]> The Tcpdump Group git mirrors - tcpdump/blob - print-ether.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Ethernet: Rework the length checks
[tcpdump] / print-ether.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Ethernet printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #define ND_LONGJMP_FROM_TCHECK
31 #include "netdissect.h"
32 #include "extract.h"
33 #include "addrtoname.h"
34 #include "ethertype.h"
35
36 /*
37 * Structure of an Ethernet header.
38 */
39 struct ether_header {
40 nd_mac_addr ether_dhost;
41 nd_mac_addr ether_shost;
42 nd_uint16_t ether_length_type;
43 };
44
45 /*
46 * Length of an Ethernet header; note that some compilers may pad
47 * "struct ether_header" to a multiple of 4 bytes, for example, so
48 * "sizeof (struct ether_header)" may not give the right answer.
49 */
50 #define ETHER_HDRLEN 14
51
52 const struct tok ethertype_values[] = {
53 { ETHERTYPE_IP, "IPv4" },
54 { ETHERTYPE_MPLS, "MPLS unicast" },
55 { ETHERTYPE_MPLS_MULTI, "MPLS multicast" },
56 { ETHERTYPE_IPV6, "IPv6" },
57 { ETHERTYPE_8021Q, "802.1Q" },
58 { ETHERTYPE_8021Q9100, "802.1Q-9100" },
59 { ETHERTYPE_8021QinQ, "802.1Q-QinQ" },
60 { ETHERTYPE_8021Q9200, "802.1Q-9200" },
61 { ETHERTYPE_MACSEC, "802.1AE MACsec" },
62 { ETHERTYPE_VMAN, "VMAN" },
63 { ETHERTYPE_PUP, "PUP" },
64 { ETHERTYPE_ARP, "ARP"},
65 { ETHERTYPE_REVARP, "Reverse ARP"},
66 { ETHERTYPE_NS, "NS" },
67 { ETHERTYPE_SPRITE, "Sprite" },
68 { ETHERTYPE_TRAIL, "Trail" },
69 { ETHERTYPE_MOPDL, "MOP DL" },
70 { ETHERTYPE_MOPRC, "MOP RC" },
71 { ETHERTYPE_DN, "DN" },
72 { ETHERTYPE_LAT, "LAT" },
73 { ETHERTYPE_SCA, "SCA" },
74 { ETHERTYPE_TEB, "TEB" },
75 { ETHERTYPE_LANBRIDGE, "Lanbridge" },
76 { ETHERTYPE_DECDNS, "DEC DNS" },
77 { ETHERTYPE_DECDTS, "DEC DTS" },
78 { ETHERTYPE_VEXP, "VEXP" },
79 { ETHERTYPE_VPROD, "VPROD" },
80 { ETHERTYPE_ATALK, "Appletalk" },
81 { ETHERTYPE_AARP, "Appletalk ARP" },
82 { ETHERTYPE_IPX, "IPX" },
83 { ETHERTYPE_PPP, "PPP" },
84 { ETHERTYPE_MPCP, "MPCP" },
85 { ETHERTYPE_SLOW, "Slow Protocols" },
86 { ETHERTYPE_PPPOED, "PPPoE D" },
87 { ETHERTYPE_PPPOES, "PPPoE S" },
88 { ETHERTYPE_EAPOL, "EAPOL" },
89 { ETHERTYPE_RRCP, "RRCP" },
90 { ETHERTYPE_MS_NLB_HB, "MS NLB heartbeat" },
91 { ETHERTYPE_JUMBO, "Jumbo" },
92 { ETHERTYPE_NSH, "NSH" },
93 { ETHERTYPE_LOOPBACK, "Loopback" },
94 { ETHERTYPE_ISO, "OSI" },
95 { ETHERTYPE_GRE_ISO, "GRE-OSI" },
96 { ETHERTYPE_CFM_OLD, "CFM (old)" },
97 { ETHERTYPE_CFM, "CFM" },
98 { ETHERTYPE_IEEE1905_1, "IEEE1905.1" },
99 { ETHERTYPE_LLDP, "LLDP" },
100 { ETHERTYPE_TIPC, "TIPC"},
101 { ETHERTYPE_GEONET_OLD, "GeoNet (old)"},
102 { ETHERTYPE_GEONET, "GeoNet"},
103 { ETHERTYPE_CALM_FAST, "CALM FAST"},
104 { ETHERTYPE_AOE, "AoE" },
105 { ETHERTYPE_PTP, "PTP" },
106 { ETHERTYPE_ARISTA, "Arista Vendor Specific Protocol" },
107 { 0, NULL}
108 };
109
110 static void
111 ether_addresses_print(netdissect_options *ndo, const u_char *src,
112 const u_char *dst)
113 {
114 ND_PRINT("%s > %s, ",
115 GET_ETHERADDR_STRING(src), GET_ETHERADDR_STRING(dst));
116 }
117
118 static void
119 ether_type_print(netdissect_options *ndo, uint16_t type)
120 {
121 if (!ndo->ndo_qflag)
122 ND_PRINT("ethertype %s (0x%04x)",
123 tok2str(ethertype_values, "Unknown", type), type);
124 else
125 ND_PRINT("%s",
126 tok2str(ethertype_values, "Unknown Ethertype (0x%04x)", type));
127 }
128
129 /*
130 * Common code for printing Ethernet frames.
131 *
132 * It can handle Ethernet headers with extra tag information inserted
133 * after the destination and source addresses, as is inserted by some
134 * switch chips, and extra encapsulation header information before
135 * printing Ethernet header information (such as a LANE ID for ATM LANE).
136 */
137 static u_int
138 ether_common_print(netdissect_options *ndo, const u_char *p, u_int length,
139 u_int caplen,
140 void (*print_switch_tag)(netdissect_options *ndo, const u_char *),
141 u_int switch_tag_len,
142 void (*print_encap_header)(netdissect_options *ndo, const u_char *),
143 const u_char *encap_header_arg)
144 {
145 const struct ether_header *ehp;
146 u_int orig_length;
147 u_int hdrlen;
148 u_short length_type;
149 int printed_length;
150 int llc_hdrlen;
151 struct lladdr_info src, dst;
152
153 if (length < caplen) {
154 ND_PRINT("[length %u < caplen %u]", length, caplen);
155 nd_print_invalid(ndo);
156 return length;
157 }
158 if (caplen < ETHER_HDRLEN + switch_tag_len) {
159 nd_print_trunc(ndo);
160 return caplen;
161 }
162
163 if (print_encap_header != NULL)
164 (*print_encap_header)(ndo, encap_header_arg);
165
166 orig_length = length;
167
168 /*
169 * Get the source and destination addresses, skip past them,
170 * and print them if we're printing the link-layer header.
171 */
172 ehp = (const struct ether_header *)p;
173 src.addr = ehp->ether_shost;
174 src.addr_string = etheraddr_string;
175 dst.addr = ehp->ether_dhost;
176 dst.addr_string = etheraddr_string;
177
178 length -= 2*MAC_ADDR_LEN;
179 caplen -= 2*MAC_ADDR_LEN;
180 p += 2*MAC_ADDR_LEN;
181 hdrlen = 2*MAC_ADDR_LEN;
182
183 if (ndo->ndo_eflag)
184 ether_addresses_print(ndo, src.addr, dst.addr);
185
186 /*
187 * Print the switch tag, if we have one, and skip past it.
188 */
189 if (print_switch_tag != NULL)
190 (*print_switch_tag)(ndo, p);
191
192 length -= switch_tag_len;
193 caplen -= switch_tag_len;
194 p += switch_tag_len;
195 hdrlen += switch_tag_len;
196
197 /*
198 * Get the length/type field, skip past it, and print it
199 * if we're printing the link-layer header.
200 */
201 recurse:
202 length_type = GET_BE_U_2(p);
203
204 length -= 2;
205 caplen -= 2;
206 p += 2;
207 hdrlen += 2;
208
209 /*
210 * Process 802.1AE MACsec headers.
211 */
212 printed_length = 0;
213 if (length_type == ETHERTYPE_MACSEC) {
214 /*
215 * MACsec, aka IEEE 802.1AE-2006
216 * Print the header, and try to print the payload if it's not encrypted
217 */
218 if (ndo->ndo_eflag) {
219 ether_type_print(ndo, length_type);
220 ND_PRINT(", length %u: ", orig_length);
221 printed_length = 1;
222 }
223
224 int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen,
225 &src, &dst);
226
227 if (ret == 0) {
228 /* Payload is encrypted; print it as raw data. */
229 if (!ndo->ndo_suppress_default_print)
230 ND_DEFAULTPRINT(p, caplen);
231 return hdrlen;
232 } else if (ret > 0) {
233 /* Problem printing the header; just quit. */
234 return ret;
235 } else {
236 /*
237 * Keep processing type/length fields.
238 */
239 length_type = GET_BE_U_2(p);
240
241 length -= 2;
242 caplen -= 2;
243 p += 2;
244 hdrlen += 2;
245 }
246 }
247
248 /*
249 * Process VLAN tag types.
250 */
251 while (length_type == ETHERTYPE_8021Q ||
252 length_type == ETHERTYPE_8021Q9100 ||
253 length_type == ETHERTYPE_8021Q9200 ||
254 length_type == ETHERTYPE_8021QinQ) {
255 /*
256 * It has a VLAN tag.
257 * Print VLAN information, and then go back and process
258 * the enclosed type field.
259 */
260 if (caplen < 4) {
261 ndo->ndo_protocol = "vlan";
262 nd_print_trunc(ndo);
263 return hdrlen + caplen;
264 }
265 if (length < 4) {
266 ndo->ndo_protocol = "vlan";
267 nd_print_trunc(ndo);
268 return hdrlen + length;
269 }
270 if (ndo->ndo_eflag) {
271 uint16_t tag = GET_BE_U_2(p);
272
273 ether_type_print(ndo, length_type);
274 if (!printed_length) {
275 ND_PRINT(", length %u: ", orig_length);
276 printed_length = 1;
277 } else
278 ND_PRINT(", ");
279 ND_PRINT("%s, ", ieee8021q_tci_string(tag));
280 }
281
282 length_type = GET_BE_U_2(p + 2);
283 p += 4;
284 length -= 4;
285 caplen -= 4;
286 hdrlen += 4;
287 }
288
289 /*
290 * We now have the final length/type field.
291 */
292 if (length_type <= MAX_ETHERNET_LENGTH_VAL) {
293 /*
294 * It's a length field, containing the length of the
295 * remaining payload; use it as such, as long as
296 * it's not too large (bigger than the actual payload).
297 */
298 if (length_type < length) {
299 length = length_type;
300 if (caplen > length)
301 caplen = length;
302 }
303
304 /*
305 * Cut off the snapshot length to the end of the
306 * payload.
307 */
308 nd_push_snapend(ndo, p + length);
309
310 if (ndo->ndo_eflag) {
311 ND_PRINT("802.3");
312 if (!printed_length)
313 ND_PRINT(", length %u: ", length);
314 }
315
316 /*
317 * An LLC header follows the length. Print that and
318 * higher layers.
319 */
320 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
321 if (llc_hdrlen < 0) {
322 /* packet type not known, print raw packet */
323 if (!ndo->ndo_suppress_default_print)
324 ND_DEFAULTPRINT(p, caplen);
325 llc_hdrlen = -llc_hdrlen;
326 }
327 hdrlen += llc_hdrlen;
328 nd_pop_packet_info(ndo);
329 } else if (length_type == ETHERTYPE_JUMBO) {
330 /*
331 * It's a type field, with the type for Alteon jumbo frames.
332 * See
333 *
334 * https://tools.ietf.org/html/draft-ietf-isis-ext-eth-01
335 *
336 * which indicates that, following the type field,
337 * there's an LLC header and payload.
338 */
339 /* Try to print the LLC-layer header & higher layers */
340 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
341 if (llc_hdrlen < 0) {
342 /* packet type not known, print raw packet */
343 if (!ndo->ndo_suppress_default_print)
344 ND_DEFAULTPRINT(p, caplen);
345 llc_hdrlen = -llc_hdrlen;
346 }
347 hdrlen += llc_hdrlen;
348 } else if (length_type == ETHERTYPE_ARISTA) {
349 if (caplen < 2) {
350 ND_PRINT("[|arista]");
351 return hdrlen + caplen;
352 }
353 if (length < 2) {
354 ND_PRINT("[|arista]");
355 return hdrlen + length;
356 }
357 ether_type_print(ndo, length_type);
358 ND_PRINT(", length %u: ", orig_length);
359 int bytesConsumed = arista_ethertype_print(ndo, p, length);
360 if (bytesConsumed > 0) {
361 p += bytesConsumed;
362 length -= bytesConsumed;
363 caplen -= bytesConsumed;
364 hdrlen += bytesConsumed;
365 goto recurse;
366 } else {
367 /* subtype/version not known, print raw packet */
368 if (!ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) {
369 ether_addresses_print(ndo, src.addr, dst.addr);
370 ether_type_print(ndo, length_type);
371 ND_PRINT(", length %u: ", orig_length);
372 }
373 if (!ndo->ndo_suppress_default_print)
374 ND_DEFAULTPRINT(p, caplen);
375 }
376 } else {
377 /*
378 * It's a type field with some other value.
379 */
380 if (ndo->ndo_eflag) {
381 ether_type_print(ndo, length_type);
382 if (!printed_length)
383 ND_PRINT(", length %u: ", orig_length);
384 else
385 ND_PRINT(", ");
386 }
387 if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) {
388 /* type not known, print raw packet */
389 if (!ndo->ndo_eflag) {
390 /*
391 * We didn't print the full link-layer
392 * header, as -e wasn't specified, so
393 * print only the source and destination
394 * MAC addresses and the final Ethernet
395 * type.
396 */
397 ether_addresses_print(ndo, src.addr, dst.addr);
398 ether_type_print(ndo, length_type);
399 ND_PRINT(", length %u: ", orig_length);
400 }
401
402 if (!ndo->ndo_suppress_default_print)
403 ND_DEFAULTPRINT(p, caplen);
404 }
405 }
406 return hdrlen;
407 }
408
409 /*
410 * Print an Ethernet frame while specyfing a non-standard Ethernet header
411 * length.
412 * This might be encapsulated within another frame; we might be passed
413 * a pointer to a function that can print header information for that
414 * frame's protocol, and an argument to pass to that function.
415 *
416 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
417 */
418 u_int
419 ether_switch_tag_print(netdissect_options *ndo, const u_char *p, u_int length,
420 u_int caplen,
421 void (*print_switch_tag)(netdissect_options *, const u_char *),
422 u_int switch_tag_len)
423 {
424 return ether_common_print(ndo, p, length, caplen, print_switch_tag,
425 switch_tag_len, NULL, NULL);
426 }
427
428 /*
429 * Print an Ethernet frame.
430 * This might be encapsulated within another frame; we might be passed
431 * a pointer to a function that can print header information for that
432 * frame's protocol, and an argument to pass to that function.
433 *
434 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
435 */
436 u_int
437 ether_print(netdissect_options *ndo,
438 const u_char *p, u_int length, u_int caplen,
439 void (*print_encap_header)(netdissect_options *ndo, const u_char *),
440 const u_char *encap_header_arg)
441 {
442 ndo->ndo_protocol = "ether";
443 return ether_common_print(ndo, p, length, caplen, NULL, 0,
444 print_encap_header, encap_header_arg);
445 }
446
447 /*
448 * This is the top level routine of the printer. 'p' points
449 * to the ether header of the packet, 'h->len' is the length
450 * of the packet off the wire, and 'h->caplen' is the number
451 * of bytes actually captured.
452 */
453 void
454 ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
455 const u_char *p)
456 {
457 ndo->ndo_protocol = "ether";
458 ndo->ndo_ll_hdr_len +=
459 ether_print(ndo, p, h->len, h->caplen, NULL, NULL);
460 }
461
462 /*
463 * This is the top level routine of the printer. 'p' points
464 * to the ether header of the packet, 'h->len' is the length
465 * of the packet off the wire, and 'h->caplen' is the number
466 * of bytes actually captured.
467 *
468 * This is for DLT_NETANALYZER, which has a 4-byte pseudo-header
469 * before the Ethernet header.
470 */
471 void
472 netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
473 const u_char *p)
474 {
475 /*
476 * Fail if we don't have enough data for the Hilscher pseudo-header.
477 */
478 ndo->ndo_protocol = "netanalyzer";
479 ND_TCHECK_LEN(p, 4);
480
481 /* Skip the pseudo-header. */
482 ndo->ndo_ll_hdr_len += 4;
483 ndo->ndo_ll_hdr_len +=
484 ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL);
485 }
486
487 /*
488 * This is the top level routine of the printer. 'p' points
489 * to the ether header of the packet, 'h->len' is the length
490 * of the packet off the wire, and 'h->caplen' is the number
491 * of bytes actually captured.
492 *
493 * This is for DLT_NETANALYZER_TRANSPARENT, which has a 4-byte
494 * pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF
495 * before the Ethernet header.
496 */
497 void
498 netanalyzer_transparent_if_print(netdissect_options *ndo,
499 const struct pcap_pkthdr *h,
500 const u_char *p)
501 {
502 /*
503 * Fail if we don't have enough data for the Hilscher pseudo-header,
504 * preamble, and SOF.
505 */
506 ndo->ndo_protocol = "netanalyzer_transparent";
507 ND_TCHECK_LEN(p, 12);
508
509 /* Skip the pseudo-header, preamble, and SOF. */
510 ndo->ndo_ll_hdr_len += 12;
511 ndo->ndo_ll_hdr_len +=
512 ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL);
513 }
514
515 /*
516 * Prints the packet payload, given an Ethernet type code for the payload's
517 * protocol.
518 *
519 * Returns non-zero if it can do so, zero if the ethertype is unknown.
520 */
521
522 int
523 ethertype_print(netdissect_options *ndo,
524 u_short ether_type, const u_char *p,
525 u_int length, u_int caplen,
526 const struct lladdr_info *src, const struct lladdr_info *dst)
527 {
528 switch (ether_type) {
529
530 case ETHERTYPE_IP:
531 ip_print(ndo, p, length);
532 return (1);
533
534 case ETHERTYPE_IPV6:
535 ip6_print(ndo, p, length);
536 return (1);
537
538 case ETHERTYPE_ARP:
539 case ETHERTYPE_REVARP:
540 arp_print(ndo, p, length, caplen);
541 return (1);
542
543 case ETHERTYPE_DN:
544 decnet_print(ndo, p, length, caplen);
545 return (1);
546
547 case ETHERTYPE_ATALK:
548 if (ndo->ndo_vflag)
549 ND_PRINT("et1 ");
550 atalk_print(ndo, p, length);
551 return (1);
552
553 case ETHERTYPE_AARP:
554 aarp_print(ndo, p, length);
555 return (1);
556
557 case ETHERTYPE_IPX:
558 ND_PRINT("(NOV-ETHII) ");
559 ipx_print(ndo, p, length);
560 return (1);
561
562 case ETHERTYPE_ISO:
563 if (length == 0 || caplen == 0) {
564 ndo->ndo_protocol = "isoclns";
565 nd_print_trunc(ndo);
566 return (1);
567 }
568 /* At least one byte is required */
569 /* FIXME: Reference for this byte? */
570 ND_TCHECK_1(p);
571 isoclns_print(ndo, p + 1, length - 1);
572 return(1);
573
574 case ETHERTYPE_PPPOED:
575 case ETHERTYPE_PPPOES:
576 case ETHERTYPE_PPPOED2:
577 case ETHERTYPE_PPPOES2:
578 pppoe_print(ndo, p, length);
579 return (1);
580
581 case ETHERTYPE_EAPOL:
582 eapol_print(ndo, p);
583 return (1);
584
585 case ETHERTYPE_RRCP:
586 rrcp_print(ndo, p, length, src, dst);
587 return (1);
588
589 case ETHERTYPE_PPP:
590 if (length) {
591 ND_PRINT(": ");
592 ppp_print(ndo, p, length);
593 }
594 return (1);
595
596 case ETHERTYPE_MPCP:
597 mpcp_print(ndo, p, length);
598 return (1);
599
600 case ETHERTYPE_SLOW:
601 slow_print(ndo, p, length);
602 return (1);
603
604 case ETHERTYPE_CFM:
605 case ETHERTYPE_CFM_OLD:
606 cfm_print(ndo, p, length);
607 return (1);
608
609 case ETHERTYPE_LLDP:
610 lldp_print(ndo, p, length);
611 return (1);
612
613 case ETHERTYPE_NSH:
614 nsh_print(ndo, p, length);
615 return (1);
616
617 case ETHERTYPE_LOOPBACK:
618 loopback_print(ndo, p, length);
619 return (1);
620
621 case ETHERTYPE_MPLS:
622 case ETHERTYPE_MPLS_MULTI:
623 mpls_print(ndo, p, length);
624 return (1);
625
626 case ETHERTYPE_TIPC:
627 tipc_print(ndo, p, length, caplen);
628 return (1);
629
630 case ETHERTYPE_MS_NLB_HB:
631 msnlb_print(ndo, p);
632 return (1);
633
634 case ETHERTYPE_GEONET_OLD:
635 case ETHERTYPE_GEONET:
636 geonet_print(ndo, p, length, src);
637 return (1);
638
639 case ETHERTYPE_CALM_FAST:
640 calm_fast_print(ndo, p, length, src);
641 return (1);
642
643 case ETHERTYPE_AOE:
644 aoe_print(ndo, p, length);
645 return (1);
646
647 case ETHERTYPE_PTP:
648 ptp_print(ndo, p, length);
649 return (1);
650
651 case ETHERTYPE_LAT:
652 case ETHERTYPE_SCA:
653 case ETHERTYPE_MOPRC:
654 case ETHERTYPE_MOPDL:
655 case ETHERTYPE_IEEE1905_1:
656 /* default_print for now */
657 default:
658 return (0);
659 }
660 }
[mirror] the TCPdump network dissector