1 /*
2 * Copyright (C) 2000 Alfredo Andres Omella. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 * 3. The names of the authors may not be used to endorse or promote
15 * products derived from this software without specific prior
16 * written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22
23 /* \summary: Radius protocol printer */
24
25 /*
26 * Radius printer routines as specified on:
27 *
28 * RFC 2865:
29 * "Remote Authentication Dial In User Service (RADIUS)"
30 *
31 * RFC 2866:
32 * "RADIUS Accounting"
33 *
34 * RFC 2867:
35 * "RADIUS Accounting Modifications for Tunnel Protocol Support"
36 *
37 * RFC 2868:
38 * "RADIUS Attributes for Tunnel Protocol Support"
39 *
40 * RFC 2869:
41 * "RADIUS Extensions"
42 *
43 * RFC 3162:
44 * "RADIUS and IPv6"
45 *
46 * RFC 3580:
47 * "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS)"
48 * "Usage Guidelines"
49 *
50 * RFC 4072:
51 * "Diameter Extensible Authentication Protocol (EAP) Application"
52 *
53 * RFC 4675:
54 * "RADIUS Attributes for Virtual LAN and Priority Support"
55 *
56 * RFC 4818:
57 * "RADIUS Delegated-IPv6-Prefix Attribute"
58 *
59 * RFC 4849:
60 * "RADIUS Filter Rule Attribute"
61 *
62 * RFC 5090:
63 * "RADIUS Extension for Digest Authentication"
64 *
65 * RFC 5176:
66 * "Dynamic Authorization Extensions to RADIUS"
67 *
68 * RFC 5447:
69 * "Diameter Mobile IPv6"
70 *
71 * RFC 5580:
72 * "Carrying Location Objects in RADIUS and Diameter"
73 *
74 * RFC 6572:
75 * "RADIUS Support for Proxy Mobile IPv6"
76 *
77 * RFC 7155:
78 * "Diameter Network Access Server Application"
79 *
80 * Alfredo Andres Omella (aandres@s21sec.com) v0.1 2000/09/15
81 *
82 * TODO: Among other things to print ok MacIntosh and Vendor values
83 */
84
85 #ifdef HAVE_CONFIG_H
86 #include <config.h>
87 #endif
88
89 #include "netdissect-stdinc.h"
90
91 #include <string.h>
92
93 #include "netdissect-ctype.h"
94
95 #include "netdissect.h"
96 #include "addrtoname.h"
97 #include "extract.h"
98 #include "oui.h"
99 #include "ntp.h"
100
101
102 #define TAM_SIZE(x) (sizeof(x)/sizeof(x[0]) )
103
104 #define PRINT_HEX(bytes_len, ptr_data) \
105 while(bytes_len) \
106 { \
107 ND_PRINT("%02X", *ptr_data ); \
108 ptr_data++; \
109 bytes_len--; \
110 }
111
112
113 /* Radius packet codes */
114 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-27 */
115 #define RADCMD_ACCESS_REQ 1 /* Access-Request */
116 #define RADCMD_ACCESS_ACC 2 /* Access-Accept */
117 #define RADCMD_ACCESS_REJ 3 /* Access-Reject */
118 #define RADCMD_ACCOUN_REQ 4 /* Accounting-Request */
119 #define RADCMD_ACCOUN_RES 5 /* Accounting-Response */
120 #define RADCMD_ACCESS_CHA 11 /* Access-Challenge */
121 #define RADCMD_STATUS_SER 12 /* Status-Server */
122 #define RADCMD_STATUS_CLI 13 /* Status-Client */
123 #define RADCMD_DISCON_REQ 40 /* Disconnect-Request */
124 #define RADCMD_DISCON_ACK 41 /* Disconnect-ACK */
125 #define RADCMD_DISCON_NAK 42 /* Disconnect-NAK */
126 #define RADCMD_COA_REQ 43 /* CoA-Request */
127 #define RADCMD_COA_ACK 44 /* CoA-ACK */
128 #define RADCMD_COA_NAK 45 /* CoA-NAK */
129 #define RADCMD_RESERVED 255 /* Reserved */
130
131 static const struct tok radius_command_values[] = {
132 { RADCMD_ACCESS_REQ, "Access-Request" },
133 { RADCMD_ACCESS_ACC, "Access-Accept" },
134 { RADCMD_ACCESS_REJ, "Access-Reject" },
135 { RADCMD_ACCOUN_REQ, "Accounting-Request" },
136 { RADCMD_ACCOUN_RES, "Accounting-Response" },
137 { RADCMD_ACCESS_CHA, "Access-Challenge" },
138 { RADCMD_STATUS_SER, "Status-Server" },
139 { RADCMD_STATUS_CLI, "Status-Client" },
140 { RADCMD_DISCON_REQ, "Disconnect-Request" },
141 { RADCMD_DISCON_ACK, "Disconnect-ACK" },
142 { RADCMD_DISCON_NAK, "Disconnect-NAK" },
143 { RADCMD_COA_REQ, "CoA-Request" },
144 { RADCMD_COA_ACK, "CoA-ACK" },
145 { RADCMD_COA_NAK, "CoA-NAK" },
146 { RADCMD_RESERVED, "Reserved" },
147 { 0, NULL}
148 };
149
150 /********************************/
151 /* Begin Radius Attribute types */
152 /********************************/
153 #define SERV_TYPE 6
154 #define FRM_IPADDR 8
155 #define LOG_IPHOST 14
156 #define LOG_SERVICE 15
157 #define FRM_IPX 23
158 #define SESSION_TIMEOUT 27
159 #define IDLE_TIMEOUT 28
160 #define FRM_ATALK_LINK 37
161 #define FRM_ATALK_NETWORK 38
162
163 #define ACCT_DELAY 41
164 #define ACCT_SESSION_TIME 46
165
166 #define EGRESS_VLAN_ID 56
167 #define EGRESS_VLAN_NAME 58
168
169 #define TUNNEL_TYPE 64
170 #define TUNNEL_MEDIUM 65
171 #define TUNNEL_CLIENT_END 66
172 #define TUNNEL_SERVER_END 67
173 #define TUNNEL_PASS 69
174
175 #define ARAP_PASS 70
176 #define ARAP_FEATURES 71
177
178 #define EAP_MESSAGE 79
179
180 #define TUNNEL_PRIV_GROUP 81
181 #define TUNNEL_ASSIGN_ID 82
182 #define TUNNEL_PREFERENCE 83
183
184 #define ARAP_CHALLENGE_RESP 84
185 #define ACCT_INT_INTERVAL 85
186
187 #define TUNNEL_CLIENT_AUTH 90
188 #define TUNNEL_SERVER_AUTH 91
189
190 #define ERROR_CAUSE 101
191 /********************************/
192 /* End Radius Attribute types */
193 /********************************/
194
195 #define RFC4675_TAGGED 0x31
196 #define RFC4675_UNTAGGED 0x32
197
198 static const struct tok rfc4675_tagged[] = {
199 { RFC4675_TAGGED, "Tagged" },
200 { RFC4675_UNTAGGED, "Untagged" },
201 { 0, NULL}
202 };
203
204
205 static void print_attr_string(netdissect_options *, const u_char *, u_int, u_short );
206 static void print_attr_num(netdissect_options *, const u_char *, u_int, u_short );
207 static void print_vendor_attr(netdissect_options *, const u_char *, u_int, u_short );
208 static void print_attr_address(netdissect_options *, const u_char *, u_int, u_short);
209 static void print_attr_address6(netdissect_options *, const u_char *, u_int, u_short);
210 static void print_attr_netmask6(netdissect_options *, const u_char *, u_int, u_short);
211 static void print_attr_mip6_home_link_prefix(netdissect_options *, const u_char *, u_int, u_short);
212 static void print_attr_operator_name(netdissect_options *, const u_char *, u_int, u_short);
213 static void print_attr_location_information(netdissect_options *, const u_char *, u_int, u_short);
214 static void print_attr_location_data(netdissect_options *, const u_char *, u_int, u_short);
215 static void print_basic_location_policy_rules(netdissect_options *, const u_char *, u_int, u_short);
216 static void print_attr_time(netdissect_options *, const u_char *, u_int, u_short);
217 static void print_attr_vector64(netdissect_options *, register const u_char *, u_int, u_short);
218 static void print_attr_strange(netdissect_options *, const u_char *, u_int, u_short);
219
220
221 struct radius_hdr { nd_uint8_t code; /* Radius packet code */
222 nd_uint8_t id; /* Radius packet id */
223 nd_uint16_t len; /* Radius total length */
224 nd_byte auth[16]; /* Authenticator */
225 };
226
227 #define MIN_RADIUS_LEN 20
228
229 struct radius_attr { nd_uint8_t type; /* Attribute type */
230 nd_uint8_t len; /* Attribute length */
231 };
232
233
234 /* Service-Type Attribute standard values */
235 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-4 */
236 static const char *serv_type[]={ NULL,
237 "Login",
238 "Framed",
239 "Callback Login",
240 "Callback Framed",
241 "Outbound",
242 "Administrative",
243 "NAS Prompt",
244 "Authenticate Only",
245 "Callback NAS Prompt",
246 /* ^ [0, 9] ^ */
247 "Call Check",
248 "Callback Administrative",
249 "Voice",
250 "Fax",
251 "Modem Relay",
252 "IAPP-Register",
253 "IAPP-AP-Check",
254 "Authorize Only",
255 "Framed-Management",
256 "Additional-Authorization",
257 /* ^ [10, 19] ^ */
258 };
259
260 /* Framed-Protocol Attribute standard values */
261 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-5 */
262 static const char *frm_proto[]={ NULL,
263 "PPP",
264 "SLIP",
265 "ARAP",
266 "Gandalf proprietary",
267 "Xylogics IPX/SLIP",
268 "X.75 Synchronous",
269 "GPRS PDP Context",
270 };
271
272 /* Framed-Routing Attribute standard values */
273 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-6 */
274 static const char *frm_routing[]={ "None",
275 "Send",
276 "Listen",
277 "Send&Listen",
278 };
279
280 /* Framed-Compression Attribute standard values */
281 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-7 */
282 static const char *frm_comp[]={ "None",
283 "VJ TCP/IP",
284 "IPX",
285 "Stac-LZS",
286 };
287
288 /* Login-Service Attribute standard values */
289 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-8 */
290 static const char *login_serv[]={ "Telnet",
291 "Rlogin",
292 "TCP Clear",
293 "PortMaster(proprietary)",
294 "LAT",
295 "X.25-PAD",
296 "X.25-T3POS",
297 "Unassigned",
298 "TCP Clear Quiet",
299 };
300
301
302 /* Termination-Action Attribute standard values */
303 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-9 */
304 static const char *term_action[]={ "Default",
305 "RADIUS-Request",
306 };
307
308 /* Ingress-Filters Attribute standard values */
309 static const char *ingress_filters[]={ NULL,
310 "Enabled",
311 "Disabled",
312 };
313
314 /* NAS-Port-Type Attribute standard values */
315 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-13 */
316 static const char *nas_port_type[]={ "Async",
317 "Sync",
318 "ISDN Sync",
319 "ISDN Async V.120",
320 "ISDN Async V.110",
321 "Virtual",
322 "PIAFS",
323 "HDLC Clear Channel",
324 "X.25",
325 "X.75",
326 /* ^ [0, 9] ^ */
327 "G.3 Fax",
328 "SDSL",
329 "ADSL-CAP",
330 "ADSL-DMT",
331 "ISDN-DSL",
332 "Ethernet",
333 "xDSL",
334 "Cable",
335 "Wireless - Other",
336 "Wireless - IEEE 802.11",
337 /* ^ [10, 19] ^ */
338 "Token-Ring",
339 "FDDI",
340 "Wireless - CDMA200",
341 "Wireless - UMTS",
342 "Wireless - 1X-EV",
343 "IAPP",
344 "FTTP",
345 "Wireless - IEEE 802.16",
346 "Wireless - IEEE 802.20",
347 "Wireless - IEEE 802.22",
348 /* ^ [20, 29] ^ */
349 "PPPoA",
350 "PPPoEoA",
351 "PPPoEoE",
352 "PPPoEoVLAN",
353 "PPPoEoQinQ",
354 "xPON",
355 "Wireless - XGP",
356 "WiMAX Pre-Release 8 IWK Function",
357 "WIMAX-WIFI-IWK",
358 "WIMAX-SFF",
359 /* ^ [30, 39] ^ */
360 "WIMAX-HA-LMA",
361 "WIMAX-DHCP",
362 "WIMAX-LBS",
363 "WIMAX-WVS",
364 };
365
366 /* Acct-Status-Type Accounting Attribute standard values */
367 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-10 */
368 static const char *acct_status[]={ NULL,
369 "Start",
370 "Stop",
371 "Interim-Update",
372 "Unassigned",
373 "Unassigned",
374 "Unassigned",
375 "Accounting-On",
376 "Accounting-Off",
377 "Tunnel-Start",
378 /* ^ [0, 9] ^ */
379 "Tunnel-Stop",
380 "Tunnel-Reject",
381 "Tunnel-Link-Start",
382 "Tunnel-Link-Stop",
383 "Tunnel-Link-Reject",
384 "Failed",
385 };
386
387 /* Acct-Authentic Accounting Attribute standard values */
388 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-11 */
389 static const char *acct_auth[]={ NULL,
390 "RADIUS",
391 "Local",
392 "Remote",
393 "Diameter",
394 };
395
396 /* Acct-Terminate-Cause Accounting Attribute standard values */
397 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-12 */
398 static const char *acct_term[]={ NULL,
399 "User Request",
400 "Lost Carrier",
401 "Lost Service",
402 "Idle Timeout",
403 "Session Timeout",
404 "Admin Reset",
405 "Admin Reboot",
406 "Port Error",
407 "NAS Error",
408 /* ^ [0, 9] ^ */
409 "NAS Request",
410 "NAS Reboot",
411 "Port Unneeded",
412 "Port Preempted",
413 "Port Suspended",
414 "Service Unavailable",
415 "Callback",
416 "User Error",
417 "Host Request",
418 "Supplicant Restart",
419 /* ^ [10, 19] ^ */
420 "Reauthentication Failure",
421 "Port Reinitialized",
422 "Port Administratively Disabled",
423 "Lost Power",
424 };
425
426 /* Tunnel-Type Attribute standard values */
427 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-14 */
428 static const char *tunnel_type[]={ NULL,
429 "PPTP",
430 "L2F",
431 "L2TP",
432 "ATMP",
433 "VTP",
434 "AH",
435 "IP-IP",
436 "MIN-IP-IP",
437 "ESP",
438 /* ^ [0, 9] ^ */
439 "GRE",
440 "DVS",
441 "IP-in-IP Tunneling",
442 "VLAN",
443 };
444
445 /* Tunnel-Medium-Type Attribute standard values */
446 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-15 */
447 static const char *tunnel_medium[]={ NULL,
448 "IPv4",
449 "IPv6",
450 "NSAP",
451 "HDLC",
452 "BBN 1822",
453 "802",
454 "E.163",
455 "E.164",
456 "F.69",
457 /* ^ [0, 9] ^ */
458 "X.121",
459 "IPX",
460 "Appletalk",
461 "Decnet IV",
462 "Banyan Vines",
463 "E.164 with NSAP subaddress",
464 };
465
466 /* ARAP-Zone-Access Attribute standard values */
467 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-16 */
468 static const char *arap_zone[]={ NULL,
469 "Only access to dfl zone",
470 "Use zone filter inc.",
471 "Not used",
472 "Use zone filter exc.",
473 };
474
475 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-17 */
476 static const char *prompt[]={ "No Echo",
477 "Echo",
478 };
479
480 /* Error-Cause standard values */
481 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-18 */
482 #define ERROR_CAUSE_RESIDUAL_CONTEXT_REMOVED 201
483 #define ERROR_CAUSE_INVALID_EAP_PACKET 202
484 #define ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE 401
485 #define ERROR_CAUSE_MISSING_ATTRIBUTE 402
486 #define ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH 403
487 #define ERROR_CAUSE_INVALID_REQUEST 404
488 #define ERROR_CAUSE_UNSUPPORTED_SERVICE 405
489 #define ERROR_CAUSE_UNSUPPORTED_EXTENSION 406
490 #define ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE 407
491 #define ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED 501
492 #define ERROR_CAUSE_PROXY_REQUEST_NOT_ROUTABLE 502
493 #define ERROR_CAUSE_SESSION_CONTEXT_NOT_FOUND 503
494 #define ERROR_CAUSE_SESSION_CONTEXT_NOT_REMOVABLE 504
495 #define ERROR_CAUSE_PROXY_PROCESSING_ERROR 505
496 #define ERROR_CAUSE_RESOURCES_UNAVAILABLE 506
497 #define ERROR_CAUSE_REQUEST_INITIATED 507
498 #define ERROR_CAUSE_MULTIPLE_SESSION_SELECTION_UNSUPPORTED 508
499 #define ERROR_CAUSE_LOCATION_INFO_REQUIRED 509
500 static const struct tok errorcausetype[] = {
501 { ERROR_CAUSE_RESIDUAL_CONTEXT_REMOVED, "Residual Session Context Removed" },
502 { ERROR_CAUSE_INVALID_EAP_PACKET, "Invalid EAP Packet (Ignored)" },
503 { ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE, "Unsupported Attribute" },
504 { ERROR_CAUSE_MISSING_ATTRIBUTE, "Missing Attribute" },
505 { ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH, "NAS Identification Mismatch" },
506 { ERROR_CAUSE_INVALID_REQUEST, "Invalid Request" },
507 { ERROR_CAUSE_UNSUPPORTED_SERVICE, "Unsupported Service" },
508 { ERROR_CAUSE_UNSUPPORTED_EXTENSION, "Unsupported Extension" },
509 { ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE, "Invalid Attribute Value" },
510 { ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED, "Administratively Prohibited" },
511 { ERROR_CAUSE_PROXY_REQUEST_NOT_ROUTABLE, "Request Not Routable (Proxy)" },
512 { ERROR_CAUSE_SESSION_CONTEXT_NOT_FOUND, "Session Context Not Found" },
513 { ERROR_CAUSE_SESSION_CONTEXT_NOT_REMOVABLE, "Session Context Not Removable" },
514 { ERROR_CAUSE_PROXY_PROCESSING_ERROR, "Other Proxy Processing Error" },
515 { ERROR_CAUSE_RESOURCES_UNAVAILABLE, "Resources Unavailable" },
516 { ERROR_CAUSE_REQUEST_INITIATED, "Request Initiated" },
517 { ERROR_CAUSE_MULTIPLE_SESSION_SELECTION_UNSUPPORTED, "Multiple Session Selection Unsupported" },
518 { ERROR_CAUSE_LOCATION_INFO_REQUIRED, "Location Info Required" },
519 { 0, NULL }
520 };
521
522 /* MIP6-Feature-Vector standard values */
523 /* https://www.iana.org/assignments/aaa-parameters/aaa-parameters.xhtml */
524 #define MIP6_INTEGRATED 0x0000000000000001
525 #define LOCAL_HOME_AGENT_ASSIGNMENT 0x0000000000000002
526 #define PMIP6_SUPPORTED 0x0000010000000000
527 #define IP4_HOA_SUPPORTED 0x0000020000000000
528 #define LOCAL_MAG_ROUTING_SUPPORTED 0x0000040000000000
529 #define ASSIGN_LOCAL_IP 0x0000080000000000
530 #define MIP4_SUPPORTED 0x0000100000000000
531 #define OPTIMIZED_IDLE_MODE_MOBILITY 0x0000200000000000
532 #define GTPv2_SUPPORTED 0x0000400000000000
533 #define IP4_TRANSPORT_SUPPORTED 0x0000800000000000
534 #define IP4_HOA_ONLY_SUPPORTED 0x0001000000000000
535 #define INTER_MAG_ROUTING_SUPPORTED 0x0002000000000000
536 static const struct mip6_feature_vector {
537 uint64_t v;
538 const char *s;
539 } mip6_feature_vector[] = {
540 { MIP6_INTEGRATED, "MIP6_INTEGRATED" },
541 { LOCAL_HOME_AGENT_ASSIGNMENT, "LOCAL_HOME_AGENT_ASSIGNMENT" },
542 { PMIP6_SUPPORTED, "PMIP6_SUPPORTED" },
543 { IP4_HOA_SUPPORTED, "IP4_HOA_SUPPORTED" },
544 { LOCAL_MAG_ROUTING_SUPPORTED, "LOCAL_MAG_ROUTING_SUPPORTED" },
545 { ASSIGN_LOCAL_IP, "ASSIGN_LOCAL_IP" },
546 { MIP4_SUPPORTED, "MIP4_SUPPORTED" },
547 { OPTIMIZED_IDLE_MODE_MOBILITY, "OPTIMIZED_IDLE_MODE_MOBILITY" },
548 { GTPv2_SUPPORTED, "GTPv2_SUPPORTED" },
549 { IP4_TRANSPORT_SUPPORTED, "IP4_TRANSPORT_SUPPORTED" },
550 { IP4_HOA_ONLY_SUPPORTED, "IP4_HOA_ONLY_SUPPORTED" },
551 { INTER_MAG_ROUTING_SUPPORTED, "INTER_MAG_ROUTING_SUPPORTED" },
552 };
553
554 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-19 */
555 #define OPERATOR_NAME_TADIG 0x30
556 #define OPERATOR_NAME_REALM 0x31
557 #define OPERATOR_NAME_E212 0x32
558 #define OPERATOR_NAME_ICC 0x33
559 static const struct tok operator_name_vector[] = {
560 { OPERATOR_NAME_TADIG, "TADIG" },
561 { OPERATOR_NAME_REALM, "REALM" },
562 { OPERATOR_NAME_E212, "E212" },
563 { OPERATOR_NAME_ICC, "ICC" },
564 { 0, NULL }
565 };
566
567 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-20 */
568 #define LOCATION_INFORMATION_CODE_CIVIC 0
569 #define LOCATION_INFORMATION_CODE_GEOSPATIAL 1
570 static const struct tok location_information_code_vector[] = {
571 { LOCATION_INFORMATION_CODE_CIVIC , "Civic" },
572 { LOCATION_INFORMATION_CODE_GEOSPATIAL, "Geospatial" },
573 { 0, NULL }
574 };
575
576 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-21 */
577 #define LOCATION_INFORMATION_ENTITY_USER 0
578 #define LOCATION_INFORMATION_ENTITY_RADIUS 1
579 static const struct tok location_information_entity_vector[] = {
580 { LOCATION_INFORMATION_ENTITY_USER, "User" },
581 { LOCATION_INFORMATION_ENTITY_RADIUS, "RADIUS" },
582 { 0, NULL }
583 };
584
585 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-22 */
586 static const struct tok blpr_bm[] = {
587 { 0x0001, "MBZ-15" },
588 { 0x0002, "MBZ-14" },
589 { 0x0004, "MBZ-13" },
590 { 0x0008, "MBZ-12" },
591 { 0x0010, "MBZ-11" },
592 { 0x0020, "MBZ-10" },
593 { 0x0040, "MBZ-9" },
594 { 0x0080, "MBZ-8" },
595 { 0x0100, "MBZ-7" },
596 { 0x0200, "MBZ-6" },
597 { 0x0400, "MBZ-5" },
598 { 0x0800, "MBZ-4" },
599 { 0x1000, "MBZ-3" },
600 { 0x2000, "MBZ-2" },
601 { 0x4000, "MBZ-1" },
602 { 0x8000, "Retransmission Allowed" },
603 { 0, NULL }
604 };
605
606 /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-2 */
607 static const struct attrtype {
608 const char *name; /* Attribute name */
609 const char **subtypes; /* Standard Values (if any) */
610 u_char siz_subtypes; /* Size of total standard values */
611 u_char first_subtype; /* First standard value is 0 or 1 */
612 void (*print_func)(netdissect_options *, const u_char *, u_int, u_short);
613 } attr_type[]=
614 {
615 { NULL, NULL, 0, 0, NULL },
616 { "User-Name", NULL, 0, 0, print_attr_string },
617 { "User-Password", NULL, 0, 0, NULL },
618 { "CHAP-Password", NULL, 0, 0, NULL },
619 { "NAS-IP-Address", NULL, 0, 0, print_attr_address },
620 { "NAS-Port", NULL, 0, 0, print_attr_num },
621 { "Service-Type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num },
622 { "Framed-Protocol", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num },
623 { "Framed-IP-Address", NULL, 0, 0, print_attr_address },
624 { "Framed-IP-Netmask", NULL, 0, 0, print_attr_address },
625 /* ^ [0, 9] ^ */
626 { "Framed-Routing", frm_routing, TAM_SIZE(frm_routing), 0, print_attr_num },
627 { "Filter-Id", NULL, 0, 0, print_attr_string },
628 { "Framed-MTU", NULL, 0, 0, print_attr_num },
629 { "Framed-Compression", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num },
630 { "Login-IP-Host", NULL, 0, 0, print_attr_address },
631 { "Login-Service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num },
632 { "Login-TCP-Port", NULL, 0, 0, print_attr_num },
633 { "Unassigned", NULL, 0, 0, NULL }, /*17*/
634 { "Reply-Message", NULL, 0, 0, print_attr_string },
635 { "Callback-Number", NULL, 0, 0, print_attr_string },
636 /* ^ [10, 19] ^ */
637 { "Callback-Id", NULL, 0, 0, print_attr_string },
638 { "Unassigned", NULL, 0, 0, NULL }, /*21*/
639 { "Framed-Route", NULL, 0, 0, print_attr_string },
640 { "Framed-IPX-Network", NULL, 0, 0, print_attr_num },
641 { "State", NULL, 0, 0, print_attr_string },
642 { "Class", NULL, 0, 0, print_attr_string },
643 { "Vendor-Specific", NULL, 0, 0, print_vendor_attr },
644 { "Session-Timeout", NULL, 0, 0, print_attr_num },
645 { "Idle-Timeout", NULL, 0, 0, print_attr_num },
646 { "Termination-Action", term_action, TAM_SIZE(term_action), 0, print_attr_num },
647 /* ^ [20, 29] ^ */
648 { "Called-Station-Id", NULL, 0, 0, print_attr_string },
649 { "Calling-Station-Id", NULL, 0, 0, print_attr_string },
650 { "NAS-Identifier", NULL, 0, 0, print_attr_string },
651 { "Proxy-State", NULL, 0, 0, print_attr_string },
652 { "Login-LAT-Service", NULL, 0, 0, print_attr_string },
653 { "Login-LAT-Node", NULL, 0, 0, print_attr_string },
654 { "Login-LAT-Group", NULL, 0, 0, print_attr_string },
655 { "Framed-AppleTalk-Link", NULL, 0, 0, print_attr_num },
656 { "Framed-AppleTalk-Network", NULL, 0, 0, print_attr_num },
657 { "Framed-AppleTalk-Zone", NULL, 0, 0, print_attr_string },
658 /* ^ [30, 39] ^ */
659 { "Acct-Status-Type", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num },
660 { "Acct-Delay-Time", NULL, 0, 0, print_attr_num },
661 { "Acct-Input-Octets", NULL, 0, 0, print_attr_num },
662 { "Acct-Output-Octets", NULL, 0, 0, print_attr_num },
663 { "Acct-Session-Id", NULL, 0, 0, print_attr_string },
664 { "Acct-Authentic", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num },
665 { "Acct-Session-Time", NULL, 0, 0, print_attr_num },
666 { "Acct-Input-Packets", NULL, 0, 0, print_attr_num },
667 { "Acct-Output-Packets", NULL, 0, 0, print_attr_num },
668 { "Acct-Terminate-Cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num },
669 /* ^ [40, 49] ^ */
670 { "Acct-Multi-Session-Id", NULL, 0, 0, print_attr_string },
671 { "Acct-Link-Count", NULL, 0, 0, print_attr_num },
672 { "Acct-Input-Gigawords", NULL, 0, 0, print_attr_num },
673 { "Acct-Output-Gigawords", NULL, 0, 0, print_attr_num },
674 { "Unassigned", NULL, 0, 0, NULL }, /*54*/
675 { "Event-Timestamp", NULL, 0, 0, print_attr_time },
676 { "Egress-VLANID", NULL, 0, 0, print_attr_num },
677 { "Ingress-Filters", ingress_filters, TAM_SIZE(ingress_filters)-1, 1, print_attr_num },
678 { "Egress-VLAN-Name", NULL, 0, 0, print_attr_string },
679 { "User-Priority-Table", NULL, 0, 0, NULL },
680 /* ^ [50, 59] ^ */
681 { "CHAP-Challenge", NULL, 0, 0, print_attr_string },
682 { "NAS-Port-Type", nas_port_type, TAM_SIZE(nas_port_type), 0, print_attr_num },
683 { "Port-Limit", NULL, 0, 0, print_attr_num },
684 { "Login-LAT-Port", NULL, 0, 0, print_attr_string }, /*63*/
685 { "Tunnel-Type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num },
686 { "Tunnel-Medium-Type", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1, print_attr_num },
687 { "Tunnel-Client-Endpoint", NULL, 0, 0, print_attr_string },
688 { "Tunnel-Server-Endpoint", NULL, 0, 0, print_attr_string },
689 { "Acct-Tunnel-Connection", NULL, 0, 0, print_attr_string },
690 { "Tunnel-Password", NULL, 0, 0, print_attr_string },
691 /* ^ [60, 69] ^ */
692 { "ARAP-Password", NULL, 0, 0, print_attr_strange },
693 { "ARAP-Features", NULL, 0, 0, print_attr_strange },
694 { "ARAP-Zone-Access", arap_zone, TAM_SIZE(arap_zone)-1, 1, print_attr_num }, /*72*/
695 { "ARAP-Security", NULL, 0, 0, print_attr_string },
696 { "ARAP-Security-Data", NULL, 0, 0, print_attr_string },
697 { "Password-Retry", NULL, 0, 0, print_attr_num },
698 { "Prompt", prompt, TAM_SIZE(prompt), 0, print_attr_num },
699 { "Connect-Info", NULL, 0, 0, print_attr_string },
700 { "Configuration-Token", NULL, 0, 0, print_attr_string },
701 { "EAP-Message", NULL, 0, 0, print_attr_string },
702 /* ^ [70, 79] ^ */
703 { "Message-Authenticator", NULL, 0, 0, print_attr_string }, /*80*/
704 { "Tunnel-Private-Group-ID", NULL, 0, 0, print_attr_string },
705 { "Tunnel-Assignment-ID", NULL, 0, 0, print_attr_string },
706 { "Tunnel-Preference", NULL, 0, 0, print_attr_num },
707 { "ARAP-Challenge-Response", NULL, 0, 0, print_attr_strange },
708 { "Acct-Interim-Interval", NULL, 0, 0, print_attr_num },
709 { "Acct-Tunnel-Packets-Lost", NULL, 0, 0, print_attr_num }, /*86*/
710 { "NAS-Port-Id", NULL, 0, 0, print_attr_string },
711 { "Framed-Pool", NULL, 0, 0, print_attr_string },
712 { "CUI", NULL, 0, 0, print_attr_string },
713 /* ^ [80, 89] ^ */
714 { "Tunnel-Client-Auth-ID", NULL, 0, 0, print_attr_string },
715 { "Tunnel-Server-Auth-ID", NULL, 0, 0, print_attr_string },
716 { "NAS-Filter-Rule", NULL, 0, 0, print_attr_string },
717 { "Unassigned", NULL, 0, 0, NULL }, /*93*/
718 { "Originating-Line-Info", NULL, 0, 0, NULL },
719 { "NAS-IPv6-Address", NULL, 0, 0, print_attr_address6 },
720 { "Framed-Interface-ID", NULL, 0, 0, NULL },
721 { "Framed-IPv6-Prefix", NULL, 0, 0, print_attr_netmask6 },
722 { "Login-IPv6-Host", NULL, 0, 0, print_attr_address6 },
723 { "Framed-IPv6-Route", NULL, 0, 0, print_attr_string },
724 /* ^ [90, 99] ^ */
725 { "Framed-IPv6-Pool", NULL, 0, 0, print_attr_string },
726 { "Error-Cause", NULL, 0, 0, print_attr_strange },
727 { "EAP-Key-Name", NULL, 0, 0, NULL },
728 { "Digest-Response", NULL, 0, 0, print_attr_string },
729 { "Digest-Realm", NULL, 0, 0, print_attr_string },
730 { "Digest-Nonce", NULL, 0, 0, print_attr_string },
731 { "Digest-Response-Auth", NULL, 0, 0, print_attr_string },
732 { "Digest-Nextnonce", NULL, 0, 0, print_attr_string },
733 { "Digest-Method", NULL, 0, 0, print_attr_string },
734 { "Digest-URI", NULL, 0, 0, print_attr_string },
735 /* ^ [100, 109] ^ */
736 { "Digest-Qop", NULL, 0, 0, print_attr_string },
737 { "Digest-Algorithm", NULL, 0, 0, print_attr_string },
738 { "Digest-Entity-Body-Hash", NULL, 0, 0, print_attr_string },
739 { "Digest-CNonce", NULL, 0, 0, print_attr_string },
740 { "Digest-Nonce-Count", NULL, 0, 0, print_attr_string },
741 { "Digest-Username", NULL, 0, 0, print_attr_string },
742 { "Digest-Opaque", NULL, 0, 0, print_attr_string },
743 { "Digest-Auth-Param", NULL, 0, 0, print_attr_string },
744 { "Digest-AKA-Auts", NULL, 0, 0, print_attr_string },
745 { "Digest-Domain", NULL, 0, 0, print_attr_string },
746 /* ^ [110, 119] ^ */
747 { "Digest-Stale", NULL, 0, 0, print_attr_string },
748 { "Digest-HA1", NULL, 0, 0, print_attr_string },
749 { "SIP-AOR", NULL, 0, 0, print_attr_string },
750 { "Delegated-IPv6-Prefix", NULL, 0, 0, print_attr_netmask6 },
751 { "MIP6-Feature-Vector", NULL, 0, 0, print_attr_vector64 },
752 { "MIP6-Home-Link-Prefix", NULL, 0, 0, print_attr_mip6_home_link_prefix },
753 { "Operator-Name", NULL, 0, 0, print_attr_operator_name },
754 { "Location-Information", NULL, 0, 0, print_attr_location_information },
755 { "Location-Data", NULL, 0, 0, print_attr_location_data },
756 { "Basic-Location-Policy-Rules", NULL, 0, 0, print_basic_location_policy_rules }
757 /* ^ [120, 129] ^ */
758 };
759
760
761 /*****************************/
762 /* Print an attribute string */
763 /* value pointed by 'data' */
764 /* and 'length' size. */
765 /*****************************/
766 /* Returns nothing. */
767 /*****************************/
768 static void
print_attr_string(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code)769 print_attr_string(netdissect_options *ndo,
770 const u_char *data, u_int length, u_short attr_code)
771 {
772 u_int i;
773
774 ND_TCHECK_LEN(data, length);
775
776 switch(attr_code)
777 {
778 case TUNNEL_PASS:
779 if (length < 3)
780 goto trunc;
781 if (GET_U_1(data) && (GET_U_1(data) <= 0x1F))
782 ND_PRINT("Tag[%u] ", GET_U_1(data));
783 else
784 ND_PRINT("Tag[Unused] ");
785 data++;
786 length--;
787 ND_PRINT("Salt %u ", GET_BE_U_2(data));
788 data+=2;
789 length-=2;
790 break;
791 case TUNNEL_CLIENT_END:
792 case TUNNEL_SERVER_END:
793 case TUNNEL_PRIV_GROUP:
794 case TUNNEL_ASSIGN_ID:
795 case TUNNEL_CLIENT_AUTH:
796 case TUNNEL_SERVER_AUTH:
797 if (GET_U_1(data) <= 0x1F)
798 {
799 if (length < 1)
800 goto trunc;
801 if (GET_U_1(data))
802 ND_PRINT("Tag[%u] ", GET_U_1(data));
803 else
804 ND_PRINT("Tag[Unused] ");
805 data++;
806 length--;
807 }
808 break;
809 case EGRESS_VLAN_NAME:
810 if (length < 1)
811 goto trunc;
812 ND_PRINT("%s (0x%02x) ",
813 tok2str(rfc4675_tagged,"Unknown tag",GET_U_1(data)),
814 GET_U_1(data));
815 data++;
816 length--;
817 break;
818 case EAP_MESSAGE:
819 if (length < 1)
820 goto trunc;
821 eap_print(ndo, data, length);
822 return;
823 }
824
825 for (i=0; i < length && GET_U_1(data); i++, data++)
826 ND_PRINT("%c", ND_ASCII_ISPRINT(GET_U_1(data)) ? GET_U_1(data) : '.');
827
828 return;
829
830 trunc:
831 nd_print_trunc(ndo);
832 }
833
834 /*
835 * print vendor specific attributes
836 */
837 static void
print_vendor_attr(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)838 print_vendor_attr(netdissect_options *ndo,
839 const u_char *data, u_int length, u_short attr_code _U_)
840 {
841 u_int idx;
842 u_int vendor_id;
843 u_int vendor_type;
844 u_int vendor_length;
845
846 if (length < 4)
847 goto trunc;
848 vendor_id = GET_BE_U_4(data);
849 data+=4;
850 length-=4;
851
852 ND_PRINT("Vendor: %s (%u)",
853 tok2str(smi_values,"Unknown",vendor_id),
854 vendor_id);
855
856 while (length >= 2) {
857 vendor_type = GET_U_1(data);
858 vendor_length = GET_U_1(data + 1);
859
860 if (vendor_length < 2)
861 {
862 ND_PRINT("\n\t Vendor Attribute: %u, Length: %u (bogus, must be >= 2)",
863 vendor_type,
864 vendor_length);
865 return;
866 }
867 if (vendor_length > length)
868 {
869 ND_PRINT("\n\t Vendor Attribute: %u, Length: %u (bogus, goes past end of vendor-specific attribute)",
870 vendor_type,
871 vendor_length);
872 return;
873 }
874 data+=2;
875 vendor_length-=2;
876 length-=2;
877 ND_TCHECK_LEN(data, vendor_length);
878
879 ND_PRINT("\n\t Vendor Attribute: %u, Length: %u, Value: ",
880 vendor_type,
881 vendor_length);
882 for (idx = 0; idx < vendor_length ; idx++, data++)
883 ND_PRINT("%c", ND_ASCII_ISPRINT(GET_U_1(data)) ? GET_U_1(data) : '.');
884 length-=vendor_length;
885 }
886 return;
887
888 trunc:
889 nd_print_trunc(ndo);
890 }
891
892 /******************************/
893 /* Print an attribute numeric */
894 /* value pointed by 'data' */
895 /* and 'length' size. */
896 /******************************/
897 /* Returns nothing. */
898 /******************************/
899 static void
print_attr_num(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code)900 print_attr_num(netdissect_options *ndo,
901 const u_char *data, u_int length, u_short attr_code)
902 {
903 uint32_t timeout;
904
905 if (length != 4)
906 {
907 ND_PRINT("ERROR: length %u != 4", length);
908 return;
909 }
910
911 /* This attribute has standard values */
912 if (attr_type[attr_code].siz_subtypes)
913 {
914 static const char **table;
915 uint32_t data_value;
916 table = attr_type[attr_code].subtypes;
917
918 if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) )
919 {
920 if (!GET_U_1(data))
921 ND_PRINT("Tag[Unused] ");
922 else
923 ND_PRINT("Tag[%u] ", GET_U_1(data));
924 data++;
925 data_value = GET_BE_U_3(data);
926 }
927 else
928 {
929 data_value = GET_BE_U_4(data);
930 }
931 if ( data_value <= (uint32_t)(attr_type[attr_code].siz_subtypes - 1 +
932 attr_type[attr_code].first_subtype) &&
933 data_value >= attr_type[attr_code].first_subtype )
934 ND_PRINT("%s", table[data_value]);
935 else
936 ND_PRINT("#%u", data_value);
937 }
938 else
939 {
940 switch(attr_code) /* Be aware of special cases... */
941 {
942 case FRM_IPX:
943 if (GET_BE_U_4(data) == 0xFFFFFFFE )
944 ND_PRINT("NAS Select");
945 else
946 ND_PRINT("%u", GET_BE_U_4(data));
947 break;
948
949 case SESSION_TIMEOUT:
950 case IDLE_TIMEOUT:
951 case ACCT_DELAY:
952 case ACCT_SESSION_TIME:
953 case ACCT_INT_INTERVAL:
954 timeout = GET_BE_U_4(data);
955 if ( timeout < 60 )
956 ND_PRINT("%02d secs", timeout);
957 else
958 {
959 if ( timeout < 3600 )
960 ND_PRINT("%02d:%02d min",
961 timeout / 60, timeout % 60);
962 else
963 ND_PRINT("%02d:%02d:%02d hours",
964 timeout / 3600, (timeout % 3600) / 60,
965 timeout % 60);
966 }
967 break;
968
969 case FRM_ATALK_LINK:
970 if (GET_BE_U_4(data))
971 ND_PRINT("%u", GET_BE_U_4(data));
972 else
973 ND_PRINT("Unnumbered");
974 break;
975
976 case FRM_ATALK_NETWORK:
977 if (GET_BE_U_4(data))
978 ND_PRINT("%u", GET_BE_U_4(data));
979 else
980 ND_PRINT("NAS assigned");
981 break;
982
983 case TUNNEL_PREFERENCE:
984 if (GET_U_1(data))
985 ND_PRINT("Tag[%u] ", GET_U_1(data));
986 else
987 ND_PRINT("Tag[Unused] ");
988 data++;
989 ND_PRINT("%u", GET_BE_U_3(data));
990 break;
991
992 case EGRESS_VLAN_ID:
993 ND_PRINT("%s (0x%02x) ",
994 tok2str(rfc4675_tagged,"Unknown tag",GET_U_1(data)),
995 GET_U_1(data));
996 data++;
997 ND_PRINT("%u", GET_BE_U_3(data));
998 break;
999
1000 default:
1001 ND_PRINT("%u", GET_BE_U_4(data));
1002 break;
1003
1004 } /* switch */
1005
1006 } /* if-else */
1007 }
1008
1009 /*****************************/
1010 /* Print an attribute IPv4 */
1011 /* address value pointed by */
1012 /* 'data' and 'length' size. */
1013 /*****************************/
1014 /* Returns nothing. */
1015 /*****************************/
1016 static void
print_attr_address(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code)1017 print_attr_address(netdissect_options *ndo,
1018 const u_char *data, u_int length, u_short attr_code)
1019 {
1020 if (length != 4)
1021 {
1022 ND_PRINT("ERROR: length %u != 4", length);
1023 return;
1024 }
1025
1026 switch(attr_code)
1027 {
1028 case FRM_IPADDR:
1029 case LOG_IPHOST:
1030 if (GET_BE_U_4(data) == 0xFFFFFFFF )
1031 ND_PRINT("User Selected");
1032 else
1033 if (GET_BE_U_4(data) == 0xFFFFFFFE )
1034 ND_PRINT("NAS Select");
1035 else
1036 ND_PRINT("%s",GET_IPADDR_STRING(data));
1037 break;
1038
1039 default:
1040 ND_PRINT("%s", GET_IPADDR_STRING(data));
1041 break;
1042 }
1043 }
1044
1045 /*****************************/
1046 /* Print an attribute IPv6 */
1047 /* address value pointed by */
1048 /* 'data' and 'length' size. */
1049 /*****************************/
1050 /* Returns nothing. */
1051 /*****************************/
1052 static void
print_attr_address6(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1053 print_attr_address6(netdissect_options *ndo,
1054 const u_char *data, u_int length, u_short attr_code _U_)
1055 {
1056 if (length != 16)
1057 {
1058 ND_PRINT("ERROR: length %u != 16", length);
1059 return;
1060 }
1061
1062 ND_PRINT("%s", GET_IP6ADDR_STRING(data));
1063 }
1064
1065 static void
print_attr_netmask6(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1066 print_attr_netmask6(netdissect_options *ndo,
1067 const u_char *data, u_int length, u_short attr_code _U_)
1068 {
1069 u_char data2[16];
1070
1071 if (length < 2 || length > 18)
1072 {
1073 ND_PRINT("ERROR: length %u not in range (2..18)", length);
1074 return;
1075 }
1076 ND_TCHECK_LEN(data, length);
1077 if (GET_U_1(data + 1) > 128)
1078 {
1079 ND_PRINT("ERROR: netmask %u not in range (0..128)", GET_U_1(data + 1));
1080 return;
1081 }
1082
1083 memset(data2, 0, sizeof(data2));
1084 if (length > 2)
1085 memcpy(data2, data+2, length-2);
1086
1087 ND_PRINT("%s/%u", ip6addr_string(ndo, data2), GET_U_1(data + 1));
1088
1089 if (GET_U_1(data + 1) > 8 * (length - 2))
1090 ND_PRINT(" (inconsistent prefix length)");
1091
1092 return;
1093
1094 trunc:
1095 nd_print_trunc(ndo);
1096 }
1097
1098 static void
print_attr_mip6_home_link_prefix(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1099 print_attr_mip6_home_link_prefix(netdissect_options *ndo,
1100 const u_char *data, u_int length, u_short attr_code _U_)
1101 {
1102 if (length != 17)
1103 {
1104 ND_PRINT("ERROR: length %u != 17", length);
1105 return;
1106 }
1107 ND_TCHECK_LEN(data, length);
1108 if (GET_U_1(data) > 128)
1109 {
1110 ND_PRINT("ERROR: netmask %u not in range (0..128)", GET_U_1(data));
1111 return;
1112 }
1113
1114 ND_PRINT("%s/%u", GET_IP6ADDR_STRING(data + 1), GET_U_1(data));
1115
1116 return;
1117
1118 trunc:
1119 nd_print_trunc(ndo);
1120 }
1121
1122 static void
print_attr_operator_name(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1123 print_attr_operator_name(netdissect_options *ndo,
1124 const u_char *data, u_int length, u_short attr_code _U_)
1125 {
1126 u_int namespace_value;
1127
1128 ND_TCHECK_LEN(data, length);
1129 if (length < 2)
1130 {
1131 ND_PRINT("ERROR: length %u < 2", length);
1132 return;
1133 }
1134 namespace_value = GET_U_1(data);
1135 data++;
1136 ND_PRINT("[%s] ", tok2str(operator_name_vector, "unknown namespace %u", namespace_value));
1137
1138 (void)nd_printn(ndo, data, length - 1, NULL);
1139
1140 return;
1141
1142 trunc:
1143 nd_print_trunc(ndo);
1144 }
1145
1146 static void
print_attr_location_information(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1147 print_attr_location_information(netdissect_options *ndo,
1148 const u_char *data, u_int length, u_short attr_code _U_)
1149 {
1150 uint16_t index;
1151 uint8_t code, entity;
1152
1153 ND_TCHECK_LEN(data, length);
1154 if (length < 21)
1155 {
1156 ND_PRINT("ERROR: length %u < 21", length);
1157 return;
1158 }
1159
1160 index = GET_BE_U_2(data);
1161 data += 2;
1162
1163 code = GET_U_1(data);
1164 data++;
1165
1166 entity = GET_U_1(data);
1167 data++;
1168
1169 ND_PRINT("index %u, code %s, entity %s, ",
1170 index,
1171 tok2str(location_information_code_vector, "Unknown (%u)", code),
1172 tok2str(location_information_entity_vector, "Unknown (%u)", entity)
1173 );
1174
1175 ND_PRINT("sighting time ");
1176 p_ntp_time(ndo, (const struct l_fixedpt *)data);
1177 ND_PRINT(", ");
1178 data += 8;
1179
1180 ND_PRINT("time to live ");
1181 p_ntp_time(ndo, (const struct l_fixedpt *)data);
1182 ND_PRINT(", ");
1183 data += 8;
1184
1185 ND_PRINT("method \"");
1186 (void)nd_printn(ndo, data, length - 20, NULL);
1187 ND_PRINT("\"");
1188
1189 return;
1190
1191 trunc:
1192 nd_print_trunc(ndo);
1193 }
1194
1195 static void
print_attr_location_data(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1196 print_attr_location_data(netdissect_options *ndo,
1197 const u_char *data, u_int length, u_short attr_code _U_)
1198 {
1199 uint16_t index;
1200
1201 ND_TCHECK_LEN(data, length);
1202 if (length < 3)
1203 {
1204 ND_PRINT("ERROR: length %u < 3", length);
1205 return;
1206 }
1207
1208 index = GET_BE_U_2(data);
1209 data += 2;
1210 ND_PRINT("index %u, location", index);
1211
1212 /* The Location field of the String field of the Location-Data attribute
1213 * can have two completely different structures depending on the value of
1214 * the Code field of a Location-Info attribute, which supposedly precedes
1215 * the current attribute. Unfortunately, this choice of encoding makes it
1216 * non-trivial to decode the Location field without preserving some state
1217 * between the attributes.
1218 */
1219 hex_and_ascii_print(ndo, "\n\t ", data, length - 2);
1220
1221 return;
1222
1223 trunc:
1224 nd_print_trunc(ndo);
1225 }
1226
1227 static void
print_basic_location_policy_rules(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1228 print_basic_location_policy_rules(netdissect_options *ndo,
1229 const u_char *data, u_int length, u_short attr_code _U_)
1230 {
1231 uint16_t flags;
1232
1233 ND_TCHECK_LEN(data, length);
1234 if (length < 10)
1235 {
1236 ND_PRINT("ERROR: length %u < 10", length);
1237 return;
1238 }
1239
1240 flags = GET_BE_U_2(data);
1241 data += 2;
1242 ND_PRINT("flags [%s], ", bittok2str(blpr_bm, "none", flags));
1243
1244 ND_PRINT("retention expires ");
1245 p_ntp_time(ndo, (const struct l_fixedpt *)data);
1246 data += 8;
1247
1248 if (length > 10) {
1249 ND_PRINT(", note well \"");
1250 (void)nd_printn(ndo, data, length - 10, NULL);
1251 ND_PRINT("\"");
1252 }
1253
1254 return;
1255
1256 trunc:
1257 nd_print_trunc(ndo);
1258 }
1259
1260
1261 /*************************************/
1262 /* Print an attribute of 'secs since */
1263 /* January 1, 1970 00:00 UTC' value */
1264 /* pointed by 'data' and 'length' */
1265 /* size. */
1266 /*************************************/
1267 /* Returns nothing. */
1268 /*************************************/
1269 static void
print_attr_time(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code _U_)1270 print_attr_time(netdissect_options *ndo,
1271 const u_char *data, u_int length, u_short attr_code _U_)
1272 {
1273 time_t attr_time;
1274 char string[26];
1275
1276 if (length != 4)
1277 {
1278 ND_PRINT("ERROR: length %u != 4", length);
1279 return;
1280 }
1281
1282 attr_time = GET_BE_U_4(data);
1283 strlcpy(string, ctime(&attr_time), sizeof(string));
1284 /* Get rid of the newline */
1285 string[24] = '\0';
1286 ND_PRINT("%.24s", string);
1287 }
1288
1289 static void
print_attr_vector64(netdissect_options * ndo,register const u_char * data,u_int length,u_short attr_code _U_)1290 print_attr_vector64(netdissect_options *ndo,
1291 register const u_char *data, u_int length, u_short attr_code _U_)
1292 {
1293 uint64_t data_value, i;
1294 const char *sep = "";
1295
1296 if (length != 8)
1297 {
1298 ND_PRINT("ERROR: length %u != 8", length);
1299 return;
1300 }
1301
1302 ND_PRINT("[");
1303
1304 data_value = GET_BE_U_8(data);
1305 /* Print the 64-bit field in a format similar to bittok2str(), less
1306 * flagging any unknown bits. This way it should be easier to replace
1307 * the custom code with a library function later.
1308 */
1309 for (i = 0; i < TAM_SIZE(mip6_feature_vector); i++) {
1310 if (data_value & mip6_feature_vector[i].v) {
1311 ND_PRINT("%s%s", sep, mip6_feature_vector[i].s);
1312 sep = ", ";
1313 }
1314 }
1315
1316 ND_PRINT("]");
1317 }
1318
1319 /***********************************/
1320 /* Print an attribute of 'strange' */
1321 /* data format pointed by 'data' */
1322 /* and 'length' size. */
1323 /***********************************/
1324 /* Returns nothing. */
1325 /***********************************/
1326 static void
print_attr_strange(netdissect_options * ndo,const u_char * data,u_int length,u_short attr_code)1327 print_attr_strange(netdissect_options *ndo,
1328 const u_char *data, u_int length, u_short attr_code)
1329 {
1330 u_short len_data;
1331 u_int error_cause_value;
1332
1333 switch(attr_code)
1334 {
1335 case ARAP_PASS:
1336 if (length != 16)
1337 {
1338 ND_PRINT("ERROR: length %u != 16", length);
1339 return;
1340 }
1341 ND_PRINT("User_challenge (");
1342 ND_TCHECK_8(data);
1343 len_data = 8;
1344 PRINT_HEX(len_data, data);
1345 ND_PRINT(") User_resp(");
1346 ND_TCHECK_8(data);
1347 len_data = 8;
1348 PRINT_HEX(len_data, data);
1349 ND_PRINT(")");
1350 break;
1351
1352 case ARAP_FEATURES:
1353 if (length != 14)
1354 {
1355 ND_PRINT("ERROR: length %u != 14", length);
1356 return;
1357 }
1358 if (GET_U_1(data))
1359 ND_PRINT("User can change password");
1360 else
1361 ND_PRINT("User cannot change password");
1362 data++;
1363 ND_PRINT(", Min password length: %u", GET_U_1(data));
1364 data++;
1365 ND_PRINT(", created at: ");
1366 ND_TCHECK_4(data);
1367 len_data = 4;
1368 PRINT_HEX(len_data, data);
1369 ND_PRINT(", expires in: ");
1370 ND_TCHECK_4(data);
1371 len_data = 4;
1372 PRINT_HEX(len_data, data);
1373 ND_PRINT(", Current Time: ");
1374 ND_TCHECK_4(data);
1375 len_data = 4;
1376 PRINT_HEX(len_data, data);
1377 break;
1378
1379 case ARAP_CHALLENGE_RESP:
1380 if (length < 8)
1381 {
1382 ND_PRINT("ERROR: length %u != 8", length);
1383 return;
1384 }
1385 ND_TCHECK_8(data);
1386 len_data = 8;
1387 PRINT_HEX(len_data, data);
1388 break;
1389
1390 case ERROR_CAUSE:
1391 if (length != 4)
1392 {
1393 ND_PRINT("Error: length %u != 4", length);
1394 return;
1395 }
1396
1397 error_cause_value = GET_BE_U_4(data);
1398 ND_PRINT("Error cause %u: %s", error_cause_value, tok2str(errorcausetype, "Error-Cause %u not known", error_cause_value));
1399 break;
1400 }
1401 return;
1402
1403 trunc:
1404 nd_print_trunc(ndo);
1405 }
1406
1407 static void
radius_attrs_print(netdissect_options * ndo,const u_char * attr,u_int length)1408 radius_attrs_print(netdissect_options *ndo,
1409 const u_char *attr, u_int length)
1410 {
1411 const struct radius_attr *rad_attr = (const struct radius_attr *)attr;
1412 const char *attr_string;
1413 uint8_t type, len;
1414
1415 while (length > 0)
1416 {
1417 if (length < 2)
1418 goto trunc;
1419 ND_TCHECK_SIZE(rad_attr);
1420
1421 type = GET_U_1(rad_attr->type);
1422 len = GET_U_1(rad_attr->len);
1423 if (type != 0 && type < TAM_SIZE(attr_type))
1424 attr_string = attr_type[type].name;
1425 else
1426 attr_string = "Unknown";
1427
1428 ND_PRINT("\n\t %s Attribute (%u), length: %u",
1429 attr_string,
1430 type,
1431 len);
1432 if (len < 2)
1433 {
1434 ND_PRINT(" (bogus, must be >= 2)");
1435 return;
1436 }
1437 if (len > length)
1438 {
1439 ND_PRINT(" (bogus, goes past end of packet)");
1440 return;
1441 }
1442 ND_PRINT(", Value: ");
1443
1444 if (type < TAM_SIZE(attr_type))
1445 {
1446 if (len > 2)
1447 {
1448 if ( attr_type[type].print_func )
1449 (*attr_type[type].print_func)(
1450 ndo, ((const u_char *)(rad_attr+1)),
1451 len - 2, type);
1452 }
1453 }
1454 /* do we also want to see a hex dump ? */
1455 if (ndo->ndo_vflag> 1)
1456 print_unknown_data(ndo, (const u_char *)rad_attr+2, "\n\t ", (len)-2);
1457
1458 length-=(len);
1459 rad_attr = (const struct radius_attr *)( ((const char *)(rad_attr))+len);
1460 }
1461 return;
1462
1463 trunc:
1464 nd_print_trunc(ndo);
1465 }
1466
1467 void
radius_print(netdissect_options * ndo,const u_char * dat,u_int length)1468 radius_print(netdissect_options *ndo,
1469 const u_char *dat, u_int length)
1470 {
1471 const struct radius_hdr *rad;
1472 u_int len, auth_idx;
1473
1474 ndo->ndo_protocol = "radius";
1475 ND_TCHECK_LEN(dat, MIN_RADIUS_LEN);
1476 rad = (const struct radius_hdr *)dat;
1477 len = GET_BE_U_2(rad->len);
1478
1479 if (len < MIN_RADIUS_LEN)
1480 {
1481 nd_print_trunc(ndo);
1482 return;
1483 }
1484
1485 if (len > length)
1486 len = length;
1487
1488 if (ndo->ndo_vflag < 1) {
1489 ND_PRINT("RADIUS, %s (%u), id: 0x%02x length: %u",
1490 tok2str(radius_command_values,"Unknown Command",GET_U_1(rad->code)),
1491 GET_U_1(rad->code),
1492 GET_U_1(rad->id),
1493 len);
1494 return;
1495 }
1496 else {
1497 ND_PRINT("RADIUS, length: %u\n\t%s (%u), id: 0x%02x, Authenticator: ",
1498 len,
1499 tok2str(radius_command_values,"Unknown Command",GET_U_1(rad->code)),
1500 GET_U_1(rad->code),
1501 GET_U_1(rad->id));
1502
1503 for(auth_idx=0; auth_idx < 16; auth_idx++)
1504 ND_PRINT("%02x", rad->auth[auth_idx]);
1505 }
1506
1507 if (len > MIN_RADIUS_LEN)
1508 radius_attrs_print(ndo, dat + MIN_RADIUS_LEN, len - MIN_RADIUS_LEN);
1509 return;
1510
1511 trunc:
1512 nd_print_trunc(ndo);
1513 }
1514