1 /* 2 * Copyright (c) 1998-2007 The TCPDUMP project 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that: (1) source code 6 * distributions retain the above copyright notice and this paragraph 7 * in its entirety, and (2) distributions including binary code include 8 * the above copyright notice and this paragraph in its entirety in 9 * the documentation or other materials provided with the distribution. 10 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 11 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 12 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 13 * FOR A PARTICULAR PURPOSE. 14 * 15 * Reference documentation: 16 * https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html 17 * https://docstore.mik.ua/univercd/cc/td/doc/product/lan/trsrb/frames.htm 18 * 19 * Original code ode by Carles Kishimoto <carles.kishimoto@gmail.com> 20 */ 21 22 #include <sys/cdefs.h> 23 #ifndef lint 24 __RCSID("$NetBSD: print-vtp.c,v 1.6 2023/08/17 20:19:40 christos Exp $"); 25 #endif 26 27 /* \summary: Cisco VLAN Trunking Protocol (VTP) printer */ 28 29 #ifdef HAVE_CONFIG_H 30 #include <config.h> 31 #endif 32 33 #include "netdissect-stdinc.h" 34 35 #define ND_LONGJMP_FROM_TCHECK 36 #include "netdissect.h" 37 #include "addrtoname.h" 38 #include "extract.h" 39 40 #define VTP_HEADER_LEN 36 41 #define VTP_DOMAIN_NAME_LEN 32 42 #define VTP_MD5_DIGEST_LEN 16 43 #define VTP_UPDATE_TIMESTAMP_LEN 12 44 #define VTP_VLAN_INFO_FIXED_PART_LEN 12 /* length of VLAN info before VLAN name */ 45 46 #define VTP_SUMMARY_ADV 0x01 47 #define VTP_SUBSET_ADV 0x02 48 #define VTP_ADV_REQUEST 0x03 49 #define VTP_JOIN_MESSAGE 0x04 50 51 struct vtp_vlan_ { 52 nd_uint8_t len; 53 nd_uint8_t status; 54 nd_uint8_t type; 55 nd_uint8_t name_len; 56 nd_uint16_t vlanid; 57 nd_uint16_t mtu; 58 nd_uint32_t index; 59 }; 60 61 static const struct tok vtp_message_type_values[] = { 62 { VTP_SUMMARY_ADV, "Summary advertisement"}, 63 { VTP_SUBSET_ADV, "Subset advertisement"}, 64 { VTP_ADV_REQUEST, "Advertisement request"}, 65 { VTP_JOIN_MESSAGE, "Join message"}, 66 { 0, NULL } 67 }; 68 69 static const struct tok vtp_header_values[] = { 70 { 0x01, "Followers"}, /* On Summary advertisement, 3rd byte is Followers */ 71 { 0x02, "Seq number"}, /* On Subset advertisement, 3rd byte is Sequence number */ 72 { 0x03, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ 73 { 0x04, "Rsvd"}, /* On Adver. requests 3rd byte is Rsvd */ 74 { 0, NULL } 75 }; 76 77 static const struct tok vtp_vlan_type_values[] = { 78 { 0x01, "Ethernet"}, 79 { 0x02, "FDDI"}, 80 { 0x03, "TrCRF"}, 81 { 0x04, "FDDI-net"}, 82 { 0x05, "TrBRF"}, 83 { 0, NULL } 84 }; 85 86 static const struct tok vtp_vlan_status[] = { 87 { 0x00, "Operational"}, 88 { 0x01, "Suspended"}, 89 { 0, NULL } 90 }; 91 92 #define VTP_VLAN_SOURCE_ROUTING_RING_NUMBER 0x01 93 #define VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER 0x02 94 #define VTP_VLAN_STP_TYPE 0x03 95 #define VTP_VLAN_PARENT_VLAN 0x04 96 #define VTP_VLAN_TRANS_BRIDGED_VLAN 0x05 97 #define VTP_VLAN_PRUNING 0x06 98 #define VTP_VLAN_BRIDGE_TYPE 0x07 99 #define VTP_VLAN_ARP_HOP_COUNT 0x08 100 #define VTP_VLAN_STE_HOP_COUNT 0x09 101 #define VTP_VLAN_BACKUP_CRF_MODE 0x0A 102 103 static const struct tok vtp_vlan_tlv_values[] = { 104 { VTP_VLAN_SOURCE_ROUTING_RING_NUMBER, "Source-Routing Ring Number TLV"}, 105 { VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER, "Source-Routing Bridge Number TLV"}, 106 { VTP_VLAN_STP_TYPE, "STP type TLV"}, 107 { VTP_VLAN_PARENT_VLAN, "Parent VLAN TLV"}, 108 { VTP_VLAN_TRANS_BRIDGED_VLAN, "Translationally bridged VLANs TLV"}, 109 { VTP_VLAN_PRUNING, "Pruning TLV"}, 110 { VTP_VLAN_BRIDGE_TYPE, "Bridge Type TLV"}, 111 { VTP_VLAN_ARP_HOP_COUNT, "Max ARP Hop Count TLV"}, 112 { VTP_VLAN_STE_HOP_COUNT, "Max STE Hop Count TLV"}, 113 { VTP_VLAN_BACKUP_CRF_MODE, "Backup CRF Mode TLV"}, 114 { 0, NULL } 115 }; 116 117 static const struct tok vtp_stp_type_values[] = { 118 { 1, "SRT"}, 119 { 2, "SRB"}, 120 { 3, "Auto"}, 121 { 0, NULL } 122 }; 123 124 void 125 vtp_print(netdissect_options *ndo, 126 const u_char *pptr, const u_int length) 127 { 128 u_int type, len, name_len, tlv_len, tlv_value, mgmtd_len; 129 const u_char *tptr; 130 const struct vtp_vlan_ *vtp_vlan; 131 132 ndo->ndo_protocol = "vtp"; 133 if (length < VTP_HEADER_LEN) 134 goto invalid; 135 136 tptr = pptr; 137 138 ND_TCHECK_LEN(tptr, VTP_HEADER_LEN); 139 140 type = GET_U_1(tptr + 1); 141 ND_PRINT("VTPv%u, Message %s (0x%02x), length %u", 142 GET_U_1(tptr), 143 tok2str(vtp_message_type_values,"Unknown message type", type), 144 type, 145 length); 146 147 /* In non-verbose mode, just print version and message type */ 148 if (ndo->ndo_vflag < 1) { 149 goto tcheck_full_packet; 150 } 151 152 /* verbose mode print all fields */ 153 ND_PRINT("\n\tDomain name: "); 154 mgmtd_len = GET_U_1(tptr + 3); 155 if (mgmtd_len < 1 || mgmtd_len > VTP_DOMAIN_NAME_LEN) { 156 ND_PRINT(" [invalid MgmtD Len %u]", mgmtd_len); 157 goto invalid; 158 } 159 nd_printjnp(ndo, tptr + 4, mgmtd_len); 160 ND_PRINT(", %s: %u", 161 tok2str(vtp_header_values, "Unknown", type), 162 GET_U_1(tptr + 2)); 163 164 tptr += VTP_HEADER_LEN; 165 166 switch (type) { 167 168 case VTP_SUMMARY_ADV: 169 170 /* 171 * SUMMARY ADVERTISEMENT 172 * 173 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 174 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 * | Version | Code | Followers | MgmtD Len | 176 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 * | Management Domain Name (zero-padded to 32 bytes) | 178 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 179 * | Configuration revision number | 180 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 * | Updater Identity IP address | 182 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 * | Update Timestamp (12 bytes) | 184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 * | MD5 digest (16 bytes) | 186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 * 188 */ 189 190 ND_PRINT("\n\t Config Rev %x, Updater %s", 191 GET_BE_U_4(tptr), 192 GET_IPADDR_STRING(tptr+4)); 193 tptr += 8; 194 ND_PRINT(", Timestamp 0x%08x 0x%08x 0x%08x", 195 GET_BE_U_4(tptr), 196 GET_BE_U_4(tptr + 4), 197 GET_BE_U_4(tptr + 8)); 198 tptr += VTP_UPDATE_TIMESTAMP_LEN; 199 ND_PRINT(", MD5 digest: %08x%08x%08x%08x", 200 GET_BE_U_4(tptr), 201 GET_BE_U_4(tptr + 4), 202 GET_BE_U_4(tptr + 8), 203 GET_BE_U_4(tptr + 12)); 204 tptr += VTP_MD5_DIGEST_LEN; 205 break; 206 207 case VTP_SUBSET_ADV: 208 209 /* 210 * SUBSET ADVERTISEMENT 211 * 212 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 213 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 * | Version | Code | Seq number | MgmtD Len | 215 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 * | Management Domain Name (zero-padded to 32 bytes) | 217 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 * | Configuration revision number | 219 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 * | VLAN info field 1 | 221 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 * | ................ | 223 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 * | VLAN info field N | 225 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 * 227 */ 228 229 ND_PRINT(", Config Rev %x", GET_BE_U_4(tptr)); 230 231 /* 232 * VLAN INFORMATION 233 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 234 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 235 * | V info len | Status | VLAN type | VLAN name len | 236 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 * | ISL vlan id | MTU size | 238 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 * | 802.10 index (SAID) | 240 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 * | VLAN name | 242 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 * 244 */ 245 246 tptr += 4; 247 while ((unsigned)(tptr - pptr) < length) { 248 249 len = GET_U_1(tptr); 250 if (len == 0) 251 break; 252 253 ND_TCHECK_LEN(tptr, len); 254 255 vtp_vlan = (const struct vtp_vlan_*)tptr; 256 if (len < VTP_VLAN_INFO_FIXED_PART_LEN) 257 goto invalid; 258 ND_PRINT("\n\tVLAN info status %s, type %s, VLAN-id %u, MTU %u, SAID 0x%08x, Name ", 259 tok2str(vtp_vlan_status,"Unknown",GET_U_1(vtp_vlan->status)), 260 tok2str(vtp_vlan_type_values,"Unknown",GET_U_1(vtp_vlan->type)), 261 GET_BE_U_2(vtp_vlan->vlanid), 262 GET_BE_U_2(vtp_vlan->mtu), 263 GET_BE_U_4(vtp_vlan->index)); 264 len -= VTP_VLAN_INFO_FIXED_PART_LEN; 265 tptr += VTP_VLAN_INFO_FIXED_PART_LEN; 266 name_len = GET_U_1(vtp_vlan->name_len); 267 if (len < 4*((name_len + 3)/4)) 268 goto invalid; 269 nd_printjnp(ndo, tptr, name_len); 270 271 /* 272 * Vlan names are aligned to 32-bit boundaries. 273 */ 274 len -= 4*((name_len + 3)/4); 275 tptr += 4*((name_len + 3)/4); 276 277 /* TLV information follows */ 278 279 while (len > 0) { 280 281 /* 282 * Cisco specs say 2 bytes for type + 2 bytes for length; 283 * see https://docstore.mik.ua/univercd/cc/td/doc/product/lan/trsrb/frames.htm 284 * However, actual packets on the wire appear to use 1 285 * byte for the type and 1 byte for the length, so that's 286 * what we do. 287 */ 288 if (len < 2) 289 goto invalid; 290 type = GET_U_1(tptr); 291 tlv_len = GET_U_1(tptr + 1); 292 293 ND_PRINT("\n\t\t%s (0x%04x) TLV", 294 tok2str(vtp_vlan_tlv_values, "Unknown", type), 295 type); 296 297 if (len < tlv_len * 2 + 2) { 298 ND_PRINT(" (TLV goes past the end of the packet)"); 299 goto invalid; 300 } 301 ND_TCHECK_LEN(tptr, tlv_len * 2 + 2); 302 303 /* 304 * We assume the value is a 2-byte integer; the length is 305 * in units of 16-bit words. 306 */ 307 if (tlv_len != 1) { 308 ND_PRINT(" (invalid TLV length %u != 1)", tlv_len); 309 goto invalid; 310 } else { 311 tlv_value = GET_BE_U_2(tptr + 2); 312 313 switch (type) { 314 case VTP_VLAN_STE_HOP_COUNT: 315 ND_PRINT(", %u", tlv_value); 316 break; 317 318 case VTP_VLAN_PRUNING: 319 ND_PRINT(", %s (%u)", 320 tlv_value == 1 ? "Enabled" : "Disabled", 321 tlv_value); 322 break; 323 324 case VTP_VLAN_STP_TYPE: 325 ND_PRINT(", %s (%u)", 326 tok2str(vtp_stp_type_values, "Unknown", tlv_value), 327 tlv_value); 328 break; 329 330 case VTP_VLAN_BRIDGE_TYPE: 331 ND_PRINT(", %s (%u)", 332 tlv_value == 1 ? "SRB" : "SRT", 333 tlv_value); 334 break; 335 336 case VTP_VLAN_BACKUP_CRF_MODE: 337 ND_PRINT(", %s (%u)", 338 tlv_value == 1 ? "Backup" : "Not backup", 339 tlv_value); 340 break; 341 342 /* 343 * FIXME those are the defined TLVs that lack a decoder 344 * you are welcome to contribute code ;-) 345 */ 346 347 case VTP_VLAN_SOURCE_ROUTING_RING_NUMBER: 348 case VTP_VLAN_SOURCE_ROUTING_BRIDGE_NUMBER: 349 case VTP_VLAN_PARENT_VLAN: 350 case VTP_VLAN_TRANS_BRIDGED_VLAN: 351 case VTP_VLAN_ARP_HOP_COUNT: 352 default: 353 print_unknown_data(ndo, tptr, "\n\t\t ", 2 + tlv_len*2); 354 break; 355 } 356 } 357 len -= 2 + tlv_len*2; 358 tptr += 2 + tlv_len*2; 359 } 360 } 361 break; 362 363 case VTP_ADV_REQUEST: 364 365 /* 366 * ADVERTISEMENT REQUEST 367 * 368 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 369 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 370 * | Version | Code | Reserved | MgmtD Len | 371 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 372 * | Management Domain Name (zero-padded to 32 bytes) | 373 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 374 * | Start value | 375 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 376 * 377 */ 378 379 ND_PRINT("\n\tStart value: %u", GET_BE_U_4(tptr)); 380 break; 381 382 case VTP_JOIN_MESSAGE: 383 384 /* FIXME - Could not find message format */ 385 break; 386 387 default: 388 break; 389 } 390 391 return; 392 393 invalid: 394 nd_print_invalid(ndo); 395 tcheck_full_packet: 396 ND_TCHECK_LEN(pptr, length); 397 } 398