mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-12-12 19:33:43 +08:00
f620cb78c2
Enable ND_LONGJMP_FROM_TCHECK. Remove a redundant ND_TCHECK_LEN() instance and make another one conditional. Report invalid packets as invalid with a reason, not truncated. Update the code from draft-ietf-sfc-nsh-01 to RFC 8300: remove the no longer existent C-bit, add the TTL field, adjust the MD Type field offset and size, apply correct mask to TLV length, redo TLV length in bytes instead of 4-byte words and mind the padding. Fetch and print one header at a time. Add and use two lookup tables for MD Type and Next Protocol. Add a version number check. Add a length check for MD Type 1. Update some error messages. Add a few encoding diagrams for clarity. Lose a few variables and reduce scope of the remaining variables. Update a few tests.
265 lines
8.7 KiB
C
265 lines
8.7 KiB
C
/* Copyright (c) 2015, bugyo
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
|
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/* \summary: Network Service Header (NSH) printer */
|
|
|
|
/* specification: RFC 8300 */
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include "netdissect-stdinc.h"
|
|
|
|
#define ND_LONGJMP_FROM_TCHECK
|
|
#include "netdissect.h"
|
|
#include "extract.h"
|
|
|
|
static const struct tok nsh_flags [] = {
|
|
{ 0x2, "O" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
/*
|
|
* 0 1 2 3
|
|
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
* |Ver|O|U| TTL | Length |U|U|U|U|MD Type| Next Protocol |
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
*/
|
|
#define NSH_BASE_HDR_LEN 4
|
|
#define NSH_VER(x) (((x) & 0xc0000000) >> 30)
|
|
#define NSH_FLAGS(x) (((x) & 0x30000000) >> 28)
|
|
#define NSH_TTL(x) (((x) & 0x0fc00000) >> 22)
|
|
#define NSH_LENGTH(x) (((x) & 0x003f0000) >> 16)
|
|
#define NSH_MD_TYPE(x) (((x) & 0x00000f00) >> 8)
|
|
#define NSH_NEXT_PROT(x) (((x) & 0x000000ff) >> 0)
|
|
|
|
#define NSH_SERVICE_PATH_HDR_LEN 4
|
|
#define NSH_HDR_WORD_SIZE 4U
|
|
|
|
#define MD_RSV 0x00
|
|
#define MD_TYPE1 0x01
|
|
#define MD_TYPE2 0x02
|
|
#define MD_EXP 0x0F
|
|
static const struct tok md_str[] = {
|
|
{ MD_RSV, "reserved" },
|
|
{ MD_TYPE1, "1" },
|
|
{ MD_TYPE2, "2" },
|
|
{ MD_EXP, "experimental" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
#define NP_IPV4 0x01
|
|
#define NP_IPV6 0x02
|
|
#define NP_ETH 0x03
|
|
#define NP_NSH 0x04
|
|
#define NP_MPLS 0x05
|
|
#define NP_EXP1 0xFE
|
|
#define NP_EXP2 0xFF
|
|
static const struct tok np_str[] = {
|
|
{ NP_IPV4, "IPv4" },
|
|
{ NP_IPV6, "IPv6" },
|
|
{ NP_ETH, "Ethernet" },
|
|
{ NP_NSH, "NSH" },
|
|
{ NP_MPLS, "MPLS" },
|
|
{ NP_EXP1, "Experiment 1" },
|
|
{ NP_EXP2, "Experiment 2" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
void
|
|
nsh_print(netdissect_options *ndo, const u_char *bp, u_int len)
|
|
{
|
|
uint32_t basehdr;
|
|
u_int ver, length, md_type;
|
|
uint8_t next_protocol;
|
|
u_char past_headers = 0;
|
|
u_int next_len;
|
|
|
|
ndo->ndo_protocol = "nsh";
|
|
/*
|
|
* 0 1 2 3
|
|
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
* | Base Header |
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
* | Service Path Header |
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
* | |
|
|
* ~ Context Header(s) ~
|
|
* | |
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
*/
|
|
|
|
/* print Base Header and Service Path Header */
|
|
if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN) {
|
|
ND_PRINT(" (packet length %u < %u)",
|
|
len, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN);
|
|
goto invalid;
|
|
}
|
|
|
|
basehdr = GET_BE_U_4(bp);
|
|
bp += 4;
|
|
ver = NSH_VER(basehdr);
|
|
length = NSH_LENGTH(basehdr);
|
|
md_type = NSH_MD_TYPE(basehdr);
|
|
next_protocol = NSH_NEXT_PROT(basehdr);
|
|
|
|
ND_PRINT("NSH, ");
|
|
if (ndo->ndo_vflag > 1) {
|
|
ND_PRINT("ver %u, ", ver);
|
|
}
|
|
if (ver != 0)
|
|
return;
|
|
ND_PRINT("flags [%s], ",
|
|
bittok2str_nosep(nsh_flags, "none", NSH_FLAGS(basehdr)));
|
|
if (ndo->ndo_vflag > 2) {
|
|
ND_PRINT("TTL %u, ", NSH_TTL(basehdr));
|
|
ND_PRINT("length %u, ", length);
|
|
ND_PRINT("md type %s, ", tok2str(md_str, "unknown (0x%02x)", md_type));
|
|
}
|
|
if (ndo->ndo_vflag > 1) {
|
|
ND_PRINT("next-protocol %s, ",
|
|
tok2str(np_str, "unknown (0x%02x)", next_protocol));
|
|
}
|
|
|
|
/* Make sure we have all the headers */
|
|
if (len < length * NSH_HDR_WORD_SIZE) {
|
|
ND_PRINT(" (too many headers for packet length %u)", len);
|
|
goto invalid;
|
|
}
|
|
|
|
/*
|
|
* 0 1 2 3
|
|
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
* | Service Path Identifier (SPI) | Service Index |
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
*
|
|
*/
|
|
ND_PRINT("service-path-id 0x%06x, ", GET_BE_U_3(bp));
|
|
bp += 3;
|
|
ND_PRINT("service-index 0x%x", GET_U_1(bp));
|
|
bp += 1;
|
|
|
|
/*
|
|
* length includes the lengths of the Base and Service Path headers.
|
|
* That means it must be at least 2.
|
|
*/
|
|
if (length < 2) {
|
|
ND_PRINT(" (less than two headers)");
|
|
goto invalid;
|
|
}
|
|
|
|
/*
|
|
* Print, or skip, the Context Headers.
|
|
* (length - 2) is the length of those headers.
|
|
*/
|
|
if (ndo->ndo_vflag > 2) {
|
|
u_int n;
|
|
|
|
if (md_type == MD_TYPE1) {
|
|
if (length != 6) {
|
|
ND_PRINT(" (invalid length for the MD type)");
|
|
goto invalid;
|
|
}
|
|
for (n = 0; n < length - 2; n++) {
|
|
ND_PRINT("\n Context[%02u]: 0x%08x", n, GET_BE_U_4(bp));
|
|
bp += NSH_HDR_WORD_SIZE;
|
|
}
|
|
past_headers = 1;
|
|
}
|
|
else if (md_type == MD_TYPE2) {
|
|
n = 0;
|
|
while (n < length - 2) {
|
|
uint16_t tlv_class;
|
|
uint8_t tlv_type, tlv_len, tlv_len_padded;
|
|
|
|
tlv_class = GET_BE_U_2(bp);
|
|
bp += 2;
|
|
tlv_type = GET_U_1(bp);
|
|
bp += 1;
|
|
tlv_len = GET_U_1(bp) & 0x7f;
|
|
bp += 1;
|
|
tlv_len_padded = roundup2(tlv_len, NSH_HDR_WORD_SIZE);
|
|
|
|
ND_PRINT("\n TLV Class %u, Type %u, Len %u",
|
|
tlv_class, tlv_type, tlv_len);
|
|
|
|
n += 1;
|
|
|
|
if (length - 2 < n + tlv_len_padded / NSH_HDR_WORD_SIZE) {
|
|
ND_PRINT(" (length too big)");
|
|
goto invalid;
|
|
}
|
|
|
|
if (tlv_len) {
|
|
const char *sep = "0x";
|
|
u_int vn;
|
|
|
|
ND_PRINT("\n Value: ");
|
|
for (vn = 0; vn < tlv_len; vn++) {
|
|
ND_PRINT("%s%02x", sep, GET_U_1(bp));
|
|
bp += 1;
|
|
sep = ":";
|
|
}
|
|
/* Cover any TLV padding. */
|
|
ND_TCHECK_LEN(bp, tlv_len_padded - tlv_len);
|
|
bp += tlv_len_padded - tlv_len;
|
|
n += tlv_len_padded / NSH_HDR_WORD_SIZE;
|
|
}
|
|
}
|
|
past_headers = 1;
|
|
}
|
|
}
|
|
if (! past_headers) {
|
|
ND_TCHECK_LEN(bp, (length - 2) * NSH_HDR_WORD_SIZE);
|
|
bp += (length - 2) * NSH_HDR_WORD_SIZE;
|
|
}
|
|
ND_PRINT(ndo->ndo_vflag ? "\n " : ": ");
|
|
|
|
/* print Next Protocol */
|
|
next_len = len - length * NSH_HDR_WORD_SIZE;
|
|
switch (next_protocol) {
|
|
case NP_IPV4:
|
|
ip_print(ndo, bp, next_len);
|
|
break;
|
|
case NP_IPV6:
|
|
ip6_print(ndo, bp, next_len);
|
|
break;
|
|
case NP_ETH:
|
|
ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL);
|
|
break;
|
|
default:
|
|
ND_PRINT("ERROR: unknown-next-protocol");
|
|
return;
|
|
}
|
|
|
|
return;
|
|
|
|
invalid:
|
|
nd_print_invalid(ndo);
|
|
}
|
|
|