xref: /freebsd/contrib/tcpdump/print-hncp.c (revision b64c5a0ace59af62eff52bfe110a521dc73c937b)
1 /*
2  * Copyright (c) 2016 Antonin Décimo, Jean-Raphaël Gaglione
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  * 3. Neither the name of the project nor the names of its contributors
13  *    may be used to endorse or promote products derived from this software
14  *    without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 /* \summary: Home Networking Control Protocol (HNCP) printer */
30 
31 #include <config.h>
32 
33 #include "netdissect-stdinc.h"
34 
35 #include <string.h>
36 
37 #include "netdissect.h"
38 #include "addrtoname.h"
39 #include "extract.h"
40 
41 static void
42 hncp_print_rec(netdissect_options *ndo,
43                const u_char *cp, u_int length, int indent);
44 
45 void
46 hncp_print(netdissect_options *ndo,
47            const u_char *cp, u_int length)
48 {
49     ndo->ndo_protocol = "hncp";
50     ND_PRINT("hncp (%u)", length);
51     hncp_print_rec(ndo, cp, length, 1);
52 }
53 
54 /* RFC7787 */
55 #define DNCP_REQUEST_NETWORK_STATE  1
56 #define DNCP_REQUEST_NODE_STATE     2
57 #define DNCP_NODE_ENDPOINT          3
58 #define DNCP_NETWORK_STATE          4
59 #define DNCP_NODE_STATE             5
60 #define DNCP_PEER                   8
61 #define DNCP_KEEP_ALIVE_INTERVAL    9
62 #define DNCP_TRUST_VERDICT         10
63 
64 /* RFC7788 */
65 #define HNCP_HNCP_VERSION          32
66 #define HNCP_EXTERNAL_CONNECTION   33
67 #define HNCP_DELEGATED_PREFIX      34
68 #define HNCP_PREFIX_POLICY         43
69 #define HNCP_DHCPV4_DATA           37 /* This is correct, see RFC 7788 Errata ID 5113. */
70 #define HNCP_DHCPV6_DATA           38 /* idem */
71 #define HNCP_ASSIGNED_PREFIX       35
72 #define HNCP_NODE_ADDRESS          36
73 #define HNCP_DNS_DELEGATED_ZONE    39
74 #define HNCP_DOMAIN_NAME           40
75 #define HNCP_NODE_NAME             41
76 #define HNCP_MANAGED_PSK           42
77 
78 /* See type_mask in hncp_print_rec below */
79 #define RANGE_DNCP_RESERVED    0x10000
80 #define RANGE_HNCP_UNASSIGNED  0x10001
81 #define RANGE_DNCP_PRIVATE_USE 0x10002
82 #define RANGE_DNCP_FUTURE_USE  0x10003
83 
84 static const struct tok type_values[] = {
85     { DNCP_REQUEST_NETWORK_STATE, "Request network state" },
86     { DNCP_REQUEST_NODE_STATE,    "Request node state" },
87     { DNCP_NODE_ENDPOINT,         "Node endpoint" },
88     { DNCP_NETWORK_STATE,         "Network state" },
89     { DNCP_NODE_STATE,            "Node state" },
90     { DNCP_PEER,                  "Peer" },
91     { DNCP_KEEP_ALIVE_INTERVAL,   "Keep-alive interval" },
92     { DNCP_TRUST_VERDICT,         "Trust-Verdict" },
93 
94     { HNCP_HNCP_VERSION,        "HNCP-Version" },
95     { HNCP_EXTERNAL_CONNECTION, "External-Connection" },
96     { HNCP_DELEGATED_PREFIX,    "Delegated-Prefix" },
97     { HNCP_PREFIX_POLICY,       "Prefix-Policy" },
98     { HNCP_DHCPV4_DATA,         "DHCPv4-Data" },
99     { HNCP_DHCPV6_DATA,         "DHCPv6-Data" },
100     { HNCP_ASSIGNED_PREFIX,     "Assigned-Prefix" },
101     { HNCP_NODE_ADDRESS,        "Node-Address" },
102     { HNCP_DNS_DELEGATED_ZONE,  "DNS-Delegated-Zone" },
103     { HNCP_DOMAIN_NAME,         "Domain-Name" },
104     { HNCP_NODE_NAME,           "Node-Name" },
105     { HNCP_MANAGED_PSK,         "Managed-PSK" },
106 
107     { RANGE_DNCP_RESERVED,    "Reserved" },
108     { RANGE_HNCP_UNASSIGNED,  "Unassigned" },
109     { RANGE_DNCP_PRIVATE_USE, "Private use" },
110     { RANGE_DNCP_FUTURE_USE,  "Future use" },
111 
112     { 0, NULL}
113 };
114 
115 #define DH4OPT_DNS_SERVERS 6     /* RFC2132 */
116 #define DH4OPT_NTP_SERVERS 42    /* RFC2132 */
117 #define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */
118 
119 static const struct tok dh4opt_str[] = {
120     { DH4OPT_DNS_SERVERS, "DNS-server" },
121     { DH4OPT_NTP_SERVERS, "NTP-server"},
122     { DH4OPT_DOMAIN_SEARCH, "DNS-search" },
123     { 0, NULL }
124 };
125 
126 #define DH6OPT_DNS_SERVERS 23   /* RFC3646 */
127 #define DH6OPT_DOMAIN_LIST 24   /* RFC3646 */
128 #define DH6OPT_SNTP_SERVERS 31  /* RFC4075 */
129 
130 static const struct tok dh6opt_str[] = {
131     { DH6OPT_DNS_SERVERS,  "DNS-server" },
132     { DH6OPT_DOMAIN_LIST,  "DNS-search-list" },
133     { DH6OPT_SNTP_SERVERS, "SNTP-servers" },
134     { 0, NULL }
135 };
136 
137 /*
138  * For IPv4-mapped IPv6 addresses, length of the prefix that precedes
139  * the 4 bytes of IPv4 address at the end of the IPv6 address.
140  */
141 #define IPV4_MAPPED_HEADING_LEN    12
142 
143 /*
144  * Is an IPv6 address an IPv4-mapped address?
145  */
146 static int
147 is_ipv4_mapped_address(const u_char *addr)
148 {
149     /* The value of the prefix */
150     static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] =
151         { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
152 
153     return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0;
154 }
155 
156 static const char *
157 format_nid(netdissect_options *ndo, const u_char *data)
158 {
159     static char buf[4][sizeof("01:01:01:01")];
160     static int i = 0;
161     i = (i + 1) % 4;
162     snprintf(buf[i], sizeof(buf[i]), "%02x:%02x:%02x:%02x",
163              GET_U_1(data), GET_U_1(data + 1), GET_U_1(data + 2),
164              GET_U_1(data + 3));
165     return buf[i];
166 }
167 
168 static const char *
169 format_256(netdissect_options *ndo, const u_char *data)
170 {
171     static char buf[4][sizeof("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")];
172     static int i = 0;
173     i = (i + 1) % 4;
174     snprintf(buf[i], sizeof(buf[i]), "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
175          GET_BE_U_8(data),
176          GET_BE_U_8(data + 8),
177          GET_BE_U_8(data + 16),
178          GET_BE_U_8(data + 24)
179     );
180     return buf[i];
181 }
182 
183 static const char *
184 format_interval(const uint32_t n)
185 {
186     static char buf[4][sizeof("0000000.000s")];
187     static int i = 0;
188     i = (i + 1) % 4;
189     snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000);
190     return buf[i];
191 }
192 
193 static const char *
194 format_ip6addr(netdissect_options *ndo, const u_char *cp)
195 {
196     if (is_ipv4_mapped_address(cp))
197         return GET_IPADDR_STRING(cp + IPV4_MAPPED_HEADING_LEN);
198     else
199         return GET_IP6ADDR_STRING(cp);
200 }
201 
202 static int
203 print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length)
204 {
205     int plenbytes;
206     char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")];
207 
208     if (GET_U_1(prefix) >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 &&
209         is_ipv4_mapped_address(prefix + 1)) {
210         nd_ipv4 addr;
211         u_int plen;
212 
213         plen = GET_U_1(prefix) - 96;
214         if (32 < plen)
215             return -1;
216         max_length -= 1;
217 
218         memset(&addr, 0, sizeof(addr));
219         plenbytes = (plen + 7) / 8;
220         if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN)
221             return -3;
222         memcpy(&addr, prefix + IPV4_MAPPED_HEADING_LEN + 1, plenbytes);
223         if (plen % 8) {
224 		((u_char *)&addr)[plenbytes - 1] &=
225 			((0xff00 >> (plen % 8)) & 0xff);
226 	}
227 	snprintf(buf, sizeof(buf), "%s/%u", ipaddr_string(ndo, (const u_char *)&addr), plen); /* local buffer, not packet data; don't use GET_IPADDR_STRING() */
228         plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
229     } else {
230         plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
231         if (plenbytes < 0)
232             return plenbytes;
233     }
234 
235     ND_PRINT("%s", buf);
236     return plenbytes;
237 }
238 
239 static int
240 print_dns_label(netdissect_options *ndo,
241                 const u_char *cp, u_int max_length, int print)
242 {
243     u_int length = 0;
244     while (length < max_length) {
245         u_int lab_length = GET_U_1(cp + length);
246         length++;
247         if (lab_length == 0)
248             return (int)length;
249         if (length > 1 && print)
250             ND_PRINT(".");
251         if (length+lab_length > max_length) {
252             if (print)
253                 nd_printjnp(ndo, cp+length, max_length-length);
254             break;
255         }
256         if (print)
257             nd_printjnp(ndo, cp+length, lab_length);
258         length += lab_length;
259     }
260     if (print)
261         ND_PRINT("[|DNS]");
262     return -1;
263 }
264 
265 static int
266 dhcpv4_print(netdissect_options *ndo,
267              const u_char *cp, u_int length, int indent)
268 {
269     u_int i, t;
270     const uint8_t *tlv, *value;
271     uint8_t type, optlen;
272 
273     i = 0;
274     while (i < length) {
275         if (i + 2 > length)
276             return -1;
277         tlv = cp + i;
278         type = GET_U_1(tlv);
279         optlen = GET_U_1(tlv + 1);
280         value = tlv + 2;
281 
282         ND_PRINT("\n");
283         for (t = indent; t > 0; t--)
284             ND_PRINT("\t");
285 
286         ND_PRINT("%s", tok2str(dh4opt_str, "Unknown", type));
287         ND_PRINT(" (%u)", optlen + 2 );
288         if (i + 2 + optlen > length)
289             return -1;
290 
291         switch (type) {
292         case DH4OPT_DNS_SERVERS:
293         case DH4OPT_NTP_SERVERS: {
294             if (optlen < 4 || optlen % 4 != 0) {
295                 return -1;
296             }
297             for (t = 0; t < optlen; t += 4)
298                 ND_PRINT(" %s", GET_IPADDR_STRING(value + t));
299         }
300             break;
301         case DH4OPT_DOMAIN_SEARCH: {
302             const u_char *tp = value;
303             while (tp < value + optlen) {
304                 ND_PRINT(" ");
305                 if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL)
306                     return -1;
307             }
308         }
309             break;
310         }
311 
312         i += 2 + optlen;
313     }
314     return 0;
315 }
316 
317 static int
318 dhcpv6_print(netdissect_options *ndo,
319              const u_char *cp, u_int length, int indent)
320 {
321     u_int i, t;
322     const u_char *tlv, *value;
323     uint16_t type, optlen;
324 
325     i = 0;
326     while (i < length) {
327         if (i + 4 > length)
328             return -1;
329         tlv = cp + i;
330         type = GET_BE_U_2(tlv);
331         optlen = GET_BE_U_2(tlv + 2);
332         value = tlv + 4;
333 
334         ND_PRINT("\n");
335         for (t = indent; t > 0; t--)
336             ND_PRINT("\t");
337 
338         ND_PRINT("%s", tok2str(dh6opt_str, "Unknown", type));
339         ND_PRINT(" (%u)", optlen + 4 );
340         if (i + 4 + optlen > length)
341             return -1;
342 
343         switch (type) {
344             case DH6OPT_DNS_SERVERS:
345             case DH6OPT_SNTP_SERVERS: {
346                 if (optlen % 16 != 0) {
347                     nd_print_invalid(ndo);
348                     return -1;
349                 }
350                 for (t = 0; t < optlen; t += 16)
351                     ND_PRINT(" %s", GET_IP6ADDR_STRING(value + t));
352             }
353                 break;
354             case DH6OPT_DOMAIN_LIST: {
355                 const u_char *tp = value;
356                 while (tp < value + optlen) {
357                     ND_PRINT(" ");
358                     if ((tp = fqdn_print(ndo, tp, value + optlen)) == NULL)
359                         return -1;
360                 }
361             }
362                 break;
363         }
364 
365         i += 4 + optlen;
366     }
367     return 0;
368 }
369 
370 /* Determine in-line mode */
371 static int
372 is_in_line(netdissect_options *ndo, int indent)
373 {
374     return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3;
375 }
376 
377 static void
378 print_type_in_line(netdissect_options *ndo,
379                    uint32_t type, int count, int indent, int *first_one)
380 {
381     if (count > 0) {
382         if (*first_one) {
383             *first_one = 0;
384             if (indent > 1) {
385                 u_int t;
386                 ND_PRINT("\n");
387                 for (t = indent; t > 0; t--)
388                     ND_PRINT("\t");
389             } else {
390                 ND_PRINT(" ");
391             }
392         } else {
393             ND_PRINT(", ");
394         }
395         ND_PRINT("%s", tok2str(type_values, "Easter Egg", type));
396         if (count > 1)
397             ND_PRINT(" (x%d)", count);
398     }
399 }
400 
401 static void
402 hncp_print_rec(netdissect_options *ndo,
403                const u_char *cp, u_int length, int indent)
404 {
405     const int in_line = is_in_line(ndo, indent);
406     int first_one = 1;
407 
408     u_int i, t;
409 
410     uint32_t last_type_mask = 0xffffffffU;
411     int last_type_count = -1;
412 
413     const uint8_t *tlv, *value;
414     uint16_t type, bodylen;
415     uint32_t type_mask;
416 
417     i = 0;
418     while (i < length) {
419         tlv = cp + i;
420 
421         if (!in_line) {
422             ND_PRINT("\n");
423             for (t = indent; t > 0; t--)
424                 ND_PRINT("\t");
425         }
426 
427         ND_TCHECK_4(tlv);
428         if (i + 4 > length)
429             goto invalid;
430 
431         type = GET_BE_U_2(tlv);
432         bodylen = GET_BE_U_2(tlv + 2);
433         value = tlv + 4;
434         ND_TCHECK_LEN(value, bodylen);
435         if (i + bodylen + 4 > length)
436             goto invalid;
437 
438         type_mask =
439             (type == 0)                   ? RANGE_DNCP_RESERVED:
440             (44 <= type && type <= 511)   ? RANGE_HNCP_UNASSIGNED:
441             (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE:
442                                             RANGE_DNCP_FUTURE_USE;
443         if (type == 6 || type == 7)
444             type_mask = RANGE_DNCP_FUTURE_USE;
445 
446         /* defined types */
447         {
448             t = 0;
449             while (1) {
450                 u_int key = type_values[t++].v;
451                 if (key > 0xffff)
452                     break;
453                 if (key == type) {
454                     type_mask = type;
455                     break;
456                 }
457             }
458         }
459 
460         if (in_line) {
461             if (last_type_mask == type_mask) {
462                 last_type_count++;
463             } else {
464                 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one);
465                 last_type_mask = type_mask;
466                 last_type_count = 1;
467             }
468 
469             goto skip_multiline;
470         }
471 
472         ND_PRINT("%s", tok2str(type_values, "Easter Egg (42)", type_mask) );
473         if (type_mask > 0xffff)
474             ND_PRINT(": type=%u", type );
475         ND_PRINT(" (%u)", bodylen + 4 );
476 
477         switch (type_mask) {
478 
479         case DNCP_REQUEST_NETWORK_STATE: {
480             if (bodylen != 0)
481                 nd_print_invalid(ndo);
482         }
483             break;
484 
485         case DNCP_REQUEST_NODE_STATE: {
486             const char *node_identifier;
487             if (bodylen != 4) {
488                 nd_print_invalid(ndo);
489                 break;
490             }
491             node_identifier = format_nid(ndo, value);
492             ND_PRINT(" NID: %s", node_identifier);
493         }
494             break;
495 
496         case DNCP_NODE_ENDPOINT: {
497             const char *node_identifier;
498             uint32_t endpoint_identifier;
499             if (bodylen != 8) {
500                 nd_print_invalid(ndo);
501                 break;
502             }
503             node_identifier = format_nid(ndo, value);
504             endpoint_identifier = GET_BE_U_4(value + 4);
505             ND_PRINT(" NID: %s EPID: %08x",
506                 node_identifier,
507                 endpoint_identifier
508             );
509         }
510             break;
511 
512         case DNCP_NETWORK_STATE: {
513             uint64_t hash;
514             if (bodylen != 8) {
515                 nd_print_invalid(ndo);
516                 break;
517             }
518             hash = GET_BE_U_8(value);
519             ND_PRINT(" hash: %016" PRIx64, hash);
520         }
521             break;
522 
523         case DNCP_NODE_STATE: {
524             const char *node_identifier, *interval;
525             uint32_t sequence_number;
526             uint64_t hash;
527             if (bodylen < 20) {
528                 nd_print_invalid(ndo);
529                 break;
530             }
531             node_identifier = format_nid(ndo, value);
532             sequence_number = GET_BE_U_4(value + 4);
533             interval = format_interval(GET_BE_U_4(value + 8));
534             hash = GET_BE_U_8(value + 12);
535             ND_PRINT(" NID: %s seqno: %u %s hash: %016" PRIx64,
536                 node_identifier,
537                 sequence_number,
538                 interval,
539                 hash
540             );
541             hncp_print_rec(ndo, value+20, bodylen-20, indent+1);
542         }
543             break;
544 
545         case DNCP_PEER: {
546             const char *peer_node_identifier;
547             uint32_t peer_endpoint_identifier, endpoint_identifier;
548             if (bodylen != 12) {
549                 nd_print_invalid(ndo);
550                 break;
551             }
552             peer_node_identifier = format_nid(ndo, value);
553             peer_endpoint_identifier = GET_BE_U_4(value + 4);
554             endpoint_identifier = GET_BE_U_4(value + 8);
555             ND_PRINT(" Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x",
556                 peer_node_identifier,
557                 peer_endpoint_identifier,
558                 endpoint_identifier
559             );
560         }
561             break;
562 
563         case DNCP_KEEP_ALIVE_INTERVAL: {
564             uint32_t endpoint_identifier;
565             const char *interval;
566             if (bodylen < 8) {
567                 nd_print_invalid(ndo);
568                 break;
569             }
570             endpoint_identifier = GET_BE_U_4(value);
571             interval = format_interval(GET_BE_U_4(value + 4));
572             ND_PRINT(" EPID: %08x Interval: %s",
573                 endpoint_identifier,
574                 interval
575             );
576         }
577             break;
578 
579         case DNCP_TRUST_VERDICT: {
580             if (bodylen <= 36) {
581                 nd_print_invalid(ndo);
582                 break;
583             }
584             ND_PRINT(" Verdict: %u Fingerprint: %s Common Name: ",
585                 GET_U_1(value),
586                 format_256(ndo, value + 4));
587             nd_printjnp(ndo, value + 36, bodylen - 36);
588         }
589             break;
590 
591         case HNCP_HNCP_VERSION: {
592             uint16_t capabilities;
593             uint8_t M, P, H, L;
594             if (bodylen < 5) {
595                 nd_print_invalid(ndo);
596                 break;
597             }
598             capabilities = GET_BE_U_2(value + 2);
599             M = (uint8_t)((capabilities >> 12) & 0xf);
600             P = (uint8_t)((capabilities >> 8) & 0xf);
601             H = (uint8_t)((capabilities >> 4) & 0xf);
602             L = (uint8_t)(capabilities & 0xf);
603             ND_PRINT(" M: %u P: %u H: %u L: %u User-agent: ",
604                 M, P, H, L
605             );
606             nd_printjnp(ndo, value + 4, bodylen - 4);
607         }
608             break;
609 
610         case HNCP_EXTERNAL_CONNECTION: {
611             /* Container TLV */
612             hncp_print_rec(ndo, value, bodylen, indent+1);
613         }
614             break;
615 
616         case HNCP_DELEGATED_PREFIX: {
617             int l;
618             if (bodylen < 9 || bodylen < 9 + (GET_U_1(value + 8) + 7) / 8) {
619                 nd_print_invalid(ndo);
620                 break;
621             }
622             ND_PRINT(" VLSO: %s PLSO: %s Prefix: ",
623                 format_interval(GET_BE_U_4(value)),
624                 format_interval(GET_BE_U_4(value + 4))
625             );
626             l = print_prefix(ndo, value + 8, bodylen - 8);
627             if (l == -1) {
628                 ND_PRINT("(length is invalid)");
629                 break;
630             }
631             if (l < 0) {
632                 /*
633                  * We've already checked that we've captured the
634                  * entire TLV, based on its length, so this will
635                  * either be -1, meaning "the prefix length is
636                  * greater than the longest possible address of
637                  * that type" (i.e., > 32 for IPv4 or > 128 for
638                  * IPv6", or -3, meaning "the prefix runs past
639                  * the end of the TLV".
640                  */
641                 nd_print_invalid(ndo);
642                 break;
643             }
644             l += 8 + (-l & 3);
645 
646             if (bodylen >= l)
647                 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
648         }
649             break;
650 
651         case HNCP_PREFIX_POLICY: {
652             uint8_t policy;
653             int l;
654             if (bodylen < 1) {
655                 nd_print_invalid(ndo);
656                 break;
657             }
658             policy = GET_U_1(value);
659             ND_PRINT(" type: ");
660             if (policy == 0) {
661                 if (bodylen != 1) {
662                     nd_print_invalid(ndo);
663                     break;
664                 }
665                 ND_PRINT("Internet connectivity");
666             } else if (policy >= 1 && policy <= 128) {
667                 ND_PRINT("Dest-Prefix: ");
668                 l = print_prefix(ndo, value, bodylen);
669                 if (l == -1) {
670                     ND_PRINT("(length is invalid)");
671                     break;
672                 }
673                 if (l < 0) {
674                     /*
675                      * We've already checked that we've captured the
676                      * entire TLV, based on its length, so this will
677                      * either be -1, meaning "the prefix length is
678                      * greater than the longest possible address of
679                      * that type" (i.e., > 32 for IPv4 or > 128 for
680                      * IPv6", or -3, meaning "the prefix runs past
681                      * the end of the TLV".
682                      */
683                     nd_print_invalid(ndo);
684                     break;
685                 }
686             } else if (policy == 129) {
687                 ND_PRINT("DNS domain: ");
688                 print_dns_label(ndo, value+1, bodylen-1, 1);
689             } else if (policy == 130) {
690                 ND_PRINT("Opaque UTF-8: ");
691                 nd_printjnp(ndo, value + 1, bodylen - 1);
692             } else if (policy == 131) {
693                 if (bodylen != 1) {
694                     nd_print_invalid(ndo);
695                     break;
696                 }
697                 ND_PRINT("Restrictive assignment");
698             } else if (policy >= 132) {
699                 ND_PRINT("Unknown (%u)", policy); /* Reserved for future additions */
700             }
701         }
702             break;
703 
704         case HNCP_DHCPV4_DATA: {
705             if (bodylen == 0) {
706                 nd_print_invalid(ndo);
707                 break;
708             }
709             if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0)
710                 goto invalid;
711         }
712             break;
713 
714         case HNCP_DHCPV6_DATA: {
715             if (bodylen == 0) {
716                 nd_print_invalid(ndo);
717                 break;
718             }
719             if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) {
720                 nd_print_invalid(ndo);
721                 break;
722             }
723         }
724             break;
725 
726         case HNCP_ASSIGNED_PREFIX: {
727             uint8_t prty;
728             int l;
729             if (bodylen < 6 || bodylen < 6 + (GET_U_1(value + 5) + 7) / 8) {
730                 nd_print_invalid(ndo);
731                 break;
732             }
733             prty = GET_U_1(value + 4) & 0xf;
734             ND_PRINT(" EPID: %08x Prty: %u",
735                 GET_BE_U_4(value),
736                 prty
737             );
738             ND_PRINT(" Prefix: ");
739             if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) {
740                 nd_print_invalid(ndo);
741                 break;
742             }
743             l += 5;
744             l += -l & 3;
745 
746             if (bodylen >= l)
747                 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
748         }
749             break;
750 
751         case HNCP_NODE_ADDRESS: {
752             uint32_t endpoint_identifier;
753             const char *ip_address;
754             if (bodylen < 20) {
755                 nd_print_invalid(ndo);
756                 break;
757             }
758             endpoint_identifier = GET_BE_U_4(value);
759             ip_address = format_ip6addr(ndo, value + 4);
760             ND_PRINT(" EPID: %08x IP Address: %s",
761                 endpoint_identifier,
762                 ip_address
763             );
764 
765             hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1);
766         }
767             break;
768 
769         case HNCP_DNS_DELEGATED_ZONE: {
770             const char *ip_address;
771             int len;
772             if (bodylen < 17) {
773                 nd_print_invalid(ndo);
774                 break;
775             }
776             ip_address = format_ip6addr(ndo, value);
777             ND_PRINT(" IP-Address: %s %c%c%c ",
778                 ip_address,
779                 (GET_U_1(value + 16) & 4) ? 'l' : '-',
780                 (GET_U_1(value + 16) & 2) ? 'b' : '-',
781                 (GET_U_1(value + 16) & 1) ? 's' : '-'
782             );
783             len = print_dns_label(ndo, value+17, bodylen-17, 1);
784             if (len < 0) {
785                 nd_print_invalid(ndo);
786                 break;
787             }
788             len += 17;
789             len += -len & 3;
790             if (bodylen >= len)
791                 hncp_print_rec(ndo, value+len, bodylen-len, indent+1);
792         }
793             break;
794 
795         case HNCP_DOMAIN_NAME: {
796             if (bodylen == 0) {
797                 nd_print_invalid(ndo);
798                 break;
799             }
800             ND_PRINT(" Domain: ");
801             print_dns_label(ndo, value, bodylen, 1);
802         }
803             break;
804 
805         case HNCP_NODE_NAME: {
806             u_int l;
807             if (bodylen < 17) {
808                 nd_print_invalid(ndo);
809                 break;
810             }
811             l = GET_U_1(value + 16);
812             if (bodylen < 17 + l) {
813                 nd_print_invalid(ndo);
814                 break;
815             }
816             ND_PRINT(" IP-Address: %s Name: ",
817                 format_ip6addr(ndo, value)
818             );
819             if (l < 64) {
820                 ND_PRINT("\"");
821                 nd_printjnp(ndo, value + 17, l);
822                 ND_PRINT("\"");
823             } else {
824                 nd_print_invalid(ndo);
825             }
826             l += 17;
827             l = roundup2(l, 4);
828             if (bodylen >= l)
829                 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
830         }
831             break;
832 
833         case HNCP_MANAGED_PSK: {
834             if (bodylen < 32) {
835                 nd_print_invalid(ndo);
836                 break;
837             }
838             ND_PRINT(" PSK: %s", format_256(ndo, value));
839             hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1);
840         }
841             break;
842 
843         case RANGE_DNCP_RESERVED:
844         case RANGE_HNCP_UNASSIGNED:
845         case RANGE_DNCP_PRIVATE_USE:
846         case RANGE_DNCP_FUTURE_USE:
847             break;
848 
849         }
850     skip_multiline:
851 
852         i += 4 + roundup2(bodylen, 4);
853     }
854     print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one);
855 
856     return;
857 
858  trunc:
859     nd_print_trunc(ndo);
860     return;
861 
862  invalid:
863     nd_print_invalid(ndo);
864 }
865