1 /* Copyright (c) 2015, bugyo 2 * All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 1. Redistributions of source code must retain the above copyright notice, 7 * this list of conditions and the following disclaimer. 8 * 2. Redistributions in binary form must reproduce the above copyright notice, 9 * this list of conditions and the following disclaimer in the documentation 10 * and/or other materials provided with the distribution. 11 * 12 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 13 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 14 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 15 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 16 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 17 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 18 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 19 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 20 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 21 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 */ 23 24 #include <sys/cdefs.h> 25 #ifndef lint 26 __RCSID("$NetBSD: print-nsh.c,v 1.4 2023/08/17 20:19:40 christos Exp $"); 27 #endif 28 29 /* \summary: Network Service Header (NSH) printer */ 30 31 /* specification: RFC 8300 */ 32 33 #ifdef HAVE_CONFIG_H 34 #include <config.h> 35 #endif 36 37 #include "netdissect-stdinc.h" 38 39 #define ND_LONGJMP_FROM_TCHECK 40 #include "netdissect.h" 41 #include "extract.h" 42 43 static const struct tok nsh_flags [] = { 44 { 0x2, "O" }, 45 { 0, NULL } 46 }; 47 48 /* 49 * 0 1 2 3 50 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 51 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 52 * |Ver|O|U| TTL | Length |U|U|U|U|MD Type| Next Protocol | 53 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 54 */ 55 #define NSH_BASE_HDR_LEN 4 56 #define NSH_VER(x) (((x) & 0xc0000000) >> 30) 57 #define NSH_FLAGS(x) (((x) & 0x30000000) >> 28) 58 #define NSH_TTL(x) (((x) & 0x0fc00000) >> 22) 59 #define NSH_LENGTH(x) (((x) & 0x003f0000) >> 16) 60 #define NSH_MD_TYPE(x) (((x) & 0x00000f00) >> 8) 61 #define NSH_NEXT_PROT(x) (((x) & 0x000000ff) >> 0) 62 63 #define NSH_SERVICE_PATH_HDR_LEN 4 64 #define NSH_HDR_WORD_SIZE 4U 65 66 #define MD_RSV 0x00 67 #define MD_TYPE1 0x01 68 #define MD_TYPE2 0x02 69 #define MD_EXP 0x0F 70 static const struct tok md_str[] = { 71 { MD_RSV, "reserved" }, 72 { MD_TYPE1, "1" }, 73 { MD_TYPE2, "2" }, 74 { MD_EXP, "experimental" }, 75 { 0, NULL } 76 }; 77 78 #define NP_IPV4 0x01 79 #define NP_IPV6 0x02 80 #define NP_ETH 0x03 81 #define NP_NSH 0x04 82 #define NP_MPLS 0x05 83 #define NP_EXP1 0xFE 84 #define NP_EXP2 0xFF 85 static const struct tok np_str[] = { 86 { NP_IPV4, "IPv4" }, 87 { NP_IPV6, "IPv6" }, 88 { NP_ETH, "Ethernet" }, 89 { NP_NSH, "NSH" }, 90 { NP_MPLS, "MPLS" }, 91 { NP_EXP1, "Experiment 1" }, 92 { NP_EXP2, "Experiment 2" }, 93 { 0, NULL } 94 }; 95 96 void 97 nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) 98 { 99 uint32_t basehdr; 100 u_int ver, length, md_type; 101 uint8_t next_protocol; 102 u_char past_headers = 0; 103 u_int next_len; 104 105 ndo->ndo_protocol = "nsh"; 106 /* 107 * 0 1 2 3 108 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 109 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 110 * | Base Header | 111 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 112 * | Service Path Header | 113 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 114 * | | 115 * ~ Context Header(s) ~ 116 * | | 117 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 118 */ 119 120 /* print Base Header and Service Path Header */ 121 if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN) { 122 ND_PRINT(" (packet length %u < %u)", 123 len, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN); 124 goto invalid; 125 } 126 127 basehdr = GET_BE_U_4(bp); 128 bp += 4; 129 ver = NSH_VER(basehdr); 130 length = NSH_LENGTH(basehdr); 131 md_type = NSH_MD_TYPE(basehdr); 132 next_protocol = NSH_NEXT_PROT(basehdr); 133 134 ND_PRINT("NSH, "); 135 if (ndo->ndo_vflag > 1) { 136 ND_PRINT("ver %u, ", ver); 137 } 138 if (ver != 0) 139 return; 140 ND_PRINT("flags [%s], ", 141 bittok2str_nosep(nsh_flags, "none", NSH_FLAGS(basehdr))); 142 if (ndo->ndo_vflag > 2) { 143 ND_PRINT("TTL %u, ", NSH_TTL(basehdr)); 144 ND_PRINT("length %u, ", length); 145 ND_PRINT("md type %s, ", tok2str(md_str, "unknown (0x%02x)", md_type)); 146 } 147 if (ndo->ndo_vflag > 1) { 148 ND_PRINT("next-protocol %s, ", 149 tok2str(np_str, "unknown (0x%02x)", next_protocol)); 150 } 151 152 /* Make sure we have all the headers */ 153 if (len < length * NSH_HDR_WORD_SIZE) { 154 ND_PRINT(" (too many headers for packet length %u)", len); 155 goto invalid; 156 } 157 158 /* 159 * 0 1 2 3 160 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 161 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 162 * | Service Path Identifier (SPI) | Service Index | 163 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 164 * 165 */ 166 ND_PRINT("service-path-id 0x%06x, ", GET_BE_U_3(bp)); 167 bp += 3; 168 ND_PRINT("service-index 0x%x", GET_U_1(bp)); 169 bp += 1; 170 171 /* 172 * length includes the lengths of the Base and Service Path headers. 173 * That means it must be at least 2. 174 */ 175 if (length < 2) { 176 ND_PRINT(" (less than two headers)"); 177 goto invalid; 178 } 179 180 /* 181 * Print, or skip, the Context Headers. 182 * (length - 2) is the length of those headers. 183 */ 184 if (ndo->ndo_vflag > 2) { 185 u_int n; 186 187 if (md_type == MD_TYPE1) { 188 if (length != 6) { 189 ND_PRINT(" (invalid length for the MD type)"); 190 goto invalid; 191 } 192 for (n = 0; n < length - 2; n++) { 193 ND_PRINT("\n Context[%02u]: 0x%08x", n, GET_BE_U_4(bp)); 194 bp += NSH_HDR_WORD_SIZE; 195 } 196 past_headers = 1; 197 } 198 else if (md_type == MD_TYPE2) { 199 n = 0; 200 while (n < length - 2) { 201 uint16_t tlv_class; 202 uint8_t tlv_type, tlv_len, tlv_len_padded; 203 204 tlv_class = GET_BE_U_2(bp); 205 bp += 2; 206 tlv_type = GET_U_1(bp); 207 bp += 1; 208 tlv_len = GET_U_1(bp) & 0x7f; 209 bp += 1; 210 tlv_len_padded = roundup2(tlv_len, NSH_HDR_WORD_SIZE); 211 212 ND_PRINT("\n TLV Class %u, Type %u, Len %u", 213 tlv_class, tlv_type, tlv_len); 214 215 n += 1; 216 217 if (length - 2 < n + tlv_len_padded / NSH_HDR_WORD_SIZE) { 218 ND_PRINT(" (length too big)"); 219 goto invalid; 220 } 221 222 if (tlv_len) { 223 const char *sep = "0x"; 224 u_int vn; 225 226 ND_PRINT("\n Value: "); 227 for (vn = 0; vn < tlv_len; vn++) { 228 ND_PRINT("%s%02x", sep, GET_U_1(bp)); 229 bp += 1; 230 sep = ":"; 231 } 232 /* Cover any TLV padding. */ 233 ND_TCHECK_LEN(bp, tlv_len_padded - tlv_len); 234 bp += tlv_len_padded - tlv_len; 235 n += tlv_len_padded / NSH_HDR_WORD_SIZE; 236 } 237 } 238 past_headers = 1; 239 } 240 } 241 if (! past_headers) { 242 ND_TCHECK_LEN(bp, (length - 2) * NSH_HDR_WORD_SIZE); 243 bp += (length - 2) * NSH_HDR_WORD_SIZE; 244 } 245 ND_PRINT(ndo->ndo_vflag ? "\n " : ": "); 246 247 /* print Next Protocol */ 248 next_len = len - length * NSH_HDR_WORD_SIZE; 249 switch (next_protocol) { 250 case NP_IPV4: 251 ip_print(ndo, bp, next_len); 252 break; 253 case NP_IPV6: 254 ip6_print(ndo, bp, next_len); 255 break; 256 case NP_ETH: 257 ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL); 258 break; 259 default: 260 ND_PRINT("ERROR: unknown-next-protocol"); 261 return; 262 } 263 264 return; 265 266 invalid: 267 nd_print_invalid(ndo); 268 } 269 270