* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*
- * support for the The RPKI/Router Protocol as RFC6810
- *
*/
-#define NETDISSECT_REWORKED
+/* \summary: Resource Public Key Infrastructure (RPKI) to Router Protocol printer */
+
+/* specification: RFC 6810 */
+
#ifdef HAVE_CONFIG_H
-#include "config.h"
+#include <config.h>
#endif
-#include <tcpdump-stdinc.h>
+#include "netdissect-stdinc.h"
-#include <string.h>
-
-#include "interface.h"
+#define ND_LONGJMP_FROM_TCHECK
+#include "netdissect.h"
#include "extract.h"
#include "addrtoname.h"
+
/*
* RPKI/Router PDU header
*
* The length does include the version and length fields.
*/
typedef struct rpki_rtr_pdu_ {
- u_char version; /* Version number */
- u_char pdu_type; /* PDU type */
+ nd_uint8_t version; /* Version number */
+ nd_uint8_t pdu_type; /* PDU type */
union {
- u_char session_id[2]; /* Session id */
- u_char error_code[2]; /* Error code */
+ nd_uint16_t session_id; /* Session id */
+ nd_uint16_t error_code; /* Error code */
} u;
- u_char length[4];
+ nd_uint32_t length;
} rpki_rtr_pdu;
-#define RPKI_RTR_PDU_OVERHEAD (offsetof(rpki_rtr_pdu, rpki_rtr_pdu_msg))
/*
* IPv4 Prefix PDU.
*/
typedef struct rpki_rtr_pdu_ipv4_prefix_ {
rpki_rtr_pdu pdu_header;
- u_char flags;
- u_char prefix_length;
- u_char max_length;
- u_char zero;
- u_char prefix[4];
- u_char as[4];
+ nd_uint8_t flags;
+ nd_uint8_t prefix_length;
+ nd_uint8_t max_length;
+ nd_uint8_t zero;
+ nd_ipv4 prefix;
+ nd_uint32_t as;
} rpki_rtr_pdu_ipv4_prefix;
/*
*/
typedef struct rpki_rtr_pdu_ipv6_prefix_ {
rpki_rtr_pdu pdu_header;
- u_char flags;
- u_char prefix_length;
- u_char max_length;
- u_char zero;
- u_char prefix[16];
- u_char as[4];
+ nd_uint8_t flags;
+ nd_uint8_t prefix_length;
+ nd_uint8_t max_length;
+ nd_uint8_t zero;
+ nd_ipv6 prefix;
+ nd_uint32_t as;
} rpki_rtr_pdu_ipv6_prefix;
/*
*/
typedef struct rpki_rtr_pdu_error_report_ {
rpki_rtr_pdu pdu_header;
- u_char encapsulated_pdu_length[4]; /* Encapsulated PDU length */
+ nd_uint32_t encapsulated_pdu_length; /* Encapsulated PDU length */
+ /* Copy of Erroneous PDU (variable, optional) */
+ /* Length of Error Text (4 octets in network byte order) */
+ /* Arbitrary Text of Error Diagnostic Message (variable, optional) */
} rpki_rtr_pdu_error_report;
/*
};
/*
- * Build a identation string for a given identation level.
- * XXX this should be really in util.c
+ * Build a indentation string for a given indentation level.
*/
static char *
indent_string (u_int indent)
/*
* Print a single PDU.
*/
-static void
-rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent)
+static u_int
+rpki_rtr_pdu_print(netdissect_options *ndo, const u_char *tptr, const u_int len,
+ const u_char recurse, const u_int indent)
{
const rpki_rtr_pdu *pdu_header;
u_int pdu_type, pdu_len, hexdump;
const u_char *msg;
+ uint8_t pdu_ver;
- pdu_header = (rpki_rtr_pdu *)tptr;
- pdu_type = pdu_header->pdu_type;
- pdu_len = EXTRACT_32BITS(pdu_header->length);
+ if (len < sizeof(rpki_rtr_pdu)) {
+ ND_PRINT("(%u bytes is too few to decode)", len);
+ goto invalid;
+ }
+ pdu_header = (const rpki_rtr_pdu *)tptr;
+ pdu_ver = GET_U_1(pdu_header->version);
+ if (pdu_ver != 0) {
+ /* Skip the rest of the input buffer because even if this is
+ * a well-formed PDU of a future RPKI-Router protocol version
+ * followed by a well-formed PDU of RPKI-Router protocol
+ * version 0, there is no way to know exactly how to skip the
+ * current PDU.
+ */
+ ND_PRINT("%sRPKI-RTRv%u (unknown)", indent_string(8), pdu_ver);
+ return len;
+ }
+ pdu_type = GET_U_1(pdu_header->pdu_type);
+ pdu_len = GET_BE_U_4(pdu_header->length);
+ /* Do not check bounds with pdu_len yet, do it in the case blocks
+ * below to make it possible to decode at least the beginning of
+ * a truncated Error Report PDU or a truncated encapsulated PDU.
+ */
hexdump = FALSE;
- ND_PRINT((ndo, "%sRPKI-RTRv%u, %s PDU (%u), length: %u",
+ ND_PRINT("%sRPKI-RTRv%u, %s PDU (%u), length: %u",
indent_string(8),
- pdu_header->version,
+ pdu_ver,
tok2str(rpki_rtr_pdu_values, "Unknown", pdu_type),
- pdu_type, pdu_len));
+ pdu_type, pdu_len);
+ if (pdu_len < sizeof(rpki_rtr_pdu) || pdu_len > len)
+ goto invalid;
switch (pdu_type) {
case RPKI_RTR_SERIAL_NOTIFY_PDU:
case RPKI_RTR_SERIAL_QUERY_PDU:
case RPKI_RTR_END_OF_DATA_PDU:
+ if (pdu_len != sizeof(rpki_rtr_pdu) + 4)
+ goto invalid;
msg = (const u_char *)(pdu_header + 1);
- ND_PRINT((ndo, "%sSession ID: 0x%04x, Serial: %u",
+ ND_PRINT("%sSession ID: 0x%04x, Serial: %u",
indent_string(indent+2),
- EXTRACT_16BITS(pdu_header->u.session_id),
- EXTRACT_32BITS(msg)));
+ GET_BE_U_2(pdu_header->u.session_id),
+ GET_BE_U_4(msg));
break;
/*
*/
case RPKI_RTR_RESET_QUERY_PDU:
case RPKI_RTR_CACHE_RESET_PDU:
+ if (pdu_len != sizeof(rpki_rtr_pdu))
+ goto invalid;
+ /* no additional boundary to check */
/*
* Zero payload PDUs.
break;
case RPKI_RTR_CACHE_RESPONSE_PDU:
- ND_PRINT((ndo, "%sSession ID: 0x%04x",
+ if (pdu_len != sizeof(rpki_rtr_pdu))
+ goto invalid;
+ /* no additional boundary to check */
+ ND_PRINT("%sSession ID: 0x%04x",
indent_string(indent+2),
- EXTRACT_16BITS(pdu_header->u.session_id)));
+ GET_BE_U_2(pdu_header->u.session_id));
break;
case RPKI_RTR_IPV4_PREFIX_PDU:
{
- rpki_rtr_pdu_ipv4_prefix *pdu;
+ const rpki_rtr_pdu_ipv4_prefix *pdu;
- pdu = (rpki_rtr_pdu_ipv4_prefix *)tptr;
- ND_PRINT((ndo, "%sIPv4 Prefix %s/%u-%u, origin-as %u, flags 0x%02x",
+ if (pdu_len != sizeof(rpki_rtr_pdu_ipv4_prefix))
+ goto invalid;
+ pdu = (const rpki_rtr_pdu_ipv4_prefix *)tptr;
+ ND_PRINT("%sIPv4 Prefix %s/%u-%u, origin-as %u, flags 0x%02x",
indent_string(indent+2),
- ipaddr_string(pdu->prefix),
- pdu->prefix_length, pdu->max_length,
- EXTRACT_32BITS(pdu->as), pdu->flags));
+ GET_IPADDR_STRING(pdu->prefix),
+ GET_U_1(pdu->prefix_length), GET_U_1(pdu->max_length),
+ GET_BE_U_4(pdu->as), GET_U_1(pdu->flags));
}
break;
-#ifdef INET6
case RPKI_RTR_IPV6_PREFIX_PDU:
{
- rpki_rtr_pdu_ipv6_prefix *pdu;
+ const rpki_rtr_pdu_ipv6_prefix *pdu;
- pdu = (rpki_rtr_pdu_ipv6_prefix *)tptr;
- ND_PRINT((ndo, "%sIPv6 Prefix %s/%u-%u, origin-as %u, flags 0x%02x",
+ if (pdu_len != sizeof(rpki_rtr_pdu_ipv6_prefix))
+ goto invalid;
+ pdu = (const rpki_rtr_pdu_ipv6_prefix *)tptr;
+ ND_PRINT("%sIPv6 Prefix %s/%u-%u, origin-as %u, flags 0x%02x",
indent_string(indent+2),
- ip6addr_string(pdu->prefix),
- pdu->prefix_length, pdu->max_length,
- EXTRACT_32BITS(pdu->as), pdu->flags));
+ GET_IP6ADDR_STRING(pdu->prefix),
+ GET_U_1(pdu->prefix_length), GET_U_1(pdu->max_length),
+ GET_BE_U_4(pdu->as), GET_U_1(pdu->flags));
}
break;
-#endif
case RPKI_RTR_ERROR_REPORT_PDU:
{
- rpki_rtr_pdu_error_report *pdu;
+ const rpki_rtr_pdu_error_report *pdu;
u_int encapsulated_pdu_length, text_length, tlen, error_code;
- u_char buf[80];
- pdu = (rpki_rtr_pdu_error_report *)tptr;
- encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length);
- tlen = pdu_len;
+ tlen = sizeof(rpki_rtr_pdu);
+ /* Do not test for the "Length of Error Text" data element yet. */
+ if (pdu_len < tlen + 4)
+ goto invalid;
+ pdu = (const rpki_rtr_pdu_error_report *)tptr;
+ encapsulated_pdu_length = GET_BE_U_4(pdu->encapsulated_pdu_length);
+ tlen += 4;
+ /* Safe up to and including the "Length of Encapsulated PDU"
+ * data element, more data elements may be present.
+ */
- error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code);
- ND_PRINT((ndo, "%sError code: %s (%u), Encapsulated PDU length: %u",
+ error_code = GET_BE_U_2(pdu->pdu_header.u.error_code);
+ ND_PRINT("%sError code: %s (%u), Encapsulated PDU length: %u",
indent_string(indent+2),
tok2str(rpki_rtr_error_codes, "Unknown", error_code),
- error_code, encapsulated_pdu_length));
-
- tptr += sizeof(*pdu);
- tlen -= sizeof(*pdu);
-
- /*
- * Recurse if there is an encapsulated PDU.
- */
- if (encapsulated_pdu_length &&
- (encapsulated_pdu_length <= tlen)) {
- ND_PRINT((ndo, "%s-----encapsulated PDU-----", indent_string(indent+4)));
- rpki_rtr_pdu_print(ndo, tptr, indent+2);
+ error_code, encapsulated_pdu_length);
+
+ if (encapsulated_pdu_length) {
+ /* Section 5.10 of RFC 6810 says:
+ * "An Error Report PDU MUST NOT be sent for an Error Report PDU."
+ *
+ * However, as far as the protocol encoding goes Error Report PDUs can
+ * happen to be nested in each other, however many times, in which case
+ * the decoder should still print such semantically incorrect PDUs.
+ *
+ * That said, "the Erroneous PDU field MAY be truncated" (ibid), thus
+ * to keep things simple this implementation decodes only the two
+ * outermost layers of PDUs and makes bounds checks in the outer and
+ * the inner PDU independently.
+ */
+ if (pdu_len < tlen + encapsulated_pdu_length)
+ goto invalid;
+ if (! recurse) {
+ ND_TCHECK_LEN(tptr, tlen + encapsulated_pdu_length);
+ }
+ else {
+ ND_PRINT("%s-----encapsulated PDU-----", indent_string(indent+4));
+ rpki_rtr_pdu_print(ndo, tptr + tlen,
+ encapsulated_pdu_length, 0, indent + 2);
+ }
+ tlen += encapsulated_pdu_length;
}
- tptr += encapsulated_pdu_length;
- tlen -= encapsulated_pdu_length;
-
+ if (pdu_len < tlen + 4)
+ goto invalid;
/*
* Extract, trail-zero and print the Error message.
*/
- text_length = 0;
- if (tlen > 4) {
- text_length = EXTRACT_32BITS(tptr);
- tptr += 4;
- tlen -= 4;
- }
- if (text_length && (text_length <= tlen )) {
- memcpy(buf, tptr, MIN(sizeof(buf)-1, text_length));
- buf[text_length] = '\0';
- ND_PRINT((ndo, "%sError text: %s", indent_string(indent+2), buf));
+ text_length = GET_BE_U_4(tptr + tlen);
+ tlen += 4;
+ /* Safe up to and including the "Length of Error Text" data element,
+ * one more data element may be present.
+ */
+
+ if (text_length) {
+ if (pdu_len < tlen + text_length)
+ goto invalid;
+ ND_PRINT("%sError text: ", indent_string(indent+2));
+ nd_printjn(ndo, tptr + tlen, text_length);
}
}
break;
default:
+ ND_TCHECK_LEN(tptr, pdu_len);
/*
* Unknown data, please hexdump.
if (ndo->ndo_vflag > 1 || (ndo->ndo_vflag && hexdump)) {
print_unknown_data(ndo,tptr,"\n\t ", pdu_len);
}
+ return pdu_len;
+
+invalid:
+ nd_print_invalid(ndo);
+ ND_TCHECK_LEN(tptr, len);
+ return len;
}
void
-rpki_rtr_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) {
-
- u_int tlen, pdu_type, pdu_len;
- const u_char *tptr;
- const rpki_rtr_pdu *pdu_header;
-
- tptr = pptr;
- tlen = len;
-
+rpki_rtr_print(netdissect_options *ndo, const u_char *pptr, u_int len)
+{
+ ndo->ndo_protocol = "rpki_rtr";
if (!ndo->ndo_vflag) {
- ND_PRINT((ndo, ", RPKI-RTR"));
+ ND_PRINT(", RPKI-RTR");
return;
}
-
- while (tlen >= sizeof(rpki_rtr_pdu)) {
-
- ND_TCHECK2(*tptr, sizeof(rpki_rtr_pdu));
-
- pdu_header = (rpki_rtr_pdu *)tptr;
- pdu_type = pdu_header->pdu_type;
- pdu_len = EXTRACT_32BITS(pdu_header->length);
-
- /* infinite loop check */
- if (!pdu_type || !pdu_len) {
- break;
- }
-
- ND_TCHECK2(*tptr, pdu_len);
- if (tlen < pdu_len) {
- goto trunc;
- }
-
- /*
- * Print the PDU.
- */
- rpki_rtr_pdu_print(ndo, tptr, 8);
-
- tlen -= pdu_len;
- tptr += pdu_len;
+ while (len) {
+ u_int pdu_len = rpki_rtr_pdu_print(ndo, pptr, len, 1, 8);
+ len -= pdu_len;
+ pptr += pdu_len;
}
- return;
- trunc:
- ND_PRINT((ndo, "\n\t[|RPKI-RTR]"));
}
-
-/*
- * Local Variables:
- * c-style: whitesmith
- * c-basic-offset: 4
- * End:
- */
projects / tcpdump / blobdiff