1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Extensively modified by Motonori Shindo (mshindo@mshindo.net) for more
22 * complete PPP support.
23 */
24
25 /* \summary: Point to Point Protocol (PPP) printer */
26
27 /*
28 * TODO:
29 * o resolve XXX as much as possible
30 * o MP support
31 * o BAP support
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 #include "netdissect-stdinc.h"
39
40 #ifdef __bsdi__
41 #include <net/slcompress.h>
42 #include <net/if_ppp.h>
43 #endif
44
45 #include "netdissect.h"
46 #include "extract.h"
47 #include "addrtoname.h"
48 #include "ppp.h"
49 #include "chdlc.h"
50 #include "ethertype.h"
51 #include "oui.h"
52 #include "netdissect-alloc.h"
53
54 /*
55 * The following constants are defined by IANA. Please refer to
56 * https://www.isi.edu/in-notes/iana/assignments/ppp-numbers
57 * for the up-to-date information.
58 */
59
60 /* Protocol Codes defined in ppp.h */
61
62 static const struct tok ppptype2str[] = {
63 { PPP_IP, "IP" },
64 { PPP_OSI, "OSI" },
65 { PPP_NS, "NS" },
66 { PPP_DECNET, "DECNET" },
67 { PPP_APPLE, "APPLE" },
68 { PPP_IPX, "IPX" },
69 { PPP_VJC, "VJC IP" },
70 { PPP_VJNC, "VJNC IP" },
71 { PPP_BRPDU, "BRPDU" },
72 { PPP_STII, "STII" },
73 { PPP_VINES, "VINES" },
74 { PPP_MPLS_UCAST, "MPLS" },
75 { PPP_MPLS_MCAST, "MPLS" },
76 { PPP_COMP, "Compressed"},
77 { PPP_ML, "MLPPP"},
78 { PPP_IPV6, "IP6"},
79
80 { PPP_HELLO, "HELLO" },
81 { PPP_LUXCOM, "LUXCOM" },
82 { PPP_SNS, "SNS" },
83 { PPP_IPCP, "IPCP" },
84 { PPP_OSICP, "OSICP" },
85 { PPP_NSCP, "NSCP" },
86 { PPP_DECNETCP, "DECNETCP" },
87 { PPP_APPLECP, "APPLECP" },
88 { PPP_IPXCP, "IPXCP" },
89 { PPP_STIICP, "STIICP" },
90 { PPP_VINESCP, "VINESCP" },
91 { PPP_IPV6CP, "IP6CP" },
92 { PPP_MPLSCP, "MPLSCP" },
93
94 { PPP_LCP, "LCP" },
95 { PPP_PAP, "PAP" },
96 { PPP_LQM, "LQM" },
97 { PPP_CHAP, "CHAP" },
98 { PPP_EAP, "EAP" },
99 { PPP_SPAP, "SPAP" },
100 { PPP_SPAP_OLD, "Old-SPAP" },
101 { PPP_BACP, "BACP" },
102 { PPP_BAP, "BAP" },
103 { PPP_MPCP, "MLPPP-CP" },
104 { PPP_CCP, "CCP" },
105 { 0, NULL }
106 };
107
108 /* Control Protocols (LCP/IPCP/CCP etc.) Codes defined in RFC 1661 */
109
110 #define CPCODES_VEXT 0 /* Vendor-Specific (RFC2153) */
111 #define CPCODES_CONF_REQ 1 /* Configure-Request */
112 #define CPCODES_CONF_ACK 2 /* Configure-Ack */
113 #define CPCODES_CONF_NAK 3 /* Configure-Nak */
114 #define CPCODES_CONF_REJ 4 /* Configure-Reject */
115 #define CPCODES_TERM_REQ 5 /* Terminate-Request */
116 #define CPCODES_TERM_ACK 6 /* Terminate-Ack */
117 #define CPCODES_CODE_REJ 7 /* Code-Reject */
118 #define CPCODES_PROT_REJ 8 /* Protocol-Reject (LCP only) */
119 #define CPCODES_ECHO_REQ 9 /* Echo-Request (LCP only) */
120 #define CPCODES_ECHO_RPL 10 /* Echo-Reply (LCP only) */
121 #define CPCODES_DISC_REQ 11 /* Discard-Request (LCP only) */
122 #define CPCODES_ID 12 /* Identification (LCP only) RFC1570 */
123 #define CPCODES_TIME_REM 13 /* Time-Remaining (LCP only) RFC1570 */
124 #define CPCODES_RESET_REQ 14 /* Reset-Request (CCP only) RFC1962 */
125 #define CPCODES_RESET_REP 15 /* Reset-Reply (CCP only) */
126
127 static const struct tok cpcodes[] = {
128 {CPCODES_VEXT, "Vendor-Extension"}, /* RFC2153 */
129 {CPCODES_CONF_REQ, "Conf-Request"},
130 {CPCODES_CONF_ACK, "Conf-Ack"},
131 {CPCODES_CONF_NAK, "Conf-Nack"},
132 {CPCODES_CONF_REJ, "Conf-Reject"},
133 {CPCODES_TERM_REQ, "Term-Request"},
134 {CPCODES_TERM_ACK, "Term-Ack"},
135 {CPCODES_CODE_REJ, "Code-Reject"},
136 {CPCODES_PROT_REJ, "Prot-Reject"},
137 {CPCODES_ECHO_REQ, "Echo-Request"},
138 {CPCODES_ECHO_RPL, "Echo-Reply"},
139 {CPCODES_DISC_REQ, "Disc-Req"},
140 {CPCODES_ID, "Ident"}, /* RFC1570 */
141 {CPCODES_TIME_REM, "Time-Rem"}, /* RFC1570 */
142 {CPCODES_RESET_REQ, "Reset-Req"}, /* RFC1962 */
143 {CPCODES_RESET_REP, "Reset-Ack"}, /* RFC1962 */
144 {0, NULL}
145 };
146
147 /* LCP Config Options */
148
149 #define LCPOPT_VEXT 0
150 #define LCPOPT_MRU 1
151 #define LCPOPT_ACCM 2
152 #define LCPOPT_AP 3
153 #define LCPOPT_QP 4
154 #define LCPOPT_MN 5
155 #define LCPOPT_DEP6 6
156 #define LCPOPT_PFC 7
157 #define LCPOPT_ACFC 8
158 #define LCPOPT_FCSALT 9
159 #define LCPOPT_SDP 10
160 #define LCPOPT_NUMMODE 11
161 #define LCPOPT_DEP12 12
162 #define LCPOPT_CBACK 13
163 #define LCPOPT_DEP14 14
164 #define LCPOPT_DEP15 15
165 #define LCPOPT_DEP16 16
166 #define LCPOPT_MLMRRU 17
167 #define LCPOPT_MLSSNHF 18
168 #define LCPOPT_MLED 19
169 #define LCPOPT_PROP 20
170 #define LCPOPT_DCEID 21
171 #define LCPOPT_MPP 22
172 #define LCPOPT_LD 23
173 #define LCPOPT_LCPAOPT 24
174 #define LCPOPT_COBS 25
175 #define LCPOPT_PE 26
176 #define LCPOPT_MLHF 27
177 #define LCPOPT_I18N 28
178 #define LCPOPT_SDLOS 29
179 #define LCPOPT_PPPMUX 30
180
181 static const char *lcpconfopts[] = {
182 "Vend-Ext", /* (0) */
183 "MRU", /* (1) */
184 "ACCM", /* (2) */
185 "Auth-Prot", /* (3) */
186 "Qual-Prot", /* (4) */
187 "Magic-Num", /* (5) */
188 "deprecated(6)", /* used to be a Quality Protocol */
189 "PFC", /* (7) */
190 "ACFC", /* (8) */
191 "FCS-Alt", /* (9) */
192 "SDP", /* (10) */
193 "Num-Mode", /* (11) */
194 "deprecated(12)", /* used to be a Multi-Link-Procedure*/
195 "Call-Back", /* (13) */
196 "deprecated(14)", /* used to be a Connect-Time */
197 "deprecated(15)", /* used to be a Compund-Frames */
198 "deprecated(16)", /* used to be a Nominal-Data-Encap */
199 "MRRU", /* (17) */
200 "12-Bit seq #", /* (18) */
201 "End-Disc", /* (19) */
202 "Proprietary", /* (20) */
203 "DCE-Id", /* (21) */
204 "MP+", /* (22) */
205 "Link-Disc", /* (23) */
206 "LCP-Auth-Opt", /* (24) */
207 "COBS", /* (25) */
208 "Prefix-elision", /* (26) */
209 "Multilink-header-Form",/* (27) */
210 "I18N", /* (28) */
211 "SDL-over-SONET/SDH", /* (29) */
212 "PPP-Muxing", /* (30) */
213 };
214
215 #define NUM_LCPOPTS (sizeof(lcpconfopts) / sizeof(lcpconfopts[0]))
216
217 /* ECP - to be supported */
218
219 /* CCP Config Options */
220
221 #define CCPOPT_OUI 0 /* RFC1962 */
222 #define CCPOPT_PRED1 1 /* RFC1962 */
223 #define CCPOPT_PRED2 2 /* RFC1962 */
224 #define CCPOPT_PJUMP 3 /* RFC1962 */
225 /* 4-15 unassigned */
226 #define CCPOPT_HPPPC 16 /* RFC1962 */
227 #define CCPOPT_STACLZS 17 /* RFC1974 */
228 #define CCPOPT_MPPC 18 /* RFC2118 */
229 #define CCPOPT_GFZA 19 /* RFC1962 */
230 #define CCPOPT_V42BIS 20 /* RFC1962 */
231 #define CCPOPT_BSDCOMP 21 /* RFC1977 */
232 /* 22 unassigned */
233 #define CCPOPT_LZSDCP 23 /* RFC1967 */
234 #define CCPOPT_MVRCA 24 /* RFC1975 */
235 #define CCPOPT_DEC 25 /* RFC1976 */
236 #define CCPOPT_DEFLATE 26 /* RFC1979 */
237 /* 27-254 unassigned */
238 #define CCPOPT_RESV 255 /* RFC1962 */
239
240 static const struct tok ccpconfopts_values[] = {
241 { CCPOPT_OUI, "OUI" },
242 { CCPOPT_PRED1, "Pred-1" },
243 { CCPOPT_PRED2, "Pred-2" },
244 { CCPOPT_PJUMP, "Puddle" },
245 { CCPOPT_HPPPC, "HP-PPC" },
246 { CCPOPT_STACLZS, "Stac-LZS" },
247 { CCPOPT_MPPC, "MPPC" },
248 { CCPOPT_GFZA, "Gand-FZA" },
249 { CCPOPT_V42BIS, "V.42bis" },
250 { CCPOPT_BSDCOMP, "BSD-Comp" },
251 { CCPOPT_LZSDCP, "LZS-DCP" },
252 { CCPOPT_MVRCA, "MVRCA" },
253 { CCPOPT_DEC, "DEC" },
254 { CCPOPT_DEFLATE, "Deflate" },
255 { CCPOPT_RESV, "Reserved"},
256 {0, NULL}
257 };
258
259 /* BACP Config Options */
260
261 #define BACPOPT_FPEER 1 /* RFC2125 */
262
263 static const struct tok bacconfopts_values[] = {
264 { BACPOPT_FPEER, "Favored-Peer" },
265 {0, NULL}
266 };
267
268
269 /* SDCP - to be supported */
270
271 /* IPCP Config Options */
272 #define IPCPOPT_2ADDR 1 /* RFC1172, RFC1332 (deprecated) */
273 #define IPCPOPT_IPCOMP 2 /* RFC1332 */
274 #define IPCPOPT_ADDR 3 /* RFC1332 */
275 #define IPCPOPT_MOBILE4 4 /* RFC2290 */
276 #define IPCPOPT_PRIDNS 129 /* RFC1877 */
277 #define IPCPOPT_PRINBNS 130 /* RFC1877 */
278 #define IPCPOPT_SECDNS 131 /* RFC1877 */
279 #define IPCPOPT_SECNBNS 132 /* RFC1877 */
280
281 static const struct tok ipcpopt_values[] = {
282 { IPCPOPT_2ADDR, "IP-Addrs" },
283 { IPCPOPT_IPCOMP, "IP-Comp" },
284 { IPCPOPT_ADDR, "IP-Addr" },
285 { IPCPOPT_MOBILE4, "Home-Addr" },
286 { IPCPOPT_PRIDNS, "Pri-DNS" },
287 { IPCPOPT_PRINBNS, "Pri-NBNS" },
288 { IPCPOPT_SECDNS, "Sec-DNS" },
289 { IPCPOPT_SECNBNS, "Sec-NBNS" },
290 { 0, NULL }
291 };
292
293 #define IPCPOPT_IPCOMP_HDRCOMP 0x61 /* rfc3544 */
294 #define IPCPOPT_IPCOMP_MINLEN 14
295
296 static const struct tok ipcpopt_compproto_values[] = {
297 { PPP_VJC, "VJ-Comp" },
298 { IPCPOPT_IPCOMP_HDRCOMP, "IP Header Compression" },
299 { 0, NULL }
300 };
301
302 static const struct tok ipcpopt_compproto_subopt_values[] = {
303 { 1, "RTP-Compression" },
304 { 2, "Enhanced RTP-Compression" },
305 { 0, NULL }
306 };
307
308 /* IP6CP Config Options */
309 #define IP6CP_IFID 1
310
311 static const struct tok ip6cpopt_values[] = {
312 { IP6CP_IFID, "Interface-ID" },
313 { 0, NULL }
314 };
315
316 /* ATCP - to be supported */
317 /* OSINLCP - to be supported */
318 /* BVCP - to be supported */
319 /* BCP - to be supported */
320 /* IPXCP - to be supported */
321 /* MPLSCP - to be supported */
322
323 /* Auth Algorithms */
324
325 /* 0-4 Reserved (RFC1994) */
326 #define AUTHALG_CHAPMD5 5 /* RFC1994 */
327 #define AUTHALG_MSCHAP1 128 /* RFC2433 */
328 #define AUTHALG_MSCHAP2 129 /* RFC2795 */
329
330 static const struct tok authalg_values[] = {
331 { AUTHALG_CHAPMD5, "MD5" },
332 { AUTHALG_MSCHAP1, "MS-CHAPv1" },
333 { AUTHALG_MSCHAP2, "MS-CHAPv2" },
334 { 0, NULL }
335 };
336
337 /* FCS Alternatives - to be supported */
338
339 /* Multilink Endpoint Discriminator (RFC1717) */
340 #define MEDCLASS_NULL 0 /* Null Class */
341 #define MEDCLASS_LOCAL 1 /* Locally Assigned */
342 #define MEDCLASS_IPV4 2 /* Internet Protocol (IPv4) */
343 #define MEDCLASS_MAC 3 /* IEEE 802.1 global MAC address */
344 #define MEDCLASS_MNB 4 /* PPP Magic Number Block */
345 #define MEDCLASS_PSNDN 5 /* Public Switched Network Director Number */
346
347 /* PPP LCP Callback */
348 #define CALLBACK_AUTH 0 /* Location determined by user auth */
349 #define CALLBACK_DSTR 1 /* Dialing string */
350 #define CALLBACK_LID 2 /* Location identifier */
351 #define CALLBACK_E164 3 /* E.164 number */
352 #define CALLBACK_X500 4 /* X.500 distinguished name */
353 #define CALLBACK_CBCP 6 /* Location is determined during CBCP nego */
354
355 static const struct tok ppp_callback_values[] = {
356 { CALLBACK_AUTH, "UserAuth" },
357 { CALLBACK_DSTR, "DialString" },
358 { CALLBACK_LID, "LocalID" },
359 { CALLBACK_E164, "E.164" },
360 { CALLBACK_X500, "X.500" },
361 { CALLBACK_CBCP, "CBCP" },
362 { 0, NULL }
363 };
364
365 /* CHAP */
366
367 #define CHAP_CHAL 1
368 #define CHAP_RESP 2
369 #define CHAP_SUCC 3
370 #define CHAP_FAIL 4
371
372 static const struct tok chapcode_values[] = {
373 { CHAP_CHAL, "Challenge" },
374 { CHAP_RESP, "Response" },
375 { CHAP_SUCC, "Success" },
376 { CHAP_FAIL, "Fail" },
377 { 0, NULL}
378 };
379
380 /* PAP */
381
382 #define PAP_AREQ 1
383 #define PAP_AACK 2
384 #define PAP_ANAK 3
385
386 static const struct tok papcode_values[] = {
387 { PAP_AREQ, "Auth-Req" },
388 { PAP_AACK, "Auth-ACK" },
389 { PAP_ANAK, "Auth-NACK" },
390 { 0, NULL }
391 };
392
393 /* BAP */
394 #define BAP_CALLREQ 1
395 #define BAP_CALLRES 2
396 #define BAP_CBREQ 3
397 #define BAP_CBRES 4
398 #define BAP_LDQREQ 5
399 #define BAP_LDQRES 6
400 #define BAP_CSIND 7
401 #define BAP_CSRES 8
402
403 static u_int print_lcp_config_options(netdissect_options *, const u_char *p, u_int);
404 static u_int print_ipcp_config_options(netdissect_options *, const u_char *p, u_int);
405 static u_int print_ip6cp_config_options(netdissect_options *, const u_char *p, u_int);
406 static u_int print_ccp_config_options(netdissect_options *, const u_char *p, u_int);
407 static u_int print_bacp_config_options(netdissect_options *, const u_char *p, u_int);
408 static void handle_ppp(netdissect_options *, u_int proto, const u_char *p, u_int length);
409
410 /* generic Control Protocol (e.g. LCP, IPCP, CCP, etc.) handler */
411 static void
handle_ctrl_proto(netdissect_options * ndo,u_int proto,const u_char * pptr,u_int length)412 handle_ctrl_proto(netdissect_options *ndo,
413 u_int proto, const u_char *pptr, u_int length)
414 {
415 const char *typestr;
416 u_int code, len;
417 u_int (*pfunc)(netdissect_options *, const u_char *, u_int);
418 u_int tlen, advance;
419 const u_char *tptr;
420
421 tptr=pptr;
422
423 typestr = tok2str(ppptype2str, "unknown ctrl-proto (0x%04x)", proto);
424 ND_PRINT("%s, ", typestr);
425
426 if (length < 4) /* FIXME weak boundary checking */
427 goto trunc;
428 ND_TCHECK_2(tptr);
429
430 code = GET_U_1(tptr);
431 tptr++;
432
433 ND_PRINT("%s (0x%02x), id %u, length %u",
434 tok2str(cpcodes, "Unknown Opcode",code),
435 code,
436 GET_U_1(tptr), /* ID */
437 length + 2);
438 tptr++;
439
440 if (!ndo->ndo_vflag)
441 return;
442
443 len = GET_BE_U_2(tptr);
444 tptr += 2;
445
446 if (len < 4) {
447 ND_PRINT("\n\tencoded length %u (< 4))", len);
448 return;
449 }
450
451 if (len > length) {
452 ND_PRINT("\n\tencoded length %u (> packet length %u))", len, length);
453 return;
454 }
455 length = len;
456
457 ND_PRINT("\n\tencoded length %u (=Option(s) length %u)", len, len - 4);
458
459 if (length == 4)
460 return; /* there may be a NULL confreq etc. */
461
462 if (ndo->ndo_vflag > 1)
463 print_unknown_data(ndo, pptr - 2, "\n\t", 6);
464
465
466 switch (code) {
467 case CPCODES_VEXT:
468 if (length < 11)
469 break;
470 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
471 tptr += 4;
472 ND_PRINT(" Vendor: %s (%u)",
473 tok2str(oui_values,"Unknown",GET_BE_U_3(tptr)),
474 GET_BE_U_3(tptr));
475 /* XXX: need to decode Kind and Value(s)? */
476 break;
477 case CPCODES_CONF_REQ:
478 case CPCODES_CONF_ACK:
479 case CPCODES_CONF_NAK:
480 case CPCODES_CONF_REJ:
481 tlen = len - 4; /* Code(1), Identifier(1) and Length(2) */
482 do {
483 switch (proto) {
484 case PPP_LCP:
485 pfunc = print_lcp_config_options;
486 break;
487 case PPP_IPCP:
488 pfunc = print_ipcp_config_options;
489 break;
490 case PPP_IPV6CP:
491 pfunc = print_ip6cp_config_options;
492 break;
493 case PPP_CCP:
494 pfunc = print_ccp_config_options;
495 break;
496 case PPP_BACP:
497 pfunc = print_bacp_config_options;
498 break;
499 default:
500 /*
501 * No print routine for the options for
502 * this protocol.
503 */
504 pfunc = NULL;
505 break;
506 }
507
508 if (pfunc == NULL) /* catch the above null pointer if unknown CP */
509 break;
510
511 if ((advance = (*pfunc)(ndo, tptr, len)) == 0)
512 break;
513 if (tlen < advance) {
514 ND_PRINT(" [remaining options length %u < %u]",
515 tlen, advance);
516 nd_print_invalid(ndo);
517 break;
518 }
519 tlen -= advance;
520 tptr += advance;
521 } while (tlen != 0);
522 break;
523
524 case CPCODES_TERM_REQ:
525 case CPCODES_TERM_ACK:
526 /* XXX: need to decode Data? */
527 break;
528 case CPCODES_CODE_REJ:
529 /* XXX: need to decode Rejected-Packet? */
530 break;
531 case CPCODES_PROT_REJ:
532 if (length < 6)
533 break;
534 ND_PRINT("\n\t Rejected %s Protocol (0x%04x)",
535 tok2str(ppptype2str,"unknown", GET_BE_U_2(tptr)),
536 GET_BE_U_2(tptr));
537 /* XXX: need to decode Rejected-Information? - hexdump for now */
538 if (len > 6) {
539 ND_PRINT("\n\t Rejected Packet");
540 print_unknown_data(ndo, tptr + 2, "\n\t ", len - 2);
541 }
542 break;
543 case CPCODES_ECHO_REQ:
544 case CPCODES_ECHO_RPL:
545 case CPCODES_DISC_REQ:
546 if (length < 8)
547 break;
548 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
549 /* XXX: need to decode Data? - hexdump for now */
550 if (len > 8) {
551 ND_PRINT("\n\t -----trailing data-----");
552 ND_TCHECK_LEN(tptr + 4, len - 8);
553 print_unknown_data(ndo, tptr + 4, "\n\t ", len - 8);
554 }
555 break;
556 case CPCODES_ID:
557 if (length < 8)
558 break;
559 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
560 /* RFC 1661 says this is intended to be human readable */
561 if (len > 8) {
562 ND_PRINT("\n\t Message\n\t ");
563 if (nd_printn(ndo, tptr + 4, len - 4, ndo->ndo_snapend))
564 goto trunc;
565 }
566 break;
567 case CPCODES_TIME_REM:
568 if (length < 12)
569 break;
570 ND_PRINT("\n\t Magic-Num 0x%08x", GET_BE_U_4(tptr));
571 ND_PRINT(", Seconds-Remaining %us", GET_BE_U_4(tptr + 4));
572 /* XXX: need to decode Message? */
573 break;
574 default:
575 /* XXX this is dirty but we do not get the
576 * original pointer passed to the begin
577 * the PPP packet */
578 if (ndo->ndo_vflag <= 1)
579 print_unknown_data(ndo, pptr - 2, "\n\t ", length + 2);
580 break;
581 }
582 return;
583
584 trunc:
585 ND_PRINT("[|%s]", typestr);
586 }
587
588 /* LCP config options */
589 static u_int
print_lcp_config_options(netdissect_options * ndo,const u_char * p,u_int length)590 print_lcp_config_options(netdissect_options *ndo,
591 const u_char *p, u_int length)
592 {
593 u_int opt, len;
594
595 if (length < 2)
596 return 0;
597 ND_TCHECK_2(p);
598 opt = GET_U_1(p);
599 len = GET_U_1(p + 1);
600 if (length < len)
601 return 0;
602 if (len < 2) {
603 if (opt < NUM_LCPOPTS)
604 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
605 lcpconfopts[opt], opt, len);
606 else
607 ND_PRINT("\n\tunknown LCP option 0x%02x", opt);
608 return 0;
609 }
610 if (opt < NUM_LCPOPTS)
611 ND_PRINT("\n\t %s Option (0x%02x), length %u", lcpconfopts[opt], opt, len);
612 else {
613 ND_PRINT("\n\tunknown LCP option 0x%02x", opt);
614 return len;
615 }
616
617 switch (opt) {
618 case LCPOPT_VEXT:
619 if (len < 6) {
620 ND_PRINT(" (length bogus, should be >= 6)");
621 return len;
622 }
623 ND_PRINT(": Vendor: %s (%u)",
624 tok2str(oui_values,"Unknown",GET_BE_U_3(p + 2)),
625 GET_BE_U_3(p + 2));
626 #if 0
627 ND_PRINT(", kind: 0x%02x", GET_U_1(p + 5));
628 ND_PRINT(", Value: 0x");
629 for (i = 0; i < len - 6; i++) {
630 ND_PRINT("%02x", GET_U_1(p + 6 + i));
631 }
632 #endif
633 break;
634 case LCPOPT_MRU:
635 if (len != 4) {
636 ND_PRINT(" (length bogus, should be = 4)");
637 return len;
638 }
639 ND_PRINT(": %u", GET_BE_U_2(p + 2));
640 break;
641 case LCPOPT_ACCM:
642 if (len != 6) {
643 ND_PRINT(" (length bogus, should be = 6)");
644 return len;
645 }
646 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2));
647 break;
648 case LCPOPT_AP:
649 if (len < 4) {
650 ND_PRINT(" (length bogus, should be >= 4)");
651 return len;
652 }
653 ND_PRINT(": %s",
654 tok2str(ppptype2str, "Unknown Auth Proto (0x04x)", GET_BE_U_2(p + 2)));
655
656 switch (GET_BE_U_2(p + 2)) {
657 case PPP_CHAP:
658 ND_PRINT(", %s",
659 tok2str(authalg_values, "Unknown Auth Alg %u", GET_U_1(p + 4)));
660 break;
661 case PPP_PAP: /* fall through */
662 case PPP_EAP:
663 case PPP_SPAP:
664 case PPP_SPAP_OLD:
665 break;
666 default:
667 print_unknown_data(ndo, p, "\n\t", len);
668 }
669 break;
670 case LCPOPT_QP:
671 if (len < 4) {
672 ND_PRINT(" (length bogus, should be >= 4)");
673 return 0;
674 }
675 if (GET_BE_U_2(p + 2) == PPP_LQM)
676 ND_PRINT(": LQR");
677 else
678 ND_PRINT(": unknown");
679 break;
680 case LCPOPT_MN:
681 if (len != 6) {
682 ND_PRINT(" (length bogus, should be = 6)");
683 return 0;
684 }
685 ND_PRINT(": 0x%08x", GET_BE_U_4(p + 2));
686 break;
687 case LCPOPT_PFC:
688 break;
689 case LCPOPT_ACFC:
690 break;
691 case LCPOPT_LD:
692 if (len != 4) {
693 ND_PRINT(" (length bogus, should be = 4)");
694 return 0;
695 }
696 ND_PRINT(": 0x%04x", GET_BE_U_2(p + 2));
697 break;
698 case LCPOPT_CBACK:
699 if (len < 3) {
700 ND_PRINT(" (length bogus, should be >= 3)");
701 return 0;
702 }
703 ND_PRINT(": ");
704 ND_PRINT(": Callback Operation %s (%u)",
705 tok2str(ppp_callback_values, "Unknown", GET_U_1(p + 2)),
706 GET_U_1(p + 2));
707 break;
708 case LCPOPT_MLMRRU:
709 if (len != 4) {
710 ND_PRINT(" (length bogus, should be = 4)");
711 return 0;
712 }
713 ND_PRINT(": %u", GET_BE_U_2(p + 2));
714 break;
715 case LCPOPT_MLED:
716 if (len < 3) {
717 ND_PRINT(" (length bogus, should be >= 3)");
718 return 0;
719 }
720 switch (GET_U_1(p + 2)) { /* class */
721 case MEDCLASS_NULL:
722 ND_PRINT(": Null");
723 break;
724 case MEDCLASS_LOCAL:
725 ND_PRINT(": Local"); /* XXX */
726 break;
727 case MEDCLASS_IPV4:
728 if (len != 7) {
729 ND_PRINT(" (length bogus, should be = 7)");
730 return 0;
731 }
732 ND_PRINT(": IPv4 %s", GET_IPADDR_STRING(p + 3));
733 break;
734 case MEDCLASS_MAC:
735 if (len != 9) {
736 ND_PRINT(" (length bogus, should be = 9)");
737 return 0;
738 }
739 ND_PRINT(": MAC %s", GET_ETHERADDR_STRING(p + 3));
740 break;
741 case MEDCLASS_MNB:
742 ND_PRINT(": Magic-Num-Block"); /* XXX */
743 break;
744 case MEDCLASS_PSNDN:
745 ND_PRINT(": PSNDN"); /* XXX */
746 break;
747 default:
748 ND_PRINT(": Unknown class %u", GET_U_1(p + 2));
749 break;
750 }
751 break;
752
753 /* XXX: to be supported */
754 #if 0
755 case LCPOPT_DEP6:
756 case LCPOPT_FCSALT:
757 case LCPOPT_SDP:
758 case LCPOPT_NUMMODE:
759 case LCPOPT_DEP12:
760 case LCPOPT_DEP14:
761 case LCPOPT_DEP15:
762 case LCPOPT_DEP16:
763 case LCPOPT_MLSSNHF:
764 case LCPOPT_PROP:
765 case LCPOPT_DCEID:
766 case LCPOPT_MPP:
767 case LCPOPT_LCPAOPT:
768 case LCPOPT_COBS:
769 case LCPOPT_PE:
770 case LCPOPT_MLHF:
771 case LCPOPT_I18N:
772 case LCPOPT_SDLOS:
773 case LCPOPT_PPPMUX:
774 break;
775 #endif
776 default:
777 /*
778 * Unknown option; dump it as raw bytes now if we're
779 * not going to do so below.
780 */
781 if (ndo->ndo_vflag < 2)
782 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
783 break;
784 }
785
786 if (ndo->ndo_vflag > 1)
787 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
788
789 return len;
790
791 trunc:
792 ND_PRINT("[|lcp]");
793 return 0;
794 }
795
796 /* ML-PPP*/
797 static const struct tok ppp_ml_flag_values[] = {
798 { 0x80, "begin" },
799 { 0x40, "end" },
800 { 0, NULL }
801 };
802
803 static void
handle_mlppp(netdissect_options * ndo,const u_char * p,u_int length)804 handle_mlppp(netdissect_options *ndo,
805 const u_char *p, u_int length)
806 {
807 if (!ndo->ndo_eflag)
808 ND_PRINT("MLPPP, ");
809
810 if (length < 2) {
811 ND_PRINT("[|mlppp]");
812 return;
813 }
814 if (!ND_TTEST_2(p)) {
815 ND_PRINT("[|mlppp]");
816 return;
817 }
818
819 ND_PRINT("seq 0x%03x, Flags [%s], length %u",
820 (GET_BE_U_2(p))&0x0fff,
821 /* only support 12-Bit sequence space for now */
822 bittok2str(ppp_ml_flag_values, "none", GET_U_1(p) & 0xc0),
823 length);
824 }
825
826 /* CHAP */
827 static void
handle_chap(netdissect_options * ndo,const u_char * p,u_int length)828 handle_chap(netdissect_options *ndo,
829 const u_char *p, u_int length)
830 {
831 u_int code, len;
832 u_int val_size, name_size, msg_size;
833 const u_char *p0;
834 u_int i;
835
836 p0 = p;
837 if (length < 1) {
838 ND_PRINT("[|chap]");
839 return;
840 } else if (length < 4) {
841 ND_PRINT("[|chap 0x%02x]", GET_U_1(p));
842 return;
843 }
844
845 code = GET_U_1(p);
846 ND_PRINT("CHAP, %s (0x%02x)",
847 tok2str(chapcode_values,"unknown",code),
848 code);
849 p++;
850
851 ND_PRINT(", id %u", GET_U_1(p)); /* ID */
852 p++;
853
854 len = GET_BE_U_2(p);
855 p += 2;
856
857 /*
858 * Note that this is a generic CHAP decoding routine. Since we
859 * don't know which flavor of CHAP (i.e. CHAP-MD5, MS-CHAPv1,
860 * MS-CHAPv2) is used at this point, we can't decode packet
861 * specifically to each algorithms. Instead, we simply decode
862 * the GCD (Gratest Common Denominator) for all algorithms.
863 */
864 switch (code) {
865 case CHAP_CHAL:
866 case CHAP_RESP:
867 if (length - (p - p0) < 1)
868 return;
869 val_size = GET_U_1(p); /* value size */
870 p++;
871 if (length - (p - p0) < val_size)
872 return;
873 ND_PRINT(", Value ");
874 for (i = 0; i < val_size; i++) {
875 ND_PRINT("%02x", GET_U_1(p));
876 p++;
877 }
878 name_size = len - (u_int)(p - p0);
879 ND_PRINT(", Name ");
880 for (i = 0; i < name_size; i++) {
881 fn_print_char(ndo, GET_U_1(p));
882 p++;
883 }
884 break;
885 case CHAP_SUCC:
886 case CHAP_FAIL:
887 msg_size = len - (u_int)(p - p0);
888 ND_PRINT(", Msg ");
889 for (i = 0; i< msg_size; i++) {
890 fn_print_char(ndo, GET_U_1(p));
891 p++;
892 }
893 break;
894 }
895 }
896
897 /* PAP (see RFC 1334) */
898 static void
handle_pap(netdissect_options * ndo,const u_char * p,u_int length)899 handle_pap(netdissect_options *ndo,
900 const u_char *p, u_int length)
901 {
902 u_int code, len;
903 u_int peerid_len, passwd_len, msg_len;
904 const u_char *p0;
905 u_int i;
906
907 p0 = p;
908 if (length < 1) {
909 ND_PRINT("[|pap]");
910 return;
911 } else if (length < 4) {
912 ND_PRINT("[|pap 0x%02x]", GET_U_1(p));
913 return;
914 }
915
916 code = GET_U_1(p);
917 ND_PRINT("PAP, %s (0x%02x)",
918 tok2str(papcode_values, "unknown", code),
919 code);
920 p++;
921
922 ND_PRINT(", id %u", GET_U_1(p)); /* ID */
923 p++;
924
925 len = GET_BE_U_2(p);
926 p += 2;
927
928 if (len > length) {
929 ND_PRINT(", length %u > packet size", len);
930 return;
931 }
932 length = len;
933 if (length < (size_t)(p - p0)) {
934 ND_PRINT(", length %u < PAP header length", length);
935 return;
936 }
937
938 switch (code) {
939 case PAP_AREQ:
940 /* A valid Authenticate-Request is 6 or more octets long. */
941 if (len < 6)
942 goto trunc;
943 if (length - (p - p0) < 1)
944 return;
945 peerid_len = GET_U_1(p); /* Peer-ID Length */
946 p++;
947 if (length - (p - p0) < peerid_len)
948 return;
949 ND_PRINT(", Peer ");
950 for (i = 0; i < peerid_len; i++) {
951 fn_print_char(ndo, GET_U_1(p));
952 p++;
953 }
954
955 if (length - (p - p0) < 1)
956 return;
957 passwd_len = GET_U_1(p); /* Password Length */
958 p++;
959 if (length - (p - p0) < passwd_len)
960 return;
961 ND_PRINT(", Name ");
962 for (i = 0; i < passwd_len; i++) {
963 fn_print_char(ndo, GET_U_1(p));
964 p++;
965 }
966 break;
967 case PAP_AACK:
968 case PAP_ANAK:
969 /* Although some implementations ignore truncation at
970 * this point and at least one generates a truncated
971 * packet, RFC 1334 section 2.2.2 clearly states that
972 * both AACK and ANAK are at least 5 bytes long.
973 */
974 if (len < 5)
975 goto trunc;
976 if (length - (p - p0) < 1)
977 return;
978 msg_len = GET_U_1(p); /* Msg-Length */
979 p++;
980 if (length - (p - p0) < msg_len)
981 return;
982 ND_PRINT(", Msg ");
983 for (i = 0; i< msg_len; i++) {
984 fn_print_char(ndo, GET_U_1(p));
985 p++;
986 }
987 break;
988 }
989 return;
990
991 trunc:
992 ND_PRINT("[|pap]");
993 }
994
995 /* BAP */
996 static void
handle_bap(netdissect_options * ndo _U_,const u_char * p _U_,u_int length _U_)997 handle_bap(netdissect_options *ndo _U_,
998 const u_char *p _U_, u_int length _U_)
999 {
1000 /* XXX: to be supported!! */
1001 }
1002
1003
1004 /* IPCP config options */
1005 static u_int
print_ipcp_config_options(netdissect_options * ndo,const u_char * p,u_int length)1006 print_ipcp_config_options(netdissect_options *ndo,
1007 const u_char *p, u_int length)
1008 {
1009 u_int opt, len;
1010 u_int compproto, ipcomp_subopttotallen, ipcomp_subopt, ipcomp_suboptlen;
1011
1012 if (length < 2)
1013 return 0;
1014 ND_TCHECK_2(p);
1015 opt = GET_U_1(p);
1016 len = GET_U_1(p + 1);
1017 if (length < len)
1018 return 0;
1019 if (len < 2) {
1020 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1021 tok2str(ipcpopt_values,"unknown",opt),
1022 opt,
1023 len);
1024 return 0;
1025 }
1026
1027 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1028 tok2str(ipcpopt_values,"unknown",opt),
1029 opt,
1030 len);
1031
1032 switch (opt) {
1033 case IPCPOPT_2ADDR: /* deprecated */
1034 if (len != 10) {
1035 ND_PRINT(" (length bogus, should be = 10)");
1036 return len;
1037 }
1038 ND_PRINT(": src %s, dst %s",
1039 GET_IPADDR_STRING(p + 2),
1040 GET_IPADDR_STRING(p + 6));
1041 break;
1042 case IPCPOPT_IPCOMP:
1043 if (len < 4) {
1044 ND_PRINT(" (length bogus, should be >= 4)");
1045 return 0;
1046 }
1047 compproto = GET_BE_U_2(p + 2);
1048
1049 ND_PRINT(": %s (0x%02x):",
1050 tok2str(ipcpopt_compproto_values, "Unknown", compproto),
1051 compproto);
1052
1053 switch (compproto) {
1054 case PPP_VJC:
1055 /* XXX: VJ-Comp parameters should be decoded */
1056 break;
1057 case IPCPOPT_IPCOMP_HDRCOMP:
1058 if (len < IPCPOPT_IPCOMP_MINLEN) {
1059 ND_PRINT(" (length bogus, should be >= %u)",
1060 IPCPOPT_IPCOMP_MINLEN);
1061 return 0;
1062 }
1063
1064 ND_TCHECK_LEN(p + 2, IPCPOPT_IPCOMP_MINLEN);
1065 ND_PRINT("\n\t TCP Space %u, non-TCP Space %u"
1066 ", maxPeriod %u, maxTime %u, maxHdr %u",
1067 GET_BE_U_2(p + 4),
1068 GET_BE_U_2(p + 6),
1069 GET_BE_U_2(p + 8),
1070 GET_BE_U_2(p + 10),
1071 GET_BE_U_2(p + 12));
1072
1073 /* suboptions present ? */
1074 if (len > IPCPOPT_IPCOMP_MINLEN) {
1075 ipcomp_subopttotallen = len - IPCPOPT_IPCOMP_MINLEN;
1076 p += IPCPOPT_IPCOMP_MINLEN;
1077
1078 ND_PRINT("\n\t Suboptions, length %u", ipcomp_subopttotallen);
1079
1080 while (ipcomp_subopttotallen >= 2) {
1081 ND_TCHECK_2(p);
1082 ipcomp_subopt = GET_U_1(p);
1083 ipcomp_suboptlen = GET_U_1(p + 1);
1084
1085 /* sanity check */
1086 if (ipcomp_subopt == 0 ||
1087 ipcomp_suboptlen == 0 )
1088 break;
1089
1090 /* XXX: just display the suboptions for now */
1091 ND_PRINT("\n\t\t%s Suboption #%u, length %u",
1092 tok2str(ipcpopt_compproto_subopt_values,
1093 "Unknown",
1094 ipcomp_subopt),
1095 ipcomp_subopt,
1096 ipcomp_suboptlen);
1097 if (ipcomp_subopttotallen < ipcomp_suboptlen) {
1098 ND_PRINT(" [remaining suboptions length %u < %u]",
1099 ipcomp_subopttotallen, ipcomp_suboptlen);
1100 nd_print_invalid(ndo);
1101 break;
1102 }
1103 ipcomp_subopttotallen -= ipcomp_suboptlen;
1104 p += ipcomp_suboptlen;
1105 }
1106 }
1107 break;
1108 default:
1109 break;
1110 }
1111 break;
1112
1113 case IPCPOPT_ADDR: /* those options share the same format - fall through */
1114 case IPCPOPT_MOBILE4:
1115 case IPCPOPT_PRIDNS:
1116 case IPCPOPT_PRINBNS:
1117 case IPCPOPT_SECDNS:
1118 case IPCPOPT_SECNBNS:
1119 if (len != 6) {
1120 ND_PRINT(" (length bogus, should be = 6)");
1121 return 0;
1122 }
1123 ND_PRINT(": %s", GET_IPADDR_STRING(p + 2));
1124 break;
1125 default:
1126 /*
1127 * Unknown option; dump it as raw bytes now if we're
1128 * not going to do so below.
1129 */
1130 if (ndo->ndo_vflag < 2)
1131 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1132 break;
1133 }
1134 if (ndo->ndo_vflag > 1)
1135 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1136 return len;
1137
1138 trunc:
1139 ND_PRINT("[|ipcp]");
1140 return 0;
1141 }
1142
1143 /* IP6CP config options */
1144 static u_int
print_ip6cp_config_options(netdissect_options * ndo,const u_char * p,u_int length)1145 print_ip6cp_config_options(netdissect_options *ndo,
1146 const u_char *p, u_int length)
1147 {
1148 u_int opt, len;
1149
1150 if (length < 2)
1151 return 0;
1152 ND_TCHECK_2(p);
1153 opt = GET_U_1(p);
1154 len = GET_U_1(p + 1);
1155 if (length < len)
1156 return 0;
1157 if (len < 2) {
1158 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1159 tok2str(ip6cpopt_values,"unknown",opt),
1160 opt,
1161 len);
1162 return 0;
1163 }
1164
1165 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1166 tok2str(ip6cpopt_values,"unknown",opt),
1167 opt,
1168 len);
1169
1170 switch (opt) {
1171 case IP6CP_IFID:
1172 if (len != 10) {
1173 ND_PRINT(" (length bogus, should be = 10)");
1174 return len;
1175 }
1176 ND_TCHECK_8(p + 2);
1177 ND_PRINT(": %04x:%04x:%04x:%04x",
1178 GET_BE_U_2(p + 2),
1179 GET_BE_U_2(p + 4),
1180 GET_BE_U_2(p + 6),
1181 GET_BE_U_2(p + 8));
1182 break;
1183 default:
1184 /*
1185 * Unknown option; dump it as raw bytes now if we're
1186 * not going to do so below.
1187 */
1188 if (ndo->ndo_vflag < 2)
1189 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1190 break;
1191 }
1192 if (ndo->ndo_vflag > 1)
1193 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1194
1195 return len;
1196
1197 trunc:
1198 ND_PRINT("[|ip6cp]");
1199 return 0;
1200 }
1201
1202
1203 /* CCP config options */
1204 static u_int
print_ccp_config_options(netdissect_options * ndo,const u_char * p,u_int length)1205 print_ccp_config_options(netdissect_options *ndo,
1206 const u_char *p, u_int length)
1207 {
1208 u_int opt, len;
1209
1210 if (length < 2)
1211 return 0;
1212 ND_TCHECK_2(p);
1213 opt = GET_U_1(p);
1214 len = GET_U_1(p + 1);
1215 if (length < len)
1216 return 0;
1217 if (len < 2) {
1218 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1219 tok2str(ccpconfopts_values, "Unknown", opt),
1220 opt,
1221 len);
1222 return 0;
1223 }
1224
1225 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1226 tok2str(ccpconfopts_values, "Unknown", opt),
1227 opt,
1228 len);
1229
1230 switch (opt) {
1231 case CCPOPT_BSDCOMP:
1232 if (len < 3) {
1233 ND_PRINT(" (length bogus, should be >= 3)");
1234 return len;
1235 }
1236 ND_PRINT(": Version: %u, Dictionary Bits: %u",
1237 GET_U_1(p + 2) >> 5,
1238 GET_U_1(p + 2) & 0x1f);
1239 break;
1240 case CCPOPT_MVRCA:
1241 if (len < 4) {
1242 ND_PRINT(" (length bogus, should be >= 4)");
1243 return len;
1244 }
1245 ND_PRINT(": Features: %u, PxP: %s, History: %u, #CTX-ID: %u",
1246 (GET_U_1(p + 2) & 0xc0) >> 6,
1247 (GET_U_1(p + 2) & 0x20) ? "Enabled" : "Disabled",
1248 GET_U_1(p + 2) & 0x1f,
1249 GET_U_1(p + 3));
1250 break;
1251 case CCPOPT_DEFLATE:
1252 if (len < 4) {
1253 ND_PRINT(" (length bogus, should be >= 4)");
1254 return len;
1255 }
1256 ND_PRINT(": Window: %uK, Method: %s (0x%x), MBZ: %u, CHK: %u",
1257 (GET_U_1(p + 2) & 0xf0) >> 4,
1258 ((GET_U_1(p + 2) & 0x0f) == 8) ? "zlib" : "unknown",
1259 GET_U_1(p + 2) & 0x0f,
1260 (GET_U_1(p + 3) & 0xfc) >> 2,
1261 GET_U_1(p + 3) & 0x03);
1262 break;
1263
1264 /* XXX: to be supported */
1265 #if 0
1266 case CCPOPT_OUI:
1267 case CCPOPT_PRED1:
1268 case CCPOPT_PRED2:
1269 case CCPOPT_PJUMP:
1270 case CCPOPT_HPPPC:
1271 case CCPOPT_STACLZS:
1272 case CCPOPT_MPPC:
1273 case CCPOPT_GFZA:
1274 case CCPOPT_V42BIS:
1275 case CCPOPT_LZSDCP:
1276 case CCPOPT_DEC:
1277 case CCPOPT_RESV:
1278 break;
1279 #endif
1280 default:
1281 /*
1282 * Unknown option; dump it as raw bytes now if we're
1283 * not going to do so below.
1284 */
1285 if (ndo->ndo_vflag < 2)
1286 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1287 break;
1288 }
1289 if (ndo->ndo_vflag > 1)
1290 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1291
1292 return len;
1293
1294 trunc:
1295 ND_PRINT("[|ccp]");
1296 return 0;
1297 }
1298
1299 /* BACP config options */
1300 static u_int
print_bacp_config_options(netdissect_options * ndo,const u_char * p,u_int length)1301 print_bacp_config_options(netdissect_options *ndo,
1302 const u_char *p, u_int length)
1303 {
1304 u_int opt, len;
1305
1306 if (length < 2)
1307 return 0;
1308 ND_TCHECK_2(p);
1309 opt = GET_U_1(p);
1310 len = GET_U_1(p + 1);
1311 if (length < len)
1312 return 0;
1313 if (len < 2) {
1314 ND_PRINT("\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)",
1315 tok2str(bacconfopts_values, "Unknown", opt),
1316 opt,
1317 len);
1318 return 0;
1319 }
1320
1321 ND_PRINT("\n\t %s Option (0x%02x), length %u",
1322 tok2str(bacconfopts_values, "Unknown", opt),
1323 opt,
1324 len);
1325
1326 switch (opt) {
1327 case BACPOPT_FPEER:
1328 if (len != 6) {
1329 ND_PRINT(" (length bogus, should be = 6)");
1330 return len;
1331 }
1332 ND_PRINT(": Magic-Num 0x%08x", GET_BE_U_4(p + 2));
1333 break;
1334 default:
1335 /*
1336 * Unknown option; dump it as raw bytes now if we're
1337 * not going to do so below.
1338 */
1339 if (ndo->ndo_vflag < 2)
1340 print_unknown_data(ndo, p + 2, "\n\t ", len - 2);
1341 break;
1342 }
1343 if (ndo->ndo_vflag > 1)
1344 print_unknown_data(ndo, p + 2, "\n\t ", len - 2); /* exclude TLV header */
1345
1346 return len;
1347
1348 trunc:
1349 ND_PRINT("[|bacp]");
1350 return 0;
1351 }
1352
1353 /*
1354 * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
1355 * The length argument is the on-the-wire length, not the captured
1356 * length; we can only un-escape the captured part.
1357 */
1358 static void
ppp_hdlc(netdissect_options * ndo,const u_char * p,u_int length)1359 ppp_hdlc(netdissect_options *ndo,
1360 const u_char *p, u_int length)
1361 {
1362 u_int caplen = ND_BYTES_AVAILABLE_AFTER(p);
1363 u_char *b, *t, c;
1364 const u_char *s;
1365 u_int i, proto;
1366 const void *se;
1367
1368 if (caplen == 0)
1369 return;
1370
1371 if (length == 0)
1372 return;
1373
1374 b = (u_char *)nd_malloc(ndo, caplen);
1375 if (b == NULL)
1376 return;
1377
1378 /*
1379 * Unescape all the data into a temporary, private, buffer.
1380 * Do this so that we don't overwrite the original packet
1381 * contents.
1382 */
1383 for (s = p, t = b, i = caplen; i != 0; i--) {
1384 c = GET_U_1(s);
1385 s++;
1386 if (c == 0x7d) {
1387 if (i <= 1)
1388 break;
1389 i--;
1390 c = GET_U_1(s) ^ 0x20;
1391 s++;
1392 }
1393 *t++ = c;
1394 }
1395
1396 /*
1397 * Change the end pointer, so bounds checks work.
1398 */
1399 se = ndo->ndo_snapend;
1400 ndo->ndo_snapend = t;
1401 length = ND_BYTES_AVAILABLE_AFTER(b);
1402
1403 /* now lets guess about the payload codepoint format */
1404 if (length < 1)
1405 goto trunc;
1406 proto = GET_U_1(b); /* start with a one-octet codepoint guess */
1407
1408 switch (proto) {
1409 case PPP_IP:
1410 ip_print(ndo, b + 1, length - 1);
1411 goto cleanup;
1412 case PPP_IPV6:
1413 ip6_print(ndo, b + 1, length - 1);
1414 goto cleanup;
1415 default: /* no luck - try next guess */
1416 break;
1417 }
1418
1419 if (length < 2)
1420 goto trunc;
1421 proto = GET_BE_U_2(b); /* next guess - load two octets */
1422
1423 switch (proto) {
1424 case (PPP_ADDRESS << 8 | PPP_CONTROL): /* looks like a PPP frame */
1425 if (length < 4)
1426 goto trunc;
1427 proto = GET_BE_U_2(b + 2); /* load the PPP proto-id */
1428 handle_ppp(ndo, proto, b + 4, length - 4);
1429 break;
1430 default: /* last guess - proto must be a PPP proto-id */
1431 handle_ppp(ndo, proto, b + 2, length - 2);
1432 break;
1433 }
1434
1435 cleanup:
1436 ndo->ndo_snapend = se;
1437 return;
1438
1439 trunc:
1440 ndo->ndo_snapend = se;
1441 nd_print_trunc(ndo);
1442 }
1443
1444
1445 /* PPP */
1446 static void
handle_ppp(netdissect_options * ndo,u_int proto,const u_char * p,u_int length)1447 handle_ppp(netdissect_options *ndo,
1448 u_int proto, const u_char *p, u_int length)
1449 {
1450 if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */
1451 ppp_hdlc(ndo, p - 1, length);
1452 return;
1453 }
1454
1455 switch (proto) {
1456 case PPP_LCP: /* fall through */
1457 case PPP_IPCP:
1458 case PPP_OSICP:
1459 case PPP_MPLSCP:
1460 case PPP_IPV6CP:
1461 case PPP_CCP:
1462 case PPP_BACP:
1463 handle_ctrl_proto(ndo, proto, p, length);
1464 break;
1465 case PPP_ML:
1466 handle_mlppp(ndo, p, length);
1467 break;
1468 case PPP_CHAP:
1469 handle_chap(ndo, p, length);
1470 break;
1471 case PPP_PAP:
1472 handle_pap(ndo, p, length);
1473 break;
1474 case PPP_BAP: /* XXX: not yet completed */
1475 handle_bap(ndo, p, length);
1476 break;
1477 case ETHERTYPE_IP: /*XXX*/
1478 case PPP_VJNC:
1479 case PPP_IP:
1480 ip_print(ndo, p, length);
1481 break;
1482 case ETHERTYPE_IPV6: /*XXX*/
1483 case PPP_IPV6:
1484 ip6_print(ndo, p, length);
1485 break;
1486 case ETHERTYPE_IPX: /*XXX*/
1487 case PPP_IPX:
1488 ipx_print(ndo, p, length);
1489 break;
1490 case PPP_OSI:
1491 isoclns_print(ndo, p, length);
1492 break;
1493 case PPP_MPLS_UCAST:
1494 case PPP_MPLS_MCAST:
1495 mpls_print(ndo, p, length);
1496 break;
1497 case PPP_COMP:
1498 ND_PRINT("compressed PPP data");
1499 break;
1500 default:
1501 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto));
1502 print_unknown_data(ndo, p, "\n\t", length);
1503 break;
1504 }
1505 }
1506
1507 /* Standard PPP printer */
1508 u_int
ppp_print(netdissect_options * ndo,const u_char * p,u_int length)1509 ppp_print(netdissect_options *ndo,
1510 const u_char *p, u_int length)
1511 {
1512 u_int proto,ppp_header;
1513 u_int olen = length; /* _o_riginal length */
1514 u_int hdr_len = 0;
1515
1516 ndo->ndo_protocol = "ppp";
1517 /*
1518 * Here, we assume that p points to the Address and Control
1519 * field (if they present).
1520 */
1521 if (length < 2)
1522 goto trunc;
1523 ppp_header = GET_BE_U_2(p);
1524
1525 switch(ppp_header) {
1526 case (PPP_PPPD_IN << 8 | PPP_CONTROL):
1527 if (ndo->ndo_eflag) ND_PRINT("In ");
1528 p += 2;
1529 length -= 2;
1530 hdr_len += 2;
1531 break;
1532 case (PPP_PPPD_OUT << 8 | PPP_CONTROL):
1533 if (ndo->ndo_eflag) ND_PRINT("Out ");
1534 p += 2;
1535 length -= 2;
1536 hdr_len += 2;
1537 break;
1538 case (PPP_ADDRESS << 8 | PPP_CONTROL):
1539 p += 2; /* ACFC not used */
1540 length -= 2;
1541 hdr_len += 2;
1542 break;
1543
1544 default:
1545 break;
1546 }
1547
1548 if (length < 2)
1549 goto trunc;
1550 if (GET_U_1(p) % 2) {
1551 proto = GET_U_1(p); /* PFC is used */
1552 p++;
1553 length--;
1554 hdr_len++;
1555 } else {
1556 proto = GET_BE_U_2(p);
1557 p += 2;
1558 length -= 2;
1559 hdr_len += 2;
1560 }
1561
1562 if (ndo->ndo_eflag)
1563 ND_PRINT("%s (0x%04x), length %u: ",
1564 tok2str(ppptype2str, "unknown", proto),
1565 proto,
1566 olen);
1567
1568 handle_ppp(ndo, proto, p, length);
1569 return (hdr_len);
1570 trunc:
1571 nd_print_trunc(ndo);
1572 return (0);
1573 }
1574
1575
1576 /* PPP I/F printer */
1577 void
ppp_if_print(netdissect_options * ndo,const struct pcap_pkthdr * h,const u_char * p)1578 ppp_if_print(netdissect_options *ndo,
1579 const struct pcap_pkthdr *h, const u_char *p)
1580 {
1581 u_int length = h->len;
1582 u_int caplen = h->caplen;
1583
1584 ndo->ndo_protocol = "ppp";
1585 if (caplen < PPP_HDRLEN) {
1586 nd_print_trunc(ndo);
1587 ndo->ndo_ll_hdr_len += caplen;
1588 return;
1589 }
1590 ndo->ndo_ll_hdr_len += PPP_HDRLEN;
1591
1592 #if 0
1593 /*
1594 * XXX: seems to assume that there are 2 octets prepended to an
1595 * actual PPP frame. The 1st octet looks like Input/Output flag
1596 * while 2nd octet is unknown, at least to me
1597 * (mshindo@mshindo.net).
1598 *
1599 * That was what the original tcpdump code did.
1600 *
1601 * FreeBSD's "if_ppp.c" *does* set the first octet to 1 for outbound
1602 * packets and 0 for inbound packets - but only if the
1603 * protocol field has the 0x8000 bit set (i.e., it's a network
1604 * control protocol); it does so before running the packet through
1605 * "bpf_filter" to see if it should be discarded, and to see
1606 * if we should update the time we sent the most recent packet...
1607 *
1608 * ...but it puts the original address field back after doing
1609 * so.
1610 *
1611 * NetBSD's "if_ppp.c" doesn't set the first octet in that fashion.
1612 *
1613 * I don't know if any PPP implementation handed up to a BPF
1614 * device packets with the first octet being 1 for outbound and
1615 * 0 for inbound packets, so I (guy@alum.mit.edu) don't know
1616 * whether that ever needs to be checked or not.
1617 *
1618 * Note that NetBSD has a DLT_PPP_SERIAL, which it uses for PPP,
1619 * and its tcpdump appears to assume that the frame always
1620 * begins with an address field and a control field, and that
1621 * the address field might be 0x0f or 0x8f, for Cisco
1622 * point-to-point with HDLC framing as per section 4.3.1 of RFC
1623 * 1547, as well as 0xff, for PPP in HDLC-like framing as per
1624 * RFC 1662.
1625 *
1626 * (Is the Cisco framing in question what DLT_C_HDLC, in
1627 * BSD/OS, is?)
1628 */
1629 if (ndo->ndo_eflag)
1630 ND_PRINT("%c %4d %02x ", GET_U_1(p) ? 'O' : 'I',
1631 length, GET_U_1(p + 1));
1632 #endif
1633
1634 ppp_print(ndo, p, length);
1635 }
1636
1637 /*
1638 * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
1639 * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
1640 * is being used (i.e., we don't check for PPP_ADDRESS and PPP_CONTROL,
1641 * discard them *if* those are the first two octets, and parse the remaining
1642 * packet as a PPP packet, as "ppp_print()" does).
1643 *
1644 * This handles, for example, DLT_PPP_SERIAL in NetBSD.
1645 */
1646 void
ppp_hdlc_if_print(netdissect_options * ndo,const struct pcap_pkthdr * h,const u_char * p)1647 ppp_hdlc_if_print(netdissect_options *ndo,
1648 const struct pcap_pkthdr *h, const u_char *p)
1649 {
1650 u_int length = h->len;
1651 u_int caplen = h->caplen;
1652 u_int proto;
1653 u_int hdrlen = 0;
1654
1655 ndo->ndo_protocol = "ppp_hdlc";
1656 if (caplen < 2) {
1657 nd_print_trunc(ndo);
1658 ndo->ndo_ll_hdr_len += caplen;
1659 return;
1660 }
1661
1662 switch (GET_U_1(p)) {
1663
1664 case PPP_ADDRESS:
1665 if (caplen < 4) {
1666 nd_print_trunc(ndo);
1667 ndo->ndo_ll_hdr_len += caplen;
1668 return;
1669 }
1670
1671 if (ndo->ndo_eflag)
1672 ND_PRINT("%02x %02x %u ", GET_U_1(p),
1673 GET_U_1(p + 1), length);
1674 p += 2;
1675 length -= 2;
1676 hdrlen += 2;
1677
1678 proto = GET_BE_U_2(p);
1679 p += 2;
1680 length -= 2;
1681 hdrlen += 2;
1682 ND_PRINT("%s: ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", proto));
1683
1684 handle_ppp(ndo, proto, p, length);
1685 break;
1686
1687 case CHDLC_UNICAST:
1688 case CHDLC_BCAST:
1689 chdlc_if_print(ndo, h, p);
1690 return;
1691
1692 default:
1693 if (caplen < 4) {
1694 nd_print_trunc(ndo);
1695 ndo->ndo_ll_hdr_len += caplen;
1696 return;
1697 }
1698
1699 if (ndo->ndo_eflag)
1700 ND_PRINT("%02x %02x %u ", GET_U_1(p),
1701 GET_U_1(p + 1), length);
1702 p += 2;
1703 hdrlen += 2;
1704
1705 /*
1706 * XXX - NetBSD's "ppp_netbsd_serial_if_print()" treats
1707 * the next two octets as an Ethernet type; does that
1708 * ever happen?
1709 */
1710 ND_PRINT("unknown addr %02x; ctrl %02x", GET_U_1(p),
1711 GET_U_1(p + 1));
1712 break;
1713 }
1714
1715 ndo->ndo_ll_hdr_len += hdrlen;
1716 }
1717
1718 #define PPP_BSDI_HDRLEN 24
1719
1720 /* BSD/OS specific PPP printer */
1721 void
ppp_bsdos_if_print(netdissect_options * ndo,const struct pcap_pkthdr * h _U_,const u_char * p _U_)1722 ppp_bsdos_if_print(netdissect_options *ndo,
1723 const struct pcap_pkthdr *h _U_, const u_char *p _U_)
1724 {
1725 u_int hdrlength;
1726 #ifdef __bsdi__
1727 u_int length = h->len;
1728 u_int caplen = h->caplen;
1729 uint16_t ptype;
1730 uint8_t llhl;
1731 const u_char *q;
1732 u_int i;
1733
1734 ndo->ndo_protocol = "ppp_bsdos";
1735 if (caplen < PPP_BSDI_HDRLEN) {
1736 nd_print_trunc(ndo);
1737 ndo->ndo_ll_hdr_len += caplen;
1738 return;
1739 }
1740
1741 hdrlength = 0;
1742
1743 #if 0
1744 if (GET_U_1(p) == PPP_ADDRESS &&
1745 GET_U_1(p + 1) == PPP_CONTROL) {
1746 if (ndo->ndo_eflag)
1747 ND_PRINT("%02x %02x ", GET_U_1(p),
1748 GET_U_1(p + 1));
1749 p += 2;
1750 hdrlength = 2;
1751 }
1752
1753 if (ndo->ndo_eflag)
1754 ND_PRINT("%u ", length);
1755 /* Retrieve the protocol type */
1756 if (GET_U_1(p) & 01) {
1757 /* Compressed protocol field */
1758 ptype = GET_U_1(p);
1759 if (ndo->ndo_eflag)
1760 ND_PRINT("%02x ", ptype);
1761 p++;
1762 hdrlength += 1;
1763 } else {
1764 /* Un-compressed protocol field */
1765 ptype = GET_BE_U_2(p);
1766 if (ndo->ndo_eflag)
1767 ND_PRINT("%04x ", ptype);
1768 p += 2;
1769 hdrlength += 2;
1770 }
1771 #else
1772 ptype = 0; /*XXX*/
1773 if (ndo->ndo_eflag)
1774 ND_PRINT("%c ", GET_U_1(p + SLC_DIR) ? 'O' : 'I');
1775 llhl = GET_U_1(p + SLC_LLHL);
1776 if (llhl) {
1777 /* link level header */
1778 struct ppp_header *ph;
1779
1780 q = p + SLC_BPFHDRLEN;
1781 ph = (struct ppp_header *)q;
1782 if (ph->phdr_addr == PPP_ADDRESS
1783 && ph->phdr_ctl == PPP_CONTROL) {
1784 if (ndo->ndo_eflag)
1785 ND_PRINT("%02x %02x ", GET_U_1(q),
1786 GET_U_1(q + 1));
1787 ptype = GET_BE_U_2(&ph->phdr_type);
1788 if (ndo->ndo_eflag && (ptype == PPP_VJC || ptype == PPP_VJNC)) {
1789 ND_PRINT("%s ", tok2str(ppptype2str,
1790 "proto-#%u", ptype));
1791 }
1792 } else {
1793 if (ndo->ndo_eflag) {
1794 ND_PRINT("LLH=[");
1795 for (i = 0; i < llhl; i++)
1796 ND_PRINT("%02x", GET_U_1(q + i));
1797 ND_PRINT("] ");
1798 }
1799 }
1800 }
1801 if (ndo->ndo_eflag)
1802 ND_PRINT("%u ", length);
1803 if (GET_U_1(p + SLC_CHL)) {
1804 q = p + SLC_BPFHDRLEN + llhl;
1805
1806 switch (ptype) {
1807 case PPP_VJC:
1808 ptype = vjc_print(ndo, q, ptype);
1809 hdrlength = PPP_BSDI_HDRLEN;
1810 p += hdrlength;
1811 switch (ptype) {
1812 case PPP_IP:
1813 ip_print(ndo, p, length);
1814 break;
1815 case PPP_IPV6:
1816 ip6_print(ndo, p, length);
1817 break;
1818 case PPP_MPLS_UCAST:
1819 case PPP_MPLS_MCAST:
1820 mpls_print(ndo, p, length);
1821 break;
1822 }
1823 goto printx;
1824 case PPP_VJNC:
1825 ptype = vjc_print(ndo, q, ptype);
1826 hdrlength = PPP_BSDI_HDRLEN;
1827 p += hdrlength;
1828 switch (ptype) {
1829 case PPP_IP:
1830 ip_print(ndo, p, length);
1831 break;
1832 case PPP_IPV6:
1833 ip6_print(ndo, p, length);
1834 break;
1835 case PPP_MPLS_UCAST:
1836 case PPP_MPLS_MCAST:
1837 mpls_print(ndo, p, length);
1838 break;
1839 }
1840 goto printx;
1841 default:
1842 if (ndo->ndo_eflag) {
1843 ND_PRINT("CH=[");
1844 for (i = 0; i < llhl; i++)
1845 ND_PRINT("%02x",
1846 GET_U_1(q + i));
1847 ND_PRINT("] ");
1848 }
1849 break;
1850 }
1851 }
1852
1853 hdrlength = PPP_BSDI_HDRLEN;
1854 #endif
1855
1856 length -= hdrlength;
1857 p += hdrlength;
1858
1859 switch (ptype) {
1860 case PPP_IP:
1861 ip_print(p, length);
1862 break;
1863 case PPP_IPV6:
1864 ip6_print(ndo, p, length);
1865 break;
1866 case PPP_MPLS_UCAST:
1867 case PPP_MPLS_MCAST:
1868 mpls_print(ndo, p, length);
1869 break;
1870 default:
1871 ND_PRINT("%s ", tok2str(ppptype2str, "unknown PPP protocol (0x%04x)", ptype));
1872 }
1873
1874 printx:
1875 #else /* __bsdi */
1876 hdrlength = 0;
1877 #endif /* __bsdi__ */
1878 ndo->ndo_ll_hdr_len += hdrlength;
1879 }
1880