1/* 2 * Copyright (c) 2016 Antonin D��cimo, Jean-Rapha��l Gaglione 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Neither the name of the project nor the names of its contributors 13 * may be used to endorse or promote products derived from this software 14 * without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29/* \summary: Home Networking Control Protocol (HNCP) printer */ 30 31#ifdef HAVE_CONFIG_H 32#include <config.h> 33#endif 34 35#include "netdissect-stdinc.h" 36 37#include <string.h> 38 39#include "netdissect.h" 40#include "addrtoname.h" 41#include "extract.h" 42 43static void 44hncp_print_rec(netdissect_options *ndo, 45 const u_char *cp, u_int length, int indent); 46 47void 48hncp_print(netdissect_options *ndo, 49 const u_char *cp, u_int length) 50{ 51 ndo->ndo_protocol = "hncp"; 52 ND_PRINT("hncp (%u)", length); 53 hncp_print_rec(ndo, cp, length, 1); 54} 55 56/* RFC7787 */ 57#define DNCP_REQUEST_NETWORK_STATE 1 58#define DNCP_REQUEST_NODE_STATE 2 59#define DNCP_NODE_ENDPOINT 3 60#define DNCP_NETWORK_STATE 4 61#define DNCP_NODE_STATE 5 62#define DNCP_PEER 8 63#define DNCP_KEEP_ALIVE_INTERVAL 9 64#define DNCP_TRUST_VERDICT 10 65 66/* RFC7788 */ 67#define HNCP_HNCP_VERSION 32 68#define HNCP_EXTERNAL_CONNECTION 33 69#define HNCP_DELEGATED_PREFIX 34 70#define HNCP_PREFIX_POLICY 43 71#define HNCP_DHCPV4_DATA 37 /* This is correct, see RFC 7788 Errata ID 5113. */ 72#define HNCP_DHCPV6_DATA 38 /* idem */ 73#define HNCP_ASSIGNED_PREFIX 35 74#define HNCP_NODE_ADDRESS 36 75#define HNCP_DNS_DELEGATED_ZONE 39 76#define HNCP_DOMAIN_NAME 40 77#define HNCP_NODE_NAME 41 78#define HNCP_MANAGED_PSK 42 79 80/* See type_mask in hncp_print_rec below */ 81#define RANGE_DNCP_RESERVED 0x10000 82#define RANGE_HNCP_UNASSIGNED 0x10001 83#define RANGE_DNCP_PRIVATE_USE 0x10002 84#define RANGE_DNCP_FUTURE_USE 0x10003 85 86static const struct tok type_values[] = { 87 { DNCP_REQUEST_NETWORK_STATE, "Request network state" }, 88 { DNCP_REQUEST_NODE_STATE, "Request node state" }, 89 { DNCP_NODE_ENDPOINT, "Node endpoint" }, 90 { DNCP_NETWORK_STATE, "Network state" }, 91 { DNCP_NODE_STATE, "Node state" }, 92 { DNCP_PEER, "Peer" }, 93 { DNCP_KEEP_ALIVE_INTERVAL, "Keep-alive interval" }, 94 { DNCP_TRUST_VERDICT, "Trust-Verdict" }, 95 96 { HNCP_HNCP_VERSION, "HNCP-Version" }, 97 { HNCP_EXTERNAL_CONNECTION, "External-Connection" }, 98 { HNCP_DELEGATED_PREFIX, "Delegated-Prefix" }, 99 { HNCP_PREFIX_POLICY, "Prefix-Policy" }, 100 { HNCP_DHCPV4_DATA, "DHCPv4-Data" }, 101 { HNCP_DHCPV6_DATA, "DHCPv6-Data" }, 102 { HNCP_ASSIGNED_PREFIX, "Assigned-Prefix" }, 103 { HNCP_NODE_ADDRESS, "Node-Address" }, 104 { HNCP_DNS_DELEGATED_ZONE, "DNS-Delegated-Zone" }, 105 { HNCP_DOMAIN_NAME, "Domain-Name" }, 106 { HNCP_NODE_NAME, "Node-Name" }, 107 { HNCP_MANAGED_PSK, "Managed-PSK" }, 108 109 { RANGE_DNCP_RESERVED, "Reserved" }, 110 { RANGE_HNCP_UNASSIGNED, "Unassigned" }, 111 { RANGE_DNCP_PRIVATE_USE, "Private use" }, 112 { RANGE_DNCP_FUTURE_USE, "Future use" }, 113 114 { 0, NULL} 115}; 116 117#define DH4OPT_DNS_SERVERS 6 /* RFC2132 */ 118#define DH4OPT_NTP_SERVERS 42 /* RFC2132 */ 119#define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */ 120 121static const struct tok dh4opt_str[] = { 122 { DH4OPT_DNS_SERVERS, "DNS-server" }, 123 { DH4OPT_NTP_SERVERS, "NTP-server"}, 124 { DH4OPT_DOMAIN_SEARCH, "DNS-search" }, 125 { 0, NULL } 126}; 127 128#define DH6OPT_DNS_SERVERS 23 /* RFC3646 */ 129#define DH6OPT_DOMAIN_LIST 24 /* RFC3646 */ 130#define DH6OPT_SNTP_SERVERS 31 /* RFC4075 */ 131 132static const struct tok dh6opt_str[] = { 133 { DH6OPT_DNS_SERVERS, "DNS-server" }, 134 { DH6OPT_DOMAIN_LIST, "DNS-search-list" }, 135 { DH6OPT_SNTP_SERVERS, "SNTP-servers" }, 136 { 0, NULL } 137}; 138 139/* 140 * For IPv4-mapped IPv6 addresses, length of the prefix that precedes 141 * the 4 bytes of IPv4 address at the end of the IPv6 address. 142 */ 143#define IPV4_MAPPED_HEADING_LEN 12 144 145/* 146 * Is an IPv6 address an IPv4-mapped address? 147 */ 148static int 149is_ipv4_mapped_address(const u_char *addr) 150{ 151 /* The value of the prefix */ 152 static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] = 153 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }; 154 155 return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0; 156} 157 158static const char * 159format_nid(netdissect_options *ndo, const u_char *data) 160{ 161 static char buf[4][sizeof("01:01:01:01")]; 162 static int i = 0; 163 i = (i + 1) % 4; 164 snprintf(buf[i], sizeof(buf[i]), "%02x:%02x:%02x:%02x", 165 GET_U_1(data), GET_U_1(data + 1), GET_U_1(data + 2), 166 GET_U_1(data + 3)); 167 return buf[i]; 168} 169 170static const char * 171format_256(netdissect_options *ndo, const u_char *data) 172{ 173 static char buf[4][sizeof("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")]; 174 static int i = 0; 175 i = (i + 1) % 4; 176 snprintf(buf[i], sizeof(buf[i]), "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64, 177 GET_BE_U_8(data), 178 GET_BE_U_8(data + 8), 179 GET_BE_U_8(data + 16), 180 GET_BE_U_8(data + 24) 181 ); 182 return buf[i]; 183} 184 185static const char * 186format_interval(const uint32_t n) 187{ 188 static char buf[4][sizeof("0000000.000s")]; 189 static int i = 0; 190 i = (i + 1) % 4; 191 snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000); 192 return buf[i]; 193} 194 195static const char * 196format_ip6addr(netdissect_options *ndo, const u_char *cp) 197{ 198 if (is_ipv4_mapped_address(cp)) 199 return GET_IPADDR_STRING(cp + IPV4_MAPPED_HEADING_LEN); 200 else 201 return GET_IP6ADDR_STRING(cp); 202} 203 204static int 205print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length) 206{ 207 int plenbytes; 208 char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")]; 209 210 if (GET_U_1(prefix) >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 && 211 is_ipv4_mapped_address(prefix + 1)) { 212 nd_ipv4 addr; 213 u_int plen; 214 215 plen = GET_U_1(prefix) - 96; 216 if (32 < plen) 217 return -1; 218 max_length -= 1; 219 220 memset(&addr, 0, sizeof(addr)); 221 plenbytes = (plen + 7) / 8; 222 if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN) 223 return -3; 224 memcpy(&addr, prefix + IPV4_MAPPED_HEADING_LEN + 1, plenbytes); 225 if (plen % 8) { 226 ((u_char *)&addr)[plenbytes - 1] &= 227 ((0xff00 >> (plen % 8)) & 0xff); 228 } 229 snprintf(buf, sizeof(buf), "%s/%u", ipaddr_string(ndo, (const u_char *)&addr), plen); /* local buffer, not packet data; don't use GET_IPADDR_STRING() */ 230 plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; 231 } else { 232 plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); 233 if (plenbytes < 0) 234 return plenbytes; 235 } 236 237 ND_PRINT("%s", buf); 238 return plenbytes; 239} 240 241static int 242print_dns_label(netdissect_options *ndo, 243 const u_char *cp, u_int max_length, int print) 244{ 245 u_int length = 0; 246 while (length < max_length) { 247 u_int lab_length = GET_U_1(cp + length); 248 length++; 249 if (lab_length == 0) 250 return (int)length; 251 if (length > 1 && print) 252 ND_PRINT("."); 253 if (length+lab_length > max_length) { 254 if (print) 255 nd_printjnp(ndo, cp+length, max_length-length); 256 break; 257 } 258 if (print) 259 nd_printjnp(ndo, cp+length, lab_length); 260 length += lab_length; 261 } 262 if (print) 263 ND_PRINT("[|DNS]"); 264 return -1; 265} 266 267static int 268dhcpv4_print(netdissect_options *ndo, 269 const u_char *cp, u_int length, int indent) 270{ 271 u_int i, t; 272 const uint8_t *tlv, *value; 273 uint8_t type, optlen; 274 275 i = 0; 276 while (i < length) { 277 if (i + 2 > length) 278 return -1; 279 tlv = cp + i; 280 type = GET_U_1(tlv); 281 optlen = GET_U_1(tlv + 1); 282 value = tlv + 2; 283 284 ND_PRINT("\n"); 285 for (t = indent; t > 0; t--) 286 ND_PRINT("\t"); 287 288 ND_PRINT("%s", tok2str(dh4opt_str, "Unknown", type)); 289 ND_PRINT(" (%u)", optlen + 2 ); 290 if (i + 2 + optlen > length) 291 return -1; 292 293 switch (type) { 294 case DH4OPT_DNS_SERVERS: 295 case DH4OPT_NTP_SERVERS: { 296 if (optlen < 4 || optlen % 4 != 0) { 297 return -1; 298 } 299 for (t = 0; t < optlen; t += 4) 300 ND_PRINT(" %s", GET_IPADDR_STRING(value + t)); 301 } 302 break; 303 case DH4OPT_DOMAIN_SEARCH: { 304 const u_char *tp = value; 305 while (tp < value + optlen) { 306 ND_PRINT(" "); 307 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL) 308 return -1; 309 } 310 } 311 break; 312 } 313 314 i += 2 + optlen; 315 } 316 return 0; 317} 318 319static int 320dhcpv6_print(netdissect_options *ndo, 321 const u_char *cp, u_int length, int indent) 322{ 323 u_int i, t; 324 const u_char *tlv, *value; 325 uint16_t type, optlen; 326 327 i = 0; 328 while (i < length) { 329 if (i + 4 > length) 330 return -1; 331 tlv = cp + i; 332 type = GET_BE_U_2(tlv); 333 optlen = GET_BE_U_2(tlv + 2); 334 value = tlv + 4; 335 336 ND_PRINT("\n"); 337 for (t = indent; t > 0; t--) 338 ND_PRINT("\t"); 339 340 ND_PRINT("%s", tok2str(dh6opt_str, "Unknown", type)); 341 ND_PRINT(" (%u)", optlen + 4 ); 342 if (i + 4 + optlen > length) 343 return -1; 344 345 switch (type) { 346 case DH6OPT_DNS_SERVERS: 347 case DH6OPT_SNTP_SERVERS: { 348 if (optlen % 16 != 0) { 349 nd_print_invalid(ndo); 350 return -1; 351 } 352 for (t = 0; t < optlen; t += 16) 353 ND_PRINT(" %s", GET_IP6ADDR_STRING(value + t)); 354 } 355 break; 356 case DH6OPT_DOMAIN_LIST: { 357 const u_char *tp = value; 358 while (tp < value + optlen) { 359 ND_PRINT(" "); 360 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL) 361 return -1; 362 } 363 } 364 break; 365 } 366 367 i += 4 + optlen; 368 } 369 return 0; 370} 371 372/* Determine in-line mode */ 373static int 374is_in_line(netdissect_options *ndo, int indent) 375{ 376 return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3; 377} 378 379static void 380print_type_in_line(netdissect_options *ndo, 381 uint32_t type, int count, int indent, int *first_one) 382{ 383 if (count > 0) { 384 if (*first_one) { 385 *first_one = 0; 386 if (indent > 1) { 387 u_int t; 388 ND_PRINT("\n"); 389 for (t = indent; t > 0; t--) 390 ND_PRINT("\t"); 391 } else { 392 ND_PRINT(" "); 393 } 394 } else { 395 ND_PRINT(", "); 396 } 397 ND_PRINT("%s", tok2str(type_values, "Easter Egg", type)); 398 if (count > 1) 399 ND_PRINT(" (x%d)", count); 400 } 401} 402 403static void 404hncp_print_rec(netdissect_options *ndo, 405 const u_char *cp, u_int length, int indent) 406{ 407 const int in_line = is_in_line(ndo, indent); 408 int first_one = 1; 409 410 u_int i, t; 411 412 uint32_t last_type_mask = 0xffffffffU; 413 int last_type_count = -1; 414 415 const uint8_t *tlv, *value; 416 uint16_t type, bodylen; 417 uint32_t type_mask; 418 419 i = 0; 420 while (i < length) { 421 tlv = cp + i; 422 423 if (!in_line) { 424 ND_PRINT("\n"); 425 for (t = indent; t > 0; t--) 426 ND_PRINT("\t"); 427 } 428 429 ND_TCHECK_4(tlv); 430 if (i + 4 > length) 431 goto invalid; 432 433 type = GET_BE_U_2(tlv); 434 bodylen = GET_BE_U_2(tlv + 2); 435 value = tlv + 4; 436 ND_TCHECK_LEN(value, bodylen); 437 if (i + bodylen + 4 > length) 438 goto invalid; 439 440 type_mask = 441 (type == 0) ? RANGE_DNCP_RESERVED: 442 (44 <= type && type <= 511) ? RANGE_HNCP_UNASSIGNED: 443 (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE: 444 RANGE_DNCP_FUTURE_USE; 445 if (type == 6 || type == 7) 446 type_mask = RANGE_DNCP_FUTURE_USE; 447 448 /* defined types */ 449 { 450 t = 0; 451 while (1) { 452 u_int key = type_values[t++].v; 453 if (key > 0xffff) 454 break; 455 if (key == type) { 456 type_mask = type; 457 break; 458 } 459 } 460 } 461 462 if (in_line) { 463 if (last_type_mask == type_mask) { 464 last_type_count++; 465 } else { 466 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 467 last_type_mask = type_mask; 468 last_type_count = 1; 469 } 470 471 goto skip_multiline; 472 } 473 474 ND_PRINT("%s", tok2str(type_values, "Easter Egg (42)", type_mask) ); 475 if (type_mask > 0xffff) 476 ND_PRINT(": type=%u", type ); 477 ND_PRINT(" (%u)", bodylen + 4 ); 478 479 switch (type_mask) { 480 481 case DNCP_REQUEST_NETWORK_STATE: { 482 if (bodylen != 0) 483 nd_print_invalid(ndo); 484 } 485 break; 486 487 case DNCP_REQUEST_NODE_STATE: { 488 const char *node_identifier; 489 if (bodylen != 4) { 490 nd_print_invalid(ndo); 491 break; 492 } 493 node_identifier = format_nid(ndo, value); 494 ND_PRINT(" NID: %s", node_identifier); 495 } 496 break; 497 498 case DNCP_NODE_ENDPOINT: { 499 const char *node_identifier; 500 uint32_t endpoint_identifier; 501 if (bodylen != 8) { 502 nd_print_invalid(ndo); 503 break; 504 } 505 node_identifier = format_nid(ndo, value); 506 endpoint_identifier = GET_BE_U_4(value + 4); 507 ND_PRINT(" NID: %s EPID: %08x", 508 node_identifier, 509 endpoint_identifier 510 ); 511 } 512 break; 513 514 case DNCP_NETWORK_STATE: { 515 uint64_t hash; 516 if (bodylen != 8) { 517 nd_print_invalid(ndo); 518 break; 519 } 520 hash = GET_BE_U_8(value); 521 ND_PRINT(" hash: %016" PRIx64, hash); 522 } 523 break; 524 525 case DNCP_NODE_STATE: { 526 const char *node_identifier, *interval; 527 uint32_t sequence_number; 528 uint64_t hash; 529 if (bodylen < 20) { 530 nd_print_invalid(ndo); 531 break; 532 } 533 node_identifier = format_nid(ndo, value); 534 sequence_number = GET_BE_U_4(value + 4); 535 interval = format_interval(GET_BE_U_4(value + 8)); 536 hash = GET_BE_U_8(value + 12); 537 ND_PRINT(" NID: %s seqno: %u %s hash: %016" PRIx64, 538 node_identifier, 539 sequence_number, 540 interval, 541 hash 542 ); 543 hncp_print_rec(ndo, value+20, bodylen-20, indent+1); 544 } 545 break; 546 547 case DNCP_PEER: { 548 const char *peer_node_identifier; 549 uint32_t peer_endpoint_identifier, endpoint_identifier; 550 if (bodylen != 12) { 551 nd_print_invalid(ndo); 552 break; 553 } 554 peer_node_identifier = format_nid(ndo, value); 555 peer_endpoint_identifier = GET_BE_U_4(value + 4); 556 endpoint_identifier = GET_BE_U_4(value + 8); 557 ND_PRINT(" Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x", 558 peer_node_identifier, 559 peer_endpoint_identifier, 560 endpoint_identifier 561 ); 562 } 563 break; 564 565 case DNCP_KEEP_ALIVE_INTERVAL: { 566 uint32_t endpoint_identifier; 567 const char *interval; 568 if (bodylen < 8) { 569 nd_print_invalid(ndo); 570 break; 571 } 572 endpoint_identifier = GET_BE_U_4(value); 573 interval = format_interval(GET_BE_U_4(value + 4)); 574 ND_PRINT(" EPID: %08x Interval: %s", 575 endpoint_identifier, 576 interval 577 ); 578 } 579 break; 580 581 case DNCP_TRUST_VERDICT: { 582 if (bodylen <= 36) { 583 nd_print_invalid(ndo); 584 break; 585 } 586 ND_PRINT(" Verdict: %u Fingerprint: %s Common Name: ", 587 GET_U_1(value), 588 format_256(ndo, value + 4)); 589 nd_printjnp(ndo, value + 36, bodylen - 36); 590 } 591 break; 592 593 case HNCP_HNCP_VERSION: { 594 uint16_t capabilities; 595 uint8_t M, P, H, L; 596 if (bodylen < 5) { 597 nd_print_invalid(ndo); 598 break; 599 } 600 capabilities = GET_BE_U_2(value + 2); 601 M = (uint8_t)((capabilities >> 12) & 0xf); 602 P = (uint8_t)((capabilities >> 8) & 0xf); 603 H = (uint8_t)((capabilities >> 4) & 0xf); 604 L = (uint8_t)(capabilities & 0xf); 605 ND_PRINT(" M: %u P: %u H: %u L: %u User-agent: ", 606 M, P, H, L 607 ); 608 nd_printjnp(ndo, value + 4, bodylen - 4); 609 } 610 break; 611 612 case HNCP_EXTERNAL_CONNECTION: { 613 /* Container TLV */ 614 hncp_print_rec(ndo, value, bodylen, indent+1); 615 } 616 break; 617 618 case HNCP_DELEGATED_PREFIX: { 619 int l; 620 if (bodylen < 9 || bodylen < 9 + (GET_U_1(value + 8) + 7) / 8) { 621 nd_print_invalid(ndo); 622 break; 623 } 624 ND_PRINT(" VLSO: %s PLSO: %s Prefix: ", 625 format_interval(GET_BE_U_4(value)), 626 format_interval(GET_BE_U_4(value + 4)) 627 ); 628 l = print_prefix(ndo, value + 8, bodylen - 8); 629 if (l == -1) { 630 ND_PRINT("(length is invalid)"); 631 break; 632 } 633 if (l < 0) { 634 /* 635 * We've already checked that we've captured the 636 * entire TLV, based on its length, so this will 637 * either be -1, meaning "the prefix length is 638 * greater than the longest possible address of 639 * that type" (i.e., > 32 for IPv4 or > 128 for 640 * IPv6", or -3, meaning "the prefix runs past 641 * the end of the TLV". 642 */ 643 nd_print_invalid(ndo); 644 break; 645 } 646 l += 8 + (-l & 3); 647 648 if (bodylen >= l) 649 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 650 } 651 break; 652 653 case HNCP_PREFIX_POLICY: { 654 uint8_t policy; 655 int l; 656 if (bodylen < 1) { 657 nd_print_invalid(ndo); 658 break; 659 } 660 policy = GET_U_1(value); 661 ND_PRINT(" type: "); 662 if (policy == 0) { 663 if (bodylen != 1) { 664 nd_print_invalid(ndo); 665 break; 666 } 667 ND_PRINT("Internet connectivity"); 668 } else if (policy >= 1 && policy <= 128) { 669 ND_PRINT("Dest-Prefix: "); 670 l = print_prefix(ndo, value, bodylen); 671 if (l == -1) { 672 ND_PRINT("(length is invalid)"); 673 break; 674 } 675 if (l < 0) { 676 /* 677 * We've already checked that we've captured the 678 * entire TLV, based on its length, so this will 679 * either be -1, meaning "the prefix length is 680 * greater than the longest possible address of 681 * that type" (i.e., > 32 for IPv4 or > 128 for 682 * IPv6", or -3, meaning "the prefix runs past 683 * the end of the TLV". 684 */ 685 nd_print_invalid(ndo); 686 break; 687 } 688 } else if (policy == 129) { 689 ND_PRINT("DNS domain: "); 690 print_dns_label(ndo, value+1, bodylen-1, 1); 691 } else if (policy == 130) { 692 ND_PRINT("Opaque UTF-8: "); 693 nd_printjnp(ndo, value + 1, bodylen - 1); 694 } else if (policy == 131) { 695 if (bodylen != 1) { 696 nd_print_invalid(ndo); 697 break; 698 } 699 ND_PRINT("Restrictive assignment"); 700 } else if (policy >= 132) { 701 ND_PRINT("Unknown (%u)", policy); /* Reserved for future additions */ 702 } 703 } 704 break; 705 706 case HNCP_DHCPV4_DATA: { 707 if (bodylen == 0) { 708 nd_print_invalid(ndo); 709 break; 710 } 711 if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0) 712 goto invalid; 713 } 714 break; 715 716 case HNCP_DHCPV6_DATA: { 717 if (bodylen == 0) { 718 nd_print_invalid(ndo); 719 break; 720 } 721 if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) { 722 nd_print_invalid(ndo); 723 break; 724 } 725 } 726 break; 727 728 case HNCP_ASSIGNED_PREFIX: { 729 uint8_t prty; 730 int l; 731 if (bodylen < 6 || bodylen < 6 + (GET_U_1(value + 5) + 7) / 8) { 732 nd_print_invalid(ndo); 733 break; 734 } 735 prty = GET_U_1(value + 4) & 0xf; 736 ND_PRINT(" EPID: %08x Prty: %u", 737 GET_BE_U_4(value), 738 prty 739 ); 740 ND_PRINT(" Prefix: "); 741 if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) { 742 nd_print_invalid(ndo); 743 break; 744 } 745 l += 5; 746 l += -l & 3; 747 748 if (bodylen >= l) 749 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 750 } 751 break; 752 753 case HNCP_NODE_ADDRESS: { 754 uint32_t endpoint_identifier; 755 const char *ip_address; 756 if (bodylen < 20) { 757 nd_print_invalid(ndo); 758 break; 759 } 760 endpoint_identifier = GET_BE_U_4(value); 761 ip_address = format_ip6addr(ndo, value + 4); 762 ND_PRINT(" EPID: %08x IP Address: %s", 763 endpoint_identifier, 764 ip_address 765 ); 766 767 hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1); 768 } 769 break; 770 771 case HNCP_DNS_DELEGATED_ZONE: { 772 const char *ip_address; 773 int len; 774 if (bodylen < 17) { 775 nd_print_invalid(ndo); 776 break; 777 } 778 ip_address = format_ip6addr(ndo, value); 779 ND_PRINT(" IP-Address: %s %c%c%c ", 780 ip_address, 781 (GET_U_1(value + 16) & 4) ? 'l' : '-', 782 (GET_U_1(value + 16) & 2) ? 'b' : '-', 783 (GET_U_1(value + 16) & 1) ? 's' : '-' 784 ); 785 len = print_dns_label(ndo, value+17, bodylen-17, 1); 786 if (len < 0) { 787 nd_print_invalid(ndo); 788 break; 789 } 790 len += 17; 791 len += -len & 3; 792 if (bodylen >= len) 793 hncp_print_rec(ndo, value+len, bodylen-len, indent+1); 794 } 795 break; 796 797 case HNCP_DOMAIN_NAME: { 798 if (bodylen == 0) { 799 nd_print_invalid(ndo); 800 break; 801 } 802 ND_PRINT(" Domain: "); 803 print_dns_label(ndo, value, bodylen, 1); 804 } 805 break; 806 807 case HNCP_NODE_NAME: { 808 u_int l; 809 if (bodylen < 17) { 810 nd_print_invalid(ndo); 811 break; 812 } 813 l = GET_U_1(value + 16); 814 if (bodylen < 17 + l) { 815 nd_print_invalid(ndo); 816 break; 817 } 818 ND_PRINT(" IP-Address: %s Name: ", 819 format_ip6addr(ndo, value) 820 ); 821 if (l < 64) { 822 ND_PRINT("\""); 823 nd_printjnp(ndo, value + 17, l); 824 ND_PRINT("\""); 825 } else { 826 nd_print_invalid(ndo); 827 } 828 l += 17; 829 l = roundup2(l, 4); 830 if (bodylen >= l) 831 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 832 } 833 break; 834 835 case HNCP_MANAGED_PSK: { 836 if (bodylen < 32) { 837 nd_print_invalid(ndo); 838 break; 839 } 840 ND_PRINT(" PSK: %s", format_256(ndo, value)); 841 hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1); 842 } 843 break; 844 845 case RANGE_DNCP_RESERVED: 846 case RANGE_HNCP_UNASSIGNED: 847 case RANGE_DNCP_PRIVATE_USE: 848 case RANGE_DNCP_FUTURE_USE: 849 break; 850 851 } 852 skip_multiline: 853 854 i += 4 + roundup2(bodylen, 4); 855 } 856 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 857 858 return; 859 860 trunc: 861 nd_print_trunc(ndo); 862 return; 863 864 invalid: 865 nd_print_invalid(ndo); 866} 867