1 /* 2 * Copyright (c) 1998-2007 The TCPDUMP project 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that: (1) source code 6 * distributions retain the above copyright notice and this paragraph 7 * in its entirety, and (2) distributions including binary code include 8 * the above copyright notice and this paragraph in its entirety in 9 * the documentation or other materials provided with the distribution. 10 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 11 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 12 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 13 * FOR A PARTICULAR PURPOSE. 14 * 15 * Reference documentation: 16 * https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html 17 * https://docstore.mik.ua/univercd/cc/td/doc/product/lan/trsrb/frames.htm 18 * 19 * Original code ode by Carles Kishimoto <carles.kishimoto@gmail.com> 20 */ 21 22 /* \summary: Cisco VLAN Trunking Protocol (VTP) printer */ 23 24 #ifdef HAVE_CONFIG_H 25 #include <config.h> 26 #endif 27 28 #include "netdissect-stdinc.h" 29 30 #define ND_LONGJMP_FROM_TCHECK 31 #include "netdissect.h" 32 #include "addrtoname.h" 33 #include "extract.h" 34 35 #define VTP_HEADER_LEN 36 36 #define VTP_DOMAIN_NAME_LEN 32 37 #define VTP_MD5_DIGEST_LEN 16 38 #define VTP_UPDATE_TIMESTAMP_LEN 12 39 #define VTP_VLAN_INFO_FIXED_PART_LEN 12 /* length of VLAN info before VLAN name */ 40 41 #define VTP_SUMMARY_ADV 0x01 42 #define VTP_SUBSET_ADV 0x02 43 #define VTP_ADV_REQUEST 0x03 44 #define VTP_JOIN_MESSAGE 0x04 45 46 struct vtp_vlan_ { 47 nd_uint8_t len; 48 nd_uint8_t status; 49 nd_uint8_t type; 50 nd_uint8_t name_len; 51 nd_uint16_t vlanid; 52 nd_uint16_t mtu; 53 nd_uint32_t index; 54 }; 55 56 static const struct tok vtp_message_type_values[] = { 57 { VTP_SUMMARY_ADV, "Summary advertisement"}, 58 { VTP_SUBSET_ADV, "Subset advertisement"}, 59 { VTP_ADV_REQUEST, "Advertisement request"}, 60 { VTP_JOIN_MESSAGE, "Join message"}, 61 { 0, NULL } 62 }; 63 64 static const struct tok vtp_header_values[] = { 65 { 0x01, "Followers"}, /* On Summary advertisement, 3rd byte is Followers */ 66 { 0x02, "Seq number"}, /* On Subset advertisement, 3rd byte is Sequence number */ 67 { 0x03, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ 68 { 0x04, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ 69 { 0, NULL } 70 }; 71 72 static const struct tok vtp_vlan_type_values[] = { 73 { 0x01, "Ethernet"}, 74 { 0x02, "FDDI"}, 75 { 0x03, "TrCRF"}, 76 { 0x04, "FDDI-net"}, 77 { 0x05, "TrBRF"}, 78 { 0, NULL } 79 }; 80 81 static const struct tok vtp_vlan_status[] = { 82 { 0x00, "Operational"}, 83 { 0x01, "Suspended"}, 84 { 0, NULL } 85 }; 86 87 #define VTP_VLAN_SOURCE_ROUTING_RING_NUMBER 0x01 88 #define VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER 0x02 89 #define VTP_VLAN_STP_TYPE 0x03 90 #define VTP_VLAN_PARENT_VLAN 0x04 91 #define VTP_VLAN_TRANS_BRIDGED_VLAN 0x05 92 #define VTP_VLAN_PRUNING 0x06 93 #define VTP_VLAN_BRIDGE_TYPE 0x07 94 #define VTP_VLAN_ARP_HOP_COUNT 0x08 95 #define VTP_VLAN_STE_HOP_COUNT 0x09 96 #define VTP_VLAN_BACKUP_CRF_MODE 0x0A 97 98 static const struct tok vtp_vlan_tlv_values[] = { 99 { VTP_VLAN_SOURCE_ROUTING_RING_NUMBER, "Source-Routing Ring Number TLV"}, 100 { VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER, "Source-Routing Bridge Number TLV"}, 101 { VTP_VLAN_STP_TYPE, "STP type TLV"}, 102 { VTP_VLAN_PARENT_VLAN, "Parent VLAN TLV"}, 103 { VTP_VLAN_TRANS_BRIDGED_VLAN, "Translationally bridged VLANs TLV"}, 104 { VTP_VLAN_PRUNING, "Pruning TLV"}, 105 { VTP_VLAN_BRIDGE_TYPE, "Bridge Type TLV"}, 106 { VTP_VLAN_ARP_HOP_COUNT, "Max ARP Hop Count TLV"}, 107 { VTP_VLAN_STE_HOP_COUNT, "Max STE Hop Count TLV"}, 108 { VTP_VLAN_BACKUP_CRF_MODE, "Backup CRF Mode TLV"}, 109 { 0, NULL } 110 }; 111 112 static const struct tok vtp_stp_type_values[] = { 113 { 1, "SRT"}, 114 { 2, "SRB"}, 115 { 3, "Auto"}, 116 { 0, NULL } 117 }; 118 119 void 120 vtp_print(netdissect_options *ndo, 121 const u_char *pptr, const u_int length) 122 { 123 u_int type, len, name_len, tlv_len, tlv_value, mgmtd_len; 124 const u_char *tptr; 125 const struct vtp_vlan_ *vtp_vlan; 126 127 ndo->ndo_protocol = "vtp"; 128 if (length < VTP_HEADER_LEN) 129 goto invalid; 130 131 tptr = pptr; 132 133 ND_TCHECK_LEN(tptr, VTP_HEADER_LEN); 134 135 type = GET_U_1(tptr + 1); 136 ND_PRINT("VTPv%u, Message %s (0x%02x), length %u", 137 GET_U_1(tptr), 138 tok2str(vtp_message_type_values,"Unknown message type", type), 139 type, 140 length); 141 142 /* In non-verbose mode, just print version and message type */ 143 if (ndo->ndo_vflag < 1) { 144 goto tcheck_full_packet; 145 } 146 147 /* verbose mode print all fields */ 148 ND_PRINT("\n\tDomain name: "); 149 mgmtd_len = GET_U_1(tptr + 3); 150 if (mgmtd_len < 1 || mgmtd_len > VTP_DOMAIN_NAME_LEN) { 151 ND_PRINT(" [invalid MgmtD Len %u]", mgmtd_len); 152 goto invalid; 153 } 154 nd_printjnp(ndo, tptr + 4, mgmtd_len); 155 ND_PRINT(", %s: %u", 156 tok2str(vtp_header_values, "Unknown", type), 157 GET_U_1(tptr + 2)); 158 159 tptr += VTP_HEADER_LEN; 160 161 switch (type) { 162 163 case VTP_SUMMARY_ADV: 164 165 /* 166 * SUMMARY ADVERTISEMENT 167 * 168 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 * | Version | Code | Followers | MgmtD Len | 171 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 * | Management Domain Name (zero-padded to 32 bytes) | 173 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 * | Configuration revision number | 175 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 * | Updater Identity IP address | 177 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 * | Update Timestamp (12 bytes) | 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * | MD5 digest (16 bytes) | 181 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 * 183 */ 184 185 ND_PRINT("\n\t Config Rev %x, Updater %s", 186 GET_BE_U_4(tptr), 187 GET_IPADDR_STRING(tptr+4)); 188 tptr += 8; 189 ND_PRINT(", Timestamp 0x%08x 0x%08x 0x%08x", 190 GET_BE_U_4(tptr), 191 GET_BE_U_4(tptr + 4), 192 GET_BE_U_4(tptr + 8)); 193 tptr += VTP_UPDATE_TIMESTAMP_LEN; 194 ND_PRINT(", MD5 digest: %08x%08x%08x%08x", 195 GET_BE_U_4(tptr), 196 GET_BE_U_4(tptr + 4), 197 GET_BE_U_4(tptr + 8), 198 GET_BE_U_4(tptr + 12)); 199 tptr += VTP_MD5_DIGEST_LEN; 200 break; 201 202 case VTP_SUBSET_ADV: 203 204 /* 205 * SUBSET ADVERTISEMENT 206 * 207 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 * | Version | Code | Seq number | MgmtD Len | 210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 * | Management Domain Name (zero-padded to 32 bytes) | 212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 * | Configuration revision number | 214 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 215 * | VLAN info field 1 | 216 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 217 * | ................ | 218 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 * | VLAN info field N | 220 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 * 222 */ 223 224 ND_PRINT(", Config Rev %x", GET_BE_U_4(tptr)); 225 226 /* 227 * VLAN INFORMATION 228 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 229 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 * | V info len | Status | VLAN type | VLAN name len | 231 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 * | ISL vlan id | MTU size | 233 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 * | 802.10 index (SAID) | 235 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 * | VLAN name | 237 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 * 239 */ 240 241 tptr += 4; 242 while ((unsigned)(tptr - pptr) < length) { 243 244 len = GET_U_1(tptr); 245 if (len == 0) 246 break; 247 248 ND_TCHECK_LEN(tptr, len); 249 250 vtp_vlan = (const struct vtp_vlan_*)tptr; 251 if (len < VTP_VLAN_INFO_FIXED_PART_LEN) 252 goto invalid; 253 ND_PRINT("\n\tVLAN info status %s, type %s, VLAN-id %u, MTU %u, SAID 0x%08x, Name ", 254 tok2str(vtp_vlan_status,"Unknown",GET_U_1(vtp_vlan->status)), 255 tok2str(vtp_vlan_type_values,"Unknown",GET_U_1(vtp_vlan->type)), 256 GET_BE_U_2(vtp_vlan->vlanid), 257 GET_BE_U_2(vtp_vlan->mtu), 258 GET_BE_U_4(vtp_vlan->index)); 259 len -= VTP_VLAN_INFO_FIXED_PART_LEN; 260 tptr += VTP_VLAN_INFO_FIXED_PART_LEN; 261 name_len = GET_U_1(vtp_vlan->name_len); 262 if (len < 4*((name_len + 3)/4)) 263 goto invalid; 264 nd_printjnp(ndo, tptr, name_len); 265 266 /* 267 * Vlan names are aligned to 32-bit boundaries. 268 */ 269 len -= 4*((name_len + 3)/4); 270 tptr += 4*((name_len + 3)/4); 271 272 /* TLV information follows */ 273 274 while (len > 0) { 275 276 /* 277 * Cisco specs say 2 bytes for type + 2 bytes for length; 278 * see https://docstore.mik.ua/univercd/cc/td/doc/product/lan/trsrb/frames.htm 279 * However, actual packets on the wire appear to use 1 280 * byte for the type and 1 byte for the length, so that's 281 * what we do. 282 */ 283 if (len < 2) 284 goto invalid; 285 type = GET_U_1(tptr); 286 tlv_len = GET_U_1(tptr + 1); 287 288 ND_PRINT("\n\t\t%s (0x%04x) TLV", 289 tok2str(vtp_vlan_tlv_values, "Unknown", type), 290 type); 291 292 if (len < tlv_len * 2 + 2) { 293 ND_PRINT(" (TLV goes past the end of the packet)"); 294 goto invalid; 295 } 296 ND_TCHECK_LEN(tptr, tlv_len * 2 + 2); 297 298 /* 299 * We assume the value is a 2-byte integer; the length is 300 * in units of 16-bit words. 301 */ 302 if (tlv_len != 1) { 303 ND_PRINT(" (invalid TLV length %u != 1)", tlv_len); 304 goto invalid; 305 } else { 306 tlv_value = GET_BE_U_2(tptr + 2); 307 308 switch (type) { 309 case VTP_VLAN_STE_HOP_COUNT: 310 ND_PRINT(", %u", tlv_value); 311 break; 312 313 case VTP_VLAN_PRUNING: 314 ND_PRINT(", %s (%u)", 315 tlv_value == 1 ? "Enabled" : "Disabled", 316 tlv_value); 317 break; 318 319 case VTP_VLAN_STP_TYPE: 320 ND_PRINT(", %s (%u)", 321 tok2str(vtp_stp_type_values, "Unknown", tlv_value), 322 tlv_value); 323 break; 324 325 case VTP_VLAN_BRIDGE_TYPE: 326 ND_PRINT(", %s (%u)", 327 tlv_value == 1 ? "SRB" : "SRT", 328 tlv_value); 329 break; 330 331 case VTP_VLAN_BACKUP_CRF_MODE: 332 ND_PRINT(", %s (%u)", 333 tlv_value == 1 ? "Backup" : "Not backup", 334 tlv_value); 335 break; 336 337 /* 338 * FIXME those are the defined TLVs that lack a decoder 339 * you are welcome to contribute code ;-) 340 */ 341 342 case VTP_VLAN_SOURCE_ROUTING_RING_NUMBER: 343 case VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER: 344 case VTP_VLAN_PARENT_VLAN: 345 case VTP_VLAN_TRANS_BRIDGED_VLAN: 346 case VTP_VLAN_ARP_HOP_COUNT: 347 default: 348 print_unknown_data(ndo, tptr, "\n\t\t ", 2 + tlv_len*2); 349 break; 350 } 351 } 352 len -= 2 + tlv_len*2; 353 tptr += 2 + tlv_len*2; 354 } 355 } 356 break; 357 358 case VTP_ADV_REQUEST: 359 360 /* 361 * ADVERTISEMENT REQUEST 362 * 363 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 364 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 * | Version | Code | Reserved | MgmtD Len | 366 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 * | Management Domain Name (zero-padded to 32 bytes) | 368 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 * | Start value | 370 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 * 372 */ 373 374 ND_PRINT("\n\tStart value: %u", GET_BE_U_4(tptr)); 375 break; 376 377 case VTP_JOIN_MESSAGE: 378 379 /* FIXME - Could not find message format */ 380 break; 381 382 default: 383 break; 384 } 385 386 return; 387 388 invalid: 389 nd_print_invalid(ndo); 390 tcheck_full_packet: 391 ND_TCHECK_LEN(pptr, length); 392 } 393