#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.161 2006-09-25 09:23:32 hannes Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.165 2008-08-16 13:38:15 hannes Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "extract.h"
#include "gmpls.h"
#include "oui.h"
+#include "signature.h"
/*
* IS-IS is defined in ISO 10589. Look there for protocol definitions.
};
#define ISIS_SUBTLV_AUTH_SIMPLE 1
+#define ISIS_SUBTLV_AUTH_GENERIC 3 /* rfc 5310 */
#define ISIS_SUBTLV_AUTH_MD5 54
#define ISIS_SUBTLV_AUTH_MD5_LEN 16
#define ISIS_SUBTLV_AUTH_PRIVATE 255
static struct tok isis_subtlv_auth_values[] = {
{ ISIS_SUBTLV_AUTH_SIMPLE, "simple text password"},
+ { ISIS_SUBTLV_AUTH_GENERIC, "Generic Crypto key-id"},
{ ISIS_SUBTLV_AUTH_MD5, "HMAC-MD5 password"},
{ ISIS_SUBTLV_AUTH_PRIVATE, "Routing Domain private password"},
{ 0, NULL }
#define ISIS_MASK_MTFLAGS(x) ((x)&0xf000)
static struct tok isis_mt_flag_values[] = {
- { 0x4000, "sub-TLVs present"},
- { 0x8000, "ATT bit set"},
+ { 0x4000, "ATT bit set"},
+ { 0x8000, "Overload bit set"},
{ 0, NULL}
};
{ ISIS_LSP_TYPE_UNUSED0, "Unused 0x0 (invalid)"},
{ ISIS_LSP_TYPE_LEVEL_1, "L1 IS"},
{ ISIS_LSP_TYPE_UNUSED2, "Unused 0x2 (invalid)"},
- { ISIS_LSP_TYPE_LEVEL_2, "L1L2 IS"},
+ { ISIS_LSP_TYPE_LEVEL_2, "L2 IS"},
{ 0, NULL }
};
void isoclns_print(const u_int8_t *p, u_int length, u_int caplen)
{
- const struct isis_common_header *header;
-
- header = (const struct isis_common_header *)p;
-
if (caplen <= 1) { /* enough bytes on the wire ? */
printf("|OSI");
return;
#ifdef INET6
case NLPID_IP6:
- ip6_print(p+1, length-1);
+ ip6_print(gndo, p+1, length-1);
break;
#endif
}
/* now walk the options */
- while (li >= 2) {
+ while (li != 0) {
u_int op, opli;
const u_int8_t *tptr;
- TCHECK2(*pptr, 2);
if (li < 2) {
printf(", bad opts/li");
return;
}
+ TCHECK2(*pptr, 2);
op = *pptr++;
opli = *pptr++;
li -= 2;
switch (op) {
case ESIS_OPTION_ES_CONF_TIME:
- TCHECK2(*pptr, 2);
- printf("%us", EXTRACT_16BITS(tptr));
+ if (opli == 2) {
+ TCHECK2(*pptr, 2);
+ printf("%us", EXTRACT_16BITS(tptr));
+ } else
+ printf("(bad length)");
break;
case ESIS_OPTION_PROTOCOLS:
const struct isis_iih_lan_header *header_iih_lan;
const struct isis_iih_ptp_header *header_iih_ptp;
- const struct isis_lsp_header *header_lsp;
+ struct isis_lsp_header *header_lsp;
const struct isis_csnp_header *header_csnp;
const struct isis_psnp_header *header_psnp;
u_int8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len;
u_int8_t ext_is_len, ext_ip_len, mt_len;
const u_int8_t *optr, *pptr, *tptr;
- u_short packet_len,pdu_len;
+ u_short packet_len,pdu_len, key_id;
u_int i,vendor_id;
+ int sigcheck;
packet_len=length;
optr = p; /* initialize the _o_riginal pointer to the packet start -
- need it for parsing the checksum TLV */
+ need it for parsing the checksum TLV and authentication
+ TLV verification */
isis_header = (const struct isis_common_header *)p;
TCHECK(*isis_header);
pptr = p+(ISIS_COMMON_HEADER_SIZE);
header_iih_lan = (const struct isis_iih_lan_header *)pptr;
header_iih_ptp = (const struct isis_iih_ptp_header *)pptr;
- header_lsp = (const struct isis_lsp_header *)pptr;
+ header_lsp = (struct isis_lsp_header *)pptr;
header_csnp = (const struct isis_csnp_header *)pptr;
header_psnp = (const struct isis_psnp_header *)pptr;
osi_print_cksum((u_int8_t *)header_lsp->lsp_id,
EXTRACT_16BITS(header_lsp->checksum), 12, length-12);
+ /*
+ * Clear checksum and lifetime prior to signature verification.
+ */
+ header_lsp->checksum[0] = 0;
+ header_lsp->checksum[1] = 0;
+ header_lsp->remaining_lifetime[0] = 0;
+ header_lsp->remaining_lifetime[1] = 0;
+
+
printf(", PDU length: %u, Flags: [ %s",
pdu_len,
ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : "");
break;
case ISIS_TLV_MT_IS_REACH:
+ mt_len = isis_print_mtid(tptr, "\n\t ");
+ if (mt_len == 0) /* did something go wrong ? */
+ goto trunctlv;
+ tptr+=mt_len;
+ tmp-=mt_len;
while (tmp >= 2+NODE_ID_LEN+3+1) {
- mt_len = isis_print_mtid(tptr, "\n\t ");
- if (mt_len == 0) /* did something go wrong ? */
- goto trunctlv;
- tptr+=mt_len;
- tmp-=mt_len;
-
ext_is_len = isis_print_ext_is_reach(tptr,"\n\t ",tlv_type);
if (ext_is_len == 0) /* did something go wrong ? */
goto trunctlv;
break;
case ISIS_TLV_MT_IP_REACH:
- while (tmp>0) {
- mt_len = isis_print_mtid(tptr, "\n\t ");
- if (mt_len == 0) /* did something go wrong ? */
- goto trunctlv;
- tptr+=mt_len;
- tmp-=mt_len;
+ mt_len = isis_print_mtid(tptr, "\n\t ");
+ if (mt_len == 0) { /* did something go wrong ? */
+ goto trunctlv;
+ }
+ tptr+=mt_len;
+ tmp-=mt_len;
+ while (tmp>0) {
ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET);
if (ext_ip_len == 0) /* did something go wrong ? */
goto trunctlv;
break;
case ISIS_TLV_MT_IP6_REACH:
- while (tmp>0) {
- mt_len = isis_print_mtid(tptr, "\n\t ");
- if (mt_len == 0) /* did something go wrong ? */
- goto trunctlv;
- tptr+=mt_len;
- tmp-=mt_len;
+ mt_len = isis_print_mtid(tptr, "\n\t ");
+ if (mt_len == 0) { /* did something go wrong ? */
+ goto trunctlv;
+ }
+ tptr+=mt_len;
+ tmp-=mt_len;
+ while (tmp>0) {
ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET6);
if (ext_ip_len == 0) /* did something go wrong ? */
goto trunctlv;
}
if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1)
printf(", (malformed subTLV) ");
+
+#ifdef HAVE_LIBCRYPTO
+ sigcheck = signature_verify(optr, length,
+ (unsigned char *)tptr + 1);
+#else
+ sigcheck = CANT_CHECK_SIGNATURE;
+#endif
+ printf(" (%s)", tok2str(signature_check_values, "Unknown", sigcheck));
+
break;
+ case ISIS_SUBTLV_AUTH_GENERIC:
+ key_id = EXTRACT_16BITS((tptr+1));
+ printf("%u, password: ", key_id);
+ for(i=1 + sizeof(u_int16_t);i<tlv_len;i++) {
+ if (!TTEST2(*(tptr+i), 1))
+ goto trunctlv;
+ printf("%02x",*(tptr+i));
+ }
+ break;
case ISIS_SUBTLV_AUTH_PRIVATE:
default:
if(!print_unknown_data(tptr+1,"\n\t\t ",tlv_len-1))
projects / tcpdump / blobdiff