tcpdump/print-eigrp.c
2020-02-06 11:02:10 +01:00

529 lines
20 KiB
C

/*
* Copyright (c) 1998-2004 Hannes Gredler <hannes@gredler.at>
* The TCPDUMP project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code
* distributions retain the above copyright notice and this paragraph
* in its entirety, and (2) distributions including binary code include
* the above copyright notice and this paragraph in its entirety in
* the documentation or other materials provided with the distribution.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*/
/* \summary: Enhanced Interior Gateway Routing Protocol (EIGRP) printer */
/*
* specification:
*
* https://web.archive.org/web/20190722221712/https://www.rhyshaden.com/eigrp.htm
* RFC 7868
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "netdissect-stdinc.h"
#include <string.h>
#include "netdissect.h"
#include "extract.h"
#include "addrtoname.h"
struct eigrp_common_header {
nd_uint8_t version;
nd_uint8_t opcode;
nd_uint16_t checksum;
nd_uint32_t flags;
nd_uint32_t seq;
nd_uint32_t ack;
nd_uint32_t asn;
};
#define EIGRP_VERSION 2
#define EIGRP_OPCODE_UPDATE 1
#define EIGRP_OPCODE_QUERY 3
#define EIGRP_OPCODE_REPLY 4
#define EIGRP_OPCODE_HELLO 5
#define EIGRP_OPCODE_IPXSAP 6
#define EIGRP_OPCODE_PROBE 7
static const struct tok eigrp_opcode_values[] = {
{ EIGRP_OPCODE_UPDATE, "Update" },
{ EIGRP_OPCODE_QUERY, "Query" },
{ EIGRP_OPCODE_REPLY, "Reply" },
{ EIGRP_OPCODE_HELLO, "Hello" },
{ EIGRP_OPCODE_IPXSAP, "IPX SAP" },
{ EIGRP_OPCODE_PROBE, "Probe" },
{ 0, NULL}
};
static const struct tok eigrp_common_header_flag_values[] = {
{ 0x01, "Init" },
{ 0x02, "Conditionally Received" },
{ 0, NULL}
};
struct eigrp_tlv_header {
nd_uint16_t type;
nd_uint16_t length;
};
#define EIGRP_TLV_GENERAL_PARM 0x0001
#define EIGRP_TLV_AUTH 0x0002
#define EIGRP_TLV_SEQ 0x0003
#define EIGRP_TLV_SW_VERSION 0x0004
#define EIGRP_TLV_MCAST_SEQ 0x0005
#define EIGRP_TLV_IP_INT 0x0102
#define EIGRP_TLV_IP_EXT 0x0103
#define EIGRP_TLV_AT_INT 0x0202
#define EIGRP_TLV_AT_EXT 0x0203
#define EIGRP_TLV_AT_CABLE_SETUP 0x0204
#define EIGRP_TLV_IPX_INT 0x0302
#define EIGRP_TLV_IPX_EXT 0x0303
static const struct tok eigrp_tlv_values[] = {
{ EIGRP_TLV_GENERAL_PARM, "General Parameters"},
{ EIGRP_TLV_AUTH, "Authentication"},
{ EIGRP_TLV_SEQ, "Sequence"},
{ EIGRP_TLV_SW_VERSION, "Software Version"},
{ EIGRP_TLV_MCAST_SEQ, "Next Multicast Sequence"},
{ EIGRP_TLV_IP_INT, "IP Internal routes"},
{ EIGRP_TLV_IP_EXT, "IP External routes"},
{ EIGRP_TLV_AT_INT, "AppleTalk Internal routes"},
{ EIGRP_TLV_AT_EXT, "AppleTalk External routes"},
{ EIGRP_TLV_AT_CABLE_SETUP, "AppleTalk Cable setup"},
{ EIGRP_TLV_IPX_INT, "IPX Internal routes"},
{ EIGRP_TLV_IPX_EXT, "IPX External routes"},
{ 0, NULL}
};
struct eigrp_tlv_general_parm_t {
nd_uint8_t k1;
nd_uint8_t k2;
nd_uint8_t k3;
nd_uint8_t k4;
nd_uint8_t k5;
nd_uint8_t res;
nd_uint16_t holdtime;
};
struct eigrp_tlv_sw_version_t {
nd_uint8_t ios_major;
nd_uint8_t ios_minor;
nd_uint8_t eigrp_major;
nd_uint8_t eigrp_minor;
};
struct eigrp_tlv_ip_int_t {
nd_ipv4 nexthop;
nd_uint32_t delay;
nd_uint32_t bandwidth;
nd_uint24_t mtu;
nd_uint8_t hopcount;
nd_uint8_t reliability;
nd_uint8_t load;
nd_byte reserved[2];
nd_uint8_t plen;
nd_uint8_t destination; /* variable length [1-4] bytes encoding */
};
struct eigrp_tlv_ip_ext_t {
nd_ipv4 nexthop;
nd_ipv4 origin_router;
nd_uint32_t origin_as;
nd_uint32_t tag;
nd_uint32_t metric;
nd_byte reserved[2];
nd_uint8_t proto_id;
nd_uint8_t flags;
nd_uint32_t delay;
nd_uint32_t bandwidth;
nd_uint24_t mtu;
nd_uint8_t hopcount;
nd_uint8_t reliability;
nd_uint8_t load;
nd_byte reserved2[2];
nd_uint8_t plen;
nd_uint8_t destination; /* variable length [1-4] bytes encoding */
};
struct eigrp_tlv_at_cable_setup_t {
nd_uint16_t cable_start;
nd_uint16_t cable_end;
nd_uint32_t router_id;
};
struct eigrp_tlv_at_int_t {
nd_byte nexthop[4];
nd_uint32_t delay;
nd_uint32_t bandwidth;
nd_uint24_t mtu;
nd_uint8_t hopcount;
nd_uint8_t reliability;
nd_uint8_t load;
nd_byte reserved[2];
nd_uint16_t cable_start;
nd_uint16_t cable_end;
};
struct eigrp_tlv_at_ext_t {
nd_byte nexthop[4];
nd_uint32_t origin_router;
nd_uint32_t origin_as;
nd_uint32_t tag;
nd_uint8_t proto_id;
nd_uint8_t flags;
nd_uint16_t metric;
nd_uint32_t delay;
nd_uint32_t bandwidth;
nd_uint24_t mtu;
nd_uint8_t hopcount;
nd_uint8_t reliability;
nd_uint8_t load;
nd_byte reserved2[2];
nd_uint16_t cable_start;
nd_uint16_t cable_end;
};
static const struct tok eigrp_ext_proto_id_values[] = {
{ 0x01, "IGRP" },
{ 0x02, "EIGRP" },
{ 0x03, "Static" },
{ 0x04, "RIP" },
{ 0x05, "Hello" },
{ 0x06, "OSPF" },
{ 0x07, "IS-IS" },
{ 0x08, "EGP" },
{ 0x09, "BGP" },
{ 0x0a, "IDRP" },
{ 0x0b, "Connected" },
{ 0, NULL}
};
void
eigrp_print(netdissect_options *ndo, const u_char *pptr, u_int len)
{
const struct eigrp_common_header *eigrp_com_header;
const struct eigrp_tlv_header *eigrp_tlv_header;
const u_char *tptr,*tlv_tptr;
u_int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen, byte_length, bit_length;
uint8_t prefix[4];
union {
const struct eigrp_tlv_general_parm_t *eigrp_tlv_general_parm;
const struct eigrp_tlv_sw_version_t *eigrp_tlv_sw_version;
const struct eigrp_tlv_ip_int_t *eigrp_tlv_ip_int;
const struct eigrp_tlv_ip_ext_t *eigrp_tlv_ip_ext;
const struct eigrp_tlv_at_cable_setup_t *eigrp_tlv_at_cable_setup;
const struct eigrp_tlv_at_int_t *eigrp_tlv_at_int;
const struct eigrp_tlv_at_ext_t *eigrp_tlv_at_ext;
} tlv_ptr;
ndo->ndo_protocol = "eigrp";
tptr=pptr;
eigrp_com_header = (const struct eigrp_common_header *)pptr;
ND_TCHECK_SIZE(eigrp_com_header);
/*
* Sanity checking of the header.
*/
if (GET_U_1(eigrp_com_header->version) != EIGRP_VERSION) {
ND_PRINT("EIGRP version %u packet not supported",
GET_U_1(eigrp_com_header->version));
return;
}
/* in non-verbose mode just lets print the basic Message Type*/
if (ndo->ndo_vflag < 1) {
ND_PRINT("EIGRP %s, length: %u",
tok2str(eigrp_opcode_values, "unknown (%u)",GET_U_1(eigrp_com_header->opcode)),
len);
return;
}
/* ok they seem to want to know everything - lets fully decode it */
if (len < sizeof(struct eigrp_common_header)) {
ND_PRINT("EIGRP %s, length: %u (too short, < %u)",
tok2str(eigrp_opcode_values, "unknown (%u)",GET_U_1(eigrp_com_header->opcode)),
len, (u_int) sizeof(struct eigrp_common_header));
return;
}
tlen=len-sizeof(struct eigrp_common_header);
/* FIXME print other header info */
ND_PRINT("\n\tEIGRP v%u, opcode: %s (%u), chksum: 0x%04x, Flags: [%s]\n\tseq: 0x%08x, ack: 0x%08x, AS: %u, length: %u",
GET_U_1(eigrp_com_header->version),
tok2str(eigrp_opcode_values, "unknown, type: %u",GET_U_1(eigrp_com_header->opcode)),
GET_U_1(eigrp_com_header->opcode),
GET_BE_U_2(eigrp_com_header->checksum),
tok2str(eigrp_common_header_flag_values,
"none",
GET_BE_U_4(eigrp_com_header->flags)),
GET_BE_U_4(eigrp_com_header->seq),
GET_BE_U_4(eigrp_com_header->ack),
GET_BE_U_4(eigrp_com_header->asn),
tlen);
tptr+=sizeof(struct eigrp_common_header);
while(tlen>0) {
/* did we capture enough for fully decoding the object header ? */
ND_TCHECK_LEN(tptr, sizeof(struct eigrp_tlv_header));
eigrp_tlv_header = (const struct eigrp_tlv_header *)tptr;
eigrp_tlv_len=GET_BE_U_2(eigrp_tlv_header->length);
eigrp_tlv_type=GET_BE_U_2(eigrp_tlv_header->type);
if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header) ||
eigrp_tlv_len > tlen) {
print_unknown_data(ndo,tptr+sizeof(struct eigrp_tlv_header),"\n\t ",tlen);
return;
}
ND_PRINT("\n\t %s TLV (0x%04x), length: %u",
tok2str(eigrp_tlv_values,
"Unknown",
eigrp_tlv_type),
eigrp_tlv_type,
eigrp_tlv_len);
if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header)) {
ND_PRINT(" (too short, < %u)",
(u_int) sizeof(struct eigrp_tlv_header));
break;
}
tlv_tptr=tptr+sizeof(struct eigrp_tlv_header);
tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header);
/* did we capture enough for fully decoding the object ? */
ND_TCHECK_LEN(tptr, eigrp_tlv_len);
switch(eigrp_tlv_type) {
case EIGRP_TLV_GENERAL_PARM:
tlv_ptr.eigrp_tlv_general_parm = (const struct eigrp_tlv_general_parm_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_general_parm)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_general_parm)));
break;
}
ND_PRINT("\n\t holdtime: %us, k1 %u, k2 %u, k3 %u, k4 %u, k5 %u",
GET_BE_U_2(tlv_ptr.eigrp_tlv_general_parm->holdtime),
GET_U_1(tlv_ptr.eigrp_tlv_general_parm->k1),
GET_U_1(tlv_ptr.eigrp_tlv_general_parm->k2),
GET_U_1(tlv_ptr.eigrp_tlv_general_parm->k3),
GET_U_1(tlv_ptr.eigrp_tlv_general_parm->k4),
GET_U_1(tlv_ptr.eigrp_tlv_general_parm->k5));
break;
case EIGRP_TLV_SW_VERSION:
tlv_ptr.eigrp_tlv_sw_version = (const struct eigrp_tlv_sw_version_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_sw_version)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_sw_version)));
break;
}
ND_PRINT("\n\t IOS version: %u.%u, EIGRP version %u.%u",
GET_U_1(tlv_ptr.eigrp_tlv_sw_version->ios_major),
GET_U_1(tlv_ptr.eigrp_tlv_sw_version->ios_minor),
GET_U_1(tlv_ptr.eigrp_tlv_sw_version->eigrp_major),
GET_U_1(tlv_ptr.eigrp_tlv_sw_version->eigrp_minor));
break;
case EIGRP_TLV_IP_INT:
tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_ip_int)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_ip_int)));
break;
}
bit_length = GET_U_1(tlv_ptr.eigrp_tlv_ip_int->plen);
if (bit_length > 32) {
ND_PRINT("\n\t illegal prefix length %u",bit_length);
break;
}
byte_length = (bit_length + 7) / 8; /* variable length encoding */
memset(prefix, 0, 4);
GET_CPY_BYTES(prefix, tlv_ptr.eigrp_tlv_ip_int->destination, byte_length);
ND_PRINT("\n\t IPv4 prefix: %15s/%u, nexthop: ",
ipaddr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IPADDR_STRING() */
bit_length);
if (GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_int->nexthop) == 0)
ND_PRINT("self");
else
ND_PRINT("%s",
GET_IPADDR_STRING(tlv_ptr.eigrp_tlv_ip_int->nexthop));
ND_PRINT("\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u",
(GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_int->delay)/100),
GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_int->bandwidth),
GET_BE_U_3(tlv_ptr.eigrp_tlv_ip_int->mtu),
GET_U_1(tlv_ptr.eigrp_tlv_ip_int->hopcount),
GET_U_1(tlv_ptr.eigrp_tlv_ip_int->reliability),
GET_U_1(tlv_ptr.eigrp_tlv_ip_int->load));
break;
case EIGRP_TLV_IP_EXT:
tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_ip_ext)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_ip_ext)));
break;
}
bit_length = GET_U_1(tlv_ptr.eigrp_tlv_ip_ext->plen);
if (bit_length > 32) {
ND_PRINT("\n\t illegal prefix length %u",bit_length);
break;
}
byte_length = (bit_length + 7) / 8; /* variable length encoding */
memset(prefix, 0, 4);
GET_CPY_BYTES(prefix, tlv_ptr.eigrp_tlv_ip_ext->destination, byte_length);
ND_PRINT("\n\t IPv4 prefix: %15s/%u, nexthop: ",
ipaddr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IPADDR_STRING() */
bit_length);
if (GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_ext->nexthop) == 0)
ND_PRINT("self");
else
ND_PRINT("%s",
GET_IPADDR_STRING(tlv_ptr.eigrp_tlv_ip_ext->nexthop));
ND_PRINT("\n\t origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u",
GET_IPADDR_STRING(tlv_ptr.eigrp_tlv_ip_ext->origin_router),
GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_ext->origin_as),
tok2str(eigrp_ext_proto_id_values,"unknown",GET_U_1(tlv_ptr.eigrp_tlv_ip_ext->proto_id)),
GET_U_1(tlv_ptr.eigrp_tlv_ip_ext->flags),
GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_ext->tag),
GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_ext->metric));
ND_PRINT("\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u",
(GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_ext->delay)/100),
GET_BE_U_4(tlv_ptr.eigrp_tlv_ip_ext->bandwidth),
GET_BE_U_3(tlv_ptr.eigrp_tlv_ip_ext->mtu),
GET_U_1(tlv_ptr.eigrp_tlv_ip_ext->hopcount),
GET_U_1(tlv_ptr.eigrp_tlv_ip_ext->reliability),
GET_U_1(tlv_ptr.eigrp_tlv_ip_ext->load));
break;
case EIGRP_TLV_AT_CABLE_SETUP:
tlv_ptr.eigrp_tlv_at_cable_setup = (const struct eigrp_tlv_at_cable_setup_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_at_cable_setup)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_at_cable_setup)));
break;
}
ND_PRINT("\n\t Cable-range: %u-%u, Router-ID %u",
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_cable_setup->cable_start),
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_cable_setup->cable_end),
GET_BE_U_4(tlv_ptr.eigrp_tlv_at_cable_setup->router_id));
break;
case EIGRP_TLV_AT_INT:
tlv_ptr.eigrp_tlv_at_int = (const struct eigrp_tlv_at_int_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_at_int)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_at_int)));
break;
}
ND_PRINT("\n\t Cable-Range: %u-%u, nexthop: ",
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_int->cable_start),
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_int->cable_end));
if (GET_BE_U_4(tlv_ptr.eigrp_tlv_at_int->nexthop) == 0)
ND_PRINT("self");
else
ND_PRINT("%u.%u",
GET_BE_U_2(&tlv_ptr.eigrp_tlv_at_int->nexthop[0]),
GET_BE_U_2(&tlv_ptr.eigrp_tlv_at_int->nexthop[2]));
ND_PRINT("\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u",
(GET_BE_U_4(tlv_ptr.eigrp_tlv_at_int->delay)/100),
GET_BE_U_4(tlv_ptr.eigrp_tlv_at_int->bandwidth),
GET_BE_U_3(tlv_ptr.eigrp_tlv_at_int->mtu),
GET_U_1(tlv_ptr.eigrp_tlv_at_int->hopcount),
GET_U_1(tlv_ptr.eigrp_tlv_at_int->reliability),
GET_U_1(tlv_ptr.eigrp_tlv_at_int->load));
break;
case EIGRP_TLV_AT_EXT:
tlv_ptr.eigrp_tlv_at_ext = (const struct eigrp_tlv_at_ext_t *)tlv_tptr;
if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_at_ext)) {
ND_PRINT(" (too short, < %u)",
(u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_at_ext)));
break;
}
ND_PRINT("\n\t Cable-Range: %u-%u, nexthop: ",
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_ext->cable_start),
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_ext->cable_end));
if (GET_BE_U_4(tlv_ptr.eigrp_tlv_at_ext->nexthop) == 0)
ND_PRINT("self");
else
ND_PRINT("%u.%u",
GET_BE_U_2(&tlv_ptr.eigrp_tlv_at_ext->nexthop[0]),
GET_BE_U_2(&tlv_ptr.eigrp_tlv_at_ext->nexthop[2]));
ND_PRINT("\n\t origin-router %u, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u",
GET_BE_U_4(tlv_ptr.eigrp_tlv_at_ext->origin_router),
GET_BE_U_4(tlv_ptr.eigrp_tlv_at_ext->origin_as),
tok2str(eigrp_ext_proto_id_values,"unknown",GET_U_1(tlv_ptr.eigrp_tlv_at_ext->proto_id)),
GET_U_1(tlv_ptr.eigrp_tlv_at_ext->flags),
GET_BE_U_4(tlv_ptr.eigrp_tlv_at_ext->tag),
GET_BE_U_2(tlv_ptr.eigrp_tlv_at_ext->metric));
ND_PRINT("\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u",
(GET_BE_U_4(tlv_ptr.eigrp_tlv_at_ext->delay)/100),
GET_BE_U_4(tlv_ptr.eigrp_tlv_at_ext->bandwidth),
GET_BE_U_3(tlv_ptr.eigrp_tlv_at_ext->mtu),
GET_U_1(tlv_ptr.eigrp_tlv_at_ext->hopcount),
GET_U_1(tlv_ptr.eigrp_tlv_at_ext->reliability),
GET_U_1(tlv_ptr.eigrp_tlv_at_ext->load));
break;
/*
* FIXME those are the defined TLVs that lack a decoder
* you are welcome to contribute code ;-)
*/
case EIGRP_TLV_AUTH:
case EIGRP_TLV_SEQ:
case EIGRP_TLV_MCAST_SEQ:
case EIGRP_TLV_IPX_INT:
case EIGRP_TLV_IPX_EXT:
default:
if (ndo->ndo_vflag <= 1)
print_unknown_data(ndo,tlv_tptr,"\n\t ",tlv_tlen);
break;
}
/* do we want to see an additionally hexdump ? */
if (ndo->ndo_vflag > 1)
print_unknown_data(ndo,tptr+sizeof(struct eigrp_tlv_header),"\n\t ",
eigrp_tlv_len-sizeof(struct eigrp_tlv_header));
tptr+=eigrp_tlv_len;
tlen-=eigrp_tlv_len;
}
return;
trunc:
nd_print_trunc(ndo);
}