1 /* 2 * Redistribution and use in source and binary forms, with or without 3 * modification, are permitted provided that: (1) source code 4 * distributions retain the above copyright notice and this paragraph 5 * in its entirety, and (2) distributions including binary code include 6 * the above copyright notice and this paragraph in its entirety in 7 * the documentation or other materials provided with the distribution. 8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 11 * FOR A PARTICULAR PURPOSE. 12 * 13 * Original code by Hannes Gredler (hannes@gredler.at) 14 */ 15 16 #include <sys/cdefs.h> 17 #ifndef lint 18 __RCSID("$NetBSD: print-bfd.c,v 1.7 2017/09/08 14:01:12 christos Exp $"); 19 #endif 20 21 /* \summary: Bidirectional Forwarding Detection (BFD) printer */ 22 23 /* specification: RFC 5880 (for version 1) and RFC 5881 */ 24 25 #ifdef HAVE_CONFIG_H 26 #include "config.h" 27 #endif 28 29 #include <netdissect-stdinc.h> 30 31 #include "netdissect.h" 32 #include "extract.h" 33 34 #include "udp.h" 35 36 /* 37 * Control packet, BFDv0, draft-katz-ward-bfd-01.txt 38 * 39 * 0 1 2 3 40 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 41 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 42 * |Vers | Diag |H|D|P|F| Rsvd | Detect Mult | Length | 43 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 44 * | My Discriminator | 45 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 46 * | Your Discriminator | 47 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 48 * | Desired Min TX Interval | 49 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 50 * | Required Min RX Interval | 51 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 52 * | Required Min Echo RX Interval | 53 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 54 */ 55 56 /* 57 * Control packet, BFDv1, RFC 5880 58 * 59 * 0 1 2 3 60 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 62 * |Vers | Diag |Sta|P|F|C|A|D|M| Detect Mult | Length | 63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 64 * | My Discriminator | 65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 66 * | Your Discriminator | 67 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 68 * | Desired Min TX Interval | 69 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 70 * | Required Min RX Interval | 71 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 72 * | Required Min Echo RX Interval | 73 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 74 */ 75 76 struct bfd_header_t { 77 uint8_t version_diag; 78 uint8_t flags; 79 uint8_t detect_time_multiplier; 80 uint8_t length; 81 uint8_t my_discriminator[4]; 82 uint8_t your_discriminator[4]; 83 uint8_t desired_min_tx_interval[4]; 84 uint8_t required_min_rx_interval[4]; 85 uint8_t required_min_echo_interval[4]; 86 }; 87 88 /* 89 * An optional Authentication Header may be present 90 * 91 * 0 1 2 3 92 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 93 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 94 * | Auth Type | Auth Len | Authentication Data... | 95 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 96 */ 97 98 struct bfd_auth_header_t { 99 uint8_t auth_type; 100 uint8_t auth_len; 101 uint8_t auth_data; 102 uint8_t dummy; /* minimun 4 bytes */ 103 }; 104 105 enum auth_type { 106 AUTH_PASSWORD = 1, 107 AUTH_MD5 = 2, 108 AUTH_MET_MD5 = 3, 109 AUTH_SHA1 = 4, 110 AUTH_MET_SHA1 = 5 111 }; 112 113 static const struct tok bfd_v1_authentication_values[] = { 114 { AUTH_PASSWORD, "Simple Password" }, 115 { AUTH_MD5, "Keyed MD5" }, 116 { AUTH_MET_MD5, "Meticulous Keyed MD5" }, 117 { AUTH_SHA1, "Keyed SHA1" }, 118 { AUTH_MET_SHA1, "Meticulous Keyed SHA1" }, 119 { 0, NULL } 120 }; 121 122 enum auth_length { 123 AUTH_PASSWORD_FIELD_MIN_LEN = 4, /* header + password min: 3 + 1 */ 124 AUTH_PASSWORD_FIELD_MAX_LEN = 19, /* header + password max: 3 + 16 */ 125 AUTH_MD5_FIELD_LEN = 24, 126 AUTH_MD5_HASH_LEN = 16, 127 AUTH_SHA1_FIELD_LEN = 28, 128 AUTH_SHA1_HASH_LEN = 20 129 }; 130 131 #define BFD_EXTRACT_VERSION(x) (((x)&0xe0)>>5) 132 #define BFD_EXTRACT_DIAG(x) ((x)&0x1f) 133 134 static const struct tok bfd_port_values[] = { 135 { BFD_CONTROL_PORT, "Control" }, 136 { BFD_ECHO_PORT, "Echo" }, 137 { 0, NULL } 138 }; 139 140 static const struct tok bfd_diag_values[] = { 141 { 0, "No Diagnostic" }, 142 { 1, "Control Detection Time Expired" }, 143 { 2, "Echo Function Failed" }, 144 { 3, "Neighbor Signaled Session Down" }, 145 { 4, "Forwarding Plane Reset" }, 146 { 5, "Path Down" }, 147 { 6, "Concatenated Path Down" }, 148 { 7, "Administratively Down" }, 149 { 8, "Reverse Concatenated Path Down" }, 150 { 0, NULL } 151 }; 152 153 static const struct tok bfd_v0_flag_values[] = { 154 { 0x80, "I Hear You" }, 155 { 0x40, "Demand" }, 156 { 0x20, "Poll" }, 157 { 0x10, "Final" }, 158 { 0x08, "Reserved" }, 159 { 0x04, "Reserved" }, 160 { 0x02, "Reserved" }, 161 { 0x01, "Reserved" }, 162 { 0, NULL } 163 }; 164 165 #define BFD_FLAG_AUTH 0x04 166 167 static const struct tok bfd_v1_flag_values[] = { 168 { 0x20, "Poll" }, 169 { 0x10, "Final" }, 170 { 0x08, "Control Plane Independent" }, 171 { BFD_FLAG_AUTH, "Authentication Present" }, 172 { 0x02, "Demand" }, 173 { 0x01, "Multipoint" }, 174 { 0, NULL } 175 }; 176 177 static const struct tok bfd_v1_state_values[] = { 178 { 0, "AdminDown" }, 179 { 1, "Down" }, 180 { 2, "Init" }, 181 { 3, "Up" }, 182 { 0, NULL } 183 }; 184 185 static int 186 auth_print(netdissect_options *ndo, register const u_char *pptr) 187 { 188 const struct bfd_auth_header_t *bfd_auth_header; 189 int i; 190 191 pptr += sizeof (const struct bfd_header_t); 192 bfd_auth_header = (const struct bfd_auth_header_t *)pptr; 193 ND_TCHECK(*bfd_auth_header); 194 ND_PRINT((ndo, "\n\tAuthentication: %s (%u), length: %u", 195 tok2str(bfd_v1_authentication_values,"Unknown",bfd_auth_header->auth_type), 196 bfd_auth_header->auth_type, 197 bfd_auth_header->auth_len)); 198 pptr += 2; 199 ND_PRINT((ndo, "\n\t Auth Key ID: %d", *pptr)); 200 201 switch(bfd_auth_header->auth_type) { 202 case AUTH_PASSWORD: 203 /* 204 * Simple Password Authentication Section Format 205 * 206 * 0 1 2 3 207 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 * | Auth Type | Auth Len | Auth Key ID | Password... | 210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 * | ... | 212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 */ 214 if (bfd_auth_header->auth_len < AUTH_PASSWORD_FIELD_MIN_LEN || 215 bfd_auth_header->auth_len > AUTH_PASSWORD_FIELD_MAX_LEN) { 216 ND_PRINT((ndo, "[invalid length %d]", 217 bfd_auth_header->auth_len)); 218 break; 219 } 220 pptr++; 221 ND_PRINT((ndo, ", Password: ")); 222 /* the length is equal to the password length plus three */ 223 if (fn_printn(ndo, pptr, bfd_auth_header->auth_len - 3, 224 ndo->ndo_snapend)) 225 goto trunc; 226 break; 227 case AUTH_MD5: 228 case AUTH_MET_MD5: 229 /* 230 * Keyed MD5 and Meticulous Keyed MD5 Authentication Section Format 231 * 232 * 0 1 2 3 233 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 234 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 235 * | Auth Type | Auth Len | Auth Key ID | Reserved | 236 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 * | Sequence Number | 238 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 * | Auth Key/Digest... | 240 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 * | ... | 242 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 */ 244 if (bfd_auth_header->auth_len != AUTH_MD5_FIELD_LEN) { 245 ND_PRINT((ndo, "[invalid length %d]", 246 bfd_auth_header->auth_len)); 247 break; 248 } 249 pptr += 2; 250 ND_TCHECK2(*pptr, 4); 251 ND_PRINT((ndo, ", Sequence Number: 0x%08x", EXTRACT_32BITS(pptr))); 252 pptr += 4; 253 ND_TCHECK2(*pptr, AUTH_MD5_HASH_LEN); 254 ND_PRINT((ndo, "\n\t Digest: ")); 255 for(i = 0; i < AUTH_MD5_HASH_LEN; i++) 256 ND_PRINT((ndo, "%02x", pptr[i])); 257 break; 258 case AUTH_SHA1: 259 case AUTH_MET_SHA1: 260 /* 261 * Keyed SHA1 and Meticulous Keyed SHA1 Authentication Section Format 262 * 263 * 0 1 2 3 264 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 265 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 266 * | Auth Type | Auth Len | Auth Key ID | Reserved | 267 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 268 * | Sequence Number | 269 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 270 * | Auth Key/Hash... | 271 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 272 * | ... | 273 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 274 */ 275 if (bfd_auth_header->auth_len != AUTH_SHA1_FIELD_LEN) { 276 ND_PRINT((ndo, "[invalid length %d]", 277 bfd_auth_header->auth_len)); 278 break; 279 } 280 pptr += 2; 281 ND_TCHECK2(*pptr, 4); 282 ND_PRINT((ndo, ", Sequence Number: 0x%08x", EXTRACT_32BITS(pptr))); 283 pptr += 4; 284 ND_TCHECK2(*pptr, AUTH_SHA1_HASH_LEN); 285 ND_PRINT((ndo, "\n\t Hash: ")); 286 for(i = 0; i < AUTH_SHA1_HASH_LEN; i++) 287 ND_PRINT((ndo, "%02x", pptr[i])); 288 break; 289 } 290 return 0; 291 292 trunc: 293 return 1; 294 } 295 296 void 297 bfd_print(netdissect_options *ndo, register const u_char *pptr, 298 register u_int len, register u_int port) 299 { 300 const struct bfd_header_t *bfd_header; 301 uint8_t version = 0; 302 303 bfd_header = (const struct bfd_header_t *)pptr; 304 if (port == BFD_CONTROL_PORT) { 305 ND_TCHECK(*bfd_header); 306 version = BFD_EXTRACT_VERSION(bfd_header->version_diag); 307 } else if (port == BFD_ECHO_PORT) { 308 /* Echo is BFD v1 only */ 309 version = 1; 310 } 311 switch ((port << 8) | version) { 312 313 /* BFDv0 */ 314 case (BFD_CONTROL_PORT << 8): 315 if (ndo->ndo_vflag < 1) 316 { 317 ND_PRINT((ndo, "BFDv%u, %s, Flags: [%s], length: %u", 318 version, 319 tok2str(bfd_port_values, "unknown (%u)", port), 320 bittok2str(bfd_v0_flag_values, "none", bfd_header->flags), 321 len)); 322 return; 323 } 324 325 ND_PRINT((ndo, "BFDv%u, length: %u\n\t%s, Flags: [%s], Diagnostic: %s (0x%02x)", 326 version, 327 len, 328 tok2str(bfd_port_values, "unknown (%u)", port), 329 bittok2str(bfd_v0_flag_values, "none", bfd_header->flags), 330 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(bfd_header->version_diag)), 331 BFD_EXTRACT_DIAG(bfd_header->version_diag))); 332 333 ND_PRINT((ndo, "\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u", 334 bfd_header->detect_time_multiplier, 335 bfd_header->detect_time_multiplier * EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000, 336 bfd_header->length)); 337 338 339 ND_PRINT((ndo, "\n\tMy Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->my_discriminator))); 340 ND_PRINT((ndo, ", Your Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->your_discriminator))); 341 ND_PRINT((ndo, "\n\t Desired min Tx Interval: %4u ms", EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000)); 342 ND_PRINT((ndo, "\n\t Required min Rx Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_rx_interval)/1000)); 343 ND_PRINT((ndo, "\n\t Required min Echo Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_echo_interval)/1000)); 344 break; 345 346 /* BFDv1 */ 347 case (BFD_CONTROL_PORT << 8 | 1): 348 if (ndo->ndo_vflag < 1) 349 { 350 ND_PRINT((ndo, "BFDv%u, %s, State %s, Flags: [%s], length: %u", 351 version, 352 tok2str(bfd_port_values, "unknown (%u)", port), 353 tok2str(bfd_v1_state_values, "unknown (%u)", (bfd_header->flags & 0xc0) >> 6), 354 bittok2str(bfd_v1_flag_values, "none", bfd_header->flags & 0x3f), 355 len)); 356 return; 357 } 358 359 ND_PRINT((ndo, "BFDv%u, length: %u\n\t%s, State %s, Flags: [%s], Diagnostic: %s (0x%02x)", 360 version, 361 len, 362 tok2str(bfd_port_values, "unknown (%u)", port), 363 tok2str(bfd_v1_state_values, "unknown (%u)", (bfd_header->flags & 0xc0) >> 6), 364 bittok2str(bfd_v1_flag_values, "none", bfd_header->flags & 0x3f), 365 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(bfd_header->version_diag)), 366 BFD_EXTRACT_DIAG(bfd_header->version_diag))); 367 368 ND_PRINT((ndo, "\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u", 369 bfd_header->detect_time_multiplier, 370 bfd_header->detect_time_multiplier * EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000, 371 bfd_header->length)); 372 373 374 ND_PRINT((ndo, "\n\tMy Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->my_discriminator))); 375 ND_PRINT((ndo, ", Your Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->your_discriminator))); 376 ND_PRINT((ndo, "\n\t Desired min Tx Interval: %4u ms", EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000)); 377 ND_PRINT((ndo, "\n\t Required min Rx Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_rx_interval)/1000)); 378 ND_PRINT((ndo, "\n\t Required min Echo Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_echo_interval)/1000)); 379 380 if (bfd_header->flags & BFD_FLAG_AUTH) { 381 if (auth_print(ndo, pptr)) 382 goto trunc; 383 } 384 break; 385 386 /* BFDv0 */ 387 case (BFD_ECHO_PORT << 8): /* not yet supported - fall through */ 388 /* BFDv1 */ 389 case (BFD_ECHO_PORT << 8 | 1): 390 391 default: 392 ND_PRINT((ndo, "BFD, %s, length: %u", 393 tok2str(bfd_port_values, "unknown (%u)", port), 394 len)); 395 if (ndo->ndo_vflag >= 1) { 396 if(!print_unknown_data(ndo, pptr,"\n\t",len)) 397 return; 398 } 399 break; 400 } 401 return; 402 403 trunc: 404 ND_PRINT((ndo, "[|BFD]")); 405 } 406 /* 407 * Local Variables: 408 * c-style: whitesmith 409 * c-basic-offset: 8 410 * End: 411 */ 412