]> The Tcpdump Group git mirrors - tcpdump/blob - print-gre.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
gre: add support for MikroTik Ethernet-over-IP hack.
[tcpdump] / print-gre.c
1 /* $OpenBSD: print-gre.c,v 1.6 2002/10/30 03:04:04 fgsch Exp $ */
2
3 /*
4 * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /* \summary: Generic Routing Encapsulation (GRE) printer */
30
31 /*
32 * netdissect printer for GRE - Generic Routing Encapsulation
33 * RFC 1701 (GRE), RFC 1702 (GRE IPv4), RFC 2637 (PPTP, which
34 * has an extended form of GRE), RFC 2784 (revised GRE, with
35 * R, K, S, and s bits and Recur and Offset fields now reserved
36 * in the header, and no optional Key or Sequence number in the
37 * header), and RFC 2890 (proposal to add back the K and S bits
38 * and the optional Key and Sequence number).
39 *
40 * The RFC 2637 PPTP GRE repurposes the Key field to hold a
41 * 16-bit Payload Length and a 16-bit Call ID.
42 *
43 * RFC 7637 (NVGRE) repurposes the Key field to hold a 24-bit
44 * Virtual Subnet ID (VSID) and an 8-bit FlowID.
45 */
46
47 #ifdef HAVE_CONFIG_H
48 #include <config.h>
49 #endif
50
51 #include "netdissect-stdinc.h"
52
53 #define ND_LONGJMP_FROM_TCHECK
54 #include "netdissect.h"
55 #include "addrtostr.h"
56 #include "extract.h"
57 #include "ethertype.h"
58
59
60 #define GRE_CP 0x8000 /* checksum present */
61 #define GRE_RP 0x4000 /* routing present */
62 #define GRE_KP 0x2000 /* key present */
63 #define GRE_SP 0x1000 /* sequence# present */
64 #define GRE_sP 0x0800 /* source routing */
65 #define GRE_AP 0x0080 /* acknowledgment# present */
66
67 static const struct tok gre_flag_values[] = {
68 { GRE_CP, "checksum present"},
69 { GRE_RP, "routing present"},
70 { GRE_KP, "key present"},
71 { GRE_SP, "sequence# present"},
72 { GRE_sP, "source routing present"},
73 { GRE_AP, "ack present"},
74 { 0, NULL }
75 };
76
77 #define GRE_RECRS_MASK 0x0700 /* recursion count */
78 #define GRE_VERS_MASK 0x0007 /* protocol version */
79
80 /* source route entry types */
81 #define GRESRE_IP 0x0800 /* IP */
82 #define GRESRE_ASN 0xfffe /* ASN */
83
84 /*
85 * Ethertype values used for GRE (but not elsewhere?).
86 */
87 #define GRE_CDP 0x2000 /* Cisco Discovery Protocol */
88 #define GRE_NHRP 0x2001 /* Next Hop Resolution Protocol */
89 #define GRE_MIKROTIK_EOIP 0x6400 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
90 #define GRE_ERSPAN_III 0x22eb
91 #define GRE_WCCP 0x883e /* Web Cache C* Protocol */
92 #define GRE_ERSPAN_I_II 0x88be
93
94 struct wccp_redirect {
95 nd_uint8_t flags;
96 #define WCCP_T (1 << 7)
97 #define WCCP_A (1 << 6)
98 #define WCCP_U (1 << 5)
99 nd_uint8_t ServiceId;
100 nd_uint8_t AltBucket;
101 nd_uint8_t PriBucket;
102 };
103
104 static void gre_print_0(netdissect_options *, const u_char *, u_int);
105 static void gre_print_1(netdissect_options *, const u_char *, u_int);
106 static int gre_sre_print(netdissect_options *, uint16_t, uint8_t, uint8_t, const u_char *, u_int);
107 static int gre_sre_ip_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
108 static int gre_sre_asn_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
109
110 void
111 gre_print(netdissect_options *ndo, const u_char *bp, u_int length)
112 {
113 u_int vers;
114
115 ndo->ndo_protocol = "gre";
116 nd_print_protocol_caps(ndo);
117 ND_ICHECK_U(length, <, 2);
118 vers = GET_BE_U_2(bp) & GRE_VERS_MASK;
119 ND_PRINT("v%u",vers);
120
121 switch(vers) {
122 case 0:
123 gre_print_0(ndo, bp, length);
124 break;
125 case 1:
126 gre_print_1(ndo, bp, length);
127 break;
128 default:
129 ND_PRINT(" ERROR: unknown-version");
130 break;
131 }
132 return;
133
134 invalid:
135 nd_print_invalid(ndo);
136 }
137
138 static void
139 gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length)
140 {
141 u_int len = length;
142 uint16_t flags, prot;
143
144 ND_ICHECK_U(len, <, 2);
145 flags = GET_BE_U_2(bp);
146 if (ndo->ndo_vflag)
147 ND_PRINT(", Flags [%s]",
148 bittok2str(gre_flag_values,"none",flags));
149
150 len -= 2;
151 bp += 2;
152
153 ND_ICHECK_U(len, <, 2);
154 prot = GET_BE_U_2(bp);
155 len -= 2;
156 bp += 2;
157
158 if ((flags & GRE_CP) | (flags & GRE_RP)) {
159 uint16_t sum;
160
161 ND_ICHECK_U(len, <, 2);
162 sum = GET_BE_U_2(bp);
163 if (ndo->ndo_vflag)
164 ND_PRINT(", sum 0x%x", sum);
165 bp += 2;
166 len -= 2;
167
168 ND_ICHECK_U(len, <, 2);
169 ND_PRINT(", off 0x%x", GET_BE_U_2(bp));
170 bp += 2;
171 len -= 2;
172 }
173
174 if (flags & GRE_KP) {
175 uint32_t key;
176
177 ND_ICHECK_U(len, <, 4);
178 key = GET_BE_U_4(bp);
179 bp += 4;
180 len -= 4;
181
182 /*
183 * OpenBSD shows this as both a 32-bit
184 * (decimal) key value and a VSID+FlowID
185 * pair, with the VSID in decimal and
186 * the FlowID in hex, as key=<Key>|<VSID>+<FlowID>,
187 * in case this is NVGRE.
188 */
189 ND_PRINT(", key=0x%x", key);
190 }
191
192 if (flags & GRE_SP) {
193 ND_ICHECK_U(len, <, 4);
194 ND_PRINT(", seq %u", GET_BE_U_4(bp));
195 bp += 4;
196 len -= 4;
197 }
198
199 if (flags & GRE_RP) {
200 for (;;) {
201 uint16_t af;
202 uint8_t sreoff;
203 uint8_t srelen;
204
205 ND_ICHECK_U(len, <, 4);
206 af = GET_BE_U_2(bp);
207 sreoff = GET_U_1(bp + 2);
208 srelen = GET_U_1(bp + 3);
209 bp += 4;
210 len -= 4;
211
212 if (af == 0 && srelen == 0)
213 break;
214
215 if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len))
216 goto invalid;
217
218 ND_ICHECK_U(len, <, srelen);
219 bp += srelen;
220 len -= srelen;
221 }
222 }
223
224 if (ndo->ndo_eflag)
225 ND_PRINT(", proto %s (0x%04x)",
226 tok2str(ethertype_values,"unknown",prot), prot);
227
228 ND_PRINT(", length %u",length);
229
230 if (ndo->ndo_vflag < 1)
231 ND_PRINT(": "); /* put in a colon as protocol demarc */
232 else
233 ND_PRINT("\n\t"); /* if verbose go multiline */
234
235 switch (prot) {
236 case 0x0000:
237 /*
238 * 0x0000 is reserved, but Cisco, at least, appears to
239 * use it for keep-alives; see, for example,
240 * https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html#anc1
241 */
242 printf("keep-alive");
243 break;
244 case GRE_WCCP:
245 /*
246 * This is a bit weird.
247 *
248 * This may either just mean "IPv4" or it may mean
249 * "IPv4 preceded by a WCCP redirect header". We
250 * check to see if the first octet looks like the
251 * beginning of an IPv4 header and, if not, dissect
252 * it "IPv4 preceded by a WCCP redirect header",
253 * otherwise we dissect it as just IPv4.
254 *
255 * See "Packet redirection" in draft-forster-wrec-wccp-v1-00,
256 * section 4.12 "Traffic Forwarding" in
257 * draft-wilson-wrec-wccp-v2-01, and section 3.12.1
258 * "Forwarding using GRE Encapsulation" in
259 * draft-param-wccp-v2rev1-01.
260 */
261 ND_PRINT("wccp ");
262
263 ND_ICHECK_U(len, <, 1);
264 if (GET_U_1(bp) >> 4 != 4) {
265 /*
266 * First octet isn't 0x4*, so it's not IPv4.
267 */
268 const struct wccp_redirect *wccp;
269 uint8_t wccp_flags;
270
271 ND_ICHECK_ZU(len, <, sizeof(*wccp));
272 wccp = (const struct wccp_redirect *)bp;
273 wccp_flags = GET_U_1(wccp->flags);
274
275 ND_PRINT("T:%c A:%c U:%c SId:%u Alt:%u Pri:%u",
276 (wccp_flags & WCCP_T) ? '1' : '0',
277 (wccp_flags & WCCP_A) ? '1' : '0',
278 (wccp_flags & WCCP_U) ? '1' : '0',
279 GET_U_1(wccp->ServiceId),
280 GET_U_1(wccp->AltBucket),
281 GET_U_1(wccp->PriBucket));
282
283 bp += sizeof(*wccp);
284 len -= sizeof(*wccp);
285
286 printf(": ");
287 }
288 /* FALLTHROUGH */
289 case ETHERTYPE_IP:
290 ip_print(ndo, bp, len);
291 break;
292 case ETHERTYPE_IPV6:
293 ip6_print(ndo, bp, len);
294 break;
295 case ETHERTYPE_MPLS:
296 case ETHERTYPE_MPLS_MULTI:
297 mpls_print(ndo, bp, len);
298 break;
299 case ETHERTYPE_IPX:
300 ipx_print(ndo, bp, len);
301 break;
302 case ETHERTYPE_ATALK:
303 atalk_print(ndo, bp, len);
304 break;
305 case ETHERTYPE_GRE_ISO:
306 isoclns_print(ndo, bp, len);
307 break;
308 case ETHERTYPE_TEB:
309 ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
310 break;
311 case ETHERTYPE_NSH:
312 nsh_print(ndo, bp, len);
313 break;
314 case GRE_ERSPAN_I_II:
315 erspan_print(ndo, flags, bp, len);
316 break;
317 case GRE_CDP:
318 cdp_print(ndo, bp, len);
319 break;
320 case GRE_NHRP:
321 nhrp_print(ndo, bp, len);
322 break;
323 default:
324 ND_PRINT("gre-proto-0x%x", prot);
325 }
326 return;
327
328 invalid:
329 nd_print_invalid(ndo);
330 }
331
332 static void
333 gre_print_1(netdissect_options *ndo, const u_char *bp, u_int length)
334 {
335 u_int len = length;
336 uint16_t flags, prot;
337
338 ND_ICHECK_U(len, <, 2);
339 flags = GET_BE_U_2(bp);
340 len -= 2;
341 bp += 2;
342
343 if (ndo->ndo_vflag)
344 ND_PRINT(", Flags [%s]",
345 bittok2str(gre_flag_values,"none",flags));
346
347 ND_ICHECK_U(len, <, 2);
348 prot = GET_BE_U_2(bp);
349 len -= 2;
350 bp += 2;
351
352 /*
353 * This version is used for two purposes:
354 *
355 * RFC 2637 PPTP;
356 * Some Mikrotik Ethernet-over-IP hack.
357 */
358 switch (prot) {
359 case GRE_MIKROTIK_EOIP:
360 /*
361 * The MikroTik hack uses only the key field, and uses it
362 * for its own purposes. If anything other than the version
363 * and K bit are set, report an error and give up.
364 */
365 if ((flags & ~GRE_VERS_MASK) != GRE_KP) {
366 ND_PRINT(" unknown-eoip-flags-%04x!", flags);
367 return;
368 }
369 break;
370 default:
371 /*
372 * XXX - what should we do if it's not ETHERTYPE_PPP?
373 */
374 break;
375 }
376
377 if (flags & GRE_KP) {
378 /* Skip payload length? */
379 ND_ICHECK_U(len, <, 2);
380 ND_TCHECK_LEN(bp, 2);
381 len -= 2;
382 bp += 2;
383
384 ND_ICHECK_U(len, <, 2);
385 if (prot == GRE_MIKROTIK_EOIP) {
386 /* Non-standard */
387 ND_PRINT(", tunnel-id %u", GET_BE_U_2(bp));
388 } else
389 ND_PRINT(", call %u", GET_BE_U_2(bp));
390 len -= 2;
391 bp += 2;
392 } else
393 ND_PRINT(", (ERROR: K flag not set)");
394
395 if (flags & GRE_SP) {
396 ND_ICHECK_U(len, <, 4);
397 ND_PRINT(", seq %u", GET_BE_U_4(bp));
398 bp += 4;
399 len -= 4;
400 }
401
402 if (flags & GRE_AP) {
403 ND_ICHECK_U(len, <, 4);
404 ND_PRINT(", ack %u", GET_BE_U_4(bp));
405 bp += 4;
406 len -= 4;
407 }
408
409 /*
410 * More non-standard EoIP behavior.
411 */
412 if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
413 ND_PRINT(", no-payload");
414
415 if (ndo->ndo_eflag)
416 ND_PRINT(", proto %s (0x%04x)",
417 tok2str(ethertype_values,"unknown",prot), prot);
418
419 ND_PRINT(", length %u",length);
420
421 /*
422 * More non-standard EoIP behavior.
423 */
424 if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
425 return;
426
427 if (ndo->ndo_vflag < 1)
428 ND_PRINT(": "); /* put in a colon as protocol demarc */
429 else
430 ND_PRINT("\n\t"); /* if verbose go multiline */
431
432 switch (prot) {
433 case ETHERTYPE_PPP:
434 ppp_print(ndo, bp, len);
435 break;
436 case GRE_MIKROTIK_EOIP:
437 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
438 if (len == 0)
439 ND_PRINT("keepalive");
440 else
441 ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
442 break;
443 default:
444 ND_PRINT("gre-proto-0x%x", prot);
445 break;
446 }
447 return;
448
449 invalid:
450 nd_print_invalid(ndo);
451 }
452
453 static int
454 gre_sre_print(netdissect_options *ndo, uint16_t af, uint8_t sreoff,
455 uint8_t srelen, const u_char *bp, u_int len)
456 {
457 int ret;
458
459 switch (af) {
460 case GRESRE_IP:
461 ND_PRINT(", (rtaf=ip");
462 ret = gre_sre_ip_print(ndo, sreoff, srelen, bp, len);
463 ND_PRINT(")");
464 break;
465 case GRESRE_ASN:
466 ND_PRINT(", (rtaf=asn");
467 ret = gre_sre_asn_print(ndo, sreoff, srelen, bp, len);
468 ND_PRINT(")");
469 break;
470 default:
471 ND_PRINT(", (rtaf=0x%x)", af);
472 ret = 1;
473 }
474 return (ret);
475 }
476
477 static int
478 gre_sre_ip_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
479 const u_char *bp, u_int len)
480 {
481 const u_char *up = bp;
482 char buf[INET_ADDRSTRLEN];
483
484 if (sreoff & 3) {
485 ND_PRINT(", badoffset=%u", sreoff);
486 goto invalid;
487 }
488 if (srelen & 3) {
489 ND_PRINT(", badlength=%u", srelen);
490 goto invalid;
491 }
492 if (sreoff >= srelen) {
493 ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
494 goto invalid;
495 }
496
497 while (srelen != 0) {
498 ND_ICHECK_U(len, <, 4);
499
500 ND_TCHECK_LEN(bp, sizeof(nd_ipv4));
501 addrtostr(bp, buf, sizeof(buf));
502 ND_PRINT(" %s%s",
503 ((bp - up) == sreoff) ? "*" : "", buf);
504
505 bp += 4;
506 len -= 4;
507 srelen -= 4;
508 }
509 return 1;
510
511 invalid:
512 return 0;
513 }
514
515 static int
516 gre_sre_asn_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
517 const u_char *bp, u_int len)
518 {
519 const u_char *up = bp;
520
521 if (sreoff & 1) {
522 ND_PRINT(", badoffset=%u", sreoff);
523 goto invalid;
524 }
525 if (srelen & 1) {
526 ND_PRINT(", badlength=%u", srelen);
527 goto invalid;
528 }
529 if (sreoff >= srelen) {
530 ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
531 goto invalid;
532 }
533
534 while (srelen != 0) {
535 ND_ICHECK_U(len, <, 2);
536
537 ND_PRINT(" %s%x",
538 ((bp - up) == sreoff) ? "*" : "", GET_BE_U_2(bp));
539
540 bp += 2;
541 len -= 2;
542 srelen -= 2;
543 }
544 return 1;
545
546 invalid:
547 return 0;
548 }
[mirror] the TCPdump network dissector