1 /* 2 * Copyright (c) 2016 Antonin Décimo, Jean-Raphaël Gaglione 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Neither the name of the project nor the names of its contributors 13 * may be used to endorse or promote products derived from this software 14 * without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 #ifndef lint 31 __RCSID("$NetBSD: print-hncp.c,v 1.7 2023/08/17 20:19:40 christos Exp $"); 32 #endif 33 34 /* \summary: Home Networking Control Protocol (HNCP) printer */ 35 36 #ifdef HAVE_CONFIG_H 37 #include <config.h> 38 #endif 39 40 #include "netdissect-stdinc.h" 41 42 #include <string.h> 43 44 #include "netdissect.h" 45 #include "addrtoname.h" 46 #include "extract.h" 47 48 static void 49 hncp_print_rec(netdissect_options *ndo, 50 const u_char *cp, u_int length, int indent); 51 52 void 53 hncp_print(netdissect_options *ndo, 54 const u_char *cp, u_int length) 55 { 56 ndo->ndo_protocol = "hncp"; 57 ND_PRINT("hncp (%u)", length); 58 hncp_print_rec(ndo, cp, length, 1); 59 } 60 61 /* RFC7787 */ 62 #define DNCP_REQUEST_NETWORK_STATE 1 63 #define DNCP_REQUEST_NODE_STATE 2 64 #define DNCP_NODE_ENDPOINT 3 65 #define DNCP_NETWORK_STATE 4 66 #define DNCP_NODE_STATE 5 67 #define DNCP_PEER 8 68 #define DNCP_KEEP_ALIVE_INTERVAL 9 69 #define DNCP_TRUST_VERDICT 10 70 71 /* RFC7788 */ 72 #define HNCP_HNCP_VERSION 32 73 #define HNCP_EXTERNAL_CONNECTION 33 74 #define HNCP_DELEGATED_PREFIX 34 75 #define HNCP_PREFIX_POLICY 43 76 #define HNCP_DHCPV4_DATA 37 /* This is correct, see RFC 7788 Errata ID 5113. */ 77 #define HNCP_DHCPV6_DATA 38 /* idem */ 78 #define HNCP_ASSIGNED_PREFIX 35 79 #define HNCP_NODE_ADDRESS 36 80 #define HNCP_DNS_DELEGATED_ZONE 39 81 #define HNCP_DOMAIN_NAME 40 82 #define HNCP_NODE_NAME 41 83 #define HNCP_MANAGED_PSK 42 84 85 /* See type_mask in hncp_print_rec below */ 86 #define RANGE_DNCP_RESERVED 0x10000 87 #define RANGE_HNCP_UNASSIGNED 0x10001 88 #define RANGE_DNCP_PRIVATE_USE 0x10002 89 #define RANGE_DNCP_FUTURE_USE 0x10003 90 91 static const struct tok type_values[] = { 92 { DNCP_REQUEST_NETWORK_STATE, "Request network state" }, 93 { DNCP_REQUEST_NODE_STATE, "Request node state" }, 94 { DNCP_NODE_ENDPOINT, "Node endpoint" }, 95 { DNCP_NETWORK_STATE, "Network state" }, 96 { DNCP_NODE_STATE, "Node state" }, 97 { DNCP_PEER, "Peer" }, 98 { DNCP_KEEP_ALIVE_INTERVAL, "Keep-alive interval" }, 99 { DNCP_TRUST_VERDICT, "Trust-Verdict" }, 100 101 { HNCP_HNCP_VERSION, "HNCP-Version" }, 102 { HNCP_EXTERNAL_CONNECTION, "External-Connection" }, 103 { HNCP_DELEGATED_PREFIX, "Delegated-Prefix" }, 104 { HNCP_PREFIX_POLICY, "Prefix-Policy" }, 105 { HNCP_DHCPV4_DATA, "DHCPv4-Data" }, 106 { HNCP_DHCPV6_DATA, "DHCPv6-Data" }, 107 { HNCP_ASSIGNED_PREFIX, "Assigned-Prefix" }, 108 { HNCP_NODE_ADDRESS, "Node-Address" }, 109 { HNCP_DNS_DELEGATED_ZONE, "DNS-Delegated-Zone" }, 110 { HNCP_DOMAIN_NAME, "Domain-Name" }, 111 { HNCP_NODE_NAME, "Node-Name" }, 112 { HNCP_MANAGED_PSK, "Managed-PSK" }, 113 114 { RANGE_DNCP_RESERVED, "Reserved" }, 115 { RANGE_HNCP_UNASSIGNED, "Unassigned" }, 116 { RANGE_DNCP_PRIVATE_USE, "Private use" }, 117 { RANGE_DNCP_FUTURE_USE, "Future use" }, 118 119 { 0, NULL} 120 }; 121 122 #define DH4OPT_DNS_SERVERS 6 /* RFC2132 */ 123 #define DH4OPT_NTP_SERVERS 42 /* RFC2132 */ 124 #define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */ 125 126 static const struct tok dh4opt_str[] = { 127 { DH4OPT_DNS_SERVERS, "DNS-server" }, 128 { DH4OPT_NTP_SERVERS, "NTP-server"}, 129 { DH4OPT_DOMAIN_SEARCH, "DNS-search" }, 130 { 0, NULL } 131 }; 132 133 #define DH6OPT_DNS_SERVERS 23 /* RFC3646 */ 134 #define DH6OPT_DOMAIN_LIST 24 /* RFC3646 */ 135 #define DH6OPT_SNTP_SERVERS 31 /* RFC4075 */ 136 137 static const struct tok dh6opt_str[] = { 138 { DH6OPT_DNS_SERVERS, "DNS-server" }, 139 { DH6OPT_DOMAIN_LIST, "DNS-search-list" }, 140 { DH6OPT_SNTP_SERVERS, "SNTP-servers" }, 141 { 0, NULL } 142 }; 143 144 /* 145 * For IPv4-mapped IPv6 addresses, length of the prefix that precedes 146 * the 4 bytes of IPv4 address at the end of the IPv6 address. 147 */ 148 #define IPV4_MAPPED_HEADING_LEN 12 149 150 /* 151 * Is an IPv6 address an IPv4-mapped address? 152 */ 153 static int 154 is_ipv4_mapped_address(const u_char *addr) 155 { 156 /* The value of the prefix */ 157 static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] = 158 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }; 159 160 return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0; 161 } 162 163 static const char * 164 format_nid(netdissect_options *ndo, const u_char *data) 165 { 166 static char buf[4][sizeof("01:01:01:01")]; 167 static int i = 0; 168 i = (i + 1) % 4; 169 snprintf(buf[i], sizeof(buf[i]), "%02x:%02x:%02x:%02x", 170 GET_U_1(data), GET_U_1(data + 1), GET_U_1(data + 2), 171 GET_U_1(data + 3)); 172 return buf[i]; 173 } 174 175 static const char * 176 format_256(netdissect_options *ndo, const u_char *data) 177 { 178 static char buf[4][sizeof("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")]; 179 static int i = 0; 180 i = (i + 1) % 4; 181 snprintf(buf[i], sizeof(buf[i]), "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64, 182 GET_BE_U_8(data), 183 GET_BE_U_8(data + 8), 184 GET_BE_U_8(data + 16), 185 GET_BE_U_8(data + 24) 186 ); 187 return buf[i]; 188 } 189 190 static const char * 191 format_interval(const uint32_t n) 192 { 193 static char buf[4][sizeof("0000000.000s")]; 194 static int i = 0; 195 i = (i + 1) % 4; 196 snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000); 197 return buf[i]; 198 } 199 200 static const char * 201 format_ip6addr(netdissect_options *ndo, const u_char *cp) 202 { 203 if (is_ipv4_mapped_address(cp)) 204 return GET_IPADDR_STRING(cp + IPV4_MAPPED_HEADING_LEN); 205 else 206 return GET_IP6ADDR_STRING(cp); 207 } 208 209 static int 210 print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length) 211 { 212 int plenbytes; 213 char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")]; 214 215 if (GET_U_1(prefix) >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 && 216 is_ipv4_mapped_address(prefix + 1)) { 217 nd_ipv4 addr; 218 u_int plen; 219 220 plen = GET_U_1(prefix) - 96; 221 if (32 < plen) 222 return -1; 223 max_length -= 1; 224 225 memset(&addr, 0, sizeof(addr)); 226 plenbytes = (plen + 7) / 8; 227 if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN) 228 return -3; 229 memcpy(&addr, prefix + IPV4_MAPPED_HEADING_LEN + 1, plenbytes); 230 if (plen % 8) { 231 ((u_char *)&addr)[plenbytes - 1] &= 232 ((0xff00 >> (plen % 8)) & 0xff); 233 } 234 snprintf(buf, sizeof(buf), "%s/%u", ipaddr_string(ndo, (const u_char *)&addr), plen); /* local buffer, not packet data; don't use GET_IPADDR_STRING() */ 235 plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; 236 } else { 237 plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); 238 if (plenbytes < 0) 239 return plenbytes; 240 } 241 242 ND_PRINT("%s", buf); 243 return plenbytes; 244 } 245 246 static int 247 print_dns_label(netdissect_options *ndo, 248 const u_char *cp, u_int max_length, int print) 249 { 250 u_int length = 0; 251 while (length < max_length) { 252 u_int lab_length = GET_U_1(cp + length); 253 length++; 254 if (lab_length == 0) 255 return (int)length; 256 if (length > 1 && print) 257 ND_PRINT("."); 258 if (length+lab_length > max_length) { 259 if (print) 260 nd_printjnp(ndo, cp+length, max_length-length); 261 break; 262 } 263 if (print) 264 nd_printjnp(ndo, cp+length, lab_length); 265 length += lab_length; 266 } 267 if (print) 268 ND_PRINT("[|DNS]"); 269 return -1; 270 } 271 272 static int 273 dhcpv4_print(netdissect_options *ndo, 274 const u_char *cp, u_int length, int indent) 275 { 276 u_int i, t; 277 const uint8_t *tlv, *value; 278 uint8_t type, optlen; 279 280 i = 0; 281 while (i < length) { 282 if (i + 2 > length) 283 return -1; 284 tlv = cp + i; 285 type = GET_U_1(tlv); 286 optlen = GET_U_1(tlv + 1); 287 value = tlv + 2; 288 289 ND_PRINT("\n"); 290 for (t = indent; t > 0; t--) 291 ND_PRINT("\t"); 292 293 ND_PRINT("%s", tok2str(dh4opt_str, "Unknown", type)); 294 ND_PRINT(" (%u)", optlen + 2 ); 295 if (i + 2 + optlen > length) 296 return -1; 297 298 switch (type) { 299 case DH4OPT_DNS_SERVERS: 300 case DH4OPT_NTP_SERVERS: { 301 if (optlen < 4 || optlen % 4 != 0) { 302 return -1; 303 } 304 for (t = 0; t < optlen; t += 4) 305 ND_PRINT(" %s", GET_IPADDR_STRING(value + t)); 306 } 307 break; 308 case DH4OPT_DOMAIN_SEARCH: { 309 const u_char *tp = value; 310 while (tp < value + optlen) { 311 ND_PRINT(" "); 312 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL) 313 return -1; 314 } 315 } 316 break; 317 } 318 319 i += 2 + optlen; 320 } 321 return 0; 322 } 323 324 static int 325 dhcpv6_print(netdissect_options *ndo, 326 const u_char *cp, u_int length, int indent) 327 { 328 u_int i, t; 329 const u_char *tlv, *value; 330 uint16_t type, optlen; 331 332 i = 0; 333 while (i < length) { 334 if (i + 4 > length) 335 return -1; 336 tlv = cp + i; 337 type = GET_BE_U_2(tlv); 338 optlen = GET_BE_U_2(tlv + 2); 339 value = tlv + 4; 340 341 ND_PRINT("\n"); 342 for (t = indent; t > 0; t--) 343 ND_PRINT("\t"); 344 345 ND_PRINT("%s", tok2str(dh6opt_str, "Unknown", type)); 346 ND_PRINT(" (%u)", optlen + 4 ); 347 if (i + 4 + optlen > length) 348 return -1; 349 350 switch (type) { 351 case DH6OPT_DNS_SERVERS: 352 case DH6OPT_SNTP_SERVERS: { 353 if (optlen % 16 != 0) { 354 nd_print_invalid(ndo); 355 return -1; 356 } 357 for (t = 0; t < optlen; t += 16) 358 ND_PRINT(" %s", GET_IP6ADDR_STRING(value + t)); 359 } 360 break; 361 case DH6OPT_DOMAIN_LIST: { 362 const u_char *tp = value; 363 while (tp < value + optlen) { 364 ND_PRINT(" "); 365 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL) 366 return -1; 367 } 368 } 369 break; 370 } 371 372 i += 4 + optlen; 373 } 374 return 0; 375 } 376 377 /* Determine in-line mode */ 378 static int 379 is_in_line(netdissect_options *ndo, int indent) 380 { 381 return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3; 382 } 383 384 static void 385 print_type_in_line(netdissect_options *ndo, 386 uint32_t type, int count, int indent, int *first_one) 387 { 388 if (count > 0) { 389 if (*first_one) { 390 *first_one = 0; 391 if (indent > 1) { 392 u_int t; 393 ND_PRINT("\n"); 394 for (t = indent; t > 0; t--) 395 ND_PRINT("\t"); 396 } else { 397 ND_PRINT(" "); 398 } 399 } else { 400 ND_PRINT(", "); 401 } 402 ND_PRINT("%s", tok2str(type_values, "Easter Egg", type)); 403 if (count > 1) 404 ND_PRINT(" (x%d)", count); 405 } 406 } 407 408 static void 409 hncp_print_rec(netdissect_options *ndo, 410 const u_char *cp, u_int length, int indent) 411 { 412 const int in_line = is_in_line(ndo, indent); 413 int first_one = 1; 414 415 u_int i, t; 416 417 uint32_t last_type_mask = 0xffffffffU; 418 int last_type_count = -1; 419 420 const uint8_t *tlv, *value; 421 uint16_t type, bodylen; 422 uint32_t type_mask; 423 424 i = 0; 425 while (i < length) { 426 tlv = cp + i; 427 428 if (!in_line) { 429 ND_PRINT("\n"); 430 for (t = indent; t > 0; t--) 431 ND_PRINT("\t"); 432 } 433 434 ND_TCHECK_4(tlv); 435 if (i + 4 > length) 436 goto invalid; 437 438 type = GET_BE_U_2(tlv); 439 bodylen = GET_BE_U_2(tlv + 2); 440 value = tlv + 4; 441 ND_TCHECK_LEN(value, bodylen); 442 if (i + bodylen + 4 > length) 443 goto invalid; 444 445 type_mask = 446 (type == 0) ? RANGE_DNCP_RESERVED: 447 (44 <= type && type <= 511) ? RANGE_HNCP_UNASSIGNED: 448 (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE: 449 RANGE_DNCP_FUTURE_USE; 450 if (type == 6 || type == 7) 451 type_mask = RANGE_DNCP_FUTURE_USE; 452 453 /* defined types */ 454 { 455 t = 0; 456 while (1) { 457 u_int key = type_values[t++].v; 458 if (key > 0xffff) 459 break; 460 if (key == type) { 461 type_mask = type; 462 break; 463 } 464 } 465 } 466 467 if (in_line) { 468 if (last_type_mask == type_mask) { 469 last_type_count++; 470 } else { 471 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 472 last_type_mask = type_mask; 473 last_type_count = 1; 474 } 475 476 goto skip_multiline; 477 } 478 479 ND_PRINT("%s", tok2str(type_values, "Easter Egg (42)", type_mask) ); 480 if (type_mask > 0xffff) 481 ND_PRINT(": type=%u", type ); 482 ND_PRINT(" (%u)", bodylen + 4 ); 483 484 switch (type_mask) { 485 486 case DNCP_REQUEST_NETWORK_STATE: { 487 if (bodylen != 0) 488 nd_print_invalid(ndo); 489 } 490 break; 491 492 case DNCP_REQUEST_NODE_STATE: { 493 const char *node_identifier; 494 if (bodylen != 4) { 495 nd_print_invalid(ndo); 496 break; 497 } 498 node_identifier = format_nid(ndo, value); 499 ND_PRINT(" NID: %s", node_identifier); 500 } 501 break; 502 503 case DNCP_NODE_ENDPOINT: { 504 const char *node_identifier; 505 uint32_t endpoint_identifier; 506 if (bodylen != 8) { 507 nd_print_invalid(ndo); 508 break; 509 } 510 node_identifier = format_nid(ndo, value); 511 endpoint_identifier = GET_BE_U_4(value + 4); 512 ND_PRINT(" NID: %s EPID: %08x", 513 node_identifier, 514 endpoint_identifier 515 ); 516 } 517 break; 518 519 case DNCP_NETWORK_STATE: { 520 uint64_t hash; 521 if (bodylen != 8) { 522 nd_print_invalid(ndo); 523 break; 524 } 525 hash = GET_BE_U_8(value); 526 ND_PRINT(" hash: %016" PRIx64, hash); 527 } 528 break; 529 530 case DNCP_NODE_STATE: { 531 const char *node_identifier, *interval; 532 uint32_t sequence_number; 533 uint64_t hash; 534 if (bodylen < 20) { 535 nd_print_invalid(ndo); 536 break; 537 } 538 node_identifier = format_nid(ndo, value); 539 sequence_number = GET_BE_U_4(value + 4); 540 interval = format_interval(GET_BE_U_4(value + 8)); 541 hash = GET_BE_U_8(value + 12); 542 ND_PRINT(" NID: %s seqno: %u %s hash: %016" PRIx64, 543 node_identifier, 544 sequence_number, 545 interval, 546 hash 547 ); 548 hncp_print_rec(ndo, value+20, bodylen-20, indent+1); 549 } 550 break; 551 552 case DNCP_PEER: { 553 const char *peer_node_identifier; 554 uint32_t peer_endpoint_identifier, endpoint_identifier; 555 if (bodylen != 12) { 556 nd_print_invalid(ndo); 557 break; 558 } 559 peer_node_identifier = format_nid(ndo, value); 560 peer_endpoint_identifier = GET_BE_U_4(value + 4); 561 endpoint_identifier = GET_BE_U_4(value + 8); 562 ND_PRINT(" Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x", 563 peer_node_identifier, 564 peer_endpoint_identifier, 565 endpoint_identifier 566 ); 567 } 568 break; 569 570 case DNCP_KEEP_ALIVE_INTERVAL: { 571 uint32_t endpoint_identifier; 572 const char *interval; 573 if (bodylen < 8) { 574 nd_print_invalid(ndo); 575 break; 576 } 577 endpoint_identifier = GET_BE_U_4(value); 578 interval = format_interval(GET_BE_U_4(value + 4)); 579 ND_PRINT(" EPID: %08x Interval: %s", 580 endpoint_identifier, 581 interval 582 ); 583 } 584 break; 585 586 case DNCP_TRUST_VERDICT: { 587 if (bodylen <= 36) { 588 nd_print_invalid(ndo); 589 break; 590 } 591 ND_PRINT(" Verdict: %u Fingerprint: %s Common Name: ", 592 GET_U_1(value), 593 format_256(ndo, value + 4)); 594 nd_printjnp(ndo, value + 36, bodylen - 36); 595 } 596 break; 597 598 case HNCP_HNCP_VERSION: { 599 uint16_t capabilities; 600 uint8_t M, P, H, L; 601 if (bodylen < 5) { 602 nd_print_invalid(ndo); 603 break; 604 } 605 capabilities = GET_BE_U_2(value + 2); 606 M = (uint8_t)((capabilities >> 12) & 0xf); 607 P = (uint8_t)((capabilities >> 8) & 0xf); 608 H = (uint8_t)((capabilities >> 4) & 0xf); 609 L = (uint8_t)(capabilities & 0xf); 610 ND_PRINT(" M: %u P: %u H: %u L: %u User-agent: ", 611 M, P, H, L 612 ); 613 nd_printjnp(ndo, value + 4, bodylen - 4); 614 } 615 break; 616 617 case HNCP_EXTERNAL_CONNECTION: { 618 /* Container TLV */ 619 hncp_print_rec(ndo, value, bodylen, indent+1); 620 } 621 break; 622 623 case HNCP_DELEGATED_PREFIX: { 624 int l; 625 if (bodylen < 9 || bodylen < 9 + (GET_U_1(value + 8) + 7) / 8) { 626 nd_print_invalid(ndo); 627 break; 628 } 629 ND_PRINT(" VLSO: %s PLSO: %s Prefix: ", 630 format_interval(GET_BE_U_4(value)), 631 format_interval(GET_BE_U_4(value + 4)) 632 ); 633 l = print_prefix(ndo, value + 8, bodylen - 8); 634 if (l == -1) { 635 ND_PRINT("(length is invalid)"); 636 break; 637 } 638 if (l < 0) { 639 /* 640 * We've already checked that we've captured the 641 * entire TLV, based on its length, so this will 642 * either be -1, meaning "the prefix length is 643 * greater than the longest possible address of 644 * that type" (i.e., > 32 for IPv4 or > 128 for 645 * IPv6", or -3, meaning "the prefix runs past 646 * the end of the TLV". 647 */ 648 nd_print_invalid(ndo); 649 break; 650 } 651 l += 8 + (-l & 3); 652 653 if (bodylen >= l) 654 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 655 } 656 break; 657 658 case HNCP_PREFIX_POLICY: { 659 uint8_t policy; 660 int l; 661 if (bodylen < 1) { 662 nd_print_invalid(ndo); 663 break; 664 } 665 policy = GET_U_1(value); 666 ND_PRINT(" type: "); 667 if (policy == 0) { 668 if (bodylen != 1) { 669 nd_print_invalid(ndo); 670 break; 671 } 672 ND_PRINT("Internet connectivity"); 673 } else if (policy >= 1 && policy <= 128) { 674 ND_PRINT("Dest-Prefix: "); 675 l = print_prefix(ndo, value, bodylen); 676 if (l == -1) { 677 ND_PRINT("(length is invalid)"); 678 break; 679 } 680 if (l < 0) { 681 /* 682 * We've already checked that we've captured the 683 * entire TLV, based on its length, so this will 684 * either be -1, meaning "the prefix length is 685 * greater than the longest possible address of 686 * that type" (i.e., > 32 for IPv4 or > 128 for 687 * IPv6", or -3, meaning "the prefix runs past 688 * the end of the TLV". 689 */ 690 nd_print_invalid(ndo); 691 break; 692 } 693 } else if (policy == 129) { 694 ND_PRINT("DNS domain: "); 695 print_dns_label(ndo, value+1, bodylen-1, 1); 696 } else if (policy == 130) { 697 ND_PRINT("Opaque UTF-8: "); 698 nd_printjnp(ndo, value + 1, bodylen - 1); 699 } else if (policy == 131) { 700 if (bodylen != 1) { 701 nd_print_invalid(ndo); 702 break; 703 } 704 ND_PRINT("Restrictive assignment"); 705 } else if (policy >= 132) { 706 ND_PRINT("Unknown (%u)", policy); /* Reserved for future additions */ 707 } 708 } 709 break; 710 711 case HNCP_DHCPV4_DATA: { 712 if (bodylen == 0) { 713 nd_print_invalid(ndo); 714 break; 715 } 716 if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0) 717 goto invalid; 718 } 719 break; 720 721 case HNCP_DHCPV6_DATA: { 722 if (bodylen == 0) { 723 nd_print_invalid(ndo); 724 break; 725 } 726 if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) { 727 nd_print_invalid(ndo); 728 break; 729 } 730 } 731 break; 732 733 case HNCP_ASSIGNED_PREFIX: { 734 uint8_t prty; 735 int l; 736 if (bodylen < 6 || bodylen < 6 + (GET_U_1(value + 5) + 7) / 8) { 737 nd_print_invalid(ndo); 738 break; 739 } 740 prty = GET_U_1(value + 4) & 0xf; 741 ND_PRINT(" EPID: %08x Prty: %u", 742 GET_BE_U_4(value), 743 prty 744 ); 745 ND_PRINT(" Prefix: "); 746 if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) { 747 nd_print_invalid(ndo); 748 break; 749 } 750 l += 5; 751 l += -l & 3; 752 753 if (bodylen >= l) 754 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 755 } 756 break; 757 758 case HNCP_NODE_ADDRESS: { 759 uint32_t endpoint_identifier; 760 const char *ip_address; 761 if (bodylen < 20) { 762 nd_print_invalid(ndo); 763 break; 764 } 765 endpoint_identifier = GET_BE_U_4(value); 766 ip_address = format_ip6addr(ndo, value + 4); 767 ND_PRINT(" EPID: %08x IP Address: %s", 768 endpoint_identifier, 769 ip_address 770 ); 771 772 hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1); 773 } 774 break; 775 776 case HNCP_DNS_DELEGATED_ZONE: { 777 const char *ip_address; 778 int len; 779 if (bodylen < 17) { 780 nd_print_invalid(ndo); 781 break; 782 } 783 ip_address = format_ip6addr(ndo, value); 784 ND_PRINT(" IP-Address: %s %c%c%c ", 785 ip_address, 786 (GET_U_1(value + 16) & 4) ? 'l' : '-', 787 (GET_U_1(value + 16) & 2) ? 'b' : '-', 788 (GET_U_1(value + 16) & 1) ? 's' : '-' 789 ); 790 len = print_dns_label(ndo, value+17, bodylen-17, 1); 791 if (len < 0) { 792 nd_print_invalid(ndo); 793 break; 794 } 795 len += 17; 796 len += -len & 3; 797 if (bodylen >= len) 798 hncp_print_rec(ndo, value+len, bodylen-len, indent+1); 799 } 800 break; 801 802 case HNCP_DOMAIN_NAME: { 803 if (bodylen == 0) { 804 nd_print_invalid(ndo); 805 break; 806 } 807 ND_PRINT(" Domain: "); 808 print_dns_label(ndo, value, bodylen, 1); 809 } 810 break; 811 812 case HNCP_NODE_NAME: { 813 u_int l; 814 if (bodylen < 17) { 815 nd_print_invalid(ndo); 816 break; 817 } 818 l = GET_U_1(value + 16); 819 if (bodylen < 17 + l) { 820 nd_print_invalid(ndo); 821 break; 822 } 823 ND_PRINT(" IP-Address: %s Name: ", 824 format_ip6addr(ndo, value) 825 ); 826 if (l < 64) { 827 ND_PRINT("\""); 828 nd_printjnp(ndo, value + 17, l); 829 ND_PRINT("\""); 830 } else { 831 nd_print_invalid(ndo); 832 } 833 l += 17; 834 l = roundup2(l, 4); 835 if (bodylen >= l) 836 hncp_print_rec(ndo, value + l, bodylen - l, indent+1); 837 } 838 break; 839 840 case HNCP_MANAGED_PSK: { 841 if (bodylen < 32) { 842 nd_print_invalid(ndo); 843 break; 844 } 845 ND_PRINT(" PSK: %s", format_256(ndo, value)); 846 hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1); 847 } 848 break; 849 850 case RANGE_DNCP_RESERVED: 851 case RANGE_HNCP_UNASSIGNED: 852 case RANGE_DNCP_PRIVATE_USE: 853 case RANGE_DNCP_FUTURE_USE: 854 break; 855 856 } 857 skip_multiline: 858 859 i += 4 + roundup2(bodylen, 4); 860 } 861 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one); 862 863 return; 864 865 trunc: 866 nd_print_trunc(ndo); 867 return; 868 869 invalid: 870 nd_print_invalid(ndo); 871 } 872