1 /* 2 * Copyright (c) 2016 Antonin Décimo, Jean-Raphaël Gaglione 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Neither the name of the project nor the names of its contributors 13 * may be used to endorse or promote products derived from this software 14 * without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 #ifndef lint 31 __RCSID("$NetBSD: print-hncp.c,v 1.4 2017/09/08 14:01:13 christos Exp $"); 32 #endif 33 34 /* \summary: Home Networking Control Protocol (HNCP) printer */ 35 36 #ifdef HAVE_CONFIG_H 37 #include "config.h" 38 #endif 39 40 #include <netdissect-stdinc.h> 41 42 #include <stdlib.h> 43 #include <string.h> 44 45 #include "netdissect.h" 46 #include "addrtoname.h" 47 #include "extract.h" 48 49 static void 50 hncp_print_rec(netdissect_options *ndo, 51 const u_char *cp, u_int length, int indent); 52 53 void 54 hncp_print(netdissect_options *ndo, 55 const u_char *cp, u_int length) 56 { 57 ND_PRINT((ndo, "hncp (%d)", length)); 58 hncp_print_rec(ndo, cp, length, 1); 59 } 60 61 /* RFC7787 */ 62 #define DNCP_REQUEST_NETWORK_STATE 1 63 #define DNCP_REQUEST_NODE_STATE 2 64 #define DNCP_NODE_ENDPOINT 3 65 #define DNCP_NETWORK_STATE 4 66 #define DNCP_NODE_STATE 5 67 #define DNCP_PEER 8 68 #define DNCP_KEEP_ALIVE_INTERVAL 9 69 #define DNCP_TRUST_VERDICT 10 70 71 /* RFC7788 */ 72 #define HNCP_HNCP_VERSION 32 73 #define HNCP_EXTERNAL_CONNECTION 33 74 #define HNCP_DELEGATED_PREFIX 34 75 #define HNCP_PREFIX_POLICY 43 76 #define HNCP_DHCPV4_DATA 37 77 #define HNCP_DHCPV6_DATA 38 78 #define HNCP_ASSIGNED_PREFIX 35 79 #define HNCP_NODE_ADDRESS 36 80 #define HNCP_DNS_DELEGATED_ZONE 39 81 #define HNCP_DOMAIN_NAME 40 82 #define HNCP_NODE_NAME 41 83 #define HNCP_MANAGED_PSK 42 84 85 /* See type_mask in hncp_print_rec below */ 86 #define RANGE_DNCP_RESERVED 0x10000 87 #define RANGE_HNCP_UNASSIGNED 0x10001 88 #define RANGE_DNCP_PRIVATE_USE 0x10002 89 #define RANGE_DNCP_FUTURE_USE 0x10003 90 91 static const struct tok type_values[] = { 92 { DNCP_REQUEST_NETWORK_STATE, "Request network state" }, 93 { DNCP_REQUEST_NODE_STATE, "Request node state" }, 94 { DNCP_NODE_ENDPOINT, "Node endpoint" }, 95 { DNCP_NETWORK_STATE, "Network state" }, 96 { DNCP_NODE_STATE, "Node state" }, 97 { DNCP_PEER, "Peer" }, 98 { DNCP_KEEP_ALIVE_INTERVAL, "Keep-alive interval" }, 99 { DNCP_TRUST_VERDICT, "Trust-Verdict" }, 100 101 { HNCP_HNCP_VERSION, "HNCP-Version" }, 102 { HNCP_EXTERNAL_CONNECTION, "External-Connection" }, 103 { HNCP_DELEGATED_PREFIX, "Delegated-Prefix" }, 104 { HNCP_PREFIX_POLICY, "Prefix-Policy" }, 105 { HNCP_DHCPV4_DATA, "DHCPv4-Data" }, 106 { HNCP_DHCPV6_DATA, "DHCPv6-Data" }, 107 { HNCP_ASSIGNED_PREFIX, "Assigned-Prefix" }, 108 { HNCP_NODE_ADDRESS, "Node-Address" }, 109 { HNCP_DNS_DELEGATED_ZONE, "DNS-Delegated-Zone" }, 110 { HNCP_DOMAIN_NAME, "Domain-Name" }, 111 { HNCP_NODE_NAME, "Node-Name" }, 112 { HNCP_MANAGED_PSK, "Managed-PSK" }, 113 114 { RANGE_DNCP_RESERVED, "Reserved" }, 115 { RANGE_HNCP_UNASSIGNED, "Unassigned" }, 116 { RANGE_DNCP_PRIVATE_USE, "Private use" }, 117 { RANGE_DNCP_FUTURE_USE, "Future use" }, 118 119 { 0, NULL} 120 }; 121 122 #define DH4OPT_DNS_SERVERS 6 /* RFC2132 */ 123 #define DH4OPT_NTP_SERVERS 42 /* RFC2132 */ 124 #define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */ 125 126 static const struct tok dh4opt_str[] = { 127 { DH4OPT_DNS_SERVERS, "DNS-server" }, 128 { DH4OPT_NTP_SERVERS, "NTP-server"}, 129 { DH4OPT_DOMAIN_SEARCH, "DNS-search" }, 130 { 0, NULL } 131 }; 132 133 #define DH6OPT_DNS_SERVERS 23 /* RFC3646 */ 134 #define DH6OPT_DOMAIN_LIST 24 /* RFC3646 */ 135 #define DH6OPT_SNTP_SERVERS 31 /* RFC4075 */ 136 137 static const struct tok dh6opt_str[] = { 138 { DH6OPT_DNS_SERVERS, "DNS-server" }, 139 { DH6OPT_DOMAIN_LIST, "DNS-search-list" }, 140 { DH6OPT_SNTP_SERVERS, "SNTP-servers" }, 141 { 0, NULL } 142 }; 143 144 /* 145 * For IPv4-mapped IPv6 addresses, length of the prefix that precedes 146 * the 4 bytes of IPv4 address at the end of the IPv6 address. 147 */ 148 #define IPV4_MAPPED_HEADING_LEN 12 149 150 /* 151 * Is an IPv6 address an IPv4-mapped address? 152 */ 153 static inline int 154 is_ipv4_mapped_address(const u_char *addr) 155 { 156 /* The value of the prefix */ 157 static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] = 158 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }; 159 160 return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0; 161 } 162 163 static const char * 164 format_nid(const u_char *data) 165 { 166 static char buf[4][11+5]; 167 static int i = 0; 168 i = (i + 1) % 4; 169 snprintf(buf[i], 16, "%02x:%02x:%02x:%02x", 170 data[0], data[1], data[2], data[3]); 171 return buf[i]; 172 } 173 174 static const char * 175 format_256(const u_char *data) 176 { 177 static char buf[4][64+5]; 178 static int i = 0; 179 i = (i + 1) % 4; 180 snprintf(buf[i], 28, "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64, 181 EXTRACT_64BITS(data), 182 EXTRACT_64BITS(data + 8), 183 EXTRACT_64BITS(data + 16), 184 EXTRACT_64BITS(data + 24) 185 ); 186 return buf[i]; 187 } 188 189 static const char * 190 format_interval(const uint32_t n) 191 { 192 static char buf[4][sizeof("0000000.000s")]; 193 static int i = 0; 194 i = (i + 1) % 4; 195 snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000); 196 return buf[i]; 197 } 198 199 static const char * 200 format_ip6addr(netdissect_options *ndo, const u_char *cp) 201 { 202 if (is_ipv4_mapped_address(cp)) 203 return ipaddr_string(ndo, cp + IPV4_MAPPED_HEADING_LEN); 204 else 205 return ip6addr_string(ndo, cp); 206 } 207 208 static int 209 print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length) 210 { 211 int plenbytes; 212 char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")]; 213 214 if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 && 215 is_ipv4_mapped_address(&prefix[1])) { 216 struct in_addr addr; 217 u_int plen; 218 219 plen = prefix[0]-96; 220 if (32 < plen) 221 return -1; 222 max_length -= 1; 223 224 memset(&addr, 0, sizeof(addr)); 225 plenbytes = (plen + 7) / 8; 226 if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN) 227 return -3; 228 memcpy(&addr, &prefix[1 + IPV4_MAPPED_HEADING_LEN], plenbytes); 229 if (plen % 8) { 230 ((u_char *)&addr)[plenbytes - 1] &= 231 ((0xff00 >> (plen % 8)) & 0xff); 232 } 233 snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen); 234 plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; 235 } else { 236 plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); 237 } 238 239 ND_PRINT((ndo, "%s", buf)); 240 return plenbytes; 241 } 242 243 static int 244 print_dns_label(netdissect_options *ndo, 245 const u_char *cp, u_int max_length, int print) 246 { 247 u_int length = 0; 248 while (length < max_length) { 249 u_int lab_length = cp[length++]; 250 if (lab_length == 0) 251 return (int)length; 252 if (length > 1 && print) 253 safeputchar(ndo, '.'); 254 if (length+lab_length > max_length) { 255 if (print) 256 safeputs(ndo, cp+length, max_length-length); 257 break; 258 } 259 if (print) 260 safeputs(ndo, cp+length, lab_length); 261 length += lab_length; 262 } 263 if (print) 264 ND_PRINT((ndo, "[|DNS]")); 265 return -1; 266 } 267 268 static int 269 dhcpv4_print(netdissect_options *ndo, 270 const u_char *cp, u_int length, int indent) 271 { 272 u_int i, t; 273 const u_char *tlv, *value; 274 uint8_t type, optlen; 275 276 i = 0; 277 while (i < length) { 278 if (i + 2 > length) 279 return -1; 280 tlv = cp + i; 281 type = (uint8_t)tlv[0]; 282 optlen = (uint8_t)tlv[1]; 283 value = tlv + 2; 284 285 ND_PRINT((ndo, "\n")); 286 for (t = indent; t > 0; t--) 287 ND_PRINT((ndo, "\t")); 288 289 ND_PRINT((ndo, "%s", tok2str(dh4opt_str, "Unknown", type))); 290 ND_PRINT((ndo," (%u)", optlen + 2 )); 291 if (i + 2 + optlen > length) 292 return -1; 293 294 switch (type) { 295 case DH4OPT_DNS_SERVERS: 296 case DH4OPT_NTP_SERVERS: { 297 if (optlen < 4 || optlen % 4 != 0) { 298 return -1; 299 } 300 for (t = 0; t < optlen; t += 4) 301 ND_PRINT((ndo, " %s", ipaddr_string(ndo, value + t))); 302 } 303 break; 304 case DH4OPT_DOMAIN_SEARCH: { 305 const u_char *tp = value; 306 while (tp < value + optlen) { 307 ND_PRINT((ndo, " ")); 308 if ((tp = ns_nprint(ndo, tp, value + optlen)) == NULL) 309 return -1; 310 } 311 } 312 break; 313 } 314 315 i += 2 + optlen; 316 } 317 return 0; 318 } 319 320 static int 321 dhcpv6_print(netdissect_options *ndo, 322 const u_char *cp, u_int length, int indent) 323 { 324 u_int i, t; 325 const u_char *tlv, *value; 326 uint16_t type, optlen; 327 328 i = 0; 329 while (i < length) { 330 if (i + 4 > length) 331 return -1; 332 tlv = cp + i; 333 type = EXTRACT_16BITS(tlv); 334 optlen = EXTRACT_16BITS(tlv + 2); 335 value = tlv + 4; 336 337 ND_PRINT((ndo, "\n")); 338 for (t = indent; t > 0; t--) 339 ND_PRINT((ndo, "\t")); 340 341 ND_PRINT((ndo, "%s", tok2str(dh6opt_str, "Unknown", type))); 342 ND_PRINT((ndo," (%u)", optlen + 4 )); 343 if (i + 4 + optlen > length) 344 return -1; 345 346 switch (type) { 347 case DH6OPT_DNS_SERVERS: 348 case DH6OPT_SNTP_SERVERS: { 349 if (optlen % 16 != 0) { 350 ND_PRINT((ndo, " %s", istr)); 351 return -1; 352 } 353 for (t = 0; t < optlen; t += 16) 354 ND_PRINT((ndo, " %s", ip6addr_string(ndo, value + t))); 355 } 356 break; 357 case DH6OPT_DOMAIN_LIST: { 358 const u_char *tp = value; 359 while (tp < value + optlen) { 360 ND_PRINT((ndo, " ")); 361 if ((tp = ns_nprint(ndo, tp, value + optlen)) == NULL) 362 return -1; 363 } 364 } 365 break; 366 } 367 368 i += 4 + optlen; 369 } 370 return 0; 371 } 372 373 /* Determine in-line mode */ 374 static int 375 is_in_line(netdissect_options *ndo, int indent) 376 { 377 return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3; 378 } 379 380 static void 381 print_type_in_line(netdissect_options *ndo, 382 uint32_t type, int count, int indent, int *first_one) 383 { 384 if (count > 0) { 385 if (*first_one) { 386 *first_one = 0; 387 if (indent > 1) { 388 u_int t; 389 ND_PRINT((ndo, "\n")); 390 for (t = indent; t > 0; t--) 391 ND_PRINT((ndo, "\t")); 392 } else { 393 ND_PRINT((ndo, " ")); 394 } 395 } else { 396 ND_PRINT((ndo, ", ")); 397 } 398 ND_PRINT((ndo, "%s", tok2str(type_values, "Easter Egg", type))); 399 if (count > 1) 400 ND_PRINT((ndo, " (x%d)", count)); 401 } 402 } 403 404 void 405 hncp_print_rec(netdissect_options *ndo, 406 const u_char *cp, u_int length, int indent) 407 { 408 const int in_line = is_in_line(ndo, indent); 409 int first_one = 1; 410 411 u_int i, t; 412 413 uint32_t last_type_mask = 0xffffffffU; 414 int last_type_count = -1; 415 416 const u_char *tlv, *value; 417 uint16_t type, bodylen; 418 uint32_t type_mask; 419 420 i = 0; 421 while (i < length) { 422 tlv = cp + i; 423 424 if (!in_line) { 425 ND_PRINT((ndo, "\n")); 426 for (t = indent; t > 0; t--) 427 ND_PRINT((ndo, "\t")); 428 } 429 430 ND_TCHECK2(*tlv, 4); 431 if (i + 4 > length) 432 goto invalid; 433 434 type = EXTRACT_16BITS(tlv); 435 bodylen = EXTRACT_16BITS(tlv + 2); 436 value = tlv + 4; 437 ND_TCHECK2(*value, bodylen); 438 if (i + bodylen + 4 > length) 439 goto invalid; 440 441 type_mask = 442 (type == 0) ? RANGE_DNCP_RESERVED: 443 (44 <= type && type <= 511) ? RANGE_HNCP_UNASSIGNED: 444 (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE: 445 RANGE_DNCP_FUTURE_USE; 446 if (type == 6 || type == 7) 447 type_mask = RANGE_DNCP_FUTURE_USE; 448 449 /* defined types */ 450 { 451 t = 0; 452 while (1) { 453 u_int key = type_values[t++].v; 454 if (key > 0xffff) 455 break; 456 if (key == type) { 457 type_mask = type; 458 break; 459 } 460 } 461 } 462 463 if (in_line) { 464 if (last_type_mask == type_mask) { 465 last_type_count++; 466 } else { 467 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 468 last_type_mask = type_mask; 469 last_type_count = 1; 470 } 471 472 goto skip_multiline; 473 } 474 475 ND_PRINT((ndo,"%s", tok2str(type_values, "Easter Egg (42)", type_mask) )); 476 if (type_mask > 0xffff) 477 ND_PRINT((ndo,": type=%u", type )); 478 ND_PRINT((ndo," (%u)", bodylen + 4 )); 479 480 switch (type_mask) { 481 482 case DNCP_REQUEST_NETWORK_STATE: { 483 if (bodylen != 0) 484 ND_PRINT((ndo, " %s", istr)); 485 } 486 break; 487 488 case DNCP_REQUEST_NODE_STATE: { 489 const char *node_identifier; 490 if (bodylen != 4) { 491 ND_PRINT((ndo, " %s", istr)); 492 break; 493 } 494 node_identifier = format_nid(value); 495 ND_PRINT((ndo, " NID: %s", node_identifier)); 496 } 497 break; 498 499 case DNCP_NODE_ENDPOINT: { 500 const char *node_identifier; 501 uint32_t endpoint_identifier; 502 if (bodylen != 8) { 503 ND_PRINT((ndo, " %s", istr)); 504 break; 505 } 506 node_identifier = format_nid(value); 507 endpoint_identifier = EXTRACT_32BITS(value + 4); 508 ND_PRINT((ndo, " NID: %s EPID: %08x", 509 node_identifier, 510 endpoint_identifier 511 )); 512 } 513 break; 514 515 case DNCP_NETWORK_STATE: { 516 uint64_t hash; 517 if (bodylen != 8) { 518 ND_PRINT((ndo, " %s", istr)); 519 break; 520 } 521 hash = EXTRACT_64BITS(value); 522 ND_PRINT((ndo, " hash: %016" PRIx64, hash)); 523 } 524 break; 525 526 case DNCP_NODE_STATE: { 527 const char *node_identifier, *interval; 528 uint32_t sequence_number; 529 uint64_t hash; 530 if (bodylen < 20) { 531 ND_PRINT((ndo, " %s", istr)); 532 break; 533 } 534 node_identifier = format_nid(value); 535 sequence_number = EXTRACT_32BITS(value + 4); 536 interval = format_interval(EXTRACT_32BITS(value + 8)); 537 hash = EXTRACT_64BITS(value + 12); 538 ND_PRINT((ndo, " NID: %s seqno: %u %s hash: %016" PRIx64, 539 node_identifier, 540 sequence_number, 541 interval, 542 hash 543 )); 544 hncp_print_rec(ndo, value+20, bodylen-20, indent+1); 545 } 546 break; 547 548 case DNCP_PEER: { 549 const char *peer_node_identifier; 550 uint32_t peer_endpoint_identifier, endpoint_identifier; 551 if (bodylen != 12) { 552 ND_PRINT((ndo, " %s", istr)); 553 break; 554 } 555 peer_node_identifier = format_nid(value); 556 peer_endpoint_identifier = EXTRACT_32BITS(value + 4); 557 endpoint_identifier = EXTRACT_32BITS(value + 8); 558 ND_PRINT((ndo, " Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x", 559 peer_node_identifier, 560 peer_endpoint_identifier, 561 endpoint_identifier 562 )); 563 } 564 break; 565 566 case DNCP_KEEP_ALIVE_INTERVAL: { 567 uint32_t endpoint_identifier; 568 const char *interval; 569 if (bodylen < 8) { 570 ND_PRINT((ndo, " %s", istr)); 571 break; 572 } 573 endpoint_identifier = EXTRACT_32BITS(value); 574 interval = format_interval(EXTRACT_32BITS(value + 4)); 575 ND_PRINT((ndo, " EPID: %08x Interval: %s", 576 endpoint_identifier, 577 interval 578 )); 579 } 580 break; 581 582 case DNCP_TRUST_VERDICT: { 583 if (bodylen <= 36) { 584 ND_PRINT((ndo, " %s", istr)); 585 break; 586 } 587 ND_PRINT((ndo, " Verdict: %u Fingerprint: %s Common Name: ", 588 *value, 589 format_256(value + 4))); 590 safeputs(ndo, value + 36, bodylen - 36); 591 } 592 break; 593 594 case HNCP_HNCP_VERSION: { 595 uint16_t capabilities; 596 uint8_t M, P, H, L; 597 if (bodylen < 5) { 598 ND_PRINT((ndo, " %s", istr)); 599 break; 600 } 601 capabilities = EXTRACT_16BITS(value + 2); 602 M = (uint8_t)((capabilities >> 12) & 0xf); 603 P = (uint8_t)((capabilities >> 8) & 0xf); 604 H = (uint8_t)((capabilities >> 4) & 0xf); 605 L = (uint8_t)(capabilities & 0xf); 606 ND_PRINT((ndo, " M: %u P: %u H: %u L: %u User-agent: ", 607 M, P, H, L 608 )); 609 safeputs(ndo, value + 4, bodylen - 4); 610 } 611 break; 612 613 case HNCP_EXTERNAL_CONNECTION: { 614 /* Container TLV */ 615 hncp_print_rec(ndo, value, bodylen, indent+1); 616 } 617 break; 618 619 case HNCP_DELEGATED_PREFIX: { 620 int l; 621 if (bodylen < 9 || bodylen < 9 + (value[8] + 7) / 8) { 622 ND_PRINT((ndo, " %s", istr)); 623 break; 624 } 625 ND_PRINT((ndo, " VLSO: %s PLSO: %s Prefix: ", 626 format_interval(EXTRACT_32BITS(value)), 627 format_interval(EXTRACT_32BITS(value + 4)) 628 )); 629 l = print_prefix(ndo, value + 8, bodylen - 8); 630 if (l == -1) { 631 ND_PRINT((ndo, "(length is invalid)")); 632 break; 633 } 634 if (l < 0) { 635 /* 636 * We've already checked that we've captured the 637 * entire TLV, based on its length, so this will 638 * either be -1, meaning "the prefix length is 639 * greater than the longest possible address of 640 * that type" (i.e., > 32 for IPv4 or > 128 for 641 * IPv6", or -3, meaning "the prefix runs past 642 * the end of the TLV". 643 */ 644 ND_PRINT((ndo, " %s", istr)); 645 break; 646 } 647 l += 8 + (-l & 3); 648 649 if (bodylen >= l) 650 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 651 } 652 break; 653 654 case HNCP_PREFIX_POLICY: { 655 uint8_t policy; 656 int l; 657 if (bodylen < 1) { 658 ND_PRINT((ndo, " %s", istr)); 659 break; 660 } 661 policy = value[0]; 662 ND_PRINT((ndo, " type: ")); 663 if (policy == 0) { 664 if (bodylen != 1) { 665 ND_PRINT((ndo, " %s", istr)); 666 break; 667 } 668 ND_PRINT((ndo, "Internet connectivity")); 669 } else if (policy >= 1 && policy <= 128) { 670 ND_PRINT((ndo, "Dest-Prefix: ")); 671 l = print_prefix(ndo, value, bodylen); 672 if (l == -1) { 673 ND_PRINT((ndo, "(length is invalid)")); 674 break; 675 } 676 if (l < 0) { 677 /* 678 * We've already checked that we've captured the 679 * entire TLV, based on its length, so this will 680 * either be -1, meaning "the prefix length is 681 * greater than the longest possible address of 682 * that type" (i.e., > 32 for IPv4 or > 128 for 683 * IPv6", or -3, meaning "the prefix runs past 684 * the end of the TLV". 685 */ 686 ND_PRINT((ndo, " %s", istr)); 687 break; 688 } 689 } else if (policy == 129) { 690 ND_PRINT((ndo, "DNS domain: ")); 691 print_dns_label(ndo, value+1, bodylen-1, 1); 692 } else if (policy == 130) { 693 ND_PRINT((ndo, "Opaque UTF-8: ")); 694 safeputs(ndo, value + 1, bodylen - 1); 695 } else if (policy == 131) { 696 if (bodylen != 1) { 697 ND_PRINT((ndo, " %s", istr)); 698 break; 699 } 700 ND_PRINT((ndo, "Restrictive assignment")); 701 } else if (policy >= 132) { 702 ND_PRINT((ndo, "Unknown (%u)", policy)); /* Reserved for future additions */ 703 } 704 } 705 break; 706 707 case HNCP_DHCPV4_DATA: { 708 if (bodylen == 0) { 709 ND_PRINT((ndo, " %s", istr)); 710 break; 711 } 712 if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0) 713 goto invalid; 714 } 715 break; 716 717 case HNCP_DHCPV6_DATA: { 718 if (bodylen == 0) { 719 ND_PRINT((ndo, " %s", istr)); 720 break; 721 } 722 if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) { 723 ND_PRINT((ndo, " %s", istr)); 724 break; 725 } 726 } 727 break; 728 729 case HNCP_ASSIGNED_PREFIX: { 730 uint8_t prty; 731 int l; 732 if (bodylen < 6 || bodylen < 6 + (value[5] + 7) / 8) { 733 ND_PRINT((ndo, " %s", istr)); 734 break; 735 } 736 prty = (uint8_t)(value[4] & 0xf); 737 ND_PRINT((ndo, " EPID: %08x Prty: %u", 738 EXTRACT_32BITS(value), 739 prty 740 )); 741 ND_PRINT((ndo, " Prefix: ")); 742 if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) { 743 ND_PRINT((ndo, " %s", istr)); 744 break; 745 } 746 l += 5; 747 l += -l & 3; 748 749 if (bodylen >= l) 750 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 751 } 752 break; 753 754 case HNCP_NODE_ADDRESS: { 755 uint32_t endpoint_identifier; 756 const char *ip_address; 757 if (bodylen < 20) { 758 ND_PRINT((ndo, " %s", istr)); 759 break; 760 } 761 endpoint_identifier = EXTRACT_32BITS(value); 762 ip_address = format_ip6addr(ndo, value + 4); 763 ND_PRINT((ndo, " EPID: %08x IP Address: %s", 764 endpoint_identifier, 765 ip_address 766 )); 767 768 hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1); 769 } 770 break; 771 772 case HNCP_DNS_DELEGATED_ZONE: { 773 const char *ip_address; 774 int len; 775 if (bodylen < 17) { 776 ND_PRINT((ndo, " %s", istr)); 777 break; 778 } 779 ip_address = format_ip6addr(ndo, value); 780 ND_PRINT((ndo, " IP-Address: %s %c%c%c ", 781 ip_address, 782 (value[16] & 4) ? 'l' : '-', 783 (value[16] & 2) ? 'b' : '-', 784 (value[16] & 1) ? 's' : '-' 785 )); 786 len = print_dns_label(ndo, value+17, bodylen-17, 1); 787 if (len < 0) { 788 ND_PRINT((ndo, " %s", istr)); 789 break; 790 } 791 len += 17; 792 len += -len & 3; 793 if (bodylen >= len) 794 hncp_print_rec(ndo, value+len, bodylen-len, indent+1); 795 } 796 break; 797 798 case HNCP_DOMAIN_NAME: { 799 if (bodylen == 0) { 800 ND_PRINT((ndo, " %s", istr)); 801 break; 802 } 803 ND_PRINT((ndo, " Domain: ")); 804 print_dns_label(ndo, value, bodylen, 1); 805 } 806 break; 807 808 case HNCP_NODE_NAME: { 809 u_int l; 810 if (bodylen < 17) { 811 ND_PRINT((ndo, " %s", istr)); 812 break; 813 } 814 l = value[16]; 815 if (bodylen < 17 + l) { 816 ND_PRINT((ndo, " %s", istr)); 817 break; 818 } 819 ND_PRINT((ndo, " IP-Address: %s Name: ", 820 format_ip6addr(ndo, value) 821 )); 822 if (l < 64) { 823 safeputchar(ndo, '"'); 824 safeputs(ndo, value + 17, l); 825 safeputchar(ndo, '"'); 826 } else { 827 ND_PRINT((ndo, "%s", istr)); 828 } 829 l += 17; 830 l += -l & 3; 831 if (bodylen >= l) 832 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 833 } 834 break; 835 836 case HNCP_MANAGED_PSK: { 837 if (bodylen < 32) { 838 ND_PRINT((ndo, " %s", istr)); 839 break; 840 } 841 ND_PRINT((ndo, " PSK: %s", format_256(value))); 842 hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1); 843 } 844 break; 845 846 case RANGE_DNCP_RESERVED: 847 case RANGE_HNCP_UNASSIGNED: 848 case RANGE_DNCP_PRIVATE_USE: 849 case RANGE_DNCP_FUTURE_USE: 850 break; 851 852 } 853 skip_multiline: 854 855 i += 4 + bodylen + (-bodylen & 3); 856 } 857 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 858 859 return; 860 861 trunc: 862 ND_PRINT((ndo, "%s", "[|hncp]")); 863 return; 864 865 invalid: 866 ND_PRINT((ndo, "%s", istr)); 867 return; 868 } 869