1 /* 2 * Copyright (c) 2007-2011 Grégoire Henry, Juliusz Chroboczek 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Neither the name of the project nor the names of its contributors 13 * may be used to endorse or promote products derived from this software 14 * without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #define NETDISSECT_REWORKED 30 #ifdef HAVE_CONFIG_H 31 #include "config.h" 32 #endif 33 34 #include <tcpdump-stdinc.h> 35 36 #include <stdio.h> 37 #include <string.h> 38 39 #include "interface.h" 40 #include "addrtoname.h" 41 #include "extract.h" 42 43 static const char tstr[] = "[|babel]"; 44 45 static void babel_print_v2(netdissect_options *, const u_char *cp, u_int length); 46 47 void 48 babel_print(netdissect_options *ndo, 49 const u_char *cp, u_int length) { 50 ND_PRINT((ndo, "babel")); 51 52 ND_TCHECK2(*cp, 4); 53 54 if(cp[0] != 42) { 55 ND_PRINT((ndo, " malformed header")); 56 return; 57 } else { 58 ND_PRINT((ndo, " %d", cp[1])); 59 } 60 61 switch(cp[1]) { 62 case 2: 63 babel_print_v2(ndo, cp, length); 64 break; 65 default: 66 ND_PRINT((ndo, " unknown version")); 67 break; 68 } 69 70 return; 71 72 trunc: 73 ND_PRINT((ndo, " %s", tstr)); 74 return; 75 } 76 77 /* TLVs */ 78 #define MESSAGE_PAD1 0 79 #define MESSAGE_PADN 1 80 #define MESSAGE_ACK_REQ 2 81 #define MESSAGE_ACK 3 82 #define MESSAGE_HELLO 4 83 #define MESSAGE_IHU 5 84 #define MESSAGE_ROUTER_ID 6 85 #define MESSAGE_NH 7 86 #define MESSAGE_UPDATE 8 87 #define MESSAGE_REQUEST 9 88 #define MESSAGE_MH_REQUEST 10 89 #define MESSAGE_TSPC 11 90 #define MESSAGE_HMAC 12 91 92 /* sub-TLVs */ 93 #define MESSAGE_SUB_PAD1 0 94 #define MESSAGE_SUB_PADN 1 95 #define MESSAGE_SUB_DIVERSITY 2 96 #define MESSAGE_SUB_TIMESTAMP 3 97 98 /* Diversity sub-TLV channel codes */ 99 static const struct tok diversity_str[] = { 100 { 0, "reserved" }, 101 { 255, "all" }, 102 { 0, NULL } 103 }; 104 105 static const char * 106 format_id(const u_char *id) 107 { 108 static char buf[25]; 109 snprintf(buf, 25, "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", 110 id[0], id[1], id[2], id[3], id[4], id[5], id[6], id[7]); 111 buf[24] = '\0'; 112 return buf; 113 } 114 115 static const unsigned char v4prefix[16] = 116 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0, 0, 0, 0 }; 117 118 static const char * 119 format_prefix(netdissect_options *ndo, const u_char *prefix, unsigned char plen) 120 { 121 static char buf[50]; 122 if(plen >= 96 && memcmp(prefix, v4prefix, 12) == 0) 123 snprintf(buf, 50, "%s/%u", ipaddr_string(ndo, prefix + 12), plen - 96); 124 else 125 #ifdef INET6 126 snprintf(buf, 50, "%s/%u", ip6addr_string(ndo, prefix), plen); 127 #else 128 snprintf(buf, 50, "IPv6 addresses not supported"); 129 #endif 130 buf[49] = '\0'; 131 return buf; 132 } 133 134 static const char * 135 format_address(netdissect_options *ndo, const u_char *prefix) 136 { 137 if(memcmp(prefix, v4prefix, 12) == 0) 138 return ipaddr_string(ndo, prefix + 12); 139 else 140 #ifdef INET6 141 return ip6addr_string(ndo, prefix); 142 #else 143 return "IPv6 addresses not supported"; 144 #endif 145 } 146 147 static const char * 148 format_interval(const uint16_t i) 149 { 150 static char buf[sizeof("000.00s")]; 151 152 if (i == 0) 153 return "0.0s (bogus)"; 154 snprintf(buf, sizeof(buf), "%u.%02us", i / 100, i % 100); 155 return buf; 156 } 157 158 static const char * 159 format_interval_update(const uint16_t i) 160 { 161 return i == 0xFFFF ? "infinity" : format_interval(i); 162 } 163 164 static const char * 165 format_timestamp(const uint32_t i) 166 { 167 static char buf[sizeof("0000.000000s")]; 168 snprintf(buf, sizeof(buf), "%u.%06us", i / 1000000, i % 1000000); 169 return buf; 170 } 171 172 /* Return number of octets consumed from the input buffer (not the prefix length 173 * in bytes), or -1 for encoding error. */ 174 static int 175 network_prefix(int ae, int plen, unsigned int omitted, 176 const unsigned char *p, const unsigned char *dp, 177 unsigned int len, unsigned char *p_r) 178 { 179 unsigned pb; 180 unsigned char prefix[16]; 181 int consumed = 0; 182 183 if(plen >= 0) 184 pb = (plen + 7) / 8; 185 else if(ae == 1) 186 pb = 4; 187 else 188 pb = 16; 189 190 if(pb > 16) 191 return -1; 192 193 memset(prefix, 0, 16); 194 195 switch(ae) { 196 case 0: break; 197 case 1: 198 if(omitted > 4 || pb > 4 || (pb > omitted && len < pb - omitted)) 199 return -1; 200 memcpy(prefix, v4prefix, 12); 201 if(omitted) { 202 if (dp == NULL) return -1; 203 memcpy(prefix, dp, 12 + omitted); 204 } 205 if(pb > omitted) { 206 memcpy(prefix + 12 + omitted, p, pb - omitted); 207 consumed = pb - omitted; 208 } 209 break; 210 case 2: 211 if(omitted > 16 || (pb > omitted && len < pb - omitted)) 212 return -1; 213 if(omitted) { 214 if (dp == NULL) return -1; 215 memcpy(prefix, dp, omitted); 216 } 217 if(pb > omitted) { 218 memcpy(prefix + omitted, p, pb - omitted); 219 consumed = pb - omitted; 220 } 221 break; 222 case 3: 223 if(pb > 8 && len < pb - 8) return -1; 224 prefix[0] = 0xfe; 225 prefix[1] = 0x80; 226 if(pb > 8) { 227 memcpy(prefix + 8, p, pb - 8); 228 consumed = pb - 8; 229 } 230 break; 231 default: 232 return -1; 233 } 234 235 memcpy(p_r, prefix, 16); 236 return consumed; 237 } 238 239 static int 240 network_address(int ae, const unsigned char *a, unsigned int len, 241 unsigned char *a_r) 242 { 243 return network_prefix(ae, -1, 0, a, NULL, len, a_r); 244 } 245 246 /* 247 * Sub-TLVs consume the "extra data" of Babel TLVs (see Section 4.3 of RFC6126), 248 * their encoding is similar to the encoding of TLVs, but the type namespace is 249 * different: 250 * 251 * o Type 0 stands for Pad1 sub-TLV with the same encoding as the Pad1 TLV. 252 * o Type 1 stands for PadN sub-TLV with the same encoding as the PadN TLV. 253 * o Type 2 stands for Diversity sub-TLV, which propagates diversity routing 254 * data. Its body is a variable-length sequence of 8-bit unsigned integers, 255 * each representing per-hop number of interferring radio channel for the 256 * prefix. Channel 0 is invalid and must not be used in the sub-TLV, channel 257 * 255 interferes with any other channel. 258 * o Type 3 stands for Timestamp sub-TLV, used to compute RTT between 259 * neighbours. In the case of a Hello TLV, the body stores a 32-bits 260 * timestamp, while in the case of a IHU TLV, two 32-bits timestamps are 261 * stored. 262 * 263 * Sub-TLV types 0 and 1 are valid for any TLV type, whether sub-TLV type 2 is 264 * only valid for TLV type 8 (Update). Note that within an Update TLV a missing 265 * Diversity sub-TLV is not the same as a Diversity sub-TLV with an empty body. 266 * The former would mean a lack of any claims about the interference, and the 267 * latter would state that interference is definitely absent. 268 * A type 3 sub-TLV is valid both for Hello and IHU TLVs, though the exact 269 * semantic of the sub-TLV is different in each case. 270 */ 271 static void 272 subtlvs_print(netdissect_options *ndo, 273 const u_char *cp, const u_char *ep, const uint8_t tlv_type) { 274 uint8_t subtype, sublen; 275 const char *sep; 276 uint32_t t1, t2; 277 278 while (cp < ep) { 279 subtype = *cp++; 280 if(subtype == MESSAGE_SUB_PAD1) { 281 ND_PRINT((ndo, " sub-pad1")); 282 continue; 283 } 284 if(cp == ep) 285 goto corrupt; 286 sublen = *cp++; 287 if(cp + sublen > ep) 288 goto corrupt; 289 290 switch(subtype) { 291 case MESSAGE_SUB_PADN: 292 ND_PRINT((ndo, " sub-padn")); 293 cp += sublen; 294 break; 295 case MESSAGE_SUB_DIVERSITY: 296 ND_PRINT((ndo, " sub-diversity")); 297 if (sublen == 0) { 298 ND_PRINT((ndo, " empty")); 299 break; 300 } 301 sep = " "; 302 while(sublen--) { 303 ND_PRINT((ndo, "%s%s", sep, tok2str(diversity_str, "%u", *cp++))); 304 sep = "-"; 305 } 306 if(tlv_type != MESSAGE_UPDATE) 307 ND_PRINT((ndo, " (bogus)")); 308 break; 309 case MESSAGE_SUB_TIMESTAMP: 310 ND_PRINT((ndo, " sub-timestamp")); 311 if(tlv_type == MESSAGE_HELLO) { 312 if(sublen < 4) 313 goto corrupt; 314 t1 = EXTRACT_32BITS(cp); 315 ND_PRINT((ndo, " %s", format_timestamp(t1))); 316 } else if(tlv_type == MESSAGE_IHU) { 317 if(sublen < 8) 318 goto corrupt; 319 t1 = EXTRACT_32BITS(cp); 320 ND_PRINT((ndo, " %s", format_timestamp(t1))); 321 t2 = EXTRACT_32BITS(cp + 4); 322 ND_PRINT((ndo, "|%s", format_timestamp(t2))); 323 } else 324 ND_PRINT((ndo, " (bogus)")); 325 cp += sublen; 326 break; 327 default: 328 ND_PRINT((ndo, " sub-unknown-0x%02x", subtype)); 329 cp += sublen; 330 } /* switch */ 331 } /* while */ 332 return; 333 334 corrupt: 335 ND_PRINT((ndo, " (corrupt)")); 336 } 337 338 #define ICHECK(i, l) \ 339 if ((i) + (l) > bodylen || (i) + (l) > length) goto corrupt; 340 341 static void 342 babel_print_v2(netdissect_options *ndo, 343 const u_char *cp, u_int length) { 344 u_int i; 345 u_short bodylen; 346 u_char v4_prefix[16] = 347 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0, 0, 0, 0 }; 348 u_char v6_prefix[16] = {0}; 349 350 ND_TCHECK2(*cp, 4); 351 if (length < 4) 352 goto corrupt; 353 bodylen = EXTRACT_16BITS(cp + 2); 354 ND_PRINT((ndo, " (%u)", bodylen)); 355 356 /* Process the TLVs in the body */ 357 i = 0; 358 while(i < bodylen) { 359 const u_char *message; 360 u_int type, len; 361 362 message = cp + 4 + i; 363 364 ND_TCHECK2(*message, 1); 365 if((type = message[0]) == MESSAGE_PAD1) { 366 ND_PRINT((ndo, ndo->ndo_vflag ? "\n\tPad 1" : " pad1")); 367 i += 1; 368 continue; 369 } 370 371 ND_TCHECK2(*message, 2); 372 ICHECK(i, 2); 373 len = message[1]; 374 375 ND_TCHECK2(*message, 2 + len); 376 ICHECK(i, 2 + len); 377 378 switch(type) { 379 case MESSAGE_PADN: { 380 if (!ndo->ndo_vflag) 381 ND_PRINT((ndo, " padN")); 382 else 383 ND_PRINT((ndo, "\n\tPad %d", len + 2)); 384 } 385 break; 386 387 case MESSAGE_ACK_REQ: { 388 u_short nonce, interval; 389 if (!ndo->ndo_vflag) 390 ND_PRINT((ndo, " ack-req")); 391 else { 392 ND_PRINT((ndo, "\n\tAcknowledgment Request ")); 393 if(len < 6) goto corrupt; 394 nonce = EXTRACT_16BITS(message + 4); 395 interval = EXTRACT_16BITS(message + 6); 396 ND_PRINT((ndo, "%04x %s", nonce, format_interval(interval))); 397 } 398 } 399 break; 400 401 case MESSAGE_ACK: { 402 u_short nonce; 403 if (!ndo->ndo_vflag) 404 ND_PRINT((ndo, " ack")); 405 else { 406 ND_PRINT((ndo, "\n\tAcknowledgment ")); 407 if(len < 2) goto corrupt; 408 nonce = EXTRACT_16BITS(message + 2); 409 ND_PRINT((ndo, "%04x", nonce)); 410 } 411 } 412 break; 413 414 case MESSAGE_HELLO: { 415 u_short seqno, interval; 416 if (!ndo->ndo_vflag) 417 ND_PRINT((ndo, " hello")); 418 else { 419 ND_PRINT((ndo, "\n\tHello ")); 420 if(len < 6) goto corrupt; 421 seqno = EXTRACT_16BITS(message + 4); 422 interval = EXTRACT_16BITS(message + 6); 423 ND_PRINT((ndo, "seqno %u interval %s", seqno, format_interval(interval))); 424 /* Extra data. */ 425 if(len > 6) 426 subtlvs_print(ndo, message + 8, message + 2 + len, type); 427 } 428 } 429 break; 430 431 case MESSAGE_IHU: { 432 unsigned short txcost, interval; 433 if (!ndo->ndo_vflag) 434 ND_PRINT((ndo, " ihu")); 435 else { 436 u_char address[16]; 437 int rc; 438 ND_PRINT((ndo, "\n\tIHU ")); 439 if(len < 6) goto corrupt; 440 txcost = EXTRACT_16BITS(message + 4); 441 interval = EXTRACT_16BITS(message + 6); 442 rc = network_address(message[2], message + 8, len - 6, address); 443 if(rc < 0) { ND_PRINT((ndo, "%s", tstr)); break; } 444 ND_PRINT((ndo, "%s txcost %u interval %s", 445 format_address(ndo, address), txcost, format_interval(interval))); 446 /* Extra data. */ 447 if((u_int)rc < len - 6) 448 subtlvs_print(ndo, message + 8 + rc, message + 2 + len, 449 type); 450 } 451 } 452 break; 453 454 case MESSAGE_ROUTER_ID: { 455 if (!ndo->ndo_vflag) 456 ND_PRINT((ndo, " router-id")); 457 else { 458 ND_PRINT((ndo, "\n\tRouter Id")); 459 if(len < 10) goto corrupt; 460 ND_PRINT((ndo, " %s", format_id(message + 4))); 461 } 462 } 463 break; 464 465 case MESSAGE_NH: { 466 if (!ndo->ndo_vflag) 467 ND_PRINT((ndo, " nh")); 468 else { 469 int rc; 470 u_char nh[16]; 471 ND_PRINT((ndo, "\n\tNext Hop")); 472 if(len < 2) goto corrupt; 473 rc = network_address(message[2], message + 4, len - 2, nh); 474 if(rc < 0) goto corrupt; 475 ND_PRINT((ndo, " %s", format_address(ndo, nh))); 476 } 477 } 478 break; 479 480 case MESSAGE_UPDATE: { 481 if (!ndo->ndo_vflag) { 482 ND_PRINT((ndo, " update")); 483 if(len < 1) 484 ND_PRINT((ndo, "/truncated")); 485 else 486 ND_PRINT((ndo, "%s%s%s", 487 (message[3] & 0x80) ? "/prefix": "", 488 (message[3] & 0x40) ? "/id" : "", 489 (message[3] & 0x3f) ? "/unknown" : "")); 490 } else { 491 u_short interval, seqno, metric; 492 u_char plen; 493 int rc; 494 u_char prefix[16]; 495 ND_PRINT((ndo, "\n\tUpdate")); 496 if(len < 10) goto corrupt; 497 plen = message[4] + (message[2] == 1 ? 96 : 0); 498 rc = network_prefix(message[2], message[4], message[5], 499 message + 12, 500 message[2] == 1 ? v4_prefix : v6_prefix, 501 len - 10, prefix); 502 if(rc < 0) goto corrupt; 503 interval = EXTRACT_16BITS(message + 6); 504 seqno = EXTRACT_16BITS(message + 8); 505 metric = EXTRACT_16BITS(message + 10); 506 ND_PRINT((ndo, "%s%s%s %s metric %u seqno %u interval %s", 507 (message[3] & 0x80) ? "/prefix": "", 508 (message[3] & 0x40) ? "/id" : "", 509 (message[3] & 0x3f) ? "/unknown" : "", 510 format_prefix(ndo, prefix, plen), 511 metric, seqno, format_interval_update(interval))); 512 if(message[3] & 0x80) { 513 if(message[2] == 1) 514 memcpy(v4_prefix, prefix, 16); 515 else 516 memcpy(v6_prefix, prefix, 16); 517 } 518 /* extra data? */ 519 if((u_int)rc < len - 10) 520 subtlvs_print(ndo, message + 12 + rc, message + 2 + len, type); 521 } 522 } 523 break; 524 525 case MESSAGE_REQUEST: { 526 if (!ndo->ndo_vflag) 527 ND_PRINT((ndo, " request")); 528 else { 529 int rc; 530 u_char prefix[16], plen; 531 ND_PRINT((ndo, "\n\tRequest ")); 532 if(len < 2) goto corrupt; 533 plen = message[3] + (message[2] == 1 ? 96 : 0); 534 rc = network_prefix(message[2], message[3], 0, 535 message + 4, NULL, len - 2, prefix); 536 if(rc < 0) goto corrupt; 537 ND_PRINT((ndo, "for %s", 538 message[2] == 0 ? "any" : format_prefix(ndo, prefix, plen))); 539 } 540 } 541 break; 542 543 case MESSAGE_MH_REQUEST : { 544 if (!ndo->ndo_vflag) 545 ND_PRINT((ndo, " mh-request")); 546 else { 547 int rc; 548 u_short seqno; 549 u_char prefix[16], plen; 550 ND_PRINT((ndo, "\n\tMH-Request ")); 551 if(len < 14) goto corrupt; 552 seqno = EXTRACT_16BITS(message + 4); 553 rc = network_prefix(message[2], message[3], 0, 554 message + 16, NULL, len - 14, prefix); 555 if(rc < 0) goto corrupt; 556 plen = message[3] + (message[2] == 1 ? 96 : 0); 557 ND_PRINT((ndo, "(%u hops) for %s seqno %u id %s", 558 message[6], format_prefix(ndo, prefix, plen), 559 seqno, format_id(message + 8))); 560 } 561 } 562 break; 563 case MESSAGE_TSPC : 564 if (!ndo->ndo_vflag) 565 ND_PRINT((ndo, " tspc")); 566 else { 567 ND_PRINT((ndo, "\n\tTS/PC ")); 568 if(len < 6) goto corrupt; 569 ND_PRINT((ndo, "timestamp %u packetcounter %u", EXTRACT_32BITS (message + 4), 570 EXTRACT_16BITS(message + 2))); 571 } 572 break; 573 case MESSAGE_HMAC : { 574 if (!ndo->ndo_vflag) 575 ND_PRINT((ndo, " hmac")); 576 else { 577 unsigned j; 578 ND_PRINT((ndo, "\n\tHMAC ")); 579 if(len < 18) goto corrupt; 580 ND_PRINT((ndo, "key-id %u digest-%u ", EXTRACT_16BITS(message + 2), len - 2)); 581 for (j = 0; j < len - 2; j++) 582 ND_PRINT((ndo, "%02X", message[4 + j])); 583 } 584 } 585 break; 586 default: 587 if (!ndo->ndo_vflag) 588 ND_PRINT((ndo, " unknown")); 589 else 590 ND_PRINT((ndo, "\n\tUnknown message type %d", type)); 591 } 592 i += len + 2; 593 } 594 return; 595 596 trunc: 597 ND_PRINT((ndo, " %s", tstr)); 598 return; 599 600 corrupt: 601 ND_PRINT((ndo, " (corrupt)")); 602 return; 603 } 604