]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-radius.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #827 from NanXiao/patch-1
[tcpdump] / print-radius.c
diff --git a/print-radius.c b/print-radius.c
index b61aa23dd5262d572dc3749a326e39305c13495a..78646b5847664bcda7c0338f461eb40e3a6ace7f 100644 (file)
--- a/print-radius.c
+++ b/print-radius.c
@@ -65,9 +65,15 @@
  * RFC 5176:
  *      "Dynamic Authorization Extensions to RADIUS"
  *
+ * RFC 5447:
+ *      "Diameter Mobile IPv6"
+ *
  * RFC 5580:
  *      "Carrying Location Objects in RADIUS and Diameter"
  *
+ * RFC 6572:
+ *      "RADIUS Support for Proxy Mobile IPv6"
+ *
  * RFC 7155:
  *      "Diameter Network Access Server Application"
  *
@@ -84,12 +90,13 @@
 
 #include <string.h>
 
+#include "netdissect-ctype.h"
+
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
 #include "oui.h"
 
-static const char tstr[] = " [|radius]";
 
 #define TAM_SIZE(x) (sizeof(x)/sizeof(x[0]) )
 
@@ -197,7 +204,9 @@ static void print_vendor_attr(netdissect_options *, const u_char *, u_int, u_sho
 static void print_attr_address(netdissect_options *, const u_char *, u_int, u_short);
 static void print_attr_address6(netdissect_options *, const u_char *, u_int, u_short);
 static void print_attr_netmask6(netdissect_options *, const u_char *, u_int, u_short);
+static void print_attr_mip6_home_link_prefix(netdissect_options *, const u_char *, u_int, u_short);
 static void print_attr_time(netdissect_options *, const u_char *, u_int, u_short);
+static void print_attr_vector64(netdissect_options *, register const u_char *, u_int, u_short);
 static void print_attr_strange(netdissect_options *, const u_char *, u_int, u_short);
 
 
@@ -437,8 +446,40 @@ static const struct tok errorcausetype[] = {
                                                                                                                                 { 0, NULL }
                                };
 
+/* MIP6-Feature-Vector standard values */
+/* https://www.iana.org/assignments/aaa-parameters/aaa-parameters.xhtml */
+#define MIP6_INTEGRATED 0x0000000000000001
+#define LOCAL_HOME_AGENT_ASSIGNMENT 0x0000000000000002
+#define PMIP6_SUPPORTED 0x0000010000000000
+#define IP4_HOA_SUPPORTED 0x0000020000000000
+#define LOCAL_MAG_ROUTING_SUPPORTED 0x0000040000000000
+#define ASSIGN_LOCAL_IP 0x0000080000000000
+#define MIP4_SUPPORTED 0x0000100000000000
+#define OPTIMIZED_IDLE_MODE_MOBILITY 0x0000200000000000
+#define GTPv2_SUPPORTED 0x0000400000000000
+#define IP4_TRANSPORT_SUPPORTED 0x0000800000000000
+#define IP4_HOA_ONLY_SUPPORTED 0x0001000000000000
+#define INTER_MAG_ROUTING_SUPPORTED 0x0002000000000000
+static const struct mip6_feature_vector {
+                  uint64_t v;
+                  const char *s;
+                } mip6_feature_vector[] = {
+                                 { MIP6_INTEGRATED,             "MIP6_INTEGRATED" },
+                                 { LOCAL_HOME_AGENT_ASSIGNMENT, "LOCAL_HOME_AGENT_ASSIGNMENT" },
+                                 { PMIP6_SUPPORTED,             "PMIP6_SUPPORTED" },
+                                 { IP4_HOA_SUPPORTED,           "IP4_HOA_SUPPORTED" },
+                                 { LOCAL_MAG_ROUTING_SUPPORTED, "LOCAL_MAG_ROUTING_SUPPORTED" },
+                                 { ASSIGN_LOCAL_IP,             "ASSIGN_LOCAL_IP" },
+                                 { MIP4_SUPPORTED,              "MIP4_SUPPORTED" },
+                                 { OPTIMIZED_IDLE_MODE_MOBILITY, "OPTIMIZED_IDLE_MODE_MOBILITY" },
+                                 { GTPv2_SUPPORTED,             "GTPv2_SUPPORTED" },
+                                 { IP4_TRANSPORT_SUPPORTED,     "IP4_TRANSPORT_SUPPORTED" },
+                                 { IP4_HOA_ONLY_SUPPORTED,      "IP4_HOA_ONLY_SUPPORTED" },
+                                 { INTER_MAG_ROUTING_SUPPORTED, "INTER_MAG_ROUTING_SUPPORTED" },
+                               };
+
 
-static struct attrtype {
+static const struct attrtype {
                   const char *name;      /* Attribute name                 */
                   const char **subtypes; /* Standard Values (if any)       */
                   u_char siz_subtypes;   /* Size of total standard values  */
@@ -570,6 +611,8 @@ static struct attrtype {
      { "Digest-HA1",                      NULL, 0, 0, print_attr_string },
      { "SIP-AOR",                         NULL, 0, 0, print_attr_string },
      { "Delegated-IPv6-Prefix",           NULL, 0, 0, print_attr_netmask6 },
+     { "MIP6-Feature-Vector",             NULL, 0, 0, print_attr_vector64 },
+     { "MIP6-Home-Link-Prefix",           NULL, 0, 0, print_attr_mip6_home_link_prefix },
   };
 
 
@@ -593,13 +636,13 @@ print_attr_string(netdissect_options *ndo,
       case TUNNEL_PASS:
            if (length < 3)
               goto trunc;
-           if (EXTRACT_U_1(data) && (EXTRACT_U_1(data) <= 0x1F))
-              ND_PRINT("Tag[%u] ", EXTRACT_U_1(data));
+           if (GET_U_1(data) && (GET_U_1(data) <= 0x1F))
+              ND_PRINT("Tag[%u] ", GET_U_1(data));
            else
               ND_PRINT("Tag[Unused] ");
            data++;
            length--;
-           ND_PRINT("Salt %u ", EXTRACT_BE_U_2(data));
+           ND_PRINT("Salt %u ", GET_BE_U_2(data));
            data+=2;
            length-=2;
         break;
@@ -609,12 +652,12 @@ print_attr_string(netdissect_options *ndo,
       case TUNNEL_ASSIGN_ID:
       case TUNNEL_CLIENT_AUTH:
       case TUNNEL_SERVER_AUTH:
-           if (EXTRACT_U_1(data) <= 0x1F)
+           if (GET_U_1(data) <= 0x1F)
            {
               if (length < 1)
                  goto trunc;
-              if (EXTRACT_U_1(data))
-                ND_PRINT("Tag[%u] ", EXTRACT_U_1(data));
+              if (GET_U_1(data))
+                ND_PRINT("Tag[%u] ", GET_U_1(data));
               else
                 ND_PRINT("Tag[Unused] ");
               data++;
@@ -625,20 +668,20 @@ print_attr_string(netdissect_options *ndo,
            if (length < 1)
               goto trunc;
            ND_PRINT("%s (0x%02x) ",
-                  tok2str(rfc4675_tagged,"Unknown tag",EXTRACT_U_1(data)),
-                  EXTRACT_U_1(data));
+                  tok2str(rfc4675_tagged,"Unknown tag",GET_U_1(data)),
+                  GET_U_1(data));
            data++;
            length--;
         break;
    }
 
-   for (i=0; i < length && EXTRACT_U_1(data); i++, data++)
-       ND_PRINT("%c", ND_ISPRINT(EXTRACT_U_1(data)) ? EXTRACT_U_1(data) : '.');
+   for (i=0; i < length && GET_U_1(data); i++, data++)
+       ND_PRINT("%c", ND_ASCII_ISPRINT(GET_U_1(data)) ? GET_U_1(data) : '.');
 
    return;
 
    trunc:
-      ND_PRINT("%s", tstr);
+      nd_print_trunc(ndo);
 }
 
 /*
@@ -656,7 +699,7 @@ print_vendor_attr(netdissect_options *ndo,
     if (length < 4)
         goto trunc;
     ND_TCHECK_4(data);
-    vendor_id = EXTRACT_BE_U_4(data);
+    vendor_id = GET_BE_U_4(data);
     data+=4;
     length-=4;
 
@@ -667,8 +710,8 @@ print_vendor_attr(netdissect_options *ndo,
     while (length >= 2) {
        ND_TCHECK_2(data);
 
-        vendor_type = EXTRACT_U_1(data);
-        vendor_length = EXTRACT_U_1(data + 1);
+        vendor_type = GET_U_1(data);
+        vendor_length = GET_U_1(data + 1);
 
         if (vendor_length < 2)
         {
@@ -693,13 +736,13 @@ print_vendor_attr(netdissect_options *ndo,
                vendor_type,
                vendor_length);
         for (idx = 0; idx < vendor_length ; idx++, data++)
-            ND_PRINT("%c", ND_ISPRINT(EXTRACT_U_1(data)) ? EXTRACT_U_1(data) : '.');
+            ND_PRINT("%c", ND_ASCII_ISPRINT(GET_U_1(data)) ? GET_U_1(data) : '.');
         length-=vendor_length;
     }
     return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
 }
 
 /******************************/
@@ -731,16 +774,16 @@ print_attr_num(netdissect_options *ndo,
 
       if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) )
       {
-         if (!EXTRACT_U_1(data))
+         if (!GET_U_1(data))
             ND_PRINT("Tag[Unused] ");
          else
-            ND_PRINT("Tag[%u] ", EXTRACT_U_1(data));
+            ND_PRINT("Tag[%u] ", GET_U_1(data));
          data++;
-         data_value = EXTRACT_BE_U_3(data);
+         data_value = GET_BE_U_3(data);
       }
       else
       {
-         data_value = EXTRACT_BE_U_4(data);
+         data_value = GET_BE_U_4(data);
       }
       if ( data_value <= (uint32_t)(attr_type[attr_code].siz_subtypes - 1 +
             attr_type[attr_code].first_subtype) &&
@@ -754,10 +797,10 @@ print_attr_num(netdissect_options *ndo,
       switch(attr_code) /* Be aware of special cases... */
       {
         case FRM_IPX:
-             if (EXTRACT_BE_U_4(data) == 0xFFFFFFFE )
+             if (GET_BE_U_4(data) == 0xFFFFFFFE )
                 ND_PRINT("NAS Select");
              else
-                ND_PRINT("%u", EXTRACT_BE_U_4(data));
+                ND_PRINT("%u", GET_BE_U_4(data));
           break;
 
         case SESSION_TIMEOUT:
@@ -765,7 +808,7 @@ print_attr_num(netdissect_options *ndo,
         case ACCT_DELAY:
         case ACCT_SESSION_TIME:
         case ACCT_INT_INTERVAL:
-             timeout = EXTRACT_BE_U_4(data);
+             timeout = GET_BE_U_4(data);
              if ( timeout < 60 )
                 ND_PRINT("%02d secs", timeout);
              else
@@ -781,38 +824,38 @@ print_attr_num(netdissect_options *ndo,
           break;
 
         case FRM_ATALK_LINK:
-             if (EXTRACT_BE_U_4(data))
-                ND_PRINT("%u", EXTRACT_BE_U_4(data));
+             if (GET_BE_U_4(data))
+                ND_PRINT("%u", GET_BE_U_4(data));
              else
                 ND_PRINT("Unnumbered");
           break;
 
         case FRM_ATALK_NETWORK:
-             if (EXTRACT_BE_U_4(data))
-                ND_PRINT("%u", EXTRACT_BE_U_4(data));
+             if (GET_BE_U_4(data))
+                ND_PRINT("%u", GET_BE_U_4(data));
              else
                 ND_PRINT("NAS assigned");
           break;
 
         case TUNNEL_PREFERENCE:
-            if (EXTRACT_U_1(data))
-               ND_PRINT("Tag[%u] ", EXTRACT_U_1(data));
+            if (GET_U_1(data))
+               ND_PRINT("Tag[%u] ", GET_U_1(data));
             else
                ND_PRINT("Tag[Unused] ");
             data++;
-            ND_PRINT("%u", EXTRACT_BE_U_3(data));
+            ND_PRINT("%u", GET_BE_U_3(data));
           break;
 
         case EGRESS_VLAN_ID:
             ND_PRINT("%s (0x%02x) ",
-                   tok2str(rfc4675_tagged,"Unknown tag",EXTRACT_U_1(data)),
-                   EXTRACT_U_1(data));
+                   tok2str(rfc4675_tagged,"Unknown tag",GET_U_1(data)),
+                   GET_U_1(data));
             data++;
-            ND_PRINT("%u", EXTRACT_BE_U_3(data));
+            ND_PRINT("%u", GET_BE_U_3(data));
           break;
 
         default:
-             ND_PRINT("%u", EXTRACT_BE_U_4(data));
+             ND_PRINT("%u", GET_BE_U_4(data));
           break;
 
       } /* switch */
@@ -822,7 +865,7 @@ print_attr_num(netdissect_options *ndo,
    return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
 }
 
 /*****************************/
@@ -848,24 +891,24 @@ print_attr_address(netdissect_options *ndo,
    {
       case FRM_IPADDR:
       case LOG_IPHOST:
-           if (EXTRACT_BE_U_4(data) == 0xFFFFFFFF )
+           if (GET_BE_U_4(data) == 0xFFFFFFFF )
               ND_PRINT("User Selected");
            else
-              if (EXTRACT_BE_U_4(data) == 0xFFFFFFFE )
+              if (GET_BE_U_4(data) == 0xFFFFFFFE )
                  ND_PRINT("NAS Select");
               else
-                 ND_PRINT("%s",ipaddr_string(ndo, data));
+                 ND_PRINT("%s",GET_IPADDR_STRING(data));
       break;
 
       default:
-          ND_PRINT("%s", ipaddr_string(ndo, data));
+          ND_PRINT("%s", GET_IPADDR_STRING(data));
       break;
    }
 
    return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
 }
 
 /*****************************/
@@ -887,12 +930,12 @@ print_attr_address6(netdissect_options *ndo,
 
    ND_TCHECK_16(data);
 
-   ND_PRINT("%s", ip6addr_string(ndo, data));
+   ND_PRINT("%s", GET_IP6ADDR_STRING(data));
 
    return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
 }
 
 static void
@@ -907,9 +950,9 @@ print_attr_netmask6(netdissect_options *ndo,
        return;
    }
    ND_TCHECK_LEN(data, length);
-   if (EXTRACT_U_1(data + 1) > 128)
+   if (GET_U_1(data + 1) > 128)
    {
-      ND_PRINT("ERROR: netmask %u not in range (0..128)", EXTRACT_U_1(data + 1));
+      ND_PRINT("ERROR: netmask %u not in range (0..128)", GET_U_1(data + 1));
       return;
    }
 
@@ -917,15 +960,39 @@ print_attr_netmask6(netdissect_options *ndo,
    if (length > 2)
       memcpy(data2, data+2, length-2);
 
-   ND_PRINT("%s/%u", ip6addr_string(ndo, data2), EXTRACT_U_1(data + 1));
+   ND_PRINT("%s/%u", ip6addr_string(ndo, data2), GET_U_1(data + 1));
 
-   if (EXTRACT_U_1(data + 1) > 8 * (length - 2))
+   if (GET_U_1(data + 1) > 8 * (length - 2))
       ND_PRINT(" (inconsistent prefix length)");
 
    return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
+}
+
+static void
+print_attr_mip6_home_link_prefix(netdissect_options *ndo,
+                    const u_char *data, u_int length, u_short attr_code _U_)
+{
+   if (length != 17)
+   {
+      ND_PRINT("ERROR: length %u != 17", length);
+      return;
+   }
+   ND_TCHECK_LEN(data, length);
+   if (GET_U_1(data) > 128)
+   {
+      ND_PRINT("ERROR: netmask %u not in range (0..128)", GET_U_1(data));
+      return;
+   }
+
+   ND_PRINT("%s/%u", GET_IP6ADDR_STRING(data + 1), GET_U_1(data));
+
+   return;
+
+   trunc:
+     nd_print_trunc(ndo);
 }
 
 /*************************************/
@@ -951,7 +1018,7 @@ print_attr_time(netdissect_options *ndo,
 
    ND_TCHECK_4(data);
 
-   attr_time = EXTRACT_BE_U_4(data);
+   attr_time = GET_BE_U_4(data);
    strlcpy(string, ctime(&attr_time), sizeof(string));
    /* Get rid of the newline */
    string[24] = '\0';
@@ -959,7 +1026,39 @@ print_attr_time(netdissect_options *ndo,
    return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
+}
+
+static void
+print_attr_vector64(netdissect_options *ndo,
+                 register const u_char *data, u_int length, u_short attr_code _U_)
+{
+   uint64_t data_value, i;
+   const char *sep = "";
+
+   if (length != 8)
+   {
+       ND_PRINT("ERROR: length %u != 8", length);
+       return;
+   }
+
+   ND_PRINT("[");
+
+   data_value = GET_BE_U_8(data);
+   /* Print the 64-bit field in a format similar to bittok2str(), less
+    * flagging any unknown bits. This way it should be easier to replace
+    * the custom code with a library function later.
+    */
+   for (i = 0; i < TAM_SIZE(mip6_feature_vector); i++) {
+       if (data_value & mip6_feature_vector[i].v) {
+           ND_PRINT("%s%s", sep, mip6_feature_vector[i].s);
+           sep = ", ";
+       }
+   }
+
+   ND_PRINT("]");
+
+   return;
 }
 
 /***********************************/
@@ -1002,13 +1101,13 @@ print_attr_strange(netdissect_options *ndo,
                return;
            }
            ND_TCHECK_1(data);
-           if (EXTRACT_U_1(data))
+           if (GET_U_1(data))
               ND_PRINT("User can change password");
            else
               ND_PRINT("User cannot change password");
            data++;
            ND_TCHECK_1(data);
-           ND_PRINT(", Min password length: %u", EXTRACT_U_1(data));
+           ND_PRINT(", Min password length: %u", GET_U_1(data));
            data++;
            ND_PRINT(", created at: ");
            ND_TCHECK_4(data);
@@ -1043,14 +1142,14 @@ print_attr_strange(netdissect_options *ndo,
            }
            ND_TCHECK_4(data);
 
-           error_cause_value = EXTRACT_BE_U_4(data);
+           error_cause_value = GET_BE_U_4(data);
            ND_PRINT("Error cause %u: %s", error_cause_value, tok2str(errorcausetype, "Error-Cause %u not known", error_cause_value));
         break;
    }
    return;
 
    trunc:
-     ND_PRINT("%s", tstr);
+     nd_print_trunc(ndo);
 }
 
 static void
@@ -1067,32 +1166,28 @@ radius_attrs_print(netdissect_options *ndo,
         goto trunc;
      ND_TCHECK_SIZE(rad_attr);
 
-     type = EXTRACT_U_1(rad_attr->type);
-     len = EXTRACT_U_1(rad_attr->len);
+     type = GET_U_1(rad_attr->type);
+     len = GET_U_1(rad_attr->len);
      if (type != 0 && type < TAM_SIZE(attr_type))
        attr_string = attr_type[type].name;
      else
        attr_string = "Unknown";
-     if (len < 2)
-     {
-       ND_PRINT("\n\t  %s Attribute (%u), length: %u (bogus, must be >= 2)",
+
+     ND_PRINT("\n\t  %s Attribute (%u), length: %u",
                attr_string,
                type,
                len);
-       return;
+     if (len < 2)
+     {
+       ND_PRINT(" (bogus, must be >= 2)");
+       return;
      }
      if (len > length)
      {
-       ND_PRINT("\n\t  %s Attribute (%u), length: %u (bogus, goes past end of packet)",
-               attr_string,
-               type,
-               len);
+        ND_PRINT(" (bogus, goes past end of packet)");
         return;
      }
-     ND_PRINT("\n\t  %s Attribute (%u), length: %u, Value: ",
-            attr_string,
-            type,
-            len);
+     ND_PRINT(", Value: ");
 
      if (type < TAM_SIZE(attr_type))
      {
@@ -1114,7 +1209,7 @@ radius_attrs_print(netdissect_options *ndo,
    return;
 
 trunc:
-   ND_PRINT("%s", tstr);
+   nd_print_trunc(ndo);
 }
 
 void
@@ -1124,13 +1219,14 @@ radius_print(netdissect_options *ndo,
    const struct radius_hdr *rad;
    u_int len, auth_idx;
 
+   ndo->ndo_protocol = "radius";
    ND_TCHECK_LEN(dat, MIN_RADIUS_LEN);
    rad = (const struct radius_hdr *)dat;
-   len = EXTRACT_BE_U_2(rad->len);
+   len = GET_BE_U_2(rad->len);
 
    if (len < MIN_RADIUS_LEN)
    {
-         ND_PRINT("%s", tstr);
+         nd_print_trunc(ndo);
          return;
    }
 
@@ -1139,18 +1235,18 @@ radius_print(netdissect_options *ndo,
 
    if (ndo->ndo_vflag < 1) {
        ND_PRINT("RADIUS, %s (%u), id: 0x%02x length: %u",
-              tok2str(radius_command_values,"Unknown Command",EXTRACT_U_1(rad->code)),
-              EXTRACT_U_1(rad->code),
-              EXTRACT_U_1(rad->id),
+              tok2str(radius_command_values,"Unknown Command",GET_U_1(rad->code)),
+              GET_U_1(rad->code),
+              GET_U_1(rad->id),
               len);
        return;
    }
    else {
        ND_PRINT("RADIUS, length: %u\n\t%s (%u), id: 0x%02x, Authenticator: ",
               len,
-              tok2str(radius_command_values,"Unknown Command",EXTRACT_U_1(rad->code)),
-              EXTRACT_U_1(rad->code),
-              EXTRACT_U_1(rad->id));
+              tok2str(radius_command_values,"Unknown Command",GET_U_1(rad->code)),
+              GET_U_1(rad->code),
+              GET_U_1(rad->id));
 
        for(auth_idx=0; auth_idx < 16; auth_idx++)
             ND_PRINT("%02x", rad->auth[auth_idx]);
@@ -1161,5 +1257,5 @@ radius_print(netdissect_options *ndo,
    return;
 
 trunc:
-   ND_PRINT("%s", tstr);
+   nd_print_trunc(ndo);
 }
[mirror] the TCPdump network dissector