1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: BOOTP and IPv4 DHCP printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "extract.h"
35
36
37 /*
38 * Bootstrap Protocol (BOOTP). RFC951 and RFC1048.
39 *
40 * This file specifies the "implementation-independent" BOOTP protocol
41 * information which is common to both client and server.
42 *
43 * Copyright 1988 by Carnegie Mellon.
44 *
45 * Permission to use, copy, modify, and distribute this program for any
46 * purpose and without fee is hereby granted, provided that this copyright
47 * and permission notice appear on all copies and supporting documentation,
48 * the name of Carnegie Mellon not be used in advertising or publicity
49 * pertaining to distribution of the program without specific prior
50 * permission, and notice be given in supporting documentation that copying
51 * and distribution is by permission of Carnegie Mellon and Stanford
52 * University. Carnegie Mellon makes no representations about the
53 * suitability of this software for any purpose. It is provided "as is"
54 * without express or implied warranty.
55 */
56
57 struct bootp {
58 nd_uint8_t bp_op; /* packet opcode type */
59 nd_uint8_t bp_htype; /* hardware addr type */
60 nd_uint8_t bp_hlen; /* hardware addr length */
61 nd_uint8_t bp_hops; /* gateway hops */
62 nd_uint32_t bp_xid; /* transaction ID */
63 nd_uint16_t bp_secs; /* seconds since boot began */
64 nd_uint16_t bp_flags; /* flags - see bootp_flag_values[]
65 in print-bootp.c */
66 nd_ipv4 bp_ciaddr; /* client IP address */
67 nd_ipv4 bp_yiaddr; /* 'your' IP address */
68 nd_ipv4 bp_siaddr; /* server IP address */
69 nd_ipv4 bp_giaddr; /* gateway IP address */
70 nd_byte bp_chaddr[16]; /* client hardware address */
71 nd_byte bp_sname[64]; /* server host name */
72 nd_byte bp_file[128]; /* boot file name */
73 nd_byte bp_vend[64]; /* vendor-specific area */
74 };
75
76 #define BOOTPREPLY 2
77 #define BOOTPREQUEST 1
78
79 /*
80 * Vendor magic cookie (v_magic) for CMU
81 */
82 #define VM_CMU "CMU"
83
84 /*
85 * Vendor magic cookie (v_magic) for RFC1048
86 */
87 #define VM_RFC1048 { 99, 130, 83, 99 }
88
89 /*
90 * RFC1048 tag values used to specify what information is being supplied in
91 * the vendor field of the packet.
92 */
93
94 #define TAG_PAD ((uint8_t) 0)
95 #define TAG_SUBNET_MASK ((uint8_t) 1)
96 #define TAG_TIME_OFFSET ((uint8_t) 2)
97 #define TAG_GATEWAY ((uint8_t) 3)
98 #define TAG_TIME_SERVER ((uint8_t) 4)
99 #define TAG_NAME_SERVER ((uint8_t) 5)
100 #define TAG_DOMAIN_SERVER ((uint8_t) 6)
101 #define TAG_LOG_SERVER ((uint8_t) 7)
102 #define TAG_COOKIE_SERVER ((uint8_t) 8)
103 #define TAG_LPR_SERVER ((uint8_t) 9)
104 #define TAG_IMPRESS_SERVER ((uint8_t) 10)
105 #define TAG_RLP_SERVER ((uint8_t) 11)
106 #define TAG_HOSTNAME ((uint8_t) 12)
107 #define TAG_BOOTSIZE ((uint8_t) 13)
108 #define TAG_END ((uint8_t) 255)
109 /* RFC1497 tags */
110 #define TAG_DUMPPATH ((uint8_t) 14)
111 #define TAG_DOMAINNAME ((uint8_t) 15)
112 #define TAG_SWAP_SERVER ((uint8_t) 16)
113 #define TAG_ROOTPATH ((uint8_t) 17)
114 #define TAG_EXTPATH ((uint8_t) 18)
115 /* RFC2132 */
116 #define TAG_IP_FORWARD ((uint8_t) 19)
117 #define TAG_NL_SRCRT ((uint8_t) 20)
118 #define TAG_PFILTERS ((uint8_t) 21)
119 #define TAG_REASS_SIZE ((uint8_t) 22)
120 #define TAG_DEF_TTL ((uint8_t) 23)
121 #define TAG_MTU_TIMEOUT ((uint8_t) 24)
122 #define TAG_MTU_TABLE ((uint8_t) 25)
123 #define TAG_INT_MTU ((uint8_t) 26)
124 #define TAG_LOCAL_SUBNETS ((uint8_t) 27)
125 #define TAG_BROAD_ADDR ((uint8_t) 28)
126 #define TAG_DO_MASK_DISC ((uint8_t) 29)
127 #define TAG_SUPPLY_MASK ((uint8_t) 30)
128 #define TAG_DO_RDISC ((uint8_t) 31)
129 #define TAG_RTR_SOL_ADDR ((uint8_t) 32)
130 #define TAG_STATIC_ROUTE ((uint8_t) 33)
131 #define TAG_USE_TRAILERS ((uint8_t) 34)
132 #define TAG_ARP_TIMEOUT ((uint8_t) 35)
133 #define TAG_ETH_ENCAP ((uint8_t) 36)
134 #define TAG_TCP_TTL ((uint8_t) 37)
135 #define TAG_TCP_KEEPALIVE ((uint8_t) 38)
136 #define TAG_KEEPALIVE_GO ((uint8_t) 39)
137 #define TAG_NIS_DOMAIN ((uint8_t) 40)
138 #define TAG_NIS_SERVERS ((uint8_t) 41)
139 #define TAG_NTP_SERVERS ((uint8_t) 42)
140 #define TAG_VENDOR_OPTS ((uint8_t) 43)
141 #define TAG_NETBIOS_NS ((uint8_t) 44)
142 #define TAG_NETBIOS_DDS ((uint8_t) 45)
143 #define TAG_NETBIOS_NODE ((uint8_t) 46)
144 #define TAG_NETBIOS_SCOPE ((uint8_t) 47)
145 #define TAG_XWIN_FS ((uint8_t) 48)
146 #define TAG_XWIN_DM ((uint8_t) 49)
147 #define TAG_NIS_P_DOMAIN ((uint8_t) 64)
148 #define TAG_NIS_P_SERVERS ((uint8_t) 65)
149 #define TAG_MOBILE_HOME ((uint8_t) 68)
150 #define TAG_SMPT_SERVER ((uint8_t) 69)
151 #define TAG_POP3_SERVER ((uint8_t) 70)
152 #define TAG_NNTP_SERVER ((uint8_t) 71)
153 #define TAG_WWW_SERVER ((uint8_t) 72)
154 #define TAG_FINGER_SERVER ((uint8_t) 73)
155 #define TAG_IRC_SERVER ((uint8_t) 74)
156 #define TAG_STREETTALK_SRVR ((uint8_t) 75)
157 #define TAG_STREETTALK_STDA ((uint8_t) 76)
158 /* DHCP options */
159 #define TAG_REQUESTED_IP ((uint8_t) 50)
160 #define TAG_IP_LEASE ((uint8_t) 51)
161 #define TAG_OPT_OVERLOAD ((uint8_t) 52)
162 #define TAG_TFTP_SERVER ((uint8_t) 66)
163 #define TAG_BOOTFILENAME ((uint8_t) 67)
164 #define TAG_DHCP_MESSAGE ((uint8_t) 53)
165 #define TAG_SERVER_ID ((uint8_t) 54)
166 #define TAG_PARM_REQUEST ((uint8_t) 55)
167 #define TAG_MESSAGE ((uint8_t) 56)
168 #define TAG_MAX_MSG_SIZE ((uint8_t) 57)
169 #define TAG_RENEWAL_TIME ((uint8_t) 58)
170 #define TAG_REBIND_TIME ((uint8_t) 59)
171 #define TAG_VENDOR_CLASS ((uint8_t) 60)
172 #define TAG_CLIENT_ID ((uint8_t) 61)
173 /* RFC 2241 */
174 #define TAG_NDS_SERVERS ((uint8_t) 85)
175 #define TAG_NDS_TREE_NAME ((uint8_t) 86)
176 #define TAG_NDS_CONTEXT ((uint8_t) 87)
177 /* RFC 2242 */
178 #define TAG_NDS_IPDOMAIN ((uint8_t) 62)
179 #define TAG_NDS_IPINFO ((uint8_t) 63)
180 /* RFC 2485 */
181 #define TAG_OPEN_GROUP_UAP ((uint8_t) 98)
182 /* RFC 2563 */
183 #define TAG_DISABLE_AUTOCONF ((uint8_t) 116)
184 /* RFC 2610 */
185 #define TAG_SLP_DA ((uint8_t) 78)
186 #define TAG_SLP_SCOPE ((uint8_t) 79)
187 /* RFC 2937 */
188 #define TAG_NS_SEARCH ((uint8_t) 117)
189 /* RFC 3004 - The User Class Option for DHCP */
190 #define TAG_USER_CLASS ((uint8_t) 77)
191 /* RFC 3011 */
192 #define TAG_IP4_SUBNET_SELECT ((uint8_t) 118)
193 /* RFC 3442 */
194 #define TAG_CLASSLESS_STATIC_RT ((uint8_t) 121)
195 #define TAG_CLASSLESS_STA_RT_MS ((uint8_t) 249)
196 /* RFC 5859 - TFTP Server Address Option for DHCPv4 */
197 #define TAG_TFTP_SERVER_ADDRESS ((uint8_t) 150)
198 /* https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml */
199 #define TAG_SLP_NAMING_AUTH ((uint8_t) 80)
200 #define TAG_CLIENT_FQDN ((uint8_t) 81)
201 #define TAG_AGENT_CIRCUIT ((uint8_t) 82)
202 #define TAG_AGENT_REMOTE ((uint8_t) 83)
203 #define TAG_TZ_STRING ((uint8_t) 88)
204 #define TAG_FQDN_OPTION ((uint8_t) 89)
205 #define TAG_AUTH ((uint8_t) 90)
206 #define TAG_CLIENT_LAST_TRANSACTION_TIME ((uint8_t) 91)
207 #define TAG_ASSOCIATED_IP ((uint8_t) 92)
208 #define TAG_CLIENT_ARCH ((uint8_t) 93)
209 #define TAG_CLIENT_NDI ((uint8_t) 94)
210 #define TAG_CLIENT_GUID ((uint8_t) 97)
211 #define TAG_LDAP_URL ((uint8_t) 95)
212 /* RFC 4833, TZ codes */
213 #define TAG_TZ_PCODE ((uint8_t) 100)
214 #define TAG_TZ_TCODE ((uint8_t) 101)
215 #define TAG_NETINFO_PARENT ((uint8_t) 112)
216 #define TAG_NETINFO_PARENT_TAG ((uint8_t) 113)
217 #define TAG_URL ((uint8_t) 114)
218 #define TAG_MUDURL ((uint8_t) 161)
219
220 /* DHCP Message types (values for TAG_DHCP_MESSAGE option) */
221 #define DHCPDISCOVER 1
222 #define DHCPOFFER 2
223 #define DHCPREQUEST 3
224 #define DHCPDECLINE 4
225 #define DHCPACK 5
226 #define DHCPNAK 6
227 #define DHCPRELEASE 7
228 #define DHCPINFORM 8
229 /* Defined in RFC4388 */
230 #define DHCPLEASEQUERY 10
231 #define DHCPLEASEUNASSIGNED 11
232 #define DHCPLEASEUNKNOWN 12
233 #define DHCPLEASEACTIVE 13
234
235
236 /*
237 * "vendor" data permitted for CMU bootp clients.
238 */
239
240 struct cmu_vend {
241 nd_byte v_magic[4]; /* magic number */
242 nd_uint32_t v_flags; /* flags/opcodes, etc. */
243 nd_ipv4 v_smask; /* Subnet mask */
244 nd_ipv4 v_dgate; /* Default gateway */
245 nd_ipv4 v_dns1, v_dns2; /* Domain name servers */
246 nd_ipv4 v_ins1, v_ins2; /* IEN-116 name servers */
247 nd_ipv4 v_ts1, v_ts2; /* Time servers */
248 nd_byte v_unused[24]; /* currently unused */
249 };
250
251
252 /* v_flags values */
253 #define VF_SMASK 1 /* Subnet mask field contains valid data */
254
255 /* RFC 4702 DHCP Client FQDN Option */
256
257 #define CLIENT_FQDN_FLAGS_S 0x01
258 #define CLIENT_FQDN_FLAGS_O 0x02
259 #define CLIENT_FQDN_FLAGS_E 0x04
260 #define CLIENT_FQDN_FLAGS_N 0x08
261 /* end of original bootp.h */
262
263 static void rfc1048_print(netdissect_options *, const u_char *);
264 static void cmu_print(netdissect_options *, const u_char *);
265 static char *client_fqdn_flags(u_int flags);
266
267 static const struct tok bootp_flag_values[] = {
268 { 0x8000, "Broadcast" },
269 { 0, NULL}
270 };
271
272 static const struct tok bootp_op_values[] = {
273 { BOOTPREQUEST, "Request" },
274 { BOOTPREPLY, "Reply" },
275 { 0, NULL}
276 };
277
278 /*
279 * Print bootp requests
280 */
281 void
bootp_print(netdissect_options * ndo,const u_char * cp,u_int length)282 bootp_print(netdissect_options *ndo,
283 const u_char *cp, u_int length)
284 {
285 const struct bootp *bp;
286 static const u_char vm_cmu[4] = VM_CMU;
287 static const u_char vm_rfc1048[4] = VM_RFC1048;
288 uint8_t bp_op, bp_htype, bp_hlen;
289
290 ndo->ndo_protocol = "bootp";
291 bp = (const struct bootp *)cp;
292 bp_op = GET_U_1(bp->bp_op);
293 ND_PRINT("BOOTP/DHCP, %s",
294 tok2str(bootp_op_values, "unknown (0x%02x)", bp_op));
295
296 bp_htype = GET_U_1(bp->bp_htype);
297 bp_hlen = GET_U_1(bp->bp_hlen);
298 if (bp_htype == 1 && bp_hlen == MAC_ADDR_LEN && bp_op == BOOTPREQUEST) {
299 ND_PRINT(" from %s", GET_ETHERADDR_STRING(bp->bp_chaddr));
300 }
301
302 ND_PRINT(", length %u", length);
303
304 if (!ndo->ndo_vflag)
305 return;
306
307 ND_TCHECK_2(bp->bp_secs);
308
309 /* The usual hardware address type is 1 (10Mb Ethernet) */
310 if (bp_htype != 1)
311 ND_PRINT(", htype %u", bp_htype);
312
313 /* The usual length for 10Mb Ethernet address is 6 bytes */
314 if (bp_htype != 1 || bp_hlen != MAC_ADDR_LEN)
315 ND_PRINT(", hlen %u", bp_hlen);
316
317 /* Only print interesting fields */
318 if (GET_U_1(bp->bp_hops))
319 ND_PRINT(", hops %u", GET_U_1(bp->bp_hops));
320 if (GET_BE_U_4(bp->bp_xid))
321 ND_PRINT(", xid 0x%x", GET_BE_U_4(bp->bp_xid));
322 if (GET_BE_U_2(bp->bp_secs))
323 ND_PRINT(", secs %u", GET_BE_U_2(bp->bp_secs));
324
325 ND_PRINT(", Flags [%s]",
326 bittok2str(bootp_flag_values, "none", GET_BE_U_2(bp->bp_flags)));
327 if (ndo->ndo_vflag > 1)
328 ND_PRINT(" (0x%04x)", GET_BE_U_2(bp->bp_flags));
329
330 /* Client's ip address */
331 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_ciaddr))
332 ND_PRINT("\n\t Client-IP %s", GET_IPADDR_STRING(bp->bp_ciaddr));
333
334 /* 'your' ip address (bootp client) */
335 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_yiaddr))
336 ND_PRINT("\n\t Your-IP %s", GET_IPADDR_STRING(bp->bp_yiaddr));
337
338 /* Server's ip address */
339 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_siaddr))
340 ND_PRINT("\n\t Server-IP %s", GET_IPADDR_STRING(bp->bp_siaddr));
341
342 /* Gateway's ip address */
343 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_giaddr))
344 ND_PRINT("\n\t Gateway-IP %s", GET_IPADDR_STRING(bp->bp_giaddr));
345
346 /* Client's Ethernet address */
347 if (bp_htype == 1 && bp_hlen == MAC_ADDR_LEN) {
348 ND_PRINT("\n\t Client-Ethernet-Address %s", GET_ETHERADDR_STRING(bp->bp_chaddr));
349 }
350
351 if (GET_U_1(bp->bp_sname)) { /* get first char only */
352 ND_PRINT("\n\t sname \"");
353 if (nd_printztn(ndo, bp->bp_sname, (u_int)sizeof(bp->bp_sname),
354 ndo->ndo_snapend) == 0) {
355 ND_PRINT("\"");
356 nd_print_trunc(ndo);
357 return;
358 }
359 ND_PRINT("\"");
360 }
361 if (GET_U_1(bp->bp_file)) { /* get first char only */
362 ND_PRINT("\n\t file \"");
363 if (nd_printztn(ndo, bp->bp_file, (u_int)sizeof(bp->bp_file),
364 ndo->ndo_snapend) == 0) {
365 ND_PRINT("\"");
366 nd_print_trunc(ndo);
367 return;
368 }
369 ND_PRINT("\"");
370 }
371
372 /* Decode the vendor buffer */
373 ND_TCHECK_4(bp->bp_vend);
374 if (memcmp((const char *)bp->bp_vend, vm_rfc1048,
375 sizeof(uint32_t)) == 0)
376 rfc1048_print(ndo, bp->bp_vend);
377 else if (memcmp((const char *)bp->bp_vend, vm_cmu,
378 sizeof(uint32_t)) == 0)
379 cmu_print(ndo, bp->bp_vend);
380 else {
381 uint32_t ul;
382
383 ul = GET_BE_U_4(bp->bp_vend);
384 if (ul != 0)
385 ND_PRINT("\n\t Vendor-#0x%x", ul);
386 }
387
388 return;
389 trunc:
390 nd_print_trunc(ndo);
391 }
392
393 /*
394 * The first character specifies the format to print:
395 * i - ip address (32 bits)
396 * p - ip address pairs (32 bits + 32 bits)
397 * l - long (32 bits)
398 * L - unsigned long (32 bits)
399 * s - short (16 bits)
400 * b - period-separated decimal bytes (variable length)
401 * x - colon-separated hex bytes (variable length)
402 * a - ASCII string (variable length)
403 * B - on/off (8 bits)
404 * $ - special (explicit code to handle)
405 */
406 static const struct tok tag2str[] = {
407 /* RFC1048 tags */
408 { TAG_PAD, " PAD" },
409 { TAG_SUBNET_MASK, "iSubnet-Mask" }, /* subnet mask (RFC950) */
410 { TAG_TIME_OFFSET, "LTime-Zone" }, /* seconds from UTC */
411 { TAG_GATEWAY, "iDefault-Gateway" }, /* default gateway */
412 { TAG_TIME_SERVER, "iTime-Server" }, /* time servers (RFC868) */
413 { TAG_NAME_SERVER, "iIEN-Name-Server" }, /* IEN name servers (IEN116) */
414 { TAG_DOMAIN_SERVER, "iDomain-Name-Server" }, /* domain name (RFC1035) */
415 { TAG_LOG_SERVER, "iLOG" }, /* MIT log servers */
416 { TAG_COOKIE_SERVER, "iCS" }, /* cookie servers (RFC865) */
417 { TAG_LPR_SERVER, "iLPR-Server" }, /* lpr server (RFC1179) */
418 { TAG_IMPRESS_SERVER, "iIM" }, /* impress servers (Imagen) */
419 { TAG_RLP_SERVER, "iRL" }, /* resource location (RFC887) */
420 { TAG_HOSTNAME, "aHostname" }, /* ASCII hostname */
421 { TAG_BOOTSIZE, "sBS" }, /* 512 byte blocks */
422 { TAG_END, " END" },
423 /* RFC1497 tags */
424 { TAG_DUMPPATH, "aDP" },
425 { TAG_DOMAINNAME, "aDomain-Name" },
426 { TAG_SWAP_SERVER, "iSS" },
427 { TAG_ROOTPATH, "aRP" },
428 { TAG_EXTPATH, "aEP" },
429 /* RFC2132 tags */
430 { TAG_IP_FORWARD, "BIPF" },
431 { TAG_NL_SRCRT, "BSRT" },
432 { TAG_PFILTERS, "pPF" },
433 { TAG_REASS_SIZE, "sRSZ" },
434 { TAG_DEF_TTL, "bTTL" },
435 { TAG_MTU_TIMEOUT, "lMTU-Timeout" },
436 { TAG_MTU_TABLE, "sMTU-Table" },
437 { TAG_INT_MTU, "sMTU" },
438 { TAG_LOCAL_SUBNETS, "BLSN" },
439 { TAG_BROAD_ADDR, "iBR" },
440 { TAG_DO_MASK_DISC, "BMD" },
441 { TAG_SUPPLY_MASK, "BMS" },
442 { TAG_DO_RDISC, "BRouter-Discovery" },
443 { TAG_RTR_SOL_ADDR, "iRSA" },
444 { TAG_STATIC_ROUTE, "pStatic-Route" },
445 { TAG_USE_TRAILERS, "BUT" },
446 { TAG_ARP_TIMEOUT, "lAT" },
447 { TAG_ETH_ENCAP, "BIE" },
448 { TAG_TCP_TTL, "bTT" },
449 { TAG_TCP_KEEPALIVE, "lKI" },
450 { TAG_KEEPALIVE_GO, "BKG" },
451 { TAG_NIS_DOMAIN, "aYD" },
452 { TAG_NIS_SERVERS, "iYS" },
453 { TAG_NTP_SERVERS, "iNTP" },
454 { TAG_VENDOR_OPTS, "bVendor-Option" },
455 { TAG_NETBIOS_NS, "iNetbios-Name-Server" },
456 { TAG_NETBIOS_DDS, "iWDD" },
457 { TAG_NETBIOS_NODE, "$Netbios-Node" },
458 { TAG_NETBIOS_SCOPE, "aNetbios-Scope" },
459 { TAG_XWIN_FS, "iXFS" },
460 { TAG_XWIN_DM, "iXDM" },
461 { TAG_NIS_P_DOMAIN, "sN+D" },
462 { TAG_NIS_P_SERVERS, "iN+S" },
463 { TAG_MOBILE_HOME, "iMH" },
464 { TAG_SMPT_SERVER, "iSMTP" },
465 { TAG_POP3_SERVER, "iPOP3" },
466 { TAG_NNTP_SERVER, "iNNTP" },
467 { TAG_WWW_SERVER, "iWWW" },
468 { TAG_FINGER_SERVER, "iFG" },
469 { TAG_IRC_SERVER, "iIRC" },
470 { TAG_STREETTALK_SRVR, "iSTS" },
471 { TAG_STREETTALK_STDA, "iSTDA" },
472 { TAG_REQUESTED_IP, "iRequested-IP" },
473 { TAG_IP_LEASE, "lLease-Time" },
474 { TAG_OPT_OVERLOAD, "$OO" },
475 { TAG_TFTP_SERVER, "aTFTP" },
476 { TAG_BOOTFILENAME, "aBF" },
477 { TAG_DHCP_MESSAGE, " DHCP-Message" },
478 { TAG_SERVER_ID, "iServer-ID" },
479 { TAG_PARM_REQUEST, "bParameter-Request" },
480 { TAG_MESSAGE, "aMSG" },
481 { TAG_MAX_MSG_SIZE, "sMSZ" },
482 { TAG_RENEWAL_TIME, "lRN" },
483 { TAG_REBIND_TIME, "lRB" },
484 { TAG_VENDOR_CLASS, "aVendor-Class" },
485 { TAG_CLIENT_ID, "$Client-ID" },
486 /* RFC 2485 */
487 { TAG_OPEN_GROUP_UAP, "aUAP" },
488 /* RFC 2563 */
489 { TAG_DISABLE_AUTOCONF, "BNOAUTO" },
490 /* RFC 2610 */
491 { TAG_SLP_DA, "bSLP-DA" }, /*"b" is a little wrong */
492 { TAG_SLP_SCOPE, "bSLP-SCOPE" }, /*"b" is a little wrong */
493 /* RFC 2937 */
494 { TAG_NS_SEARCH, "sNSSEARCH" }, /* XXX 's' */
495 /* RFC 3004 - The User Class Option for DHCP */
496 { TAG_USER_CLASS, "$User-Class" },
497 /* RFC 3011 */
498 { TAG_IP4_SUBNET_SELECT, "iSUBNET" },
499 /* RFC 3442 */
500 { TAG_CLASSLESS_STATIC_RT, "$Classless-Static-Route" },
501 { TAG_CLASSLESS_STA_RT_MS, "$Classless-Static-Route-Microsoft" },
502 /* RFC 5859 - TFTP Server Address Option for DHCPv4 */
503 { TAG_TFTP_SERVER_ADDRESS, "iTFTP-Server-Address" },
504 /* https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options */
505 { TAG_SLP_NAMING_AUTH, "aSLP-NA" },
506 { TAG_CLIENT_FQDN, "$FQDN" },
507 { TAG_AGENT_CIRCUIT, "$Agent-Information" },
508 { TAG_AGENT_REMOTE, "bARMT" },
509 { TAG_TZ_STRING, "aTZSTR" },
510 { TAG_FQDN_OPTION, "bFQDNS" }, /* XXX 'b' */
511 { TAG_AUTH, "bAUTH" }, /* XXX 'b' */
512 { TAG_CLIENT_LAST_TRANSACTION_TIME, "LLast-Transaction-Time" },
513 { TAG_ASSOCIATED_IP, "iAssociated-IP" },
514 { TAG_CLIENT_ARCH, "sARCH" },
515 { TAG_CLIENT_NDI, "bNDI" }, /* XXX 'b' */
516 { TAG_CLIENT_GUID, "bGUID" }, /* XXX 'b' */
517 { TAG_LDAP_URL, "aLDAP" },
518 { TAG_TZ_PCODE, "aPOSIX-TZ" },
519 { TAG_TZ_TCODE, "aTZ-Name" },
520 { TAG_NETINFO_PARENT, "iNI" },
521 { TAG_NETINFO_PARENT_TAG, "aNITAG" },
522 { TAG_URL, "aURL" },
523 { TAG_MUDURL, "aMUD-URL" },
524 { 0, NULL }
525 };
526
527 /* DHCP "options overload" types */
528 static const struct tok oo2str[] = {
529 { 1, "file" },
530 { 2, "sname" },
531 { 3, "file+sname" },
532 { 0, NULL }
533 };
534
535 /* NETBIOS over TCP/IP node type options */
536 static const struct tok nbo2str[] = {
537 { 0x1, "b-node" },
538 { 0x2, "p-node" },
539 { 0x4, "m-node" },
540 { 0x8, "h-node" },
541 { 0, NULL }
542 };
543
544 /* ARP Hardware types, for Client-ID option */
545 static const struct tok arp2str[] = {
546 { 0x1, "ether" },
547 { 0x6, "ieee802" },
548 { 0x7, "arcnet" },
549 { 0xf, "frelay" },
550 { 0x17, "strip" },
551 { 0x18, "ieee1394" },
552 { 0, NULL }
553 };
554
555 static const struct tok dhcp_msg_values[] = {
556 { DHCPDISCOVER, "Discover" },
557 { DHCPOFFER, "Offer" },
558 { DHCPREQUEST, "Request" },
559 { DHCPDECLINE, "Decline" },
560 { DHCPACK, "ACK" },
561 { DHCPNAK, "NACK" },
562 { DHCPRELEASE, "Release" },
563 { DHCPINFORM, "Inform" },
564 { DHCPLEASEQUERY, "LeaseQuery" },
565 { DHCPLEASEUNASSIGNED, "LeaseUnassigned" },
566 { DHCPLEASEUNKNOWN, "LeaseUnknown" },
567 { DHCPLEASEACTIVE, "LeaseActive" },
568 { 0, NULL }
569 };
570
571 #define AGENT_SUBOPTION_CIRCUIT_ID 1 /* RFC 3046 */
572 #define AGENT_SUBOPTION_REMOTE_ID 2 /* RFC 3046 */
573 #define AGENT_SUBOPTION_SUBSCRIBER_ID 6 /* RFC 3993 */
574 static const struct tok agent_suboption_values[] = {
575 { AGENT_SUBOPTION_CIRCUIT_ID, "Circuit-ID" },
576 { AGENT_SUBOPTION_REMOTE_ID, "Remote-ID" },
577 { AGENT_SUBOPTION_SUBSCRIBER_ID, "Subscriber-ID" },
578 { 0, NULL }
579 };
580
581
582 static void
rfc1048_print(netdissect_options * ndo,const u_char * bp)583 rfc1048_print(netdissect_options *ndo,
584 const u_char *bp)
585 {
586 uint16_t tag;
587 u_int len;
588 const char *cp;
589 char c;
590 int first, idx;
591 uint8_t subopt, suboptlen;
592
593 ND_PRINT("\n\t Vendor-rfc1048 Extensions");
594
595 /* Step over magic cookie */
596 ND_PRINT("\n\t Magic Cookie 0x%08x", GET_BE_U_4(bp));
597 bp += sizeof(int32_t);
598
599 /* Loop while we there is a tag left in the buffer */
600 while (ND_TTEST_1(bp)) {
601 tag = GET_U_1(bp);
602 bp++;
603 if (tag == TAG_PAD && ndo->ndo_vflag < 3)
604 continue;
605 if (tag == TAG_END && ndo->ndo_vflag < 3)
606 return;
607 cp = tok2str(tag2str, "?Unknown", tag);
608 c = *cp++;
609
610 if (tag == TAG_PAD || tag == TAG_END)
611 len = 0;
612 else {
613 /* Get the length; check for truncation */
614 len = GET_U_1(bp);
615 bp++;
616 }
617
618 ND_PRINT("\n\t %s (%u), length %u%s", cp, tag, len,
619 len > 0 ? ": " : "");
620
621 if (tag == TAG_PAD && ndo->ndo_vflag > 2) {
622 u_int ntag = 1;
623 while (ND_TTEST_1(bp) &&
624 GET_U_1(bp) == TAG_PAD) {
625 bp++;
626 ntag++;
627 }
628 if (ntag > 1)
629 ND_PRINT(", occurs %u", ntag);
630 }
631
632 ND_TCHECK_LEN(bp, len);
633
634 if (tag == TAG_DHCP_MESSAGE && len == 1) {
635 ND_PRINT("%s",
636 tok2str(dhcp_msg_values, "Unknown (%u)", GET_U_1(bp)));
637 bp++;
638 continue;
639 }
640
641 if (tag == TAG_PARM_REQUEST) {
642 idx = 0;
643 while (len > 0) {
644 uint8_t innertag = GET_U_1(bp);
645 bp++;
646 len--;
647 cp = tok2str(tag2str, "?Unknown", innertag);
648 if (idx % 4 == 0)
649 ND_PRINT("\n\t ");
650 else
651 ND_PRINT(", ");
652 ND_PRINT("%s (%u)", cp + 1, innertag);
653 idx++;
654 }
655 continue;
656 }
657
658 /* Print data */
659 if (c == '?') {
660 /* Base default formats for unknown tags on data size */
661 if (len & 1)
662 c = 'b';
663 else if (len & 2)
664 c = 's';
665 else
666 c = 'l';
667 }
668 first = 1;
669 switch (c) {
670
671 case 'a':
672 /* ASCII strings */
673 ND_PRINT("\"");
674 if (nd_printn(ndo, bp, len, ndo->ndo_snapend)) {
675 ND_PRINT("\"");
676 goto trunc;
677 }
678 ND_PRINT("\"");
679 bp += len;
680 len = 0;
681 break;
682
683 case 'i':
684 case 'l':
685 case 'L':
686 /* ip addresses/32-bit words */
687 while (len >= 4) {
688 if (!first)
689 ND_PRINT(",");
690 if (c == 'i')
691 ND_PRINT("%s", GET_IPADDR_STRING(bp));
692 else if (c == 'L')
693 ND_PRINT("%d", GET_BE_S_4(bp));
694 else
695 ND_PRINT("%u", GET_BE_U_4(bp));
696 bp += 4;
697 len -= 4;
698 first = 0;
699 }
700 break;
701
702 case 'p':
703 /* IP address pairs */
704 while (len >= 2*4) {
705 if (!first)
706 ND_PRINT(",");
707 ND_PRINT("(%s:", GET_IPADDR_STRING(bp));
708 bp += 4;
709 len -= 4;
710 ND_PRINT("%s)", GET_IPADDR_STRING(bp));
711 bp += 4;
712 len -= 4;
713 first = 0;
714 }
715 break;
716
717 case 's':
718 /* shorts */
719 while (len >= 2) {
720 if (!first)
721 ND_PRINT(",");
722 ND_PRINT("%u", GET_BE_U_2(bp));
723 bp += 2;
724 len -= 2;
725 first = 0;
726 }
727 break;
728
729 case 'B':
730 /* boolean */
731 while (len > 0) {
732 uint8_t bool_value;
733 if (!first)
734 ND_PRINT(",");
735 bool_value = GET_U_1(bp);
736 switch (bool_value) {
737 case 0:
738 ND_PRINT("N");
739 break;
740 case 1:
741 ND_PRINT("Y");
742 break;
743 default:
744 ND_PRINT("%u?", bool_value);
745 break;
746 }
747 ++bp;
748 --len;
749 first = 0;
750 }
751 break;
752
753 case 'b':
754 case 'x':
755 default:
756 /* Bytes */
757 while (len > 0) {
758 uint8_t byte_value;
759 if (!first)
760 ND_PRINT(c == 'x' ? ":" : ".");
761 byte_value = GET_U_1(bp);
762 if (c == 'x')
763 ND_PRINT("%02x", byte_value);
764 else
765 ND_PRINT("%u", byte_value);
766 ++bp;
767 --len;
768 first = 0;
769 }
770 break;
771
772 case '$':
773 /* Guys we can't handle with one of the usual cases */
774 switch (tag) {
775
776 case TAG_NETBIOS_NODE:
777 /* this option should be at least 1 byte long */
778 if (len < 1) {
779 ND_PRINT("[ERROR: length < 1 bytes]");
780 break;
781 }
782 tag = GET_U_1(bp);
783 ++bp;
784 --len;
785 ND_PRINT("%s", tok2str(nbo2str, NULL, tag));
786 break;
787
788 case TAG_OPT_OVERLOAD:
789 /* this option should be at least 1 byte long */
790 if (len < 1) {
791 ND_PRINT("[ERROR: length < 1 bytes]");
792 break;
793 }
794 tag = GET_U_1(bp);
795 ++bp;
796 --len;
797 ND_PRINT("%s", tok2str(oo2str, NULL, tag));
798 break;
799
800 case TAG_CLIENT_FQDN:
801 /* this option should be at least 3 bytes long */
802 if (len < 3) {
803 ND_PRINT("[ERROR: length < 3 bytes]");
804 bp += len;
805 len = 0;
806 break;
807 }
808 if (GET_U_1(bp) & 0xf0) {
809 ND_PRINT("[ERROR: MBZ nibble 0x%x != 0] ",
810 (GET_U_1(bp) & 0xf0) >> 4);
811 }
812 if (GET_U_1(bp) & 0x0f)
813 ND_PRINT("[%s] ",
814 client_fqdn_flags(GET_U_1(bp)));
815 bp++;
816 if (GET_U_1(bp) || GET_U_1(bp + 1))
817 ND_PRINT("%u/%u ", GET_U_1(bp),
818 GET_U_1(bp + 1));
819 bp += 2;
820 ND_PRINT("\"");
821 if (nd_printn(ndo, bp, len - 3, ndo->ndo_snapend)) {
822 ND_PRINT("\"");
823 goto trunc;
824 }
825 ND_PRINT("\"");
826 bp += len - 3;
827 len = 0;
828 break;
829
830 case TAG_CLIENT_ID:
831 {
832 int type;
833
834 /* this option should be at least 1 byte long */
835 if (len < 1) {
836 ND_PRINT("[ERROR: length < 1 bytes]");
837 break;
838 }
839 type = GET_U_1(bp);
840 bp++;
841 len--;
842 if (type == 0) {
843 ND_PRINT("\"");
844 if (nd_printn(ndo, bp, len, ndo->ndo_snapend)) {
845 ND_PRINT("\"");
846 goto trunc;
847 }
848 ND_PRINT("\"");
849 bp += len;
850 len = 0;
851 break;
852 } else {
853 ND_PRINT("%s ", tok2str(arp2str, "hardware-type %u,", type));
854 while (len > 0) {
855 if (!first)
856 ND_PRINT(":");
857 ND_PRINT("%02x", GET_U_1(bp));
858 ++bp;
859 --len;
860 first = 0;
861 }
862 }
863 break;
864 }
865
866 case TAG_AGENT_CIRCUIT:
867 while (len >= 2) {
868 subopt = GET_U_1(bp);
869 suboptlen = GET_U_1(bp + 1);
870 bp += 2;
871 len -= 2;
872 if (suboptlen > len) {
873 ND_PRINT("\n\t %s SubOption %u, length %u: length goes past end of option",
874 tok2str(agent_suboption_values, "Unknown", subopt),
875 subopt,
876 suboptlen);
877 bp += len;
878 len = 0;
879 break;
880 }
881 ND_PRINT("\n\t %s SubOption %u, length %u: ",
882 tok2str(agent_suboption_values, "Unknown", subopt),
883 subopt,
884 suboptlen);
885 switch (subopt) {
886
887 case AGENT_SUBOPTION_CIRCUIT_ID: /* fall through */
888 case AGENT_SUBOPTION_REMOTE_ID:
889 case AGENT_SUBOPTION_SUBSCRIBER_ID:
890 if (nd_printn(ndo, bp, suboptlen, ndo->ndo_snapend))
891 goto trunc;
892 break;
893
894 default:
895 print_unknown_data(ndo, bp, "\n\t\t", suboptlen);
896 }
897
898 len -= suboptlen;
899 bp += suboptlen;
900 }
901 break;
902
903 case TAG_CLASSLESS_STATIC_RT:
904 case TAG_CLASSLESS_STA_RT_MS:
905 {
906 u_int mask_width, significant_octets, i;
907
908 /* this option should be at least 5 bytes long */
909 if (len < 5) {
910 ND_PRINT("[ERROR: length < 5 bytes]");
911 bp += len;
912 len = 0;
913 break;
914 }
915 while (len > 0) {
916 if (!first)
917 ND_PRINT(",");
918 mask_width = GET_U_1(bp);
919 bp++;
920 len--;
921 /* mask_width <= 32 */
922 if (mask_width > 32) {
923 ND_PRINT("[ERROR: Mask width (%u) > 32]", mask_width);
924 bp += len;
925 len = 0;
926 break;
927 }
928 significant_octets = (mask_width + 7) / 8;
929 /* significant octets + router(4) */
930 if (len < significant_octets + 4) {
931 ND_PRINT("[ERROR: Remaining length (%u) < %u bytes]", len, significant_octets + 4);
932 bp += len;
933 len = 0;
934 break;
935 }
936 ND_PRINT("(");
937 if (mask_width == 0)
938 ND_PRINT("default");
939 else {
940 for (i = 0; i < significant_octets ; i++) {
941 if (i > 0)
942 ND_PRINT(".");
943 ND_PRINT("%u",
944 GET_U_1(bp));
945 bp++;
946 }
947 for (i = significant_octets ; i < 4 ; i++)
948 ND_PRINT(".0");
949 ND_PRINT("/%u", mask_width);
950 }
951 ND_PRINT(":%s)", GET_IPADDR_STRING(bp));
952 bp += 4;
953 len -= (significant_octets + 4);
954 first = 0;
955 }
956 break;
957 }
958
959 case TAG_USER_CLASS:
960 {
961 u_int suboptnumber = 1;
962
963 first = 1;
964 if (len < 2) {
965 ND_PRINT("[ERROR: length < 2 bytes]");
966 bp += len;
967 len = 0;
968 break;
969 }
970 while (len > 0) {
971 suboptlen = GET_U_1(bp);
972 bp++;
973 len--;
974 ND_PRINT("\n\t ");
975 ND_PRINT("instance#%u: ", suboptnumber);
976 if (suboptlen == 0) {
977 ND_PRINT("[ERROR: suboption length must be non-zero]");
978 bp += len;
979 len = 0;
980 break;
981 }
982 if (len < suboptlen) {
983 ND_PRINT("[ERROR: invalid option]");
984 bp += len;
985 len = 0;
986 break;
987 }
988 ND_PRINT("\"");
989 if (nd_printn(ndo, bp, suboptlen, ndo->ndo_snapend)) {
990 ND_PRINT("\"");
991 goto trunc;
992 }
993 ND_PRINT("\"");
994 ND_PRINT(", length %u", suboptlen);
995 suboptnumber++;
996 len -= suboptlen;
997 bp += suboptlen;
998 }
999 break;
1000 }
1001
1002 default:
1003 ND_PRINT("[unknown special tag %u, size %u]",
1004 tag, len);
1005 bp += len;
1006 len = 0;
1007 break;
1008 }
1009 break;
1010 }
1011 /* Data left over? */
1012 if (len) {
1013 ND_PRINT("\n\t trailing data length %u", len);
1014 bp += len;
1015 }
1016 }
1017 return;
1018 trunc:
1019 nd_print_trunc(ndo);
1020 }
1021
1022 #define PRINTCMUADDR(m, s) { ND_TCHECK_4(cmu->m); \
1023 if (GET_IPV4_TO_NETWORK_ORDER(cmu->m) != 0) \
1024 ND_PRINT(" %s:%s", s, GET_IPADDR_STRING(cmu->m)); }
1025
1026 static void
cmu_print(netdissect_options * ndo,const u_char * bp)1027 cmu_print(netdissect_options *ndo,
1028 const u_char *bp)
1029 {
1030 const struct cmu_vend *cmu;
1031 uint8_t v_flags;
1032
1033 ND_PRINT(" vend-cmu");
1034 cmu = (const struct cmu_vend *)bp;
1035
1036 /* Only print if there are unknown bits */
1037 ND_TCHECK_4(cmu->v_flags);
1038 v_flags = GET_U_1(cmu->v_flags);
1039 if ((v_flags & ~(VF_SMASK)) != 0)
1040 ND_PRINT(" F:0x%x", v_flags);
1041 PRINTCMUADDR(v_dgate, "DG");
1042 PRINTCMUADDR(v_smask, v_flags & VF_SMASK ? "SM" : "SM*");
1043 PRINTCMUADDR(v_dns1, "NS1");
1044 PRINTCMUADDR(v_dns2, "NS2");
1045 PRINTCMUADDR(v_ins1, "IEN1");
1046 PRINTCMUADDR(v_ins2, "IEN2");
1047 PRINTCMUADDR(v_ts1, "TS1");
1048 PRINTCMUADDR(v_ts2, "TS2");
1049 return;
1050
1051 trunc:
1052 nd_print_trunc(ndo);
1053 }
1054
1055 #undef PRINTCMUADDR
1056
1057 static char *
client_fqdn_flags(u_int flags)1058 client_fqdn_flags(u_int flags)
1059 {
1060 static char buf[8+1];
1061 int i = 0;
1062
1063 if (flags & CLIENT_FQDN_FLAGS_S)
1064 buf[i++] = 'S';
1065 if (flags & CLIENT_FQDN_FLAGS_O)
1066 buf[i++] = 'O';
1067 if (flags & CLIENT_FQDN_FLAGS_E)
1068 buf[i++] = 'E';
1069 if (flags & CLIENT_FQDN_FLAGS_N)
1070 buf[i++] = 'N';
1071 buf[i] = '\0';
1072
1073 return buf;
1074 }
1075