*
* Original code by Matt Thomas, Digital Equipment Corporation
*
- * Extensively modified by Hannes Gredler (hannes@juniper.net) for more
+ * Extensively modified by Hannes Gredler (hannes@gredler.at) for more
* complete IS-IS & CLNP support.
*/
-#define NETDISSECT_REWORKED
+/* \summary: ISO CLNS, ESIS, and ISIS printer */
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
#include <string.h>
-#include "interface.h"
+#include "netdissect.h"
#include "addrtoname.h"
#include "ether.h"
#include "nlpid.h"
#include "oui.h"
#include "signature.h"
+static const char tstr[] = " [|isis]";
+
/*
* IS-IS is defined in ISO 10589. Look there for protocol definitions.
*/
#define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */
#define ISIS_TLV_CHECKSUM 12 /* rfc3358 */
#define ISIS_TLV_CHECKSUM_MINLEN 2
+#define ISIS_TLV_POI 13 /* rfc6232 */
#define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */
#define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2
#define ISIS_TLV_EXT_IS_REACH 22 /* draft-ietf-isis-traffic-05 */
{ ISIS_TLV_LSP, "LSP entries"},
{ ISIS_TLV_AUTH, "Authentication"},
{ ISIS_TLV_CHECKSUM, "Checksum"},
+ { ISIS_TLV_POI, "Purge Originator Identifier"},
{ ISIS_TLV_LSP_BUFFERSIZE, "LSP Buffersize"},
{ ISIS_TLV_EXT_IS_REACH, "Extended IS Reachability"},
{ ISIS_TLV_IS_ALIAS_ID, "IS Alias ID"},
};
struct isis_spb_mcid {
- u_int8_t format_id;
- u_int8_t name[32];
- u_int8_t revision_lvl[2];
- u_int8_t digest[16];
+ uint8_t format_id;
+ uint8_t name[32];
+ uint8_t revision_lvl[2];
+ uint8_t digest[16];
};
struct isis_subtlv_spb_mcid {
};
struct isis_subtlv_spb_instance {
- u_int8_t cist_root_id[8];
- u_int8_t cist_external_root_path_cost[4];
- u_int8_t bridge_priority[2];
- u_int8_t spsourceid[4];
- u_int8_t no_of_trees;
+ uint8_t cist_root_id[8];
+ uint8_t cist_external_root_path_cost[4];
+ uint8_t bridge_priority[2];
+ uint8_t spsourceid[4];
+ uint8_t no_of_trees;
};
#define CLNP_SEGMENT_PART 0x80
};
struct isis_tlv_ptp_adj {
- u_int8_t adjacency_state;
- u_int8_t extd_local_circuit_id[4];
- u_int8_t neighbor_sysid[SYSTEM_ID_LEN];
- u_int8_t neighbor_extd_local_circuit_id[4];
+ uint8_t adjacency_state;
+ uint8_t extd_local_circuit_id[4];
+ uint8_t neighbor_sysid[SYSTEM_ID_LEN];
+ uint8_t neighbor_extd_local_circuit_id[4];
};
-static void osi_print_cksum(netdissect_options *, const u_int8_t *pptr, u_int16_t checksum,
- u_int checksum_offset, u_int length);
-static int clnp_print(netdissect_options *, const u_int8_t *, u_int);
-static void esis_print(netdissect_options *, const u_int8_t *, u_int);
-static int isis_print(netdissect_options *, const u_int8_t *, u_int);
+static void osi_print_cksum(netdissect_options *, const uint8_t *pptr,
+ uint16_t checksum, int checksum_offset, u_int length);
+static int clnp_print(netdissect_options *, const uint8_t *, u_int);
+static void esis_print(netdissect_options *, const uint8_t *, u_int);
+static int isis_print(netdissect_options *, const uint8_t *, u_int);
struct isis_metric_block {
- u_int8_t metric_default;
- u_int8_t metric_delay;
- u_int8_t metric_expense;
- u_int8_t metric_error;
+ uint8_t metric_default;
+ uint8_t metric_delay;
+ uint8_t metric_expense;
+ uint8_t metric_error;
};
struct isis_tlv_is_reach {
struct isis_metric_block isis_metric_block;
- u_int8_t neighbor_nodeid[NODE_ID_LEN];
+ uint8_t neighbor_nodeid[NODE_ID_LEN];
};
struct isis_tlv_es_reach {
struct isis_metric_block isis_metric_block;
- u_int8_t neighbor_sysid[SYSTEM_ID_LEN];
+ uint8_t neighbor_sysid[SYSTEM_ID_LEN];
};
struct isis_tlv_ip_reach {
struct isis_metric_block isis_metric_block;
- u_int8_t prefix[4];
- u_int8_t mask[4];
+ uint8_t prefix[4];
+ uint8_t mask[4];
};
static const struct tok isis_is_reach_virtual_values[] = {
};
struct isis_common_header {
- u_int8_t nlpid;
- u_int8_t fixed_len;
- u_int8_t version; /* Protocol version */
- u_int8_t id_length;
- u_int8_t pdu_type; /* 3 MSbits are reserved */
- u_int8_t pdu_version; /* Packet format version */
- u_int8_t reserved;
- u_int8_t max_area;
+ uint8_t nlpid;
+ uint8_t fixed_len;
+ uint8_t version; /* Protocol version */
+ uint8_t id_length;
+ uint8_t pdu_type; /* 3 MSbits are reserved */
+ uint8_t pdu_version; /* Packet format version */
+ uint8_t reserved;
+ uint8_t max_area;
};
struct isis_iih_lan_header {
- u_int8_t circuit_type;
- u_int8_t source_id[SYSTEM_ID_LEN];
- u_int8_t holding_time[2];
- u_int8_t pdu_len[2];
- u_int8_t priority;
- u_int8_t lan_id[NODE_ID_LEN];
+ uint8_t circuit_type;
+ uint8_t source_id[SYSTEM_ID_LEN];
+ uint8_t holding_time[2];
+ uint8_t pdu_len[2];
+ uint8_t priority;
+ uint8_t lan_id[NODE_ID_LEN];
};
struct isis_iih_ptp_header {
- u_int8_t circuit_type;
- u_int8_t source_id[SYSTEM_ID_LEN];
- u_int8_t holding_time[2];
- u_int8_t pdu_len[2];
- u_int8_t circuit_id;
+ uint8_t circuit_type;
+ uint8_t source_id[SYSTEM_ID_LEN];
+ uint8_t holding_time[2];
+ uint8_t pdu_len[2];
+ uint8_t circuit_id;
};
struct isis_lsp_header {
- u_int8_t pdu_len[2];
- u_int8_t remaining_lifetime[2];
- u_int8_t lsp_id[LSP_ID_LEN];
- u_int8_t sequence_number[4];
- u_int8_t checksum[2];
- u_int8_t typeblock;
+ uint8_t pdu_len[2];
+ uint8_t remaining_lifetime[2];
+ uint8_t lsp_id[LSP_ID_LEN];
+ uint8_t sequence_number[4];
+ uint8_t checksum[2];
+ uint8_t typeblock;
};
struct isis_csnp_header {
- u_int8_t pdu_len[2];
- u_int8_t source_id[NODE_ID_LEN];
- u_int8_t start_lsp_id[LSP_ID_LEN];
- u_int8_t end_lsp_id[LSP_ID_LEN];
+ uint8_t pdu_len[2];
+ uint8_t source_id[NODE_ID_LEN];
+ uint8_t start_lsp_id[LSP_ID_LEN];
+ uint8_t end_lsp_id[LSP_ID_LEN];
};
struct isis_psnp_header {
- u_int8_t pdu_len[2];
- u_int8_t source_id[NODE_ID_LEN];
+ uint8_t pdu_len[2];
+ uint8_t source_id[NODE_ID_LEN];
};
struct isis_tlv_lsp {
- u_int8_t remaining_lifetime[2];
- u_int8_t lsp_id[LSP_ID_LEN];
- u_int8_t sequence_number[4];
- u_int8_t checksum[2];
+ uint8_t remaining_lifetime[2];
+ uint8_t lsp_id[LSP_ID_LEN];
+ uint8_t sequence_number[4];
+ uint8_t checksum[2];
};
#define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header))
#define ISIS_CSNP_HEADER_SIZE (sizeof(struct isis_csnp_header))
#define ISIS_PSNP_HEADER_SIZE (sizeof(struct isis_psnp_header))
-void isoclns_print(netdissect_options *ndo,
- const u_int8_t *p, u_int length, u_int caplen)
+void
+isoclns_print(netdissect_options *ndo, const uint8_t *p, u_int length)
{
- if (caplen <= 1) { /* enough bytes on the wire ? */
+ if (!ND_TTEST(*p)) { /* enough bytes on the wire ? */
ND_PRINT((ndo, "|OSI"));
return;
}
case NLPID_CLNP:
if (!clnp_print(ndo, p, length))
- print_unknown_data(ndo, p, "\n\t", caplen);
+ print_unknown_data(ndo, p, "\n\t", length);
break;
case NLPID_ESIS:
case NLPID_ISIS:
if (!isis_print(ndo, p, length))
- print_unknown_data(ndo, p, "\n\t", caplen);
+ print_unknown_data(ndo, p, "\n\t", length);
break;
case NLPID_NULLNS:
ip_print(ndo, p + 1, length - 1);
break;
-#ifdef INET6
case NLPID_IP6:
ip6_print(ndo, p + 1, length - 1);
break;
-#endif
case NLPID_PPP:
ppp_print(ndo, p + 1, length - 1);
if (!ndo->ndo_eflag)
ND_PRINT((ndo, "OSI NLPID 0x%02x unknown", *p));
ND_PRINT((ndo, "%slength: %u", ndo->ndo_eflag ? "" : ", ", length));
- if (caplen > 1)
- print_unknown_data(ndo, p, "\n\t", caplen);
+ if (length > 1)
+ print_unknown_data(ndo, p, "\n\t", length);
break;
}
}
};
struct clnp_header_t {
- u_int8_t nlpid;
- u_int8_t length_indicator;
- u_int8_t version;
- u_int8_t lifetime; /* units of 500ms */
- u_int8_t type;
- u_int8_t segment_length[2];
- u_int8_t cksum[2];
+ uint8_t nlpid;
+ uint8_t length_indicator;
+ uint8_t version;
+ uint8_t lifetime; /* units of 500ms */
+ uint8_t type;
+ uint8_t segment_length[2];
+ uint8_t cksum[2];
};
struct clnp_segment_header_t {
- u_int8_t data_unit_id[2];
- u_int8_t segment_offset[2];
- u_int8_t total_length[2];
+ uint8_t data_unit_id[2];
+ uint8_t segment_offset[2];
+ uint8_t total_length[2];
};
/*
static int
clnp_print(netdissect_options *ndo,
- const u_int8_t *pptr, u_int length)
+ const uint8_t *pptr, u_int length)
{
- const u_int8_t *optr,*source_address,*dest_address;
+ const uint8_t *optr,*source_address,*dest_address;
u_int li,tlen,nsap_offset,source_address_length,dest_address_length, clnp_pdu_type, clnp_flags;
const struct clnp_header_t *clnp_header;
const struct clnp_segment_header_t *clnp_segment_header;
- u_int8_t rfd_error_major,rfd_error_minor;
+ uint8_t rfd_error_major,rfd_error_minor;
clnp_header = (const struct clnp_header_t *) pptr;
ND_TCHECK(*clnp_header);
return (0);
}
+ if (li > length) {
+ ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length));
+ return (0);
+ }
+
+ if (li < sizeof(struct clnp_header_t)) {
+ ND_PRINT((ndo, " length indicator %u < min PDU size:", li));
+ while (pptr < ndo->ndo_snapend)
+ ND_PRINT((ndo, "%02X", *pptr++));
+ return (0);
+ }
+
/* FIXME further header sanity checking */
clnp_pdu_type = clnp_header->type & CLNP_PDU_TYPE_MASK;
pptr += sizeof(struct clnp_header_t);
li -= sizeof(struct clnp_header_t);
+
+ if (li < 1) {
+ ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
+ return (0);
+ }
+ ND_TCHECK(*pptr);
dest_address_length = *pptr;
- dest_address = pptr + 1;
+ pptr += 1;
+ li -= 1;
+ if (li < dest_address_length) {
+ ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
+ return (0);
+ }
+ ND_TCHECK2(*pptr, dest_address_length);
+ dest_address = pptr;
+ pptr += dest_address_length;
+ li -= dest_address_length;
- pptr += (1 + dest_address_length);
- li -= (1 + dest_address_length);
+ if (li < 1) {
+ ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
+ return (0);
+ }
+ ND_TCHECK(*pptr);
source_address_length = *pptr;
- source_address = pptr +1;
-
- pptr += (1 + source_address_length);
- li -= (1 + source_address_length);
+ pptr += 1;
+ li -= 1;
+ if (li < source_address_length) {
+ ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
+ return (0);
+ }
+ ND_TCHECK2(*pptr, source_address_length);
+ source_address = pptr;
+ pptr += source_address_length;
+ li -= source_address_length;
if (ndo->ndo_vflag < 1) {
ND_PRINT((ndo, "%s%s > %s, %s, length %u",
ndo->ndo_eflag ? "" : ", ",
- isonsap_string(source_address, source_address_length),
- isonsap_string(dest_address, dest_address_length),
+ isonsap_string(ndo, source_address, source_address_length),
+ isonsap_string(ndo, dest_address, dest_address_length),
tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type),
length));
return (1);
ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest address (length %u): %s",
source_address_length,
- isonsap_string(source_address, source_address_length),
+ isonsap_string(ndo, source_address, source_address_length),
dest_address_length,
- isonsap_string(dest_address, dest_address_length)));
+ isonsap_string(ndo, dest_address, dest_address_length)));
if (clnp_flags & CLNP_SEGMENT_PART) {
+ if (li < sizeof(const struct clnp_segment_header_t)) {
+ ND_PRINT((ndo, "li < size of fixed part of CLNP header, addresses, and segment part"));
+ return (0);
+ }
clnp_segment_header = (const struct clnp_segment_header_t *) pptr;
ND_TCHECK(*clnp_segment_header);
ND_PRINT((ndo, "\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u",
/* now walk the options */
while (li >= 2) {
u_int op, opli;
- const u_int8_t *tptr;
+ const uint8_t *tptr;
- ND_TCHECK2(*pptr, 2);
if (li < 2) {
ND_PRINT((ndo, ", bad opts/li"));
return (0);
}
+ ND_TCHECK2(*pptr, 2);
op = *pptr++;
opli = *pptr++;
li -= 2;
- ND_TCHECK2(*pptr, opli);
if (opli > li) {
ND_PRINT((ndo, ", opt (%d) too long", op));
return (0);
}
+ ND_TCHECK2(*pptr, opli);
li -= opli;
tptr = pptr;
tlen = opli;
op,
opli));
+ /*
+ * We've already checked that the entire option is present
+ * in the captured packet with the ND_TCHECK2() call.
+ * Therefore, we don't need to do ND_TCHECK()/ND_TCHECK2()
+ * checks.
+ * We do, however, need to check tlen, to make sure we
+ * don't run past the end of the option.
+ */
switch (op) {
case CLNP_OPTION_ROUTE_RECORDING: /* those two options share the format */
case CLNP_OPTION_SOURCE_ROUTING:
+ if (tlen < 2) {
+ ND_PRINT((ndo, ", bad opt len"));
+ return (0);
+ }
ND_PRINT((ndo, "%s %s",
tok2str(clnp_option_sr_rr_values,"Unknown",*tptr),
tok2str(clnp_option_sr_rr_string_values, "Unknown Option %u", op)));
ND_TCHECK2(*source_address, source_address_length);
ND_PRINT((ndo, "\n\t NSAP address (length %u): %s",
source_address_length,
- isonsap_string(source_address, source_address_length)));
+ isonsap_string(ndo, source_address, source_address_length)));
}
tlen-=source_address_length+1;
}
break;
case CLNP_OPTION_PRIORITY:
+ if (tlen < 1) {
+ ND_PRINT((ndo, ", bad opt len"));
+ return (0);
+ }
ND_PRINT((ndo, "0x%1x", *tptr&0x0f));
break;
case CLNP_OPTION_QOS_MAINTENANCE:
+ if (tlen < 1) {
+ ND_PRINT((ndo, ", bad opt len"));
+ return (0);
+ }
ND_PRINT((ndo, "\n\t Format Code: %s",
tok2str(clnp_option_scope_values, "Reserved", *tptr&CLNP_OPTION_SCOPE_MASK)));
break;
case CLNP_OPTION_SECURITY:
+ if (tlen < 2) {
+ ND_PRINT((ndo, ", bad opt len"));
+ return (0);
+ }
ND_PRINT((ndo, "\n\t Format Code: %s, Security-Level %u",
tok2str(clnp_option_scope_values,"Reserved",*tptr&CLNP_OPTION_SCOPE_MASK),
*(tptr+1)));
break;
case CLNP_OPTION_DISCARD_REASON:
+ if (tlen < 1) {
+ ND_PRINT((ndo, ", bad opt len"));
+ return (0);
+ }
rfd_error_major = (*tptr&0xf0) >> 4;
rfd_error_minor = *tptr&0x0f;
ND_PRINT((ndo, "\n\t Class: %s Error (0x%01x), %s (0x%01x)",
};
struct esis_header_t {
- u_int8_t nlpid;
- u_int8_t length_indicator;
- u_int8_t version;
- u_int8_t reserved;
- u_int8_t type;
- u_int8_t holdtime[2];
- u_int8_t cksum[2];
+ uint8_t nlpid;
+ uint8_t length_indicator;
+ uint8_t version;
+ uint8_t reserved;
+ uint8_t type;
+ uint8_t holdtime[2];
+ uint8_t cksum[2];
};
static void
esis_print(netdissect_options *ndo,
- const u_int8_t *pptr, u_int length)
+ const uint8_t *pptr, u_int length)
{
- const u_int8_t *optr;
+ const uint8_t *optr;
u_int li,esis_pdu_type,source_address_length, source_address_number;
const struct esis_header_t *esis_header;
}
if (li > length) {
- ND_PRINT((ndo, " length indicator(%d) > PDU size (%d)!", li, length));
+ ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length));
return;
}
if (li < sizeof(struct esis_header_t) + 2) {
- ND_PRINT((ndo, " length indicator < min PDU size %d:", li));
- while (--length != 0)
+ ND_PRINT((ndo, " length indicator %u < min PDU size:", li));
+ while (pptr < ndo->ndo_snapend)
ND_PRINT((ndo, "%02X", *pptr++));
return;
}
switch (esis_pdu_type) {
case ESIS_PDU_REDIRECT: {
- const u_int8_t *dst, *snpa, *neta;
+ const uint8_t *dst, *snpa, *neta;
u_int dstl, snpal, netal;
ND_TCHECK(*pptr);
dst = pptr;
pptr += dstl;
li -= dstl;
- ND_PRINT((ndo, "\n\t %s", isonsap_string(dst, dstl)));
+ ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, dst, dstl)));
ND_TCHECK(*pptr);
if (li < 1) {
pptr += netal;
li -= netal;
- if (netal == 0)
- ND_PRINT((ndo, "\n\t %s", etheraddr_string(snpa)));
+ if (snpal == 6)
+ ND_PRINT((ndo, "\n\t SNPA (length: %u): %s",
+ snpal,
+ etheraddr_string(ndo, snpa)));
else
- ND_PRINT((ndo, "\n\t %s", isonsap_string(neta, netal)));
+ ND_PRINT((ndo, "\n\t SNPA (length: %u): %s",
+ snpal,
+ linkaddr_string(ndo, snpa, LINKADDR_OTHER, snpal)));
+ if (netal != 0)
+ ND_PRINT((ndo, "\n\t NET (length: %u) %s",
+ netal,
+ isonsap_string(ndo, neta, netal)));
break;
}
}
ND_PRINT((ndo, "\n\t NET (length: %u): %s",
source_address_length,
- isonsap_string(pptr, source_address_length)));
+ isonsap_string(ndo, pptr, source_address_length)));
pptr += source_address_length;
li -= source_address_length;
source_address_number--;
ND_PRINT((ndo, ", bad ish/li"));
return;
}
- ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length)));
+ ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length)));
pptr += source_address_length;
li -= source_address_length;
break;
/* now walk the options */
while (li != 0) {
u_int op, opli;
- const u_int8_t *tptr;
+ const uint8_t *tptr;
if (li < 2) {
ND_PRINT((ndo, ", bad opts/li"));
{
int i;
+ ND_TCHECK(*mcid);
ND_PRINT((ndo, "ID: %d, Name: ", mcid->format_id));
- for(i=0; i<32; i++)
- {
- ND_PRINT((ndo, "%c", mcid->name[i]));
- if(mcid->name[i] == '\0')
- break;
- }
+ if (fn_printzp(ndo, mcid->name, 32, ndo->ndo_snapend))
+ goto trunc;
ND_PRINT((ndo, "\n\t Lvl: %d", EXTRACT_16BITS(mcid->revision_lvl)));
for(i=0;i<16;i++)
ND_PRINT((ndo, "%.2x ", mcid->digest[i]));
+
+trunc:
+ ND_PRINT((ndo, "%s", tstr));
}
static int
isis_print_mt_port_cap_subtlv(netdissect_options *ndo,
- const u_int8_t *tptr, int len)
+ const uint8_t *tptr, int len)
{
int stlv_type, stlv_len;
const struct isis_subtlv_spb_mcid *subtlv_spb_mcid;
int i;
- while (len > 0)
+ while (len > 2)
{
+ ND_TCHECK2(*tptr, 2);
stlv_type = *(tptr++);
stlv_len = *(tptr++);
/*len -= TLV_TYPE_LEN_OFFSET;*/
len = len -2;
+ /* Make sure the subTLV fits within the space left */
+ if (len < stlv_len)
+ goto trunc;
+ /* Make sure the entire subTLV is in the captured data */
+ ND_TCHECK2(*(tptr), stlv_len);
+
switch (stlv_type)
{
case ISIS_SUBTLV_SPB_MCID:
{
- if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN))
- goto trunctlv;
+ if (stlv_len < ISIS_SUBTLV_SPB_MCID_MIN_LEN)
+ goto trunc;
- subtlv_spb_mcid = (struct isis_subtlv_spb_mcid *)tptr;
+ subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr;
ND_PRINT((ndo, "\n\t MCID: "));
isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid));
/*tptr += SPB_MCID_MIN_LEN;
len -= SPB_MCID_MIN_LEN; */
- tptr = tptr + sizeof(struct isis_subtlv_spb_mcid);
- len = len - sizeof(struct isis_subtlv_spb_mcid);
+ tptr = tptr + ISIS_SUBTLV_SPB_MCID_MIN_LEN;
+ len = len - ISIS_SUBTLV_SPB_MCID_MIN_LEN;
+ stlv_len = stlv_len - ISIS_SUBTLV_SPB_MCID_MIN_LEN;
break;
}
case ISIS_SUBTLV_SPB_DIGEST:
{
- if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_DIGEST_MIN_LEN))
- goto trunctlv;
+ if (stlv_len < ISIS_SUBTLV_SPB_DIGEST_MIN_LEN)
+ goto trunc;
ND_PRINT((ndo, "\n\t RES: %d V: %d A: %d D: %d",
(*(tptr) >> 5), (((*tptr)>> 4) & 0x01),
}
len = len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN;
+ stlv_len = stlv_len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN;
break;
}
case ISIS_SUBTLV_SPB_BVID:
{
- if (!ND_TTEST2(*(tptr), stlv_len))
- goto trunctlv;
-
- while (len)
+ while (stlv_len >= ISIS_SUBTLV_SPB_BVID_MIN_LEN)
{
- if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_BVID_MIN_LEN))
- goto trunctlv;
-
ND_PRINT((ndo, "\n\t ECT: %08x",
EXTRACT_32BITS(tptr)));
tptr = tptr + 2;
len = len - ISIS_SUBTLV_SPB_BVID_MIN_LEN;
+ stlv_len = stlv_len - ISIS_SUBTLV_SPB_BVID_MIN_LEN;
}
break;
}
default:
- break;
+ break;
}
+ tptr += stlv_len;
+ len -= stlv_len;
}
return 0;
- trunctlv:
- ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
+ trunc:
+ ND_PRINT((ndo, "\n\t\t"));
+ ND_PRINT((ndo, "%s", tstr));
return(1);
}
static int
isis_print_mt_capability_subtlv(netdissect_options *ndo,
- const u_int8_t *tptr, int len)
+ const uint8_t *tptr, int len)
{
int stlv_type, stlv_len, tmp;
- while (len > 0)
+ while (len > 2)
{
+ ND_TCHECK2(*tptr, 2);
stlv_type = *(tptr++);
stlv_len = *(tptr++);
len = len - 2;
+ /* Make sure the subTLV fits within the space left */
+ if (len < stlv_len)
+ goto trunc;
+ /* Make sure the entire subTLV is in the captured data */
+ ND_TCHECK2(*(tptr), stlv_len);
+
switch (stlv_type)
{
case ISIS_SUBTLV_SPB_INSTANCE:
-
- if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN))
- goto trunctlv;
+ if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN)
+ goto trunc;
ND_PRINT((ndo, "\n\t CIST Root-ID: %08x", EXTRACT_32BITS(tptr)));
tptr = tptr+4;
tmp = *(tptr++);
len = len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN;
+ stlv_len = stlv_len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN;
while (tmp)
{
- if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN))
- goto trunctlv;
+ if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN)
+ goto trunc;
ND_PRINT((ndo, "\n\t U:%d, M:%d, A:%d, RES:%d",
*(tptr) >> 7, (*(tptr) >> 6) & 0x01,
tptr = tptr + 3;
len = len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN;
+ stlv_len = stlv_len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN;
tmp--;
}
break;
case ISIS_SUBTLV_SPBM_SI:
-
- if (!ND_TTEST2(*(tptr), 6))
- goto trunctlv;
+ if (stlv_len < 8)
+ goto trunc;
ND_PRINT((ndo, "\n\t BMAC: %08x", EXTRACT_32BITS(tptr)));
tptr = tptr+4;
len = len - 8;
stlv_len = stlv_len - 8;
- while (stlv_len)
- {
+ while (stlv_len >= 4) {
+ ND_TCHECK2(*tptr, 4);
ND_PRINT((ndo, "\n\t T: %d, R: %d, RES: %d, ISID: %d",
(EXTRACT_32BITS(tptr) >> 31),
(EXTRACT_32BITS(tptr) >> 30) & 0x01,
default:
break;
}
+ tptr += stlv_len;
+ len -= stlv_len;
}
return 0;
- trunctlv:
- ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
+ trunc:
+ ND_PRINT((ndo, "\n\t\t"));
+ ND_PRINT((ndo, "%s", tstr));
return(1);
}
/* shared routine for printing system, node and lsp-ids */
static char *
-isis_print_id(const u_int8_t *cp, int id_len)
+isis_print_id(const uint8_t *cp, int id_len)
{
int i;
static char id[sizeof("xxxx.xxxx.xxxx.yy-zz")];
char *pos = id;
+ int sysid_len;
- for (i = 1; i <= SYSTEM_ID_LEN; i++) {
+ sysid_len = SYSTEM_ID_LEN;
+ if (sysid_len > id_len)
+ sysid_len = id_len;
+ for (i = 1; i <= sysid_len; i++) {
snprintf(pos, sizeof(id) - (pos - id), "%02x", *cp++);
pos += strlen(pos);
if (i == 2 || i == 4)
static int
isis_print_tlv_ip_reach(netdissect_options *ndo,
- const u_int8_t *cp, const char *ident, int length)
+ const uint8_t *cp, const char *ident, int length)
{
int prefix_len;
const struct isis_tlv_ip_reach *tlv_ip_reach;
if (prefix_len == -1)
ND_PRINT((ndo, "%sIPv4 prefix: %s mask %s",
ident,
- ipaddr_string((tlv_ip_reach->prefix)),
- ipaddr_string((tlv_ip_reach->mask))));
+ ipaddr_string(ndo, (tlv_ip_reach->prefix)),
+ ipaddr_string(ndo, (tlv_ip_reach->mask))));
else
ND_PRINT((ndo, "%sIPv4 prefix: %15s/%u",
ident,
- ipaddr_string((tlv_ip_reach->prefix)),
+ ipaddr_string(ndo, (tlv_ip_reach->prefix)),
prefix_len));
ND_PRINT((ndo, ", Distribution: %s, Metric: %u, %s",
static int
isis_print_ip_reach_subtlv(netdissect_options *ndo,
- const u_int8_t *tptr, int subt, int subl,
- const char *ident) {
-
- /* first lets see if we know the subTLVs name*/
- ND_PRINT((ndo, "%s%s subTLV #%u, length: %u",
- ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt),
- subt, subl));
+ const uint8_t *tptr, int subt, int subl,
+ const char *ident)
+{
+ /* first lets see if we know the subTLVs name*/
+ ND_PRINT((ndo, "%s%s subTLV #%u, length: %u",
+ ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt),
+ subt, subl));
- if (!ND_TTEST2(*tptr,subl))
- goto trunctlv;
+ ND_TCHECK2(*tptr,subl);
switch(subt) {
case ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR: /* fall through */
}
return(1);
-trunctlv:
- ND_PRINT((ndo, "%spacket exceeded snapshot", ident));
+trunc:
+ ND_PRINT((ndo, "%s", ident));
+ ND_PRINT((ndo, "%s", tstr));
return(0);
}
static int
isis_print_is_reach_subtlv(netdissect_options *ndo,
- const u_int8_t *tptr, u_int subt, u_int subl,
- const char *ident) {
-
+ const uint8_t *tptr, u_int subt, u_int subl,
+ const char *ident)
+{
u_int te_class,priority_level,gmpls_switch_cap;
union { /* int to float conversion buffer for several subTLVs */
float f;
- u_int32_t i;
+ uint32_t i;
} bw;
/* first lets see if we know the subTLVs name*/
ident, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subt),
subt, subl));
- if (!ND_TTEST2(*tptr,subl))
- goto trunctlv;
+ ND_TCHECK2(*tptr, subl);
switch(subt) {
case ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP:
case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR:
case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR:
if (subl >= sizeof(struct in_addr))
- ND_PRINT((ndo, ", %s", ipaddr_string(tptr)));
+ ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr)));
break;
case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW :
case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW:
tptr++;
/* decode BCs until the subTLV ends */
for (te_class = 0; te_class < (subl-1)/4; te_class++) {
+ ND_TCHECK2(*tptr, 4);
bw.i = EXTRACT_32BITS(tptr);
ND_PRINT((ndo, "%s Bandwidth constraint CT%u: %.3f Mbps",
ident,
case GMPLS_PSC2:
case GMPLS_PSC3:
case GMPLS_PSC4:
+ ND_TCHECK2(*tptr, 6);
bw.i = EXTRACT_32BITS(tptr);
ND_PRINT((ndo, "%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000));
ND_PRINT((ndo, "%s Interface MTU: %u", ident, EXTRACT_16BITS(tptr + 4)));
break;
case GMPLS_TSC:
+ ND_TCHECK2(*tptr, 8);
bw.i = EXTRACT_32BITS(tptr);
ND_PRINT((ndo, "%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000));
ND_PRINT((ndo, "%s Indication %s", ident,
}
return(1);
-trunctlv:
- ND_PRINT((ndo, "%spacket exceeded snapshot", ident));
+trunc:
return(0);
}
-
/*
* this is the common IS-REACH decoder it is called
* from various EXTD-IS REACH style TLVs (22,24,222)
static int
isis_print_ext_is_reach(netdissect_options *ndo,
- const u_int8_t *tptr, const char *ident, int tlv_type) {
-
+ const uint8_t *tptr, const char *ident, int tlv_type)
+{
char ident_buffer[20];
int subtlv_type,subtlv_len,subtlv_sum_len;
int proc_bytes = 0; /* how many bytes did we process ? */
return(0);
subtlv_type=*(tptr++);
subtlv_len=*(tptr++);
- /* prepend the ident string */
+ /* prepend the indent string */
snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident);
if (!isis_print_is_reach_subtlv(ndo, tptr, subtlv_type, subtlv_len, ident_buffer))
return(0);
static int
isis_print_mtid(netdissect_options *ndo,
- const u_int8_t *tptr, const char *ident) {
-
+ const uint8_t *tptr, const char *ident)
+{
if (!ND_TTEST2(*tptr, 2))
return(0);
static int
isis_print_extd_ip_reach(netdissect_options *ndo,
- const u_int8_t *tptr, const char *ident, u_int16_t afi) {
-
+ const uint8_t *tptr, const char *ident, uint16_t afi)
+{
char ident_buffer[20];
-#ifdef INET6
- u_int8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */
-#else
- u_int8_t prefix[sizeof(struct in_addr)]; /* shared copy buffer for IPv4 prefixes */
-#endif
+ uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */
u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen;
if (!ND_TTEST2(*tptr, 4))
return (0);
}
processed++;
-#ifdef INET6
} else if (afi == AF_INET6) {
- if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */
+ if (!ND_TTEST2(*tptr, 2)) /* fetch status & prefix_len byte */
return (0);
status_byte=*(tptr++);
bit_length=*(tptr++);
return (0);
}
processed+=2;
-#endif
} else
return (0); /* somebody is fooling us */
if (afi == AF_INET)
ND_PRINT((ndo, "%sIPv4 prefix: %15s/%u",
ident,
- ipaddr_string(prefix),
+ ipaddr_string(ndo, prefix),
bit_length));
-#ifdef INET6
- if (afi == AF_INET6)
+ else if (afi == AF_INET6)
ND_PRINT((ndo, "%sIPv6 prefix: %s/%u",
ident,
- ip6addr_string(prefix),
+ ip6addr_string(ndo, prefix),
bit_length));
-#endif
ND_PRINT((ndo, ", Distribution: %s, Metric: %u",
ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up",
if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte))
ND_PRINT((ndo, ", sub-TLVs present"));
-#ifdef INET6
- if (afi == AF_INET6)
+ else if (afi == AF_INET6)
ND_PRINT((ndo, ", %s%s",
ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal",
ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""));
-#endif
if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte))
-#ifdef INET6
|| (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte))
-#endif
) {
/* assume that one prefix can hold more
than one subTLV - therefore the first byte must reflect
return (0);
subtlvtype=*(tptr++);
subtlvlen=*(tptr++);
- /* prepend the ident string */
+ /* prepend the indent string */
snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident);
if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer))
return(0);
return (processed);
}
+/*
+ * Clear checksum and lifetime prior to signature verification.
+ */
+static void
+isis_clear_checksum_lifetime(void *header)
+{
+ struct isis_lsp_header *header_lsp = (struct isis_lsp_header *) header;
+
+ header_lsp->checksum[0] = 0;
+ header_lsp->checksum[1] = 0;
+ header_lsp->remaining_lifetime[0] = 0;
+ header_lsp->remaining_lifetime[1] = 0;
+}
+
/*
* isis_print
* Decode IS-IS packets. Return 0 on error.
static int
isis_print(netdissect_options *ndo,
- const u_int8_t *p, u_int length)
+ const uint8_t *p, u_int length)
{
const struct isis_common_header *isis_header;
const struct isis_iih_lan_header *header_iih_lan;
const struct isis_iih_ptp_header *header_iih_ptp;
- struct isis_lsp_header *header_lsp;
+ const struct isis_lsp_header *header_lsp;
const struct isis_csnp_header *header_csnp;
const struct isis_psnp_header *header_psnp;
const struct isis_tlv_is_reach *tlv_is_reach;
const struct isis_tlv_es_reach *tlv_es_reach;
- u_int8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len;
- u_int8_t ext_is_len, ext_ip_len, mt_len;
- const u_int8_t *optr, *pptr, *tptr;
+ uint8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len;
+ uint8_t ext_is_len, ext_ip_len, mt_len;
+ const uint8_t *optr, *pptr, *tptr;
u_short packet_len,pdu_len, key_id;
u_int i,vendor_id;
int sigcheck;
TLV verification */
isis_header = (const struct isis_common_header *)p;
ND_TCHECK(*isis_header);
+ if (length < ISIS_COMMON_HEADER_SIZE)
+ goto trunc;
pptr = p+(ISIS_COMMON_HEADER_SIZE);
header_iih_lan = (const struct isis_iih_lan_header *)pptr;
header_iih_ptp = (const struct isis_iih_ptp_header *)pptr;
- header_lsp = (struct isis_lsp_header *)pptr;
+ header_lsp = (const struct isis_lsp_header *)pptr;
header_csnp = (const struct isis_csnp_header *)pptr;
header_psnp = (const struct isis_psnp_header *)pptr;
return (0);
}
+ if (length < isis_header->fixed_len) {
+ ND_PRINT((ndo, "fixed header length %u > packet length %u", isis_header->fixed_len, length));
+ return (0);
+ }
+
+ if (isis_header->fixed_len < ISIS_COMMON_HEADER_SIZE) {
+ ND_PRINT((ndo, "fixed header length %u < minimum header size %u", isis_header->fixed_len, (u_int)ISIS_COMMON_HEADER_SIZE));
+ return (0);
+ }
+
max_area = isis_header->max_area;
switch(max_area) {
case 0:
pdu_type=isis_header->pdu_type;
/* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/
- if (ndo->ndo_vflag < 1) {
+ if (ndo->ndo_vflag == 0) {
ND_PRINT((ndo, "%s%s",
ndo->ndo_eflag ? "" : ", ",
tok2str(isis_pdu_values, "unknown PDU-Type %u", pdu_type)));
+ } else {
+ /* ok they seem to want to know everything - lets fully decode it */
+ ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length));
- switch (pdu_type) {
-
- case ISIS_PDU_L1_LAN_IIH:
- case ISIS_PDU_L2_LAN_IIH:
- ND_PRINT((ndo, ", src-id %s",
- isis_print_id(header_iih_lan->source_id, SYSTEM_ID_LEN)));
- ND_PRINT((ndo, ", lan-id %s, prio %u",
- isis_print_id(header_iih_lan->lan_id,NODE_ID_LEN),
- header_iih_lan->priority));
- break;
- case ISIS_PDU_PTP_IIH:
- ND_PRINT((ndo, ", src-id %s", isis_print_id(header_iih_ptp->source_id, SYSTEM_ID_LEN)));
- break;
- case ISIS_PDU_L1_LSP:
- case ISIS_PDU_L2_LSP:
- ND_PRINT((ndo, ", lsp-id %s, seq 0x%08x, lifetime %5us",
- isis_print_id(header_lsp->lsp_id, LSP_ID_LEN),
- EXTRACT_32BITS(header_lsp->sequence_number),
- EXTRACT_16BITS(header_lsp->remaining_lifetime)));
- break;
- case ISIS_PDU_L1_CSNP:
- case ISIS_PDU_L2_CSNP:
- ND_PRINT((ndo, ", src-id %s", isis_print_id(header_csnp->source_id, NODE_ID_LEN)));
- break;
- case ISIS_PDU_L1_PSNP:
- case ISIS_PDU_L2_PSNP:
- ND_PRINT((ndo, ", src-id %s", isis_print_id(header_psnp->source_id, NODE_ID_LEN)));
- break;
-
- }
- ND_PRINT((ndo, ", length %u", length));
-
- return(1);
- }
-
- /* ok they seem to want to know everything - lets fully decode it */
- ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length));
-
- ND_PRINT((ndo, "\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)",
- tok2str(isis_pdu_values,
- "unknown, type %u",
- pdu_type),
- isis_header->fixed_len,
- isis_header->version,
- isis_header->pdu_version,
- id_length,
- isis_header->id_length,
- max_area,
- isis_header->max_area));
-
- if (ndo->ndo_vflag > 1) {
- if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */
- return(0); /* for optionally debugging the common header */
+ ND_PRINT((ndo, "\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)",
+ tok2str(isis_pdu_values,
+ "unknown, type %u",
+ pdu_type),
+ isis_header->fixed_len,
+ isis_header->version,
+ isis_header->pdu_version,
+ id_length,
+ isis_header->id_length,
+ max_area,
+ isis_header->max_area));
+
+ if (ndo->ndo_vflag > 1) {
+ if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */
+ return (0); /* for optionally debugging the common header */
+ }
}
switch (pdu_type) {
case ISIS_PDU_L1_LAN_IIH:
case ISIS_PDU_L2_LAN_IIH:
- if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) {
- ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
- isis_header->fixed_len, (unsigned long)ISIS_IIH_LAN_HEADER_SIZE));
- return (0);
- }
+ if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) {
+ ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
+ isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)));
+ return (0);
+ }
+ ND_TCHECK(*header_iih_lan);
+ if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)
+ goto trunc;
+ if (ndo->ndo_vflag == 0) {
+ ND_PRINT((ndo, ", src-id %s",
+ isis_print_id(header_iih_lan->source_id, SYSTEM_ID_LEN)));
+ ND_PRINT((ndo, ", lan-id %s, prio %u",
+ isis_print_id(header_iih_lan->lan_id,NODE_ID_LEN),
+ header_iih_lan->priority));
+ ND_PRINT((ndo, ", length %u", length));
+ return (1);
+ }
+ pdu_len=EXTRACT_16BITS(header_iih_lan->pdu_len);
+ if (packet_len>pdu_len) {
+ packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
+ length=pdu_len;
+ }
- pdu_len=EXTRACT_16BITS(header_iih_lan->pdu_len);
- if (packet_len>pdu_len) {
- packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
- length=pdu_len;
- }
+ ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]",
+ isis_print_id(header_iih_lan->source_id,SYSTEM_ID_LEN),
+ EXTRACT_16BITS(header_iih_lan->holding_time),
+ tok2str(isis_iih_circuit_type_values,
+ "unknown circuit type 0x%02x",
+ header_iih_lan->circuit_type)));
- ND_TCHECK(*header_iih_lan);
- ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]",
- isis_print_id(header_iih_lan->source_id,SYSTEM_ID_LEN),
- EXTRACT_16BITS(header_iih_lan->holding_time),
- tok2str(isis_iih_circuit_type_values,
- "unknown circuit type 0x%02x",
- header_iih_lan->circuit_type)));
-
- ND_PRINT((ndo, "\n\t lan-id: %s, Priority: %u, PDU length: %u",
- isis_print_id(header_iih_lan->lan_id, NODE_ID_LEN),
- (header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK,
- pdu_len));
+ ND_PRINT((ndo, "\n\t lan-id: %s, Priority: %u, PDU length: %u",
+ isis_print_id(header_iih_lan->lan_id, NODE_ID_LEN),
+ (header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK,
+ pdu_len));
- if (ndo->ndo_vflag > 1) {
- if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_LAN_HEADER_SIZE))
- return(0);
- }
+ if (ndo->ndo_vflag > 1) {
+ if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_LAN_HEADER_SIZE))
+ return (0);
+ }
- packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE);
- pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE);
- break;
+ packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE);
+ pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE);
+ break;
case ISIS_PDU_PTP_IIH:
- if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) {
- ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
- isis_header->fixed_len, (unsigned long)ISIS_IIH_PTP_HEADER_SIZE));
- return (0);
- }
-
- pdu_len=EXTRACT_16BITS(header_iih_ptp->pdu_len);
- if (packet_len>pdu_len) {
+ if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) {
+ ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
+ isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)));
+ return (0);
+ }
+ ND_TCHECK(*header_iih_ptp);
+ if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)
+ goto trunc;
+ if (ndo->ndo_vflag == 0) {
+ ND_PRINT((ndo, ", src-id %s", isis_print_id(header_iih_ptp->source_id, SYSTEM_ID_LEN)));
+ ND_PRINT((ndo, ", length %u", length));
+ return (1);
+ }
+ pdu_len=EXTRACT_16BITS(header_iih_ptp->pdu_len);
+ if (packet_len>pdu_len) {
packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
length=pdu_len;
- }
+ }
- ND_TCHECK(*header_iih_ptp);
- ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]",
- isis_print_id(header_iih_ptp->source_id,SYSTEM_ID_LEN),
- EXTRACT_16BITS(header_iih_ptp->holding_time),
- tok2str(isis_iih_circuit_type_values,
- "unknown circuit type 0x%02x",
- header_iih_ptp->circuit_type)));
+ ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]",
+ isis_print_id(header_iih_ptp->source_id,SYSTEM_ID_LEN),
+ EXTRACT_16BITS(header_iih_ptp->holding_time),
+ tok2str(isis_iih_circuit_type_values,
+ "unknown circuit type 0x%02x",
+ header_iih_ptp->circuit_type)));
- ND_PRINT((ndo, "\n\t circuit-id: 0x%02x, PDU length: %u",
- header_iih_ptp->circuit_id,
- pdu_len));
+ ND_PRINT((ndo, "\n\t circuit-id: 0x%02x, PDU length: %u",
+ header_iih_ptp->circuit_id,
+ pdu_len));
- if (ndo->ndo_vflag > 1) {
- if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE))
- return(0);
- }
+ if (ndo->ndo_vflag > 1) {
+ if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE))
+ return (0);
+ }
- packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE);
- pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE);
- break;
+ packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE);
+ pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE);
+ break;
case ISIS_PDU_L1_LSP:
case ISIS_PDU_L2_LSP:
- if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) {
- ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
- isis_header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE));
- return (0);
- }
-
- pdu_len=EXTRACT_16BITS(header_lsp->pdu_len);
- if (packet_len>pdu_len) {
+ if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) {
+ ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
+ isis_header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE));
+ return (0);
+ }
+ ND_TCHECK(*header_lsp);
+ if (length < ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)
+ goto trunc;
+ if (ndo->ndo_vflag == 0) {
+ ND_PRINT((ndo, ", lsp-id %s, seq 0x%08x, lifetime %5us",
+ isis_print_id(header_lsp->lsp_id, LSP_ID_LEN),
+ EXTRACT_32BITS(header_lsp->sequence_number),
+ EXTRACT_16BITS(header_lsp->remaining_lifetime)));
+ ND_PRINT((ndo, ", length %u", length));
+ return (1);
+ }
+ pdu_len=EXTRACT_16BITS(header_lsp->pdu_len);
+ if (packet_len>pdu_len) {
packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
length=pdu_len;
- }
+ }
- ND_TCHECK(*header_lsp);
- ND_PRINT((ndo, "\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x",
+ ND_PRINT((ndo, "\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x",
isis_print_id(header_lsp->lsp_id, LSP_ID_LEN),
EXTRACT_32BITS(header_lsp->sequence_number),
EXTRACT_16BITS(header_lsp->remaining_lifetime),
EXTRACT_16BITS(header_lsp->checksum)));
+ osi_print_cksum(ndo, (const uint8_t *)header_lsp->lsp_id,
+ EXTRACT_16BITS(header_lsp->checksum),
+ 12, length-12);
- osi_print_cksum(ndo, (u_int8_t *)header_lsp->lsp_id,
- EXTRACT_16BITS(header_lsp->checksum), 12, length-12);
-
- /*
- * Clear checksum and lifetime prior to signature verification.
- */
- header_lsp->checksum[0] = 0;
- header_lsp->checksum[1] = 0;
- header_lsp->remaining_lifetime[0] = 0;
- header_lsp->remaining_lifetime[1] = 0;
-
-
- ND_PRINT((ndo, ", PDU length: %u, Flags: [ %s",
+ ND_PRINT((ndo, ", PDU length: %u, Flags: [ %s",
pdu_len,
ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : ""));
- if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) {
- ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""));
- ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""));
- ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""));
- ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""));
- ND_PRINT((ndo, "ATT bit set, "));
- }
- ND_PRINT((ndo, "%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""));
- ND_PRINT((ndo, "%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)",
- ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))));
+ if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) {
+ ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""));
+ ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""));
+ ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""));
+ ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""));
+ ND_PRINT((ndo, "ATT bit set, "));
+ }
+ ND_PRINT((ndo, "%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""));
+ ND_PRINT((ndo, "%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)",
+ ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))));
- if (ndo->ndo_vflag > 1) {
- if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_LSP_HEADER_SIZE))
- return(0);
- }
+ if (ndo->ndo_vflag > 1) {
+ if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_LSP_HEADER_SIZE))
+ return (0);
+ }
- packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE);
- pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE);
- break;
+ packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE);
+ pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE);
+ break;
case ISIS_PDU_L1_CSNP:
case ISIS_PDU_L2_CSNP:
- if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) {
- ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
- isis_header->fixed_len, (unsigned long)ISIS_CSNP_HEADER_SIZE));
- return (0);
- }
-
- pdu_len=EXTRACT_16BITS(header_csnp->pdu_len);
- if (packet_len>pdu_len) {
+ if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) {
+ ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
+ isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)));
+ return (0);
+ }
+ ND_TCHECK(*header_csnp);
+ if (length < ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)
+ goto trunc;
+ if (ndo->ndo_vflag == 0) {
+ ND_PRINT((ndo, ", src-id %s", isis_print_id(header_csnp->source_id, NODE_ID_LEN)));
+ ND_PRINT((ndo, ", length %u", length));
+ return (1);
+ }
+ pdu_len=EXTRACT_16BITS(header_csnp->pdu_len);
+ if (packet_len>pdu_len) {
packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
length=pdu_len;
- }
+ }
- ND_TCHECK(*header_csnp);
- ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u",
+ ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u",
isis_print_id(header_csnp->source_id, NODE_ID_LEN),
pdu_len));
- ND_PRINT((ndo, "\n\t start lsp-id: %s",
+ ND_PRINT((ndo, "\n\t start lsp-id: %s",
isis_print_id(header_csnp->start_lsp_id, LSP_ID_LEN)));
- ND_PRINT((ndo, "\n\t end lsp-id: %s",
+ ND_PRINT((ndo, "\n\t end lsp-id: %s",
isis_print_id(header_csnp->end_lsp_id, LSP_ID_LEN)));
- if (ndo->ndo_vflag > 1) {
- if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_CSNP_HEADER_SIZE))
- return(0);
- }
+ if (ndo->ndo_vflag > 1) {
+ if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_CSNP_HEADER_SIZE))
+ return (0);
+ }
- packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE);
- pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE);
+ packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE);
+ pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE);
break;
case ISIS_PDU_L1_PSNP:
case ISIS_PDU_L2_PSNP:
- if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) {
- ND_PRINT((ndo, "- bogus fixed header length %u should be %lu",
- isis_header->fixed_len, (unsigned long)ISIS_PSNP_HEADER_SIZE));
- return (0);
- }
-
- pdu_len=EXTRACT_16BITS(header_psnp->pdu_len);
- if (packet_len>pdu_len) {
+ if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) {
+ ND_PRINT((ndo, "- bogus fixed header length %u should be %lu",
+ isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)));
+ return (0);
+ }
+ ND_TCHECK(*header_psnp);
+ if (length < ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)
+ goto trunc;
+ if (ndo->ndo_vflag == 0) {
+ ND_PRINT((ndo, ", src-id %s", isis_print_id(header_psnp->source_id, NODE_ID_LEN)));
+ ND_PRINT((ndo, ", length %u", length));
+ return (1);
+ }
+ pdu_len=EXTRACT_16BITS(header_psnp->pdu_len);
+ if (packet_len>pdu_len) {
packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
length=pdu_len;
- }
+ }
- ND_TCHECK(*header_psnp);
- ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u",
+ ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u",
isis_print_id(header_psnp->source_id, NODE_ID_LEN),
pdu_len));
- if (ndo->ndo_vflag > 1) {
- if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_PSNP_HEADER_SIZE))
- return(0);
- }
+ if (ndo->ndo_vflag > 1) {
+ if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_PSNP_HEADER_SIZE))
+ return (0);
+ }
- packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE);
- pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE);
- break;
+ packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE);
+ pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE);
+ break;
default:
- if (!print_unknown_data(ndo, pptr, "\n\t ", length))
- return(0);
+ if (ndo->ndo_vflag == 0) {
+ ND_PRINT((ndo, ", length %u", length));
+ return (1);
+ }
+ (void)print_unknown_data(ndo, pptr, "\n\t ", length);
return (0);
}
* Now print the TLV's.
*/
- while (packet_len >= 2) {
- if (pptr == ndo->ndo_snapend) {
- return (1);
- }
-
- if (!ND_TTEST2(*pptr, 2)) {
- ND_PRINT((ndo, "\n\t\t packet exceeded snapshot (%ld) bytes",
- (long)(pptr - ndo->ndo_snapend)));
- return (1);
- }
+ while (packet_len > 0) {
+ ND_TCHECK2(*pptr, 2);
+ if (packet_len < 2)
+ goto trunc;
tlv_type = *pptr++;
tlv_len = *pptr++;
tmp =tlv_len; /* copy temporary len & pointer to packet data */
tptr = pptr;
packet_len -= 2;
- if (tlv_len > packet_len) {
- break;
- }
/* first lets see if we know the TLVs name*/
ND_PRINT((ndo, "\n\t %s TLV #%u, length: %u",
tlv_type,
tlv_len));
- if (tlv_len == 0) /* something is malformed */
+ if (tlv_len == 0) /* something is invalid */
continue;
+ if (packet_len < tlv_len)
+ goto trunc;
+
/* now check if we have a decoder otherwise do a hexdump at the end*/
switch (tlv_type) {
case ISIS_TLV_AREA_ADDR:
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 1);
alen = *tptr++;
while (tmp && alen < tmp) {
+ ND_TCHECK2(*tptr, alen);
ND_PRINT((ndo, "\n\t Area address (length: %u): %s",
alen,
- isonsap_string(tptr, alen)));
+ isonsap_string(ndo, tptr, alen)));
tptr += alen;
tmp -= alen + 1;
if (tmp==0) /* if this is the last area address do not attemt a boundary check */
break;
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 1);
alen = *tptr++;
}
break;
case ISIS_TLV_ISNEIGH:
while (tmp >= ETHER_ADDR_LEN) {
- if (!ND_TTEST2(*tptr, ETHER_ADDR_LEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, ETHER_ADDR_LEN);
ND_PRINT((ndo, "\n\t SNPA: %s", isis_print_id(tptr, ETHER_ADDR_LEN)));
tmp -= ETHER_ADDR_LEN;
tptr += ETHER_ADDR_LEN;
tmp --;
ND_PRINT((ndo, "\n\t LAN address length %u bytes ", lan_alen));
while (tmp >= lan_alen) {
- if (!ND_TTEST2(*tptr, lan_alen))
- goto trunctlv;
+ ND_TCHECK2(*tptr, lan_alen);
ND_PRINT((ndo, "\n\t\tIS Neighbor: %s", isis_print_id(tptr, lan_alen)));
tmp -= lan_alen;
tptr +=lan_alen;
}
break;
case ISIS_TLV_IS_REACH:
- if (!ND_TTEST2(*tptr,1)) /* check if there is one byte left to read out the virtual flag */
- goto trunctlv;
+ ND_TCHECK2(*tptr,1); /* check if there is one byte left to read out the virtual flag */
ND_PRINT((ndo, "\n\t %s",
tok2str(isis_is_reach_virtual_values,
"bogus virtual flag 0x%02x",
*tptr++)));
tlv_is_reach = (const struct isis_tlv_is_reach *)tptr;
while (tmp >= sizeof(struct isis_tlv_is_reach)) {
- if (!ND_TTEST(*tlv_is_reach))
- goto trunctlv;
+ ND_TCHECK(*tlv_is_reach);
ND_PRINT((ndo, "\n\t IS Neighbor: %s",
isis_print_id(tlv_is_reach->neighbor_nodeid, NODE_ID_LEN)));
isis_print_metric_block(ndo, &tlv_is_reach->isis_metric_block);
case ISIS_TLV_ESNEIGH:
tlv_es_reach = (const struct isis_tlv_es_reach *)tptr;
while (tmp >= sizeof(struct isis_tlv_es_reach)) {
- if (!ND_TTEST(*tlv_es_reach))
- goto trunctlv;
+ ND_TCHECK(*tlv_es_reach);
ND_PRINT((ndo, "\n\t ES Neighbor: %s",
isis_print_id(tlv_es_reach->neighbor_sysid, SYSTEM_ID_LEN)));
isis_print_metric_block(ndo, &tlv_es_reach->isis_metric_block);
}
break;
-#ifdef INET6
case ISIS_TLV_IP6_REACH:
while (tmp>0) {
ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6);
case ISIS_TLV_IP6ADDR:
while (tmp>=sizeof(struct in6_addr)) {
- if (!ND_TTEST2(*tptr, sizeof(struct in6_addr)))
- goto trunctlv;
+ ND_TCHECK2(*tptr, sizeof(struct in6_addr));
ND_PRINT((ndo, "\n\t IPv6 interface address: %s",
- ip6addr_string(tptr)));
+ ip6addr_string(ndo, tptr)));
tptr += sizeof(struct in6_addr);
tmp -= sizeof(struct in6_addr);
}
break;
-#endif
case ISIS_TLV_AUTH:
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 1);
ND_PRINT((ndo, "\n\t %s: ",
tok2str(isis_subtlv_auth_values,
switch (*tptr) {
case ISIS_SUBTLV_AUTH_SIMPLE:
- for(i=1;i<tlv_len;i++) {
- if (!ND_TTEST2(*(tptr + i), 1))
- goto trunctlv;
- ND_PRINT((ndo, "%c", *(tptr + i)));
- }
+ if (fn_printzp(ndo, tptr + 1, tlv_len - 1, ndo->ndo_snapend))
+ goto trunctlv;
break;
case ISIS_SUBTLV_AUTH_MD5:
for(i=1;i<tlv_len;i++) {
- if (!ND_TTEST2(*(tptr + i), 1))
- goto trunctlv;
+ ND_TCHECK2(*(tptr + i), 1);
ND_PRINT((ndo, "%02x", *(tptr + i)));
}
if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1)
- ND_PRINT((ndo, ", (malformed subTLV) "));
+ ND_PRINT((ndo, ", (invalid subTLV) "));
-#ifdef HAVE_LIBCRYPTO
- sigcheck = signature_verify(ndo, optr, length,
- (unsigned char *)tptr + 1);
-#else
- sigcheck = CANT_CHECK_SIGNATURE;
-#endif
+ sigcheck = signature_verify(ndo, optr, length, tptr + 1,
+ isis_clear_checksum_lifetime,
+ header_lsp);
ND_PRINT((ndo, " (%s)", tok2str(signature_check_values, "Unknown", sigcheck)));
break;
case ISIS_SUBTLV_AUTH_GENERIC:
+ ND_TCHECK2(*(tptr + 1), 2);
key_id = EXTRACT_16BITS((tptr+1));
ND_PRINT((ndo, "%u, password: ", key_id));
- for(i=1 + sizeof(u_int16_t);i<tlv_len;i++) {
- if (!ND_TTEST2(*(tptr + i), 1))
- goto trunctlv;
+ for(i=1 + sizeof(uint16_t);i<tlv_len;i++) {
+ ND_TCHECK2(*(tptr + i), 1);
ND_PRINT((ndo, "%02x", *(tptr + i)));
}
break;
case ISIS_TLV_PTP_ADJ:
tlv_ptp_adj = (const struct isis_tlv_ptp_adj *)tptr;
if(tmp>=1) {
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 1);
ND_PRINT((ndo, "\n\t Adjacency State: %s (%u)",
tok2str(isis_ptp_adjancey_values, "unknown", *tptr),
*tptr));
tmp--;
}
if(tmp>sizeof(tlv_ptp_adj->extd_local_circuit_id)) {
- if (!ND_TTEST2(tlv_ptp_adj->extd_local_circuit_id,
- sizeof(tlv_ptp_adj->extd_local_circuit_id)))
- goto trunctlv;
+ ND_TCHECK(tlv_ptp_adj->extd_local_circuit_id);
ND_PRINT((ndo, "\n\t Extended Local circuit-ID: 0x%08x",
EXTRACT_32BITS(tlv_ptp_adj->extd_local_circuit_id)));
tmp-=sizeof(tlv_ptp_adj->extd_local_circuit_id);
}
if(tmp>=SYSTEM_ID_LEN) {
- if (!ND_TTEST2(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN))
- goto trunctlv;
+ ND_TCHECK2(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN);
ND_PRINT((ndo, "\n\t Neighbor System-ID: %s",
isis_print_id(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN)));
tmp-=SYSTEM_ID_LEN;
}
if(tmp>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) {
- if (!ND_TTEST2(tlv_ptp_adj->neighbor_extd_local_circuit_id,
- sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)))
- goto trunctlv;
+ ND_TCHECK(tlv_ptp_adj->neighbor_extd_local_circuit_id);
ND_PRINT((ndo, "\n\t Neighbor Extended Local circuit-ID: 0x%08x",
EXTRACT_32BITS(tlv_ptp_adj->neighbor_extd_local_circuit_id)));
}
case ISIS_TLV_PROTOCOLS:
ND_PRINT((ndo, "\n\t NLPID(s): "));
while (tmp>0) {
- if (!ND_TTEST2(*(tptr), 1))
- goto trunctlv;
+ ND_TCHECK2(*(tptr), 1);
ND_PRINT((ndo, "%s (0x%02x)",
tok2str(nlpid_values,
"unknown",
case ISIS_TLV_MT_PORT_CAP:
{
- if (!ND_TTEST2(*(tptr), 2))
- goto trunctlv;
+ ND_TCHECK2(*(tptr), 2);
ND_PRINT((ndo, "\n\t RES: %d, MTID(s): %d",
(EXTRACT_16BITS (tptr) >> 12),
case ISIS_TLV_MT_CAPABILITY:
- if (!ND_TTEST2(*(tptr), 2))
- goto trunctlv;
+ ND_TCHECK2(*(tptr), 2);
ND_PRINT((ndo, "\n\t O: %d, RES: %d, MTID(s): %d",
(EXTRACT_16BITS(tptr) >> 15) & 0x01,
break;
case ISIS_TLV_TE_ROUTER_ID:
- if (!ND_TTEST2(*pptr, sizeof(struct in_addr)))
- goto trunctlv;
- ND_PRINT((ndo, "\n\t Traffic Engineering Router ID: %s", ipaddr_string(pptr)));
+ ND_TCHECK2(*pptr, sizeof(struct in_addr));
+ ND_PRINT((ndo, "\n\t Traffic Engineering Router ID: %s", ipaddr_string(ndo, pptr)));
break;
case ISIS_TLV_IPADDR:
while (tmp>=sizeof(struct in_addr)) {
- if (!ND_TTEST2(*tptr, sizeof(struct in_addr)))
- goto trunctlv;
- ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(tptr)));
+ ND_TCHECK2(*tptr, sizeof(struct in_addr));
+ ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr)));
tptr += sizeof(struct in_addr);
tmp -= sizeof(struct in_addr);
}
case ISIS_TLV_HOSTNAME:
ND_PRINT((ndo, "\n\t Hostname: "));
- while (tmp>0) {
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
- ND_PRINT((ndo, "%c", *tptr++));
- tmp--;
- }
+ if (fn_printzp(ndo, tptr, tmp, ndo->ndo_snapend))
+ goto trunctlv;
break;
case ISIS_TLV_SHARED_RISK_GROUP:
if (tmp < NODE_ID_LEN)
break;
- if (!ND_TTEST2(*tptr, NODE_ID_LEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, NODE_ID_LEN);
ND_PRINT((ndo, "\n\t IS Neighbor: %s", isis_print_id(tptr, NODE_ID_LEN)));
tptr+=(NODE_ID_LEN);
tmp-=(NODE_ID_LEN);
if (tmp < 1)
break;
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 1);
ND_PRINT((ndo, ", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(*tptr++) ? "numbered" : "unnumbered"));
tmp--;
if (tmp < sizeof(struct in_addr))
break;
- if (!ND_TTEST2(*tptr, sizeof(struct in_addr)))
- goto trunctlv;
- ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(tptr)));
+ ND_TCHECK2(*tptr, sizeof(struct in_addr));
+ ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr)));
tptr+=sizeof(struct in_addr);
tmp-=sizeof(struct in_addr);
if (tmp < sizeof(struct in_addr))
break;
- if (!ND_TTEST2(*tptr, sizeof(struct in_addr)))
- goto trunctlv;
- ND_PRINT((ndo, "\n\t IPv4 neighbor address: %s", ipaddr_string(tptr)));
+ ND_TCHECK2(*tptr, sizeof(struct in_addr));
+ ND_PRINT((ndo, "\n\t IPv4 neighbor address: %s", ipaddr_string(ndo, tptr)));
tptr+=sizeof(struct in_addr);
tmp-=sizeof(struct in_addr);
while (tmp>=4) {
- if (!ND_TTEST2(*tptr, 4))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 4);
ND_PRINT((ndo, "\n\t Link-ID: 0x%08x", EXTRACT_32BITS(tptr)));
tptr+=4;
tmp-=4;
case ISIS_TLV_LSP:
tlv_lsp = (const struct isis_tlv_lsp *)tptr;
while(tmp>=sizeof(struct isis_tlv_lsp)) {
- if (!ND_TTEST((tlv_lsp->lsp_id)[LSP_ID_LEN-1]))
- goto trunctlv;
+ ND_TCHECK((tlv_lsp->lsp_id)[LSP_ID_LEN-1]);
ND_PRINT((ndo, "\n\t lsp-id: %s",
isis_print_id(tlv_lsp->lsp_id, LSP_ID_LEN)));
- if (!ND_TTEST2(tlv_lsp->sequence_number, 4))
- goto trunctlv;
+ ND_TCHECK2(tlv_lsp->sequence_number, 4);
ND_PRINT((ndo, ", seq: 0x%08x", EXTRACT_32BITS(tlv_lsp->sequence_number)));
- if (!ND_TTEST2(tlv_lsp->remaining_lifetime, 2))
- goto trunctlv;
+ ND_TCHECK2(tlv_lsp->remaining_lifetime, 2);
ND_PRINT((ndo, ", lifetime: %5ds", EXTRACT_16BITS(tlv_lsp->remaining_lifetime)));
- if (!ND_TTEST2(tlv_lsp->checksum, 2))
- goto trunctlv;
+ ND_TCHECK2(tlv_lsp->checksum, 2);
ND_PRINT((ndo, ", chksum: 0x%04x", EXTRACT_16BITS(tlv_lsp->checksum)));
tmp-=sizeof(struct isis_tlv_lsp);
tlv_lsp++;
case ISIS_TLV_CHECKSUM:
if (tmp < ISIS_TLV_CHECKSUM_MINLEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_CHECKSUM_MINLEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_CHECKSUM_MINLEN);
ND_PRINT((ndo, "\n\t checksum: 0x%04x ", EXTRACT_16BITS(tptr)));
/* do not attempt to verify the checksum if it is zero
* most likely a HMAC-MD5 TLV is also present and
* to avoid conflicts the checksum TLV is zeroed.
* see rfc3358 for details
*/
- osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr, length);
+ osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr,
+ length);
+ break;
+
+ case ISIS_TLV_POI:
+ if (tlv_len >= SYSTEM_ID_LEN + 1) {
+ ND_TCHECK2(*tptr, SYSTEM_ID_LEN + 1);
+ ND_PRINT((ndo, "\n\t Purge Originator System-ID: %s",
+ isis_print_id(tptr + 1, SYSTEM_ID_LEN)));
+ }
+
+ if (tlv_len == 2 * SYSTEM_ID_LEN + 1) {
+ ND_TCHECK2(*tptr, 2 * SYSTEM_ID_LEN + 1);
+ ND_PRINT((ndo, "\n\t Received from System-ID: %s",
+ isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN)));
+ }
break;
case ISIS_TLV_MT_SUPPORTED:
tptr+=mt_len;
tmp-=mt_len;
} else {
- ND_PRINT((ndo, "\n\t malformed MT-ID"));
+ ND_PRINT((ndo, "\n\t invalid MT-ID"));
break;
}
}
/* first attempt to decode the flags */
if (tmp < ISIS_TLV_RESTART_SIGNALING_FLAGLEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN);
ND_PRINT((ndo, "\n\t Flags [%s]",
bittok2str(isis_restart_flag_values, "none", *tptr)));
tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN;
if (tmp < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN);
ND_PRINT((ndo, ", Remaining holding time %us", EXTRACT_16BITS(tptr)));
tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN;
/* is there an additional sysid field present ?*/
if (tmp == SYSTEM_ID_LEN) {
- if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, SYSTEM_ID_LEN);
ND_PRINT((ndo, ", for %s", isis_print_id(tptr,SYSTEM_ID_LEN)));
}
break;
case ISIS_TLV_IDRP_INFO:
if (tmp < ISIS_TLV_IDRP_INFO_MINLEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_IDRP_INFO_MINLEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_IDRP_INFO_MINLEN);
ND_PRINT((ndo, "\n\t Inter-Domain Information Type: %s",
tok2str(isis_subtlv_idrp_values,
"Unknown (0x%02x)",
*tptr)));
switch (*tptr++) {
case ISIS_SUBTLV_IDRP_ASN:
- if (!ND_TTEST2(*tptr, 2)) /* fetch AS number */
- goto trunctlv;
+ ND_TCHECK2(*tptr, 2); /* fetch AS number */
ND_PRINT((ndo, "AS Number: %u", EXTRACT_16BITS(tptr)));
break;
case ISIS_SUBTLV_IDRP_LOCAL:
case ISIS_TLV_LSP_BUFFERSIZE:
if (tmp < ISIS_TLV_LSP_BUFFERSIZE_MINLEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN);
ND_PRINT((ndo, "\n\t LSP Buffersize: %u", EXTRACT_16BITS(tptr)));
break;
case ISIS_TLV_PART_DIS:
while (tmp >= SYSTEM_ID_LEN) {
- if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN))
- goto trunctlv;
+ ND_TCHECK2(*tptr, SYSTEM_ID_LEN);
ND_PRINT((ndo, "\n\t %s", isis_print_id(tptr, SYSTEM_ID_LEN)));
tptr+=SYSTEM_ID_LEN;
tmp-=SYSTEM_ID_LEN;
case ISIS_TLV_PREFIX_NEIGH:
if (tmp < sizeof(struct isis_metric_block))
break;
- if (!ND_TTEST2(*tptr, sizeof(struct isis_metric_block)))
- goto trunctlv;
+ ND_TCHECK2(*tptr, sizeof(struct isis_metric_block));
ND_PRINT((ndo, "\n\t Metric Block"));
isis_print_metric_block(ndo, (const struct isis_metric_block *)tptr);
tptr+=sizeof(struct isis_metric_block);
tmp-=sizeof(struct isis_metric_block);
while(tmp>0) {
- if (!ND_TTEST2(*tptr, 1))
- goto trunctlv;
+ ND_TCHECK2(*tptr, 1);
prefix_len=*tptr++; /* read out prefix length in semioctets*/
if (prefix_len < 2) {
ND_PRINT((ndo, "\n\t\tAddress: prefix length %u < 2", prefix_len));
tmp--;
if (tmp < prefix_len/2)
break;
- if (!ND_TTEST2(*tptr, prefix_len / 2))
- goto trunctlv;
+ ND_TCHECK2(*tptr, prefix_len / 2);
ND_PRINT((ndo, "\n\t\tAddress: %s/%u",
- isonsap_string(tptr, prefix_len / 2), prefix_len * 4));
+ isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4));
tptr+=prefix_len/2;
tmp-=prefix_len/2;
}
case ISIS_TLV_IIH_SEQNR:
if (tmp < ISIS_TLV_IIH_SEQNR_MINLEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_IIH_SEQNR_MINLEN)) /* check if four bytes are on the wire */
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_IIH_SEQNR_MINLEN); /* check if four bytes are on the wire */
ND_PRINT((ndo, "\n\t Sequence number: %u", EXTRACT_32BITS(tptr)));
break;
case ISIS_TLV_VENDOR_PRIVATE:
if (tmp < ISIS_TLV_VENDOR_PRIVATE_MINLEN)
break;
- if (!ND_TTEST2(*tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN)) /* check if enough byte for a full oui */
- goto trunctlv;
+ ND_TCHECK2(*tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN); /* check if enough byte for a full oui */
vendor_id = EXTRACT_24BITS(tptr);
ND_PRINT((ndo, "\n\t Vendor: %s (%u)",
tok2str(oui_values, "Unknown", vendor_id),
return (1);
trunc:
- ND_PRINT((ndo, "[|isis]"));
+ ND_PRINT((ndo, "%s", tstr));
return (1);
trunctlv:
- ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
+ ND_PRINT((ndo, "\n\t\t"));
+ ND_PRINT((ndo, "%s", tstr));
return(1);
}
static void
-osi_print_cksum(netdissect_options *ndo,
- const u_int8_t *pptr, u_int16_t checksum,
- u_int checksum_offset, u_int length)
+osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr,
+ uint16_t checksum, int checksum_offset, u_int length)
{
- u_int16_t calculated_checksum;
+ uint16_t calculated_checksum;
- /* do not attempt to verify the checksum if it is zero */
- if (!checksum) {
- ND_PRINT((ndo, "(unverified)"));
+ /* do not attempt to verify the checksum if it is zero,
+ * if the offset is nonsense,
+ * or the base pointer is not sane
+ */
+ if (!checksum
+ || checksum_offset < 0
+ || !ND_TTEST2(*(pptr + checksum_offset), 2)
+ || (u_int)checksum_offset > length
+ || !ND_TTEST2(*pptr, length)) {
+ ND_PRINT((ndo, " (unverified)"));
} else {
+#if 0
+ printf("\nosi_print_cksum: %p %u %u\n", pptr, checksum_offset, length);
+#endif
calculated_checksum = create_osi_cksum(pptr, checksum_offset, length);
if (checksum == calculated_checksum) {
ND_PRINT((ndo, " (correct)"));
projects / tcpdump / blobdiff