1 /* 2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Extensively modified by Motonori Shindo (mshindo@mshindo.net) for more 22 * complete PPP support. 23 */ 24 25 /* \summary: Point to Point Protocol (PPP) printer */ 26 27 /* 28 * TODO: 29 * o resolve XXX as much as possible 30 * o MP support 31 * o BAP support 32 */ 33 34 #include <config.h> 35 36 #include "netdissect-stdinc.h" 37 38 #include <stdlib.h> 39 40 #ifdef __bsdi__ 41 #include <net/slcompress.h> 42 #include <net/if_ppp.h> 43 #endif 44 45 #include <stdlib.h> 46 47 #include "netdissect.h" 48 #include "extract.h" 49 #include "addrtoname.h" 50 #include "ppp.h" 51 #include "chdlc.h" 52 #include "ethertype.h" 53 #include "oui.h" 54 #include "netdissect-alloc.h" 55 56 /* 57 * The following constants are defined by IANA. Please refer to 58 * https://www.isi.edu/in-notes/iana/assignments/ppp-numbers 59 * for the up-to-date information. 60 */ 61 62 /* Protocol Codes defined in ppp.h */ 63 64 static const struct tok ppptype2str[] = { 65 { PPP_IP, "IP" }, 66 { PPP_OSI, "OSI" }, 67 { PPP_NS, "NS" }, 68 { PPP_DECNET, "DECNET" }, 69 { PPP_APPLE, "APPLE" }, 70 { PPP_IPX, "IPX" }, 71 { PPP_VJC, "VJC IP" }, 72 { PPP_VJNC, "VJNC IP" }, 73 { PPP_BRPDU, "BRPDU" }, 74 { PPP_STII, "STII" }, 75 { PPP_VINES, "VINES" }, 76 { PPP_MPLS_UCAST, "MPLS" }, 77 { PPP_MPLS_MCAST, "MPLS" }, 78 { PPP_COMP, "Compressed"}, 79 { PPP_ML, "MLPPP"}, 80 { PPP_IPV6, "IP6"}, 81 82 { PPP_HELLO, "HELLO" }, 83 { PPP_LUXCOM, "LUXCOM" }, 84 { PPP_SNS, "SNS" }, 85 { PPP_IPCP, "IPCP" }, 86 { PPP_OSICP, "OSICP" }, 87 { PPP_NSCP, "NSCP" }, 88 { PPP_DECNETCP, "DECNETCP" }, 89 { PPP_APPLECP, "APPLECP" }, 90 { PPP_IPXCP, "IPXCP" }, 91 { PPP_STIICP, "STIICP" }, 92 { PPP_VINESCP, "VINESCP" }, 93 { PPP_IPV6CP, "IP6CP" }, 94 { PPP_MPLSCP, "MPLSCP" }, 95 96 { PPP_LCP, "LCP" }, 97 { PPP_PAP, "PAP" }, 98 { PPP_LQM, "LQM" }, 99 { PPP_CHAP, "CHAP" }, 100 { PPP_EAP, "EAP" }, 101 { PPP_SPAP, "SPAP" }, 102 { PPP_SPAP_OLD, "Old-SPAP" }, 103 { PPP_BACP, "BACP" }, 104 { PPP_BAP, "BAP" }, 105 { PPP_MPCP, "MLPPP-CP" }, 106 { PPP_CCP, "CCP" }, 107 { 0, NULL } 108 }; 109 110 /* Control Protocols (LCP/IPCP/CCP etc.) Codes defined in RFC 1661 */ 111 112 #define CPCODES_VEXT 0 /* Vendor-Specific (RFC2153) */ 113 #define CPCODES_CONF_REQ 1 /* Configure-Request */ 114 #define CPCODES_CONF_ACK 2 /* Configure-Ack */ 115 #define CPCODES_CONF_NAK 3 /* Configure-Nak */ 116 #define CPCODES_CONF_REJ 4 /* Configure-Reject */ 117 #define CPCODES_TERM_REQ 5 /* Terminate-Request */ 118 #define CPCODES_TERM_ACK 6 /* Terminate-Ack */ 119 #define CPCODES_CODE_REJ 7 /* Code-Reject */ 120 #define CPCODES_PROT_REJ 8 /* Protocol-Reject (LCP only) */ 121 #define CPCODES_ECHO_REQ 9 /* Echo-Request (LCP only) */ 122 #define CPCODES_ECHO_RPL 10 /* Echo-Reply (LCP only) */ 123 #define CPCODES_DISC_REQ 11 /* Discard-Request (LCP only) */ 124 #define CPCODES_ID 12 /* Identification (LCP only) RFC1570 */ 125 #define CPCODES_TIME_REM 13 /* Time-Remaining (LCP only) RFC1570 */ 126 #define CPCODES_RESET_REQ 14 /* Reset-Request (CCP only) RFC1962 */ 127 #define CPCODES_RESET_REP 15 /* Reset-Reply (CCP only) */ 128 129 static const struct tok cpcodes[] = { 130 {CPCODES_VEXT, "Vendor-Extension"}, /* RFC2153 */ 131 {CPCODES_CONF_REQ, "Conf-Request"}, 132 {CPCODES_CONF_ACK, "Conf-Ack"}, 133 {CPCODES_CONF_NAK, "Conf-Nack"}, 134 {CPCODES_CONF_REJ, "Conf-Reject"}, 135 {CPCODES_TERM_REQ, "Term-Request"}, 136 {CPCODES_TERM_ACK, "Term-Ack"}, 137 {CPCODES_CODE_REJ, "Code-Reject"}, 138 {CPCODES_PROT_REJ, "Prot-Reject"}, 139 {CPCODES_ECHO_REQ, "Echo-Request"}, 140 {CPCODES_ECHO_RPL, "Echo-Reply"}, 141 {CPCODES_DISC_REQ, "Disc-Req"}, 142 {CPCODES_ID, "Ident"}, /* RFC1570 */ 143 {CPCODES_TIME_REM, "Time-Rem"}, /* RFC1570 */ 144 {CPCODES_RESET_REQ, "Reset-Req"}, /* RFC1962 */ 145 {CPCODES_RESET_REP, "Reset-Ack"}, /* RFC1962 */ 146 {0, NULL} 147 }; 148 149 /* LCP Config Options */ 150 151 #define LCPOPT_VEXT 0 152 #define LCPOPT_MRU 1 153 #define LCPOPT_ACCM 2 154 #define LCPOPT_AP 3 155 #define LCPOPT_QP 4 156 #define LCPOPT_MN 5 157 #define LCPOPT_DEP6 6 158 #define LCPOPT_PFC 7 159 #define LCPOPT_ACFC 8 160 #define LCPOPT_FCSALT 9 161 #define LCPOPT_SDP 10 162 #define LCPOPT_NUMMODE 11 163 #define LCPOPT_DEP12 12 164 #define LCPOPT_CBACK 13 165 #define LCPOPT_DEP14 14 166 #define LCPOPT_DEP15 15 167 #define LCPOPT_DEP16 16 168 #define LCPOPT_MLMRRU 17 169 #define LCPOPT_MLSSNHF 18 170 #define LCPOPT_MLED 19 171 #define LCPOPT_PROP 20 172 #define LCPOPT_DCEID 21 173 #define LCPOPT_MPP 22 174 #define LCPOPT_LD 23 175 #define LCPOPT_LCPAOPT 24 176 #define LCPOPT_COBS 25 177 #define LCPOPT_PE 26 178 #define LCPOPT_MLHF 27 179 #define LCPOPT_I18N 28 180 #define LCPOPT_SDLOS 29 181 #define LCPOPT_PPPMUX 30 182 183 static const char *lcpconfopts[] = { 184 "Vend-Ext", /* (0) */ 185 "MRU", /* (1) */ 186 "ACCM", /* (2) */ 187 "Auth-Prot", /* (3) */ 188 "Qual-Prot", /* (4) */ 189 "Magic-Num", /* (5) */ 190 "deprecated(6)", /* used to be a Quality Protocol */ 191 "PFC", /* (7) */ 192 "ACFC", /* (8) */ 193 "FCS-Alt", /* (9) */ 194 "SDP", /* (10) */ 195 "Num-Mode", /* (11) */ 196 "deprecated(12)", /* used to be a Multi-Link-Procedure*/ 197 "Call-Back", /* (13) */ 198 "deprecated(14)", /* used to be a Connect-Time */ 199 "deprecated(15)", /* used to be a Compound-Frames */ 200 "deprecated(16)", /* used to be a Nominal-Data-Encap */ 201 "MRRU", /* (17) */ 202 "12-Bit seq #", /* (18) */ 203 "End-Disc", /* (19) */ 204 "Proprietary", /* (20) */ 205 "DCE-Id", /* (21) */ 206 "MP+", /* (22) */ 207 "Link-Disc", /* (23) */ 208 "LCP-Auth-Opt", /* (24) */ 209 "COBS", /* (25) */ 210 "Prefix-elision", /* (26) */ 211 "Multilink-header-Form",/* (27) */ 212 "I18N", /* (28) */ 213 "SDL-over-SONET/SDH", /* (29) */ 214 "PPP-Muxing", /* (30) */ 215 }; 216 217 #define NUM_LCPOPTS (sizeof(lcpconfopts) / sizeof(lcpconfopts[0])) 218 219 /* ECP - to be supported */ 220 221 /* CCP Config Options */ 222 223 #define CCPOPT_OUI 0 /* RFC1962 */ 224 #define CCPOPT_PRED1 1 /* RFC1962 */ 225 #define CCPOPT_PRED2 2 /* RFC1962 */ 226 #define CCPOPT_PJUMP 3 /* RFC1962 */ 227 /* 4-15 unassigned */ 228 #define CCPOPT_HPPPC 16 /* RFC1962 */ 229 #define CCPOPT_STACLZS 17 /* RFC1974 */ 230 #define CCPOPT_MPPC 18 /* RFC2118 */ 231 #define CCPOPT_GFZA 19 /* RFC1962 */ 232 #define CCPOPT_V42BIS 20 /* RFC1962 */ 233 #define CCPOPT_BSDCOMP 21 /* RFC1977 */ 234 /* 22 unassigned */ 235 #define CCPOPT_LZSDCP 23 /* RFC1967 */ 236 #define CCPOPT_MVRCA 24 /* RFC1975 */ 237 #define CCPOPT_DEC 25 /* RFC1976 */ 238 #define CCPOPT_DEFLATE 26 /* RFC1979 */ 239 /* 27-254 unassigned */ 240 #define CCPOPT_RESV 255 /* RFC1962 */ 241 242 static const struct tok ccpconfopts_values[] = { 243 { CCPOPT_OUI, "OUI" }, 244 { CCPOPT_PRED1, "Pred-1" }, 245 { CCPOPT_PRED2, "Pred-2" }, 246 { CCPOPT_PJUMP, "Puddle" }, 247 { CCPOPT_HPPPC, "HP-PPC" }, 248 { CCPOPT_STACLZS, "Stac-LZS" }, 249 { CCPOPT_MPPC, "MPPC" }, 250 { CCPOPT_GFZA, "Gand-FZA" }, 251 { CCPOPT_V42BIS, "V.42bis" }, 252 { CCPOPT_BSDCOMP, "BSD-Comp" }, 253 { CCPOPT_LZSDCP, "LZS-DCP" }, 254 { CCPOPT_MVRCA, "MVRCA" }, 255 { CCPOPT_DEC, "DEC" }, 256 { CCPOPT_DEFLATE, "Deflate" }, 257 { CCPOPT_RESV, "Reserved"}, 258 {0, NULL} 259 }; 260 261 /* BACP Config Options */ 262 263 #define BACPOPT_FPEER 1 /* RFC2125 */ 264 265 static const struct tok bacconfopts_values[] = { 266 { BACPOPT_FPEER, "Favored-Peer" }, 267 {0, NULL} 268 }; 269 270 271 /* SDCP - to be supported */ 272 273 /* IPCP Config Options */ 274 #define IPCPOPT_2ADDR 1 /* RFC1172, RFC1332 (deprecated) */ 275 #define IPCPOPT_IPCOMP 2 /* RFC1332 */ 276 #define IPCPOPT_ADDR 3 /* RFC1332 */ 277 #define IPCPOPT_MOBILE4 4 /* RFC2290 */ 278 #define IPCPOPT_PRIDNS 129 /* RFC1877 */ 279 #define IPCPOPT_PRINBNS 130 /* RFC1877 */ 280 #define IPCPOPT_SECDNS 131 /* RFC1877 */ 281 #define IPCPOPT_SECNBNS 132 /* RFC1877 */ 282 283 static const struct tok ipcpopt_values[] = { 284 { IPCPOPT_2ADDR, "IP-Addrs" }, 285 { IPCPOPT_IPCOMP, "IP-Comp" }, 286 { IPCPOPT_ADDR, "IP-Addr" }, 287 { IPCPOPT_MOBILE4, "Home-Addr" }, 288 { IPCPOPT_PRIDNS, "Pri-DNS" }, 289 { IPCPOPT_PRINBNS, "Pri-NBNS" }, 290 { IPCPOPT_SECDNS, "Sec-DNS" }, 291 { IPCPOPT_SECNBNS, "Sec-NBNS" }, 292 { 0, NULL } 293 }; 294 295 #define IPCPOPT_IPCOMP_HDRCOMP 0x61 /* rfc3544 */ 296 #define IPCPOPT_IPCOMP_MINLEN 14 297 298 static const struct tok ipcpopt_compproto_values[] = { 299 { PPP_VJC, "VJ-Comp" }, 300 { IPCPOPT_IPCOMP_HDRCOMP, "IP Header Compression" }, 301 { 0, NULL } 302 }; 303 304 static const struct tok ipcpopt_compproto_subopt_values[] = { 305 { 1, "RTP-Compression" }, 306 { 2, "Enhanced RTP-Compression" }, 307 { 0, NULL } 308 }; 309 310 /* IP6CP Config Options */ 311 #define IP6CP_IFID 1 312 313 static const struct tok ip6cpopt_values[] = { 314 { IP6CP_IFID, "Interface-ID" }, 315 { 0, NULL } 316 }; 317 318 /* ATCP - to be supported */ 319 /* OSINLCP - to be supported */ 320 /* BVCP - to be supported */ 321 /* BCP - to be supported */ 322 /* IPXCP - to be supported */ 323 /* MPLSCP - to be supported */ 324 325 /* Auth Algorithms */ 326 327 /* 0-4 Reserved (RFC1994) */ 328 #define AUTHALG_CHAPMD5 5 /* RFC1994 */ 329 #define AUTHALG_MSCHAP1 128 /* RFC2433 */ 330 #define AUTHALG_MSCHAP2 129 /* RFC2795 */ 331 332 static const struct tok authalg_values[] = { 333 { AUTHALG_CHAPMD5, "MD5" }, 334 { AUTHALG_MSCHAP1, "MS-CHAPv1" }, 335 { AUTHALG_MSCHAP2, "MS-CHAPv2" }, 336 { 0, NULL } 337 }; 338 339 /* FCS Alternatives - to be supported */ 340 341 /* Multilink Endpoint Discriminator (RFC1717) */ 342 #define MEDCLASS_NULL 0 /* Null Class */ 343 #define MEDCLASS_LOCAL 1 /* Locally Assigned */ 344 #define MEDCLASS_IPV4 2 /* Internet Protocol (IPv4) */ 345 #define MEDCLASS_MAC 3 /* IEEE 802.1 global MAC address */ 346 #define MEDCLASS_MNB 4 /* PPP Magic Number Block */ 347 #define MEDCLASS_PSNDN 5 /* Public Switched Network Director Number */ 348 349 /* PPP LCP Callback */ 350 #define CALLBACK_AUTH 0 /* Location determined by user auth */ 351 #define CALLBACK_DSTR 1 /* Dialing string */ 352 #define CALLBACK_LID 2 /* Location identifier */ 353 #define CALLBACK_E164 3 /* E.164 number */ 354 #define CALLBACK_X500 4 /* X.500 distinguished name */ 355 #define CALLBACK_CBCP 6 /* Location is determined during CBCP nego */ 356 357 static const struct tok ppp_callback_values[] = { 358 { CALLBACK_AUTH, "UserAuth" }, 359 { CALLBACK_DSTR, "DialString" }, 360 { CALLBACK_LID, "LocalID" }, 361 { CALLBACK_E164, "E.164" }, 362 { CALLBACK_X500, "X.500" }, 363 { CALLBACK_CBCP, "CBCP" }, 364 { 0, NULL } 365 }; 366 367 /* CHAP */ 368 369 #define CHAP_CHAL 1 370 #define CHAP_RESP 2 371 #define CHAP_SUCC 3 372 #define CHAP_FAIL 4 373 374 static const struct tok chapcode_values[] = { 375 { CHAP_CHAL, "Challenge" }, 376 { CHAP_RESP, "Response" }, 377 { CHAP_SUCC, "Success" }, 378 { CHAP_FAIL, "Fail" }, 379 { 0, NULL} 380 }; 381 382 /* PAP */ 383 384 #define PAP_AREQ 1 385 #define PAP_AACK 2 386 #define PAP_ANAK 3 387 388 static const struct tok papcode_values[] = { 389 { PAP_AREQ, "Auth-Req" }, 390 { PAP_AACK, "Auth-ACK" }, 391 { PAP_ANAK, "Auth-NACK" }, 392 { 0, NULL } 393 }; 394 395 /* BAP */ 396 #define BAP_CALLREQ 1 397 #define BAP_CALLRES 2 398 #define BAP_CBREQ 3 399 #define BAP_CBRES 4 400 #define BAP_LDQREQ 5 401 #define BAP_LDQRES 6 402 #define BAP_CSIND 7 403 #define BAP_CSRES 8 404 405 static u_int print_lcp_config_options(netdissect_options *, const u_char *p, u_int); 406 static u_int print_ipcp_config_options(netdissect_options *, const u_char *p, u_int); 407 static u_int print_ip6cp_config_options(netdissect_options *, const u_char *p, u_int); 408 static u_int print_ccp_config_options(netdissect_options *, const u_char *p, u_int); 409 static u_int print_bacp_config_options(netdissect_options *, const u_char *p, u_int); 410 static void handle_ppp(netdissect_options *, u_int proto, const u_char *p, u_int length); 411 412 /* generic Control Protocol (e.g. LCP, IPCP, CCP, etc.) handler */ 413 static void 414 handle_ctrl_proto(netdissect_options *ndo, 415 u_int proto, const u_char *pptr, u_int length) 416 { 417 const char *typestr; 418 u_int code, len; 419 u_int (*pfunc)(netdissect_options *, const u_char *, u_int); 420 u_int tlen, advance; 421 const u_char *tptr; 422 423 tptr=pptr; 424 425 typestr = tok2str(ppptype2str, "unknown ctrl-proto (0x%04x)", proto); 426 ND_PRINT("%s, ", typestr); 427 428 if (length < 4) /* FIXME weak boundary checking */ 429 goto trunc; 430 ND_TCHECK_2(tptr); 431 432 code = GET_U_1(tptr); 433 tptr++; 434 435 ND_PRINT("%s (0x%02x), id %u, length %u", 436 tok2str(cpcodes, "Unknown Opcode",code), 437 code, 438 GET_U_1(tptr), /* ID */ 439 length + 2); 440 tptr++; 441 442 if (!ndo->ndo_vflag) 443 return; 444 445 len = GET_BE_U_2(tptr); 446 tptr += 2; 447 448 if (len < 4) { 449 ND_PRINT("\n\tencoded length %u (< 4))", len); 450 return; 451 } 452 453 if (len > length) { 454 ND_PRINT("\n\tencoded length %u (> packet length %u))", len, length); 455 return; 456 } 457 length = len; 458 459 ND_PRINT("\n\tencoded length %u (=Option(s) length %u)", len, len - 4); 460 461 if (length == 4) 462 return; /* there may be a NULL confreq etc. */ 463 464 if (ndo->ndo_vflag > 1) 465 print_unknown_data(ndo, pptr - 2, "\n\t", 6); 466 467 468 switch (code) { 469 case CPCODES_VEXT: 470 if (length < 11) 471 break; 472 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr)); 473 tptr += 4; 474 ND_PRINT(" Vendor: %s (%u)", 475 tok2str(oui_values,"Unknown",GET_BE_U_3(tptr)), 476 GET_BE_U_3(tptr)); 477 /* XXX: need to decode Kind and Value(s)? */ 478 break; 479 case CPCODES_CONF_REQ: 480 case CPCODES_CONF_ACK: 481 case CPCODES_CONF_NAK: 482 case CPCODES_CONF_REJ: 483 tlen = len - 4; /* Code(1), Identifier(1) and Length(2) */ 484 do { 485 switch (proto) { 486 case PPP_LCP: 487 pfunc = print_lcp_config_options; 488 break; 489 case PPP_IPCP: 490 pfunc = print_ipcp_config_options; 491 break; 492 case PPP_IPV6CP: 493 pfunc = print_ip6cp_config_options; 494 break; 495 case PPP_CCP: 496 pfunc = print_ccp_config_options; 497 break; 498 case PPP_BACP: 499 pfunc = print_bacp_config_options; 500 break; 501 default: 502 /* 503 * No print routine for the options for 504 * this protocol. 505 */ 506 pfunc = NULL; 507 break; 508 } 509 510 if (pfunc == NULL) /* catch the above null pointer if unknown CP */ 511 break; 512 513 if ((advance = (*pfunc)(ndo, tptr, len)) == 0) 514 break; 515 if (tlen < advance) { 516 ND_PRINT(" [remaining options length %u < %u]", 517 tlen, advance); 518 nd_print_invalid(ndo); 519 break; 520 } 521 tlen -= advance; 522 tptr += advance; 523 } while (tlen != 0); 524 break; 525 526 case CPCODES_TERM_REQ: 527 case CPCODES_TERM_ACK: 528 /* XXX: need to decode Data? */ 529 break; 530 case CPCODES_CODE_REJ: 531 /* XXX: need to decode Rejected-Packet? */ 532 break; 533 case CPCODES_PROT_REJ: 534 if (length < 6) 535 break; 536 ND_PRINT("\n\t Rejected %s Protocol (0x%04x)", 537 tok2str(ppptype2str,"unknown", GET_BE_U_2(tptr)), 538 GET_BE_U_2(tptr)); 539 /* XXX: need to decode Rejected-Information? - hexdump for now */ 540 if (len > 6) { 541 ND_PRINT("\n\t Rejected Packet"); 542 print_unknown_data(ndo, tptr + 2, "\n\t ", len - 2); 543 } 544 break; 545 case CPCODES_ECHO_REQ: 546 case CPCODES_ECHO_RPL: 547 case CPCODES_DISC_REQ: 548 if (length < 8) 549 break; 550 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr)); 551 /* XXX: need to decode Data? - hexdump for now */ 552 if (len > 8) { 553 ND_PRINT("\n\t -----trailing data-----"); 554 ND_TCHECK_LEN(tptr + 4, len - 8); 555 print_unknown_data(ndo, tptr + 4, "\n\t ", len - 8); 556 } 557 break; 558 case CPCODES_ID: 559 if (length < 8) 560 break; 561 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr)); 562 /* RFC 1661 says this is intended to be human readable */ 563 if (len > 8) { 564 ND_PRINT("\n\t Message\n\t "); 565 if (nd_printn(ndo, tptr + 4, len - 4, ndo->ndo_snapend)) 566 goto trunc; 567 } 568 break; 569 case CPCODES_TIME_REM: 570 if (length < 12) 571 break; 572 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr)); 573 ND_PRINT(", Seconds-Remaining %us", GET_BE_U_4(tptr + 4)); 574 /* XXX: need to decode Message? */ 575 break; 576 default: 577 /* XXX this is dirty but we do not get the 578 * original pointer passed to the begin 579 * the PPP packet */ 580 if (ndo->ndo_vflag <= 1) 581 print_unknown_data(ndo, pptr - 2, "\n\t ", length + 2); 582 break; 583 } 584 return; 585 586 trunc: 587 ND_PRINT("[|%s]", typestr); 588 } 589 590 /* LCP config options */ 591 static u_int 592 print_lcp_config_options(netdissect_options *ndo, 593 const u_char *p, u_int length) 594 { 595 u_int opt, len; 596 597 if (length < 2) 598 return 0; 599 ND_TCHECK_2(p); 600 opt = GET_U_1(p); 601 len = GET_U_1(p + 1); 602 if (length < len) 603 return 0; 604 if (len < 2) { 605 if (opt < NUM_LCPOPTS) 606 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)", 607 lcpconfopts[opt], opt, len); 608 else 609 ND_PRINT("\n\tunknown LCP option 0x%02x", opt); 610 return 0; 611 } 612 if (opt < NUM_LCPOPTS) 613 ND_PRINT("\n\t %s Option (0x%02x), length %u", lcpconfopts[opt], opt, len); 614 else { 615 ND_PRINT("\n\tunknown LCP option 0x%02x", opt); 616 return len; 617 } 618 619 switch (opt) { 620 case LCPOPT_VEXT: 621 if (len < 6) { 622 ND_PRINT(" (length bogus, should be >= 6)"); 623 return len; 624 } 625 ND_PRINT(": Vendor: %s (%u)", 626 tok2str(oui_values,"Unknown",GET_BE_U_3(p + 2)), 627 GET_BE_U_3(p + 2)); 628 #if 0 629 ND_PRINT(", kind: 0x%02x", GET_U_1(p + 5)); 630 ND_PRINT(", Value: 0x"); 631 for (i = 0; i < len - 6; i++) { 632 ND_PRINT("%02x", GET_U_1(p + 6 + i)); 633 } 634 #endif 635 break; 636 case LCPOPT_MRU: 637 if (len != 4) { 638 ND_PRINT(" (length bogus, should be = 4)"); 639 return len; 640 } 641 ND_PRINT(": %u", GET_BE_U_2(p + 2)); 642 break; 643 case LCPOPT_ACCM: 644 if (len != 6) { 645 ND_PRINT(" (length bogus, should be = 6)"); 646 return len; 647 } 648 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2)); 649 break; 650 case LCPOPT_AP: 651 if (len < 4) { 652 ND_PRINT(" (length bogus, should be >= 4)"); 653 return len; 654 } 655 ND_PRINT(": %s", 656 tok2str(ppptype2str, "Unknown Auth Proto (0x04x)", GET_BE_U_2(p + 2))); 657 658 switch (GET_BE_U_2(p + 2)) { 659 case PPP_CHAP: 660 ND_PRINT(", %s", 661 tok2str(authalg_values, "Unknown Auth Alg %u", GET_U_1(p + 4))); 662 break; 663 case PPP_PAP: /* fall through */ 664 case PPP_EAP: 665 case PPP_SPAP: 666 case PPP_SPAP_OLD: 667 break; 668 default: 669 print_unknown_data(ndo, p, "\n\t", len); 670 } 671 break; 672 case LCPOPT_QP: 673 if (len < 4) { 674 ND_PRINT(" (length bogus, should be >= 4)"); 675 return 0; 676 } 677 if (GET_BE_U_2(p + 2) == PPP_LQM) 678 ND_PRINT(": LQR"); 679 else 680 ND_PRINT(": unknown"); 681 break; 682 case LCPOPT_MN: 683 if (len != 6) { 684 ND_PRINT(" (length bogus, should be = 6)"); 685 return 0; 686 } 687 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2)); 688 break; 689 case LCPOPT_PFC: 690 break; 691 case LCPOPT_ACFC: 692 break; 693 case LCPOPT_LD: 694 if (len != 4) { 695 ND_PRINT(" (length bogus, should be = 4)"); 696 return 0; 697 } 698 ND_PRINT(": 0x%04x", GET_BE_U_2(p + 2)); 699 break; 700 case LCPOPT_CBACK: 701 if (len < 3) { 702 ND_PRINT(" (length bogus, should be >= 3)"); 703 return 0; 704 } 705 ND_PRINT(": Callback Operation %s (%u)", 706 tok2str(ppp_callback_values, "Unknown", GET_U_1(p + 2)), 707 GET_U_1(p + 2)); 708 break; 709 case LCPOPT_MLMRRU: 710 if (len != 4) { 711 ND_PRINT(" (length bogus, should be = 4)"); 712 return 0; 713 } 714 ND_PRINT(": %u", GET_BE_U_2(p + 2)); 715 break; 716 case LCPOPT_MLED: 717 if (len < 3) { 718 ND_PRINT(" (length bogus, should be >= 3)"); 719 return 0; 720 } 721 switch (GET_U_1(p + 2)) { /* class */ 722 case MEDCLASS_NULL: 723 ND_PRINT(": Null"); 724 break; 725 case MEDCLASS_LOCAL: 726 ND_PRINT(": Local"); /* XXX */ 727 break; 728 case MEDCLASS_IPV4: 729 if (len != 7) { 730 ND_PRINT(" (length bogus, should be = 7)"); 731 return 0; 732 } 733 ND_PRINT(": IPv4 %s", GET_IPADDR_STRING(p + 3)); 734 break; 735 case MEDCLASS_MAC: 736 if (len != 9) { 737 ND_PRINT(" (length bogus, should be = 9)"); 738 return 0; 739 } 740 ND_PRINT(": MAC %s", GET_ETHERADDR_STRING(p + 3)); 741 break; 742 case MEDCLASS_MNB: 743 ND_PRINT(": Magic-Num-Block"); /* XXX */ 744 break; 745 case MEDCLASS_PSNDN: 746 ND_PRINT(": PSNDN"); /* XXX */ 747 break; 748 default: 749 ND_PRINT(": Unknown class %u", GET_U_1(p + 2)); 750 break; 751 } 752 break; 753 754 /* XXX: to be supported */ 755 #if 0 756 case LCPOPT_DEP6: 757 case LCPOPT_FCSALT: 758 case LCPOPT_SDP: 759 case LCPOPT_NUMMODE: 760 case LCPOPT_DEP12: 761 case LCPOPT_DEP14: 762 case LCPOPT_DEP15: 763 case LCPOPT_DEP16: 764 case LCPOPT_MLSSNHF: 765 case LCPOPT_PROP: 766 case LCPOPT_DCEID: 767 case LCPOPT_MPP: 768 case LCPOPT_LCPAOPT: 769 case LCPOPT_COBS: 770 case LCPOPT_PE: 771 case LCPOPT_MLHF: 772 case LCPOPT_I18N: 773 case LCPOPT_SDLOS: 774 case LCPOPT_PPPMUX: 775 break; 776 #endif 777 default: 778 /* 779 * Unknown option; dump it as raw bytes now if we're 780 * not going to do so below. 781 */ 782 if (ndo->ndo_vflag < 2) 783 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); 784 break; 785 } 786 787 if (ndo->ndo_vflag > 1) 788 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */ 789 790 return len; 791 792 trunc: 793 ND_PRINT("[|lcp]"); 794 return 0; 795 } 796 797 /* ML-PPP*/ 798 static const struct tok ppp_ml_flag_values[] = { 799 { 0x80, "begin" }, 800 { 0x40, "end" }, 801 { 0, NULL } 802 }; 803 804 static void 805 handle_mlppp(netdissect_options *ndo, 806 const u_char *p, u_int length) 807 { 808 if (!ndo->ndo_eflag) 809 ND_PRINT("MLPPP, "); 810 811 if (length < 2) { 812 ND_PRINT("[|mlppp]"); 813 return; 814 } 815 if (!ND_TTEST_2(p)) { 816 ND_PRINT("[|mlppp]"); 817 return; 818 } 819 820 ND_PRINT("seq 0x%03x, Flags [%s], length %u", 821 (GET_BE_U_2(p))&0x0fff, 822 /* only support 12-Bit sequence space for now */ 823 bittok2str(ppp_ml_flag_values, "none", GET_U_1(p) & 0xc0), 824 length); 825 } 826 827 /* CHAP */ 828 static void 829 handle_chap(netdissect_options *ndo, 830 const u_char *p, u_int length) 831 { 832 u_int code, len; 833 u_int val_size, name_size, msg_size; 834 const u_char *p0; 835 u_int i; 836 837 p0 = p; 838 if (length < 1) { 839 ND_PRINT("[|chap]"); 840 return; 841 } else if (length < 4) { 842 ND_PRINT("[|chap 0x%02x]", GET_U_1(p)); 843 return; 844 } 845 846 code = GET_U_1(p); 847 ND_PRINT("CHAP, %s (0x%02x)", 848 tok2str(chapcode_values,"unknown",code), 849 code); 850 p++; 851 852 ND_PRINT(", id %u", GET_U_1(p)); /* ID */ 853 p++; 854 855 len = GET_BE_U_2(p); 856 p += 2; 857 858 /* 859 * Note that this is a generic CHAP decoding routine. Since we 860 * don't know which flavor of CHAP (i.e. CHAP-MD5, MS-CHAPv1, 861 * MS-CHAPv2) is used at this point, we can't decode packet 862 * specifically to each algorithms. Instead, we simply decode 863 * the GCD (Greatest Common Denominator) for all algorithms. 864 */ 865 switch (code) { 866 case CHAP_CHAL: 867 case CHAP_RESP: 868 if (length - (p - p0) < 1) 869 return; 870 val_size = GET_U_1(p); /* value size */ 871 p++; 872 if (length - (p - p0) < val_size) 873 return; 874 ND_PRINT(", Value "); 875 for (i = 0; i < val_size; i++) { 876 ND_PRINT("%02x", GET_U_1(p)); 877 p++; 878 } 879 name_size = len - (u_int)(p - p0); 880 ND_PRINT(", Name "); 881 for (i = 0; i < name_size; i++) { 882 fn_print_char(ndo, GET_U_1(p)); 883 p++; 884 } 885 break; 886 case CHAP_SUCC: 887 case CHAP_FAIL: 888 msg_size = len - (u_int)(p - p0); 889 ND_PRINT(", Msg "); 890 for (i = 0; i< msg_size; i++) { 891 fn_print_char(ndo, GET_U_1(p)); 892 p++; 893 } 894 break; 895 } 896 } 897 898 /* PAP (see RFC 1334) */ 899 static void 900 handle_pap(netdissect_options *ndo, 901 const u_char *p, u_int length) 902 { 903 u_int code, len; 904 u_int peerid_len, passwd_len, msg_len; 905 const u_char *p0; 906 u_int i; 907 908 p0 = p; 909 if (length < 1) { 910 ND_PRINT("[|pap]"); 911 return; 912 } else if (length < 4) { 913 ND_PRINT("[|pap 0x%02x]", GET_U_1(p)); 914 return; 915 } 916 917 code = GET_U_1(p); 918 ND_PRINT("PAP, %s (0x%02x)", 919 tok2str(papcode_values, "unknown", code), 920 code); 921 p++; 922 923 ND_PRINT(", id %u", GET_U_1(p)); /* ID */ 924 p++; 925 926 len = GET_BE_U_2(p); 927 p += 2; 928 929 if (len > length) { 930 ND_PRINT(", length %u > packet size", len); 931 return; 932 } 933 length = len; 934 if (length < (size_t)(p - p0)) { 935 ND_PRINT(", length %u < PAP header length", length); 936 return; 937 } 938 939 switch (code) { 940 case PAP_AREQ: 941 /* A valid Authenticate-Request is 6 or more octets long. */ 942 if (len < 6) 943 goto trunc; 944 if (length - (p - p0) < 1) 945 return; 946 peerid_len = GET_U_1(p); /* Peer-ID Length */ 947 p++; 948 if (length - (p - p0) < peerid_len) 949 return; 950 ND_PRINT(", Peer "); 951 for (i = 0; i < peerid_len; i++) { 952 fn_print_char(ndo, GET_U_1(p)); 953 p++; 954 } 955 956 if (length - (p - p0) < 1) 957 return; 958 passwd_len = GET_U_1(p); /* Password Length */ 959 p++; 960 if (length - (p - p0) < passwd_len) 961 return; 962 ND_PRINT(", Name "); 963 for (i = 0; i < passwd_len; i++) { 964 fn_print_char(ndo, GET_U_1(p)); 965 p++; 966 } 967 break; 968 case PAP_AACK: 969 case PAP_ANAK: 970 /* Although some implementations ignore truncation at 971 * this point and at least one generates a truncated 972 * packet, RFC 1334 section 2.2.2 clearly states that 973 * both AACK and ANAK are at least 5 bytes long. 974 */ 975 if (len < 5) 976 goto trunc; 977 if (length - (p - p0) < 1) 978 return; 979 msg_len = GET_U_1(p); /* Msg-Length */ 980 p++; 981 if (length - (p - p0) < msg_len) 982 return; 983 ND_PRINT(", Msg "); 984 for (i = 0; i< msg_len; i++) { 985 fn_print_char(ndo, GET_U_1(p)); 986 p++; 987 } 988 break; 989 } 990 return; 991 992 trunc: 993 ND_PRINT("[|pap]"); 994 } 995 996 /* BAP */ 997 static void 998 handle_bap(netdissect_options *ndo _U_, 999 const u_char *p _U_, u_int length _U_) 1000 { 1001 /* XXX: to be supported!! */ 1002 } 1003 1004 1005 /* IPCP config options */ 1006 static u_int 1007 print_ipcp_config_options(netdissect_options *ndo, 1008 const u_char *p, u_int length) 1009 { 1010 u_int opt, len; 1011 u_int compproto, ipcomp_subopttotallen, ipcomp_subopt, ipcomp_suboptlen; 1012 1013 if (length < 2) 1014 return 0; 1015 ND_TCHECK_2(p); 1016 opt = GET_U_1(p); 1017 len = GET_U_1(p + 1); 1018 if (length < len) 1019 return 0; 1020 if (len < 2) { 1021 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)", 1022 tok2str(ipcpopt_values,"unknown",opt), 1023 opt, 1024 len); 1025 return 0; 1026 } 1027 1028 ND_PRINT("\n\t %s Option (0x%02x), length %u", 1029 tok2str(ipcpopt_values,"unknown",opt), 1030 opt, 1031 len); 1032 1033 switch (opt) { 1034 case IPCPOPT_2ADDR: /* deprecated */ 1035 if (len != 10) { 1036 ND_PRINT(" (length bogus, should be = 10)"); 1037 return len; 1038 } 1039 ND_PRINT(": src %s, dst %s", 1040 GET_IPADDR_STRING(p + 2), 1041 GET_IPADDR_STRING(p + 6)); 1042 break; 1043 case IPCPOPT_IPCOMP: 1044 if (len < 4) { 1045 ND_PRINT(" (length bogus, should be >= 4)"); 1046 return 0; 1047 } 1048 compproto = GET_BE_U_2(p + 2); 1049 1050 ND_PRINT(": %s (0x%02x):", 1051 tok2str(ipcpopt_compproto_values, "Unknown", compproto), 1052 compproto); 1053 1054 switch (compproto) { 1055 case PPP_VJC: 1056 /* XXX: VJ-Comp parameters should be decoded */ 1057 break; 1058 case IPCPOPT_IPCOMP_HDRCOMP: 1059 if (len < IPCPOPT_IPCOMP_MINLEN) { 1060 ND_PRINT(" (length bogus, should be >= %u)", 1061 IPCPOPT_IPCOMP_MINLEN); 1062 return 0; 1063 } 1064 1065 ND_TCHECK_LEN(p + 2, IPCPOPT_IPCOMP_MINLEN); 1066 ND_PRINT("\n\t TCP Space %u, non-TCP Space %u" 1067 ", maxPeriod %u, maxTime %u, maxHdr %u", 1068 GET_BE_U_2(p + 4), 1069 GET_BE_U_2(p + 6), 1070 GET_BE_U_2(p + 8), 1071 GET_BE_U_2(p + 10), 1072 GET_BE_U_2(p + 12)); 1073 1074 /* suboptions present ? */ 1075 if (len > IPCPOPT_IPCOMP_MINLEN) { 1076 ipcomp_subopttotallen = len - IPCPOPT_IPCOMP_MINLEN; 1077 p += IPCPOPT_IPCOMP_MINLEN; 1078 1079 ND_PRINT("\n\t Suboptions, length %u", ipcomp_subopttotallen); 1080 1081 while (ipcomp_subopttotallen >= 2) { 1082 ND_TCHECK_2(p); 1083 ipcomp_subopt = GET_U_1(p); 1084 ipcomp_suboptlen = GET_U_1(p + 1); 1085 1086 /* sanity check */ 1087 if (ipcomp_subopt == 0 || 1088 ipcomp_suboptlen == 0 ) 1089 break; 1090 1091 /* XXX: just display the suboptions for now */ 1092 ND_PRINT("\n\t\t%s Suboption #%u, length %u", 1093 tok2str(ipcpopt_compproto_subopt_values, 1094 "Unknown", 1095 ipcomp_subopt), 1096 ipcomp_subopt, 1097 ipcomp_suboptlen); 1098 if (ipcomp_subopttotallen < ipcomp_suboptlen) { 1099 ND_PRINT(" [remaining suboptions length %u < %u]", 1100 ipcomp_subopttotallen, ipcomp_suboptlen); 1101 nd_print_invalid(ndo); 1102 break; 1103 } 1104 ipcomp_subopttotallen -= ipcomp_suboptlen; 1105 p += ipcomp_suboptlen; 1106 } 1107 } 1108 break; 1109 default: 1110 break; 1111 } 1112 break; 1113 1114 case IPCPOPT_ADDR: /* those options share the same format - fall through */ 1115 case IPCPOPT_MOBILE4: 1116 case IPCPOPT_PRIDNS: 1117 case IPCPOPT_PRINBNS: 1118 case IPCPOPT_SECDNS: 1119 case IPCPOPT_SECNBNS: 1120 if (len != 6) { 1121 ND_PRINT(" (length bogus, should be = 6)"); 1122 return 0; 1123 } 1124 ND_PRINT(": %s", GET_IPADDR_STRING(p + 2)); 1125 break; 1126 default: 1127 /* 1128 * Unknown option; dump it as raw bytes now if we're 1129 * not going to do so below. 1130 */ 1131 if (ndo->ndo_vflag < 2) 1132 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); 1133 break; 1134 } 1135 if (ndo->ndo_vflag > 1 && ND_TTEST_LEN(p + 2, len - 2)) 1136 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */ 1137 return len; 1138 1139 trunc: 1140 ND_PRINT("[|ipcp]"); 1141 return 0; 1142 } 1143 1144 /* IP6CP config options */ 1145 static u_int 1146 print_ip6cp_config_options(netdissect_options *ndo, 1147 const u_char *p, u_int length) 1148 { 1149 u_int opt, len; 1150 1151 if (length < 2) 1152 return 0; 1153 ND_TCHECK_2(p); 1154 opt = GET_U_1(p); 1155 len = GET_U_1(p + 1); 1156 if (length < len) 1157 return 0; 1158 if (len < 2) { 1159 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)", 1160 tok2str(ip6cpopt_values,"unknown",opt), 1161 opt, 1162 len); 1163 return 0; 1164 } 1165 1166 ND_PRINT("\n\t %s Option (0x%02x), length %u", 1167 tok2str(ip6cpopt_values,"unknown",opt), 1168 opt, 1169 len); 1170 1171 switch (opt) { 1172 case IP6CP_IFID: 1173 if (len != 10) { 1174 ND_PRINT(" (length bogus, should be = 10)"); 1175 return len; 1176 } 1177 ND_TCHECK_8(p + 2); 1178 ND_PRINT(": %04x:%04x:%04x:%04x", 1179 GET_BE_U_2(p + 2), 1180 GET_BE_U_2(p + 4), 1181 GET_BE_U_2(p + 6), 1182 GET_BE_U_2(p + 8)); 1183 break; 1184 default: 1185 /* 1186 * Unknown option; dump it as raw bytes now if we're 1187 * not going to do so below. 1188 */ 1189 if (ndo->ndo_vflag < 2) 1190 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); 1191 break; 1192 } 1193 if (ndo->ndo_vflag > 1) 1194 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */ 1195 1196 return len; 1197 1198 trunc: 1199 ND_PRINT("[|ip6cp]"); 1200 return 0; 1201 } 1202 1203 1204 /* CCP config options */ 1205 static u_int 1206 print_ccp_config_options(netdissect_options *ndo, 1207 const u_char *p, u_int length) 1208 { 1209 u_int opt, len; 1210 1211 if (length < 2) 1212 return 0; 1213 ND_TCHECK_2(p); 1214 opt = GET_U_1(p); 1215 len = GET_U_1(p + 1); 1216 if (length < len) 1217 return 0; 1218 if (len < 2) { 1219 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)", 1220 tok2str(ccpconfopts_values, "Unknown", opt), 1221 opt, 1222 len); 1223 return 0; 1224 } 1225 1226 ND_PRINT("\n\t %s Option (0x%02x), length %u", 1227 tok2str(ccpconfopts_values, "Unknown", opt), 1228 opt, 1229 len); 1230 1231 switch (opt) { 1232 case CCPOPT_BSDCOMP: 1233 if (len < 3) { 1234 ND_PRINT(" (length bogus, should be >= 3)"); 1235 return len; 1236 } 1237 ND_PRINT(": Version: %u, Dictionary Bits: %u", 1238 GET_U_1(p + 2) >> 5, 1239 GET_U_1(p + 2) & 0x1f); 1240 break; 1241 case CCPOPT_MVRCA: 1242 if (len < 4) { 1243 ND_PRINT(" (length bogus, should be >= 4)"); 1244 return len; 1245 } 1246 ND_PRINT(": Features: %u, PxP: %s, History: %u, #CTX-ID: %u", 1247 (GET_U_1(p + 2) & 0xc0) >> 6, 1248 (GET_U_1(p + 2) & 0x20) ? "Enabled" : "Disabled", 1249 GET_U_1(p + 2) & 0x1f, 1250 GET_U_1(p + 3)); 1251 break; 1252 case CCPOPT_DEFLATE: 1253 if (len < 4) { 1254 ND_PRINT(" (length bogus, should be >= 4)"); 1255 return len; 1256 } 1257 ND_PRINT(": Window: %uK, Method: %s (0x%x), MBZ: %u, CHK: %u", 1258 (GET_U_1(p + 2) & 0xf0) >> 4, 1259 ((GET_U_1(p + 2) & 0x0f) == 8) ? "zlib" : "unknown", 1260 GET_U_1(p + 2) & 0x0f, 1261 (GET_U_1(p + 3) & 0xfc) >> 2, 1262 GET_U_1(p + 3) & 0x03); 1263 break; 1264 1265 /* XXX: to be supported */ 1266 #if 0 1267 case CCPOPT_OUI: 1268 case CCPOPT_PRED1: 1269 case CCPOPT_PRED2: 1270 case CCPOPT_PJUMP: 1271 case CCPOPT_HPPPC: 1272 case CCPOPT_STACLZS: 1273 case CCPOPT_MPPC: 1274 case CCPOPT_GFZA: 1275 case CCPOPT_V42BIS: 1276 case CCPOPT_LZSDCP: 1277 case CCPOPT_DEC: 1278 case CCPOPT_RESV: 1279 break; 1280 #endif 1281 default: 1282 /* 1283 * Unknown option; dump it as raw bytes now if we're 1284 * not going to do so below. 1285 */ 1286 if (ndo->ndo_vflag < 2) 1287 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); 1288 break; 1289 } 1290 if (ndo->ndo_vflag > 1) 1291 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */ 1292 1293 return len; 1294 1295 trunc: 1296 ND_PRINT("[|ccp]"); 1297 return 0; 1298 } 1299 1300 /* BACP config options */ 1301 static u_int 1302 print_bacp_config_options(netdissect_options *ndo, 1303 const u_char *p, u_int length) 1304 { 1305 u_int opt, len; 1306 1307 if (length < 2) 1308 return 0; 1309 ND_TCHECK_2(p); 1310 opt = GET_U_1(p); 1311 len = GET_U_1(p + 1); 1312 if (length < len) 1313 return 0; 1314 if (len < 2) { 1315 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)", 1316 tok2str(bacconfopts_values, "Unknown", opt), 1317 opt, 1318 len); 1319 return 0; 1320 } 1321 1322 ND_PRINT("\n\t %s Option (0x%02x), length %u", 1323 tok2str(bacconfopts_values, "Unknown", opt), 1324 opt, 1325 len); 1326 1327 switch (opt) { 1328 case BACPOPT_FPEER: 1329 if (len != 6) { 1330 ND_PRINT(" (length bogus, should be = 6)"); 1331 return len; 1332 } 1333 ND_PRINT(": Magic-Num 0x%08x", GET_BE_U_4(p + 2)); 1334 break; 1335 default: 1336 /* 1337 * Unknown option; dump it as raw bytes now if we're 1338 * not going to do so below. 1339 */ 1340 if (ndo->ndo_vflag < 2) 1341 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); 1342 break; 1343 } 1344 if (ndo->ndo_vflag > 1) 1345 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */ 1346 1347 return len; 1348 1349 trunc: 1350 ND_PRINT("[|bacp]"); 1351 return 0; 1352 } 1353 1354 /* 1355 * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. 1356 * The length argument is the on-the-wire length, not the captured 1357 * length; we can only un-escape the captured part. 1358 */ 1359 static void 1360 ppp_hdlc(netdissect_options *ndo, 1361 const u_char *p, u_int length) 1362 { 1363 u_int caplen = ND_BYTES_AVAILABLE_AFTER(p); 1364 u_char *b, *t, c; 1365 const u_char *s; 1366 u_int i, proto; 1367 1368 if (caplen == 0) 1369 return; 1370 1371 if (length == 0) 1372 return; 1373 1374 b = (u_char *)malloc(caplen); 1375 if (b == NULL) { 1376 (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, 1377 "%s: malloc", __func__); 1378 } 1379 1380 /* 1381 * Unescape all the data into a temporary, private, buffer. 1382 * Do this so that we don't overwrite the original packet 1383 * contents. 1384 */ 1385 for (s = p, t = b, i = caplen; i != 0; i--) { 1386 c = GET_U_1(s); 1387 s++; 1388 if (c == 0x7d) { 1389 if (i <= 1) 1390 break; 1391 i--; 1392 c = GET_U_1(s) ^ 0x20; 1393 s++; 1394 } 1395 *t++ = c; 1396 } 1397 1398 /* 1399 * Switch to the output buffer for dissection, and save it 1400 * on the buffer stack so it can be freed; our caller must 1401 * pop it when done. 1402 */ 1403 if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) { 1404 free(b); 1405 (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, 1406 "%s: can't push buffer on buffer stack", __func__); 1407 } 1408 length = ND_BYTES_AVAILABLE_AFTER(b); 1409 1410 /* now lets guess about the payload codepoint format */ 1411 if (length < 1) 1412 goto trunc; 1413 proto = GET_U_1(b); /* start with a one-octet codepoint guess */ 1414 1415 switch (proto) { 1416 case PPP_IP: 1417 ip_print(ndo, b + 1, length - 1); 1418 goto cleanup; 1419 case PPP_IPV6: 1420 ip6_print(ndo, b + 1, length - 1); 1421 goto cleanup; 1422 default: /* no luck - try next guess */ 1423 break; 1424 } 1425 1426 if (length < 2) 1427 goto trunc; 1428 proto = GET_BE_U_2(b); /* next guess - load two octets */ 1429 1430 switch (proto) { 1431 case (PPP_ADDRESS << 8 | PPP_CONTROL): /* looks like a PPP frame */ 1432 if (length < 4) 1433 goto trunc; 1434 proto = GET_BE_U_2(b + 2); /* load the PPP proto-id */ 1435 if ((proto & 0xff00) == 0x7e00) 1436 ND_PRINT("(protocol 0x%04x invalid)", proto); 1437 else 1438 handle_ppp(ndo, proto, b + 4, length - 4); 1439 break; 1440 default: /* last guess - proto must be a PPP proto-id */ 1441 if ((proto & 0xff00) == 0x7e00) 1442 ND_PRINT("(protocol 0x%04x invalid)", proto); 1443 else 1444 handle_ppp(ndo, proto, b + 2, length - 2); 1445 break; 1446 } 1447 1448 cleanup: 1449 nd_pop_packet_info(ndo); 1450 return; 1451 1452 trunc: 1453 nd_pop_packet_info(ndo); 1454 nd_print_trunc(ndo); 1455 } 1456 1457 1458 /* PPP */ 1459 static void 1460 handle_ppp(netdissect_options *ndo, 1461 u_int proto, const u_char *p, u_int length) 1462 { 1463 if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */ 1464 ppp_hdlc(ndo, p - 1, length); 1465 return; 1466 } 1467 1468 switch (proto) { 1469 case PPP_LCP: /* fall through */ 1470 case PPP_IPCP: 1471 case PPP_OSICP: 1472 case PPP_MPLSCP: 1473 case PPP_IPV6CP: 1474 case PPP_CCP: 1475 case PPP_BACP: 1476 handle_ctrl_proto(ndo, proto, p, length); 1477 break; 1478 case PPP_ML: 1479 handle_mlppp(ndo, p, length); 1480 break; 1481 case PPP_CHAP: 1482 handle_chap(ndo, p, length); 1483 break; 1484 case PPP_PAP: 1485 handle_pap(ndo, p, length); 1486 break; 1487 case PPP_BAP: /* XXX: not yet completed */ 1488 handle_bap(ndo, p, length); 1489 break; 1490 case ETHERTYPE_IP: /*XXX*/ 1491 case PPP_VJNC: 1492 case PPP_IP: 1493 ip_print(ndo, p, length); 1494 break; 1495 case ETHERTYPE_IPV6: /*XXX*/ 1496 case PPP_IPV6: 1497 ip6_print(ndo, p, length); 1498 break; 1499 case ETHERTYPE_IPX: /*XXX*/ 1500 case PPP_IPX: 1501 ipx_print(ndo, p, length); 1502 break; 1503 case PPP_OSI: 1504 isoclns_print(ndo, p, length); 1505 break; 1506 case PPP_MPLS_UCAST: 1507 case PPP_MPLS_MCAST: 1508 mpls_print(ndo, p, length); 1509 break; 1510 case PPP_COMP: 1511 ND_PRINT("compressed PPP data"); 1512 break; 1513 default: 1514 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto)); 1515 print_unknown_data(ndo, p, "\n\t", length); 1516 break; 1517 } 1518 } 1519 1520 /* Standard PPP printer */ 1521 u_int 1522 ppp_print(netdissect_options *ndo, 1523 const u_char *p, u_int length) 1524 { 1525 u_int proto,ppp_header; 1526 u_int olen = length; /* _o_riginal length */ 1527 u_int hdr_len = 0; 1528 1529 ndo->ndo_protocol = "ppp"; 1530 /* 1531 * Here, we assume that p points to the Address and Control 1532 * field (if they present). 1533 */ 1534 if (length < 2) 1535 goto trunc; 1536 ppp_header = GET_BE_U_2(p); 1537 1538 switch(ppp_header) { 1539 case (PPP_PPPD_IN << 8 | PPP_CONTROL): 1540 if (ndo->ndo_eflag) ND_PRINT("In "); 1541 p += 2; 1542 length -= 2; 1543 hdr_len += 2; 1544 break; 1545 case (PPP_PPPD_OUT << 8 | PPP_CONTROL): 1546 if (ndo->ndo_eflag) ND_PRINT("Out "); 1547 p += 2; 1548 length -= 2; 1549 hdr_len += 2; 1550 break; 1551 case (PPP_ADDRESS << 8 | PPP_CONTROL): 1552 p += 2; /* ACFC not used */ 1553 length -= 2; 1554 hdr_len += 2; 1555 break; 1556 1557 default: 1558 break; 1559 } 1560 1561 if (length < 2) 1562 goto trunc; 1563 if (GET_U_1(p) % 2) { 1564 proto = GET_U_1(p); /* PFC is used */ 1565 p++; 1566 length--; 1567 hdr_len++; 1568 } else { 1569 proto = GET_BE_U_2(p); 1570 p += 2; 1571 length -= 2; 1572 hdr_len += 2; 1573 } 1574 1575 if (ndo->ndo_eflag) { 1576 const char *typestr; 1577 typestr = tok2str(ppptype2str, "unknown", proto); 1578 ND_PRINT("%s (0x%04x), length %u", 1579 typestr, 1580 proto, 1581 olen); 1582 if (*typestr == 'u') /* "unknown" */ 1583 return hdr_len; 1584 1585 ND_PRINT(": "); 1586 } 1587 1588 handle_ppp(ndo, proto, p, length); 1589 return (hdr_len); 1590 trunc: 1591 nd_print_trunc(ndo); 1592 return (0); 1593 } 1594 1595 1596 /* PPP I/F printer */ 1597 void 1598 ppp_if_print(netdissect_options *ndo, 1599 const struct pcap_pkthdr *h, const u_char *p) 1600 { 1601 u_int length = h->len; 1602 u_int caplen = h->caplen; 1603 1604 ndo->ndo_protocol = "ppp"; 1605 if (caplen < PPP_HDRLEN) { 1606 nd_print_trunc(ndo); 1607 ndo->ndo_ll_hdr_len += caplen; 1608 return; 1609 } 1610 ndo->ndo_ll_hdr_len += PPP_HDRLEN; 1611 1612 #if 0 1613 /* 1614 * XXX: seems to assume that there are 2 octets prepended to an 1615 * actual PPP frame. The 1st octet looks like Input/Output flag 1616 * while 2nd octet is unknown, at least to me 1617 * (mshindo@mshindo.net). 1618 * 1619 * That was what the original tcpdump code did. 1620 * 1621 * FreeBSD's "if_ppp.c" *does* set the first octet to 1 for outbound 1622 * packets and 0 for inbound packets - but only if the 1623 * protocol field has the 0x8000 bit set (i.e., it's a network 1624 * control protocol); it does so before running the packet through 1625 * "bpf_filter" to see if it should be discarded, and to see 1626 * if we should update the time we sent the most recent packet... 1627 * 1628 * ...but it puts the original address field back after doing 1629 * so. 1630 * 1631 * NetBSD's "if_ppp.c" doesn't set the first octet in that fashion. 1632 * 1633 * I don't know if any PPP implementation handed up to a BPF 1634 * device packets with the first octet being 1 for outbound and 1635 * 0 for inbound packets, so I (guy@alum.mit.edu) don't know 1636 * whether that ever needs to be checked or not. 1637 * 1638 * Note that NetBSD has a DLT_PPP_SERIAL, which it uses for PPP, 1639 * and its tcpdump appears to assume that the frame always 1640 * begins with an address field and a control field, and that 1641 * the address field might be 0x0f or 0x8f, for Cisco 1642 * point-to-point with HDLC framing as per section 4.3.1 of RFC 1643 * 1547, as well as 0xff, for PPP in HDLC-like framing as per 1644 * RFC 1662. 1645 * 1646 * (Is the Cisco framing in question what DLT_C_HDLC, in 1647 * BSD/OS, is?) 1648 */ 1649 if (ndo->ndo_eflag) 1650 ND_PRINT("%c %4d %02x ", GET_U_1(p) ? 'O' : 'I', 1651 length, GET_U_1(p + 1)); 1652 #endif 1653 1654 ppp_print(ndo, p, length); 1655 } 1656 1657 /* 1658 * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like 1659 * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547, 1660 * is being used (i.e., we don't check for PPP_ADDRESS and PPP_CONTROL, 1661 * discard them *if* those are the first two octets, and parse the remaining 1662 * packet as a PPP packet, as "ppp_print()" does). 1663 * 1664 * This handles, for example, DLT_PPP_SERIAL in NetBSD. 1665 */ 1666 void 1667 ppp_hdlc_if_print(netdissect_options *ndo, 1668 const struct pcap_pkthdr *h, const u_char *p) 1669 { 1670 u_int length = h->len; 1671 u_int caplen = h->caplen; 1672 u_int proto; 1673 u_int hdrlen = 0; 1674 1675 ndo->ndo_protocol = "ppp_hdlc"; 1676 if (caplen < 2) { 1677 nd_print_trunc(ndo); 1678 ndo->ndo_ll_hdr_len += caplen; 1679 return; 1680 } 1681 1682 switch (GET_U_1(p)) { 1683 1684 case PPP_ADDRESS: 1685 if (caplen < 4) { 1686 nd_print_trunc(ndo); 1687 ndo->ndo_ll_hdr_len += caplen; 1688 return; 1689 } 1690 1691 if (ndo->ndo_eflag) 1692 ND_PRINT("%02x %02x %u ", GET_U_1(p), 1693 GET_U_1(p + 1), length); 1694 p += 2; 1695 length -= 2; 1696 hdrlen += 2; 1697 1698 proto = GET_BE_U_2(p); 1699 p += 2; 1700 length -= 2; 1701 hdrlen += 2; 1702 ND_PRINT("%s: ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto)); 1703 1704 handle_ppp(ndo, proto, p, length); 1705 break; 1706 1707 case CHDLC_UNICAST: 1708 case CHDLC_BCAST: 1709 chdlc_if_print(ndo, h, p); 1710 return; 1711 1712 default: 1713 if (caplen < 4) { 1714 nd_print_trunc(ndo); 1715 ndo->ndo_ll_hdr_len += caplen; 1716 return; 1717 } 1718 1719 if (ndo->ndo_eflag) 1720 ND_PRINT("%02x %02x %u ", GET_U_1(p), 1721 GET_U_1(p + 1), length); 1722 p += 2; 1723 hdrlen += 2; 1724 1725 /* 1726 * XXX - NetBSD's "ppp_netbsd_serial_if_print()" treats 1727 * the next two octets as an Ethernet type; does that 1728 * ever happen? 1729 */ 1730 ND_PRINT("unknown addr %02x; ctrl %02x", GET_U_1(p), 1731 GET_U_1(p + 1)); 1732 break; 1733 } 1734 1735 ndo->ndo_ll_hdr_len += hdrlen; 1736 } 1737 1738 #define PPP_BSDI_HDRLEN 24 1739 1740 /* BSD/OS specific PPP printer */ 1741 void 1742 ppp_bsdos_if_print(netdissect_options *ndo, 1743 const struct pcap_pkthdr *h _U_, const u_char *p _U_) 1744 { 1745 u_int hdrlength; 1746 #ifdef __bsdi__ 1747 u_int length = h->len; 1748 u_int caplen = h->caplen; 1749 uint16_t ptype; 1750 uint8_t llhl; 1751 const u_char *q; 1752 u_int i; 1753 1754 ndo->ndo_protocol = "ppp_bsdos"; 1755 if (caplen < PPP_BSDI_HDRLEN) { 1756 nd_print_trunc(ndo); 1757 ndo->ndo_ll_hdr_len += caplen; 1758 return; 1759 } 1760 1761 hdrlength = 0; 1762 1763 #if 0 1764 if (GET_U_1(p) == PPP_ADDRESS && 1765 GET_U_1(p + 1) == PPP_CONTROL) { 1766 if (ndo->ndo_eflag) 1767 ND_PRINT("%02x %02x ", GET_U_1(p), 1768 GET_U_1(p + 1)); 1769 p += 2; 1770 hdrlength = 2; 1771 } 1772 1773 if (ndo->ndo_eflag) 1774 ND_PRINT("%u ", length); 1775 /* Retrieve the protocol type */ 1776 if (GET_U_1(p) & 01) { 1777 /* Compressed protocol field */ 1778 ptype = GET_U_1(p); 1779 if (ndo->ndo_eflag) 1780 ND_PRINT("%02x ", ptype); 1781 p++; 1782 hdrlength += 1; 1783 } else { 1784 /* Un-compressed protocol field */ 1785 ptype = GET_BE_U_2(p); 1786 if (ndo->ndo_eflag) 1787 ND_PRINT("%04x ", ptype); 1788 p += 2; 1789 hdrlength += 2; 1790 } 1791 #else 1792 ptype = 0; /*XXX*/ 1793 if (ndo->ndo_eflag) 1794 ND_PRINT("%c ", GET_U_1(p + SLC_DIR) ? 'O' : 'I'); 1795 llhl = GET_U_1(p + SLC_LLHL); 1796 if (llhl) { 1797 /* link level header */ 1798 struct ppp_header *ph; 1799 1800 q = p + SLC_BPFHDRLEN; 1801 ph = (struct ppp_header *)q; 1802 if (ph->phdr_addr == PPP_ADDRESS 1803 && ph->phdr_ctl == PPP_CONTROL) { 1804 if (ndo->ndo_eflag) 1805 ND_PRINT("%02x %02x ", GET_U_1(q), 1806 GET_U_1(q + 1)); 1807 ptype = GET_BE_U_2(&ph->phdr_type); 1808 if (ndo->ndo_eflag && (ptype == PPP_VJC || ptype == PPP_VJNC)) { 1809 ND_PRINT("%s ", tok2str(ppptype2str, 1810 "proto-#%u", ptype)); 1811 } 1812 } else { 1813 if (ndo->ndo_eflag) { 1814 ND_PRINT("LLH=["); 1815 for (i = 0; i < llhl; i++) 1816 ND_PRINT("%02x", GET_U_1(q + i)); 1817 ND_PRINT("] "); 1818 } 1819 } 1820 } 1821 if (ndo->ndo_eflag) 1822 ND_PRINT("%u ", length); 1823 if (GET_U_1(p + SLC_CHL)) { 1824 q = p + SLC_BPFHDRLEN + llhl; 1825 1826 switch (ptype) { 1827 case PPP_VJC: 1828 ptype = vjc_print(ndo, q, ptype); 1829 hdrlength = PPP_BSDI_HDRLEN; 1830 p += hdrlength; 1831 switch (ptype) { 1832 case PPP_IP: 1833 ip_print(ndo, p, length); 1834 break; 1835 case PPP_IPV6: 1836 ip6_print(ndo, p, length); 1837 break; 1838 case PPP_MPLS_UCAST: 1839 case PPP_MPLS_MCAST: 1840 mpls_print(ndo, p, length); 1841 break; 1842 } 1843 goto printx; 1844 case PPP_VJNC: 1845 ptype = vjc_print(ndo, q, ptype); 1846 hdrlength = PPP_BSDI_HDRLEN; 1847 p += hdrlength; 1848 switch (ptype) { 1849 case PPP_IP: 1850 ip_print(ndo, p, length); 1851 break; 1852 case PPP_IPV6: 1853 ip6_print(ndo, p, length); 1854 break; 1855 case PPP_MPLS_UCAST: 1856 case PPP_MPLS_MCAST: 1857 mpls_print(ndo, p, length); 1858 break; 1859 } 1860 goto printx; 1861 default: 1862 if (ndo->ndo_eflag) { 1863 ND_PRINT("CH=["); 1864 for (i = 0; i < llhl; i++) 1865 ND_PRINT("%02x", 1866 GET_U_1(q + i)); 1867 ND_PRINT("] "); 1868 } 1869 break; 1870 } 1871 } 1872 1873 hdrlength = PPP_BSDI_HDRLEN; 1874 #endif 1875 1876 length -= hdrlength; 1877 p += hdrlength; 1878 1879 switch (ptype) { 1880 case PPP_IP: 1881 ip_print(p, length); 1882 break; 1883 case PPP_IPV6: 1884 ip6_print(ndo, p, length); 1885 break; 1886 case PPP_MPLS_UCAST: 1887 case PPP_MPLS_MCAST: 1888 mpls_print(ndo, p, length); 1889 break; 1890 default: 1891 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", ptype)); 1892 } 1893 1894 printx: 1895 #else /* __bsdi */ 1896 hdrlength = 0; 1897 #endif /* __bsdi__ */ 1898 ndo->ndo_ll_hdr_len += hdrlength; 1899 } 1900