1/*
2 * Copyright (C) 2002 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 *    may be used to endorse or promote products derived from this software
15 *    without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30/* \summary: IPv6 mobility printer */
31/* RFC 3775 */
32
33#ifdef HAVE_CONFIG_H
34#include <config.h>
35#endif
36
37#include "netdissect-stdinc.h"
38
39#include "netdissect.h"
40#include "addrtoname.h"
41#include "extract.h"
42
43#include "ip6.h"
44
45
46/* Mobility header */
47struct ip6_mobility {
48	nd_uint8_t ip6m_pproto;	/* following payload protocol (for PG) */
49	nd_uint8_t ip6m_len;	/* length in units of 8 octets */
50	nd_uint8_t ip6m_type;	/* message type */
51	nd_uint8_t reserved;	/* reserved */
52	nd_uint16_t ip6m_cksum;	/* sum of IPv6 pseudo-header and MH */
53	union {
54		nd_uint16_t	ip6m_un_data16[1]; /* type-specific field */
55		nd_uint8_t	ip6m_un_data8[2];  /* type-specific field */
56	} ip6m_dataun;
57};
58
59#define ip6m_data16	ip6m_dataun.ip6m_un_data16
60#define ip6m_data8	ip6m_dataun.ip6m_un_data8
61
62#define IP6M_MINLEN	8
63
64/* https://www.iana.org/assignments/mobility-parameters/mobility-parameters.xhtml */
65
66/* message type */
67#define IP6M_BINDING_REQUEST	0	/* Binding Refresh Request */
68#define IP6M_HOME_TEST_INIT	1	/* Home Test Init */
69#define IP6M_CAREOF_TEST_INIT	2	/* Care-of Test Init */
70#define IP6M_HOME_TEST		3	/* Home Test */
71#define IP6M_CAREOF_TEST	4	/* Care-of Test */
72#define IP6M_BINDING_UPDATE	5	/* Binding Update */
73#define IP6M_BINDING_ACK	6	/* Binding Acknowledgement */
74#define IP6M_BINDING_ERROR	7	/* Binding Error */
75#define IP6M_MAX		7
76
77static const struct tok ip6m_str[] = {
78	{ IP6M_BINDING_REQUEST,  "BRR"  },
79	{ IP6M_HOME_TEST_INIT,   "HoTI" },
80	{ IP6M_CAREOF_TEST_INIT, "CoTI" },
81	{ IP6M_HOME_TEST,        "HoT"  },
82	{ IP6M_CAREOF_TEST,      "CoT"  },
83	{ IP6M_BINDING_UPDATE,   "BU"   },
84	{ IP6M_BINDING_ACK,      "BA"   },
85	{ IP6M_BINDING_ERROR,    "BE"   },
86	{ 0, NULL }
87};
88
89static const unsigned ip6m_hdrlen[IP6M_MAX + 1] = {
90	IP6M_MINLEN,      /* IP6M_BINDING_REQUEST  */
91	IP6M_MINLEN + 8,  /* IP6M_HOME_TEST_INIT   */
92	IP6M_MINLEN + 8,  /* IP6M_CAREOF_TEST_INIT */
93	IP6M_MINLEN + 16, /* IP6M_HOME_TEST        */
94	IP6M_MINLEN + 16, /* IP6M_CAREOF_TEST      */
95	IP6M_MINLEN + 4,  /* IP6M_BINDING_UPDATE   */
96	IP6M_MINLEN + 4,  /* IP6M_BINDING_ACK      */
97	IP6M_MINLEN + 16, /* IP6M_BINDING_ERROR    */
98};
99
100/* Mobility Header Options */
101#define IP6MOPT_MINLEN		2
102#define IP6MOPT_PAD1          0x0	/* Pad1 */
103#define IP6MOPT_PADN          0x1	/* PadN */
104#define IP6MOPT_REFRESH	      0x2	/* Binding Refresh Advice */
105#define IP6MOPT_REFRESH_MINLEN  4
106#define IP6MOPT_ALTCOA        0x3	/* Alternate Care-of Address */
107#define IP6MOPT_ALTCOA_MINLEN  18
108#define IP6MOPT_NONCEID       0x4	/* Nonce Indices */
109#define IP6MOPT_NONCEID_MINLEN  6
110#define IP6MOPT_AUTH          0x5	/* Binding Authorization Data */
111#define IP6MOPT_AUTH_MINLEN    12
112
113static const struct tok ip6m_binding_update_bits [] = {
114	{ 0x08, "A" },
115	{ 0x04, "H" },
116	{ 0x02, "L" },
117	{ 0x01, "K" },
118	{ 0, NULL }
119};
120
121static int
122mobility_opt_print(netdissect_options *ndo,
123                   const u_char *bp, const unsigned len)
124{
125	unsigned i, optlen;
126
127	for (i = 0; i < len; i += optlen) {
128		if (GET_U_1(bp + i) == IP6MOPT_PAD1)
129			optlen = 1;
130		else {
131			if (i + 1 < len) {
132				optlen = GET_U_1(bp + i + 1) + 2;
133			}
134			else
135				goto trunc;
136		}
137		if (i + optlen > len)
138			goto trunc;
139		ND_TCHECK_1(bp + i + optlen);
140
141		switch (GET_U_1(bp + i)) {
142		case IP6MOPT_PAD1:
143			ND_PRINT("(pad1)");
144			break;
145		case IP6MOPT_PADN:
146			if (len - i < IP6MOPT_MINLEN) {
147				ND_PRINT("(padn: trunc)");
148				goto trunc;
149			}
150			ND_PRINT("(padn)");
151			break;
152		case IP6MOPT_REFRESH:
153			if (len - i < IP6MOPT_REFRESH_MINLEN) {
154				ND_PRINT("(refresh: trunc)");
155				goto trunc;
156			}
157			/* units of 4 secs */
158			ND_PRINT("(refresh: %u)",
159				GET_BE_U_2(bp + i + 2) << 2);
160			break;
161		case IP6MOPT_ALTCOA:
162			if (len - i < IP6MOPT_ALTCOA_MINLEN) {
163				ND_PRINT("(altcoa: trunc)");
164				goto trunc;
165			}
166			ND_PRINT("(alt-CoA: %s)", GET_IP6ADDR_STRING(bp + i + 2));
167			break;
168		case IP6MOPT_NONCEID:
169			if (len - i < IP6MOPT_NONCEID_MINLEN) {
170				ND_PRINT("(ni: trunc)");
171				goto trunc;
172			}
173			ND_PRINT("(ni: ho=0x%04x co=0x%04x)",
174				GET_BE_U_2(bp + i + 2),
175				GET_BE_U_2(bp + i + 4));
176			break;
177		case IP6MOPT_AUTH:
178			if (len - i < IP6MOPT_AUTH_MINLEN) {
179				ND_PRINT("(auth: trunc)");
180				goto trunc;
181			}
182			ND_PRINT("(auth)");
183			break;
184		default:
185			if (len - i < IP6MOPT_MINLEN) {
186				ND_PRINT("(sopt_type %u: trunc)",
187					 GET_U_1(bp + i));
188				goto trunc;
189			}
190			ND_PRINT("(type-0x%02x: len=%u)", GET_U_1(bp + i),
191				 GET_U_1(bp + i + 1));
192			break;
193		}
194	}
195	return 0;
196
197trunc:
198	return 1;
199}
200
201/*
202 * Mobility Header
203 */
204int
205mobility_print(netdissect_options *ndo,
206               const u_char *bp, const u_char *bp2 _U_)
207{
208	const struct ip6_mobility *mh;
209	const u_char *ep;
210	unsigned mhlen, hlen;
211	uint8_t type;
212
213	ndo->ndo_protocol = "mobility";
214	mh = (const struct ip6_mobility *)bp;
215
216	/* 'ep' points to the end of available data. */
217	ep = ndo->ndo_snapend;
218
219	if (!ND_TTEST_1(mh->ip6m_len)) {
220		/*
221		 * There's not enough captured data to include the
222		 * mobility header length.
223		 *
224		 * Our caller expects us to return the length, however,
225		 * so return a value that will run to the end of the
226		 * captured data.
227		 *
228		 * XXX - "ip6_print()" doesn't do anything with the
229		 * returned length, however, as it breaks out of the
230		 * header-processing loop.
231		 */
232		mhlen = (unsigned)(ep - bp);
233		goto trunc;
234	}
235	mhlen = (GET_U_1(mh->ip6m_len) + 1) << 3;
236
237	/* XXX ip6m_cksum */
238
239	type = GET_U_1(mh->ip6m_type);
240	if (type <= IP6M_MAX && mhlen < ip6m_hdrlen[type]) {
241		ND_PRINT("(header length %u is too small for type %u)", mhlen, type);
242		goto trunc;
243	}
244	ND_PRINT("mobility: %s", tok2str(ip6m_str, "type-#%u", type));
245	switch (type) {
246	case IP6M_BINDING_REQUEST:
247		hlen = IP6M_MINLEN;
248		break;
249	case IP6M_HOME_TEST_INIT:
250	case IP6M_CAREOF_TEST_INIT:
251		hlen = IP6M_MINLEN;
252		if (ndo->ndo_vflag) {
253			ND_PRINT(" %s Init Cookie=%08x:%08x",
254			       type == IP6M_HOME_TEST_INIT ? "Home" : "Care-of",
255			       GET_BE_U_4(bp + hlen),
256			       GET_BE_U_4(bp + hlen + 4));
257		}
258		hlen += 8;
259		break;
260	case IP6M_HOME_TEST:
261	case IP6M_CAREOF_TEST:
262		ND_PRINT(" nonce id=0x%x", GET_BE_U_2(mh->ip6m_data16[0]));
263		hlen = IP6M_MINLEN;
264		if (ndo->ndo_vflag) {
265			ND_PRINT(" %s Init Cookie=%08x:%08x",
266			       type == IP6M_HOME_TEST ? "Home" : "Care-of",
267			       GET_BE_U_4(bp + hlen),
268			       GET_BE_U_4(bp + hlen + 4));
269		}
270		hlen += 8;
271		if (ndo->ndo_vflag) {
272			ND_PRINT(" %s Keygen Token=%08x:%08x",
273			       type == IP6M_HOME_TEST ? "Home" : "Care-of",
274			       GET_BE_U_4(bp + hlen),
275			       GET_BE_U_4(bp + hlen + 4));
276		}
277		hlen += 8;
278		break;
279	case IP6M_BINDING_UPDATE:
280	    {
281		int bits;
282		ND_PRINT(" seq#=%u", GET_BE_U_2(mh->ip6m_data16[0]));
283		hlen = IP6M_MINLEN;
284		ND_TCHECK_2(bp + hlen);
285		bits = (GET_U_1(bp + hlen) & 0xf0) >> 4;
286		if (bits) {
287			ND_PRINT(" ");
288			ND_PRINT("%s",
289				 bittok2str_nosep(ip6m_binding_update_bits,
290				 "bits-#0x%x", bits));
291		}
292		/* Reserved (4bits) */
293		hlen += 1;
294		/* Reserved (8bits) */
295		hlen += 1;
296		/* units of 4 secs */
297		ND_PRINT(" lifetime=%u", GET_BE_U_2(bp + hlen) << 2);
298		hlen += 2;
299		break;
300	    }
301	case IP6M_BINDING_ACK:
302		ND_PRINT(" status=%u", GET_U_1(mh->ip6m_data8[0]));
303		if (GET_U_1(mh->ip6m_data8[1]) & 0x80)
304			ND_PRINT(" K");
305		/* Reserved (7bits) */
306		hlen = IP6M_MINLEN;
307		ND_PRINT(" seq#=%u", GET_BE_U_2(bp + hlen));
308		hlen += 2;
309		/* units of 4 secs */
310		ND_PRINT(" lifetime=%u", GET_BE_U_2(bp + hlen) << 2);
311		hlen += 2;
312		break;
313	case IP6M_BINDING_ERROR:
314		ND_PRINT(" status=%u", GET_U_1(mh->ip6m_data8[0]));
315		/* Reserved */
316		hlen = IP6M_MINLEN;
317		ND_PRINT(" homeaddr %s", GET_IP6ADDR_STRING(bp + hlen));
318		hlen += 16;
319		break;
320	default:
321		ND_PRINT(" len=%u", GET_U_1(mh->ip6m_len));
322		return(mhlen);
323		break;
324	}
325	if (ndo->ndo_vflag)
326		if (mobility_opt_print(ndo, bp + hlen, mhlen - hlen))
327			goto trunc;
328
329	return(mhlen);
330
331 trunc:
332	nd_print_trunc(ndo);
333	return(-1);
334}
335