1/* Copyright (c) 2015, bugyo 2 * All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 1. Redistributions of source code must retain the above copyright notice, 7 * this list of conditions and the following disclaimer. 8 * 2. Redistributions in binary form must reproduce the above copyright notice, 9 * this list of conditions and the following disclaimer in the documentation 10 * and/or other materials provided with the distribution. 11 * 12 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 13 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 14 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 15 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 16 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 17 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 18 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 19 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 20 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 21 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 */ 23 24/* \summary: Network Service Header (NSH) printer */ 25 26/* specification: RFC 8300 */ 27 28#ifdef HAVE_CONFIG_H 29#include <config.h> 30#endif 31 32#include "netdissect-stdinc.h" 33 34#define ND_LONGJMP_FROM_TCHECK 35#include "netdissect.h" 36#include "extract.h" 37 38static const struct tok nsh_flags [] = { 39 { 0x2, "O" }, 40 { 0, NULL } 41}; 42 43/* 44 * 0 1 2 3 45 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 47 * |Ver|O|U| TTL | Length |U|U|U|U|MD Type| Next Protocol | 48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 49 */ 50#define NSH_BASE_HDR_LEN 4 51#define NSH_VER(x) (((x) & 0xc0000000) >> 30) 52#define NSH_FLAGS(x) (((x) & 0x30000000) >> 28) 53#define NSH_TTL(x) (((x) & 0x0fc00000) >> 22) 54#define NSH_LENGTH(x) (((x) & 0x003f0000) >> 16) 55#define NSH_MD_TYPE(x) (((x) & 0x00000f00) >> 8) 56#define NSH_NEXT_PROT(x) (((x) & 0x000000ff) >> 0) 57 58#define NSH_SERVICE_PATH_HDR_LEN 4 59#define NSH_HDR_WORD_SIZE 4U 60 61#define MD_RSV 0x00 62#define MD_TYPE1 0x01 63#define MD_TYPE2 0x02 64#define MD_EXP 0x0F 65static const struct tok md_str[] = { 66 { MD_RSV, "reserved" }, 67 { MD_TYPE1, "1" }, 68 { MD_TYPE2, "2" }, 69 { MD_EXP, "experimental" }, 70 { 0, NULL } 71}; 72 73#define NP_IPV4 0x01 74#define NP_IPV6 0x02 75#define NP_ETH 0x03 76#define NP_NSH 0x04 77#define NP_MPLS 0x05 78#define NP_EXP1 0xFE 79#define NP_EXP2 0xFF 80static const struct tok np_str[] = { 81 { NP_IPV4, "IPv4" }, 82 { NP_IPV6, "IPv6" }, 83 { NP_ETH, "Ethernet" }, 84 { NP_NSH, "NSH" }, 85 { NP_MPLS, "MPLS" }, 86 { NP_EXP1, "Experiment 1" }, 87 { NP_EXP2, "Experiment 2" }, 88 { 0, NULL } 89}; 90 91void 92nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) 93{ 94 uint32_t basehdr; 95 u_int ver, length, md_type; 96 uint8_t next_protocol; 97 u_char past_headers = 0; 98 u_int next_len; 99 100 ndo->ndo_protocol = "nsh"; 101 /* 102 * 0 1 2 3 103 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 104 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 * | Base Header | 106 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 107 * | Service Path Header | 108 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 109 * | | 110 * ~ Context Header(s) ~ 111 * | | 112 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 113 */ 114 115 /* print Base Header and Service Path Header */ 116 if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN) { 117 ND_PRINT(" (packet length %u < %u)", 118 len, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN); 119 goto invalid; 120 } 121 122 basehdr = GET_BE_U_4(bp); 123 bp += 4; 124 ver = NSH_VER(basehdr); 125 length = NSH_LENGTH(basehdr); 126 md_type = NSH_MD_TYPE(basehdr); 127 next_protocol = NSH_NEXT_PROT(basehdr); 128 129 ND_PRINT("NSH, "); 130 if (ndo->ndo_vflag > 1) { 131 ND_PRINT("ver %u, ", ver); 132 } 133 if (ver != 0) 134 return; 135 ND_PRINT("flags [%s], ", 136 bittok2str_nosep(nsh_flags, "none", NSH_FLAGS(basehdr))); 137 if (ndo->ndo_vflag > 2) { 138 ND_PRINT("TTL %u, ", NSH_TTL(basehdr)); 139 ND_PRINT("length %u, ", length); 140 ND_PRINT("md type %s, ", tok2str(md_str, "unknown (0x%02x)", md_type)); 141 } 142 if (ndo->ndo_vflag > 1) { 143 ND_PRINT("next-protocol %s, ", 144 tok2str(np_str, "unknown (0x%02x)", next_protocol)); 145 } 146 147 /* Make sure we have all the headers */ 148 if (len < length * NSH_HDR_WORD_SIZE) { 149 ND_PRINT(" (too many headers for packet length %u)", len); 150 goto invalid; 151 } 152 153 /* 154 * 0 1 2 3 155 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 156 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 157 * | Service Path Identifier (SPI) | Service Index | 158 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 * 160 */ 161 ND_PRINT("service-path-id 0x%06x, ", GET_BE_U_3(bp)); 162 bp += 3; 163 ND_PRINT("service-index 0x%x", GET_U_1(bp)); 164 bp += 1; 165 166 /* 167 * length includes the lengths of the Base and Service Path headers. 168 * That means it must be at least 2. 169 */ 170 if (length < 2) { 171 ND_PRINT(" (less than two headers)"); 172 goto invalid; 173 } 174 175 /* 176 * Print, or skip, the Context Headers. 177 * (length - 2) is the length of those headers. 178 */ 179 if (ndo->ndo_vflag > 2) { 180 u_int n; 181 182 if (md_type == MD_TYPE1) { 183 if (length != 6) { 184 ND_PRINT(" (invalid length for the MD type)"); 185 goto invalid; 186 } 187 for (n = 0; n < length - 2; n++) { 188 ND_PRINT("\n Context[%02u]: 0x%08x", n, GET_BE_U_4(bp)); 189 bp += NSH_HDR_WORD_SIZE; 190 } 191 past_headers = 1; 192 } 193 else if (md_type == MD_TYPE2) { 194 n = 0; 195 while (n < length - 2) { 196 uint16_t tlv_class; 197 uint8_t tlv_type, tlv_len, tlv_len_padded; 198 199 tlv_class = GET_BE_U_2(bp); 200 bp += 2; 201 tlv_type = GET_U_1(bp); 202 bp += 1; 203 tlv_len = GET_U_1(bp) & 0x7f; 204 bp += 1; 205 tlv_len_padded = roundup2(tlv_len, NSH_HDR_WORD_SIZE); 206 207 ND_PRINT("\n TLV Class %u, Type %u, Len %u", 208 tlv_class, tlv_type, tlv_len); 209 210 n += 1; 211 212 if (length - 2 < n + tlv_len_padded / NSH_HDR_WORD_SIZE) { 213 ND_PRINT(" (length too big)"); 214 goto invalid; 215 } 216 217 if (tlv_len) { 218 const char *sep = "0x"; 219 u_int vn; 220 221 ND_PRINT("\n Value: "); 222 for (vn = 0; vn < tlv_len; vn++) { 223 ND_PRINT("%s%02x", sep, GET_U_1(bp)); 224 bp += 1; 225 sep = ":"; 226 } 227 /* Cover any TLV padding. */ 228 ND_TCHECK_LEN(bp, tlv_len_padded - tlv_len); 229 bp += tlv_len_padded - tlv_len; 230 n += tlv_len_padded / NSH_HDR_WORD_SIZE; 231 } 232 } 233 past_headers = 1; 234 } 235 } 236 if (! past_headers) { 237 ND_TCHECK_LEN(bp, (length - 2) * NSH_HDR_WORD_SIZE); 238 bp += (length - 2) * NSH_HDR_WORD_SIZE; 239 } 240 ND_PRINT(ndo->ndo_vflag ? "\n " : ": "); 241 242 /* print Next Protocol */ 243 next_len = len - length * NSH_HDR_WORD_SIZE; 244 switch (next_protocol) { 245 case NP_IPV4: 246 ip_print(ndo, bp, next_len); 247 break; 248 case NP_IPV6: 249 ip6_print(ndo, bp, next_len); 250 break; 251 case NP_ETH: 252 ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL); 253 break; 254 default: 255 ND_PRINT("ERROR: unknown-next-protocol"); 256 return; 257 } 258 259 return; 260 261invalid: 262 nd_print_invalid(ndo); 263} 264 265