freebsd-nq/contrib/tcpdump/print-bootp.c
Ed Maste 0bff6a5af8 Update tcpdump to 4.9.2
It contains many fixes, including bounds checking, buffer overflows (in
SLIP and bittok2str_internal), buffer over-reads, and infinite loops.

One other notable change:
  Do not use getprotobynumber() for protocol name resolution.
  Do not do any protocol name resolution if -n is specified.

Submitted by:	gordon
Reviewed by:	delphij, emaste, glebius
MFC after:	1 week
Relnotes:	Yes
Security:	CVE-2017-11108, CVE-2017-11541, CVE-2017-11542
Security:	CVE-2017-11543, CVE-2017-12893, CVE-2017-12894
Security:	CVE-2017-12895, CVE-2017-12896, CVE-2017-12897
Security:	CVE-2017-12898, CVE-2017-12899, CVE-2017-12900
Security:	CVE-2017-12901, CVE-2017-12902, CVE-2017-12985
Security:	CVE-2017-12986, CVE-2017-12987, CVE-2017-12988
Security:	CVE-2017-12989, CVE-2017-12990, CVE-2017-12991
Security:	CVE-2017-12992, CVE-2017-12993, CVE-2017-12994
Security:	CVE-2017-12995, CVE-2017-12996, CVE-2017-12997
Security:	CVE-2017-12998, CVE-2017-12999, CVE-2017-13000
Security:	CVE-2017-13001, CVE-2017-13002, CVE-2017-13003
Security:	CVE-2017-13004, CVE-2017-13005, CVE-2017-13006
Security:	CVE-2017-13007, CVE-2017-13008, CVE-2017-13009
Security:	CVE-2017-13010, CVE-2017-13011, CVE-2017-13012
Security:	CVE-2017-13013, CVE-2017-13014, CVE-2017-13015
Security:	CVE-2017-13016, CVE-2017-13017, CVE-2017-13018
Security:	CVE-2017-13019, CVE-2017-13020, CVE-2017-13021
Security:	CVE-2017-13022, CVE-2017-13023, CVE-2017-13024
Security:	CVE-2017-13025, CVE-2017-13026, CVE-2017-13027
Security:	CVE-2017-13028, CVE-2017-13029, CVE-2017-13030
Security:	CVE-2017-13031, CVE-2017-13032, CVE-2017-13033
Security:	CVE-2017-13034, CVE-2017-13035, CVE-2017-13036
Security:	CVE-2017-13037, CVE-2017-13038, CVE-2017-13039
Security:	CVE-2017-13040, CVE-2017-13041, CVE-2017-13042
Security:	CVE-2017-13043, CVE-2017-13044, CVE-2017-13045
Security:	CVE-2017-13046, CVE-2017-13047, CVE-2017-13048
Security:	CVE-2017-13049, CVE-2017-13050, CVE-2017-13051
Security:	CVE-2017-13052, CVE-2017-13053, CVE-2017-13054
Security:	CVE-2017-13055, CVE-2017-13687, CVE-2017-13688
Security:	CVE-2017-13689, CVE-2017-13690, CVE-2017-13725
Differential Revision:	https://reviews.freebsd.org/D12404
2017-12-06 02:21:11 +00:00

1095 lines
30 KiB
C

/*
* Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/* \summary: BOOTP and IPv4 DHCP printer */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netdissect-stdinc.h>
#include <string.h>
#include "netdissect.h"
#include "addrtoname.h"
#include "extract.h"
static const char tstr[] = " [|bootp]";
/*
* Bootstrap Protocol (BOOTP). RFC951 and RFC1048.
*
* This file specifies the "implementation-independent" BOOTP protocol
* information which is common to both client and server.
*
* Copyright 1988 by Carnegie Mellon.
*
* Permission to use, copy, modify, and distribute this program for any
* purpose and without fee is hereby granted, provided that this copyright
* and permission notice appear on all copies and supporting documentation,
* the name of Carnegie Mellon not be used in advertising or publicity
* pertaining to distribution of the program without specific prior
* permission, and notice be given in supporting documentation that copying
* and distribution is by permission of Carnegie Mellon and Stanford
* University. Carnegie Mellon makes no representations about the
* suitability of this software for any purpose. It is provided "as is"
* without express or implied warranty.
*/
struct bootp {
uint8_t bp_op; /* packet opcode type */
uint8_t bp_htype; /* hardware addr type */
uint8_t bp_hlen; /* hardware addr length */
uint8_t bp_hops; /* gateway hops */
uint32_t bp_xid; /* transaction ID */
uint16_t bp_secs; /* seconds since boot began */
uint16_t bp_flags; /* flags - see bootp_flag_values[]
in print-bootp.c */
struct in_addr bp_ciaddr; /* client IP address */
struct in_addr bp_yiaddr; /* 'your' IP address */
struct in_addr bp_siaddr; /* server IP address */
struct in_addr bp_giaddr; /* gateway IP address */
uint8_t bp_chaddr[16]; /* client hardware address */
uint8_t bp_sname[64]; /* server host name */
uint8_t bp_file[128]; /* boot file name */
uint8_t bp_vend[64]; /* vendor-specific area */
} UNALIGNED;
#define BOOTPREPLY 2
#define BOOTPREQUEST 1
/*
* Vendor magic cookie (v_magic) for CMU
*/
#define VM_CMU "CMU"
/*
* Vendor magic cookie (v_magic) for RFC1048
*/
#define VM_RFC1048 { 99, 130, 83, 99 }
/*
* RFC1048 tag values used to specify what information is being supplied in
* the vendor field of the packet.
*/
#define TAG_PAD ((uint8_t) 0)
#define TAG_SUBNET_MASK ((uint8_t) 1)
#define TAG_TIME_OFFSET ((uint8_t) 2)
#define TAG_GATEWAY ((uint8_t) 3)
#define TAG_TIME_SERVER ((uint8_t) 4)
#define TAG_NAME_SERVER ((uint8_t) 5)
#define TAG_DOMAIN_SERVER ((uint8_t) 6)
#define TAG_LOG_SERVER ((uint8_t) 7)
#define TAG_COOKIE_SERVER ((uint8_t) 8)
#define TAG_LPR_SERVER ((uint8_t) 9)
#define TAG_IMPRESS_SERVER ((uint8_t) 10)
#define TAG_RLP_SERVER ((uint8_t) 11)
#define TAG_HOSTNAME ((uint8_t) 12)
#define TAG_BOOTSIZE ((uint8_t) 13)
#define TAG_END ((uint8_t) 255)
/* RFC1497 tags */
#define TAG_DUMPPATH ((uint8_t) 14)
#define TAG_DOMAINNAME ((uint8_t) 15)
#define TAG_SWAP_SERVER ((uint8_t) 16)
#define TAG_ROOTPATH ((uint8_t) 17)
#define TAG_EXTPATH ((uint8_t) 18)
/* RFC2132 */
#define TAG_IP_FORWARD ((uint8_t) 19)
#define TAG_NL_SRCRT ((uint8_t) 20)
#define TAG_PFILTERS ((uint8_t) 21)
#define TAG_REASS_SIZE ((uint8_t) 22)
#define TAG_DEF_TTL ((uint8_t) 23)
#define TAG_MTU_TIMEOUT ((uint8_t) 24)
#define TAG_MTU_TABLE ((uint8_t) 25)
#define TAG_INT_MTU ((uint8_t) 26)
#define TAG_LOCAL_SUBNETS ((uint8_t) 27)
#define TAG_BROAD_ADDR ((uint8_t) 28)
#define TAG_DO_MASK_DISC ((uint8_t) 29)
#define TAG_SUPPLY_MASK ((uint8_t) 30)
#define TAG_DO_RDISC ((uint8_t) 31)
#define TAG_RTR_SOL_ADDR ((uint8_t) 32)
#define TAG_STATIC_ROUTE ((uint8_t) 33)
#define TAG_USE_TRAILERS ((uint8_t) 34)
#define TAG_ARP_TIMEOUT ((uint8_t) 35)
#define TAG_ETH_ENCAP ((uint8_t) 36)
#define TAG_TCP_TTL ((uint8_t) 37)
#define TAG_TCP_KEEPALIVE ((uint8_t) 38)
#define TAG_KEEPALIVE_GO ((uint8_t) 39)
#define TAG_NIS_DOMAIN ((uint8_t) 40)
#define TAG_NIS_SERVERS ((uint8_t) 41)
#define TAG_NTP_SERVERS ((uint8_t) 42)
#define TAG_VENDOR_OPTS ((uint8_t) 43)
#define TAG_NETBIOS_NS ((uint8_t) 44)
#define TAG_NETBIOS_DDS ((uint8_t) 45)
#define TAG_NETBIOS_NODE ((uint8_t) 46)
#define TAG_NETBIOS_SCOPE ((uint8_t) 47)
#define TAG_XWIN_FS ((uint8_t) 48)
#define TAG_XWIN_DM ((uint8_t) 49)
#define TAG_NIS_P_DOMAIN ((uint8_t) 64)
#define TAG_NIS_P_SERVERS ((uint8_t) 65)
#define TAG_MOBILE_HOME ((uint8_t) 68)
#define TAG_SMPT_SERVER ((uint8_t) 69)
#define TAG_POP3_SERVER ((uint8_t) 70)
#define TAG_NNTP_SERVER ((uint8_t) 71)
#define TAG_WWW_SERVER ((uint8_t) 72)
#define TAG_FINGER_SERVER ((uint8_t) 73)
#define TAG_IRC_SERVER ((uint8_t) 74)
#define TAG_STREETTALK_SRVR ((uint8_t) 75)
#define TAG_STREETTALK_STDA ((uint8_t) 76)
/* DHCP options */
#define TAG_REQUESTED_IP ((uint8_t) 50)
#define TAG_IP_LEASE ((uint8_t) 51)
#define TAG_OPT_OVERLOAD ((uint8_t) 52)
#define TAG_TFTP_SERVER ((uint8_t) 66)
#define TAG_BOOTFILENAME ((uint8_t) 67)
#define TAG_DHCP_MESSAGE ((uint8_t) 53)
#define TAG_SERVER_ID ((uint8_t) 54)
#define TAG_PARM_REQUEST ((uint8_t) 55)
#define TAG_MESSAGE ((uint8_t) 56)
#define TAG_MAX_MSG_SIZE ((uint8_t) 57)
#define TAG_RENEWAL_TIME ((uint8_t) 58)
#define TAG_REBIND_TIME ((uint8_t) 59)
#define TAG_VENDOR_CLASS ((uint8_t) 60)
#define TAG_CLIENT_ID ((uint8_t) 61)
/* RFC 2241 */
#define TAG_NDS_SERVERS ((uint8_t) 85)
#define TAG_NDS_TREE_NAME ((uint8_t) 86)
#define TAG_NDS_CONTEXT ((uint8_t) 87)
/* RFC 2242 */
#define TAG_NDS_IPDOMAIN ((uint8_t) 62)
#define TAG_NDS_IPINFO ((uint8_t) 63)
/* RFC 2485 */
#define TAG_OPEN_GROUP_UAP ((uint8_t) 98)
/* RFC 2563 */
#define TAG_DISABLE_AUTOCONF ((uint8_t) 116)
/* RFC 2610 */
#define TAG_SLP_DA ((uint8_t) 78)
#define TAG_SLP_SCOPE ((uint8_t) 79)
/* RFC 2937 */
#define TAG_NS_SEARCH ((uint8_t) 117)
/* RFC 3004 - The User Class Option for DHCP */
#define TAG_USER_CLASS ((uint8_t) 77)
/* RFC 3011 */
#define TAG_IP4_SUBNET_SELECT ((uint8_t) 118)
/* RFC 3442 */
#define TAG_CLASSLESS_STATIC_RT ((uint8_t) 121)
#define TAG_CLASSLESS_STA_RT_MS ((uint8_t) 249)
/* RFC 5859 - TFTP Server Address Option for DHCPv4 */
#define TAG_TFTP_SERVER_ADDRESS ((uint8_t) 150)
/* ftp://ftp.isi.edu/.../assignments/bootp-dhcp-extensions */
#define TAG_SLP_NAMING_AUTH ((uint8_t) 80)
#define TAG_CLIENT_FQDN ((uint8_t) 81)
#define TAG_AGENT_CIRCUIT ((uint8_t) 82)
#define TAG_AGENT_REMOTE ((uint8_t) 83)
#define TAG_AGENT_MASK ((uint8_t) 84)
#define TAG_TZ_STRING ((uint8_t) 88)
#define TAG_FQDN_OPTION ((uint8_t) 89)
#define TAG_AUTH ((uint8_t) 90)
#define TAG_VINES_SERVERS ((uint8_t) 91)
#define TAG_SERVER_RANK ((uint8_t) 92)
#define TAG_CLIENT_ARCH ((uint8_t) 93)
#define TAG_CLIENT_NDI ((uint8_t) 94)
#define TAG_CLIENT_GUID ((uint8_t) 97)
#define TAG_LDAP_URL ((uint8_t) 95)
#define TAG_6OVER4 ((uint8_t) 96)
/* RFC 4833, TZ codes */
#define TAG_TZ_PCODE ((uint8_t) 100)
#define TAG_TZ_TCODE ((uint8_t) 101)
#define TAG_IPX_COMPAT ((uint8_t) 110)
#define TAG_NETINFO_PARENT ((uint8_t) 112)
#define TAG_NETINFO_PARENT_TAG ((uint8_t) 113)
#define TAG_URL ((uint8_t) 114)
#define TAG_FAILOVER ((uint8_t) 115)
#define TAG_EXTENDED_REQUEST ((uint8_t) 126)
#define TAG_EXTENDED_OPTION ((uint8_t) 127)
#define TAG_MUDURL ((uint8_t) 161)
/* DHCP Message types (values for TAG_DHCP_MESSAGE option) */
#define DHCPDISCOVER 1
#define DHCPOFFER 2
#define DHCPREQUEST 3
#define DHCPDECLINE 4
#define DHCPACK 5
#define DHCPNAK 6
#define DHCPRELEASE 7
#define DHCPINFORM 8
/*
* "vendor" data permitted for CMU bootp clients.
*/
struct cmu_vend {
uint8_t v_magic[4]; /* magic number */
uint32_t v_flags; /* flags/opcodes, etc. */
struct in_addr v_smask; /* Subnet mask */
struct in_addr v_dgate; /* Default gateway */
struct in_addr v_dns1, v_dns2; /* Domain name servers */
struct in_addr v_ins1, v_ins2; /* IEN-116 name servers */
struct in_addr v_ts1, v_ts2; /* Time servers */
uint8_t v_unused[24]; /* currently unused */
} UNALIGNED;
/* v_flags values */
#define VF_SMASK 1 /* Subnet mask field contains valid data */
/* RFC 4702 DHCP Client FQDN Option */
#define CLIENT_FQDN_FLAGS_S 0x01
#define CLIENT_FQDN_FLAGS_O 0x02
#define CLIENT_FQDN_FLAGS_E 0x04
#define CLIENT_FQDN_FLAGS_N 0x08
/* end of original bootp.h */
static void rfc1048_print(netdissect_options *, const u_char *);
static void cmu_print(netdissect_options *, const u_char *);
static char *client_fqdn_flags(u_int flags);
static const struct tok bootp_flag_values[] = {
{ 0x8000, "Broadcast" },
{ 0, NULL}
};
static const struct tok bootp_op_values[] = {
{ BOOTPREQUEST, "Request" },
{ BOOTPREPLY, "Reply" },
{ 0, NULL}
};
/*
* Print bootp requests
*/
void
bootp_print(netdissect_options *ndo,
register const u_char *cp, u_int length)
{
register const struct bootp *bp;
static const u_char vm_cmu[4] = VM_CMU;
static const u_char vm_rfc1048[4] = VM_RFC1048;
bp = (const struct bootp *)cp;
ND_TCHECK(bp->bp_op);
ND_PRINT((ndo, "BOOTP/DHCP, %s",
tok2str(bootp_op_values, "unknown (0x%02x)", bp->bp_op)));
ND_TCHECK(bp->bp_hlen);
if (bp->bp_htype == 1 && bp->bp_hlen == 6 && bp->bp_op == BOOTPREQUEST) {
ND_TCHECK2(bp->bp_chaddr[0], 6);
ND_PRINT((ndo, " from %s", etheraddr_string(ndo, bp->bp_chaddr)));
}
ND_PRINT((ndo, ", length %u", length));
if (!ndo->ndo_vflag)
return;
ND_TCHECK(bp->bp_secs);
/* The usual hardware address type is 1 (10Mb Ethernet) */
if (bp->bp_htype != 1)
ND_PRINT((ndo, ", htype %d", bp->bp_htype));
/* The usual length for 10Mb Ethernet address is 6 bytes */
if (bp->bp_htype != 1 || bp->bp_hlen != 6)
ND_PRINT((ndo, ", hlen %d", bp->bp_hlen));
/* Only print interesting fields */
if (bp->bp_hops)
ND_PRINT((ndo, ", hops %d", bp->bp_hops));
if (EXTRACT_32BITS(&bp->bp_xid))
ND_PRINT((ndo, ", xid 0x%x", EXTRACT_32BITS(&bp->bp_xid)));
if (EXTRACT_16BITS(&bp->bp_secs))
ND_PRINT((ndo, ", secs %d", EXTRACT_16BITS(&bp->bp_secs)));
ND_TCHECK(bp->bp_flags);
ND_PRINT((ndo, ", Flags [%s]",
bittok2str(bootp_flag_values, "none", EXTRACT_16BITS(&bp->bp_flags))));
if (ndo->ndo_vflag > 1)
ND_PRINT((ndo, " (0x%04x)", EXTRACT_16BITS(&bp->bp_flags)));
/* Client's ip address */
ND_TCHECK(bp->bp_ciaddr);
if (EXTRACT_32BITS(&bp->bp_ciaddr.s_addr))
ND_PRINT((ndo, "\n\t Client-IP %s", ipaddr_string(ndo, &bp->bp_ciaddr)));
/* 'your' ip address (bootp client) */
ND_TCHECK(bp->bp_yiaddr);
if (EXTRACT_32BITS(&bp->bp_yiaddr.s_addr))
ND_PRINT((ndo, "\n\t Your-IP %s", ipaddr_string(ndo, &bp->bp_yiaddr)));
/* Server's ip address */
ND_TCHECK(bp->bp_siaddr);
if (EXTRACT_32BITS(&bp->bp_siaddr.s_addr))
ND_PRINT((ndo, "\n\t Server-IP %s", ipaddr_string(ndo, &bp->bp_siaddr)));
/* Gateway's ip address */
ND_TCHECK(bp->bp_giaddr);
if (EXTRACT_32BITS(&bp->bp_giaddr.s_addr))
ND_PRINT((ndo, "\n\t Gateway-IP %s", ipaddr_string(ndo, &bp->bp_giaddr)));
/* Client's Ethernet address */
if (bp->bp_htype == 1 && bp->bp_hlen == 6) {
ND_TCHECK2(bp->bp_chaddr[0], 6);
ND_PRINT((ndo, "\n\t Client-Ethernet-Address %s", etheraddr_string(ndo, bp->bp_chaddr)));
}
ND_TCHECK2(bp->bp_sname[0], 1); /* check first char only */
if (*bp->bp_sname) {
ND_PRINT((ndo, "\n\t sname \""));
if (fn_printztn(ndo, bp->bp_sname, (u_int)sizeof bp->bp_sname,
ndo->ndo_snapend)) {
ND_PRINT((ndo, "\""));
ND_PRINT((ndo, "%s", tstr + 1));
return;
}
ND_PRINT((ndo, "\""));
}
ND_TCHECK2(bp->bp_file[0], 1); /* check first char only */
if (*bp->bp_file) {
ND_PRINT((ndo, "\n\t file \""));
if (fn_printztn(ndo, bp->bp_file, (u_int)sizeof bp->bp_file,
ndo->ndo_snapend)) {
ND_PRINT((ndo, "\""));
ND_PRINT((ndo, "%s", tstr + 1));
return;
}
ND_PRINT((ndo, "\""));
}
/* Decode the vendor buffer */
ND_TCHECK(bp->bp_vend[0]);
if (memcmp((const char *)bp->bp_vend, vm_rfc1048,
sizeof(uint32_t)) == 0)
rfc1048_print(ndo, bp->bp_vend);
else if (memcmp((const char *)bp->bp_vend, vm_cmu,
sizeof(uint32_t)) == 0)
cmu_print(ndo, bp->bp_vend);
else {
uint32_t ul;
ul = EXTRACT_32BITS(&bp->bp_vend);
if (ul != 0)
ND_PRINT((ndo, "\n\t Vendor-#0x%x", ul));
}
return;
trunc:
ND_PRINT((ndo, "%s", tstr));
}
/*
* The first character specifies the format to print:
* i - ip address (32 bits)
* p - ip address pairs (32 bits + 32 bits)
* l - long (32 bits)
* L - unsigned long (32 bits)
* s - short (16 bits)
* b - period-seperated decimal bytes (variable length)
* x - colon-seperated hex bytes (variable length)
* a - ascii string (variable length)
* B - on/off (8 bits)
* $ - special (explicit code to handle)
*/
static const struct tok tag2str[] = {
/* RFC1048 tags */
{ TAG_PAD, " PAD" },
{ TAG_SUBNET_MASK, "iSubnet-Mask" }, /* subnet mask (RFC950) */
{ TAG_TIME_OFFSET, "LTime-Zone" }, /* seconds from UTC */
{ TAG_GATEWAY, "iDefault-Gateway" }, /* default gateway */
{ TAG_TIME_SERVER, "iTime-Server" }, /* time servers (RFC868) */
{ TAG_NAME_SERVER, "iIEN-Name-Server" }, /* IEN name servers (IEN116) */
{ TAG_DOMAIN_SERVER, "iDomain-Name-Server" }, /* domain name (RFC1035) */
{ TAG_LOG_SERVER, "iLOG" }, /* MIT log servers */
{ TAG_COOKIE_SERVER, "iCS" }, /* cookie servers (RFC865) */
{ TAG_LPR_SERVER, "iLPR-Server" }, /* lpr server (RFC1179) */
{ TAG_IMPRESS_SERVER, "iIM" }, /* impress servers (Imagen) */
{ TAG_RLP_SERVER, "iRL" }, /* resource location (RFC887) */
{ TAG_HOSTNAME, "aHostname" }, /* ascii hostname */
{ TAG_BOOTSIZE, "sBS" }, /* 512 byte blocks */
{ TAG_END, " END" },
/* RFC1497 tags */
{ TAG_DUMPPATH, "aDP" },
{ TAG_DOMAINNAME, "aDomain-Name" },
{ TAG_SWAP_SERVER, "iSS" },
{ TAG_ROOTPATH, "aRP" },
{ TAG_EXTPATH, "aEP" },
/* RFC2132 tags */
{ TAG_IP_FORWARD, "BIPF" },
{ TAG_NL_SRCRT, "BSRT" },
{ TAG_PFILTERS, "pPF" },
{ TAG_REASS_SIZE, "sRSZ" },
{ TAG_DEF_TTL, "bTTL" },
{ TAG_MTU_TIMEOUT, "lMTU-Timeout" },
{ TAG_MTU_TABLE, "sMTU-Table" },
{ TAG_INT_MTU, "sMTU" },
{ TAG_LOCAL_SUBNETS, "BLSN" },
{ TAG_BROAD_ADDR, "iBR" },
{ TAG_DO_MASK_DISC, "BMD" },
{ TAG_SUPPLY_MASK, "BMS" },
{ TAG_DO_RDISC, "BRouter-Discovery" },
{ TAG_RTR_SOL_ADDR, "iRSA" },
{ TAG_STATIC_ROUTE, "pStatic-Route" },
{ TAG_USE_TRAILERS, "BUT" },
{ TAG_ARP_TIMEOUT, "lAT" },
{ TAG_ETH_ENCAP, "BIE" },
{ TAG_TCP_TTL, "bTT" },
{ TAG_TCP_KEEPALIVE, "lKI" },
{ TAG_KEEPALIVE_GO, "BKG" },
{ TAG_NIS_DOMAIN, "aYD" },
{ TAG_NIS_SERVERS, "iYS" },
{ TAG_NTP_SERVERS, "iNTP" },
{ TAG_VENDOR_OPTS, "bVendor-Option" },
{ TAG_NETBIOS_NS, "iNetbios-Name-Server" },
{ TAG_NETBIOS_DDS, "iWDD" },
{ TAG_NETBIOS_NODE, "$Netbios-Node" },
{ TAG_NETBIOS_SCOPE, "aNetbios-Scope" },
{ TAG_XWIN_FS, "iXFS" },
{ TAG_XWIN_DM, "iXDM" },
{ TAG_NIS_P_DOMAIN, "sN+D" },
{ TAG_NIS_P_SERVERS, "iN+S" },
{ TAG_MOBILE_HOME, "iMH" },
{ TAG_SMPT_SERVER, "iSMTP" },
{ TAG_POP3_SERVER, "iPOP3" },
{ TAG_NNTP_SERVER, "iNNTP" },
{ TAG_WWW_SERVER, "iWWW" },
{ TAG_FINGER_SERVER, "iFG" },
{ TAG_IRC_SERVER, "iIRC" },
{ TAG_STREETTALK_SRVR, "iSTS" },
{ TAG_STREETTALK_STDA, "iSTDA" },
{ TAG_REQUESTED_IP, "iRequested-IP" },
{ TAG_IP_LEASE, "lLease-Time" },
{ TAG_OPT_OVERLOAD, "$OO" },
{ TAG_TFTP_SERVER, "aTFTP" },
{ TAG_BOOTFILENAME, "aBF" },
{ TAG_DHCP_MESSAGE, " DHCP-Message" },
{ TAG_SERVER_ID, "iServer-ID" },
{ TAG_PARM_REQUEST, "bParameter-Request" },
{ TAG_MESSAGE, "aMSG" },
{ TAG_MAX_MSG_SIZE, "sMSZ" },
{ TAG_RENEWAL_TIME, "lRN" },
{ TAG_REBIND_TIME, "lRB" },
{ TAG_VENDOR_CLASS, "aVendor-Class" },
{ TAG_CLIENT_ID, "$Client-ID" },
/* RFC 2485 */
{ TAG_OPEN_GROUP_UAP, "aUAP" },
/* RFC 2563 */
{ TAG_DISABLE_AUTOCONF, "BNOAUTO" },
/* RFC 2610 */
{ TAG_SLP_DA, "bSLP-DA" }, /*"b" is a little wrong */
{ TAG_SLP_SCOPE, "bSLP-SCOPE" }, /*"b" is a little wrong */
/* RFC 2937 */
{ TAG_NS_SEARCH, "sNSSEARCH" }, /* XXX 's' */
/* RFC 3004 - The User Class Option for DHCP */
{ TAG_USER_CLASS, "$User-Class" },
/* RFC 3011 */
{ TAG_IP4_SUBNET_SELECT, "iSUBNET" },
/* RFC 3442 */
{ TAG_CLASSLESS_STATIC_RT, "$Classless-Static-Route" },
{ TAG_CLASSLESS_STA_RT_MS, "$Classless-Static-Route-Microsoft" },
/* RFC 5859 - TFTP Server Address Option for DHCPv4 */
{ TAG_TFTP_SERVER_ADDRESS, "iTFTP-Server-Address" },
/* http://www.iana.org/assignments/bootp-dhcp-extensions/index.htm */
{ TAG_SLP_NAMING_AUTH, "aSLP-NA" },
{ TAG_CLIENT_FQDN, "$FQDN" },
{ TAG_AGENT_CIRCUIT, "$Agent-Information" },
{ TAG_AGENT_REMOTE, "bARMT" },
{ TAG_AGENT_MASK, "bAMSK" },
{ TAG_TZ_STRING, "aTZSTR" },
{ TAG_FQDN_OPTION, "bFQDNS" }, /* XXX 'b' */
{ TAG_AUTH, "bAUTH" }, /* XXX 'b' */
{ TAG_VINES_SERVERS, "iVINES" },
{ TAG_SERVER_RANK, "sRANK" },
{ TAG_CLIENT_ARCH, "sARCH" },
{ TAG_CLIENT_NDI, "bNDI" }, /* XXX 'b' */
{ TAG_CLIENT_GUID, "bGUID" }, /* XXX 'b' */
{ TAG_LDAP_URL, "aLDAP" },
{ TAG_6OVER4, "i6o4" },
{ TAG_TZ_PCODE, "aPOSIX-TZ" },
{ TAG_TZ_TCODE, "aTZ-Name" },
{ TAG_IPX_COMPAT, "bIPX" }, /* XXX 'b' */
{ TAG_NETINFO_PARENT, "iNI" },
{ TAG_NETINFO_PARENT_TAG, "aNITAG" },
{ TAG_URL, "aURL" },
{ TAG_FAILOVER, "bFAIL" }, /* XXX 'b' */
{ TAG_MUDURL, "aMUD-URL" },
{ 0, NULL }
};
/* 2-byte extended tags */
static const struct tok xtag2str[] = {
{ 0, NULL }
};
/* DHCP "options overload" types */
static const struct tok oo2str[] = {
{ 1, "file" },
{ 2, "sname" },
{ 3, "file+sname" },
{ 0, NULL }
};
/* NETBIOS over TCP/IP node type options */
static const struct tok nbo2str[] = {
{ 0x1, "b-node" },
{ 0x2, "p-node" },
{ 0x4, "m-node" },
{ 0x8, "h-node" },
{ 0, NULL }
};
/* ARP Hardware types, for Client-ID option */
static const struct tok arp2str[] = {
{ 0x1, "ether" },
{ 0x6, "ieee802" },
{ 0x7, "arcnet" },
{ 0xf, "frelay" },
{ 0x17, "strip" },
{ 0x18, "ieee1394" },
{ 0, NULL }
};
static const struct tok dhcp_msg_values[] = {
{ DHCPDISCOVER, "Discover" },
{ DHCPOFFER, "Offer" },
{ DHCPREQUEST, "Request" },
{ DHCPDECLINE, "Decline" },
{ DHCPACK, "ACK" },
{ DHCPNAK, "NACK" },
{ DHCPRELEASE, "Release" },
{ DHCPINFORM, "Inform" },
{ 0, NULL }
};
#define AGENT_SUBOPTION_CIRCUIT_ID 1 /* RFC 3046 */
#define AGENT_SUBOPTION_REMOTE_ID 2 /* RFC 3046 */
#define AGENT_SUBOPTION_SUBSCRIBER_ID 6 /* RFC 3993 */
static const struct tok agent_suboption_values[] = {
{ AGENT_SUBOPTION_CIRCUIT_ID, "Circuit-ID" },
{ AGENT_SUBOPTION_REMOTE_ID, "Remote-ID" },
{ AGENT_SUBOPTION_SUBSCRIBER_ID, "Subscriber-ID" },
{ 0, NULL }
};
static void
rfc1048_print(netdissect_options *ndo,
register const u_char *bp)
{
register uint16_t tag;
register u_int len;
register const char *cp;
register char c;
int first, idx;
uint32_t ul;
uint16_t us;
uint8_t uc, subopt, suboptlen;
ND_PRINT((ndo, "\n\t Vendor-rfc1048 Extensions"));
/* Step over magic cookie */
ND_PRINT((ndo, "\n\t Magic Cookie 0x%08x", EXTRACT_32BITS(bp)));
bp += sizeof(int32_t);
/* Loop while we there is a tag left in the buffer */
while (ND_TTEST2(*bp, 1)) {
tag = *bp++;
if (tag == TAG_PAD && ndo->ndo_vflag < 3)
continue;
if (tag == TAG_END && ndo->ndo_vflag < 3)
return;
if (tag == TAG_EXTENDED_OPTION) {
ND_TCHECK2(*(bp + 1), 2);
tag = EXTRACT_16BITS(bp + 1);
/* XXX we don't know yet if the IANA will
* preclude overlap of 1-byte and 2-byte spaces.
* If not, we need to offset tag after this step.
*/
cp = tok2str(xtag2str, "?xT%u", tag);
} else
cp = tok2str(tag2str, "?T%u", tag);
c = *cp++;
if (tag == TAG_PAD || tag == TAG_END)
len = 0;
else {
/* Get the length; check for truncation */
ND_TCHECK2(*bp, 1);
len = *bp++;
}
ND_PRINT((ndo, "\n\t %s Option %u, length %u%s", cp, tag, len,
len > 0 ? ": " : ""));
if (tag == TAG_PAD && ndo->ndo_vflag > 2) {
u_int ntag = 1;
while (ND_TTEST2(*bp, 1) && *bp == TAG_PAD) {
bp++;
ntag++;
}
if (ntag > 1)
ND_PRINT((ndo, ", occurs %u", ntag));
}
if (!ND_TTEST2(*bp, len)) {
ND_PRINT((ndo, "[|rfc1048 %u]", len));
return;
}
if (tag == TAG_DHCP_MESSAGE && len == 1) {
uc = *bp++;
ND_PRINT((ndo, "%s", tok2str(dhcp_msg_values, "Unknown (%u)", uc)));
continue;
}
if (tag == TAG_PARM_REQUEST) {
idx = 0;
while (len-- > 0) {
uc = *bp++;
cp = tok2str(tag2str, "?Option %u", uc);
if (idx % 4 == 0)
ND_PRINT((ndo, "\n\t "));
else
ND_PRINT((ndo, ", "));
ND_PRINT((ndo, "%s", cp + 1));
idx++;
}
continue;
}
if (tag == TAG_EXTENDED_REQUEST) {
first = 1;
while (len > 1) {
len -= 2;
us = EXTRACT_16BITS(bp);
bp += 2;
cp = tok2str(xtag2str, "?xT%u", us);
if (!first)
ND_PRINT((ndo, "+"));
ND_PRINT((ndo, "%s", cp + 1));
first = 0;
}
continue;
}
/* Print data */
if (c == '?') {
/* Base default formats for unknown tags on data size */
if (len & 1)
c = 'b';
else if (len & 2)
c = 's';
else
c = 'l';
}
first = 1;
switch (c) {
case 'a':
/* ascii strings */
ND_PRINT((ndo, "\""));
if (fn_printn(ndo, bp, len, ndo->ndo_snapend)) {
ND_PRINT((ndo, "\""));
goto trunc;
}
ND_PRINT((ndo, "\""));
bp += len;
len = 0;
break;
case 'i':
case 'l':
case 'L':
/* ip addresses/32-bit words */
while (len >= sizeof(ul)) {
if (!first)
ND_PRINT((ndo, ","));
ul = EXTRACT_32BITS(bp);
if (c == 'i') {
ul = htonl(ul);
ND_PRINT((ndo, "%s", ipaddr_string(ndo, &ul)));
} else if (c == 'L')
ND_PRINT((ndo, "%d", ul));
else
ND_PRINT((ndo, "%u", ul));
bp += sizeof(ul);
len -= sizeof(ul);
first = 0;
}
break;
case 'p':
/* IP address pairs */
while (len >= 2*sizeof(ul)) {
if (!first)
ND_PRINT((ndo, ","));
memcpy((char *)&ul, (const char *)bp, sizeof(ul));
ND_PRINT((ndo, "(%s:", ipaddr_string(ndo, &ul)));
bp += sizeof(ul);
memcpy((char *)&ul, (const char *)bp, sizeof(ul));
ND_PRINT((ndo, "%s)", ipaddr_string(ndo, &ul)));
bp += sizeof(ul);
len -= 2*sizeof(ul);
first = 0;
}
break;
case 's':
/* shorts */
while (len >= sizeof(us)) {
if (!first)
ND_PRINT((ndo, ","));
us = EXTRACT_16BITS(bp);
ND_PRINT((ndo, "%u", us));
bp += sizeof(us);
len -= sizeof(us);
first = 0;
}
break;
case 'B':
/* boolean */
while (len > 0) {
if (!first)
ND_PRINT((ndo, ","));
switch (*bp) {
case 0:
ND_PRINT((ndo, "N"));
break;
case 1:
ND_PRINT((ndo, "Y"));
break;
default:
ND_PRINT((ndo, "%u?", *bp));
break;
}
++bp;
--len;
first = 0;
}
break;
case 'b':
case 'x':
default:
/* Bytes */
while (len > 0) {
if (!first)
ND_PRINT((ndo, c == 'x' ? ":" : "."));
if (c == 'x')
ND_PRINT((ndo, "%02x", *bp));
else
ND_PRINT((ndo, "%u", *bp));
++bp;
--len;
first = 0;
}
break;
case '$':
/* Guys we can't handle with one of the usual cases */
switch (tag) {
case TAG_NETBIOS_NODE:
/* this option should be at least 1 byte long */
if (len < 1) {
ND_PRINT((ndo, "ERROR: length < 1 bytes"));
break;
}
tag = *bp++;
--len;
ND_PRINT((ndo, "%s", tok2str(nbo2str, NULL, tag)));
break;
case TAG_OPT_OVERLOAD:
/* this option should be at least 1 byte long */
if (len < 1) {
ND_PRINT((ndo, "ERROR: length < 1 bytes"));
break;
}
tag = *bp++;
--len;
ND_PRINT((ndo, "%s", tok2str(oo2str, NULL, tag)));
break;
case TAG_CLIENT_FQDN:
/* this option should be at least 3 bytes long */
if (len < 3) {
ND_PRINT((ndo, "ERROR: length < 3 bytes"));
bp += len;
len = 0;
break;
}
if (*bp)
ND_PRINT((ndo, "[%s] ", client_fqdn_flags(*bp)));
bp++;
if (*bp || *(bp+1))
ND_PRINT((ndo, "%u/%u ", *bp, *(bp+1)));
bp += 2;
ND_PRINT((ndo, "\""));
if (fn_printn(ndo, bp, len - 3, ndo->ndo_snapend)) {
ND_PRINT((ndo, "\""));
goto trunc;
}
ND_PRINT((ndo, "\""));
bp += len - 3;
len = 0;
break;
case TAG_CLIENT_ID:
{
int type;
/* this option should be at least 1 byte long */
if (len < 1) {
ND_PRINT((ndo, "ERROR: length < 1 bytes"));
break;
}
type = *bp++;
len--;
if (type == 0) {
ND_PRINT((ndo, "\""));
if (fn_printn(ndo, bp, len, ndo->ndo_snapend)) {
ND_PRINT((ndo, "\""));
goto trunc;
}
ND_PRINT((ndo, "\""));
bp += len;
len = 0;
break;
} else {
ND_PRINT((ndo, "%s ", tok2str(arp2str, "hardware-type %u,", type)));
while (len > 0) {
if (!first)
ND_PRINT((ndo, ":"));
ND_PRINT((ndo, "%02x", *bp));
++bp;
--len;
first = 0;
}
}
break;
}
case TAG_AGENT_CIRCUIT:
while (len >= 2) {
subopt = *bp++;
suboptlen = *bp++;
len -= 2;
if (suboptlen > len) {
ND_PRINT((ndo, "\n\t %s SubOption %u, length %u: length goes past end of option",
tok2str(agent_suboption_values, "Unknown", subopt),
subopt,
suboptlen));
bp += len;
len = 0;
break;
}
ND_PRINT((ndo, "\n\t %s SubOption %u, length %u: ",
tok2str(agent_suboption_values, "Unknown", subopt),
subopt,
suboptlen));
switch (subopt) {
case AGENT_SUBOPTION_CIRCUIT_ID: /* fall through */
case AGENT_SUBOPTION_REMOTE_ID:
case AGENT_SUBOPTION_SUBSCRIBER_ID:
if (fn_printn(ndo, bp, suboptlen, ndo->ndo_snapend))
goto trunc;
break;
default:
print_unknown_data(ndo, bp, "\n\t\t", suboptlen);
}
len -= suboptlen;
bp += suboptlen;
}
break;
case TAG_CLASSLESS_STATIC_RT:
case TAG_CLASSLESS_STA_RT_MS:
{
u_int mask_width, significant_octets, i;
/* this option should be at least 5 bytes long */
if (len < 5) {
ND_PRINT((ndo, "ERROR: length < 5 bytes"));
bp += len;
len = 0;
break;
}
while (len > 0) {
if (!first)
ND_PRINT((ndo, ","));
mask_width = *bp++;
len--;
/* mask_width <= 32 */
if (mask_width > 32) {
ND_PRINT((ndo, "[ERROR: Mask width (%d) > 32]", mask_width));
bp += len;
len = 0;
break;
}
significant_octets = (mask_width + 7) / 8;
/* significant octets + router(4) */
if (len < significant_octets + 4) {
ND_PRINT((ndo, "[ERROR: Remaining length (%u) < %u bytes]", len, significant_octets + 4));
bp += len;
len = 0;
break;
}
ND_PRINT((ndo, "("));
if (mask_width == 0)
ND_PRINT((ndo, "default"));
else {
for (i = 0; i < significant_octets ; i++) {
if (i > 0)
ND_PRINT((ndo, "."));
ND_PRINT((ndo, "%d", *bp++));
}
for (i = significant_octets ; i < 4 ; i++)
ND_PRINT((ndo, ".0"));
ND_PRINT((ndo, "/%d", mask_width));
}
memcpy((char *)&ul, (const char *)bp, sizeof(ul));
ND_PRINT((ndo, ":%s)", ipaddr_string(ndo, &ul)));
bp += sizeof(ul);
len -= (significant_octets + 4);
first = 0;
}
break;
}
case TAG_USER_CLASS:
{
u_int suboptnumber = 1;
first = 1;
if (len < 2) {
ND_PRINT((ndo, "ERROR: length < 2 bytes"));
bp += len;
len = 0;
break;
}
while (len > 0) {
suboptlen = *bp++;
len--;
ND_PRINT((ndo, "\n\t "));
ND_PRINT((ndo, "instance#%u: ", suboptnumber));
if (suboptlen == 0) {
ND_PRINT((ndo, "ERROR: suboption length must be non-zero"));
bp += len;
len = 0;
break;
}
if (len < suboptlen) {
ND_PRINT((ndo, "ERROR: invalid option"));
bp += len;
len = 0;
break;
}
ND_PRINT((ndo, "\""));
if (fn_printn(ndo, bp, suboptlen, ndo->ndo_snapend)) {
ND_PRINT((ndo, "\""));
goto trunc;
}
ND_PRINT((ndo, "\""));
ND_PRINT((ndo, ", length %d", suboptlen));
suboptnumber++;
len -= suboptlen;
bp += suboptlen;
}
break;
}
default:
ND_PRINT((ndo, "[unknown special tag %u, size %u]",
tag, len));
bp += len;
len = 0;
break;
}
break;
}
/* Data left over? */
if (len) {
ND_PRINT((ndo, "\n\t trailing data length %u", len));
bp += len;
}
}
return;
trunc:
ND_PRINT((ndo, "|[rfc1048]"));
}
static void
cmu_print(netdissect_options *ndo,
register const u_char *bp)
{
register const struct cmu_vend *cmu;
#define PRINTCMUADDR(m, s) { ND_TCHECK(cmu->m); \
if (cmu->m.s_addr != 0) \
ND_PRINT((ndo, " %s:%s", s, ipaddr_string(ndo, &cmu->m.s_addr))); }
ND_PRINT((ndo, " vend-cmu"));
cmu = (const struct cmu_vend *)bp;
/* Only print if there are unknown bits */
ND_TCHECK(cmu->v_flags);
if ((cmu->v_flags & ~(VF_SMASK)) != 0)
ND_PRINT((ndo, " F:0x%x", cmu->v_flags));
PRINTCMUADDR(v_dgate, "DG");
PRINTCMUADDR(v_smask, cmu->v_flags & VF_SMASK ? "SM" : "SM*");
PRINTCMUADDR(v_dns1, "NS1");
PRINTCMUADDR(v_dns2, "NS2");
PRINTCMUADDR(v_ins1, "IEN1");
PRINTCMUADDR(v_ins2, "IEN2");
PRINTCMUADDR(v_ts1, "TS1");
PRINTCMUADDR(v_ts2, "TS2");
return;
trunc:
ND_PRINT((ndo, "%s", tstr));
#undef PRINTCMUADDR
}
static char *
client_fqdn_flags(u_int flags)
{
static char buf[8+1];
int i = 0;
if (flags & CLIENT_FQDN_FLAGS_S)
buf[i++] = 'S';
if (flags & CLIENT_FQDN_FLAGS_O)
buf[i++] = 'O';
if (flags & CLIENT_FQDN_FLAGS_E)
buf[i++] = 'E';
if (flags & CLIENT_FQDN_FLAGS_N)
buf[i++] = 'N';
buf[i] = '\0';
return buf;
}