1 /* 2 * Copyright (c) 2015 Ritesh Ranjan (r.ranjan789@gmail.com) 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* \summary: - Locator/Identifier Separation Protocol (LISP) printer */ 30 31 /* 32 * specification: RFC 6830 33 * 34 * 35 * The Map-Register message format is: 36 * 37 * 0 1 2 3 38 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 39 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 40 * |Type=3 |P|S|I|R| Reserved |M| Record Count | 41 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 42 * | Nonce . . . | 43 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 44 * | . . . Nonce | 45 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 46 * | Key ID | Authentication Data Length | 47 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 48 * ~ Authentication Data ~ 49 * +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 50 * | | Record TTL | 51 * | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 52 * R | Locator Count | EID mask-len | ACT |A| Reserved | 53 * e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 54 * c | Rsvd | Map-Version Number | EID-Prefix-AFI | 55 * o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 56 * r | EID-Prefix | 57 * d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 58 * | /| Priority | Weight | M Priority | M Weight | 59 * | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 60 * | o | Unused Flags |L|p|R| Loc-AFI | 61 * | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 62 * | \| Locator | 63 * +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 64 * 65 * 66 * The Map-Notify message format is: 67 * 68 * 0 1 2 3 69 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 70 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 71 * |Type=4 |I|R| Reserved | Record Count | 72 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 73 * | Nonce . . . | 74 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 75 * | . . . Nonce | 76 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 77 * | Key ID | Authentication Data Length | 78 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 79 * ~ Authentication Data ~ 80 * +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 81 * | | Record TTL | 82 * | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 83 * R | Locator Count | EID mask-len | ACT |A| Reserved | 84 * e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 85 * c | Rsvd | Map-Version Number | EID-Prefix-AFI | 86 * o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 87 * r | EID-Prefix | 88 * d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 89 * | /| Priority | Weight | M Priority | M Weight | 90 * | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 91 * | o | Unused Flags |L|p|R| Loc-AFI | 92 * | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 93 * | \| Locator | 94 * +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 95 */ 96 97 #ifdef HAVE_CONFIG_H 98 #include "config.h" 99 #endif 100 101 #include <netdissect-stdinc.h> 102 #include <netdissect.h> 103 #include <string.h> 104 #include <stdlib.h> 105 106 #include "ip.h" 107 #include "ip6.h" 108 109 #include "extract.h" 110 #include "addrtoname.h" 111 112 static const char tstr[] = " [|LISP]"; 113 114 #define IPv4_AFI 1 115 #define IPv6_AFI 2 116 #define TYPE_INDEX 4 117 #define LISP_MAP_NOTIFY_IBIT_MASK 8 118 #define LISP_MAP_REGISTER_IBIT_MASK 2 119 120 enum { 121 LISP_MAP_REQUEST = 1, 122 LISP_MAP_REPLY, 123 LISP_MAP_REGISTER, 124 LISP_MAP_NOTIFY, 125 LISP_ENCAPSULATED_CONTROL_MESSAGE = 8 126 }; 127 128 enum { 129 LISP_AUTH_NONE, 130 LISP_AUTH_SHA1, 131 LISP_AUTH_SHA256 132 }; 133 134 static const struct tok lisp_type [] = { 135 { 0, "LISP-Reserved" }, 136 { 1, "LISP-Map-Request" }, 137 { 2, "LISP-Map-Reply" }, 138 { 3, "LISP-Map-Register" }, 139 { 4, "LISP-Map-Notify" }, 140 { 8, "LISP-Encapsulated-Contol-Message" }, 141 { 0, NULL } 142 }; 143 144 /* 145 * P-Bit : Request for Proxy Map-Reply from the MS/MR 146 * S-Bit : Security Enhancement. ETR is LISP-SEC enabled. draft-ietf-lisp-sec 147 * I-Bit : 128 bit xTR-ID and 64 bit Site-ID present. 148 * xTR-ID and Site-ID help in differentiation of xTRs in multi xTR 149 * and multi Site deployment scenarios. 150 * R-Bit : Built for a Reencapsulating-Tunnel-Router. Used in Traffic 151 * Engineering and Service Chaining 152 */ 153 static const struct tok map_register_hdr_flag[] = { 154 { 0x08000000, "P-Proxy-Map-Reply" }, 155 { 0x04000000, "S-LISP-SEC-Capable" }, 156 { 0x02000000, "I-xTR-ID-Present" }, 157 { 0x01000000, "R-Build-For-RTR" }, 158 { 0x00000100, "M-Want-Map-Notify" }, 159 { 0, NULL } 160 }; 161 162 static const struct tok map_notify_hdr_flag[] = { 163 { 0x08000000, "I-xTR-ID-Present" }, 164 { 0x04000000, "R-Build-For-RTR" }, 165 { 0, NULL } 166 }; 167 168 static const struct tok auth_type[] = { 169 { LISP_AUTH_NONE, "None" }, 170 { LISP_AUTH_SHA1, "SHA1" }, 171 { LISP_AUTH_SHA256, "SHA256" }, 172 { 0, NULL} 173 }; 174 175 static const struct tok lisp_eid_action[] = { 176 { 0, "No-Action" }, 177 { 1, "Natively-Forward" }, 178 { 2, "Send-Map-Request" }, 179 { 3, "Drop" }, 180 { 0, NULL} 181 }; 182 183 static const struct tok lisp_loc_flag[] = { 184 { 0x0004, "Local-Locator" }, 185 { 0x0002, "RLoc-Probed" }, 186 { 0x0001, "Reachable" }, 187 { 0, NULL } 188 }; 189 190 typedef struct map_register_hdr { 191 nd_uint8_t type_and_flag; 192 nd_uint8_t reserved; 193 nd_uint8_t reserved_and_flag2; 194 nd_uint8_t record_count; 195 nd_uint64_t nonce; 196 nd_uint16_t key_id; 197 nd_uint16_t auth_data_len; 198 } lisp_map_register_hdr; 199 200 #define MAP_REGISTER_HDR_LEN sizeof(lisp_map_register_hdr) 201 202 typedef struct map_register_eid { 203 nd_uint32_t ttl; 204 nd_uint8_t locator_count; 205 nd_uint8_t eid_prefix_mask_length; 206 nd_uint8_t act_auth_inc_res; 207 nd_uint8_t reserved; 208 nd_uint8_t reserved_version_hi; 209 nd_uint8_t version_low; 210 nd_uint16_t eid_prefix_afi; 211 } lisp_map_register_eid; 212 213 #define MAP_REGISTER_EID_LEN sizeof(lisp_map_register_eid) 214 215 typedef struct map_register_loc { 216 nd_uint8_t priority; 217 nd_uint8_t weight; 218 nd_uint8_t m_priority; 219 nd_uint8_t m_weight; 220 nd_uint16_t unused_and_flag; 221 nd_uint16_t locator_afi; 222 } lisp_map_register_loc; 223 224 #define MAP_REGISTER_LOC_LEN sizeof(lisp_map_register_loc) 225 226 static inline uint8_t extract_lisp_type(uint8_t); 227 static inline uint8_t is_xtr_data_present(uint8_t , uint8_t); 228 static void lisp_hdr_flag(netdissect_options *, const lisp_map_register_hdr *); 229 static void action_flag(netdissect_options *, uint8_t); 230 static void loc_hdr_flag(netdissect_options *, uint16_t); 231 232 void lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) 233 { 234 uint8_t type; 235 uint8_t mask_len; 236 uint8_t loc_count; 237 uint8_t xtr_present; 238 uint8_t record_count; 239 uint16_t key_id; 240 uint16_t eid_afi; 241 uint16_t loc_afi; 242 uint16_t map_version; 243 uint16_t packet_offset; 244 uint16_t auth_data_len; 245 uint32_t ttl; 246 const u_char *packet_iterator; 247 const u_char *loc_ip_pointer; 248 const lisp_map_register_hdr *lisp_hdr; 249 const lisp_map_register_eid *lisp_eid; 250 const lisp_map_register_loc *lisp_loc; 251 252 /* Check if enough bytes for header are available */ 253 ND_TCHECK2(*bp, MAP_REGISTER_HDR_LEN); 254 lisp_hdr = (const lisp_map_register_hdr *) bp; 255 lisp_hdr_flag(ndo, lisp_hdr); 256 /* Supporting only MAP NOTIFY and MAP REGISTER LISP packets */ 257 type = extract_lisp_type(lisp_hdr->type_and_flag); 258 if ((type != LISP_MAP_REGISTER) && (type != LISP_MAP_NOTIFY)) 259 return; 260 261 /* Find if the packet contains xTR and Site-ID data */ 262 xtr_present = is_xtr_data_present(type, lisp_hdr->type_and_flag); 263 264 /* Extract the number of EID records present */ 265 auth_data_len = EXTRACT_16BITS(&lisp_hdr->auth_data_len); 266 packet_iterator = (const u_char *)(lisp_hdr); 267 packet_offset = MAP_REGISTER_HDR_LEN; 268 record_count = lisp_hdr->record_count; 269 270 if (ndo->ndo_vflag) { 271 key_id = EXTRACT_16BITS(&lisp_hdr->key_id); 272 ND_PRINT((ndo, "\n %u record(s), ", record_count)); 273 ND_PRINT((ndo, "Authentication %s,", 274 tok2str(auth_type, "unknown-type", key_id))); 275 hex_print(ndo, "\n Authentication-Data: ", packet_iterator + 276 packet_offset, auth_data_len); 277 } else { 278 ND_PRINT((ndo, " %u record(s),", record_count)); 279 } 280 packet_offset += auth_data_len; 281 282 if (record_count == 0) 283 goto invalid; 284 285 /* Print all the EID records */ 286 while ((length > packet_offset) && (record_count--)) { 287 288 ND_TCHECK2(*(packet_iterator + packet_offset), MAP_REGISTER_EID_LEN); 289 ND_PRINT((ndo, "\n")); 290 lisp_eid = (const lisp_map_register_eid *) 291 ((const u_char *)lisp_hdr + packet_offset); 292 packet_offset += MAP_REGISTER_EID_LEN; 293 mask_len = lisp_eid->eid_prefix_mask_length; 294 eid_afi = EXTRACT_16BITS(&lisp_eid->eid_prefix_afi); 295 loc_count = lisp_eid->locator_count; 296 297 if (ndo->ndo_vflag) { 298 ttl = EXTRACT_32BITS(&lisp_eid->ttl); 299 ND_PRINT((ndo, " Record TTL %u,", ttl)); 300 action_flag(ndo, lisp_eid->act_auth_inc_res); 301 map_version = (((lisp_eid->reserved_version_hi) & 15 ) * 255) + 302 lisp_eid->version_low; 303 ND_PRINT((ndo, " Map Version: %u,", map_version)); 304 } 305 306 switch (eid_afi) { 307 case IPv4_AFI: 308 ND_TCHECK2(*(packet_iterator + packet_offset), 4); 309 ND_PRINT((ndo, " EID %s/%u,", ipaddr_string(ndo, 310 packet_iterator + packet_offset), mask_len)); 311 packet_offset += 4; 312 break; 313 case IPv6_AFI: 314 ND_TCHECK2(*(packet_iterator + packet_offset), 16); 315 ND_PRINT((ndo, " EID %s/%u,", ip6addr_string(ndo, 316 packet_iterator + packet_offset), mask_len)); 317 packet_offset += 16; 318 break; 319 default: 320 /* 321 * No support for LCAF right now. 322 */ 323 return; 324 break; 325 } 326 327 ND_PRINT((ndo, " %u locator(s)", loc_count)); 328 329 while (loc_count--) { 330 ND_TCHECK2(*(packet_iterator + packet_offset), MAP_REGISTER_LOC_LEN); 331 lisp_loc = (const lisp_map_register_loc *) (packet_iterator + packet_offset); 332 loc_ip_pointer = (const u_char *) (lisp_loc + 1); 333 packet_offset += MAP_REGISTER_LOC_LEN; 334 loc_afi = EXTRACT_16BITS(&lisp_loc->locator_afi); 335 336 if (ndo->ndo_vflag) 337 ND_PRINT((ndo, "\n ")); 338 339 switch (loc_afi) { 340 case IPv4_AFI: 341 ND_TCHECK2(*(packet_iterator + packet_offset), 4); 342 ND_PRINT((ndo, " LOC %s", ipaddr_string(ndo, loc_ip_pointer))); 343 packet_offset += 4; 344 break; 345 case IPv6_AFI: 346 ND_TCHECK2(*(packet_iterator + packet_offset), 16); 347 ND_PRINT((ndo, " LOC %s", ip6addr_string(ndo, loc_ip_pointer))); 348 packet_offset += 16; 349 break; 350 default: 351 break; 352 } 353 if (ndo->ndo_vflag) { 354 ND_PRINT((ndo, "\n Priority/Weight %u/%u," 355 " Multicast Priority/Weight %u/%u,", 356 lisp_loc->priority, lisp_loc->weight, 357 lisp_loc->m_priority, lisp_loc->m_weight)); 358 loc_hdr_flag(ndo, EXTRACT_16BITS(&lisp_loc->unused_and_flag)); 359 } 360 } 361 } 362 363 /* 364 * Print xTR and Site ID. Handle the fact that the packet could be invalid. 365 * If the xTR_ID_Present bit is not set, and we still have data to display, 366 * show it as hex data. 367 */ 368 if (xtr_present) { 369 if (!ND_TTEST2(*(packet_iterator + packet_offset), 24)) 370 goto invalid; 371 hex_print_with_offset(ndo, "\n xTR-ID: ", packet_iterator + packet_offset, 16, 0); 372 ND_PRINT((ndo, "\n SITE-ID: %" PRIu64, 373 EXTRACT_64BITS(packet_iterator + packet_offset + 16))); 374 } else { 375 /* Check if packet isn't over yet */ 376 if (packet_iterator + packet_offset < ndo->ndo_snapend) { 377 hex_print_with_offset(ndo, "\n Data: ", packet_iterator + packet_offset, 378 (ndo->ndo_snapend - (packet_iterator + packet_offset)), 0); 379 } 380 } 381 return; 382 trunc: 383 ND_PRINT((ndo, "\n %s", tstr)); 384 return; 385 invalid: 386 ND_PRINT((ndo, "\n %s", istr)); 387 return; 388 } 389 390 static inline uint8_t extract_lisp_type(uint8_t lisp_hdr_flags) 391 { 392 return (lisp_hdr_flags) >> TYPE_INDEX; 393 } 394 395 static inline uint8_t is_xtr_data_present(uint8_t type, uint8_t lisp_hdr_flags) 396 { 397 uint8_t xtr_present = 0; 398 399 if (type == LISP_MAP_REGISTER) 400 xtr_present = (lisp_hdr_flags) & LISP_MAP_REGISTER_IBIT_MASK; 401 else if (type == LISP_MAP_NOTIFY) 402 xtr_present = (lisp_hdr_flags) & LISP_MAP_NOTIFY_IBIT_MASK; 403 404 return xtr_present; 405 } 406 407 static void lisp_hdr_flag(netdissect_options *ndo, const lisp_map_register_hdr *lisp_hdr) 408 { 409 uint8_t type = extract_lisp_type(lisp_hdr->type_and_flag); 410 411 if (!ndo->ndo_vflag) { 412 ND_PRINT((ndo, "%s,", tok2str(lisp_type, "unknown-type-%u", type))); 413 return; 414 } else { 415 ND_PRINT((ndo, "%s,", tok2str(lisp_type, "unknown-type-%u", type))); 416 } 417 418 if (type == LISP_MAP_REGISTER) { 419 ND_PRINT((ndo, " flags [%s],", bittok2str(map_register_hdr_flag, 420 "none", EXTRACT_32BITS(lisp_hdr)))); 421 } else if (type == LISP_MAP_NOTIFY) { 422 ND_PRINT((ndo, " flags [%s],", bittok2str(map_notify_hdr_flag, 423 "none", EXTRACT_32BITS(lisp_hdr)))); 424 } 425 426 return; 427 } 428 429 static void action_flag(netdissect_options *ndo, uint8_t act_auth_inc_res) 430 { 431 uint8_t action; 432 uint8_t authoritative; 433 434 authoritative = ((act_auth_inc_res >> 4) & 1); 435 436 if (authoritative) 437 ND_PRINT((ndo, " Authoritative,")); 438 else 439 ND_PRINT((ndo, " Non-Authoritative,")); 440 441 action = act_auth_inc_res >> 5; 442 ND_PRINT((ndo, " %s,", tok2str(lisp_eid_action, "unknown", action))); 443 } 444 445 static void loc_hdr_flag(netdissect_options *ndo, uint16_t flag) 446 { 447 ND_PRINT((ndo, " flags [%s],", bittok2str(lisp_loc_flag, "none", flag))); 448 } 449 450