1 /* 2 * Copyright (c) 1998-2004 Hannes Gredler <hannes@tcpdump.org> 3 * The TCPDUMP project 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code 7 * distributions retain the above copyright notice and this paragraph 8 * in its entirety, and (2) distributions including binary code include 9 * the above copyright notice and this paragraph in its entirety in 10 * the documentation or other materials provided with the distribution. 11 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 12 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 13 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 14 * FOR A PARTICULAR PURPOSE. 15 */ 16 17 /* \summary: Enhanced Interior Gateway Routing Protocol (EIGRP) printer */ 18 19 #ifdef HAVE_CONFIG_H 20 #include "config.h" 21 #endif 22 23 #include <netdissect-stdinc.h> 24 25 #include <string.h> 26 27 #include "netdissect.h" 28 #include "extract.h" 29 #include "addrtoname.h" 30 31 /* 32 * packet format documented at 33 * http://www.rhyshaden.com/eigrp.htm 34 */ 35 36 struct eigrp_common_header { 37 uint8_t version; 38 uint8_t opcode; 39 uint8_t checksum[2]; 40 uint8_t flags[4]; 41 uint8_t seq[4]; 42 uint8_t ack[4]; 43 uint8_t asn[4]; 44 }; 45 46 #define EIGRP_VERSION 2 47 48 #define EIGRP_OPCODE_UPDATE 1 49 #define EIGRP_OPCODE_QUERY 3 50 #define EIGRP_OPCODE_REPLY 4 51 #define EIGRP_OPCODE_HELLO 5 52 #define EIGRP_OPCODE_IPXSAP 6 53 #define EIGRP_OPCODE_PROBE 7 54 55 static const struct tok eigrp_opcode_values[] = { 56 { EIGRP_OPCODE_UPDATE, "Update" }, 57 { EIGRP_OPCODE_QUERY, "Query" }, 58 { EIGRP_OPCODE_REPLY, "Reply" }, 59 { EIGRP_OPCODE_HELLO, "Hello" }, 60 { EIGRP_OPCODE_IPXSAP, "IPX SAP" }, 61 { EIGRP_OPCODE_PROBE, "Probe" }, 62 { 0, NULL} 63 }; 64 65 static const struct tok eigrp_common_header_flag_values[] = { 66 { 0x01, "Init" }, 67 { 0x02, "Conditionally Received" }, 68 { 0, NULL} 69 }; 70 71 struct eigrp_tlv_header { 72 uint8_t type[2]; 73 uint8_t length[2]; 74 }; 75 76 #define EIGRP_TLV_GENERAL_PARM 0x0001 77 #define EIGRP_TLV_AUTH 0x0002 78 #define EIGRP_TLV_SEQ 0x0003 79 #define EIGRP_TLV_SW_VERSION 0x0004 80 #define EIGRP_TLV_MCAST_SEQ 0x0005 81 #define EIGRP_TLV_IP_INT 0x0102 82 #define EIGRP_TLV_IP_EXT 0x0103 83 #define EIGRP_TLV_AT_INT 0x0202 84 #define EIGRP_TLV_AT_EXT 0x0203 85 #define EIGRP_TLV_AT_CABLE_SETUP 0x0204 86 #define EIGRP_TLV_IPX_INT 0x0302 87 #define EIGRP_TLV_IPX_EXT 0x0303 88 89 static const struct tok eigrp_tlv_values[] = { 90 { EIGRP_TLV_GENERAL_PARM, "General Parameters"}, 91 { EIGRP_TLV_AUTH, "Authentication"}, 92 { EIGRP_TLV_SEQ, "Sequence"}, 93 { EIGRP_TLV_SW_VERSION, "Software Version"}, 94 { EIGRP_TLV_MCAST_SEQ, "Next Multicast Sequence"}, 95 { EIGRP_TLV_IP_INT, "IP Internal routes"}, 96 { EIGRP_TLV_IP_EXT, "IP External routes"}, 97 { EIGRP_TLV_AT_INT, "AppleTalk Internal routes"}, 98 { EIGRP_TLV_AT_EXT, "AppleTalk External routes"}, 99 { EIGRP_TLV_AT_CABLE_SETUP, "AppleTalk Cable setup"}, 100 { EIGRP_TLV_IPX_INT, "IPX Internal routes"}, 101 { EIGRP_TLV_IPX_EXT, "IPX External routes"}, 102 { 0, NULL} 103 }; 104 105 struct eigrp_tlv_general_parm_t { 106 uint8_t k1; 107 uint8_t k2; 108 uint8_t k3; 109 uint8_t k4; 110 uint8_t k5; 111 uint8_t res; 112 uint8_t holdtime[2]; 113 }; 114 115 struct eigrp_tlv_sw_version_t { 116 uint8_t ios_major; 117 uint8_t ios_minor; 118 uint8_t eigrp_major; 119 uint8_t eigrp_minor; 120 }; 121 122 struct eigrp_tlv_ip_int_t { 123 uint8_t nexthop[4]; 124 uint8_t delay[4]; 125 uint8_t bandwidth[4]; 126 uint8_t mtu[3]; 127 uint8_t hopcount; 128 uint8_t reliability; 129 uint8_t load; 130 uint8_t reserved[2]; 131 uint8_t plen; 132 uint8_t destination; /* variable length [1-4] bytes encoding */ 133 }; 134 135 struct eigrp_tlv_ip_ext_t { 136 uint8_t nexthop[4]; 137 uint8_t origin_router[4]; 138 uint8_t origin_as[4]; 139 uint8_t tag[4]; 140 uint8_t metric[4]; 141 uint8_t reserved[2]; 142 uint8_t proto_id; 143 uint8_t flags; 144 uint8_t delay[4]; 145 uint8_t bandwidth[4]; 146 uint8_t mtu[3]; 147 uint8_t hopcount; 148 uint8_t reliability; 149 uint8_t load; 150 uint8_t reserved2[2]; 151 uint8_t plen; 152 uint8_t destination; /* variable length [1-4] bytes encoding */ 153 }; 154 155 struct eigrp_tlv_at_cable_setup_t { 156 uint8_t cable_start[2]; 157 uint8_t cable_end[2]; 158 uint8_t router_id[4]; 159 }; 160 161 struct eigrp_tlv_at_int_t { 162 uint8_t nexthop[4]; 163 uint8_t delay[4]; 164 uint8_t bandwidth[4]; 165 uint8_t mtu[3]; 166 uint8_t hopcount; 167 uint8_t reliability; 168 uint8_t load; 169 uint8_t reserved[2]; 170 uint8_t cable_start[2]; 171 uint8_t cable_end[2]; 172 }; 173 174 struct eigrp_tlv_at_ext_t { 175 uint8_t nexthop[4]; 176 uint8_t origin_router[4]; 177 uint8_t origin_as[4]; 178 uint8_t tag[4]; 179 uint8_t proto_id; 180 uint8_t flags; 181 uint8_t metric[2]; 182 uint8_t delay[4]; 183 uint8_t bandwidth[4]; 184 uint8_t mtu[3]; 185 uint8_t hopcount; 186 uint8_t reliability; 187 uint8_t load; 188 uint8_t reserved2[2]; 189 uint8_t cable_start[2]; 190 uint8_t cable_end[2]; 191 }; 192 193 static const struct tok eigrp_ext_proto_id_values[] = { 194 { 0x01, "IGRP" }, 195 { 0x02, "EIGRP" }, 196 { 0x03, "Static" }, 197 { 0x04, "RIP" }, 198 { 0x05, "Hello" }, 199 { 0x06, "OSPF" }, 200 { 0x07, "IS-IS" }, 201 { 0x08, "EGP" }, 202 { 0x09, "BGP" }, 203 { 0x0a, "IDRP" }, 204 { 0x0b, "Connected" }, 205 { 0, NULL} 206 }; 207 208 void 209 eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) 210 { 211 const struct eigrp_common_header *eigrp_com_header; 212 const struct eigrp_tlv_header *eigrp_tlv_header; 213 const u_char *tptr,*tlv_tptr; 214 u_int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen, byte_length, bit_length; 215 uint8_t prefix[4]; 216 217 union { 218 const struct eigrp_tlv_general_parm_t *eigrp_tlv_general_parm; 219 const struct eigrp_tlv_sw_version_t *eigrp_tlv_sw_version; 220 const struct eigrp_tlv_ip_int_t *eigrp_tlv_ip_int; 221 const struct eigrp_tlv_ip_ext_t *eigrp_tlv_ip_ext; 222 const struct eigrp_tlv_at_cable_setup_t *eigrp_tlv_at_cable_setup; 223 const struct eigrp_tlv_at_int_t *eigrp_tlv_at_int; 224 const struct eigrp_tlv_at_ext_t *eigrp_tlv_at_ext; 225 } tlv_ptr; 226 227 tptr=pptr; 228 eigrp_com_header = (const struct eigrp_common_header *)pptr; 229 ND_TCHECK(*eigrp_com_header); 230 231 /* 232 * Sanity checking of the header. 233 */ 234 if (eigrp_com_header->version != EIGRP_VERSION) { 235 ND_PRINT((ndo, "EIGRP version %u packet not supported",eigrp_com_header->version)); 236 return; 237 } 238 239 /* in non-verbose mode just lets print the basic Message Type*/ 240 if (ndo->ndo_vflag < 1) { 241 ND_PRINT((ndo, "EIGRP %s, length: %u", 242 tok2str(eigrp_opcode_values, "unknown (%u)",eigrp_com_header->opcode), 243 len)); 244 return; 245 } 246 247 /* ok they seem to want to know everything - lets fully decode it */ 248 249 tlen=len-sizeof(struct eigrp_common_header); 250 251 /* FIXME print other header info */ 252 ND_PRINT((ndo, "\n\tEIGRP v%u, opcode: %s (%u), chksum: 0x%04x, Flags: [%s]\n\tseq: 0x%08x, ack: 0x%08x, AS: %u, length: %u", 253 eigrp_com_header->version, 254 tok2str(eigrp_opcode_values, "unknown, type: %u",eigrp_com_header->opcode), 255 eigrp_com_header->opcode, 256 EXTRACT_16BITS(&eigrp_com_header->checksum), 257 tok2str(eigrp_common_header_flag_values, 258 "none", 259 EXTRACT_32BITS(&eigrp_com_header->flags)), 260 EXTRACT_32BITS(&eigrp_com_header->seq), 261 EXTRACT_32BITS(&eigrp_com_header->ack), 262 EXTRACT_32BITS(&eigrp_com_header->asn), 263 tlen)); 264 265 tptr+=sizeof(const struct eigrp_common_header); 266 267 while(tlen>0) { 268 /* did we capture enough for fully decoding the object header ? */ 269 ND_TCHECK2(*tptr, sizeof(struct eigrp_tlv_header)); 270 271 eigrp_tlv_header = (const struct eigrp_tlv_header *)tptr; 272 eigrp_tlv_len=EXTRACT_16BITS(&eigrp_tlv_header->length); 273 eigrp_tlv_type=EXTRACT_16BITS(&eigrp_tlv_header->type); 274 275 276 if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header) || 277 eigrp_tlv_len > tlen) { 278 print_unknown_data(ndo,tptr+sizeof(struct eigrp_tlv_header),"\n\t ",tlen); 279 return; 280 } 281 282 ND_PRINT((ndo, "\n\t %s TLV (0x%04x), length: %u", 283 tok2str(eigrp_tlv_values, 284 "Unknown", 285 eigrp_tlv_type), 286 eigrp_tlv_type, 287 eigrp_tlv_len)); 288 289 tlv_tptr=tptr+sizeof(struct eigrp_tlv_header); 290 tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header); 291 292 /* did we capture enough for fully decoding the object ? */ 293 ND_TCHECK2(*tptr, eigrp_tlv_len); 294 295 switch(eigrp_tlv_type) { 296 297 case EIGRP_TLV_GENERAL_PARM: 298 tlv_ptr.eigrp_tlv_general_parm = (const struct eigrp_tlv_general_parm_t *)tlv_tptr; 299 300 ND_PRINT((ndo, "\n\t holdtime: %us, k1 %u, k2 %u, k3 %u, k4 %u, k5 %u", 301 EXTRACT_16BITS(tlv_ptr.eigrp_tlv_general_parm->holdtime), 302 tlv_ptr.eigrp_tlv_general_parm->k1, 303 tlv_ptr.eigrp_tlv_general_parm->k2, 304 tlv_ptr.eigrp_tlv_general_parm->k3, 305 tlv_ptr.eigrp_tlv_general_parm->k4, 306 tlv_ptr.eigrp_tlv_general_parm->k5)); 307 break; 308 309 case EIGRP_TLV_SW_VERSION: 310 tlv_ptr.eigrp_tlv_sw_version = (const struct eigrp_tlv_sw_version_t *)tlv_tptr; 311 312 ND_PRINT((ndo, "\n\t IOS version: %u.%u, EIGRP version %u.%u", 313 tlv_ptr.eigrp_tlv_sw_version->ios_major, 314 tlv_ptr.eigrp_tlv_sw_version->ios_minor, 315 tlv_ptr.eigrp_tlv_sw_version->eigrp_major, 316 tlv_ptr.eigrp_tlv_sw_version->eigrp_minor)); 317 break; 318 319 case EIGRP_TLV_IP_INT: 320 tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr; 321 322 bit_length = tlv_ptr.eigrp_tlv_ip_int->plen; 323 if (bit_length > 32) { 324 ND_PRINT((ndo, "\n\t illegal prefix length %u",bit_length)); 325 break; 326 } 327 byte_length = (bit_length + 7) / 8; /* variable length encoding */ 328 memset(prefix, 0, 4); 329 memcpy(prefix,&tlv_ptr.eigrp_tlv_ip_int->destination,byte_length); 330 331 ND_PRINT((ndo, "\n\t IPv4 prefix: %15s/%u, nexthop: ", 332 ipaddr_string(ndo, prefix), 333 bit_length)); 334 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop) == 0) 335 ND_PRINT((ndo, "self")); 336 else 337 ND_PRINT((ndo, "%s",ipaddr_string(ndo, &tlv_ptr.eigrp_tlv_ip_int->nexthop))); 338 339 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 340 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->delay)/100), 341 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->bandwidth), 342 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_ip_int->mtu), 343 tlv_ptr.eigrp_tlv_ip_int->hopcount, 344 tlv_ptr.eigrp_tlv_ip_int->reliability, 345 tlv_ptr.eigrp_tlv_ip_int->load)); 346 break; 347 348 case EIGRP_TLV_IP_EXT: 349 tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr; 350 351 bit_length = tlv_ptr.eigrp_tlv_ip_ext->plen; 352 if (bit_length > 32) { 353 ND_PRINT((ndo, "\n\t illegal prefix length %u",bit_length)); 354 break; 355 } 356 byte_length = (bit_length + 7) / 8; /* variable length encoding */ 357 memset(prefix, 0, 4); 358 memcpy(prefix,&tlv_ptr.eigrp_tlv_ip_ext->destination,byte_length); 359 360 ND_PRINT((ndo, "\n\t IPv4 prefix: %15s/%u, nexthop: ", 361 ipaddr_string(ndo, prefix), 362 bit_length)); 363 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop) == 0) 364 ND_PRINT((ndo, "self")); 365 else 366 ND_PRINT((ndo, "%s",ipaddr_string(ndo, &tlv_ptr.eigrp_tlv_ip_ext->nexthop))); 367 368 ND_PRINT((ndo, "\n\t origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u", 369 ipaddr_string(ndo, tlv_ptr.eigrp_tlv_ip_ext->origin_router), 370 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_ip_ext->origin_as), 371 tok2str(eigrp_ext_proto_id_values,"unknown",tlv_ptr.eigrp_tlv_ip_ext->proto_id), 372 tlv_ptr.eigrp_tlv_ip_ext->flags, 373 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_ip_ext->tag), 374 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_ip_ext->metric))); 375 376 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 377 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->delay)/100), 378 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->bandwidth), 379 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_ip_ext->mtu), 380 tlv_ptr.eigrp_tlv_ip_ext->hopcount, 381 tlv_ptr.eigrp_tlv_ip_ext->reliability, 382 tlv_ptr.eigrp_tlv_ip_ext->load)); 383 break; 384 385 case EIGRP_TLV_AT_CABLE_SETUP: 386 tlv_ptr.eigrp_tlv_at_cable_setup = (const struct eigrp_tlv_at_cable_setup_t *)tlv_tptr; 387 388 ND_PRINT((ndo, "\n\t Cable-range: %u-%u, Router-ID %u", 389 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->cable_start), 390 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->cable_end), 391 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->router_id))); 392 break; 393 394 case EIGRP_TLV_AT_INT: 395 tlv_ptr.eigrp_tlv_at_int = (const struct eigrp_tlv_at_int_t *)tlv_tptr; 396 397 ND_PRINT((ndo, "\n\t Cable-Range: %u-%u, nexthop: ", 398 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->cable_start), 399 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->cable_end))); 400 401 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_int->nexthop) == 0) 402 ND_PRINT((ndo, "self")); 403 else 404 ND_PRINT((ndo, "%u.%u", 405 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->nexthop), 406 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->nexthop[2]))); 407 408 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 409 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_int->delay)/100), 410 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_int->bandwidth), 411 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_at_int->mtu), 412 tlv_ptr.eigrp_tlv_at_int->hopcount, 413 tlv_ptr.eigrp_tlv_at_int->reliability, 414 tlv_ptr.eigrp_tlv_at_int->load)); 415 break; 416 417 case EIGRP_TLV_AT_EXT: 418 tlv_ptr.eigrp_tlv_at_ext = (const struct eigrp_tlv_at_ext_t *)tlv_tptr; 419 420 ND_PRINT((ndo, "\n\t Cable-Range: %u-%u, nexthop: ", 421 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->cable_start), 422 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->cable_end))); 423 424 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_ext->nexthop) == 0) 425 ND_PRINT((ndo, "self")); 426 else 427 ND_PRINT((ndo, "%u.%u", 428 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->nexthop), 429 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->nexthop[2]))); 430 431 ND_PRINT((ndo, "\n\t origin-router %u, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u", 432 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_at_ext->origin_router), 433 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_at_ext->origin_as), 434 tok2str(eigrp_ext_proto_id_values,"unknown",tlv_ptr.eigrp_tlv_at_ext->proto_id), 435 tlv_ptr.eigrp_tlv_at_ext->flags, 436 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_at_ext->tag), 437 EXTRACT_16BITS(tlv_ptr.eigrp_tlv_at_ext->metric))); 438 439 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 440 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_ext->delay)/100), 441 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_ext->bandwidth), 442 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_at_ext->mtu), 443 tlv_ptr.eigrp_tlv_at_ext->hopcount, 444 tlv_ptr.eigrp_tlv_at_ext->reliability, 445 tlv_ptr.eigrp_tlv_at_ext->load)); 446 break; 447 448 /* 449 * FIXME those are the defined TLVs that lack a decoder 450 * you are welcome to contribute code ;-) 451 */ 452 453 case EIGRP_TLV_AUTH: 454 case EIGRP_TLV_SEQ: 455 case EIGRP_TLV_MCAST_SEQ: 456 case EIGRP_TLV_IPX_INT: 457 case EIGRP_TLV_IPX_EXT: 458 459 default: 460 if (ndo->ndo_vflag <= 1) 461 print_unknown_data(ndo,tlv_tptr,"\n\t ",tlv_tlen); 462 break; 463 } 464 /* do we want to see an additionally hexdump ? */ 465 if (ndo->ndo_vflag > 1) 466 print_unknown_data(ndo,tptr+sizeof(struct eigrp_tlv_header),"\n\t ", 467 eigrp_tlv_len-sizeof(struct eigrp_tlv_header)); 468 469 tptr+=eigrp_tlv_len; 470 tlen-=eigrp_tlv_len; 471 } 472 return; 473 trunc: 474 ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); 475 } 476