+/* $OpenBSD: print-gre.c,v 1.6 2002/10/30 03:04:04 fgsch Exp $ */
+
/*
- * Copyright (c) 1996
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Lawrence Berkeley Laboratory,
- * Berkeley, CA. The name of the University may not be used to
- * endorse or promote products derived from this software without
- * specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * All rights reserved.
*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * This module implements support for decoding GRE (Generic Routing
- * Encapsulation) tunnels; they're documented in RFC1701 and RFC1702.
- * This code only supports the IP encapsulation thereof.
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef lint
-static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/tcpdump/print-gre.c,v 1.14 2002-06-01 23:50:31 guy Exp $";
-#endif
+/* \summary: Generic Routing Encapsulation (GRE) printer */
+
+/*
+ * netdissect printer for GRE - Generic Routing Encapsulation
+ * RFC 1701 (GRE), RFC 1702 (GRE IPv4), RFC 2637 (PPTP, which
+ * has an extended form of GRE), RFC 2784 (revised GRE, with
+ * R, K, S, and s bits and Recur and Offset fields now reserved
+ * in the header, and no optional Key or Sequence number in the
+ * header), and RFC 2890 (proposal to add back the K and S bits
+ * and the optional Key and Sequence number).
+ *
+ * The RFC 2637 PPTP GRE repurposes the Key field to hold a
+ * 16-bit Payload Length and a 16-bit Call ID.
+ *
+ * RFC 7637 (NVGRE) repurposes the Key field to hold a 24-bit
+ * Virtual Subnet ID (VSID) and an 8-bit FlowID.
+ */
#ifdef HAVE_CONFIG_H
-#include "config.h"
+#include <config.h>
#endif
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/socket.h>
+#include "netdissect-stdinc.h"
-#include <netinet/in.h>
+#define ND_LONGJMP_FROM_TCHECK
+#include "netdissect.h"
+#include "addrtostr.h"
+#include "extract.h"
+#include "ethertype.h"
-#include <netdb.h>
-#include <stdio.h>
-#include "interface.h"
-#include "addrtoname.h"
-#include "extract.h" /* must come after interface.h */
+#define GRE_CP 0x8000 /* checksum present */
+#define GRE_RP 0x4000 /* routing present */
+#define GRE_KP 0x2000 /* key present */
+#define GRE_SP 0x1000 /* sequence# present */
+#define GRE_sP 0x0800 /* source routing */
+#define GRE_AP 0x0080 /* acknowledgment# present */
-struct gre {
- u_int16_t flags;
- u_int16_t proto;
+static const struct tok gre_flag_values[] = {
+ { GRE_CP, "checksum present"},
+ { GRE_RP, "routing present"},
+ { GRE_KP, "key present"},
+ { GRE_SP, "sequence# present"},
+ { GRE_sP, "source routing present"},
+ { GRE_AP, "ack present"},
+ { 0, NULL }
};
-/* RFC 2784 - GRE */
-#define GRE_CP 0x8000 /* Checksum Present */
-#define GRE_VER_MASK 0x0007 /* Version */
-
-/* RFC 2890 - Key and Sequence extensions to GRE */
-#define GRE_KP 0x2000 /* Key Present */
-#define GRE_SP 0x1000 /* Sequence Present */
+#define GRE_RECRS_MASK 0x0700 /* recursion count */
+#define GRE_VERS_MASK 0x0007 /* protocol version */
-/* Legacy from RFC 1700 */
-#define GRE_RP 0x4000 /* Routing Present */
-#define GRE_sP 0x0800 /* strict source route present */
-#define GRE_RECUR_MASK 0x0700 /* Recursion Control */
-#define GRE_RECUR_SHIFT 8
+/* source route entry types */
+#define GRESRE_IP 0x0800 /* IP */
+#define GRESRE_ASN 0xfffe /* ASN */
-#define GRE_COP (GRE_RP|GRE_CP) /* Checksum & Offset Present */
+/*
+ * Ethertype values used for GRE (but not elsewhere?).
+ */
+#define GRE_CDP 0x2000 /* Cisco Discovery Protocol */
+#define GRE_NHRP 0x2001 /* Next Hop Resolution Protocol */
+#define GRE_MIKROTIK_EOIP 0x6400 /* MikroTik RouterBoard Ethernet over IP (EoIP) */
+#define GRE_ERSPAN_III 0x22eb
+#define GRE_WCCP 0x883e /* Web Cache C* Protocol */
+#define GRE_ERSPAN_I_II 0x88be
-/* "Enhanced GRE" from RFC2637 - PPTP */
-#define GRE_AP 0x0080 /* Ack present */
+struct wccp_redirect {
+ nd_uint8_t flags;
+#define WCCP_T (1 << 7)
+#define WCCP_A (1 << 6)
+#define WCCP_U (1 << 5)
+ nd_uint8_t ServiceId;
+ nd_uint8_t AltBucket;
+ nd_uint8_t PriBucket;
+};
-#define GRE_MBZ_MASK 0x0078 /* not defined */
+static void gre_print_0(netdissect_options *, const u_char *, u_int);
+static void gre_print_1(netdissect_options *, const u_char *, u_int);
+static int gre_sre_print(netdissect_options *, uint16_t, uint8_t, uint8_t, const u_char *, u_int);
+static int gre_sre_ip_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
+static int gre_sre_asn_print(netdissect_options *, uint8_t, uint8_t, const u_char *, u_int);
-/*
- * Deencapsulate and print a GRE-tunneled IP datagram
- */
void
-gre_print(const u_char *bp, u_int length)
+gre_print(netdissect_options *ndo, const u_char *bp, u_int length)
+{
+ u_int vers;
+
+ ndo->ndo_protocol = "gre";
+ nd_print_protocol_caps(ndo);
+ ND_ICHECK_U(length, <, 2);
+ vers = GET_BE_U_2(bp) & GRE_VERS_MASK;
+ ND_PRINT("v%u",vers);
+
+ switch(vers) {
+ case 0:
+ gre_print_0(ndo, bp, length);
+ break;
+ case 1:
+ gre_print_1(ndo, bp, length);
+ break;
+ default:
+ ND_PRINT(" ERROR: unknown-version");
+ break;
+ }
+ return;
+
+invalid:
+ nd_print_invalid(ndo);
+}
+
+static void
+gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length)
{
- const u_char *cp = bp + 4;
- const struct gre *gre;
- u_int16_t flags, proto;
- u_short ver=0;
- u_short extracted_ethertype;
-
- gre = (const struct gre *)bp;
-
- TCHECK(gre->proto);
- flags = EXTRACT_16BITS(&gre->flags);
- proto = EXTRACT_16BITS(&gre->proto);
- (void)printf("gre ");
-
- if (flags) {
- /* Decode the flags */
- putchar('[');
- if (flags & GRE_CP)
- putchar('C');
- if (flags & GRE_RP)
- putchar('R');
- if (flags & GRE_KP)
- putchar('K');
- if (flags & GRE_SP)
- putchar('S');
- if (flags & GRE_sP)
- putchar('s');
- if (flags & GRE_AP)
- putchar('A');
- if (flags & GRE_RECUR_MASK)
- printf("R%x", (flags & GRE_RECUR_MASK) >> GRE_RECUR_SHIFT);
- ver = flags & GRE_VER_MASK;
- printf("v%u", ver);
-
- if (flags & GRE_MBZ_MASK)
- printf("!%x", flags & GRE_MBZ_MASK);
- fputs("] ", stdout);
- }
-
- if (flags & GRE_COP) {
- int checksum, offset;
-
- TCHECK2(*cp, 4);
- checksum = EXTRACT_16BITS(cp);
- offset = EXTRACT_16BITS(cp + 2);
-
- if (flags & GRE_CP) {
- /* Checksum present */
-
- /* todo: check checksum */
- if (vflag > 1)
- printf("C:%04x ", checksum);
+ u_int len = length;
+ uint16_t flags, prot;
+
+ ND_ICHECK_U(len, <, 2);
+ flags = GET_BE_U_2(bp);
+ if (ndo->ndo_vflag)
+ ND_PRINT(", Flags [%s]",
+ bittok2str(gre_flag_values,"none",flags));
+
+ len -= 2;
+ bp += 2;
+
+ ND_ICHECK_U(len, <, 2);
+ prot = GET_BE_U_2(bp);
+ len -= 2;
+ bp += 2;
+
+ if ((flags & GRE_CP) | (flags & GRE_RP)) {
+ uint16_t sum;
+
+ ND_ICHECK_U(len, <, 2);
+ sum = GET_BE_U_2(bp);
+ if (ndo->ndo_vflag)
+ ND_PRINT(", sum 0x%x", sum);
+ bp += 2;
+ len -= 2;
+
+ ND_ICHECK_U(len, <, 2);
+ ND_PRINT(", off 0x%x", GET_BE_U_2(bp));
+ bp += 2;
+ len -= 2;
+ }
+
+ if (flags & GRE_KP) {
+ uint32_t key;
+
+ ND_ICHECK_U(len, <, 4);
+ key = GET_BE_U_4(bp);
+ bp += 4;
+ len -= 4;
+
+ /*
+ * OpenBSD shows this as both a 32-bit
+ * (decimal) key value and a VSID+FlowID
+ * pair, with the VSID in decimal and
+ * the FlowID in hex, as key=<Key>|<VSID>+<FlowID>,
+ * in case this is NVGRE.
+ */
+ ND_PRINT(", key=0x%x", key);
+ }
+
+ if (flags & GRE_SP) {
+ ND_ICHECK_U(len, <, 4);
+ ND_PRINT(", seq %u", GET_BE_U_4(bp));
+ bp += 4;
+ len -= 4;
+ }
+
+ if (flags & GRE_RP) {
+ for (;;) {
+ uint16_t af;
+ uint8_t sreoff;
+ uint8_t srelen;
+
+ ND_ICHECK_U(len, <, 4);
+ af = GET_BE_U_2(bp);
+ sreoff = GET_U_1(bp + 2);
+ srelen = GET_U_1(bp + 3);
+ bp += 4;
+ len -= 4;
+
+ if (af == 0 && srelen == 0)
+ break;
+
+ if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len))
+ goto invalid;
+
+ ND_ICHECK_U(len, <, srelen);
+ bp += srelen;
+ len -= srelen;
}
- if (flags & GRE_RP) {
- /* Offset present */
+ }
+
+ if (ndo->ndo_eflag)
+ ND_PRINT(", proto %s (0x%04x)",
+ tok2str(ethertype_values,"unknown",prot), prot);
+
+ ND_PRINT(", length %u",length);
+
+ if (ndo->ndo_vflag < 1)
+ ND_PRINT(": "); /* put in a colon as protocol demarc */
+ else
+ ND_PRINT("\n\t"); /* if verbose go multiline */
+
+ switch (prot) {
+ case 0x0000:
+ /*
+ * 0x0000 is reserved, but Cisco, at least, appears to
+ * use it for keep-alives; see, for example,
+ * https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html#anc1
+ */
+ printf("keep-alive");
+ break;
+ case GRE_WCCP:
+ /*
+ * This is a bit weird.
+ *
+ * This may either just mean "IPv4" or it may mean
+ * "IPv4 preceded by a WCCP redirect header". We
+ * check to see if the first octet looks like the
+ * beginning of an IPv4 header and, if not, dissect
+ * it "IPv4 preceded by a WCCP redirect header",
+ * otherwise we dissect it as just IPv4.
+ *
+ * See "Packet redirection" in draft-forster-wrec-wccp-v1-00,
+ * section 4.12 "Traffic Forwarding" in
+ * draft-wilson-wrec-wccp-v2-01, and section 3.12.1
+ * "Forwarding using GRE Encapsulation" in
+ * draft-param-wccp-v2rev1-01.
+ */
+ ND_PRINT("wccp ");
+
+ ND_ICHECK_U(len, <, 1);
+ if (GET_U_1(bp) >> 4 != 4) {
+ /*
+ * First octet isn't 0x4*, so it's not IPv4.
+ */
+ const struct wccp_redirect *wccp;
+ uint8_t wccp_flags;
+
+ ND_ICHECK_ZU(len, <, sizeof(*wccp));
+ wccp = (const struct wccp_redirect *)bp;
+ wccp_flags = GET_U_1(wccp->flags);
+
+ ND_PRINT("T:%c A:%c U:%c SId:%u Alt:%u Pri:%u",
+ (wccp_flags & WCCP_T) ? '1' : '0',
+ (wccp_flags & WCCP_A) ? '1' : '0',
+ (wccp_flags & WCCP_U) ? '1' : '0',
+ GET_U_1(wccp->ServiceId),
+ GET_U_1(wccp->AltBucket),
+ GET_U_1(wccp->PriBucket));
- if (vflag > 1)
- printf("O:%04x ", offset);
+ bp += sizeof(*wccp);
+ len -= sizeof(*wccp);
+
+ printf(": ");
}
- cp += 4; /* skip checksum and offset */
+ /* FALLTHROUGH */
+ case ETHERTYPE_IP:
+ ip_print(ndo, bp, len);
+ break;
+ case ETHERTYPE_IPV6:
+ ip6_print(ndo, bp, len);
+ break;
+ case ETHERTYPE_MPLS:
+ case ETHERTYPE_MPLS_MULTI:
+ mpls_print(ndo, bp, len);
+ break;
+ case ETHERTYPE_IPX:
+ ipx_print(ndo, bp, len);
+ break;
+ case ETHERTYPE_ATALK:
+ atalk_print(ndo, bp, len);
+ break;
+ case ETHERTYPE_GRE_ISO:
+ isoclns_print(ndo, bp, len);
+ break;
+ case ETHERTYPE_TEB:
+ ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
+ break;
+ case ETHERTYPE_NSH:
+ nsh_print(ndo, bp, len);
+ break;
+ case GRE_ERSPAN_I_II:
+ erspan_print(ndo, flags, bp, len);
+ break;
+ case GRE_CDP:
+ cdp_print(ndo, bp, len);
+ break;
+ case GRE_NHRP:
+ nhrp_print(ndo, bp, len);
+ break;
+ default:
+ ND_PRINT("gre-proto-0x%x", prot);
}
- if (flags & GRE_KP) {
- TCHECK2(*cp, 4);
- if (ver == 1) { /* PPTP */
- if (vflag > 1)
- printf("PL:%u ", EXTRACT_16BITS(cp));
- printf("ID:%04x ", EXTRACT_16BITS(cp+2));
+ return;
+
+invalid:
+ nd_print_invalid(ndo);
+}
+
+static void
+gre_print_1(netdissect_options *ndo, const u_char *bp, u_int length)
+{
+ u_int len = length;
+ uint16_t flags, prot;
+
+ ND_ICHECK_U(len, <, 2);
+ flags = GET_BE_U_2(bp);
+ len -= 2;
+ bp += 2;
+
+ if (ndo->ndo_vflag)
+ ND_PRINT(", Flags [%s]",
+ bittok2str(gre_flag_values,"none",flags));
+
+ ND_ICHECK_U(len, <, 2);
+ prot = GET_BE_U_2(bp);
+ len -= 2;
+ bp += 2;
+
+ /*
+ * This version is used for two purposes:
+ *
+ * RFC 2637 PPTP;
+ * Some Mikrotik Ethernet-over-IP hack.
+ */
+ switch (prot) {
+ case GRE_MIKROTIK_EOIP:
+ /*
+ * The MikroTik hack uses only the key field, and uses it
+ * for its own purposes. If anything other than the version
+ * and K bit are set, report an error and give up.
+ */
+ if ((flags & ~GRE_VERS_MASK) != GRE_KP) {
+ ND_PRINT(" unknown-eoip-flags-%04x!", flags);
+ return;
}
- else
- printf("K:%08x ", EXTRACT_32BITS(cp));
- cp += 4; /* skip key */
+ break;
+ default:
+ /*
+ * XXX - what should we do if it's not ETHERTYPE_PPP?
+ */
+ break;
}
+
+ if (flags & GRE_KP) {
+ /* Skip payload length? */
+ ND_ICHECK_U(len, <, 2);
+ ND_TCHECK_LEN(bp, 2);
+ len -= 2;
+ bp += 2;
+
+ ND_ICHECK_U(len, <, 2);
+ if (prot == GRE_MIKROTIK_EOIP) {
+ /* Non-standard */
+ ND_PRINT(", tunnel-id %u", GET_BE_U_2(bp));
+ } else
+ ND_PRINT(", call %u", GET_BE_U_2(bp));
+ len -= 2;
+ bp += 2;
+ } else
+ ND_PRINT(", (ERROR: K flag not set)");
+
if (flags & GRE_SP) {
- TCHECK2(*cp, 4);
- printf("S:%u ", EXTRACT_32BITS(cp));
- cp += 4; /* skip seq */
+ ND_ICHECK_U(len, <, 4);
+ ND_PRINT(", seq %u", GET_BE_U_4(bp));
+ bp += 4;
+ len -= 4;
}
- if (flags & GRE_AP && ver >= 1) {
- TCHECK2(*cp, 4);
- printf("A:%u ", EXTRACT_32BITS(cp));
- cp += 4; /* skip ack */
+
+ if (flags & GRE_AP) {
+ ND_ICHECK_U(len, <, 4);
+ ND_PRINT(", ack %u", GET_BE_U_4(bp));
+ bp += 4;
+ len -= 4;
}
- /* We don't support routing fields (variable length) now. Punt. */
- if (flags & GRE_RP)
+
+ /*
+ * More non-standard EoIP behavior.
+ */
+ if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
+ ND_PRINT(", no-payload");
+
+ if (ndo->ndo_eflag)
+ ND_PRINT(", proto %s (0x%04x)",
+ tok2str(ethertype_values,"unknown",prot), prot);
+
+ ND_PRINT(", length %u",length);
+
+ /*
+ * More non-standard EoIP behavior.
+ */
+ if (prot != GRE_MIKROTIK_EOIP && (flags & GRE_SP) == 0)
return;
- TCHECK(cp[0]);
+ if (ndo->ndo_vflag < 1)
+ ND_PRINT(": "); /* put in a colon as protocol demarc */
+ else
+ ND_PRINT("\n\t"); /* if verbose go multiline */
- length -= cp - bp;
- if (ether_encap_print(proto, cp, length, length,
- &extracted_ethertype) == 0)
- printf("gre-proto-0x%04X", proto);
+ switch (prot) {
+ case ETHERTYPE_PPP:
+ ppp_print(ndo, bp, len);
+ break;
+ case GRE_MIKROTIK_EOIP:
+ /* MikroTik RouterBoard Ethernet over IP (EoIP) */
+ if (len == 0)
+ ND_PRINT("keepalive");
+ else
+ ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
+ break;
+ default:
+ ND_PRINT("gre-proto-0x%x", prot);
+ break;
+ }
return;
-trunc:
- fputs("[|gre]", stdout);
+invalid:
+ nd_print_invalid(ndo);
+}
+
+static int
+gre_sre_print(netdissect_options *ndo, uint16_t af, uint8_t sreoff,
+ uint8_t srelen, const u_char *bp, u_int len)
+{
+ int ret;
+
+ switch (af) {
+ case GRESRE_IP:
+ ND_PRINT(", (rtaf=ip");
+ ret = gre_sre_ip_print(ndo, sreoff, srelen, bp, len);
+ ND_PRINT(")");
+ break;
+ case GRESRE_ASN:
+ ND_PRINT(", (rtaf=asn");
+ ret = gre_sre_asn_print(ndo, sreoff, srelen, bp, len);
+ ND_PRINT(")");
+ break;
+ default:
+ ND_PRINT(", (rtaf=0x%x)", af);
+ ret = 1;
+ }
+ return (ret);
+}
+
+static int
+gre_sre_ip_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
+ const u_char *bp, u_int len)
+{
+ const u_char *up = bp;
+ char buf[INET_ADDRSTRLEN];
+
+ if (sreoff & 3) {
+ ND_PRINT(", badoffset=%u", sreoff);
+ goto invalid;
+ }
+ if (srelen & 3) {
+ ND_PRINT(", badlength=%u", srelen);
+ goto invalid;
+ }
+ if (sreoff >= srelen) {
+ ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
+ goto invalid;
+ }
+
+ while (srelen != 0) {
+ ND_ICHECK_U(len, <, 4);
+
+ ND_TCHECK_LEN(bp, sizeof(nd_ipv4));
+ addrtostr(bp, buf, sizeof(buf));
+ ND_PRINT(" %s%s",
+ ((bp - up) == sreoff) ? "*" : "", buf);
+
+ bp += 4;
+ len -= 4;
+ srelen -= 4;
+ }
+ return 1;
+
+invalid:
+ return 0;
+}
+
+static int
+gre_sre_asn_print(netdissect_options *ndo, uint8_t sreoff, uint8_t srelen,
+ const u_char *bp, u_int len)
+{
+ const u_char *up = bp;
+
+ if (sreoff & 1) {
+ ND_PRINT(", badoffset=%u", sreoff);
+ goto invalid;
+ }
+ if (srelen & 1) {
+ ND_PRINT(", badlength=%u", srelen);
+ goto invalid;
+ }
+ if (sreoff >= srelen) {
+ ND_PRINT(", badoff/len=%u/%u", sreoff, srelen);
+ goto invalid;
+ }
+
+ while (srelen != 0) {
+ ND_ICHECK_U(len, <, 2);
+
+ ND_PRINT(" %s%x",
+ ((bp - up) == sreoff) ? "*" : "", GET_BE_U_2(bp));
+
+ bp += 2;
+ len -= 2;
+ srelen -= 2;
+ }
+ return 1;
+invalid:
+ return 0;
}
projects / tcpdump / blobdiff