/* \summary: IPv6 printer */
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
#include "netdissect-stdinc.h"
* the header, in units of 8 octets, excluding
* the first 8 octets.
*/
- ND_TCHECK_2(cp);
advance = (GET_U_1(cp + 1) + 1) << 3;
nh = GET_U_1(cp);
break;
* marked as reserved, and the header is always
* the same size.
*/
- ND_TCHECK_1(cp);
advance = sizeof(struct ip6_frag);
nh = GET_U_1(cp);
break;
u_int total_advance;
const u_char *cp;
uint32_t payload_len;
- uint8_t nh;
+ uint8_t ph, nh;
int fragmented = 0;
u_int flow;
int found_extension_header;
int found_jumbo;
+ int found_hbh;
ndo->ndo_protocol = "ip6";
ip6 = (const struct ip6_hdr *)bp;
- ND_TCHECK_SIZE(ip6);
- if (length < sizeof (struct ip6_hdr)) {
- ND_PRINT("truncated-ip6 %u", length);
- return;
+ if (!ndo->ndo_eflag) {
+ nd_print_protocol_caps(ndo);
+ ND_PRINT(" ");
}
- if (!ndo->ndo_eflag)
- ND_PRINT("IP6 ");
-
- if (IP6_VERSION(ip6) != 6) {
- ND_PRINT("version error: %u != 6", IP6_VERSION(ip6));
- return;
- }
+ ND_ICHECK_ZU(length, <, sizeof (struct ip6_hdr));
+ ND_ICHECKMSG_U("version", IP6_VERSION(ip6), !=, 6);
payload_len = GET_BE_U_2(ip6->ip6_plen);
/*
*/
if (payload_len != 0) {
len = payload_len + sizeof(struct ip6_hdr);
- if (length < len)
- ND_PRINT("truncated-ip6 - %u bytes missing!",
- len - length);
+ if (len > length) {
+ ND_PRINT("[header+payload length %u > length %u]",
+ len, length);
+ nd_print_invalid(ndo);
+ ND_PRINT(" ");
+ }
} else
len = length + sizeof(struct ip6_hdr);
- nh = GET_U_1(ip6->ip6_nxt);
- if (ndo->ndo_vflag) {
- flow = GET_BE_U_4(ip6->ip6_flow);
- ND_PRINT("(");
-#if 0
- /* rfc1883 */
- if (flow & 0x0f000000)
- ND_PRINT("pri 0x%02x, ", (flow & 0x0f000000) >> 24);
- if (flow & 0x00ffffff)
- ND_PRINT("flowlabel 0x%06x, ", flow & 0x00ffffff);
-#else
- /* RFC 2460 */
- if (flow & 0x0ff00000)
- ND_PRINT("class 0x%02x, ", (flow & 0x0ff00000) >> 20);
- if (flow & 0x000fffff)
- ND_PRINT("flowlabel 0x%05x, ", flow & 0x000fffff);
-#endif
-
- ND_PRINT("hlim %u, next-header %s (%u) payload length: %u) ",
- GET_U_1(ip6->ip6_hlim),
- tok2str(ipproto_values,"unknown",nh),
- nh,
- payload_len);
- }
+ ph = 255;
+ nh = GET_U_1(ip6->ip6_nxt);
+ if (ndo->ndo_vflag) {
+ flow = GET_BE_U_4(ip6->ip6_flow);
+ ND_PRINT("(");
+ /* RFC 2460 */
+ if (flow & 0x0ff00000)
+ ND_PRINT("class 0x%02x, ", (flow & 0x0ff00000) >> 20);
+ if (flow & 0x000fffff)
+ ND_PRINT("flowlabel 0x%05x, ", flow & 0x000fffff);
+
+ ND_PRINT("hlim %u, next-header %s (%u), payload length %u) ",
+ GET_U_1(ip6->ip6_hlim),
+ tok2str(ipproto_values,"unknown",nh),
+ nh,
+ payload_len);
+ }
+ ND_TCHECK_SIZE(ip6);
/*
- * Cut off the snapshot length to the end of the IP payload.
+ * Cut off the snapshot length to the end of the IP payload
+ * or the end of the data in which it's contained, whichever
+ * comes first.
*/
- nd_push_snapend(ndo, bp + len);
+ if (!nd_push_snaplen(ndo, bp, ND_MIN(length, len))) {
+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+ "%s: can't push snaplen on buffer stack", __func__);
+ }
cp = (const u_char *)ip6;
advance = sizeof(struct ip6_hdr);
/* Process extension headers */
found_extension_header = 0;
found_jumbo = 0;
+ found_hbh = 0;
while (cp < ndo->ndo_snapend && advance > 0) {
if (len < (u_int)advance)
goto trunc;
nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
nh != IPPROTO_DCCP && nh != IPPROTO_SCTP) {
ND_PRINT("%s > %s: ", GET_IP6ADDR_STRING(ip6->ip6_src),
- GET_IP6ADDR_STRING(ip6->ip6_dst));
+ GET_IP6ADDR_STRING(ip6->ip6_dst));
}
switch (nh) {
case IPPROTO_HOPOPTS:
+ /*
+ * The Hop-by-Hop Options header, when present,
+ * must immediately follow the IPv6 header (RFC 8200)
+ */
+ if (found_hbh == 1) {
+ ND_PRINT("[The Hop-by-Hop Options header was already found]");
+ nd_print_invalid(ndo);
+ return;
+ }
+ if (ph != 255) {
+ ND_PRINT("[The Hop-by-Hop Options header don't follow the IPv6 header]");
+ nd_print_invalid(ndo);
+ return;
+ }
advance = hbhopt_process(ndo, cp, &found_jumbo, &payload_len);
+ if (payload_len == 0 && found_jumbo == 0) {
+ ND_PRINT("[No valid Jumbo Payload Hop-by-Hop option found]");
+ nd_print_invalid(ndo);
+ return;
+ }
if (advance < 0) {
nd_pop_packet_info(ndo);
return;
}
found_extension_header = 1;
+ found_hbh = 1;
nh = GET_U_1(cp);
break;
case IPPROTO_MOBILITY_OLD:
case IPPROTO_MOBILITY:
/*
- * XXX - we don't use "advance"; RFC 3775 says that
+ * RFC 3775 says that
* the next header field in a mobility header
* should be IPPROTO_NONE, but speaks of
- * the possiblity of a future extension in
+ * the possibility of a future extension in
* which payload can be piggybacked atop a
* mobility header.
*/
len = payload_len + sizeof(struct ip6_hdr);
if (len < total_advance)
goto trunc;
- if (length < len)
- ND_PRINT("truncated-ip6 - %u bytes missing!",
- len - length);
- nd_change_snapend(ndo, bp + len);
+ if (len > length) {
+ ND_PRINT("[header+payload length %u > length %u]",
+ len, length);
+ nd_print_invalid(ndo);
+ ND_PRINT(" ");
+ }
+ nd_change_snaplen(ndo, bp, len);
/*
* Now subtract the length of the IPv6
goto trunc;
/*
- * OK, we didn't see any extnesion
+ * OK, we didn't see any extension
* header, but that means we have
* no payload, so set the length
* to the IPv6 header length,
* accordingly.
*/
len = sizeof(struct ip6_hdr);
- nd_change_snapend(ndo, bp + len);
+ nd_change_snaplen(ndo, bp, len);
/*
* Now subtract the length of
nd_pop_packet_info(ndo);
return;
}
+ ph = nh;
/* ndo_protocol reassignment after xxx_print() calls */
ndo->ndo_protocol = "ip6";
return;
trunc:
nd_print_trunc(ndo);
+ return;
+
+invalid:
+ nd_print_invalid(ndo);
}
projects / tcpdump / blobdiff