mirror of
https://github.com/reactos/syzkaller.git
synced 2024-11-28 05:40:26 +00:00
f919224c44
This commit adds a new pseudo syscall syz_extract_tcp_res, that reads
a packet from /dev/net/tun and extracts tcp sequence numbers to be used
in subsequent packets.
As a result this syzkaller program:
mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
listen(r0, 0x5)
syz_emit_ethernet(0x36, &(0x7f0000002000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="4c6112cc15d8", [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}})
syz_extract_tcp_res(&(0x7f0000003000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0)
syz_emit_ethernet(0x38, &(0x7f0000004000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {"0c10"}}}}}})
r3 = accept$inet(r0, &(0x7f0000005000)={0x0, 0x0, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000)=0x10)
established a TCP connection:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5477/a.out
tcp 2 0 172.20.0.170:20000 172.20.0.187:20001 ESTABLISHED 5477/a.out
Similar program for IPv6:
mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c)
listen(r0, 0x5)
syz_emit_ethernet(0x4a, &(0x7f0000001000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}})
syz_extract_tcp_res(&(0x7f0000002000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000003000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}})
r3 = accept$inet6(r0, &(0x7f0000004000)={0x0, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, &(0x7f0000005000)=0x1c)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::20001 :::* LISTEN 5527/a.out
tcp6 0 0 fe80::aa:20001 fe80::bb:20000 ESTABLISHED 5527/a.out
1062 lines
31 KiB
Plaintext
1062 lines
31 KiB
Plaintext
# Copyright 2017 syzkaller project authors. All rights reserved.
|
|
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
|
|
|
|
include <linux/types.h>
|
|
include <linux/byteorder/generic.h>
|
|
|
|
syz_emit_ethernet(len len[packet], packet ptr[in, eth_packet])
|
|
|
|
resource tcp_seq_num[int32]: 0x42424242
|
|
|
|
tcp_resources {
|
|
seq tcp_seq_num
|
|
ack tcp_seq_num
|
|
}
|
|
|
|
# These pseudo syscalls read a packet from /dev/net/tun and extract tcp sequence and acknowledgement numbers from it.
|
|
# They also adds the inc arguments to the returned values, this way sequence numbers get incremented.
|
|
syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32)
|
|
syz_extract_tcp_res$synack(res ptr[out, tcp_resources], seq_inc const[1], ack_inc const[0])
|
|
|
|
################################################################################
|
|
################################### Ethernet ###################################
|
|
################################################################################
|
|
|
|
# https://en.wikipedia.org/wiki/Ethernet_frame#Structure
|
|
# https://en.wikipedia.org/wiki/IEEE_802.1Q
|
|
|
|
include <uapi/linux/if.h>
|
|
include <uapi/linux/if_ether.h>
|
|
|
|
mac_addr_local {
|
|
# This corresponds to LOCAL_MAC ("aa:aa:aa:aa:aa:%02hx" % pid) in executor/common.h
|
|
a0 array[const[0xaa, int8], 5]
|
|
a1 proc[int8, 0, 1]
|
|
} [packed]
|
|
|
|
mac_addr_remote {
|
|
# This corresponds to REMOTE_MAC ("bb:bb:bb:bb:bb:%02hx" % pid) in executor/common.h
|
|
a0 array[const[0xbb, int8], 5]
|
|
a1 proc[int8, 0, 1]
|
|
} [packed]
|
|
|
|
mac_addr [
|
|
empty array[const[0x00, int8], 6]
|
|
local mac_addr_local
|
|
remote mac_addr_remote
|
|
random array[int8, 6]
|
|
]
|
|
|
|
vlan_tag_ad {
|
|
tpid const[0x9100, int16be]
|
|
pcp int16:3
|
|
dei int16:1
|
|
vid int16:12
|
|
} [packed]
|
|
|
|
vlan_tag_q {
|
|
tpid const[0x8100, int16be]
|
|
pcp int16:3
|
|
dei int16:1
|
|
vid int16:12
|
|
} [packed]
|
|
|
|
vlan_tag {
|
|
tag_ad array[vlan_tag_ad, 0:1]
|
|
tag_q vlan_tag_q
|
|
} [packed]
|
|
|
|
eth_packet {
|
|
dst_mac mac_addr
|
|
src_mac mac_addr
|
|
vtag array[vlan_tag, 0:1]
|
|
payload eth_payload
|
|
} [packed]
|
|
|
|
eth_payload {
|
|
eth2 eth2_packet
|
|
} [packed]
|
|
|
|
################################################################################
|
|
################################## Ethernet 2 ##################################
|
|
################################################################################
|
|
|
|
# https://en.wikipedia.org/wiki/Ethernet_frame#Ethernet_II
|
|
|
|
ether_types = ETH_P_LOOP, ETH_P_PUP, ETH_P_PUPAT, ETH_P_TSN, ETH_P_IP, ETH_P_X25, ETH_P_ARP, ETH_P_IEEEPUP, ETH_P_IEEEPUPAT, ETH_P_BATMAN, ETH_P_DEC, ETH_P_DNA_DL, ETH_P_DNA_RC, ETH_P_DNA_RT, ETH_P_LAT, ETH_P_DIAG, ETH_P_CUST, ETH_P_SCA, ETH_P_TEB, ETH_P_RARP, ETH_P_ATALK, ETH_P_AARP, ETH_P_8021Q, ETH_P_IPX, ETH_P_IPV6, ETH_P_PAUSE, ETH_P_SLOW, ETH_P_WCCP, ETH_P_MPLS_UC, ETH_P_MPLS_MC, ETH_P_ATMMPOA, ETH_P_PPP_DISC, ETH_P_PPP_SES, ETH_P_LINK_CTL, ETH_P_ATMFATE, ETH_P_PAE, ETH_P_AOE, ETH_P_8021AD, ETH_P_802_EX1, ETH_P_TIPC, ETH_P_MACSEC, ETH_P_8021AH, ETH_P_MVRP, ETH_P_1588, ETH_P_NCSI, ETH_P_PRP, ETH_P_FCOE, ETH_P_TDLS, ETH_P_FIP, ETH_P_80221, ETH_P_HSR, ETH_P_LOOPBACK, ETH_P_QINQ1, ETH_P_QINQ2, ETH_P_QINQ3, ETH_P_EDSA, ETH_P_AF_IUCV, ETH_P_802_3_MIN
|
|
|
|
eth2_packet {
|
|
etype flags[ether_types, int16be]
|
|
payload eth2_payload
|
|
} [packed]
|
|
|
|
eth2_payload [
|
|
arp arp_packet
|
|
llc llc_packet
|
|
ipx ipx_packet
|
|
x25 x25_packet
|
|
ipv4 ipv4_packet
|
|
ipv6 ipv6_packet
|
|
] [varlen]
|
|
|
|
################################################################################
|
|
###################################### ARP #####################################
|
|
################################################################################
|
|
|
|
# https://en.wikipedia.org/wiki/Address_Resolution_Protocol#Packet_structure
|
|
|
|
include <uapi/linux/if_arp.h>
|
|
|
|
arp_htypes = ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_EETHER, ARPHRD_AX25, ARPHRD_PRONET, ARPHRD_CHAOS, ARPHRD_IEEE802, ARPHRD_ARCNET, ARPHRD_APPLETLK, ARPHRD_DLCI, ARPHRD_ATM, ARPHRD_METRICOM, ARPHRD_IEEE1394, ARPHRD_EUI64, ARPHRD_INFINIBAND, ARPHRD_SLIP, ARPHRD_CSLIP, ARPHRD_SLIP6, ARPHRD_CSLIP6, ARPHRD_RSRVD, ARPHRD_ADAPT, ARPHRD_ROSE, ARPHRD_X25, ARPHRD_HWX25, ARPHRD_CAN, ARPHRD_PPP, ARPHRD_CISCO, ARPHRD_HDLC, ARPHRD_LAPB, ARPHRD_DDCMP, ARPHRD_RAWHDLC, ARPHRD_TUNNEL, ARPHRD_TUNNEL6, ARPHRD_FRAD, ARPHRD_SKIP, ARPHRD_LOOPBACK, ARPHRD_LOCALTLK, ARPHRD_FDDI, ARPHRD_BIF, ARPHRD_SIT, ARPHRD_IPDDP, ARPHRD_IPGRE, ARPHRD_PIMREG, ARPHRD_HIPPI, ARPHRD_ASH, ARPHRD_ECONET, ARPHRD_IRDA, ARPHRD_FCPP, ARPHRD_FCAL, ARPHRD_FCPL, ARPHRD_FCFABRIC, ARPHRD_IEEE802_TR, ARPHRD_IEEE80211, ARPHRD_IEEE80211_PRISM, ARPHRD_IEEE80211_RADIOTAP, ARPHRD_IEEE802154, ARPHRD_IEEE802154_MONITOR, ARPHRD_PHONET, ARPHRD_PHONET_PIPE, ARPHRD_CAIF, ARPHRD_IP6GRE, ARPHRD_NETLINK, ARPHRD_6LOWPAN, ARPHRD_VOID, ARPHRD_NONE
|
|
|
|
arp_ops = ARPOP_REQUEST, ARPOP_REPLY, ARPOP_RREQUEST, ARPOP_RREPLY, ARPOP_InREQUEST, ARPOP_InREPLY, ARPOP_NAK
|
|
|
|
arp_generic_packet {
|
|
htype flags[arp_htypes, int16be]
|
|
ptype flags[ether_types, int16be]
|
|
hlen const[6, int8]
|
|
plen len[spa, int8]
|
|
op flags[arp_ops, int16be]
|
|
sha mac_addr
|
|
spa array[int8, 0:16]
|
|
tha mac_addr
|
|
tpa array[int8, 16]
|
|
} [packed]
|
|
|
|
arp_ether_ipv4_packet {
|
|
htype const[ARPHRD_ETHER, int16be]
|
|
ptype const[ETH_P_IP, int16be]
|
|
hlen const[6, int8]
|
|
plen const[4, int8]
|
|
op flags[arp_ops, int16be]
|
|
sha mac_addr
|
|
spa ipv4_addr
|
|
tha mac_addr
|
|
tpa ipv4_addr
|
|
} [packed]
|
|
|
|
arp_ether_ipv6_packet {
|
|
htype const[ARPHRD_ETHER, int16be]
|
|
ptype const[ETH_P_IPV6, int16be]
|
|
hlen const[6, int8]
|
|
plen const[16, int8]
|
|
op flags[arp_ops, int16be]
|
|
sha mac_addr
|
|
spa ipv6_addr
|
|
tha mac_addr
|
|
tpa ipv6_addr
|
|
} [packed]
|
|
|
|
arp_packet [
|
|
generic arp_generic_packet
|
|
ether_ipv4 arp_ether_ipv4_packet
|
|
ether_ipv6 arp_ether_ipv6_packet
|
|
] [varlen]
|
|
|
|
################################################################################
|
|
################################## 802.2 (LLC) #################################
|
|
################################################################################
|
|
|
|
# https://en.wikipedia.org/wiki/IEEE_802.2
|
|
# https://en.wikipedia.org/wiki/Subnetwork_Access_Protocol
|
|
|
|
include <uapi/linux/llc.h>
|
|
|
|
# Adding '1' as a SAP value since the lower bit in SAP has a special meaning.
|
|
sap_values = 1, LLC_SAP_NULL, LLC_SAP_LLC, LLC_SAP_SNA, LLC_SAP_PNM, LLC_SAP_IP, LLC_SAP_BSPAN, LLC_SAP_MMS, LLC_SAP_8208, LLC_SAP_3COM, LLC_SAP_PRO, LLC_SAP_SNAP, LLC_SAP_BANYAN, LLC_SAP_IPX, LLC_SAP_NETBEUI, LLC_SAP_LANMGR, LLC_SAP_IMPL, LLC_SAP_DISC, LLC_SAP_OSI, LLC_SAP_LAR, LLC_SAP_RM, LLC_SAP_GLOBAL
|
|
|
|
llc_generic_packet {
|
|
dsap flags[sap_values, int8]
|
|
ssap flags[sap_values, int8]
|
|
ctrl array[int8, 1:2]
|
|
payload array[int8]
|
|
} [packed]
|
|
|
|
sap_snap_values = 1, LLC_SAP_SNAP
|
|
|
|
llc_snap_packet {
|
|
dsap flags[sap_snap_values, int8]
|
|
ssap flags[sap_snap_values, int8]
|
|
control array[int8, 1:2]
|
|
oui array[int8, 3]
|
|
protocol_id flags[ether_types, int16be]
|
|
payload array[int8]
|
|
} [packed]
|
|
|
|
llc_payload [
|
|
llc llc_generic_packet
|
|
snap llc_snap_packet
|
|
] [varlen]
|
|
|
|
llc_packet {
|
|
length len[payload, int16be]
|
|
payload llc_payload
|
|
} [packed]
|
|
|
|
################################################################################
|
|
###################################### IPX #####################################
|
|
################################################################################
|
|
|
|
# http://www.networksorcery.com/enp/protocol/ipx.htm
|
|
# https://en.wikipedia.org/wiki/Internetwork_Packet_Exchange#IPX_packet_structure
|
|
|
|
include <net/ipx.h>
|
|
|
|
ipx_network [
|
|
random int32be
|
|
current const[0x00000000, int32be]
|
|
broadcast const[0xffffffff, int32be]
|
|
]
|
|
|
|
ipx_node [
|
|
random array[int8, 6]
|
|
current array[const[0x00, int8], 6]
|
|
broadcast array[const[0xff, int8], 6]
|
|
]
|
|
|
|
ipx_addr {
|
|
network ipx_network
|
|
node ipx_node
|
|
socket int16be
|
|
} [packed]
|
|
|
|
ipx_packet_types = IPX_TYPE_UNKNOWN, IPX_TYPE_RIP, IPX_TYPE_SAP, IPX_TYPE_SPX, IPX_TYPE_NCP, IPX_TYPE_PPROP
|
|
|
|
ipx_packet {
|
|
csum const[0xffff, int16be]
|
|
length len[parent, int16be]
|
|
control int8
|
|
type flags[ipx_packet_types, int8]
|
|
dst_addr ipx_addr
|
|
src_addr ipx_addr
|
|
payload array[int8]
|
|
} [packed]
|
|
|
|
# TODO: setup ipx on virtual interfaces in executor
|
|
# TODO: describe particular ipx types
|
|
# TODO: open ipx sockets from userspace
|
|
|
|
################################################################################
|
|
###################################### x25 #####################################
|
|
################################################################################
|
|
|
|
# Documentation/networking/x25.txt
|
|
# Documentation/networking/x25-iface.txt
|
|
# http://www.dafuer.com/kleinehelferlein/x25layer.htm
|
|
|
|
include <uapi/linux/if_x25.h>
|
|
include <net/x25.h>
|
|
|
|
x25_iface_types = X25_IFACE_DATA, X25_IFACE_CONNECT, X25_IFACE_DISCONNECT, X25_IFACE_PARAMS
|
|
|
|
x25_frame_types = X25_CALL_REQUEST, X25_CALL_ACCEPTED, X25_CLEAR_REQUEST, X25_CLEAR_CONFIRMATION, X25_DATA, X25_INTERRUPT, X25_INTERRUPT_CONFIRMATION, X25_RR, X25_RNR, X25_REJ, X25_RESET_REQUEST, X25_RESET_CONFIRMATION, X25_REGISTRATION_REQUEST, X25_REGISTRATION_CONFIRMATION, X25_RESTART_REQUEST, X25_RESTART_CONFIRMATION, X25_DIAGNOSTIC, X25_ILLEGAL
|
|
|
|
x25_packet {
|
|
iface flags[x25_iface_types, int8]
|
|
wtf int8
|
|
frame flags[x25_frame_types, int8]
|
|
payload array[int8]
|
|
} [packed]
|
|
|
|
# TODO: open x25 sockets from userspace
|
|
|
|
################################################################################
|
|
##################################### IPv4 #####################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
# https://en.wikipedia.org/wiki/IPv4#Header
|
|
|
|
# TODO: https://en.wikipedia.org/wiki/IPsec#Authentication_Header
|
|
# TODO: https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload
|
|
|
|
include <uapi/linux/in.h>
|
|
include <uapi/linux/ip.h>
|
|
include <net/cipso_ipv4.h>
|
|
|
|
# This corresponds to LOCAL_IPV4 ("172.20.%d.170" % pid) in executor/common.h
|
|
ipv4_addr_local {
|
|
a0 const[0xac, int8]
|
|
a1 const[0x14, int8]
|
|
a2 proc[int8, 0, 1]
|
|
a3 const[0xaa, int8]
|
|
} [packed]
|
|
|
|
# This corresponds to LOCAL_IPV4 ("172.20.%d.187" % pid) in executor/common.h
|
|
ipv4_addr_remote {
|
|
a0 const[0xac, int8]
|
|
a1 const[0x14, int8]
|
|
a2 proc[int8, 0, 1]
|
|
a3 const[0xbb, int8]
|
|
} [packed]
|
|
|
|
ipv4_addr [
|
|
# 0.0.0.0
|
|
empty const[0x00000000, int32be]
|
|
# 172.20.%d.170
|
|
local ipv4_addr_local
|
|
# 172.20.%d.187
|
|
remote ipv4_addr_remote
|
|
# 127.0.0.1
|
|
loopback const[0x7f000001, int32be]
|
|
# 224.0.0.1
|
|
multicast1 const[0xe0000001, int32be]
|
|
# 224.0.0.2
|
|
multicast2 const[0xe0000002, int32be]
|
|
# 255.255.255.255
|
|
broadcast const[0xffffffff, int32be]
|
|
# random
|
|
rand_addr int32be
|
|
]
|
|
|
|
# http://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ip-parameters-1
|
|
ipv4_option [
|
|
generic ipv4_option_generic
|
|
end ipv4_option_end
|
|
noop ipv4_option_noop
|
|
lsrr ipv4_option_lsrr
|
|
ssrr ipv4_option_ssrr
|
|
rr ipv4_option_rr
|
|
timestamp ipv4_option_timestamp
|
|
cipso ipv4_option_cipso
|
|
ra ipv4_option_ra
|
|
# IPOPT_SEC and IPOPT_SID are not supported by Linux kernel
|
|
] [varlen]
|
|
|
|
ipv4_option_types = IPOPT_END, IPOPT_NOOP, IPOPT_SEC, IPOPT_LSRR, IPOPT_TIMESTAMP, IPOPT_CIPSO, IPOPT_RR, IPOPT_SID, IPOPT_SSRR, IPOPT_RA
|
|
|
|
ipv4_option_generic {
|
|
type flags[ipv4_option_types, int8]
|
|
length len[parent, int8]
|
|
data array[int8, 0:16]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
ipv4_option_end {
|
|
type const[IPOPT_END, int8]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
ipv4_option_noop {
|
|
type const[IPOPT_NOOP, int8]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
ipv4_option_lsrr {
|
|
type const[IPOPT_LSRR, int8]
|
|
length len[parent, int8]
|
|
pointer int8
|
|
data array[ipv4_addr]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
ipv4_option_ssrr {
|
|
type const[IPOPT_SSRR, int8]
|
|
length len[parent, int8]
|
|
pointer int8
|
|
data array[ipv4_addr]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
ipv4_option_rr {
|
|
type const[IPOPT_RR, int8]
|
|
length len[parent, int8]
|
|
pointer int8
|
|
data array[ipv4_addr]
|
|
} [packed]
|
|
|
|
ipv4_option_timestamp_flags = IPOPT_TS_TSONLY, IPOPT_TS_TSANDADDR, IPOPT_TS_PRESPEC
|
|
|
|
ipv4_option_timestamp_timestamp {
|
|
addr array[ipv4_addr, 0:1]
|
|
timestamp int32be
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc791#section-3.1
|
|
# http://www.networksorcery.com/enp/protocol/ip/option004.htm
|
|
ipv4_option_timestamp {
|
|
type const[IPOPT_TIMESTAMP, int8]
|
|
length len[parent, int8]
|
|
pointer int8
|
|
flg flags[ipv4_option_timestamp_flags, int8:4]
|
|
oflw int8:4
|
|
timestamps array[ipv4_option_timestamp_timestamp]
|
|
} [packed]
|
|
|
|
ipv4_option_cipso_tag_types = CIPSO_V4_TAG_INVALID, CIPSO_V4_TAG_RBITMAP, CIPSO_V4_TAG_ENUM, CIPSO_V4_TAG_RANGE, CIPSO_V4_TAG_PBITMAP, CIPSO_V4_TAG_FREEFORM
|
|
|
|
# TODO: describe particular tag types
|
|
ipv4_option_cipso_tag {
|
|
type flags[ipv4_option_cipso_tag_types, int8]
|
|
length len[parent, int8]
|
|
data array[int8, 0:16]
|
|
} [packed]
|
|
|
|
# https://www.ietf.org/archive/id/draft-ietf-cipso-ipsecurity-01.txt
|
|
ipv4_option_cipso {
|
|
type const[IPOPT_CIPSO, int8]
|
|
length len[parent, int8]
|
|
doi int32be
|
|
tags array[ipv4_option_cipso_tag]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc2113
|
|
ipv4_option_ra {
|
|
type const[IPOPT_RA, int8]
|
|
length len[parent, int8]
|
|
value int32be
|
|
} [packed]
|
|
|
|
ipv4_options {
|
|
options array[ipv4_option]
|
|
} [packed, align_4]
|
|
|
|
ipv4_types = IPPROTO_IP, IPPROTO_ICMP, IPPROTO_IGMP, IPPROTO_IPIP, IPPROTO_TCP, IPPROTO_EGP, IPPROTO_PUP, IPPROTO_UDP, IPPROTO_IDP, IPPROTO_TP, IPPROTO_DCCP, IPPROTO_IPV6, IPPROTO_RSVP, IPPROTO_GRE, IPPROTO_ESP, IPPROTO_AH, IPPROTO_MTP, IPPROTO_BEETPH, IPPROTO_ENCAP, IPPROTO_PIM, IPPROTO_COMP, IPPROTO_SCTP, IPPROTO_UDPLITE, IPPROTO_MPLS, IPPROTO_RAW
|
|
|
|
ipv4_header {
|
|
ihl bytesize4[parent, int8:4]
|
|
version const[4, int8:4]
|
|
ecn int8:2
|
|
dscp int8:6
|
|
total_len len[ipv4_packet, int16be]
|
|
id int16be
|
|
frag_off int16be
|
|
# TODO: frag_off is actually 13 bits, 3 bits are flags
|
|
ttl int8
|
|
protocol flags[ipv4_types, int8]
|
|
csum csum[parent, inet, int16be]
|
|
src_ip ipv4_addr
|
|
dst_ip ipv4_addr
|
|
options ipv4_options
|
|
} [packed]
|
|
|
|
ipv4_packet {
|
|
header ipv4_header
|
|
payload ipv4_payload
|
|
} [packed]
|
|
|
|
################################################################################
|
|
##################################### IPv6 #####################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc2460#section-3
|
|
# https://en.wikipedia.org/wiki/IPv6_packet#Fixed_header
|
|
|
|
include <uapi/linux/in6.h>
|
|
include <uapi/linux/ipv6.h>
|
|
include <net/ipv6.h>
|
|
|
|
ipv6_types = IPPROTO_IP, IPPROTO_ICMP, IPPROTO_IGMP, IPPROTO_IPIP, IPPROTO_TCP, IPPROTO_EGP, IPPROTO_PUP, IPPROTO_UDP, IPPROTO_IDP, IPPROTO_TP, IPPROTO_DCCP, IPPROTO_IPV6, IPPROTO_RSVP, IPPROTO_GRE, IPPROTO_ESP, IPPROTO_AH, IPPROTO_MTP, IPPROTO_BEETPH, IPPROTO_ENCAP, IPPROTO_PIM, IPPROTO_COMP, IPPROTO_SCTP, IPPROTO_UDPLITE, IPPROTO_MPLS, IPPROTO_RAW, IPPROTO_HOPOPTS, IPPROTO_ROUTING, IPPROTO_FRAGMENT, IPPROTO_ICMPV6, IPPROTO_NONE, IPPROTO_DSTOPTS, IPPROTO_MH, NEXTHDR_HOP, NEXTHDR_TCP, NEXTHDR_UDP, NEXTHDR_IPV6, NEXTHDR_ROUTING, NEXTHDR_FRAGMENT, NEXTHDR_GRE, NEXTHDR_ESP, NEXTHDR_AUTH, NEXTHDR_ICMP, NEXTHDR_NONE, NEXTHDR_DEST, NEXTHDR_SCTP, NEXTHDR_MOBILITY
|
|
|
|
ipv6_addr_empty {
|
|
a0 array[const[0x00, int8], 16]
|
|
}
|
|
|
|
# This corresponds to LOCAL_IPV6 ("fe80::%02hxaa" % pid) in executor/common.h
|
|
ipv6_addr_local {
|
|
a0 const[0xfe, int8]
|
|
a1 const[0x80, int8]
|
|
a2 array[const[0x00, int8], 12]
|
|
a3 proc[int8, 0, 1]
|
|
a4 const[0xaa, int8]
|
|
} [packed]
|
|
|
|
# This corresponds to REMOTE_IPV6 ("fe80::%02hxbb" % pid) in executor/common.h
|
|
ipv6_addr_remote {
|
|
a0 const[0xfe, int8]
|
|
a1 const[0x80, int8]
|
|
a2 array[const[0x00, int8], 12]
|
|
a3 proc[int8, 0, 1]
|
|
a4 const[0xbb, int8]
|
|
} [packed]
|
|
|
|
ipv6_addr_loopback {
|
|
a0 const[0, int64be]
|
|
a1 const[1, int64be]
|
|
} [packed]
|
|
|
|
ipv6_addr [
|
|
empty ipv6_addr_empty
|
|
local ipv6_addr_local
|
|
remote ipv6_addr_remote
|
|
loopback ipv6_addr_loopback
|
|
]
|
|
|
|
# TODO: Describe more types of headers
|
|
# NEXTHDR_HOP, NEXTHDR_TCP, NEXTHDR_UDP, NEXTHDR_IPV6, NEXTHDR_ROUTING, NEXTHDR_FRAGMENT, NEXTHDR_GRE, NEXTHDR_ESP, NEXTHDR_AUTH, NEXTHDR_ICMP, NEXTHDR_NONE, NEXTHDR_DEST, NEXTHDR_SCTP, NEXTHDR_MOBILITY
|
|
# https://tools.ietf.org/html/rfc2402
|
|
# https://tools.ietf.org/html/rfc2406
|
|
# https://tools.ietf.org/html/rfc3775
|
|
|
|
# https://tools.ietf.org/html/rfc2460#section-4
|
|
# The length field in each of the extension headers specifies the
|
|
# length of the header in 8-octet units not including the first 8 octets.
|
|
ipv6_ext_header [
|
|
hopopts ipv6_hopots_ext_header
|
|
routing ipv6_routing_ext_header
|
|
fragment ipv6_fragment_ext_header
|
|
dstopts ipv6_dstopts_ext_header
|
|
] [varlen]
|
|
|
|
ipv6_hopots_ext_header {
|
|
next_header flags[ipv6_types, int8]
|
|
length bytesize8[options, int8]
|
|
pad array[const[0, int8], 6]
|
|
options array[ipv6_tlv_option]
|
|
} [packed, align_8]
|
|
|
|
ipv6_routing_types = IPV6_SRCRT_STRICT, IPV6_SRCRT_TYPE_0, IPV6_SRCRT_TYPE_2
|
|
|
|
ipv6_routing_ext_header {
|
|
next_header flags[ipv6_types, int8]
|
|
length bytesize8[data, int8]
|
|
routing_type flags[ipv6_routing_types, int8]
|
|
segments_left int8
|
|
reserved int32be
|
|
data array[ipv6_addr]
|
|
} [packed, align_8]
|
|
|
|
ipv6_fragment_ext_header {
|
|
next_header flags[ipv6_types, int8]
|
|
reserved1 int8
|
|
m_flag int16:1
|
|
reserved2 int16:2
|
|
fragment_offset int16be:13
|
|
identification int32
|
|
} [packed]
|
|
|
|
ipv6_dstopts_ext_header {
|
|
next_header flags[ipv6_types, int8]
|
|
length bytesize8[options, int8]
|
|
pad array[const[0, int8], 6]
|
|
options array[ipv6_tlv_option]
|
|
} [packed]
|
|
|
|
# TODO: describe particular tlv options
|
|
ipv6_tlv_option_types = IPV6_TLV_PAD1, IPV6_TLV_PADN, IPV6_TLV_ROUTERALERT, IPV6_TLV_CALIPSO, IPV6_TLV_JUMBO, IPV6_TLV_HAO, 0xff, 0xfe
|
|
|
|
ipv6_tlv_option {
|
|
type flags[ipv6_tlv_option_types, int8]
|
|
length len[data, int8]
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
ipv6_packet {
|
|
priority int8:4
|
|
version const[6, int8:4]
|
|
flow_label array[int8, 3]
|
|
# TODO: flow_label is actually 20 bits, 4 bits are part of priority
|
|
length len[payload, int16be]
|
|
next_header flags[ipv6_types, int8]
|
|
hop_limit int8
|
|
src_ip ipv6_addr
|
|
dst_ip ipv6_addr
|
|
payload ipv6_packet_payload
|
|
} [packed]
|
|
|
|
ipv6_packet_payload {
|
|
ext_headers array[ipv6_ext_header]
|
|
payload ipv6_payload
|
|
} [packed]
|
|
|
|
################################################################################
|
|
###################################### IP ######################################
|
|
################################################################################
|
|
|
|
ipv4_payload [
|
|
tcp tcp_packet
|
|
udp udp_packet
|
|
icmp icmp_packet
|
|
dccp dccp_packet
|
|
igmp igmp_packet
|
|
] [varlen]
|
|
|
|
ipv6_payload [
|
|
tcp tcp_packet
|
|
udp udp_packet
|
|
icmpv6 icmpv6_packet
|
|
dccp dccp_packet
|
|
] [varlen]
|
|
|
|
################################################################################
|
|
###################################### TCP #####################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc793#section-3.1
|
|
# https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
|
|
# http://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml
|
|
|
|
include <net/tcp.h>
|
|
include <uapi/linux/tcp.h>
|
|
|
|
tcp_option [
|
|
generic tcp_generic_option
|
|
nop tcp_nop_option
|
|
eol tcp_eol_option
|
|
mss tcp_mss_option
|
|
window tcp_window_option
|
|
sack_perm tcp_sack_perm_option
|
|
sack tcp_sack_option
|
|
timestamp tcp_timestamp_option
|
|
md5sig tcp_md5sig_option
|
|
fastopen tcp_fastopen_option
|
|
# TODO: TCPOPT_EXP option
|
|
] [varlen]
|
|
|
|
tcp_option_types = TCPOPT_NOP, TCPOPT_EOL, TCPOPT_MSS, TCPOPT_WINDOW, TCPOPT_SACK_PERM, TCPOPT_SACK, TCPOPT_TIMESTAMP, TCPOPT_MD5SIG, TCPOPT_FASTOPEN, TCPOPT_EXP
|
|
|
|
tcp_generic_option {
|
|
type flags[tcp_option_types, int8]
|
|
length len[parent, int8]
|
|
data array[int8, 0:16]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc793#section-3.1
|
|
tcp_nop_option {
|
|
type const[TCPOPT_NOP, int8]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc793#section-3.1
|
|
tcp_eol_option {
|
|
type const[TCPOPT_EOL, int8]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc793#section-3.1
|
|
tcp_mss_option {
|
|
type const[TCPOPT_MSS, int8]
|
|
length len[parent, int8]
|
|
seg_size int16
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc7323#section-2
|
|
tcp_window_option {
|
|
type const[TCPOPT_WINDOW, int8]
|
|
length len[parent, int8]
|
|
shift int8
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc2018#section-2
|
|
tcp_sack_perm_option {
|
|
type const[TCPOPT_SACK_PERM, int8]
|
|
length len[parent, int8]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc2018#section-3
|
|
tcp_sack_option {
|
|
type const[TCPOPT_SACK, int8]
|
|
length len[parent, int8]
|
|
data array[int32be]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc7323#section-3
|
|
tcp_timestamp_option {
|
|
type const[TCPOPT_TIMESTAMP, int8]
|
|
length len[parent, int8]
|
|
tsval int32be
|
|
tsecr int32be
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc2385#section-3.0
|
|
tcp_md5sig_option {
|
|
type const[TCPOPT_MD5SIG, int8]
|
|
length len[parent, int8]
|
|
md5 array[int8, 16]
|
|
} [packed]
|
|
|
|
# https://tools.ietf.org/html/rfc7413#section-4.1.1
|
|
tcp_fastopen_option {
|
|
type const[TCPOPT_FASTOPEN, int8]
|
|
length len[parent, int8]
|
|
data array[int8, 0:16]
|
|
} [packed]
|
|
|
|
tcp_options {
|
|
options array[tcp_option]
|
|
} [packed, align_4]
|
|
|
|
tcp_flags = 0, TCPHDR_FIN, TCPHDR_SYN, TCPHDR_RST, TCPHDR_PSH, TCPHDR_ACK, TCPHDR_URG, TCPHDR_ECE, TCPHDR_CWR, TCPHDR_SYN_ECN
|
|
|
|
tcp_header {
|
|
src_port proc[int16be, 20000, 4]
|
|
dst_port proc[int16be, 20000, 4]
|
|
seq_num tcp_seq_num
|
|
ack_num tcp_seq_num
|
|
ns int8:1
|
|
reserved const[0, int8:3]
|
|
data_off bytesize4[parent, int8:4]
|
|
flags flags[tcp_flags, int8]
|
|
window_size int16be
|
|
csum csum[tcp_packet, pseudo, IPPROTO_TCP, int16be]
|
|
urg_ptr int16be
|
|
options tcp_options
|
|
} [packed]
|
|
|
|
tcp_packet {
|
|
header tcp_header
|
|
payload tcp_payload
|
|
} [packed]
|
|
|
|
tcp_payload {
|
|
payload array[int8]
|
|
} [packed]
|
|
|
|
################################################################################
|
|
###################################### UDP #####################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc768
|
|
# https://en.wikipedia.org/wiki/User_Datagram_Protocol#Packet_structure
|
|
|
|
udp_packet {
|
|
src_port proc[int16be, 20000, 4]
|
|
dst_port proc[int16be, 20000, 4]
|
|
length len[parent, int16be]
|
|
csum csum[parent, pseudo, IPPROTO_UDP, int16be]
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
################################################################################
|
|
###################################### ICMP ####################################
|
|
################################################################################
|
|
|
|
# https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#ICMP_datagram_structure
|
|
# https://tools.ietf.org/html/rfc792
|
|
# https://tools.ietf.org/html/rfc4884#section-4.1
|
|
# http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
|
|
|
|
include <uapi/linux/icmp.h>
|
|
|
|
icmp_ipv4_header {
|
|
ihl bytesize4[parent, int8:4]
|
|
version const[4, int8:4]
|
|
ecn int8:2
|
|
dscp int8:6
|
|
total_len int16be
|
|
id int16be
|
|
frag_off int16be
|
|
ttl int8
|
|
protocol flags[ipv4_types, int8]
|
|
csum int16be
|
|
src_ip ipv4_addr
|
|
dst_ip ipv4_addr
|
|
options ipv4_options
|
|
} [packed]
|
|
|
|
icmp_echo_reply_packet {
|
|
type const[ICMP_ECHOREPLY, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
icmp_dest_unreach_codes = ICMP_NET_UNREACH, ICMP_HOST_UNREACH, ICMP_PROT_UNREACH, ICMP_PORT_UNREACH, ICMP_FRAG_NEEDED, ICMP_SR_FAILED, ICMP_NET_UNKNOWN, ICMP_HOST_UNKNOWN, ICMP_HOST_ISOLATED, ICMP_NET_ANO, ICMP_HOST_ANO, ICMP_NET_UNR_TOS, ICMP_HOST_UNR_TOS, ICMP_PKT_FILTERED, ICMP_PREC_VIOLATION, ICMP_PREC_CUTOFF
|
|
|
|
icmp_dest_unreach_packet {
|
|
type const[ICMP_DEST_UNREACH, int8]
|
|
code flags[icmp_dest_unreach_codes, int8]
|
|
csum csum[parent, inet, int16be]
|
|
unused const[0, int8]
|
|
length int8
|
|
mtu int16be
|
|
iph icmp_ipv4_header
|
|
data array[int8, 0:8]
|
|
} [packed]
|
|
|
|
icmp_source_quench_packet {
|
|
type const[ICMP_SOURCE_QUENCH, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
unused const[0, int32]
|
|
iph icmp_ipv4_header
|
|
data array[int8, 0:8]
|
|
} [packed]
|
|
|
|
icmp_redirect_codes = ICMP_REDIR_NET, ICMP_REDIR_HOST, ICMP_REDIR_NETTOS, ICMP_REDIR_HOSTTOS
|
|
|
|
icmp_redirect_packet {
|
|
type const[ICMP_REDIRECT, int8]
|
|
code flags[icmp_redirect_codes, int8]
|
|
csum csum[parent, inet, int16be]
|
|
ip ipv4_addr
|
|
iph icmp_ipv4_header
|
|
data array[int8, 0:8]
|
|
} [packed]
|
|
|
|
icmp_echo_packet {
|
|
type const[ICMP_ECHO, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
icmp_time_exceeded_codes = ICMP_EXC_TTL, ICMP_EXC_FRAGTIME
|
|
|
|
icmp_time_exceeded_packet {
|
|
type const[ICMP_TIME_EXCEEDED, int8]
|
|
code flags[icmp_time_exceeded_codes, int8]
|
|
csum csum[parent, inet, int16be]
|
|
unused1 const[0, int8]
|
|
length int8
|
|
unused2 const[0, int16]
|
|
iph icmp_ipv4_header
|
|
data array[int8, 0:8]
|
|
} [packed]
|
|
|
|
icmp_parameter_prob_packet {
|
|
type const[ICMP_PARAMETERPROB, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
pointer int8
|
|
length int8
|
|
unsed const[0, int16]
|
|
iph icmp_ipv4_header
|
|
data array[int8, 0:8]
|
|
} [packed]
|
|
|
|
icmp_timestamp_packet {
|
|
type const[ICMP_TIMESTAMP, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
orig_ts int32be
|
|
recv_ts int32be
|
|
trans_ts int32be
|
|
} [packed]
|
|
|
|
icmp_timestamp_reply_packet {
|
|
type const[ICMP_TIMESTAMPREPLY, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
orig_ts int32be
|
|
recv_ts int32be
|
|
trans_ts int32be
|
|
} [packed]
|
|
|
|
icmp_info_request_packet {
|
|
type const[ICMP_INFO_REQUEST, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
} [packed]
|
|
|
|
icmp_info_reply_packet {
|
|
type const[ICMP_INFO_REPLY, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
} [packed]
|
|
|
|
icmp_address_request_packet {
|
|
type const[ICMP_ADDRESS, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
mask int32be
|
|
} [packed]
|
|
|
|
icmp_address_reply_packet {
|
|
type const[ICMP_ADDRESSREPLY, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, inet, int16be]
|
|
mask int32be
|
|
} [packed]
|
|
|
|
icmp_types = ICMP_ECHOREPLY, ICMP_DEST_UNREACH, ICMP_SOURCE_QUENCH, ICMP_REDIRECT, ICMP_ECHO, ICMP_TIME_EXCEEDED, ICMP_PARAMETERPROB, ICMP_TIMESTAMP, ICMP_TIMESTAMPREPLY, ICMP_INFO_REQUEST, ICMP_INFO_REPLY, ICMP_ADDRESS, ICMP_ADDRESSREPLY
|
|
|
|
icmp_packet [
|
|
echo_reply icmp_echo_reply_packet
|
|
dest_unreach icmp_dest_unreach_packet
|
|
source_quench icmp_source_quench_packet
|
|
redirect icmp_redirect_packet
|
|
echo icmp_echo_packet
|
|
time_exceeded icmp_time_exceeded_packet
|
|
parameter_prob icmp_parameter_prob_packet
|
|
timestamp icmp_timestamp_packet
|
|
timestamp_reply icmp_timestamp_reply_packet
|
|
info_request icmp_info_request_packet
|
|
info_reply icmp_info_reply_packet
|
|
address_request icmp_address_request_packet
|
|
address_reply icmp_address_reply_packet
|
|
] [varlen]
|
|
|
|
################################################################################
|
|
##################################### ICMPv6 ###################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc4443
|
|
# http://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml
|
|
|
|
include <uapi/linux/icmpv6.h>
|
|
|
|
icmpv6_ipv6_packet {
|
|
priority int8:4
|
|
version const[6, int8:4]
|
|
flow_label array[int8, 3]
|
|
length int16be
|
|
next_header flags[ipv6_types, int8]
|
|
hop_limit int8
|
|
src_ip ipv6_addr
|
|
dst_ip ipv6_addr
|
|
ext_headers array[ipv6_ext_header]
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
icmpv6_dest_unreach_codes = ICMPV6_NOROUTE, ICMPV6_ADM_PROHIBITED, ICMPV6_NOT_NEIGHBOUR, ICMPV6_ADDR_UNREACH, ICMPV6_PORT_UNREACH, ICMPV6_POLICY_FAIL, ICMPV6_REJECT_ROUTE
|
|
|
|
icmpv6_dest_unreach_packet {
|
|
type const[ICMPV6_DEST_UNREACH, int8]
|
|
code flags[icmpv6_dest_unreach_codes, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
length int8
|
|
unused array[const[0, int8], 3]
|
|
packet icmpv6_ipv6_packet
|
|
} [packed]
|
|
|
|
icmpv6_pkt_toobig_packet {
|
|
type const[ICMPV6_PKT_TOOBIG, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
mtu int32be
|
|
packet icmpv6_ipv6_packet
|
|
} [packed]
|
|
|
|
icmpv6_time_exceed_codes = ICMPV6_EXC_HOPLIMIT, ICMPV6_EXC_FRAGTIME
|
|
|
|
icmpv6_time_exceed_packet {
|
|
type const[ICMPV6_TIME_EXCEED, int8]
|
|
code flags[icmpv6_time_exceed_codes, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
length int8
|
|
unused array[const[0, int8], 3]
|
|
packet icmpv6_ipv6_packet
|
|
} [packed]
|
|
|
|
icmpv6_param_prob_codes = ICMPV6_HDR_FIELD, ICMPV6_UNK_NEXTHDR, ICMPV6_UNK_OPTION
|
|
|
|
icmpv6_param_prob_packet {
|
|
type const[ICMPV6_PARAMPROB, int8]
|
|
code flags[icmpv6_param_prob_codes, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
pointer int32be
|
|
packet icmpv6_ipv6_packet
|
|
} [packed]
|
|
|
|
icmpv6_echo_request_packet {
|
|
type const[ICMPV6_ECHO_REQUEST, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
icmpv6_echo_reply_packet {
|
|
type const[ICMPV6_ECHO_REPLY, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
id int16be
|
|
seq_num int16be
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
icmpv6_mld_types = ICMPV6_MGM_QUERY, ICMPV6_MGM_REPORT, ICMPV6_MGM_REDUCTION
|
|
|
|
# https://tools.ietf.org/html/rfc2710#section-3
|
|
icmpv6_mld_packet {
|
|
type flags[icmpv6_mld_types, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
mrd int16be
|
|
unused int16
|
|
addr ipv6_addr
|
|
} [packed]
|
|
|
|
icmpv6_ni_types = ICMPV6_NI_QUERY, ICMPV6_NI_REPLY
|
|
|
|
# https://tools.ietf.org/html/rfc4620#section-4
|
|
icmpv6_ni_packet {
|
|
type flags[icmpv6_ni_types, int8]
|
|
code const[0, int8]
|
|
csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be]
|
|
qtype int16be
|
|
flags int16be
|
|
nonce int64be
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
icmpv6_packet [
|
|
dest_unreach icmpv6_dest_unreach_packet
|
|
pkt_toobig icmpv6_pkt_toobig_packet
|
|
time_exceed icmpv6_time_exceed_packet
|
|
param_prob icmpv6_param_prob_packet
|
|
echo_request icmpv6_echo_request_packet
|
|
echo_reply icmpv6_echo_reply_packet
|
|
mld icmpv6_mld_packet
|
|
# TODO: ICMPV6_MLD2_REPORT
|
|
# TODO: ICMPV6_DHAAD_REQUEST, ICMPV6_DHAAD_REPLY, ICMPV6_MOBILE_PREFIX_SOL, ICMPV6_MOBILE_PREFIX_ADV (with ipv6 ext headers)
|
|
] [varlen]
|
|
|
|
################################################################################
|
|
###################################### DCCP ####################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc4340#section-5
|
|
|
|
include <uapi/linux/dccp.h>
|
|
|
|
# TODO: describe each type
|
|
dccp_types = DCCP_PKT_REQUEST, DCCP_PKT_RESPONSE, DCCP_PKT_DATA, DCCP_PKT_ACK, DCCP_PKT_DATAACK, DCCP_PKT_CLOSEREQ, DCCP_PKT_CLOSE, DCCP_PKT_RESET, DCCP_PKT_SYNC, DCCP_PKT_SYNCACK, DCCP_PKT_INVALID
|
|
|
|
dccp_header {
|
|
src_port proc[int16be, 20000, 4]
|
|
dst_port proc[int16be, 20000, 4]
|
|
offset bytesize4[parent, int8]
|
|
cscov const[1, int8:4]
|
|
# TODO: cscov might have other values, affects checksummed data
|
|
ccval int8:4
|
|
csum csum[parent, pseudo, IPPROTO_DCCP, int16be]
|
|
x const[0, int8:1]
|
|
type flags[dccp_types, int8:4]
|
|
reserved1 int8:3
|
|
seq_num array[int8, 3]
|
|
reserved2 int8
|
|
ack_num array[int8, 3]
|
|
# TODO: seq_num and ack_num might have different size depending on x
|
|
# TODO: options
|
|
} [packed]
|
|
|
|
dccp_packet {
|
|
header dccp_header
|
|
payload array[int8]
|
|
} [packed]
|
|
|
|
################################################################################
|
|
###################################### IGMP ####################################
|
|
################################################################################
|
|
|
|
# https://tools.ietf.org/html/rfc2236
|
|
# https://tools.ietf.org/html/rfc3376#section-4
|
|
|
|
include <uapi/linux/igmp.h>
|
|
|
|
igmp_types = IGMP_HOST_MEMBERSHIP_QUERY, IGMP_HOST_MEMBERSHIP_REPORT, IGMP_DVMRP, IGMP_PIM, IGMP_TRACE, IGMPV2_HOST_MEMBERSHIP_REPORT, IGMP_HOST_LEAVE_MESSAGE, IGMPV3_HOST_MEMBERSHIP_REPORT, IGMP_MTRACE_RESP, IGMP_MTRACE
|
|
|
|
igmp_packet {
|
|
type flags[igmp_types, int8]
|
|
mrtime int8
|
|
csum csum[parent, inet, int16be]
|
|
addr ipv4_addr
|
|
data array[int8]
|
|
} [packed]
|
|
|
|
# TODO: describe particular IGMP packets
|
|
# TODO: open IGMP sockets from userspace
|