]> The Tcpdump Group git mirrors - tcpdump/blob - print-cdp.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add bounds checking.
[tcpdump] / print-cdp.c
1 /*
2 * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Code by Gert Doering, SpaceNet GmbH, gert@space.net
22 *
23 * Reference documentation:
24 * http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm
25 */
26
27 #ifndef lint
28 static const char rcsid[] _U_ =
29 "@(#) $Header: /tcpdump/master/tcpdump/print-cdp.c,v 1.23 2004-03-24 00:41:13 guy Exp $";
30 #endif
31
32 #ifdef HAVE_CONFIG_H
33 #include "config.h"
34 #endif
35
36 #include <tcpdump-stdinc.h>
37
38 #include <stdio.h>
39 #include <string.h>
40
41 #include "interface.h"
42 #include "addrtoname.h"
43 #include "extract.h" /* must come after interface.h */
44
45 #define CDP_HEADER_LEN 4
46
47 static struct tok cdp_tlv_values[] = {
48 { 0x01, "Device-ID"},
49 { 0x02, "Address"},
50 { 0x03, "Port-ID"},
51 { 0x04, "Capability"},
52 { 0x05, "Version String"},
53 { 0x06, "Platform"},
54 { 0x07, "Prefixes"},
55 { 0x08, "Protocol-Hello option"},
56 { 0x09, "VTP Management Domain"},
57 { 0x0a, "Native VLAN ID"},
58 { 0x0b, "Duplex"},
59 { 0x0e, "ATA-186 VoIP VLAN request"},
60 { 0x0f, "ATA-186 VoIP VLAN assignment"},
61 { 0x10, "power consumption"},
62 { 0x11, "MTU"},
63 { 0x12, "AVVID trust bitmap"},
64 { 0x13, "AVVID untrusted ports CoS"},
65 { 0x14, "System Name"},
66 { 0x15, "System Object ID (not decoded)"},
67 { 0x16, "Management Addresses"},
68 { 0x17, "Physical Location"},
69 { 0, NULL}
70 };
71
72 static struct tok cdp_capability_values[] = {
73 { 0x01, "Router" },
74 { 0x02, "Transparent Bridge" },
75 { 0x04, "Source Route Bridge" },
76 { 0x08, "L2 Switch" },
77 { 0x10, "L3 capable" },
78 { 0x20, "IGMP snooping" },
79 { 0x40, "L1 capable" },
80 { 0, NULL }
81 };
82
83 static int cdp_print_addr(const u_char *, int);
84 static int cdp_print_prefixes(const u_char *, int);
85 static unsigned long cdp_get_number(const u_char *, int);
86
87 void
88 cdp_print(const u_char *pptr, u_int length, u_int caplen)
89 {
90 int type, len, i, j;
91 const u_char *tptr;
92
93 if (caplen < CDP_HEADER_LEN) {
94 (void)printf("[|cdp]");
95 return;
96 }
97
98 tptr = pptr; /* temporary pointer */
99
100 if (!TTEST2(*tptr, CDP_HEADER_LEN))
101 goto trunc;
102 printf("CDPv%u, ttl: %us", *tptr, *(tptr+1));
103 if (vflag)
104 printf(", checksum: %u (unverified), length %u", EXTRACT_16BITS(tptr), length);
105 tptr += CDP_HEADER_LEN;
106
107 while (tptr < (pptr+length)) {
108
109 if (!TTEST2(*tptr, 4)) /* read out Type and Length */
110 goto trunc;
111 type = EXTRACT_16BITS(tptr);
112 len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */
113 tptr += 4;
114 len -= 4;
115
116 if (!TTEST2(*tptr, len))
117 goto trunc;
118
119 if (vflag || type == 1) { /* in non-verbose mode just print Device-ID */
120
121 if (vflag)
122 printf("\n\t%s (0x%02x), length: %u byte%s: ",
123 tok2str(cdp_tlv_values,"unknown field type", type),
124 type,
125 len,
126 len>1 ? "s" : ""); /* plural */
127
128 switch (type) {
129
130 case 0x01: /* Device-ID */
131 if (!vflag)
132 printf(", Device-ID '%.*s'", len, tptr);
133 else
134 printf("'%.*s'", len, tptr);
135 break;
136 case 0x02: /* Address */
137 if (cdp_print_addr(tptr, len) < 0)
138 goto trunc;
139 break;
140 case 0x03: /* Port-ID */
141 printf("'%.*s'", len, tptr);
142 break;
143 case 0x04: /* Capabilities */
144 printf("(0x%08x): %s",
145 EXTRACT_32BITS(tptr),
146 bittok2str(cdp_capability_values, "none",EXTRACT_32BITS(tptr)));
147 break;
148 case 0x05: /* Version */
149 printf("\n\t ");
150 for (i=0;i<len;i++) {
151 j = *(tptr+i);
152 putchar(j);
153 if (j == 0x0a) /* lets rework the version string to get a nice identation */
154 printf("\t ");
155 }
156 break;
157 case 0x06: /* Platform */
158 printf("'%.*s'", len, tptr);
159 break;
160 case 0x07: /* Prefixes */
161 if (cdp_print_prefixes(tptr, len) < 0)
162 goto trunc;
163 break;
164 case 0x08: /* Protocol Hello Option - not documented */
165 break;
166 case 0x09: /* VTP Mgmt Domain - not documented */
167 printf("'%.*s'", len,tptr);
168 break;
169 case 0x0a: /* Native VLAN ID - not documented */
170 printf("%d",EXTRACT_16BITS(tptr));
171 break;
172 case 0x0b: /* Duplex - not documented */
173 printf("%s", *(tptr) ? "full": "half");
174 break;
175
176 /* http://www.cisco.com/univercd/cc/td/doc/product/voice/ata/atarn/186rn21m.htm
177 * plus more details from other sources
178 */
179 case 0x0e: /* ATA-186 VoIP VLAN request - incomplete doc. */
180 printf("app %d, vlan %d",
181 *(tptr), EXTRACT_16BITS(tptr+1));
182 break;
183 case 0x10: /* ATA-186 VoIP VLAN assignment - incomplete doc. */
184 printf("%1.2fW",
185 cdp_get_number(tptr, len)/1000.0 );
186 break;
187 case 0x11: /* MTU - not documented */
188 printf("%u bytes", EXTRACT_32BITS(tptr));
189 break;
190 case 0x12: /* AVVID trust bitmap - not documented */
191 printf("0x%02x", *(tptr) );
192 break;
193 case 0x13: /* AVVID untrusted port CoS - not documented */
194 printf("0x%02x", *(tptr));
195 break;
196 case 0x14: /* System Name - not documented */
197 printf("'%.*s'", len, tptr);
198 break;
199 case 0x16: /* System Object ID - not documented */
200 if (cdp_print_addr(tptr, len) < 0)
201 goto trunc;
202 break;
203 case 0x17: /* Physical Location - not documented */
204 printf("0x%02x/%.*s", *(tptr), len - 1, tptr + 1 );
205 break;
206 default:
207 print_unknown_data(tptr,"\n\t ",len);
208 break;
209 }
210 }
211 /* avoid infinite loop */
212 if (len == 0)
213 break;
214 tptr = tptr+len;
215 }
216 if (vflag < 1)
217 printf(", length %u",caplen);
218
219 return;
220 trunc:
221 printf("[|cdp]");
222 }
223
224 /*
225 * Protocol type values.
226 *
227 * PT_NLPID means that the protocol type field contains an OSI NLPID.
228 *
229 * PT_IEEE_802_2 means that the protocol type field contains an IEEE 802.2
230 * LLC header that specifies that the payload is for that protocol.
231 */
232 #define PT_NLPID 1 /* OSI NLPID */
233 #define PT_IEEE_802_2 2 /* IEEE 802.2 LLC header */
234
235 static int
236 cdp_print_addr(const u_char * p, int l)
237 {
238 int pt, pl, al, num;
239 const u_char *endp = p + l;
240 #ifdef INET6
241 static u_char prot_ipv6[] = {
242 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x86, 0xdd
243 };
244 #endif
245
246 num = EXTRACT_32BITS(p);
247 p += 4;
248
249 while (p < endp && num >= 0) {
250 TCHECK2(p, 2);
251 if (p + 2 > endp)
252 goto trunc;
253 pt = p[0]; /* type of "protocol" field */
254 pl = p[1]; /* length of "protocol" field */
255 p += 2;
256
257 TCHECK2(p[pl], 2);
258 if (p + pl + 2 > endp)
259 goto trunc;
260 al = EXTRACT_16BITS(&p[pl]); /* address length */
261
262 if (pt == PT_NLPID && pl == 1 && *p == 0xcc && al == 4) {
263 /*
264 * IPv4: protocol type = NLPID, protocol length = 1
265 * (1-byte NLPID), protocol = 0xcc (NLPID for IPv4),
266 * address length = 4
267 */
268 p += 3;
269
270 TCHECK2(*p, 4);
271 if (p + 4 > endp)
272 goto trunc;
273 printf("IPv4 (%u) %s",
274 num,
275 ipaddr_string(p));
276 p += 4;
277 }
278 #ifdef INET6
279 else if (pt == PT_IEEE_802_2 && pl == 8 &&
280 memcmp(p, prot_ipv6, 8) == 0 && al == 16) {
281 /*
282 * IPv6: protocol type = IEEE 802.2 header,
283 * protocol length = 8 (size of LLC+SNAP header),
284 * protocol = LLC+SNAP header with the IPv6
285 * Ethertype, address length = 16
286 */
287 p += 10;
288 TCHECK2(*p, al);
289 if (p + al > endp)
290 goto trunc;
291
292 printf("IPv6 (%u) %s",
293 num,
294 ip6addr_string(p));
295 p += al;
296 }
297 #endif
298 else {
299 /*
300 * Generic case: just print raw data
301 */
302 TCHECK2(*p, pl);
303 if (p + pl > endp)
304 goto trunc;
305 printf("pt=0x%02x, pl=%d, pb=", *(p - 2), pl);
306 while (pl-- > 0)
307 printf(" %02x", *p++);
308 TCHECK2(*p, 2);
309 if (p + 2 > endp)
310 goto trunc;
311 al = (*p << 8) + *(p + 1);
312 printf(", al=%d, a=", al);
313 p += 2;
314 TCHECK2(*p, al);
315 if (p + al > endp)
316 goto trunc;
317 while (al-- > 0)
318 printf(" %02x", *p++);
319 }
320 num--;
321 if (num)
322 printf(" ");
323 }
324
325 return 0;
326
327 trunc:
328 return -1;
329 }
330
331
332 static int
333 cdp_print_prefixes(const u_char * p, int l)
334 {
335 if (l % 5)
336 goto trunc;
337
338 printf(" IPv4 Prefixes (%d):", l / 5);
339
340 while (l > 0) {
341 printf(" %u.%u.%u.%u/%u", p[0], p[1], p[2], p[3], p[4]);
342 l -= 5;
343 p += 5;
344 }
345
346 return 0;
347
348 trunc:
349 return -1;
350 }
351
352 /* read in a <n>-byte number, MSB first
353 * (of course this can handle max sizeof(long))
354 */
355 static unsigned long cdp_get_number(const u_char * p, int l)
356 {
357 unsigned long res=0;
358 while( l>0 )
359 {
360 res = (res<<8) + *p;
361 p++; l--;
362 }
363 return res;
364 }
[mirror] the TCPdump network dissector