]> The Tcpdump Group git mirrors - tcpdump/blob - print-aoe.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More bounds checking when fetching addresses and converting to strings.
[tcpdump] / print-aoe.c
1 /*
2 * Copyright (c) 2014 The TCPDUMP project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
15 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
16 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
17 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
18 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
20 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 /* \summary: ATA over Ethernet (AoE) protocol printer */
29
30 /* specification: http://brantleycoilecompany.com/AoEr11.pdf */
31
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35
36 #include "netdissect-stdinc.h"
37
38 #include "netdissect.h"
39 #include "extract.h"
40 #include "addrtoname.h"
41
42
43 #define AOE_V1 1
44 #define ATA_SECTOR_SIZE 512
45
46 #define AOEV1_CMD_ISSUE_ATA_COMMAND 0
47 #define AOEV1_CMD_QUERY_CONFIG_INFORMATION 1
48 #define AOEV1_CMD_MAC_MASK_LIST 2
49 #define AOEV1_CMD_RESERVE_RELEASE 3
50
51 static const struct tok cmdcode_str[] = {
52 { AOEV1_CMD_ISSUE_ATA_COMMAND, "Issue ATA Command" },
53 { AOEV1_CMD_QUERY_CONFIG_INFORMATION, "Query Config Information" },
54 { AOEV1_CMD_MAC_MASK_LIST, "MAC Mask List" },
55 { AOEV1_CMD_RESERVE_RELEASE, "Reserve/Release" },
56 { 0, NULL }
57 };
58
59 #define AOEV1_COMMON_HDR_LEN 10U /* up to but w/o Arg */
60 #define AOEV1_ISSUE_ARG_LEN 12U /* up to but w/o Data */
61 #define AOEV1_QUERY_ARG_LEN 8U /* up to but w/o Config String */
62 #define AOEV1_MAC_ARG_LEN 4U /* up to but w/o Directive 0 */
63 #define AOEV1_RESERVE_ARG_LEN 2U /* up to but w/o Ethernet address 0 */
64 #define AOEV1_MAX_CONFSTR_LEN 1024U
65
66 #define AOEV1_FLAG_R 0x08
67 #define AOEV1_FLAG_E 0x04
68
69 static const struct tok aoev1_flag_str[] = {
70 { AOEV1_FLAG_R, "Response" },
71 { AOEV1_FLAG_E, "Error" },
72 { 0x02, "MBZ-0x02" },
73 { 0x01, "MBZ-0x01" },
74 { 0, NULL }
75 };
76
77 static const struct tok aoev1_errcode_str[] = {
78 { 1, "Unrecognized command code" },
79 { 2, "Bad argument parameter" },
80 { 3, "Device unavailable" },
81 { 4, "Config string present" },
82 { 5, "Unsupported version" },
83 { 6, "Target is reserved" },
84 { 0, NULL }
85 };
86
87 #define AOEV1_AFLAG_E 0x40
88 #define AOEV1_AFLAG_D 0x10
89 #define AOEV1_AFLAG_A 0x02
90 #define AOEV1_AFLAG_W 0x01
91
92 static const struct tok aoev1_aflag_str[] = {
93 { 0x08, "MBZ-0x08" },
94 { AOEV1_AFLAG_E, "Ext48" },
95 { 0x06, "MBZ-0x06" },
96 { AOEV1_AFLAG_D, "Device" },
97 { 0x04, "MBZ-0x04" },
98 { 0x03, "MBZ-0x03" },
99 { AOEV1_AFLAG_A, "Async" },
100 { AOEV1_AFLAG_W, "Write" },
101 { 0, NULL }
102 };
103
104 static const struct tok aoev1_ccmd_str[] = {
105 { 0, "read config string" },
106 { 1, "test config string" },
107 { 2, "test config string prefix" },
108 { 3, "set config string" },
109 { 4, "force set config string" },
110 { 0, NULL }
111 };
112
113 static const struct tok aoev1_mcmd_str[] = {
114 { 0, "Read Mac Mask List" },
115 { 1, "Edit Mac Mask List" },
116 { 0, NULL }
117 };
118
119 static const struct tok aoev1_merror_str[] = {
120 { 1, "Unspecified Error" },
121 { 2, "Bad DCmd directive" },
122 { 3, "Mask list full" },
123 { 0, NULL }
124 };
125
126 static const struct tok aoev1_dcmd_str[] = {
127 { 0, "No Directive" },
128 { 1, "Add mac address to mask list" },
129 { 2, "Delete mac address from mask list" },
130 { 0, NULL }
131 };
132
133 static const struct tok aoev1_rcmd_str[] = {
134 { 0, "Read reserve list" },
135 { 1, "Set reserve list" },
136 { 2, "Force set reserve list" },
137 { 0, NULL }
138 };
139
140 static void
141 aoev1_issue_print(netdissect_options *ndo,
142 const u_char *cp, const u_int len)
143 {
144 const u_char *ep = ndo->ndo_snapend;
145
146 if (len < AOEV1_ISSUE_ARG_LEN)
147 goto invalid;
148 /* AFlags */
149 ND_TCHECK_1(cp);
150 ND_PRINT("\n\tAFlags: [%s]",
151 bittok2str(aoev1_aflag_str, "none", GET_U_1(cp)));
152 cp += 1;
153 /* Err/Feature */
154 ND_TCHECK_1(cp);
155 ND_PRINT(", Err/Feature: %u", GET_U_1(cp));
156 cp += 1;
157 /* Sector Count (not correlated with the length) */
158 ND_TCHECK_1(cp);
159 ND_PRINT(", Sector Count: %u", GET_U_1(cp));
160 cp += 1;
161 /* Cmd/Status */
162 ND_TCHECK_1(cp);
163 ND_PRINT(", Cmd/Status: %u", GET_U_1(cp));
164 cp += 1;
165 /* lba0 */
166 ND_TCHECK_1(cp);
167 ND_PRINT("\n\tlba0: %u", GET_U_1(cp));
168 cp += 1;
169 /* lba1 */
170 ND_TCHECK_1(cp);
171 ND_PRINT(", lba1: %u", GET_U_1(cp));
172 cp += 1;
173 /* lba2 */
174 ND_TCHECK_1(cp);
175 ND_PRINT(", lba2: %u", GET_U_1(cp));
176 cp += 1;
177 /* lba3 */
178 ND_TCHECK_1(cp);
179 ND_PRINT(", lba3: %u", GET_U_1(cp));
180 cp += 1;
181 /* lba4 */
182 ND_TCHECK_1(cp);
183 ND_PRINT(", lba4: %u", GET_U_1(cp));
184 cp += 1;
185 /* lba5 */
186 ND_TCHECK_1(cp);
187 ND_PRINT(", lba5: %u", GET_U_1(cp));
188 cp += 1;
189 /* Reserved */
190 ND_TCHECK_2(cp);
191 cp += 2;
192 /* Data */
193 if (len > AOEV1_ISSUE_ARG_LEN)
194 ND_PRINT("\n\tData: %u bytes", len - AOEV1_ISSUE_ARG_LEN);
195 return;
196
197 invalid:
198 nd_print_invalid(ndo);
199 ND_TCHECK_LEN(cp, ep - cp);
200 return;
201 trunc:
202 nd_print_trunc(ndo);
203 }
204
205 static void
206 aoev1_query_print(netdissect_options *ndo,
207 const u_char *cp, const u_int len)
208 {
209 const u_char *ep = ndo->ndo_snapend;
210 uint16_t cslen;
211
212 if (len < AOEV1_QUERY_ARG_LEN)
213 goto invalid;
214 /* Buffer Count */
215 ND_TCHECK_2(cp);
216 ND_PRINT("\n\tBuffer Count: %u", GET_BE_U_2(cp));
217 cp += 2;
218 /* Firmware Version */
219 ND_TCHECK_2(cp);
220 ND_PRINT(", Firmware Version: %u", GET_BE_U_2(cp));
221 cp += 2;
222 /* Sector Count */
223 ND_TCHECK_1(cp);
224 ND_PRINT(", Sector Count: %u", GET_U_1(cp));
225 cp += 1;
226 /* AoE/CCmd */
227 ND_TCHECK_1(cp);
228 ND_PRINT(", AoE: %u, CCmd: %s", (GET_U_1(cp) & 0xF0) >> 4,
229 tok2str(aoev1_ccmd_str, "Unknown (0x02x)", GET_U_1(cp) & 0x0F));
230 cp += 1;
231 /* Config String Length */
232 ND_TCHECK_2(cp);
233 cslen = GET_BE_U_2(cp);
234 cp += 2;
235 if (cslen > AOEV1_MAX_CONFSTR_LEN || AOEV1_QUERY_ARG_LEN + cslen > len)
236 goto invalid;
237 /* Config String */
238 if (cslen) {
239 ND_TCHECK_LEN(cp, cslen);
240 ND_PRINT("\n\tConfig String (length %u): ", cslen);
241 if (nd_printn(ndo, cp, cslen, ndo->ndo_snapend))
242 goto trunc;
243 }
244 return;
245
246 invalid:
247 nd_print_invalid(ndo);
248 ND_TCHECK_LEN(cp, ep - cp);
249 return;
250 trunc:
251 nd_print_trunc(ndo);
252 }
253
254 static void
255 aoev1_mac_print(netdissect_options *ndo,
256 const u_char *cp, const u_int len)
257 {
258 const u_char *ep = ndo->ndo_snapend;
259 uint8_t dircount, i;
260
261 if (len < AOEV1_MAC_ARG_LEN)
262 goto invalid;
263 /* Reserved */
264 ND_TCHECK_1(cp);
265 cp += 1;
266 /* MCmd */
267 ND_TCHECK_1(cp);
268 ND_PRINT("\n\tMCmd: %s",
269 tok2str(aoev1_mcmd_str, "Unknown (0x%02x)", GET_U_1(cp)));
270 cp += 1;
271 /* MError */
272 ND_TCHECK_1(cp);
273 ND_PRINT(", MError: %s",
274 tok2str(aoev1_merror_str, "Unknown (0x%02x)", GET_U_1(cp)));
275 cp += 1;
276 /* Dir Count */
277 ND_TCHECK_1(cp);
278 dircount = GET_U_1(cp);
279 cp += 1;
280 ND_PRINT(", Dir Count: %u", dircount);
281 if (AOEV1_MAC_ARG_LEN + dircount * 8 > len)
282 goto invalid;
283 /* directives */
284 for (i = 0; i < dircount; i++) {
285 /* Reserved */
286 ND_TCHECK_1(cp);
287 cp += 1;
288 /* DCmd */
289 ND_TCHECK_1(cp);
290 ND_PRINT("\n\t DCmd: %s",
291 tok2str(aoev1_dcmd_str, "Unknown (0x%02x)", GET_U_1(cp)));
292 cp += 1;
293 /* Ethernet Address */
294 ND_TCHECK_LEN(cp, MAC_ADDR_LEN);
295 ND_PRINT(", Ethernet Address: %s", GET_ETHERADDR_STRING(cp));
296 cp += MAC_ADDR_LEN;
297 }
298 return;
299
300 invalid:
301 nd_print_invalid(ndo);
302 ND_TCHECK_LEN(cp, ep - cp);
303 return;
304 trunc:
305 nd_print_trunc(ndo);
306 }
307
308 static void
309 aoev1_reserve_print(netdissect_options *ndo,
310 const u_char *cp, const u_int len)
311 {
312 const u_char *ep = ndo->ndo_snapend;
313 uint8_t nmacs, i;
314
315 if (len < AOEV1_RESERVE_ARG_LEN || (len - AOEV1_RESERVE_ARG_LEN) % MAC_ADDR_LEN)
316 goto invalid;
317 /* RCmd */
318 ND_TCHECK_1(cp);
319 ND_PRINT("\n\tRCmd: %s",
320 tok2str(aoev1_rcmd_str, "Unknown (0x%02x)", GET_U_1(cp)));
321 cp += 1;
322 /* NMacs (correlated with the length) */
323 ND_TCHECK_1(cp);
324 nmacs = GET_U_1(cp);
325 cp += 1;
326 ND_PRINT(", NMacs: %u", nmacs);
327 if (AOEV1_RESERVE_ARG_LEN + nmacs * MAC_ADDR_LEN != len)
328 goto invalid;
329 /* addresses */
330 for (i = 0; i < nmacs; i++) {
331 ND_TCHECK_LEN(cp, MAC_ADDR_LEN);
332 ND_PRINT("\n\tEthernet Address %u: %s", i, GET_ETHERADDR_STRING(cp));
333 cp += MAC_ADDR_LEN;
334 }
335 return;
336
337 invalid:
338 nd_print_invalid(ndo);
339 ND_TCHECK_LEN(cp, ep - cp);
340 return;
341 trunc:
342 nd_print_trunc(ndo);
343 }
344
345 /* cp points to the Ver/Flags octet */
346 static void
347 aoev1_print(netdissect_options *ndo,
348 const u_char *cp, const u_int len)
349 {
350 const u_char *ep = ndo->ndo_snapend;
351 uint8_t flags, command;
352 void (*cmd_decoder)(netdissect_options *, const u_char *, const u_int);
353
354 if (len < AOEV1_COMMON_HDR_LEN)
355 goto invalid;
356 /* Flags */
357 flags = GET_U_1(cp) & 0x0F;
358 ND_PRINT(", Flags: [%s]", bittok2str(aoev1_flag_str, "none", flags));
359 cp += 1;
360 if (! ndo->ndo_vflag)
361 return;
362 /* Error */
363 ND_TCHECK_1(cp);
364 if (flags & AOEV1_FLAG_E)
365 ND_PRINT("\n\tError: %s",
366 tok2str(aoev1_errcode_str, "Invalid (%u)", GET_U_1(cp)));
367 cp += 1;
368 /* Major */
369 ND_TCHECK_2(cp);
370 ND_PRINT("\n\tMajor: 0x%04x", GET_BE_U_2(cp));
371 cp += 2;
372 /* Minor */
373 ND_TCHECK_1(cp);
374 ND_PRINT(", Minor: 0x%02x", GET_U_1(cp));
375 cp += 1;
376 /* Command */
377 ND_TCHECK_1(cp);
378 command = GET_U_1(cp);
379 cp += 1;
380 ND_PRINT(", Command: %s", tok2str(cmdcode_str, "Unknown (0x%02x)", command));
381 /* Tag */
382 ND_TCHECK_4(cp);
383 ND_PRINT(", Tag: 0x%08x", GET_BE_U_4(cp));
384 cp += 4;
385 /* Arg */
386 cmd_decoder =
387 command == AOEV1_CMD_ISSUE_ATA_COMMAND ? aoev1_issue_print :
388 command == AOEV1_CMD_QUERY_CONFIG_INFORMATION ? aoev1_query_print :
389 command == AOEV1_CMD_MAC_MASK_LIST ? aoev1_mac_print :
390 command == AOEV1_CMD_RESERVE_RELEASE ? aoev1_reserve_print :
391 NULL;
392 if (cmd_decoder != NULL)
393 cmd_decoder(ndo, cp, len - AOEV1_COMMON_HDR_LEN);
394 return;
395
396 invalid:
397 nd_print_invalid(ndo);
398 ND_TCHECK_LEN(cp, ep - cp);
399 return;
400 trunc:
401 nd_print_trunc(ndo);
402 }
403
404 void
405 aoe_print(netdissect_options *ndo,
406 const u_char *cp, const u_int len)
407 {
408 const u_char *ep = ndo->ndo_snapend;
409 uint8_t ver;
410
411 ndo->ndo_protocol = "aoe";
412 ND_PRINT("AoE length %u", len);
413
414 if (len < 1)
415 goto invalid;
416 /* Ver/Flags */
417 ND_TCHECK_1(cp);
418 ver = (GET_U_1(cp) & 0xF0) >> 4;
419 /* Don't advance cp yet: low order 4 bits are version-specific. */
420 ND_PRINT(", Ver %u", ver);
421
422 switch (ver) {
423 case AOE_V1:
424 aoev1_print(ndo, cp, len);
425 break;
426 }
427 return;
428
429 invalid:
430 nd_print_invalid(ndo);
431 ND_TCHECK_LEN(cp, ep - cp);
432 return;
433 trunc:
434 nd_print_trunc(ndo);
435 }
436
[mirror] the TCPdump network dissector