1 /*
2 * Copyright (c) 2016 Antonin Décimo, Jean-Raphaël Gaglione
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Neither the name of the project nor the names of its contributors
13 * may be used to endorse or promote products derived from this software
14 * without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 /* \summary: Home Networking Control Protocol (HNCP) printer */
30
31 #include <config.h>
32
33 #include "netdissect-stdinc.h"
34
35 #include <string.h>
36
37 #include "netdissect.h"
38 #include "addrtoname.h"
39 #include "extract.h"
40
41 static void
42 hncp_print_rec(netdissect_options *ndo,
43 const u_char *cp, u_int length, int indent);
44
45 void
hncp_print(netdissect_options * ndo,const u_char * cp,u_int length)46 hncp_print(netdissect_options *ndo,
47 const u_char *cp, u_int length)
48 {
49 ndo->ndo_protocol = "hncp";
50 ND_PRINT("hncp (%u)", length);
51 hncp_print_rec(ndo, cp, length, 1);
52 }
53
54 /* RFC7787 */
55 #define DNCP_REQUEST_NETWORK_STATE 1
56 #define DNCP_REQUEST_NODE_STATE 2
57 #define DNCP_NODE_ENDPOINT 3
58 #define DNCP_NETWORK_STATE 4
59 #define DNCP_NODE_STATE 5
60 #define DNCP_PEER 8
61 #define DNCP_KEEP_ALIVE_INTERVAL 9
62 #define DNCP_TRUST_VERDICT 10
63
64 /* RFC7788 */
65 #define HNCP_HNCP_VERSION 32
66 #define HNCP_EXTERNAL_CONNECTION 33
67 #define HNCP_DELEGATED_PREFIX 34
68 #define HNCP_PREFIX_POLICY 43
69 #define HNCP_DHCPV4_DATA 37 /* This is correct, see RFC 7788 Errata ID 5113. */
70 #define HNCP_DHCPV6_DATA 38 /* idem */
71 #define HNCP_ASSIGNED_PREFIX 35
72 #define HNCP_NODE_ADDRESS 36
73 #define HNCP_DNS_DELEGATED_ZONE 39
74 #define HNCP_DOMAIN_NAME 40
75 #define HNCP_NODE_NAME 41
76 #define HNCP_MANAGED_PSK 42
77
78 /* See type_mask in hncp_print_rec below */
79 #define RANGE_DNCP_RESERVED 0x10000
80 #define RANGE_HNCP_UNASSIGNED 0x10001
81 #define RANGE_DNCP_PRIVATE_USE 0x10002
82 #define RANGE_DNCP_FUTURE_USE 0x10003
83
84 static const struct tok type_values[] = {
85 { DNCP_REQUEST_NETWORK_STATE, "Request network state" },
86 { DNCP_REQUEST_NODE_STATE, "Request node state" },
87 { DNCP_NODE_ENDPOINT, "Node endpoint" },
88 { DNCP_NETWORK_STATE, "Network state" },
89 { DNCP_NODE_STATE, "Node state" },
90 { DNCP_PEER, "Peer" },
91 { DNCP_KEEP_ALIVE_INTERVAL, "Keep-alive interval" },
92 { DNCP_TRUST_VERDICT, "Trust-Verdict" },
93
94 { HNCP_HNCP_VERSION, "HNCP-Version" },
95 { HNCP_EXTERNAL_CONNECTION, "External-Connection" },
96 { HNCP_DELEGATED_PREFIX, "Delegated-Prefix" },
97 { HNCP_PREFIX_POLICY, "Prefix-Policy" },
98 { HNCP_DHCPV4_DATA, "DHCPv4-Data" },
99 { HNCP_DHCPV6_DATA, "DHCPv6-Data" },
100 { HNCP_ASSIGNED_PREFIX, "Assigned-Prefix" },
101 { HNCP_NODE_ADDRESS, "Node-Address" },
102 { HNCP_DNS_DELEGATED_ZONE, "DNS-Delegated-Zone" },
103 { HNCP_DOMAIN_NAME, "Domain-Name" },
104 { HNCP_NODE_NAME, "Node-Name" },
105 { HNCP_MANAGED_PSK, "Managed-PSK" },
106
107 { RANGE_DNCP_RESERVED, "Reserved" },
108 { RANGE_HNCP_UNASSIGNED, "Unassigned" },
109 { RANGE_DNCP_PRIVATE_USE, "Private use" },
110 { RANGE_DNCP_FUTURE_USE, "Future use" },
111
112 { 0, NULL}
113 };
114
115 #define DH4OPT_DNS_SERVERS 6 /* RFC2132 */
116 #define DH4OPT_NTP_SERVERS 42 /* RFC2132 */
117 #define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */
118
119 static const struct tok dh4opt_str[] = {
120 { DH4OPT_DNS_SERVERS, "DNS-server" },
121 { DH4OPT_NTP_SERVERS, "NTP-server"},
122 { DH4OPT_DOMAIN_SEARCH, "DNS-search" },
123 { 0, NULL }
124 };
125
126 #define DH6OPT_DNS_SERVERS 23 /* RFC3646 */
127 #define DH6OPT_DOMAIN_LIST 24 /* RFC3646 */
128 #define DH6OPT_SNTP_SERVERS 31 /* RFC4075 */
129
130 static const struct tok dh6opt_str[] = {
131 { DH6OPT_DNS_SERVERS, "DNS-server" },
132 { DH6OPT_DOMAIN_LIST, "DNS-search-list" },
133 { DH6OPT_SNTP_SERVERS, "SNTP-servers" },
134 { 0, NULL }
135 };
136
137 /*
138 * For IPv4-mapped IPv6 addresses, length of the prefix that precedes
139 * the 4 bytes of IPv4 address at the end of the IPv6 address.
140 */
141 #define IPV4_MAPPED_HEADING_LEN 12
142
143 /*
144 * Is an IPv6 address an IPv4-mapped address?
145 */
146 static int
is_ipv4_mapped_address(const u_char * addr)147 is_ipv4_mapped_address(const u_char *addr)
148 {
149 /* The value of the prefix */
150 static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] =
151 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
152
153 return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0;
154 }
155
156 static const char *
format_nid(netdissect_options * ndo,const u_char * data)157 format_nid(netdissect_options *ndo, const u_char *data)
158 {
159 static char buf[4][sizeof("01:01:01:01")];
160 static int i = 0;
161 i = (i + 1) % 4;
162 snprintf(buf[i], sizeof(buf[i]), "%02x:%02x:%02x:%02x",
163 GET_U_1(data), GET_U_1(data + 1), GET_U_1(data + 2),
164 GET_U_1(data + 3));
165 return buf[i];
166 }
167
168 static const char *
format_256(netdissect_options * ndo,const u_char * data)169 format_256(netdissect_options *ndo, const u_char *data)
170 {
171 static char buf[4][sizeof("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")];
172 static int i = 0;
173 i = (i + 1) % 4;
174 snprintf(buf[i], sizeof(buf[i]), "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
175 GET_BE_U_8(data),
176 GET_BE_U_8(data + 8),
177 GET_BE_U_8(data + 16),
178 GET_BE_U_8(data + 24)
179 );
180 return buf[i];
181 }
182
183 static const char *
format_interval(const uint32_t n)184 format_interval(const uint32_t n)
185 {
186 static char buf[4][sizeof("0000000.000s")];
187 static int i = 0;
188 i = (i + 1) % 4;
189 snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000);
190 return buf[i];
191 }
192
193 static const char *
format_ip6addr(netdissect_options * ndo,const u_char * cp)194 format_ip6addr(netdissect_options *ndo, const u_char *cp)
195 {
196 if (is_ipv4_mapped_address(cp))
197 return GET_IPADDR_STRING(cp + IPV4_MAPPED_HEADING_LEN);
198 else
199 return GET_IP6ADDR_STRING(cp);
200 }
201
202 static int
print_prefix(netdissect_options * ndo,const u_char * prefix,u_int max_length)203 print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length)
204 {
205 int plenbytes;
206 char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")];
207
208 if (GET_U_1(prefix) >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 &&
209 is_ipv4_mapped_address(prefix + 1)) {
210 nd_ipv4 addr;
211 u_int plen;
212
213 plen = GET_U_1(prefix) - 96;
214 if (32 < plen)
215 return -1;
216 max_length -= 1;
217
218 memset(&addr, 0, sizeof(addr));
219 plenbytes = (plen + 7) / 8;
220 if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN)
221 return -3;
222 memcpy(&addr, prefix + IPV4_MAPPED_HEADING_LEN + 1, plenbytes);
223 if (plen % 8) {
224 ((u_char *)&addr)[plenbytes - 1] &=
225 ((0xff00 >> (plen % 8)) & 0xff);
226 }
227 snprintf(buf, sizeof(buf), "%s/%u", ipaddr_string(ndo, (const u_char *)&addr), plen); /* local buffer, not packet data; don't use GET_IPADDR_STRING() */
228 plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
229 } else {
230 plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
231 if (plenbytes < 0)
232 return plenbytes;
233 }
234
235 ND_PRINT("%s", buf);
236 return plenbytes;
237 }
238
239 static int
print_dns_label(netdissect_options * ndo,const u_char * cp,u_int max_length,int print)240 print_dns_label(netdissect_options *ndo,
241 const u_char *cp, u_int max_length, int print)
242 {
243 u_int length = 0;
244 while (length < max_length) {
245 u_int lab_length = GET_U_1(cp + length);
246 length++;
247 if (lab_length == 0)
248 return (int)length;
249 if (length > 1 && print)
250 ND_PRINT(".");
251 if (length+lab_length > max_length) {
252 if (print)
253 nd_printjnp(ndo, cp+length, max_length-length);
254 break;
255 }
256 if (print)
257 nd_printjnp(ndo, cp+length, lab_length);
258 length += lab_length;
259 }
260 if (print)
261 ND_PRINT("[|DNS]");
262 return -1;
263 }
264
265 static int
dhcpv4_print(netdissect_options * ndo,const u_char * cp,u_int length,int indent)266 dhcpv4_print(netdissect_options *ndo,
267 const u_char *cp, u_int length, int indent)
268 {
269 u_int i, t;
270 const uint8_t *tlv, *value;
271 uint8_t type, optlen;
272
273 i = 0;
274 while (i < length) {
275 if (i + 2 > length)
276 return -1;
277 tlv = cp + i;
278 type = GET_U_1(tlv);
279 optlen = GET_U_1(tlv + 1);
280 value = tlv + 2;
281
282 ND_PRINT("\n");
283 for (t = indent; t > 0; t--)
284 ND_PRINT("\t");
285
286 ND_PRINT("%s", tok2str(dh4opt_str, "Unknown", type));
287 ND_PRINT(" (%u)", optlen + 2 );
288 if (i + 2 + optlen > length)
289 return -1;
290
291 switch (type) {
292 case DH4OPT_DNS_SERVERS:
293 case DH4OPT_NTP_SERVERS: {
294 if (optlen < 4 || optlen % 4 != 0) {
295 return -1;
296 }
297 for (t = 0; t < optlen; t += 4)
298 ND_PRINT(" %s", GET_IPADDR_STRING(value + t));
299 }
300 break;
301 case DH4OPT_DOMAIN_SEARCH: {
302 const u_char *tp = value;
303 while (tp < value + optlen) {
304 ND_PRINT(" ");
305 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL)
306 return -1;
307 }
308 }
309 break;
310 }
311
312 i += 2 + optlen;
313 }
314 return 0;
315 }
316
317 static int
dhcpv6_print(netdissect_options * ndo,const u_char * cp,u_int length,int indent)318 dhcpv6_print(netdissect_options *ndo,
319 const u_char *cp, u_int length, int indent)
320 {
321 u_int i, t;
322 const u_char *tlv, *value;
323 uint16_t type, optlen;
324
325 i = 0;
326 while (i < length) {
327 if (i + 4 > length)
328 return -1;
329 tlv = cp + i;
330 type = GET_BE_U_2(tlv);
331 optlen = GET_BE_U_2(tlv + 2);
332 value = tlv + 4;
333
334 ND_PRINT("\n");
335 for (t = indent; t > 0; t--)
336 ND_PRINT("\t");
337
338 ND_PRINT("%s", tok2str(dh6opt_str, "Unknown", type));
339 ND_PRINT(" (%u)", optlen + 4 );
340 if (i + 4 + optlen > length)
341 return -1;
342
343 switch (type) {
344 case DH6OPT_DNS_SERVERS:
345 case DH6OPT_SNTP_SERVERS: {
346 if (optlen % 16 != 0) {
347 nd_print_invalid(ndo);
348 return -1;
349 }
350 for (t = 0; t < optlen; t += 16)
351 ND_PRINT(" %s", GET_IP6ADDR_STRING(value + t));
352 }
353 break;
354 case DH6OPT_DOMAIN_LIST: {
355 const u_char *tp = value;
356 while (tp < value + optlen) {
357 ND_PRINT(" ");
358 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL)
359 return -1;
360 }
361 }
362 break;
363 }
364
365 i += 4 + optlen;
366 }
367 return 0;
368 }
369
370 /* Determine in-line mode */
371 static int
is_in_line(netdissect_options * ndo,int indent)372 is_in_line(netdissect_options *ndo, int indent)
373 {
374 return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3;
375 }
376
377 static void
print_type_in_line(netdissect_options * ndo,uint32_t type,int count,int indent,int * first_one)378 print_type_in_line(netdissect_options *ndo,
379 uint32_t type, int count, int indent, int *first_one)
380 {
381 if (count > 0) {
382 if (*first_one) {
383 *first_one = 0;
384 if (indent > 1) {
385 u_int t;
386 ND_PRINT("\n");
387 for (t = indent; t > 0; t--)
388 ND_PRINT("\t");
389 } else {
390 ND_PRINT(" ");
391 }
392 } else {
393 ND_PRINT(", ");
394 }
395 ND_PRINT("%s", tok2str(type_values, "Easter Egg", type));
396 if (count > 1)
397 ND_PRINT(" (x%d)", count);
398 }
399 }
400
401 static void
hncp_print_rec(netdissect_options * ndo,const u_char * cp,u_int length,int indent)402 hncp_print_rec(netdissect_options *ndo,
403 const u_char *cp, u_int length, int indent)
404 {
405 const int in_line = is_in_line(ndo, indent);
406 int first_one = 1;
407
408 u_int i, t;
409
410 uint32_t last_type_mask = 0xffffffffU;
411 int last_type_count = -1;
412
413 const uint8_t *tlv, *value;
414 uint16_t type, bodylen;
415 uint32_t type_mask;
416
417 i = 0;
418 while (i < length) {
419 tlv = cp + i;
420
421 if (!in_line) {
422 ND_PRINT("\n");
423 for (t = indent; t > 0; t--)
424 ND_PRINT("\t");
425 }
426
427 ND_TCHECK_4(tlv);
428 if (i + 4 > length)
429 goto invalid;
430
431 type = GET_BE_U_2(tlv);
432 bodylen = GET_BE_U_2(tlv + 2);
433 value = tlv + 4;
434 ND_TCHECK_LEN(value, bodylen);
435 if (i + bodylen + 4 > length)
436 goto invalid;
437
438 type_mask =
439 (type == 0) ? RANGE_DNCP_RESERVED:
440 (44 <= type && type <= 511) ? RANGE_HNCP_UNASSIGNED:
441 (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE:
442 RANGE_DNCP_FUTURE_USE;
443 if (type == 6 || type == 7)
444 type_mask = RANGE_DNCP_FUTURE_USE;
445
446 /* defined types */
447 {
448 t = 0;
449 while (1) {
450 u_int key = type_values[t++].v;
451 if (key > 0xffff)
452 break;
453 if (key == type) {
454 type_mask = type;
455 break;
456 }
457 }
458 }
459
460 if (in_line) {
461 if (last_type_mask == type_mask) {
462 last_type_count++;
463 } else {
464 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one);
465 last_type_mask = type_mask;
466 last_type_count = 1;
467 }
468
469 goto skip_multiline;
470 }
471
472 ND_PRINT("%s", tok2str(type_values, "Easter Egg (42)", type_mask) );
473 if (type_mask > 0xffff)
474 ND_PRINT(": type=%u", type );
475 ND_PRINT(" (%u)", bodylen + 4 );
476
477 switch (type_mask) {
478
479 case DNCP_REQUEST_NETWORK_STATE: {
480 if (bodylen != 0)
481 nd_print_invalid(ndo);
482 }
483 break;
484
485 case DNCP_REQUEST_NODE_STATE: {
486 const char *node_identifier;
487 if (bodylen != 4) {
488 nd_print_invalid(ndo);
489 break;
490 }
491 node_identifier = format_nid(ndo, value);
492 ND_PRINT(" NID: %s", node_identifier);
493 }
494 break;
495
496 case DNCP_NODE_ENDPOINT: {
497 const char *node_identifier;
498 uint32_t endpoint_identifier;
499 if (bodylen != 8) {
500 nd_print_invalid(ndo);
501 break;
502 }
503 node_identifier = format_nid(ndo, value);
504 endpoint_identifier = GET_BE_U_4(value + 4);
505 ND_PRINT(" NID: %s EPID: %08x",
506 node_identifier,
507 endpoint_identifier
508 );
509 }
510 break;
511
512 case DNCP_NETWORK_STATE: {
513 uint64_t hash;
514 if (bodylen != 8) {
515 nd_print_invalid(ndo);
516 break;
517 }
518 hash = GET_BE_U_8(value);
519 ND_PRINT(" hash: %016" PRIx64, hash);
520 }
521 break;
522
523 case DNCP_NODE_STATE: {
524 const char *node_identifier, *interval;
525 uint32_t sequence_number;
526 uint64_t hash;
527 if (bodylen < 20) {
528 nd_print_invalid(ndo);
529 break;
530 }
531 node_identifier = format_nid(ndo, value);
532 sequence_number = GET_BE_U_4(value + 4);
533 interval = format_interval(GET_BE_U_4(value + 8));
534 hash = GET_BE_U_8(value + 12);
535 ND_PRINT(" NID: %s seqno: %u %s hash: %016" PRIx64,
536 node_identifier,
537 sequence_number,
538 interval,
539 hash
540 );
541 hncp_print_rec(ndo, value+20, bodylen-20, indent+1);
542 }
543 break;
544
545 case DNCP_PEER: {
546 const char *peer_node_identifier;
547 uint32_t peer_endpoint_identifier, endpoint_identifier;
548 if (bodylen != 12) {
549 nd_print_invalid(ndo);
550 break;
551 }
552 peer_node_identifier = format_nid(ndo, value);
553 peer_endpoint_identifier = GET_BE_U_4(value + 4);
554 endpoint_identifier = GET_BE_U_4(value + 8);
555 ND_PRINT(" Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x",
556 peer_node_identifier,
557 peer_endpoint_identifier,
558 endpoint_identifier
559 );
560 }
561 break;
562
563 case DNCP_KEEP_ALIVE_INTERVAL: {
564 uint32_t endpoint_identifier;
565 const char *interval;
566 if (bodylen < 8) {
567 nd_print_invalid(ndo);
568 break;
569 }
570 endpoint_identifier = GET_BE_U_4(value);
571 interval = format_interval(GET_BE_U_4(value + 4));
572 ND_PRINT(" EPID: %08x Interval: %s",
573 endpoint_identifier,
574 interval
575 );
576 }
577 break;
578
579 case DNCP_TRUST_VERDICT: {
580 if (bodylen <= 36) {
581 nd_print_invalid(ndo);
582 break;
583 }
584 ND_PRINT(" Verdict: %u Fingerprint: %s Common Name: ",
585 GET_U_1(value),
586 format_256(ndo, value + 4));
587 nd_printjnp(ndo, value + 36, bodylen - 36);
588 }
589 break;
590
591 case HNCP_HNCP_VERSION: {
592 uint16_t capabilities;
593 uint8_t M, P, H, L;
594 if (bodylen < 5) {
595 nd_print_invalid(ndo);
596 break;
597 }
598 capabilities = GET_BE_U_2(value + 2);
599 M = (uint8_t)((capabilities >> 12) & 0xf);
600 P = (uint8_t)((capabilities >> 8) & 0xf);
601 H = (uint8_t)((capabilities >> 4) & 0xf);
602 L = (uint8_t)(capabilities & 0xf);
603 ND_PRINT(" M: %u P: %u H: %u L: %u User-agent: ",
604 M, P, H, L
605 );
606 nd_printjnp(ndo, value + 4, bodylen - 4);
607 }
608 break;
609
610 case HNCP_EXTERNAL_CONNECTION: {
611 /* Container TLV */
612 hncp_print_rec(ndo, value, bodylen, indent+1);
613 }
614 break;
615
616 case HNCP_DELEGATED_PREFIX: {
617 int l;
618 if (bodylen < 9 || bodylen < 9 + (GET_U_1(value + 8) + 7) / 8) {
619 nd_print_invalid(ndo);
620 break;
621 }
622 ND_PRINT(" VLSO: %s PLSO: %s Prefix: ",
623 format_interval(GET_BE_U_4(value)),
624 format_interval(GET_BE_U_4(value + 4))
625 );
626 l = print_prefix(ndo, value + 8, bodylen - 8);
627 if (l == -1) {
628 ND_PRINT("(length is invalid)");
629 break;
630 }
631 if (l < 0) {
632 /*
633 * We've already checked that we've captured the
634 * entire TLV, based on its length, so this will
635 * either be -1, meaning "the prefix length is
636 * greater than the longest possible address of
637 * that type" (i.e., > 32 for IPv4 or > 128 for
638 * IPv6", or -3, meaning "the prefix runs past
639 * the end of the TLV".
640 */
641 nd_print_invalid(ndo);
642 break;
643 }
644 l += 8 + (-l & 3);
645
646 if (bodylen >= l)
647 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
648 }
649 break;
650
651 case HNCP_PREFIX_POLICY: {
652 uint8_t policy;
653 int l;
654 if (bodylen < 1) {
655 nd_print_invalid(ndo);
656 break;
657 }
658 policy = GET_U_1(value);
659 ND_PRINT(" type: ");
660 if (policy == 0) {
661 if (bodylen != 1) {
662 nd_print_invalid(ndo);
663 break;
664 }
665 ND_PRINT("Internet connectivity");
666 } else if (policy >= 1 && policy <= 128) {
667 ND_PRINT("Dest-Prefix: ");
668 l = print_prefix(ndo, value, bodylen);
669 if (l == -1) {
670 ND_PRINT("(length is invalid)");
671 break;
672 }
673 if (l < 0) {
674 /*
675 * We've already checked that we've captured the
676 * entire TLV, based on its length, so this will
677 * either be -1, meaning "the prefix length is
678 * greater than the longest possible address of
679 * that type" (i.e., > 32 for IPv4 or > 128 for
680 * IPv6", or -3, meaning "the prefix runs past
681 * the end of the TLV".
682 */
683 nd_print_invalid(ndo);
684 break;
685 }
686 } else if (policy == 129) {
687 ND_PRINT("DNS domain: ");
688 print_dns_label(ndo, value+1, bodylen-1, 1);
689 } else if (policy == 130) {
690 ND_PRINT("Opaque UTF-8: ");
691 nd_printjnp(ndo, value + 1, bodylen - 1);
692 } else if (policy == 131) {
693 if (bodylen != 1) {
694 nd_print_invalid(ndo);
695 break;
696 }
697 ND_PRINT("Restrictive assignment");
698 } else if (policy >= 132) {
699 ND_PRINT("Unknown (%u)", policy); /* Reserved for future additions */
700 }
701 }
702 break;
703
704 case HNCP_DHCPV4_DATA: {
705 if (bodylen == 0) {
706 nd_print_invalid(ndo);
707 break;
708 }
709 if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0)
710 goto invalid;
711 }
712 break;
713
714 case HNCP_DHCPV6_DATA: {
715 if (bodylen == 0) {
716 nd_print_invalid(ndo);
717 break;
718 }
719 if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) {
720 nd_print_invalid(ndo);
721 break;
722 }
723 }
724 break;
725
726 case HNCP_ASSIGNED_PREFIX: {
727 uint8_t prty;
728 int l;
729 if (bodylen < 6 || bodylen < 6 + (GET_U_1(value + 5) + 7) / 8) {
730 nd_print_invalid(ndo);
731 break;
732 }
733 prty = GET_U_1(value + 4) & 0xf;
734 ND_PRINT(" EPID: %08x Prty: %u",
735 GET_BE_U_4(value),
736 prty
737 );
738 ND_PRINT(" Prefix: ");
739 if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) {
740 nd_print_invalid(ndo);
741 break;
742 }
743 l += 5;
744 l += -l & 3;
745
746 if (bodylen >= l)
747 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
748 }
749 break;
750
751 case HNCP_NODE_ADDRESS: {
752 uint32_t endpoint_identifier;
753 const char *ip_address;
754 if (bodylen < 20) {
755 nd_print_invalid(ndo);
756 break;
757 }
758 endpoint_identifier = GET_BE_U_4(value);
759 ip_address = format_ip6addr(ndo, value + 4);
760 ND_PRINT(" EPID: %08x IP Address: %s",
761 endpoint_identifier,
762 ip_address
763 );
764
765 hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1);
766 }
767 break;
768
769 case HNCP_DNS_DELEGATED_ZONE: {
770 const char *ip_address;
771 int len;
772 if (bodylen < 17) {
773 nd_print_invalid(ndo);
774 break;
775 }
776 ip_address = format_ip6addr(ndo, value);
777 ND_PRINT(" IP-Address: %s %c%c%c ",
778 ip_address,
779 (GET_U_1(value + 16) & 4) ? 'l' : '-',
780 (GET_U_1(value + 16) & 2) ? 'b' : '-',
781 (GET_U_1(value + 16) & 1) ? 's' : '-'
782 );
783 len = print_dns_label(ndo, value+17, bodylen-17, 1);
784 if (len < 0) {
785 nd_print_invalid(ndo);
786 break;
787 }
788 len += 17;
789 len += -len & 3;
790 if (bodylen >= len)
791 hncp_print_rec(ndo, value+len, bodylen-len, indent+1);
792 }
793 break;
794
795 case HNCP_DOMAIN_NAME: {
796 if (bodylen == 0) {
797 nd_print_invalid(ndo);
798 break;
799 }
800 ND_PRINT(" Domain: ");
801 print_dns_label(ndo, value, bodylen, 1);
802 }
803 break;
804
805 case HNCP_NODE_NAME: {
806 u_int l;
807 if (bodylen < 17) {
808 nd_print_invalid(ndo);
809 break;
810 }
811 l = GET_U_1(value + 16);
812 if (bodylen < 17 + l) {
813 nd_print_invalid(ndo);
814 break;
815 }
816 ND_PRINT(" IP-Address: %s Name: ",
817 format_ip6addr(ndo, value)
818 );
819 if (l < 64) {
820 ND_PRINT("\"");
821 nd_printjnp(ndo, value + 17, l);
822 ND_PRINT("\"");
823 } else {
824 nd_print_invalid(ndo);
825 }
826 l += 17;
827 l = roundup2(l, 4);
828 if (bodylen >= l)
829 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
830 }
831 break;
832
833 case HNCP_MANAGED_PSK: {
834 if (bodylen < 32) {
835 nd_print_invalid(ndo);
836 break;
837 }
838 ND_PRINT(" PSK: %s", format_256(ndo, value));
839 hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1);
840 }
841 break;
842
843 case RANGE_DNCP_RESERVED:
844 case RANGE_HNCP_UNASSIGNED:
845 case RANGE_DNCP_PRIVATE_USE:
846 case RANGE_DNCP_FUTURE_USE:
847 break;
848
849 }
850 skip_multiline:
851
852 i += 4 + roundup2(bodylen, 4);
853 }
854 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one);
855
856 return;
857
858 trunc:
859 nd_print_trunc(ndo);
860 return;
861
862 invalid:
863 nd_print_invalid(ndo);
864 }
865