X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/48e290d807a535cdda391eef7e6992c3429c986a..HEAD:/print-ether.c diff --git a/print-ether.c b/print-ether.c index ba488343..324d089f 100644 --- a/print-ether.c +++ b/print-ether.c @@ -21,12 +21,11 @@ /* \summary: Ethernet printer */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" #include "addrtoname.h" @@ -36,8 +35,8 @@ * Structure of an Ethernet header. */ struct ether_header { - nd_mac_addr ether_dhost; - nd_mac_addr ether_shost; + nd_mac48 ether_dhost; + nd_mac48 ether_shost; nd_uint16_t ether_length_type; }; @@ -57,6 +56,7 @@ const struct tok ethertype_values[] = { { ETHERTYPE_8021Q9100, "802.1Q-9100" }, { ETHERTYPE_8021QinQ, "802.1Q-QinQ" }, { ETHERTYPE_8021Q9200, "802.1Q-9200" }, + { ETHERTYPE_MACSEC, "802.1AE MACsec" }, { ETHERTYPE_VMAN, "VMAN" }, { ETHERTYPE_PUP, "PUP" }, { ETHERTYPE_ARP, "ARP"}, @@ -84,7 +84,7 @@ const struct tok ethertype_values[] = { { ETHERTYPE_PPPOED, "PPPoE D" }, { ETHERTYPE_PPPOES, "PPPoE S" }, { ETHERTYPE_EAPOL, "EAPOL" }, - { ETHERTYPE_RRCP, "RRCP" }, + { ETHERTYPE_REALTEK, "Realtek protocols" }, { ETHERTYPE_MS_NLB_HB, "MS NLB heartbeat" }, { ETHERTYPE_JUMBO, "Jumbo" }, { ETHERTYPE_NSH, "NSH" }, @@ -100,154 +100,240 @@ const struct tok ethertype_values[] = { { ETHERTYPE_GEONET, "GeoNet"}, { ETHERTYPE_CALM_FAST, "CALM FAST"}, { ETHERTYPE_AOE, "AoE" }, - { ETHERTYPE_MEDSA, "MEDSA" }, + { ETHERTYPE_PTP, "PTP" }, + { ETHERTYPE_ARISTA, "Arista Vendor Specific Protocol" }, { 0, NULL} }; static void -ether_hdr_print(netdissect_options *ndo, - const u_char *bp, u_int length, - u_int hdrlen) +ether_addresses_print(netdissect_options *ndo, const u_char *src, + const u_char *dst) { - const struct ether_header *ehp; - uint16_t length_type; - - ehp = (const struct ether_header *)bp; - - ND_PRINT("%s > %s", - etheraddr_string(ndo, ehp->ether_shost), - etheraddr_string(ndo, ehp->ether_dhost)); - - length_type = EXTRACT_BE_U_2(bp + - (hdrlen - sizeof(ehp->ether_length_type))); - if (!ndo->ndo_qflag) { - if (length_type <= MAX_ETHERNET_LENGTH_VAL) { - ND_PRINT(", 802.3"); - length = length_type; - } else - ND_PRINT(", ethertype %s (0x%04x)", - tok2str(ethertype_values,"Unknown", length_type), - length_type); - } else { - if (length_type <= MAX_ETHERNET_LENGTH_VAL) { - ND_PRINT(", 802.3"); - length = length_type; - } else - ND_PRINT(", %s", tok2str(ethertype_values,"Unknown Ethertype (0x%04x)", length_type)); - } + ND_PRINT("%s > %s, ", + GET_MAC48_STRING(src), GET_MAC48_STRING(dst)); +} - ND_PRINT(", length %u: ", length); +static void +ether_type_print(netdissect_options *ndo, uint16_t type) +{ + if (!ndo->ndo_qflag) + ND_PRINT("ethertype %s (0x%04x)", + tok2str(ethertype_values, "Unknown", type), type); + else + ND_PRINT("%s", + tok2str(ethertype_values, "Unknown Ethertype (0x%04x)", type)); } /* - * Print an Ethernet frame while specyfing a non-standard Ethernet header - * length. - * This might be encapsulated within another frame; we might be passed - * a pointer to a function that can print header information for that - * frame's protocol, and an argument to pass to that function. + * Common code for printing Ethernet frames. * - * FIXME: caplen can and should be derived from ndo->ndo_snapend and p. + * It can handle Ethernet headers with extra tag information inserted + * after the destination and source addresses, as is inserted by some + * switch chips, and extra encapsulation header information before + * printing Ethernet header information (such as a LANE ID for ATM LANE). */ -u_int -ether_print_hdr_len(netdissect_options *ndo, - const u_char *p, u_int length, u_int caplen, - void (*print_encap_header)(netdissect_options *ndo, const u_char *), - const u_char *encap_header_arg, u_int hdrlen) +static u_int +ether_common_print(netdissect_options *ndo, const u_char *p, u_int length, + u_int caplen, + void (*print_switch_tag)(netdissect_options *ndo, const u_char *), + u_int switch_tag_len, + void (*print_encap_header)(netdissect_options *ndo, const u_char *), + const u_char *encap_header_arg) { const struct ether_header *ehp; u_int orig_length; + u_int hdrlen; u_short length_type; + int printed_length; int llc_hdrlen; struct lladdr_info src, dst; - /* Unless specified otherwise, assume a standard Ethernet header */ - if (hdrlen == ETHER_HDRLEN) - ndo->ndo_protocol = "ether"; - - if (caplen < hdrlen) { - nd_print_trunc(ndo); - return (caplen); + if (length < caplen) { + ND_PRINT("[length %u < caplen %u]", length, caplen); + nd_print_invalid(ndo); + return length; } - if (length < hdrlen) { + if (caplen < ETHER_HDRLEN + switch_tag_len) { nd_print_trunc(ndo); - return (length); + return caplen; } - /* If the offset is set, then the upper printer is responsible for - * printing the relevant part of the Ethernet header. - */ - if (ndo->ndo_eflag) { - if (print_encap_header != NULL) - (*print_encap_header)(ndo, encap_header_arg); - ether_hdr_print(ndo, p, length, hdrlen); - } + if (print_encap_header != NULL) + (*print_encap_header)(ndo, encap_header_arg); orig_length = length; - length -= hdrlen; - caplen -= hdrlen; + /* + * Get the source and destination addresses, skip past them, + * and print them if we're printing the link-layer header. + */ ehp = (const struct ether_header *)p; - p += hdrlen; - src.addr = ehp->ether_shost; - src.addr_string = etheraddr_string; + src.addr_string = mac48_string; dst.addr = ehp->ether_dhost; - dst.addr_string = etheraddr_string; - length_type = EXTRACT_BE_U_2((const u_char *)ehp + - (hdrlen - sizeof(ehp->ether_length_type))); + dst.addr_string = mac48_string; + + length -= 2*MAC48_LEN; + caplen -= 2*MAC48_LEN; + p += 2*MAC48_LEN; + hdrlen = 2*MAC48_LEN; + + if (ndo->ndo_eflag) + ether_addresses_print(ndo, src.addr, dst.addr); + + /* + * Print the switch tag, if we have one, and skip past it. + */ + if (print_switch_tag != NULL) + (*print_switch_tag)(ndo, p); + length -= switch_tag_len; + caplen -= switch_tag_len; + p += switch_tag_len; + hdrlen += switch_tag_len; + + /* + * Get the length/type field, skip past it, and print it + * if we're printing the link-layer header. + */ recurse: + length_type = GET_BE_U_2(p); + + length -= 2; + caplen -= 2; + p += 2; + hdrlen += 2; + /* - * Is it (gag) an 802.3 encapsulation? + * Process 802.1AE MACsec headers. */ - if (length_type <= MAX_ETHERNET_LENGTH_VAL) { - /* Try to print the LLC-layer header & higher layers */ - llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst); - if (llc_hdrlen < 0) { - /* packet type not known, print raw packet */ + printed_length = 0; + if (length_type == ETHERTYPE_MACSEC) { + /* + * MACsec, aka IEEE 802.1AE-2006 + * Print the header, and try to print the payload if it's not encrypted + */ + if (ndo->ndo_eflag) { + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); + printed_length = 1; + } + + int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen, + &src, &dst); + + if (ret == 0) { + /* Payload is encrypted; print it as raw data. */ if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); - llc_hdrlen = -llc_hdrlen; + return hdrlen; + } else if (ret > 0) { + /* Problem printing the header; just quit. */ + return ret; + } else { + /* + * Keep processing type/length fields. + */ + length_type = GET_BE_U_2(p); + + ND_ICHECK_U(caplen, <, 2); + length -= 2; + caplen -= 2; + p += 2; + hdrlen += 2; } - hdrlen += llc_hdrlen; - } else if (length_type == ETHERTYPE_8021Q || - length_type == ETHERTYPE_8021Q9100 || - length_type == ETHERTYPE_8021Q9200 || - length_type == ETHERTYPE_8021QinQ) { + } + + /* + * Process VLAN tag types. + */ + while (length_type == ETHERTYPE_8021Q || + length_type == ETHERTYPE_8021Q9100 || + length_type == ETHERTYPE_8021Q9200 || + length_type == ETHERTYPE_8021QinQ) { /* + * It has a VLAN tag. * Print VLAN information, and then go back and process * the enclosed type field. */ if (caplen < 4) { ndo->ndo_protocol = "vlan"; nd_print_trunc(ndo); - return (hdrlen + caplen); + return hdrlen + caplen; } if (length < 4) { ndo->ndo_protocol = "vlan"; nd_print_trunc(ndo); - return (hdrlen + length); + return hdrlen + length; } - if (ndo->ndo_eflag) { - uint16_t tag = EXTRACT_BE_U_2(p); - + if (ndo->ndo_eflag) { + uint16_t tag = GET_BE_U_2(p); + + ether_type_print(ndo, length_type); + if (!printed_length) { + ND_PRINT(", length %u: ", orig_length); + printed_length = 1; + } else + ND_PRINT(", "); ND_PRINT("%s, ", ieee8021q_tci_string(tag)); } - length_type = EXTRACT_BE_U_2(p + 2); - if (ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) - ND_PRINT("ethertype %s, ", tok2str(ethertype_values,"0x%04x", length_type)); + length_type = GET_BE_U_2(p + 2); p += 4; length -= 4; caplen -= 4; hdrlen += 4; - goto recurse; + } + + /* + * We now have the final length/type field. + */ + if (length_type <= MAX_ETHERNET_LENGTH_VAL) { + /* + * It's a length field, containing the length of the + * remaining payload; use it as such, as long as + * it's not too large (bigger than the actual payload). + */ + if (length_type < length) { + length = length_type; + if (caplen > length) + caplen = length; + } + + /* + * Cut off the snapshot length to the end of the + * payload. + */ + if (!nd_push_snaplen(ndo, p, length)) { + (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, + "%s: can't push snaplen on buffer stack", __func__); + } + + if (ndo->ndo_eflag) { + ND_PRINT("802.3"); + if (!printed_length) + ND_PRINT(", length %u: ", length); + } + + /* + * An LLC header follows the length. Print that and + * higher layers. + */ + llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst); + if (llc_hdrlen < 0) { + /* packet type not known, print raw packet */ + if (!ndo->ndo_suppress_default_print) + ND_DEFAULTPRINT(p, caplen); + llc_hdrlen = -llc_hdrlen; + } + hdrlen += llc_hdrlen; + nd_pop_packet_info(ndo); } else if (length_type == ETHERTYPE_JUMBO) { /* - * Alteon jumbo frames. + * It's a type field, with the type for Alteon jumbo frames. * See * - * http://tools.ietf.org/html/draft-ietf-isis-ext-eth-01 + * https://tools.ietf.org/html/draft-ietf-isis-ext-eth-01 * * which indicates that, following the type field, * there's an LLC header and payload. @@ -261,21 +347,85 @@ recurse: llc_hdrlen = -llc_hdrlen; } hdrlen += llc_hdrlen; + } else if (length_type == ETHERTYPE_ARISTA) { + if (caplen < 2) { + ND_PRINT("[|arista]"); + return hdrlen + caplen; + } + if (length < 2) { + ND_PRINT("[|arista]"); + return hdrlen + length; + } + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); + int bytesConsumed = arista_ethertype_print(ndo, p, length); + if (bytesConsumed > 0) { + p += bytesConsumed; + length -= bytesConsumed; + caplen -= bytesConsumed; + hdrlen += bytesConsumed; + goto recurse; + } else { + /* subtype/version not known, print raw packet */ + if (!ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) { + ether_addresses_print(ndo, src.addr, dst.addr); + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); + } + if (!ndo->ndo_suppress_default_print) + ND_DEFAULTPRINT(p, caplen); + } } else { + /* + * It's a type field with some other value. + */ + if (ndo->ndo_eflag) { + ether_type_print(ndo, length_type); + if (!printed_length) + ND_PRINT(", length %u: ", orig_length); + else + ND_PRINT(", "); + } if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) { /* type not known, print raw packet */ if (!ndo->ndo_eflag) { - if (print_encap_header != NULL) - (*print_encap_header)(ndo, encap_header_arg); - ether_hdr_print(ndo, (const u_char *)ehp, orig_length, - hdrlen); + /* + * We didn't print the full link-layer + * header, as -e wasn't specified, so + * print only the source and destination + * MAC addresses and the final Ethernet + * type. + */ + ether_addresses_print(ndo, src.addr, dst.addr); + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); } if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } } - return (hdrlen); +invalid: + return hdrlen; +} + +/* + * Print an Ethernet frame while specifying a non-standard Ethernet header + * length. + * This might be encapsulated within another frame; we might be passed + * a pointer to a function that can print header information for that + * frame's protocol, and an argument to pass to that function. + * + * FIXME: caplen can and should be derived from ndo->ndo_snapend and p. + */ +u_int +ether_switch_tag_print(netdissect_options *ndo, const u_char *p, u_int length, + u_int caplen, + void (*print_switch_tag)(netdissect_options *, const u_char *), + u_int switch_tag_len) +{ + return ether_common_print(ndo, p, length, caplen, print_switch_tag, + switch_tag_len, NULL, NULL); } /* @@ -288,13 +438,13 @@ recurse: */ u_int ether_print(netdissect_options *ndo, - const u_char *p, u_int length, u_int caplen, - void (*print_encap_header)(netdissect_options *ndo, const u_char *), - const u_char *encap_header_arg) + const u_char *p, u_int length, u_int caplen, + void (*print_encap_header)(netdissect_options *ndo, const u_char *), + const u_char *encap_header_arg) { - return (ether_print_hdr_len(ndo, p, length, caplen, - print_encap_header, encap_header_arg, - ETHER_HDRLEN)); + ndo->ndo_protocol = "ether"; + return ether_common_print(ndo, p, length, caplen, NULL, 0, + print_encap_header, encap_header_arg); } /* @@ -303,12 +453,13 @@ ether_print(netdissect_options *ndo, * of the packet off the wire, and 'h->caplen' is the number * of bytes actually captured. */ -u_int +void ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, - const u_char *p) + const u_char *p) { - ndo->ndo_protocol = "ether_if"; - return (ether_print(ndo, p, h->len, h->caplen, NULL, NULL)); + ndo->ndo_protocol = "ether"; + ndo->ndo_ll_hdr_len += + ether_print(ndo, p, h->len, h->caplen, NULL, NULL); } /* @@ -320,21 +471,20 @@ ether_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, * This is for DLT_NETANALYZER, which has a 4-byte pseudo-header * before the Ethernet header. */ -u_int +void netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, - const u_char *p) + const u_char *p) { /* * Fail if we don't have enough data for the Hilscher pseudo-header. */ - ndo->ndo_protocol = "netanalyzer_if"; - if (h->caplen < 4) { - nd_print_trunc(ndo); - return (h->caplen); - } + ndo->ndo_protocol = "netanalyzer"; + ND_TCHECK_4(p); /* Skip the pseudo-header. */ - return (4 + ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL)); + ndo->ndo_ll_hdr_len += 4; + ndo->ndo_ll_hdr_len += + ether_print(ndo, p + 4, h->len - 4, h->caplen - 4, NULL, NULL); } /* @@ -347,23 +497,22 @@ netanalyzer_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, * pseudo-header, a 7-byte Ethernet preamble, and a 1-byte Ethernet SOF * before the Ethernet header. */ -u_int +void netanalyzer_transparent_if_print(netdissect_options *ndo, - const struct pcap_pkthdr *h, - const u_char *p) + const struct pcap_pkthdr *h, + const u_char *p) { /* * Fail if we don't have enough data for the Hilscher pseudo-header, * preamble, and SOF. */ - ndo->ndo_protocol = "netanalyzer_transparent_if"; - if (h->caplen < 12) { - nd_print_trunc(ndo); - return (h->caplen); - } + ndo->ndo_protocol = "netanalyzer_transparent"; + ND_TCHECK_LEN(p, 12); /* Skip the pseudo-header, preamble, and SOF. */ - return (12 + ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL)); + ndo->ndo_ll_hdr_len += 12; + ndo->ndo_ll_hdr_len += + ether_print(ndo, p + 12, h->len - 12, h->caplen - 12, NULL, NULL); } /* @@ -375,14 +524,14 @@ netanalyzer_transparent_if_print(netdissect_options *ndo, int ethertype_print(netdissect_options *ndo, - u_short ether_type, const u_char *p, - u_int length, u_int caplen, - const struct lladdr_info *src, const struct lladdr_info *dst) + u_short ether_type, const u_char *p, + u_int length, u_int caplen, + const struct lladdr_info *src, const struct lladdr_info *dst) { switch (ether_type) { case ETHERTYPE_IP: - ip_print(ndo, p, length); + ip_print(ndo, p, length); return (1); case ETHERTYPE_IPV6: @@ -391,7 +540,7 @@ ethertype_print(netdissect_options *ndo, case ETHERTYPE_ARP: case ETHERTYPE_REVARP: - arp_print(ndo, p, length, caplen); + arp_print(ndo, p, length, caplen); return (1); case ETHERTYPE_DN: @@ -419,6 +568,9 @@ ethertype_print(netdissect_options *ndo, nd_print_trunc(ndo); return (1); } + /* At least one byte is required */ + /* FIXME: Reference for this byte? */ + ND_TCHECK_1(p); isoclns_print(ndo, p + 1, length - 1); return(1); @@ -430,11 +582,11 @@ ethertype_print(netdissect_options *ndo, return (1); case ETHERTYPE_EAPOL: - eap_print(ndo, p, length); + eapol_print(ndo, p); return (1); - case ETHERTYPE_RRCP: - rrcp_print(ndo, p, length, src, dst); + case ETHERTYPE_REALTEK: + rtl_print(ndo, p, length, src, dst); return (1); case ETHERTYPE_PPP: @@ -445,11 +597,11 @@ ethertype_print(netdissect_options *ndo, return (1); case ETHERTYPE_MPCP: - mpcp_print(ndo, p, length); + mpcp_print(ndo, p, length); return (1); case ETHERTYPE_SLOW: - slow_print(ndo, p, length); + slow_print(ndo, p, length); return (1); case ETHERTYPE_CFM: @@ -461,13 +613,13 @@ ethertype_print(netdissect_options *ndo, lldp_print(ndo, p, length); return (1); - case ETHERTYPE_NSH: - nsh_print(ndo, p, length); - return (1); + case ETHERTYPE_NSH: + nsh_print(ndo, p, length); + return (1); - case ETHERTYPE_LOOPBACK: + case ETHERTYPE_LOOPBACK: loopback_print(ndo, p, length); - return (1); + return (1); case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: @@ -482,21 +634,21 @@ ethertype_print(netdissect_options *ndo, msnlb_print(ndo, p); return (1); - case ETHERTYPE_GEONET_OLD: - case ETHERTYPE_GEONET: - geonet_print(ndo, p, length, src); - return (1); + case ETHERTYPE_GEONET_OLD: + case ETHERTYPE_GEONET: + geonet_print(ndo, p, length, src); + return (1); - case ETHERTYPE_CALM_FAST: - calm_fast_print(ndo, p, length, src); - return (1); + case ETHERTYPE_CALM_FAST: + calm_fast_print(ndo, p, length, src); + return (1); case ETHERTYPE_AOE: aoe_print(ndo, p, length); return (1); - case ETHERTYPE_MEDSA: - medsa_print(ndo, p, length, caplen, src, dst); + case ETHERTYPE_PTP: + ptp_print(ndo, p, length); return (1); case ETHERTYPE_LAT: