1*05b00f60SXin Li /*
2*05b00f60SXin Li * Copyright (c) 2000 William C. Fenner.
3*05b00f60SXin Li * All rights reserved.
4*05b00f60SXin Li *
5*05b00f60SXin Li * Kevin Steves <[email protected]> July 2000
6*05b00f60SXin Li * Modified to:
7*05b00f60SXin Li * - print version, type string and packet length
8*05b00f60SXin Li * - print IP address count if > 1 (-v)
9*05b00f60SXin Li * - verify checksum (-v)
10*05b00f60SXin Li * - print authentication string (-v)
11*05b00f60SXin Li *
12*05b00f60SXin Li * Redistribution and use in source and binary forms, with or without
13*05b00f60SXin Li * modification, are permitted provided that: (1) source code
14*05b00f60SXin Li * distributions retain the above copyright notice and this paragraph
15*05b00f60SXin Li * in its entirety, and (2) distributions including binary code include
16*05b00f60SXin Li * the above copyright notice and this paragraph in its entirety in
17*05b00f60SXin Li * the documentation or other materials provided with the distribution.
18*05b00f60SXin Li * The name of William C. Fenner may not be used to endorse or
19*05b00f60SXin Li * promote products derived from this software without specific prior
20*05b00f60SXin Li * written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND
21*05b00f60SXin Li * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
22*05b00f60SXin Li * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23*05b00f60SXin Li * FOR A PARTICULAR PURPOSE.
24*05b00f60SXin Li */
25*05b00f60SXin Li
26*05b00f60SXin Li /* \summary: Virtual Router Redundancy Protocol (VRRP) printer */
27*05b00f60SXin Li
28*05b00f60SXin Li #ifdef HAVE_CONFIG_H
29*05b00f60SXin Li #include <config.h>
30*05b00f60SXin Li #endif
31*05b00f60SXin Li
32*05b00f60SXin Li #include "netdissect-stdinc.h"
33*05b00f60SXin Li
34*05b00f60SXin Li #include "netdissect.h"
35*05b00f60SXin Li #include "extract.h"
36*05b00f60SXin Li #include "addrtoname.h"
37*05b00f60SXin Li
38*05b00f60SXin Li #include "ip.h"
39*05b00f60SXin Li #include "ipproto.h"
40*05b00f60SXin Li /*
41*05b00f60SXin Li * RFC 2338 (VRRP v2):
42*05b00f60SXin Li *
43*05b00f60SXin Li * 0 1 2 3
44*05b00f60SXin Li * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
45*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
46*05b00f60SXin Li * |Version| Type | Virtual Rtr ID| Priority | Count IP Addrs|
47*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
48*05b00f60SXin Li * | Auth Type | Adver Int | Checksum |
49*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
50*05b00f60SXin Li * | IP Address (1) |
51*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
52*05b00f60SXin Li * | . |
53*05b00f60SXin Li * | . |
54*05b00f60SXin Li * | . |
55*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56*05b00f60SXin Li * | IP Address (n) |
57*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58*05b00f60SXin Li * | Authentication Data (1) |
59*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60*05b00f60SXin Li * | Authentication Data (2) |
61*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62*05b00f60SXin Li *
63*05b00f60SXin Li *
64*05b00f60SXin Li * RFC 5798 (VRRP v3):
65*05b00f60SXin Li *
66*05b00f60SXin Li * 0 1 2 3
67*05b00f60SXin Li * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
68*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
69*05b00f60SXin Li * | IPv4 Fields or IPv6 Fields |
70*05b00f60SXin Li * ... ...
71*05b00f60SXin Li * | |
72*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
73*05b00f60SXin Li * |Version| Type | Virtual Rtr ID| Priority |Count IPvX Addr|
74*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
75*05b00f60SXin Li * |(rsvd) | Max Adver Int | Checksum |
76*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
77*05b00f60SXin Li * | |
78*05b00f60SXin Li * + +
79*05b00f60SXin Li * | IPvX Address(es) |
80*05b00f60SXin Li * + +
81*05b00f60SXin Li * | |
82*05b00f60SXin Li * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
83*05b00f60SXin Li */
84*05b00f60SXin Li
85*05b00f60SXin Li /* Type */
86*05b00f60SXin Li #define VRRP_TYPE_ADVERTISEMENT 1
87*05b00f60SXin Li
88*05b00f60SXin Li static const struct tok type2str[] = {
89*05b00f60SXin Li { VRRP_TYPE_ADVERTISEMENT, "Advertisement" },
90*05b00f60SXin Li { 0, NULL }
91*05b00f60SXin Li };
92*05b00f60SXin Li
93*05b00f60SXin Li /* Auth Type */
94*05b00f60SXin Li #define VRRP_AUTH_NONE 0
95*05b00f60SXin Li #define VRRP_AUTH_SIMPLE 1
96*05b00f60SXin Li #define VRRP_AUTH_AH 2
97*05b00f60SXin Li
98*05b00f60SXin Li static const struct tok auth2str[] = {
99*05b00f60SXin Li { VRRP_AUTH_NONE, "none" },
100*05b00f60SXin Li { VRRP_AUTH_SIMPLE, "simple" },
101*05b00f60SXin Li { VRRP_AUTH_AH, "ah" },
102*05b00f60SXin Li { 0, NULL }
103*05b00f60SXin Li };
104*05b00f60SXin Li
105*05b00f60SXin Li void
vrrp_print(netdissect_options * ndo,const u_char * bp,u_int len,const u_char * bp2,int ttl,int ver)106*05b00f60SXin Li vrrp_print(netdissect_options *ndo,
107*05b00f60SXin Li const u_char *bp, u_int len,
108*05b00f60SXin Li const u_char *bp2, int ttl,
109*05b00f60SXin Li int ver)
110*05b00f60SXin Li {
111*05b00f60SXin Li int version, type, auth_type = VRRP_AUTH_NONE; /* keep compiler happy */
112*05b00f60SXin Li const char *type_s;
113*05b00f60SXin Li
114*05b00f60SXin Li ndo->ndo_protocol = "vrrp";
115*05b00f60SXin Li nd_print_protocol_caps(ndo);
116*05b00f60SXin Li version = (GET_U_1(bp) & 0xf0) >> 4;
117*05b00f60SXin Li type = GET_U_1(bp) & 0x0f;
118*05b00f60SXin Li type_s = tok2str(type2str, "unknown type (%u)", type);
119*05b00f60SXin Li ND_PRINT("v%u, %s", version, type_s);
120*05b00f60SXin Li if (ttl != 255)
121*05b00f60SXin Li ND_PRINT(", (ttl %u)", ttl);
122*05b00f60SXin Li if (version < 2 || version > 3 || type != VRRP_TYPE_ADVERTISEMENT)
123*05b00f60SXin Li return;
124*05b00f60SXin Li ND_PRINT(", vrid %u, prio %u", GET_U_1(bp + 1), GET_U_1(bp + 2));
125*05b00f60SXin Li
126*05b00f60SXin Li if (version == 2) {
127*05b00f60SXin Li auth_type = GET_U_1(bp + 4);
128*05b00f60SXin Li ND_PRINT(", authtype %s", tok2str(auth2str, NULL, auth_type));
129*05b00f60SXin Li ND_PRINT(", intvl %us, length %u", GET_U_1(bp + 5), len);
130*05b00f60SXin Li } else { /* version == 3 */
131*05b00f60SXin Li uint16_t intvl = (GET_U_1(bp + 4) & 0x0f) << 8 | GET_U_1(bp + 5);
132*05b00f60SXin Li ND_PRINT(", intvl %ucs, length %u", intvl, len);
133*05b00f60SXin Li }
134*05b00f60SXin Li
135*05b00f60SXin Li if (ndo->ndo_vflag) {
136*05b00f60SXin Li u_int naddrs = GET_U_1(bp + 3);
137*05b00f60SXin Li u_int i;
138*05b00f60SXin Li char c;
139*05b00f60SXin Li
140*05b00f60SXin Li if (version == 2 && ND_TTEST_LEN(bp, len)) {
141*05b00f60SXin Li struct cksum_vec vec[1];
142*05b00f60SXin Li
143*05b00f60SXin Li vec[0].ptr = bp;
144*05b00f60SXin Li vec[0].len = len;
145*05b00f60SXin Li if (in_cksum(vec, 1))
146*05b00f60SXin Li ND_PRINT(", (bad vrrp cksum %x)",
147*05b00f60SXin Li GET_BE_U_2(bp + 6));
148*05b00f60SXin Li }
149*05b00f60SXin Li
150*05b00f60SXin Li if (version == 3 && ND_TTEST_LEN(bp, len)) {
151*05b00f60SXin Li uint16_t cksum;
152*05b00f60SXin Li
153*05b00f60SXin Li if (ver == 4)
154*05b00f60SXin Li cksum = nextproto4_cksum(ndo, (const struct ip *)bp2, bp,
155*05b00f60SXin Li len, len, IPPROTO_VRRP);
156*05b00f60SXin Li else
157*05b00f60SXin Li cksum = nextproto6_cksum(ndo, (const struct ip6_hdr *)bp2, bp,
158*05b00f60SXin Li len, len, IPPROTO_VRRP);
159*05b00f60SXin Li if (cksum)
160*05b00f60SXin Li ND_PRINT(", (bad vrrp cksum %x)",
161*05b00f60SXin Li GET_BE_U_2(bp + 6));
162*05b00f60SXin Li }
163*05b00f60SXin Li
164*05b00f60SXin Li ND_PRINT(", addrs");
165*05b00f60SXin Li if (naddrs > 1)
166*05b00f60SXin Li ND_PRINT("(%u)", naddrs);
167*05b00f60SXin Li ND_PRINT(":");
168*05b00f60SXin Li c = ' ';
169*05b00f60SXin Li bp += 8;
170*05b00f60SXin Li for (i = 0; i < naddrs; i++) {
171*05b00f60SXin Li if (ver == 4) {
172*05b00f60SXin Li ND_PRINT("%c%s", c, GET_IPADDR_STRING(bp));
173*05b00f60SXin Li bp += 4;
174*05b00f60SXin Li } else {
175*05b00f60SXin Li ND_PRINT("%c%s", c, GET_IP6ADDR_STRING(bp));
176*05b00f60SXin Li bp += 16;
177*05b00f60SXin Li }
178*05b00f60SXin Li c = ',';
179*05b00f60SXin Li }
180*05b00f60SXin Li if (version == 2 && auth_type == VRRP_AUTH_SIMPLE) { /* simple text password */
181*05b00f60SXin Li ND_PRINT(" auth \"");
182*05b00f60SXin Li /*
183*05b00f60SXin Li * RFC 2338 Section 5.3.10: "If the configured authentication string
184*05b00f60SXin Li * is shorter than 8 bytes, the remaining space MUST be zero-filled.
185*05b00f60SXin Li */
186*05b00f60SXin Li nd_printjnp(ndo, bp, 8);
187*05b00f60SXin Li ND_PRINT("\"");
188*05b00f60SXin Li }
189*05b00f60SXin Li }
190*05b00f60SXin Li }
191