1 /* 2 * Redistribution and use in source and binary forms, with or without 3 * modification, are permitted provided that: (1) source code 4 * distributions retain the above copyright notice and this paragraph 5 * in its entirety, and (2) distributions including binary code include 6 * the above copyright notice and this paragraph in its entirety in 7 * the documentation or other materials provided with the distribution. 8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 11 * FOR A PARTICULAR PURPOSE. 12 * 13 * Original code by Hannes Gredler (hannes@gredler.at) 14 */ 15 16 /* \summary: Bidirectional Forwarding Detection (BFD) printer */ 17 18 /* 19 * specification: draft-ietf-bfd-base-01 for version 0, 20 * RFC 5880 for version 1, and RFC 5881 21 */ 22 23 #include <config.h> 24 25 #include "netdissect-stdinc.h" 26 27 #define ND_LONGJMP_FROM_TCHECK 28 #include "netdissect.h" 29 #include "extract.h" 30 31 #include "udp.h" 32 33 /* 34 * Control packet, BFDv0, draft-ietf-bfd-base-01 35 * 36 * 0 1 2 3 37 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 38 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 39 * |Vers | Diag |H|D|P|F|C|A|Rsv| Detect Mult | Length | 40 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 41 * | My Discriminator | 42 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 43 * | Your Discriminator | 44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 45 * | Desired Min TX Interval | 46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 47 * | Required Min RX Interval | 48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 49 * | Required Min Echo RX Interval | 50 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 51 */ 52 53 /* 54 * Control packet, BFDv1, RFC 5880 55 * 56 * 0 1 2 3 57 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 58 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 59 * |Vers | Diag |Sta|P|F|C|A|D|M| Detect Mult | Length | 60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 61 * | My Discriminator | 62 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 63 * | Your Discriminator | 64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 65 * | Desired Min TX Interval | 66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 67 * | Required Min RX Interval | 68 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 69 * | Required Min Echo RX Interval | 70 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 71 */ 72 73 struct bfd_header_t { 74 nd_uint8_t version_diag; 75 nd_uint8_t flags; 76 nd_uint8_t detect_time_multiplier; 77 nd_uint8_t length; 78 nd_uint32_t my_discriminator; 79 nd_uint32_t your_discriminator; 80 nd_uint32_t desired_min_tx_interval; 81 nd_uint32_t required_min_rx_interval; 82 nd_uint32_t required_min_echo_interval; 83 }; 84 85 /* 86 * An optional Authentication Header may be present 87 * 88 * 0 1 2 3 89 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 90 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 91 * | Auth Type | Auth Len | Authentication Data... | 92 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 93 */ 94 95 struct bfd_auth_header_t { 96 nd_uint8_t auth_type; 97 nd_uint8_t auth_len; 98 nd_uint8_t auth_data; 99 nd_uint8_t dummy; /* minimum 4 bytes */ 100 }; 101 102 enum auth_type { 103 AUTH_PASSWORD = 1, 104 AUTH_MD5 = 2, 105 AUTH_MET_MD5 = 3, 106 AUTH_SHA1 = 4, 107 AUTH_MET_SHA1 = 5 108 }; 109 110 static const struct tok bfd_v1_authentication_values[] = { 111 { AUTH_PASSWORD, "Simple Password" }, 112 { AUTH_MD5, "Keyed MD5" }, 113 { AUTH_MET_MD5, "Meticulous Keyed MD5" }, 114 { AUTH_SHA1, "Keyed SHA1" }, 115 { AUTH_MET_SHA1, "Meticulous Keyed SHA1" }, 116 { 0, NULL } 117 }; 118 119 enum auth_length { 120 AUTH_PASSWORD_FIELD_MIN_LEN = 4, /* header + password min: 3 + 1 */ 121 AUTH_PASSWORD_FIELD_MAX_LEN = 19, /* header + password max: 3 + 16 */ 122 AUTH_MD5_FIELD_LEN = 24, 123 AUTH_MD5_HASH_LEN = 16, 124 AUTH_SHA1_FIELD_LEN = 28, 125 AUTH_SHA1_HASH_LEN = 20 126 }; 127 128 #define BFD_EXTRACT_VERSION(x) (((x)&0xe0)>>5) 129 #define BFD_EXTRACT_DIAG(x) ((x)&0x1f) 130 131 static const struct tok bfd_diag_values[] = { 132 { 0, "No Diagnostic" }, 133 { 1, "Control Detection Time Expired" }, 134 { 2, "Echo Function Failed" }, 135 { 3, "Neighbor Signaled Session Down" }, 136 { 4, "Forwarding Plane Reset" }, 137 { 5, "Path Down" }, 138 { 6, "Concatenated Path Down" }, 139 { 7, "Administratively Down" }, 140 { 8, "Reverse Concatenated Path Down" }, 141 { 0, NULL } 142 }; 143 144 static const struct tok bfd_port_values[] = { 145 { BFD_CONTROL_PORT, "Control" }, 146 { BFD_MULTIHOP_PORT, "Multihop" }, 147 { BFD_LAG_PORT, "Lag" }, 148 { 0, NULL } 149 }; 150 151 #define BFD_FLAG_AUTH 0x04 152 153 static const struct tok bfd_v0_flag_values[] = { 154 { 0x80, "I Hear You" }, 155 { 0x40, "Demand" }, 156 { 0x20, "Poll" }, 157 { 0x10, "Final" }, 158 { 0x08, "Control Plane Independent" }, 159 { BFD_FLAG_AUTH, "Authentication Present" }, 160 { 0x02, "Reserved" }, 161 { 0x01, "Reserved" }, 162 { 0, NULL } 163 }; 164 165 static const struct tok bfd_v1_flag_values[] = { 166 { 0x20, "Poll" }, 167 { 0x10, "Final" }, 168 { 0x08, "Control Plane Independent" }, 169 { BFD_FLAG_AUTH, "Authentication Present" }, 170 { 0x02, "Demand" }, 171 { 0x01, "Multipoint" }, 172 { 0, NULL } 173 }; 174 175 static const struct tok bfd_v1_state_values[] = { 176 { 0, "AdminDown" }, 177 { 1, "Down" }, 178 { 2, "Init" }, 179 { 3, "Up" }, 180 { 0, NULL } 181 }; 182 183 static void 184 auth_print(netdissect_options *ndo, const u_char *pptr) 185 { 186 const struct bfd_auth_header_t *bfd_auth_header; 187 uint8_t auth_type, auth_len; 188 int i; 189 190 pptr += sizeof (struct bfd_header_t); 191 bfd_auth_header = (const struct bfd_auth_header_t *)pptr; 192 ND_TCHECK_SIZE(bfd_auth_header); 193 auth_type = GET_U_1(bfd_auth_header->auth_type); 194 auth_len = GET_U_1(bfd_auth_header->auth_len); 195 ND_PRINT("\n\tAuthentication: %s (%u), length: %u", 196 tok2str(bfd_v1_authentication_values,"Unknown",auth_type), 197 auth_type, auth_len); 198 pptr += 2; 199 ND_PRINT("\n\t Auth Key ID: %u", GET_U_1(pptr)); 200 201 switch(auth_type) { 202 case AUTH_PASSWORD: 203 /* 204 * Simple Password Authentication Section Format 205 * 206 * 0 1 2 3 207 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 * | Auth Type | Auth Len | Auth Key ID | Password... | 210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 * | ... | 212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 */ 214 if (auth_len < AUTH_PASSWORD_FIELD_MIN_LEN || 215 auth_len > AUTH_PASSWORD_FIELD_MAX_LEN) { 216 ND_PRINT("[invalid length %u]", 217 auth_len); 218 break; 219 } 220 pptr++; 221 ND_PRINT(", Password: "); 222 /* the length is equal to the password length plus three */ 223 (void)nd_printn(ndo, pptr, auth_len - 3, NULL); 224 break; 225 case AUTH_MD5: 226 case AUTH_MET_MD5: 227 /* 228 * Keyed MD5 and Meticulous Keyed MD5 Authentication Section Format 229 * 230 * 0 1 2 3 231 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 232 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 233 * | Auth Type | Auth Len | Auth Key ID | Reserved | 234 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 235 * | Sequence Number | 236 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 * | Auth Key/Digest... | 238 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 * | ... | 240 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 */ 242 if (auth_len != AUTH_MD5_FIELD_LEN) { 243 ND_PRINT("[invalid length %u]", 244 auth_len); 245 break; 246 } 247 pptr += 2; 248 ND_PRINT(", Sequence Number: 0x%08x", GET_BE_U_4(pptr)); 249 pptr += 4; 250 ND_TCHECK_LEN(pptr, AUTH_MD5_HASH_LEN); 251 ND_PRINT("\n\t Digest: "); 252 for(i = 0; i < AUTH_MD5_HASH_LEN; i++) 253 ND_PRINT("%02x", GET_U_1(pptr + i)); 254 break; 255 case AUTH_SHA1: 256 case AUTH_MET_SHA1: 257 /* 258 * Keyed SHA1 and Meticulous Keyed SHA1 Authentication Section Format 259 * 260 * 0 1 2 3 261 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 262 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 263 * | Auth Type | Auth Len | Auth Key ID | Reserved | 264 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 265 * | Sequence Number | 266 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 267 * | Auth Key/Hash... | 268 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 269 * | ... | 270 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 271 */ 272 if (auth_len != AUTH_SHA1_FIELD_LEN) { 273 ND_PRINT("[invalid length %u]", 274 auth_len); 275 break; 276 } 277 pptr += 2; 278 ND_PRINT(", Sequence Number: 0x%08x", GET_BE_U_4(pptr)); 279 pptr += 4; 280 ND_TCHECK_LEN(pptr, AUTH_SHA1_HASH_LEN); 281 ND_PRINT("\n\t Hash: "); 282 for(i = 0; i < AUTH_SHA1_HASH_LEN; i++) 283 ND_PRINT("%02x", GET_U_1(pptr + i)); 284 break; 285 } 286 } 287 288 void 289 bfd_print(netdissect_options *ndo, const u_char *pptr, 290 u_int len, u_int port) 291 { 292 ndo->ndo_protocol = "bfd"; 293 if (port == BFD_CONTROL_PORT || 294 port == BFD_MULTIHOP_PORT || 295 port == BFD_LAG_PORT) { 296 /* 297 * Control packet. 298 */ 299 const struct bfd_header_t *bfd_header; 300 uint8_t version_diag; 301 uint8_t version = 0; 302 uint8_t flags; 303 304 bfd_header = (const struct bfd_header_t *)pptr; 305 ND_TCHECK_SIZE(bfd_header); 306 version_diag = GET_U_1(bfd_header->version_diag); 307 version = BFD_EXTRACT_VERSION(version_diag); 308 flags = GET_U_1(bfd_header->flags); 309 310 switch (version) { 311 312 /* BFDv0 */ 313 case 0: 314 if (ndo->ndo_vflag < 1) { 315 ND_PRINT("BFDv0, Control, Flags: [%s], length: %u", 316 bittok2str(bfd_v0_flag_values, "none", flags), 317 len); 318 return; 319 } 320 321 ND_PRINT("BFDv0, length: %u\n\tControl, Flags: [%s], Diagnostic: %s (0x%02x)", 322 len, 323 bittok2str(bfd_v0_flag_values, "none", flags), 324 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(version_diag)), 325 BFD_EXTRACT_DIAG(version_diag)); 326 327 ND_PRINT("\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u", 328 GET_U_1(bfd_header->detect_time_multiplier), 329 GET_U_1(bfd_header->detect_time_multiplier) * GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000, 330 GET_U_1(bfd_header->length)); 331 332 333 ND_PRINT("\n\tMy Discriminator: 0x%08x", 334 GET_BE_U_4(bfd_header->my_discriminator)); 335 ND_PRINT(", Your Discriminator: 0x%08x", 336 GET_BE_U_4(bfd_header->your_discriminator)); 337 ND_PRINT("\n\t Desired min Tx Interval: %4u ms", 338 GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000); 339 ND_PRINT("\n\t Required min Rx Interval: %4u ms", 340 GET_BE_U_4(bfd_header->required_min_rx_interval)/1000); 341 ND_PRINT("\n\t Required min Echo Interval: %4u ms", 342 GET_BE_U_4(bfd_header->required_min_echo_interval)/1000); 343 344 if (flags & BFD_FLAG_AUTH) { 345 auth_print(ndo, pptr); 346 } 347 break; 348 349 /* BFDv1 */ 350 case 1: 351 if (ndo->ndo_vflag < 1) { 352 ND_PRINT("BFDv1, %s, State %s, Flags: [%s], length: %u", 353 tok2str(bfd_port_values, "unknown (%u)", port), 354 tok2str(bfd_v1_state_values, "unknown (%u)", (flags & 0xc0) >> 6), 355 bittok2str(bfd_v1_flag_values, "none", flags & 0x3f), 356 len); 357 return; 358 } 359 360 ND_PRINT("BFDv1, length: %u\n\t%s, State %s, Flags: [%s], Diagnostic: %s (0x%02x)", 361 len, 362 tok2str(bfd_port_values, "unknown (%u)", port), 363 tok2str(bfd_v1_state_values, "unknown (%u)", (flags & 0xc0) >> 6), 364 bittok2str(bfd_v1_flag_values, "none", flags & 0x3f), 365 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(version_diag)), 366 BFD_EXTRACT_DIAG(version_diag)); 367 368 ND_PRINT("\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u", 369 GET_U_1(bfd_header->detect_time_multiplier), 370 GET_U_1(bfd_header->detect_time_multiplier) * GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000, 371 GET_U_1(bfd_header->length)); 372 373 374 ND_PRINT("\n\tMy Discriminator: 0x%08x", 375 GET_BE_U_4(bfd_header->my_discriminator)); 376 ND_PRINT(", Your Discriminator: 0x%08x", 377 GET_BE_U_4(bfd_header->your_discriminator)); 378 ND_PRINT("\n\t Desired min Tx Interval: %4u ms", 379 GET_BE_U_4(bfd_header->desired_min_tx_interval)/1000); 380 ND_PRINT("\n\t Required min Rx Interval: %4u ms", 381 GET_BE_U_4(bfd_header->required_min_rx_interval)/1000); 382 ND_PRINT("\n\t Required min Echo Interval: %4u ms", 383 GET_BE_U_4(bfd_header->required_min_echo_interval)/1000); 384 385 if (flags & BFD_FLAG_AUTH) { 386 auth_print(ndo, pptr); 387 } 388 break; 389 390 default: 391 ND_PRINT("BFDv%u, Control, length: %u", 392 version, 393 len); 394 if (ndo->ndo_vflag >= 1) { 395 if(!print_unknown_data(ndo, pptr,"\n\t",len)) 396 return; 397 } 398 break; 399 } 400 } else if (port == BFD_ECHO_PORT) { 401 /* 402 * Echo packet. 403 */ 404 ND_PRINT("BFD, Echo, length: %u", 405 len); 406 if (ndo->ndo_vflag >= 1) { 407 if(!print_unknown_data(ndo, pptr,"\n\t",len)) 408 return; 409 } 410 } else { 411 /* 412 * Unknown packet type. 413 */ 414 ND_PRINT("BFD, unknown (%u), length: %u", 415 port, 416 len); 417 if (ndo->ndo_vflag >= 1) { 418 if(!print_unknown_data(ndo, pptr,"\n\t",len)) 419 return; 420 } 421 } 422 } 423