1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright (c) 1998,2000 by Sun Microsystems, Inc.
24 * All rights reserved.
25 */
26
27 #include <stdio.h>
28 #include <arpa/inet.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <sys/time.h>
32 #include <iconv.h>
33 #include "snoop.h"
34 #include "slp.h"
35
36 #define MAXSUMLEN 30
37
38 /* define VERIFYSLP to enable full message checking in summary mode */
39 #define VERIFYSLP
40
41 /* Globals -- ugly, yes, but fast and easy in macros */
42 static int msglength;
43 static int retlength;
44 static char *msgend; /* the end of the summary message buffer */
45 static char *p; /* current position in the packet */
46 static char *msgbuf; /* message buffer for summary mode */
47 static boolean_t url_auth = B_FALSE;
48 static boolean_t attr_auth = B_FALSE;
49 static boolean_t fresh = B_FALSE;
50 static boolean_t overflow = B_FALSE;
51 static int v1_charset = 0; /* character set; only in V1 */
52
53 /* Entry points for parsing the protocol */
54 static int interpret_slp_v1(int, struct slpv1_hdr *, int);
55 static int interpret_slp_v2(int, struct slpv2_hdr *, int);
56
57 /* header parsing */
58 static int v1_header(int, struct slpv1_hdr *, int);
59 static int v2_header(int, struct slpv2_hdr *, int *, int);
60 static int v2_finish(struct slpv2_hdr *, int);
61
62 /* V2 auth blocks */
63 static int slpv2_authblock(int);
64
65 /*
66 * Functions for parsing each protocol message
67 * Each function takes the interpreter's flags argument as its input
68 * parameter, and returns 1 on success, or 0 on message corruption.
69 * retlength is set as a side-effect in summary mode.
70 */
71 static int v2_srv_rqst(int);
72 static int v2_srv_rply(int);
73 static int v2_srv_reg(int);
74 static int v2_srv_dereg(int);
75 static int v2_srv_ack(int);
76 static int v2_attr_rqst(int);
77 static int v2_attr_rply(int);
78 static int v2_daadvert(int);
79 static int v2_srv_type_rqst(int);
80 static int v2_srv_type_rply(int);
81 static int v2_saadvert(int);
82
83 static int v1_srv_rqst(int);
84 static int v1_srv_rply(int);
85 static int v1_srv_reg(int);
86 static int v1_srv_dereg(int);
87 static int v1_srv_ack(int);
88 static int v1_attr_rqst(int);
89 static int v1_attr_rply(int);
90 static int v1_daadvert(int);
91 static int v1_srv_type_rqst(int);
92 static int v1_srv_type_rply(int);
93
94 /*
95 * The dispatch tables for handling individual messages, keyed by
96 * function number.
97 */
98 typedef int function_handler();
99
100 #define V2_MAX_FUNCTION 11
101
102 static function_handler *v2_functions[V2_MAX_FUNCTION + 1] = {
103 (function_handler *) NULL,
104 (function_handler *) v2_srv_rqst,
105 (function_handler *) v2_srv_rply,
106 (function_handler *) v2_srv_reg,
107 (function_handler *) v2_srv_dereg,
108 (function_handler *) v2_srv_ack,
109 (function_handler *) v2_attr_rqst,
110 (function_handler *) v2_attr_rply,
111 (function_handler *) v2_daadvert,
112 (function_handler *) v2_srv_type_rqst,
113 (function_handler *) v2_srv_type_rply,
114 (function_handler *) v2_saadvert };
115
116 #define V1_MAX_FUNCTION 10
117
118 static function_handler *v1_functions[V1_MAX_FUNCTION + 1] = {
119 (function_handler *) NULL,
120 (function_handler *) v1_srv_rqst,
121 (function_handler *) v1_srv_rply,
122 (function_handler *) v1_srv_reg,
123 (function_handler *) v1_srv_dereg,
124 (function_handler *) v1_srv_ack,
125 (function_handler *) v1_attr_rqst,
126 (function_handler *) v1_attr_rply,
127 (function_handler *) v1_daadvert,
128 (function_handler *) v1_srv_type_rqst,
129 (function_handler *) v1_srv_type_rply };
130
131 /* TCP continuation handling */
132 static boolean_t tcp_continuation = B_FALSE;
133
134 #define MAX_TCPCONT 16
135
136 static struct tcp_cont {
137 int dst_port;
138 char *msg;
139 int totallen;
140 int curr_offset;
141 } *tcp_cont[MAX_TCPCONT];
142
143 static int current_tcp_cont;
144
145 static void reg_tcp_cont(char *, int, int, int);
146 static int add_tcp_cont(struct tcp_cont *, char *, int);
147 static struct tcp_cont *find_tcp_cont(int);
148 static void remove_tcp_cont(int);
149
150 /* Conversions from numbers to strings */
151 static char *slpv2_func(int, boolean_t);
152 static char *slpv2_error(unsigned short);
153 static char *slpv1_func(int, boolean_t);
154 static char *slpv1_error(unsigned short);
155 static char *slpv1_charset(unsigned short);
156
157 /*
158 * The only external entry point to the SLP interpreter. This function
159 * simply dispatches the packet based on the version.
160 */
161 int
interpret_slp(int flags,void * slp,int fraglen)162 interpret_slp(int flags, void *slp, int fraglen)
163 {
164 extern int dst_port, curr_proto;
165 struct tcp_cont *tce = NULL;
166 char *s;
167
168 msglength = fraglen;
169 retlength = 0;
170 p = slp;
171
172 /* check if this is a TCP continuation */
173 if (flags & F_DTAIL && curr_proto == IPPROTO_TCP) {
174 tce = find_tcp_cont(dst_port);
175 if (tce) {
176 if (add_tcp_cont(tce, slp, fraglen)) {
177 slp = tce->msg;
178 fraglen = tce->curr_offset;
179 tcp_continuation = B_TRUE;
180 }
181 }
182 }
183 if (*(char *)slp == 2 || tce)
184 interpret_slp_v2(flags, slp, fraglen);
185 else
186 interpret_slp_v1(flags, slp, fraglen);
187
188 tcp_continuation = B_FALSE;
189 return (0);
190 }
191
192 /*
193 * Primitives. These are implemented as much as possible as macros for
194 * speed.
195 */
196
197 #define FIELD_DEFAULT 0
198 #define FIELD_PREVRESP 1
199 #define FIELD_TYPENA 2
200
201 static long long netval = 0; /* need signed 64 bit quantity */
202
203 /* gets two bytes from p and leaves the result in netval */
204 #define nbtohs() \
205 netval = ((int)(p[0] & 0xff)) << 8; \
206 netval += ((int)(p[1] & 0xff))
207
208 /* gets four bytes from p and leaves the result in netval */
209 #define nbtohl() \
210 netval = ((int)(p[0] & 0xff)) << 24; \
211 netval += ((int)(p[1] & 0xff)) << 16; \
212 netval += ((int)(p[2] & 0xff)) << 8; \
213 netval += ((int)(p[3] & 0xff))
214
215 #define get_byte() \
216 if (msglength >= 1) { \
217 netval = *p; \
218 p++; \
219 msglength--; \
220 } else \
221 netval = -1
222
223 #define GETBYTE(x) \
224 get_byte(); \
225 if ((retlength = netval) < 0) \
226 return (0); \
227 x = netval
228
229 #define SKIPBYTE \
230 get_byte(); \
231 if ((retlength = netval) < 0) \
232 return (0); \
233
234 /*
235 * gets two bytes from p, leaves the result in netval, and updates
236 * msglength and p.
237 */
238 #define get_short() \
239 if (msglength >= sizeof (unsigned short)) { \
240 nbtohs(); \
241 p += sizeof (unsigned short); \
242 msglength -= sizeof (unsigned short); \
243 } else \
244 netval = -1
245
246 #define GETSHORT(x) \
247 get_short(); \
248 if ((retlength = netval) < 0) \
249 return (0); \
250 x = netval
251
252 #define SKIPSHORT \
253 get_short(); \
254 if ((retlength = netval) < 0) \
255 return (0)
256
257 #define get_int24(pp) \
258 netval = ((int)((pp)[0] & 0xff)) << 16; \
259 netval += ((int)((pp)[1] & 0xff)) << 8; \
260 netval += ((int)((pp)[2] & 0xff))
261
slp_prevresp(char * p)262 static void slp_prevresp(char *p) {
263 char *p2;
264
265 /* cycle through all entries */
266 for (; p != NULL; p = p2) {
267 p2 = strchr(p, ',');
268 if (p2 != NULL)
269 *p2++ = '\0';
270
271 /* print entry at p */
272 sprintf(get_line(0, 0), " \"%s\"", p);
273 }
274 }
275
skip_field(int type)276 static int skip_field(int type) {
277 unsigned short stringlen;
278
279 get_short();
280 if (netval < 0) {
281 return (-1);
282 }
283 stringlen = netval;
284
285 /* special case for NA field in SrvTypeRqst */
286 if (type == FIELD_TYPENA && stringlen == 0xffff) {
287 stringlen = 0;
288 }
289
290 if (stringlen > msglength) {
291 return (-1);
292 }
293
294 msglength -= stringlen;
295 p += stringlen;
296
297 return (stringlen);
298 }
299
300 #define SKIPFIELD(type) \
301 if ((retlength = skip_field(type)) < 0) \
302 return (0)
303
304 #define GETFIELD \
305 get_short(); \
306 if ((retlength = netval) < 0) \
307 return (0); \
308 strncat(msgbuf, p, (retlength > MAXSUMLEN ? MAXSUMLEN : retlength)); \
309 p += retlength; \
310 msglength -= retlength
311
312 /*
313 * Determines from the first five bytes of a potential SLP header
314 * if the following message is really an SLP message. Returns 1 if
315 * it is a real SLP message, 0 if not.
316 */
valid_slp(unsigned char * slphdr,int len)317 int valid_slp(unsigned char *slphdr, int len) {
318 struct slpv1_hdr slp1;
319 struct slpv2_hdr slp2;
320
321 len -= (8 /* udp */ + 20 /* IP */ + 14 /* ether */);
322 /* a valid version will be 1 or 2 */
323 switch (*slphdr) {
324 case 1:
325 memcpy(&slp1, slphdr, 5);
326 /* valid function? */
327 if (slp1.function > V1_MAX_FUNCTION) {
328 return (0);
329 }
330 /* valid length heuristic */
331 if (slp1.length > len) {
332 return (0);
333 }
334 return (1);
335 case 2:
336 memcpy(&slp2, slphdr, 5);
337 /* valid function? */
338 if (slp2.function > V2_MAX_FUNCTION) {
339 return (0);
340 }
341 /* valid length heuristic */
342 get_int24(&(slp2.l1));
343 if (netval > len) {
344 return (0);
345 }
346 return (1);
347 default:
348 return (0);
349 }
350 }
351
352 /*
353 * Converts a V1 char encoding to UTF8. If this fails, returns 0,
354 * otherwise, 1. This function is the union of iconv UTF-8
355 * modules and character sets registered with IANA.
356 */
make_utf8(char * outbuf,size_t outlen,const char * inbuf,size_t inlen)357 static int make_utf8(char *outbuf, size_t outlen,
358 const char *inbuf, size_t inlen) {
359 iconv_t cd;
360 size_t converted;
361
362 switch (v1_charset) {
363 case 4:
364 case 1004:
365 cd = iconv_open("UTF-8", "8859-1");
366 break;
367 case 5:
368 cd = iconv_open("UTF-8", "8859-2");
369 break;
370 case 6:
371 cd = iconv_open("UTF-8", "8859-3");
372 break;
373 case 7:
374 cd = iconv_open("UTF-8", "8859-4");
375 break;
376 case 8:
377 cd = iconv_open("UTF-8", "8859-5");
378 break;
379 case 9:
380 cd = iconv_open("UTF-8", "8859-6");
381 break;
382 case 10:
383 cd = iconv_open("UTF-8", "8859-7");
384 break;
385 case 11:
386 cd = iconv_open("UTF-8", "8859-8");
387 break;
388 case 12:
389 cd = iconv_open("UTF-8", "8859-9");
390 break;
391 case 13:
392 cd = iconv_open("UTF-8", "8859-10");
393 break;
394 case 37:
395 cd = iconv_open("UTF-8", "ko_KR-iso2022-7");
396 break;
397 case 104:
398 cd = iconv_open("UTF-8", "iso2022");
399 break;
400 case 1000:
401 cd = iconv_open("UTF-8", "UCS-2");
402 break;
403 case 1001:
404 cd = iconv_open("UTF-8", "UCS-4");
405 break;
406 default:
407 /*
408 * charset not set, or reserved, or not supported, so
409 * just copy it and hope for the best.
410 */
411 converted = outlen < inlen ? outlen : inlen;
412 memcpy(outbuf, inbuf, converted);
413 outbuf[converted] = 0;
414 return (1);
415 }
416
417 if (cd == (iconv_t)-1) {
418 return (0);
419 }
420
421 if ((converted = iconv(cd, &inbuf, &inlen, &outbuf, &outlen))
422 == (size_t)-1) {
423 return (0);
424 }
425
426 outbuf[converted] = 0;
427 iconv_close(cd);
428
429 return (1);
430 }
431
slp_field(char * tag,int type)432 static int slp_field(char *tag, int type) {
433 int length;
434
435 get_short();
436 if (netval < 0) {
437 return (-1);
438 }
439 length = netval;
440
441 /* special case for NA field in SrvTypeRqst */
442 if (type == FIELD_TYPENA && length == 0xffff) {
443 sprintf(get_line(0, 0), "%s: length = -1: Use all NAs", tag);
444 return (0);
445 }
446
447 sprintf(get_line(0, 0), "%s: length = %d", tag, length);
448 if (length > msglength) {
449 /* framing error: message is not long enough to contain data */
450 sprintf(get_line(0, 0),
451 " [Framing error: remaining pkt length = %u]",
452 msglength);
453 return (-1);
454 }
455
456 if (length > 0) {
457 char *buf = malloc(length + 1);
458 if (buf != NULL) {
459 if (v1_charset) {
460 if (!make_utf8(buf, length, p, length)) {
461 strcpy(buf, "[Invalid Character Encoding]");
462 }
463 } else {
464 memcpy(buf, p, length);
465 buf[length] = '\0'; /* ensure null-terminated */
466 }
467
468 switch (type) {
469 case FIELD_PREVRESP:
470 slp_prevresp(buf);
471 break;
472
473 default:
474 sprintf(get_line(0, 0), " \"%s\"", buf);
475 break;
476 }
477 free(buf);
478 }
479
480 p += length;
481 msglength -= length;
482 }
483
484 /* return ok */
485 return (0);
486 }
487
slpv2_url(int cnt)488 static int slpv2_url(int cnt) {
489 time_t exp;
490 int lifetime, length, n;
491
492 /* reserved */
493 get_byte();
494 if (netval < 0)
495 return (-1);
496
497 /* lifetime */
498 get_short();
499 if ((lifetime = netval) < 0)
500 return (-1);
501
502 /* length */
503 get_short();
504 if ((length = netval) < 0)
505 return (-1);
506
507 /* time */
508 exp = time(0) + lifetime;
509 if (cnt == -1)
510 sprintf(get_line(0, 0),
511 "URL: length = %u, lifetime = %d (%24.24s)",
512 length, lifetime, ctime(&exp));
513 else
514 /* number the URLs to make it easier to parse them */
515 sprintf(get_line(0, 0),
516 "URL %d: length = %u, lifetime = %d (%24.24s)",
517 cnt, length, lifetime, ctime(&exp));
518
519 if (length > msglength) {
520 if (!tcp_continuation)
521 /* framing error: message is not long enough to contain data */
522 sprintf(get_line(0, 0),
523 " [Framing error: remaining pkt length = %u]",
524 msglength);
525 return (-1);
526 }
527
528 if (length > 0) {
529 char *buf = malloc(length + 1);
530 if (buf != NULL) {
531 memcpy(buf, p, length);
532 buf[length] = '\0'; /* ensure null-terminated */
533 sprintf(get_line(0, 0), " \"%s\"", buf);
534 free(buf);
535 }
536 }
537 msglength -= length;
538 p += length;
539
540 get_byte();
541 if ((n = netval) < 0)
542 return (-1);
543
544 if (n > 0) {
545 int i;
546 sprintf(get_line(0, 0), "%d Authentication Blocks", n);
547 for (i = 0; i < n; i++)
548 if ((length = slpv2_authblock(i)) < 0)
549 return (-1);
550 }
551 return (0);
552 }
553
554 #define DOFIELD(tag, type) \
555 if (slp_field(tag, type) < 0) \
556 return (0)
557
558 #define V2_DOURL(x) \
559 if (slpv2_url(x) < 0) \
560 return (0)
561
562 #define V2_DOERRCODE \
563 if (msglength < sizeof (unsigned short)) \
564 return (0); \
565 nbtohs(); \
566 errcode = netval; \
567 sprintf(get_line(0, 0), "Error code = %d, %s", \
568 errcode, slpv2_error(errcode)); \
569 p += sizeof (unsigned short); \
570 msglength -= sizeof (unsigned short); \
571 if (errcode != OK) \
572 msglength = 0; /* skip rest of message */ \
573 if (errcode != OK) \
574 return (0)
575
576 #define V2_DOAUTH(cnt) \
577 if (slpv2_authblock(cnt) < 0) \
578 return (0)
579
580 #define V2_DOTIMESTAMP \
581 if (msglength < 4) \
582 return (0); \
583 nbtohl(); \
584 timestamp = netval; \
585 sprintf(get_line(0, 0), "Timestamp = %u, %s", \
586 timestamp, (timestamp ? convert_ts(timestamp) : "0")); \
587 p += 4; \
588 msglength -= 4
589
590 /* some V1 macros */
591 #define SKIPAUTH(auth) \
592 if (auth && ((retlength = skip_v1authblock()) < 0)) \
593 return (0)
594
595 #define DOERRCODE \
596 if (msglength < sizeof (unsigned short)) \
597 return (0); \
598 nbtohs(); \
599 errcode = netval; \
600 sprintf(get_line(0, 0), "Error code = %d, %s", errcode, \
601 slpv1_error(errcode)); \
602 p += sizeof (unsigned short); \
603 msglength -= sizeof (unsigned short); \
604 if (errcode != OK) \
605 return (0)
606
607 #define DOURL \
608 if (slpv1_url(url_auth) < 0) \
609 return (0)
610
611 #define DOAUTH(auth) \
612 if (auth && slpv1_authblock() < 0) \
613 return (0)
614
615 /*
616 * TCP Continuation handling
617 * We keep track of continuations in a fixed size cache, so as to prevent
618 * memory leaks if some continuations are never finished. The continuations
619 * are indexed by their destination ports.
620 */
reg_tcp_cont(char * msg,int totallen,int fraglen,int dst_port)621 static void reg_tcp_cont(char *msg, int totallen,
622 int fraglen, int dst_port) {
623 struct tcp_cont *tce = malloc(sizeof (*tce));
624
625 /* always overwrite the entry at current_tcp_cont */
626 if (tcp_cont[current_tcp_cont]) {
627 free(tcp_cont[current_tcp_cont]->msg);
628 free(tcp_cont[current_tcp_cont]);
629 }
630
631 tce->dst_port = dst_port;
632 tce->msg = malloc(totallen);
633 memcpy(tce->msg, msg, fraglen);
634 tce->totallen = totallen;
635 tce->curr_offset = fraglen;
636
637 tcp_cont[current_tcp_cont++] = tce;
638 if (current_tcp_cont == MAX_TCPCONT)
639 current_tcp_cont = 0;
640 }
641
642 /* returns 0 if there is a mismatch error, 1 on success */
add_tcp_cont(struct tcp_cont * tce,char * msg,int fraglen)643 static int add_tcp_cont(struct tcp_cont *tce, char *msg, int fraglen) {
644 if ((fraglen + tce->curr_offset) > tce->totallen)
645 return (0);
646
647 memcpy(tce->msg + tce->curr_offset, msg, fraglen);
648 tce->curr_offset += fraglen;
649 return (1);
650 }
651
find_tcp_cont(int dst_port)652 static struct tcp_cont *find_tcp_cont(int dst_port) {
653 int i;
654 for (i = current_tcp_cont; i >= 0; i--)
655 if (tcp_cont[i] && tcp_cont[i]->dst_port == dst_port)
656 return (tcp_cont[i]);
657
658 for (i = MAX_TCPCONT -1; i > current_tcp_cont; i--)
659 if (tcp_cont[i] && tcp_cont[i]->dst_port == dst_port)
660 return (tcp_cont[i]);
661
662 return (NULL);
663 }
664
remove_tcp_cont(int dst_port)665 static void remove_tcp_cont(int dst_port) {
666 int i;
667 for (i = current_tcp_cont; i >= 0; i--)
668 if (tcp_cont[i] && tcp_cont[i]->dst_port == dst_port) {
669 free(tcp_cont[i]->msg);
670 free(tcp_cont[i]);
671 tcp_cont[i] = NULL;
672 return;
673 }
674
675 for (i = MAX_TCPCONT -1; i > current_tcp_cont; i--)
676 if (tcp_cont[i] && tcp_cont[i]->dst_port == dst_port) {
677 free(tcp_cont[i]->msg);
678 free(tcp_cont[i]);
679 tcp_cont[i] = NULL;
680 return;
681 }
682 }
683
684 /*
685 * V2 interpreter
686 */
687
interpret_slp_v2(int flags,struct slpv2_hdr * slp,int fraglen)688 static int interpret_slp_v2(int flags, struct slpv2_hdr *slp, int fraglen) {
689 extern int src_port, dst_port, curr_proto;
690 char msgbuf_real[256];
691 int totallen = 0;
692
693 msgbuf = msgbuf_real;
694
695 /*
696 * Somewhat of a hack to decode traffic from a server that does
697 * not send udp replies from its SLP src port.
698 */
699
700 if (curr_proto == IPPROTO_UDP &&
701 dst_port == 427 &&
702 src_port != 427) {
703 add_transient(src_port, interpret_slp);
704 }
705
706 /* parse the header */
707 if (v2_header(flags, slp, &totallen, fraglen)) {
708
709 if (slp->function <= V2_MAX_FUNCTION && slp->function > 0) {
710
711 /* Parse the message body */
712 if ((v2_functions[slp->function])(flags)) {
713
714 /* finish any remaining tasks */
715 v2_finish(slp, flags);
716
717 }
718
719 }
720
721 }
722
723 /* summary error check */
724 if (flags & F_SUM) {
725 if (retlength < 0) {
726 if (curr_proto == IPPROTO_TCP)
727 sprintf(get_sum_line(),
728 "%s [partial TCP message]", msgbuf);
729 else if (overflow)
730 sprintf(get_sum_line(), "%s [OVERFLOW]", msgbuf);
731 else
732 sprintf(get_sum_line(), "%s [CORRUPTED MESSAGE]", msgbuf);
733 }
734 #ifdef VERIFYSLP
735 else if (msglength > 0)
736 sprintf(get_sum_line(), "%s +%d", msgbuf, msglength);
737 #endif
738 else
739 sprintf(get_sum_line(), "%s", msgbuf);
740 } else if (flags & F_DTAIL) {
741 /* detailed error check */
742 if (msglength > 0) {
743 if (tcp_continuation) {
744 sprintf(get_line(0, 0),
745 "[TCP Continuation, %d bytes remaining]",
746 totallen - fraglen);
747 } else
748 sprintf(get_line(0, 0),
749 "[%d extra bytes at end of SLP message]", msglength);
750 }
751
752 show_trailer();
753
754 if (tcp_continuation && msglength == 0)
755 remove_tcp_cont(dst_port);
756 }
757
758 return (0);
759 }
760
v2_header(int flags,struct slpv2_hdr * slp,int * totallen,int fraglen)761 static int v2_header(int flags,
762 struct slpv2_hdr *slp,
763 int *totallen,
764 int fraglen) {
765 extern int curr_proto, dst_port;
766 char *prototag = (curr_proto == IPPROTO_TCP ? "/tcp" : "");
767
768 if ((slp->flags & V2_OVERFLOW) == V2_OVERFLOW)
769 overflow = B_TRUE;
770
771 /* summary mode header parsing */
772 if (flags & F_SUM) {
773
774 /* make sure we have at least a header */
775 if (msglength < sizeof (*slp)) {
776 sprintf(get_sum_line(), "SLP V2 [Incomplete Header]");
777 return (0);
778 }
779
780 sprintf(msgbuf, "SLP V2 %s [%d%s] ",
781 slpv2_func(slp->function, B_TRUE),
782 ntohs(slp->xid), prototag);
783
784 /* skip to end of header */
785 msgend = msgbuf + strlen(msgbuf);
786 msglength -= sizeof (*slp);
787 p += sizeof (*slp);
788
789 /* skip language tag */
790 SKIPFIELD(FIELD_DEFAULT);
791 } else if (flags & F_DTAIL) {
792 char *lang;
793 int len;
794
795 /* detailed mode header parsing */
796 show_header("SLP: ", "Service Location Protocol (v2)", fraglen);
797 show_space();
798
799 if (msglength < sizeof (*slp)) {
800 sprintf(get_line(0, 0), "==> Incomplete SLP header");
801 return (0);
802 }
803
804 sprintf(get_line(0, 0), "Version = %d", slp->vers);
805 sprintf(get_line(0, 0), "Function = %d, %s",
806 slp->function, slpv2_func(slp->function, B_FALSE));
807 get_int24(&(slp->l1));
808 *totallen = netval;
809 sprintf(get_line(0, 0), "Message length = %u", *totallen);
810 /* check for TCP continuation */
811 if (curr_proto == IPPROTO_TCP &&
812 *totallen > msglength &&
813 !tcp_continuation) {
814 tcp_continuation = B_TRUE;
815 reg_tcp_cont((char *)slp, *totallen, msglength, dst_port);
816 }
817
818 if (!tcp_continuation && *totallen != msglength) {
819 sprintf(get_line(0, 0),
820 " (Stated and on-the-wire lengths differ)");
821 }
822 /* flags */
823 sprintf(get_line(0, 0), "Flags = 0x%02x", slp->flags);
824 sprintf(get_line(0, 0), " %s",
825 getflag(slp->flags, V2_OVERFLOW,
826 "overflow", "no overflow"));
827 sprintf(get_line(0, 0), " %s",
828 getflag(slp->flags, V2_FRESH,
829 "fresh registration", "no fresh registration"));
830 sprintf(get_line(0, 0), " %s",
831 getflag(slp->flags, V2_MCAST,
832 "request multicast / broadcast", "unicast"));
833 /* check reserved flags that must be zero */
834 if ((slp->flags & 7) != 0) {
835 sprintf(get_line(0, 0),
836 " .... .xxx = %d (reserved flags nonzero)",
837 slp->flags & 7);
838 }
839 /* end of flags */
840
841 /* language tag */
842 p = (char *)slp + sizeof (*slp);
843 msglength -= sizeof (*slp);
844 GETSHORT(len);
845 if (len > msglength) {
846 sprintf(get_line(0, 0),
847 "Language Tag Length = %u [CORRUPT MESSAGE]",
848 len);
849 return (0);
850 }
851
852 lang = get_line(0, 0);
853 strcpy(lang, "Language Tag = ");
854 strncat(lang, p, len);
855 sprintf(get_line(0, 0), "XID = %u", ntohs(slp->xid));
856
857 /* set msglength to remaining length of SLP message */
858 p += len;
859 msglength -= len;
860 }
861
862 return (1);
863 }
864
v2_finish(struct slpv2_hdr * slp,int flags)865 static int v2_finish(struct slpv2_hdr *slp, int flags) {
866 unsigned int firstop;
867
868 if (!(flags & F_DTAIL))
869 return (1);
870
871 /* check for options */
872 get_int24(&(slp->o1));
873 firstop = netval;
874
875 if (firstop) {
876 unsigned short op_id;
877 unsigned short nextop;
878 char *op_class;
879
880 for (;;) {
881 unsigned short real_oplen;
882
883 if (msglength < 4) {
884 sprintf(get_line(0, 0),
885 "Option expected but not present");
886 return (0);
887 }
888
889 nbtohs();
890 op_id = netval;
891 p += sizeof (unsigned short);
892 msglength -= sizeof (unsigned short);
893 nbtohs();
894 nextop = netval;
895 p += sizeof (unsigned short);
896 msglength -= sizeof (unsigned short);
897
898 real_oplen = nextop ? nextop : msglength;
899
900 /* known options */
901 switch (op_id) {
902 case 1:
903 sprintf(get_line(0, 0),
904 "Option: Required Attribute Missing");
905 DOFIELD("Template IDVer", FIELD_DEFAULT);
906 DOFIELD("Required Attrs", FIELD_DEFAULT);
907 break;
908 default:
909 sprintf(get_line(0, 0), "Option: Unknown");
910 p += (real_oplen - 4);
911 msglength -= (real_oplen - 4);
912 break;
913 }
914
915 if (op_id < 0x3fff)
916 op_class = "Standardized, optional";
917 else if (op_id < 0x7fff)
918 op_class = "Standardized, mandatory";
919 else if (op_id < 0x8fff)
920 op_class = "Not standardized, private";
921 else if (op_id < 0xffff)
922 op_class = "Reserved";
923 sprintf(get_line(0, 0), "Option ID = 0x%04x, %s",
924 op_id, op_class);
925 if (nextop &&
926 ((nextop - 4) > msglength) &&
927 !tcp_continuation) {
928 sprintf(get_line(0, 0),
929 "[Framing error: remaining pkt length = %u]",
930 msglength);
931 return (0);
932 }
933
934 sprintf(get_line(0, 0), "Option Length = %u", real_oplen);
935
936 if (!nextop)
937 break;
938 }
939 }
940
941 return (1);
942 }
943
944 #ifdef VERIFYSLP
skip_v2authblock()945 static int skip_v2authblock() {
946 unsigned short length, slen;
947
948 /* auth header */
949 if (msglength < 10)
950 return (-1);
951
952 /* block descriptor: 2 bytes */
953 p += sizeof (unsigned short);
954 /* length */
955 nbtohs();
956 length = netval;
957 p += sizeof (unsigned short);
958 /* timestamp */
959 p += 4;
960 /* SPI String length */
961 nbtohs();
962 slen = netval;
963 p += sizeof (unsigned short);
964
965 msglength -= 10;
966 if (slen > msglength || length > (msglength + 10))
967 return (-1);
968
969 p += slen;
970 msglength -= slen;
971
972 /* structured auth block */
973 p += (length - 10 - slen);
974 msglength -= (length - 10 - slen);
975 return (0);
976 }
977 #endif
978
display_bsd(unsigned short bsd)979 static char *display_bsd(unsigned short bsd) {
980 switch (bsd) {
981 case 1: return ("MD5 with RSA");
982 case 2: return ("DSA with SHA-1");
983 case 3: return ("Keyed HMAC with MD5");
984 default: return ("Unknown BSD");
985 }
986 }
987
slpv2_func(int t,boolean_t s)988 static char *slpv2_func(int t, boolean_t s) {
989 static char buf[128];
990
991 switch (t) {
992 case V2_SRVRQST: return s? "SrvRqst" : "Service Request";
993 case V2_SRVRPLY: return s? "SrvRply" : "Service Reply";
994 case V2_SRVREG: return s? "SrvReg" : "Service Registration";
995 case V2_SRVDEREG:
996 return (s ? "SrvDereg" : "Service Deregistration");
997 case V2_SRVACK: return s? "SrvAck" : "Service Acknowledge";
998 case V2_ATTRRQST: return s? "AttrRqst" : "Attribute Request";
999 case V2_ATTRRPLY: return s? "AttrRply" : "Attribute Reply";
1000 case V2_DAADVERT: return s? "DAAdvert" : "DA advertisement";
1001 case V2_SRVTYPERQST:
1002 return (s ? "SrvTypeRqst" : "Service Type Request");
1003 case V2_SRVTYPERPLY:
1004 return (s ? "SrvTypeRply" : "Service Type Reply");
1005 case V2_SAADVERT: return s? "SAAdvert" : "SA advertisement";
1006 }
1007 sprintf(buf, "(func %d)", t);
1008 return (s ? buf : "unknown function");
1009 }
1010
slpv2_error(unsigned short code)1011 static char *slpv2_error(unsigned short code) {
1012 static char buf[128];
1013
1014 switch (code) {
1015 case OK: return "ok";
1016 case LANG_NOT_SUPPORTED: return "language not supported";
1017 case PROTOCOL_PARSE_ERR: return "protocol parse error";
1018 case INVALID_REGISTRATION: return "invalid registration";
1019 case SCOPE_NOT_SUPPORTED: return "scope not supported";
1020 case AUTHENTICATION_UNKNOWN: return "authentication unknown";
1021 case V2_AUTHENTICATION_ABSENT: return "authentication absent";
1022 case V2_AUTHENTICATION_FAILED: return "authentication failed";
1023 case V2_VER_NOT_SUPPORTED: return "version not supported";
1024 case V2_INTERNAL_ERROR: return "internal error";
1025 case V2_DA_BUSY_NOW: return "DA busy";
1026 case V2_OPTION_NOT_UNDERSTOOD: return "option not understood";
1027 case V2_INVALID_UPDATE: return "invalid update";
1028 case V2_RQST_NOT_SUPPORTED: return "request not supported";
1029 case INVALID_LIFETIME: return "invalid lifetime";
1030 }
1031 sprintf(buf, "error %d", code);
1032 return (buf);
1033 }
1034
convert_ts(unsigned int timestamp)1035 static char *convert_ts(unsigned int timestamp) {
1036 /* timestamp is in UNIX time */
1037 static char buff[128];
1038
1039 strcpy(buff, ctime((time_t *)×tamp));
1040 buff[strlen(buff) - 1] = '\0';
1041 return (buff);
1042 }
1043
slpv2_authblock(int cnt)1044 static int slpv2_authblock(int cnt) {
1045 unsigned short bsd, length, slen;
1046 char *pp, *scopes;
1047 unsigned int timestamp;
1048
1049 if (msglength < 10) {
1050 sprintf(get_line(0, 0),
1051 " [no room for auth block header: remaining msg length = %u]",
1052 msglength);
1053 return (-1);
1054 }
1055
1056 /* bsd */
1057 nbtohs();
1058 bsd = netval;
1059 p += sizeof (unsigned short);
1060
1061 /* length */
1062 nbtohs();
1063 length = netval;
1064 p += sizeof (unsigned short);
1065
1066 /* timestamp */
1067 nbtohl();
1068 timestamp = netval;
1069 p += 4;
1070
1071 /* SPI String length */
1072 nbtohs();
1073 slen = netval;
1074 p += sizeof (unsigned short);
1075
1076 msglength -= 10;
1077 if (slen > msglength) {
1078 sprintf(get_line(0, 0),
1079 " [no room for auth block scopes: remaining msg length = %u]",
1080 msglength);
1081 return (-1);
1082 }
1083
1084 if (length > (msglength + 10)) {
1085 if (!tcp_continuation)
1086 /* framing error: message is not long enough to contain data */
1087 sprintf(get_line(0, 0),
1088 " [Framing error: remaining pkt length = %u]",
1089 msglength);
1090 return (-1);
1091 }
1092
1093 scopes = p;
1094 p += slen;
1095 msglength -= slen;
1096
1097 sprintf(get_line(0, 0),
1098 "Auth block %d: timestamp = %s", cnt,
1099 (timestamp) ? convert_ts(timestamp) : "0");
1100
1101 pp = get_line(0, 0);
1102 strcpy(pp, " SPI = ");
1103 strncat(pp, scopes, slen);
1104
1105 sprintf(get_line(0, 0),
1106 " block desc = 0x%04x: %s", bsd, display_bsd(bsd));
1107
1108 sprintf(get_line(0, 0), " length = %u", length);
1109
1110 p += (length - 10 - slen);
1111 msglength -= (length - 10 - slen);
1112 return (0);
1113 }
1114
v2_srv_rqst(int flags)1115 static int v2_srv_rqst(int flags) {
1116 if (flags & F_SUM) {
1117 SKIPFIELD(FIELD_DEFAULT); /* PR list */
1118 GETFIELD; /* service type */
1119 SKIPFIELD(FIELD_DEFAULT); /* scopes */
1120 strcat(msgend, " [");
1121 GETFIELD; /* predicate */
1122 strcat(msgend, "]");
1123 SKIPFIELD(FIELD_DEFAULT); /* SPI */
1124 } else if (flags & F_DTAIL) {
1125 DOFIELD("Previous responders", FIELD_DEFAULT);
1126 DOFIELD("Service type", FIELD_DEFAULT);
1127 DOFIELD("Scopes", FIELD_DEFAULT);
1128 DOFIELD("Predicate string", FIELD_DEFAULT);
1129 DOFIELD("Requested SPI", FIELD_DEFAULT);
1130 }
1131
1132 return (1);
1133 }
1134
v2_srv_rply(int flags)1135 static int v2_srv_rply(int flags) {
1136 unsigned short itemcnt, errcode;
1137 int n;
1138
1139 if (flags & F_SUM) {
1140 int i, auth_cnt;
1141
1142 GETSHORT(errcode);
1143 if (errcode != OK) {
1144 strcat(msgbuf, slpv2_error(errcode));
1145 msglength = 0; /* skip rest of message */
1146 return (0);
1147 } else {
1148 GETSHORT(itemcnt);
1149 sprintf(msgend, "%d URL entries", itemcnt);
1150 #ifdef VERIFYSLP
1151 for (n = 0; n < itemcnt; n++) {
1152 SKIPBYTE; /* reserved */
1153 SKIPSHORT; /* lifetime */
1154 SKIPFIELD(FIELD_DEFAULT); /* URL */
1155 GETBYTE(auth_cnt);
1156 for (i = 0; i < auth_cnt; auth_cnt++)
1157 if (skip_v2authblock() < 0)
1158 return (0);
1159 }
1160 #endif
1161 }
1162 } else if (flags & F_DTAIL) {
1163 V2_DOERRCODE;
1164 GETSHORT(itemcnt);
1165 sprintf(get_line(0, 0), "URL entry count = %d", itemcnt);
1166 for (n = 0; n < itemcnt; n++) {
1167 V2_DOURL(n);
1168 }
1169 }
1170
1171 return (1);
1172 }
1173
v2_srv_reg(int flags)1174 static int v2_srv_reg(int flags) {
1175 int i, auth_cnt;
1176
1177 if (flags & F_SUM) {
1178 SKIPBYTE; /* reserved */
1179 SKIPSHORT; /* lifetime */
1180 GETFIELD; /* URL */
1181 #ifdef VERIFYSLP
1182 GETBYTE(auth_cnt);
1183 for (i = 0; i < auth_cnt; i++)
1184 if (skip_v2authblock() < 0)
1185 return (0);
1186 SKIPFIELD(FIELD_DEFAULT); /* type */
1187 SKIPFIELD(FIELD_DEFAULT); /* scopes */
1188 SKIPFIELD(FIELD_DEFAULT); /* attrs */
1189 GETBYTE(auth_cnt);
1190 for (i = 0; i < auth_cnt; i++)
1191 if (skip_v2authblock() < 0)
1192 return (0);
1193 #endif
1194 } if (flags & F_DTAIL) {
1195 V2_DOURL(-1);
1196 DOFIELD("Service type", FIELD_DEFAULT);
1197 DOFIELD("Scopes", FIELD_DEFAULT);
1198 DOFIELD("Attribute list", FIELD_DEFAULT);
1199 /* auth */
1200 GETBYTE(auth_cnt);
1201 for (i = 0; i < auth_cnt; i++)
1202 V2_DOAUTH(i);
1203 }
1204
1205 return (1);
1206 }
1207
v2_srv_dereg(int flags)1208 static int v2_srv_dereg(int flags) {
1209 if (flags & F_SUM) {
1210 int i, auth_cnt;
1211
1212 SKIPFIELD(FIELD_DEFAULT); /* scopes */
1213 SKIPBYTE; /* reserved */
1214 SKIPSHORT; /* lifetime */
1215 GETFIELD; /* URL */
1216
1217 #ifdef VERIFYSLP
1218 GETBYTE(auth_cnt);
1219 for (i = 0; i < auth_cnt; i++)
1220 if (skip_v2authblock() < 0)
1221 return (0);
1222 SKIPFIELD(FIELD_DEFAULT); /* attrs */
1223 #endif
1224 } else if (flags & F_DTAIL) {
1225 DOFIELD("Scopes", FIELD_DEFAULT);
1226 V2_DOURL(-1);
1227 DOFIELD("Tag list", FIELD_DEFAULT);
1228 }
1229
1230 return (1);
1231 }
1232
v2_srv_ack(int flags)1233 static int v2_srv_ack(int flags) {
1234 unsigned short errcode;
1235 if (flags & F_SUM) {
1236 GETSHORT(errcode);
1237 strcat(msgbuf, slpv2_error(errcode));
1238 } else if (flags & F_DTAIL) {
1239 V2_DOERRCODE;
1240 }
1241
1242 return (1);
1243 }
1244
v2_attr_rqst(int flags)1245 static int v2_attr_rqst(int flags) {
1246 if (flags & F_SUM) {
1247 SKIPFIELD(FIELD_DEFAULT); /* PR list */
1248 GETFIELD; /* URL */
1249 SKIPFIELD(FIELD_DEFAULT); /* scopes */
1250 strcat(msgend, " [");
1251 GETFIELD; /* attrs */
1252 strcat(msgend, "]");
1253
1254 #ifdef VERIFYSLP
1255 SKIPFIELD(FIELD_DEFAULT); /* SPI */
1256 #endif
1257 } else if (flags & F_DTAIL) {
1258 DOFIELD("Previous responders", FIELD_DEFAULT);
1259 DOFIELD("URL", FIELD_DEFAULT);
1260 DOFIELD("Scopes", FIELD_DEFAULT);
1261 DOFIELD("Tag list", FIELD_DEFAULT);
1262 DOFIELD("Requested SPI", FIELD_DEFAULT);
1263 }
1264
1265 return (1);
1266 }
1267
v2_attr_rply(int flags)1268 static int v2_attr_rply(int flags) {
1269 int auth_cnt, i;
1270 unsigned short errcode;
1271
1272 if (flags & F_SUM) {
1273 GETSHORT(errcode);
1274 if (errcode != OK) {
1275 strcat(msgbuf, slpv2_error(errcode));
1276 msglength = 0; /* skip rest of message */
1277 return (0);
1278 } else {
1279 GETFIELD; /* attr list */
1280
1281 #ifdef VERIFYSLP
1282 GETBYTE(auth_cnt);
1283 for (i = 0; i < auth_cnt; i++)
1284 if (skip_v2authblock() < 0)
1285 return (0);
1286 #endif
1287 }
1288 } else if (flags & F_DTAIL) {
1289 V2_DOERRCODE;
1290 DOFIELD("Attribute list", FIELD_DEFAULT);
1291 /* auth */
1292 GETBYTE(auth_cnt);
1293 for (i = 0; i < auth_cnt; i++)
1294 V2_DOAUTH(i);
1295 }
1296
1297 return (1);
1298 }
1299
v2_daadvert(int flags)1300 static int v2_daadvert(int flags) {
1301 int auth_cnt, i;
1302 unsigned short errcode;
1303 unsigned int timestamp;
1304
1305 if (flags & F_SUM) {
1306 SKIPSHORT; /* error code */
1307 SKIPSHORT; SKIPSHORT; /* timestamp */
1308 GETFIELD; /* URL */
1309
1310 #ifdef VERIFYSLP
1311 SKIPFIELD(FIELD_DEFAULT); /* scopes */
1312 SKIPFIELD(FIELD_DEFAULT); /* attrs */
1313 SKIPFIELD(FIELD_DEFAULT); /* SPIs */
1314
1315 GETBYTE(auth_cnt);
1316 for (i = 0; i < auth_cnt; i++)
1317 if (skip_v2authblock() < 0)
1318 return (0);
1319 #endif
1320 } else if (flags & F_DTAIL) {
1321 V2_DOERRCODE;
1322 V2_DOTIMESTAMP;
1323 DOFIELD("URL", FIELD_DEFAULT);
1324 DOFIELD("Scope list", FIELD_DEFAULT);
1325 DOFIELD("Attribute list", FIELD_DEFAULT);
1326 DOFIELD("Configured SPIs", FIELD_DEFAULT);
1327 /* auth */
1328 GETBYTE(auth_cnt);
1329 for (i = 0; i < auth_cnt; i++)
1330 V2_DOAUTH(i);
1331 }
1332
1333 return (1);
1334 }
1335
v2_srv_type_rqst(int flags)1336 static int v2_srv_type_rqst(int flags) {
1337 if (flags & F_SUM) {
1338 SKIPFIELD(FIELD_DEFAULT); /* prev responders */
1339 SKIPFIELD(FIELD_TYPENA); /* naming authority */
1340 GETFIELD; /* scope */
1341 } else if (flags & F_DTAIL) {
1342 DOFIELD("Previous responders", FIELD_DEFAULT);
1343 DOFIELD("Naming authority", FIELD_TYPENA);
1344 DOFIELD("Scopes", FIELD_DEFAULT);
1345 }
1346
1347 return (1);
1348 }
1349
v2_srv_type_rply(int flags)1350 static int v2_srv_type_rply(int flags) {
1351 unsigned short errcode;
1352
1353 if (flags & F_SUM) {
1354 GETSHORT(errcode);
1355 if (errcode != OK)
1356 strcat(msgbuf, slpv2_error(errcode));
1357 else
1358 GETFIELD;
1359 } else if (flags & F_DTAIL) {
1360 V2_DOERRCODE;
1361 DOFIELD("Service types", FIELD_DEFAULT);
1362 }
1363
1364 return (1);
1365 }
1366
v2_saadvert(int flags)1367 static int v2_saadvert(int flags) {
1368 int auth_cnt, i;
1369
1370 if (flags & F_SUM) {
1371 GETFIELD; /* URL */
1372
1373 #ifdef VERIFYSLP
1374 SKIPFIELD(FIELD_DEFAULT); /* scopes */
1375 SKIPFIELD(FIELD_DEFAULT); /* attrs */
1376
1377 GETBYTE(auth_cnt);
1378 for (i = 0; i < auth_cnt; i++)
1379 if (skip_v2authblock() < 0)
1380 return (0);
1381 #endif
1382 } else if (flags & F_DTAIL) {
1383 DOFIELD("URL", FIELD_DEFAULT);
1384 DOFIELD("Scopes", FIELD_DEFAULT);
1385 DOFIELD("Attribute list", FIELD_DEFAULT);
1386 /* auth */
1387 GETBYTE(auth_cnt);
1388 for (i = 0; i < auth_cnt; i++)
1389 V2_DOAUTH(i);
1390 }
1391
1392 return (1);
1393 }
1394
1395 /*
1396 * V1 Interpreter
1397 */
1398
interpret_slp_v1(int flags,struct slpv1_hdr * slp,int fraglen)1399 static int interpret_slp_v1(int flags, struct slpv1_hdr *slp, int fraglen) {
1400 char msgbuf_real[256];
1401 extern int src_port, dst_port, curr_proto;
1402 boolean_t overflow = B_FALSE;
1403
1404 msgbuf = msgbuf_real;
1405
1406 if (msglength >= sizeof (*slp)) {
1407 if ((slp->flags & V1_URL_AUTH) == V1_URL_AUTH)
1408 url_auth = B_TRUE;
1409 if ((slp->flags & V1_ATTR_AUTH) == V1_ATTR_AUTH)
1410 attr_auth = B_TRUE;
1411 if ((slp->flags & V1_FRESH_REG) == V1_FRESH_REG)
1412 fresh = B_TRUE;
1413 if ((slp->flags & V1_OVERFLOW) == V1_OVERFLOW)
1414 overflow = B_TRUE;
1415 }
1416
1417 /*
1418 * Somewhat of a hack to decode traffic from a server that does
1419 * not send udp replies from its SLP src port.
1420 */
1421 if (curr_proto == IPPROTO_UDP &&
1422 dst_port == 427 &&
1423 src_port != 427)
1424 add_transient(src_port, interpret_slp);
1425
1426 /* parse the header */
1427 if (v1_header(flags, slp, fraglen)) {
1428
1429 if (slp->function <= V1_MAX_FUNCTION && slp->function > 0) {
1430
1431 /* Parse the message body */
1432 (v1_functions[slp->function])(flags);
1433
1434 }
1435
1436 }
1437
1438 /* summary error check */
1439 if (flags & F_SUM) {
1440 if (retlength < 0) {
1441 if (curr_proto == IPPROTO_TCP)
1442 sprintf(get_sum_line(),
1443 "%s [partial TCP message]",
1444 msgbuf);
1445 else if (overflow)
1446 sprintf(get_sum_line(), "%s [OVERFLOW]", msgbuf);
1447 else
1448 sprintf(get_sum_line(), "%s [CORRUPTED MESSAGE]", msgbuf);
1449 }
1450 #ifdef VERIFYSLP
1451 else if (msglength > 0)
1452 sprintf(get_sum_line(), "%s +%d", msgbuf, msglength);
1453 #endif
1454 else
1455 sprintf(get_sum_line(), "%s", msgbuf);
1456 } else if (flags & F_DTAIL) {
1457 /* detail error check */
1458 if (msglength > 0) {
1459 sprintf(get_line(0, 0),
1460 "[%d extra bytes at end of SLP message]", msglength);
1461 }
1462
1463 show_trailer();
1464
1465 }
1466
1467 v1_charset = 0;
1468
1469 return (0);
1470 }
1471
v1_header(int flags,struct slpv1_hdr * slp,int fraglen)1472 static int v1_header(int flags,
1473 struct slpv1_hdr *slp,
1474 int fraglen) {
1475 extern int src_port, dst_port, curr_proto;
1476 char *prototag = (curr_proto == IPPROTO_TCP? "/tcp" : "");
1477
1478 if (flags & F_SUM) {
1479 char portflag = ' ';
1480
1481 if (msglength < sizeof (*slp)) {
1482 sprintf(msgbuf, "SLP V1 [incomplete header]");
1483 return (0);
1484 }
1485
1486 if (slp->vers != 1) {
1487 if (curr_proto == IPPROTO_TCP)
1488 sprintf(msgbuf, "SLP [TCP Continuation]");
1489 else
1490 sprintf(msgbuf, "SLP [unknown version %d]", slp->vers);
1491 return (0);
1492 }
1493
1494 if (src_port != 427 && dst_port != 427)
1495 portflag = '-';
1496
1497 sprintf(msgbuf, "SLP V1%c%s [%d%s] ", portflag,
1498 slpv1_func(slp->function, B_TRUE),
1499 ntohs(slp->xid), prototag);
1500 msgend = msgbuf + strlen(msgbuf);
1501 msglength -= sizeof (*slp);
1502 p += sizeof (*slp);
1503 } else if (flags & F_DTAIL) {
1504 show_header("SLP: ", "Service Location Protocol (v1)", fraglen);
1505 show_space();
1506
1507 if (msglength < sizeof (*slp)) {
1508 sprintf(get_line(0, 0), "==> Incomplete SLP header");
1509 return (0);
1510 }
1511
1512 sprintf(get_line(0, 0), "Version = %d", slp->vers);
1513 if (slp->vers != 1) {
1514 if (curr_proto == IPPROTO_TCP)
1515 sprintf(get_line(0, 0), "==> TCP continuation");
1516 else
1517 sprintf(get_line(0, 0), "==> Unexpected version number");
1518 return (0);
1519 }
1520 sprintf(get_line(0, 0), "Function = %d, %s",
1521 slp->function, slpv1_func(slp->function, B_FALSE));
1522 sprintf(get_line(0, 0), "Message length = %u", ntohs(slp->length));
1523
1524 /* flags */
1525 sprintf(get_line(0, 0), "Flags = 0x%02x", slp->flags);
1526 sprintf(get_line(0, 0), " %s",
1527 getflag(slp->flags, V1_OVERFLOW,
1528 "overflow", "no overflow"));
1529 sprintf(get_line(0, 0), " %s",
1530 getflag(slp->flags, V1_MONOLINGUAL,
1531 "monolingual", "not monolingual"));
1532 sprintf(get_line(0, 0), " %s",
1533 getflag(slp->flags, V1_URL_AUTH,
1534 "url authentication", "no url authentication"));
1535 sprintf(get_line(0, 0), " %s",
1536 getflag(slp->flags, V1_ATTR_AUTH,
1537 "attribute authentication", "no attribute authentication"));
1538 sprintf(get_line(0, 0), " %s",
1539 getflag(slp->flags, V1_FRESH_REG,
1540 "fresh registration", "no fresh registration"));
1541 /* check reserved flags that must be zero */
1542 if ((slp->flags & 7) != 0) {
1543 sprintf(get_line(0, 0),
1544 " .... .xxx = %d (reserved flags nonzero)",
1545 slp->flags & 7);
1546 }
1547 /* end of flags */
1548
1549 sprintf(get_line(0, 0), "Dialect = %u", slp->dialect);
1550 sprintf(get_line(0, 0), "Language = 0x%02x%02x, %c%c",
1551 slp->language[0], slp->language[1],
1552 slp->language[0], slp->language[1]);
1553 v1_charset = ntohs(slp->charset);
1554 sprintf(get_line(0, 0), "Character encoding = %u, %s",
1555 v1_charset,
1556 slpv1_charset(v1_charset));
1557 sprintf(get_line(0, 0), "XID = %u", ntohs(slp->xid));
1558
1559 /* set msglength to remaining length of SLP message */
1560 msglength -= sizeof (*slp);
1561 p += sizeof (*slp);
1562 }
1563
1564 return (1);
1565 }
1566
slpv1_func(int t,boolean_t s)1567 static char *slpv1_func(int t, boolean_t s) {
1568 static char buf[128];
1569 switch (t) {
1570 case V1_SRVREQ: return s? "SrvRqst" : "Service Request";
1571 case V1_SRVRPLY: return s? "SrvRply" : "Service Reply";
1572 case V1_SRVREG: return s? "SrvReg" : "Service Registration";
1573 case V1_SRVDEREG: return s?
1574 "SrvDereg" : "Service Deregistration";
1575 case V1_SRVACK: return s? "SrvAck" : "Service Acknowledge";
1576 case V1_ATTRRQST: return s? "AttrRqst" : "Attribute Request";
1577 case V1_ATTRRPLY: return s? "AttrRply" : "Attribute Reply";
1578 case V1_DAADVERT: return s? "DAAdvert" : "DA advertisement";
1579 case V1_SRVTYPERQST:return s? "SrvTypeRqst" : "Service Type Request";
1580 case V1_SRVTYPERPLY:return s? "SrvTypeRply" : "Service Type Reply";
1581 }
1582 sprintf(buf, "(func %d)", t);
1583 return (s ? buf : "unknown function");
1584 }
1585
slpv1_error(unsigned short code)1586 static char *slpv1_error(unsigned short code) {
1587 static char buf[128];
1588
1589 switch (code) {
1590 case OK: return "ok";
1591 case LANG_NOT_SUPPORTED: return "language not supported";
1592 case PROTOCOL_PARSE_ERR: return "protocol parse error";
1593 case INVALID_REGISTRATION: return "invalid registration";
1594 case SCOPE_NOT_SUPPORTED: return "scope not supported";
1595 case CHARSET_NOT_UNDERSTOOD:return "character set not understood";
1596 case AUTHENTICATION_INVALID:return "invalid authentication";
1597 case NOT_SUPPORTED_YET: return "not yet supported";
1598 case REQUEST_TIMED_OUT: return "request timed out";
1599 case COULD_NOT_INIT_NET_RESOURCES:
1600 return ("could not initialize net resources");
1601 case COULD_NOT_ALLOCATE_MEMORY:
1602 return ("could not allocate memory");
1603 case PARAMETER_BAD: return "bad parameter";
1604 case INTERNAL_NET_ERROR: return "internal network error";
1605 case INTERNAL_SYSTEM_ERROR: return "internal system error";
1606 }
1607 sprintf(buf, "error %d", code);
1608 return (buf);
1609 }
1610
1611 /*
1612 * Character set info from
1613 * www.isi.edu/in-notes/iana/assignments/character-sets
1614 *
1615 * Assigned MIB enum Numbers
1616 * -------------------------
1617 * 0 Reserved
1618 * 1 Reserved
1619 * 3-106 Set By Standards Organizations
1620 * 1000-1010 Unicode / 10646
1621 * 2000-2087 Vendor
1622 * 2250-2258 Vendor
1623 *
1624 * MIBenum: 3
1625 * Alias: US-ASCII (preferred MIME name)
1626 * Source: ECMA registry [RFC1345]
1627 *
1628 * MIBenum: 106
1629 * Name: UTF-8
1630 * Source: RFC 2044
1631 */
1632
slpv1_charset(unsigned short code)1633 static char *slpv1_charset(unsigned short code) {
1634 if (code <= 1)
1635 return ("Reserved");
1636 if (code == 3)
1637 return ("US-ASCII");
1638 if (code == 4)
1639 return ("latin1");
1640 if (code == 106)
1641 return ("UTF-8");
1642 if (code >= 3 && code <= 106)
1643 return ("set by standards organization");
1644 if (code >= 1000 && code <= 1010)
1645 return ("Unicode variant");
1646 if ((code >= 2000 && code <= 2087) ||
1647 (code >= 2250 && code <= 2258))
1648 return ("Vendor assigned");
1649
1650 return ("unknown");
1651 }
1652
1653 #ifdef VERIFYSLP
skip_v1authblock()1654 static int skip_v1authblock() {
1655 unsigned short length;
1656
1657 /* auth header: 12 bytes total */
1658 if (msglength < 12)
1659 return (-1);
1660
1661 /* timestamp: 8 bytes */
1662 p += 8; /* timestamp: 8 bytes */
1663 p += sizeof (short); /* block descriptor: 2 bytes */
1664 nbtohs();
1665 length = netval;
1666 p += sizeof (short);
1667 msglength -= 12;
1668
1669 if (length > msglength) {
1670 /* framing error: message is not long enough to contain data */
1671 return (-1);
1672 }
1673
1674 p += length;
1675 msglength -= length;
1676 return (0);
1677 }
1678 #endif
1679
slpv1_authblock()1680 static int slpv1_authblock() {
1681 unsigned short bsd, length;
1682 char msgbuf[128];
1683 int n;
1684
1685 if (msglength < 12) {
1686 sprintf(get_line(0, 0),
1687 " [no room for auth block: remaining msg length = %u]",
1688 msglength);
1689 return (-1);
1690 }
1691
1692 /* timestamp: 8 bytes */
1693 *msgbuf = '\0';
1694 for (n = 0; n < 8; n++, p += 1) {
1695 char tmp[16];
1696 sprintf(tmp, "%02x", (unsigned char)(*p));
1697 strcat(msgbuf, tmp);
1698 }
1699
1700 nbtohs();
1701 bsd = netval;
1702 p += sizeof (short);
1703 nbtohs();
1704 length = netval;
1705 p += sizeof (short);
1706 msglength -= 12;
1707
1708 sprintf(get_line(0, 0),
1709 " Auth block: timestamp = %s",
1710 msgbuf);
1711 sprintf(get_line(0, 0),
1712 " block desc = 0x%04x, length = %u",
1713 bsd, length);
1714 if (length > msglength) {
1715 /* framing error: message is not long enough to contain data */
1716 sprintf(get_line(0, 0),
1717 " [Framing error: remaining pkt length = %u]", msglength);
1718 return (-1);
1719 }
1720
1721 p += length;
1722 msglength -= length;
1723 return (0);
1724 }
1725
slpv1_url(boolean_t auth_present)1726 static int slpv1_url(boolean_t auth_present) {
1727 time_t exp;
1728 int lifetime, length;
1729
1730 get_short();
1731 if ((lifetime = netval) < 0)
1732 return (-1);
1733 get_short();
1734 if ((length = netval) < 0)
1735 return (-1);
1736
1737 exp = time(0) + lifetime;
1738 sprintf(get_line(0, 0), "URL: length = %u, lifetime = %d (%24.24s)",
1739 length, lifetime, ctime(&exp));
1740 if (length > msglength) {
1741 /* framing error: message is not long enough to contain data */
1742 sprintf(get_line(0, 0),
1743 " [Framing error: remaining pkt length = %u]", msglength);
1744 return (-1);
1745 }
1746
1747 if (length > 0) {
1748 char *buf = malloc(length + 1);
1749 if (buf != NULL) {
1750 if (!make_utf8(buf, length, p, length)) {
1751 strcpy(buf, "[Invalid Character Encoding]");
1752 }
1753 sprintf(get_line(0, 0), " \"%s\"", buf);
1754 free(buf);
1755 }
1756 }
1757 msglength -= length;
1758 p += length;
1759
1760 if (auth_present)
1761 return (slpv1_authblock());
1762
1763 return (0);
1764 }
1765
v1_srv_rqst(int flags)1766 static int v1_srv_rqst(int flags) {
1767 if (flags & F_SUM) {
1768 SKIPFIELD(FIELD_PREVRESP); /* prev responders */
1769 GETFIELD; /* predicate */
1770 } else if (flags & F_DTAIL) {
1771 DOFIELD("Previous responders", FIELD_PREVRESP);
1772 DOFIELD("predicate string", FIELD_DEFAULT);
1773 }
1774
1775 return (1);
1776 }
1777
v1_srv_rply(int flags)1778 static int v1_srv_rply(int flags) {
1779 unsigned short errcode, itemcnt;
1780 int n;
1781
1782 if (flags & F_SUM) {
1783 GETSHORT(errcode);
1784 if (errcode != OK) {
1785 strcat(msgbuf, slpv1_error(errcode));
1786 } else {
1787 GETSHORT(itemcnt);
1788 sprintf(msgend, "%d URL entries", itemcnt);
1789 #ifdef VERIFYSLP
1790 for (n = 0; n < itemcnt; n++) {
1791 SKIPSHORT; /* lifetime */
1792 SKIPFIELD(FIELD_DEFAULT); /* URL */
1793 SKIPAUTH(url_auth); /* URL auth */
1794 }
1795 #endif
1796 }
1797 } else if (flags & F_DTAIL) {
1798 DOERRCODE;
1799 GETSHORT(itemcnt);
1800 sprintf(get_line(0, 0), "URL entry count = %d", itemcnt);
1801 for (n = 0; n < itemcnt; n++) {
1802 DOURL;
1803 }
1804 }
1805
1806 return (1);
1807 }
1808
v1_srv_reg(int flags)1809 static int v1_srv_reg(int flags) {
1810 if (flags & F_SUM) {
1811 SKIPSHORT; /* lifetime */
1812 GETFIELD; /* URL */
1813 #ifdef VERIFYSLP
1814 SKIPAUTH(url_auth); /* URL auth */
1815 SKIPFIELD(FIELD_DEFAULT); /* attribute list */
1816 SKIPAUTH(attr_auth); /* attr auth */
1817 #endif
1818 } else if (flags & F_DTAIL) {
1819 DOURL;
1820 DOFIELD("Attribute list", FIELD_DEFAULT);
1821 DOAUTH(attr_auth);
1822 }
1823
1824 return (1);
1825 }
1826
v1_srv_ack(int flags)1827 static int v1_srv_ack(int flags) {
1828 unsigned short errcode;
1829
1830 if (flags & F_SUM) {
1831 GETSHORT(errcode);
1832 strcat(msgbuf, slpv1_error(errcode));
1833 if (errcode == OK && fresh) {
1834 strcat(msgbuf, " [Fresh]");
1835 }
1836 } else if (flags & F_DTAIL) {
1837 DOERRCODE;
1838 }
1839
1840 return (1);
1841 }
1842
v1_srv_dereg(int flags)1843 static int v1_srv_dereg(int flags) {
1844 if (flags & F_SUM) {
1845 GETFIELD; /* URL */
1846 #ifdef VERIFYSLP
1847 SKIPAUTH(url_auth);
1848 SKIPFIELD(FIELD_DEFAULT); /* tag spec */
1849 #endif
1850 } else if (flags & F_DTAIL) {
1851 DOFIELD("URL", FIELD_DEFAULT);
1852 DOAUTH(url_auth);
1853 DOFIELD("Tag spec", FIELD_DEFAULT);
1854 }
1855
1856 return (1);
1857 }
1858
v1_attr_rqst(int flags)1859 static int v1_attr_rqst(int flags) {
1860 if (flags & F_SUM) {
1861 SKIPFIELD(FIELD_PREVRESP); /* prev responders */
1862 GETFIELD; /* URL */
1863 #ifdef VERIFYSLP
1864 SKIPFIELD(FIELD_DEFAULT); /* scope */
1865 SKIPFIELD(FIELD_DEFAULT); /* select list */
1866 #endif
1867 } else if (flags & F_DTAIL) {
1868 DOFIELD("Previous responders", FIELD_PREVRESP);
1869 DOFIELD("URL", FIELD_DEFAULT);
1870 DOFIELD("Scope", FIELD_DEFAULT);
1871 DOFIELD("Select list", FIELD_DEFAULT);
1872 }
1873
1874 return (1);
1875 }
1876
v1_attr_rply(int flags)1877 static int v1_attr_rply(int flags) {
1878 unsigned short errcode;
1879
1880 if (flags & F_SUM) {
1881 GETSHORT(errcode);
1882 if (errcode != OK) {
1883 strcat(msgbuf, slpv1_error(errcode));
1884 } else {
1885 GETFIELD; /* attr list */
1886 #ifdef VERIFYSLP
1887 SKIPAUTH(attr_auth);
1888 #endif
1889 }
1890 } else if (flags & F_DTAIL) {
1891 DOERRCODE;
1892 DOFIELD("Attribute list", FIELD_DEFAULT);
1893 DOAUTH(attr_auth);
1894 }
1895
1896 return (1);
1897 }
1898
v1_daadvert(int flags)1899 static int v1_daadvert(int flags) {
1900 unsigned short errcode;
1901
1902 if (flags & F_SUM) {
1903 GETSHORT(errcode);
1904 if (errcode != OK) {
1905 strcat(msgbuf, slpv1_error(errcode));
1906 } else {
1907 GETFIELD; /* URL */
1908 #ifdef VERIFYSLP
1909 SKIPFIELD(FIELD_DEFAULT); /* scope list */
1910 #endif
1911 }
1912 } else if (flags & F_DTAIL) {
1913 DOERRCODE;
1914 DOFIELD("URL", FIELD_DEFAULT);
1915 DOFIELD("Scope list", FIELD_DEFAULT);
1916 }
1917
1918 return (1);
1919 }
1920
v1_srv_type_rqst(int flags)1921 static int v1_srv_type_rqst(int flags) {
1922 if (flags & F_SUM) {
1923 SKIPFIELD(FIELD_PREVRESP); /* prev responders */
1924 SKIPFIELD(FIELD_TYPENA); /* naming authority */
1925 GETFIELD; /* scope */
1926 } else if (flags & F_DTAIL) {
1927 DOFIELD("Previous responders", FIELD_PREVRESP);
1928 DOFIELD("Naming authority", FIELD_TYPENA);
1929 DOFIELD("Scope string", FIELD_DEFAULT);
1930 }
1931
1932 return (1);
1933 }
1934
v1_srv_type_rply(int flags)1935 static int v1_srv_type_rply(int flags) {
1936 unsigned short errcode, itemcnt;
1937 int n;
1938
1939 if (flags & F_SUM) {
1940 GETSHORT(errcode);
1941 if (errcode != OK) {
1942 strcat(msgbuf, slpv1_error(errcode));
1943 } else {
1944 GETSHORT(itemcnt);
1945 sprintf(msgend, "%d type entries", itemcnt);
1946 #ifdef VERIFYSLP
1947 for (n = 0; n < itemcnt; n++) {
1948 SKIPFIELD(FIELD_DEFAULT); /* Service type item */
1949 }
1950 #endif
1951 }
1952 } else if (flags & F_DTAIL) {
1953 DOERRCODE;
1954 GETSHORT(itemcnt);
1955 sprintf(get_line(0, 0), "Service type count = %d", itemcnt);
1956 for (n = 0; n < itemcnt; n++) {
1957 DOFIELD(" Service type item", FIELD_DEFAULT);
1958 }
1959 }
1960
1961 return (1);
1962 }
1963