* complete IS-IS & CLNP support.
*/
-#define NETDISSECT_REWORKED
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
#include <string.h>
-#include "interface.h"
+#include "netdissect.h"
#include "addrtoname.h"
#include "ether.h"
#include "nlpid.h"
#define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */
#define ISIS_TLV_CHECKSUM 12 /* rfc3358 */
#define ISIS_TLV_CHECKSUM_MINLEN 2
+#define ISIS_TLV_POI 13 /* rfc6232 */
#define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */
#define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2
#define ISIS_TLV_EXT_IS_REACH 22 /* draft-ietf-isis-traffic-05 */
{ ISIS_TLV_LSP, "LSP entries"},
{ ISIS_TLV_AUTH, "Authentication"},
{ ISIS_TLV_CHECKSUM, "Checksum"},
+ { ISIS_TLV_POI, "Purge Originator Identifier"},
{ ISIS_TLV_LSP_BUFFERSIZE, "LSP Buffersize"},
{ ISIS_TLV_EXT_IS_REACH, "Extended IS Reachability"},
{ ISIS_TLV_IS_ALIAS_ID, "IS Alias ID"},
uint8_t neighbor_extd_local_circuit_id[4];
};
-static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, uint16_t checksum,
- u_int checksum_offset, u_int length);
+static void osi_print_cksum(netdissect_options *, const uint8_t *pptr,
+ uint16_t checksum, int checksum_offset, int length);
static int clnp_print(netdissect_options *, const uint8_t *, u_int);
static void esis_print(netdissect_options *, const uint8_t *, u_int);
static int isis_print(netdissect_options *, const uint8_t *, u_int);
if (ndo->ndo_vflag < 1) {
ND_PRINT((ndo, "%s%s > %s, %s, length %u",
ndo->ndo_eflag ? "" : ", ",
- isonsap_string(source_address, source_address_length),
- isonsap_string(dest_address, dest_address_length),
+ isonsap_string(ndo, source_address, source_address_length),
+ isonsap_string(ndo, dest_address, dest_address_length),
tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type),
length));
return (1);
ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest address (length %u): %s",
source_address_length,
- isonsap_string(source_address, source_address_length),
+ isonsap_string(ndo, source_address, source_address_length),
dest_address_length,
- isonsap_string(dest_address, dest_address_length)));
+ isonsap_string(ndo, dest_address, dest_address_length)));
if (clnp_flags & CLNP_SEGMENT_PART) {
clnp_segment_header = (const struct clnp_segment_header_t *) pptr;
ND_TCHECK2(*source_address, source_address_length);
ND_PRINT((ndo, "\n\t NSAP address (length %u): %s",
source_address_length,
- isonsap_string(source_address, source_address_length)));
+ isonsap_string(ndo, source_address, source_address_length)));
}
tlen-=source_address_length+1;
}
dst = pptr;
pptr += dstl;
li -= dstl;
- ND_PRINT((ndo, "\n\t %s", isonsap_string(dst, dstl)));
+ ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, dst, dstl)));
ND_TCHECK(*pptr);
if (li < 1) {
if (netal == 0)
ND_PRINT((ndo, "\n\t %s", etheraddr_string(ndo, snpa)));
else
- ND_PRINT((ndo, "\n\t %s", isonsap_string(neta, netal)));
+ ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, neta, netal)));
break;
}
}
ND_PRINT((ndo, "\n\t NET (length: %u): %s",
source_address_length,
- isonsap_string(pptr, source_address_length)));
+ isonsap_string(ndo, pptr, source_address_length)));
pptr += source_address_length;
li -= source_address_length;
source_address_number--;
ND_PRINT((ndo, ", bad ish/li"));
return;
}
- ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length)));
+ ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length)));
pptr += source_address_length;
li -= source_address_length;
break;
if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN))
goto trunctlv;
- subtlv_spb_mcid = (struct isis_subtlv_spb_mcid *)tptr;
+ subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr;
ND_PRINT((ndo, "\n\t MCID: "));
isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid));
static int
isis_print_ip_reach_subtlv(netdissect_options *ndo,
const uint8_t *tptr, int subt, int subl,
- const char *ident) {
-
+ const char *ident)
+{
/* first lets see if we know the subTLVs name*/
ND_PRINT((ndo, "%s%s subTLV #%u, length: %u",
ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt),
static int
isis_print_is_reach_subtlv(netdissect_options *ndo,
const uint8_t *tptr, u_int subt, u_int subl,
- const char *ident) {
-
+ const char *ident)
+{
u_int te_class,priority_level,gmpls_switch_cap;
union { /* int to float conversion buffer for several subTLVs */
float f;
static int
isis_print_ext_is_reach(netdissect_options *ndo,
- const uint8_t *tptr, const char *ident, int tlv_type) {
-
+ const uint8_t *tptr, const char *ident, int tlv_type)
+{
char ident_buffer[20];
int subtlv_type,subtlv_len,subtlv_sum_len;
int proc_bytes = 0; /* how many bytes did we process ? */
static int
isis_print_mtid(netdissect_options *ndo,
- const uint8_t *tptr, const char *ident) {
-
+ const uint8_t *tptr, const char *ident)
+{
if (!ND_TTEST2(*tptr, 2))
return(0);
static int
isis_print_extd_ip_reach(netdissect_options *ndo,
- const uint8_t *tptr, const char *ident, uint16_t afi) {
-
+ const uint8_t *tptr, const char *ident, uint16_t afi)
+{
char ident_buffer[20];
-#ifdef INET6
uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */
-#else
- uint8_t prefix[sizeof(struct in_addr)]; /* shared copy buffer for IPv4 prefixes */
-#endif
u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen;
if (!ND_TTEST2(*tptr, 4))
return (0);
}
processed++;
-#ifdef INET6
} else if (afi == AF_INET6) {
if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */
return (0);
return (0);
}
processed+=2;
-#endif
} else
return (0); /* somebody is fooling us */
ident,
ipaddr_string(ndo, prefix),
bit_length));
-#ifdef INET6
- if (afi == AF_INET6)
+ else if (afi == AF_INET6)
ND_PRINT((ndo, "%sIPv6 prefix: %s/%u",
ident,
ip6addr_string(ndo, prefix),
bit_length));
-#endif
ND_PRINT((ndo, ", Distribution: %s, Metric: %u",
ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up",
if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte))
ND_PRINT((ndo, ", sub-TLVs present"));
-#ifdef INET6
- if (afi == AF_INET6)
+ else if (afi == AF_INET6)
ND_PRINT((ndo, ", %s%s",
ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal",
ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""));
-#endif
if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte))
-#ifdef INET6
|| (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte))
-#endif
) {
/* assume that one prefix can hold more
than one subTLV - therefore the first byte must reflect
tlv_type,
tlv_len));
- if (tlv_len == 0) /* something is malformed */
+ if (tlv_len == 0) /* something is invalid */
continue;
/* now check if we have a decoder otherwise do a hexdump at the end*/
while (tmp && alen < tmp) {
ND_PRINT((ndo, "\n\t Area address (length: %u): %s",
alen,
- isonsap_string(tptr, alen)));
+ isonsap_string(ndo, tptr, alen)));
tptr += alen;
tmp -= alen + 1;
if (tmp==0) /* if this is the last area address do not attemt a boundary check */
}
break;
-#ifdef INET6
case ISIS_TLV_IP6_REACH:
while (tmp>0) {
ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6);
tmp -= sizeof(struct in6_addr);
}
break;
-#endif
case ISIS_TLV_AUTH:
if (!ND_TTEST2(*tptr, 1))
goto trunctlv;
ND_PRINT((ndo, "%02x", *(tptr + i)));
}
if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1)
- ND_PRINT((ndo, ", (malformed subTLV) "));
+ ND_PRINT((ndo, ", (invalid subTLV) "));
#ifdef HAVE_LIBCRYPTO
sigcheck = signature_verify(ndo, optr, length,
osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr, length);
break;
+ case ISIS_TLV_POI:
+ if (tlv_len >= SYSTEM_ID_LEN + 1) {
+ if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN + 1))
+ goto trunctlv;
+ ND_PRINT((ndo, "\n\t Purge Originator System-ID: %s",
+ isis_print_id(tptr + 1, SYSTEM_ID_LEN)));
+ }
+
+ if (tlv_len == 2 * SYSTEM_ID_LEN + 1) {
+ if (!ND_TTEST2(*tptr, 2 * SYSTEM_ID_LEN + 1))
+ goto trunctlv;
+ ND_PRINT((ndo, "\n\t Received from System-ID: %s",
+ isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN)));
+ }
+ break;
+
case ISIS_TLV_MT_SUPPORTED:
if (tmp < ISIS_TLV_MT_SUPPORTED_MINLEN)
break;
tptr+=mt_len;
tmp-=mt_len;
} else {
- ND_PRINT((ndo, "\n\t malformed MT-ID"));
+ ND_PRINT((ndo, "\n\t invalid MT-ID"));
break;
}
}
if (!ND_TTEST2(*tptr, prefix_len / 2))
goto trunctlv;
ND_PRINT((ndo, "\n\t\tAddress: %s/%u",
- isonsap_string(tptr, prefix_len / 2), prefix_len * 4));
+ isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4));
tptr+=prefix_len/2;
tmp-=prefix_len/2;
}
}
static void
-osi_print_cksum(netdissect_options *ndo,
- const uint8_t *pptr, uint16_t checksum,
- u_int checksum_offset, u_int length)
+osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr,
+ uint16_t checksum, int checksum_offset, int length)
{
uint16_t calculated_checksum;
- /* do not attempt to verify the checksum if it is zero */
- if (!checksum) {
- ND_PRINT((ndo, "(unverified)"));
+ /* do not attempt to verify the checksum if it is zero,
+ * if the total length is nonsense,
+ * if the offset is nonsense,
+ * or the base pointer is not sane
+ */
+ if (!checksum
+ || length < 0
+ || checksum_offset < 0
+ || length > ndo->ndo_snaplen
+ || checksum_offset > ndo->ndo_snaplen
+ || checksum_offset > length) {
+ ND_PRINT((ndo, " (unverified)"));
} else {
+ const char *truncated = "trunc";
+#if 0
+ printf("\nosi_print_cksum: %p %u %u %u\n", pptr, checksum_offset, length, ndo->ndo_snaplen);
+ ND_TCHECK2(pptr, checksum_offset+length);
+#endif
calculated_checksum = create_osi_cksum(pptr, checksum_offset, length);
if (checksum == calculated_checksum) {
ND_PRINT((ndo, " (correct)"));
} else {
- ND_PRINT((ndo, " (incorrect should be 0x%04x)", calculated_checksum));
+ truncated = "incorrect";
+#if 0
+ trunc:
+#endif
+ ND_PRINT((ndo, " (%s should be 0x%04x)", truncated, calculated_checksum));
}
}
}
projects / tcpdump / blobdiff