have a go at decoding cisco wccp gre packets, and let them fall into IP.

diff --git a/usr.sbin/tcpdump/print-gre.c b/usr.sbin/tcpdump/print-gre.c
index 4890cf8..19be61f 100644 (file)
--- a/usr.sbin/tcpdump/print-gre.c
+++ b/usr.sbin/tcpdump/print-gre.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: print-gre.c,v 1.15 2018/02/08 09:01:45 dlg Exp $      */
+/*     $OpenBSD: print-gre.c,v 1.16 2018/02/08 22:56:28 dlg Exp $      */
 
 /*
  * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
@@ -66,6 +66,17 @@
 #define NVGRE_FLOWID_MASK      0x000000ffU
 #define NVGRE_FLOWID_SHIFT     0
 
+#define GRE_WCCP       0x883e
+
+struct wccp_redirect {
+       uint8_t         flags;
+#define WCCP_D                 (1 << 7)
+#define WCCP_A                 (1 << 6)
+       uint8_t         ServiceId;
+       uint8_t         AltBucket;
+       uint8_t         PriBucket;
+};
+
 void gre_print_0(const u_char *, u_int);
 void gre_print_1(const u_char *, u_int);
 void gre_sre_print(u_int16_t, u_int8_t, u_int8_t, const u_char *, u_int);
@@ -207,6 +218,28 @@ gre_print_0(const u_char *p, u_int length)
        case 0:
                printf("keep-alive");
                break;
+       case GRE_WCCP: {
+               struct wccp_redirect *wccp;
+
+               printf("wccp ");
+               if (l < sizeof(*wccp)) {
+                       printf("[|wccp]");
+                       return;
+               }
+
+               wccp = (struct wccp_redirect *)p;
+
+               printf("D:%c A:%c SId:%u Alt:%u Pri:%u",
+                   (wccp->flags & WCCP_D) ? '1' : '0',
+                   (wccp->flags & WCCP_A) ? '1' : '0',
+                   wccp->ServiceId, wccp->AltBucket, wccp->PriBucket);
+
+               p += sizeof(*wccp);
+               l -= sizeof(*wccp);
+
+               printf(": ");
+               /* FALLTHROUGH */
+       }
        case ETHERTYPE_IP:
                ip_print(p, length);
                break;