]> The Tcpdump Group git mirrors - tcpdump/blob - print-ether.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ether: for MACsec packets, print the MACsec ethertype if E or C set.
[tcpdump] / print-ether.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Ethernet printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include "netdissect.h"
31 #include "extract.h"
32 #include "addrtoname.h"
33 #include "ethertype.h"
34
35 /*
36 * Structure of an Ethernet header.
37 */
38 struct ether_header {
39 nd_mac_addr ether_dhost;
40 nd_mac_addr ether_shost;
41 nd_uint16_t ether_length_type;
42 };
43
44 /*
45 * Length of an Ethernet header; note that some compilers may pad
46 * "struct ether_header" to a multiple of 4 bytes, for example, so
47 * "sizeof (struct ether_header)" may not give the right answer.
48 */
49 #define ETHER_HDRLEN 14
50
51 const struct tok ethertype_values[] = {
52 { ETHERTYPE_IP, "IPv4" },
53 { ETHERTYPE_MPLS, "MPLS unicast" },
54 { ETHERTYPE_MPLS_MULTI, "MPLS multicast" },
55 { ETHERTYPE_IPV6, "IPv6" },
56 { ETHERTYPE_8021Q, "802.1Q" },
57 { ETHERTYPE_8021Q9100, "802.1Q-9100" },
58 { ETHERTYPE_8021QinQ, "802.1Q-QinQ" },
59 { ETHERTYPE_8021Q9200, "802.1Q-9200" },
60 { ETHERTYPE_MACSEC, "802.1AE MACsec" },
61 { ETHERTYPE_VMAN, "VMAN" },
62 { ETHERTYPE_PUP, "PUP" },
63 { ETHERTYPE_ARP, "ARP"},
64 { ETHERTYPE_REVARP, "Reverse ARP"},
65 { ETHERTYPE_NS, "NS" },
66 { ETHERTYPE_SPRITE, "Sprite" },
67 { ETHERTYPE_TRAIL, "Trail" },
68 { ETHERTYPE_MOPDL, "MOP DL" },
69 { ETHERTYPE_MOPRC, "MOP RC" },
70 { ETHERTYPE_DN, "DN" },
71 { ETHERTYPE_LAT, "LAT" },
72 { ETHERTYPE_SCA, "SCA" },
73 { ETHERTYPE_TEB, "TEB" },
74 { ETHERTYPE_LANBRIDGE, "Lanbridge" },
75 { ETHERTYPE_DECDNS, "DEC DNS" },
76 { ETHERTYPE_DECDTS, "DEC DTS" },
77 { ETHERTYPE_VEXP, "VEXP" },
78 { ETHERTYPE_VPROD, "VPROD" },
79 { ETHERTYPE_ATALK, "Appletalk" },
80 { ETHERTYPE_AARP, "Appletalk ARP" },
81 { ETHERTYPE_IPX, "IPX" },
82 { ETHERTYPE_PPP, "PPP" },
83 { ETHERTYPE_MPCP, "MPCP" },
84 { ETHERTYPE_SLOW, "Slow Protocols" },
85 { ETHERTYPE_PPPOED, "PPPoE D" },
86 { ETHERTYPE_PPPOES, "PPPoE S" },
87 { ETHERTYPE_EAPOL, "EAPOL" },
88 { ETHERTYPE_RRCP, "RRCP" },
89 { ETHERTYPE_MS_NLB_HB, "MS NLB heartbeat" },
90 { ETHERTYPE_JUMBO, "Jumbo" },
91 { ETHERTYPE_NSH, "NSH" },
92 { ETHERTYPE_LOOPBACK, "Loopback" },
93 { ETHERTYPE_ISO, "OSI" },
94 { ETHERTYPE_GRE_ISO, "GRE-OSI" },
95 { ETHERTYPE_CFM_OLD, "CFM (old)" },
96 { ETHERTYPE_CFM, "CFM" },
97 { ETHERTYPE_IEEE1905_1, "IEEE1905.1" },
98 { ETHERTYPE_LLDP, "LLDP" },
99 { ETHERTYPE_TIPC, "TIPC"},
100 { ETHERTYPE_GEONET_OLD, "GeoNet (old)"},
101 { ETHERTYPE_GEONET, "GeoNet"},
102 { ETHERTYPE_CALM_FAST, "CALM FAST"},
103 { ETHERTYPE_AOE, "AoE" },
104 { ETHERTYPE_PTP, "PTP" },
105 { ETHERTYPE_ARISTA, "Arista Vendor Specific Protocol" },
106 { 0, NULL}
107 };
108
109 static void
110 ether_addresses_print(netdissect_options *ndo, const u_char *src,
111 const u_char *dst)
112 {
113 ND_PRINT("%s > %s, ",
114 GET_ETHERADDR_STRING(src), GET_ETHERADDR_STRING(dst));
115 }
116
117 static void
118 ether_type_print(netdissect_options *ndo, uint16_t type)
119 {
120 if (!ndo->ndo_qflag)
121 ND_PRINT("ethertype %s (0x%04x)",
122 tok2str(ethertype_values, "Unknown", type), type);
123 else
124 ND_PRINT("%s",
125 tok2str(ethertype_values, "Unknown Ethertype (0x%04x)", type));
126 }
127
128 /*
129 * Common code for printing Ethernet frames.
130 *
131 * It can handle Ethernet headers with extra tag information inserted
132 * after the destination and source addresses, as is inserted by some
133 * switch chips, and extra encapsulation header information before
134 * printing Ethernet header information (such as a LANE ID for ATM LANE).
135 */
136 static u_int
137 ether_common_print(netdissect_options *ndo, const u_char *p, u_int length,
138 u_int caplen,
139 void (*print_switch_tag)(netdissect_options *ndo, const u_char *),
140 u_int switch_tag_len,
141 void (*print_encap_header)(netdissect_options *ndo, const u_char *),
142 const u_char *encap_header_arg)
143 {
144 const struct ether_header *ehp;
145 u_int orig_length;
146 u_int hdrlen;
147 u_short length_type;
148 int printed_length;
149 int llc_hdrlen;
150 struct lladdr_info src, dst;
151
152 if (caplen < ETHER_HDRLEN + switch_tag_len) {
153 nd_print_trunc(ndo);
154 return (caplen);
155 }
156 if (length < ETHER_HDRLEN + switch_tag_len) {
157 nd_print_trunc(ndo);
158 return (length);
159 }
160
161 if (print_encap_header != NULL)
162 (*print_encap_header)(ndo, encap_header_arg);
163
164 orig_length = length;
165
166 /*
167 * Get the source and destination addresses, skip past them,
168 * and print them if we're printing the link-layer header.
169 */
170 ehp = (const struct ether_header *)p;
171 src.addr = ehp->ether_shost;
172 src.addr_string = etheraddr_string;
173 dst.addr = ehp->ether_dhost;
174 dst.addr_string = etheraddr_string;
175
176 length -= 2*MAC_ADDR_LEN;
177 caplen -= 2*MAC_ADDR_LEN;
178 p += 2*MAC_ADDR_LEN;
179 hdrlen = 2*MAC_ADDR_LEN;
180
181 if (ndo->ndo_eflag)
182 ether_addresses_print(ndo, src.addr, dst.addr);
183
184 /*
185 * Print the switch tag, if we have one, and skip past it.
186 */
187 if (print_switch_tag != NULL)
188 (*print_switch_tag)(ndo, p);
189
190 length -= switch_tag_len;
191 caplen -= switch_tag_len;
192 p += switch_tag_len;
193 hdrlen += switch_tag_len;
194
195 /*
196 * Get the length/type field, skip past it, and print it
197 * if we're printing the link-layer header.
198 */
199 recurse:
200 length_type = GET_BE_U_2(p);
201
202 length -= 2;
203 caplen -= 2;
204 p += 2;
205 hdrlen += 2;
206
207 /*
208 * Process 802.1AE MACsec headers.
209 */
210 printed_length = 0;
211 if (length_type == ETHERTYPE_MACSEC) {
212 /*
213 * MACsec, aka IEEE 802.1AE-2006
214 * Print the header, and try to print the payload if it's not encrypted
215 */
216 if (ndo->ndo_eflag) {
217 ether_type_print(ndo, length_type);
218 ND_PRINT(", length %u: ", orig_length);
219 printed_length = 1;
220 }
221
222 int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen);
223
224 if (ret == 0) {
225 /* Payload is encrypted; print it as raw data. */
226 if (!ndo->ndo_eflag) {
227 ether_type_print(ndo, length_type);
228 ND_PRINT(", length %u: ", orig_length);
229 }
230 if (!ndo->ndo_suppress_default_print)
231 ND_DEFAULTPRINT(p, caplen);
232 return (hdrlen);
233 } else if (ret > 0) {
234 /* Problem printing the header; just quit. */
235 return (ret);
236 } else {
237 /*
238 * Keep processing type/length fields.
239 */
240 length_type = GET_BE_U_2(p);
241
242 length -= 2;
243 caplen -= 2;
244 p += 2;
245 hdrlen += 2;
246 }
247 }
248
249 /*
250 * Process VLAN tag types.
251 */
252 while (length_type == ETHERTYPE_8021Q ||
253 length_type == ETHERTYPE_8021Q9100 ||
254 length_type == ETHERTYPE_8021Q9200 ||
255 length_type == ETHERTYPE_8021QinQ) {
256 /*
257 * It has a VLAN tag.
258 * Print VLAN information, and then go back and process
259 * the enclosed type field.
260 */
261 if (caplen < 4) {
262 ndo->ndo_protocol = "vlan";
263 nd_print_trunc(ndo);
264 return (hdrlen + caplen);
265 }
266 if (length < 4) {
267 ndo->ndo_protocol = "vlan";
268 nd_print_trunc(ndo);
269 return (hdrlen + length);
270 }
271 if (ndo->ndo_eflag) {
272 uint16_t tag = GET_BE_U_2(p);
273
274 ether_type_print(ndo, length_type);
275 if (!printed_length) {
276 ND_PRINT(", length %u: ", orig_length);
277 printed_length = 1;
278 } else
279 ND_PRINT(", ");
280 ND_PRINT("%s, ", ieee8021q_tci_string(tag));
281 }
282
283 length_type = GET_BE_U_2(p + 2);
284 p += 4;
285 length -= 4;
286 caplen -= 4;
287 hdrlen += 4;
288 }
289
290 /*
291 * We now have the final length/type field.
292 */
293 if (length_type <= MAX_ETHERNET_LENGTH_VAL) {
294 /*
295 * It's a length field, containing the length of the
296 * remaining payload; use it as such, as long as
297 * it's not too large (bigger than the actual payload).
298 */
299 if (length_type < length) {
300 length = length_type;
301 if (caplen > length)
302 caplen = length;
303 }
304
305 /*
306 * Cut off the snapshot length to the end of the
307 * payload.
308 */
309 nd_push_snapend(ndo, p + length);
310
311 if (ndo->ndo_eflag) {
312 ND_PRINT("802.3");
313 if (!printed_length)
314 ND_PRINT(", length %u: ", length);
315 }
316
317 /*
318 * An LLC header follows the length. Print that and
319 * higher layers.
320 */
321 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
322 if (llc_hdrlen < 0) {
323 /* packet type not known, print raw packet */
324 if (!ndo->ndo_suppress_default_print)
325 ND_DEFAULTPRINT(p, caplen);
326 llc_hdrlen = -llc_hdrlen;
327 }
328 hdrlen += llc_hdrlen;
329 nd_pop_packet_info(ndo);
330 } else if (length_type == ETHERTYPE_JUMBO) {
331 /*
332 * It's a type field, with the type for Alteon jumbo frames.
333 * See
334 *
335 * https://tools.ietf.org/html/draft-ietf-isis-ext-eth-01
336 *
337 * which indicates that, following the type field,
338 * there's an LLC header and payload.
339 */
340 /* Try to print the LLC-layer header & higher layers */
341 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
342 if (llc_hdrlen < 0) {
343 /* packet type not known, print raw packet */
344 if (!ndo->ndo_suppress_default_print)
345 ND_DEFAULTPRINT(p, caplen);
346 llc_hdrlen = -llc_hdrlen;
347 }
348 hdrlen += llc_hdrlen;
349 } else if (length_type == ETHERTYPE_ARISTA) {
350 if (caplen < 2) {
351 ND_PRINT("[|arista]");
352 return (hdrlen + caplen);
353 }
354 if (length < 2) {
355 ND_PRINT("[|arista]");
356 return (hdrlen + length);
357 }
358 ether_type_print(ndo, length_type);
359 ND_PRINT(", length %u: ", orig_length);
360 int bytesConsumed = arista_ethertype_print(ndo, p, length);
361 if (bytesConsumed > 0) {
362 p += bytesConsumed;
363 length -= bytesConsumed;
364 caplen -= bytesConsumed;
365 hdrlen += bytesConsumed;
366 goto recurse;
367 } else {
368 /* subtype/version not known, print raw packet */
369 if (!ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) {
370 ether_addresses_print(ndo, src.addr, dst.addr);
371 ether_type_print(ndo, length_type);
372 ND_PRINT(", length %u: ", orig_length);
373 }
374 if (!ndo->ndo_suppress_default_print)
375 ND_DEFAULTPRINT(p, caplen);
376 }
377 } else {
378 /*
379 * It's a type field with some other value.
380 */
381 if (ndo->ndo_eflag) {
382 ether_type_print(ndo, length_type);
383 if (!printed_length)
384 ND_PRINT(", length %u: ", orig_length);
385 else
386 ND_PRINT(", ");
387 }
388 if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) {
389 /* type not known, print raw packet */
390 if (!ndo->ndo_eflag) {
391 /*
392 * We didn't print the full link-layer
393 * header, as -e wasn't specified, so
394 * print only the source and destination
395 * MAC addresses and the final Ethernet
396 * type.
397 */
398 ether_addresses_print(ndo, src.addr, dst.addr);
399 ether_type_print(ndo, length_type);
400 ND_PRINT(", length %u: ", orig_length);
401 }
402
403 if (!ndo->ndo_suppress_default_print)
404 ND_DEFAULTPRINT(p, caplen);
405 }
406 }
407 return (hdrlen);
408 }
409
410 /*
411 * Print an Ethernet frame while specyfing a non-standard Ethernet header
412 * length.
413 * This might be encapsulated within another frame; we might be passed
414 * a pointer to a function that can print header information for that
415 * frame's protocol, and an argument to pass to that function.
416 *
417 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
418 */
419 u_int
420 ether_switch_tag_print(netdissect_options *ndo, const u_char *p, u_int length,
421 u_int caplen,
422 void (*print_switch_tag)(netdissect_options *, const u_char *),
423 u_int switch_tag_len)
424 {
425 return (ether_common_print(ndo, p, length, caplen, print_switch_tag,
426 switch_tag_len, NULL, NULL));
427 }
428
429 /*
430 * Print an Ethernet frame.
431 * This might be encapsulated within another frame; we might be passed
432 * a pointer to a function that can print header information for that
433 * frame's protocol, and an argument to pass to that function.
434 *
435 * FIXME: caplen can and should be derived from ndo->ndo_snapend and p.
436 */
437 u_int
438 ether_print(netdissect_options *ndo,
439 const u_char *p, u_int length, u_int caplen,
440 void (*print_encap_header)(netdissect_options *ndo, const u_char *),
441 const u_char *encap_header_arg)
442 {
443 ndo->ndo_protocol = "ether";
444 return (ether_common_print(ndo, p, length, caplen, NULL, 0,
445 print_encap_header, encap_header_arg));
446 }
447
448 /*
449 * This is the top level routine of the printer. 'p' points
450 * to the ether header of the packet, 'h->len' is the length
451 * of the packet off the wire, and 'h->caplen' is the number
452 * of bytes actually captured.
453 */
454 u_int
455 ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
456 const u_char *p)
457 {
458 ndo->ndo_protocol = "ether_if";
459 return (ether_print(ndo, p, h->len, h->caplen, NULL, NULL));
460 }
461
462 /*
463 * This is the top level routine of the printer. 'p' points
464 * to the ether header of the packet, 'h->len' is the length
465 * of the packet off the wire, and 'h->caplen' is the number
466 * of bytes actually captured.
467 *
468 * This is for DLT_NETANALYZER, which has a 4-byte pseudo-header
469 * before the Ethernet header.
470 */
471 u_int
472 netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
473 const u_char *p)
474 {
475 /*
476 * Fail if we don't have enough data for the Hilscher pseudo-header.
477 */
478 ndo->ndo_protocol = "netanalyzer_if";
479 if (h->caplen < 4) {
480 nd_print_trunc(ndo);
481 return (h->caplen);
482 }
483
484 /* Skip the pseudo-header. */
485 return (4 + ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL));
486 }
487
488 /*
489 * This is the top level routine of the printer. 'p' points
490 * to the ether header of the packet, 'h->len' is the length
491 * of the packet off the wire, and 'h->caplen' is the number
492 * of bytes actually captured.
493 *
494 * This is for DLT_NETANALYZER_TRANSPARENT, which has a 4-byte
495 * pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF
496 * before the Ethernet header.
497 */
498 u_int
499 netanalyzer_transparent_if_print(netdissect_options *ndo,
500 const struct pcap_pkthdr *h,
501 const u_char *p)
502 {
503 /*
504 * Fail if we don't have enough data for the Hilscher pseudo-header,
505 * preamble, and SOF.
506 */
507 ndo->ndo_protocol = "netanalyzer_transparent_if";
508 if (h->caplen < 12) {
509 nd_print_trunc(ndo);
510 return (h->caplen);
511 }
512
513 /* Skip the pseudo-header, preamble, and SOF. */
514 return (12 + ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL));
515 }
516
517 /*
518 * Prints the packet payload, given an Ethernet type code for the payload's
519 * protocol.
520 *
521 * Returns non-zero if it can do so, zero if the ethertype is unknown.
522 */
523
524 int
525 ethertype_print(netdissect_options *ndo,
526 u_short ether_type, const u_char *p,
527 u_int length, u_int caplen,
528 const struct lladdr_info *src, const struct lladdr_info *dst)
529 {
530 switch (ether_type) {
531
532 case ETHERTYPE_IP:
533 ip_print(ndo, p, length);
534 return (1);
535
536 case ETHERTYPE_IPV6:
537 ip6_print(ndo, p, length);
538 return (1);
539
540 case ETHERTYPE_ARP:
541 case ETHERTYPE_REVARP:
542 arp_print(ndo, p, length, caplen);
543 return (1);
544
545 case ETHERTYPE_DN:
546 decnet_print(ndo, p, length, caplen);
547 return (1);
548
549 case ETHERTYPE_ATALK:
550 if (ndo->ndo_vflag)
551 ND_PRINT("et1 ");
552 atalk_print(ndo, p, length);
553 return (1);
554
555 case ETHERTYPE_AARP:
556 aarp_print(ndo, p, length);
557 return (1);
558
559 case ETHERTYPE_IPX:
560 ND_PRINT("(NOV-ETHII) ");
561 ipx_print(ndo, p, length);
562 return (1);
563
564 case ETHERTYPE_ISO:
565 if (length == 0 || caplen == 0) {
566 ndo->ndo_protocol = "isoclns";
567 nd_print_trunc(ndo);
568 return (1);
569 }
570 isoclns_print(ndo, p + 1, length - 1);
571 return(1);
572
573 case ETHERTYPE_PPPOED:
574 case ETHERTYPE_PPPOES:
575 case ETHERTYPE_PPPOED2:
576 case ETHERTYPE_PPPOES2:
577 pppoe_print(ndo, p, length);
578 return (1);
579
580 case ETHERTYPE_EAPOL:
581 eap_print(ndo, p, length);
582 return (1);
583
584 case ETHERTYPE_RRCP:
585 rrcp_print(ndo, p, length, src, dst);
586 return (1);
587
588 case ETHERTYPE_PPP:
589 if (length) {
590 ND_PRINT(": ");
591 ppp_print(ndo, p, length);
592 }
593 return (1);
594
595 case ETHERTYPE_MPCP:
596 mpcp_print(ndo, p, length);
597 return (1);
598
599 case ETHERTYPE_SLOW:
600 slow_print(ndo, p, length);
601 return (1);
602
603 case ETHERTYPE_CFM:
604 case ETHERTYPE_CFM_OLD:
605 cfm_print(ndo, p, length);
606 return (1);
607
608 case ETHERTYPE_LLDP:
609 lldp_print(ndo, p, length);
610 return (1);
611
612 case ETHERTYPE_NSH:
613 nsh_print(ndo, p, length);
614 return (1);
615
616 case ETHERTYPE_LOOPBACK:
617 loopback_print(ndo, p, length);
618 return (1);
619
620 case ETHERTYPE_MPLS:
621 case ETHERTYPE_MPLS_MULTI:
622 mpls_print(ndo, p, length);
623 return (1);
624
625 case ETHERTYPE_TIPC:
626 tipc_print(ndo, p, length, caplen);
627 return (1);
628
629 case ETHERTYPE_MS_NLB_HB:
630 msnlb_print(ndo, p);
631 return (1);
632
633 case ETHERTYPE_GEONET_OLD:
634 case ETHERTYPE_GEONET:
635 geonet_print(ndo, p, length, src);
636 return (1);
637
638 case ETHERTYPE_CALM_FAST:
639 calm_fast_print(ndo, p, length, src);
640 return (1);
641
642 case ETHERTYPE_AOE:
643 aoe_print(ndo, p, length);
644 return (1);
645
646 case ETHERTYPE_PTP:
647 ptp_print(ndo, p, length);
648 return (1);
649
650 case ETHERTYPE_LAT:
651 case ETHERTYPE_SCA:
652 case ETHERTYPE_MOPRC:
653 case ETHERTYPE_MOPDL:
654 case ETHERTYPE_IEEE1905_1:
655 /* default_print for now */
656 default:
657 return (0);
658 }
659 }
[mirror] the TCPdump network dissector