2 * Routines for BOOTP/DHCP packet disassembly
3 * Gilbert Ramirez <gram@verdict.uthscsa.edu>
5 * $Id: packet-bootp.c,v 1.15 1999/01/28 21:29:35 gram Exp $
7 * The information used comes from:
8 * RFC 2132: DHCP Options and BOOTP Vendor Extensions
9 * RFC 1542: Clarifications and Extensions for the Bootstrap Protocol
10 * RFC 2131: Dynamic Host Configuration Protocol
12 * Ethereal - Network traffic analyzer
13 * By Gerald Combs <gerald@unicom.net>
14 * Copyright 1998 Gerald Combs
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version 2
20 * of the License, or (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
40 #ifdef HAVE_SYS_TYPES_H
41 # include <sys/types.h>
44 #ifdef HAVE_NETINET_IN_H
45 # include <netinet/in.h>
53 enum field_type { none, ipv4, string, toggle, yes_no, special, opaque,
55 val_u_byte, val_u_short, val_u_long,
60 enum field_type ftype;
63 #define NUM_OPT_INFOS 77
65 /* returns the number of bytes consumed by this option */
67 bootp_option(const u_char *pd, GtkWidget *bp_tree, int voff, int eoff)
70 enum field_type ftype;
71 u_char code = pd[voff];
72 int vlen = pd[voff+1];
74 int i, consumed = vlen + 2;
76 GtkWidget *vti, *v_tree;
78 static const char *opt53_text[] = {
79 "Unknown Message Type",
89 static const value_string nbnt_vals[] = {
96 static struct opt_info opt[] = {
97 /* 0 */ { "Padding", none },
98 /* 1 */ { "Subnet Mask", ipv4 },
99 /* 2 */ { "Time Offset", val_s_long },
100 /* 3 */ { "Router", ipv4 },
101 /* 4 */ { "Time Server", ipv4 },
102 /* 5 */ { "Name Server", ipv4 },
103 /* 6 */ { "Domain Name Server", ipv4 },
104 /* 7 */ { "Log Server", ipv4 },
105 /* 8 */ { "Cookie Server", ipv4 },
106 /* 9 */ { "LPR Server", ipv4 },
107 /* 10 */ { "Impress Server", ipv4 },
108 /* 11 */ { "Resource Location Server", ipv4 },
109 /* 12 */ { "Host Name", string },
110 /* 13 */ { "Boot File Size", val_u_short },
111 /* 14 */ { "Merit Dump File", string },
112 /* 15 */ { "Domain Name", string },
113 /* 16 */ { "Swap Server", ipv4 },
114 /* 17 */ { "Root Path", string },
115 /* 18 */ { "Extensions Path", string },
116 /* 19 */ { "IP Forwarding", toggle },
117 /* 20 */ { "Non-Local Source Routing", toggle },
118 /* 21 */ { "Policy Filter", special },
119 /* 22 */ { "Maximum Datagram Reassembly Size", val_u_short },
120 /* 23 */ { "Default IP Time-to-Live", val_u_byte },
121 /* 24 */ { "Path MTU Aging Timeout", time_in_secs },
122 /* 25 */ { "Path MTU Plateau Table", val_u_short },
123 /* 26 */ { "Interface MTU", val_u_short },
124 /* 27 */ { "All Subnets are Local", yes_no },
125 /* 28 */ { "Broadcast Address", ipv4 },
126 /* 29 */ { "Perform Mask Discovery", toggle },
127 /* 30 */ { "Mask Supplier", yes_no },
128 /* 31 */ { "Perform Router Discover", toggle },
129 /* 32 */ { "Router Solicitation Address", ipv4 },
130 /* 33 */ { "Static Route", special },
131 /* 34 */ { "Trailer Encapsulation", toggle },
132 /* 35 */ { "ARP Cache Timeout", time_in_secs },
133 /* 36 */ { "Ethernet Encapsulation", toggle },
134 /* 37 */ { "TCP Default TTL", val_u_byte },
135 /* 38 */ { "TCP Keepalive Interval", time_in_secs },
136 /* 39 */ { "TCP Keepalive Garbage", toggle },
137 /* 40 */ { "Network Information Service Domain", string },
138 /* 41 */ { "Network Information Service Servers", ipv4 },
139 /* 42 */ { "Network Time Protocol Servers", ipv4 },
140 /* 43 */ { "Vendor-Specific Information", special },
141 /* 44 */ { "NetBIOS over TCP/IP Name Server", ipv4 },
142 /* 45 */ { "NetBIOS over TCP/IP Datagram Distribution Name Server", ipv4 },
143 /* 46 */ { "NetBIOS over TCP/IP Node Type", special },
144 /* 47 */ { "NetBIOS over TCP/IP Scope", string },
145 /* 48 */ { "X Window System Font Server", ipv4 },
146 /* 49 */ { "X Window System Display Manager", ipv4 },
147 /* 50 */ { "Requested IP Address", ipv4 },
148 /* 51 */ { "IP Address Lease Time", time_in_secs },
149 /* 52 */ { "Option Overload", special },
150 /* 53 */ { "DHCP Message Type", special },
151 /* 54 */ { "Server Identifier", ipv4 },
152 /* 55 */ { "Parameter Request List", special },
153 /* 56 */ { "Message", string },
154 /* 57 */ { "Maximum DHCP Message Size", val_u_short },
155 /* 58 */ { "Renewal Time Value", time_in_secs },
156 /* 59 */ { "Rebinding Time Value", time_in_secs },
157 /* 60 */ { "Vendor class identifier", opaque },
158 /* 61 */ { "Client identifier", special },
159 /* 64 */ { "Network Information Service+ Domain", string },
160 /* 65 */ { "Network Information Service+ Servers", ipv4 },
161 /* 66 */ { "TFTP Server Name", string },
162 /* 67 */ { "Bootfile name", string },
163 /* 68 */ { "Mobile IP Home Agent", ipv4 },
164 /* 69 */ { "SMTP Server", ipv4 },
165 /* 70 */ { "POP3 Server", ipv4 },
166 /* 71 */ { "NNTP Server", ipv4 },
167 /* 72 */ { "Default WWW Server", ipv4 },
168 /* 73 */ { "Default Finger Server", ipv4 },
169 /* 74 */ { "Default IRC Server", ipv4 },
170 /* 75 */ { "StreetTalk Server", ipv4 },
171 /* 76 */ { "StreetTalk Directory Assistance Server", ipv4 }
174 text = opt[code].text;
179 /* check how much padding we have */
180 for (i = voff + 1; i < eoff; i++ ) {
186 add_item_to_tree(bp_tree, voff, i, "Padding");
192 /* one IP address pair */
194 add_item_to_tree(bp_tree, voff, consumed,
195 "Option %d: %s = %s/%s", code, text,
196 ip_to_str((guint8*)&pd[voff+2]),
197 ip_to_str((guint8*)&pd[voff+6]));
199 /* > 1 IP address pair. Let's make a sub-tree */
202 vti = add_item_to_tree(GTK_WIDGET(bp_tree), voff,
203 consumed, "Option %d: %s", code, text);
204 v_tree = gtk_tree_new();
205 add_subtree(vti, v_tree, ETT_BOOTP_OPTION);
206 for (i = voff + 2; i < voff + consumed; i += 8) {
207 add_item_to_tree(v_tree, i, 8, "IP Address/Mask: %s/%s",
208 ip_to_str((guint8*)&pd[i]),
209 ip_to_str((guint8*)&pd[i+4]));
216 /* one IP address pair */
218 add_item_to_tree(bp_tree, voff, consumed,
219 "Option %d: %s = %s/%s", code, text,
220 ip_to_str((guint8*)&pd[voff+2]),
221 ip_to_str((guint8*)&pd[voff+6]));
223 /* > 1 IP address pair. Let's make a sub-tree */
226 vti = add_item_to_tree(GTK_WIDGET(bp_tree), voff,
227 consumed, "Option %d: %s", code, text);
228 v_tree = gtk_tree_new();
229 add_subtree(vti, v_tree, ETT_BOOTP_OPTION);
230 for (i = voff + 2; i < voff + consumed; i += 8) {
231 add_item_to_tree(v_tree, i, 8,
232 "Destination IP Address/Router: %s/%s",
233 ip_to_str((guint8*)&pd[i]),
234 ip_to_str((guint8*)&pd[i+4]));
239 /* Vendor-Specific Info */
241 add_item_to_tree(bp_tree, voff, consumed,
242 "Option %d: %s", code, text);
245 /* NetBIOS-over-TCP/IP Node Type */
248 add_item_to_tree(bp_tree, voff, consumed,
249 "Option %d: %s = %s", code, text,
250 val_to_str(byte, nbnt_vals,
251 "Unknown (0x%02x)"));
254 /* DHCP Message Type */
257 if (byte > 0 && byte < 9) {
263 add_item_to_tree(bp_tree, voff, 3, "Option %d: %s = DHCP %s",
264 code, text, opt53_text[i]);
267 /* Parameter Request List */
269 vti = add_item_to_tree(GTK_WIDGET(bp_tree), voff,
270 vlen + 2, "Option %d: %s", code, text);
271 v_tree = gtk_tree_new();
272 add_subtree(vti, v_tree, ETT_BOOTP_OPTION);
273 for (i = 0; i < vlen; i++) {
275 if (byte < NUM_OPT_INFOS) {
276 add_item_to_tree(v_tree, voff+2+i, 1, "%d = %s",
277 byte, opt[byte].text);
280 add_item_to_tree(vti, voff+2+i, 1,
281 "Unknown Option Code: %d", byte);
286 /* Client Identifier */
288 /* We *MAY* use hwtype/hwaddr. If we have 7 bytes, I'll
289 guess that the first is the hwtype, and the last 6 are
292 vti = add_item_to_tree(GTK_WIDGET(bp_tree), voff,
293 consumed, "Option %d: %s", code, text);
294 v_tree = gtk_tree_new();
295 add_subtree(vti, v_tree, ETT_BOOTP_OPTION);
296 add_item_to_tree(v_tree, voff+2, 1,
298 arphrdtype_to_str(pd[voff+2],
299 "Unknown (0x%02x)"));
300 add_item_to_tree(v_tree, voff+3, 6,
301 "Client hardware address: %s",
302 arphrdaddr_to_str((guint8*)&pd[voff+3],
305 /* otherwise, it's opaque data */
307 add_item_to_tree(bp_tree, voff, consumed,
308 "Option %d: %s (%d bytes)", code, text, vlen);
314 add_item_to_tree(bp_tree, voff, 1, "End Option");
324 if (code < NUM_OPT_INFOS) {
325 text = opt[code].text;
326 ftype = opt[code].ftype;
335 add_item_to_tree(bp_tree, voff, consumed,
336 "Option %d: %s = %s", code, text,
337 ip_to_str((guint8*)&pd[voff+2]));
339 /* > 1 IP addresses. Let's make a sub-tree */
342 vti = add_item_to_tree(GTK_WIDGET(bp_tree), voff,
343 consumed, "Option %d: %s", code, text);
344 v_tree = gtk_tree_new();
345 add_subtree(vti, v_tree, ETT_BOOTP_OPTION);
346 for (i = voff + 2; i < voff + consumed; i += 4) {
347 add_item_to_tree(v_tree, i, 4, "IP Address: %s",
348 ip_to_str((guint8*)&pd[i]));
354 /* Fix for non null-terminated string supplied by
355 * John Lines <John.Lines@aeat.co.uk>
357 add_item_to_tree(bp_tree, voff, consumed,
358 "Option %d: %s = %.*s", code, text, vlen, &pd[voff+2]);
362 add_item_to_tree(bp_tree, voff, consumed,
363 "Option %d: %s (%d bytes)",
370 add_item_to_tree(bp_tree, voff, consumed,
371 "Option %d: %s = %d", code, text,
372 pntohs(&pd[voff+2]));
376 vti = add_item_to_tree(GTK_WIDGET(bp_tree), voff,
377 consumed, "Option %d: %s", code, text);
378 v_tree = gtk_tree_new();
379 add_subtree(vti, v_tree, ETT_BOOTP_OPTION);
380 for (i = voff + 2; i < voff + consumed; i += 2) {
381 add_item_to_tree(v_tree, i, 4, "Value: %d",
388 add_item_to_tree(bp_tree, voff, consumed,
389 "Option %d: %s = %d", code, text,
390 pntohl(&pd[voff+2]));
394 add_item_to_tree(bp_tree, voff, consumed,
395 "Option %d: %s = %d", code, text, pd[voff+2]);
400 if (i != 0 && i != 1) {
401 add_item_to_tree(bp_tree, voff, consumed,
402 "Option %d: %s = Invalid Value %d", code, text,
406 add_item_to_tree(bp_tree, voff, consumed,
407 "Option %d: %s = %s", code, text,
408 pd[voff+2] == 0 ? "Disabled" : "Enabled");
414 if (i != 0 && i != 1) {
415 add_item_to_tree(bp_tree, voff, consumed,
416 "Option %d: %s = Invalid Value %d", code, text,
420 add_item_to_tree(bp_tree, voff, consumed,
421 "Option %d: %s = %s", code, text,
422 pd[voff+2] == 0 ? "No" : "Yes");
427 time_secs = pntohl(&pd[voff+2]);
428 add_item_to_tree(bp_tree, voff, consumed,
429 "Option %d: %s = %s", code, text,
430 ((time_secs == 0xffffffff) ?
432 time_secs_to_str(time_secs)));
436 add_item_to_tree(bp_tree, voff, consumed,
437 "Option %d: %s (%d bytes)", code, text, vlen);
441 add_item_to_tree(bp_tree, voff, consumed,
442 "Unknown Option Code: %d (%d bytes)", code, vlen);
449 dissect_bootp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree)
451 GtkWidget *bp_tree, *ti;
452 int voff, eoff; /* vender offset, end offset */
454 if (check_col(fd, COL_PROTOCOL))
455 col_add_str(fd, COL_PROTOCOL, "BOOTP");
457 if (check_col(fd, COL_INFO)) {
458 if (pd[offset] == 1) {
459 col_add_fstr(fd, COL_INFO, "Boot Request from %s",
460 arphrdaddr_to_str((guint8*)&pd[offset+28],
461 pd[offset+2], pd[offset+1]));
464 col_add_str(fd, COL_INFO, "Boot Reply");
469 ti = add_item_to_tree(GTK_WIDGET(tree), offset, END_OF_FRAME,
470 "Bootstrap Protocol");
471 bp_tree = gtk_tree_new();
472 add_subtree(ti, bp_tree, ETT_BOOTP);
474 add_item_to_tree(bp_tree, offset, 1, pd[offset] == 1 ?
475 "Boot Request" : "Boot Reply");
476 add_item_to_tree(bp_tree, offset + 1, 1,
478 arphrdtype_to_str(pd[offset+1], "Unknown (0x%02x)"));
479 add_item_to_tree(bp_tree, offset + 2, 1,
480 "Hardware address length: %d", pd[offset+2]);
481 add_item_to_tree(bp_tree, offset + 3, 1,
482 "Hops: %d", pd[offset+3]);
483 add_item_to_tree(bp_tree, offset + 4, 4,
484 "Transaction ID: 0x%08x", pntohl(&pd[offset+4]));
485 add_item_to_tree(bp_tree, offset + 8, 2,
486 "Seconds elapsed: %d", pntohs(&pd[offset+8]));
487 add_item_to_tree(bp_tree, offset + 10, 2,
488 "Broadcast flag: %d", pd[offset+10] & 1);
489 add_item_to_tree(bp_tree, offset + 12, 4,
490 "Client IP address: %s", ip_to_str((guint8*)&pd[offset+12]));
491 add_item_to_tree(bp_tree, offset + 16, 4,
492 "Your (client) IP address: %s", ip_to_str((guint8*)&pd[offset+16]));
493 add_item_to_tree(bp_tree, offset + 20, 4,
494 "Next server IP address: %s", ip_to_str((guint8*)&pd[offset+20]));
495 add_item_to_tree(bp_tree, offset + 24, 4,
496 "Relay agent IP address: %s", ip_to_str((guint8*)&pd[offset+24]));
498 add_item_to_tree(bp_tree, offset + 28, pd[offset+2],
499 "Client hardware address: %s",
500 arphrdaddr_to_str((guint8*)&pd[offset+28],
501 pd[offset+2], pd[offset+1]));
503 /* The server host name is optional */
505 add_item_to_tree(bp_tree, offset + 44, 64,
506 "Server host name: %s", &pd[offset+44]);
509 add_item_to_tree(bp_tree, offset + 44, 64,
510 "Server host name not given");
514 if (pd[offset+108]) {
515 add_item_to_tree(bp_tree, offset + 108, 128,
516 "Boot file name: %s", &pd[offset+108]);
519 add_item_to_tree(bp_tree, offset + 108, 128,
520 "Boot file name not given");
523 if (pntohl(&pd[offset+236]) == 0x63825363) {
524 add_item_to_tree(bp_tree, offset + 236, 4,
525 "Magic cookie: (OK)");
528 add_item_to_tree(bp_tree, offset + 236, 4,
530 ip_to_str((guint8*)&pd[offset+236]));
536 while (voff < eoff) {
537 voff += bootp_option(pd, bp_tree, voff, eoff);