2 * Copyright (c) 2016 Antonin Décimo, Jean-Raphaël Gaglione
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Neither the name of the project nor the names of its contributors
13 * may be used to endorse or promote products derived from this software
14 * without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 /* \summary: Home Networking Control Protocol (HNCP) printer */
35 #include <netdissect-stdinc.h>
40 #include "netdissect.h"
41 #include "addrtoname.h"
45 hncp_print_rec(netdissect_options *ndo,
46 const u_char *cp, u_int length, int indent);
49 hncp_print(netdissect_options *ndo,
50 const u_char *cp, u_int length)
52 ND_PRINT((ndo, "hncp (%d)", length));
53 hncp_print_rec(ndo, cp, length, 1);
57 #define DNCP_REQUEST_NETWORK_STATE 1
58 #define DNCP_REQUEST_NODE_STATE 2
59 #define DNCP_NODE_ENDPOINT 3
60 #define DNCP_NETWORK_STATE 4
61 #define DNCP_NODE_STATE 5
63 #define DNCP_KEEP_ALIVE_INTERVAL 9
64 #define DNCP_TRUST_VERDICT 10
67 #define HNCP_HNCP_VERSION 32
68 #define HNCP_EXTERNAL_CONNECTION 33
69 #define HNCP_DELEGATED_PREFIX 34
70 #define HNCP_PREFIX_POLICY 43
71 #define HNCP_DHCPV4_DATA 37 /* This is correct, see RFC 7788 Errata ID 5113. */
72 #define HNCP_DHCPV6_DATA 38 /* idem */
73 #define HNCP_ASSIGNED_PREFIX 35
74 #define HNCP_NODE_ADDRESS 36
75 #define HNCP_DNS_DELEGATED_ZONE 39
76 #define HNCP_DOMAIN_NAME 40
77 #define HNCP_NODE_NAME 41
78 #define HNCP_MANAGED_PSK 42
80 /* See type_mask in hncp_print_rec below */
81 #define RANGE_DNCP_RESERVED 0x10000
82 #define RANGE_HNCP_UNASSIGNED 0x10001
83 #define RANGE_DNCP_PRIVATE_USE 0x10002
84 #define RANGE_DNCP_FUTURE_USE 0x10003
86 static const struct tok type_values[] = {
87 { DNCP_REQUEST_NETWORK_STATE, "Request network state" },
88 { DNCP_REQUEST_NODE_STATE, "Request node state" },
89 { DNCP_NODE_ENDPOINT, "Node endpoint" },
90 { DNCP_NETWORK_STATE, "Network state" },
91 { DNCP_NODE_STATE, "Node state" },
92 { DNCP_PEER, "Peer" },
93 { DNCP_KEEP_ALIVE_INTERVAL, "Keep-alive interval" },
94 { DNCP_TRUST_VERDICT, "Trust-Verdict" },
96 { HNCP_HNCP_VERSION, "HNCP-Version" },
97 { HNCP_EXTERNAL_CONNECTION, "External-Connection" },
98 { HNCP_DELEGATED_PREFIX, "Delegated-Prefix" },
99 { HNCP_PREFIX_POLICY, "Prefix-Policy" },
100 { HNCP_DHCPV4_DATA, "DHCPv4-Data" },
101 { HNCP_DHCPV6_DATA, "DHCPv6-Data" },
102 { HNCP_ASSIGNED_PREFIX, "Assigned-Prefix" },
103 { HNCP_NODE_ADDRESS, "Node-Address" },
104 { HNCP_DNS_DELEGATED_ZONE, "DNS-Delegated-Zone" },
105 { HNCP_DOMAIN_NAME, "Domain-Name" },
106 { HNCP_NODE_NAME, "Node-Name" },
107 { HNCP_MANAGED_PSK, "Managed-PSK" },
109 { RANGE_DNCP_RESERVED, "Reserved" },
110 { RANGE_HNCP_UNASSIGNED, "Unassigned" },
111 { RANGE_DNCP_PRIVATE_USE, "Private use" },
112 { RANGE_DNCP_FUTURE_USE, "Future use" },
117 #define DH4OPT_DNS_SERVERS 6 /* RFC2132 */
118 #define DH4OPT_NTP_SERVERS 42 /* RFC2132 */
119 #define DH4OPT_DOMAIN_SEARCH 119 /* RFC3397 */
121 static const struct tok dh4opt_str[] = {
122 { DH4OPT_DNS_SERVERS, "DNS-server" },
123 { DH4OPT_NTP_SERVERS, "NTP-server"},
124 { DH4OPT_DOMAIN_SEARCH, "DNS-search" },
128 #define DH6OPT_DNS_SERVERS 23 /* RFC3646 */
129 #define DH6OPT_DOMAIN_LIST 24 /* RFC3646 */
130 #define DH6OPT_SNTP_SERVERS 31 /* RFC4075 */
132 static const struct tok dh6opt_str[] = {
133 { DH6OPT_DNS_SERVERS, "DNS-server" },
134 { DH6OPT_DOMAIN_LIST, "DNS-search-list" },
135 { DH6OPT_SNTP_SERVERS, "SNTP-servers" },
140 * For IPv4-mapped IPv6 addresses, length of the prefix that precedes
141 * the 4 bytes of IPv4 address at the end of the IPv6 address.
143 #define IPV4_MAPPED_HEADING_LEN 12
146 * Is an IPv6 address an IPv4-mapped address?
149 is_ipv4_mapped_address(const u_char *addr)
151 /* The value of the prefix */
152 static const u_char ipv4_mapped_heading[IPV4_MAPPED_HEADING_LEN] =
153 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
155 return memcmp(addr, ipv4_mapped_heading, IPV4_MAPPED_HEADING_LEN) == 0;
159 format_nid(const u_char *data)
161 static char buf[4][sizeof("01:01:01:01")];
164 snprintf(buf[i], sizeof(buf[i]), "%02x:%02x:%02x:%02x",
165 data[0], data[1], data[2], data[3]);
170 format_256(const u_char *data)
172 static char buf[4][sizeof("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")];
175 snprintf(buf[i], sizeof(buf[i]), "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
176 EXTRACT_64BITS(data),
177 EXTRACT_64BITS(data + 8),
178 EXTRACT_64BITS(data + 16),
179 EXTRACT_64BITS(data + 24)
185 format_interval(const uint32_t n)
187 static char buf[4][sizeof("0000000.000s")];
190 snprintf(buf[i], sizeof(buf[i]), "%u.%03us", n / 1000, n % 1000);
195 format_ip6addr(netdissect_options *ndo, const u_char *cp)
197 if (is_ipv4_mapped_address(cp))
198 return ipaddr_string(ndo, cp + IPV4_MAPPED_HEADING_LEN);
200 return ip6addr_string(ndo, cp);
204 print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length)
207 char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")];
209 if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 &&
210 is_ipv4_mapped_address(&prefix[1])) {
219 memset(&addr, 0, sizeof(addr));
220 plenbytes = (plen + 7) / 8;
221 if (max_length < (u_int)plenbytes + IPV4_MAPPED_HEADING_LEN)
223 memcpy(&addr, &prefix[1 + IPV4_MAPPED_HEADING_LEN], plenbytes);
225 ((u_char *)&addr)[plenbytes - 1] &=
226 ((0xff00 >> (plen % 8)) & 0xff);
228 snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen);
229 plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
231 plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
236 ND_PRINT((ndo, "%s", buf));
241 print_dns_label(netdissect_options *ndo,
242 const u_char *cp, u_int max_length, int print)
245 while (length < max_length) {
246 u_int lab_length = cp[length++];
249 if (length > 1 && print)
250 safeputchar(ndo, '.');
251 if (length+lab_length > max_length) {
253 safeputs(ndo, cp+length, max_length-length);
257 safeputs(ndo, cp+length, lab_length);
258 length += lab_length;
261 ND_PRINT((ndo, "[|DNS]"));
266 dhcpv4_print(netdissect_options *ndo,
267 const u_char *cp, u_int length, int indent)
270 const u_char *tlv, *value;
271 uint8_t type, optlen;
278 type = (uint8_t)tlv[0];
279 optlen = (uint8_t)tlv[1];
282 ND_PRINT((ndo, "\n"));
283 for (t = indent; t > 0; t--)
284 ND_PRINT((ndo, "\t"));
286 ND_PRINT((ndo, "%s", tok2str(dh4opt_str, "Unknown", type)));
287 ND_PRINT((ndo," (%u)", optlen + 2 ));
288 if (i + 2 + optlen > length)
292 case DH4OPT_DNS_SERVERS:
293 case DH4OPT_NTP_SERVERS: {
294 if (optlen < 4 || optlen % 4 != 0) {
297 for (t = 0; t < optlen; t += 4)
298 ND_PRINT((ndo, " %s", ipaddr_string(ndo, value + t)));
301 case DH4OPT_DOMAIN_SEARCH: {
302 const u_char *tp = value;
303 while (tp < value + optlen) {
304 ND_PRINT((ndo, " "));
305 if ((tp = ns_nprint(ndo, tp, value + optlen)) == NULL)
318 dhcpv6_print(netdissect_options *ndo,
319 const u_char *cp, u_int length, int indent)
322 const u_char *tlv, *value;
323 uint16_t type, optlen;
330 type = EXTRACT_16BITS(tlv);
331 optlen = EXTRACT_16BITS(tlv + 2);
334 ND_PRINT((ndo, "\n"));
335 for (t = indent; t > 0; t--)
336 ND_PRINT((ndo, "\t"));
338 ND_PRINT((ndo, "%s", tok2str(dh6opt_str, "Unknown", type)));
339 ND_PRINT((ndo," (%u)", optlen + 4 ));
340 if (i + 4 + optlen > length)
344 case DH6OPT_DNS_SERVERS:
345 case DH6OPT_SNTP_SERVERS: {
346 if (optlen % 16 != 0) {
347 ND_PRINT((ndo, " %s", istr));
350 for (t = 0; t < optlen; t += 16)
351 ND_PRINT((ndo, " %s", ip6addr_string(ndo, value + t)));
354 case DH6OPT_DOMAIN_LIST: {
355 const u_char *tp = value;
356 while (tp < value + optlen) {
357 ND_PRINT((ndo, " "));
358 if ((tp = ns_nprint(ndo, tp, value + optlen)) == NULL)
370 /* Determine in-line mode */
372 is_in_line(netdissect_options *ndo, int indent)
374 return indent - 1 >= ndo->ndo_vflag && ndo->ndo_vflag < 3;
378 print_type_in_line(netdissect_options *ndo,
379 uint32_t type, int count, int indent, int *first_one)
386 ND_PRINT((ndo, "\n"));
387 for (t = indent; t > 0; t--)
388 ND_PRINT((ndo, "\t"));
390 ND_PRINT((ndo, " "));
393 ND_PRINT((ndo, ", "));
395 ND_PRINT((ndo, "%s", tok2str(type_values, "Easter Egg", type)));
397 ND_PRINT((ndo, " (x%d)", count));
402 hncp_print_rec(netdissect_options *ndo,
403 const u_char *cp, u_int length, int indent)
405 const int in_line = is_in_line(ndo, indent);
410 uint32_t last_type_mask = 0xffffffffU;
411 int last_type_count = -1;
413 const u_char *tlv, *value;
414 uint16_t type, bodylen;
422 ND_PRINT((ndo, "\n"));
423 for (t = indent; t > 0; t--)
424 ND_PRINT((ndo, "\t"));
431 type = EXTRACT_16BITS(tlv);
432 bodylen = EXTRACT_16BITS(tlv + 2);
434 ND_TCHECK2(*value, bodylen);
435 if (i + bodylen + 4 > length)
439 (type == 0) ? RANGE_DNCP_RESERVED:
440 (44 <= type && type <= 511) ? RANGE_HNCP_UNASSIGNED:
441 (768 <= type && type <= 1023) ? RANGE_DNCP_PRIVATE_USE:
442 RANGE_DNCP_FUTURE_USE;
443 if (type == 6 || type == 7)
444 type_mask = RANGE_DNCP_FUTURE_USE;
450 u_int key = type_values[t++].v;
461 if (last_type_mask == type_mask) {
464 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one);
465 last_type_mask = type_mask;
472 ND_PRINT((ndo,"%s", tok2str(type_values, "Easter Egg (42)", type_mask) ));
473 if (type_mask > 0xffff)
474 ND_PRINT((ndo,": type=%u", type ));
475 ND_PRINT((ndo," (%u)", bodylen + 4 ));
479 case DNCP_REQUEST_NETWORK_STATE: {
481 ND_PRINT((ndo, " %s", istr));
485 case DNCP_REQUEST_NODE_STATE: {
486 const char *node_identifier;
488 ND_PRINT((ndo, " %s", istr));
491 node_identifier = format_nid(value);
492 ND_PRINT((ndo, " NID: %s", node_identifier));
496 case DNCP_NODE_ENDPOINT: {
497 const char *node_identifier;
498 uint32_t endpoint_identifier;
500 ND_PRINT((ndo, " %s", istr));
503 node_identifier = format_nid(value);
504 endpoint_identifier = EXTRACT_32BITS(value + 4);
505 ND_PRINT((ndo, " NID: %s EPID: %08x",
512 case DNCP_NETWORK_STATE: {
515 ND_PRINT((ndo, " %s", istr));
518 hash = EXTRACT_64BITS(value);
519 ND_PRINT((ndo, " hash: %016" PRIx64, hash));
523 case DNCP_NODE_STATE: {
524 const char *node_identifier, *interval;
525 uint32_t sequence_number;
528 ND_PRINT((ndo, " %s", istr));
531 node_identifier = format_nid(value);
532 sequence_number = EXTRACT_32BITS(value + 4);
533 interval = format_interval(EXTRACT_32BITS(value + 8));
534 hash = EXTRACT_64BITS(value + 12);
535 ND_PRINT((ndo, " NID: %s seqno: %u %s hash: %016" PRIx64,
541 hncp_print_rec(ndo, value+20, bodylen-20, indent+1);
546 const char *peer_node_identifier;
547 uint32_t peer_endpoint_identifier, endpoint_identifier;
549 ND_PRINT((ndo, " %s", istr));
552 peer_node_identifier = format_nid(value);
553 peer_endpoint_identifier = EXTRACT_32BITS(value + 4);
554 endpoint_identifier = EXTRACT_32BITS(value + 8);
555 ND_PRINT((ndo, " Peer-NID: %s Peer-EPID: %08x Local-EPID: %08x",
556 peer_node_identifier,
557 peer_endpoint_identifier,
563 case DNCP_KEEP_ALIVE_INTERVAL: {
564 uint32_t endpoint_identifier;
565 const char *interval;
567 ND_PRINT((ndo, " %s", istr));
570 endpoint_identifier = EXTRACT_32BITS(value);
571 interval = format_interval(EXTRACT_32BITS(value + 4));
572 ND_PRINT((ndo, " EPID: %08x Interval: %s",
579 case DNCP_TRUST_VERDICT: {
581 ND_PRINT((ndo, " %s", istr));
584 ND_PRINT((ndo, " Verdict: %u Fingerprint: %s Common Name: ",
586 format_256(value + 4)));
587 safeputs(ndo, value + 36, bodylen - 36);
591 case HNCP_HNCP_VERSION: {
592 uint16_t capabilities;
595 ND_PRINT((ndo, " %s", istr));
598 capabilities = EXTRACT_16BITS(value + 2);
599 M = (uint8_t)((capabilities >> 12) & 0xf);
600 P = (uint8_t)((capabilities >> 8) & 0xf);
601 H = (uint8_t)((capabilities >> 4) & 0xf);
602 L = (uint8_t)(capabilities & 0xf);
603 ND_PRINT((ndo, " M: %u P: %u H: %u L: %u User-agent: ",
606 safeputs(ndo, value + 4, bodylen - 4);
610 case HNCP_EXTERNAL_CONNECTION: {
612 hncp_print_rec(ndo, value, bodylen, indent+1);
616 case HNCP_DELEGATED_PREFIX: {
618 if (bodylen < 9 || bodylen < 9 + (value[8] + 7) / 8) {
619 ND_PRINT((ndo, " %s", istr));
622 ND_PRINT((ndo, " VLSO: %s PLSO: %s Prefix: ",
623 format_interval(EXTRACT_32BITS(value)),
624 format_interval(EXTRACT_32BITS(value + 4))
626 l = print_prefix(ndo, value + 8, bodylen - 8);
628 ND_PRINT((ndo, "(length is invalid)"));
633 * We've already checked that we've captured the
634 * entire TLV, based on its length, so this will
635 * either be -1, meaning "the prefix length is
636 * greater than the longest possible address of
637 * that type" (i.e., > 32 for IPv4 or > 128 for
638 * IPv6", or -3, meaning "the prefix runs past
639 * the end of the TLV".
641 ND_PRINT((ndo, " %s", istr));
647 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
651 case HNCP_PREFIX_POLICY: {
655 ND_PRINT((ndo, " %s", istr));
659 ND_PRINT((ndo, " type: "));
662 ND_PRINT((ndo, " %s", istr));
665 ND_PRINT((ndo, "Internet connectivity"));
666 } else if (policy >= 1 && policy <= 128) {
667 ND_PRINT((ndo, "Dest-Prefix: "));
668 l = print_prefix(ndo, value, bodylen);
670 ND_PRINT((ndo, "(length is invalid)"));
675 * We've already checked that we've captured the
676 * entire TLV, based on its length, so this will
677 * either be -1, meaning "the prefix length is
678 * greater than the longest possible address of
679 * that type" (i.e., > 32 for IPv4 or > 128 for
680 * IPv6", or -3, meaning "the prefix runs past
681 * the end of the TLV".
683 ND_PRINT((ndo, " %s", istr));
686 } else if (policy == 129) {
687 ND_PRINT((ndo, "DNS domain: "));
688 print_dns_label(ndo, value+1, bodylen-1, 1);
689 } else if (policy == 130) {
690 ND_PRINT((ndo, "Opaque UTF-8: "));
691 safeputs(ndo, value + 1, bodylen - 1);
692 } else if (policy == 131) {
694 ND_PRINT((ndo, " %s", istr));
697 ND_PRINT((ndo, "Restrictive assignment"));
698 } else if (policy >= 132) {
699 ND_PRINT((ndo, "Unknown (%u)", policy)); /* Reserved for future additions */
704 case HNCP_DHCPV4_DATA: {
706 ND_PRINT((ndo, " %s", istr));
709 if (dhcpv4_print(ndo, value, bodylen, indent+1) != 0)
714 case HNCP_DHCPV6_DATA: {
716 ND_PRINT((ndo, " %s", istr));
719 if (dhcpv6_print(ndo, value, bodylen, indent+1) != 0) {
720 ND_PRINT((ndo, " %s", istr));
726 case HNCP_ASSIGNED_PREFIX: {
729 if (bodylen < 6 || bodylen < 6 + (value[5] + 7) / 8) {
730 ND_PRINT((ndo, " %s", istr));
733 prty = (uint8_t)(value[4] & 0xf);
734 ND_PRINT((ndo, " EPID: %08x Prty: %u",
735 EXTRACT_32BITS(value),
738 ND_PRINT((ndo, " Prefix: "));
739 if ((l = print_prefix(ndo, value + 5, bodylen - 5)) < 0) {
740 ND_PRINT((ndo, " %s", istr));
747 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
751 case HNCP_NODE_ADDRESS: {
752 uint32_t endpoint_identifier;
753 const char *ip_address;
755 ND_PRINT((ndo, " %s", istr));
758 endpoint_identifier = EXTRACT_32BITS(value);
759 ip_address = format_ip6addr(ndo, value + 4);
760 ND_PRINT((ndo, " EPID: %08x IP Address: %s",
765 hncp_print_rec(ndo, value + 20, bodylen - 20, indent+1);
769 case HNCP_DNS_DELEGATED_ZONE: {
770 const char *ip_address;
773 ND_PRINT((ndo, " %s", istr));
776 ip_address = format_ip6addr(ndo, value);
777 ND_PRINT((ndo, " IP-Address: %s %c%c%c ",
779 (value[16] & 4) ? 'l' : '-',
780 (value[16] & 2) ? 'b' : '-',
781 (value[16] & 1) ? 's' : '-'
783 len = print_dns_label(ndo, value+17, bodylen-17, 1);
785 ND_PRINT((ndo, " %s", istr));
791 hncp_print_rec(ndo, value+len, bodylen-len, indent+1);
795 case HNCP_DOMAIN_NAME: {
797 ND_PRINT((ndo, " %s", istr));
800 ND_PRINT((ndo, " Domain: "));
801 print_dns_label(ndo, value, bodylen, 1);
805 case HNCP_NODE_NAME: {
808 ND_PRINT((ndo, " %s", istr));
812 if (bodylen < 17 + l) {
813 ND_PRINT((ndo, " %s", istr));
816 ND_PRINT((ndo, " IP-Address: %s Name: ",
817 format_ip6addr(ndo, value)
820 safeputchar(ndo, '"');
821 safeputs(ndo, value + 17, l);
822 safeputchar(ndo, '"');
824 ND_PRINT((ndo, "%s", istr));
829 hncp_print_rec(ndo, value + l, bodylen - l, indent+1);
833 case HNCP_MANAGED_PSK: {
835 ND_PRINT((ndo, " %s", istr));
838 ND_PRINT((ndo, " PSK: %s", format_256(value)));
839 hncp_print_rec(ndo, value + 32, bodylen - 32, indent+1);
843 case RANGE_DNCP_RESERVED:
844 case RANGE_HNCP_UNASSIGNED:
845 case RANGE_DNCP_PRIVATE_USE:
846 case RANGE_DNCP_FUTURE_USE:
852 i += 4 + bodylen + (-bodylen & 3);
854 print_type_in_line(ndo, last_type_mask, last_type_count, indent, &first_one);
859 ND_PRINT((ndo, "%s", "[|hncp]"));
863 ND_PRINT((ndo, "%s", istr));