2000-10-26 09:14:28 +00:00
|
|
|
/* packet-igrp.c
|
|
|
|
* Routines for IGRP dissection
|
|
|
|
* Copyright 2000, Paul Ionescu <paul@acorp.ro>
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2009-05-17 22:25:13 +00:00
|
|
|
* See
|
|
|
|
*
|
|
|
|
* http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a00800c8ae1.shtml
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-10-26 09:14:28 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2000-10-26 09:14:28 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* Copied from packet-syslog.c
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-26 09:14:28 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-26 09:14:28 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-26 09:14:28 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2000-10-26 09:14:28 +00:00
|
|
|
*/
|
|
|
|
|
2012-09-20 02:03:38 +00:00
|
|
|
#include "config.h"
|
2000-10-26 09:14:28 +00:00
|
|
|
|
|
|
|
#include <glib.h>
|
2012-05-15 19:23:35 +00:00
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2004-09-29 00:52:45 +00:00
|
|
|
#include <epan/ipproto.h>
|
2000-10-26 09:14:28 +00:00
|
|
|
|
|
|
|
#define IGRP_HEADER_LENGTH 12
|
|
|
|
#define IGRP_ENTRY_LENGTH 14
|
|
|
|
|
|
|
|
static gint proto_igrp = -1;
|
|
|
|
static gint hf_igrp_update = -1;
|
|
|
|
static gint hf_igrp_as = -1;
|
|
|
|
|
|
|
|
static gint ett_igrp = -1;
|
|
|
|
static gint ett_igrp_vektor = -1;
|
|
|
|
static gint ett_igrp_net = -1;
|
|
|
|
|
|
|
|
static void dissect_vektor_igrp (tvbuff_t *tvb, proto_tree *igrp_vektor_tree, guint8 network);
|
|
|
|
|
|
|
|
static void dissect_igrp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
2009-05-18 00:27:44 +00:00
|
|
|
guint8 ver_and_opcode,version,opcode,network;
|
2000-10-26 09:14:28 +00:00
|
|
|
gint offset=IGRP_HEADER_LENGTH;
|
2009-05-18 00:27:44 +00:00
|
|
|
guint16 ninterior,nsystem,nexterior;
|
2007-04-26 00:01:29 +00:00
|
|
|
const guint8 *ipsrc;
|
2000-10-26 09:14:28 +00:00
|
|
|
proto_item *ti;
|
|
|
|
proto_tree *igrp_tree, *igrp_vektor_tree;
|
2002-08-28 21:04:11 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "IGRP");
|
2009-08-09 07:36:13 +00:00
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-10-26 09:14:28 +00:00
|
|
|
ver_and_opcode = tvb_get_guint8(tvb,0);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
2000-10-26 09:14:28 +00:00
|
|
|
switch (ver_and_opcode) {
|
|
|
|
case 0x11:
|
2007-10-23 05:50:00 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "Response" );
|
2000-10-26 09:14:28 +00:00
|
|
|
break;
|
|
|
|
case 0x12:
|
2007-10-23 05:50:00 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "Request" );
|
2000-10-26 09:14:28 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
default:
|
2007-10-23 05:50:00 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "Unknown version or opcode");
|
2000-10-26 09:14:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-10-26 09:14:28 +00:00
|
|
|
if (tree) {
|
2009-05-18 00:27:44 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_igrp, tvb, 0, -1,
|
|
|
|
"Cisco IGRP");
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
igrp_tree = proto_item_add_subtree(ti, ett_igrp);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
version = (ver_and_opcode&0xf0)>>4 ; /* version is the fist half of the byte */
|
|
|
|
opcode = ver_and_opcode&0x0f ; /* opcode is the last half of the byte */
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
proto_tree_add_text(igrp_tree, tvb, 0,1,"IGRP Version : %d %s",version,(version==1?" ":" - Unknown Version, The dissection may be inaccurate"));
|
|
|
|
proto_tree_add_text(igrp_tree, tvb, 0,1,"Command : %d %s",opcode,(opcode==1?"(Response)":"(Request)"));
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(igrp_tree, hf_igrp_update, tvb, 1,1, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(igrp_tree, hf_igrp_as, tvb, 2,2, ENC_BIG_ENDIAN);
|
2000-10-26 09:14:28 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
ninterior = tvb_get_ntohs(tvb,4);
|
|
|
|
nsystem = tvb_get_ntohs(tvb,6);
|
|
|
|
nexterior = tvb_get_ntohs(tvb,8);
|
2000-10-26 09:14:28 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
/* this is a ugly hack to find the first byte of the IP source address */
|
|
|
|
if (pinfo->net_src.type == AT_IPv4) {
|
2013-03-19 20:00:52 +00:00
|
|
|
ipsrc = (guint8 *)pinfo->net_src.data;
|
2007-04-26 00:01:29 +00:00
|
|
|
network = ipsrc[0];
|
2009-05-18 00:27:44 +00:00
|
|
|
} else
|
|
|
|
network = 0; /* XXX - shouldn't happen */
|
|
|
|
|
|
|
|
ti = proto_tree_add_text(igrp_tree, tvb, 4,2,"Interior routes : %d",ninterior);
|
|
|
|
for( ; ninterior>0 ; ninterior-- ) {
|
|
|
|
igrp_vektor_tree = proto_item_add_subtree(ti,ett_igrp_vektor);
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, IGRP_ENTRY_LENGTH, -1);
|
|
|
|
dissect_vektor_igrp (next_tvb,igrp_vektor_tree,network);
|
|
|
|
offset+=IGRP_ENTRY_LENGTH;
|
|
|
|
}
|
|
|
|
|
|
|
|
ti = proto_tree_add_text(igrp_tree, tvb, 6,2,"System routes : %d",nsystem);
|
|
|
|
for( ; nsystem>0 ; nsystem-- ) {
|
|
|
|
igrp_vektor_tree = proto_item_add_subtree(ti,ett_igrp_vektor);
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, IGRP_ENTRY_LENGTH, -1);
|
|
|
|
dissect_vektor_igrp (next_tvb,igrp_vektor_tree,0);
|
|
|
|
offset+=IGRP_ENTRY_LENGTH;
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
ti = proto_tree_add_text(igrp_tree, tvb, 8,2,"Exterior routes : %d",nexterior);
|
|
|
|
for( ; nexterior>0 ; nexterior-- ) {
|
|
|
|
igrp_vektor_tree = proto_item_add_subtree(ti,ett_igrp_vektor);
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, IGRP_ENTRY_LENGTH, -1);
|
|
|
|
dissect_vektor_igrp (next_tvb,igrp_vektor_tree,0);
|
|
|
|
offset+=IGRP_ENTRY_LENGTH;
|
|
|
|
}
|
2000-10-26 09:14:28 +00:00
|
|
|
|
2009-05-18 00:27:44 +00:00
|
|
|
proto_tree_add_text(igrp_tree, tvb, 10,2,"Checksum = 0x%4x",tvb_get_ntohs(tvb,10));
|
2000-10-26 09:14:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void dissect_vektor_igrp (tvbuff_t *tvb, proto_tree *igrp_vektor_tree, guint8 network)
|
|
|
|
{
|
|
|
|
proto_item *ti;
|
|
|
|
guint8 *ptr_addr,addr[5];
|
|
|
|
|
|
|
|
addr[0]=network;
|
|
|
|
addr[1]=tvb_get_guint8(tvb,0);
|
|
|
|
addr[2]=tvb_get_guint8(tvb,1);
|
|
|
|
addr[3]=tvb_get_guint8(tvb,2);
|
|
|
|
addr[4]=0;
|
|
|
|
|
|
|
|
ptr_addr=addr;
|
|
|
|
if (network==0) ptr_addr=&addr[1];
|
|
|
|
|
|
|
|
ti = proto_tree_add_text (igrp_vektor_tree, tvb, 0 ,14,
|
2002-08-28 21:04:11 +00:00
|
|
|
"Entry for network %s", ip_to_str(ptr_addr)) ;
|
2000-10-26 09:14:28 +00:00
|
|
|
igrp_vektor_tree = proto_item_add_subtree(ti,ett_igrp_net);
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 0 ,3,"Network = %s",ip_to_str(ptr_addr)) ;
|
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 3 ,3,"Delay = %d",tvb_get_ntoh24(tvb,3)) ;
|
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 6 ,3,"Bandwidth = %d",tvb_get_ntoh24(tvb,6)) ;
|
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 9 ,2,"MTU = %d bytes",tvb_get_ntohs(tvb,9)) ;
|
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 11,1,"Reliability = %d",tvb_get_guint8(tvb,11)) ;
|
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 12,1,"Load = %d",tvb_get_guint8(tvb,12)) ;
|
|
|
|
proto_tree_add_text (igrp_vektor_tree, tvb, 13,1,"Hop count = %d hops",tvb_get_guint8(tvb,13)) ;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2006-05-21 04:49:01 +00:00
|
|
|
/* Register the protocol with Wireshark */
|
2000-10-26 09:14:28 +00:00
|
|
|
void proto_register_igrp(void)
|
2002-08-28 21:04:11 +00:00
|
|
|
{
|
2000-10-26 09:14:28 +00:00
|
|
|
|
|
|
|
/* Setup list of header fields */
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
|
|
|
{ &hf_igrp_update,
|
|
|
|
{ "Update Release", "igrp.update",
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0 ,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Update Release number", HFILL }
|
2000-10-26 09:14:28 +00:00
|
|
|
},
|
|
|
|
{ &hf_igrp_as,
|
|
|
|
{ "Autonomous System", "igrp.as",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0 ,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Autonomous System number", HFILL }
|
2000-10-26 09:14:28 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Setup protocol subtree array */
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_igrp,
|
|
|
|
&ett_igrp_vektor,
|
|
|
|
&ett_igrp_net
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Register the protocol name and description */
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_igrp = proto_register_protocol("Cisco Interior Gateway Routing Protocol",
|
|
|
|
"IGRP", "igrp");
|
2000-10-26 09:14:28 +00:00
|
|
|
|
|
|
|
/* Required function calls to register the header fields and subtrees used */
|
|
|
|
proto_register_field_array(proto_igrp, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2003-12-21 05:51:34 +00:00
|
|
|
}
|
2000-10-26 09:14:28 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_igrp(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t igrp_handle;
|
|
|
|
|
|
|
|
igrp_handle = create_dissector_handle(dissect_igrp, proto_igrp);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("ip.proto", IP_PROTO_IGRP, igrp_handle);
|
2000-10-26 09:14:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* IGRP Packet structure:
|
|
|
|
|
|
|
|
HEADER structure + k * VECTOR structure
|
|
|
|
where: k = (Number of Interior routes) + (Number of System routes) + (Number of Exterior routes)
|
|
|
|
|
|
|
|
HEADER structure is 12 bytes as follows :
|
|
|
|
|
|
|
|
4 bits Version (only version 1 is defined)
|
|
|
|
4 bits Opcode (1=Replay, 2=Request)
|
2002-08-28 21:04:11 +00:00
|
|
|
8 bits Update Release
|
2000-10-26 09:14:28 +00:00
|
|
|
16 bits Autonomous system number
|
|
|
|
16 bits Number of Interior routes
|
|
|
|
16 bits Number of System routes
|
|
|
|
16 bits Number of Exterior routes
|
|
|
|
16 bits Checksum
|
|
|
|
-------
|
|
|
|
12 bytes in header
|
|
|
|
|
|
|
|
VECTOR structure is 14 bytes as follows :
|
|
|
|
24 bits Network
|
|
|
|
24 bits Delay
|
|
|
|
24 bits Bandwidth
|
|
|
|
16 bits MTU
|
|
|
|
8 bits Reliability
|
|
|
|
8 bits Load
|
|
|
|
8 bits Hop count
|
|
|
|
-------
|
|
|
|
14 bytes in 1 vector
|
|
|
|
|
|
|
|
It is interesting how is coded an ip network address in 3 bytes because IGRP is a classful routing protocol:
|
|
|
|
If it is a interior route then this 3 bytes are the final bytes, and the first one is taken from the source ip address of the ip packet
|
|
|
|
If it is a system route or a exterior route then this 3 bytes are the first three and the last byte is not important
|
|
|
|
|
|
|
|
If the Delay is 0xFFFFFF then the network is unreachable
|
|
|
|
|
|
|
|
*/
|