github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/openbsd/vnet.txt (about) 1 # Copyright 2017 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <sys/types.h> 5 include <sys/param.h> 6 include <sys/socket.h> 7 include <net/ethertypes.h> 8 include <net/if_arp.h> 9 include <netinet/in.h> 10 include <netinet/ip.h> 11 include <netinet/ip_icmp.h> 12 include <netinet/ip6.h> 13 include <netinet/icmp6.h> 14 include <netinet/tcp.h> 15 16 syz_emit_ethernet(len len[packet], packet ptr[in, eth_packet]) 17 18 resource tcp_seq_num[int32]: 0x41424344 19 20 tcp_resources { 21 seq tcp_seq_num 22 ack tcp_seq_num 23 } 24 25 # These pseudo syscalls read a packet from tap device and extract tcp sequence and acknowledgement numbers from it. 26 # They also adds the inc arguments to the returned values, this way sequence numbers get incremented. 27 syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32) 28 syz_extract_tcp_res$synack(res ptr[out, tcp_resources], seq_inc const[1], ack_inc const[0]) 29 30 ################################################################################ 31 ################################### Ethernet ################################### 32 ################################################################################ 33 34 # https://en.wikipedia.org/wiki/Ethernet_frame#Structure 35 # https://en.wikipedia.org/wiki/IEEE_802.1Q 36 37 type mac_addr_t[LAST] { 38 a0 array[const[0xaa, int8], 5] 39 a1 LAST 40 } [packed] 41 42 mac_addr [ 43 empty array[const[0x0, int8], 6] 44 local mac_addr_t[const[0xaa, int8]] 45 remote mac_addr_t[const[0xbb, int8]] 46 broadcast array[const[0xff, int8], 6] 47 random array[int8, 6] 48 ] 49 50 vlan_tag_ad { 51 tpid const[ETHERTYPE_QINQ, int16be] 52 pcp int16:3 53 dei int16:1 54 vid int16:12[0:4] 55 } [packed] 56 57 vlan_tag_q { 58 tpid const[ETHERTYPE_VLAN, int16be] 59 pcp int16:3 60 dei int16:1 61 vid int16:12[0:4] 62 } [packed] 63 64 vlan_tag { 65 tag_ad array[vlan_tag_ad, 0:1] 66 tag_q vlan_tag_q 67 } [packed] 68 69 eth_packet { 70 dst_mac mac_addr 71 src_mac mac_addr 72 vtag array[vlan_tag, 0:1] 73 payload eth_payload 74 } [packed] 75 76 eth_payload { 77 eth2 eth2_packet 78 } [packed] 79 80 ################################################################################ 81 ################################## Ethernet 2 ################################## 82 ################################################################################ 83 84 # https://en.wikipedia.org/wiki/Ethernet_frame#Ethernet_II 85 86 ether_types = ETHERTYPE_8023, ETHERTYPE_PUP, ETHERTYPE_PUPAT, ETHERTYPE_SPRITE, ETHERTYPE_NS, ETHERTYPE_NSAT, ETHERTYPE_DLOG1, ETHERTYPE_DLOG2, ETHERTYPE_IP, ETHERTYPE_X75, ETHERTYPE_NBS, ETHERTYPE_ECMA, ETHERTYPE_CHAOS, ETHERTYPE_X25, ETHERTYPE_ARP, ETHERTYPE_NSCOMPAT, ETHERTYPE_FRARP, ETHERTYPE_UBDEBUG, ETHERTYPE_IEEEPUP, ETHERTYPE_IEEEPUPAT, ETHERTYPE_VINES, ETHERTYPE_VINESLOOP, ETHERTYPE_VINESECHO, ETHERTYPE_DCA, ETHERTYPE_VALID, ETHERTYPE_DOGFIGHT, ETHERTYPE_RCL, ETHERTYPE_NBPVCD, ETHERTYPE_NBPSCD, ETHERTYPE_NBPCREQ, ETHERTYPE_NBPCRSP, ETHERTYPE_NBPCC, ETHERTYPE_NBPCLREQ, ETHERTYPE_NBPCLRSP, ETHERTYPE_NBPDG, ETHERTYPE_NBPDGB, ETHERTYPE_NBPCLAIM, ETHERTYPE_NBPDLTE, ETHERTYPE_NBPRAS, ETHERTYPE_NBPRAR, ETHERTYPE_NBPRST, ETHERTYPE_PCS, ETHERTYPE_IMLBLDIAG, ETHERTYPE_DIDDLE, ETHERTYPE_IMLBL, ETHERTYPE_SIMNET, ETHERTYPE_DECEXPER, ETHERTYPE_MOPDL, ETHERTYPE_MOPRC, ETHERTYPE_DECnet, ETHERTYPE_LAT, ETHERTYPE_DECDIAG, ETHERTYPE_DECCUST, ETHERTYPE_SCA, ETHERTYPE_AMBER, ETHERTYPE_DECMUMPS, ETHERTYPE_TRANSETHER, ETHERTYPE_RAWFR, ETHERTYPE_UBDL, ETHERTYPE_UBNIU, ETHERTYPE_UBDIAGLOOP, ETHERTYPE_UBNMC, ETHERTYPE_UBBST, ETHERTYPE_OS9, ETHERTYPE_OS9NET, ETHERTYPE_RACAL, ETHERTYPE_PRIMENTS, ETHERTYPE_CABLETRON, ETHERTYPE_CRONUSVLN, ETHERTYPE_CRONUS, ETHERTYPE_HP, ETHERTYPE_NESTAR, ETHERTYPE_ATTSTANFORD, ETHERTYPE_EXCELAN, ETHERTYPE_SG_DIAG, ETHERTYPE_SG_NETGAMES, ETHERTYPE_SG_RESV, ETHERTYPE_SG_BOUNCE, ETHERTYPE_APOLLODOMAIN, ETHERTYPE_TYMSHARE, ETHERTYPE_TIGAN, ETHERTYPE_REVARP, ETHERTYPE_AEONIC, ETHERTYPE_IPXNEW, ETHERTYPE_LANBRIDGE, ETHERTYPE_DSMD, ETHERTYPE_ARGONAUT, ETHERTYPE_VAXELN, ETHERTYPE_DECDNS, ETHERTYPE_ENCRYPT, ETHERTYPE_DECDTS, ETHERTYPE_DECLTM, ETHERTYPE_DECNETBIOS, ETHERTYPE_DECLAST, ETHERTYPE_PLANNING, ETHERTYPE_DECAM, ETHERTYPE_EXPERDATA, ETHERTYPE_VEXP, ETHERTYPE_VPROD, ETHERTYPE_ES, ETHERTYPE_LITTLE, ETHERTYPE_COUNTERPOINT, ETHERTYPE_VEECO, ETHERTYPE_GENDYN, ETHERTYPE_ATT, ETHERTYPE_AUTOPHON, ETHERTYPE_COMDESIGN, ETHERTYPE_COMPUGRAPHIC, ETHERTYPE_MATRA, ETHERTYPE_DDE, ETHERTYPE_MERIT, ETHERTYPE_VLTLMAN, ETHERTYPE_ATALK, ETHERTYPE_SPIDER, ETHERTYPE_PACER, ETHERTYPE_APPLITEK, ETHERTYPE_SNA, ETHERTYPE_VARIAN, ETHERTYPE_RETIX, ETHERTYPE_AARP, ETHERTYPE_APOLLO, ETHERTYPE_VLAN, ETHERTYPE_BOFL, ETHERTYPE_WELLFLEET, ETHERTYPE_TALARIS, ETHERTYPE_WATERLOO, ETHERTYPE_HAYES, ETHERTYPE_VGLAB, ETHERTYPE_IPX, ETHERTYPE_NOVELL, ETHERTYPE_MUMPS, ETHERTYPE_AMOEBA, ETHERTYPE_FLIP, ETHERTYPE_VURESERVED, ETHERTYPE_LOGICRAFT, ETHERTYPE_NCD, ETHERTYPE_ALPHA, ETHERTYPE_SNMP, ETHERTYPE_TEC, ETHERTYPE_RATIONAL, ETHERTYPE_XTP, ETHERTYPE_SGITW, ETHERTYPE_HIPPI_FP, ETHERTYPE_STP, ETHERTYPE_MOTOROLA, ETHERTYPE_NETBEUI, ETHERTYPE_ACCTON, ETHERTYPE_TALARISMC, ETHERTYPE_KALPANA, ETHERTYPE_SECTRA, ETHERTYPE_IPV6, ETHERTYPE_DELTACON, ETHERTYPE_ATOMIC, ETHERTYPE_RDP, ETHERTYPE_MICP, ETHERTYPE_TCPCOMP, ETHERTYPE_IPAS, ETHERTYPE_SECUREDATA, ETHERTYPE_FLOWCONTROL, ETHERTYPE_SLOW, ETHERTYPE_PPP, ETHERTYPE_HITACHI, ETHERTYPE_MPLS, ETHERTYPE_MPLS_MCAST, ETHERTYPE_AXIS, ETHERTYPE_PPPOEDISC, ETHERTYPE_PPPOE, ETHERTYPE_LANPROBE, ETHERTYPE_EAPOL, ETHERTYPE_QINQ, ETHERTYPE_LOOPBACK, ETHERTYPE_XNSSM, ETHERTYPE_TCPSM, ETHERTYPE_BCLOOP, ETHERTYPE_DEBNI, ETHERTYPE_SONIX, ETHERTYPE_VITAL 87 88 eth2_packet [ 89 generic eth2_packet_generic 90 arp eth2_packet_t[ETHERTYPE_ARP, arp_packet] 91 ipv4 eth2_packet_t[ETHERTYPE_IP, ipv4_packet] 92 ipv6 eth2_packet_t[ETHERTYPE_IPV6, ipv6_packet_t] 93 ] [varlen] 94 95 eth2_packet_generic { 96 etype flags[ether_types, int16be] 97 payload array[int8] 98 } [packed] 99 100 type eth2_packet_t[TYPE, PAYLOAD] { 101 etype const[TYPE, int16be] 102 payload PAYLOAD 103 } [packed] 104 105 ################################################################################ 106 ###################################### ARP ##################################### 107 ################################################################################ 108 109 # https://en.wikipedia.org/wiki/Address_Resolution_Protocol#Packet_structure 110 # https://tools.ietf.org/html/rfc826 111 112 arp_hrds = ARPHRD_ETHER, ARPHRD_IEEE802, ARPHRD_FRELAY, ARPHRD_IEEE1394 113 114 arp_ops = ARPOP_REQUEST, ARPOP_REPLY, ARPOP_REVREQUEST, ARPOP_REVREPLY, ARPOP_INVREQUEST, ARPOP_INVREPLY 115 116 arp_generic_packet { 117 ar_hrd flags[arp_hrds, int16be] 118 ar_pro flags[ether_types, int16be] 119 ar_hln const[6, int8] 120 ar_pln len[ar_spa, int8] 121 ar_op flags[arp_ops, int16be] 122 ar_sha mac_addr 123 ar_spa array[int8, 0:16] 124 ar_tha mac_addr 125 ar_tpa array[int8, 16] 126 } [packed] 127 128 arp_ether_ipv4_packet { 129 ar_hrd const[ARPHRD_ETHER, int16be] 130 ar_pro const[ETHERTYPE_IP, int16be] 131 ar_hln const[6, int8] 132 ar_pln const[4, int8] 133 ar_op flags[arp_ops, int16be] 134 ar_sha mac_addr 135 ar_spa ipv4_addr 136 ar_tha mac_addr 137 ar_tpa ipv4_addr 138 } [packed] 139 140 arp_packet [ 141 generic arp_generic_packet 142 ether_ipv4 arp_ether_ipv4_packet 143 ] [varlen] 144 145 ################################################################################ 146 ##################################### IPv4 ##################################### 147 ################################################################################ 148 149 # https://tools.ietf.org/html/rfc791#section-3.1 150 # https://en.wikipedia.org/wiki/IPv4#Header 151 152 # This corresponds to LOCAL_IPV4 ("172.20.%d.170" % pid) in executor/common_openbsd.h 153 ipv4_addr_local { 154 a0 const[0xac, int8] 155 a1 const[0x14, int8] 156 a2 proc[0, 1, int8] 157 a3 const[0xaa, int8] 158 } [packed] 159 160 # This corresponds to LOCAL_IPV4 ("172.20.%d.187" % pid) in executor/common_openbsd.h 161 ipv4_addr_remote { 162 a0 const[0xac, int8] 163 a1 const[0x14, int8] 164 a2 proc[0, 1, int8] 165 a3 const[0xbb, int8] 166 } [packed] 167 168 ipv4_addr [ 169 # 0.0.0.0 170 empty const[0x0, int32be] 171 # 172.20.%d.170 172 local ipv4_addr_local 173 # 172.20.%d.187 174 remote ipv4_addr_remote 175 # 127.0.0.1 176 loopback const[0x7f000001, int32be] 177 # 224.0.0.1 178 multicast1 const[0xe0000001, int32be] 179 # 224.0.0.2 180 multicast2 const[0xe0000002, int32be] 181 # 255.255.255.255 182 broadcast const[0xffffffff, int32be] 183 # random 184 rand_addr int32be 185 ] 186 187 # http://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ip-parameters-1 188 ipv4_option [ 189 generic ipv4_option_generic 190 end ipv4_option_end 191 noop ipv4_option_noop 192 lsrr ipv4_option_lsrr 193 ssrr ipv4_option_ssrr 194 rr ipv4_option_rr 195 timestamp ipv4_option_timestamp 196 ra ipv4_option_ra 197 ] [varlen] 198 199 ipv4_option_types = IPOPT_EOL, IPOPT_NOP, IPOPT_RR, IPOPT_TS, IPOPT_SECURITY, IPOPT_LSRR, IPOPT_SATID, IPOPT_SSRR, IPOPT_RA 200 201 ipv4_option_generic { 202 type flags[ipv4_option_types, int8] 203 length len[parent, int8] 204 data array[int8, 0:16] 205 } [packed] 206 207 # https://tools.ietf.org/html/rfc791#section-3.1 208 ipv4_option_end { 209 type const[IPOPT_EOL, int8] 210 } [packed] 211 212 # https://tools.ietf.org/html/rfc791#section-3.1 213 ipv4_option_noop { 214 type const[IPOPT_NOP, int8] 215 } [packed] 216 217 # https://tools.ietf.org/html/rfc791#section-3.1 218 ipv4_option_lsrr { 219 type const[IPOPT_LSRR, int8] 220 length len[parent, int8] 221 pointer int8 222 data array[ipv4_addr] 223 } [packed] 224 225 # https://tools.ietf.org/html/rfc791#section-3.1 226 ipv4_option_ssrr { 227 type const[IPOPT_SSRR, int8] 228 length len[parent, int8] 229 pointer int8 230 data array[ipv4_addr] 231 } [packed] 232 233 # https://tools.ietf.org/html/rfc791#section-3.1 234 ipv4_option_rr { 235 type const[IPOPT_RR, int8] 236 length len[parent, int8] 237 pointer int8 238 data array[ipv4_addr] 239 } [packed] 240 241 ipv4_option_timestamp_flags = IPOPT_TS_TSONLY, IPOPT_TS_TSANDADDR, IPOPT_TS_PRESPEC 242 243 ipv4_option_timestamp_timestamp { 244 addr array[ipv4_addr, 0:1] 245 timestamp int32be 246 } [packed] 247 248 # https://tools.ietf.org/html/rfc791#section-3.1 249 # http://www.networksorcery.com/enp/protocol/ip/option004.htm 250 ipv4_option_timestamp { 251 type const[IPOPT_TS, int8] 252 length len[parent, int8] 253 pointer int8 254 flg flags[ipv4_option_timestamp_flags, int8:4] 255 oflw int8:4 256 timestamps array[ipv4_option_timestamp_timestamp] 257 } [packed] 258 259 # https://tools.ietf.org/html/rfc2113 260 ipv4_option_ra { 261 type const[IPOPT_RA, int8] 262 length len[parent, int8] 263 value int32be 264 } [packed] 265 266 ipv4_options { 267 options array[ipv4_option] 268 } [packed, align[4]] 269 270 ipv4_types = IPPROTO_IP, IPPROTO_ICMP, IPPROTO_IGMP, IPPROTO_GGP, IPPROTO_IPV4, IPPROTO_TCP, IPPROTO_EGP, IPPROTO_PUP, IPPROTO_UDP, IPPROTO_IDP, IPPROTO_TP, IPPROTO_IPV6, IPPROTO_ROUTING, IPPROTO_FRAGMENT, IPPROTO_RSVP, IPPROTO_GRE, IPPROTO_ESP, IPPROTO_AH, IPPROTO_MOBILE, IPPROTO_ICMPV6, IPPROTO_NONE, IPPROTO_DSTOPTS, IPPROTO_EON, IPPROTO_ETHERIP, IPPROTO_ENCAP, IPPROTO_PIM, IPPROTO_IPCOMP, IPPROTO_CARP, IPPROTO_UDPLITE, IPPROTO_MPLS, IPPROTO_PFSYNC, IPPROTO_RAW 271 272 ipv4_header { 273 ihl bytesize4[parent, int8:4] 274 version const[4, int8:4] 275 ecn int8:2 276 dscp int8:6 277 total_len len[ipv4_packet, int16be] 278 id int16be[100:104] 279 frag_off int16be 280 # TODO: frag_off is actually 13 bits, 3 bits are flags 281 ttl int8 282 protocol flags[ipv4_types, int8] 283 csum csum[parent, inet, int16be] 284 src_ip ipv4_addr 285 dst_ip ipv4_addr 286 options ipv4_options 287 } [packed] 288 289 ipv4_packet { 290 header ipv4_header 291 payload ipv4_payload 292 } [packed] 293 294 ipv4_payload [ 295 generic array[int8] 296 tcp tcp_packet 297 udp udp_packet 298 icmp icmp_packet 299 ] [varlen] 300 301 ################################################################################ 302 ###################################### ICMP #################################### 303 ################################################################################ 304 305 # https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#ICMP_datagram_structure 306 # https://tools.ietf.org/html/rfc792 307 # https://tools.ietf.org/html/rfc4884#section-4.1 308 # http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml 309 310 icmp_ipv4_header { 311 ihl bytesize4[parent, int8:4] 312 version const[4, int8:4] 313 ecn int8:2 314 dscp int8:6 315 total_len int16be 316 id icmp_id 317 frag_off int16be 318 ttl int8 319 protocol flags[ipv4_types, int8] 320 csum int16be 321 src_ip ipv4_addr 322 dst_ip ipv4_addr 323 options ipv4_options 324 } [packed] 325 326 icmp_types = ICMP_ECHOREPLY, ICMP_UNREACH, ICMP_SOURCEQUENCH, ICMP_REDIRECT, ICMP_ALTHOSTADDR, ICMP_ECHO, ICMP_ROUTERADVERT, ICMP_ROUTERSOLICIT, ICMP_TIMXCEED, ICMP_PARAMPROB, ICMP_TSTAMP, ICMP_TSTAMPREPLY, ICMP_IREQ, ICMP_IREQREPLY, ICMP_MASKREQ, ICMP_MASKREPLY, ICMP_TRACEROUTE, ICMP_DATACONVERR, ICMP_MOBILE_REDIRECT, ICMP_IPV6_WHEREAREYOU, ICMP_IPV6_IAMHERE, ICMP_MOBILE_REGREQUEST, ICMP_MOBILE_REGREPLY, ICMP_SKIP, ICMP_PHOTURIS 327 328 icmp_generic_packet { 329 type flags[icmp_types, int8] 330 code int8 331 csum csum[parent, inet, int16be] 332 data array[int8] 333 } [packed] 334 335 icmp_echo_reply_packet { 336 type const[ICMP_ECHOREPLY, int8] 337 code const[0, int8] 338 csum csum[parent, inet, int16be] 339 id icmp_id 340 seq_num int16be 341 data array[int8] 342 } [packed] 343 344 type icmp_id int16be[100:104] 345 346 icmp_dest_unreach_codes = ICMP_UNREACH_NET, ICMP_UNREACH_HOST, ICMP_UNREACH_PROTOCOL, ICMP_UNREACH_PORT, ICMP_UNREACH_NEEDFRAG, ICMP_UNREACH_SRCFAIL, ICMP_UNREACH_NET_UNKNOWN, ICMP_UNREACH_HOST_UNKNOWN, ICMP_UNREACH_ISOLATED, ICMP_UNREACH_NET_PROHIB, ICMP_UNREACH_HOST_PROHIB, ICMP_UNREACH_TOSNET, ICMP_UNREACH_TOSHOST, ICMP_UNREACH_FILTER_PROHIB, ICMP_UNREACH_HOST_PRECEDENCE, ICMP_UNREACH_PRECEDENCE_CUTOFF 347 348 icmp_dest_unreach_packet { 349 type const[ICMP_UNREACH, int8] 350 code flags[icmp_dest_unreach_codes, int8] 351 csum csum[parent, inet, int16be] 352 unused const[0, int8] 353 length int8 354 mtu int16be 355 iph icmp_ipv4_header 356 data array[int8, 0:8] 357 } [packed] 358 359 icmp_source_quench_packet { 360 type const[ICMP_SOURCEQUENCH, int8] 361 code const[0, int8] 362 csum csum[parent, inet, int16be] 363 unused const[0, int32] 364 iph icmp_ipv4_header 365 data array[int8, 0:8] 366 } [packed] 367 368 icmp_redirect_codes = ICMP_REDIRECT_NET, ICMP_REDIRECT_HOST, ICMP_REDIRECT_TOSNET, ICMP_REDIRECT_TOSHOST 369 370 icmp_redirect_packet { 371 type const[ICMP_REDIRECT, int8] 372 code flags[icmp_redirect_codes, int8] 373 csum csum[parent, inet, int16be] 374 ip ipv4_addr 375 iph icmp_ipv4_header 376 data array[int8, 0:8] 377 } [packed] 378 379 icmp_echo_packet { 380 type const[ICMP_ECHO, int8] 381 code const[0, int8] 382 csum csum[parent, inet, int16be] 383 id int16be 384 seq_num int16be 385 data array[int8] 386 } [packed] 387 388 icmp_time_exceeded_codes = ICMP_TIMXCEED_INTRANS, ICMP_TIMXCEED_REASS 389 390 icmp_time_exceeded_packet { 391 type const[ICMP_TIMXCEED, int8] 392 code flags[icmp_time_exceeded_codes, int8] 393 csum csum[parent, inet, int16be] 394 unused1 const[0, int8] 395 length int8 396 unused2 const[0, int16] 397 iph icmp_ipv4_header 398 data array[int8, 0:8] 399 } [packed] 400 401 icmp_parameter_prob_codes = ICMP_PARAMPROB_ERRATPTR, ICMP_PARAMPROB_OPTABSENT, ICMP_PARAMPROB_LENGTH 402 403 icmp_parameter_prob_packet { 404 type const[ICMP_PARAMPROB, int8] 405 code flags[icmp_parameter_prob_codes, int8] 406 csum csum[parent, inet, int16be] 407 pointer int8 408 length int8 409 unused const[0, int16] 410 iph icmp_ipv4_header 411 data array[int8, 0:8] 412 } [packed] 413 414 icmp_timestamp_packet { 415 type const[ICMP_TSTAMP, int8] 416 code const[0, int8] 417 csum csum[parent, inet, int16be] 418 id int16be 419 seq_num int16be 420 orig_ts int32be 421 recv_ts int32be 422 trans_ts int32be 423 } [packed] 424 425 icmp_timestamp_reply_packet { 426 type const[ICMP_TSTAMPREPLY, int8] 427 code const[0, int8] 428 csum csum[parent, inet, int16be] 429 id int16be 430 seq_num int16be 431 orig_ts int32be 432 recv_ts int32be 433 trans_ts int32be 434 } [packed] 435 436 icmp_info_request_packet { 437 type const[ICMP_IREQ, int8] 438 code const[0, int8] 439 csum csum[parent, inet, int16be] 440 id int16be 441 seq_num int16be 442 } [packed] 443 444 icmp_info_reply_packet { 445 type const[ICMP_IREQREPLY, int8] 446 code const[0, int8] 447 csum csum[parent, inet, int16be] 448 id int16be 449 seq_num int16be 450 } [packed] 451 452 icmp_mask_request_packet { 453 type const[ICMP_MASKREQ, int8] 454 code const[0, int8] 455 csum csum[parent, inet, int16be] 456 mask int32be 457 } [packed] 458 459 icmp_mask_reply_packet { 460 type const[ICMP_MASKREPLY, int8] 461 code const[0, int8] 462 csum csum[parent, inet, int16be] 463 mask int32be 464 } [packed] 465 466 icmp_packet [ 467 generic icmp_generic_packet 468 echo_reply icmp_echo_reply_packet 469 dest_unreach icmp_dest_unreach_packet 470 source_quench icmp_source_quench_packet 471 redirect icmp_redirect_packet 472 echo icmp_echo_packet 473 time_exceeded icmp_time_exceeded_packet 474 parameter_prob icmp_parameter_prob_packet 475 timestamp icmp_timestamp_packet 476 timestamp_reply icmp_timestamp_reply_packet 477 info_request icmp_info_request_packet 478 info_reply icmp_info_reply_packet 479 mask_request icmp_mask_request_packet 480 mask_reply icmp_mask_reply_packet 481 ] [varlen] 482 483 ################################################################################ 484 ##################################### IPv6 ##################################### 485 ################################################################################ 486 487 ipv6_types = IPPROTO_IP, IPPROTO_ICMP, IPPROTO_IGMP, IPPROTO_GGP, IPPROTO_IPV4, IPPROTO_TCP, IPPROTO_EGP, IPPROTO_PUP, IPPROTO_UDP, IPPROTO_IDP, IPPROTO_TP, IPPROTO_IPV6, IPPROTO_ROUTING, IPPROTO_FRAGMENT, IPPROTO_RSVP, IPPROTO_GRE, IPPROTO_ESP, IPPROTO_AH, IPPROTO_MOBILE, IPPROTO_ICMPV6, IPPROTO_NONE, IPPROTO_DSTOPTS, IPPROTO_EON, IPPROTO_ETHERIP, IPPROTO_ENCAP, IPPROTO_PIM, IPPROTO_IPCOMP, IPPROTO_CARP, IPPROTO_UDPLITE, IPPROTO_MPLS, IPPROTO_PFSYNC, IPPROTO_RAW 488 489 ipv6_addr_empty { 490 a0 array[const[0x0, int8], 16] 491 } 492 493 # This corresponds to LOCAL_IPV6 ("fe80::%02hxaa" % pid) in executor/common_openbsd.h 494 ipv6_addr_local { 495 a0 const[0xfe, int8] 496 a1 const[0x80, int8] 497 a2 array[const[0x0, int8], 12] 498 a3 proc[0, 1, int8] 499 a4 const[0xaa, int8] 500 } [packed] 501 502 # This corresponds to REMOTE_IPV6 ("fe80::%02hxbb" % pid) in executor/common_openbsd.h 503 ipv6_addr_remote { 504 a0 const[0xfe, int8] 505 a1 const[0x80, int8] 506 a2 array[const[0x0, int8], 12] 507 a3 proc[0, 1, int8] 508 a4 const[0xbb, int8] 509 } [packed] 510 511 ipv6_addr_loopback { 512 a0 const[0, int64be] 513 a1 const[1, int64be] 514 } [packed] 515 516 ipv6_addr_ipv4 { 517 a0 array[const[0x0, int8], 10] 518 a1 array[const[0xff, int8], 2] 519 a3 ipv4_addr 520 } [packed] 521 522 ipv6_addr_multicast1 { 523 a0 const[0xff, int8] 524 a1 const[0x1, int8] 525 a2 array[const[0x0, int8], 13] 526 a3 const[0x1, int8] 527 } [packed] 528 529 ipv6_addr_multicast2 { 530 a0 const[0xff, int8] 531 a1 const[0x2, int8] 532 a2 array[const[0x0, int8], 13] 533 a3 const[0x1, int8] 534 } [packed] 535 536 ipv6_addr [ 537 rand_addr array[int8, 16] 538 empty ipv6_addr_empty 539 local ipv6_addr_local 540 remote ipv6_addr_remote 541 loopback ipv6_addr_loopback 542 ipv4 ipv6_addr_ipv4 543 mcast1 ipv6_addr_multicast1 544 mcast2 ipv6_addr_multicast2 545 ] [size[16]] 546 547 # https://tools.ietf.org/html/rfc2402 548 # https://tools.ietf.org/html/rfc2406 549 # https://tools.ietf.org/html/rfc3775 550 551 # https://tools.ietf.org/html/rfc2460#section-4 552 # The length field in each of the extension headers specifies the 553 # length of the header in 8-octet units not including the first 8 octets. 554 555 ipv6_ext_header [ 556 hopopts ipv6_hopots_ext_header 557 routing ipv6_rt_hdr 558 fragment ipv6_fragment_ext_header 559 dstopts ipv6_dstopts_ext_header 560 ] [varlen] 561 562 ipv6_hopots_ext_header { 563 next_header flags[ipv6_types, int8] 564 length bytesize8[options, int8] 565 pad array[const[0, int8], 6] 566 options array[ipv6_tlv_option] 567 } [packed, align[8]] 568 569 ipv6_routing_types = IPV6_RTHDR_LOOSE 570 571 ipv6_rt_hdr { 572 next_header flags[ipv6_types, int8] 573 length bytesize8[data, int8] 574 routing_type flags[ipv6_routing_types, int8] 575 segments_left int8 576 reserved const[0, int32] 577 data array[ipv6_addr] 578 } [packed, align[8]] 579 580 ipv6_fragment_ext_header { 581 next_header flags[ipv6_types, int8] 582 reserved1 const[0, int8] 583 fragment_off_hi int8 584 m_flag int8:1 585 reserved2 const[0, int8:2] 586 fragment_off_lo int8:5 587 identification int32[100:104] 588 } [packed, align[8]] 589 590 ipv6_dstopts_ext_header { 591 next_header flags[ipv6_types, int8] 592 length bytesize8[options, int8] 593 pad array[const[0, int8], 6] 594 options array[ipv6_tlv_option] 595 } [packed, align[8]] 596 597 ipv6_tlv_option [ 598 generic ipv6_tlv_generic 599 pad1 ipv6_tlv_pad1 600 padn ipv6_tlv_padn 601 jumbo ipv6_tlv_jumbo 602 enc_lim ipv6_tlv_tun_lim 603 ra ipv6_tlv_ra 604 ] [varlen] 605 606 ipv6_tlv_generic { 607 type int8 608 length len[data, int8] 609 data array[int8] 610 } [packed] 611 612 ipv6_tlv_pad1 { 613 type const[IP6OPT_PAD1, int8] 614 len const[1, int8] 615 pad const[0, int8] 616 } [packed] 617 618 ipv6_tlv_padn { 619 type const[IP6OPT_PADN, int8] 620 len len[pad, int8] 621 pad array[const[0, int8]] 622 } [packed] 623 624 ipv6_tlv_jumbo { 625 type const[IP6OPT_JUMBO, int8] 626 len const[4, int8] 627 pkt_len int32be 628 } [packed] 629 630 ipv6_tlv_tun_lim { 631 type const[IP6OPT_TUNNEL_LIMIT, int8] 632 len const[1, int8] 633 encap_limit int8 634 } [packed] 635 636 ipv6_tlv_ra { 637 type const[IP6OPT_ROUTER_ALERT, int8] 638 len const[2, int8] 639 ra int16be 640 } [packed] 641 642 ipv6_packet_t { 643 priority int8:4 644 version const[6, int8:4] 645 flow_label array[int8, 3] 646 # TODO: flow_label is actually 20 bits, 4 bits are part of priority 647 length len[payload, int16be] 648 next_header flags[ipv6_types, int8] 649 hop_limit int8 650 src_ip ipv6_addr 651 dst_ip ipv6_addr 652 payload ipv6_packet_payload 653 } [packed] 654 655 ipv6_packet_payload { 656 ext_headers array[ipv6_ext_header] 657 payload ipv6_payload 658 } [packed] 659 660 ipv6_payload [ 661 generic array[int8] 662 tcp tcp_packet 663 udp udp_packet 664 icmpv6 icmpv6_packet 665 ] [varlen] 666 667 ################################################################################ 668 ##################################### ICMPv6 ################################### 669 ################################################################################ 670 671 # https://tools.ietf.org/html/rfc4443 672 # http://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml 673 674 icmpv6_ipv6_packet { 675 priority int8:4 676 version const[6, int8:4] 677 flow_label array[int8, 3] 678 length int16be 679 next_header flags[ipv6_types, int8] 680 hop_limit int8 681 src_ip ipv6_addr 682 dst_ip ipv6_addr 683 ext_headers array[ipv6_ext_header] 684 data array[int8] 685 } [packed] 686 687 icmpv6_dest_unreach_codes = ICMP6_DST_UNREACH_NOROUTE, ICMP6_DST_UNREACH_ADMIN, ICMP6_DST_UNREACH_BEYONDSCOPE, ICMP6_DST_UNREACH_ADDR, ICMP6_DST_UNREACH_NOPORT 688 689 icmpv6_dest_unreach_packet { 690 type const[ICMP6_DST_UNREACH, int8] 691 code flags[icmpv6_dest_unreach_codes, int8] 692 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 693 length int8 694 unused array[const[0, int8], 3] 695 packet icmpv6_ipv6_packet 696 } [packed] 697 698 icmpv6_pkt_toobig_packet { 699 type const[ICMP6_PACKET_TOO_BIG, int8] 700 code const[0, int8] 701 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 702 mtu int32be 703 packet icmpv6_ipv6_packet 704 } [packed] 705 706 icmpv6_time_exceed_codes = ICMP6_TIME_EXCEED_TRANSIT, ICMP6_TIME_EXCEED_REASSEMBLY 707 708 icmpv6_time_exceed_packet { 709 type const[ICMP6_TIME_EXCEEDED, int8] 710 code flags[icmpv6_time_exceed_codes, int8] 711 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 712 length int8 713 unused array[const[0, int8], 3] 714 packet icmpv6_ipv6_packet 715 } [packed] 716 717 icmpv6_param_prob_codes = ICMP6_PARAMPROB_HEADER, ICMP6_PARAMPROB_NEXTHEADER, ICMP6_PARAMPROB_OPTION 718 719 icmpv6_param_prob_packet { 720 type const[ICMP6_PARAM_PROB, int8] 721 code flags[icmpv6_param_prob_codes, int8] 722 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 723 pointer int32be 724 packet icmpv6_ipv6_packet 725 } [packed] 726 727 icmpv6_echo_request_packet { 728 type const[ICMP6_ECHO_REQUEST, int8] 729 code const[0, int8] 730 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 731 id int16be 732 seq_num int16be 733 data array[int8] 734 } [packed] 735 736 icmpv6_echo_reply_packet { 737 type const[ICMP6_ECHO_REPLY, int8] 738 code const[0, int8] 739 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 740 id int16be 741 seq_num int16be 742 data array[int8] 743 } [packed] 744 745 icmpv6_mld_types = MLD_LISTENER_QUERY, MLD_LISTENER_REPORT 746 747 # https://tools.ietf.org/html/rfc2710#section-3 748 icmpv6_mld_packet { 749 type flags[icmpv6_mld_types, int8] 750 code const[0, int8] 751 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 752 mrd int16be 753 unused int16 754 addr ipv6_addr 755 } [packed] 756 757 icmpv6_ni_types = ICMP6_NI_QUERY, ICMP6_NI_REPLY 758 759 # https://tools.ietf.org/html/rfc4620#section-4 760 icmpv6_ni_packet { 761 type flags[icmpv6_ni_types, int8] 762 code const[0, int8] 763 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 764 qtype int16be 765 flags int16be 766 nonce int64be 767 data array[int8] 768 } [packed] 769 770 icmpv6_ndisc_option_types = ND_OPT_SOURCE_LINKADDR, ND_OPT_TARGET_LINKADDR, ND_OPT_PREFIX_INFORMATION, ND_OPT_REDIRECTED_HEADER, ND_OPT_MTU, ND_OPT_ROUTE_INFO, ND_OPT_RDNSS, ND_OPT_DNSSL 771 772 # https://tools.ietf.org/html/rfc4861#section-4.6 773 icmpv6_ndisc_option { 774 option_type flags[icmpv6_ndisc_option_types, int8] 775 length bytesize8[parent, int8] 776 # TODO: define the option formats 777 data array[int8] 778 } [packed] 779 780 # https://tools.ietf.org/html/rfc4861#section-4.1 781 icmpv6_ndisc_router_solicit_packet { 782 type const[ND_ROUTER_SOLICIT, int8] 783 code const[0, int8] 784 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 785 unused array[const[0, int8], 4] 786 options array[icmpv6_ndisc_option] 787 } [packed] 788 789 # https://tools.ietf.org/html/rfc4861#section-4.2 790 icmpv6_ndisc_router_advert_packet { 791 type const[ND_ROUTER_ADVERT, int8] 792 code const[0, int8] 793 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 794 cur_hop_limit int8 795 # TODO: Implement bitflags for the router advert flags 796 router_flags int8 797 router_lifetime int16 798 reachable_time int32 799 retrans_time int32 800 options array[icmpv6_ndisc_option] 801 } [packed] 802 803 # https://tools.ietf.org/html/rfc4861#section-4.3 804 icmpv6_ndisc_neigh_solicit_packet { 805 type const[ND_NEIGHBOR_SOLICIT, int8] 806 code const[0, int8] 807 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 808 target_addr ipv6_addr 809 options array[icmpv6_ndisc_option] 810 } [packed] 811 812 # https://tools.ietf.org/html/rfc4861#section-4.4 813 icmpv6_ndisc_neigh_advert_packet { 814 type const[ND_NEIGHBOR_ADVERT, int8] 815 code const[0, int8] 816 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 817 # TODO: Implement bitflags for the neighbor advert flags 818 neighbor_flags int8 819 unused array[const[0, int8], 3] 820 target_addr ipv6_addr 821 options array[icmpv6_ndisc_option] 822 } [packed] 823 824 # https://tools.ietf.org/html/rfc4861#section-4.5 825 icmpv6_ndisc_redir_packet { 826 type const[ND_REDIRECT, int8] 827 code const[0, int8] 828 csum csum[parent, pseudo, IPPROTO_ICMPV6, int16be] 829 unused array[const[0, int8], 4] 830 target_addr ipv6_addr 831 dst_addr ipv6_addr 832 options array[icmpv6_ndisc_option] 833 } [packed] 834 835 icmpv6_packet [ 836 dest_unreach icmpv6_dest_unreach_packet 837 pkt_toobig icmpv6_pkt_toobig_packet 838 time_exceed icmpv6_time_exceed_packet 839 param_prob icmpv6_param_prob_packet 840 echo_request icmpv6_echo_request_packet 841 echo_reply icmpv6_echo_reply_packet 842 mld icmpv6_mld_packet 843 ni icmpv6_ni_packet 844 ndisc_rs icmpv6_ndisc_router_solicit_packet 845 ndisc_ra icmpv6_ndisc_router_advert_packet 846 ndisc_na icmpv6_ndisc_neigh_advert_packet 847 ndisc_ns icmpv6_ndisc_neigh_solicit_packet 848 ndisc_redir icmpv6_ndisc_redir_packet 849 ] [varlen] 850 851 ################################################################################ 852 ###################################### TCP ##################################### 853 ################################################################################ 854 855 # https://tools.ietf.org/html/rfc793#section-3.1 856 # https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure 857 # http://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml 858 859 tcp_option [ 860 generic tcp_generic_option 861 nop tcp_nop_option 862 eol tcp_eol_option 863 mss tcp_mss_option 864 window tcp_window_option 865 sack_perm tcp_sack_perm_option 866 sack tcp_sack_option 867 timestamp tcp_timestamp_option 868 md5sig tcp_md5sig_option 869 ] [varlen] 870 871 tcp_option_types = TCPOPT_EOL, TCPOPT_NOP, TCPOPT_MAXSEG, TCPOPT_WINDOW, TCPOPT_SACK_PERMITTED, TCPOPT_SACK, TCPOPT_TIMESTAMP, TCPOPT_SIGNATURE 872 873 tcp_generic_option { 874 type flags[tcp_option_types, int8] 875 length len[parent, int8] 876 data array[int8, 0:16] 877 } [packed] 878 879 # https://tools.ietf.org/html/rfc793#section-3.1 880 tcp_eol_option { 881 type const[TCPOPT_EOL, int8] 882 } [packed] 883 884 # https://tools.ietf.org/html/rfc793#section-3.1 885 tcp_nop_option { 886 type const[TCPOPT_NOP, int8] 887 } [packed] 888 889 # https://tools.ietf.org/html/rfc793#section-3.1 890 tcp_mss_option { 891 type const[TCPOPT_MAXSEG, int8] 892 length len[parent, int8] 893 seg_size int16 894 } [packed] 895 896 # https://tools.ietf.org/html/rfc7323#section-2 897 tcp_window_option { 898 type const[TCPOPT_WINDOW, int8] 899 length len[parent, int8] 900 shift int8 901 } [packed] 902 903 # https://tools.ietf.org/html/rfc2018#section-2 904 tcp_sack_perm_option { 905 type const[TCPOPT_SACK_PERMITTED, int8] 906 length len[parent, int8] 907 } [packed] 908 909 # https://tools.ietf.org/html/rfc2018#section-3 910 tcp_sack_option { 911 type const[TCPOPT_SACK, int8] 912 length len[parent, int8] 913 data array[int32be] 914 } [packed] 915 916 # https://tools.ietf.org/html/rfc7323#section-3 917 tcp_timestamp_option { 918 type const[TCPOPT_TIMESTAMP, int8] 919 length len[parent, int8] 920 tsval int32be 921 tsecr int32be 922 } [packed] 923 924 # https://tools.ietf.org/html/rfc2385#section-3.0 925 tcp_md5sig_option { 926 type const[TCPOPT_SIGNATURE, int8] 927 length len[parent, int8] 928 md5 array[int8, 16] 929 } [packed] 930 931 tcp_options { 932 options array[tcp_option] 933 } [packed, align[4]] 934 935 tcp_flags = 0, TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG, TH_ECE, TH_CWR 936 937 tcp_header { 938 src_port sock_port 939 dst_port sock_port 940 seq_num tcp_seq_num 941 ack_num tcp_seq_num 942 ns int8:1 943 reserved const[0, int8:3] 944 data_off bytesize4[parent, int8:4] 945 flags flags[tcp_flags, int8] 946 window_size int16be 947 csum csum[tcp_packet, pseudo, IPPROTO_TCP, int16be] 948 urg_ptr int16be 949 options tcp_options 950 } [packed] 951 952 tcp_packet { 953 header tcp_header 954 payload tcp_payload 955 } [packed] 956 957 tcp_payload { 958 payload array[int8] 959 } [packed] 960 961 ################################################################################ 962 ###################################### UDP ##################################### 963 ################################################################################ 964 965 # https://tools.ietf.org/html/rfc768 966 # https://en.wikipedia.org/wiki/User_Datagram_Protocol#Packet_structure 967 968 udp_header { 969 src_port sock_port 970 dst_port sock_port 971 length len[parent, int16be] 972 csum csum[parent, pseudo, IPPROTO_UDP, int16be] 973 } [packed] 974 975 udp_packet { 976 header udp_header 977 payload udp_payload 978 } [packed] 979 980 udp_payload { 981 payload array[int8] 982 } [packed]