1 /* 2 * Copyright (c) 2016 Antonin Décimo, Jean-Raphaël Gaglione 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Neither the name of the project nor the names of its contributors 13 * may be used to endorse or promote products derived from this software 14 * without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 #ifndef lint 31 __RCSID("$NetBSD: print-hncp.c,v 1.6 2019/10/01 16:06:16 christos Exp $"); 32 #endif 33 34 /* \summary: Home Networking Control Protocol (HNCP) printer */ 35 36 #ifdef HAVE_CONFIG_H 37 #include "config.h" 38 #endif 39 40 #include <netdissect-stdinc.h> 41 42 #include <stdlib.h> 43 #include <string.h> 44 45 #include "netdissect.h" 46 #include "addrtoname.h" 47 #include "extract.h" 48 49 static void 50 hncp_print_rec(netdissect_options *ndo, 51 const u_char *cp, u_int length, int indent); 52 53 void 54 hncp_print(netdissect_options *ndo, 55 const u_char *cp, u_int length) 56 { 57 ND_PRINT((ndo, "hncp (%d)", length)); 58 hncp_print_rec(ndo, cp, length, 1); 59 } 60 61 /* RFC7787 */ 62 #define DNCP_REQUEST_NETWORK_STATE 1 63 #define DNCP_REQUEST_NODE_STATE 2 64 #define DNCP_NODE_ENDPOINT 3 65 #define DNCP_NETWORK_STATE 4 66 #define DNCP_NODE_STATE 5 67 #define DNCP_PEER 8 68 #define DNCP_KEEP_ALIVE_INTERVAL 9 69 #define DNCP_TRUST_VERDICT 10 70 71 /* RFC7788 */ 72 #define HNCP_HNCP_VERSION 32 73 #define HNCP_EXTERNAL_CONNECTION 33 74 #define HNCP_DELEGATED_PREFIX 34 75 #define HNCP_PREFIX_POLICY 43 76 #define HNCP_DHCPV4_DATA 37 /* This is correct, see RFC 7788 Errata ID 5113. */ 77 #define HNCP_DHCPV6_DATA 38 /* idem */ 78 #define HNCP_ASSIGNED_PREFIX 35 79 #define HNCP_NODE_ADDRESS 36 80 #define HNCP_DNS_DELEGATED_ZONE 39 81 #define HNCP_DOMAIN_NAME 40 82 #define HNCP_NODE_NAME 41 83 #define HNCP_MANAGED_PSK 42 84 85 /* See type_mask in hncp_print_rec below */ 86 #define RANGE_DNCP_RESERVED 0x10000 87 #define RANGE_HNCP_UNASSIGNED 0x10001 88 #define RANGE_DNCP_PRIVATE_USE 0x10002 89 #define RANGE_DNCP_FUTURE_USE 0x10003 90 91 static const struct tok type_values[] = { 92 { DNCP_REQUEST_NETWORK_STATE, "Request network state" }, 93 { DNCP_REQUEST_NODE_STATE, "Request node state" }, 94 { DNCP_NODE_ENDPOINT, "Node endpoint" }, 95 { DNCP_NETWORK_STATE, "Network state" }, 96 { DNCP_NODE_STATE, "Node state" }, 97 { DNCP_PEER, "Peer" }, 98 { DNCP_KEEP_ALIVE_INTERVAL, "Keep-alive interval" }, 99 { DNCP_TRUST_VERDICT, "Trust-Verdict" }, 100 101 { HNCP_HNCP_VERSION, "HNCP-Version" }, 102 { HNCP_EXTERNAL_CONNECTION, "External-Connection" }, 103 { HNCP_DELEGATED_PREFIX, "Delegated-Prefix" }, 104 { HNCP_PREFIX_POLICY, "Prefix-Policy" }, 105 { HNCP_DHCPV4_DATA, "DHCPv4-Data" }, 106 { HNCP_DHCPV6_DATA, "DHCPv6-Data" }, 107 { HNCP_ASSIGNED_PREFIX, "Assigned-Prefix" }, 108 { HNCP_NODE_ADDRESS, "Node-Address" }, 109 { HNCP_DNS_DELEGATED_ZONE, "DNS-Delegated-Zone" }, 110 { HNCP_DOMAIN_NAME, "Domain-Name" }, 111 { HNCP_NODE_NAME, "Node-Name" }, 112 { HNCP_MANAGED_PSK, "Managed-PSK" }, 113 114 { RANGE_DNCP_RESERVED, "Reserved" }, 115 { RANGE_HNCP_UNASSIGNED, "Unassigned" }, 116 { RANGE_DNCP_PRIVATE_USE, "Private use" }, 117 { RANGE_DNCP_FUTURE_USE, "Future use" }, 118 119 { 0, NULL} 120 }; 121 122 #define DH4OPT_DNS_SERVERS 6 /* RFC2132 */ 123 #define DH4OPT_NTP_SERVERS 42 /* RFC2132 */ 124 #define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */ 125 126 static const struct tok dh4opt_str[] = { 127 { DH4OPT_DNS_SERVERS, "DNS-server" }, 128 { DH4OPT_NTP_SERVERS, "NTP-server"}, 129 { DH4OPT_DOMAIN_SEARCH, "DNS-search" }, 130 { 0, NULL } 131 }; 132 133 #define DH6OPT_DNS_SERVERS 23 /* RFC3646 */ 134 #define DH6OPT_DOMAIN_LIST 24 /* RFC3646 */ 135 #define DH6OPT_SNTP_SERVERS 31 /* RFC4075 */ 136 137 static const struct tok dh6opt_str[] = { 138 { DH6OPT_DNS_SERVERS, "DNS-server" }, 139 { DH6OPT_DOMAIN_LIST, "DNS-search-list" }, 140 { DH6OPT_SNTP_SERVERS, "SNTP-servers" }, 141 { 0, NULL } 142 }; 143 144 /* 145 * For IPv4-mapped IPv6 addresses, length of the prefix that precedes 146 * the 4 bytes of IPv4 address at the end of the IPv6 address. 147 */ 148 #define IPV4_MAPPED_HEADING_LEN 12 149 150 /* 151 * Is an IPv6 address an IPv4-mapped address? 152 */ 153 static inline int 154 is_ipv4_mapped_address(const u_char *addr) 155 { 156 /* The value of the prefix */ 157 static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] = 158 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }; 159 160 return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0; 161 } 162 163 static const char * 164 format_nid(const u_char *data) 165 { 166 static char buf[4][sizeof("01:01:01:01")]; 167 static int i = 0; 168 i = (i + 1) % 4; 169 snprintf(buf[i], sizeof(buf[i]), "%02x:%02x:%02x:%02x", 170 data[0], data[1], data[2], data[3]); 171 return buf[i]; 172 } 173 174 static const char * 175 format_256(const u_char *data) 176 { 177 static char buf[4][sizeof("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")]; 178 static int i = 0; 179 i = (i + 1) % 4; 180 snprintf(buf[i], sizeof(buf[i]), "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64, 181 EXTRACT_64BITS(data), 182 EXTRACT_64BITS(data + 8), 183 EXTRACT_64BITS(data + 16), 184 EXTRACT_64BITS(data + 24) 185 ); 186 return buf[i]; 187 } 188 189 static const char * 190 format_interval(const uint32_t n) 191 { 192 static char buf[4][sizeof("0000000.000s")]; 193 static int i = 0; 194 i = (i + 1) % 4; 195 snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000); 196 return buf[i]; 197 } 198 199 static const char * 200 format_ip6addr(netdissect_options *ndo, const u_char *cp) 201 { 202 if (is_ipv4_mapped_address(cp)) 203 return ipaddr_string(ndo, cp + IPV4_MAPPED_HEADING_LEN); 204 else 205 return ip6addr_string(ndo, cp); 206 } 207 208 static int 209 print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length) 210 { 211 int plenbytes; 212 char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")]; 213 214 if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 && 215 is_ipv4_mapped_address(&prefix[1])) { 216 struct in_addr addr; 217 u_int plen; 218 219 plen = prefix[0]-96; 220 if (32 < plen) 221 return -1; 222 max_length -= 1; 223 224 memset(&addr, 0, sizeof(addr)); 225 plenbytes = (plen + 7) / 8; 226 if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN) 227 return -3; 228 memcpy(&addr, &prefix[1 + IPV4_MAPPED_HEADING_LEN], plenbytes); 229 if (plen % 8) { 230 ((u_char *)&addr)[plenbytes - 1] &= 231 ((0xff00 >> (plen % 8)) & 0xff); 232 } 233 snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen); 234 plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; 235 } else { 236 plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); 237 if (plenbytes < 0) 238 return plenbytes; 239 } 240 241 ND_PRINT((ndo, "%s", buf)); 242 return plenbytes; 243 } 244 245 static int 246 print_dns_label(netdissect_options *ndo, 247 const u_char *cp, u_int max_length, int print) 248 { 249 u_int length = 0; 250 while (length < max_length) { 251 u_int lab_length = cp[length++]; 252 if (lab_length == 0) 253 return (int)length; 254 if (length > 1 && print) 255 safeputchar(ndo, '.'); 256 if (length+lab_length > max_length) { 257 if (print) 258 safeputs(ndo, cp+length, max_length-length); 259 break; 260 } 261 if (print) 262 safeputs(ndo, cp+length, lab_length); 263 length += lab_length; 264 } 265 if (print) 266 ND_PRINT((ndo, "[|DNS]")); 267 return -1; 268 } 269 270 static int 271 dhcpv4_print(netdissect_options *ndo, 272 const u_char *cp, u_int length, int indent) 273 { 274 u_int i, t; 275 const u_char *tlv, *value; 276 uint8_t type, optlen; 277 278 i = 0; 279 while (i < length) { 280 if (i + 2 > length) 281 return -1; 282 tlv = cp + i; 283 type = (uint8_t)tlv[0]; 284 optlen = (uint8_t)tlv[1]; 285 value = tlv + 2; 286 287 ND_PRINT((ndo, "\n")); 288 for (t = indent; t > 0; t--) 289 ND_PRINT((ndo, "\t")); 290 291 ND_PRINT((ndo, "%s", tok2str(dh4opt_str, "Unknown", type))); 292 ND_PRINT((ndo," (%u)", optlen + 2 )); 293 if (i + 2 + optlen > length) 294 return -1; 295 296 switch (type) { 297 case DH4OPT_DNS_SERVERS: 298 case DH4OPT_NTP_SERVERS: { 299 if (optlen < 4 || optlen % 4 != 0) { 300 return -1; 301 } 302 for (t = 0; t < optlen; t += 4) 303 ND_PRINT((ndo, " %s", ipaddr_string(ndo, value + t))); 304 } 305 break; 306 case DH4OPT_DOMAIN_SEARCH: { 307 const u_char *tp = value; 308 while (tp < value + optlen) { 309 ND_PRINT((ndo, " ")); 310 if ((tp = ns_nprint(ndo, tp, value + optlen)) == NULL) 311 return -1; 312 } 313 } 314 break; 315 } 316 317 i += 2 + optlen; 318 } 319 return 0; 320 } 321 322 static int 323 dhcpv6_print(netdissect_options *ndo, 324 const u_char *cp, u_int length, int indent) 325 { 326 u_int i, t; 327 const u_char *tlv, *value; 328 uint16_t type, optlen; 329 330 i = 0; 331 while (i < length) { 332 if (i + 4 > length) 333 return -1; 334 tlv = cp + i; 335 type = EXTRACT_16BITS(tlv); 336 optlen = EXTRACT_16BITS(tlv + 2); 337 value = tlv + 4; 338 339 ND_PRINT((ndo, "\n")); 340 for (t = indent; t > 0; t--) 341 ND_PRINT((ndo, "\t")); 342 343 ND_PRINT((ndo, "%s", tok2str(dh6opt_str, "Unknown", type))); 344 ND_PRINT((ndo," (%u)", optlen + 4 )); 345 if (i + 4 + optlen > length) 346 return -1; 347 348 switch (type) { 349 case DH6OPT_DNS_SERVERS: 350 case DH6OPT_SNTP_SERVERS: { 351 if (optlen % 16 != 0) { 352 ND_PRINT((ndo, " %s", istr)); 353 return -1; 354 } 355 for (t = 0; t < optlen; t += 16) 356 ND_PRINT((ndo, " %s", ip6addr_string(ndo, value + t))); 357 } 358 break; 359 case DH6OPT_DOMAIN_LIST: { 360 const u_char *tp = value; 361 while (tp < value + optlen) { 362 ND_PRINT((ndo, " ")); 363 if ((tp = ns_nprint(ndo, tp, value + optlen)) == NULL) 364 return -1; 365 } 366 } 367 break; 368 } 369 370 i += 4 + optlen; 371 } 372 return 0; 373 } 374 375 /* Determine in-line mode */ 376 static int 377 is_in_line(netdissect_options *ndo, int indent) 378 { 379 return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3; 380 } 381 382 static void 383 print_type_in_line(netdissect_options *ndo, 384 uint32_t type, int count, int indent, int *first_one) 385 { 386 if (count > 0) { 387 if (*first_one) { 388 *first_one = 0; 389 if (indent > 1) { 390 u_int t; 391 ND_PRINT((ndo, "\n")); 392 for (t = indent; t > 0; t--) 393 ND_PRINT((ndo, "\t")); 394 } else { 395 ND_PRINT((ndo, " ")); 396 } 397 } else { 398 ND_PRINT((ndo, ", ")); 399 } 400 ND_PRINT((ndo, "%s", tok2str(type_values, "Easter Egg", type))); 401 if (count > 1) 402 ND_PRINT((ndo, " (x%d)", count)); 403 } 404 } 405 406 void 407 hncp_print_rec(netdissect_options *ndo, 408 const u_char *cp, u_int length, int indent) 409 { 410 const int in_line = is_in_line(ndo, indent); 411 int first_one = 1; 412 413 u_int i, t; 414 415 uint32_t last_type_mask = 0xffffffffU; 416 int last_type_count = -1; 417 418 const u_char *tlv, *value; 419 uint16_t type, bodylen; 420 uint32_t type_mask; 421 422 i = 0; 423 while (i < length) { 424 tlv = cp + i; 425 426 if (!in_line) { 427 ND_PRINT((ndo, "\n")); 428 for (t = indent; t > 0; t--) 429 ND_PRINT((ndo, "\t")); 430 } 431 432 ND_TCHECK2(*tlv, 4); 433 if (i + 4 > length) 434 goto invalid; 435 436 type = EXTRACT_16BITS(tlv); 437 bodylen = EXTRACT_16BITS(tlv + 2); 438 value = tlv + 4; 439 ND_TCHECK2(*value, bodylen); 440 if (i + bodylen + 4 > length) 441 goto invalid; 442 443 type_mask = 444 (type == 0) ? RANGE_DNCP_RESERVED: 445 (44 <= type && type <= 511) ? RANGE_HNCP_UNASSIGNED: 446 (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE: 447 RANGE_DNCP_FUTURE_USE; 448 if (type == 6 || type == 7) 449 type_mask = RANGE_DNCP_FUTURE_USE; 450 451 /* defined types */ 452 { 453 t = 0; 454 while (1) { 455 u_int key = type_values[t++].v; 456 if (key > 0xffff) 457 break; 458 if (key == type) { 459 type_mask = type; 460 break; 461 } 462 } 463 } 464 465 if (in_line) { 466 if (last_type_mask == type_mask) { 467 last_type_count++; 468 } else { 469 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 470 last_type_mask = type_mask; 471 last_type_count = 1; 472 } 473 474 goto skip_multiline; 475 } 476 477 ND_PRINT((ndo,"%s", tok2str(type_values, "Easter Egg (42)", type_mask) )); 478 if (type_mask > 0xffff) 479 ND_PRINT((ndo,": type=%u", type )); 480 ND_PRINT((ndo," (%u)", bodylen + 4 )); 481 482 switch (type_mask) { 483 484 case DNCP_REQUEST_NETWORK_STATE: { 485 if (bodylen != 0) 486 ND_PRINT((ndo, " %s", istr)); 487 } 488 break; 489 490 case DNCP_REQUEST_NODE_STATE: { 491 const char *node_identifier; 492 if (bodylen != 4) { 493 ND_PRINT((ndo, " %s", istr)); 494 break; 495 } 496 node_identifier = format_nid(value); 497 ND_PRINT((ndo, " NID: %s", node_identifier)); 498 } 499 break; 500 501 case DNCP_NODE_ENDPOINT: { 502 const char *node_identifier; 503 uint32_t endpoint_identifier; 504 if (bodylen != 8) { 505 ND_PRINT((ndo, " %s", istr)); 506 break; 507 } 508 node_identifier = format_nid(value); 509 endpoint_identifier = EXTRACT_32BITS(value + 4); 510 ND_PRINT((ndo, " NID: %s EPID: %08x", 511 node_identifier, 512 endpoint_identifier 513 )); 514 } 515 break; 516 517 case DNCP_NETWORK_STATE: { 518 uint64_t hash; 519 if (bodylen != 8) { 520 ND_PRINT((ndo, " %s", istr)); 521 break; 522 } 523 hash = EXTRACT_64BITS(value); 524 ND_PRINT((ndo, " hash: %016" PRIx64, hash)); 525 } 526 break; 527 528 case DNCP_NODE_STATE: { 529 const char *node_identifier, *interval; 530 uint32_t sequence_number; 531 uint64_t hash; 532 if (bodylen < 20) { 533 ND_PRINT((ndo, " %s", istr)); 534 break; 535 } 536 node_identifier = format_nid(value); 537 sequence_number = EXTRACT_32BITS(value + 4); 538 interval = format_interval(EXTRACT_32BITS(value + 8)); 539 hash = EXTRACT_64BITS(value + 12); 540 ND_PRINT((ndo, " NID: %s seqno: %u %s hash: %016" PRIx64, 541 node_identifier, 542 sequence_number, 543 interval, 544 hash 545 )); 546 hncp_print_rec(ndo, value+20, bodylen-20, indent+1); 547 } 548 break; 549 550 case DNCP_PEER: { 551 const char *peer_node_identifier; 552 uint32_t peer_endpoint_identifier, endpoint_identifier; 553 if (bodylen != 12) { 554 ND_PRINT((ndo, " %s", istr)); 555 break; 556 } 557 peer_node_identifier = format_nid(value); 558 peer_endpoint_identifier = EXTRACT_32BITS(value + 4); 559 endpoint_identifier = EXTRACT_32BITS(value + 8); 560 ND_PRINT((ndo, " Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x", 561 peer_node_identifier, 562 peer_endpoint_identifier, 563 endpoint_identifier 564 )); 565 } 566 break; 567 568 case DNCP_KEEP_ALIVE_INTERVAL: { 569 uint32_t endpoint_identifier; 570 const char *interval; 571 if (bodylen < 8) { 572 ND_PRINT((ndo, " %s", istr)); 573 break; 574 } 575 endpoint_identifier = EXTRACT_32BITS(value); 576 interval = format_interval(EXTRACT_32BITS(value + 4)); 577 ND_PRINT((ndo, " EPID: %08x Interval: %s", 578 endpoint_identifier, 579 interval 580 )); 581 } 582 break; 583 584 case DNCP_TRUST_VERDICT: { 585 if (bodylen <= 36) { 586 ND_PRINT((ndo, " %s", istr)); 587 break; 588 } 589 ND_PRINT((ndo, " Verdict: %u Fingerprint: %s Common Name: ", 590 *value, 591 format_256(value + 4))); 592 safeputs(ndo, value + 36, bodylen - 36); 593 } 594 break; 595 596 case HNCP_HNCP_VERSION: { 597 uint16_t capabilities; 598 uint8_t M, P, H, L; 599 if (bodylen < 5) { 600 ND_PRINT((ndo, " %s", istr)); 601 break; 602 } 603 capabilities = EXTRACT_16BITS(value + 2); 604 M = (uint8_t)((capabilities >> 12) & 0xf); 605 P = (uint8_t)((capabilities >> 8) & 0xf); 606 H = (uint8_t)((capabilities >> 4) & 0xf); 607 L = (uint8_t)(capabilities & 0xf); 608 ND_PRINT((ndo, " M: %u P: %u H: %u L: %u User-agent: ", 609 M, P, H, L 610 )); 611 safeputs(ndo, value + 4, bodylen - 4); 612 } 613 break; 614 615 case HNCP_EXTERNAL_CONNECTION: { 616 /* Container TLV */ 617 hncp_print_rec(ndo, value, bodylen, indent+1); 618 } 619 break; 620 621 case HNCP_DELEGATED_PREFIX: { 622 int l; 623 if (bodylen < 9 || bodylen < 9 + (value[8] + 7) / 8) { 624 ND_PRINT((ndo, " %s", istr)); 625 break; 626 } 627 ND_PRINT((ndo, " VLSO: %s PLSO: %s Prefix: ", 628 format_interval(EXTRACT_32BITS(value)), 629 format_interval(EXTRACT_32BITS(value + 4)) 630 )); 631 l = print_prefix(ndo, value + 8, bodylen - 8); 632 if (l == -1) { 633 ND_PRINT((ndo, "(length is invalid)")); 634 break; 635 } 636 if (l < 0) { 637 /* 638 * We've already checked that we've captured the 639 * entire TLV, based on its length, so this will 640 * either be -1, meaning "the prefix length is 641 * greater than the longest possible address of 642 * that type" (i.e., > 32 for IPv4 or > 128 for 643 * IPv6", or -3, meaning "the prefix runs past 644 * the end of the TLV". 645 */ 646 ND_PRINT((ndo, " %s", istr)); 647 break; 648 } 649 l += 8 + (-l & 3); 650 651 if (bodylen >= l) 652 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 653 } 654 break; 655 656 case HNCP_PREFIX_POLICY: { 657 uint8_t policy; 658 int l; 659 if (bodylen < 1) { 660 ND_PRINT((ndo, " %s", istr)); 661 break; 662 } 663 policy = value[0]; 664 ND_PRINT((ndo, " type: ")); 665 if (policy == 0) { 666 if (bodylen != 1) { 667 ND_PRINT((ndo, " %s", istr)); 668 break; 669 } 670 ND_PRINT((ndo, "Internet connectivity")); 671 } else if (policy >= 1 && policy <= 128) { 672 ND_PRINT((ndo, "Dest-Prefix: ")); 673 l = print_prefix(ndo, value, bodylen); 674 if (l == -1) { 675 ND_PRINT((ndo, "(length is invalid)")); 676 break; 677 } 678 if (l < 0) { 679 /* 680 * We've already checked that we've captured the 681 * entire TLV, based on its length, so this will 682 * either be -1, meaning "the prefix length is 683 * greater than the longest possible address of 684 * that type" (i.e., > 32 for IPv4 or > 128 for 685 * IPv6", or -3, meaning "the prefix runs past 686 * the end of the TLV". 687 */ 688 ND_PRINT((ndo, " %s", istr)); 689 break; 690 } 691 } else if (policy == 129) { 692 ND_PRINT((ndo, "DNS domain: ")); 693 print_dns_label(ndo, value+1, bodylen-1, 1); 694 } else if (policy == 130) { 695 ND_PRINT((ndo, "Opaque UTF-8: ")); 696 safeputs(ndo, value + 1, bodylen - 1); 697 } else if (policy == 131) { 698 if (bodylen != 1) { 699 ND_PRINT((ndo, " %s", istr)); 700 break; 701 } 702 ND_PRINT((ndo, "Restrictive assignment")); 703 } else if (policy >= 132) { 704 ND_PRINT((ndo, "Unknown (%u)", policy)); /* Reserved for future additions */ 705 } 706 } 707 break; 708 709 case HNCP_DHCPV4_DATA: { 710 if (bodylen == 0) { 711 ND_PRINT((ndo, " %s", istr)); 712 break; 713 } 714 if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0) 715 goto invalid; 716 } 717 break; 718 719 case HNCP_DHCPV6_DATA: { 720 if (bodylen == 0) { 721 ND_PRINT((ndo, " %s", istr)); 722 break; 723 } 724 if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) { 725 ND_PRINT((ndo, " %s", istr)); 726 break; 727 } 728 } 729 break; 730 731 case HNCP_ASSIGNED_PREFIX: { 732 uint8_t prty; 733 int l; 734 if (bodylen < 6 || bodylen < 6 + (value[5] + 7) / 8) { 735 ND_PRINT((ndo, " %s", istr)); 736 break; 737 } 738 prty = (uint8_t)(value[4] & 0xf); 739 ND_PRINT((ndo, " EPID: %08x Prty: %u", 740 EXTRACT_32BITS(value), 741 prty 742 )); 743 ND_PRINT((ndo, " Prefix: ")); 744 if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) { 745 ND_PRINT((ndo, " %s", istr)); 746 break; 747 } 748 l += 5; 749 l += -l & 3; 750 751 if (bodylen >= l) 752 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 753 } 754 break; 755 756 case HNCP_NODE_ADDRESS: { 757 uint32_t endpoint_identifier; 758 const char *ip_address; 759 if (bodylen < 20) { 760 ND_PRINT((ndo, " %s", istr)); 761 break; 762 } 763 endpoint_identifier = EXTRACT_32BITS(value); 764 ip_address = format_ip6addr(ndo, value + 4); 765 ND_PRINT((ndo, " EPID: %08x IP Address: %s", 766 endpoint_identifier, 767 ip_address 768 )); 769 770 hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1); 771 } 772 break; 773 774 case HNCP_DNS_DELEGATED_ZONE: { 775 const char *ip_address; 776 int len; 777 if (bodylen < 17) { 778 ND_PRINT((ndo, " %s", istr)); 779 break; 780 } 781 ip_address = format_ip6addr(ndo, value); 782 ND_PRINT((ndo, " IP-Address: %s %c%c%c ", 783 ip_address, 784 (value[16] & 4) ? 'l' : '-', 785 (value[16] & 2) ? 'b' : '-', 786 (value[16] & 1) ? 's' : '-' 787 )); 788 len = print_dns_label(ndo, value+17, bodylen-17, 1); 789 if (len < 0) { 790 ND_PRINT((ndo, " %s", istr)); 791 break; 792 } 793 len += 17; 794 len += -len & 3; 795 if (bodylen >= len) 796 hncp_print_rec(ndo, value+len, bodylen-len, indent+1); 797 } 798 break; 799 800 case HNCP_DOMAIN_NAME: { 801 if (bodylen == 0) { 802 ND_PRINT((ndo, " %s", istr)); 803 break; 804 } 805 ND_PRINT((ndo, " Domain: ")); 806 print_dns_label(ndo, value, bodylen, 1); 807 } 808 break; 809 810 case HNCP_NODE_NAME: { 811 u_int l; 812 if (bodylen < 17) { 813 ND_PRINT((ndo, " %s", istr)); 814 break; 815 } 816 l = value[16]; 817 if (bodylen < 17 + l) { 818 ND_PRINT((ndo, " %s", istr)); 819 break; 820 } 821 ND_PRINT((ndo, " IP-Address: %s Name: ", 822 format_ip6addr(ndo, value) 823 )); 824 if (l < 64) { 825 safeputchar(ndo, '"'); 826 safeputs(ndo, value + 17, l); 827 safeputchar(ndo, '"'); 828 } else { 829 ND_PRINT((ndo, "%s", istr)); 830 } 831 l += 17; 832 l += -l & 3; 833 if (bodylen >= l) 834 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 835 } 836 break; 837 838 case HNCP_MANAGED_PSK: { 839 if (bodylen < 32) { 840 ND_PRINT((ndo, " %s", istr)); 841 break; 842 } 843 ND_PRINT((ndo, " PSK: %s", format_256(value))); 844 hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1); 845 } 846 break; 847 848 case RANGE_DNCP_RESERVED: 849 case RANGE_HNCP_UNASSIGNED: 850 case RANGE_DNCP_PRIVATE_USE: 851 case RANGE_DNCP_FUTURE_USE: 852 break; 853 854 } 855 skip_multiline: 856 857 i += 4 + bodylen + (-bodylen & 3); 858 } 859 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 860 861 return; 862 863 trunc: 864 ND_PRINT((ndo, "%s", "[|hncp]")); 865 return; 866 867 invalid: 868 ND_PRINT((ndo, "%s", istr)); 869 return; 870 } 871