X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/1a04b92e365f5ed01ca38619b41bcc4fc9cbd63c..296d466cd6bbf2f7e75e15bb6a01268e88c76ed0:/print-ip.c diff --git a/print-ip.c b/print-ip.c index 1e9f1ed9..a332bd78 100644 --- a/print-ip.c +++ b/print-ip.c @@ -21,13 +21,9 @@ /* \summary: IP printer */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +#include -#include - -#include +#include "netdissect-stdinc.h" #include "netdissect.h" #include "addrtoname.h" @@ -36,7 +32,6 @@ #include "ip.h" #include "ipproto.h" -static const char tstr[] = "[|ip]"; static const struct tok ip_option_values[] = { { IPOPT_EOL, "EOL" }, @@ -62,21 +57,20 @@ ip_printroute(netdissect_options *ndo, u_int len; if (length < 3) { - ND_PRINT((ndo, " [bad length %u]", length)); + ND_PRINT(" [bad length %u]", length); return (0); } if ((length + 1) & 3) - ND_PRINT((ndo, " [bad length %u]", length)); - ND_TCHECK_1(cp + 2); - ptr = EXTRACT_U_1(cp + 2) - 1; + ND_PRINT(" [bad length %u]", length); + ptr = GET_U_1(cp + 2) - 1; if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) - ND_PRINT((ndo, " [bad ptr %u]", EXTRACT_U_1(cp + 2))); + ND_PRINT(" [bad ptr %u]", GET_U_1(cp + 2)); for (len = 3; len < length; len += 4) { - ND_TCHECK_4(cp + len); - ND_PRINT((ndo, " %s", ipaddr_string(ndo, cp + len))); + ND_TCHECK_4(cp + len); /* Needed to print the IP addresses */ + ND_PRINT(" %s", GET_IPADDR_STRING(cp + len)); if (ptr > len) - ND_PRINT((ndo, ",")); + ND_PRINT(","); } return (0); @@ -95,29 +89,31 @@ static uint32_t ip_finddst(netdissect_options *ndo, const struct ip *ip) { - int length; - int len; + u_int length; + u_int len; const u_char *cp; - uint32_t retval; cp = (const u_char *)(ip + 1); - length = (IP_HL(ip) << 2) - sizeof(struct ip); + length = IP_HL(ip) * 4; + if (length < sizeof(struct ip)) + goto trunc; + length -= sizeof(struct ip); - for (; length > 0; cp += len, length -= len) { + for (; length != 0; cp += len, length -= len) { int tt; - ND_TCHECK_1(cp); - tt = EXTRACT_U_1(cp); + tt = GET_U_1(cp); if (tt == IPOPT_EOL) break; else if (tt == IPOPT_NOP) len = 1; else { - ND_TCHECK_1(cp + 1); - len = EXTRACT_U_1(cp + 1); + len = GET_U_1(cp + 1); if (len < 2) break; } + if (length < len) + goto trunc; ND_TCHECK_LEN(cp, len); switch (tt) { @@ -125,28 +121,26 @@ ip_finddst(netdissect_options *ndo, case IPOPT_LSRR: if (len < 7) break; - UNALIGNED_MEMCPY(&retval, cp + len - 4, 4); - return retval; + return (GET_IPV4_TO_NETWORK_ORDER(cp + len - 4)); } } trunc: - UNALIGNED_MEMCPY(&retval, &ip->ip_dst, sizeof(uint32_t)); - return retval; + return (GET_IPV4_TO_NETWORK_ORDER(ip->ip_dst)); } /* * Compute a V4-style checksum by building a pseudoheader. */ -int +uint16_t nextproto4_cksum(netdissect_options *ndo, const struct ip *ip, const uint8_t *data, - u_int len, u_int covlen, u_int next_proto) + u_int len, u_int covlen, uint8_t next_proto) { struct phdr { uint32_t src; uint32_t dst; - u_char mbz; - u_char proto; + uint8_t mbz; + uint8_t proto; uint16_t len; } ph; struct cksum_vec vec[2]; @@ -155,9 +149,9 @@ nextproto4_cksum(netdissect_options *ndo, ph.len = htons((uint16_t)len); ph.mbz = 0; ph.proto = next_proto; - UNALIGNED_MEMCPY(&ph.src, &ip->ip_src, sizeof(uint32_t)); + ph.src = GET_IPV4_TO_NETWORK_ORDER(ip->ip_src); if (IP_HL(ip) == 5) - UNALIGNED_MEMCPY(&ph.dst, &ip->ip_dst, sizeof(uint32_t)); + ph.dst = GET_IPV4_TO_NETWORK_ORDER(ip->ip_dst); else ph.dst = ip_finddst(ndo, ip); @@ -174,45 +168,33 @@ ip_printts(netdissect_options *ndo, { u_int ptr; u_int len; - int hoplen; + u_int hoplen; const char *type; if (length < 4) { - ND_PRINT((ndo, "[bad length %u]", length)); + ND_PRINT("[bad length %u]", length); return (0); } - ND_PRINT((ndo, " TS{")); - ND_TCHECK_1(cp + 3); - hoplen = ((EXTRACT_U_1(cp + 3) & 0xF) != IPOPT_TS_TSONLY) ? 8 : 4; + ND_PRINT(" TS{"); + hoplen = ((GET_U_1(cp + 3) & 0xF) != IPOPT_TS_TSONLY) ? 8 : 4; if ((length - 4) & (hoplen-1)) - ND_PRINT((ndo, "[bad length %u]", length)); - ND_TCHECK_1(cp + 2); - ptr = EXTRACT_U_1(cp + 2) - 1; + ND_PRINT("[bad length %u]", length); + ptr = GET_U_1(cp + 2) - 1; len = 0; if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) - ND_PRINT((ndo, "[bad ptr %u]", EXTRACT_U_1(cp + 2))); - ND_TCHECK_1(cp + 3); - switch (EXTRACT_U_1(cp + 3)&0xF) { + ND_PRINT("[bad ptr %u]", GET_U_1(cp + 2)); + switch (GET_U_1(cp + 3)&0xF) { case IPOPT_TS_TSONLY: - ND_PRINT((ndo, "TSONLY")); + ND_PRINT("TSONLY"); break; case IPOPT_TS_TSANDADDR: - ND_PRINT((ndo, "TS+ADDR")); - break; - /* - * prespecified should really be 3, but some ones might send 2 - * instead, and the IPOPT_TS_PRESPEC constant can apparently - * have both values, so we have to hard-code it here. - */ - - case 2: - ND_PRINT((ndo, "PRESPEC2.0")); + ND_PRINT("TS+ADDR"); break; - case 3: /* IPOPT_TS_PRESPEC */ - ND_PRINT((ndo, "PRESPEC")); + case IPOPT_TS_PRESPEC: + ND_PRINT("PRESPEC"); break; default: - ND_PRINT((ndo, "[bad ts type %d]", EXTRACT_U_1(cp + 3)&0xF)); + ND_PRINT("[bad ts type %u]", GET_U_1(cp + 3)&0xF); goto done; } @@ -221,18 +203,18 @@ ip_printts(netdissect_options *ndo, if (ptr == len) type = " ^ "; ND_TCHECK_LEN(cp + len, hoplen); - ND_PRINT((ndo, "%s%d@%s", type, EXTRACT_BE_U_4(cp + len + hoplen - 4), - hoplen!=8 ? "" : ipaddr_string(ndo, cp + len))); + ND_PRINT("%s%u@%s", type, GET_BE_U_4(cp + len + hoplen - 4), + hoplen!=8 ? "" : GET_IPADDR_STRING(cp + len)); type = " "; } done: - ND_PRINT((ndo, "%s", ptr == len ? " ^ " : "")); + ND_PRINT("%s", ptr == len ? " ^ " : ""); - if (EXTRACT_U_1(cp + 3) >> 4) - ND_PRINT((ndo, " [%d hops not recorded]} ", EXTRACT_U_1(cp + 3)>>4)); + if (GET_U_1(cp + 3) >> 4) + ND_PRINT(" [%u hops not recorded]} ", GET_U_1(cp + 3)>>4); else - ND_PRINT((ndo, "}")); + ND_PRINT("}"); return (0); trunc: @@ -241,8 +223,9 @@ trunc: /* * print IP options. + If truncated return -1, else 0. */ -static void +static int ip_optprint(netdissect_options *ndo, const u_char *cp, u_int length) { @@ -252,38 +235,36 @@ ip_optprint(netdissect_options *ndo, for (; length > 0; cp += option_len, length -= option_len) { u_int option_code; - ND_PRINT((ndo, "%s", sep)); + ND_PRINT("%s", sep); sep = ","; - ND_TCHECK_1(cp); - option_code = EXTRACT_U_1(cp); + option_code = GET_U_1(cp); - ND_PRINT((ndo, "%s", - tok2str(ip_option_values,"unknown %u",option_code))); + ND_PRINT("%s", + tok2str(ip_option_values,"unknown %u",option_code)); if (option_code == IPOPT_NOP || option_code == IPOPT_EOL) option_len = 1; else { - ND_TCHECK_1(cp + 1); - option_len = EXTRACT_U_1(cp + 1); + option_len = GET_U_1(cp + 1); if (option_len < 2) { - ND_PRINT((ndo, " [bad length %u]", option_len)); - return; + ND_PRINT(" [bad length %u]", option_len); + return 0; } } if (option_len > length) { - ND_PRINT((ndo, " [bad length %u]", option_len)); - return; + ND_PRINT(" [bad length %u]", option_len); + return 0; } ND_TCHECK_LEN(cp, option_len); switch (option_code) { case IPOPT_EOL: - return; + return 0; case IPOPT_TS: if (ip_printts(ndo, cp, option_len) == -1) @@ -299,12 +280,12 @@ ip_optprint(netdissect_options *ndo, case IPOPT_RA: if (option_len < 4) { - ND_PRINT((ndo, " [bad length %u]", option_len)); + ND_PRINT(" [bad length %u]", option_len); break; } ND_TCHECK_1(cp + 3); - if (EXTRACT_BE_U_2(cp + 2) != 0) - ND_PRINT((ndo, " value %u", EXTRACT_BE_U_2(cp + 2))); + if (GET_BE_U_2(cp + 2) != 0) + ND_PRINT(" value %u", GET_BE_U_2(cp + 2)); break; case IPOPT_NOP: /* nothing to print - fall through */ @@ -313,10 +294,10 @@ ip_optprint(netdissect_options *ndo, break; } } - return; + return 0; trunc: - ND_PRINT((ndo, "%s", tstr)); + return -1; } #define IP_RES 0x8000 @@ -328,207 +309,6 @@ static const struct tok ip_frag_values[] = { { 0, NULL } }; -struct ip_print_demux_state { - const struct ip *ip; - const u_char *cp; - u_int len, off; - u_char nh; - int advance; -}; - -static void -ip_print_demux(netdissect_options *ndo, - struct ip_print_demux_state *ipds) -{ - const char *p_name; - -again: - switch (ipds->nh) { - - case IPPROTO_AH: - if (!ND_TTEST_1(ipds->cp)) { - ND_PRINT((ndo, "[|AH]")); - break; - } - ipds->nh = EXTRACT_U_1(ipds->cp); - ipds->advance = ah_print(ndo, ipds->cp); - if (ipds->advance <= 0) - break; - ipds->cp += ipds->advance; - ipds->len -= ipds->advance; - goto again; - - case IPPROTO_ESP: - { - u_int enh, padlen; - ipds->advance = esp_print(ndo, ipds->cp, ipds->len, - (const u_char *)ipds->ip, - &enh, &padlen); - if (ipds->advance <= 0) - break; - ipds->cp += ipds->advance; - ipds->len -= ipds->advance + padlen; - ipds->nh = enh & 0xff; - goto again; - } - - case IPPROTO_IPCOMP: - { - ipcomp_print(ndo, ipds->cp); - /* - * Either this has decompressed the payload and - * printed it, in which case there's nothing more - * to do, or it hasn't, in which case there's - * nothing more to do. - */ - break; - } - - case IPPROTO_SCTP: - sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); - break; - - case IPPROTO_DCCP: - dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); - break; - - case IPPROTO_TCP: - /* pass on the MF bit plus the offset to detect fragments */ - tcp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, - ipds->off & (IP_MF|IP_OFFMASK)); - break; - - case IPPROTO_UDP: - /* pass on the MF bit plus the offset to detect fragments */ - udp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, - ipds->off & (IP_MF|IP_OFFMASK)); - break; - - case IPPROTO_ICMP: - /* pass on the MF bit plus the offset to detect fragments */ - icmp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, - ipds->off & (IP_MF|IP_OFFMASK)); - break; - - case IPPROTO_PIGP: - /* - * XXX - the current IANA protocol number assignments - * page lists 9 as "any private interior gateway - * (used by Cisco for their IGRP)" and 88 as - * "EIGRP" from Cisco. - * - * Recent BSD headers define - * IP_PROTO_PIGP as 9 and IP_PROTO_IGRP as 88. - * We define IP_PROTO_PIGP as 9 and - * IP_PROTO_EIGRP as 88; those names better - * match was the current protocol number - * assignments say. - */ - igrp_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_EIGRP: - eigrp_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_ND: - ND_PRINT((ndo, " nd %d", ipds->len)); - break; - - case IPPROTO_EGP: - egp_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_OSPF: - ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); - break; - - case IPPROTO_IGMP: - igmp_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_IPV4: - /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ - ip_print(ndo, ipds->cp, ipds->len); - if (! ndo->ndo_vflag) { - ND_PRINT((ndo, " (ipip-proto-4)")); - return; - } - break; - - case IPPROTO_IPV6: - /* ip6-in-ip encapsulation */ - ip6_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_RSVP: - rsvp_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_GRE: - /* do it */ - gre_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_MOBILE: - mobile_print(ndo, ipds->cp, ipds->len); - break; - - case IPPROTO_PIM: - pim_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); - break; - - case IPPROTO_VRRP: - if (ndo->ndo_packettype == PT_CARP) { - if (ndo->ndo_vflag) - ND_PRINT((ndo, "carp %s > %s: ", - ipaddr_string(ndo, &ipds->ip->ip_src), - ipaddr_string(ndo, &ipds->ip->ip_dst))); - carp_print(ndo, ipds->cp, ipds->len, - EXTRACT_U_1(ipds->ip->ip_ttl)); - } else { - if (ndo->ndo_vflag) - ND_PRINT((ndo, "vrrp %s > %s: ", - ipaddr_string(ndo, &ipds->ip->ip_src), - ipaddr_string(ndo, &ipds->ip->ip_dst))); - vrrp_print(ndo, ipds->cp, ipds->len, - (const u_char *)ipds->ip, - EXTRACT_U_1(ipds->ip->ip_ttl)); - } - break; - - case IPPROTO_PGM: - pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); - break; - - default: - if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) - ND_PRINT((ndo, " %s", p_name)); - else - ND_PRINT((ndo, " ip-proto-%d", ipds->nh)); - ND_PRINT((ndo, " %d", ipds->len)); - break; - } -} - -void -ip_print_inner(netdissect_options *ndo, - const u_char *bp, - u_int length, u_int nh, - const u_char *bp2) -{ - struct ip_print_demux_state ipd; - - ipd.ip = (const struct ip *)bp2; - ipd.cp = bp; - ipd.len = length; - ipd.off = 0; - ipd.nh = nh; - ipd.advance = 0; - - ip_print_demux(ndo, &ipd); -} - /* * print an IP datagram. @@ -536,76 +316,66 @@ ip_print_inner(netdissect_options *ndo, void ip_print(netdissect_options *ndo, const u_char *bp, - u_int length) + const u_int length) { - struct ip_print_demux_state ipd; - struct ip_print_demux_state *ipds=&ipd; - const u_char *ipend; + const struct ip *ip; + u_int off; u_int hlen; + u_int len; struct cksum_vec vec[1]; uint8_t ip_tos, ip_ttl, ip_proto; uint16_t sum, ip_sum; const char *p_name; + int truncated = 0; + int presumed_tso = 0; - ipds->ip = (const struct ip *)bp; - ND_TCHECK(ipds->ip->ip_vhl); - if (IP_V(ipds->ip) != 4) { /* print version and fail if != 4 */ - if (IP_V(ipds->ip) == 6) - ND_PRINT((ndo, "IP6, wrong link-layer encapsulation ")); - else - ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip))); - return; - } - if (!ndo->ndo_eflag) - ND_PRINT((ndo, "IP ")); + ndo->ndo_protocol = "ip"; + ip = (const struct ip *)bp; - ND_TCHECK(*ipds->ip); - if (length < sizeof (struct ip)) { - ND_PRINT((ndo, "truncated-ip %u", length)); - return; - } - hlen = IP_HL(ipds->ip) * 4; - if (hlen < sizeof (struct ip)) { - ND_PRINT((ndo, "bad-hlen %u", hlen)); - return; + if (!ndo->ndo_eflag) { + nd_print_protocol_caps(ndo); + ND_PRINT(" "); } - ipds->len = EXTRACT_BE_U_2(&ipds->ip->ip_len); - if (length < ipds->len) - ND_PRINT((ndo, "truncated-ip - %u bytes missing! ", - ipds->len - length)); - if (ipds->len < hlen) { -#ifdef GUESS_TSO - if (ipds->len) { - ND_PRINT((ndo, "bad-len %u", ipds->len)); - return; - } - else { - /* we guess that it is a TSO send */ - ipds->len = length; - } -#else - ND_PRINT((ndo, "bad-len %u", ipds->len)); - return; -#endif /* GUESS_TSO */ - } + ND_ICHECK_ZU(length, <, sizeof (struct ip)); + ND_ICHECKMSG_U("version", IP_V(ip), !=, 4); + hlen = IP_HL(ip) * 4; + ND_ICHECKMSG_ZU("header length", hlen, <, sizeof (struct ip)); + + len = GET_BE_U_2(ip->ip_len); + if (len > length) { + ND_PRINT("[total length %u > length %u]", len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } + if (len == 0) { + /* we guess that it is a TSO send */ + len = length; + presumed_tso = 1; + } else + ND_ICHECKMSG_U("total length", len, <, hlen); + + ND_TCHECK_SIZE(ip); /* - * Cut off the snapshot length to the end of the IP payload. + * Cut off the snapshot length to the end of the IP payload + * or the end of the data in which it's contained, whichever + * comes first. */ - ipend = bp + ipds->len; - if (ipend < ndo->ndo_snapend) - ndo->ndo_snapend = ipend; + if (!nd_push_snaplen(ndo, bp, ND_MIN(length, len))) { + (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, + "%s: can't push snaplen on buffer stack", __func__); + } - ipds->len -= hlen; + len -= hlen; - ipds->off = EXTRACT_BE_U_2(&ipds->ip->ip_off); + off = GET_BE_U_2(ip->ip_off); - ip_proto = EXTRACT_U_1(ipds->ip->ip_p); + ip_proto = GET_U_1(ip->ip_p); if (ndo->ndo_vflag) { - ip_tos = EXTRACT_U_1(ipds->ip->ip_tos); - ND_PRINT((ndo, "(tos 0x%x", ip_tos)); + ip_tos = GET_U_1(ip->ip_tos); + ND_PRINT("(tos 0x%x", ip_tos); /* ECN bits */ switch (ip_tos & 0x03) { @@ -613,130 +383,148 @@ ip_print(netdissect_options *ndo, break; case 1: - ND_PRINT((ndo, ",ECT(1)")); + ND_PRINT(",ECT(1)"); break; case 2: - ND_PRINT((ndo, ",ECT(0)")); + ND_PRINT(",ECT(0)"); break; case 3: - ND_PRINT((ndo, ",CE")); + ND_PRINT(",CE"); break; } - ip_ttl = EXTRACT_U_1(ipds->ip->ip_ttl); + ip_ttl = GET_U_1(ip->ip_ttl); if (ip_ttl >= 1) - ND_PRINT((ndo, ", ttl %u", ip_ttl)); + ND_PRINT(", ttl %u", ip_ttl); /* * for the firewall guys, print id, offset. * On all but the last stick a "+" in the flags portion. * For unfragmented datagrams, note the don't fragment flag. */ - ND_PRINT((ndo, ", id %u, offset %u, flags [%s], proto %s (%u)", - EXTRACT_BE_U_2(&ipds->ip->ip_id), - (ipds->off & 0x1fff) * 8, - bittok2str(ip_frag_values, "none", ipds->off&0xe000), + ND_PRINT(", id %u, offset %u, flags [%s], proto %s (%u)", + GET_BE_U_2(ip->ip_id), + (off & IP_OFFMASK) * 8, + bittok2str(ip_frag_values, "none", off & (IP_RES|IP_DF|IP_MF)), tok2str(ipproto_values, "unknown", ip_proto), - ip_proto)); - - ND_PRINT((ndo, ", length %u", EXTRACT_BE_U_2(ipds->ip->ip_len))); + ip_proto); - if ((hlen - sizeof(struct ip)) > 0) { - ND_PRINT((ndo, ", options (")); - ip_optprint(ndo, (const u_char *)(ipds->ip + 1), hlen - sizeof(struct ip)); - ND_PRINT((ndo, ")")); + if (presumed_tso) + ND_PRINT(", length %u [was 0, presumed TSO]", length); + else + ND_PRINT(", length %u", GET_BE_U_2(ip->ip_len)); + + if ((hlen > sizeof(struct ip))) { + ND_PRINT(", options ("); + if (ip_optprint(ndo, (const u_char *)(ip + 1), + hlen - sizeof(struct ip)) == -1) { + ND_PRINT(" [truncated-option]"); + truncated = 1; + } + ND_PRINT(")"); } - if (!ndo->ndo_Kflag && (const u_char *)ipds->ip + hlen <= ndo->ndo_snapend) { - vec[0].ptr = (const uint8_t *)(const void *)ipds->ip; + if (!ndo->ndo_Kflag && (const u_char *)ip + hlen <= ndo->ndo_snapend) { + vec[0].ptr = (const uint8_t *)(const void *)ip; vec[0].len = hlen; sum = in_cksum(vec, 1); if (sum != 0) { - ip_sum = EXTRACT_BE_U_2(ipds->ip->ip_sum); - ND_PRINT((ndo, ", bad cksum %x (->%x)!", ip_sum, - in_cksum_shouldbe(ip_sum, sum))); + ip_sum = GET_BE_U_2(ip->ip_sum); + ND_PRINT(", bad cksum %x (->%x)!", ip_sum, + in_cksum_shouldbe(ip_sum, sum)); } } - ND_PRINT((ndo, ")\n ")); + ND_PRINT(")\n "); + if (truncated) { + ND_PRINT("%s > %s: ", + GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); + nd_print_trunc(ndo); + nd_pop_packet_info(ndo); + return; + } } /* * If this is fragment zero, hand it to the next higher - * level protocol. + * level protocol. Let them know whether there are more + * fragments. */ - if ((ipds->off & 0x1fff) == 0) { - ipds->cp = (const u_char *)ipds->ip + hlen; - ipds->nh = EXTRACT_U_1(ipds->ip->ip_p); - - if (ipds->nh != IPPROTO_TCP && ipds->nh != IPPROTO_UDP && - ipds->nh != IPPROTO_SCTP && ipds->nh != IPPROTO_DCCP) { - ND_PRINT((ndo, "%s > %s: ", - ipaddr_string(ndo, &ipds->ip->ip_src), - ipaddr_string(ndo, &ipds->ip->ip_dst))); + if ((off & IP_OFFMASK) == 0) { + uint8_t nh = GET_U_1(ip->ip_p); + + if (nh != IPPROTO_TCP && nh != IPPROTO_UDP && + nh != IPPROTO_SCTP && nh != IPPROTO_DCCP) { + ND_PRINT("%s > %s: ", + GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); } - ip_print_demux(ndo, ipds); + /* + * Do a bounds check before calling ip_demux_print(). + * At least the header data is required. + */ + if (!ND_TTEST_LEN((const u_char *)ip, hlen)) { + ND_PRINT(" [remaining caplen(%u) < header length(%u)]", + ND_BYTES_AVAILABLE_AFTER((const u_char *)ip), + hlen); + nd_trunc_longjmp(ndo); + } + ip_demux_print(ndo, (const u_char *)ip + hlen, len, 4, + off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp); } else { /* * Ultra quiet now means that all this stuff should be * suppressed. */ - if (ndo->ndo_qflag > 1) + if (ndo->ndo_qflag > 1) { + nd_pop_packet_info(ndo); return; + } /* * This isn't the first frag, so we're missing the * next level protocol header. print the ip addr * and the protocol. */ - ND_PRINT((ndo, "%s > %s:", ipaddr_string(ndo, &ipds->ip->ip_src), - ipaddr_string(ndo, &ipds->ip->ip_dst))); + ND_PRINT("%s > %s:", GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); if (!ndo->ndo_nflag && (p_name = netdb_protoname(ip_proto)) != NULL) - ND_PRINT((ndo, " %s", p_name)); + ND_PRINT(" %s", p_name); else - ND_PRINT((ndo, " ip-proto-%u", ip_proto)); + ND_PRINT(" ip-proto-%u", ip_proto); } + nd_pop_packet_info(ndo); return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); return; + +invalid: + nd_print_invalid(ndo); } void ipN_print(netdissect_options *ndo, const u_char *bp, u_int length) { + ndo->ndo_protocol = "ipn"; if (length < 1) { - ND_PRINT((ndo, "truncated-ip %d", length)); + ND_PRINT("truncated-ip %u", length); return; } - ND_TCHECK_1(bp); - switch (EXTRACT_U_1(bp) & 0xF0) { + switch (GET_U_1(bp) & 0xF0) { case 0x40: - ip_print (ndo, bp, length); + ip_print(ndo, bp, length); break; case 0x60: - ip6_print (ndo, bp, length); + ip6_print(ndo, bp, length); break; default: - ND_PRINT((ndo, "unknown ip %u", (EXTRACT_U_1(bp) & 0xF0) >> 4)); + ND_PRINT("unknown ip %u", (GET_U_1(bp) & 0xF0) >> 4); break; } - return; - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return; } - -/* - * Local Variables: - * c-style: whitesmith - * c-basic-offset: 8 - * End: - */ - -