]> The Tcpdump Group git mirrors - tcpdump/blob - print-bfd.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert "Clean a bunch of fuzzed files not to fuzz the container."
[tcpdump] / print-bfd.c
1 /*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
12 *
13 * Original code by Hannes Gredler (hannes@gredler.at)
14 */
15
16 /* \summary: Bidirectional Forwarding Detection (BFD) printer */
17
18 /*
19 * specification: draft-ietf-bfd-base-01 for version 0,
20 * RFC 5880 for version 1, and RFC 5881
21 */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include "netdissect-stdinc.h"
28
29 #define ND_LONGJMP_FROM_TCHECK
30 #include "netdissect.h"
31 #include "extract.h"
32
33 #include "udp.h"
34
35 /*
36 * Control packet, BFDv0, draft-ietf-bfd-base-01
37 *
38 * 0 1 2 3
39 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
40 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
41 * |Vers | Diag |H|D|P|F|C|A|Rsv| Detect Mult | Length |
42 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
43 * | My Discriminator |
44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
45 * | Your Discriminator |
46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47 * | Desired Min TX Interval |
48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
49 * | Required Min RX Interval |
50 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
51 * | Required Min Echo RX Interval |
52 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
53 */
54
55 /*
56 * Control packet, BFDv1, RFC 5880
57 *
58 * 0 1 2 3
59 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 * |Vers | Diag |Sta|P|F|C|A|D|M| Detect Mult | Length |
62 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63 * | My Discriminator |
64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
65 * | Your Discriminator |
66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
67 * | Desired Min TX Interval |
68 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
69 * | Required Min RX Interval |
70 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
71 * | Required Min Echo RX Interval |
72 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
73 */
74
75 struct bfd_header_t {
76 nd_uint8_t version_diag;
77 nd_uint8_t flags;
78 nd_uint8_t detect_time_multiplier;
79 nd_uint8_t length;
80 nd_uint32_t my_discriminator;
81 nd_uint32_t your_discriminator;
82 nd_uint32_t desired_min_tx_interval;
83 nd_uint32_t required_min_rx_interval;
84 nd_uint32_t required_min_echo_interval;
85 };
86
87 /*
88 * An optional Authentication Header may be present
89 *
90 * 0 1 2 3
91 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
92 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
93 * | Auth Type | Auth Len | Authentication Data... |
94 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
95 */
96
97 struct bfd_auth_header_t {
98 nd_uint8_t auth_type;
99 nd_uint8_t auth_len;
100 nd_uint8_t auth_data;
101 nd_uint8_t dummy; /* minimum 4 bytes */
102 };
103
104 enum auth_type {
105 AUTH_PASSWORD = 1,
106 AUTH_MD5 = 2,
107 AUTH_MET_MD5 = 3,
108 AUTH_SHA1 = 4,
109 AUTH_MET_SHA1 = 5
110 };
111
112 static const struct tok bfd_v1_authentication_values[] = {
113 { AUTH_PASSWORD, "Simple Password" },
114 { AUTH_MD5, "Keyed MD5" },
115 { AUTH_MET_MD5, "Meticulous Keyed MD5" },
116 { AUTH_SHA1, "Keyed SHA1" },
117 { AUTH_MET_SHA1, "Meticulous Keyed SHA1" },
118 { 0, NULL }
119 };
120
121 enum auth_length {
122 AUTH_PASSWORD_FIELD_MIN_LEN = 4, /* header + password min: 3 + 1 */
123 AUTH_PASSWORD_FIELD_MAX_LEN = 19, /* header + password max: 3 + 16 */
124 AUTH_MD5_FIELD_LEN = 24,
125 AUTH_MD5_HASH_LEN = 16,
126 AUTH_SHA1_FIELD_LEN = 28,
127 AUTH_SHA1_HASH_LEN = 20
128 };
129
130 #define BFD_EXTRACT_VERSION(x) (((x)&0xe0)>>5)
131 #define BFD_EXTRACT_DIAG(x) ((x)&0x1f)
132
133 static const struct tok bfd_diag_values[] = {
134 { 0, "No Diagnostic" },
135 { 1, "Control Detection Time Expired" },
136 { 2, "Echo Function Failed" },
137 { 3, "Neighbor Signaled Session Down" },
138 { 4, "Forwarding Plane Reset" },
139 { 5, "Path Down" },
140 { 6, "Concatenated Path Down" },
141 { 7, "Administratively Down" },
142 { 8, "Reverse Concatenated Path Down" },
143 { 0, NULL }
144 };
145
146 static const struct tok bfd_port_values[] = {
147 { BFD_CONTROL_PORT, "Control" },
148 { BFD_MULTIHOP_PORT, "Multihop" },
149 { BFD_LAG_PORT, "LAG" },
150 { SBFD_PORT, "S-BFD" },
151 { 0, NULL }
152 };
153
154 #define BFD_FLAG_AUTH 0x04
155
156 static const struct tok bfd_v0_flag_values[] = {
157 { 0x80, "I Hear You" },
158 { 0x40, "Demand" },
159 { 0x20, "Poll" },
160 { 0x10, "Final" },
161 { 0x08, "Control Plane Independent" },
162 { BFD_FLAG_AUTH, "Authentication Present" },
163 { 0x02, "Reserved" },
164 { 0x01, "Reserved" },
165 { 0, NULL }
166 };
167
168 static const struct tok bfd_v1_flag_values[] = {
169 { 0x20, "Poll" },
170 { 0x10, "Final" },
171 { 0x08, "Control Plane Independent" },
172 { BFD_FLAG_AUTH, "Authentication Present" },
173 { 0x02, "Demand" },
174 { 0x01, "Multipoint" },
175 { 0, NULL }
176 };
177
178 static const struct tok bfd_v1_state_values[] = {
179 { 0, "AdminDown" },
180 { 1, "Down" },
181 { 2, "Init" },
182 { 3, "Up" },
183 { 0, NULL }
184 };
185
186 static void
187 auth_print(netdissect_options *ndo, const u_char *pptr)
188 {
189 const struct bfd_auth_header_t *bfd_auth_header;
190 uint8_t auth_type, auth_len;
191 int i;
192
193 pptr += sizeof (struct bfd_header_t);
194 bfd_auth_header = (const struct bfd_auth_header_t *)pptr;
195 ND_TCHECK_SIZE(bfd_auth_header);
196 auth_type = GET_U_1(bfd_auth_header->auth_type);
197 auth_len = GET_U_1(bfd_auth_header->auth_len);
198 ND_PRINT("\n\tAuthentication: %s (%u), length: %u",
199 tok2str(bfd_v1_authentication_values,"Unknown",auth_type),
200 auth_type, auth_len);
201 pptr += 2;
202 ND_PRINT("\n\t Auth Key ID: %u", GET_U_1(pptr));
203
204 switch(auth_type) {
205 case AUTH_PASSWORD:
206 /*
207 * Simple Password Authentication Section Format
208 *
209 * 0 1 2 3
210 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
211 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
212 * | Auth Type | Auth Len | Auth Key ID | Password... |
213 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
214 * | ... |
215 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
216 */
217 if (auth_len < AUTH_PASSWORD_FIELD_MIN_LEN ||
218 auth_len > AUTH_PASSWORD_FIELD_MAX_LEN) {
219 ND_PRINT("[invalid length %u]",
220 auth_len);
221 break;
222 }
223 pptr++;
224 ND_PRINT(", Password: ");
225 /* the length is equal to the password length plus three */
226 nd_printjn(ndo, pptr, auth_len - 3);
227 break;
228 case AUTH_MD5:
229 case AUTH_MET_MD5:
230 /*
231 * Keyed MD5 and Meticulous Keyed MD5 Authentication Section Format
232 *
233 * 0 1 2 3
234 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
235 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
236 * | Auth Type | Auth Len | Auth Key ID | Reserved |
237 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
238 * | Sequence Number |
239 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
240 * | Auth Key/Digest... |
241 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
242 * | ... |
243 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
244 */
245 if (auth_len != AUTH_MD5_FIELD_LEN) {
246 ND_PRINT("[invalid length %u]",
247 auth_len);
248 break;
249 }
250 pptr += 2;
251 ND_PRINT(", Sequence Number: 0x%08x", GET_BE_U_4(pptr));
252 pptr += 4;
253 ND_TCHECK_LEN(pptr, AUTH_MD5_HASH_LEN);
254 ND_PRINT("\n\t Digest: ");
255 for(i = 0; i < AUTH_MD5_HASH_LEN; i++)
256 ND_PRINT("%02x", GET_U_1(pptr + i));
257 break;
258 case AUTH_SHA1:
259 case AUTH_MET_SHA1:
260 /*
261 * Keyed SHA1 and Meticulous Keyed SHA1 Authentication Section Format
262 *
263 * 0 1 2 3
264 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
265 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
266 * | Auth Type | Auth Len | Auth Key ID | Reserved |
267 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
268 * | Sequence Number |
269 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 * | Auth Key/Hash... |
271 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
272 * | ... |
273 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
274 */
275 if (auth_len != AUTH_SHA1_FIELD_LEN) {
276 ND_PRINT("[invalid length %u]",
277 auth_len);
278 break;
279 }
280 pptr += 2;
281 ND_PRINT(", Sequence Number: 0x%08x", GET_BE_U_4(pptr));
282 pptr += 4;
283 ND_TCHECK_LEN(pptr, AUTH_SHA1_HASH_LEN);
284 ND_PRINT("\n\t Hash: ");
285 for(i = 0; i < AUTH_SHA1_HASH_LEN; i++)
286 ND_PRINT("%02x", GET_U_1(pptr + i));
287 break;
288 }
289 }
290
291 void
292 bfd_print(netdissect_options *ndo, const u_char *pptr,
293 u_int len, u_int port)
294 {
295 ndo->ndo_protocol = "bfd";
296 if (port == BFD_CONTROL_PORT ||
297 port == BFD_MULTIHOP_PORT ||
298 port == BFD_LAG_PORT ||
299 port == SBFD_PORT) {
300 /*
301 * Control packet.
302 */
303 const struct bfd_header_t *bfd_header;
304 uint8_t version_diag;
305 uint8_t version = 0;
306 uint8_t flags;
307
308 bfd_header = (const struct bfd_header_t *)pptr;
309 ND_TCHECK_SIZE(bfd_header);
310 version_diag = GET_U_1(bfd_header->version_diag);
311 version = BFD_EXTRACT_VERSION(version_diag);
312 flags = GET_U_1(bfd_header->flags);
313
314 switch (version) {
315
316 /* BFDv0 */
317 case 0:
318 if (ndo->ndo_vflag < 1)
319 {
320 ND_PRINT("BFDv0, Control, Flags: [%s], length: %u",
321 bittok2str(bfd_v0_flag_values, "none", flags),
322 len);
323 return;
324 }
325
326 ND_PRINT("BFDv0, length: %u\n\tControl, Flags: [%s], Diagnostic: %s (0x%02x)",
327 len,
328 bittok2str(bfd_v0_flag_values, "none", flags),
329 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(version_diag)),
330 BFD_EXTRACT_DIAG(version_diag));
331
332 ND_PRINT("\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u",
333 GET_U_1(bfd_header->detect_time_multiplier),
334 GET_U_1(bfd_header->detect_time_multiplier) * GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000,
335 GET_U_1(bfd_header->length));
336
337
338 ND_PRINT("\n\tMy Discriminator: 0x%08x",
339 GET_BE_U_4(bfd_header->my_discriminator));
340 ND_PRINT(", Your Discriminator: 0x%08x",
341 GET_BE_U_4(bfd_header->your_discriminator));
342 ND_PRINT("\n\t Desired min Tx Interval: %4u ms",
343 GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000);
344 ND_PRINT("\n\t Required min Rx Interval: %4u ms",
345 GET_BE_U_4(bfd_header->required_min_rx_interval)/1000);
346 ND_PRINT("\n\t Required min Echo Interval: %4u ms",
347 GET_BE_U_4(bfd_header->required_min_echo_interval)/1000);
348
349 if (flags & BFD_FLAG_AUTH) {
350 auth_print(ndo, pptr);
351 }
352 break;
353
354 /* BFDv1 */
355 case 1:
356 if (ndo->ndo_vflag < 1)
357 {
358 ND_PRINT("BFDv1, %s, State %s, Flags: [%s], length: %u",
359 tok2str(bfd_port_values, "unknown (%u)", port),
360 tok2str(bfd_v1_state_values, "unknown (%u)", (flags & 0xc0) >> 6),
361 bittok2str(bfd_v1_flag_values, "none", flags & 0x3f),
362 len);
363 return;
364 }
365
366 ND_PRINT("BFDv1, length: %u\n\t%s, State %s, Flags: [%s], Diagnostic: %s (0x%02x)",
367 len,
368 tok2str(bfd_port_values, "unknown (%u)", port),
369 tok2str(bfd_v1_state_values, "unknown (%u)", (flags & 0xc0) >> 6),
370 bittok2str(bfd_v1_flag_values, "none", flags & 0x3f),
371 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(version_diag)),
372 BFD_EXTRACT_DIAG(version_diag));
373
374 ND_PRINT("\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u",
375 GET_U_1(bfd_header->detect_time_multiplier),
376 GET_U_1(bfd_header->detect_time_multiplier) * GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000,
377 GET_U_1(bfd_header->length));
378
379
380 ND_PRINT("\n\tMy Discriminator: 0x%08x",
381 GET_BE_U_4(bfd_header->my_discriminator));
382 ND_PRINT(", Your Discriminator: 0x%08x",
383 GET_BE_U_4(bfd_header->your_discriminator));
384 ND_PRINT("\n\t Desired min Tx Interval: %4u ms",
385 GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000);
386 ND_PRINT("\n\t Required min Rx Interval: %4u ms",
387 GET_BE_U_4(bfd_header->required_min_rx_interval)/1000);
388 ND_PRINT("\n\t Required min Echo Interval: %4u ms",
389 GET_BE_U_4(bfd_header->required_min_echo_interval)/1000);
390
391 if (flags & BFD_FLAG_AUTH) {
392 auth_print(ndo, pptr);
393 }
394 break;
395
396 default:
397 ND_PRINT("BFDv%u, Control, length: %u",
398 version,
399 len);
400 if (ndo->ndo_vflag >= 1) {
401 if(!print_unknown_data(ndo, pptr,"\n\t",len))
402 return;
403 }
404 break;
405 }
406 } else if (port == BFD_ECHO_PORT) {
407 /*
408 * Echo packet.
409 */
410 ND_PRINT("BFD, Echo, length: %u",
411 len);
412 if (ndo->ndo_vflag >= 1) {
413 if(!print_unknown_data(ndo, pptr,"\n\t",len))
414 return;
415 }
416 } else {
417 /*
418 * Unknown packet type.
419 */
420 ND_PRINT("BFD, unknown (%u), length: %u",
421 port,
422 len);
423 if (ndo->ndo_vflag >= 1) {
424 if(!print_unknown_data(ndo, pptr,"\n\t",len))
425 return;
426 }
427 }
428 }
[mirror] the TCPdump network dissector