1 /* 2 * Copyright (c) 1998-2007 The TCPDUMP project 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that: (1) source code 6 * distributions retain the above copyright notice and this paragraph 7 * in its entirety, and (2) distributions including binary code include 8 * the above copyright notice and this paragraph in its entirety in 9 * the documentation or other materials provided with the distribution. 10 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 11 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 12 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 13 * FOR A PARTICULAR PURPOSE. 14 * 15 * Reference documentation: 16 * http://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html 17 * http://docstore.mik.ua/univercd/cc/td/doc/product/lan/trsrb/frames.htm 18 * 19 * Original code ode by Carles Kishimoto <carles.kishimoto@gmail.com> 20 */ 21 22 /* \summary: Cisco VLAN Trunking Protocol (VTP) printer */ 23 24 #ifdef HAVE_CONFIG_H 25 #include "config.h" 26 #endif 27 28 #include <netdissect-stdinc.h> 29 30 #include "netdissect.h" 31 #include "addrtoname.h" 32 #include "extract.h" 33 34 #define VTP_HEADER_LEN 36 35 #define VTP_DOMAIN_NAME_LEN 32 36 #define VTP_MD5_DIGEST_LEN 16 37 #define VTP_UPDATE_TIMESTAMP_LEN 12 38 #define VTP_VLAN_INFO_FIXED_PART_LEN 12 /* length of VLAN info before VLAN name */ 39 40 #define VTP_SUMMARY_ADV 0x01 41 #define VTP_SUBSET_ADV 0x02 42 #define VTP_ADV_REQUEST 0x03 43 #define VTP_JOIN_MESSAGE 0x04 44 45 struct vtp_vlan_ { 46 uint8_t len; 47 uint8_t status; 48 uint8_t type; 49 uint8_t name_len; 50 uint16_t vlanid; 51 uint16_t mtu; 52 uint32_t index; 53 }; 54 55 static const struct tok vtp_message_type_values[] = { 56 { VTP_SUMMARY_ADV, "Summary advertisement"}, 57 { VTP_SUBSET_ADV, "Subset advertisement"}, 58 { VTP_ADV_REQUEST, "Advertisement request"}, 59 { VTP_JOIN_MESSAGE, "Join message"}, 60 { 0, NULL } 61 }; 62 63 static const struct tok vtp_header_values[] = { 64 { 0x01, "Followers"}, /* On Summary advertisement, 3rd byte is Followers */ 65 { 0x02, "Seq number"}, /* On Subset advertisement, 3rd byte is Sequence number */ 66 { 0x03, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ 67 { 0x04, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ 68 { 0, NULL } 69 }; 70 71 static const struct tok vtp_vlan_type_values[] = { 72 { 0x01, "Ethernet"}, 73 { 0x02, "FDDI"}, 74 { 0x03, "TrCRF"}, 75 { 0x04, "FDDI-net"}, 76 { 0x05, "TrBRF"}, 77 { 0, NULL } 78 }; 79 80 static const struct tok vtp_vlan_status[] = { 81 { 0x00, "Operational"}, 82 { 0x01, "Suspended"}, 83 { 0, NULL } 84 }; 85 86 #define VTP_VLAN_SOURCE_ROUTING_RING_NUMBER 0x01 87 #define VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER 0x02 88 #define VTP_VLAN_STP_TYPE 0x03 89 #define VTP_VLAN_PARENT_VLAN 0x04 90 #define VTP_VLAN_TRANS_BRIDGED_VLAN 0x05 91 #define VTP_VLAN_PRUNING 0x06 92 #define VTP_VLAN_BRIDGE_TYPE 0x07 93 #define VTP_VLAN_ARP_HOP_COUNT 0x08 94 #define VTP_VLAN_STE_HOP_COUNT 0x09 95 #define VTP_VLAN_BACKUP_CRF_MODE 0x0A 96 97 static const struct tok vtp_vlan_tlv_values[] = { 98 { VTP_VLAN_SOURCE_ROUTING_RING_NUMBER, "Source-Routing Ring Number TLV"}, 99 { VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER, "Source-Routing Bridge Number TLV"}, 100 { VTP_VLAN_STP_TYPE, "STP type TLV"}, 101 { VTP_VLAN_PARENT_VLAN, "Parent VLAN TLV"}, 102 { VTP_VLAN_TRANS_BRIDGED_VLAN, "Translationally bridged VLANs TLV"}, 103 { VTP_VLAN_PRUNING, "Pruning TLV"}, 104 { VTP_VLAN_BRIDGE_TYPE, "Bridge Type TLV"}, 105 { VTP_VLAN_ARP_HOP_COUNT, "Max ARP Hop Count TLV"}, 106 { VTP_VLAN_STE_HOP_COUNT, "Max STE Hop Count TLV"}, 107 { VTP_VLAN_BACKUP_CRF_MODE, "Backup CRF Mode TLV"}, 108 { 0, NULL } 109 }; 110 111 static const struct tok vtp_stp_type_values[] = { 112 { 1, "SRT"}, 113 { 2, "SRB"}, 114 { 3, "Auto"}, 115 { 0, NULL } 116 }; 117 118 void 119 vtp_print (netdissect_options *ndo, 120 const u_char *pptr, u_int length) 121 { 122 int type, len, tlv_len, tlv_value, mgmtd_len; 123 const u_char *tptr; 124 const struct vtp_vlan_ *vtp_vlan; 125 126 if (length < VTP_HEADER_LEN) 127 goto trunc; 128 129 tptr = pptr; 130 131 ND_TCHECK2(*tptr, VTP_HEADER_LEN); 132 133 type = *(tptr+1); 134 ND_PRINT((ndo, "VTPv%u, Message %s (0x%02x), length %u", 135 *tptr, 136 tok2str(vtp_message_type_values,"Unknown message type", type), 137 type, 138 length)); 139 140 /* In non-verbose mode, just print version and message type */ 141 if (ndo->ndo_vflag < 1) { 142 return; 143 } 144 145 /* verbose mode print all fields */ 146 ND_PRINT((ndo, "\n\tDomain name: ")); 147 mgmtd_len = *(tptr + 3); 148 if (mgmtd_len < 1 || mgmtd_len > 32) { 149 ND_PRINT((ndo, " [invalid MgmtD Len %d]", mgmtd_len)); 150 return; 151 } 152 fn_printzp(ndo, tptr + 4, mgmtd_len, NULL); 153 ND_PRINT((ndo, ", %s: %u", 154 tok2str(vtp_header_values, "Unknown", type), 155 *(tptr+2))); 156 157 tptr += VTP_HEADER_LEN; 158 159 switch (type) { 160 161 case VTP_SUMMARY_ADV: 162 163 /* 164 * SUMMARY ADVERTISEMENT 165 * 166 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 167 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 * | Version | Code | Followers | MgmtD Len | 169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 * | Management Domain Name (zero-padded to 32 bytes) | 171 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 * | Configuration revision number | 173 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 * | Updater Identity IP address | 175 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 * | Update Timestamp (12 bytes) | 177 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 * | MD5 digest (16 bytes) | 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * 181 */ 182 183 ND_TCHECK2(*tptr, 8); 184 ND_PRINT((ndo, "\n\t Config Rev %x, Updater %s", 185 EXTRACT_32BITS(tptr), 186 ipaddr_string(ndo, tptr+4))); 187 tptr += 8; 188 ND_TCHECK2(*tptr, VTP_UPDATE_TIMESTAMP_LEN); 189 ND_PRINT((ndo, ", Timestamp 0x%08x 0x%08x 0x%08x", 190 EXTRACT_32BITS(tptr), 191 EXTRACT_32BITS(tptr + 4), 192 EXTRACT_32BITS(tptr + 8))); 193 tptr += VTP_UPDATE_TIMESTAMP_LEN; 194 ND_TCHECK2(*tptr, VTP_MD5_DIGEST_LEN); 195 ND_PRINT((ndo, ", MD5 digest: %08x%08x%08x%08x", 196 EXTRACT_32BITS(tptr), 197 EXTRACT_32BITS(tptr + 4), 198 EXTRACT_32BITS(tptr + 8), 199 EXTRACT_32BITS(tptr + 12))); 200 tptr += VTP_MD5_DIGEST_LEN; 201 break; 202 203 case VTP_SUBSET_ADV: 204 205 /* 206 * SUBSET ADVERTISEMENT 207 * 208 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 209 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 * | Version | Code | Seq number | MgmtD Len | 211 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 * | Management Domain Name (zero-padded to 32 bytes) | 213 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 * | Configuration revision number | 215 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 * | VLAN info field 1 | 217 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 * | ................ | 219 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 * | VLAN info field N | 221 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 * 223 */ 224 225 ND_TCHECK_32BITS(tptr); 226 ND_PRINT((ndo, ", Config Rev %x", EXTRACT_32BITS(tptr))); 227 228 /* 229 * VLAN INFORMATION 230 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 231 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 * | V info len | Status | VLAN type | VLAN name len | 233 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 * | ISL vlan id | MTU size | 235 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 * | 802.10 index (SAID) | 237 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 * | VLAN name | 239 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 * 241 */ 242 243 tptr += 4; 244 while ((unsigned)(tptr - pptr) < length) { 245 246 ND_TCHECK_8BITS(tptr); 247 len = *tptr; 248 if (len == 0) 249 break; 250 251 ND_TCHECK2(*tptr, len); 252 253 vtp_vlan = (const struct vtp_vlan_*)tptr; 254 if (len < VTP_VLAN_INFO_FIXED_PART_LEN) 255 goto trunc; 256 ND_TCHECK(*vtp_vlan); 257 ND_PRINT((ndo, "\n\tVLAN info status %s, type %s, VLAN-id %u, MTU %u, SAID 0x%08x, Name ", 258 tok2str(vtp_vlan_status,"Unknown",vtp_vlan->status), 259 tok2str(vtp_vlan_type_values,"Unknown",vtp_vlan->type), 260 EXTRACT_16BITS(&vtp_vlan->vlanid), 261 EXTRACT_16BITS(&vtp_vlan->mtu), 262 EXTRACT_32BITS(&vtp_vlan->index))); 263 len -= VTP_VLAN_INFO_FIXED_PART_LEN; 264 tptr += VTP_VLAN_INFO_FIXED_PART_LEN; 265 if (len < 4*((vtp_vlan->name_len + 3)/4)) 266 goto trunc; 267 ND_TCHECK2(*tptr, vtp_vlan->name_len); 268 fn_printzp(ndo, tptr, vtp_vlan->name_len, NULL); 269 270 /* 271 * Vlan names are aligned to 32-bit boundaries. 272 */ 273 len -= 4*((vtp_vlan->name_len + 3)/4); 274 tptr += 4*((vtp_vlan->name_len + 3)/4); 275 276 /* TLV information follows */ 277 278 while (len > 0) { 279 280 /* 281 * Cisco specs say 2 bytes for type + 2 bytes for length; 282 * see http://docstore.mik.ua/univercd/cc/td/doc/product/lan/trsrb/frames.htm 283 * However, actual packets on the wire appear to use 1 284 * byte for the type and 1 byte for the length, so that's 285 * what we do. 286 */ 287 if (len < 2) 288 goto trunc; 289 ND_TCHECK2(*tptr, 2); 290 type = *tptr; 291 tlv_len = *(tptr+1); 292 293 ND_PRINT((ndo, "\n\t\t%s (0x%04x) TLV", 294 tok2str(vtp_vlan_tlv_values, "Unknown", type), 295 type)); 296 297 if (len < tlv_len * 2 + 2) { 298 ND_PRINT((ndo, " (TLV goes past the end of the packet)")); 299 return; 300 } 301 ND_TCHECK2(*tptr, tlv_len * 2 +2); 302 303 /* 304 * We assume the value is a 2-byte integer; the length is 305 * in units of 16-bit words. 306 */ 307 if (tlv_len != 1) { 308 ND_PRINT((ndo, " (invalid TLV length %u != 1)", tlv_len)); 309 return; 310 } else { 311 tlv_value = EXTRACT_16BITS(tptr+2); 312 313 switch (type) { 314 case VTP_VLAN_STE_HOP_COUNT: 315 ND_PRINT((ndo, ", %u", tlv_value)); 316 break; 317 318 case VTP_VLAN_PRUNING: 319 ND_PRINT((ndo, ", %s (%u)", 320 tlv_value == 1 ? "Enabled" : "Disabled", 321 tlv_value)); 322 break; 323 324 case VTP_VLAN_STP_TYPE: 325 ND_PRINT((ndo, ", %s (%u)", 326 tok2str(vtp_stp_type_values, "Unknown", tlv_value), 327 tlv_value)); 328 break; 329 330 case VTP_VLAN_BRIDGE_TYPE: 331 ND_PRINT((ndo, ", %s (%u)", 332 tlv_value == 1 ? "SRB" : "SRT", 333 tlv_value)); 334 break; 335 336 case VTP_VLAN_BACKUP_CRF_MODE: 337 ND_PRINT((ndo, ", %s (%u)", 338 tlv_value == 1 ? "Backup" : "Not backup", 339 tlv_value)); 340 break; 341 342 /* 343 * FIXME those are the defined TLVs that lack a decoder 344 * you are welcome to contribute code ;-) 345 */ 346 347 case VTP_VLAN_SOURCE_ROUTING_RING_NUMBER: 348 case VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER: 349 case VTP_VLAN_PARENT_VLAN: 350 case VTP_VLAN_TRANS_BRIDGED_VLAN: 351 case VTP_VLAN_ARP_HOP_COUNT: 352 default: 353 print_unknown_data(ndo, tptr, "\n\t\t ", 2 + tlv_len*2); 354 break; 355 } 356 } 357 len -= 2 + tlv_len*2; 358 tptr += 2 + tlv_len*2; 359 } 360 } 361 break; 362 363 case VTP_ADV_REQUEST: 364 365 /* 366 * ADVERTISEMENT REQUEST 367 * 368 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 369 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 370 * | Version | Code | Reserved | MgmtD Len | 371 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 372 * | Management Domain Name (zero-padded to 32 bytes) | 373 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 374 * | Start value | 375 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 376 * 377 */ 378 379 ND_TCHECK2(*tptr, 4); 380 ND_PRINT((ndo, "\n\tStart value: %u", EXTRACT_32BITS(tptr))); 381 break; 382 383 case VTP_JOIN_MESSAGE: 384 385 /* FIXME - Could not find message format */ 386 break; 387 388 default: 389 break; 390 } 391 392 return; 393 394 trunc: 395 ND_PRINT((ndo, "[|vtp]")); 396 } 397 398 /* 399 * Local Variables: 400 * c-style: whitesmith 401 * c-basic-offset: 4 402 * End: 403 */ 404