rt6: parse TLV

Parse Type Length Values (TLV) in IPv6 Routing Header as specified by
RFC 8754 [1].

[1] https://datatracker.ietf.org/doc/html/rfc8754

Signed-off-by: Giulio Sidoretti <[email protected]>

diff --git a/ip6.h b/ip6.h
index f927d204ebc559126d2544d82d872fa6317a2543..c4e2f4840c1947e04b0fdd57fcf39b90b4692635 100644 (file)
--- a/ip6.h
+++ b/ip6.h
@@ -197,6 +197,10 @@ struct ip6_srh {
        nd_ipv6         srh_segments[1];        /* SRH segments list*/
 };
 
+#define IPV6_SRH_TLV_PAD1 0
+#define IPV6_SRH_TLV_PADN 4
+#define IPV6_SRH_TLV_HMAC 5
+
 /* Fragment header */
 struct ip6_frag {
        nd_uint8_t  ip6f_nxt;           /* next header */

diff --git a/print-rt6.c b/print-rt6.c
index 096a96286c95e0ce8a7275fd7589d6d2bccb17f2..82359a428472b441cdf9dd6e2efc2bc69e8f348b 100644 (file)
--- a/print-rt6.c
+++ b/print-rt6.c
@@ -33,13 +33,95 @@
 
 #include "ip6.h"
 
+static int
+srh_tlv_print(netdissect_options *ndo, const u_char *p, u_int bytes_left)
+{
+       u_int tlv_type, tlv_len;
+       while (bytes_left != 0) {
+               tlv_type = GET_U_1(p);
+               ND_ICHECKMSG_U("remaining length", bytes_left, <, 1);
+               p += 1;
+               bytes_left -= 1;
+               if (bytes_left == 0)
+                       break;
+               if (tlv_type == IPV6_SRH_TLV_PAD1) {
+                       ND_PRINT(", TLV-type=Pad1(%u)", tlv_type);
+                       continue;
+               }
+
+               tlv_len = GET_U_1(p);
+               ND_ICHECKMSG_U("remaining length", bytes_left, <, 1);
+               p += 1;
+               bytes_left -= 1;
+
+               switch (tlv_type) {
+               case IPV6_SRH_TLV_PADN:
+                       ND_PRINT(", TLV-type=PadN(%u)", tlv_type);
+                       ND_PRINT(", TLV-len=%u", tlv_len);
+                       ND_ICHECKMSG_U("PadN length", tlv_len, >, 5); /* RFC 8754 */
+                       ND_ICHECKMSG_U("remaining length", bytes_left, <, tlv_len);
+                       p += tlv_len;
+                       bytes_left -= tlv_len;
+                       break;
+               case IPV6_SRH_TLV_HMAC:
+                       ND_PRINT(", TLV-type=HMAC(%u)", tlv_type);
+                       ND_PRINT(", TLV-len=%u", tlv_len);
+                       ND_ICHECKMSG_U("remaining length", bytes_left, <, 6);
+                       uint16_t reserved;
+                       uint32_t key_id;
+                       uint8_t hmac_byte;
+                       reserved = GET_BE_U_2(p);
+                       p += 2;
+                       if (ndo->ndo_vflag)
+                               ND_PRINT(", D=%u", reserved >> 15);
+                       key_id = GET_BE_U_4(p);
+                       p += 4;
+                       if (ndo->ndo_vflag)
+                               ND_PRINT(", HMAC-key-ID=0x%02x", key_id);
+                       bytes_left -= 6;
+                       if (ndo->ndo_vflag)
+                               ND_PRINT(", HMAC=0x");
+                       for (u_int i = 0; i < tlv_len; i++) {
+                               hmac_byte = GET_U_1(p);
+                               ND_ICHECKMSG_U("remaining length", bytes_left, <, 1);
+                               p += 1;
+                               bytes_left -= 1;
+                               if (ndo->ndo_vflag)
+                                       ND_PRINT("%02x", hmac_byte);
+                       }
+                       break;
+               default:                                                /* Unknown type */
+                       ND_PRINT(" Unknown");
+                       ND_PRINT(", TLV-len=%u", tlv_len);
+                       if (ndo->ndo_vflag)
+                               ND_PRINT(", TLV-value=0x");
+                       ND_ICHECKMSG_U("remaining length", bytes_left, <, tlv_len);
+                       uint8_t tlv_byte;
+                       for (u_int i = 0; i < tlv_len; i++) {
+                               tlv_byte = GET_U_1(p);
+                               p += 1;
+                               bytes_left -= 1;
+                               if (ndo->ndo_vflag)
+                                       ND_PRINT("%02x", tlv_byte);
+                       }
+                       break;
+               }
+       }
+       return 0;
+
+invalid:
+       return -1;
+}
+
+
 int
 rt6_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2 _U_)
 {
        const struct ip6_rthdr *dp;
        const struct ip6_rthdr0 *dp0;
        const struct ip6_srh *srh;
-       u_int i, len, type;
+       u_int i, len, type, seg_list_len, last_entry;
+       int err;
        const u_char *p;
 
        ndo->ndo_protocol = "rt6";
@@ -81,7 +163,8 @@ rt6_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2 _U_)
                break;
        case IPV6_RTHDR_TYPE_4:
                srh = (const struct ip6_srh *)dp;
-               ND_PRINT(", last-entry=%u", GET_U_1(srh->srh_last_ent));
+               last_entry = GET_U_1(srh->srh_last_ent);
+               ND_PRINT(", last-entry=%u", last_entry);
 
                if (GET_U_1(srh->srh_flags) || ndo->ndo_vflag) {
                        ND_PRINT(", flags=0x%0x",
@@ -89,17 +172,21 @@ rt6_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2 _U_)
                }
 
                ND_PRINT(", tag=%x", GET_BE_U_2(srh->srh_tag));
-
-               if (len % 2 == 1) {
-                       ND_PRINT(" (invalid length %u)", len);
-                       goto invalid;
-               }
-               len >>= 1;
                p  = (const u_char *) srh->srh_segments;
-               for (i = 0; i < len; i++) {
+               for (i = 0; i < last_entry + 1; i++) {
                        ND_PRINT(", [%u]%s", i, GET_IP6ADDR_STRING(p));
                        p += 16;
                }
+               seg_list_len = (last_entry + 1) * 2;
+               if (seg_list_len < len) {
+                       /* there is TLV */
+                       u_int bytes_left;
+                       bytes_left = (len - seg_list_len) * 8;
+                       err = srh_tlv_print(ndo, p, bytes_left);
+                       if (err)
+                               goto invalid;
+               }
+
                /*(*/
                ND_PRINT(") ");
                return((GET_U_1(srh->srh_len) + 1) << 3);

diff --git a/tests/TESTLIST b/tests/TESTLIST
index 95592bd63dd2e3afe0d4a273897922c46c5f6a9c..46babe8db8de45cf986057e80f9654395d3d4e44 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -349,6 +349,10 @@ ipv6-srh-ipproto-ether-v ipv6-srh-ipproto-ether.pcap ipv6-srh-ipproto-ether-v.ou
 ipv6-srh-ipproto-ether-ev ipv6-srh-ipproto-ether.pcap ipv6-srh-ipproto-ether-ev.out -ev
 ipv6-too-long-jumbo    ipv6-too-long-jumbo.pcap        ipv6-too-long-jumbo.out -v
 ipv6_jumbogram_1       ipv6_jumbogram_1.pcap   ipv6_jumbogram_1.out -ev
+ipv6-srh-tlv-hmac ipv6-srh-tlv-hmac.pcap ipv6-srh-tlv-hmac.out
+ipv6-srh-tlv-hmac-v ipv6-srh-tlv-hmac.pcap ipv6-srh-tlv-hmac-v.out -v
+ipv6-srh-tlv-pad1-padn-5 ipv6-srh-tlv-pad1-padn-5.pcap ipv6-srh-tlv-pad1-padn-5.out
+ipv6-srh-tlv-pad1-padn-5-v ipv6-srh-tlv-pad1-padn-5.pcap ipv6-srh-tlv-pad1-padn-5-v.out -v
 
 # Loopback/CTP test case
 loopback       loopback.pcap           loopback.out

diff --git a/tests/ipv6-srh-tlv-hmac-v.out b/tests/ipv6-srh-tlv-hmac-v.out
new file mode 100644 (file)
index 0000000..29da7a2
--- /dev/null
+++ b/tests/ipv6-srh-tlv-hmac-v.out
@@ -0,0 +1 @@
+    1  09:28:06.000000 IP6 (class 0x78, flowlabel 0x9abcd, hlim 64, next-header Routing (43) payload length: 48) 2001:db8:1::1 > cafe:1::2: RT6 (len=5, type=4, segleft=0, last-entry=0, flags=0x0, tag=0, [0]cafe:1::2, TLV-type=HMAC(5), TLV-len=16, D=1, HMAC-key-ID=0x5412ab30, HMAC=0x0000000000000000aaaaaaaaaaaaaaaa) no next header

diff --git a/tests/ipv6-srh-tlv-hmac.out b/tests/ipv6-srh-tlv-hmac.out
new file mode 100644 (file)
index 0000000..a64f207
--- /dev/null
+++ b/tests/ipv6-srh-tlv-hmac.out
@@ -0,0 +1 @@
+    1  09:28:06.000000 IP6 2001:db8:1::1 > cafe:1::2: RT6 (len=5, type=4, segleft=0, last-entry=0, tag=0, [0]cafe:1::2, TLV-type=HMAC(5), TLV-len=16) no next header

diff --git a/tests/ipv6-srh-tlv-hmac.pcap b/tests/ipv6-srh-tlv-hmac.pcap
new file mode 100644 (file)
index 0000000..3333e00
Binary files /dev/null and b/tests/ipv6-srh-tlv-hmac.pcap differ

diff --git a/tests/ipv6-srh-tlv-pad1-padn-5-v.out b/tests/ipv6-srh-tlv-pad1-padn-5-v.out
new file mode 100644 (file)
index 0000000..fd0fc47
--- /dev/null
+++ b/tests/ipv6-srh-tlv-pad1-padn-5-v.out
@@ -0,0 +1 @@
+    1  17:47:55.000001 IP6 (class 0x78, flowlabel 0x9abcd, hlim 64, next-header Routing (43) payload length: 32) 2001:db8:1::1 > cafe:1::2: RT6 (len=3, type=4, segleft=0, last-entry=0, flags=0x0, tag=0, [0]cafe:1::2, TLV-type=Pad1(0), TLV-type=PadN(4), TLV-len=5) no next header

diff --git a/tests/ipv6-srh-tlv-pad1-padn-5.out b/tests/ipv6-srh-tlv-pad1-padn-5.out
new file mode 100644 (file)
index 0000000..a2af4a6
--- /dev/null
+++ b/tests/ipv6-srh-tlv-pad1-padn-5.out
@@ -0,0 +1 @@
+    1  17:47:55.000001 IP6 2001:db8:1::1 > cafe:1::2: RT6 (len=3, type=4, segleft=0, last-entry=0, tag=0, [0]cafe:1::2, TLV-type=Pad1(0), TLV-type=PadN(4), TLV-len=5) no next header

diff --git a/tests/ipv6-srh-tlv-pad1-padn-5.pcap b/tests/ipv6-srh-tlv-pad1-padn-5.pcap
new file mode 100644 (file)
index 0000000..ba8fe6e
Binary files /dev/null and b/tests/ipv6-srh-tlv-pad1-padn-5.pcap differ