]> The Tcpdump Group git mirrors - tcpdump/blob - print-gre.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CI: Add warning exemptions for Sun C (suncc-5.14) on Solaris 10
[tcpdump] / print-gre.c
1 /* $OpenBSD: print-gre.c,v 1.6 2002/10/30 03:04:04 fgsch Exp $ */
2
3 /*
4 * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /* \summary: Generic Routing Encapsulation (GRE) printer */
30
31 /*
32 * netdissect printer for GRE - Generic Routing Encapsulation
33 * RFC 1701 (GRE), RFC 1702 (GRE IPv4), RFC 2637 (PPTP, which
34 * has an extended form of GRE), RFC 2784 (revised GRE, with
35 * R, K, S, and s bits and Recur and Offset fields now reserved
36 * in the header, and no optional Key or Sequence number in the
37 * header), and RFC 2890 (proposal to add back the K and S bits
38 * and the optional Key and Sequence number).
39 *
40 * The RFC 2637 PPTP GRE repurposes the Key field to hold a
41 * 16-bit Payload Length and a 16-bit Call ID.
42 *
43 * RFC 7637 (NVGRE) repurposes the Key field to hold a 24-bit
44 * Virtual Subnet ID (VSID) and an 8-bit FlowID.
45 */
46
47 #include <config.h>
48
49 #include "netdissect-stdinc.h"
50
51 #define ND_LONGJMP_FROM_TCHECK
52 #include "netdissect.h"
53 #include "addrtostr.h"
54 #include "extract.h"
55 #include "ethertype.h"
56 #include "gre.h"
57
58 static const struct tok gre_flag_values[] = {
59 { GRE_CP, "checksum present"},
60 { GRE_RP, "routing present"},
61 { GRE_KP, "key present"},
62 { GRE_SP, "sequence# present"},
63 { GRE_sP, "source routing present"},
64 { GRE_AP, "ack present"},
65 { 0, NULL }
66 };
67
68 #define GRE_RECRS_MASK 0x0700 /* recursion count */
69 #define GRE_VERS_MASK 0x0007 /* protocol version */
70
71 /* source route entry types */
72 #define GRESRE_IP 0x0800 /* IP */
73 #define GRESRE_ASN 0xfffe /* ASN */
74
75 /*
76 * Ethertype values used for GRE (but not elsewhere?).
77 */
78 #define GRE_CDP 0x2000 /* Cisco Discovery Protocol */
79 #define GRE_NHRP 0x2001 /* Next Hop Resolution Protocol */
80 #define GRE_MIKROTIK_EOIP 0x6400 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
81 #define GRE_ERSPAN_III 0x22eb
82 #define GRE_WCCP 0x883e /* Web Cache C* Protocol */
83 #define GRE_ERSPAN_I_II 0x88be
84
85 struct wccp_redirect {
86 nd_uint8_t flags;
87 #define WCCP_T (1 << 7)
88 #define WCCP_A (1 << 6)
89 #define WCCP_U (1 << 5)
90 nd_uint8_t ServiceId;
91 nd_uint8_t AltBucket;
92 nd_uint8_t PriBucket;
93 };
94
95 static void gre_print_0(netdissect_options *, const u_char *, u_int);
96 static void gre_print_1(netdissect_options *, const u_char *, u_int);
97 static int gre_sre_print(netdissect_options *, uint16_t, uint8_t, uint8_t, const u_char *, u_int);
98 static int gre_sre_ip_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
99 static int gre_sre_asn_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
100
101 void
102 gre_print(netdissect_options *ndo, const u_char *bp, u_int length)
103 {
104 u_int vers;
105
106 ndo->ndo_protocol = "gre";
107 nd_print_protocol_caps(ndo);
108 ND_ICHECK_U(length, <, 2);
109 vers = GET_BE_U_2(bp) & GRE_VERS_MASK;
110 ND_PRINT("v%u",vers);
111
112 switch(vers) {
113 case 0:
114 gre_print_0(ndo, bp, length);
115 break;
116 case 1:
117 gre_print_1(ndo, bp, length);
118 break;
119 default:
120 ND_PRINT(" ERROR: unknown-version");
121 break;
122 }
123 return;
124
125 invalid:
126 nd_print_invalid(ndo);
127 }
128
129 static void
130 gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length)
131 {
132 u_int len = length;
133 uint16_t flags, prot;
134
135 ND_ICHECK_U(len, <, 2);
136 flags = GET_BE_U_2(bp);
137 if (ndo->ndo_vflag)
138 ND_PRINT(", Flags [%s]",
139 bittok2str(gre_flag_values,"none",flags));
140
141 len -= 2;
142 bp += 2;
143
144 ND_ICHECK_U(len, <, 2);
145 prot = GET_BE_U_2(bp);
146 len -= 2;
147 bp += 2;
148
149 if ((flags & GRE_CP) | (flags & GRE_RP)) {
150 uint16_t sum;
151
152 ND_ICHECK_U(len, <, 2);
153 sum = GET_BE_U_2(bp);
154 if (ndo->ndo_vflag)
155 ND_PRINT(", sum 0x%x", sum);
156 bp += 2;
157 len -= 2;
158
159 ND_ICHECK_U(len, <, 2);
160 ND_PRINT(", off 0x%x", GET_BE_U_2(bp));
161 bp += 2;
162 len -= 2;
163 }
164
165 if (flags & GRE_KP) {
166 uint32_t key;
167
168 ND_ICHECK_U(len, <, 4);
169 key = GET_BE_U_4(bp);
170 bp += 4;
171 len -= 4;
172
173 /*
174 * OpenBSD shows this as both a 32-bit
175 * (decimal) key value and a VSID+FlowID
176 * pair, with the VSID in decimal and
177 * the FlowID in hex, as key=<Key>|<VSID>+<FlowID>,
178 * in case this is NVGRE.
179 */
180 ND_PRINT(", key=0x%x", key);
181 }
182
183 if (flags & GRE_SP) {
184 ND_ICHECK_U(len, <, 4);
185 ND_PRINT(", seq %u", GET_BE_U_4(bp));
186 bp += 4;
187 len -= 4;
188 }
189
190 if (flags & GRE_RP) {
191 for (;;) {
192 uint16_t af;
193 uint8_t sreoff;
194 uint8_t srelen;
195
196 ND_ICHECK_U(len, <, 4);
197 af = GET_BE_U_2(bp);
198 sreoff = GET_U_1(bp + 2);
199 srelen = GET_U_1(bp + 3);
200 bp += 4;
201 len -= 4;
202
203 if (af == 0 && srelen == 0)
204 break;
205
206 if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len))
207 goto invalid;
208
209 ND_ICHECK_U(len, <, srelen);
210 bp += srelen;
211 len -= srelen;
212 }
213 }
214
215 if (ndo->ndo_eflag)
216 ND_PRINT(", proto %s (0x%04x)",
217 tok2str(ethertype_values,"unknown",prot), prot);
218
219 ND_PRINT(", length %u",length);
220
221 if (ndo->ndo_vflag < 1)
222 ND_PRINT(": "); /* put in a colon as protocol demarc */
223 else
224 ND_PRINT("\n\t"); /* if verbose go multiline */
225
226 switch (prot) {
227 case 0x0000:
228 /*
229 * 0x0000 is reserved, but Cisco, at least, appears to
230 * use it for keep-alives; see, for example,
231 * https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html#anc1
232 */
233 ND_PRINT("keep-alive");
234 break;
235 case GRE_WCCP:
236 /*
237 * This is a bit weird.
238 *
239 * This may either just mean "IPv4" or it may mean
240 * "IPv4 preceded by a WCCP redirect header". We
241 * check to see if the first octet looks like the
242 * beginning of an IPv4 header and, if not, dissect
243 * it "IPv4 preceded by a WCCP redirect header",
244 * otherwise we dissect it as just IPv4.
245 *
246 * See "Packet redirection" in draft-forster-wrec-wccp-v1-00,
247 * section 4.12 "Traffic Forwarding" in
248 * draft-wilson-wrec-wccp-v2-01, and section 3.12.1
249 * "Forwarding using GRE Encapsulation" in
250 * draft-param-wccp-v2rev1-01.
251 */
252 ND_PRINT("wccp ");
253
254 ND_ICHECK_U(len, <, 1);
255 if (GET_U_1(bp) >> 4 != 4) {
256 /*
257 * First octet isn't 0x4*, so it's not IPv4.
258 */
259 const struct wccp_redirect *wccp;
260 uint8_t wccp_flags;
261
262 ND_ICHECK_ZU(len, <, sizeof(*wccp));
263 wccp = (const struct wccp_redirect *)bp;
264 wccp_flags = GET_U_1(wccp->flags);
265
266 ND_PRINT("T:%c A:%c U:%c SId:%u Alt:%u Pri:%u",
267 (wccp_flags & WCCP_T) ? '1' : '0',
268 (wccp_flags & WCCP_A) ? '1' : '0',
269 (wccp_flags & WCCP_U) ? '1' : '0',
270 GET_U_1(wccp->ServiceId),
271 GET_U_1(wccp->AltBucket),
272 GET_U_1(wccp->PriBucket));
273
274 bp += sizeof(*wccp);
275 len -= sizeof(*wccp);
276
277 ND_PRINT(": ");
278 }
279 /* FALLTHROUGH */
280 case ETHERTYPE_IP:
281 ip_print(ndo, bp, len);
282 break;
283 case ETHERTYPE_IPV6:
284 ip6_print(ndo, bp, len);
285 break;
286 case ETHERTYPE_MPLS:
287 case ETHERTYPE_MPLS_MULTI:
288 mpls_print(ndo, bp, len);
289 break;
290 case ETHERTYPE_IPX:
291 ipx_print(ndo, bp, len);
292 break;
293 case ETHERTYPE_ATALK:
294 atalk_print(ndo, bp, len);
295 break;
296 case ETHERTYPE_GRE_ISO:
297 isoclns_print(ndo, bp, len);
298 break;
299 case ETHERTYPE_TEB:
300 ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
301 break;
302 case ETHERTYPE_NSH:
303 nsh_print(ndo, bp, len);
304 break;
305 case GRE_ERSPAN_I_II:
306 erspan_i_ii_print(ndo, flags, bp, len);
307 break;
308 case GRE_ERSPAN_III:
309 erspan_iii_print(ndo, bp, len);
310 break;
311 case GRE_CDP:
312 cdp_print(ndo, bp, len);
313 break;
314 case GRE_NHRP:
315 nhrp_print(ndo, bp, len);
316 break;
317 default:
318 ND_PRINT("gre-proto-0x%x", prot);
319 }
320 return;
321
322 invalid:
323 nd_print_invalid(ndo);
324 }
325
326 static void
327 gre_print_1(netdissect_options *ndo, const u_char *bp, u_int length)
328 {
329 u_int len = length;
330 uint16_t flags, prot;
331
332 ND_ICHECK_U(len, <, 2);
333 flags = GET_BE_U_2(bp);
334 len -= 2;
335 bp += 2;
336
337 if (ndo->ndo_vflag)
338 ND_PRINT(", Flags [%s]",
339 bittok2str(gre_flag_values,"none",flags));
340
341 ND_ICHECK_U(len, <, 2);
342 prot = GET_BE_U_2(bp);
343 len -= 2;
344 bp += 2;
345
346 /*
347 * This version is used for two purposes:
348 *
349 * RFC 2637 PPTP;
350 * Some Mikrotik Ethernet-over-IP hack.
351 */
352 switch (prot) {
353 case GRE_MIKROTIK_EOIP:
354 /*
355 * The MikroTik hack uses only the key field, and uses it
356 * for its own purposes. If anything other than the version
357 * and K bit are set, report an error and give up.
358 */
359 if ((flags & ~GRE_VERS_MASK) != GRE_KP) {
360 ND_PRINT(" unknown-eoip-flags-%04x!", flags);
361 return;
362 }
363 break;
364 default:
365 /*
366 * XXX - what should we do if it's not ETHERTYPE_PPP?
367 */
368 break;
369 }
370
371 if (flags & GRE_KP) {
372 /* Skip payload length? */
373 ND_ICHECK_U(len, <, 2);
374 ND_TCHECK_2(bp);
375 len -= 2;
376 bp += 2;
377
378 ND_ICHECK_U(len, <, 2);
379 if (prot == GRE_MIKROTIK_EOIP) {
380 /* Non-standard */
381 ND_PRINT(", tunnel-id %u", GET_BE_U_2(bp));
382 } else
383 ND_PRINT(", call %u", GET_BE_U_2(bp));
384 len -= 2;
385 bp += 2;
386 } else
387 ND_PRINT(", (ERROR: K flag not set)");
388
389 if (flags & GRE_SP) {
390 ND_ICHECK_U(len, <, 4);
391 ND_PRINT(", seq %u", GET_BE_U_4(bp));
392 bp += 4;
393 len -= 4;
394 }
395
396 if (flags & GRE_AP) {
397 ND_ICHECK_U(len, <, 4);
398 ND_PRINT(", ack %u", GET_BE_U_4(bp));
399 bp += 4;
400 len -= 4;
401 }
402
403 /*
404 * More non-standard EoIP behavior.
405 */
406 if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
407 ND_PRINT(", no-payload");
408
409 if (ndo->ndo_eflag)
410 ND_PRINT(", proto %s (0x%04x)",
411 tok2str(ethertype_values,"unknown",prot), prot);
412
413 ND_PRINT(", length %u",length);
414
415 /*
416 * More non-standard EoIP behavior.
417 */
418 if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
419 return;
420
421 if (ndo->ndo_vflag < 1)
422 ND_PRINT(": "); /* put in a colon as protocol demarc */
423 else
424 ND_PRINT("\n\t"); /* if verbose go multiline */
425
426 switch (prot) {
427 case ETHERTYPE_PPP:
428 ppp_print(ndo, bp, len);
429 break;
430 case GRE_MIKROTIK_EOIP:
431 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
432 if (len == 0)
433 ND_PRINT("keepalive");
434 else
435 ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
436 break;
437 default:
438 ND_PRINT("gre-proto-0x%x", prot);
439 break;
440 }
441 return;
442
443 invalid:
444 nd_print_invalid(ndo);
445 }
446
447 static int
448 gre_sre_print(netdissect_options *ndo, uint16_t af, uint8_t sreoff,
449 uint8_t srelen, const u_char *bp, u_int len)
450 {
451 int ret;
452
453 switch (af) {
454 case GRESRE_IP:
455 ND_PRINT(", (rtaf=ip");
456 ret = gre_sre_ip_print(ndo, sreoff, srelen, bp, len);
457 ND_PRINT(")");
458 break;
459 case GRESRE_ASN:
460 ND_PRINT(", (rtaf=asn");
461 ret = gre_sre_asn_print(ndo, sreoff, srelen, bp, len);
462 ND_PRINT(")");
463 break;
464 default:
465 ND_PRINT(", (rtaf=0x%x)", af);
466 ret = 1;
467 }
468 return (ret);
469 }
470
471 static int
472 gre_sre_ip_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
473 const u_char *bp, u_int len)
474 {
475 const u_char *up = bp;
476 char buf[INET_ADDRSTRLEN];
477
478 if (sreoff & 3) {
479 ND_PRINT(", badoffset=%u", sreoff);
480 goto invalid;
481 }
482 if (srelen & 3) {
483 ND_PRINT(", badlength=%u", srelen);
484 goto invalid;
485 }
486 if (sreoff >= srelen) {
487 ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
488 goto invalid;
489 }
490
491 while (srelen != 0) {
492 ND_ICHECK_U(len, <, 4);
493
494 ND_TCHECK_LEN(bp, sizeof(nd_ipv4));
495 addrtostr(bp, buf, sizeof(buf));
496 ND_PRINT(" %s%s",
497 ((bp - up) == sreoff) ? "*" : "", buf);
498
499 bp += 4;
500 len -= 4;
501 srelen -= 4;
502 }
503 return 1;
504
505 invalid:
506 return 0;
507 }
508
509 static int
510 gre_sre_asn_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
511 const u_char *bp, u_int len)
512 {
513 const u_char *up = bp;
514
515 if (sreoff & 1) {
516 ND_PRINT(", badoffset=%u", sreoff);
517 goto invalid;
518 }
519 if (srelen & 1) {
520 ND_PRINT(", badlength=%u", srelen);
521 goto invalid;
522 }
523 if (sreoff >= srelen) {
524 ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
525 goto invalid;
526 }
527
528 while (srelen != 0) {
529 ND_ICHECK_U(len, <, 2);
530
531 ND_PRINT(" %s%x",
532 ((bp - up) == sreoff) ? "*" : "", GET_BE_U_2(bp));
533
534 bp += 2;
535 len -= 2;
536 srelen -= 2;
537 }
538 return 1;
539
540 invalid:
541 return 0;
542 }
[mirror] the TCPdump network dissector