1 /* Copyright (c) 2015, bugyo 2 * All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 1. Redistributions of source code must retain the above copyright notice, 7 * this list of conditions and the following disclaimer. 8 * 2. Redistributions in binary form must reproduce the above copyright notice, 9 * this list of conditions and the following disclaimer in the documentation 10 * and/or other materials provided with the distribution. 11 * 12 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 13 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 14 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 15 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 16 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 17 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 18 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 19 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 20 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 21 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 */ 23 24 /* \summary: Network Service Header (NSH) printer */ 25 26 /* specification: RFC 8300 */ 27 28 #include <config.h> 29 30 #include "netdissect-stdinc.h" 31 32 #define ND_LONGJMP_FROM_TCHECK 33 #include "netdissect.h" 34 #include "extract.h" 35 36 static const struct tok nsh_flags [] = { 37 { 0x2, "O" }, 38 { 0, NULL } 39 }; 40 41 /* 42 * 0 1 2 3 43 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 45 * |Ver|O|U| TTL | Length |U|U|U|U|MD Type| Next Protocol | 46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 47 */ 48 #define NSH_BASE_HDR_LEN 4 49 #define NSH_VER(x) (((x) & 0xc0000000) >> 30) 50 #define NSH_FLAGS(x) (((x) & 0x30000000) >> 28) 51 #define NSH_TTL(x) (((x) & 0x0fc00000) >> 22) 52 #define NSH_LENGTH(x) (((x) & 0x003f0000) >> 16) 53 #define NSH_MD_TYPE(x) (((x) & 0x00000f00) >> 8) 54 #define NSH_NEXT_PROT(x) (((x) & 0x000000ff) >> 0) 55 56 #define NSH_SERVICE_PATH_HDR_LEN 4 57 #define NSH_HDR_WORD_SIZE 4U 58 59 #define MD_RSV 0x00 60 #define MD_TYPE1 0x01 61 #define MD_TYPE2 0x02 62 #define MD_EXP 0x0F 63 static const struct tok md_str[] = { 64 { MD_RSV, "reserved" }, 65 { MD_TYPE1, "1" }, 66 { MD_TYPE2, "2" }, 67 { MD_EXP, "experimental" }, 68 { 0, NULL } 69 }; 70 71 #define NP_IPV4 0x01 72 #define NP_IPV6 0x02 73 #define NP_ETH 0x03 74 #define NP_NSH 0x04 75 #define NP_MPLS 0x05 76 #define NP_EXP1 0xFE 77 #define NP_EXP2 0xFF 78 static const struct tok np_str[] = { 79 { NP_IPV4, "IPv4" }, 80 { NP_IPV6, "IPv6" }, 81 { NP_ETH, "Ethernet" }, 82 { NP_NSH, "NSH" }, 83 { NP_MPLS, "MPLS" }, 84 { NP_EXP1, "Experiment 1" }, 85 { NP_EXP2, "Experiment 2" }, 86 { 0, NULL } 87 }; 88 89 void 90 nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) 91 { 92 uint32_t basehdr; 93 u_int ver, length, md_type; 94 uint8_t next_protocol; 95 u_char past_headers = 0; 96 u_int next_len; 97 98 ndo->ndo_protocol = "nsh"; 99 /* 100 * 0 1 2 3 101 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 102 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 103 * | Base Header | 104 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 * | Service Path Header | 106 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 107 * | | 108 * ~ Context Header(s) ~ 109 * | | 110 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 111 */ 112 113 /* print Base Header and Service Path Header */ 114 if (len < NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN) { 115 ND_PRINT(" (packet length %u < %u)", 116 len, NSH_BASE_HDR_LEN + NSH_SERVICE_PATH_HDR_LEN); 117 goto invalid; 118 } 119 120 basehdr = GET_BE_U_4(bp); 121 bp += 4; 122 ver = NSH_VER(basehdr); 123 length = NSH_LENGTH(basehdr); 124 md_type = NSH_MD_TYPE(basehdr); 125 next_protocol = NSH_NEXT_PROT(basehdr); 126 127 ND_PRINT("NSH, "); 128 if (ndo->ndo_vflag > 1) { 129 ND_PRINT("ver %u, ", ver); 130 } 131 if (ver != 0) 132 return; 133 ND_PRINT("flags [%s], ", 134 bittok2str_nosep(nsh_flags, "none", NSH_FLAGS(basehdr))); 135 if (ndo->ndo_vflag > 2) { 136 ND_PRINT("TTL %u, ", NSH_TTL(basehdr)); 137 ND_PRINT("length %u, ", length); 138 ND_PRINT("md type %s, ", tok2str(md_str, "unknown (0x%02x)", md_type)); 139 } 140 if (ndo->ndo_vflag > 1) { 141 ND_PRINT("next-protocol %s, ", 142 tok2str(np_str, "unknown (0x%02x)", next_protocol)); 143 } 144 145 /* Make sure we have all the headers */ 146 if (len < length * NSH_HDR_WORD_SIZE) { 147 ND_PRINT(" (too many headers for packet length %u)", len); 148 goto invalid; 149 } 150 151 /* 152 * 0 1 2 3 153 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 154 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 * | Service Path Identifier (SPI) | Service Index | 156 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 157 * 158 */ 159 ND_PRINT("service-path-id 0x%06x, ", GET_BE_U_3(bp)); 160 bp += 3; 161 ND_PRINT("service-index 0x%x", GET_U_1(bp)); 162 bp += 1; 163 164 /* 165 * length includes the lengths of the Base and Service Path headers. 166 * That means it must be at least 2. 167 */ 168 if (length < 2) { 169 ND_PRINT(" (less than two headers)"); 170 goto invalid; 171 } 172 173 /* 174 * Print, or skip, the Context Headers. 175 * (length - 2) is the length of those headers. 176 */ 177 if (ndo->ndo_vflag > 2) { 178 u_int n; 179 180 if (md_type == MD_TYPE1) { 181 if (length != 6) { 182 ND_PRINT(" (length for the MD type)"); 183 goto invalid; 184 } 185 for (n = 0; n < length - 2; n++) { 186 ND_PRINT("\n Context[%02u]: 0x%08x", n, GET_BE_U_4(bp)); 187 bp += NSH_HDR_WORD_SIZE; 188 } 189 past_headers = 1; 190 } else if (md_type == MD_TYPE2) { 191 n = 0; 192 while (n < length - 2) { 193 uint16_t tlv_class; 194 uint8_t tlv_type, tlv_len, tlv_len_padded; 195 196 tlv_class = GET_BE_U_2(bp); 197 bp += 2; 198 tlv_type = GET_U_1(bp); 199 bp += 1; 200 tlv_len = GET_U_1(bp) & 0x7f; 201 bp += 1; 202 tlv_len_padded = roundup2(tlv_len, NSH_HDR_WORD_SIZE); 203 204 ND_PRINT("\n TLV Class %u, Type %u, Len %u", 205 tlv_class, tlv_type, tlv_len); 206 207 n += 1; 208 209 if (length - 2 < n + tlv_len_padded / NSH_HDR_WORD_SIZE) { 210 ND_PRINT(" (length too big)"); 211 goto invalid; 212 } 213 214 if (tlv_len) { 215 const char *sep = "0x"; 216 u_int vn; 217 218 ND_PRINT("\n Value: "); 219 for (vn = 0; vn < tlv_len; vn++) { 220 ND_PRINT("%s%02x", sep, GET_U_1(bp)); 221 bp += 1; 222 sep = ":"; 223 } 224 /* Cover any TLV padding. */ 225 ND_TCHECK_LEN(bp, tlv_len_padded - tlv_len); 226 bp += tlv_len_padded - tlv_len; 227 n += tlv_len_padded / NSH_HDR_WORD_SIZE; 228 } 229 } 230 past_headers = 1; 231 } 232 } 233 if (! past_headers) { 234 ND_TCHECK_LEN(bp, (length - 2) * NSH_HDR_WORD_SIZE); 235 bp += (length - 2) * NSH_HDR_WORD_SIZE; 236 } 237 ND_PRINT(ndo->ndo_vflag ? "\n " : ": "); 238 239 /* print Next Protocol */ 240 next_len = len - length * NSH_HDR_WORD_SIZE; 241 switch (next_protocol) { 242 case NP_IPV4: 243 ip_print(ndo, bp, next_len); 244 break; 245 case NP_IPV6: 246 ip6_print(ndo, bp, next_len); 247 break; 248 case NP_ETH: 249 ether_print(ndo, bp, next_len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL); 250 break; 251 default: 252 ND_PRINT("ERROR: unknown-next-protocol"); 253 return; 254 } 255 256 return; 257 258 invalid: 259 nd_print_invalid(ndo); 260 } 261 262