]> The Tcpdump Group git mirrors - tcpdump/blob - print-ppi.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
PPI: Add a length check
[tcpdump] / print-ppi.c
1 /*
2 * Oracle
3 */
4
5 /* \summary: Per-Packet Information (DLT_PPI) printer */
6
7 /* Specification:
8 * Per-Packet Information Header Specification - Version 1.0.7
9 * https://web.archive.org/web/20160328114748/http://www.cacetech.com/documents/PPI%20Header%20format%201.0.7.pdf
10 */
11
12 #ifdef HAVE_CONFIG_H
13 #include <config.h>
14 #endif
15
16 #include "netdissect-stdinc.h"
17
18 #include "netdissect.h"
19 #include "extract.h"
20
21
22 typedef struct ppi_header {
23 nd_uint8_t ppi_ver; /* Version. Currently 0 */
24 nd_uint8_t ppi_flags; /* Flags. */
25 nd_uint16_t ppi_len; /* Length of entire message, including
26 * this header and TLV payload. */
27 nd_uint32_t ppi_dlt; /* Data Link Type of the captured
28 * packet data. */
29 } ppi_header_t;
30
31 #define PPI_HDRLEN 8
32
33 #ifdef DLT_PPI
34
35 static void
36 ppi_header_print(netdissect_options *ndo, const u_char *bp, u_int length)
37 {
38 const ppi_header_t *hdr;
39 uint16_t len;
40 uint32_t dlt;
41 const char *dltname;
42
43 hdr = (const ppi_header_t *)bp;
44
45 len = GET_LE_U_2(hdr->ppi_len);
46 dlt = GET_LE_U_4(hdr->ppi_dlt);
47 dltname = pcap_datalink_val_to_name(dlt);
48
49 if (!ndo->ndo_qflag) {
50 ND_PRINT("V.%u DLT %s (%u) len %u", GET_U_1(hdr->ppi_ver),
51 (dltname != NULL ? dltname : "UNKNOWN"), dlt,
52 len);
53 } else {
54 ND_PRINT("%s", (dltname != NULL ? dltname : "UNKNOWN"));
55 }
56
57 ND_PRINT(", length %u: ", length);
58 }
59
60 static u_int
61 ppi_print(netdissect_options *ndo,
62 const struct pcap_pkthdr *h, const u_char *p)
63 {
64 if_printer_t printer;
65 const ppi_header_t *hdr;
66 u_int caplen = h->caplen;
67 u_int length = h->len;
68 uint16_t len;
69 uint32_t dlt;
70 uint32_t hdrlen;
71 struct pcap_pkthdr nhdr;
72
73 ndo->ndo_protocol = "ppi";
74 if (caplen < sizeof(ppi_header_t)) {
75 nd_print_trunc(ndo);
76 return (caplen);
77 }
78
79 hdr = (const ppi_header_t *)p;
80 ND_TCHECK_2(hdr->ppi_len);
81 len = GET_LE_U_2(hdr->ppi_len);
82 if (len < sizeof(ppi_header_t) || len > 65532) {
83 /* It MUST be between 8 and 65,532 inclusive (spec 3.1.3) */
84 ND_PRINT(" [length %u < %zu or > 65532]", len,
85 sizeof(ppi_header_t));
86 nd_print_invalid(ndo);
87 return (caplen);
88 }
89 if (caplen < len) {
90 /*
91 * If we don't have the entire PPI header, don't
92 * bother.
93 */
94 nd_print_trunc(ndo);
95 return (caplen);
96 }
97 ND_TCHECK_4(hdr->ppi_dlt);
98 dlt = GET_LE_U_4(hdr->ppi_dlt);
99
100 if (ndo->ndo_eflag)
101 ppi_header_print(ndo, p, length);
102
103 length -= len;
104 caplen -= len;
105 p += len;
106
107 printer = lookup_printer(ndo, dlt);
108 if (printer.printer != NULL) {
109 nhdr = *h;
110 nhdr.caplen = caplen;
111 nhdr.len = length;
112 if (ndo->ndo_void_printer == TRUE) {
113 printer.void_printer(ndo, &nhdr, p);
114 hdrlen = ndo->ndo_ll_header_length;
115 } else
116 hdrlen = printer.uint_printer(ndo, &nhdr, p);
117 } else {
118 if (!ndo->ndo_eflag)
119 ppi_header_print(ndo, (const u_char *)hdr, length + len);
120
121 if (!ndo->ndo_suppress_default_print)
122 ND_DEFAULTPRINT(p, caplen);
123 hdrlen = 0;
124 }
125 return (len + hdrlen);
126 trunc:
127 return (caplen);
128 }
129
130 /*
131 * This is the top level routine of the printer. 'p' points
132 * to the ether header of the packet, 'h->ts' is the timestamp,
133 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
134 * is the number of bytes actually captured.
135 */
136 u_int
137 ppi_if_print(netdissect_options *ndo,
138 const struct pcap_pkthdr *h, const u_char *p)
139 {
140 ndo->ndo_protocol = "ppi_if";
141 return (ppi_print(ndo, h, p));
142 }
143 #endif /* DLT_PPI */
[mirror] the TCPdump network dissector