1 /*
2 * Copyright (c) 2000 Lennert Buytenhek
3 *
4 * This software may be distributed either under the terms of the
5 * BSD-style license that accompanies tcpdump or the GNU General
6 * Public License
7 *
8 * Contributed by Lennert Buytenhek <buytenh@gnu.org>
9 */
10
11 /* \summary: IEEE 802.1d Spanning Tree Protocol (STP) printer */
12
13 #include <config.h>
14
15 #include "netdissect-stdinc.h"
16
17 #include <stdio.h>
18
19 #include "netdissect.h"
20 #include "extract.h"
21
22 #define RSTP_EXTRACT_PORT_ROLE(x) (((x)&0x0C)>>2)
23 /* STP timers are expressed in multiples of 1/256th second */
24 #define STP_TIME_BASE 256
25 #define STP_BPDU_MSTP_MIN_LEN 102
26
27 struct stp_bpdu_ {
28 nd_uint16_t protocol_id;
29 nd_uint8_t protocol_version;
30 nd_uint8_t bpdu_type;
31 nd_uint8_t flags;
32 nd_byte root_id[8];
33 nd_uint32_t root_path_cost;
34 nd_byte bridge_id[8];
35 nd_uint16_t port_id;
36 nd_uint16_t message_age;
37 nd_uint16_t max_age;
38 nd_uint16_t hello_time;
39 nd_uint16_t forward_delay;
40 nd_uint8_t v1_length;
41 };
42
43 #define STP_PROTO_REGULAR 0x00
44 #define STP_PROTO_RAPID 0x02
45 #define STP_PROTO_MSTP 0x03
46 #define STP_PROTO_SPB 0x04
47
48 static const struct tok stp_proto_values[] = {
49 { STP_PROTO_REGULAR, "802.1d" },
50 { STP_PROTO_RAPID, "802.1w" },
51 { STP_PROTO_MSTP, "802.1s" },
52 { STP_PROTO_SPB, "802.1aq" },
53 { 0, NULL}
54 };
55
56 #define STP_BPDU_TYPE_CONFIG 0x00
57 #define STP_BPDU_TYPE_RSTP 0x02
58 #define STP_BPDU_TYPE_TOPO_CHANGE 0x80
59
60 static const struct tok stp_bpdu_flag_values[] = {
61 { 0x01, "Topology change" },
62 { 0x02, "Proposal" },
63 { 0x10, "Learn" },
64 { 0x20, "Forward" },
65 { 0x40, "Agreement" },
66 { 0x80, "Topology change ACK" },
67 { 0, NULL}
68 };
69
70 static const struct tok stp_bpdu_type_values[] = {
71 { STP_BPDU_TYPE_CONFIG, "Config" },
72 { STP_BPDU_TYPE_RSTP, "Rapid STP" },
73 { STP_BPDU_TYPE_TOPO_CHANGE, "Topology Change" },
74 { 0, NULL}
75 };
76
77 static const struct tok rstp_obj_port_role_values[] = {
78 { 0x00, "Unknown" },
79 { 0x01, "Alternate" },
80 { 0x02, "Root" },
81 { 0x03, "Designated" },
82 { 0, NULL}
83 };
84
85 static char *
stp_print_bridge_id(netdissect_options * ndo,const u_char * p)86 stp_print_bridge_id(netdissect_options *ndo, const u_char *p)
87 {
88 static char bridge_id_str[sizeof("pppp.aa:bb:cc:dd:ee:ff")];
89
90 snprintf(bridge_id_str, sizeof(bridge_id_str),
91 "%.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
92 GET_U_1(p), GET_U_1(p + 1), GET_U_1(p + 2),
93 GET_U_1(p + 3), GET_U_1(p + 4), GET_U_1(p + 5),
94 GET_U_1(p + 6), GET_U_1(p + 7));
95
96 return bridge_id_str;
97 }
98
99 static void
stp_print_config_bpdu(netdissect_options * ndo,const struct stp_bpdu_ * stp_bpdu,u_int length)100 stp_print_config_bpdu(netdissect_options *ndo, const struct stp_bpdu_ *stp_bpdu,
101 u_int length)
102 {
103 uint8_t bpdu_flags;
104
105 bpdu_flags = GET_U_1(stp_bpdu->flags);
106 ND_PRINT(", Flags [%s]",
107 bittok2str(stp_bpdu_flag_values, "none", bpdu_flags));
108
109 ND_PRINT(", bridge-id %s.%04x, length %u",
110 stp_print_bridge_id(ndo, stp_bpdu->bridge_id),
111 GET_BE_U_2(stp_bpdu->port_id), length);
112
113 /* in non-verbose mode just print the bridge-id */
114 if (!ndo->ndo_vflag) {
115 return;
116 }
117
118 ND_PRINT("\n\tmessage-age %.2fs, max-age %.2fs"
119 ", hello-time %.2fs, forwarding-delay %.2fs",
120 (float) GET_BE_U_2(stp_bpdu->message_age) / STP_TIME_BASE,
121 (float) GET_BE_U_2(stp_bpdu->max_age) / STP_TIME_BASE,
122 (float) GET_BE_U_2(stp_bpdu->hello_time) / STP_TIME_BASE,
123 (float) GET_BE_U_2(stp_bpdu->forward_delay) / STP_TIME_BASE);
124
125 ND_PRINT("\n\troot-id %s, root-pathcost %u",
126 stp_print_bridge_id(ndo, stp_bpdu->root_id),
127 GET_BE_U_4(stp_bpdu->root_path_cost));
128
129 /* Port role is only valid for 802.1w */
130 if (GET_U_1(stp_bpdu->protocol_version) == STP_PROTO_RAPID) {
131 ND_PRINT(", port-role %s",
132 tok2str(rstp_obj_port_role_values, "Unknown",
133 RSTP_EXTRACT_PORT_ROLE(bpdu_flags)));
134 }
135 }
136
137 /*
138 * MSTP packet format
139 * Ref. IEEE 802.1Q 2003 Ed. Section 14
140 *
141 * MSTP BPDU
142 *
143 * 2 - bytes Protocol Id
144 * 1 - byte Protocol Ver.
145 * 1 - byte BPDU type
146 * 1 - byte Flags
147 * 8 - bytes CIST Root Identifier
148 * 4 - bytes CIST External Path Cost
149 * 8 - bytes CIST Regional Root Identifier
150 * 2 - bytes CIST Port Identifier
151 * 2 - bytes Message Age
152 * 2 - bytes Max age
153 * 2 - bytes Hello Time
154 * 2 - bytes Forward delay
155 * 1 - byte Version 1 length. Must be 0
156 * 2 - bytes Version 3 length
157 * 1 - byte Config Identifier
158 * 32 - bytes Config Name
159 * 2 - bytes Revision level
160 * 16 - bytes Config Digest [MD5]
161 * 4 - bytes CIST Internal Root Path Cost
162 * 8 - bytes CIST Bridge Identifier
163 * 1 - byte CIST Remaining Hops
164 * 16 - bytes MSTI information [Max 64 MSTI, each 16 bytes]
165 *
166 *
167 * SPB BPDU
168 * Ref. IEEE 802.1aq. Section 14
169 *
170 * 2 - bytes Version 4 length
171 * 1 - byte Aux Config Identifier
172 * 32 - bytes Aux Config Name
173 * 2 - bytes Aux Revision level
174 * 16 - bytes Aux Config Digest [MD5]
175 * 1 - byte (1 - 2) Agreement Number
176 * (3 - 4) Discarded Agreement Number
177 * (5) Agreement Valid Flag
178 * (6) Restricted Role Flag
179 * (7 - 8) Unused sent zero
180 * 1 - byte Unused
181 * 1 - byte (1 - 4) Agreement Digest Format Identifier
182 * (5 - 8) Agreement Digest Format Capabilities
183 * 1 - byte (1 - 4) Agreement Digest Convention Identifier
184 * (5 - 8) Agreement Digest Convention Capabilities
185 * 2 - bytes Agreement Digest Edge Count
186 * 8 - byte Reserved Set
187 * 20 - bytes Computed Topology Digest
188 *
189 *
190 * MSTI Payload
191 *
192 * 1 - byte MSTI flag
193 * 8 - bytes MSTI Regional Root Identifier
194 * 4 - bytes MSTI Regional Path Cost
195 * 1 - byte MSTI Bridge Priority
196 * 1 - byte MSTI Port Priority
197 * 1 - byte MSTI Remaining Hops
198 *
199 */
200
201 #define MST_BPDU_MSTI_LENGTH 16
202 #define MST_BPDU_CONFIG_INFO_LENGTH 64
203
204 /* Offsets of fields from the beginning for the packet */
205 #define MST_BPDU_VER3_LEN_OFFSET 36
206 #define MST_BPDU_CONFIG_NAME_OFFSET 39
207 #define MST_BPDU_CONFIG_DIGEST_OFFSET 73
208 #define MST_BPDU_CIST_INT_PATH_COST_OFFSET 89
209 #define MST_BPDU_CIST_BRIDGE_ID_OFFSET 93
210 #define MST_BPDU_CIST_REMAIN_HOPS_OFFSET 101
211 #define MST_BPDU_MSTI_OFFSET 102
212 /* Offsets within an MSTI */
213 #define MST_BPDU_MSTI_ROOT_PRIO_OFFSET 1
214 #define MST_BPDU_MSTI_ROOT_PATH_COST_OFFSET 9
215 #define MST_BPDU_MSTI_BRIDGE_PRIO_OFFSET 13
216 #define MST_BPDU_MSTI_PORT_PRIO_OFFSET 14
217 #define MST_BPDU_MSTI_REMAIN_HOPS_OFFSET 15
218
219 #define SPB_BPDU_MIN_LEN 87
220 #define SPB_BPDU_CONFIG_NAME_OFFSET 3
221 #define SPB_BPDU_CONFIG_REV_OFFSET SPB_BPDU_CONFIG_NAME_OFFSET + 32
222 #define SPB_BPDU_CONFIG_DIGEST_OFFSET SPB_BPDU_CONFIG_REV_OFFSET + 2
223 #define SPB_BPDU_AGREEMENT_OFFSET SPB_BPDU_CONFIG_DIGEST_OFFSET + 16
224 #define SPB_BPDU_AGREEMENT_UNUSED_OFFSET SPB_BPDU_AGREEMENT_OFFSET + 1
225 #define SPB_BPDU_AGREEMENT_FORMAT_OFFSET SPB_BPDU_AGREEMENT_UNUSED_OFFSET + 1
226 #define SPB_BPDU_AGREEMENT_CON_OFFSET SPB_BPDU_AGREEMENT_FORMAT_OFFSET + 1
227 #define SPB_BPDU_AGREEMENT_EDGE_OFFSET SPB_BPDU_AGREEMENT_CON_OFFSET + 1
228 #define SPB_BPDU_AGREEMENT_RES1_OFFSET SPB_BPDU_AGREEMENT_EDGE_OFFSET + 2
229 #define SPB_BPDU_AGREEMENT_RES2_OFFSET SPB_BPDU_AGREEMENT_RES1_OFFSET + 4
230 #define SPB_BPDU_AGREEMENT_DIGEST_OFFSET SPB_BPDU_AGREEMENT_RES2_OFFSET + 4
231
232 static void
stp_print_mstp_bpdu(netdissect_options * ndo,const struct stp_bpdu_ * stp_bpdu,u_int length)233 stp_print_mstp_bpdu(netdissect_options *ndo, const struct stp_bpdu_ *stp_bpdu,
234 u_int length)
235 {
236 const u_char *ptr;
237 uint8_t bpdu_flags;
238 uint16_t v3len;
239 uint16_t len;
240 uint16_t msti;
241 u_int offset;
242
243 ptr = (const u_char *)stp_bpdu;
244 bpdu_flags = GET_U_1(stp_bpdu->flags);
245 ND_PRINT(", CIST Flags [%s], length %u",
246 bittok2str(stp_bpdu_flag_values, "none", bpdu_flags), length);
247
248 /*
249 * in non-verbose mode just print the flags.
250 */
251 if (!ndo->ndo_vflag) {
252 return;
253 }
254
255 ND_PRINT("\n\tport-role %s, ",
256 tok2str(rstp_obj_port_role_values, "Unknown",
257 RSTP_EXTRACT_PORT_ROLE(bpdu_flags)));
258
259 ND_PRINT("CIST root-id %s, CIST ext-pathcost %u",
260 stp_print_bridge_id(ndo, stp_bpdu->root_id),
261 GET_BE_U_4(stp_bpdu->root_path_cost));
262
263 ND_PRINT("\n\tCIST regional-root-id %s, ",
264 stp_print_bridge_id(ndo, stp_bpdu->bridge_id));
265
266 ND_PRINT("CIST port-id %04x,", GET_BE_U_2(stp_bpdu->port_id));
267
268 ND_PRINT("\n\tmessage-age %.2fs, max-age %.2fs"
269 ", hello-time %.2fs, forwarding-delay %.2fs",
270 (float) GET_BE_U_2(stp_bpdu->message_age) / STP_TIME_BASE,
271 (float) GET_BE_U_2(stp_bpdu->max_age) / STP_TIME_BASE,
272 (float) GET_BE_U_2(stp_bpdu->hello_time) / STP_TIME_BASE,
273 (float) GET_BE_U_2(stp_bpdu->forward_delay) / STP_TIME_BASE);
274
275 ND_PRINT("\n\tv3len %u, ", GET_BE_U_2(ptr + MST_BPDU_VER3_LEN_OFFSET));
276 ND_PRINT("MCID Name ");
277 nd_printjnp(ndo, ptr + MST_BPDU_CONFIG_NAME_OFFSET, 32);
278 ND_PRINT(", rev %u,"
279 "\n\t\tdigest %08x%08x%08x%08x, ",
280 GET_BE_U_2(ptr + MST_BPDU_CONFIG_NAME_OFFSET + 32),
281 GET_BE_U_4(ptr + MST_BPDU_CONFIG_DIGEST_OFFSET),
282 GET_BE_U_4(ptr + MST_BPDU_CONFIG_DIGEST_OFFSET + 4),
283 GET_BE_U_4(ptr + MST_BPDU_CONFIG_DIGEST_OFFSET + 8),
284 GET_BE_U_4(ptr + MST_BPDU_CONFIG_DIGEST_OFFSET + 12));
285
286 ND_PRINT("CIST int-root-pathcost %u,",
287 GET_BE_U_4(ptr + MST_BPDU_CIST_INT_PATH_COST_OFFSET));
288
289 ND_PRINT("\n\tCIST bridge-id %s, ",
290 stp_print_bridge_id(ndo, ptr + MST_BPDU_CIST_BRIDGE_ID_OFFSET));
291
292 ND_PRINT("CIST remaining-hops %u",
293 GET_U_1(ptr + MST_BPDU_CIST_REMAIN_HOPS_OFFSET));
294
295 /* Dump all MSTI's */
296 v3len = GET_BE_U_2(ptr + MST_BPDU_VER3_LEN_OFFSET);
297 if (v3len > MST_BPDU_CONFIG_INFO_LENGTH) {
298 len = v3len - MST_BPDU_CONFIG_INFO_LENGTH;
299 offset = MST_BPDU_MSTI_OFFSET;
300 while (len >= MST_BPDU_MSTI_LENGTH) {
301 msti = GET_BE_U_2(ptr + offset + MST_BPDU_MSTI_ROOT_PRIO_OFFSET);
302 msti = msti & 0x0FFF;
303
304 ND_PRINT("\n\tMSTI %u, Flags [%s], port-role %s",
305 msti,
306 bittok2str(stp_bpdu_flag_values, "none", GET_U_1(ptr + offset)),
307 tok2str(rstp_obj_port_role_values, "Unknown",
308 RSTP_EXTRACT_PORT_ROLE(GET_U_1(ptr + offset))));
309 ND_PRINT("\n\t\tMSTI regional-root-id %s, pathcost %u",
310 stp_print_bridge_id(ndo, ptr + offset +
311 MST_BPDU_MSTI_ROOT_PRIO_OFFSET),
312 GET_BE_U_4(ptr + offset + MST_BPDU_MSTI_ROOT_PATH_COST_OFFSET));
313 ND_PRINT("\n\t\tMSTI bridge-prio %u, port-prio %u, hops %u",
314 GET_U_1(ptr + offset + MST_BPDU_MSTI_BRIDGE_PRIO_OFFSET) >> 4,
315 GET_U_1(ptr + offset + MST_BPDU_MSTI_PORT_PRIO_OFFSET) >> 4,
316 GET_U_1(ptr + offset + MST_BPDU_MSTI_REMAIN_HOPS_OFFSET));
317
318 len -= MST_BPDU_MSTI_LENGTH;
319 offset += MST_BPDU_MSTI_LENGTH;
320 }
321 }
322 }
323
324 static void
stp_print_spb_bpdu(netdissect_options * ndo,const struct stp_bpdu_ * stp_bpdu,u_int offset)325 stp_print_spb_bpdu(netdissect_options *ndo, const struct stp_bpdu_ *stp_bpdu,
326 u_int offset)
327 {
328 const u_char *ptr;
329
330 /*
331 * in non-verbose mode don't print anything.
332 */
333 if (!ndo->ndo_vflag) {
334 return;
335 }
336
337 ptr = (const u_char *)stp_bpdu;
338
339 ND_PRINT("\n\tv4len %u, ", GET_BE_U_2(ptr + offset));
340 ND_PRINT("AUXMCID Name ");
341 nd_printjnp(ndo, ptr + offset + SPB_BPDU_CONFIG_NAME_OFFSET, 32);
342 ND_PRINT(", Rev %u,\n\t\tdigest %08x%08x%08x%08x",
343 GET_BE_U_2(ptr + offset + SPB_BPDU_CONFIG_REV_OFFSET),
344 GET_BE_U_4(ptr + offset + SPB_BPDU_CONFIG_DIGEST_OFFSET),
345 GET_BE_U_4(ptr + offset + SPB_BPDU_CONFIG_DIGEST_OFFSET + 4),
346 GET_BE_U_4(ptr + offset + SPB_BPDU_CONFIG_DIGEST_OFFSET + 8),
347 GET_BE_U_4(ptr + offset + SPB_BPDU_CONFIG_DIGEST_OFFSET + 12));
348
349 ND_PRINT("\n\tAgreement num %u, Discarded Agreement num %u, Agreement valid-"
350 "flag %u,\n\tRestricted role-flag: %u, Format id %u cap %u, "
351 "Convention id %u cap %u,\n\tEdge count %u, "
352 "Agreement digest %08x%08x%08x%08x%08x",
353 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_OFFSET)>>6,
354 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_OFFSET)>>4 & 0x3,
355 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_OFFSET)>>3 & 0x1,
356 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_OFFSET)>>2 & 0x1,
357 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_FORMAT_OFFSET)>>4,
358 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_FORMAT_OFFSET)&0x00ff,
359 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_CON_OFFSET)>>4,
360 GET_U_1(ptr + offset + SPB_BPDU_AGREEMENT_CON_OFFSET)&0x00ff,
361 GET_BE_U_2(ptr + offset + SPB_BPDU_AGREEMENT_EDGE_OFFSET),
362 GET_BE_U_4(ptr + offset + SPB_BPDU_AGREEMENT_DIGEST_OFFSET),
363 GET_BE_U_4(ptr + offset + SPB_BPDU_AGREEMENT_DIGEST_OFFSET + 4),
364 GET_BE_U_4(ptr + offset + SPB_BPDU_AGREEMENT_DIGEST_OFFSET + 8),
365 GET_BE_U_4(ptr + offset + SPB_BPDU_AGREEMENT_DIGEST_OFFSET + 12),
366 GET_BE_U_4(ptr + offset + SPB_BPDU_AGREEMENT_DIGEST_OFFSET + 16));
367 }
368
369 /*
370 * Print 802.1d / 802.1w / 802.1q (mstp) / 802.1aq (spb) packets.
371 */
372 void
stp_print(netdissect_options * ndo,const u_char * p,u_int length)373 stp_print(netdissect_options *ndo, const u_char *p, u_int length)
374 {
375 const struct stp_bpdu_ *stp_bpdu;
376 u_int protocol_version;
377 u_int bpdu_type;
378 u_int mstp_len;
379 u_int spb_len;
380
381 ndo->ndo_protocol = "stp";
382 stp_bpdu = (const struct stp_bpdu_*)p;
383
384 /* Minimum STP Frame size. */
385 if (length < 4)
386 goto invalid;
387
388 if (GET_BE_U_2(stp_bpdu->protocol_id)) {
389 ND_PRINT("unknown STP version, length %u", length);
390 return;
391 }
392
393 protocol_version = GET_U_1(stp_bpdu->protocol_version);
394 ND_PRINT("STP %s", tok2str(stp_proto_values, "Unknown STP protocol (0x%02x)",
395 protocol_version));
396
397 switch (protocol_version) {
398 case STP_PROTO_REGULAR:
399 case STP_PROTO_RAPID:
400 case STP_PROTO_MSTP:
401 case STP_PROTO_SPB:
402 break;
403 default:
404 return;
405 }
406
407 bpdu_type = GET_U_1(stp_bpdu->bpdu_type);
408 ND_PRINT(", %s", tok2str(stp_bpdu_type_values, "Unknown BPDU Type (0x%02x)",
409 bpdu_type));
410
411 switch (bpdu_type) {
412 case STP_BPDU_TYPE_CONFIG:
413 if (length < sizeof(struct stp_bpdu_) - 1) {
414 goto invalid;
415 }
416 stp_print_config_bpdu(ndo, stp_bpdu, length);
417 break;
418
419 case STP_BPDU_TYPE_RSTP:
420 if (protocol_version == STP_PROTO_RAPID) {
421 if (length < sizeof(struct stp_bpdu_)) {
422 goto invalid;
423 }
424 stp_print_config_bpdu(ndo, stp_bpdu, length);
425 } else if (protocol_version == STP_PROTO_MSTP ||
426 protocol_version == STP_PROTO_SPB) {
427 if (length < STP_BPDU_MSTP_MIN_LEN) {
428 goto invalid;
429 }
430
431 if (GET_U_1(stp_bpdu->v1_length) != 0) {
432 /* FIX ME: Emit a message here ? */
433 goto invalid;
434 }
435
436 /* Validate v3 length */
437 mstp_len = GET_BE_U_2(p + MST_BPDU_VER3_LEN_OFFSET);
438 mstp_len += 2; /* length encoding itself is 2 bytes */
439 if (length < (sizeof(struct stp_bpdu_) + mstp_len)) {
440 goto invalid;
441 }
442 stp_print_mstp_bpdu(ndo, stp_bpdu, length);
443
444 if (protocol_version == STP_PROTO_SPB) {
445 /* Validate v4 length */
446 spb_len = GET_BE_U_2(p + MST_BPDU_VER3_LEN_OFFSET + mstp_len);
447 spb_len += 2;
448 if (length < (sizeof(struct stp_bpdu_) + mstp_len + spb_len) ||
449 spb_len < SPB_BPDU_MIN_LEN) {
450 goto invalid;
451 }
452 stp_print_spb_bpdu(ndo, stp_bpdu, (sizeof(struct stp_bpdu_) + mstp_len));
453 }
454 }
455 break;
456
457 case STP_BPDU_TYPE_TOPO_CHANGE:
458 /* always empty message - just break out */
459 break;
460
461 default:
462 break;
463 }
464 return;
465
466 invalid:
467 nd_print_invalid(ndo);
468 }
469