1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #include <sys/cdefs.h> 23 #ifndef lint 24 __RCSID("$NetBSD: print-arp.c,v 1.10 2023/08/17 20:19:40 christos Exp $"); 25 #endif 26 27 /* \summary: Address Resolution Protocol (ARP) printer */ 28 29 #ifdef HAVE_CONFIG_H 30 #include <config.h> 31 #endif 32 33 #include "netdissect-stdinc.h" 34 35 #define ND_LONGJMP_FROM_TCHECK 36 #include "netdissect.h" 37 #include "addrtoname.h" 38 #include "ethertype.h" 39 #include "extract.h" 40 41 42 /* 43 * Address Resolution Protocol. 44 * 45 * See RFC 826 for protocol description. ARP packets are variable 46 * in size; the arphdr structure defines the fixed-length portion. 47 * Protocol type values are the same as those for 10 Mb/s Ethernet. 48 * It is followed by the variable-sized fields ar_sha, arp_spa, 49 * arp_tha and arp_tpa in that order, according to the lengths 50 * specified. Field names used correspond to RFC 826. 51 */ 52 struct arp_pkthdr { 53 nd_uint16_t ar_hrd; /* format of hardware address */ 54 #define ARPHRD_ETHER 1 /* ethernet hardware format */ 55 #define ARPHRD_IEEE802 6 /* token-ring hardware format */ 56 #define ARPHRD_ARCNET 7 /* arcnet hardware format */ 57 #define ARPHRD_FRELAY 15 /* frame relay hardware format */ 58 #define ARPHRD_ATM2225 19 /* ATM (RFC 2225) */ 59 #define ARPHRD_STRIP 23 /* Ricochet Starmode Radio hardware format */ 60 #define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */ 61 #define ARPHRD_INFINIBAND 32 /* InfiniBand RFC 4391 */ 62 nd_uint16_t ar_pro; /* format of protocol address */ 63 nd_uint8_t ar_hln; /* length of hardware address */ 64 nd_uint8_t ar_pln; /* length of protocol address */ 65 nd_uint16_t ar_op; /* one of: */ 66 #define ARPOP_REQUEST 1 /* request to resolve address */ 67 #define ARPOP_REPLY 2 /* response to previous request */ 68 #define ARPOP_REVREQUEST 3 /* request protocol address given hardware */ 69 #define ARPOP_REVREPLY 4 /* response giving protocol address */ 70 #define ARPOP_INVREQUEST 8 /* request to identify peer */ 71 #define ARPOP_INVREPLY 9 /* response identifying peer */ 72 #define ARPOP_NAK 10 /* NAK - only valid for ATM ARP */ 73 74 /* 75 * The remaining fields are variable in size, 76 * according to the sizes above. 77 */ 78 #ifdef COMMENT_ONLY 79 nd_byte ar_sha[]; /* sender hardware address */ 80 nd_byte ar_spa[]; /* sender protocol address */ 81 nd_byte ar_tha[]; /* target hardware address */ 82 nd_byte ar_tpa[]; /* target protocol address */ 83 #endif 84 #define ar_sha(ap) (((const u_char *)((ap)+1))+ 0) 85 #define ar_spa(ap) (((const u_char *)((ap)+1))+ GET_U_1((ap)->ar_hln)) 86 #define ar_tha(ap) (((const u_char *)((ap)+1))+ GET_U_1((ap)->ar_hln)+GET_U_1((ap)->ar_pln)) 87 #define ar_tpa(ap) (((const u_char *)((ap)+1))+2*GET_U_1((ap)->ar_hln)+GET_U_1((ap)->ar_pln)) 88 }; 89 90 #define ARP_HDRLEN 8 91 92 #define HRD(ap) GET_BE_U_2((ap)->ar_hrd) 93 #define HRD_LEN(ap) GET_U_1((ap)->ar_hln) 94 #define PROTO_LEN(ap) GET_U_1((ap)->ar_pln) 95 #define OP(ap) GET_BE_U_2((ap)->ar_op) 96 #define PRO(ap) GET_BE_U_2((ap)->ar_pro) 97 #define SHA(ap) (ar_sha(ap)) 98 #define SPA(ap) (ar_spa(ap)) 99 #define THA(ap) (ar_tha(ap)) 100 #define TPA(ap) (ar_tpa(ap)) 101 102 103 static const struct tok arpop_values[] = { 104 { ARPOP_REQUEST, "Request" }, 105 { ARPOP_REPLY, "Reply" }, 106 { ARPOP_REVREQUEST, "Reverse Request" }, 107 { ARPOP_REVREPLY, "Reverse Reply" }, 108 { ARPOP_INVREQUEST, "Inverse Request" }, 109 { ARPOP_INVREPLY, "Inverse Reply" }, 110 { ARPOP_NAK, "NACK Reply" }, 111 { 0, NULL } 112 }; 113 114 static const struct tok arphrd_values[] = { 115 { ARPHRD_ETHER, "Ethernet" }, 116 { ARPHRD_IEEE802, "TokenRing" }, 117 { ARPHRD_ARCNET, "ArcNet" }, 118 { ARPHRD_FRELAY, "FrameRelay" }, 119 { ARPHRD_STRIP, "Strip" }, 120 { ARPHRD_IEEE1394, "IEEE 1394" }, 121 { ARPHRD_ATM2225, "ATM" }, 122 { ARPHRD_INFINIBAND, "InfiniBand" }, 123 { 0, NULL } 124 }; 125 126 /* 127 * ATM Address Resolution Protocol. 128 * 129 * See RFC 2225 for protocol description. ATMARP packets are similar 130 * to ARP packets, except that there are no length fields for the 131 * protocol address - instead, there are type/length fields for 132 * the ATM number and subaddress - and the hardware addresses consist 133 * of an ATM number and an ATM subaddress. 134 */ 135 struct atmarp_pkthdr { 136 nd_uint16_t aar_hrd; /* format of hardware address */ 137 nd_uint16_t aar_pro; /* format of protocol address */ 138 nd_uint8_t aar_shtl; /* length of source ATM number */ 139 nd_uint8_t aar_sstl; /* length of source ATM subaddress */ 140 #define ATMARP_IS_E164 0x40 /* bit in type/length for E.164 format */ 141 #define ATMARP_LEN_MASK 0x3F /* length of {sub}address in type/length */ 142 nd_uint16_t aar_op; /* same as regular ARP */ 143 nd_uint8_t aar_spln; /* length of source protocol address */ 144 nd_uint8_t aar_thtl; /* length of target ATM number */ 145 nd_uint8_t aar_tstl; /* length of target ATM subaddress */ 146 nd_uint8_t aar_tpln; /* length of target protocol address */ 147 /* 148 * The remaining fields are variable in size, 149 * according to the sizes above. 150 */ 151 #ifdef COMMENT_ONLY 152 nd_byte aar_sha[]; /* source ATM number */ 153 nd_byte aar_ssa[]; /* source ATM subaddress */ 154 nd_byte aar_spa[]; /* sender protocol address */ 155 nd_byte aar_tha[]; /* target ATM number */ 156 nd_byte aar_tsa[]; /* target ATM subaddress */ 157 nd_byte aar_tpa[]; /* target protocol address */ 158 #endif 159 160 #define ATMHRD(ap) GET_BE_U_2((ap)->aar_hrd) 161 #define ATMSHRD_LEN(ap) (GET_U_1((ap)->aar_shtl) & ATMARP_LEN_MASK) 162 #define ATMSSLN(ap) (GET_U_1((ap)->aar_sstl) & ATMARP_LEN_MASK) 163 #define ATMSPROTO_LEN(ap) GET_U_1((ap)->aar_spln) 164 #define ATMOP(ap) GET_BE_U_2((ap)->aar_op) 165 #define ATMPRO(ap) GET_BE_U_2((ap)->aar_pro) 166 #define ATMTHRD_LEN(ap) (GET_U_1((ap)->aar_thtl) & ATMARP_LEN_MASK) 167 #define ATMTSLN(ap) (GET_U_1((ap)->aar_tstl) & ATMARP_LEN_MASK) 168 #define ATMTPROTO_LEN(ap) GET_U_1((ap)->aar_tpln) 169 #define aar_sha(ap) ((const u_char *)((ap)+1)) 170 #define aar_ssa(ap) (aar_sha(ap) + ATMSHRD_LEN(ap)) 171 #define aar_spa(ap) (aar_ssa(ap) + ATMSSLN(ap)) 172 #define aar_tha(ap) (aar_spa(ap) + ATMSPROTO_LEN(ap)) 173 #define aar_tsa(ap) (aar_tha(ap) + ATMTHRD_LEN(ap)) 174 #define aar_tpa(ap) (aar_tsa(ap) + ATMTSLN(ap)) 175 }; 176 177 #define ATMSHA(ap) (aar_sha(ap)) 178 #define ATMSSA(ap) (aar_ssa(ap)) 179 #define ATMSPA(ap) (aar_spa(ap)) 180 #define ATMTHA(ap) (aar_tha(ap)) 181 #define ATMTSA(ap) (aar_tsa(ap)) 182 #define ATMTPA(ap) (aar_tpa(ap)) 183 184 static int 185 isnonzero(netdissect_options *ndo, const u_char *a, size_t len) 186 { 187 while (len > 0) { 188 if (GET_U_1(a) != 0) 189 return (1); 190 a++; 191 len--; 192 } 193 return (0); 194 } 195 196 static void 197 tpaddr_print_ip(netdissect_options *ndo, 198 const struct arp_pkthdr *ap, u_short pro) 199 { 200 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) 201 ND_PRINT("<wrong proto type>"); 202 else if (PROTO_LEN(ap) != 4) 203 ND_PRINT("<wrong len>"); 204 else 205 ND_PRINT("%s", GET_IPADDR_STRING(TPA(ap))); 206 } 207 208 static void 209 spaddr_print_ip(netdissect_options *ndo, 210 const struct arp_pkthdr *ap, u_short pro) 211 { 212 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) 213 ND_PRINT("<wrong proto type>"); 214 else if (PROTO_LEN(ap) != 4) 215 ND_PRINT("<wrong len>"); 216 else 217 ND_PRINT("%s", GET_IPADDR_STRING(SPA(ap))); 218 } 219 220 static void 221 atmarp_addr_print(netdissect_options *ndo, 222 const u_char *ha, u_int ha_len, const u_char *srca, 223 u_int srca_len) 224 { 225 if (ha_len == 0) 226 ND_PRINT("<No address>"); 227 else { 228 ND_PRINT("%s", GET_LINKADDR_STRING(ha, LINKADDR_ATM, ha_len)); 229 if (srca_len != 0) 230 ND_PRINT(",%s", 231 GET_LINKADDR_STRING(srca, LINKADDR_ATM, srca_len)); 232 } 233 } 234 235 static void 236 atmarp_tpaddr_print(netdissect_options *ndo, 237 const struct atmarp_pkthdr *ap, u_short pro) 238 { 239 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) 240 ND_PRINT("<wrong proto type>"); 241 else if (ATMTPROTO_LEN(ap) != 4) 242 ND_PRINT("<wrong tplen>"); 243 else 244 ND_PRINT("%s", GET_IPADDR_STRING(ATMTPA(ap))); 245 } 246 247 static void 248 atmarp_spaddr_print(netdissect_options *ndo, 249 const struct atmarp_pkthdr *ap, u_short pro) 250 { 251 if (pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) 252 ND_PRINT("<wrong proto type>"); 253 else if (ATMSPROTO_LEN(ap) != 4) 254 ND_PRINT("<wrong splen>"); 255 else 256 ND_PRINT("%s", GET_IPADDR_STRING(ATMSPA(ap))); 257 } 258 259 static void 260 atmarp_print(netdissect_options *ndo, 261 const u_char *bp, u_int length, u_int caplen) 262 { 263 const struct atmarp_pkthdr *ap; 264 u_short pro, hrd, op; 265 266 ap = (const struct atmarp_pkthdr *)bp; 267 ND_TCHECK_SIZE(ap); 268 269 hrd = ATMHRD(ap); 270 pro = ATMPRO(ap); 271 op = ATMOP(ap); 272 273 ND_TCHECK_LEN(ATMTPA(ap), ATMTPROTO_LEN(ap)); 274 275 if (!ndo->ndo_eflag) { 276 ND_PRINT("ARP, "); 277 } 278 279 if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) || 280 ATMSPROTO_LEN(ap) != 4 || 281 ATMTPROTO_LEN(ap) != 4 || 282 ndo->ndo_vflag) { 283 ND_PRINT("%s, %s (len %u/%u)", 284 tok2str(arphrd_values, "Unknown Hardware (%u)", hrd), 285 tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro), 286 ATMSPROTO_LEN(ap), 287 ATMTPROTO_LEN(ap)); 288 289 /* don't know about the address formats */ 290 if (!ndo->ndo_vflag) { 291 goto out; 292 } 293 } 294 295 /* print operation */ 296 ND_PRINT("%s%s ", 297 ndo->ndo_vflag ? ", " : "", 298 tok2str(arpop_values, "Unknown (%u)", op)); 299 300 switch (op) { 301 302 case ARPOP_REQUEST: 303 ND_PRINT("who-has "); 304 atmarp_tpaddr_print(ndo, ap, pro); 305 if (ATMTHRD_LEN(ap) != 0) { 306 ND_PRINT(" ("); 307 atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap), 308 ATMTSA(ap), ATMTSLN(ap)); 309 ND_PRINT(")"); 310 } 311 ND_PRINT(" tell "); 312 atmarp_spaddr_print(ndo, ap, pro); 313 break; 314 315 case ARPOP_REPLY: 316 atmarp_spaddr_print(ndo, ap, pro); 317 ND_PRINT(" is-at "); 318 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap), 319 ATMSSLN(ap)); 320 break; 321 322 case ARPOP_INVREQUEST: 323 ND_PRINT("who-is "); 324 atmarp_addr_print(ndo, ATMTHA(ap), ATMTHRD_LEN(ap), ATMTSA(ap), 325 ATMTSLN(ap)); 326 ND_PRINT(" tell "); 327 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap), 328 ATMSSLN(ap)); 329 break; 330 331 case ARPOP_INVREPLY: 332 atmarp_addr_print(ndo, ATMSHA(ap), ATMSHRD_LEN(ap), ATMSSA(ap), 333 ATMSSLN(ap)); 334 ND_PRINT("at "); 335 atmarp_spaddr_print(ndo, ap, pro); 336 break; 337 338 case ARPOP_NAK: 339 ND_PRINT("for "); 340 atmarp_spaddr_print(ndo, ap, pro); 341 break; 342 343 default: 344 ND_DEFAULTPRINT((const u_char *)ap, caplen); 345 return; 346 } 347 348 out: 349 ND_PRINT(", length %u", length); 350 } 351 352 void 353 arp_print(netdissect_options *ndo, 354 const u_char *bp, u_int length, u_int caplen) 355 { 356 const struct arp_pkthdr *ap; 357 u_short pro, hrd, op, linkaddr; 358 359 ndo->ndo_protocol = "arp"; 360 ap = (const struct arp_pkthdr *)bp; 361 ND_TCHECK_SIZE(ap); 362 363 hrd = HRD(ap); 364 pro = PRO(ap); 365 op = OP(ap); 366 367 368 /* if its ATM then call the ATM ARP printer 369 for Frame-relay ARP most of the fields 370 are similar to Ethernet so overload the Ethernet Printer 371 and set the linkaddr type for GET_LINKADDR_STRING() accordingly */ 372 373 switch(hrd) { 374 case ARPHRD_ATM2225: 375 atmarp_print(ndo, bp, length, caplen); 376 return; 377 case ARPHRD_FRELAY: 378 linkaddr = LINKADDR_FRELAY; 379 break; 380 default: 381 linkaddr = LINKADDR_ETHER; 382 break; 383 } 384 385 ND_TCHECK_LEN(TPA(ap), PROTO_LEN(ap)); 386 387 if (!ndo->ndo_eflag) { 388 ND_PRINT("ARP, "); 389 } 390 391 /* print hardware type/len and proto type/len */ 392 if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) || 393 PROTO_LEN(ap) != 4 || 394 HRD_LEN(ap) == 0 || 395 ndo->ndo_vflag) { 396 ND_PRINT("%s (len %u), %s (len %u)", 397 tok2str(arphrd_values, "Unknown Hardware (%u)", hrd), 398 HRD_LEN(ap), 399 tok2str(ethertype_values, "Unknown Protocol (0x%04x)", pro), 400 PROTO_LEN(ap)); 401 402 /* don't know about the address formats */ 403 if (!ndo->ndo_vflag) { 404 goto out; 405 } 406 } 407 408 /* print operation */ 409 ND_PRINT("%s%s ", 410 ndo->ndo_vflag ? ", " : "", 411 tok2str(arpop_values, "Unknown (%u)", op)); 412 413 switch (op) { 414 415 case ARPOP_REQUEST: 416 ND_PRINT("who-has "); 417 tpaddr_print_ip(ndo, ap, pro); 418 if (isnonzero(ndo, (const u_char *)THA(ap), HRD_LEN(ap))) 419 ND_PRINT(" (%s)", 420 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap))); 421 ND_PRINT(" tell "); 422 spaddr_print_ip(ndo, ap, pro); 423 break; 424 425 case ARPOP_REPLY: 426 spaddr_print_ip(ndo, ap, pro); 427 ND_PRINT(" is-at %s", 428 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap))); 429 break; 430 431 case ARPOP_REVREQUEST: 432 /* 433 * XXX - GET_LINKADDR_STRING() may return a pointer to 434 * a static buffer, so we only have one call to it per 435 * ND_PRINT() call. 436 * 437 * This should be done in a cleaner fashion. 438 */ 439 ND_PRINT("who-is %s", 440 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap))); 441 ND_PRINT(" tell %s", 442 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap))); 443 break; 444 445 case ARPOP_REVREPLY: 446 ND_PRINT("%s at ", 447 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap))); 448 tpaddr_print_ip(ndo, ap, pro); 449 break; 450 451 case ARPOP_INVREQUEST: 452 /* 453 * XXX - GET_LINKADDR_STRING() may return a pointer to 454 * a static buffer, so we only have one call to it per 455 * ND_PRINT() call. 456 * 457 * This should be done in a cleaner fashion. 458 */ 459 ND_PRINT("who-is %s", 460 GET_LINKADDR_STRING(THA(ap), linkaddr, HRD_LEN(ap))); 461 ND_PRINT(" tell %s", 462 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap))); 463 break; 464 465 case ARPOP_INVREPLY: 466 ND_PRINT("%s at ", 467 GET_LINKADDR_STRING(SHA(ap), linkaddr, HRD_LEN(ap))); 468 spaddr_print_ip(ndo, ap, pro); 469 break; 470 471 default: 472 ND_DEFAULTPRINT((const u_char *)ap, caplen); 473 return; 474 } 475 476 out: 477 ND_PRINT(", length %u", length); 478 } 479