i think i was looking at gre and pptp packets, and ended up going down a rabbit hole in ppp parsing.
the original aim was probably to print the ppp payload in pptp packets, which tcpdump now does. eg: 23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap) now looks like: 23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply some other changes appeared along the way though: - better checks for wrong packet lengths when outer protocols (eg, pptp and pppoe) have a length field we can look at. - better ppp control packet parsing, eg, we only look at bytes the control packets say we should look at, not at whatever may be left in the buffer. eg, if an ethernet packet comes off the wire with 0 padding up to 60 bytes, the previous ppp code would try to interpret the padding. so this: 23:43:29.271560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP: Configure-Request, Max-Rx-Unit=1492, Auth-Prot PAP, Magic-Number=33344507, Vendor-Ext should look like this: 23:43:29.271560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP Configure-Request Id=0x01: Max-Rx-Unit=1492 Auth-Prot=PAP Magic-Number=33344507 - adds support for DLT_PPP_SERIAL it looks a lot like DLT_PPP, but "upstream" tcpdump handles them differently. so theyre separate for now. - add parsing for EAP control packets in ppp. btw, would anyone mind if i cut the PPPoE output down? out of this: 23:43:29.205560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 LCP Configure-Request Id=0x01: Magic-Number=100455513 23:44:11.803560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.808560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply the only interesting in this is the id. it could look like: 23:43:29.205560 PPPoE id 0x0011: LCP Configure-Request Id=0x01: Magic-Number=100455513 23:44:11.803560 PPPoE id 0x0011: fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.808560 PPPoE id 0x0011: fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply to show the result, here's some output based on parsing pcap files i found on the internet (thank goodness for privsep/pledge eh): dlg@m4k1 tcpdump$ for i in ~/tmp/*.cap; do echo == `basename "$i" .cap` ==; echo = stock; sudo tcpdump -nr "$i"; echo = patched; /home/dlg/src/usr.sbin/tcpdump/obj/tcpdump -nr "$i"; done == GRE == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 22:06:06.434897 0800: 1.1.1.1 > 2.2.2.2: icmp: echo request (gre encap) 22:06:06.442931 0800: 2.2.2.2 > 1.1.1.1: icmp: echo reply (gre encap) 22:06:06.450900 0800: 1.1.1.1 > 2.2.2.2: icmp: echo request (gre encap) 22:06:06.498938 0800: 2.2.2.2 > 1.1.1.1: icmp: echo reply (gre encap) 22:06:06.506904 0800: 1.1.1.1 > 2.2.2.2: icmp: echo request (gre encap) 22:06:06.514914 0800: 2.2.2.2 > 1.1.1.1: icmp: echo reply (gre encap) 22:06:06.522905 0800: 1.1.1.1 > 2.2.2.2: icmp: echo request (gre encap) 22:06:06.570925 0800: 2.2.2.2 > 1.1.1.1: icmp: echo reply (gre encap) 22:06:06.578905 0800: 1.1.1.1 > 2.2.2.2: icmp: echo request (gre encap) 22:06:06.586923 0800: 2.2.2.2 > 1.1.1.1: icmp: echo reply (gre encap) = patched tcpdump: WARNING: snaplen raised from 116 to 8192 22:06:06.434897 10.0.0.1 > 10.0.0.2: gre 1.1.1.1 > 2.2.2.2: icmp: echo request 22:06:06.442931 10.0.0.2 > 10.0.0.1: gre 2.2.2.2 > 1.1.1.1: icmp: echo reply 22:06:06.450900 10.0.0.1 > 10.0.0.2: gre 1.1.1.1 > 2.2.2.2: icmp: echo request 22:06:06.498938 10.0.0.2 > 10.0.0.1: gre 2.2.2.2 > 1.1.1.1: icmp: echo reply 22:06:06.506904 10.0.0.1 > 10.0.0.2: gre 1.1.1.1 > 2.2.2.2: icmp: echo request 22:06:06.514914 10.0.0.2 > 10.0.0.1: gre 2.2.2.2 > 1.1.1.1: icmp: echo reply 22:06:06.522905 10.0.0.1 > 10.0.0.2: gre 1.1.1.1 > 2.2.2.2: icmp: echo request 22:06:06.570925 10.0.0.2 > 10.0.0.1: gre 2.2.2.2 > 1.1.1.1: icmp: echo reply 22:06:06.578905 10.0.0.1 > 10.0.0.2: gre 1.1.1.1 > 2.2.2.2: icmp: echo request 22:06:06.586923 10.0.0.2 > 10.0.0.1: gre 2.2.2.2 > 1.1.1.1: icmp: echo reply == NHRP_registration == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 16:34:45.635442 2001: gre-proto-0x2001 (gre encap) 16:34:45.647483 2001: gre-proto-0x2001 (gre encap) 16:34:45.659433 2001: gre-proto-0x2001 (gre encap) 16:34:45.671422 2001: gre-proto-0x2001 (gre encap) = patched tcpdump: WARNING: snaplen raised from 116 to 8192 16:34:45.635442 172.16.25.2 > 172.16.15.2: gre unknown-proto-2001 [tos 0xc0] 16:34:45.647483 172.16.25.2 > 172.16.15.2: gre unknown-proto-2001 [tos 0xc0] 16:34:45.659433 172.16.15.2 > 172.16.25.2: gre unknown-proto-2001 [tos 0xc0] 16:34:45.671422 172.16.15.2 > 172.16.25.2: gre unknown-proto-2001 [tos 0xc0] == PPP == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 tcpdump: unknown data link type 0x32 = patched tcpdump: WARNING: snaplen raised from 116 to 8192 16:02:19.198695 LCP Echo-Request Id=0x0b: Magic-Number=25358333 16:02:19.206662 LCP Echo-Reply Id=0x0b: Magic-Number=8579536 16:02:19.254664 LCP Echo-Request Id=0x0b: Magic-Number=8579536 16:02:19.294689 LCP Echo-Reply Id=0x0b: Magic-Number=25358333 16:02:29.414026 LCP Echo-Request Id=0x0c: Magic-Number=25358333 16:02:29.422008 LCP Echo-Reply Id=0x0c: Magic-Number=8579536 16:02:29.470011 LCP Echo-Request Id=0x0c: Magic-Number=8579536 16:02:29.478018 LCP Echo-Reply Id=0x0c: Magic-Number=25358333 16:02:39.667987 LCP Echo-Request Id=0x0d: Magic-Number=25358333 16:02:39.675956 LCP Echo-Reply Id=0x0d: Magic-Number=8579536 16:02:39.723969 LCP Echo-Request Id=0x0d: Magic-Number=8579536 16:02:39.731980 LCP Echo-Reply Id=0x0d: Magic-Number=25358333 16:02:41.254722 CDP 16:02:42.302746 CDP 16:02:49.915215 LCP Echo-Request Id=0x0e: Magic-Number=25358333 16:02:49.923184 LCP Echo-Reply Id=0x0e: Magic-Number=8579536 16:02:49.963184 LCP Echo-Request Id=0x0e: Magic-Number=8579536 16:02:49.971192 LCP Echo-Reply Id=0x0e: Magic-Number=25358333 16:03:00.145223 LCP Echo-Request Id=0x0f: Magic-Number=25358333 16:03:00.153206 LCP Echo-Reply Id=0x0f: Magic-Number=8579536 16:03:00.195796 LCP Echo-Request Id=0x0f: Magic-Number=8579536 16:03:00.203806 LCP Echo-Reply Id=0x0f: Magic-Number=25358333 16:03:02.929369 10.0.0.1 > 10.0.0.2: icmp: echo request 16:03:02.969564 10.0.0.2 > 10.0.0.1: icmp: echo reply 16:03:02.977385 10.0.0.1 > 10.0.0.2: icmp: echo request 16:03:02.985396 10.0.0.2 > 10.0.0.1: icmp: echo reply 16:03:02.993377 10.0.0.1 > 10.0.0.2: icmp: echo request 16:03:03.001396 10.0.0.2 > 10.0.0.1: icmp: echo reply 16:03:03.009378 10.0.0.1 > 10.0.0.2: icmp: echo request 16:03:03.017397 10.0.0.2 > 10.0.0.1: icmp: echo reply 16:03:03.025378 10.0.0.1 > 10.0.0.2: icmp: echo request 16:03:03.033401 10.0.0.2 > 10.0.0.1: icmp: echo reply 16:03:10.400427 LCP Echo-Request Id=0x10: Magic-Number=25358333 16:03:10.408404 LCP Echo-Reply Id=0x10: Magic-Number=8579536 16:03:10.408440 LCP Echo-Request Id=0x10: Magic-Number=8579536 16:03:10.416419 LCP Echo-Reply Id=0x10: Magic-Number=25358333 16:03:20.621039 LCP Echo-Request Id=0x11: Magic-Number=25358333 16:03:20.629013 LCP Echo-Reply Id=0x11: Magic-Number=8579536 16:03:20.677016 LCP Echo-Request Id=0x11: Magic-Number=8579536 16:03:20.685041 LCP Echo-Reply Id=0x11: Magic-Number=25358333 16:03:30.865652 LCP Echo-Request Id=0x12: Magic-Number=25358333 16:03:30.873625 LCP Echo-Reply Id=0x12: Magic-Number=8579536 16:03:30.921629 LCP Echo-Request Id=0x12: Magic-Number=8579536 16:03:30.929644 LCP Echo-Reply Id=0x12: Magic-Number=25358333 16:03:41.111604 LCP Echo-Request Id=0x13: Magic-Number=25358333 16:03:41.119570 LCP Echo-Reply Id=0x13: Magic-Number=8579536 16:03:41.127567 LCP Echo-Request Id=0x13: Magic-Number=8579536 16:03:41.135587 LCP Echo-Reply Id=0x13: Magic-Number=25358333 16:03:41.263600 CDP 16:03:42.271636 CDP == PPP_EAP == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 tcpdump: unknown data link type 0x32 = patched tcpdump: WARNING: snaplen raised from 116 to 8192 02:00:03.230007 LCP Configure-Request Id=0x45: Auth-Prot=EAP Magic-Number=19877349 02:00:03.244635 LCP Configure-Request Id=0x9a: Auth-Prot=EAP Magic-Number=36654234 02:00:03.244743 LCP Configure-Ack Id=0x45: Auth-Prot=EAP Magic-Number=19877349 02:00:03.252827 LCP Configure-Ack Id=0x9a: Auth-Prot=EAP Magic-Number=36654234 02:00:03.254924 EAP Challenge Id=0x5b: Identity 02:00:03.257095 EAP Challenge Id=0x0b: Identity 02:00:03.257143 EAP Response Id=0x5b: Identity=R2 02:00:03.261196 EAP Response Id=0x0b: Identity=R1 02:00:03.261219 EAP Challenge Id=0x5c: MD5-Challenge=bf09adbc1bedcb9fcda522d4262e3484 02:00:03.263323 EAP Challenge Id=0x0c: MD5-Challenge=13485ff359bb2d458c6d22ff89f1203a 02:00:03.267470 EAP Response Id=0x5c: MD5-Challenge=b7df13cffeceb05d28d25a06e49322e6 02:00:03.269514 EAP Response Id=0x0c: MD5-Challenge=f1be23c47bf1d76ceeac1b156c848fb9 02:00:03.279881 EAP Success Id=0x5c: 02:00:03.279959 EAP Success Id=0x0c: 02:00:03.282046 IPCP Configure-Request Id=0x01: IP-Address=10.0.0.2 02:00:03.282085 CDPCP 02:00:03.286137 IPCP Configure-Request Id=0x01: IP-Address=10.0.0.1 02:00:03.288221 IPCP Configure-Ack Id=0x01: IP-Address=10.0.0.2 02:00:03.288244 CDPCP 02:00:03.288299 IPCP Configure-Ack Id=0x01: IP-Address=10.0.0.1 02:00:03.290378 CDPCP 02:00:04.297173 LCP Echo-Request Id=0x01: Magic-Number=36654234 02:00:04.299206 LCP Echo-Reply Id=0x01: Magic-Number=19877349 02:00:04.321988 LCP Echo-Request Id=0x01: Magic-Number=19877349 02:00:04.324193 LCP Echo-Reply Id=0x01: Magic-Number=36654234 02:00:05.291309 CDPCP 02:00:05.293510 CDPCP 02:00:05.293545 CDPCP 02:00:05.297609 CDPCP 02:00:06.964110 CDP 02:00:07.933799 CDP 02:00:14.540350 LCP Echo-Request Id=0x02: Magic-Number=36654234 02:00:14.542403 LCP Echo-Reply Id=0x02: Magic-Number=19877349 02:00:14.542435 LCP Echo-Request Id=0x02: Magic-Number=19877349 02:00:14.544527 LCP Echo-Reply Id=0x02: Magic-Number=36654234 02:00:19.931075 CDP 02:00:24.763996 LCP Echo-Request Id=0x03: Magic-Number=36654234 02:00:24.766048 LCP Echo-Reply Id=0x03: Magic-Number=19877349 02:00:24.801110 LCP Echo-Request Id=0x03: Magic-Number=19877349 02:00:24.803291 LCP Echo-Reply Id=0x03: Magic-Number=36654234 02:00:35.012324 LCP Echo-Request Id=0x04: Magic-Number=36654234 02:00:35.014374 LCP Echo-Reply Id=0x04: Magic-Number=19877349 02:00:35.016502 LCP Echo-Request Id=0x04: Magic-Number=19877349 02:00:35.018612 LCP Echo-Reply Id=0x04: Magic-Number=36654234 02:00:45.241350 LCP Echo-Request Id=0x05: Magic-Number=36654234 02:00:45.243401 LCP Echo-Reply Id=0x05: Magic-Number=19877349 02:00:45.278386 LCP Echo-Request Id=0x05: Magic-Number=19877349 02:00:45.280538 LCP Echo-Reply Id=0x05: Magic-Number=36654234 02:00:55.488847 LCP Echo-Request Id=0x06: Magic-Number=36654234 02:00:55.492956 LCP Echo-Reply Id=0x06: Magic-Number=19877349 02:00:55.497105 LCP Echo-Request Id=0x06: Magic-Number=19877349 02:00:55.499207 LCP Echo-Reply Id=0x06: Magic-Number=36654234 == PPP_negotiation == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 tcpdump: unknown data link type 0x32 = patched tcpdump: WARNING: snaplen raised from 116 to 8192 04:15:40.489179 LCP Configure-Request Id=0x01: Auth-Prot=CHAP/MD5 Magic-Number=19720557 04:15:42.489171 LCP Configure-Request Id=0x02: Auth-Prot=CHAP/MD5 Magic-Number=19720557 04:15:42.514445 LCP Configure-Request Id=0x01: Auth-Prot=CHAP/MD5 Magic-Number=2945696 04:15:42.515973 LCP Configure-Ack Id=0x02: Auth-Prot=CHAP/MD5 Magic-Number=19720557 04:15:42.520380 LCP Configure-Ack Id=0x01: Auth-Prot=CHAP/MD5 Magic-Number=2945696 04:15:42.523740 CHAP Challenge Id=0x01: Value=41528c199fe22713cda522d45c7af9ad Name=R1 04:15:42.527615 CHAP Challenge Id=0x01: Value=46d67efdd5b7bbf2298ae558f5845024 Name=R0 04:15:42.534422 CHAP Response Id=0x01: Value=dc73196880578b12670b8d231b8e69f9 Name=R0 04:15:42.534540 CHAP Response Id=0x01: Value=87604b0ef5e48c4558bf40def88cb10e Name=R1 04:15:42.543271 CHAP Success Id=0x01: Message= 04:15:42.544075 CHAP Success Id=0x01: Message= 04:15:42.546287 IPCP Configure-Request Id=0x01: IP-Address=10.0.0.2 04:15:42.546305 IPCP Configure-Request Id=0x01: IP-Address=10.0.0.1 04:15:42.548174 IPCP Configure-Ack Id=0x01: IP-Address=10.0.0.2 04:15:42.548256 IPCP Configure-Ack Id=0x01: IP-Address=10.0.0.1 04:15:42.548547 CDPCP 04:15:42.548886 CDPCP 04:15:42.549077 CDPCP 04:15:42.549260 CDPCP 04:15:43.575179 LCP Echo-Request Id=0x01: Magic-Number=19720557 04:15:43.576133 LCP Echo-Reply Id=0x01: Magic-Number=2945696 04:15:43.577510 LCP Echo-Request Id=0x01: Magic-Number=2945696 04:15:43.578056 LCP Echo-Reply Id=0x01: Magic-Number=19720557 04:15:46.834096 CDP 04:15:46.838579 CDP 04:15:47.812780 CDP 04:15:47.848623 CDP 04:15:53.800423 LCP Echo-Request Id=0x02: Magic-Number=19720557 04:15:53.800592 LCP Echo-Reply Id=0x02: Magic-Number=2945696 04:15:53.801673 LCP Echo-Request Id=0x02: Magic-Number=2945696 04:15:53.801874 LCP Echo-Reply Id=0x02: Magic-Number=19720557 04:15:59.969488 10.0.0.1 > 10.0.0.2: icmp: echo request 04:15:59.975294 10.0.0.2 > 10.0.0.1: icmp: echo reply 04:15:59.983315 10.0.0.1 > 10.0.0.2: icmp: echo request 04:15:59.984259 10.0.0.2 > 10.0.0.1: icmp: echo reply 04:15:59.985042 10.0.0.1 > 10.0.0.2: icmp: echo request 04:15:59.985675 10.0.0.2 > 10.0.0.1: icmp: echo reply 04:15:59.986244 10.0.0.1 > 10.0.0.2: icmp: echo request 04:15:59.986854 10.0.0.2 > 10.0.0.1: icmp: echo reply 04:15:59.987477 10.0.0.1 > 10.0.0.2: icmp: echo request 04:15:59.988013 10.0.0.2 > 10.0.0.1: icmp: echo reply 04:16:04.040010 LCP Echo-Request Id=0x03: Magic-Number=2945696 04:16:04.043111 LCP Echo-Reply Id=0x03: Magic-Number=19720557 04:16:04.044361 LCP Echo-Request Id=0x03: Magic-Number=19720557 04:16:04.048120 LCP Echo-Reply Id=0x03: Magic-Number=2945696 04:16:14.290794 LCP Echo-Request Id=0x04: Magic-Number=2945696 04:16:14.293749 LCP Echo-Reply Id=0x04: Magic-Number=19720557 04:16:14.297317 LCP Echo-Request Id=0x04: Magic-Number=19720557 04:16:14.297424 LCP Echo-Reply Id=0x04: Magic-Number=2945696 04:16:24.526956 LCP Echo-Request Id=0x05: Magic-Number=19720557 04:16:24.527144 LCP Echo-Reply Id=0x05: Magic-Number=2945696 04:16:24.527770 LCP Echo-Request Id=0x05: Magic-Number=2945696 04:16:24.530731 LCP Echo-Reply Id=0x05: Magic-Number=19720557 04:16:34.757892 LCP Echo-Request Id=0x06: Magic-Number=2945696 04:16:34.760883 LCP Echo-Reply Id=0x06: Magic-Number=19720557 04:16:34.762469 LCP Echo-Request Id=0x06: Magic-Number=19720557 04:16:34.765353 LCP Echo-Reply Id=0x06: Magic-Number=2945696 04:16:45.005208 LCP Echo-Request Id=0x07: Magic-Number=2945696 04:16:45.008204 LCP Echo-Reply Id=0x07: Magic-Number=19720557 04:16:45.012520 LCP Echo-Request Id=0x07: Magic-Number=19720557 04:16:45.012703 LCP Echo-Reply Id=0x07: Magic-Number=2945696 04:16:47.807007 CDP 04:16:47.852904 CDP == PPPoE_Dual-Stack_IPv4_IPv6-with_DHCPv6 == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 23:43:26.780560 PPPoE-Discovery code Initiation, version 1, type 1, id 0x0000, length 12 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 23:43:26.817560 PPPoE-Discovery code Offer, version 1, type 1, id 0x0000, length 40 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 tag AC-Name, length 4 BRAS tag AC-Cookie, length 16 =\017\005\207\006$\204\362\3372\271\335\375w\275[ 23:43:28.833560 PPPoE-Discovery code Request, version 1, type 1, id 0x0000, length 40 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 tag AC-Name, length 4 BRAS tag AC-Cookie, length 16 =\017\005\207\006$\204\362\3372\271\335\375w\275[ 23:43:29.011560 PPPoE-Discovery code Confirm, version 1, type 1, id 0x0011, length 40 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 tag AC-Name, length 4 BRAS tag AC-Cookie, length 16 =\017\005\207\006$\204\362\3372\271\335\375w\275[ 23:43:29.205560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 LCP: Configure-Request, Magic-Number=100455513, Vendor-Ext 23:43:29.271560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP: Configure-Request, Max-Rx-Unit=1492, Auth-Prot PAP, Magic-Number=33344507, Vendor-Ext 23:43:29.274560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 LCP: Configure-Ack, Magic-Number=100455513, Vendor-Ext 23:43:29.315560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 10 LCP: Configure-Nak, Max-Rx-Unit=1500, Vendor-Ext 23:43:29.322560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP: Configure-Request, Max-Rx-Unit=1500, Auth-Prot PAP, Magic-Number=33344507, Vendor-Ext 23:43:29.326560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP: Configure-Ack, Max-Rx-Unit=1500, Auth-Prot PAP, Magic-Number=33344507, Vendor-Ext 23:43:29.341560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 18 PAP: Authenticate-Request, Peer-Id=cisco, Passwd=cisco 23:43:30.484560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 7 PAP: Authenticate-Ack 23:43:30.532560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP: Configure-Request, IP-Address=10.0.0.1 23:43:30.670560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP: Configure-Request, Interface-ID=c801:0eff:fe88:0008 23:43:30.675560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP: Configure-Request, IP-Address=0.0.0.0 23:43:30.675560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP: Configure-Request, Interface-ID=ce05:0eff:fe88:0000 23:43:30.680560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP: Configure-Ack, IP-Address=10.0.0.1 23:43:30.680560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP: Configure-Ack, Interface-ID=c801:0eff:fe88:0008 23:43:30.750560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP: Configure-Nak, IP-Address=10.0.2.16 23:43:30.759560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP: Configure-Ack, Interface-ID=ce05:0eff:fe88:0000 23:43:30.791560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP: Configure-Request, IP-Address=10.0.2.16 23:43:31.035560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.038560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.042560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.045560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.091560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 66 IPV6: fe80::c801:eff:fe88:8 > ff02::1: icmp6: neighbor adv: tgt is fe80::c801:eff:fe88:8 [class 0xe0] 23:43:31.129560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP: Configure-Ack, IP-Address=10.0.2.16 23:43:31.659560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=100455513 23:43:31.679560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=33344507 23:43:31.711560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.713560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.848560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.870560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 IPV6: fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:32.963560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 50 IPV6: fe80::ce05:eff:fe88:0 > ff02::2: icmp6: router solicitation [class 0xe0] 23:43:33.027560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 66 IPV6: fe80::c801:eff:fe88:8 > fe80::ce05:eff:fe88:0: icmp6: router advertisement [class 0xe0] 23:43:37.962560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 100 IPV6: fe80::ce05:eff:fe88:0.546 > ff02::1:2.547:dhcp6 solicit [class 0xe0] 23:43:38.014560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 146 IPV6: fe80::c801:eff:fe88:8.547 > fe80::ce05:eff:fe88:0.546:dhcp6 advert [class 0xe0] 23:43:38.040560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 114 IPV6: fe80::ce05:eff:fe88:0.546 > ff02::1:2.547:dhcp6 request [class 0xe0] 23:43:38.110560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 146 IPV6: fe80::c801:eff:fe88:8.547 > fe80::ce05:eff:fe88:0.546:dhcp6 [class 0xe0] 23:43:39.516560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=33344507 23:43:39.530560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=100455513 23:43:41.764560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=100455513 23:43:41.779560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=33344507 23:43:49.562560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=33344507 23:43:49.580560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=100455513 23:43:51.998560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=100455513 23:43:52.007560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=33344507 23:43:59.547560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=33344507 23:43:59.560560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=100455513 23:44:02.211560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=100455513 23:44:02.219560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=33344507 23:44:09.593560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=33344507 23:44:09.608560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=100455513 23:44:11.658560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.742560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.777560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.790560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.796560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.798560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.803560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.808560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.812560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.814560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 IPV6: fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:12.482560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Request, Magic-Number=100455513 23:44:12.499560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP: Echo-Reply, Magic-Number=33344507 = patched tcpdump: WARNING: snaplen raised from 116 to 8192 23:43:26.780560 PPPoE-Discovery code Initiation, version 1, type 1, id 0x0000, length 12 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 23:43:26.817560 PPPoE-Discovery code Offer, version 1, type 1, id 0x0000, length 40 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 tag AC-Name, length 4 BRAS tag AC-Cookie, length 16 =\017\005\207\006$\204\362\3372\271\335\375w\275[ 23:43:28.833560 PPPoE-Discovery code Request, version 1, type 1, id 0x0000, length 40 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 tag AC-Name, length 4 BRAS tag AC-Cookie, length 16 =\017\005\207\006$\204\362\3372\271\335\375w\275[ 23:43:29.011560 PPPoE-Discovery code Confirm, version 1, type 1, id 0x0011, length 40 tag Service-Name, length 0 tag Host-Uniq, length 4 d\023\205\030 tag AC-Name, length 4 BRAS tag AC-Cookie, length 16 =\017\005\207\006$\204\362\3372\271\335\375w\275[ 23:43:29.205560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 LCP Configure-Request Id=0x01: Magic-Number=100455513 23:43:29.271560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP Configure-Request Id=0x01: Max-Rx-Unit=1492 Auth-Prot=PAP Magic-Number=33344507 23:43:29.274560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 LCP Configure-Ack Id=0x01: Magic-Number=100455513 23:43:29.315560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 10 LCP Configure-Nak Id=0x01: Max-Rx-Unit=1500 23:43:29.322560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP Configure-Request Id=0x02: Max-Rx-Unit=1500 Auth-Prot=PAP Magic-Number=33344507 23:43:29.326560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 20 LCP Configure-Ack Id=0x02: Max-Rx-Unit=1500 Auth-Prot=PAP Magic-Number=33344507 23:43:29.341560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 18 PAP Authenticate-Request Id=0x01: Peer-Id=cisco Passwd=cisco 23:43:30.484560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 7 PAP Authenticate-Ack Id=0x01: Message= 23:43:30.532560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP Configure-Request Id=0x01: IP-Address=10.0.0.1 23:43:30.670560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP Configure-Request Id=0x01: IPv6-Interface-Id=c801:0eff:fe88:0008 23:43:30.675560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP Configure-Request Id=0x01: IP-Address=0.0.0.0 23:43:30.675560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP Configure-Request Id=0x01: IPv6-Interface-Id=ce05:0eff:fe88:0000 23:43:30.680560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP Configure-Ack Id=0x01: IP-Address=10.0.0.1 23:43:30.680560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP Configure-Ack Id=0x01: IPv6-Interface-Id=c801:0eff:fe88:0008 23:43:30.750560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP Configure-Nak Id=0x01: IP-Address=10.0.2.16 23:43:30.759560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 16 IPV6CP Configure-Ack Id=0x01: IPv6-Interface-Id=ce05:0eff:fe88:0000 23:43:30.791560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP Configure-Request Id=0x02: IP-Address=10.0.2.16 23:43:31.035560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.038560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.042560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.045560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.091560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 66 fe80::c801:eff:fe88:8 > ff02::1: icmp6: neighbor adv: tgt is fe80::c801:eff:fe88:8 [class 0xe0] 23:43:31.129560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 12 IPCP Configure-Ack Id=0x02: IP-Address=10.0.2.16 23:43:31.659560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x01: Magic-Number=100455513 23:43:31.679560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x01: Magic-Number=33344507 23:43:31.711560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.713560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.848560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:31.870560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 78 fe80::c801:eff:fe88:8 > ff02::16: HBH multicast listener report v2, 1 group record(s) [class 0xe0] [hlim 1] 23:43:32.963560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 50 fe80::ce05:eff:fe88:0 > ff02::2: icmp6: router solicitation [class 0xe0] 23:43:33.027560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 66 fe80::c801:eff:fe88:8 > fe80::ce05:eff:fe88:0: icmp6: router advertisement [class 0xe0] 23:43:37.962560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 100 fe80::ce05:eff:fe88:0.546 > ff02::1:2.547:dhcp6 solicit [class 0xe0] 23:43:38.014560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 146 fe80::c801:eff:fe88:8.547 > fe80::ce05:eff:fe88:0.546:dhcp6 advert [class 0xe0] 23:43:38.040560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 114 fe80::ce05:eff:fe88:0.546 > ff02::1:2.547:dhcp6 request [class 0xe0] 23:43:38.110560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 146 fe80::c801:eff:fe88:8.547 > fe80::ce05:eff:fe88:0.546:dhcp6 [class 0xe0] 23:43:39.516560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x01: Magic-Number=33344507 23:43:39.530560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x01: Magic-Number=100455513 23:43:41.764560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x02: Magic-Number=100455513 23:43:41.779560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x02: Magic-Number=33344507 23:43:49.562560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x02: Magic-Number=33344507 23:43:49.580560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x02: Magic-Number=100455513 23:43:51.998560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x03: Magic-Number=100455513 23:43:52.007560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x03: Magic-Number=33344507 23:43:59.547560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x03: Magic-Number=33344507 23:43:59.560560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x03: Magic-Number=100455513 23:44:02.211560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x04: Magic-Number=100455513 23:44:02.219560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x04: Magic-Number=33344507 23:44:09.593560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x04: Magic-Number=33344507 23:44:09.608560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x04: Magic-Number=100455513 23:44:11.658560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.742560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.777560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.790560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.796560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.798560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.803560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.808560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:11.812560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00:0:2:100::1:1 > fc00::1: icmp6: echo request 23:44:11.814560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 102 fc00::1 > fc00:0:2:100::1:1: icmp6: echo reply 23:44:12.482560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Request Id=0x05: Magic-Number=100455513 23:44:12.499560 PPPoE-Session code Session, version 1, type 1, id 0x0011, length 14 LCP Echo-Reply Id=0x05: Magic-Number=33344507 == PPTP_negotiation == = stock tcpdump: WARNING: snaplen raised from 116 to 65535 23:50:49.812800 arp who-has 20.0.0.1 tell 20.0.0.2 23:50:49.813214 arp reply 20.0.0.1 is-at 00:09:e9:55:c0:1c 23:50:49.813237 20.0.0.2.1999 > 20.0.0.1.1723: S 453582462:453582462(0) win 2920 <mss 1460,sackOK,timestamp 3104727 0> 23:50:49.814378 20.0.0.1.1723 > 20.0.0.2.1999: S 3113151227:3113151227(0) ack 453582463 win 4128 <mss 1460> 23:50:49.814423 20.0.0.2.1999 > 20.0.0.1.1723: . ack 1 win 2920 23:50:49.814465 20.0.0.2.1999 > 20.0.0.1.1723: P 1:157(156) ack 1 win 2920 23:50:49.819173 20.0.0.1.1723 > 20.0.0.2.1999: P 1:157(156) ack 157 win 3972 23:50:49.819199 20.0.0.2.1999 > 20.0.0.1.1723: . ack 157 win 2764 23:50:49.819233 20.0.0.2.1999 > 20.0.0.1.1723: P 157:325(168) ack 157 win 2764 23:50:49.833779 20.0.0.1.1723 > 20.0.0.2.1999: P 157:189(32) ack 325 win 3804 23:50:49.834143 call 24 seq 0: gre-ppp-payload (gre encap) 23:50:49.873667 20.0.0.2.1999 > 20.0.0.1.1723: . ack 189 win 2764 23:50:51.857988 call 1 seq 1 ack 4294967295: gre-ppp-payload (gre encap) 23:50:51.858092 call 24 seq 1 ack 1: gre-ppp-payload (gre encap) 23:51:00.192601 call 24 seq 2: gre-ppp-payload (gre encap) 23:51:00.193207 call 1 seq 2 ack 2: gre-ppp-payload (gre encap) 23:51:00.193289 call 24 seq 3 ack 2: gre-ppp-payload (gre encap) 23:51:00.219147 call 1 seq 3 ack 3: gre-ppp-payload (gre encap) 23:51:00.219231 call 24 seq 4 ack 3: gre-ppp-payload (gre encap) 23:51:00.219259 call 1 seq 4 ack 3: gre-ppp-payload (gre encap) 23:51:00.219321 call 24 seq 5 ack 4: gre-ppp-payload (gre encap) 23:51:00.221903 call 1 seq 5 ack 5: gre-ppp-payload (gre encap) 23:51:00.221962 call 24 seq 6 ack 5: gre-ppp-payload (gre encap) 23:51:00.222481 call 1 seq 6 ack 6: gre-ppp-payload (gre encap) 23:51:00.721559 call 24 ack 6 no-payload (gre encap) 23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap) 23:52:00.697808 call 24 ack 7 no-payload (gre encap) = patched tcpdump: WARNING: snaplen raised from 116 to 65535 23:50:49.812800 arp who-has 20.0.0.1 tell 20.0.0.2 23:50:49.813214 arp reply 20.0.0.1 is-at 00:09:e9:55:c0:1c 23:50:49.813237 20.0.0.2.1999 > 20.0.0.1.1723: S 453582462:453582462(0) win 2920 <mss 1460,sackOK,timestamp 3104727 0> 23:50:49.814378 20.0.0.1.1723 > 20.0.0.2.1999: S 3113151227:3113151227(0) ack 453582463 win 4128 <mss 1460> 23:50:49.814423 20.0.0.2.1999 > 20.0.0.1.1723: . ack 1 win 2920 23:50:49.814465 20.0.0.2.1999 > 20.0.0.1.1723: P 1:157(156) ack 1 win 2920 23:50:49.819173 20.0.0.1.1723 > 20.0.0.2.1999: P 1:157(156) ack 157 win 3972 23:50:49.819199 20.0.0.2.1999 > 20.0.0.1.1723: . ack 157 win 2764 23:50:49.819233 20.0.0.2.1999 > 20.0.0.1.1723: P 157:325(168) ack 157 win 2764 23:50:49.833779 20.0.0.1.1723 > 20.0.0.2.1999: P 157:189(32) ack 325 win 3804 23:50:49.834143 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 0: LCP Configure-Request Id=0x00: Magic-Number=177520998 23:50:49.873667 20.0.0.2.1999 > 20.0.0.1.1723: . ack 189 win 2764 23:50:51.857988 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 1 ack 4294967295: LCP Configure-Request Id=0x01: Auth-Prot=PAP Magic-Number=255791484 23:50:51.858092 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 1 ack 1: LCP Configure-Ack Id=0x01: Auth-Prot=PAP Magic-Number=255791484 23:51:00.192601 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 2: LCP Configure-Request Id=0x01: Magic-Number=177520998 23:51:00.193207 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 2 ack 2: LCP Configure-Ack Id=0x01: Magic-Number=177520998 23:51:00.193289 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 3 ack 2: PAP Authenticate-Request Id=0x00: Peer-Id=ixia Passwd=ixia 23:51:00.219147 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 3 ack 3: PAP Authenticate-Ack Id=0x00: Message= 23:51:00.219231 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 4 ack 3: IPCP Configure-Request Id=0x00: IP-Address=0.0.0.0 23:51:00.219259 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 4 ack 3: IPCP Configure-Request Id=0x01: IP-Address=17.1.1.118 23:51:00.219321 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 5 ack 4: IPCP Configure-Ack Id=0x01: IP-Address=17.1.1.118 23:51:00.221903 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 5 ack 5: IPCP Configure-Nak Id=0x00: IP-Address=17.1.1.122 23:51:00.221962 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 6 ack 5: IPCP Configure-Request Id=0x01: IP-Address=17.1.1.122 23:51:00.222481 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 6 ack 6: IPCP Configure-Ack Id=0x01: IP-Address=17.1.1.122 23:51:00.721559 20.0.0.2 > 20.0.0.1: pptp callid 24 ack 6 23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply 23:52:00.697808 20.0.0.2 > 20.0.0.1: pptp callid 24 ack 7 == gre_and_4over6 == = stock tcpdump: WARNING: snaplen raised from 116 to 65535 13:35:03.821897 802.1Q vid 100 pri 0 call 6016 seq 430001 ack 539254: gre-ppp-payload (gre encap) (encap) 13:35:04.035791 802.1Q vid 100 pri 0 call 17 seq 539320: gre-ppp-payload (gre encap) (encap) = patched tcpdump: WARNING: snaplen raised from 116 to 65535 13:35:03.821897 802.1Q vid 100 pri 0 16.0.0.200 > 192.52.166.154: pptp callid 6016 seq 430001 ack 539254: 172.16.44.3.40768 > 8.8.8.8.53: 42540+ AAAA? xqt-detect-mode2-97712e88-167a-45b9-93ee-913140e76678. (71) (DF) (encap) 13:35:04.035791 802.1Q vid 100 pri 0 192.52.166.154 > 16.0.0.200: pptp callid 17 seq 539320: 8.8.8.8.53 > 172.16.44.3.40768: 42540 NXDomain 0/1/0 (146) (DF) (encap) == mGRE_ICMP == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 16:47:16.060879 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:16.068855 2001: gre-proto-0x2001 (gre encap) 16:47:16.126680 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:16.133008 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:16.138679 2001: gre-proto-0x2001 (gre encap) 16:47:16.148863 2001: gre-proto-0x2001 (gre encap) 16:47:16.150679 2001: gre-proto-0x2001 (gre encap) 16:47:16.270695 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:16.280912 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:16.342699 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:16.352866 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:16.366700 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:16.376871 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:16.390702 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:25.871324 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:25.907304 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:25.919331 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:25.955311 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:25.967330 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:26.003312 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:26.015330 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:26.033439 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) 16:47:26.075338 0800: 192.168.0.2 > 192.168.0.4: icmp: echo request (gre encap) 16:47:26.137453 0800: 192.168.0.4 > 192.168.0.2: icmp: echo reply (gre encap) = patched tcpdump: WARNING: snaplen raised from 116 to 8192 16:47:16.060879 172.16.25.2 > 172.16.15.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:16.068855 172.16.25.2 > 172.16.15.2: gre unknown-proto-2001 [tos 0xc0] 16:47:16.126680 172.16.15.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:16.133008 172.16.25.2 > 172.16.15.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:16.138679 172.16.15.2 > 172.16.25.2: gre unknown-proto-2001 [tos 0xc0] 16:47:16.148863 172.16.25.2 > 172.16.15.2: gre unknown-proto-2001 [tos 0xc0] 16:47:16.150679 172.16.15.2 > 172.16.25.2: gre unknown-proto-2001 [tos 0xc0] 16:47:16.270695 172.16.15.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:16.280912 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:16.342699 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:16.352866 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:16.366700 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:16.376871 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:16.390702 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:25.871324 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:25.907304 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:25.919331 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:25.955311 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:25.967330 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:26.003312 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:26.015330 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:26.033439 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply 16:47:26.075338 172.16.25.2 > 172.16.45.2: gre 192.168.0.2 > 192.168.0.4: icmp: echo request 16:47:26.137453 172.16.45.2 > 172.16.25.2: gre 192.168.0.4 > 192.168.0.2: icmp: echo reply == ospf over gre tunnel == = stock tcpdump: WARNING: snaplen raised from 116 to 8192 22:08:57.595483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:07.572483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:17.565483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:27.573483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:37.576483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:38.374483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:38.459483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:38.560483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 3.3.3.3 backbone E I/M/MS mtu 1476 S 248A [tos 0xc0] [ttl 1] (gre encap) 22:09:38.564483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:38.577483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 1.1.1.1 backbone E I/M/MS mtu 1476 S EC5 [tos 0xc0] [ttl 1] (gre encap) 22:09:38.620483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-dd 52[64]: rtrid 1.1.1.1 backbone E M mtu 1476 S 248A [tos 0xc0] [ttl 1] (gre encap) 22:09:38.643483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 3.3.3.3 backbone E MS mtu 1476 S 248B [tos 0xc0] [ttl 1] (gre encap) 22:09:38.724483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 1.1.1.1 backbone E mtu 1476 S 248B [tos 0xc0] [ttl 1] (gre encap) 22:09:38.737483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-ls_req 36: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:38.770483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-ls_upd 64: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:38.889483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-ls_upd 76: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:39.190483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-ls_upd 76: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:41.306483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-ls_ack 64: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:41.404483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-ls_ack 44: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:47.551483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:48.323483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:57.562483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:09:58.323483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:07.575483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:08.318483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:12.510483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-ls_upd 88: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:15.069483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-ls_ack 44: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:17.580483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:18.306483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:27.556483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:28.308483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:37.552483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:38.335483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:38.690483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-ls_upd 88: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:41.233483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-ls_ack 44: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:47.550483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:48.329483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:57.563483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:10:58.350483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:07.567483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:08.322483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:17.579483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:18.337483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:27.587483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:28.310483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:37.577483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:38.334483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:47.615483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:48.344483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:57.558483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:11:58.309483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:07.571483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:08.339483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:17.558483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:18.329483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:27.620483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:28.298483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:37.568483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:38.305483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:47.567483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:48.338483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:57.569483 0800: 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] (gre encap) 22:12:58.342483 0800: 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] (gre encap) = patched tcpdump: WARNING: snaplen raised from 116 to 8192 22:08:57.595483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:07.572483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:17.565483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:27.573483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:37.576483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.374483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 44[56]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.459483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.560483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 3.3.3.3 backbone E I/M/MS mtu 1476 S 248A [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.564483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.577483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 1.1.1.1 backbone E I/M/MS mtu 1476 S EC5 [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.620483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-dd 52[64]: rtrid 1.1.1.1 backbone E M mtu 1476 S 248A [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.643483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 3.3.3.3 backbone E MS mtu 1476 S 248B [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.724483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-dd 32[44]: rtrid 1.1.1.1 backbone E mtu 1476 S 248B [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.737483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-ls_req 36: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.770483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-ls_upd 64: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:38.889483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-ls_upd 76: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:39.190483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-ls_upd 76: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:41.306483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-ls_ack 64: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:41.404483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-ls_ack 44: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:47.551483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:48.323483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:57.562483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:09:58.323483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:07.575483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:08.318483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:12.510483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-ls_upd 88: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:15.069483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-ls_ack 44: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:17.580483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:18.306483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:27.556483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:28.308483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:37.552483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:38.335483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:38.690483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-ls_upd 88: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:41.233483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-ls_ack 44: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:47.550483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:48.329483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:57.563483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:10:58.350483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:07.567483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:08.322483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:17.579483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:18.337483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:27.587483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:28.310483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:37.577483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:38.334483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:47.615483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:48.344483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:57.558483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:11:58.309483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:07.571483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:08.339483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:17.558483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:18.329483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:27.620483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:28.298483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:37.568483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:38.305483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:47.567483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:48.338483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:57.569483 192.168.12.1 > 192.168.23.3: gre 192.168.13.1 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 1.1.1.1 backbone [tos 0xc0] [ttl 1] [tos 0xc0] 22:12:58.342483 192.168.23.3 > 192.168.12.1: gre 192.168.13.3 > 224.0.0.5: OSPFv2-hello 48[60]: rtrid 3.3.3.3 backbone [tos 0xc0] [ttl 1] [tos 0xc0] Index: lib/libpcap/gencode.c =================================================================== RCS file: /cvs/src/lib/libpcap/gencode.c,v retrieving revision 1.47 diff -u -p -r1.47 gencode.c --- lib/libpcap/gencode.c 3 Feb 2018 13:39:48 -0000 1.47 +++ lib/libpcap/gencode.c 5 Feb 2018 06:08:37 -0000 @@ -707,6 +707,11 @@ init_linktype(type) off_nl = 4; return; + case DLT_PPP_SERIAL: + off_linktype = -1; + off_nl = 2; + return; + case DLT_PPP_ETHER: /* * This does not include the Ethernet header, and Index: lib/libpcap/pcap.c =================================================================== RCS file: /cvs/src/lib/libpcap/pcap.c,v retrieving revision 1.21 diff -u -p -r1.21 pcap.c --- lib/libpcap/pcap.c 3 Feb 2018 13:39:48 -0000 1.21 +++ lib/libpcap/pcap.c 5 Feb 2018 06:08:37 -0000 @@ -313,6 +313,7 @@ DLT_CHOICE(DLT_IEEE802, "IEEE 802 Networ DLT_CHOICE(DLT_ARCNET, "ARCNET"), DLT_CHOICE(DLT_SLIP, "Serial Line IP"), DLT_CHOICE(DLT_PPP, "Point-to-point Protocol"), +DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), DLT_CHOICE(DLT_FDDI, "FDDI"), DLT_CHOICE(DLT_ATM_RFC1483, "LLC/SNAP encapsulated atm"), DLT_CHOICE(DLT_LOOP, "loopback type (af header)"), Index: lib/libpcap/shlib_version =================================================================== RCS file: /cvs/src/lib/libpcap/shlib_version,v retrieving revision 1.17 diff -u -p -r1.17 shlib_version --- lib/libpcap/shlib_version 29 Nov 2016 18:37:02 -0000 1.17 +++ lib/libpcap/shlib_version 5 Feb 2018 06:08:37 -0000 @@ -1,2 +1,2 @@ major=8 -minor=3 +minor=4 Index: usr.sbin/tcpdump/interface.h =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/interface.h,v retrieving revision 1.70 diff -u -p -r1.70 interface.h --- usr.sbin/tcpdump/interface.h 3 Feb 2018 13:39:48 -0000 1.70 +++ usr.sbin/tcpdump/interface.h 5 Feb 2018 06:08:37 -0000 @@ -244,7 +244,10 @@ extern void ospf_print(const u_char *, u extern void mobile_print(const u_char *, u_int); extern void pim_print(const u_char *, u_int); extern void ppp_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); -extern void ppp_hdlc_print(const u_char *, int); +extern void ppp_hdlc_if_print(u_char *, const struct pcap_pkthdr *, + const u_char *); +extern void ppp_print(const u_char *, u_int); +extern void ppp_hdlc_print(const u_char *, u_int); extern void raw_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void rip_print(const u_char *, u_int); extern void sl_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); Index: usr.sbin/tcpdump/print-gre.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-gre.c,v retrieving revision 1.12 diff -u -p -r1.12 print-gre.c --- usr.sbin/tcpdump/print-gre.c 13 Dec 2016 06:40:21 -0000 1.12 +++ usr.sbin/tcpdump/print-gre.c 5 Feb 2018 06:08:37 -0000 @@ -73,25 +73,25 @@ void gre_sre_ip_print(u_int8_t, u_int8_t void gre_sre_asn_print(u_int8_t, u_int8_t, const u_char *, u_int); void -gre_print(const u_char *bp, u_int length) +gre_print(const u_char *p, u_int length) { - u_int len = length, vers; + uint16_t vers; + int l; - if (bp + len > snapend) - len = snapend - bp; + l = snapend - p; - if (len < 2) { + if (l < sizeof(vers)) { printf("[|gre]"); return; } - vers = EXTRACT_16BITS(bp) & GRE_VERS; + vers = EXTRACT_16BITS(p) & GRE_VERS; switch (vers) { case 0: - gre_print_0(bp, len); + gre_print_0(p, length); break; case 1: - gre_print_1(bp, len); + gre_print_1(p, length); break; default: printf("gre-unknown-version=%u", vers); @@ -100,14 +100,22 @@ gre_print(const u_char *bp, u_int length } void -gre_print_0(const u_char *bp, u_int length) +gre_print_0(const u_char *p, u_int length) { - u_int len = length; - u_int16_t flags, prot; + uint16_t flags, proto; + u_int l; + + l = snapend - p; + + flags = EXTRACT_16BITS(p); + p += sizeof(flags); + l -= sizeof(flags); + length -= sizeof(flags); + + printf("gre"); - flags = EXTRACT_16BITS(bp); if (vflag) { - printf("[%s%s%s%s%s] ", + printf(" [%s%s%s%s%s]", (flags & GRE_CP) ? "C" : "", (flags & GRE_RP) ? "R" : "", (flags & GRE_KP) ? "K" : "", @@ -115,57 +123,54 @@ gre_print_0(const u_char *bp, u_int leng (flags & GRE_sP) ? "s" : ""); } - len -= 2; - bp += 2; - - if (len < 2) + if (l < sizeof(proto)) goto trunc; - prot = EXTRACT_16BITS(bp); - printf("%s", etherproto_string(prot)); - - len -= 2; - bp += 2; + proto = EXTRACT_16BITS(p); + p += sizeof(proto); + l -= sizeof(proto); + length -= sizeof(proto); if ((flags & GRE_CP) | (flags & GRE_RP)) { - if (len < 2) + if (l < 2) goto trunc; - if (vflag) - printf(" sum 0x%x", EXTRACT_16BITS(bp)); - bp += 2; - len -= 2; - - if (len < 2) - goto trunc; - printf(" off 0x%x", EXTRACT_16BITS(bp)); - bp += 2; - len -= 2; + if ((flags & GRE_CP) && vflag) + printf(" sum 0x%x", EXTRACT_16BITS(p)); + p += 2; + l -= 2; + length -= 2; + + if (l < 2) + goto trunc; + if (flags & GRE_RP) + printf(" off 0x%x", EXTRACT_16BITS(p)); + p += 2; + l -= 2; + length -= 2; } if (flags & GRE_KP) { uint32_t key, vsid; - if (len < 4) + if (l < sizeof(key)) goto trunc; - key = EXTRACT_32BITS(bp); - - /* maybe NVGRE? */ - if (flags == (GRE_KP | 0) && prot == ETHERTYPE_TRANSETHER) { - vsid = (key & NVGRE_VSID_MASK) >> NVGRE_VSID_SHIFT; - printf(" NVGRE vsid=%u (0x%x)+flowid=0x%02x /", - vsid, vsid, - (key & NVGRE_FLOWID_MASK) >> NVGRE_FLOWID_SHIFT); - } - printf(" key=%u (0x%x)", key, key); - bp += 4; - len -= 4; + key = EXTRACT_32BITS(p); + p += sizeof(key); + l -= sizeof(key); + length -= sizeof(key); + + /* maybe NVGRE, or key entropy? */ + vsid = (key & NVGRE_VSID_MASK) >> NVGRE_VSID_SHIFT; + printf(" vsid=%u+flow=0x%02x/key=%u", + vsid, (key & NVGRE_FLOWID_MASK) >> NVGRE_FLOWID_SHIFT, key); } if (flags & GRE_SP) { - if (len < 4) + if (l < 4) goto trunc; - printf(" seq %u", EXTRACT_32BITS(bp)); - bp += 4; - len -= 4; + printf(" seq %u", EXTRACT_32BITS(p)); + p += 4; + l -= 4; + length -= 4; } if (flags & GRE_RP) { @@ -174,43 +179,45 @@ gre_print_0(const u_char *bp, u_int leng u_int8_t sreoff; u_int8_t srelen; - if (len < 4) + if (l < 4) goto trunc; - af = EXTRACT_16BITS(bp); - sreoff = *(bp + 2); - srelen = *(bp + 3); - bp += 4; - len -= 4; + af = EXTRACT_16BITS(p); + sreoff = *(p + 2); + srelen = *(p + 3); + p += 4; + l -= 4; + length -= 4; if (af == 0 && srelen == 0) break; - gre_sre_print(af, sreoff, srelen, bp, len); + gre_sre_print(af, sreoff, srelen, p, l); - if (len < srelen) + if (l < srelen) goto trunc; - bp += srelen; - len -= srelen; + p += srelen; + l -= srelen; + length -= srelen; } } - printf(": "); + printf(" "); - switch (prot) { + switch (proto) { case ETHERTYPE_IP: - ip_print(bp, len); + ip_print(p, length); break; case ETHERTYPE_IPV6: - ip6_print(bp, len); + ip6_print(p, length); break; case ETHERTYPE_MPLS: - mpls_print(bp, len); + mpls_print(p, length); break; case ETHERTYPE_TRANSETHER: - ether_print(bp, len); + ether_print(p, length); break; default: - printf("gre-proto-0x%x", prot); + printf("unknown-proto-%04x", proto); } return; @@ -219,17 +226,22 @@ trunc: } void -gre_print_1(const u_char *bp, u_int length) +gre_print_1(const u_char *p, u_int length) { - u_int len = length; - u_int16_t flags, prot; + uint16_t flags, proto, len; + int l; + + l = snapend - p; - flags = EXTRACT_16BITS(bp); - len -= 2; - bp += 2; + flags = EXTRACT_16BITS(p); + p += sizeof(flags); + l -= sizeof(flags); + length -= sizeof(flags); + + printf("pptp"); if (vflag) { - printf("[%s%s%s%s%s%s]", + printf(" [%s%s%s%s%s%s] ", (flags & GRE_CP) ? "C" : "", (flags & GRE_RP) ? "R" : "", (flags & GRE_KP) ? "K" : "", @@ -238,11 +250,13 @@ gre_print_1(const u_char *bp, u_int leng (flags & GRE_AP) ? "A" : ""); } - if (len < 2) + if (l < sizeof(proto)) goto trunc; - prot = EXTRACT_16BITS(bp); - len -= 2; - bp += 2; + + proto = EXTRACT_16BITS(p); + p += sizeof(proto); + l -= sizeof(proto); + length -= sizeof(proto); if (flags & GRE_CP) { printf(" cpset!"); @@ -261,52 +275,65 @@ gre_print_1(const u_char *bp, u_int leng return; } - if (flags & GRE_KP) { - u_int32_t k; + /* GRE_KP */ + if (l < sizeof(len)) + goto trunc; + len = EXTRACT_16BITS(p); + p += sizeof(len); + l -= sizeof(len); + length -= sizeof(len); - if (len < 4) - goto trunc; - k = EXTRACT_32BITS(bp); - printf(" call %d", k & 0xffff); - len -= 4; - bp += 4; - } + if (vflag) + printf(" len %u", EXTRACT_16BITS(p)); + + if (l < 2) + goto trunc; + printf(" callid %u", EXTRACT_16BITS(p)); + p += 2; + l -= 2; + length -= 2; if (flags & GRE_SP) { - if (len < 4) + if (l < 4) goto trunc; - printf(" seq %u", EXTRACT_32BITS(bp)); - bp += 4; - len -= 4; + printf(" seq %u", EXTRACT_32BITS(p)); + p += 4; + l -= 4; + length -= 4; } if (flags & GRE_AP) { - if (len < 4) + if (l < 4) goto trunc; - printf(" ack %u", EXTRACT_32BITS(bp)); - bp += 4; - len -= 4; + printf(" ack %u", EXTRACT_32BITS(p)); + p += 4; + l -= 4; + length -= 4; } - if ((flags & GRE_SP) == 0) { - printf(" no-payload"); + if ((flags & GRE_SP) == 0) return; + + if (length < len) { + (void)printf(" truncated-pptp - %d bytes missing!", + len - length); + len = length; } printf(": "); - switch (prot) { + switch (proto) { case ETHERTYPE_PPP: - printf("gre-ppp-payload"); + ppp_hdlc_print(p, len); break; default: - printf("gre-proto-0x%x", prot); + printf("unknown-proto-%04x", proto); break; } return; trunc: - printf("[|gre]"); + printf("[|pptp]"); } void Index: usr.sbin/tcpdump/print-ip.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-ip.c,v retrieving revision 1.47 diff -u -p -r1.47 print-ip.c --- usr.sbin/tcpdump/print-ip.c 30 Oct 2016 04:10:21 -0000 1.47 +++ usr.sbin/tcpdump/print-ip.c 5 Feb 2018 06:08:37 -0000 @@ -497,16 +497,11 @@ ip_print(const u_char *bp, u_int length) #define IPPROTO_GRE 47 #endif case IPPROTO_GRE: - if (vflag) - (void)printf("gre %s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); + (void)printf("%s > %s: ", + ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); /* do it */ gre_print(cp, len); - if (! vflag) { - printf(" (gre encap)"); - goto out; - } break; #ifndef IPPROTO_ESP Index: usr.sbin/tcpdump/print-ip6.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-ip6.c,v retrieving revision 1.24 diff -u -p -r1.24 print-ip6.c --- usr.sbin/tcpdump/print-ip6.c 13 Dec 2016 06:40:21 -0000 1.24 +++ usr.sbin/tcpdump/print-ip6.c 5 Feb 2018 06:08:37 -0000 @@ -190,10 +190,6 @@ ip6_print(const u_char *bp, u_int length #endif case IPPROTO_GRE: gre_print(cp, len); - if (! vflag) { - printf(" (gre encap)"); - goto out; - } goto end; case IPPROTO_NONE: Index: usr.sbin/tcpdump/print-ppp.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-ppp.c,v retrieving revision 1.30 diff -u -p -r1.30 print-ppp.c --- usr.sbin/tcpdump/print-ppp.c 25 Jul 2017 16:07:28 -0000 1.30 +++ usr.sbin/tcpdump/print-ppp.c 5 Feb 2018 06:08:37 -0000 @@ -48,30 +48,65 @@ struct rtentry; #include "addrtoname.h" #include "extract.h" +#ifndef nitems +#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) +#endif + +#ifndef PPP_EAP +#define PPP_EAP 0xc227 +#endif + +#ifndef PPP_CDP +#define PPP_CDP 0x0207 +#endif + +#ifndef PPP_CDPCP +#define PPP_CDPCP 0x8207 +#endif + struct protonames { u_short protocol; char *name; }; -static struct protonames protonames[] = { +static const struct protonames protonames[] = { /* * Protocol field values. */ { PPP_IP, "IP" }, /* Internet Protocol */ { PPP_XNS, "XNS" }, /* Xerox NS */ { PPP_IPX, "IPX" }, /* IPX Datagram (RFC1552) */ + { PPP_AT, "AppleTalk" }, /* AppleTalk Protocol */ { PPP_VJC_COMP, "VJC_UNCOMP" }, /* VJ compressed TCP */ { PPP_VJC_UNCOMP,"VJC_UNCOMP" },/* VJ uncompressed TCP */ + { PPP_IPV6, "IPv6" }, /* Internet Protocol version 6 */ { PPP_COMP, "COMP" }, /* compressed packet */ { PPP_IPCP, "IPCP" }, /* IP Control Protocol */ + { PPP_ATCP, "AppleTalkCP" },/* AppleTalk Control Protocol */ { PPP_IPXCP, "IPXCP" }, /* IPX Control Protocol (RFC1552) */ { PPP_IPV6CP, "IPV6CP" }, /* IPv6 Control Protocol */ { PPP_CCP, "CCP" }, /* Compression Control Protocol */ { PPP_LCP, "LCP" }, /* Link Control Protocol */ { PPP_PAP, "PAP" }, /* Password Authentication Protocol */ { PPP_LQR, "LQR" }, /* Link Quality Report protocol */ + { PPP_CBCP, "CBCP" }, /* Callback Control Protocol */ { PPP_CHAP, "CHAP" }, /* Cryptographic Handshake Auth. Proto */ - { PPP_IPV6, "IPV6" }, /* Internet Protocol v6 */ + { PPP_EAP, "EAP" }, /* Extensible Auth. Protocol */ + { PPP_CDP, "CDP" }, + { PPP_CDPCP, "CDPCP" }, +}; + +struct ppp_control { + uint8_t code; + uint8_t id; + uint16_t len; +}; + +struct ppp_cp_type { + const char *unkname; + int mincode; + int maxcode; + const char **codes; }; /* LCP */ @@ -91,7 +126,7 @@ static struct protonames protonames[] = #define LCP_MIN LCP_CONF_REQ #define LCP_MAX LCP_DISC_REQ -static char *lcpcodes[] = { +static const char *lcpcodes[] = { /* * LCP code values (RFC1661, pp26) */ @@ -158,7 +193,7 @@ static char *lcpconfopts[] = { #define CHAP_CODEMIN 1 #define CHAP_CODEMAX 4 -static char *chapcode[] = { +static const char *chapcode[] = { "Challenge", "Response", "Success", @@ -174,12 +209,49 @@ static char *chapcode[] = { #define PAP_CODEMIN 1 #define PAP_CODEMAX 3 -static char *papcode[] = { +static const char *papcode[] = { "Authenticate-Request", "Authenticate-Ack", "Authenticate-Nak", }; +/* EAP */ + +#define EAP_CHAL 1 +#define EAP_RESP 2 +#define EAP_SUCC 3 +#define EAP_FAIL 4 + +#define EAP_CODEMIN EAP_CHAL +#define EAP_CODEMAX EAP_FAIL + +#define EAP_TYPE_IDENTITY 1 +#define EAP_TYPE_NOTIFICATION 2 +#define EAP_TYPE_NAK 3 +#define EAP_TYPE_MD5_CHALLENGE 4 +#define EAP_TYPE_OTP 5 +#define EAP_TYPE_TOKEN 6 + +#define EAP_TYPEMIN EAP_TYPE_IDENTITY +#define EAP_TYPEMAX EAP_TYPE_TOKEN + +static const char *eapcode[] = { + "Challenge", + "Response", + "Success", + "Failure", +}; + +static const char *eaptype[] = { + "Identity", + "Notification", + "Nak", + "MD5-Challenge", + "One-Time-Password", + "Token", +}; + + /* IPCP */ #define IPCP_CODE_CFG_REQ 1 @@ -212,12 +284,15 @@ static char *papcode[] = { #define IPV6CP_IFID 1 -static int print_lcp_config_options(u_char *p); -static void handle_lcp(const u_char *p, int length); -static void handle_chap(const u_char *p, int length); -static void handle_ipcp(const u_char *p, int length); -static void handle_ipv6cp(const u_char *p, int length); -static void handle_pap(const u_char *p, int length); +static int print_lcp_config_options(const u_char *p, int); +static void handle_lcp(const u_char *, int); +static void handle_chap(const u_char *p, int); +static void handle_eap(const u_char *p, int); +static void handle_ipcp(const u_char *p, int); +static int print_ipcp_config_options(const u_char *, int); +static void handle_ipv6cp(const u_char *p, int); +static int print_ipv6cp_config_options(const u_char *, int); +static void handle_pap(const u_char *p, int); struct pppoe_header { u_int8_t vertype; /* PPPoE version/type */ @@ -243,87 +318,162 @@ struct pppoe_header { #define PPPOE_TAG_AC_SYSTEM_ERROR 0x0202 /* Acc. Concentrator Error */ #define PPPOE_TAG_GENERIC_ERROR 0x0203 /* Generic Error */ -void -ppp_hdlc_print(p, length) - const u_char *p; - int length; +static void +ppp_protoname(uint16_t proto) { - int proto = PPP_PROTOCOL(p); + const struct protonames *protoname; int i; - for (i = sizeof(protonames) / sizeof(protonames[0]) - 1; i >= 0; i--) { - if (proto == protonames[i].protocol) { - printf("%s: ", protonames[i].name); + /* bsearch? */ + for (i = 0; i < nitems(protonames); i++) { + protoname = &protonames[i]; + + if (proto == protoname->protocol) { + printf("%s ", protoname->name); + return; + } + } - switch(proto) { + printf("unknown-ppp-%04x", proto); +} - case PPP_LCP: - handle_lcp(p, length); - break; - case PPP_CHAP: - handle_chap(p, length); - break; - case PPP_PAP: - handle_pap(p, length); - break; - case PPP_IPCP: - handle_ipcp(p, length); - break; - case PPP_IPV6CP: - handle_ipv6cp(p, length); - break; - } - break; - } +void +ppp_print(const u_char *p, u_int length) +{ + uint16_t proto; + int l; + + l = snapend - p; + + if (l < sizeof(proto)) { + printf("[|ppp]"); + return; } - if (i < 0) - printf("%04x: ", proto); + + proto = EXTRACT_16BITS(p); + + p += sizeof(proto); + l -= sizeof(proto); + length -= sizeof(proto); + + if (eflag) + ppp_protoname(proto); + + switch (proto) { + case PPP_IP: + ip_print(p, length); + return; + case PPP_IPV6: + ip6_print(p, length); + return; + } + + if (!eflag) + ppp_protoname(proto); + + switch(proto) { + case PPP_LCP: + handle_lcp(p, l); + break; + case PPP_CHAP: + handle_chap(p, l); + break; + case PPP_EAP: + handle_eap(p, l); + break; + case PPP_PAP: + handle_pap(p, l); + break; + case PPP_IPCP: + handle_ipcp(p, l); + break; + case PPP_IPV6CP: + handle_ipv6cp(p, l); + break; + } +} + +static int +ppp_cp_header(struct ppp_control *pc, const u_char *p, int l, + const struct ppp_cp_type *t) +{ + uint8_t code; + int off = 0; + int len; + + len = sizeof(pc->code); + if (l < len) + return (-1); + + pc->code = code = *(p + off); + if (code >= t->mincode && code <= t->maxcode) + printf("%s ", t->codes[code - 1]); + else + printf("unknown-%s-%u ", t->unkname, pc->code); + + off = len; + len += sizeof(pc->id); + if (l < len) + return (-1); + + pc->id = *(p + off); + printf("Id=0x%02x:", pc->id); + + off = len; + len += sizeof(pc->len); + if (l < len) + return (-1); + + pc->len = EXTRACT_16BITS(p + off); + + return (len); } /* print LCP frame */ +static const struct ppp_cp_type ppp_cp_lcp = { + "lcp", + LCP_MIN, LCP_MAX, + lcpcodes, +}; + static void -handle_lcp(p, length) - const u_char *p; - int length; -{ - int x, j; - u_char *ptr; - - TCHECK(*(p + 4)); - x = *(p + 4); - - if ((x >= LCP_MIN) && (x <= LCP_MAX)) - printf("%s", lcpcodes[x-1]); - else { - printf("0x%02x", x); - return; - } +handle_lcp(const u_char *p, int l) +{ + struct ppp_control pc; - length -= 4; - - switch(x) { + if (ppp_cp_header(&pc, p, l, &ppp_cp_lcp) == -1) + goto trunc; + if (l > pc.len) + l = pc.len; + + p += sizeof(pc); + l -= sizeof(pc); + + switch (pc.code) { case LCP_CONF_REQ: case LCP_CONF_ACK: case LCP_CONF_NAK: case LCP_CONF_REJ: - x = length; - ptr = (u_char *)p+8; - do { - if((j = print_lcp_config_options(ptr)) == 0) + while (l > 0) { + int optlen; + + optlen = print_lcp_config_options(p, l); + if (optlen == -1) + goto trunc; + if (optlen == 0) break; - x -= j; - ptr += j; + + p += optlen; + l -= optlen; } - while(x > 0); break; - case LCP_ECHO_REQ: case LCP_ECHO_RPL: - TCHECK2(*(p + 8), 4); - printf(", Magic-Number=%d", ((*(p+ 8) << 24) + (*(p+9) << 16) + - (*(p+10) << 8) + (*(p+11)))); + if (l < 4) + goto trunc; + printf(" Magic-Number=%u", EXTRACT_32BITS(p)); break; case LCP_TERM_REQ: case LCP_TERM_ACK: @@ -342,69 +492,111 @@ trunc: /* LCP config options */ static int -print_lcp_config_options(p) - u_char *p; +print_lcp_config_options(const u_char *p, int l) { - int len, opt; + uint8_t type, length; + uint16_t proto; + + if (l < sizeof(type)) + return (-1); - TCHECK2(*p, 2); - len = *(p+1); - opt = *p; + type = p[0]; + if (type <= LCPOPT_MAX) + printf(" %s", lcpconfopts[type]); + else + printf(" unknown-lcp-%u", type); + + if (l < sizeof(type) + sizeof(length)) + return (-1); + + length = p[1]; - if((opt >= LCPOPT_MIN) && (opt <= LCPOPT_MAX)) - printf(", %s", lcpconfopts[opt]); + if (length < sizeof(type) + sizeof(length)) + return (0); - switch(opt) { + if (l > length) + l = length; + + p += sizeof(type) + sizeof(length); + l -= sizeof(type) + sizeof(length); + + switch (type) { case LCPOPT_MRU: - if(len == 4) { - TCHECK2(*(p + 2), 2); - printf("=%d", (*(p+2) << 8) + *(p+3)); - } + if (length != 4) + goto invalid; + if (l < 2) + return (-1); + + printf("=%u", EXTRACT_16BITS(p)); break; case LCPOPT_AP: - if(len >= 4) { - TCHECK2(*(p + 2), 2); - if(*(p+2) == 0xc0 && *(p+3) == 0x23) - printf(" PAP"); - else if(*(p+2) == 0xc2 && *(p+3) == 0x23) { - printf(" CHAP/"); - TCHECK(*(p+4)); - switch(*(p+4)) { - default: - printf("unknown-algorithm-%d", *(p+4)); - break; - case 5: - printf("MD5"); - break; - case 0x80: - printf("Microsoft"); - break; - } - } else if(*(p+2) == 0xc2 && *(p+3) == 0x27) - printf(" EAP"); - else if(*(p+2) == 0xc0 && *(p+3) == 0x27) - printf(" SPAP"); - else if(*(p+2) == 0xc1 && *(p+3) == 0x23) - printf(" Old-SPAP"); - else - printf("unknown"); + if (length < 4) + goto invalid; + if (l < sizeof(proto)) + return (-1); + + proto = EXTRACT_16BITS(p); + switch (proto) { + case PPP_PAP: + printf("=PAP"); + break; + case PPP_CHAP: + printf("=CHAP"); + if (length < 5) + goto invalid; + + p += sizeof(proto); + l -= sizeof(proto); + + type = *p; + switch (type) { + case 0x05: + printf("/MD5"); + break; + case 0x80: + printf("/Microsoft"); + break; + default: + printf("/unknown-algorithm-%02x", type); + break; + } + break; + case PPP_EAP: + printf("=EAP"); + break; + case 0xc027: + printf("=SPAP"); + break; + case 0xc127: + printf("=Old-SPAP"); + break; + default: + printf("=unknown-ap-%04x", proto); + break; } break; case LCPOPT_QP: - if(len >= 4) { - TCHECK2(*(p + 2), 2); - if(*(p+2) == 0xc0 && *(p+3) == 0x25) - printf(" LQR"); - else - printf(" unknown"); + if (length < 4) + goto invalid; + if (l < sizeof(proto)) + return (-1); + + proto = EXTRACT_16BITS(p); + switch (proto) { + case PPP_LQR: + printf(" LQR"); + break; + default: + printf(" unknown-qp-%u", proto); } break; case LCPOPT_MN: - if(len == 6) { - TCHECK2(*(p + 2), 4); - printf("=%d", ((*(p+2) << 24) + (*(p+3) << 16) + - (*(p+4) << 8) + (*(p+5)))); - } + if (length < 6) + goto invalid; + if (l < 4) + return (-1); + + printf("=%u", EXTRACT_32BITS(p)); break; case LCPOPT_PFC: printf(" PFC"); @@ -413,51 +605,86 @@ print_lcp_config_options(p) printf(" ACFC"); break; } - return(len); -trunc: - printf("[|lcp]"); - return 0; + return (length); + +invalid: + printf(" invalid opt len %u", length); + return (length); } /* CHAP */ +static const struct ppp_cp_type ppp_cp_chap = { + "chap", + CHAP_CODEMIN, CHAP_CODEMAX, + chapcode, +}; + static void -handle_chap(p, length) - const u_char *p; - int length; -{ - int x; - u_char *ptr; - - TCHECK(*(p+4)); - x = *(p+4); - - if((x >= CHAP_CODEMIN) && (x <= CHAP_CODEMAX)) - printf("%s", chapcode[x-1]); - else { - printf("0x%02x", x); - return; - } +handle_chap(const u_char *p, int l) +{ + struct ppp_control pc; + uint8_t vsize; + int i; - length -= 4; - - switch(x) { + if (ppp_cp_header(&pc, p, l, &ppp_cp_chap) == -1) + goto trunc; + + if (l > pc.len) + l = pc.len; + + p += sizeof(pc); + l -= sizeof(pc); + + switch (pc.code) { case CHAP_CHAL: case CHAP_RESP: - printf(", Value="); - TCHECK(*(p+8)); - x = *(p+8); /* value size */ - ptr = (u_char *)p+9; - while(--x >= 0) { - TCHECK(*ptr); - printf("%02x", *ptr++); - } - x = length - *(p+8) - 1; - printf(", Name="); - while(--x >= 0) { - TCHECK(*ptr); - safeputchar(*ptr++); + if (l < sizeof(vsize)) + goto trunc; + + vsize = *p; + if (vsize < 1) { + printf(" invalid Value-Size"); + return; + } + + p += sizeof(vsize); + l -= sizeof(vsize); + + printf(" Value="); + for (i = 0; i < vsize; i++) { + if (l == 0) + goto trunc; + + printf("%02x", *p); + + p++; + l--; + } + + printf(" Name="); + for (i += sizeof(pc) + sizeof(vsize); i < pc.len; i++) { + if (l == 0) + goto trunc; + + safeputchar(*p); + + p++; + l--; + } + break; + case CHAP_SUCC: + case CHAP_FAIL: + printf(" Message="); + for (i = sizeof(pc); i < pc.len; i++) { + if (l == 0) + goto trunc; + + safeputchar(*p); + + p++; + l--; } break; } @@ -467,50 +694,195 @@ trunc: printf("[|chap]"); } -/* PAP */ +/* EAP */ + +static const struct ppp_cp_type ppp_cp_eap = { + "eap", + EAP_CODEMIN, EAP_CODEMAX, + eapcode, +}; static void -handle_pap(p, length) - const u_char *p; - int length; -{ - int x; - u_char *ptr; - - TCHECK(*(p+4)); - x = *(p+4); - - if((x >= PAP_CODEMIN) && (x <= PAP_CODEMAX)) - printf("%s", papcode[x-1]); - else { - printf("0x%02x", x); - return; +handle_eap(const u_char *p, int l) +{ + struct ppp_control pc; + uint8_t type, vsize; + int i; + + if (ppp_cp_header(&pc, p, l, &ppp_cp_eap) == -1) + goto trunc; + + if (l > pc.len) + l = pc.len; + + p += sizeof(pc); + l -= sizeof(pc); + + switch (pc.code) { + case EAP_CHAL: + case EAP_RESP: + if (l < sizeof(type)) + goto trunc; + + type = *p; + p += sizeof(type); + l -= sizeof(type); + + if (type >= EAP_TYPEMIN && type <= EAP_TYPEMAX) + printf(" %s", eaptype[type - 1]); + else { + printf(" unknown-eap-type-%u", type); + return; + } + + switch (type) { + case EAP_TYPE_IDENTITY: + case EAP_TYPE_NOTIFICATION: + case EAP_TYPE_OTP: + i = sizeof(pc) + sizeof(type); + if (i == pc.len) + break; + + printf("="); + do { + if (l == 0) + goto trunc; + + safeputchar(*p); + + p++; + l--; + } while (++i < pc.len); + break; + + case EAP_TYPE_NAK: + if (l < sizeof(type)) + goto trunc; + type = *p; + if (type >= EAP_TYPEMIN && type <= EAP_TYPEMAX) + printf(" %s", eaptype[type - 1]); + else + printf(" unknown-eap-type-%u", type); + break; + case EAP_TYPE_MD5_CHALLENGE: + if (l < sizeof(vsize)) + goto trunc; + + vsize = *p; + p += sizeof(vsize); + l -= sizeof(vsize); + + printf("="); + for (i = 0; i < vsize; i++) { + if (l == 0) + goto trunc; + + printf("%02x", *p); + + p++; + l--; + } + break; + } + break; + case CHAP_SUCC: + case CHAP_FAIL: + break; } + return; + +trunc: + printf("[|eap]"); +} + +/* PAP */ + +static const struct ppp_cp_type ppp_cp_pap = { + "pap", + PAP_CODEMIN, PAP_CODEMAX, + papcode, +}; + +static void +handle_pap(const u_char *p, int l) +{ + struct ppp_control pc; + uint8_t x; + int i; - length -= 4; + if (ppp_cp_header(&pc, p, l, &ppp_cp_pap) == -1) + goto trunc; - switch(x) { + if (l > pc.len) + l = pc.len; + + p += sizeof(pc); + l -= sizeof(pc); + + switch (pc.code) { case PAP_AREQ: - printf(", Peer-Id="); - TCHECK(*(p+8)); - x = *(p+8); /* peerid size */ - ptr = (u_char *)p+9; - while(--x >= 0) { - TCHECK(*ptr); - safeputchar(*ptr++); - } - TCHECK(*ptr); - x = *ptr++; - printf(", Passwd="); - while(--x >= 0) { - TCHECK(*ptr); - safeputchar(*ptr++); + if (l < sizeof(x)) /* Peer-ID Length */ + goto trunc; + + x = *p; + + p += sizeof(x); + l -= sizeof(x); + + printf(" Peer-Id="); + for (i = 0; i < x; i++) { + if (l == 0) + goto trunc; + + safeputchar(*p); + + p++; + l--; + } + + if (l < sizeof(x)) /* Passwd-Length */ + goto trunc; + + x = *p; + + p += sizeof(x); + l -= sizeof(x); + + printf(" Passwd="); + for (i = 0; i < x; i++) { + if (l == 0) + goto trunc; + + safeputchar(*p); + + p++; + l--; } break; + case PAP_AACK: - case PAP_ANAK: - break; + case PAP_ANAK: + if (l < sizeof(x)) /* Msg-Length */ + goto trunc; + + x = *p; + + p += sizeof(x); + l -= sizeof(x); + + printf(" Message="); + for (i = 0; i < x; i++) { + if (l == 0) + goto trunc; + + safeputchar(*p); + + p++; + l--; + } + break; } + return; trunc: @@ -519,187 +891,289 @@ trunc: /* IPCP */ +#define IP_LEN 4 +#define IP_FMT "%u.%u.%u.%u" +#define IP_ARG(_p) (_p)[0], (_p)[1], (_p)[2], (_p)[3] + +static const struct ppp_cp_type ppp_cp_ipcp = { + "ipcp", + IPCP_CODE_MIN, IPCP_CODE_MAX, + lcpcodes, +}; + static void -handle_ipcp(p, length) - const u_char *p; - int length; -{ - int x; - - TCHECK(*(p+4)); - x = *(p+4); - - if((x >= IPCP_CODE_MIN) && (x <= IPCP_CODE_MAX)) - printf("%s", lcpcodes[x-1]); /* share table with LCP */ - else { - printf("0x%02x", x); - return; +handle_ipcp(const u_char *p, int l) +{ + struct ppp_control pc; + + if (ppp_cp_header(&pc, p, l, &ppp_cp_ipcp) == -1) + goto trunc; + + if (l > pc.len) + l = pc.len; + + p += sizeof(pc); + l -= sizeof(pc); + + switch (pc.code) { + case IPCP_CODE_CFG_REQ: + case IPCP_CODE_CFG_ACK: + case IPCP_CODE_CFG_NAK: + case IPCP_CODE_CFG_REJ: + while (l > 0) { + int optlen; + + optlen = print_ipcp_config_options(p, l); + if (optlen == -1) + goto trunc; + if (optlen == 0) + break; + + p += optlen; + l -= optlen; + } + break; + + case IPCP_CODE_TRM_REQ: + case IPCP_CODE_TRM_ACK: + case IPCP_CODE_COD_REJ: + default: + break; } - length -= 4; + return; - TCHECK(*(p+8)); - switch(*(p+8)) { +trunc: + printf("[|ipcp]"); +} + +static int +print_ipcp_config_options(const u_char *p, int l) +{ + uint8_t type, length; + + if (l < sizeof(type)) + return (-1); + + type = p[0]; + switch (type) { case IPCP_2ADDR: - printf(", IP-Addresses"); - TCHECK2(*(p+10), 8); - printf(", Src=%d.%d.%d.%d", - *(p+10), *(p+11), *(p+12), *(p+13)); - printf(", Dst=%d.%d.%d.%d", - *(p+14), *(p+15), *(p+16), *(p+17)); + printf(" IP-Addresses"); break; - case IPCP_CP: - printf(", IP-Compression-Protocol"); + printf(" IP-Compression-Protocol"); break; - case IPCP_ADDR: - TCHECK2(*(p+10), 4); - printf(", IP-Address=%d.%d.%d.%d", - *(p+10), *(p+11), *(p+12), *(p+13)); + printf(" IP-Address"); break; default: - printf(", Unknown IPCP code 0x%x", *(p+8)); + printf(" ipcp-type-%u", type); break; } - return; -trunc: - printf("[|ipcp]"); + if (l < sizeof(type) + sizeof(length)) + return (-1); + + length = p[1]; + + p += (sizeof(type) + sizeof(length)); + l -= (sizeof(type) + sizeof(length)); + + switch (type) { + case IPCP_2ADDR: + if (length != 10) + goto invalid; + if (l < IP_LEN) + return (-1); + + printf(" Src=" IP_FMT, IP_ARG(p)); + + p += IP_LEN; + l -= IP_LEN; + + if (l < IP_LEN) + return (-1); + + printf(" Dst=" IP_FMT, IP_ARG(p)); + break; + case IPCP_CP: + if (length < 4) + goto invalid; + if (l < sizeof(type)) + return (-1); + + type = EXTRACT_16BITS(p); + switch (type) { + case 0x0037: + printf(" Van Jacobsen Compressed TCP/IP"); + break; + default: + printf("ipcp-compression-type-%u", type); + break; + } + break; + case IPCP_ADDR: + if (length != 6) + goto invalid; + if (l < IP_LEN) + return (-1); + + printf("=" IP_FMT, IP_ARG(p)); + break; + } + + return (length); + +invalid: + printf(" invalid opt len %u", length); + return (length); } /* IPV6CP */ +static const struct ppp_cp_type ppp_cp_ipv6cp = { + "ipv6cp", + IPV6CP_CODE_MIN, IPV6CP_CODE_MAX, + lcpcodes, +}; + static void -handle_ipv6cp(p, length) - const u_char *p; - int length; -{ - int x; - - TCHECK(*(p+4)); - x = *(p+4); - - if((x >= IPV6CP_CODE_MIN) && (x <= IPV6CP_CODE_MAX)) - printf("%s", lcpcodes[x-1]); /* share table with LCP */ - else { - printf("0x%02x", x); - return; - } +handle_ipv6cp(const u_char *p, int l) +{ + struct ppp_control pc; - TCHECK(*(p+8)); - switch(*(p+8)) { - case IPV6CP_IFID: - TCHECK2(*(p + 10), 8); - printf(", Interface-ID=%04x:%04x:%04x:%04x", - EXTRACT_16BITS(p + 10), - EXTRACT_16BITS(p + 12), - EXTRACT_16BITS(p + 14), - EXTRACT_16BITS(p + 16)); + if (ppp_cp_header(&pc, p, l, &ppp_cp_ipv6cp) == -1) + goto trunc; + + if (l > pc.len) + l = pc.len; + + p += sizeof(pc); + l -= sizeof(pc); + + switch (pc.code) { + case IPV6CP_CODE_CFG_REQ: + case IPV6CP_CODE_CFG_ACK: + case IPV6CP_CODE_CFG_NAK: + case IPV6CP_CODE_CFG_REJ: + while (l > 0) { + int optlen; + + optlen = print_ipv6cp_config_options(p, l); + if (optlen == -1) + goto trunc; + if (optlen == 0) + break; + + p += optlen; + l -= optlen; + } break; + case IPV6CP_CODE_TRM_REQ: + case IPV6CP_CODE_TRM_ACK: + case IPV6CP_CODE_COD_REJ: default: - printf(", Unknown IPV6CP code 0x%x", *(p+8)); break; } + return; trunc: printf("[|ipv6cp]"); } -void -ppp_if_print(user, h, p) - u_char *user; - const struct pcap_pkthdr *h; - const u_char *p; +static int +print_ipv6cp_config_options(const u_char *p, int l) { - u_int length = h->len; - u_int caplen = h->caplen; + uint8_t type, length; - ts_print(&h->ts); + if (l < sizeof(type)) + return (-1); - if (caplen < PPP_HDRLEN) { - printf("[|ppp]"); - goto out; + type = p[0]; + switch (type) { + case IPV6CP_IFID: + printf(" IPv6-Interface-Id"); + break; + default: + printf(" ipv6cp-type-%u", type); + break; } - /* - * Some printers want to get back at the link level addresses, - * and/or check that they're not walking off the end of the packet. - * Rather than pass them all the way down, we set these globals. - */ - packetp = p; - snapend = p + caplen; + if (l < sizeof(type) + sizeof(length)) + return (-1); - if (eflag) - ppp_hdlc_print(p, length); + length = p[1]; - length -= PPP_HDRLEN; + p += (sizeof(type) + sizeof(length)); + l -= (sizeof(type) + sizeof(length)); - switch(PPP_PROTOCOL(p)) { - case PPP_IP: - case ETHERTYPE_IP: - ip_print((const u_char *)(p + PPP_HDRLEN), length); - break; - case PPP_IPV6: - case ETHERTYPE_IPV6: - ip6_print((const u_char *)(p + PPP_HDRLEN), length); + switch (type) { + case IPV6CP_IFID: + if (length != 10) + goto invalid; + if (l < 8) + return (-1); + + printf("=%04x:%04x:%04x:%04x", EXTRACT_16BITS(p + 0), + EXTRACT_16BITS(p + 2), EXTRACT_16BITS(p + 4), + EXTRACT_16BITS(p + 6)); break; - case PPP_IPX: - case ETHERTYPE_IPX: - ipx_print((const u_char *)(p + PPP_HDRLEN), length); + default: break; + } -#ifndef PPP_MPLS -#define PPP_MPLS 0x0281 -#endif - case PPP_MPLS: - mpls_print((const u_char *)(p + PPP_HDRLEN), length); - break; + return (length); +invalid: + printf(" invalid opt len %u", length); + return (length); +} - default: - if(!eflag) - ppp_hdlc_print(p, length); - if(!xflag) - default_print((const u_char *)(p + PPP_HDRLEN), - caplen - PPP_HDRLEN); - } +void +ppp_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) +{ + u_int length = h->len; + u_int caplen = h->caplen; + + packetp = p; + snapend = p + caplen; + + ts_print(&h->ts); + + ppp_hdlc_print(p, length); if (xflag) default_print((const u_char *)(p + PPP_HDRLEN), - caplen - PPP_HDRLEN); -out: + caplen - PPP_HDRLEN); + putchar('\n'); } void -ppp_ether_if_print(user, h, p) - u_char *user; - const struct pcap_pkthdr *h; - const u_char *p; +ppp_ether_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int16_t pppoe_sid, pppoe_len; - u_int caplen = h->caplen; - u_int16_t length = h->len; - u_int16_t proto; - int i; - - ts_print(&h->ts); + u_int l = h->caplen; + u_int length = h->len; packetp = p; - snapend = p + caplen; + snapend = p + l; + + ts_print(&h->ts); if (eflag) printf("PPPoE "); - if (caplen < sizeof(struct pppoe_header)) { + if (l < sizeof(struct pppoe_header)) { printf("[|pppoe]"); return; } - if(eflag) - { + pppoe_sid = EXTRACT_16BITS(p + 2); + pppoe_len = EXTRACT_16BITS(p + 4); + + if (eflag) { printf("\n\tcode "); switch (p[1]) { case PPPOE_CODE_PADI: @@ -724,82 +1198,36 @@ ppp_ether_if_print(user, h, p) printf("Unknown(0x%02x)", p[1]); break; } - } - - pppoe_sid = EXTRACT_16BITS(p + 2); - pppoe_len = EXTRACT_16BITS(p + 4); - - if(eflag) - printf(", version %d, type %d, id 0x%04x, length %d", + printf(", version %d, type %d, id 0x%04x, length %d\n\t", (p[0] & 0xf), (p[0] & 0xf0) >> 4, pppoe_sid, pppoe_len); - - length -= sizeof(struct pppoe_header); - caplen -= sizeof(struct pppoe_header); - p += sizeof(struct pppoe_header); - - if (pppoe_len > caplen) - pppoe_len = caplen; - - if (pppoe_len < 2) { - printf("[|pppoe]"); - return; } - proto = EXTRACT_16BITS(p); - for (i = sizeof(protonames)/sizeof(protonames[0]) - 1; i >= 0; i--) { - if (proto == protonames[i].protocol) { - if (eflag) - printf("\n\t%s: ", protonames[i].name); - switch (proto) { - case PPP_LCP: - handle_lcp(p - 2, length + 2); - break; - case PPP_CHAP: - handle_chap(p - 2, length + 2); - break; - case PPP_PAP: - handle_pap(p - 2, length + 2); - break; - case PPP_IPCP: - handle_ipcp(p - 2, length + 2); - break; - case PPP_IPV6CP: - handle_ipv6cp(p - 2, length + 2); - break; - case PPP_IP: - ip_print(p + 2, length - 2); - break; - case PPP_IPV6: - ip6_print(p + 2, length - 2); - break; - case PPP_IPX: - ipx_print(p + 2, length - 2); - } - break; - } - } - if (i < 0) - printf("\n\t%04x: ", proto); + if (length < pppoe_len) { + (void)printf(" truncated-pppoe - %d bytes missing!", + pppoe_len - length); + pppoe_len = length; + } + + ppp_print(p + sizeof(struct pppoe_header), pppoe_len); if (xflag) - default_print(p + 2, caplen - 2); + default_print(p, h->caplen); + putchar('\n'); } int -pppoe_if_print(u_short ethertype, const u_char *p, u_int length, u_int caplen) +pppoe_if_print(u_short ethertype, const u_char *p, u_int length, u_int l) { - u_int16_t pppoe_sid, pppoe_len; + uint16_t pppoe_sid, pppoe_len; if (ethertype == ETHERTYPE_PPPOEDISC) printf("PPPoE-Discovery"); else printf("PPPoE-Session"); - if (caplen < sizeof(struct pppoe_header)) { - printf("[|pppoe]"); - return (1); - } + if (l < sizeof(struct pppoe_header)) + goto trunc; printf("\n\tcode "); switch (p[1]) { @@ -831,31 +1259,33 @@ pppoe_if_print(u_short ethertype, const printf(", version %d, type %d, id 0x%04x, length %d", (p[0] & 0xf), (p[0] & 0xf0) >> 4, pppoe_sid, pppoe_len); - length -= sizeof(struct pppoe_header); - caplen -= sizeof(struct pppoe_header); p += sizeof(struct pppoe_header); + l -= sizeof(struct pppoe_header); + length -= sizeof(struct pppoe_header); + + if (length < pppoe_len) { + (void)printf(" truncated-pppoe - %d bytes missing!", + pppoe_len - length); + pppoe_len = length; + } - if (pppoe_len > caplen) - pppoe_len = caplen; + if (l > pppoe_len) + l = pppoe_len; if (ethertype == ETHERTYPE_PPPOEDISC) { - while (pppoe_len > 0) { + while (l > 0) { u_int16_t t_type, t_len; - if (pppoe_len < 4) { - printf("\n\t[|pppoe]"); - break; - } + if (l < 4) + goto trunc; t_type = EXTRACT_16BITS(p); t_len = EXTRACT_16BITS(p + 2); - pppoe_len -= 4; p += 4; + l -= 4; - if (pppoe_len < t_len) { - printf("\n\t[|pppoe]"); - break; - } + if (l < t_len) + goto trunc; printf("\n\ttag "); switch (t_type) { @@ -905,57 +1335,82 @@ pppoe_if_print(u_short ethertype, const printf("\\%03o", p[t_type]); } } - pppoe_len -= t_len; p += t_len; + l -= t_len; } + } else if (ethertype == ETHERTYPE_PPPOE) { + printf("\n\t"); + ppp_print(p, pppoe_len); } - else if (ethertype == ETHERTYPE_PPPOE) { - u_int16_t proto; - int i; - - if (pppoe_len < 2) { - printf("[|pppoe]"); - return (1); - } - proto = EXTRACT_16BITS(p); - for (i = sizeof(protonames)/sizeof(protonames[0]) - 1; i >= 0; - i--) { - if (proto == protonames[i].protocol) { - printf("\n\t%s: ", protonames[i].name); - switch (proto) { - case PPP_LCP: - handle_lcp(p - 2, length + 2); - break; - case PPP_CHAP: - handle_chap(p - 2, length + 2); - break; - case PPP_PAP: - handle_pap(p - 2, length + 2); - break; - case PPP_IPCP: - handle_ipcp(p - 2, length + 2); - break; - case PPP_IPV6CP: - handle_ipv6cp(p - 2, length + 2); - break; - case PPP_IP: - ip_print(p + 2, length - 2); - break; - case PPP_IPV6: - ip6_print(p + 2, length - 2); - break; - case PPP_IPX: - ipx_print(p + 2, length - 2); - } - break; - } + return (1); + +trunc: + printf("[|pppoe]"); + return (1); +} + +void +ppp_hdlc_print(const u_char *p, u_int length) +{ + uint8_t address, control; + int l; + + l = snapend - p; + + if (l < sizeof(address) + sizeof(control)) + goto trunc; + + address = p[0]; + control = p[1]; + + p += sizeof(address) + sizeof(control); + l -= sizeof(address) + sizeof(control); + length -= sizeof(address) + sizeof(control); + + switch (address) { + case 0xff: /* All-Stations */ + if (eflag) + printf("%02x %02x %u ", address, control, length); + + if (control != 0x3) { + printf(" discard"); + break; } - if (i < 0) - printf("\n\t%04x: ", proto); + + ppp_print(p, length); + break; + + default: + printf("ppp address 0x%02x unknown", address); + break; } + return; - return (1); +trunc: + printf("[|ppp]"); +} + +void +ppp_hdlc_if_print(u_char *user, const struct pcap_pkthdr *h, + const u_char *p) +{ + int l = h->caplen; + + packetp = p; + snapend = p + l; + + ts_print(&h->ts); + + if (eflag) + printf("PPP "); + + ppp_hdlc_print(p, h->len); + + if (xflag) + default_print(p, l); + + printf("\n"); } #else Index: usr.sbin/tcpdump/tcpdump.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v retrieving revision 1.82 diff -u -p -r1.82 tcpdump.c --- usr.sbin/tcpdump/tcpdump.c 3 Feb 2018 13:39:48 -0000 1.82 +++ usr.sbin/tcpdump/tcpdump.c 5 Feb 2018 06:08:37 -0000 @@ -115,6 +115,7 @@ static struct printer printers[] = { { sl_if_print, DLT_SLIP }, { sl_bsdos_if_print, DLT_SLIP_BSDOS }, { ppp_if_print, DLT_PPP }, + { ppp_hdlc_if_print, DLT_PPP_SERIAL }, { fddi_if_print, DLT_FDDI }, { null_if_print, DLT_NULL }, { raw_if_print, DLT_RAW },