1041
1042 /* BAP */
1043 static void
1044 handle_bap(netdissect_options *ndo _U_,
1045 const u_char *p _U_, u_int length _U_)
1046 {
1047 /* XXX: to be supported!! */
1048 }
1049
1050
1051 /* IPCP config options */
1052 static u_int
1053 print_ipcp_config_options(netdissect_options *ndo,
1054 const u_char *p, u_int length)
1055 {
1056 u_int opt, len;
1057 u_int compproto, ipcomp_subopttotallen, ipcomp_subopt, ipcomp_suboptlen;
1058
1059 if (length < 2)
1060 return 0;
1061 ND_TCHECK_2(p);
1062 opt = GET_U_1(p);
1063 len = GET_U_1(p + 1);
1064 if (length < len)
1065 return 0;
1066 if (len < 2) {
1067 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1068 tok2str(ipcpopt_values,"unknown",opt),
1069 opt,
1070 len);
1071 return 0;
1072 }
1073
1074 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1075 tok2str(ipcpopt_values,"unknown",opt),
1076 opt,
1077 len);
1078
1079 switch (opt) {
1080 case IPCPOPT_2ADDR: /* deprecated */
1081 if (len != 10) {
1082 ND_PRINT(" (length bogus, should be = 10)");
1083 return len;
1084 }
1085 ND_TCHECK_4(p + 6);
1086 ND_PRINT(": src %s, dst %s",
1087 GET_IPADDR_STRING(p + 2),
1088 GET_IPADDR_STRING(p + 6));
1089 break;
1090 case IPCPOPT_IPCOMP:
1091 if (len < 4) {
1092 ND_PRINT(" (length bogus, should be >= 4)");
1093 return 0;
1094 }
1095 ND_TCHECK_2(p + 2);
1096 compproto = GET_BE_U_2(p + 2);
1097
1098 ND_PRINT(": %s (0x%02x):",
1099 tok2str(ipcpopt_compproto_values, "Unknown", compproto),
1100 compproto);
1101
1102 switch (compproto) {
1103 case PPP_VJC:
1104 /* XXX: VJ-Comp parameters should be decoded */
1105 break;
1106 case IPCPOPT_IPCOMP_HDRCOMP:
1107 if (len < IPCPOPT_IPCOMP_MINLEN) {
1108 ND_PRINT(" (length bogus, should be >= %u)",
1109 IPCPOPT_IPCOMP_MINLEN);
1110 return 0;
1111 }
1112
1113 ND_TCHECK_LEN(p + 2, IPCPOPT_IPCOMP_MINLEN);
1114 ND_PRINT("\n\t TCP Space %u, non-TCP Space %u"
1115 ", maxPeriod %u, maxTime %u, maxHdr %u",
1116 GET_BE_U_2(p + 4),
1117 GET_BE_U_2(p + 6),
1118 GET_BE_U_2(p + 8),
1119 GET_BE_U_2(p + 10),
1120 GET_BE_U_2(p + 12));
1121
1122 /* suboptions present ? */
1123 if (len > IPCPOPT_IPCOMP_MINLEN) {
1124 ipcomp_subopttotallen = len - IPCPOPT_IPCOMP_MINLEN;
1125 p += IPCPOPT_IPCOMP_MINLEN;
1126
1127 ND_PRINT("\n\t Suboptions, length %u", ipcomp_subopttotallen);
1128
1129 while (ipcomp_subopttotallen >= 2) {
1130 ND_TCHECK_2(p);
1131 ipcomp_subopt = GET_U_1(p);
1132 ipcomp_suboptlen = GET_U_1(p + 1);
1133
1134 /* sanity check */
1135 if (ipcomp_subopt == 0 ||
1136 ipcomp_suboptlen == 0 )
1137 break;
1138
1139 /* XXX: just display the suboptions for now */
1140 ND_PRINT("\n\t\t%s Suboption #%u, length %u",
1141 tok2str(ipcpopt_compproto_subopt_values,
1142 "Unknown",
1143 ipcomp_subopt),
1144 ipcomp_subopt,
1145 ipcomp_suboptlen);
1146 if (ipcomp_subopttotallen < ipcomp_suboptlen) {
1147 ND_PRINT(" [remaining suboptions length %u < %u]",
1148 ipcomp_subopttotallen, ipcomp_suboptlen);
1149 nd_print_invalid(ndo);
1150 break;
1151 }
1152 ipcomp_subopttotallen -= ipcomp_suboptlen;
1153 p += ipcomp_suboptlen;
1154 }
1155 }
1156 break;
1157 default:
1158 break;
1159 }
1160 break;
1161
1162 case IPCPOPT_ADDR: /* those options share the same format - fall through */
1163 case IPCPOPT_MOBILE4:
1164 case IPCPOPT_PRIDNS:
1165 case IPCPOPT_PRINBNS:
1166 case IPCPOPT_SECDNS:
1167 case IPCPOPT_SECNBNS:
1168 if (len != 6) {
1169 ND_PRINT(" (length bogus, should be = 6)");
1170 return 0;
1171 }
1172 ND_TCHECK_4(p + 2);
1173 ND_PRINT(": %s", GET_IPADDR_STRING(p + 2));
1174 break;
1175 default:
1176 /*
1177 * Unknown option; dump it as raw bytes now if we're
1178 * not going to do so below.
1179 */
1180 if (ndo->ndo_vflag < 2)
1181 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1182 break;
1183 }
1184 if (ndo->ndo_vflag > 1)
1185 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1186 return len;
1187
1188 trunc:
1189 ND_PRINT("[|ipcp]");
1190 return 0;
1191 }
1192
1193 /* IP6CP config options */
1194 static u_int
1195 print_ip6cp_config_options(netdissect_options *ndo,
1196 const u_char *p, u_int length)
1197 {
1198 u_int opt, len;
1199
1200 if (length < 2)
1201 return 0;
1202 ND_TCHECK_2(p);
1203 opt = GET_U_1(p);
1204 len = GET_U_1(p + 1);
1205 if (length < len)
1206 return 0;
1207 if (len < 2) {
1208 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1209 tok2str(ip6cpopt_values,"unknown",opt),
1210 opt,
1211 len);
1212 return 0;
1213 }
1214
1215 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1216 tok2str(ip6cpopt_values,"unknown",opt),
1217 opt,
1218 len);
1219
1220 switch (opt) {
1221 case IP6CP_IFID:
1222 if (len != 10) {
1223 ND_PRINT(" (length bogus, should be = 10)");
1224 return len;
1225 }
1226 ND_TCHECK_8(p + 2);
1227 ND_PRINT(": %04x:%04x:%04x:%04x",
1228 GET_BE_U_2(p + 2),
1229 GET_BE_U_2(p + 4),
1230 GET_BE_U_2(p + 6),
1231 GET_BE_U_2(p + 8));
1232 break;
1233 default:
1234 /*
1235 * Unknown option; dump it as raw bytes now if we're
1236 * not going to do so below.
1237 */
1238 if (ndo->ndo_vflag < 2)
1239 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1240 break;
1241 }
1242 if (ndo->ndo_vflag > 1)
1243 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1244
1245 return len;
1246
1247 trunc:
1248 ND_PRINT("[|ip6cp]");
1249 return 0;
1250 }
1251
1252
1253 /* CCP config options */
1254 static u_int
1255 print_ccp_config_options(netdissect_options *ndo,
1256 const u_char *p, u_int length)
1257 {
1258 u_int opt, len;
1259
1260 if (length < 2)
1261 return 0;
1262 ND_TCHECK_2(p);
1263 opt = GET_U_1(p);
1264 len = GET_U_1(p + 1);
1265 if (length < len)
1266 return 0;
1267 if (len < 2) {
1268 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1269 tok2str(ccpconfopts_values, "Unknown", opt),
1270 opt,
1271 len);
1272 return 0;
1273 }
1274
1275 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1276 tok2str(ccpconfopts_values, "Unknown", opt),
1277 opt,
1278 len);
1279
1280 switch (opt) {
1281 case CCPOPT_BSDCOMP:
1282 if (len < 3) {
1283 ND_PRINT(" (length bogus, should be >= 3)");
1284 return len;
1285 }
1286 ND_TCHECK_1(p + 2);
1287 ND_PRINT(": Version: %u, Dictionary Bits: %u",
1288 GET_U_1(p + 2) >> 5,
1289 GET_U_1(p + 2) & 0x1f);
1290 break;
1291 case CCPOPT_MVRCA:
1292 if (len < 4) {
1293 ND_PRINT(" (length bogus, should be >= 4)");
1294 return len;
1295 }
1296 ND_TCHECK_1(p + 3);
1297 ND_PRINT(": Features: %u, PxP: %s, History: %u, #CTX-ID: %u",
1298 (GET_U_1(p + 2) & 0xc0) >> 6,
1299 (GET_U_1(p + 2) & 0x20) ? "Enabled" : "Disabled",
1300 GET_U_1(p + 2) & 0x1f,
1301 GET_U_1(p + 3));
1302 break;
1303 case CCPOPT_DEFLATE:
1304 if (len < 4) {
1305 ND_PRINT(" (length bogus, should be >= 4)");
1306 return len;
1307 }
1308 ND_TCHECK_1(p + 3);
1309 ND_PRINT(": Window: %uK, Method: %s (0x%x), MBZ: %u, CHK: %u",
1310 (GET_U_1(p + 2) & 0xf0) >> 4,
1311 ((GET_U_1(p + 2) & 0x0f) == 8) ? "zlib" : "unknown",
1312 GET_U_1(p + 2) & 0x0f,
1313 (GET_U_1(p + 3) & 0xfc) >> 2,
1314 GET_U_1(p + 3) & 0x03);
1315 break;
1316
1317 /* XXX: to be supported */
1318 #if 0
1319 case CCPOPT_OUI:
1320 case CCPOPT_PRED1:
1321 case CCPOPT_PRED2:
1322 case CCPOPT_PJUMP:
1323 case CCPOPT_HPPPC:
1324 case CCPOPT_STACLZS:
1325 case CCPOPT_MPPC:
1326 case CCPOPT_GFZA:
1327 case CCPOPT_V42BIS:
1328 case CCPOPT_LZSDCP:
1329 case CCPOPT_DEC:
1330 case CCPOPT_RESV:
1331 break;
1332 #endif
1333 default:
1334 /*
1335 * Unknown option; dump it as raw bytes now if we're
1336 * not going to do so below.
1337 */
1338 if (ndo->ndo_vflag < 2)
1339 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1340 break;
1341 }
1342 if (ndo->ndo_vflag > 1)
1343 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1344
1345 return len;
1346
1347 trunc:
1348 ND_PRINT("[|ccp]");
1349 return 0;
1350 }
1351
1352 /* BACP config options */
1353 static u_int
1354 print_bacp_config_options(netdissect_options *ndo,
1355 const u_char *p, u_int length)
1356 {
1357 u_int opt, len;
1358
1359 if (length < 2)
1360 return 0;
1361 ND_TCHECK_2(p);
1362 opt = GET_U_1(p);
1363 len = GET_U_1(p + 1);
1364 if (length < len)
1365 return 0;
1366 if (len < 2) {
1367 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1368 tok2str(bacconfopts_values, "Unknown", opt),
1369 opt,
1370 len);
1371 return 0;
1372 }
1373
1374 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1375 tok2str(bacconfopts_values, "Unknown", opt),
1376 opt,
1377 len);
1378
1379 switch (opt) {
1380 case BACPOPT_FPEER:
1381 if (len != 6) {
1382 ND_PRINT(" (length bogus, should be = 6)");
1383 return len;
1384 }
1385 ND_TCHECK_4(p + 2);
1386 ND_PRINT(": Magic-Num 0x%08x", GET_BE_U_4(p + 2));
1387 break;
1388 default:
1389 /*
1390 * Unknown option; dump it as raw bytes now if we're
1391 * not going to do so below.
1392 */
1393 if (ndo->ndo_vflag < 2)
1394 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1395 break;
1396 }
1397 if (ndo->ndo_vflag > 1)
1398 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1399
1400 return len;
1401
1402 trunc:
1403 ND_PRINT("[|bacp]");
1404 return 0;
1405 }
1406
1407 static void
1408 ppp_hdlc(netdissect_options *ndo,
1409 const u_char *p, u_int length)
1410 {
1411 u_char *b, *t, c;
1412 const u_char *s;
1413 u_int i, proto;
1414 const void *se;
1415
1416 if (length == 0)
1417 return;
1418
1419 b = (u_char *)nd_malloc(ndo, length);
1420 if (b == NULL)
1421 return;
1422
1423 /*
1424 * Unescape all the data into a temporary, private, buffer.
1425 * Do this so that we dont overwrite the original packet
1426 * contents.
1427 */
1428 for (s = p, t = b, i = length; i != 0 && ND_TTEST_1(s); i--) {
1429 c = GET_U_1(s);
1430 s++;
1431 if (c == 0x7d) {
1432 if (i <= 1 || !ND_TTEST_1(s))
1433 break;
1434 i--;
1435 c = GET_U_1(s) ^ 0x20;
1436 s++;
1437 }
1438 *t++ = c;
1439 }
1440
1441 /*
1442 * Change the end pointer, so bounds checks work.
1443 */
1444 se = ndo->ndo_snapend;
1445 ndo->ndo_snapend = t;
1446 length = ND_BYTES_AVAILABLE_AFTER(b);
1447
1448 /* now lets guess about the payload codepoint format */
1449 if (length < 1)
1450 goto trunc;
1451 proto = GET_U_1(b); /* start with a one-octet codepoint guess */
1452
1453 switch (proto) {
1454 case PPP_IP:
1455 ip_print(ndo, b + 1, length - 1);
1456 goto cleanup;
1457 case PPP_IPV6:
1458 ip6_print(ndo, b + 1, length - 1);
1459 goto cleanup;
1460 default: /* no luck - try next guess */
1461 break;
1462 }
1463
1464 if (length < 2)
1465 goto trunc;
1466 proto = GET_BE_U_2(b); /* next guess - load two octets */
1467
1468 switch (proto) {
1469 case (PPP_ADDRESS << 8 | PPP_CONTROL): /* looks like a PPP frame */
1470 if (length < 4)
1471 goto trunc;
1472 proto = GET_BE_U_2(b + 2); /* load the PPP proto-id */
1473 handle_ppp(ndo, proto, b + 4, length - 4);
1474 break;
1475 default: /* last guess - proto must be a PPP proto-id */
1476 handle_ppp(ndo, proto, b + 2, length - 2);
1477 break;
1478 }
1479
1480 cleanup:
1481 ndo->ndo_snapend = se;
1482 return;
1483
1484 trunc:
1485 ndo->ndo_snapend = se;
1486 nd_print_trunc(ndo);
1487 }
1488
1489
1490 /* PPP */
1491 static void
1492 handle_ppp(netdissect_options *ndo,
1493 u_int proto, const u_char *p, u_int length)
1494 {
1495 if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */
1496 ppp_hdlc(ndo, p - 1, length);
1497 return;
1498 }
1499
1500 switch (proto) {
1501 case PPP_LCP: /* fall through */
1502 case PPP_IPCP:
1503 case PPP_OSICP:
1504 case PPP_MPLSCP:
1505 case PPP_IPV6CP:
1506 case PPP_CCP:
1507 case PPP_BACP:
1508 handle_ctrl_proto(ndo, proto, p, length);
1509 break;
1510 case PPP_ML:
1511 handle_mlppp(ndo, p, length);
1512 break;
1513 case PPP_CHAP:
1514 handle_chap(ndo, p, length);
1515 break;
1516 case PPP_PAP:
1517 handle_pap(ndo, p, length);
1518 break;
1519 case PPP_BAP: /* XXX: not yet completed */
1520 handle_bap(ndo, p, length);
1521 break;
1522 case ETHERTYPE_IP: /*XXX*/
1523 case PPP_VJNC:
1524 case PPP_IP:
1525 ip_print(ndo, p, length);
1526 break;
1527 case ETHERTYPE_IPV6: /*XXX*/
1528 case PPP_IPV6:
1529 ip6_print(ndo, p, length);
1530 break;
1531 case ETHERTYPE_IPX: /*XXX*/
1532 case PPP_IPX:
1533 ipx_print(ndo, p, length);
1534 break;
1535 case PPP_OSI:
1536 isoclns_print(ndo, p, length);
1537 break;
1538 case PPP_MPLS_UCAST:
1539 case PPP_MPLS_MCAST:
1540 mpls_print(ndo, p, length);
1541 break;
1542 case PPP_COMP:
1543 ND_PRINT("compressed PPP data");
1544 break;
1545 default:
1546 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto));
1547 print_unknown_data(ndo, p, "\n\t", length);
1548 break;
1549 }
1550 }
1551
1552 /* Standard PPP printer */
1553 u_int
1554 ppp_print(netdissect_options *ndo,
1555 const u_char *p, u_int length)
1556 {
1557 u_int proto,ppp_header;
1558 u_int olen = length; /* _o_riginal length */
1559 u_int hdr_len = 0;
1560
1561 ndo->ndo_protocol = "ppp";
1562 /*
1563 * Here, we assume that p points to the Address and Control
1564 * field (if they present).
1565 */
1566 if (length < 2)
1567 goto trunc;
1568 ND_TCHECK_2(p);
1569 ppp_header = GET_BE_U_2(p);
1570
1571 switch(ppp_header) {
1572 case (PPP_WITHDIRECTION_IN << 8 | PPP_CONTROL):
1573 if (ndo->ndo_eflag) ND_PRINT("In ");
1574 p += 2;
1575 length -= 2;
1576 hdr_len += 2;
1577 break;
1578 case (PPP_WITHDIRECTION_OUT << 8 | PPP_CONTROL):
1579 if (ndo->ndo_eflag) ND_PRINT("Out ");
1580 p += 2;
1581 length -= 2;
1582 hdr_len += 2;
1583 break;
1584 case (PPP_ADDRESS << 8 | PPP_CONTROL):
1585 p += 2; /* ACFC not used */
1586 length -= 2;
1587 hdr_len += 2;
1588 break;
1589
1590 default:
1591 break;
1592 }
1593
1594 if (length < 2)
1595 goto trunc;
1596 ND_TCHECK_1(p);
1597 if (GET_U_1(p) % 2) {
1598 proto = GET_U_1(p); /* PFC is used */
1599 p++;
1600 length--;
1601 hdr_len++;
1602 } else {
1603 ND_TCHECK_2(p);
1604 proto = GET_BE_U_2(p);
1605 p += 2;
1606 length -= 2;
1607 hdr_len += 2;
1608 }
1609
1610 if (ndo->ndo_eflag)
1611 ND_PRINT("%s (0x%04x), length %u: ",
1612 tok2str(ppptype2str, "unknown", proto),
1613 proto,
1614 olen);
1615
1616 handle_ppp(ndo, proto, p, length);
1617 return (hdr_len);
1618 trunc:
1619 nd_print_trunc(ndo);
1620 return (0);
1621 }
1622
1623
1624 /* PPP I/F printer */
1625 u_int
1626 ppp_if_print(netdissect_options *ndo,
1627 const struct pcap_pkthdr *h, const u_char *p)
1628 {
1629 u_int length = h->len;
1630 u_int caplen = h->caplen;
1631
1632 ndo->ndo_protocol = "ppp_if";
1633 if (caplen < PPP_HDRLEN) {
1634 nd_print_trunc(ndo);
1635 return (caplen);
1636 }
1637
1638 #if 0
1639 /*
1640 * XXX: seems to assume that there are 2 octets prepended to an
1641 * actual PPP frame. The 1st octet looks like Input/Output flag
1642 * while 2nd octet is unknown, at least to me
1643 * (mshindo@mshindo.net).
1644 *
1645 * That was what the original tcpdump code did.
1646 *
1647 * FreeBSD's "if_ppp.c" *does* set the first octet to 1 for outbound
1648 * packets and 0 for inbound packets - but only if the
1649 * protocol field has the 0x8000 bit set (i.e., it's a network
1650 * control protocol); it does so before running the packet through
1651 * "bpf_filter" to see if it should be discarded, and to see
1652 * if we should update the time we sent the most recent packet...
1653 *
1654 * ...but it puts the original address field back after doing
1655 * so.
1656 *
1657 * NetBSD's "if_ppp.c" doesn't set the first octet in that fashion.
1658 *
1659 * I don't know if any PPP implementation handed up to a BPF
1660 * device packets with the first octet being 1 for outbound and
1661 * 0 for inbound packets, so I (guy@alum.mit.edu) don't know
1662 * whether that ever needs to be checked or not.
1663 *
1664 * Note that NetBSD has a DLT_PPP_SERIAL, which it uses for PPP,
1665 * and its tcpdump appears to assume that the frame always
1666 * begins with an address field and a control field, and that
1667 * the address field might be 0x0f or 0x8f, for Cisco
1668 * point-to-point with HDLC framing as per section 4.3.1 of RFC
1669 * 1547, as well as 0xff, for PPP in HDLC-like framing as per
1670 * RFC 1662.
1671 *
1672 * (Is the Cisco framing in question what DLT_C_HDLC, in
1673 * BSD/OS, is?)
1674 */
1675 if (ndo->ndo_eflag)
1676 ND_PRINT("%c %4d %02x ", GET_U_1(p) ? 'O' : 'I',
1677 length, GET_U_1(p + 1));
1678 #endif
1679
1680 ppp_print(ndo, p, length);
1681
1682 return (0);
1683 }
1684
1685 /*
1686 * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
1687 * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
1688 * is being used (i.e., we don't check for PPP_ADDRESS and PPP_CONTROL,
1689 * discard them *if* those are the first two octets, and parse the remaining
1690 * packet as a PPP packet, as "ppp_print()" does).
1691 *
1692 * This handles, for example, DLT_PPP_SERIAL in NetBSD.
1693 */
1694 u_int
1695 ppp_hdlc_if_print(netdissect_options *ndo,
1696 const struct pcap_pkthdr *h, const u_char *p)
1697 {
1698 u_int length = h->len;
1699 u_int caplen = h->caplen;
1700 u_int proto;
1701 u_int hdrlen = 0;
1702
1703 ndo->ndo_protocol = "ppp_hdlc_if";
1704 if (caplen < 2) {
1705 nd_print_trunc(ndo);
1706 return (caplen);
1707 }
1708
1709 switch (GET_U_1(p)) {
1710
1711 case PPP_ADDRESS:
1712 if (caplen < 4) {
1713 nd_print_trunc(ndo);
1714 return (caplen);
1715 }
1716
1717 if (ndo->ndo_eflag)
1718 ND_PRINT("%02x %02x %u ", GET_U_1(p),
1719 GET_U_1(p + 1), length);
1720 p += 2;
1721 length -= 2;
1722 hdrlen += 2;
1723
1724 proto = GET_BE_U_2(p);
1725 p += 2;
1726 length -= 2;
1727 hdrlen += 2;
1728 ND_PRINT("%s: ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto));
1729
1730 handle_ppp(ndo, proto, p, length);
1731 break;
1732
1733 case CHDLC_UNICAST:
1734 case CHDLC_BCAST:
1735 return (chdlc_if_print(ndo, h, p));
1736
1737 default:
1738 if (caplen < 4) {
1739 nd_print_trunc(ndo);
1740 return (caplen);
1741 }
1742
1743 if (ndo->ndo_eflag)
1744 ND_PRINT("%02x %02x %u ", GET_U_1(p),
1745 GET_U_1(p + 1), length);
1746 p += 2;
1747 hdrlen += 2;
1748
1749 /*
1750 * XXX - NetBSD's "ppp_netbsd_serial_if_print()" treats
1751 * the next two octets as an Ethernet type; does that
1752 * ever happen?
1753 */
1754 ND_PRINT("unknown addr %02x; ctrl %02x", GET_U_1(p),
1755 GET_U_1(p + 1));
1756 break;
1757 }
1758
1759 return (hdrlen);
1760 }
1761
1762 #define PPP_BSDI_HDRLEN 24
1763
1764 /* BSD/OS specific PPP printer */
1765 u_int
1766 ppp_bsdos_if_print(netdissect_options *ndo _U_,
1767 const struct pcap_pkthdr *h _U_, const u_char *p _U_)
1768 {
1769 u_int hdrlength;
1770 #ifdef __bsdi__
1771 u_int length = h->len;
1772 u_int caplen = h->caplen;
1773 uint16_t ptype;
1774 uint8_t llhl;
1775 const u_char *q;
1776 u_int i;
1777
1778 ndo->ndo_protocol = "ppp_bsdos_if";
1779 if (caplen < PPP_BSDI_HDRLEN) {
1780 nd_print_trunc(ndo);
1781 return (caplen);
1782 }
1783
1784 hdrlength = 0;
1785
1786 #if 0
1787 if (GET_U_1(p) == PPP_ADDRESS &&
1788 GET_U_1(p + 1) == PPP_CONTROL) {
1789 if (ndo->ndo_eflag)
1790 ND_PRINT("%02x %02x ", GET_U_1(p),
1791 GET_U_1(p + 1));
1792 p += 2;
1793 hdrlength = 2;
1794 }
1795
1796 if (ndo->ndo_eflag)
1797 ND_PRINT("%u ", length);
1798 /* Retrieve the protocol type */
1799 if (GET_U_1(p) & 01) {
1800 /* Compressed protocol field */
1801 ptype = GET_U_1(p);
1802 if (ndo->ndo_eflag)
1803 ND_PRINT("%02x ", ptype);
1804 p++;
1805 hdrlength += 1;
1806 } else {
1807 /* Un-compressed protocol field */
1808 ptype = GET_BE_U_2(p);
1809 if (ndo->ndo_eflag)
1810 ND_PRINT("%04x ", ptype);
1811 p += 2;
1812 hdrlength += 2;
1813 }
1814 #else
1815 ptype = 0; /*XXX*/
1816 if (ndo->ndo_eflag)
1817 ND_PRINT("%c ", GET_U_1(p + SLC_DIR) ? 'O' : 'I');
1818 llhl = GET_U_1(p + SLC_LLHL);
1819 if (llhl) {
1820 /* link level header */
1821 struct ppp_header *ph;
1822
1823 q = p + SLC_BPFHDRLEN;
1824 ph = (struct ppp_header *)q;
1825 if (ph->phdr_addr == PPP_ADDRESS
1826 && ph->phdr_ctl == PPP_CONTROL) {
1827 if (ndo->ndo_eflag)
1828 ND_PRINT("%02x %02x ", GET_U_1(q),
1829 GET_U_1(q + 1));
1830 ptype = GET_BE_U_2(&ph->phdr_type);
1831 if (ndo->ndo_eflag && (ptype == PPP_VJC || ptype == PPP_VJNC)) {
1832 ND_PRINT("%s ", tok2str(ppptype2str,
1833 "proto-#%u", ptype));
1834 }
1835 } else {
1836 if (ndo->ndo_eflag) {
1837 ND_PRINT("LLH=[");
1838 for (i = 0; i < llhl; i++)
1839 ND_PRINT("%02x", GET_U_1(q + i));
1840 ND_PRINT("] ");
1841 }
1842 }
1843 }
1844 if (ndo->ndo_eflag)
1845 ND_PRINT("%u ", length);
1846 if (GET_U_1(p + SLC_CHL)) {
1847 q = p + SLC_BPFHDRLEN + llhl;
1848
1849 switch (ptype) {
1850 case PPP_VJC:
1851 ptype = vjc_print(ndo, q, ptype);
1852 hdrlength = PPP_BSDI_HDRLEN;
1853 p += hdrlength;
1854 switch (ptype) {
1855 case PPP_IP:
1856 ip_print(ndo, p, length);
1857 break;
1858 case PPP_IPV6:
1859 ip6_print(ndo, p, length);
1860 break;
1861 case PPP_MPLS_UCAST:
1862 case PPP_MPLS_MCAST:
1863 mpls_print(ndo, p, length);
1864 break;
1865 }
1866 goto printx;
1867 case PPP_VJNC:
1868 ptype = vjc_print(ndo, q, ptype);
1869 hdrlength = PPP_BSDI_HDRLEN;
1870 p += hdrlength;
1871 switch (ptype) {
1872 case PPP_IP:
1873 ip_print(ndo, p, length);
1874 break;
1875 case PPP_IPV6:
1876 ip6_print(ndo, p, length);
1877 break;
1878 case PPP_MPLS_UCAST:
1879 case PPP_MPLS_MCAST:
1880 mpls_print(ndo, p, length);
1881 break;
1882 }
1883 goto printx;
1884 default:
1885 if (ndo->ndo_eflag) {
1886 ND_PRINT("CH=[");
1887 for (i = 0; i < llhl; i++)
1888 ND_PRINT("%02x",
1889 GET_U_1(q + i));
1890 ND_PRINT("] ");
1891 }
1892 break;
1893 }
1894 }
1895
1896 hdrlength = PPP_BSDI_HDRLEN;
1897 #endif
1898
1899 length -= hdrlength;
1900 p += hdrlength;
1901
1902 switch (ptype) {
1903 case PPP_IP:
1904 ip_print(p, length);
1905 break;
1906 case PPP_IPV6:
1907 ip6_print(ndo, p, length);
1908 break;
1909 case PPP_MPLS_UCAST:
1910 case PPP_MPLS_MCAST:
1911 mpls_print(ndo, p, length);
1912 break;
1913 default:
1914 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", ptype));
1915 }
1916
1917 printx:
1918 #else /* __bsdi */
1919 hdrlength = 0;
1920 #endif /* __bsdi__ */
1921 return (hdrlength);
1922 }
[mirror] the TCPdump network dissector