2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
13 * Original code by Hannes Gredler (hannes@gredler.at)
16 /* \summary: Bidirectional Forwarding Detection (BFD) printer */
19 * specification: draft-ietf-bfd-base-01 for version 0,
20 * RFC 5880 for version 1, and RFC 5881
27 #include <netdissect-stdinc.h>
29 #include "netdissect.h"
35 * Control packet, BFDv0, draft-ietf-bfd-base-01
38 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
39 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
40 * |Vers | Diag |H|D|P|F|C|A|Rsv| Detect Mult | Length |
41 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
42 * | My Discriminator |
43 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
44 * | Your Discriminator |
45 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
46 * | Desired Min TX Interval |
47 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
48 * | Required Min RX Interval |
49 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
50 * | Required Min Echo RX Interval |
51 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
55 * Control packet, BFDv1, RFC 5880
58 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 * |Vers | Diag |Sta|P|F|C|A|D|M| Detect Mult | Length |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62 * | My Discriminator |
63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 * | Your Discriminator |
65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 * | Desired Min TX Interval |
67 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
68 * | Required Min RX Interval |
69 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
70 * | Required Min Echo RX Interval |
71 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
77 uint8_t detect_time_multiplier;
79 uint8_t my_discriminator[4];
80 uint8_t your_discriminator[4];
81 uint8_t desired_min_tx_interval[4];
82 uint8_t required_min_rx_interval[4];
83 uint8_t required_min_echo_interval[4];
87 * An optional Authentication Header may be present
90 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
91 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
92 * | Auth Type | Auth Len | Authentication Data... |
93 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
96 struct bfd_auth_header_t {
100 uint8_t dummy; /* minimun 4 bytes */
111 static const struct tok bfd_v1_authentication_values[] = {
112 { AUTH_PASSWORD, "Simple Password" },
113 { AUTH_MD5, "Keyed MD5" },
114 { AUTH_MET_MD5, "Meticulous Keyed MD5" },
115 { AUTH_SHA1, "Keyed SHA1" },
116 { AUTH_MET_SHA1, "Meticulous Keyed SHA1" },
121 AUTH_PASSWORD_FIELD_MIN_LEN = 4, /* header + password min: 3 + 1 */
122 AUTH_PASSWORD_FIELD_MAX_LEN = 19, /* header + password max: 3 + 16 */
123 AUTH_MD5_FIELD_LEN = 24,
124 AUTH_MD5_HASH_LEN = 16,
125 AUTH_SHA1_FIELD_LEN = 28,
126 AUTH_SHA1_HASH_LEN = 20
129 #define BFD_EXTRACT_VERSION(x) (((x)&0xe0)>>5)
130 #define BFD_EXTRACT_DIAG(x) ((x)&0x1f)
132 static const struct tok bfd_diag_values[] = {
133 { 0, "No Diagnostic" },
134 { 1, "Control Detection Time Expired" },
135 { 2, "Echo Function Failed" },
136 { 3, "Neighbor Signaled Session Down" },
137 { 4, "Forwarding Plane Reset" },
139 { 6, "Concatenated Path Down" },
140 { 7, "Administratively Down" },
141 { 8, "Reverse Concatenated Path Down" },
145 #define BFD_FLAG_AUTH 0x04
147 static const struct tok bfd_v0_flag_values[] = {
148 { 0x80, "I Hear You" },
152 { 0x08, "Control Plane Independent" },
153 { BFD_FLAG_AUTH, "Authentication Present" },
154 { 0x02, "Reserved" },
155 { 0x01, "Reserved" },
159 static const struct tok bfd_v1_flag_values[] = {
162 { 0x08, "Control Plane Independent" },
163 { BFD_FLAG_AUTH, "Authentication Present" },
165 { 0x01, "Multipoint" },
169 static const struct tok bfd_v1_state_values[] = {
178 auth_print(netdissect_options *ndo, register const u_char *pptr)
180 const struct bfd_auth_header_t *bfd_auth_header;
183 pptr += sizeof (const struct bfd_header_t);
184 bfd_auth_header = (const struct bfd_auth_header_t *)pptr;
185 ND_TCHECK(*bfd_auth_header);
186 ND_PRINT((ndo, "\n\tAuthentication: %s (%u), length: %u",
187 tok2str(bfd_v1_authentication_values,"Unknown",bfd_auth_header->auth_type),
188 bfd_auth_header->auth_type,
189 bfd_auth_header->auth_len));
191 ND_PRINT((ndo, "\n\t Auth Key ID: %d", *pptr));
193 switch(bfd_auth_header->auth_type) {
196 * Simple Password Authentication Section Format
199 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201 * | Auth Type | Auth Len | Auth Key ID | Password... |
202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
204 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
206 if (bfd_auth_header->auth_len < AUTH_PASSWORD_FIELD_MIN_LEN ||
207 bfd_auth_header->auth_len > AUTH_PASSWORD_FIELD_MAX_LEN) {
208 ND_PRINT((ndo, "[invalid length %d]",
209 bfd_auth_header->auth_len));
213 ND_PRINT((ndo, ", Password: "));
214 /* the length is equal to the password length plus three */
215 if (fn_printn(ndo, pptr, bfd_auth_header->auth_len - 3,
222 * Keyed MD5 and Meticulous Keyed MD5 Authentication Section Format
225 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
226 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
227 * | Auth Type | Auth Len | Auth Key ID | Reserved |
228 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
229 * | Sequence Number |
230 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
231 * | Auth Key/Digest... |
232 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
234 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
236 if (bfd_auth_header->auth_len != AUTH_MD5_FIELD_LEN) {
237 ND_PRINT((ndo, "[invalid length %d]",
238 bfd_auth_header->auth_len));
242 ND_TCHECK2(*pptr, 4);
243 ND_PRINT((ndo, ", Sequence Number: 0x%08x", EXTRACT_32BITS(pptr)));
245 ND_TCHECK2(*pptr, AUTH_MD5_HASH_LEN);
246 ND_PRINT((ndo, "\n\t Digest: "));
247 for(i = 0; i < AUTH_MD5_HASH_LEN; i++)
248 ND_PRINT((ndo, "%02x", pptr[i]));
253 * Keyed SHA1 and Meticulous Keyed SHA1 Authentication Section Format
256 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
257 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
258 * | Auth Type | Auth Len | Auth Key ID | Reserved |
259 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
260 * | Sequence Number |
261 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
262 * | Auth Key/Hash... |
263 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
265 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
267 if (bfd_auth_header->auth_len != AUTH_SHA1_FIELD_LEN) {
268 ND_PRINT((ndo, "[invalid length %d]",
269 bfd_auth_header->auth_len));
273 ND_TCHECK2(*pptr, 4);
274 ND_PRINT((ndo, ", Sequence Number: 0x%08x", EXTRACT_32BITS(pptr)));
276 ND_TCHECK2(*pptr, AUTH_SHA1_HASH_LEN);
277 ND_PRINT((ndo, "\n\t Hash: "));
278 for(i = 0; i < AUTH_SHA1_HASH_LEN; i++)
279 ND_PRINT((ndo, "%02x", pptr[i]));
289 bfd_print(netdissect_options *ndo, register const u_char *pptr,
290 register u_int len, register u_int port)
292 if (port == BFD_CONTROL_PORT) {
296 const struct bfd_header_t *bfd_header;
297 uint8_t version_diag;
301 bfd_header = (const struct bfd_header_t *)pptr;
302 ND_TCHECK(*bfd_header);
303 version_diag = bfd_header->version_diag;
304 version = BFD_EXTRACT_VERSION(version_diag);
305 flags = bfd_header->flags;
311 if (ndo->ndo_vflag < 1)
313 ND_PRINT((ndo, "BFDv0, Control, Flags: [%s], length: %u",
314 bittok2str(bfd_v0_flag_values, "none", flags),
319 ND_PRINT((ndo, "BFDv0, length: %u\n\tControl, Flags: [%s], Diagnostic: %s (0x%02x)",
321 bittok2str(bfd_v0_flag_values, "none", flags),
322 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(version_diag)),
323 BFD_EXTRACT_DIAG(version_diag)));
325 ND_PRINT((ndo, "\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u",
326 bfd_header->detect_time_multiplier,
327 bfd_header->detect_time_multiplier * EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000,
328 bfd_header->length));
331 ND_PRINT((ndo, "\n\tMy Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->my_discriminator)));
332 ND_PRINT((ndo, ", Your Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->your_discriminator)));
333 ND_PRINT((ndo, "\n\t Desired min Tx Interval: %4u ms", EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000));
334 ND_PRINT((ndo, "\n\t Required min Rx Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_rx_interval)/1000));
335 ND_PRINT((ndo, "\n\t Required min Echo Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_echo_interval)/1000));
337 if (flags & BFD_FLAG_AUTH) {
338 if (auth_print(ndo, pptr))
345 if (ndo->ndo_vflag < 1)
347 ND_PRINT((ndo, "BFDv1, Control, State %s, Flags: [%s], length: %u",
348 tok2str(bfd_v1_state_values, "unknown (%u)", (flags & 0xc0) >> 6),
349 bittok2str(bfd_v1_flag_values, "none", flags & 0x3f),
354 ND_PRINT((ndo, "BFDv1, length: %u\n\tControl, State %s, Flags: [%s], Diagnostic: %s (0x%02x)",
356 tok2str(bfd_v1_state_values, "unknown (%u)", (flags & 0xc0) >> 6),
357 bittok2str(bfd_v1_flag_values, "none", flags & 0x3f),
358 tok2str(bfd_diag_values,"unknown",BFD_EXTRACT_DIAG(version_diag)),
359 BFD_EXTRACT_DIAG(version_diag)));
361 ND_PRINT((ndo, "\n\tDetection Timer Multiplier: %u (%u ms Detection time), BFD Length: %u",
362 bfd_header->detect_time_multiplier,
363 bfd_header->detect_time_multiplier * EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000,
364 bfd_header->length));
367 ND_PRINT((ndo, "\n\tMy Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->my_discriminator)));
368 ND_PRINT((ndo, ", Your Discriminator: 0x%08x", EXTRACT_32BITS(bfd_header->your_discriminator)));
369 ND_PRINT((ndo, "\n\t Desired min Tx Interval: %4u ms", EXTRACT_32BITS(bfd_header->desired_min_tx_interval)/1000));
370 ND_PRINT((ndo, "\n\t Required min Rx Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_rx_interval)/1000));
371 ND_PRINT((ndo, "\n\t Required min Echo Interval: %4u ms", EXTRACT_32BITS(bfd_header->required_min_echo_interval)/1000));
373 if (flags & BFD_FLAG_AUTH) {
374 if (auth_print(ndo, pptr))
380 ND_PRINT((ndo, "BFDv%u, Control, length: %u",
383 if (ndo->ndo_vflag >= 1) {
384 if(!print_unknown_data(ndo, pptr,"\n\t",len))
389 } else if (port == BFD_ECHO_PORT) {
393 ND_PRINT((ndo, "BFD, Echo, length: %u",
395 if (ndo->ndo_vflag >= 1) {
396 if(!print_unknown_data(ndo, pptr,"\n\t",len))
401 * Unknown packet type.
403 ND_PRINT((ndo, "BFD, unknown (%u), length: %u",
406 if (ndo->ndo_vflag >= 1) {
407 if(!print_unknown_data(ndo, pptr,"\n\t",len))
414 ND_PRINT((ndo, "[|BFD]"));
418 * c-style: whitesmith