1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1988-1990
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that:
9 * 1. Source code distributions retain the above copyright
10 * notice and this paragraph in its entirety
11 * 2. Distributions including binary code include the above copyright
12 * notice and this paragraph in its entirety in the documentation
13 * or other materials provided with the distribution, and
14 * 3. Neither the name of the University nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 * Format and print bootp packets.
23 *
24 * This file was copied from tcpdump-2.1.1 and modified.
25 * There is an e-mail list for tcpdump: <tcpdump@ee.lbl.gov>
26 */
27
28 #include <stdio.h>
29
30 #include <sys/param.h>
31 #include <sys/types.h>
32 #include <sys/socket.h>
33
34 #include <sys/time.h> /* for struct timeval in net/if.h */
35 #include <net/if.h>
36 #include <netinet/in.h>
37
38 #include <string.h>
39 #include <ctype.h>
40
41 #include "bootp.h"
42 #include "bootptest.h"
43
44 /* These decode the vendor data. */
45 static void rfc1048_print(u_char *bp, int length);
46 static void cmu_print(u_char *bp, int length);
47 static void other_print(u_char *bp, int length);
48 static void dump_hex(u_char *bp, int len);
49
50 /*
51 * Print bootp requests
52 */
53 void
bootp_print(struct bootp * bp,int length,u_short sport,u_short dport)54 bootp_print(struct bootp *bp, int length, u_short sport, u_short dport)
55 {
56 static char tstr[] = " [|bootp]";
57 static unsigned char vm_cmu[4] = VM_CMU;
58 static unsigned char vm_rfc1048[4] = VM_RFC1048;
59 u_char *ep;
60 int vdlen;
61
62 #define TCHECK(var, l) if ((u_char *)&(var) > ep - l) goto trunc
63
64 /* Note funny sized packets */
65 if (length != sizeof(struct bootp))
66 (void) printf(" [len=%d]", length);
67
68 /* 'ep' points to the end of available data. */
69 ep = (u_char *) snapend;
70
71 switch (bp->bp_op) {
72
73 case BOOTREQUEST:
74 /* Usually, a request goes from a client to a server */
75 if (sport != IPPORT_BOOTPC || dport != IPPORT_BOOTPS)
76 printf(" (request)");
77 break;
78
79 case BOOTREPLY:
80 /* Usually, a reply goes from a server to a client */
81 if (sport != IPPORT_BOOTPS || dport != IPPORT_BOOTPC)
82 printf(" (reply)");
83 break;
84
85 default:
86 printf(" bootp-#%d", bp->bp_op);
87 }
88
89 /* The usual hardware address type is 1 (10Mb Ethernet) */
90 if (bp->bp_htype != 1)
91 printf(" htype:%d", bp->bp_htype);
92
93 /* The usual length for 10Mb Ethernet address is 6 bytes */
94 if (bp->bp_hlen != 6)
95 printf(" hlen:%d", bp->bp_hlen);
96
97 /* Client's Hardware address */
98 if (bp->bp_hlen) {
99 struct ether_header *eh;
100 char *e;
101
102 TCHECK(bp->bp_chaddr[0], 6);
103 eh = (struct ether_header *) packetp;
104 if (bp->bp_op == BOOTREQUEST)
105 e = (char *) ESRC(eh);
106 else if (bp->bp_op == BOOTREPLY)
107 e = (char *) EDST(eh);
108 else
109 e = NULL;
110 if (e == NULL || bcmp((char *) bp->bp_chaddr, e, 6))
111 dump_hex(bp->bp_chaddr, bp->bp_hlen);
112 }
113 /* Only print interesting fields */
114 if (bp->bp_hops)
115 printf(" hops:%d", bp->bp_hops);
116
117 if (bp->bp_xid)
118 printf(" xid:%ld", (long)ntohl(bp->bp_xid));
119
120 if (bp->bp_secs)
121 printf(" secs:%d", ntohs(bp->bp_secs));
122
123 /* Client's ip address */
124 TCHECK(bp->bp_ciaddr, sizeof(bp->bp_ciaddr));
125 if (bp->bp_ciaddr.s_addr)
126 printf(" C:%s", ipaddr_string(&bp->bp_ciaddr));
127
128 /* 'your' ip address (bootp client) */
129 TCHECK(bp->bp_yiaddr, sizeof(bp->bp_yiaddr));
130 if (bp->bp_yiaddr.s_addr)
131 printf(" Y:%s", ipaddr_string(&bp->bp_yiaddr));
132
133 /* Server's ip address */
134 TCHECK(bp->bp_siaddr, sizeof(bp->bp_siaddr));
135 if (bp->bp_siaddr.s_addr)
136 printf(" S:%s", ipaddr_string(&bp->bp_siaddr));
137
138 /* Gateway's ip address */
139 TCHECK(bp->bp_giaddr, sizeof(bp->bp_giaddr));
140 if (bp->bp_giaddr.s_addr)
141 printf(" G:%s", ipaddr_string(&bp->bp_giaddr));
142
143 TCHECK(bp->bp_sname[0], sizeof(bp->bp_sname));
144 if (*bp->bp_sname) {
145 printf(" sname:");
146 if (printfn(bp->bp_sname, ep)) {
147 fputs(tstr + 1, stdout);
148 return;
149 }
150 }
151 TCHECK(bp->bp_file[0], sizeof(bp->bp_file));
152 if (*bp->bp_file) {
153 printf(" file:");
154 if (printfn(bp->bp_file, ep)) {
155 fputs(tstr + 1, stdout);
156 return;
157 }
158 }
159 /* Don't try to decode the vendor buffer unless we're verbose */
160 if (vflag <= 0)
161 return;
162
163 vdlen = sizeof(bp->bp_vend);
164 /* Vendor data can extend to the end of the packet. */
165 if (vdlen < (ep - bp->bp_vend))
166 vdlen = (ep - bp->bp_vend);
167
168 TCHECK(bp->bp_vend[0], vdlen);
169 printf(" vend");
170 if (!bcmp(bp->bp_vend, vm_rfc1048, sizeof(u_int32)))
171 rfc1048_print(bp->bp_vend, vdlen);
172 else if (!bcmp(bp->bp_vend, vm_cmu, sizeof(u_int32)))
173 cmu_print(bp->bp_vend, vdlen);
174 else
175 other_print(bp->bp_vend, vdlen);
176
177 return;
178 trunc:
179 fputs(tstr, stdout);
180 #undef TCHECK
181 }
182
183 /*
184 * Option description data follows.
185 * These are described in: RFC-1048, RFC-1395, RFC-1497, RFC-1533
186 *
187 * The first char of each option string encodes the data format:
188 * ?: unknown
189 * a: ASCII
190 * b: byte (8-bit)
191 * i: inet address
192 * l: int32
193 * s: short (16-bit)
194 */
195 char *
196 rfc1048_opts[] = {
197 /* Originally from RFC-1048: */
198 "?PAD", /* 0: Padding - special, no data. */
199 "iSM", /* 1: subnet mask (RFC950)*/
200 "lTZ", /* 2: time offset, seconds from UTC */
201 "iGW", /* 3: gateways (or routers) */
202 "iTS", /* 4: time servers (RFC868) */
203 "iINS", /* 5: IEN name servers (IEN116) */
204 "iDNS", /* 6: domain name servers (RFC1035)(1034?) */
205 "iLOG", /* 7: MIT log servers */
206 "iCS", /* 8: cookie servers (RFC865) */
207 "iLPR", /* 9: lpr server (RFC1179) */
208 "iIPS", /* 10: impress servers (Imagen) */
209 "iRLP", /* 11: resource location servers (RFC887) */
210 "aHN", /* 12: host name (ASCII) */
211 "sBFS", /* 13: boot file size (in 512 byte blocks) */
212
213 /* Added by RFC-1395: */
214 "aDUMP", /* 14: Merit Dump File */
215 "aDNAM", /* 15: Domain Name (for DNS) */
216 "iSWAP", /* 16: Swap Server */
217 "aROOT", /* 17: Root Path */
218
219 /* Added by RFC-1497: */
220 "aEXTF", /* 18: Extensions Path (more options) */
221
222 /* Added by RFC-1533: (many, many options...) */
223 #if 1 /* These might not be worth recognizing by name. */
224
225 /* IP Layer Parameters, per-host (RFC-1533, sect. 4) */
226 "bIP-forward", /* 19: IP Forwarding flag */
227 "bIP-srcroute", /* 20: IP Source Routing Enable flag */
228 "iIP-filters", /* 21: IP Policy Filter (addr pairs) */
229 "sIP-maxudp", /* 22: IP Max-UDP reassembly size */
230 "bIP-ttlive", /* 23: IP Time to Live */
231 "lIP-pmtuage", /* 24: IP Path MTU aging timeout */
232 "sIP-pmtutab", /* 25: IP Path MTU plateau table */
233
234 /* IP parameters, per-interface (RFC-1533, sect. 5) */
235 "sIP-mtu-sz", /* 26: IP MTU size */
236 "bIP-mtu-sl", /* 27: IP MTU all subnets local */
237 "bIP-bcast1", /* 28: IP Broadcast Addr ones flag */
238 "bIP-mask-d", /* 29: IP do mask discovery */
239 "bIP-mask-s", /* 30: IP do mask supplier */
240 "bIP-rt-dsc", /* 31: IP do router discovery */
241 "iIP-rt-sa", /* 32: IP router solicitation addr */
242 "iIP-routes", /* 33: IP static routes (dst,router) */
243
244 /* Link Layer parameters, per-interface (RFC-1533, sect. 6) */
245 "bLL-trailer", /* 34: do tralier encapsulation */
246 "lLL-arp-tmo", /* 35: ARP cache timeout */
247 "bLL-ether2", /* 36: Ethernet version 2 (IEEE 802.3) */
248
249 /* TCP parameters (RFC-1533, sect. 7) */
250 "bTCP-def-ttl", /* 37: default time to live */
251 "lTCP-KA-tmo", /* 38: keepalive time interval */
252 "bTCP-KA-junk", /* 39: keepalive sends extra junk */
253
254 /* Application and Service Parameters (RFC-1533, sect. 8) */
255 "aNISDOM", /* 40: NIS Domain (Sun YP) */
256 "iNISSRV", /* 41: NIS Servers */
257 "iNTPSRV", /* 42: NTP (time) Servers (RFC 1129) */
258 "?VSINFO", /* 43: Vendor Specific Info (encapsulated) */
259 "iNBiosNS", /* 44: NetBIOS Name Server (RFC-1001,1..2) */
260 "iNBiosDD", /* 45: NetBIOS Datagram Dist. Server. */
261 "bNBiosNT", /* 46: NetBIOS Note Type */
262 "?NBiosS", /* 47: NetBIOS Scope */
263 "iXW-FS", /* 48: X Window System Font Servers */
264 "iXW-DM", /* 49: X Window System Display Managers */
265
266 /* DHCP extensions (RFC-1533, sect. 9) */
267 #endif
268 };
269 #define KNOWN_OPTIONS (sizeof(rfc1048_opts) / sizeof(rfc1048_opts[0]))
270
271 static void
rfc1048_print(u_char * bp,int length)272 rfc1048_print(u_char *bp, int length)
273 {
274 u_char tag;
275 u_char *ep;
276 int len;
277 u_int32 ul;
278 u_short us;
279 struct in_addr ia;
280 char *optstr;
281
282 printf("-rfc1395");
283
284 /* Step over magic cookie */
285 bp += sizeof(int32);
286 /* Setup end pointer */
287 ep = bp + length;
288 while (bp < ep) {
289 tag = *bp++;
290 /* Check for tags with no data first. */
291 if (tag == TAG_PAD)
292 continue;
293 if (tag == TAG_END)
294 return;
295 if (tag < KNOWN_OPTIONS) {
296 optstr = rfc1048_opts[tag];
297 printf(" %s:", optstr + 1);
298 } else {
299 printf(" T%d:", tag);
300 optstr = "?";
301 }
302 /* Now scan the length byte. */
303 len = *bp++;
304 if (bp + len > ep) {
305 /* truncated option */
306 printf(" |(%d>%td)", len, ep - bp);
307 return;
308 }
309 /* Print the option value(s). */
310 switch (optstr[0]) {
311
312 case 'a': /* ASCII string */
313 printfn(bp, bp + len);
314 bp += len;
315 len = 0;
316 break;
317
318 case 's': /* Word formats */
319 while (len >= 2) {
320 bcopy((char *) bp, (char *) &us, 2);
321 printf("%d", ntohs(us));
322 bp += 2;
323 len -= 2;
324 if (len) printf(",");
325 }
326 if (len) printf("(junk=%d)", len);
327 break;
328
329 case 'l': /* Long words */
330 while (len >= 4) {
331 bcopy((char *) bp, (char *) &ul, 4);
332 printf("%ld", (long)ntohl(ul));
333 bp += 4;
334 len -= 4;
335 if (len) printf(",");
336 }
337 if (len) printf("(junk=%d)", len);
338 break;
339
340 case 'i': /* INET addresses */
341 while (len >= 4) {
342 bcopy((char *) bp, (char *) &ia, 4);
343 printf("%s", ipaddr_string(&ia));
344 bp += 4;
345 len -= 4;
346 if (len) printf(",");
347 }
348 if (len) printf("(junk=%d)", len);
349 break;
350
351 case 'b':
352 default:
353 break;
354
355 } /* switch */
356
357 /* Print as characters, if appropriate. */
358 if (len) {
359 dump_hex(bp, len);
360 if (isascii(*bp) && isprint(*bp)) {
361 printf("(");
362 printfn(bp, bp + len);
363 printf(")");
364 }
365 bp += len;
366 len = 0;
367 }
368 } /* while bp < ep */
369 }
370
371 static void
cmu_print(u_char * bp,int length)372 cmu_print(u_char *bp, int length)
373 {
374 struct cmu_vend *v;
375
376 printf("-cmu");
377
378 v = (struct cmu_vend *) bp;
379 if (length < sizeof(*v)) {
380 printf(" |L=%d", length);
381 return;
382 }
383
384 /* Subnet mask */
385 if (v->v_flags & VF_SMASK) {
386 printf(" SM:%s", ipaddr_string(&v->v_smask));
387 }
388 /* Default gateway */
389 if (v->v_dgate.s_addr)
390 printf(" GW:%s", ipaddr_string(&v->v_dgate));
391
392 /* Domain name servers */
393 if (v->v_dns1.s_addr)
394 printf(" DNS1:%s", ipaddr_string(&v->v_dns1));
395 if (v->v_dns2.s_addr)
396 printf(" DNS2:%s", ipaddr_string(&v->v_dns2));
397
398 /* IEN-116 name servers */
399 if (v->v_ins1.s_addr)
400 printf(" INS1:%s", ipaddr_string(&v->v_ins1));
401 if (v->v_ins2.s_addr)
402 printf(" INS2:%s", ipaddr_string(&v->v_ins2));
403
404 /* Time servers */
405 if (v->v_ts1.s_addr)
406 printf(" TS1:%s", ipaddr_string(&v->v_ts1));
407 if (v->v_ts2.s_addr)
408 printf(" TS2:%s", ipaddr_string(&v->v_ts2));
409
410 }
411
412
413 /*
414 * Print out arbitrary, unknown vendor data.
415 */
416
417 static void
other_print(u_char * bp,int length)418 other_print(u_char *bp, int length)
419 {
420 u_char *ep; /* end pointer */
421 u_char *zp; /* points one past last non-zero byte */
422
423 /* Setup end pointer */
424 ep = bp + length;
425
426 /* Find the last non-zero byte. */
427 for (zp = ep; zp > bp; zp--) {
428 if (zp[-1] != 0)
429 break;
430 }
431
432 /* Print the all-zero case in a compact representation. */
433 if (zp == bp) {
434 printf("-all-zero");
435 return;
436 }
437 printf("-unknown");
438
439 /* Are there enough trailing zeros to make "00..." worthwhile? */
440 if (zp + 2 > ep)
441 zp = ep; /* print them all normally */
442
443 /* Now just print all the non-zero data. */
444 while (bp < zp) {
445 printf(".%02X", *bp);
446 bp++;
447 }
448
449 if (zp < ep)
450 printf(".00...");
451
452 return;
453 }
454
455 static void
dump_hex(u_char * bp,int len)456 dump_hex(u_char *bp, int len)
457 {
458 while (len > 0) {
459 printf("%02X", *bp);
460 bp++;
461 len--;
462 if (len) printf(".");
463 }
464 }
465
466 /*
467 * Local Variables:
468 * tab-width: 4
469 * c-indent-level: 4
470 * c-argdecl-indent: 4
471 * c-continued-statement-offset: 4
472 * c-continued-brace-offset: -4
473 * c-label-offset: -4
474 * c-brace-offset: 0
475 * End:
476 */
477