1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1988-1990
5 *      The Regents of the University of California.  All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that:
9 * 1. Source code distributions retain the above copyright
10 *    notice and this paragraph in its entirety
11 * 2. Distributions including binary code include the above copyright
12 *    notice and this paragraph in its entirety in the documentation
13 *    or other materials provided with the distribution, and
14 * 3. Neither the name of the University nor the names of its contributors
15 *    may be used to endorse or promote products derived from this software
16 *    without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 * Format and print bootp packets.
23 *
24 * This file was copied from tcpdump-2.1.1 and modified.
25 * There is an e-mail list for tcpdump: <tcpdump@ee.lbl.gov>
26 *
27 * $FreeBSD$
28 */
29
30#include <stdio.h>
31
32#include <sys/param.h>
33#include <sys/types.h>
34#include <sys/socket.h>
35
36#include <sys/time.h>	/* for struct timeval in net/if.h */
37#include <net/if.h>
38#include <netinet/in.h>
39
40#include <string.h>
41#include <ctype.h>
42
43#include "bootp.h"
44#include "bootptest.h"
45
46/* These decode the vendor data. */
47static void rfc1048_print(u_char *bp, int length);
48static void cmu_print(u_char *bp, int length);
49static void other_print(u_char *bp, int length);
50static void dump_hex(u_char *bp, int len);
51
52/*
53 * Print bootp requests
54 */
55void
56bootp_print(bp, length, sport, dport)
57	struct bootp *bp;
58	int length;
59	u_short sport, dport;
60{
61	static char tstr[] = " [|bootp]";
62	static unsigned char vm_cmu[4] = VM_CMU;
63	static unsigned char vm_rfc1048[4] = VM_RFC1048;
64	u_char *ep;
65	int vdlen;
66
67#define TCHECK(var, l) if ((u_char *)&(var) > ep - l) goto trunc
68
69	/* Note funny sized packets */
70	if (length != sizeof(struct bootp))
71		(void) printf(" [len=%d]", length);
72
73	/* 'ep' points to the end of avaible data. */
74	ep = (u_char *) snapend;
75
76	switch (bp->bp_op) {
77
78	case BOOTREQUEST:
79		/* Usually, a request goes from a client to a server */
80		if (sport != IPPORT_BOOTPC || dport != IPPORT_BOOTPS)
81			printf(" (request)");
82		break;
83
84	case BOOTREPLY:
85		/* Usually, a reply goes from a server to a client */
86		if (sport != IPPORT_BOOTPS || dport != IPPORT_BOOTPC)
87			printf(" (reply)");
88		break;
89
90	default:
91		printf(" bootp-#%d", bp->bp_op);
92	}
93
94	/* The usual hardware address type is 1 (10Mb Ethernet) */
95	if (bp->bp_htype != 1)
96		printf(" htype:%d", bp->bp_htype);
97
98	/* The usual length for 10Mb Ethernet address is 6 bytes */
99	if (bp->bp_hlen != 6)
100		printf(" hlen:%d", bp->bp_hlen);
101
102	/* Client's Hardware address */
103	if (bp->bp_hlen) {
104		struct ether_header *eh;
105		char *e;
106
107		TCHECK(bp->bp_chaddr[0], 6);
108		eh = (struct ether_header *) packetp;
109		if (bp->bp_op == BOOTREQUEST)
110			e = (char *) ESRC(eh);
111		else if (bp->bp_op == BOOTREPLY)
112			e = (char *) EDST(eh);
113		else
114			e = NULL;
115		if (e == NULL || bcmp((char *) bp->bp_chaddr, e, 6))
116			dump_hex(bp->bp_chaddr, bp->bp_hlen);
117	}
118	/* Only print interesting fields */
119	if (bp->bp_hops)
120		printf(" hops:%d", bp->bp_hops);
121
122	if (bp->bp_xid)
123		printf(" xid:%ld", (long)ntohl(bp->bp_xid));
124
125	if (bp->bp_secs)
126		printf(" secs:%d", ntohs(bp->bp_secs));
127
128	/* Client's ip address */
129	TCHECK(bp->bp_ciaddr, sizeof(bp->bp_ciaddr));
130	if (bp->bp_ciaddr.s_addr)
131		printf(" C:%s", ipaddr_string(&bp->bp_ciaddr));
132
133	/* 'your' ip address (bootp client) */
134	TCHECK(bp->bp_yiaddr, sizeof(bp->bp_yiaddr));
135	if (bp->bp_yiaddr.s_addr)
136		printf(" Y:%s", ipaddr_string(&bp->bp_yiaddr));
137
138	/* Server's ip address */
139	TCHECK(bp->bp_siaddr, sizeof(bp->bp_siaddr));
140	if (bp->bp_siaddr.s_addr)
141		printf(" S:%s", ipaddr_string(&bp->bp_siaddr));
142
143	/* Gateway's ip address */
144	TCHECK(bp->bp_giaddr, sizeof(bp->bp_giaddr));
145	if (bp->bp_giaddr.s_addr)
146		printf(" G:%s", ipaddr_string(&bp->bp_giaddr));
147
148	TCHECK(bp->bp_sname[0], sizeof(bp->bp_sname));
149	if (*bp->bp_sname) {
150		printf(" sname:");
151		if (printfn(bp->bp_sname, ep)) {
152			fputs(tstr + 1, stdout);
153			return;
154		}
155	}
156	TCHECK(bp->bp_file[0], sizeof(bp->bp_file));
157	if (*bp->bp_file) {
158		printf(" file:");
159		if (printfn(bp->bp_file, ep)) {
160			fputs(tstr + 1, stdout);
161			return;
162		}
163	}
164	/* Don't try to decode the vendor buffer unless we're verbose */
165	if (vflag <= 0)
166		return;
167
168	vdlen = sizeof(bp->bp_vend);
169	/* Vendor data can extend to the end of the packet. */
170	if (vdlen < (ep - bp->bp_vend))
171		vdlen = (ep - bp->bp_vend);
172
173	TCHECK(bp->bp_vend[0], vdlen);
174	printf(" vend");
175	if (!bcmp(bp->bp_vend, vm_rfc1048, sizeof(u_int32)))
176		rfc1048_print(bp->bp_vend, vdlen);
177	else if (!bcmp(bp->bp_vend, vm_cmu, sizeof(u_int32)))
178		cmu_print(bp->bp_vend, vdlen);
179	else
180		other_print(bp->bp_vend, vdlen);
181
182	return;
183 trunc:
184	fputs(tstr, stdout);
185#undef TCHECK
186}
187
188/*
189 * Option description data follows.
190 * These are described in: RFC-1048, RFC-1395, RFC-1497, RFC-1533
191 *
192 * The first char of each option string encodes the data format:
193 * ?: unknown
194 * a: ASCII
195 * b: byte (8-bit)
196 * i: inet address
197 * l: int32
198 * s: short (16-bit)
199 */
200char *
201rfc1048_opts[] = {
202	/* Originally from RFC-1048: */
203	"?PAD",				/*  0: Padding - special, no data. */
204	"iSM",				/*  1: subnet mask (RFC950)*/
205	"lTZ",				/*  2: time offset, seconds from UTC */
206	"iGW",				/*  3: gateways (or routers) */
207	"iTS",				/*  4: time servers (RFC868) */
208	"iINS",				/*  5: IEN name servers (IEN116) */
209	"iDNS",				/*  6: domain name servers (RFC1035)(1034?) */
210	"iLOG",				/*  7: MIT log servers */
211	"iCS",				/*  8: cookie servers (RFC865) */
212	"iLPR",				/*  9: lpr server (RFC1179) */
213	"iIPS",				/* 10: impress servers (Imagen) */
214	"iRLP",				/* 11: resource location servers (RFC887) */
215	"aHN",				/* 12: host name (ASCII) */
216	"sBFS",				/* 13: boot file size (in 512 byte blocks) */
217
218	/* Added by RFC-1395: */
219	"aDUMP",			/* 14: Merit Dump File */
220	"aDNAM",			/* 15: Domain Name (for DNS) */
221	"iSWAP",			/* 16: Swap Server */
222	"aROOT",			/* 17: Root Path */
223
224	/* Added by RFC-1497: */
225	"aEXTF",			/* 18: Extensions Path (more options) */
226
227	/* Added by RFC-1533: (many, many options...) */
228#if 1	/* These might not be worth recognizing by name. */
229
230	/* IP Layer Parameters, per-host (RFC-1533, sect. 4) */
231	"bIP-forward",		/* 19: IP Forwarding flag */
232	"bIP-srcroute",		/* 20: IP Source Routing Enable flag */
233	"iIP-filters",		/* 21: IP Policy Filter (addr pairs) */
234	"sIP-maxudp",		/* 22: IP Max-UDP reassembly size */
235	"bIP-ttlive",		/* 23: IP Time to Live */
236	"lIP-pmtuage",		/* 24: IP Path MTU aging timeout */
237	"sIP-pmtutab",		/* 25: IP Path MTU plateau table */
238
239	/* IP parameters, per-interface (RFC-1533, sect. 5) */
240	"sIP-mtu-sz",		/* 26: IP MTU size */
241	"bIP-mtu-sl",		/* 27: IP MTU all subnets local */
242	"bIP-bcast1",		/* 28: IP Broadcast Addr ones flag */
243	"bIP-mask-d",		/* 29: IP do mask discovery */
244	"bIP-mask-s",		/* 30: IP do mask supplier */
245	"bIP-rt-dsc",		/* 31: IP do router discovery */
246	"iIP-rt-sa",		/* 32: IP router solicitation addr */
247	"iIP-routes",		/* 33: IP static routes (dst,router) */
248
249	/* Link Layer parameters, per-interface (RFC-1533, sect. 6) */
250	"bLL-trailer",		/* 34: do tralier encapsulation */
251	"lLL-arp-tmo",		/* 35: ARP cache timeout */
252	"bLL-ether2",		/* 36: Ethernet version 2 (IEEE 802.3) */
253
254	/* TCP parameters (RFC-1533, sect. 7) */
255	"bTCP-def-ttl",		/* 37: default time to live */
256	"lTCP-KA-tmo",		/* 38: keepalive time interval */
257	"bTCP-KA-junk",		/* 39: keepalive sends extra junk */
258
259	/* Application and Service Parameters (RFC-1533, sect. 8) */
260	"aNISDOM",			/* 40: NIS Domain (Sun YP) */
261	"iNISSRV",			/* 41: NIS Servers */
262	"iNTPSRV",			/* 42: NTP (time) Servers (RFC 1129) */
263	"?VSINFO",			/* 43: Vendor Specific Info (encapsulated) */
264	"iNBiosNS",			/* 44: NetBIOS Name Server (RFC-1001,1..2) */
265	"iNBiosDD",			/* 45: NetBIOS Datagram Dist. Server. */
266	"bNBiosNT",			/* 46: NetBIOS Note Type */
267	"?NBiosS",			/* 47: NetBIOS Scope */
268	"iXW-FS",			/* 48: X Window System Font Servers */
269	"iXW-DM",			/* 49: X Window System Display Managers */
270
271	/* DHCP extensions (RFC-1533, sect. 9) */
272#endif
273};
274#define	KNOWN_OPTIONS (sizeof(rfc1048_opts) / sizeof(rfc1048_opts[0]))
275
276static void
277rfc1048_print(bp, length)
278	u_char *bp;
279	int length;
280{
281	u_char tag;
282	u_char *ep;
283	int len;
284	u_int32 ul;
285	u_short us;
286	struct in_addr ia;
287	char *optstr;
288
289	printf("-rfc1395");
290
291	/* Step over magic cookie */
292	bp += sizeof(int32);
293	/* Setup end pointer */
294	ep = bp + length;
295	while (bp < ep) {
296		tag = *bp++;
297		/* Check for tags with no data first. */
298		if (tag == TAG_PAD)
299			continue;
300		if (tag == TAG_END)
301			return;
302		if (tag < KNOWN_OPTIONS) {
303			optstr = rfc1048_opts[tag];
304			printf(" %s:", optstr + 1);
305		} else {
306			printf(" T%d:", tag);
307			optstr = "?";
308		}
309		/* Now scan the length byte. */
310		len = *bp++;
311		if (bp + len > ep) {
312			/* truncated option */
313			printf(" |(%d>%td)", len, ep - bp);
314			return;
315		}
316		/* Print the option value(s). */
317		switch (optstr[0]) {
318
319		case 'a':				/* ASCII string */
320			printfn(bp, bp + len);
321			bp += len;
322			len = 0;
323			break;
324
325		case 's':				/* Word formats */
326			while (len >= 2) {
327				bcopy((char *) bp, (char *) &us, 2);
328				printf("%d", ntohs(us));
329				bp += 2;
330				len -= 2;
331				if (len) printf(",");
332			}
333			if (len) printf("(junk=%d)", len);
334			break;
335
336		case 'l':				/* Long words */
337			while (len >= 4) {
338				bcopy((char *) bp, (char *) &ul, 4);
339				printf("%ld", (long)ntohl(ul));
340				bp += 4;
341				len -= 4;
342				if (len) printf(",");
343			}
344			if (len) printf("(junk=%d)", len);
345			break;
346
347		case 'i':				/* INET addresses */
348			while (len >= 4) {
349				bcopy((char *) bp, (char *) &ia, 4);
350				printf("%s", ipaddr_string(&ia));
351				bp += 4;
352				len -= 4;
353				if (len) printf(",");
354			}
355			if (len) printf("(junk=%d)", len);
356			break;
357
358		case 'b':
359		default:
360			break;
361
362		}						/* switch */
363
364		/* Print as characters, if appropriate. */
365		if (len) {
366			dump_hex(bp, len);
367			if (isascii(*bp) && isprint(*bp)) {
368				printf("(");
369				printfn(bp, bp + len);
370				printf(")");
371			}
372			bp += len;
373			len = 0;
374		}
375	} /* while bp < ep */
376}
377
378static void
379cmu_print(bp, length)
380	u_char *bp;
381	int length;
382{
383	struct cmu_vend *v;
384
385	printf("-cmu");
386
387	v = (struct cmu_vend *) bp;
388	if (length < sizeof(*v)) {
389		printf(" |L=%d", length);
390		return;
391	}
392
393	/* Subnet mask */
394	if (v->v_flags & VF_SMASK) {
395		printf(" SM:%s", ipaddr_string(&v->v_smask));
396	}
397	/* Default gateway */
398	if (v->v_dgate.s_addr)
399		printf(" GW:%s", ipaddr_string(&v->v_dgate));
400
401	/* Domain name servers */
402	if (v->v_dns1.s_addr)
403		printf(" DNS1:%s", ipaddr_string(&v->v_dns1));
404	if (v->v_dns2.s_addr)
405		printf(" DNS2:%s", ipaddr_string(&v->v_dns2));
406
407	/* IEN-116 name servers */
408	if (v->v_ins1.s_addr)
409		printf(" INS1:%s", ipaddr_string(&v->v_ins1));
410	if (v->v_ins2.s_addr)
411		printf(" INS2:%s", ipaddr_string(&v->v_ins2));
412
413	/* Time servers */
414	if (v->v_ts1.s_addr)
415		printf(" TS1:%s", ipaddr_string(&v->v_ts1));
416	if (v->v_ts2.s_addr)
417		printf(" TS2:%s", ipaddr_string(&v->v_ts2));
418
419}
420
421
422/*
423 * Print out arbitrary, unknown vendor data.
424 */
425
426static void
427other_print(bp, length)
428	u_char *bp;
429	int length;
430{
431	u_char *ep;					/* end pointer */
432	u_char *zp;					/* points one past last non-zero byte */
433
434	/* Setup end pointer */
435	ep = bp + length;
436
437	/* Find the last non-zero byte. */
438	for (zp = ep; zp > bp; zp--) {
439		if (zp[-1] != 0)
440			break;
441	}
442
443	/* Print the all-zero case in a compact representation. */
444	if (zp == bp) {
445		printf("-all-zero");
446		return;
447	}
448	printf("-unknown");
449
450	/* Are there enough trailing zeros to make "00..." worthwhile? */
451	if (zp + 2 > ep)
452		zp = ep;				/* print them all normally */
453
454	/* Now just print all the non-zero data. */
455	while (bp < zp) {
456		printf(".%02X", *bp);
457		bp++;
458	}
459
460	if (zp < ep)
461		printf(".00...");
462
463	return;
464}
465
466static void
467dump_hex(bp, len)
468	u_char *bp;
469	int len;
470{
471	while (len > 0) {
472		printf("%02X", *bp);
473		bp++;
474		len--;
475		if (len) printf(".");
476	}
477}
478
479/*
480 * Local Variables:
481 * tab-width: 4
482 * c-indent-level: 4
483 * c-argdecl-indent: 4
484 * c-continued-statement-offset: 4
485 * c-continued-brace-offset: -4
486 * c-label-offset: -4
487 * c-brace-offset: 0
488 * End:
489 */
490