]> The Tcpdump Group git mirrors - tcpdump/blob - print-pim.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CVE-2017-12996/PIMv2: Make sure PIM TLVs have the right length.
[tcpdump] / print-pim.c
1 /*
2 * Copyright (c) 1995, 1996
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Protocol Independent Multicast (PIM) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <netdissect-stdinc.h>
29
30 #include "netdissect.h"
31 #include "addrtoname.h"
32 #include "extract.h"
33
34 #include "ip.h"
35 #include "ip6.h"
36 #include "ipproto.h"
37
38 #define PIMV1_TYPE_QUERY 0
39 #define PIMV1_TYPE_REGISTER 1
40 #define PIMV1_TYPE_REGISTER_STOP 2
41 #define PIMV1_TYPE_JOIN_PRUNE 3
42 #define PIMV1_TYPE_RP_REACHABILITY 4
43 #define PIMV1_TYPE_ASSERT 5
44 #define PIMV1_TYPE_GRAFT 6
45 #define PIMV1_TYPE_GRAFT_ACK 7
46
47 static const struct tok pimv1_type_str[] = {
48 { PIMV1_TYPE_QUERY, "Query" },
49 { PIMV1_TYPE_REGISTER, "Register" },
50 { PIMV1_TYPE_REGISTER_STOP, "Register-Stop" },
51 { PIMV1_TYPE_JOIN_PRUNE, "Join/Prune" },
52 { PIMV1_TYPE_RP_REACHABILITY, "RP-reachable" },
53 { PIMV1_TYPE_ASSERT, "Assert" },
54 { PIMV1_TYPE_GRAFT, "Graft" },
55 { PIMV1_TYPE_GRAFT_ACK, "Graft-ACK" },
56 { 0, NULL }
57 };
58
59 #define PIMV2_TYPE_HELLO 0
60 #define PIMV2_TYPE_REGISTER 1
61 #define PIMV2_TYPE_REGISTER_STOP 2
62 #define PIMV2_TYPE_JOIN_PRUNE 3
63 #define PIMV2_TYPE_BOOTSTRAP 4
64 #define PIMV2_TYPE_ASSERT 5
65 #define PIMV2_TYPE_GRAFT 6
66 #define PIMV2_TYPE_GRAFT_ACK 7
67 #define PIMV2_TYPE_CANDIDATE_RP 8
68 #define PIMV2_TYPE_PRUNE_REFRESH 9
69 #define PIMV2_TYPE_DF_ELECTION 10
70 #define PIMV2_TYPE_ECMP_REDIRECT 11
71
72 static const struct tok pimv2_type_values[] = {
73 { PIMV2_TYPE_HELLO, "Hello" },
74 { PIMV2_TYPE_REGISTER, "Register" },
75 { PIMV2_TYPE_REGISTER_STOP, "Register Stop" },
76 { PIMV2_TYPE_JOIN_PRUNE, "Join / Prune" },
77 { PIMV2_TYPE_BOOTSTRAP, "Bootstrap" },
78 { PIMV2_TYPE_ASSERT, "Assert" },
79 { PIMV2_TYPE_GRAFT, "Graft" },
80 { PIMV2_TYPE_GRAFT_ACK, "Graft Acknowledgement" },
81 { PIMV2_TYPE_CANDIDATE_RP, "Candidate RP Advertisement" },
82 { PIMV2_TYPE_PRUNE_REFRESH, "Prune Refresh" },
83 { PIMV2_TYPE_DF_ELECTION, "DF Election" },
84 { PIMV2_TYPE_ECMP_REDIRECT, "ECMP Redirect" },
85 { 0, NULL}
86 };
87
88 #define PIMV2_HELLO_OPTION_HOLDTIME 1
89 #define PIMV2_HELLO_OPTION_LANPRUNEDELAY 2
90 #define PIMV2_HELLO_OPTION_DR_PRIORITY_OLD 18
91 #define PIMV2_HELLO_OPTION_DR_PRIORITY 19
92 #define PIMV2_HELLO_OPTION_GENID 20
93 #define PIMV2_HELLO_OPTION_REFRESH_CAP 21
94 #define PIMV2_HELLO_OPTION_BIDIR_CAP 22
95 #define PIMV2_HELLO_OPTION_ADDRESS_LIST 24
96 #define PIMV2_HELLO_OPTION_ADDRESS_LIST_OLD 65001
97
98 static const struct tok pimv2_hello_option_values[] = {
99 { PIMV2_HELLO_OPTION_HOLDTIME, "Hold Time" },
100 { PIMV2_HELLO_OPTION_LANPRUNEDELAY, "LAN Prune Delay" },
101 { PIMV2_HELLO_OPTION_DR_PRIORITY_OLD, "DR Priority (Old)" },
102 { PIMV2_HELLO_OPTION_DR_PRIORITY, "DR Priority" },
103 { PIMV2_HELLO_OPTION_GENID, "Generation ID" },
104 { PIMV2_HELLO_OPTION_REFRESH_CAP, "State Refresh Capability" },
105 { PIMV2_HELLO_OPTION_BIDIR_CAP, "Bi-Directional Capability" },
106 { PIMV2_HELLO_OPTION_ADDRESS_LIST, "Address List" },
107 { PIMV2_HELLO_OPTION_ADDRESS_LIST_OLD, "Address List (Old)" },
108 { 0, NULL}
109 };
110
111 #define PIMV2_REGISTER_FLAG_LEN 4
112 #define PIMV2_REGISTER_FLAG_BORDER 0x80000000
113 #define PIMV2_REGISTER_FLAG_NULL 0x40000000
114
115 static const struct tok pimv2_register_flag_values[] = {
116 { PIMV2_REGISTER_FLAG_BORDER, "Border" },
117 { PIMV2_REGISTER_FLAG_NULL, "Null" },
118 { 0, NULL}
119 };
120
121 /*
122 * XXX: We consider a case where IPv6 is not ready yet for portability,
123 * but PIM dependent defintions should be independent of IPv6...
124 */
125
126 struct pim {
127 uint8_t pim_typever;
128 /* upper 4bit: PIM version number; 2 for PIMv2 */
129 /* lower 4bit: the PIM message type, currently they are:
130 * Hello, Register, Register-Stop, Join/Prune,
131 * Bootstrap, Assert, Graft (PIM-DM only),
132 * Graft-Ack (PIM-DM only), C-RP-Adv
133 */
134 #define PIM_VER(x) (((x) & 0xf0) >> 4)
135 #define PIM_TYPE(x) ((x) & 0x0f)
136 u_char pim_rsv; /* Reserved */
137 u_short pim_cksum; /* IP style check sum */
138 };
139
140 static void pimv2_print(netdissect_options *, register const u_char *bp, register u_int len, const u_char *);
141
142 static void
143 pimv1_join_prune_print(netdissect_options *ndo,
144 register const u_char *bp, register u_int len)
145 {
146 int ngroups, njoin, nprune;
147 int njp;
148
149 /* If it's a single group and a single source, use 1-line output. */
150 if (ND_TTEST2(bp[0], 30) && bp[11] == 1 &&
151 ((njoin = EXTRACT_16BITS(&bp[20])) + EXTRACT_16BITS(&bp[22])) == 1) {
152 int hold;
153
154 ND_PRINT((ndo, " RPF %s ", ipaddr_string(ndo, bp)));
155 hold = EXTRACT_16BITS(&bp[6]);
156 if (hold != 180) {
157 ND_PRINT((ndo, "Hold "));
158 unsigned_relts_print(ndo, hold);
159 }
160 ND_PRINT((ndo, "%s (%s/%d, %s", njoin ? "Join" : "Prune",
161 ipaddr_string(ndo, &bp[26]), bp[25] & 0x3f,
162 ipaddr_string(ndo, &bp[12])));
163 if (EXTRACT_32BITS(&bp[16]) != 0xffffffff)
164 ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[16])));
165 ND_PRINT((ndo, ") %s%s %s",
166 (bp[24] & 0x01) ? "Sparse" : "Dense",
167 (bp[25] & 0x80) ? " WC" : "",
168 (bp[25] & 0x40) ? "RP" : "SPT"));
169 return;
170 }
171
172 ND_TCHECK2(bp[0], sizeof(struct in_addr));
173 if (ndo->ndo_vflag > 1)
174 ND_PRINT((ndo, "\n"));
175 ND_PRINT((ndo, " Upstream Nbr: %s", ipaddr_string(ndo, bp)));
176 ND_TCHECK2(bp[6], 2);
177 if (ndo->ndo_vflag > 1)
178 ND_PRINT((ndo, "\n"));
179 ND_PRINT((ndo, " Hold time: "));
180 unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[6]));
181 if (ndo->ndo_vflag < 2)
182 return;
183 bp += 8;
184 len -= 8;
185
186 ND_TCHECK2(bp[0], 4);
187 ngroups = bp[3];
188 bp += 4;
189 len -= 4;
190 while (ngroups--) {
191 /*
192 * XXX - does the address have length "addrlen" and the
193 * mask length "maddrlen"?
194 */
195 ND_TCHECK2(bp[0], sizeof(struct in_addr));
196 ND_PRINT((ndo, "\n\tGroup: %s", ipaddr_string(ndo, bp)));
197 ND_TCHECK2(bp[4], sizeof(struct in_addr));
198 if (EXTRACT_32BITS(&bp[4]) != 0xffffffff)
199 ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[4])));
200 ND_TCHECK2(bp[8], 4);
201 njoin = EXTRACT_16BITS(&bp[8]);
202 nprune = EXTRACT_16BITS(&bp[10]);
203 ND_PRINT((ndo, " joined: %d pruned: %d", njoin, nprune));
204 bp += 12;
205 len -= 12;
206 for (njp = 0; njp < (njoin + nprune); njp++) {
207 const char *type;
208
209 if (njp < njoin)
210 type = "Join ";
211 else
212 type = "Prune";
213 ND_TCHECK2(bp[0], 6);
214 ND_PRINT((ndo, "\n\t%s %s%s%s%s/%d", type,
215 (bp[0] & 0x01) ? "Sparse " : "Dense ",
216 (bp[1] & 0x80) ? "WC " : "",
217 (bp[1] & 0x40) ? "RP " : "SPT ",
218 ipaddr_string(ndo, &bp[2]), bp[1] & 0x3f));
219 bp += 6;
220 len -= 6;
221 }
222 }
223 return;
224 trunc:
225 ND_PRINT((ndo, "[|pim]"));
226 return;
227 }
228
229 void
230 pimv1_print(netdissect_options *ndo,
231 register const u_char *bp, register u_int len)
232 {
233 register const u_char *ep;
234 register u_char type;
235
236 ep = (const u_char *)ndo->ndo_snapend;
237 if (bp >= ep)
238 return;
239
240 ND_TCHECK(bp[1]);
241 type = bp[1];
242
243 ND_PRINT((ndo, " %s", tok2str(pimv1_type_str, "[type %u]", type)));
244 switch (type) {
245 case PIMV1_TYPE_QUERY:
246 if (ND_TTEST(bp[8])) {
247 switch (bp[8] >> 4) {
248 case 0:
249 ND_PRINT((ndo, " Dense-mode"));
250 break;
251 case 1:
252 ND_PRINT((ndo, " Sparse-mode"));
253 break;
254 case 2:
255 ND_PRINT((ndo, " Sparse-Dense-mode"));
256 break;
257 default:
258 ND_PRINT((ndo, " mode-%d", bp[8] >> 4));
259 break;
260 }
261 }
262 if (ndo->ndo_vflag) {
263 ND_TCHECK2(bp[10],2);
264 ND_PRINT((ndo, " (Hold-time "));
265 unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[10]));
266 ND_PRINT((ndo, ")"));
267 }
268 break;
269
270 case PIMV1_TYPE_REGISTER:
271 ND_TCHECK2(bp[8], 20); /* ip header */
272 ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[20]),
273 ipaddr_string(ndo, &bp[24])));
274 break;
275 case PIMV1_TYPE_REGISTER_STOP:
276 ND_TCHECK2(bp[12], sizeof(struct in_addr));
277 ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[8]),
278 ipaddr_string(ndo, &bp[12])));
279 break;
280 case PIMV1_TYPE_RP_REACHABILITY:
281 if (ndo->ndo_vflag) {
282 ND_TCHECK2(bp[22], 2);
283 ND_PRINT((ndo, " group %s", ipaddr_string(ndo, &bp[8])));
284 if (EXTRACT_32BITS(&bp[12]) != 0xffffffff)
285 ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[12])));
286 ND_PRINT((ndo, " RP %s hold ", ipaddr_string(ndo, &bp[16])));
287 unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[22]));
288 }
289 break;
290 case PIMV1_TYPE_ASSERT:
291 ND_TCHECK2(bp[16], sizeof(struct in_addr));
292 ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[16]),
293 ipaddr_string(ndo, &bp[8])));
294 if (EXTRACT_32BITS(&bp[12]) != 0xffffffff)
295 ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[12])));
296 ND_TCHECK2(bp[24], 4);
297 ND_PRINT((ndo, " %s pref %d metric %d",
298 (bp[20] & 0x80) ? "RP-tree" : "SPT",
299 EXTRACT_32BITS(&bp[20]) & 0x7fffffff,
300 EXTRACT_32BITS(&bp[24])));
301 break;
302 case PIMV1_TYPE_JOIN_PRUNE:
303 case PIMV1_TYPE_GRAFT:
304 case PIMV1_TYPE_GRAFT_ACK:
305 if (ndo->ndo_vflag)
306 pimv1_join_prune_print(ndo, &bp[8], len - 8);
307 break;
308 }
309 ND_TCHECK(bp[4]);
310 if ((bp[4] >> 4) != 1)
311 ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
312 return;
313
314 trunc:
315 ND_PRINT((ndo, "[|pim]"));
316 return;
317 }
318
319 /*
320 * auto-RP is a cisco protocol, documented at
321 * ftp://ftpeng.cisco.com/ipmulticast/specs/pim-autorp-spec01.txt
322 *
323 * This implements version 1+, dated Sept 9, 1998.
324 */
325 void
326 cisco_autorp_print(netdissect_options *ndo,
327 register const u_char *bp, register u_int len)
328 {
329 int type;
330 int numrps;
331 int hold;
332
333 ND_TCHECK(bp[0]);
334 ND_PRINT((ndo, " auto-rp "));
335 type = bp[0];
336 switch (type) {
337 case 0x11:
338 ND_PRINT((ndo, "candidate-advert"));
339 break;
340 case 0x12:
341 ND_PRINT((ndo, "mapping"));
342 break;
343 default:
344 ND_PRINT((ndo, "type-0x%02x", type));
345 break;
346 }
347
348 ND_TCHECK(bp[1]);
349 numrps = bp[1];
350
351 ND_TCHECK2(bp[2], 2);
352 ND_PRINT((ndo, " Hold "));
353 hold = EXTRACT_16BITS(&bp[2]);
354 if (hold)
355 unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[2]));
356 else
357 ND_PRINT((ndo, "FOREVER"));
358
359 /* Next 4 bytes are reserved. */
360
361 bp += 8; len -= 8;
362
363 /*XXX skip unless -v? */
364
365 /*
366 * Rest of packet:
367 * numrps entries of the form:
368 * 32 bits: RP
369 * 6 bits: reserved
370 * 2 bits: PIM version supported, bit 0 is "supports v1", 1 is "v2".
371 * 8 bits: # of entries for this RP
372 * each entry: 7 bits: reserved, 1 bit: negative,
373 * 8 bits: mask 32 bits: source
374 * lather, rinse, repeat.
375 */
376 while (numrps--) {
377 int nentries;
378 char s;
379
380 ND_TCHECK2(bp[0], 4);
381 ND_PRINT((ndo, " RP %s", ipaddr_string(ndo, bp)));
382 ND_TCHECK(bp[4]);
383 switch (bp[4] & 0x3) {
384 case 0: ND_PRINT((ndo, " PIMv?"));
385 break;
386 case 1: ND_PRINT((ndo, " PIMv1"));
387 break;
388 case 2: ND_PRINT((ndo, " PIMv2"));
389 break;
390 case 3: ND_PRINT((ndo, " PIMv1+2"));
391 break;
392 }
393 if (bp[4] & 0xfc)
394 ND_PRINT((ndo, " [rsvd=0x%02x]", bp[4] & 0xfc));
395 ND_TCHECK(bp[5]);
396 nentries = bp[5];
397 bp += 6; len -= 6;
398 s = ' ';
399 for (; nentries; nentries--) {
400 ND_TCHECK2(bp[0], 6);
401 ND_PRINT((ndo, "%c%s%s/%d", s, bp[0] & 1 ? "!" : "",
402 ipaddr_string(ndo, &bp[2]), bp[1]));
403 if (bp[0] & 0x02) {
404 ND_PRINT((ndo, " bidir"));
405 }
406 if (bp[0] & 0xfc) {
407 ND_PRINT((ndo, "[rsvd=0x%02x]", bp[0] & 0xfc));
408 }
409 s = ',';
410 bp += 6; len -= 6;
411 }
412 }
413 return;
414
415 trunc:
416 ND_PRINT((ndo, "[|autorp]"));
417 return;
418 }
419
420 void
421 pim_print(netdissect_options *ndo,
422 register const u_char *bp, register u_int len, const u_char *bp2)
423 {
424 register const u_char *ep;
425 register const struct pim *pim = (const struct pim *)bp;
426
427 ep = (const u_char *)ndo->ndo_snapend;
428 if (bp >= ep)
429 return;
430 #ifdef notyet /* currently we see only version and type */
431 ND_TCHECK(pim->pim_rsv);
432 #endif
433
434 switch (PIM_VER(pim->pim_typever)) {
435 case 2:
436 if (!ndo->ndo_vflag) {
437 ND_PRINT((ndo, "PIMv%u, %s, length %u",
438 PIM_VER(pim->pim_typever),
439 tok2str(pimv2_type_values,"Unknown Type",PIM_TYPE(pim->pim_typever)),
440 len));
441 return;
442 } else {
443 ND_PRINT((ndo, "PIMv%u, length %u\n\t%s",
444 PIM_VER(pim->pim_typever),
445 len,
446 tok2str(pimv2_type_values,"Unknown Type",PIM_TYPE(pim->pim_typever))));
447 pimv2_print(ndo, bp, len, bp2);
448 }
449 break;
450 default:
451 ND_PRINT((ndo, "PIMv%u, length %u",
452 PIM_VER(pim->pim_typever),
453 len));
454 break;
455 }
456 return;
457 }
458
459 /*
460 * PIMv2 uses encoded address representations.
461 *
462 * The last PIM-SM I-D before RFC2117 was published specified the
463 * following representation for unicast addresses. However, RFC2117
464 * specified no encoding for unicast addresses with the unicast
465 * address length specified in the header. Therefore, we have to
466 * guess which encoding is being used (Cisco's PIMv2 implementation
467 * uses the non-RFC encoding). RFC2117 turns a previously "Reserved"
468 * field into a 'unicast-address-length-in-bytes' field. We guess
469 * that it's the draft encoding if this reserved field is zero.
470 *
471 * RFC2362 goes back to the encoded format, and calls the addr length
472 * field "reserved" again.
473 *
474 * The first byte is the address family, from:
475 *
476 * 0 Reserved
477 * 1 IP (IP version 4)
478 * 2 IP6 (IP version 6)
479 * 3 NSAP
480 * 4 HDLC (8-bit multidrop)
481 * 5 BBN 1822
482 * 6 802 (includes all 802 media plus Ethernet "canonical format")
483 * 7 E.163
484 * 8 E.164 (SMDS, Frame Relay, ATM)
485 * 9 F.69 (Telex)
486 * 10 X.121 (X.25, Frame Relay)
487 * 11 IPX
488 * 12 Appletalk
489 * 13 Decnet IV
490 * 14 Banyan Vines
491 * 15 E.164 with NSAP format subaddress
492 *
493 * In addition, the second byte is an "Encoding". 0 is the default
494 * encoding for the address family, and no other encodings are currently
495 * specified.
496 *
497 */
498
499 static int pimv2_addr_len;
500
501 enum pimv2_addrtype {
502 pimv2_unicast, pimv2_group, pimv2_source
503 };
504
505 /* 0 1 2 3
506 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
507 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
508 * | Addr Family | Encoding Type | Unicast Address |
509 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+++++++
510 * 0 1 2 3
511 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
512 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
513 * | Addr Family | Encoding Type | Reserved | Mask Len |
514 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
515 * | Group multicast Address |
516 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
517 * 0 1 2 3
518 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
519 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
520 * | Addr Family | Encoding Type | Rsrvd |S|W|R| Mask Len |
521 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
522 * | Source Address |
523 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
524 */
525 static int
526 pimv2_addr_print(netdissect_options *ndo,
527 const u_char *bp, enum pimv2_addrtype at, int silent)
528 {
529 int af;
530 int len, hdrlen;
531
532 ND_TCHECK(bp[0]);
533
534 if (pimv2_addr_len == 0) {
535 ND_TCHECK(bp[1]);
536 switch (bp[0]) {
537 case 1:
538 af = AF_INET;
539 len = sizeof(struct in_addr);
540 break;
541 case 2:
542 af = AF_INET6;
543 len = sizeof(struct in6_addr);
544 break;
545 default:
546 return -1;
547 }
548 if (bp[1] != 0)
549 return -1;
550 hdrlen = 2;
551 } else {
552 switch (pimv2_addr_len) {
553 case sizeof(struct in_addr):
554 af = AF_INET;
555 break;
556 case sizeof(struct in6_addr):
557 af = AF_INET6;
558 break;
559 default:
560 return -1;
561 break;
562 }
563 len = pimv2_addr_len;
564 hdrlen = 0;
565 }
566
567 bp += hdrlen;
568 switch (at) {
569 case pimv2_unicast:
570 ND_TCHECK2(bp[0], len);
571 if (af == AF_INET) {
572 if (!silent)
573 ND_PRINT((ndo, "%s", ipaddr_string(ndo, bp)));
574 }
575 else if (af == AF_INET6) {
576 if (!silent)
577 ND_PRINT((ndo, "%s", ip6addr_string(ndo, bp)));
578 }
579 return hdrlen + len;
580 case pimv2_group:
581 case pimv2_source:
582 ND_TCHECK2(bp[0], len + 2);
583 if (af == AF_INET) {
584 if (!silent) {
585 ND_PRINT((ndo, "%s", ipaddr_string(ndo, bp + 2)));
586 if (bp[1] != 32)
587 ND_PRINT((ndo, "/%u", bp[1]));
588 }
589 }
590 else if (af == AF_INET6) {
591 if (!silent) {
592 ND_PRINT((ndo, "%s", ip6addr_string(ndo, bp + 2)));
593 if (bp[1] != 128)
594 ND_PRINT((ndo, "/%u", bp[1]));
595 }
596 }
597 if (bp[0] && !silent) {
598 if (at == pimv2_group) {
599 ND_PRINT((ndo, "(0x%02x)", bp[0]));
600 } else {
601 ND_PRINT((ndo, "(%s%s%s",
602 bp[0] & 0x04 ? "S" : "",
603 bp[0] & 0x02 ? "W" : "",
604 bp[0] & 0x01 ? "R" : ""));
605 if (bp[0] & 0xf8) {
606 ND_PRINT((ndo, "+0x%02x", bp[0] & 0xf8));
607 }
608 ND_PRINT((ndo, ")"));
609 }
610 }
611 return hdrlen + 2 + len;
612 default:
613 return -1;
614 }
615 trunc:
616 return -1;
617 }
618
619 enum checksum_status {
620 CORRECT,
621 INCORRECT,
622 UNVERIFIED
623 };
624
625 static enum checksum_status
626 pimv2_check_checksum(netdissect_options *ndo, const u_char *bp,
627 const u_char *bp2, u_int len)
628 {
629 const struct ip *ip;
630 u_int cksum;
631
632 if (!ND_TTEST2(bp[0], len)) {
633 /* We don't have all the data. */
634 return (UNVERIFIED);
635 }
636 ip = (const struct ip *)bp2;
637 if (IP_V(ip) == 4) {
638 struct cksum_vec vec[1];
639
640 vec[0].ptr = bp;
641 vec[0].len = len;
642 cksum = in_cksum(vec, 1);
643 return (cksum ? INCORRECT : CORRECT);
644 } else if (IP_V(ip) == 6) {
645 const struct ip6_hdr *ip6;
646
647 ip6 = (const struct ip6_hdr *)bp2;
648 cksum = nextproto6_cksum(ndo, ip6, bp, len, len, IPPROTO_PIM);
649 return (cksum ? INCORRECT : CORRECT);
650 } else {
651 return (UNVERIFIED);
652 }
653 }
654
655 static void
656 pimv2_print(netdissect_options *ndo,
657 register const u_char *bp, register u_int len, const u_char *bp2)
658 {
659 register const u_char *ep;
660 register const struct pim *pim = (const struct pim *)bp;
661 int advance;
662 enum checksum_status cksum_status;
663
664 ep = (const u_char *)ndo->ndo_snapend;
665 if (bp >= ep)
666 return;
667 if (ep > bp + len)
668 ep = bp + len;
669 ND_TCHECK(pim->pim_rsv);
670 pimv2_addr_len = pim->pim_rsv;
671 if (pimv2_addr_len != 0)
672 ND_PRINT((ndo, ", RFC2117-encoding"));
673
674 ND_PRINT((ndo, ", cksum 0x%04x ", EXTRACT_16BITS(&pim->pim_cksum)));
675 if (EXTRACT_16BITS(&pim->pim_cksum) == 0) {
676 ND_PRINT((ndo, "(unverified)"));
677 } else {
678 if (PIM_TYPE(pim->pim_typever) == PIMV2_TYPE_REGISTER) {
679 /*
680 * The checksum only covers the packet header,
681 * not the encapsulated packet.
682 */
683 cksum_status = pimv2_check_checksum(ndo, bp, bp2, 8);
684 if (cksum_status == INCORRECT) {
685 /*
686 * To quote RFC 4601, "For interoperability
687 * reasons, a message carrying a checksum
688 * calculated over the entire PIM Register
689 * message should also be accepted."
690 */
691 cksum_status = pimv2_check_checksum(ndo, bp, bp2, len);
692 }
693 } else {
694 /*
695 * The checksum covers the entire packet.
696 */
697 cksum_status = pimv2_check_checksum(ndo, bp, bp2, len);
698 }
699 switch (cksum_status) {
700
701 case CORRECT:
702 ND_PRINT((ndo, "(correct)"));
703 break;
704
705 case INCORRECT:
706 ND_PRINT((ndo, "(incorrect)"));
707 break;
708
709 case UNVERIFIED:
710 ND_PRINT((ndo, "(unverified)"));
711 break;
712 }
713 }
714
715 switch (PIM_TYPE(pim->pim_typever)) {
716 case PIMV2_TYPE_HELLO:
717 {
718 uint16_t otype, olen;
719 bp += 4;
720 while (bp < ep) {
721 ND_TCHECK2(bp[0], 4);
722 otype = EXTRACT_16BITS(&bp[0]);
723 olen = EXTRACT_16BITS(&bp[2]);
724 ND_TCHECK2(bp[0], 4 + olen);
725 ND_PRINT((ndo, "\n\t %s Option (%u), length %u, Value: ",
726 tok2str(pimv2_hello_option_values, "Unknown", otype),
727 otype,
728 olen));
729 bp += 4;
730
731 switch (otype) {
732 case PIMV2_HELLO_OPTION_HOLDTIME:
733 if (olen != 2) {
734 ND_PRINT((ndo, "ERROR: Option Length != 2 Bytes (%u)", olen));
735 } else {
736 unsigned_relts_print(ndo, EXTRACT_16BITS(bp));
737 }
738 break;
739
740 case PIMV2_HELLO_OPTION_LANPRUNEDELAY:
741 if (olen != 4) {
742 ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen));
743 } else {
744 char t_bit;
745 uint16_t lan_delay, override_interval;
746 lan_delay = EXTRACT_16BITS(bp);
747 override_interval = EXTRACT_16BITS(bp+2);
748 t_bit = (lan_delay & 0x8000)? 1 : 0;
749 lan_delay &= ~0x8000;
750 ND_PRINT((ndo, "\n\t T-bit=%d, LAN delay %dms, Override interval %dms",
751 t_bit, lan_delay, override_interval));
752 }
753 break;
754
755 case PIMV2_HELLO_OPTION_DR_PRIORITY_OLD:
756 case PIMV2_HELLO_OPTION_DR_PRIORITY:
757 switch (olen) {
758 case 0:
759 ND_PRINT((ndo, "Bi-Directional Capability (Old)"));
760 break;
761 case 4:
762 ND_PRINT((ndo, "%u", EXTRACT_32BITS(bp)));
763 break;
764 default:
765 ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen));
766 break;
767 }
768 break;
769
770 case PIMV2_HELLO_OPTION_GENID:
771 if (olen != 4) {
772 ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen));
773 } else {
774 ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(bp)));
775 }
776 break;
777
778 case PIMV2_HELLO_OPTION_REFRESH_CAP:
779 if (olen != 4) {
780 ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen));
781 } else {
782 ND_PRINT((ndo, "v%d", *bp));
783 if (*(bp+1) != 0) {
784 ND_PRINT((ndo, ", interval "));
785 unsigned_relts_print(ndo, *(bp+1));
786 }
787 if (EXTRACT_16BITS(bp+2) != 0) {
788 ND_PRINT((ndo, " ?0x%04x?", EXTRACT_16BITS(bp+2)));
789 }
790 }
791 break;
792
793 case PIMV2_HELLO_OPTION_BIDIR_CAP:
794 break;
795
796 case PIMV2_HELLO_OPTION_ADDRESS_LIST_OLD:
797 case PIMV2_HELLO_OPTION_ADDRESS_LIST:
798 if (ndo->ndo_vflag > 1) {
799 const u_char *ptr = bp;
800 while (ptr < (bp+olen)) {
801 ND_PRINT((ndo, "\n\t "));
802 advance = pimv2_addr_print(ndo, ptr, pimv2_unicast, 0);
803 if (advance < 0) {
804 ND_PRINT((ndo, "..."));
805 break;
806 }
807 ptr += advance;
808 }
809 }
810 break;
811 default:
812 if (ndo->ndo_vflag <= 1)
813 print_unknown_data(ndo, bp, "\n\t ", olen);
814 break;
815 }
816 /* do we want to see an additionally hexdump ? */
817 if (ndo->ndo_vflag> 1)
818 print_unknown_data(ndo, bp, "\n\t ", olen);
819 bp += olen;
820 }
821 break;
822 }
823
824 case PIMV2_TYPE_REGISTER:
825 {
826 const struct ip *ip;
827
828 ND_TCHECK2(*(bp + 4), PIMV2_REGISTER_FLAG_LEN);
829
830 ND_PRINT((ndo, ", Flags [ %s ]\n\t",
831 tok2str(pimv2_register_flag_values,
832 "none",
833 EXTRACT_32BITS(bp+4))));
834
835 bp += 8; len -= 8;
836 /* encapsulated multicast packet */
837 ip = (const struct ip *)bp;
838 switch (IP_V(ip)) {
839 case 0: /* Null header */
840 ND_PRINT((ndo, "IP-Null-header %s > %s",
841 ipaddr_string(ndo, &ip->ip_src),
842 ipaddr_string(ndo, &ip->ip_dst)));
843 break;
844
845 case 4: /* IPv4 */
846 ip_print(ndo, bp, len);
847 break;
848
849 case 6: /* IPv6 */
850 ip6_print(ndo, bp, len);
851 break;
852
853 default:
854 ND_PRINT((ndo, "IP ver %d", IP_V(ip)));
855 break;
856 }
857 break;
858 }
859
860 case PIMV2_TYPE_REGISTER_STOP:
861 bp += 4; len -= 4;
862 if (bp >= ep)
863 break;
864 ND_PRINT((ndo, " group="));
865 if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) {
866 ND_PRINT((ndo, "..."));
867 break;
868 }
869 bp += advance; len -= advance;
870 if (bp >= ep)
871 break;
872 ND_PRINT((ndo, " source="));
873 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
874 ND_PRINT((ndo, "..."));
875 break;
876 }
877 bp += advance; len -= advance;
878 break;
879
880 case PIMV2_TYPE_JOIN_PRUNE:
881 case PIMV2_TYPE_GRAFT:
882 case PIMV2_TYPE_GRAFT_ACK:
883
884
885 /*
886 * 0 1 2 3
887 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
888 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
889 * |PIM Ver| Type | Addr length | Checksum |
890 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
891 * | Unicast-Upstream Neighbor Address |
892 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
893 * | Reserved | Num groups | Holdtime |
894 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
895 * | Encoded-Multicast Group Address-1 |
896 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
897 * | Number of Joined Sources | Number of Pruned Sources |
898 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
899 * | Encoded-Joined Source Address-1 |
900 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
901 * | . |
902 * | . |
903 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
904 * | Encoded-Joined Source Address-n |
905 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
906 * | Encoded-Pruned Source Address-1 |
907 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
908 * | . |
909 * | . |
910 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
911 * | Encoded-Pruned Source Address-n |
912 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
913 * | . |
914 * | . |
915 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
916 * | Encoded-Multicast Group Address-n |
917 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
918 */
919
920 {
921 uint8_t ngroup;
922 uint16_t holdtime;
923 uint16_t njoin;
924 uint16_t nprune;
925 int i, j;
926
927 bp += 4; len -= 4;
928 if (PIM_TYPE(pim->pim_typever) != 7) { /*not for Graft-ACK*/
929 if (bp >= ep)
930 break;
931 ND_PRINT((ndo, ", upstream-neighbor: "));
932 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
933 ND_PRINT((ndo, "..."));
934 break;
935 }
936 bp += advance; len -= advance;
937 }
938 if (bp + 4 > ep)
939 break;
940 ngroup = bp[1];
941 holdtime = EXTRACT_16BITS(&bp[2]);
942 ND_PRINT((ndo, "\n\t %u group(s)", ngroup));
943 if (PIM_TYPE(pim->pim_typever) != 7) { /*not for Graft-ACK*/
944 ND_PRINT((ndo, ", holdtime: "));
945 if (holdtime == 0xffff)
946 ND_PRINT((ndo, "infinite"));
947 else
948 unsigned_relts_print(ndo, holdtime);
949 }
950 bp += 4; len -= 4;
951 for (i = 0; i < ngroup; i++) {
952 if (bp >= ep)
953 goto jp_done;
954 ND_PRINT((ndo, "\n\t group #%u: ", i+1));
955 if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) {
956 ND_PRINT((ndo, "...)"));
957 goto jp_done;
958 }
959 bp += advance; len -= advance;
960 if (bp + 4 > ep) {
961 ND_PRINT((ndo, "...)"));
962 goto jp_done;
963 }
964 njoin = EXTRACT_16BITS(&bp[0]);
965 nprune = EXTRACT_16BITS(&bp[2]);
966 ND_PRINT((ndo, ", joined sources: %u, pruned sources: %u", njoin, nprune));
967 bp += 4; len -= 4;
968 for (j = 0; j < njoin; j++) {
969 ND_PRINT((ndo, "\n\t joined source #%u: ", j+1));
970 if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) {
971 ND_PRINT((ndo, "...)"));
972 goto jp_done;
973 }
974 bp += advance; len -= advance;
975 }
976 for (j = 0; j < nprune; j++) {
977 ND_PRINT((ndo, "\n\t pruned source #%u: ", j+1));
978 if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) {
979 ND_PRINT((ndo, "...)"));
980 goto jp_done;
981 }
982 bp += advance; len -= advance;
983 }
984 }
985 jp_done:
986 break;
987 }
988
989 case PIMV2_TYPE_BOOTSTRAP:
990 {
991 int i, j, frpcnt;
992 bp += 4;
993
994 /* Fragment Tag, Hash Mask len, and BSR-priority */
995 if (bp + sizeof(uint16_t) >= ep) break;
996 ND_PRINT((ndo, " tag=%x", EXTRACT_16BITS(bp)));
997 bp += sizeof(uint16_t);
998 if (bp >= ep) break;
999 ND_PRINT((ndo, " hashmlen=%d", bp[0]));
1000 if (bp + 1 >= ep) break;
1001 ND_PRINT((ndo, " BSRprio=%d", bp[1]));
1002 bp += 2;
1003
1004 /* Encoded-Unicast-BSR-Address */
1005 if (bp >= ep) break;
1006 ND_PRINT((ndo, " BSR="));
1007 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
1008 ND_PRINT((ndo, "..."));
1009 break;
1010 }
1011 bp += advance;
1012
1013 for (i = 0; bp < ep; i++) {
1014 /* Encoded-Group Address */
1015 ND_PRINT((ndo, " (group%d: ", i));
1016 if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0))
1017 < 0) {
1018 ND_PRINT((ndo, "...)"));
1019 goto bs_done;
1020 }
1021 bp += advance;
1022
1023 /* RP-Count, Frag RP-Cnt, and rsvd */
1024 if (bp >= ep) {
1025 ND_PRINT((ndo, "...)"));
1026 goto bs_done;
1027 }
1028 ND_PRINT((ndo, " RPcnt=%d", bp[0]));
1029 if (bp + 1 >= ep) {
1030 ND_PRINT((ndo, "...)"));
1031 goto bs_done;
1032 }
1033 ND_PRINT((ndo, " FRPcnt=%d", frpcnt = bp[1]));
1034 bp += 4;
1035
1036 for (j = 0; j < frpcnt && bp < ep; j++) {
1037 /* each RP info */
1038 ND_PRINT((ndo, " RP%d=", j));
1039 if ((advance = pimv2_addr_print(ndo, bp,
1040 pimv2_unicast,
1041 0)) < 0) {
1042 ND_PRINT((ndo, "...)"));
1043 goto bs_done;
1044 }
1045 bp += advance;
1046
1047 if (bp + 1 >= ep) {
1048 ND_PRINT((ndo, "...)"));
1049 goto bs_done;
1050 }
1051 ND_PRINT((ndo, ",holdtime="));
1052 unsigned_relts_print(ndo, EXTRACT_16BITS(bp));
1053 if (bp + 2 >= ep) {
1054 ND_PRINT((ndo, "...)"));
1055 goto bs_done;
1056 }
1057 ND_PRINT((ndo, ",prio=%d", bp[2]));
1058 bp += 4;
1059 }
1060 ND_PRINT((ndo, ")"));
1061 }
1062 bs_done:
1063 break;
1064 }
1065 case PIMV2_TYPE_ASSERT:
1066 bp += 4; len -= 4;
1067 if (bp >= ep)
1068 break;
1069 ND_PRINT((ndo, " group="));
1070 if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) {
1071 ND_PRINT((ndo, "..."));
1072 break;
1073 }
1074 bp += advance; len -= advance;
1075 if (bp >= ep)
1076 break;
1077 ND_PRINT((ndo, " src="));
1078 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
1079 ND_PRINT((ndo, "..."));
1080 break;
1081 }
1082 bp += advance; len -= advance;
1083 if (bp + 8 > ep)
1084 break;
1085 if (bp[0] & 0x80)
1086 ND_PRINT((ndo, " RPT"));
1087 ND_PRINT((ndo, " pref=%u", EXTRACT_32BITS(&bp[0]) & 0x7fffffff));
1088 ND_PRINT((ndo, " metric=%u", EXTRACT_32BITS(&bp[4])));
1089 break;
1090
1091 case PIMV2_TYPE_CANDIDATE_RP:
1092 {
1093 int i, pfxcnt;
1094 bp += 4;
1095
1096 /* Prefix-Cnt, Priority, and Holdtime */
1097 if (bp >= ep) break;
1098 ND_PRINT((ndo, " prefix-cnt=%d", bp[0]));
1099 pfxcnt = bp[0];
1100 if (bp + 1 >= ep) break;
1101 ND_PRINT((ndo, " prio=%d", bp[1]));
1102 if (bp + 3 >= ep) break;
1103 ND_PRINT((ndo, " holdtime="));
1104 unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[2]));
1105 bp += 4;
1106
1107 /* Encoded-Unicast-RP-Address */
1108 if (bp >= ep) break;
1109 ND_PRINT((ndo, " RP="));
1110 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
1111 ND_PRINT((ndo, "..."));
1112 break;
1113 }
1114 bp += advance;
1115
1116 /* Encoded-Group Addresses */
1117 for (i = 0; i < pfxcnt && bp < ep; i++) {
1118 ND_PRINT((ndo, " Group%d=", i));
1119 if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0))
1120 < 0) {
1121 ND_PRINT((ndo, "..."));
1122 break;
1123 }
1124 bp += advance;
1125 }
1126 break;
1127 }
1128
1129 case PIMV2_TYPE_PRUNE_REFRESH:
1130 ND_PRINT((ndo, " src="));
1131 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
1132 ND_PRINT((ndo, "..."));
1133 break;
1134 }
1135 bp += advance;
1136 ND_PRINT((ndo, " grp="));
1137 if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) {
1138 ND_PRINT((ndo, "..."));
1139 break;
1140 }
1141 bp += advance;
1142 ND_PRINT((ndo, " forwarder="));
1143 if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) {
1144 ND_PRINT((ndo, "..."));
1145 break;
1146 }
1147 bp += advance;
1148 ND_TCHECK2(bp[0], 2);
1149 ND_PRINT((ndo, " TUNR "));
1150 unsigned_relts_print(ndo, EXTRACT_16BITS(bp));
1151 break;
1152
1153
1154 default:
1155 ND_PRINT((ndo, " [type %d]", PIM_TYPE(pim->pim_typever)));
1156 break;
1157 }
1158
1159 return;
1160
1161 trunc:
1162 ND_PRINT((ndo, "[|pim]"));
1163 }
1164
1165 /*
1166 * Local Variables:
1167 * c-style: whitesmith
1168 * c-basic-offset: 8
1169 * End:
1170 */
[mirror] the TCPdump network dissector