1 /*
2 * Copyright (C) 2002 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 #include <sys/cdefs.h>
31 #ifndef lint
32 __RCSID("$NetBSD: print-mobility.c,v 1.10 2024/09/02 16:15:32 christos Exp $");
33 #endif
34
35 /* \summary: IPv6 mobility printer */
36 /* RFC 3775 */
37
38 #include <config.h>
39
40 #include "netdissect-stdinc.h"
41
42 #include "netdissect.h"
43 #include "addrtoname.h"
44 #include "extract.h"
45
46 #include "ip6.h"
47
48
49 /* Mobility header */
50 struct ip6_mobility {
51 nd_uint8_t ip6m_pproto; /* following payload protocol (for PG) */
52 nd_uint8_t ip6m_len; /* length in units of 8 octets */
53 nd_uint8_t ip6m_type; /* message type */
54 nd_uint8_t reserved; /* reserved */
55 nd_uint16_t ip6m_cksum; /* sum of IPv6 pseudo-header and MH */
56 union {
57 nd_uint16_t ip6m_un_data16[1]; /* type-specific field */
58 nd_uint8_t ip6m_un_data8[2]; /* type-specific field */
59 } ip6m_dataun;
60 };
61
62 #define ip6m_data16 ip6m_dataun.ip6m_un_data16
63 #define ip6m_data8 ip6m_dataun.ip6m_un_data8
64
65 #define IP6M_MINLEN 8
66
67 /* https://www.iana.org/assignments/mobility-parameters/mobility-parameters.xhtml */
68
69 /* message type */
70 #define IP6M_BINDING_REQUEST 0 /* Binding Refresh Request */
71 #define IP6M_HOME_TEST_INIT 1 /* Home Test Init */
72 #define IP6M_CAREOF_TEST_INIT 2 /* Care-of Test Init */
73 #define IP6M_HOME_TEST 3 /* Home Test */
74 #define IP6M_CAREOF_TEST 4 /* Care-of Test */
75 #define IP6M_BINDING_UPDATE 5 /* Binding Update */
76 #define IP6M_BINDING_ACK 6 /* Binding Acknowledgement */
77 #define IP6M_BINDING_ERROR 7 /* Binding Error */
78 #define IP6M_MAX 7
79
80 static const struct tok ip6m_str[] = {
81 { IP6M_BINDING_REQUEST, "BRR" },
82 { IP6M_HOME_TEST_INIT, "HoTI" },
83 { IP6M_CAREOF_TEST_INIT, "CoTI" },
84 { IP6M_HOME_TEST, "HoT" },
85 { IP6M_CAREOF_TEST, "CoT" },
86 { IP6M_BINDING_UPDATE, "BU" },
87 { IP6M_BINDING_ACK, "BA" },
88 { IP6M_BINDING_ERROR, "BE" },
89 { 0, NULL }
90 };
91
92 static const unsigned ip6m_hdrlen[IP6M_MAX + 1] = {
93 IP6M_MINLEN, /* IP6M_BINDING_REQUEST */
94 IP6M_MINLEN + 8, /* IP6M_HOME_TEST_INIT */
95 IP6M_MINLEN + 8, /* IP6M_CAREOF_TEST_INIT */
96 IP6M_MINLEN + 16, /* IP6M_HOME_TEST */
97 IP6M_MINLEN + 16, /* IP6M_CAREOF_TEST */
98 IP6M_MINLEN + 4, /* IP6M_BINDING_UPDATE */
99 IP6M_MINLEN + 4, /* IP6M_BINDING_ACK */
100 IP6M_MINLEN + 16, /* IP6M_BINDING_ERROR */
101 };
102
103 /* Mobility Header Options */
104 #define IP6MOPT_MINLEN 2
105 #define IP6MOPT_PAD1 0x0 /* Pad1 */
106 #define IP6MOPT_PADN 0x1 /* PadN */
107 #define IP6MOPT_REFRESH 0x2 /* Binding Refresh Advice */
108 #define IP6MOPT_REFRESH_MINLEN 4
109 #define IP6MOPT_ALTCOA 0x3 /* Alternate Care-of Address */
110 #define IP6MOPT_ALTCOA_MINLEN 18
111 #define IP6MOPT_NONCEID 0x4 /* Nonce Indices */
112 #define IP6MOPT_NONCEID_MINLEN 6
113 #define IP6MOPT_AUTH 0x5 /* Binding Authorization Data */
114 #define IP6MOPT_AUTH_MINLEN 12
115
116 static const struct tok ip6m_binding_update_bits [] = {
117 { 0x08, "A" },
118 { 0x04, "H" },
119 { 0x02, "L" },
120 { 0x01, "K" },
121 { 0, NULL }
122 };
123
124 static int
mobility_opt_print(netdissect_options * ndo,const u_char * bp,const unsigned len)125 mobility_opt_print(netdissect_options *ndo,
126 const u_char *bp, const unsigned len)
127 {
128 unsigned i, optlen;
129
130 for (i = 0; i < len; i += optlen) {
131 if (GET_U_1(bp + i) == IP6MOPT_PAD1)
132 optlen = 1;
133 else {
134 if (i + 1 < len) {
135 optlen = GET_U_1(bp + i + 1) + 2;
136 } else
137 goto trunc;
138 }
139 if (i + optlen > len)
140 goto trunc;
141 ND_TCHECK_1(bp + i + optlen);
142
143 switch (GET_U_1(bp + i)) {
144 case IP6MOPT_PAD1:
145 ND_PRINT("(pad1)");
146 break;
147 case IP6MOPT_PADN:
148 if (len - i < IP6MOPT_MINLEN) {
149 ND_PRINT("(padn: trunc)");
150 goto trunc;
151 }
152 ND_PRINT("(padn)");
153 break;
154 case IP6MOPT_REFRESH:
155 if (len - i < IP6MOPT_REFRESH_MINLEN) {
156 ND_PRINT("(refresh: trunc)");
157 goto trunc;
158 }
159 /* units of 4 secs */
160 ND_PRINT("(refresh: %u)",
161 GET_BE_U_2(bp + i + 2) << 2);
162 break;
163 case IP6MOPT_ALTCOA:
164 if (len - i < IP6MOPT_ALTCOA_MINLEN) {
165 ND_PRINT("(altcoa: trunc)");
166 goto trunc;
167 }
168 ND_PRINT("(alt-CoA: %s)", GET_IP6ADDR_STRING(bp + i + 2));
169 break;
170 case IP6MOPT_NONCEID:
171 if (len - i < IP6MOPT_NONCEID_MINLEN) {
172 ND_PRINT("(ni: trunc)");
173 goto trunc;
174 }
175 ND_PRINT("(ni: ho=0x%04x co=0x%04x)",
176 GET_BE_U_2(bp + i + 2),
177 GET_BE_U_2(bp + i + 4));
178 break;
179 case IP6MOPT_AUTH:
180 if (len - i < IP6MOPT_AUTH_MINLEN) {
181 ND_PRINT("(auth: trunc)");
182 goto trunc;
183 }
184 ND_PRINT("(auth)");
185 break;
186 default:
187 if (len - i < IP6MOPT_MINLEN) {
188 ND_PRINT("(sopt_type %u: trunc)",
189 GET_U_1(bp + i));
190 goto trunc;
191 }
192 ND_PRINT("(type-0x%02x: len=%u)", GET_U_1(bp + i),
193 GET_U_1(bp + i + 1));
194 break;
195 }
196 }
197 return 0;
198
199 trunc:
200 return 1;
201 }
202
203 /*
204 * Mobility Header
205 */
206 int
mobility_print(netdissect_options * ndo,const u_char * bp,const u_char * bp2 _U_)207 mobility_print(netdissect_options *ndo,
208 const u_char *bp, const u_char *bp2 _U_)
209 {
210 const struct ip6_mobility *mh;
211 const u_char *ep;
212 unsigned mhlen, hlen;
213 uint8_t type;
214
215 ndo->ndo_protocol = "mobility";
216 mh = (const struct ip6_mobility *)bp;
217
218 /* 'ep' points to the end of available data. */
219 ep = ndo->ndo_snapend;
220
221 if (!ND_TTEST_1(mh->ip6m_len)) {
222 /*
223 * There's not enough captured data to include the
224 * mobility header length.
225 *
226 * Our caller expects us to return the length, however,
227 * so return a value that will run to the end of the
228 * captured data.
229 *
230 * XXX - "ip6_print()" doesn't do anything with the
231 * returned length, however, as it breaks out of the
232 * header-processing loop.
233 */
234 mhlen = (unsigned)(ep - bp);
235 goto trunc;
236 }
237 mhlen = (GET_U_1(mh->ip6m_len) + 1) << 3;
238
239 /* XXX ip6m_cksum */
240
241 type = GET_U_1(mh->ip6m_type);
242 if (type <= IP6M_MAX && mhlen < ip6m_hdrlen[type]) {
243 ND_PRINT("(header length %u is too small for type %u)", mhlen, type);
244 goto trunc;
245 }
246 ND_PRINT("mobility: %s", tok2str(ip6m_str, "type-#%u", type));
247 switch (type) {
248 case IP6M_BINDING_REQUEST:
249 hlen = IP6M_MINLEN;
250 break;
251 case IP6M_HOME_TEST_INIT:
252 case IP6M_CAREOF_TEST_INIT:
253 hlen = IP6M_MINLEN;
254 if (ndo->ndo_vflag) {
255 ND_PRINT(" %s Init Cookie=%08x:%08x",
256 type == IP6M_HOME_TEST_INIT ? "Home" : "Care-of",
257 GET_BE_U_4(bp + hlen),
258 GET_BE_U_4(bp + hlen + 4));
259 }
260 hlen += 8;
261 break;
262 case IP6M_HOME_TEST:
263 case IP6M_CAREOF_TEST:
264 ND_PRINT(" nonce id=0x%x", GET_BE_U_2(mh->ip6m_data16[0]));
265 hlen = IP6M_MINLEN;
266 if (ndo->ndo_vflag) {
267 ND_PRINT(" %s Init Cookie=%08x:%08x",
268 type == IP6M_HOME_TEST ? "Home" : "Care-of",
269 GET_BE_U_4(bp + hlen),
270 GET_BE_U_4(bp + hlen + 4));
271 }
272 hlen += 8;
273 if (ndo->ndo_vflag) {
274 ND_PRINT(" %s Keygen Token=%08x:%08x",
275 type == IP6M_HOME_TEST ? "Home" : "Care-of",
276 GET_BE_U_4(bp + hlen),
277 GET_BE_U_4(bp + hlen + 4));
278 }
279 hlen += 8;
280 break;
281 case IP6M_BINDING_UPDATE:
282 {
283 int bits;
284 ND_PRINT(" seq#=%u", GET_BE_U_2(mh->ip6m_data16[0]));
285 hlen = IP6M_MINLEN;
286 ND_TCHECK_2(bp + hlen);
287 bits = (GET_U_1(bp + hlen) & 0xf0) >> 4;
288 if (bits) {
289 ND_PRINT(" ");
290 ND_PRINT("%s",
291 bittok2str_nosep(ip6m_binding_update_bits,
292 "bits-#0x%x", bits));
293 }
294 /* Reserved (4bits) */
295 hlen += 1;
296 /* Reserved (8bits) */
297 hlen += 1;
298 /* units of 4 secs */
299 ND_PRINT(" lifetime=%u", GET_BE_U_2(bp + hlen) << 2);
300 hlen += 2;
301 break;
302 }
303 case IP6M_BINDING_ACK:
304 ND_PRINT(" status=%u", GET_U_1(mh->ip6m_data8[0]));
305 if (GET_U_1(mh->ip6m_data8[1]) & 0x80)
306 ND_PRINT(" K");
307 /* Reserved (7bits) */
308 hlen = IP6M_MINLEN;
309 ND_PRINT(" seq#=%u", GET_BE_U_2(bp + hlen));
310 hlen += 2;
311 /* units of 4 secs */
312 ND_PRINT(" lifetime=%u", GET_BE_U_2(bp + hlen) << 2);
313 hlen += 2;
314 break;
315 case IP6M_BINDING_ERROR:
316 ND_PRINT(" status=%u", GET_U_1(mh->ip6m_data8[0]));
317 /* Reserved */
318 hlen = IP6M_MINLEN;
319 ND_PRINT(" homeaddr %s", GET_IP6ADDR_STRING(bp + hlen));
320 hlen += 16;
321 break;
322 default:
323 ND_PRINT(" len=%u", GET_U_1(mh->ip6m_len));
324 return(mhlen);
325 break;
326 }
327 if (ndo->ndo_vflag)
328 if (mobility_opt_print(ndo, bp + hlen, mhlen - hlen))
329 goto trunc;
330
331 return(mhlen);
332
333 trunc:
334 nd_print_trunc(ndo);
335 return(-1);
336 }
337