1 /* 2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 /* \summary: BOOTP and IPv4 DHCP printer */ 23 24 #include <sys/cdefs.h> 25 #ifndef lint 26 __RCSID("$NetBSD: print-bootp.c,v 1.12 2024/09/02 16:15:30 christos Exp $"); 27 #endif 28 29 #include <config.h> 30 31 #include "netdissect-stdinc.h" 32 33 #include <string.h> 34 35 #include "netdissect.h" 36 #include "addrtoname.h" 37 #include "extract.h" 38 39 40 /* 41 * Bootstrap Protocol (BOOTP). RFC951 and RFC1048. 42 * 43 * This file specifies the "implementation-independent" BOOTP protocol 44 * information which is common to both client and server. 45 * 46 * Copyright 1988 by Carnegie Mellon. 47 * 48 * Permission to use, copy, modify, and distribute this program for any 49 * purpose and without fee is hereby granted, provided that this copyright 50 * and permission notice appear on all copies and supporting documentation, 51 * the name of Carnegie Mellon not be used in advertising or publicity 52 * pertaining to distribution of the program without specific prior 53 * permission, and notice be given in supporting documentation that copying 54 * and distribution is by permission of Carnegie Mellon and Stanford 55 * University. Carnegie Mellon makes no representations about the 56 * suitability of this software for any purpose. It is provided "as is" 57 * without express or implied warranty. 58 */ 59 60 struct bootp { 61 nd_uint8_t bp_op; /* packet opcode type */ 62 nd_uint8_t bp_htype; /* hardware addr type */ 63 nd_uint8_t bp_hlen; /* hardware addr length */ 64 nd_uint8_t bp_hops; /* gateway hops */ 65 nd_uint32_t bp_xid; /* transaction ID */ 66 nd_uint16_t bp_secs; /* seconds since boot began */ 67 nd_uint16_t bp_flags; /* flags - see bootp_flag_values[] 68 in print-bootp.c */ 69 nd_ipv4 bp_ciaddr; /* client IP address */ 70 nd_ipv4 bp_yiaddr; /* 'your' IP address */ 71 nd_ipv4 bp_siaddr; /* server IP address */ 72 nd_ipv4 bp_giaddr; /* gateway IP address */ 73 nd_byte bp_chaddr[16]; /* client hardware address */ 74 nd_byte bp_sname[64]; /* server host name */ 75 nd_byte bp_file[128]; /* boot file name */ 76 nd_byte bp_vend[64]; /* vendor-specific area */ 77 }; 78 79 #define BOOTPREPLY 2 80 #define BOOTPREQUEST 1 81 82 /* 83 * Vendor magic cookie (v_magic) for CMU 84 */ 85 #define VM_CMU "CMU" 86 87 /* 88 * Vendor magic cookie (v_magic) for RFC1048 89 */ 90 #define VM_RFC1048 { 99, 130, 83, 99 } 91 92 /* 93 * RFC1048 tag values used to specify what information is being supplied in 94 * the vendor field of the packet. 95 */ 96 97 #define TAG_PAD ((uint8_t) 0) 98 #define TAG_SUBNET_MASK ((uint8_t) 1) 99 #define TAG_TIME_OFFSET ((uint8_t) 2) 100 #define TAG_GATEWAY ((uint8_t) 3) 101 #define TAG_TIME_SERVER ((uint8_t) 4) 102 #define TAG_NAME_SERVER ((uint8_t) 5) 103 #define TAG_DOMAIN_SERVER ((uint8_t) 6) 104 #define TAG_LOG_SERVER ((uint8_t) 7) 105 #define TAG_COOKIE_SERVER ((uint8_t) 8) 106 #define TAG_LPR_SERVER ((uint8_t) 9) 107 #define TAG_IMPRESS_SERVER ((uint8_t) 10) 108 #define TAG_RLP_SERVER ((uint8_t) 11) 109 #define TAG_HOSTNAME ((uint8_t) 12) 110 #define TAG_BOOTSIZE ((uint8_t) 13) 111 #define TAG_END ((uint8_t) 255) 112 /* RFC1497 tags */ 113 #define TAG_DUMPPATH ((uint8_t) 14) 114 #define TAG_DOMAINNAME ((uint8_t) 15) 115 #define TAG_SWAP_SERVER ((uint8_t) 16) 116 #define TAG_ROOTPATH ((uint8_t) 17) 117 #define TAG_EXTPATH ((uint8_t) 18) 118 /* RFC2132 */ 119 #define TAG_IP_FORWARD ((uint8_t) 19) 120 #define TAG_NL_SRCRT ((uint8_t) 20) 121 #define TAG_PFILTERS ((uint8_t) 21) 122 #define TAG_REASS_SIZE ((uint8_t) 22) 123 #define TAG_DEF_TTL ((uint8_t) 23) 124 #define TAG_MTU_TIMEOUT ((uint8_t) 24) 125 #define TAG_MTU_TABLE ((uint8_t) 25) 126 #define TAG_INT_MTU ((uint8_t) 26) 127 #define TAG_LOCAL_SUBNETS ((uint8_t) 27) 128 #define TAG_BROAD_ADDR ((uint8_t) 28) 129 #define TAG_DO_MASK_DISC ((uint8_t) 29) 130 #define TAG_SUPPLY_MASK ((uint8_t) 30) 131 #define TAG_DO_RDISC ((uint8_t) 31) 132 #define TAG_RTR_SOL_ADDR ((uint8_t) 32) 133 #define TAG_STATIC_ROUTE ((uint8_t) 33) 134 #define TAG_USE_TRAILERS ((uint8_t) 34) 135 #define TAG_ARP_TIMEOUT ((uint8_t) 35) 136 #define TAG_ETH_ENCAP ((uint8_t) 36) 137 #define TAG_TCP_TTL ((uint8_t) 37) 138 #define TAG_TCP_KEEPALIVE ((uint8_t) 38) 139 #define TAG_KEEPALIVE_GO ((uint8_t) 39) 140 #define TAG_NIS_DOMAIN ((uint8_t) 40) 141 #define TAG_NIS_SERVERS ((uint8_t) 41) 142 #define TAG_NTP_SERVERS ((uint8_t) 42) 143 #define TAG_VENDOR_OPTS ((uint8_t) 43) 144 #define TAG_NETBIOS_NS ((uint8_t) 44) 145 #define TAG_NETBIOS_DDS ((uint8_t) 45) 146 #define TAG_NETBIOS_NODE ((uint8_t) 46) 147 #define TAG_NETBIOS_SCOPE ((uint8_t) 47) 148 #define TAG_XWIN_FS ((uint8_t) 48) 149 #define TAG_XWIN_DM ((uint8_t) 49) 150 #define TAG_NIS_P_DOMAIN ((uint8_t) 64) 151 #define TAG_NIS_P_SERVERS ((uint8_t) 65) 152 #define TAG_MOBILE_HOME ((uint8_t) 68) 153 #define TAG_SMTP_SERVER ((uint8_t) 69) 154 #define TAG_POP3_SERVER ((uint8_t) 70) 155 #define TAG_NNTP_SERVER ((uint8_t) 71) 156 #define TAG_WWW_SERVER ((uint8_t) 72) 157 #define TAG_FINGER_SERVER ((uint8_t) 73) 158 #define TAG_IRC_SERVER ((uint8_t) 74) 159 #define TAG_STREETTALK_SRVR ((uint8_t) 75) 160 #define TAG_STREETTALK_STDA ((uint8_t) 76) 161 /* DHCP options */ 162 #define TAG_REQUESTED_IP ((uint8_t) 50) 163 #define TAG_IP_LEASE ((uint8_t) 51) 164 #define TAG_OPT_OVERLOAD ((uint8_t) 52) 165 #define TAG_TFTP_SERVER ((uint8_t) 66) 166 #define TAG_BOOTFILENAME ((uint8_t) 67) 167 #define TAG_DHCP_MESSAGE ((uint8_t) 53) 168 #define TAG_SERVER_ID ((uint8_t) 54) 169 #define TAG_PARM_REQUEST ((uint8_t) 55) 170 #define TAG_MESSAGE ((uint8_t) 56) 171 #define TAG_MAX_MSG_SIZE ((uint8_t) 57) 172 #define TAG_RENEWAL_TIME ((uint8_t) 58) 173 #define TAG_REBIND_TIME ((uint8_t) 59) 174 #define TAG_VENDOR_CLASS ((uint8_t) 60) 175 #define TAG_CLIENT_ID ((uint8_t) 61) 176 /* RFC 2241 */ 177 #define TAG_NDS_SERVERS ((uint8_t) 85) 178 #define TAG_NDS_TREE_NAME ((uint8_t) 86) 179 #define TAG_NDS_CONTEXT ((uint8_t) 87) 180 /* RFC 2242 */ 181 #define TAG_NDS_IPDOMAIN ((uint8_t) 62) 182 #define TAG_NDS_IPINFO ((uint8_t) 63) 183 /* RFC 2485 */ 184 #define TAG_OPEN_GROUP_UAP ((uint8_t) 98) 185 /* RFC 2563 */ 186 #define TAG_DISABLE_AUTOCONF ((uint8_t) 116) 187 /* RFC 2610 */ 188 #define TAG_SLP_DA ((uint8_t) 78) 189 #define TAG_SLP_SCOPE ((uint8_t) 79) 190 /* RFC 2937 */ 191 #define TAG_NS_SEARCH ((uint8_t) 117) 192 /* RFC 3004 - The User Class Option for DHCP */ 193 #define TAG_USER_CLASS ((uint8_t) 77) 194 /* RFC 3011 */ 195 #define TAG_IP4_SUBNET_SELECT ((uint8_t) 118) 196 /* RFC 3442 */ 197 #define TAG_CLASSLESS_STATIC_RT ((uint8_t) 121) 198 #define TAG_CLASSLESS_STA_RT_MS ((uint8_t) 249) 199 /* RFC8572 */ 200 #define TAG_SZTP_REDIRECT ((uint8_t) 143) 201 /* RFC 5859 - TFTP Server Address Option for DHCPv4 */ 202 #define TAG_TFTP_SERVER_ADDRESS ((uint8_t) 150) 203 /* https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml */ 204 #define TAG_SLP_NAMING_AUTH ((uint8_t) 80) 205 #define TAG_CLIENT_FQDN ((uint8_t) 81) 206 #define TAG_AGENT_CIRCUIT ((uint8_t) 82) 207 #define TAG_AGENT_REMOTE ((uint8_t) 83) 208 #define TAG_TZ_STRING ((uint8_t) 88) 209 #define TAG_FQDN_OPTION ((uint8_t) 89) 210 #define TAG_AUTH ((uint8_t) 90) 211 #define TAG_CLIENT_LAST_TRANSACTION_TIME ((uint8_t) 91) 212 #define TAG_ASSOCIATED_IP ((uint8_t) 92) 213 #define TAG_CLIENT_ARCH ((uint8_t) 93) 214 #define TAG_CLIENT_NDI ((uint8_t) 94) 215 #define TAG_CLIENT_GUID ((uint8_t) 97) 216 #define TAG_LDAP_URL ((uint8_t) 95) 217 /* RFC 4833, TZ codes */ 218 #define TAG_TZ_PCODE ((uint8_t) 100) 219 #define TAG_TZ_TCODE ((uint8_t) 101) 220 #define TAG_NETINFO_PARENT ((uint8_t) 112) 221 #define TAG_NETINFO_PARENT_TAG ((uint8_t) 113) 222 #define TAG_URL ((uint8_t) 114) 223 #define TAG_MUDURL ((uint8_t) 161) 224 225 /* DHCP Message types (values for TAG_DHCP_MESSAGE option) */ 226 #define DHCPDISCOVER 1 227 #define DHCPOFFER 2 228 #define DHCPREQUEST 3 229 #define DHCPDECLINE 4 230 #define DHCPACK 5 231 #define DHCPNAK 6 232 #define DHCPRELEASE 7 233 #define DHCPINFORM 8 234 /* Defined in RFC4388 */ 235 #define DHCPLEASEQUERY 10 236 #define DHCPLEASEUNASSIGNED 11 237 #define DHCPLEASEUNKNOWN 12 238 #define DHCPLEASEACTIVE 13 239 240 241 /* 242 * "vendor" data permitted for CMU bootp clients. 243 */ 244 245 struct cmu_vend { 246 nd_byte v_magic[4]; /* magic number */ 247 nd_uint32_t v_flags; /* flags/opcodes, etc. */ 248 nd_ipv4 v_smask; /* Subnet mask */ 249 nd_ipv4 v_dgate; /* Default gateway */ 250 nd_ipv4 v_dns1, v_dns2; /* Domain name servers */ 251 nd_ipv4 v_ins1, v_ins2; /* IEN-116 name servers */ 252 nd_ipv4 v_ts1, v_ts2; /* Time servers */ 253 nd_byte v_unused[24]; /* currently unused */ 254 }; 255 256 257 /* v_flags values */ 258 #define VF_SMASK 1 /* Subnet mask field contains valid data */ 259 260 /* RFC 4702 DHCP Client FQDN Option */ 261 262 #define CLIENT_FQDN_FLAGS_S 0x01 263 #define CLIENT_FQDN_FLAGS_O 0x02 264 #define CLIENT_FQDN_FLAGS_E 0x04 265 #define CLIENT_FQDN_FLAGS_N 0x08 266 /* end of original bootp.h */ 267 268 static void rfc1048_print(netdissect_options *, const u_char *); 269 static void cmu_print(netdissect_options *, const u_char *); 270 static char *client_fqdn_flags(u_int flags); 271 272 static const struct tok bootp_flag_values[] = { 273 { 0x8000, "Broadcast" }, 274 { 0, NULL} 275 }; 276 277 static const struct tok bootp_op_values[] = { 278 { BOOTPREQUEST, "Request" }, 279 { BOOTPREPLY, "Reply" }, 280 { 0, NULL} 281 }; 282 283 /* 284 * Print bootp requests 285 */ 286 void 287 bootp_print(netdissect_options *ndo, 288 const u_char *cp, u_int length) 289 { 290 const struct bootp *bp; 291 static const u_char vm_cmu[4] = VM_CMU; 292 static const u_char vm_rfc1048[4] = VM_RFC1048; 293 uint8_t bp_op, bp_htype, bp_hlen; 294 295 ndo->ndo_protocol = "bootp"; 296 bp = (const struct bootp *)cp; 297 bp_op = GET_U_1(bp->bp_op); 298 ND_PRINT("BOOTP/DHCP, %s", 299 tok2str(bootp_op_values, "unknown (0x%02x)", bp_op)); 300 301 bp_htype = GET_U_1(bp->bp_htype); 302 bp_hlen = GET_U_1(bp->bp_hlen); 303 if (bp_htype == 1 && bp_hlen == MAC_ADDR_LEN && bp_op == BOOTPREQUEST) { 304 ND_PRINT(" from %s", GET_ETHERADDR_STRING(bp->bp_chaddr)); 305 } 306 307 ND_PRINT(", length %u", length); 308 309 if (!ndo->ndo_vflag) 310 return; 311 312 ND_TCHECK_2(bp->bp_secs); 313 314 /* The usual hardware address type is 1 (10Mb Ethernet) */ 315 if (bp_htype != 1) 316 ND_PRINT(", htype %u", bp_htype); 317 318 /* The usual length for 10Mb Ethernet address is 6 bytes */ 319 if (bp_htype != 1 || bp_hlen != MAC_ADDR_LEN) 320 ND_PRINT(", hlen %u", bp_hlen); 321 322 /* Only print interesting fields */ 323 if (GET_U_1(bp->bp_hops)) 324 ND_PRINT(", hops %u", GET_U_1(bp->bp_hops)); 325 if (GET_BE_U_4(bp->bp_xid)) 326 ND_PRINT(", xid 0x%x", GET_BE_U_4(bp->bp_xid)); 327 if (GET_BE_U_2(bp->bp_secs)) 328 ND_PRINT(", secs %u", GET_BE_U_2(bp->bp_secs)); 329 330 ND_PRINT(", Flags [%s]", 331 bittok2str(bootp_flag_values, "none", GET_BE_U_2(bp->bp_flags))); 332 if (ndo->ndo_vflag > 1) 333 ND_PRINT(" (0x%04x)", GET_BE_U_2(bp->bp_flags)); 334 335 /* Client's ip address */ 336 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_ciaddr)) 337 ND_PRINT("\n\t Client-IP %s", GET_IPADDR_STRING(bp->bp_ciaddr)); 338 339 /* 'your' ip address (bootp client) */ 340 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_yiaddr)) 341 ND_PRINT("\n\t Your-IP %s", GET_IPADDR_STRING(bp->bp_yiaddr)); 342 343 /* Server's ip address */ 344 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_siaddr)) 345 ND_PRINT("\n\t Server-IP %s", GET_IPADDR_STRING(bp->bp_siaddr)); 346 347 /* Gateway's ip address */ 348 if (GET_IPV4_TO_NETWORK_ORDER(bp->bp_giaddr)) 349 ND_PRINT("\n\t Gateway-IP %s", GET_IPADDR_STRING(bp->bp_giaddr)); 350 351 /* Client's Ethernet address */ 352 if (bp_htype == 1 && bp_hlen == MAC_ADDR_LEN) { 353 ND_PRINT("\n\t Client-Ethernet-Address %s", GET_ETHERADDR_STRING(bp->bp_chaddr)); 354 } 355 356 if (GET_U_1(bp->bp_sname)) { /* get first char only */ 357 ND_PRINT("\n\t sname \""); 358 if (nd_printztn(ndo, bp->bp_sname, (u_int)sizeof(bp->bp_sname), 359 ndo->ndo_snapend) == 0) { 360 ND_PRINT("\""); 361 nd_print_trunc(ndo); 362 return; 363 } 364 ND_PRINT("\""); 365 } 366 if (GET_U_1(bp->bp_file)) { /* get first char only */ 367 ND_PRINT("\n\t file \""); 368 if (nd_printztn(ndo, bp->bp_file, (u_int)sizeof(bp->bp_file), 369 ndo->ndo_snapend) == 0) { 370 ND_PRINT("\""); 371 nd_print_trunc(ndo); 372 return; 373 } 374 ND_PRINT("\""); 375 } 376 377 /* Decode the vendor buffer */ 378 ND_TCHECK_4(bp->bp_vend); 379 if (memcmp((const char *)bp->bp_vend, vm_rfc1048, 380 sizeof(uint32_t)) == 0) 381 rfc1048_print(ndo, bp->bp_vend); 382 else if (memcmp((const char *)bp->bp_vend, vm_cmu, 383 sizeof(uint32_t)) == 0) 384 cmu_print(ndo, bp->bp_vend); 385 else { 386 uint32_t ul; 387 388 ul = GET_BE_U_4(bp->bp_vend); 389 if (ul != 0) 390 ND_PRINT("\n\t Vendor-#0x%x", ul); 391 } 392 393 return; 394 trunc: 395 nd_print_trunc(ndo); 396 } 397 398 /* 399 * The first character specifies the format to print: 400 * i - ip address (32 bits) 401 * p - ip address pairs (32 bits + 32 bits) 402 * l - long (32 bits) 403 * L - unsigned long (32 bits) 404 * s - short (16 bits) 405 * b - period-separated decimal bytes (variable length) 406 * x - colon-separated hex bytes (variable length) 407 * a - ASCII string (variable length) 408 * B - on/off (8 bits) 409 * $ - special (explicit code to handle) 410 */ 411 static const struct tok tag2str[] = { 412 /* RFC1048 tags */ 413 { TAG_PAD, " PAD" }, 414 { TAG_SUBNET_MASK, "iSubnet-Mask" }, /* subnet mask (RFC950) */ 415 { TAG_TIME_OFFSET, "LTime-Zone" }, /* seconds from UTC */ 416 { TAG_GATEWAY, "iDefault-Gateway" }, /* default gateway */ 417 { TAG_TIME_SERVER, "iTime-Server" }, /* time servers (RFC868) */ 418 { TAG_NAME_SERVER, "iIEN-Name-Server" }, /* IEN name servers (IEN116) */ 419 { TAG_DOMAIN_SERVER, "iDomain-Name-Server" }, /* domain name (RFC1035) */ 420 { TAG_LOG_SERVER, "iLOG" }, /* MIT log servers */ 421 { TAG_COOKIE_SERVER, "iCS" }, /* cookie servers (RFC865) */ 422 { TAG_LPR_SERVER, "iLPR-Server" }, /* lpr server (RFC1179) */ 423 { TAG_IMPRESS_SERVER, "iIM" }, /* impress servers (Imagen) */ 424 { TAG_RLP_SERVER, "iRL" }, /* resource location (RFC887) */ 425 { TAG_HOSTNAME, "aHostname" }, /* ASCII hostname */ 426 { TAG_BOOTSIZE, "sBS" }, /* 512 byte blocks */ 427 { TAG_END, " END" }, 428 /* RFC1497 tags */ 429 { TAG_DUMPPATH, "aDP" }, 430 { TAG_DOMAINNAME, "aDomain-Name" }, 431 { TAG_SWAP_SERVER, "iSS" }, 432 { TAG_ROOTPATH, "aRP" }, 433 { TAG_EXTPATH, "aEP" }, 434 /* RFC2132 tags */ 435 { TAG_IP_FORWARD, "BIPF" }, 436 { TAG_NL_SRCRT, "BSRT" }, 437 { TAG_PFILTERS, "pPF" }, 438 { TAG_REASS_SIZE, "sRSZ" }, 439 { TAG_DEF_TTL, "bTTL" }, 440 { TAG_MTU_TIMEOUT, "lMTU-Timeout" }, 441 { TAG_MTU_TABLE, "sMTU-Table" }, 442 { TAG_INT_MTU, "sMTU" }, 443 { TAG_LOCAL_SUBNETS, "BLSN" }, 444 { TAG_BROAD_ADDR, "iBR" }, 445 { TAG_DO_MASK_DISC, "BMD" }, 446 { TAG_SUPPLY_MASK, "BMS" }, 447 { TAG_DO_RDISC, "BRouter-Discovery" }, 448 { TAG_RTR_SOL_ADDR, "iRSA" }, 449 { TAG_STATIC_ROUTE, "pStatic-Route" }, 450 { TAG_USE_TRAILERS, "BUT" }, 451 { TAG_ARP_TIMEOUT, "lAT" }, 452 { TAG_ETH_ENCAP, "BIE" }, 453 { TAG_TCP_TTL, "bTT" }, 454 { TAG_TCP_KEEPALIVE, "lKI" }, 455 { TAG_KEEPALIVE_GO, "BKG" }, 456 { TAG_NIS_DOMAIN, "aYD" }, 457 { TAG_NIS_SERVERS, "iYS" }, 458 { TAG_NTP_SERVERS, "iNTP" }, 459 { TAG_VENDOR_OPTS, "bVendor-Option" }, 460 { TAG_NETBIOS_NS, "iNetbios-Name-Server" }, 461 { TAG_NETBIOS_DDS, "iWDD" }, 462 { TAG_NETBIOS_NODE, "$Netbios-Node" }, 463 { TAG_NETBIOS_SCOPE, "aNetbios-Scope" }, 464 { TAG_XWIN_FS, "iXFS" }, 465 { TAG_XWIN_DM, "iXDM" }, 466 { TAG_NIS_P_DOMAIN, "sN+D" }, 467 { TAG_NIS_P_SERVERS, "iN+S" }, 468 { TAG_MOBILE_HOME, "iMH" }, 469 { TAG_SMTP_SERVER, "iSMTP" }, 470 { TAG_POP3_SERVER, "iPOP3" }, 471 { TAG_NNTP_SERVER, "iNNTP" }, 472 { TAG_WWW_SERVER, "iWWW" }, 473 { TAG_FINGER_SERVER, "iFG" }, 474 { TAG_IRC_SERVER, "iIRC" }, 475 { TAG_STREETTALK_SRVR, "iSTS" }, 476 { TAG_STREETTALK_STDA, "iSTDA" }, 477 { TAG_REQUESTED_IP, "iRequested-IP" }, 478 { TAG_IP_LEASE, "lLease-Time" }, 479 { TAG_OPT_OVERLOAD, "$OO" }, 480 { TAG_TFTP_SERVER, "aTFTP" }, 481 { TAG_BOOTFILENAME, "aBF" }, 482 { TAG_DHCP_MESSAGE, " DHCP-Message" }, 483 { TAG_SERVER_ID, "iServer-ID" }, 484 { TAG_PARM_REQUEST, "bParameter-Request" }, 485 { TAG_MESSAGE, "aMSG" }, 486 { TAG_MAX_MSG_SIZE, "sMSZ" }, 487 { TAG_RENEWAL_TIME, "lRN" }, 488 { TAG_REBIND_TIME, "lRB" }, 489 { TAG_VENDOR_CLASS, "aVendor-Class" }, 490 { TAG_CLIENT_ID, "$Client-ID" }, 491 /* RFC 2485 */ 492 { TAG_OPEN_GROUP_UAP, "aUAP" }, 493 /* RFC 2563 */ 494 { TAG_DISABLE_AUTOCONF, "BNOAUTO" }, 495 /* RFC 2610 */ 496 { TAG_SLP_DA, "bSLP-DA" }, /*"b" is a little wrong */ 497 { TAG_SLP_SCOPE, "bSLP-SCOPE" }, /*"b" is a little wrong */ 498 /* RFC 2937 */ 499 { TAG_NS_SEARCH, "sNSSEARCH" }, /* XXX 's' */ 500 /* RFC 3004 - The User Class Option for DHCP */ 501 { TAG_USER_CLASS, "$User-Class" }, 502 /* RFC 3011 */ 503 { TAG_IP4_SUBNET_SELECT, "iSUBNET" }, 504 /* RFC 3442 */ 505 { TAG_CLASSLESS_STATIC_RT, "$Classless-Static-Route" }, 506 { TAG_CLASSLESS_STA_RT_MS, "$Classless-Static-Route-Microsoft" }, 507 /* RFC 8572 */ 508 { TAG_SZTP_REDIRECT, "$SZTP-Redirect" }, 509 /* RFC 5859 - TFTP Server Address Option for DHCPv4 */ 510 { TAG_TFTP_SERVER_ADDRESS, "iTFTP-Server-Address" }, 511 /* https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options */ 512 { TAG_SLP_NAMING_AUTH, "aSLP-NA" }, 513 { TAG_CLIENT_FQDN, "$FQDN" }, 514 { TAG_AGENT_CIRCUIT, "$Agent-Information" }, 515 { TAG_AGENT_REMOTE, "bARMT" }, 516 { TAG_TZ_STRING, "aTZSTR" }, 517 { TAG_FQDN_OPTION, "bFQDNS" }, /* XXX 'b' */ 518 { TAG_AUTH, "bAUTH" }, /* XXX 'b' */ 519 { TAG_CLIENT_LAST_TRANSACTION_TIME, "LLast-Transaction-Time" }, 520 { TAG_ASSOCIATED_IP, "iAssociated-IP" }, 521 { TAG_CLIENT_ARCH, "sARCH" }, 522 { TAG_CLIENT_NDI, "bNDI" }, /* XXX 'b' */ 523 { TAG_CLIENT_GUID, "bGUID" }, /* XXX 'b' */ 524 { TAG_LDAP_URL, "aLDAP" }, 525 { TAG_TZ_PCODE, "aPOSIX-TZ" }, 526 { TAG_TZ_TCODE, "aTZ-Name" }, 527 { TAG_NETINFO_PARENT, "iNI" }, 528 { TAG_NETINFO_PARENT_TAG, "aNITAG" }, 529 { TAG_URL, "aURL" }, 530 { TAG_MUDURL, "aMUD-URL" }, 531 { 0, NULL } 532 }; 533 534 /* DHCP "options overload" types */ 535 static const struct tok oo2str[] = { 536 { 1, "file" }, 537 { 2, "sname" }, 538 { 3, "file+sname" }, 539 { 0, NULL } 540 }; 541 542 /* NETBIOS over TCP/IP node type options */ 543 static const struct tok nbo2str[] = { 544 { 0x1, "b-node" }, 545 { 0x2, "p-node" }, 546 { 0x4, "m-node" }, 547 { 0x8, "h-node" }, 548 { 0, NULL } 549 }; 550 551 /* ARP Hardware types, for Client-ID option */ 552 static const struct tok arp2str[] = { 553 { 0x1, "ether" }, 554 { 0x6, "ieee802" }, 555 { 0x7, "arcnet" }, 556 { 0xf, "frelay" }, 557 { 0x17, "strip" }, 558 { 0x18, "ieee1394" }, 559 { 0, NULL } 560 }; 561 562 static const struct tok dhcp_msg_values[] = { 563 { DHCPDISCOVER, "Discover" }, 564 { DHCPOFFER, "Offer" }, 565 { DHCPREQUEST, "Request" }, 566 { DHCPDECLINE, "Decline" }, 567 { DHCPACK, "ACK" }, 568 { DHCPNAK, "NACK" }, 569 { DHCPRELEASE, "Release" }, 570 { DHCPINFORM, "Inform" }, 571 { DHCPLEASEQUERY, "LeaseQuery" }, 572 { DHCPLEASEUNASSIGNED, "LeaseUnassigned" }, 573 { DHCPLEASEUNKNOWN, "LeaseUnknown" }, 574 { DHCPLEASEACTIVE, "LeaseActive" }, 575 { 0, NULL } 576 }; 577 578 #define AGENT_SUBOPTION_CIRCUIT_ID 1 /* RFC 3046 */ 579 #define AGENT_SUBOPTION_REMOTE_ID 2 /* RFC 3046 */ 580 #define AGENT_SUBOPTION_SUBSCRIBER_ID 6 /* RFC 3993 */ 581 static const struct tok agent_suboption_values[] = { 582 { AGENT_SUBOPTION_CIRCUIT_ID, "Circuit-ID" }, 583 { AGENT_SUBOPTION_REMOTE_ID, "Remote-ID" }, 584 { AGENT_SUBOPTION_SUBSCRIBER_ID, "Subscriber-ID" }, 585 { 0, NULL } 586 }; 587 588 589 static void 590 rfc1048_print(netdissect_options *ndo, 591 const u_char *bp) 592 { 593 uint16_t tag; 594 u_int len; 595 const char *cp; 596 char c; 597 int first, idx; 598 uint8_t subopt, suboptlen; 599 600 ND_PRINT("\n\t Vendor-rfc1048 Extensions"); 601 602 /* Step over magic cookie */ 603 ND_PRINT("\n\t Magic Cookie 0x%08x", GET_BE_U_4(bp)); 604 bp += sizeof(int32_t); 605 606 /* Loop while we there is a tag left in the buffer */ 607 while (ND_TTEST_1(bp)) { 608 tag = GET_U_1(bp); 609 bp++; 610 if (tag == TAG_PAD && ndo->ndo_vflag < 3) 611 continue; 612 if (tag == TAG_END && ndo->ndo_vflag < 3) 613 return; 614 cp = tok2str(tag2str, "?Unknown", tag); 615 c = *cp++; 616 617 if (tag == TAG_PAD || tag == TAG_END) 618 len = 0; 619 else { 620 /* Get the length; check for truncation */ 621 len = GET_U_1(bp); 622 bp++; 623 } 624 625 ND_PRINT("\n\t %s (%u), length %u%s", cp, tag, len, 626 len > 0 ? ": " : ""); 627 628 if (tag == TAG_PAD && ndo->ndo_vflag > 2) { 629 u_int ntag = 1; 630 while (ND_TTEST_1(bp) && 631 GET_U_1(bp) == TAG_PAD) { 632 bp++; 633 ntag++; 634 } 635 if (ntag > 1) 636 ND_PRINT(", occurs %u", ntag); 637 } 638 639 ND_TCHECK_LEN(bp, len); 640 641 if (tag == TAG_DHCP_MESSAGE && len == 1) { 642 ND_PRINT("%s", 643 tok2str(dhcp_msg_values, "Unknown (%u)", GET_U_1(bp))); 644 bp++; 645 continue; 646 } 647 648 if (tag == TAG_PARM_REQUEST) { 649 idx = 0; 650 while (len > 0) { 651 uint8_t innertag = GET_U_1(bp); 652 bp++; 653 len--; 654 cp = tok2str(tag2str, "?Unknown", innertag); 655 if (idx % 4 == 0) 656 ND_PRINT("\n\t "); 657 else 658 ND_PRINT(", "); 659 ND_PRINT("%s (%u)", cp + 1, innertag); 660 idx++; 661 } 662 continue; 663 } 664 665 /* Print data */ 666 if (c == '?') { 667 /* Base default formats for unknown tags on data size */ 668 if (len & 1) 669 c = 'b'; 670 else if (len & 2) 671 c = 's'; 672 else 673 c = 'l'; 674 } 675 first = 1; 676 switch (c) { 677 678 case 'a': 679 /* ASCII strings */ 680 ND_PRINT("\""); 681 if (nd_printn(ndo, bp, len, ndo->ndo_snapend)) { 682 ND_PRINT("\""); 683 goto trunc; 684 } 685 ND_PRINT("\""); 686 bp += len; 687 len = 0; 688 break; 689 690 case 'i': 691 case 'l': 692 case 'L': 693 /* ip addresses/32-bit words */ 694 while (len >= 4) { 695 if (!first) 696 ND_PRINT(","); 697 if (c == 'i') 698 ND_PRINT("%s", GET_IPADDR_STRING(bp)); 699 else if (c == 'L') 700 ND_PRINT("%d", GET_BE_S_4(bp)); 701 else 702 ND_PRINT("%u", GET_BE_U_4(bp)); 703 bp += 4; 704 len -= 4; 705 first = 0; 706 } 707 break; 708 709 case 'p': 710 /* IP address pairs */ 711 while (len >= 2*4) { 712 if (!first) 713 ND_PRINT(","); 714 ND_PRINT("(%s:", GET_IPADDR_STRING(bp)); 715 bp += 4; 716 len -= 4; 717 ND_PRINT("%s)", GET_IPADDR_STRING(bp)); 718 bp += 4; 719 len -= 4; 720 first = 0; 721 } 722 break; 723 724 case 's': 725 /* shorts */ 726 while (len >= 2) { 727 if (!first) 728 ND_PRINT(","); 729 ND_PRINT("%u", GET_BE_U_2(bp)); 730 bp += 2; 731 len -= 2; 732 first = 0; 733 } 734 break; 735 736 case 'B': 737 /* boolean */ 738 while (len > 0) { 739 uint8_t bool_value; 740 if (!first) 741 ND_PRINT(","); 742 bool_value = GET_U_1(bp); 743 switch (bool_value) { 744 case 0: 745 ND_PRINT("N"); 746 break; 747 case 1: 748 ND_PRINT("Y"); 749 break; 750 default: 751 ND_PRINT("%u?", bool_value); 752 break; 753 } 754 ++bp; 755 --len; 756 first = 0; 757 } 758 break; 759 760 case 'b': 761 case 'x': 762 default: 763 /* Bytes */ 764 while (len > 0) { 765 uint8_t byte_value; 766 if (!first) 767 ND_PRINT(c == 'x' ? ":" : "."); 768 byte_value = GET_U_1(bp); 769 if (c == 'x') 770 ND_PRINT("%02x", byte_value); 771 else 772 ND_PRINT("%u", byte_value); 773 ++bp; 774 --len; 775 first = 0; 776 } 777 break; 778 779 case '$': 780 /* Guys we can't handle with one of the usual cases */ 781 switch (tag) { 782 783 case TAG_NETBIOS_NODE: 784 /* this option should be at least 1 byte long */ 785 if (len < 1) { 786 ND_PRINT("[ERROR: length < 1 bytes]"); 787 break; 788 } 789 tag = GET_U_1(bp); 790 ++bp; 791 --len; 792 ND_PRINT("%s", tok2str(nbo2str, NULL, tag)); 793 break; 794 795 case TAG_OPT_OVERLOAD: 796 /* this option should be at least 1 byte long */ 797 if (len < 1) { 798 ND_PRINT("[ERROR: length < 1 bytes]"); 799 break; 800 } 801 tag = GET_U_1(bp); 802 ++bp; 803 --len; 804 ND_PRINT("%s", tok2str(oo2str, NULL, tag)); 805 break; 806 807 case TAG_CLIENT_FQDN: 808 /* this option should be at least 3 bytes long */ 809 if (len < 3) { 810 ND_PRINT("[ERROR: length < 3 bytes]"); 811 bp += len; 812 len = 0; 813 break; 814 } 815 if (GET_U_1(bp) & 0xf0) { 816 ND_PRINT("[ERROR: MBZ nibble 0x%x != 0] ", 817 (GET_U_1(bp) & 0xf0) >> 4); 818 } 819 if (GET_U_1(bp) & 0x0f) 820 ND_PRINT("[%s] ", 821 client_fqdn_flags(GET_U_1(bp))); 822 bp++; 823 if (GET_U_1(bp) || GET_U_1(bp + 1)) 824 ND_PRINT("%u/%u ", GET_U_1(bp), 825 GET_U_1(bp + 1)); 826 bp += 2; 827 ND_PRINT("\""); 828 if (nd_printn(ndo, bp, len - 3, ndo->ndo_snapend)) { 829 ND_PRINT("\""); 830 goto trunc; 831 } 832 ND_PRINT("\""); 833 bp += len - 3; 834 len = 0; 835 break; 836 837 case TAG_CLIENT_ID: 838 { 839 int type; 840 841 /* this option should be at least 1 byte long */ 842 if (len < 1) { 843 ND_PRINT("[ERROR: length < 1 bytes]"); 844 break; 845 } 846 type = GET_U_1(bp); 847 bp++; 848 len--; 849 if (type == 0) { 850 ND_PRINT("\""); 851 if (nd_printn(ndo, bp, len, ndo->ndo_snapend)) { 852 ND_PRINT("\""); 853 goto trunc; 854 } 855 ND_PRINT("\""); 856 bp += len; 857 len = 0; 858 break; 859 } else { 860 ND_PRINT("%s ", tok2str(arp2str, "hardware-type %u,", type)); 861 while (len > 0) { 862 if (!first) 863 ND_PRINT(":"); 864 ND_PRINT("%02x", GET_U_1(bp)); 865 ++bp; 866 --len; 867 first = 0; 868 } 869 } 870 break; 871 } 872 873 case TAG_AGENT_CIRCUIT: 874 while (len >= 2) { 875 subopt = GET_U_1(bp); 876 suboptlen = GET_U_1(bp + 1); 877 bp += 2; 878 len -= 2; 879 if (suboptlen > len) { 880 ND_PRINT("\n\t %s SubOption %u, length %u: length goes past end of option", 881 tok2str(agent_suboption_values, "Unknown", subopt), 882 subopt, 883 suboptlen); 884 bp += len; 885 len = 0; 886 break; 887 } 888 ND_PRINT("\n\t %s SubOption %u, length %u: ", 889 tok2str(agent_suboption_values, "Unknown", subopt), 890 subopt, 891 suboptlen); 892 switch (subopt) { 893 894 case AGENT_SUBOPTION_CIRCUIT_ID: /* fall through */ 895 case AGENT_SUBOPTION_REMOTE_ID: 896 case AGENT_SUBOPTION_SUBSCRIBER_ID: 897 if (nd_printn(ndo, bp, suboptlen, ndo->ndo_snapend)) 898 goto trunc; 899 break; 900 901 default: 902 print_unknown_data(ndo, bp, "\n\t\t", suboptlen); 903 } 904 905 len -= suboptlen; 906 bp += suboptlen; 907 } 908 break; 909 910 case TAG_CLASSLESS_STATIC_RT: 911 case TAG_CLASSLESS_STA_RT_MS: 912 { 913 u_int mask_width, significant_octets, i; 914 915 /* this option should be at least 5 bytes long */ 916 if (len < 5) { 917 ND_PRINT("[ERROR: length < 5 bytes]"); 918 bp += len; 919 len = 0; 920 break; 921 } 922 while (len > 0) { 923 if (!first) 924 ND_PRINT(","); 925 mask_width = GET_U_1(bp); 926 bp++; 927 len--; 928 /* mask_width <= 32 */ 929 if (mask_width > 32) { 930 ND_PRINT("[ERROR: Mask width (%u) > 32]", mask_width); 931 bp += len; 932 len = 0; 933 break; 934 } 935 significant_octets = (mask_width + 7) / 8; 936 /* significant octets + router(4) */ 937 if (len < significant_octets + 4) { 938 ND_PRINT("[ERROR: Remaining length (%u) < %u bytes]", len, significant_octets + 4); 939 bp += len; 940 len = 0; 941 break; 942 } 943 ND_PRINT("("); 944 if (mask_width == 0) 945 ND_PRINT("default"); 946 else { 947 for (i = 0; i < significant_octets ; i++) { 948 if (i > 0) 949 ND_PRINT("."); 950 ND_PRINT("%u", 951 GET_U_1(bp)); 952 bp++; 953 } 954 for (i = significant_octets ; i < 4 ; i++) 955 ND_PRINT(".0"); 956 ND_PRINT("/%u", mask_width); 957 } 958 ND_PRINT(":%s)", GET_IPADDR_STRING(bp)); 959 bp += 4; 960 len -= (significant_octets + 4); 961 first = 0; 962 } 963 break; 964 } 965 966 case TAG_USER_CLASS: 967 { 968 u_int suboptnumber = 1; 969 970 first = 1; 971 if (len < 2) { 972 ND_PRINT("[ERROR: length < 2 bytes]"); 973 bp += len; 974 len = 0; 975 break; 976 } 977 while (len > 0) { 978 suboptlen = GET_U_1(bp); 979 bp++; 980 len--; 981 ND_PRINT("\n\t "); 982 ND_PRINT("instance#%u: ", suboptnumber); 983 if (suboptlen == 0) { 984 ND_PRINT("[ERROR: suboption length must be non-zero]"); 985 bp += len; 986 len = 0; 987 break; 988 } 989 if (len < suboptlen) { 990 ND_PRINT("[ERROR: invalid option]"); 991 bp += len; 992 len = 0; 993 break; 994 } 995 ND_PRINT("\""); 996 if (nd_printn(ndo, bp, suboptlen, ndo->ndo_snapend)) { 997 ND_PRINT("\""); 998 goto trunc; 999 } 1000 ND_PRINT("\""); 1001 ND_PRINT(", length %u", suboptlen); 1002 suboptnumber++; 1003 len -= suboptlen; 1004 bp += suboptlen; 1005 } 1006 break; 1007 } 1008 1009 1010 case TAG_SZTP_REDIRECT: 1011 /* as per https://datatracker.ietf.org/doc/html/rfc8572#section-8.3 1012 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ 1013 | uri-length | URI | 1014 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ 1015 1016 * uri-length: 2 octets long; specifies the length of the URI data. 1017 * URI: URI of the SZTP bootstrap server. 1018 */ 1019 while (len >= 2) { 1020 suboptlen = GET_BE_U_2(bp); 1021 bp += 2; 1022 len -= 2; 1023 ND_PRINT("\n\t "); 1024 ND_PRINT("length %u: ", suboptlen); 1025 if (len < suboptlen) { 1026 ND_PRINT("length goes past end of option"); 1027 bp += len; 1028 len = 0; 1029 break; 1030 } 1031 ND_PRINT("\""); 1032 nd_printjn(ndo, bp, suboptlen); 1033 ND_PRINT("\""); 1034 len -= suboptlen; 1035 bp += suboptlen; 1036 } 1037 if (len != 0) { 1038 ND_PRINT("[ERROR: length < 2 bytes]"); 1039 } 1040 break; 1041 1042 default: 1043 ND_PRINT("[unknown special tag %u, size %u]", 1044 tag, len); 1045 bp += len; 1046 len = 0; 1047 break; 1048 } 1049 break; 1050 } 1051 /* Data left over? */ 1052 if (len) { 1053 ND_PRINT("\n\t trailing data length %u", len); 1054 bp += len; 1055 } 1056 } 1057 return; 1058 trunc: 1059 nd_print_trunc(ndo); 1060 } 1061 1062 #define PRINTCMUADDR(m, s) { ND_TCHECK_4(cmu->m); \ 1063 if (GET_IPV4_TO_NETWORK_ORDER(cmu->m) != 0) \ 1064 ND_PRINT(" %s:%s", s, GET_IPADDR_STRING(cmu->m)); } 1065 1066 static void 1067 cmu_print(netdissect_options *ndo, 1068 const u_char *bp) 1069 { 1070 const struct cmu_vend *cmu; 1071 uint8_t v_flags; 1072 1073 ND_PRINT(" vend-cmu"); 1074 cmu = (const struct cmu_vend *)bp; 1075 1076 /* Only print if there are unknown bits */ 1077 ND_TCHECK_4(cmu->v_flags); 1078 v_flags = GET_U_1(cmu->v_flags); 1079 if ((v_flags & ~(VF_SMASK)) != 0) 1080 ND_PRINT(" F:0x%x", v_flags); 1081 PRINTCMUADDR(v_dgate, "DG"); 1082 PRINTCMUADDR(v_smask, v_flags & VF_SMASK ? "SM" : "SM*"); 1083 PRINTCMUADDR(v_dns1, "NS1"); 1084 PRINTCMUADDR(v_dns2, "NS2"); 1085 PRINTCMUADDR(v_ins1, "IEN1"); 1086 PRINTCMUADDR(v_ins2, "IEN2"); 1087 PRINTCMUADDR(v_ts1, "TS1"); 1088 PRINTCMUADDR(v_ts2, "TS2"); 1089 return; 1090 1091 trunc: 1092 nd_print_trunc(ndo); 1093 } 1094 1095 #undef PRINTCMUADDR 1096 1097 static char * 1098 client_fqdn_flags(u_int flags) 1099 { 1100 static char buf[8+1]; 1101 int i = 0; 1102 1103 if (flags & CLIENT_FQDN_FLAGS_S) 1104 buf[i++] = 'S'; 1105 if (flags & CLIENT_FQDN_FLAGS_O) 1106 buf[i++] = 'O'; 1107 if (flags & CLIENT_FQDN_FLAGS_E) 1108 buf[i++] = 'E'; 1109 if (flags & CLIENT_FQDN_FLAGS_N) 1110 buf[i++] = 'N'; 1111 buf[i] = '\0'; 1112 1113 return buf; 1114 } 1115