1 /*
2 * Copyright (c) 2000 William C. Fenner.
3 * All rights reserved.
4 *
5 * Kevin Steves <ks@hp.se> July 2000
6 * Modified to:
7 * - print version, type string and packet length
8 * - print IP address count if > 1 (-v)
9 * - verify checksum (-v)
10 * - print authentication string (-v)
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that: (1) source code
14 * distributions retain the above copyright notice and this paragraph
15 * in its entirety, and (2) distributions including binary code include
16 * the above copyright notice and this paragraph in its entirety in
17 * the documentation or other materials provided with the distribution.
18 * The name of William C. Fenner may not be used to endorse or
19 * promote products derived from this software without specific prior
20 * written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND
21 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
22 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE.
24 */
25
26 #define NETDISSECT_REWORKED
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <tcpdump-stdinc.h>
32
33 #include "interface.h"
34 #include "extract.h"
35 #include "addrtoname.h"
36
37 #include "ip.h"
38 #include "ipproto.h"
39 /*
40 * RFC 2338 (VRRP v2):
41 *
42 * 0 1 2 3
43 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
45 * |Version| Type | Virtual Rtr ID| Priority | Count IP Addrs|
46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47 * | Auth Type | Adver Int | Checksum |
48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
49 * | IP Address (1) |
50 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
51 * | . |
52 * | . |
53 * | . |
54 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
55 * | IP Address (n) |
56 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
57 * | Authentication Data (1) |
58 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
59 * | Authentication Data (2) |
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 *
62 *
63 * RFC 5798 (VRRP v3):
64 *
65 * 0 1 2 3
66 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
67 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
68 * | IPv4 Fields or IPv6 Fields |
69 * ... ...
70 * | |
71 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
72 * |Version| Type | Virtual Rtr ID| Priority |Count IPvX Addr|
73 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
74 * |(rsvd) | Max Adver Int | Checksum |
75 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
76 * | |
77 * + +
78 * | IPvX Address(es) |
79 * + +
80 * | |
81 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
82 */
83
84 /* Type */
85 #define VRRP_TYPE_ADVERTISEMENT 1
86
87 static const struct tok type2str[] = {
88 { VRRP_TYPE_ADVERTISEMENT, "Advertisement" },
89 { 0, NULL }
90 };
91
92 /* Auth Type */
93 #define VRRP_AUTH_NONE 0
94 #define VRRP_AUTH_SIMPLE 1
95 #define VRRP_AUTH_AH 2
96
97 static const struct tok auth2str[] = {
98 { VRRP_AUTH_NONE, "none" },
99 { VRRP_AUTH_SIMPLE, "simple" },
100 { VRRP_AUTH_AH, "ah" },
101 { 0, NULL }
102 };
103
104 void
vrrp_print(netdissect_options * ndo,register const u_char * bp,register u_int len,register const u_char * bp2,int ttl)105 vrrp_print(netdissect_options *ndo,
106 register const u_char *bp, register u_int len,
107 register const u_char *bp2, int ttl)
108 {
109 int version, type, auth_type = VRRP_AUTH_NONE; /* keep compiler happy */
110 const char *type_s;
111
112 ND_TCHECK(bp[0]);
113 version = (bp[0] & 0xf0) >> 4;
114 type = bp[0] & 0x0f;
115 type_s = tok2str(type2str, "unknown type (%u)", type);
116 ND_PRINT((ndo, "VRRPv%u, %s", version, type_s));
117 if (ttl != 255)
118 ND_PRINT((ndo, ", (ttl %u)", ttl));
119 if (version < 2 || version > 3 || type != VRRP_TYPE_ADVERTISEMENT)
120 return;
121 ND_TCHECK(bp[2]);
122 ND_PRINT((ndo, ", vrid %u, prio %u", bp[1], bp[2]));
123 ND_TCHECK(bp[5]);
124
125 if (version == 2) {
126 auth_type = bp[4];
127 ND_PRINT((ndo, ", authtype %s", tok2str(auth2str, NULL, auth_type)));
128 ND_PRINT((ndo, ", intvl %us, length %u", bp[5], len));
129 } else { /* version == 3 */
130 uint16_t intvl = (bp[4] & 0x0f) << 8 | bp[5];
131 ND_PRINT((ndo, ", intvl %ucs, length %u", intvl, len));
132 }
133
134 if (ndo->ndo_vflag) {
135 int naddrs = bp[3];
136 int i;
137 char c;
138
139 if (version == 2 && ND_TTEST2(bp[0], len)) {
140 struct cksum_vec vec[1];
141
142 vec[0].ptr = bp;
143 vec[0].len = len;
144 if (in_cksum(vec, 1))
145 ND_PRINT((ndo, ", (bad vrrp cksum %x)",
146 EXTRACT_16BITS(&bp[6])));
147 }
148
149 if (version == 3 && ND_TTEST2(bp[0], len)) {
150 uint16_t cksum = nextproto4_cksum(ndo, (struct ip *)bp2, bp,
151 len, len, IPPROTO_VRRP);
152 if (cksum)
153 ND_PRINT((ndo, ", (bad vrrp cksum %x)",
154 EXTRACT_16BITS(&bp[6])));
155 }
156
157 ND_PRINT((ndo, ", addrs"));
158 if (naddrs > 1)
159 ND_PRINT((ndo, "(%d)", naddrs));
160 ND_PRINT((ndo, ":"));
161 c = ' ';
162 bp += 8;
163 for (i = 0; i < naddrs; i++) {
164 ND_TCHECK(bp[3]);
165 ND_PRINT((ndo, "%c%s", c, ipaddr_string(ndo, bp)));
166 c = ',';
167 bp += 4;
168 }
169 if (version == 2 && auth_type == VRRP_AUTH_SIMPLE) { /* simple text password */
170 ND_TCHECK(bp[7]);
171 ND_PRINT((ndo, " auth \""));
172 if (fn_printn(ndo, bp, 8, ndo->ndo_snapend)) {
173 ND_PRINT((ndo, "\""));
174 goto trunc;
175 }
176 ND_PRINT((ndo, "\""));
177 }
178 }
179 return;
180 trunc:
181 ND_PRINT((ndo, "[|vrrp]"));
182 }
183