1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Address Resolution Protocol (ARP) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <netdissect-stdinc.h>
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "ether.h"
35 #include "ethertype.h"
36 #include "extract.h"
37
38 static const char tstr[] = "[|ARP]";
39
40 /*
41 * Address Resolution Protocol.
42 *
43 * See RFC 826 for protocol description. ARP packets are variable
44 * in size; the arphdr structure defines the fixed-length portion.
45 * Protocol type values are the same as those for 10 Mb/s Ethernet.
46 * It is followed by the variable-sized fields ar_sha, arp_spa,
47 * arp_tha and arp_tpa in that order, according to the lengths
48 * specified. Field names used correspond to RFC 826.
49 */
50 struct arp_pkthdr {
51 u_short ar_hrd; /* format of hardware address */
52 #define ARPHRD_ETHER 1 /* ethernet hardware format */
53 #define ARPHRD_IEEE802 6 /* token-ring hardware format */
54 #define ARPHRD_ARCNET 7 /* arcnet hardware format */
55 #define ARPHRD_FRELAY 15 /* frame relay hardware format */
56 #define ARPHRD_ATM2225 19 /* ATM (RFC 2225) */
57 #define ARPHRD_STRIP 23 /* Ricochet Starmode Radio hardware format */
58 #define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */
59 u_short ar_pro; /* format of protocol address */
60 u_char ar_hln; /* length of hardware address */
61 u_char ar_pln; /* length of protocol address */
62 u_short ar_op; /* one of: */
63 #define ARPOP_REQUEST 1 /* request to resolve address */
64 #define ARPOP_REPLY 2 /* response to previous request */
65 #define ARPOP_REVREQUEST 3 /* request protocol address given hardware */
66 #define ARPOP_REVREPLY 4 /* response giving protocol address */
67 #define ARPOP_INVREQUEST 8 /* request to identify peer */
68 #define ARPOP_INVREPLY 9 /* response identifying peer */
69 #define ARPOP_NAK 10 /* NAK - only valif for ATM ARP */
70
71 /*
72 * The remaining fields are variable in size,
73 * according to the sizes above.
74 */
75 #ifdef COMMENT_ONLY
76 u_char ar_sha[]; /* sender hardware address */
77 u_char ar_spa[]; /* sender protocol address */
78 u_char ar_tha[]; /* target hardware address */
79 u_char ar_tpa[]; /* target protocol address */
80 #endif
81 #define ar_sha(ap) (((const u_char *)((ap)+1))+ 0)
82 #define ar_spa(ap) (((const u_char *)((ap)+1))+ (ap)->ar_hln)
83 #define ar_tha(ap) (((const u_char *)((ap)+1))+ (ap)->ar_hln+(ap)->ar_pln)
84 #define ar_tpa(ap) (((const u_char *)((ap)+1))+2*(ap)->ar_hln+(ap)->ar_pln)
85 };
86
87 #define ARP_HDRLEN 8
88
89 #define HRD(ap) EXTRACT_16BITS(&(ap)->ar_hrd)
90 #define HRD_LEN(ap) ((ap)->ar_hln)
91 #define PROTO_LEN(ap) ((ap)->ar_pln)
92 #define OP(ap) EXTRACT_16BITS(&(ap)->ar_op)
93 #define PRO(ap) EXTRACT_16BITS(&(ap)->ar_pro)
94 #define SHA(ap) (ar_sha(ap))
95 #define SPA(ap) (ar_spa(ap))
96 #define THA(ap) (ar_tha(ap))
97 #define TPA(ap) (ar_tpa(ap))
98
99
100 static const struct tok arpop_values[] = {
101 { ARPOP_REQUEST, "Request" },
102 { ARPOP_REPLY, "Reply" },
103 { ARPOP_REVREQUEST, "Reverse Request" },
104 { ARPOP_REVREPLY, "Reverse Reply" },
105 { ARPOP_INVREQUEST, "Inverse Request" },
106 { ARPOP_INVREPLY, "Inverse Reply" },
107 { ARPOP_NAK, "NACK Reply" },
108 { 0, NULL }
109 };
110
111 static const struct tok arphrd_values[] = {
112 { ARPHRD_ETHER, "Ethernet" },
113 { ARPHRD_IEEE802, "TokenRing" },
114 { ARPHRD_ARCNET, "ArcNet" },
115 { ARPHRD_FRELAY, "FrameRelay" },
116 { ARPHRD_STRIP, "Strip" },
117 { ARPHRD_IEEE1394, "IEEE 1394" },
118 { ARPHRD_ATM2225, "ATM" },
119 { 0, NULL }
120 };
121
122 /*
123 * ATM Address Resolution Protocol.
124 *
125 * See RFC 2225 for protocol description. ATMARP packets are similar
126 * to ARP packets, except that there are no length fields for the
127 * protocol address - instead, there are type/length fields for
128 * the ATM number and subaddress - and the hardware addresses consist
129 * of an ATM number and an ATM subaddress.
130 */
131 struct atmarp_pkthdr {
132 u_short aar_hrd; /* format of hardware address */
133 u_short aar_pro; /* format of protocol address */
134 u_char aar_shtl; /* length of source ATM number */
135 u_char aar_sstl; /* length of source ATM subaddress */
136 #define ATMARP_IS_E164 0x40 /* bit in type/length for E.164 format */
137 #define ATMARP_LEN_MASK 0x3F /* length of {sub}address in type/length */
138 u_short aar_op; /* same as regular ARP */
139 u_char aar_spln; /* length of source protocol address */
140 u_char aar_thtl; /* length of target ATM number */
141 u_char aar_tstl; /* length of target ATM subaddress */
142 u_char aar_tpln; /* length of target protocol address */
143 /*
144 * The remaining fields are variable in size,
145 * according to the sizes above.
146 */
147 #ifdef COMMENT_ONLY
148 u_char aar_sha[]; /* source ATM number */
149 u_char aar_ssa[]; /* source ATM subaddress */
150 u_char aar_spa[]; /* sender protocol address */
151 u_char aar_tha[]; /* target ATM number */
152 u_char aar_tsa[]; /* target ATM subaddress */
153 u_char aar_tpa[]; /* target protocol address */
154 #endif
155
156 #define ATMHRD(ap) EXTRACT_16BITS(&(ap)->aar_hrd)
157 #define ATMSHRD_LEN(ap) ((ap)->aar_shtl & ATMARP_LEN_MASK)
158 #define ATMSSLN(ap) ((ap)->aar_sstl & ATMARP_LEN_MASK)
159 #define ATMSPROTO_LEN(ap) ((ap)->aar_spln)
160 #define ATMOP(ap) EXTRACT_16BITS(&(ap)->aar_op)
161 #define ATMPRO(ap) EXTRACT_16BITS(&(ap)->aar_pro)
162 #define ATMTHRD_LEN(ap) ((ap)->aar_thtl & ATMARP_LEN_MASK)
163 #define ATMTSLN(ap) ((ap)->aar_tstl & ATMARP_LEN_MASK)
164 #define ATMTPROTO_LEN(ap) ((ap)->aar_tpln)
165 #define aar_sha(ap) ((const u_char *)((ap)+1))
166 #define aar_ssa(ap) (aar_sha(ap) + ATMSHRD_LEN(ap))
167 #define aar_spa(ap) (aar_ssa(ap) + ATMSSLN(ap))
168 #define aar_tha(ap) (aar_spa(ap) + ATMSPROTO_LEN(ap))
169 #define aar_tsa(ap) (aar_tha(ap) + ATMTHRD_LEN(ap))
170 #define aar_tpa(ap) (aar_tsa(ap) + ATMTSLN(ap))
171 };
172
173 #define ATMSHA(ap) (aar_sha(ap))
174 #define ATMSSA(ap) (aar_ssa(ap))
175 #define ATMSPA(ap) (aar_spa(ap))
176 #define ATMTHA(ap) (aar_tha(ap))
177 #define ATMTSA(ap) (aar_tsa(ap))
178 #define ATMTPA(ap) (aar_tpa(ap))
179
180 static int
isnonzero(const u_char * a,size_t len)181 isnonzero(const u_char *a, size_t len)
182 {
183 while (len > 0) {
184 if (*a != 0)
185 return (1);
186 a++;
187 len--;
188 }
189 return (0);
190 }
191
192 static void
tpaddr_print_ip(netdissect_options * ndo,const struct arp_pkthdr * ap,u_short pro)193 tpaddr_print_ip(netdissect_options *ndo,
194 const struct arp_pkthdr *ap, u_short pro)
195 {
196 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
197 ND_PRINT((ndo, "<wrong proto type>"));
198 else if (PROTO_LEN(ap) != 4)
199 ND_PRINT((ndo, "<wrong len>"));
200 else
201 ND_PRINT((ndo, "%s", ipaddr_string(ndo, TPA(ap))));
202 }
203
204 static void
spaddr_print_ip(netdissect_options * ndo,const struct arp_pkthdr * ap,u_short pro)205 spaddr_print_ip(netdissect_options *ndo,
206 const struct arp_pkthdr *ap, u_short pro)
207 {
208 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
209 ND_PRINT((ndo, "<wrong proto type>"));
210 else if (PROTO_LEN(ap) != 4)
211 ND_PRINT((ndo, "<wrong len>"));
212 else
213 ND_PRINT((ndo, "%s", ipaddr_string(ndo, SPA(ap))));
214 }
215
216 static void
atmarp_addr_print(netdissect_options * ndo,const u_char * ha,u_int ha_len,const u_char * srca,u_int srca_len)217 atmarp_addr_print(netdissect_options *ndo,
218 const u_char *ha, u_int ha_len, const u_char *srca,
219 u_int srca_len)
220 {
221 if (ha_len == 0)
222 ND_PRINT((ndo, "<No address>"));
223 else {
224 ND_PRINT((ndo, "%s", linkaddr_string(ndo, ha, LINKADDR_ATM, ha_len)));
225 if (srca_len != 0)
226 ND_PRINT((ndo, ",%s",
227 linkaddr_string(ndo, srca, LINKADDR_ATM, srca_len)));
228 }
229 }
230
231 static void
atmarp_tpaddr_print(netdissect_options * ndo,const struct atmarp_pkthdr * ap,u_short pro)232 atmarp_tpaddr_print(netdissect_options *ndo,
233 const struct atmarp_pkthdr *ap, u_short pro)
234 {
235 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
236 ND_PRINT((ndo, "<wrong proto type>"));
237 else if (ATMTPROTO_LEN(ap) != 4)
238 ND_PRINT((ndo, "<wrong tplen>"));
239 else
240 ND_PRINT((ndo, "%s", ipaddr_string(ndo, ATMTPA(ap))));
241 }
242
243 static void
atmarp_spaddr_print(netdissect_options * ndo,const struct atmarp_pkthdr * ap,u_short pro)244 atmarp_spaddr_print(netdissect_options *ndo,
245 const struct atmarp_pkthdr *ap, u_short pro)
246 {
247 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL)
248 ND_PRINT((ndo, "<wrong proto type>"));
249 else if (ATMSPROTO_LEN(ap) != 4)
250 ND_PRINT((ndo, "<wrong splen>"));
251 else
252 ND_PRINT((ndo, "%s", ipaddr_string(ndo, ATMSPA(ap))));
253 }
254
255 static void
atmarp_print(netdissect_options * ndo,const u_char * bp,u_int length,u_int caplen)256 atmarp_print(netdissect_options *ndo,
257 const u_char *bp, u_int length, u_int caplen)
258 {
259 const struct atmarp_pkthdr *ap;
260 u_short pro, hrd, op;
261
262 ap = (const struct atmarp_pkthdr *)bp;
263 ND_TCHECK(*ap);
264
265 hrd = ATMHRD(ap);
266 pro = ATMPRO(ap);
267 op = ATMOP(ap);
268
269 if (!ND_TTEST2(*aar_tpa(ap), ATMTPROTO_LEN(ap))) {
270 ND_PRINT((ndo, "%s", tstr));
271 ND_DEFAULTPRINT((const u_char *)ap, length);
272 return;
273 }
274
275 if (!ndo->ndo_eflag) {
276 ND_PRINT((ndo, "ARP, "));
277 }
278
279 if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) ||
280 ATMSPROTO_LEN(ap) != 4 ||
281 ATMTPROTO_LEN(ap) != 4 ||
282 ndo->ndo_vflag) {
283 ND_PRINT((ndo, "%s, %s (len %u/%u)",
284 tok2str(arphrd_values, "Unknown Hardware (%u)", hrd),
285 tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro),
286 ATMSPROTO_LEN(ap),
287 ATMTPROTO_LEN(ap)));
288
289 /* don't know know about the address formats */
290 if (!ndo->ndo_vflag) {
291 goto out;
292 }
293 }
294
295 /* print operation */
296 ND_PRINT((ndo, "%s%s ",
297 ndo->ndo_vflag ? ", " : "",
298 tok2str(arpop_values, "Unknown (%u)", op)));
299
300 switch (op) {
301
302 case ARPOP_REQUEST:
303 ND_PRINT((ndo, "who-has "));
304 atmarp_tpaddr_print(ndo, ap, pro);
305 if (ATMTHRD_LEN(ap) != 0) {
306 ND_PRINT((ndo, " ("));
307 atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap),
308 ATMTSA(ap), ATMTSLN(ap));
309 ND_PRINT((ndo, ")"));
310 }
311 ND_PRINT((ndo, " tell "));
312 atmarp_spaddr_print(ndo, ap, pro);
313 break;
314
315 case ARPOP_REPLY:
316 atmarp_spaddr_print(ndo, ap, pro);
317 ND_PRINT((ndo, " is-at "));
318 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap),
319 ATMSSLN(ap));
320 break;
321
322 case ARPOP_INVREQUEST:
323 ND_PRINT((ndo, "who-is "));
324 atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap), ATMTSA(ap),
325 ATMTSLN(ap));
326 ND_PRINT((ndo, " tell "));
327 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap),
328 ATMSSLN(ap));
329 break;
330
331 case ARPOP_INVREPLY:
332 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap),
333 ATMSSLN(ap));
334 ND_PRINT((ndo, "at "));
335 atmarp_spaddr_print(ndo, ap, pro);
336 break;
337
338 case ARPOP_NAK:
339 ND_PRINT((ndo, "for "));
340 atmarp_spaddr_print(ndo, ap, pro);
341 break;
342
343 default:
344 ND_DEFAULTPRINT((const u_char *)ap, caplen);
345 return;
346 }
347
348 out:
349 ND_PRINT((ndo, ", length %u", length));
350 return;
351
352 trunc:
353 ND_PRINT((ndo, "%s", tstr));
354 }
355
356 void
arp_print(netdissect_options * ndo,const u_char * bp,u_int length,u_int caplen)357 arp_print(netdissect_options *ndo,
358 const u_char *bp, u_int length, u_int caplen)
359 {
360 const struct arp_pkthdr *ap;
361 u_short pro, hrd, op, linkaddr;
362
363 ap = (const struct arp_pkthdr *)bp;
364 ND_TCHECK(*ap);
365
366 hrd = HRD(ap);
367 pro = PRO(ap);
368 op = OP(ap);
369
370
371 /* if its ATM then call the ATM ARP printer
372 for Frame-relay ARP most of the fields
373 are similar to Ethernet so overload the Ethernet Printer
374 and set the linkaddr type for linkaddr_string(ndo, ) accordingly */
375
376 switch(hrd) {
377 case ARPHRD_ATM2225:
378 atmarp_print(ndo, bp, length, caplen);
379 return;
380 case ARPHRD_FRELAY:
381 linkaddr = LINKADDR_FRELAY;
382 break;
383 default:
384 linkaddr = LINKADDR_ETHER;
385 break;
386 }
387
388 if (!ND_TTEST2(*TPA(ap), PROTO_LEN(ap))) {
389 ND_PRINT((ndo, "%s", tstr));
390 ND_DEFAULTPRINT((const u_char *)ap, length);
391 return;
392 }
393
394 if (!ndo->ndo_eflag) {
395 ND_PRINT((ndo, "ARP, "));
396 }
397
398 /* print hardware type/len and proto type/len */
399 if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) ||
400 PROTO_LEN(ap) != 4 ||
401 HRD_LEN(ap) == 0 ||
402 ndo->ndo_vflag) {
403 ND_PRINT((ndo, "%s (len %u), %s (len %u)",
404 tok2str(arphrd_values, "Unknown Hardware (%u)", hrd),
405 HRD_LEN(ap),
406 tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro),
407 PROTO_LEN(ap)));
408
409 /* don't know know about the address formats */
410 if (!ndo->ndo_vflag) {
411 goto out;
412 }
413 }
414
415 /* print operation */
416 ND_PRINT((ndo, "%s%s ",
417 ndo->ndo_vflag ? ", " : "",
418 tok2str(arpop_values, "Unknown (%u)", op)));
419
420 switch (op) {
421
422 case ARPOP_REQUEST:
423 ND_PRINT((ndo, "who-has "));
424 tpaddr_print_ip(ndo, ap, pro);
425 if (isnonzero((const u_char *)THA(ap), HRD_LEN(ap)))
426 ND_PRINT((ndo, " (%s)",
427 linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap))));
428 ND_PRINT((ndo, " tell "));
429 spaddr_print_ip(ndo, ap, pro);
430 break;
431
432 case ARPOP_REPLY:
433 spaddr_print_ip(ndo, ap, pro);
434 ND_PRINT((ndo, " is-at %s",
435 linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap))));
436 break;
437
438 case ARPOP_REVREQUEST:
439 ND_PRINT((ndo, "who-is %s tell %s",
440 linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)),
441 linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap))));
442 break;
443
444 case ARPOP_REVREPLY:
445 ND_PRINT((ndo, "%s at ",
446 linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap))));
447 tpaddr_print_ip(ndo, ap, pro);
448 break;
449
450 case ARPOP_INVREQUEST:
451 ND_PRINT((ndo, "who-is %s tell %s",
452 linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)),
453 linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap))));
454 break;
455
456 case ARPOP_INVREPLY:
457 ND_PRINT((ndo,"%s at ",
458 linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap))));
459 spaddr_print_ip(ndo, ap, pro);
460 break;
461
462 default:
463 ND_DEFAULTPRINT((const u_char *)ap, caplen);
464 return;
465 }
466
467 out:
468 ND_PRINT((ndo, ", length %u", length));
469
470 return;
471 trunc:
472 ND_PRINT((ndo, "%s", tstr));
473 }
474
475 /*
476 * Local Variables:
477 * c-style: bsd
478 * End:
479 */
480
481