* Virtual Subnet ID (VSID) and an 8-bit FlowID.
*/
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
#include "netdissect-stdinc.h"
#include "addrtostr.h"
#include "extract.h"
#include "ethertype.h"
-
-
-#define GRE_CP 0x8000 /* checksum present */
-#define GRE_RP 0x4000 /* routing present */
-#define GRE_KP 0x2000 /* key present */
-#define GRE_SP 0x1000 /* sequence# present */
-#define GRE_sP 0x0800 /* source routing */
-#define GRE_AP 0x0080 /* acknowledgment# present */
+#include "gre.h"
static const struct tok gre_flag_values[] = {
{ GRE_CP, "checksum present"},
/*
* Ethertype values used for GRE (but not elsewhere?).
*/
+#define GRE_CDP 0x2000 /* Cisco Discovery Protocol */
+#define GRE_NHRP 0x2001 /* Next Hop Resolution Protocol */
+#define GRE_MIKROTIK_EOIP 0x6400 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
+#define GRE_ERSPAN_III 0x22eb
#define GRE_WCCP 0x883e /* Web Cache C* Protocol */
+#define GRE_ERSPAN_I_II 0x88be
struct wccp_redirect {
nd_uint8_t flags;
* use it for keep-alives; see, for example,
* https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html#anc1
*/
- printf("keep-alive");
+ ND_PRINT("keep-alive");
break;
case GRE_WCCP:
/*
*
* This may either just mean "IPv4" or it may mean
* "IPv4 preceded by a WCCP redirect header". We
- * check to seeif the first octet looks like the
+ * check to see if the first octet looks like the
* beginning of an IPv4 header and, if not, dissect
* it "IPv4 preceded by a WCCP redirect header",
* otherwise we dissect it as just IPv4.
*
* See "Packet redirection" in draft-forster-wrec-wccp-v1-00,
- * scetion 4.12 "Traffic Forwarding" in
+ * section 4.12 "Traffic Forwarding" in
* draft-wilson-wrec-wccp-v2-01, and section 3.12.1
* "Forwarding using GRE Encapsulation" in
* draft-param-wccp-v2rev1-01.
bp += sizeof(*wccp);
len -= sizeof(*wccp);
- printf(": ");
+ ND_PRINT(": ");
}
/* FALLTHROUGH */
- break;
case ETHERTYPE_IP:
ip_print(ndo, bp, len);
break;
case ETHERTYPE_NSH:
nsh_print(ndo, bp, len);
break;
+ case GRE_ERSPAN_I_II:
+ erspan_i_ii_print(ndo, flags, bp, len);
+ break;
+ case GRE_ERSPAN_III:
+ erspan_iii_print(ndo, bp, len);
+ break;
+ case GRE_CDP:
+ cdp_print(ndo, bp, len);
+ break;
+ case GRE_NHRP:
+ nhrp_print(ndo, bp, len);
+ break;
default:
ND_PRINT("gre-proto-0x%x", prot);
}
len -= 2;
bp += 2;
+ /*
+ * This version is used for two purposes:
+ *
+ * RFC 2637 PPTP;
+ * Some Mikrotik Ethernet-over-IP hack.
+ */
+ switch (prot) {
+ case GRE_MIKROTIK_EOIP:
+ /*
+ * The MikroTik hack uses only the key field, and uses it
+ * for its own purposes. If anything other than the version
+ * and K bit are set, report an error and give up.
+ */
+ if ((flags & ~GRE_VERS_MASK) != GRE_KP) {
+ ND_PRINT(" unknown-eoip-flags-%04x!", flags);
+ return;
+ }
+ break;
+ default:
+ /*
+ * XXX - what should we do if it's not ETHERTYPE_PPP?
+ */
+ break;
+ }
if (flags & GRE_KP) {
- uint32_t k;
+ /* Skip payload length? */
+ ND_ICHECK_U(len, <, 2);
+ ND_TCHECK_2(bp);
+ len -= 2;
+ bp += 2;
- ND_ICHECK_U(len, <, 4);
- k = GET_BE_U_4(bp);
- ND_PRINT(", call %u", k & 0xffff);
- len -= 4;
- bp += 4;
- }
+ ND_ICHECK_U(len, <, 2);
+ if (prot == GRE_MIKROTIK_EOIP) {
+ /* Non-standard */
+ ND_PRINT(", tunnel-id %u", GET_BE_U_2(bp));
+ } else
+ ND_PRINT(", call %u", GET_BE_U_2(bp));
+ len -= 2;
+ bp += 2;
+ } else
+ ND_PRINT(", (ERROR: K flag not set)");
if (flags & GRE_SP) {
ND_ICHECK_U(len, <, 4);
len -= 4;
}
- if ((flags & GRE_SP) == 0)
+ /*
+ * More non-standard EoIP behavior.
+ */
+ if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
ND_PRINT(", no-payload");
if (ndo->ndo_eflag)
ND_PRINT(", length %u",length);
- if ((flags & GRE_SP) == 0)
+ /*
+ * More non-standard EoIP behavior.
+ */
+ if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
return;
if (ndo->ndo_vflag < 1)
case ETHERTYPE_PPP:
ppp_print(ndo, bp, len);
break;
+ case GRE_MIKROTIK_EOIP:
+ /* MikroTik RouterBoard Ethernet over IP (EoIP) */
+ if (len == 0)
+ ND_PRINT("keepalive");
+ else
+ ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
+ break;
default:
ND_PRINT("gre-proto-0x%x", prot);
break;
projects / tcpdump / blobdiff