1/* 2 * Copyright (c) 1998-2004 Hannes Gredler <hannes@tcpdump.org> 3 * The TCPDUMP project 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code 7 * distributions retain the above copyright notice and this paragraph 8 * in its entirety, and (2) distributions including binary code include 9 * the above copyright notice and this paragraph in its entirety in 10 * the documentation or other materials provided with the distribution. 11 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 12 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 13 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 14 * FOR A PARTICULAR PURPOSE. 15 */ 16 17#define NETDISSECT_REWORKED 18#ifdef HAVE_CONFIG_H 19#include "config.h" 20#endif 21 22#include <tcpdump-stdinc.h> 23 24#include <string.h> 25 26#include "interface.h" 27#include "extract.h" 28#include "addrtoname.h" 29 30/* 31 * packet format documented at 32 * http://www.rhyshaden.com/eigrp.htm 33 */ 34 35struct eigrp_common_header { 36 uint8_t version; 37 uint8_t opcode; 38 uint8_t checksum[2]; 39 uint8_t flags[4]; 40 uint8_t seq[4]; 41 uint8_t ack[4]; 42 uint8_t asn[4]; 43}; 44 45#define EIGRP_VERSION 2 46 47#define EIGRP_OPCODE_UPDATE 1 48#define EIGRP_OPCODE_QUERY 3 49#define EIGRP_OPCODE_REPLY 4 50#define EIGRP_OPCODE_HELLO 5 51#define EIGRP_OPCODE_IPXSAP 6 52#define EIGRP_OPCODE_PROBE 7 53 54static const struct tok eigrp_opcode_values[] = { 55 { EIGRP_OPCODE_UPDATE, "Update" }, 56 { EIGRP_OPCODE_QUERY, "Query" }, 57 { EIGRP_OPCODE_REPLY, "Reply" }, 58 { EIGRP_OPCODE_HELLO, "Hello" }, 59 { EIGRP_OPCODE_IPXSAP, "IPX SAP" }, 60 { EIGRP_OPCODE_PROBE, "Probe" }, 61 { 0, NULL} 62}; 63 64static const struct tok eigrp_common_header_flag_values[] = { 65 { 0x01, "Init" }, 66 { 0x02, "Conditionally Received" }, 67 { 0, NULL} 68}; 69 70struct eigrp_tlv_header { 71 uint8_t type[2]; 72 uint8_t length[2]; 73}; 74 75#define EIGRP_TLV_GENERAL_PARM 0x0001 76#define EIGRP_TLV_AUTH 0x0002 77#define EIGRP_TLV_SEQ 0x0003 78#define EIGRP_TLV_SW_VERSION 0x0004 79#define EIGRP_TLV_MCAST_SEQ 0x0005 80#define EIGRP_TLV_IP_INT 0x0102 81#define EIGRP_TLV_IP_EXT 0x0103 82#define EIGRP_TLV_AT_INT 0x0202 83#define EIGRP_TLV_AT_EXT 0x0203 84#define EIGRP_TLV_AT_CABLE_SETUP 0x0204 85#define EIGRP_TLV_IPX_INT 0x0302 86#define EIGRP_TLV_IPX_EXT 0x0303 87 88static const struct tok eigrp_tlv_values[] = { 89 { EIGRP_TLV_GENERAL_PARM, "General Parameters"}, 90 { EIGRP_TLV_AUTH, "Authentication"}, 91 { EIGRP_TLV_SEQ, "Sequence"}, 92 { EIGRP_TLV_SW_VERSION, "Software Version"}, 93 { EIGRP_TLV_MCAST_SEQ, "Next Multicast Sequence"}, 94 { EIGRP_TLV_IP_INT, "IP Internal routes"}, 95 { EIGRP_TLV_IP_EXT, "IP External routes"}, 96 { EIGRP_TLV_AT_INT, "AppleTalk Internal routes"}, 97 { EIGRP_TLV_AT_EXT, "AppleTalk External routes"}, 98 { EIGRP_TLV_AT_CABLE_SETUP, "AppleTalk Cable setup"}, 99 { EIGRP_TLV_IPX_INT, "IPX Internal routes"}, 100 { EIGRP_TLV_IPX_EXT, "IPX External routes"}, 101 { 0, NULL} 102}; 103 104struct eigrp_tlv_general_parm_t { 105 uint8_t k1; 106 uint8_t k2; 107 uint8_t k3; 108 uint8_t k4; 109 uint8_t k5; 110 uint8_t res; 111 uint8_t holdtime[2]; 112}; 113 114struct eigrp_tlv_sw_version_t { 115 uint8_t ios_major; 116 uint8_t ios_minor; 117 uint8_t eigrp_major; 118 uint8_t eigrp_minor; 119}; 120 121struct eigrp_tlv_ip_int_t { 122 uint8_t nexthop[4]; 123 uint8_t delay[4]; 124 uint8_t bandwidth[4]; 125 uint8_t mtu[3]; 126 uint8_t hopcount; 127 uint8_t reliability; 128 uint8_t load; 129 uint8_t reserved[2]; 130 uint8_t plen; 131 uint8_t destination; /* variable length [1-4] bytes encoding */ 132}; 133 134struct eigrp_tlv_ip_ext_t { 135 uint8_t nexthop[4]; 136 uint8_t origin_router[4]; 137 uint8_t origin_as[4]; 138 uint8_t tag[4]; 139 uint8_t metric[4]; 140 uint8_t reserved[2]; 141 uint8_t proto_id; 142 uint8_t flags; 143 uint8_t delay[4]; 144 uint8_t bandwidth[4]; 145 uint8_t mtu[3]; 146 uint8_t hopcount; 147 uint8_t reliability; 148 uint8_t load; 149 uint8_t reserved2[2]; 150 uint8_t plen; 151 uint8_t destination; /* variable length [1-4] bytes encoding */ 152}; 153 154struct eigrp_tlv_at_cable_setup_t { 155 uint8_t cable_start[2]; 156 uint8_t cable_end[2]; 157 uint8_t router_id[4]; 158}; 159 160struct eigrp_tlv_at_int_t { 161 uint8_t nexthop[4]; 162 uint8_t delay[4]; 163 uint8_t bandwidth[4]; 164 uint8_t mtu[3]; 165 uint8_t hopcount; 166 uint8_t reliability; 167 uint8_t load; 168 uint8_t reserved[2]; 169 uint8_t cable_start[2]; 170 uint8_t cable_end[2]; 171}; 172 173struct eigrp_tlv_at_ext_t { 174 uint8_t nexthop[4]; 175 uint8_t origin_router[4]; 176 uint8_t origin_as[4]; 177 uint8_t tag[4]; 178 uint8_t proto_id; 179 uint8_t flags; 180 uint8_t metric[2]; 181 uint8_t delay[4]; 182 uint8_t bandwidth[4]; 183 uint8_t mtu[3]; 184 uint8_t hopcount; 185 uint8_t reliability; 186 uint8_t load; 187 uint8_t reserved2[2]; 188 uint8_t cable_start[2]; 189 uint8_t cable_end[2]; 190}; 191 192static const struct tok eigrp_ext_proto_id_values[] = { 193 { 0x01, "IGRP" }, 194 { 0x02, "EIGRP" }, 195 { 0x03, "Static" }, 196 { 0x04, "RIP" }, 197 { 0x05, "Hello" }, 198 { 0x06, "OSPF" }, 199 { 0x07, "IS-IS" }, 200 { 0x08, "EGP" }, 201 { 0x09, "BGP" }, 202 { 0x0a, "IDRP" }, 203 { 0x0b, "Connected" }, 204 { 0, NULL} 205}; 206 207void 208eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) 209{ 210 const struct eigrp_common_header *eigrp_com_header; 211 const struct eigrp_tlv_header *eigrp_tlv_header; 212 const u_char *tptr,*tlv_tptr; 213 u_int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen, byte_length, bit_length; 214 uint8_t prefix[4]; 215 216 union { 217 const struct eigrp_tlv_general_parm_t *eigrp_tlv_general_parm; 218 const struct eigrp_tlv_sw_version_t *eigrp_tlv_sw_version; 219 const struct eigrp_tlv_ip_int_t *eigrp_tlv_ip_int; 220 const struct eigrp_tlv_ip_ext_t *eigrp_tlv_ip_ext; 221 const struct eigrp_tlv_at_cable_setup_t *eigrp_tlv_at_cable_setup; 222 const struct eigrp_tlv_at_int_t *eigrp_tlv_at_int; 223 const struct eigrp_tlv_at_ext_t *eigrp_tlv_at_ext; 224 } tlv_ptr; 225 226 tptr=pptr; 227 eigrp_com_header = (const struct eigrp_common_header *)pptr; 228 ND_TCHECK(*eigrp_com_header); 229 230 /* 231 * Sanity checking of the header. 232 */ 233 if (eigrp_com_header->version != EIGRP_VERSION) { 234 ND_PRINT((ndo, "EIGRP version %u packet not supported",eigrp_com_header->version)); 235 return; 236 } 237 238 /* in non-verbose mode just lets print the basic Message Type*/ 239 if (ndo->ndo_vflag < 1) { 240 ND_PRINT((ndo, "EIGRP %s, length: %u", 241 tok2str(eigrp_opcode_values, "unknown (%u)",eigrp_com_header->opcode), 242 len)); 243 return; 244 } 245 246 /* ok they seem to want to know everything - lets fully decode it */ 247 248 tlen=len-sizeof(struct eigrp_common_header); 249 250 /* FIXME print other header info */ 251 ND_PRINT((ndo, "\n\tEIGRP v%u, opcode: %s (%u), chksum: 0x%04x, Flags: [%s]\n\tseq: 0x%08x, ack: 0x%08x, AS: %u, length: %u", 252 eigrp_com_header->version, 253 tok2str(eigrp_opcode_values, "unknown, type: %u",eigrp_com_header->opcode), 254 eigrp_com_header->opcode, 255 EXTRACT_16BITS(&eigrp_com_header->checksum), 256 tok2str(eigrp_common_header_flag_values, 257 "none", 258 EXTRACT_32BITS(&eigrp_com_header->flags)), 259 EXTRACT_32BITS(&eigrp_com_header->seq), 260 EXTRACT_32BITS(&eigrp_com_header->ack), 261 EXTRACT_32BITS(&eigrp_com_header->asn), 262 tlen)); 263 264 tptr+=sizeof(const struct eigrp_common_header); 265 266 while(tlen>0) { 267 /* did we capture enough for fully decoding the object header ? */ 268 ND_TCHECK2(*tptr, sizeof(struct eigrp_tlv_header)); 269 270 eigrp_tlv_header = (const struct eigrp_tlv_header *)tptr; 271 eigrp_tlv_len=EXTRACT_16BITS(&eigrp_tlv_header->length); 272 eigrp_tlv_type=EXTRACT_16BITS(&eigrp_tlv_header->type); 273 274 275 if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header) || 276 eigrp_tlv_len > tlen) { 277 print_unknown_data(ndo,tptr+sizeof(struct eigrp_tlv_header),"\n\t ",tlen); 278 return; 279 } 280 281 ND_PRINT((ndo, "\n\t %s TLV (0x%04x), length: %u", 282 tok2str(eigrp_tlv_values, 283 "Unknown", 284 eigrp_tlv_type), 285 eigrp_tlv_type, 286 eigrp_tlv_len)); 287 288 tlv_tptr=tptr+sizeof(struct eigrp_tlv_header); 289 tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header); 290 291 /* did we capture enough for fully decoding the object ? */ 292 ND_TCHECK2(*tptr, eigrp_tlv_len); 293 294 switch(eigrp_tlv_type) { 295 296 case EIGRP_TLV_GENERAL_PARM: 297 tlv_ptr.eigrp_tlv_general_parm = (const struct eigrp_tlv_general_parm_t *)tlv_tptr; 298 299 ND_PRINT((ndo, "\n\t holdtime: %us, k1 %u, k2 %u, k3 %u, k4 %u, k5 %u", 300 EXTRACT_16BITS(tlv_ptr.eigrp_tlv_general_parm->holdtime), 301 tlv_ptr.eigrp_tlv_general_parm->k1, 302 tlv_ptr.eigrp_tlv_general_parm->k2, 303 tlv_ptr.eigrp_tlv_general_parm->k3, 304 tlv_ptr.eigrp_tlv_general_parm->k4, 305 tlv_ptr.eigrp_tlv_general_parm->k5)); 306 break; 307 308 case EIGRP_TLV_SW_VERSION: 309 tlv_ptr.eigrp_tlv_sw_version = (const struct eigrp_tlv_sw_version_t *)tlv_tptr; 310 311 ND_PRINT((ndo, "\n\t IOS version: %u.%u, EIGRP version %u.%u", 312 tlv_ptr.eigrp_tlv_sw_version->ios_major, 313 tlv_ptr.eigrp_tlv_sw_version->ios_minor, 314 tlv_ptr.eigrp_tlv_sw_version->eigrp_major, 315 tlv_ptr.eigrp_tlv_sw_version->eigrp_minor)); 316 break; 317 318 case EIGRP_TLV_IP_INT: 319 tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr; 320 321 bit_length = tlv_ptr.eigrp_tlv_ip_int->plen; 322 if (bit_length > 32) { 323 ND_PRINT((ndo, "\n\t illegal prefix length %u",bit_length)); 324 break; 325 } 326 byte_length = (bit_length + 7) / 8; /* variable length encoding */ 327 memset(prefix, 0, 4); 328 memcpy(prefix,&tlv_ptr.eigrp_tlv_ip_int->destination,byte_length); 329 330 ND_PRINT((ndo, "\n\t IPv4 prefix: %15s/%u, nexthop: ", 331 ipaddr_string(ndo, prefix), 332 bit_length)); 333 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop) == 0) 334 ND_PRINT((ndo, "self")); 335 else 336 ND_PRINT((ndo, "%s",ipaddr_string(ndo, &tlv_ptr.eigrp_tlv_ip_int->nexthop))); 337 338 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 339 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->delay)/100), 340 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->bandwidth), 341 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_ip_int->mtu), 342 tlv_ptr.eigrp_tlv_ip_int->hopcount, 343 tlv_ptr.eigrp_tlv_ip_int->reliability, 344 tlv_ptr.eigrp_tlv_ip_int->load)); 345 break; 346 347 case EIGRP_TLV_IP_EXT: 348 tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr; 349 350 bit_length = tlv_ptr.eigrp_tlv_ip_ext->plen; 351 if (bit_length > 32) { 352 ND_PRINT((ndo, "\n\t illegal prefix length %u",bit_length)); 353 break; 354 } 355 byte_length = (bit_length + 7) / 8; /* variable length encoding */ 356 memset(prefix, 0, 4); 357 memcpy(prefix,&tlv_ptr.eigrp_tlv_ip_ext->destination,byte_length); 358 359 ND_PRINT((ndo, "\n\t IPv4 prefix: %15s/%u, nexthop: ", 360 ipaddr_string(ndo, prefix), 361 bit_length)); 362 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop) == 0) 363 ND_PRINT((ndo, "self")); 364 else 365 ND_PRINT((ndo, "%s",ipaddr_string(ndo, &tlv_ptr.eigrp_tlv_ip_ext->nexthop))); 366 367 ND_PRINT((ndo, "\n\t origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u", 368 ipaddr_string(ndo, tlv_ptr.eigrp_tlv_ip_ext->origin_router), 369 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_ip_ext->origin_as), 370 tok2str(eigrp_ext_proto_id_values,"unknown",tlv_ptr.eigrp_tlv_ip_ext->proto_id), 371 tlv_ptr.eigrp_tlv_ip_ext->flags, 372 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_ip_ext->tag), 373 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_ip_ext->metric))); 374 375 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 376 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->delay)/100), 377 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->bandwidth), 378 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_ip_ext->mtu), 379 tlv_ptr.eigrp_tlv_ip_ext->hopcount, 380 tlv_ptr.eigrp_tlv_ip_ext->reliability, 381 tlv_ptr.eigrp_tlv_ip_ext->load)); 382 break; 383 384 case EIGRP_TLV_AT_CABLE_SETUP: 385 tlv_ptr.eigrp_tlv_at_cable_setup = (const struct eigrp_tlv_at_cable_setup_t *)tlv_tptr; 386 387 ND_PRINT((ndo, "\n\t Cable-range: %u-%u, Router-ID %u", 388 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->cable_start), 389 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->cable_end), 390 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->router_id))); 391 break; 392 393 case EIGRP_TLV_AT_INT: 394 tlv_ptr.eigrp_tlv_at_int = (const struct eigrp_tlv_at_int_t *)tlv_tptr; 395 396 ND_PRINT((ndo, "\n\t Cable-Range: %u-%u, nexthop: ", 397 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->cable_start), 398 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->cable_end))); 399 400 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_int->nexthop) == 0) 401 ND_PRINT((ndo, "self")); 402 else 403 ND_PRINT((ndo, "%u.%u", 404 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->nexthop), 405 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->nexthop[2]))); 406 407 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 408 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_int->delay)/100), 409 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_int->bandwidth), 410 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_at_int->mtu), 411 tlv_ptr.eigrp_tlv_at_int->hopcount, 412 tlv_ptr.eigrp_tlv_at_int->reliability, 413 tlv_ptr.eigrp_tlv_at_int->load)); 414 break; 415 416 case EIGRP_TLV_AT_EXT: 417 tlv_ptr.eigrp_tlv_at_ext = (const struct eigrp_tlv_at_ext_t *)tlv_tptr; 418 419 ND_PRINT((ndo, "\n\t Cable-Range: %u-%u, nexthop: ", 420 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->cable_start), 421 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->cable_end))); 422 423 if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_ext->nexthop) == 0) 424 ND_PRINT((ndo, "self")); 425 else 426 ND_PRINT((ndo, "%u.%u", 427 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->nexthop), 428 EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->nexthop[2]))); 429 430 ND_PRINT((ndo, "\n\t origin-router %u, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u", 431 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_at_ext->origin_router), 432 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_at_ext->origin_as), 433 tok2str(eigrp_ext_proto_id_values,"unknown",tlv_ptr.eigrp_tlv_at_ext->proto_id), 434 tlv_ptr.eigrp_tlv_at_ext->flags, 435 EXTRACT_32BITS(tlv_ptr.eigrp_tlv_at_ext->tag), 436 EXTRACT_16BITS(tlv_ptr.eigrp_tlv_at_ext->metric))); 437 438 ND_PRINT((ndo, "\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", 439 (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_ext->delay)/100), 440 EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_at_ext->bandwidth), 441 EXTRACT_24BITS(&tlv_ptr.eigrp_tlv_at_ext->mtu), 442 tlv_ptr.eigrp_tlv_at_ext->hopcount, 443 tlv_ptr.eigrp_tlv_at_ext->reliability, 444 tlv_ptr.eigrp_tlv_at_ext->load)); 445 break; 446 447 /* 448 * FIXME those are the defined TLVs that lack a decoder 449 * you are welcome to contribute code ;-) 450 */ 451 452 case EIGRP_TLV_AUTH: 453 case EIGRP_TLV_SEQ: 454 case EIGRP_TLV_MCAST_SEQ: 455 case EIGRP_TLV_IPX_INT: 456 case EIGRP_TLV_IPX_EXT: 457 458 default: 459 if (ndo->ndo_vflag <= 1) 460 print_unknown_data(ndo,tlv_tptr,"\n\t ",tlv_tlen); 461 break; 462 } 463 /* do we want to see an additionally hexdump ? */ 464 if (ndo->ndo_vflag > 1) 465 print_unknown_data(ndo,tptr+sizeof(struct eigrp_tlv_header),"\n\t ", 466 eigrp_tlv_len-sizeof(struct eigrp_tlv_header)); 467 468 tptr+=eigrp_tlv_len; 469 tlen-=eigrp_tlv_len; 470 } 471 return; 472trunc: 473 ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); 474} 475