X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/20eab47a4d7d6acb7ef916f61f7db9ffb3d51ff9..HEAD:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index b154f8e2..89598b2d 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -29,14 +29,12 @@ /* * specification: * - * CLNP: ISO 8473 (respective ITU version is at http://www.itu.int/rec/T-REC-X.233/en/) + * CLNP: ISO 8473 (respective ITU version is at https://www.itu.int/rec/T-REC-X.233/en/) * ES-IS: ISO 9542 * IS-IS: ISO 10589 */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" @@ -49,13 +47,14 @@ #include "gmpls.h" #include "oui.h" #include "signature.h" +#include "af.h" /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. */ -#define SYSTEM_ID_LEN MAC_ADDR_LEN +#define SYSTEM_ID_LEN MAC48_LEN #define NODE_ID_LEN (SYSTEM_ID_LEN+1) #define LSP_ID_LEN (SYSTEM_ID_LEN+2) @@ -106,7 +105,7 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_PART_DIS 4 /* iso10589 */ #define ISIS_TLV_PREFIX_NEIGH 5 /* iso10589 */ #define ISIS_TLV_ISNEIGH 6 /* iso10589 */ -#define ISIS_TLV_ISNEIGH_VARLEN 7 /* iso10589 */ +#define ISIS_TLV_INSTANCE_ID 7 /* rfc8202 */ #define ISIS_TLV_PADDING 8 /* iso10589 */ #define ISIS_TLV_LSP 9 /* iso10589 */ #define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ @@ -143,6 +142,7 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_MT_IP6_REACH 237 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_PTP_ADJ 240 /* rfc3373 */ #define ISIS_TLV_IIH_SEQNR 241 /* draft-shen-isis-iih-sequence-00 */ +#define ISIS_TLV_ROUTER_CAPABILITY 242 /* rfc7981 */ #define ISIS_TLV_VENDOR_PRIVATE 250 /* draft-ietf-isis-experimental-tlv-01 */ #define ISIS_TLV_VENDOR_PRIVATE_MINLEN 3 @@ -153,7 +153,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_PART_DIS, "Partition DIS"}, { ISIS_TLV_PREFIX_NEIGH, "Prefix Neighbors"}, { ISIS_TLV_ISNEIGH, "IS Neighbor(s)"}, - { ISIS_TLV_ISNEIGH_VARLEN, "IS Neighbor(s) (variable length)"}, + { ISIS_TLV_INSTANCE_ID, "Instance Identifier"}, { ISIS_TLV_PADDING, "Padding"}, { ISIS_TLV_LSP, "LSP entries"}, { ISIS_TLV_AUTH, "Authentication"}, @@ -187,6 +187,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_MT_IP6_REACH, "Multi-Topology IP6 Reachability"}, { ISIS_TLV_PTP_ADJ, "Point-to-point Adjacency State"}, { ISIS_TLV_IIH_SEQNR, "Hello PDU Sequence Number"}, + { ISIS_TLV_ROUTER_CAPABILITY, "IS-IS Router Capability"}, { ISIS_TLV_VENDOR_PRIVATE, "Vendor Private"}, { 0, NULL } }; @@ -205,7 +206,7 @@ static const struct tok esis_option_values[] = { { ESIS_OPTION_SECURITY, "Security" }, { ESIS_OPTION_ES_CONF_TIME, "ES Configuration Time" }, { ESIS_OPTION_PRIORITY, "Priority" }, - { ESIS_OPTION_ADDRESS_MASK, "Addressk Mask" }, + { ESIS_OPTION_ADDRESS_MASK, "Address Mask" }, { ESIS_OPTION_SNPA_MASK, "SNPA Mask" }, { 0, NULL } }; @@ -340,6 +341,25 @@ static const struct tok clnp_option_qos_global_values[] = { { 0, NULL } }; +static const struct tok isis_tlv_router_capability_flags[] = { + { 0x01, "S bit"}, + { 0x02, "D bit"}, + { 0, NULL } +}; + +#define ISIS_SUBTLV_ROUTER_CAP_SR 2 /* rfc 8667 */ + +static const struct tok isis_router_capability_subtlv_values[] = { + { ISIS_SUBTLV_ROUTER_CAP_SR, "SR-Capabilities"}, + { 0, NULL } +}; + +static const struct tok isis_router_capability_sr_flags[] = { + { 0x80, "ipv4"}, + { 0x40, "ipv6"}, + { 0, NULL } +}; + #define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* rfc5305 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* rfc5305 */ @@ -354,6 +374,7 @@ static const struct tok clnp_option_qos_global_values[] = { #define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS 22 /* rfc4124 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID 32 /* rfc8667 */ #define ISIS_SUBTLV_SPB_METRIC 29 /* rfc6329 */ @@ -372,6 +393,7 @@ static const struct tok isis_ext_is_reach_subtlv_values[] = { { ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR, "Interface Switching Capability" }, { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD, "Bandwidth Constraints (old)" }, { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS, "Bandwidth Constraints" }, + { ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID, "LAN Adjacency Segment Identifier" }, { ISIS_SUBTLV_SPB_METRIC, "SPB Metric" }, { 250, "Reserved for cisco specific extensions" }, { 251, "Reserved for cisco specific extensions" }, @@ -384,15 +406,42 @@ static const struct tok isis_ext_is_reach_subtlv_values[] = { #define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32 1 /* draft-ietf-isis-admin-tags-01 */ #define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64 2 /* draft-ietf-isis-admin-tags-01 */ +#define ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID 3 /* rfc8667 */ #define ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR 117 /* draft-ietf-isis-wg-multi-topology-05 */ static const struct tok isis_ext_ip_reach_subtlv_values[] = { { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32, "32-Bit Administrative tag" }, { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64, "64-Bit Administrative tag" }, + { ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID, "Prefix SID" }, { ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR, "Management Prefix Color" }, { 0, NULL } }; +#define ISIS_PREFIX_SID_FLAG_R 0x80 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_N 0x40 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_P 0x20 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_E 0x10 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_V 0x08 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_L 0x04 /* rfc 8667 */ + +static const struct tok prefix_sid_flag_values[] = { + { ISIS_PREFIX_SID_FLAG_R, "Readvertisement"}, + { ISIS_PREFIX_SID_FLAG_N, "Node"}, + { ISIS_PREFIX_SID_FLAG_P, "No-PHP"}, + { ISIS_PREFIX_SID_FLAG_E, "Explicit NULL"}, + { ISIS_PREFIX_SID_FLAG_V, "Value"}, + { ISIS_PREFIX_SID_FLAG_L, "Local"}, + { 0, NULL} +}; + + +/* rfc 8667 */ +static const struct tok prefix_sid_algo_values[] = { + { 0, "SPF"}, + { 1, "strict-SPF"}, + { 0, NULL} +}; + static const struct tok isis_subtlv_link_attribute_values[] = { { 0x01, "Local Protection Available" }, { 0x02, "Link excluded from local protection path" }, @@ -400,6 +449,16 @@ static const struct tok isis_subtlv_link_attribute_values[] = { { 0, NULL } }; +static const struct tok isis_lan_adj_sid_flag_values[] = { + { 0x80, "Address family IPv6" }, + { 0x40, "Backup" }, + { 0x20, "Value" }, + { 0x10, "Local significance" }, + { 0x08, "Set of adjacencies" }, + { 0x04, "Persistent" }, + { 0, NULL } +}; + #define ISIS_SUBTLV_AUTH_SIMPLE 1 #define ISIS_SUBTLV_AUTH_GENERIC 3 /* rfc 5310 */ #define ISIS_SUBTLV_AUTH_MD5 54 @@ -552,7 +611,7 @@ static const struct tok isis_lsp_istype_values[] = { #define ISIS_PTP_ADJ_INIT 1 #define ISIS_PTP_ADJ_DOWN 2 -static const struct tok isis_ptp_adjancey_values[] = { +static const struct tok isis_ptp_adjacency_values[] = { { ISIS_PTP_ADJ_UP, "Up" }, { ISIS_PTP_ADJ_INIT, "Initializing" }, { ISIS_PTP_ADJ_DOWN, "Down" }, @@ -675,7 +734,6 @@ void isoclns_print(netdissect_options *ndo, const u_char *p, u_int length) { ndo->ndo_protocol = "isoclns"; - ND_TCHECK_1(p); /* enough bytes on the wire ? */ if (ndo->ndo_eflag) ND_PRINT("OSI NLPID %s (0x%02x): ", @@ -726,9 +784,6 @@ isoclns_print(netdissect_options *ndo, const u_char *p, u_int length) print_unknown_data(ndo, p, "\n\t", length); break; } - return; -trunc: - nd_print_trunc(ndo); } #define CLNP_PDU_ER 1 @@ -786,7 +841,7 @@ clnp_print(netdissect_options *ndo, optr = pptr; if (!ndo->ndo_eflag) - ND_PRINT("CLNP"); + nd_print_protocol_caps(ndo); /* * Sanity checking of the header. @@ -824,7 +879,6 @@ clnp_print(netdissect_options *ndo, ND_PRINT("li < size of fixed part of CLNP header and addresses"); return (0); } - ND_TCHECK_1(pptr); dest_address_length = GET_U_1(pptr); pptr += 1; li_remaining -= 1; @@ -841,7 +895,6 @@ clnp_print(netdissect_options *ndo, ND_PRINT("li < size of fixed part of CLNP header and addresses"); return (0); } - ND_TCHECK_1(pptr); source_address_length = GET_U_1(pptr); pptr += 1; li_remaining -= 1; @@ -857,8 +910,8 @@ clnp_print(netdissect_options *ndo, if (ndo->ndo_vflag < 1) { ND_PRINT("%s%s > %s, %s, length %u", ndo->ndo_eflag ? "" : ", ", - isonsap_string(ndo, source_address, source_address_length), - isonsap_string(ndo, dest_address, dest_address_length), + GET_ISONSAP_STRING(source_address, source_address_length), + GET_ISONSAP_STRING(dest_address, dest_address_length), tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), length); return (1); @@ -882,9 +935,9 @@ clnp_print(netdissect_options *ndo, ND_PRINT("\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - isonsap_string(ndo, source_address, source_address_length), + GET_ISONSAP_STRING(source_address, source_address_length), dest_address_length, - isonsap_string(ndo, dest_address, dest_address_length)); + GET_ISONSAP_STRING(dest_address, dest_address_length)); if (clnp_flags & CLNP_SEGMENT_PART) { if (li_remaining < sizeof(struct clnp_segment_header_t)) { @@ -910,7 +963,6 @@ clnp_print(netdissect_options *ndo, ND_PRINT(", bad opts/li"); return (0); } - ND_TCHECK_2(pptr); op = GET_U_1(pptr); opli = GET_U_1(pptr + 1); pptr += 2; @@ -961,7 +1013,7 @@ clnp_print(netdissect_options *ndo, } tptr+=nsap_offset; tlen-=nsap_offset; - while (tlen > 0) { + while (tlen != 0) { source_address_length=GET_U_1(tptr); if (tlen < source_address_length+1) { ND_PRINT("\n\t NSAP address goes past end of option"); @@ -969,11 +1021,9 @@ clnp_print(netdissect_options *ndo, } if (source_address_length > 0) { source_address=(tptr+1); - ND_TCHECK_LEN(source_address, - source_address_length); ND_PRINT("\n\t NSAP address (length %u): %s", source_address_length, - isonsap_string(ndo, source_address, source_address_length)); + GET_ISONSAP_STRING(source_address, source_address_length)); } tlen-=source_address_length+1; } @@ -1049,7 +1099,6 @@ clnp_print(netdissect_options *ndo, case CLNP_PDU_ER: /* fall through */ case CLNP_PDU_ERP: - ND_TCHECK_1(pptr); if (GET_U_1(pptr) == NLPID_CLNP) { ND_PRINT("\n\t-----original packet-----\n\t"); /* FIXME recursion protection */ @@ -1075,9 +1124,10 @@ clnp_print(netdissect_options *ndo, default: /* dump the PDU specific data */ - if (length-(pptr-optr) > 0) { + if (length > ND_BYTES_BETWEEN(optr, pptr)) { ND_PRINT("\n\t undecoded non-header data, length %u", length-li); - print_unknown_data(ndo, pptr, "\n\t ", length - (int)(pptr - optr)); + print_unknown_data(ndo, pptr, "\n\t ", + length - ND_BYTES_BETWEEN(optr, pptr)); } } @@ -1214,7 +1264,7 @@ esis_print(netdissect_options *ndo, dst = pptr; pptr += dstl; li -= dstl; - ND_PRINT("\n\t %s", isonsap_string(ndo, dst, dstl)); + ND_PRINT("\n\t %s", GET_ISONSAP_STRING(dst, dstl)); ND_TCHECK_1(pptr); if (li < 1) { @@ -1248,18 +1298,18 @@ esis_print(netdissect_options *ndo, pptr += netal; li -= netal; - if (snpal == 6) + if (snpal == MAC48_LEN) ND_PRINT("\n\t SNPA (length: %u): %s", snpal, - etheraddr_string(ndo, snpa)); + GET_MAC48_STRING(snpa)); else ND_PRINT("\n\t SNPA (length: %u): %s", snpal, - linkaddr_string(ndo, snpa, LINKADDR_OTHER, snpal)); + GET_LINKADDR_STRING(snpa, LINKADDR_OTHER, snpal)); if (netal != 0) ND_PRINT("\n\t NET (length: %u) %s", netal, - isonsap_string(ndo, neta, netal)); + GET_ISONSAP_STRING(neta, netal)); break; } @@ -1275,7 +1325,7 @@ esis_print(netdissect_options *ndo, ND_PRINT("\n\t Number of Source Addresses: %u", source_address_number); - while (source_address_number > 0) { + while (source_address_number != 0) { ND_TCHECK_1(pptr); if (li < 1) { ND_PRINT(", bad esh/li"); @@ -1292,7 +1342,7 @@ esis_print(netdissect_options *ndo, } ND_PRINT("\n\t NET (length: %u): %s", source_address_length, - isonsap_string(ndo, pptr, source_address_length)); + GET_ISONSAP_STRING(pptr, source_address_length)); pptr += source_address_length; li -= source_address_length; source_address_number--; @@ -1314,7 +1364,7 @@ esis_print(netdissect_options *ndo, ND_PRINT(", bad ish/li"); return; } - ND_PRINT("\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length)); + ND_PRINT("\n\t NET (length: %u): %s", source_address_length, GET_ISONSAP_STRING(pptr, source_address_length)); pptr += source_address_length; li -= source_address_length; break; @@ -1322,8 +1372,12 @@ esis_print(netdissect_options *ndo, default: if (ndo->ndo_vflag <= 1) { - if (pptr < ndo->ndo_snapend) - print_unknown_data(ndo, pptr, "\n\t ", (int)(ndo->ndo_snapend - pptr)); + /* + * If there's at least one byte to print, print + * it/them. + */ + if (ND_TTEST_LEN(pptr, 1)) + print_unknown_data(ndo, pptr, "\n\t ", ND_BYTES_AVAILABLE_AFTER(pptr)); } return; } @@ -1337,7 +1391,6 @@ esis_print(netdissect_options *ndo, ND_PRINT(", bad opts/li"); return; } - ND_TCHECK_2(pptr); op = GET_U_1(pptr); opli = GET_U_1(pptr + 1); pptr += 2; @@ -1365,8 +1418,7 @@ esis_print(netdissect_options *ndo, break; case ESIS_OPTION_PROTOCOLS: - while (opli>0) { - ND_TCHECK_1(tptr); + while (opli != 0) { ND_PRINT("%s (0x%02x)", tok2str(nlpid_values, "unknown", @@ -1413,8 +1465,7 @@ isis_print_mcid(netdissect_options *ndo, ND_TCHECK_SIZE(mcid); ND_PRINT("ID: %u, Name: ", GET_U_1(mcid->format_id)); - if (nd_printzp(ndo, mcid->name, 32, ndo->ndo_snapend)) - goto trunc; + nd_printjnp(ndo, mcid->name, sizeof(mcid->name)); ND_PRINT("\n\t Lvl: %u", GET_BE_U_2(mcid->revision_lvl)); @@ -1436,9 +1487,7 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, const struct isis_subtlv_spb_mcid *subtlv_spb_mcid; int i; - while (len > 2) - { - ND_TCHECK_2(tptr); + while (len > 2) { stlv_type = GET_U_1(tptr); stlv_len = GET_U_1(tptr + 1); @@ -1458,8 +1507,7 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, /* Make sure the entire subTLV is in the captured data */ ND_TCHECK_LEN(tptr, stlv_len); - switch (stlv_type) - { + switch (stlv_type) { case ISIS_SUBTLV_SPB_MCID: { if (stlv_len < ISIS_SUBTLV_SPB_MCID_MIN_LEN) @@ -1500,8 +1548,7 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, ND_PRINT("\n\t Digest: "); - for(i=1;i<=8; i++) - { + for(i=1;i<=8; i++) { ND_PRINT("%08x ", GET_BE_U_4(tptr)); if (i%4 == 0 && i != 8) ND_PRINT("\n\t "); @@ -1516,8 +1563,7 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, case ISIS_SUBTLV_SPB_BVID: { - while (stlv_len != 0) - { + while (stlv_len != 0) { if (stlv_len < 4) goto subtlv_too_short; ND_PRINT("\n\t ECT: %08x", @@ -1569,9 +1615,7 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, { u_int stlv_type, stlv_len, treecount; - while (len > 2) - { - ND_TCHECK_2(tptr); + while (len > 2) { stlv_type = GET_U_1(tptr); stlv_len = GET_U_1(tptr + 1); tptr += 2; @@ -1589,8 +1633,7 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, /* Make sure the entire subTLV is in the captured data */ ND_TCHECK_LEN(tptr, stlv_len); - switch (stlv_type) - { + switch (stlv_type) { case ISIS_SUBTLV_SPB_INSTANCE: if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN) goto subtlv_too_short; @@ -1618,8 +1661,7 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, len -= ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; stlv_len -= ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; - while (treecount) - { + while (treecount) { if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN) goto trunc; @@ -1664,7 +1706,6 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, stlv_len -= 8; while (stlv_len >= 4) { - ND_TCHECK_4(tptr); ND_PRINT("\n\t T: %u, R: %u, RES: %u, ISID: %u", (GET_BE_U_4(tptr) >> 31), (GET_BE_U_4(tptr) >> 30) & 0x01, @@ -1712,19 +1753,19 @@ isis_print_id(netdissect_options *ndo, const uint8_t *cp, u_int id_len) if (sysid_len > id_len) sysid_len = id_len; for (i = 1; i <= sysid_len; i++) { - nd_snprintf(pos, sizeof(id) - (pos - id), "%02x", GET_U_1(cp)); + snprintf(pos, sizeof(id) - (pos - id), "%02x", GET_U_1(cp)); cp++; pos += strlen(pos); if (i == 2 || i == 4) *pos++ = '.'; } if (id_len >= NODE_ID_LEN) { - nd_snprintf(pos, sizeof(id) - (pos - id), ".%02x", GET_U_1(cp)); + snprintf(pos, sizeof(id) - (pos - id), ".%02x", GET_U_1(cp)); cp++; pos += strlen(pos); } if (id_len == LSP_ID_LEN) - nd_snprintf(pos, sizeof(id) - (pos - id), "-%02x", GET_U_1(cp)); + snprintf(pos, sizeof(id) - (pos - id), "-%02x", GET_U_1(cp)); return (id); } @@ -1754,18 +1795,18 @@ isis_print_metric_block(netdissect_options *ndo, static int isis_print_tlv_ip_reach(netdissect_options *ndo, - const uint8_t *cp, const char *ident, u_int length) + const uint8_t *cp, const char *indent, u_int length) { int prefix_len; const struct isis_tlv_ip_reach *tlv_ip_reach; tlv_ip_reach = (const struct isis_tlv_ip_reach *)cp; - while (length > 0) { + while (length != 0) { if ((size_t)length < sizeof(*tlv_ip_reach)) { - ND_PRINT("short IPv4 Reachability (%u vs %lu)", + ND_PRINT("short IPv4 Reachability (%u vs %zu)", length, - (unsigned long)sizeof(*tlv_ip_reach)); + sizeof(*tlv_ip_reach)); return (0); } @@ -1775,13 +1816,13 @@ isis_print_tlv_ip_reach(netdissect_options *ndo, if (prefix_len == -1) ND_PRINT("%sIPv4 prefix: %s mask %s", - ident, - ipaddr_string(ndo, (tlv_ip_reach->prefix)), - ipaddr_string(ndo, (tlv_ip_reach->mask))); + indent, + GET_IPADDR_STRING(tlv_ip_reach->prefix), + GET_IPADDR_STRING(tlv_ip_reach->mask)); else ND_PRINT("%sIPv4 prefix: %15s/%u", - ident, - ipaddr_string(ndo, (tlv_ip_reach->prefix)), + indent, + GET_IPADDR_STRING(tlv_ip_reach->prefix), prefix_len); ND_PRINT(", Distribution: %s, Metric: %u, %s", @@ -1791,19 +1832,19 @@ isis_print_tlv_ip_reach(netdissect_options *ndo, if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_delay)) ND_PRINT("%s Delay Metric: %u, %s", - ident, + indent, ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_delay), ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_delay) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_expense)) ND_PRINT("%s Expense Metric: %u, %s", - ident, + indent, ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_expense), ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_expense) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_error)) ND_PRINT("%s Error Metric: %u, %s", - ident, + indent, ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_error), ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_error) ? "External" : "Internal"); @@ -1823,11 +1864,11 @@ trunc: static int isis_print_ip_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int subt, u_int subl, - const char *ident) + const char *indent) { /* first lets see if we know the subTLVs name*/ ND_PRINT("%s%s subTLV #%u, length: %u", - ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), + indent, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), subt, subl); ND_TCHECK_LEN(tptr, subl); @@ -1852,6 +1893,35 @@ isis_print_ip_reach_subtlv(netdissect_options *ndo, subl-=8; } break; + case ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID: + { + uint8_t algo, flags; + uint32_t sid; + + flags = GET_U_1(tptr); + algo = GET_U_1(tptr+1); + + if (flags & ISIS_PREFIX_SID_FLAG_V) { + if (subl < 5) + goto trunc; + sid = GET_BE_U_3(tptr+2); + tptr+=5; + subl-=5; + } else { + if (subl < 6) + goto trunc; + sid = GET_BE_U_4(tptr+2); + tptr+=6; + subl-=6; + } + + ND_PRINT(", Flags [%s], Algo %s (%u), %s %u", + bittok2str(prefix_sid_flag_values, "None", flags), + tok2str(prefix_sid_algo_values, "Unknown", algo), algo, + flags & ISIS_PREFIX_SID_FLAG_V ? "label" : "index", + sid); + } + break; default: if (!print_unknown_data(ndo, tptr, "\n\t\t ", subl)) return(0); @@ -1871,23 +1941,19 @@ trunc: static int isis_print_ext_is_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, u_int tlv_type, + const uint8_t *tptr, const char *indent, u_int tlv_type, u_int tlv_remaining) { - char ident_buffer[20]; + char indent_buffer[20]; u_int subtlv_type,subtlv_len,subtlv_sum_len; int proc_bytes = 0; /* how many bytes did we process ? */ u_int te_class,priority_level,gmpls_switch_cap; - union { /* int to float conversion buffer for several subTLVs */ - float f; - uint32_t i; - } bw; ND_TCHECK_LEN(tptr, NODE_ID_LEN); if (tlv_remaining < NODE_ID_LEN) return(0); - ND_PRINT("%sIS Neighbor: %s", ident, isis_print_id(ndo, tptr, NODE_ID_LEN)); + ND_PRINT("%sIS Neighbor: %s", indent, isis_print_id(ndo, tptr, NODE_ID_LEN)); tptr+=NODE_ID_LEN; tlv_remaining-=NODE_ID_LEN; proc_bytes+=NODE_ID_LEN; @@ -1913,17 +1979,17 @@ isis_print_ext_is_reach(netdissect_options *ndo, if (subtlv_sum_len) { ND_PRINT(" (%u)", subtlv_sum_len); /* prepend the indent string */ - nd_snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); - ident = ident_buffer; + snprintf(indent_buffer, sizeof(indent_buffer), "%s ", indent); + indent = indent_buffer; while (subtlv_sum_len != 0) { ND_TCHECK_2(tptr); if (tlv_remaining < 2) { - ND_PRINT("%sRemaining data in TLV shorter than a subTLV header",ident); + ND_PRINT("%sRemaining data in TLV shorter than a subTLV header", indent); proc_bytes += tlv_remaining; break; } if (subtlv_sum_len < 2) { - ND_PRINT("%sRemaining data in subTLVs shorter than a subTLV header",ident); + ND_PRINT("%sRemaining data in subTLVs shorter than a subTLV header", indent); proc_bytes += subtlv_sum_len; break; } @@ -1934,7 +2000,7 @@ isis_print_ext_is_reach(netdissect_options *ndo, subtlv_sum_len -= 2; proc_bytes += 2; ND_PRINT("%s%s subTLV #%u, length: %u", - ident, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subtlv_type), + indent, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subtlv_type), subtlv_type, subtlv_len); if (subtlv_sum_len < subtlv_len) { @@ -1964,23 +2030,20 @@ isis_print_ext_is_reach(netdissect_options *ndo, case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: if (subtlv_len >= sizeof(nd_ipv4)) - ND_PRINT(", %s", ipaddr_string(ndo, tptr)); + ND_PRINT(", %s", GET_IPADDR_STRING(tptr)); break; case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW : case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW: - if (subtlv_len >= 4) { - bw.i = GET_BE_U_4(tptr); - ND_PRINT(", %.3f Mbps", bw.f * 8 / 1000000); - } + if (subtlv_len >= 4) + ND_PRINT(", %.3f Mbps", GET_BE_F_4(tptr) * 8 / 1000000); break; case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW : if (subtlv_len >= 32) { for (te_class = 0; te_class < 8; te_class++) { - bw.i = GET_BE_U_4(tptr); ND_PRINT("%s TE-Class %u: %.3f Mbps", - ident, + indent, te_class, - bw.f * 8 / 1000000); + GET_BE_F_4(tptr) * 8 / 1000000); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; @@ -1993,7 +2056,7 @@ isis_print_ext_is_reach(netdissect_options *ndo, if (subtlv_len == 0) break; ND_PRINT("%sBandwidth Constraints Model ID: %s (%u)", - ident, + indent, tok2str(diffserv_te_bc_values, "unknown", GET_U_1(tptr)), GET_U_1(tptr)); tptr++; @@ -2004,11 +2067,10 @@ isis_print_ext_is_reach(netdissect_options *ndo, for (te_class = 0; subtlv_len != 0; te_class++) { if (subtlv_len < 4) break; - bw.i = GET_BE_U_4(tptr); ND_PRINT("%s Bandwidth constraint CT%u: %.3f Mbps", - ident, + indent, te_class, - bw.f * 8 / 1000000); + GET_BE_F_4(tptr) * 8 / 1000000); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; @@ -2054,7 +2116,7 @@ isis_print_ext_is_reach(netdissect_options *ndo, if (subtlv_len >= 36) { gmpls_switch_cap = GET_U_1(tptr); ND_PRINT("%s Interface Switching Capability:%s", - ident, + indent, tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap)); ND_PRINT(", LSP Encoding: %s", tok2str(gmpls_encoding_values, "Unknown", GET_U_1((tptr + 1)))); @@ -2062,13 +2124,12 @@ isis_print_ext_is_reach(netdissect_options *ndo, subtlv_len -= 4; subtlv_sum_len -= 4; proc_bytes += 4; - ND_PRINT("%s Max LSP Bandwidth:", ident); + ND_PRINT("%s Max LSP Bandwidth:", indent); for (priority_level = 0; priority_level < 8; priority_level++) { - bw.i = GET_BE_U_4(tptr); ND_PRINT("%s priority level %u: %.3f Mbps", - ident, + indent, priority_level, - bw.f * 8 / 1000000); + GET_BE_F_4(tptr) * 8 / 1000000); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; @@ -2081,17 +2142,18 @@ isis_print_ext_is_reach(netdissect_options *ndo, case GMPLS_PSC4: if (subtlv_len < 6) break; - bw.i = GET_BE_U_4(tptr); - ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000); - ND_PRINT("%s Interface MTU: %u", ident, + ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", + indent, + GET_BE_F_4(tptr) * 8 / 1000000); + ND_PRINT("%s Interface MTU: %u", indent, GET_BE_U_2(tptr + 4)); break; case GMPLS_TSC: if (subtlv_len < 8) break; - bw.i = GET_BE_U_4(tptr); - ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000); - ND_PRINT("%s Indication %s", ident, + ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", indent, + GET_BE_F_4(tptr) * 8 / 1000000); + ND_PRINT("%s Indication %s", indent, tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", GET_U_1((tptr + 4)))); break; default: @@ -2104,6 +2166,41 @@ isis_print_ext_is_reach(netdissect_options *ndo, } } break; + case ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID: + if (subtlv_len >= 8) { + ND_PRINT("%s Flags: [%s]", indent, + bittok2str(isis_lan_adj_sid_flag_values, + "none", + GET_U_1(tptr))); + int vflag = (GET_U_1(tptr) & 0x20) ? 1:0; + int lflag = (GET_U_1(tptr) & 0x10) ? 1:0; + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + ND_PRINT("%s Weight: %u", indent, GET_U_1(tptr)); + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + if(subtlv_len>=SYSTEM_ID_LEN) { + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT("%s Neighbor System-ID: %s", indent, + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + } + /* RFC 8667 section 2.2.2 */ + /* if V-flag is set to 1 and L-flag is set to 1 ==> 3 octet label */ + /* if V-flag is set to 0 and L-flag is set to 0 ==> 4 octet index */ + if (vflag && lflag) { + ND_PRINT("%s Label: %u", + indent, GET_BE_U_3(tptr+SYSTEM_ID_LEN)); + } else if ((!vflag) && (!lflag)) { + ND_PRINT("%s Index: %u", + indent, GET_BE_U_4(tptr+SYSTEM_ID_LEN)); + } else + nd_print_invalid(ndo); + } + break; default: if (!print_unknown_data(ndo, tptr, "\n\t\t ", subtlv_len)) return(0); @@ -2129,14 +2226,13 @@ trunc: static uint8_t isis_print_mtid(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, u_int tlv_remaining) + const uint8_t *tptr, const char *indent, u_int tlv_remaining) { if (tlv_remaining < 2) goto trunc; - ND_TCHECK_2(tptr); ND_PRINT("%s%s", - ident, + indent, tok2str(isis_mt_values, "Reserved for IETF Consensus", ISIS_MASK_MTID(GET_BE_U_2(tptr)))); @@ -2159,36 +2255,33 @@ trunc: static u_int isis_print_extd_ip_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, uint16_t afi) + const uint8_t *tptr, const char *indent, uint16_t afi) { - char ident_buffer[20]; + char indent_buffer[20]; uint8_t prefix[sizeof(nd_ipv6)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; - ND_TCHECK_4(tptr); metric = GET_BE_U_4(tptr); processed=4; tptr+=4; - if (afi == AF_INET) { - ND_TCHECK_1(tptr); + if (afi == AFNUM_IP) { status_byte=GET_U_1(tptr); tptr++; bit_length = status_byte&0x3f; if (bit_length > 32) { ND_PRINT("%sIPv4 prefix: bad bit length %u", - ident, + indent, bit_length); return (0); } processed++; - } else if (afi == AF_INET6) { - ND_TCHECK_2(tptr); + } else if (afi == AFNUM_IP6) { status_byte=GET_U_1(tptr); bit_length=GET_U_1(tptr + 1); if (bit_length > 128) { ND_PRINT("%sIPv6 prefix: bad bit length %u", - ident, + indent, bit_length); return (0); } @@ -2199,63 +2292,141 @@ isis_print_extd_ip_reach(netdissect_options *ndo, byte_length = (bit_length + 7) / 8; /* prefix has variable length encoding */ - ND_TCHECK_LEN(tptr, byte_length); memset(prefix, 0, sizeof(prefix)); /* clear the copy buffer */ - memcpy(prefix,tptr,byte_length); /* copy as much as is stored in the TLV */ + GET_CPY_BYTES(prefix,tptr,byte_length); /* copy as much as is stored in the TLV */ tptr+=byte_length; processed+=byte_length; - if (afi == AF_INET) + if (afi == AFNUM_IP) ND_PRINT("%sIPv4 prefix: %15s/%u", - ident, - ipaddr_string(ndo, prefix), + indent, + ipaddr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IPADDR_STRING() */ bit_length); - else if (afi == AF_INET6) + else if (afi == AFNUM_IP6) ND_PRINT("%sIPv6 prefix: %s/%u", - ident, - ip6addr_string(ndo, prefix), + indent, + ip6addr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IP6ADDR_STRING() */ bit_length); ND_PRINT(", Distribution: %s, Metric: %u", ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", metric); - if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + if (afi == AFNUM_IP && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) ND_PRINT(", sub-TLVs present"); - else if (afi == AF_INET6) + else if (afi == AFNUM_IP6) ND_PRINT(", %s%s", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""); - if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) - || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) + if ((afi == AFNUM_IP && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + || (afi == AFNUM_IP6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect the aggregate bytecount of the subTLVs for this prefix */ - ND_TCHECK_1(tptr); sublen=GET_U_1(tptr); tptr++; processed+=sublen+1; ND_PRINT(" (%u)", sublen); /* print out subTLV length */ - while (sublen>0) { - ND_TCHECK_2(tptr); + while (sublen != 0) { subtlvtype=GET_U_1(tptr); subtlvlen=GET_U_1(tptr + 1); tptr+=2; /* prepend the indent string */ - nd_snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); - if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer)) + snprintf(indent_buffer, sizeof(indent_buffer), "%s ", indent); + if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, indent_buffer)) return(0); tptr+=subtlvlen; sublen-=(subtlvlen+2); } } return (processed); -trunc: - return 0; +} + +static void +isis_print_router_cap_subtlv(netdissect_options *ndo, const uint8_t *tptr, uint8_t tlen) +{ + uint8_t subt, subl; + + while (tlen >= 2) { + subt = GET_U_1(tptr); + subl = GET_U_1(tptr+1); + tlen -= 2; + tptr += 2; + + /* first lets see if we know the subTLVs name*/ + ND_PRINT("\n\t\t%s subTLV #%u, length: %u", + tok2str(isis_router_capability_subtlv_values, "unknown", subt), + subt, subl); + + /* + * Boundary check. + */ + if (subl > tlen) { + break; + } + ND_TCHECK_LEN(tptr, subl); + + switch (subt) { + case ISIS_SUBTLV_ROUTER_CAP_SR: + { + uint8_t flags, sid_tlen, sid_type, sid_len; + uint32_t range; + const uint8_t *sid_ptr; + + flags = GET_U_1(tptr); + range = GET_BE_U_3(tptr+1); + ND_PRINT(", Flags [%s], Range %u", + bittok2str(isis_router_capability_sr_flags, "None", flags), + range); + sid_ptr = tptr + 4; + sid_tlen = subl - 4; + + while (sid_tlen >= 5) { + sid_type = GET_U_1(sid_ptr); + sid_len = GET_U_1(sid_ptr+1); + sid_tlen -= 2; + sid_ptr += 2; + + /* + * Boundary check. + */ + if (sid_len > sid_tlen) { + break; + } + + switch (sid_type) { + case 1: + if (sid_len == 3) { + ND_PRINT(", SID value %u", GET_BE_U_3(sid_ptr)); + } else if (sid_len == 4) { + ND_PRINT(", SID value %u", GET_BE_U_4(sid_ptr)); + } else { + ND_PRINT(", Unknown SID length%u", sid_len); + } + break; + default: + print_unknown_data(ndo, sid_ptr, "\n\t\t ", sid_len); + } + + sid_ptr += sid_len; + sid_tlen -= sid_len; + } + } + break; + default: + print_unknown_data(ndo, tptr, "\n\t\t", subl); + break; + } + + tlen -= subl; + tptr += subl; + } + trunc: + return; } /* @@ -2277,6 +2448,14 @@ isis_clear_checksum_lifetime(void *header) * Decode IS-IS packets. Return 0 on error. */ +#define INVALID_OR_DECREMENT(length,decr) \ + if ((length) < (decr)) { \ + ND_PRINT(" [packet length %u < %zu]", (length), (decr)); \ + nd_print_invalid(ndo); \ + return 1; \ + } \ + length -= (decr); + static int isis_print(netdissect_options *ndo, const uint8_t *p, u_int length) @@ -2295,14 +2474,14 @@ isis_print(netdissect_options *ndo, const struct isis_tlv_es_reach *tlv_es_reach; uint8_t version, pdu_version, fixed_len; - uint8_t pdu_type, pdu_max_area, max_area, pdu_id_length, id_length, tlv_type, tlv_len, tlen, alen, lan_alen, prefix_len; + uint8_t pdu_type, pdu_max_area, max_area, pdu_id_length, id_length, tlv_type, tlv_len, tlen, alen, prefix_len; u_int ext_is_len, ext_ip_len; uint8_t mt_len; uint8_t isis_subtlv_idrp; const uint8_t *optr, *pptr, *tptr; u_int packet_len; u_short pdu_len, key_id; - u_int i,vendor_id; + u_int i,vendor_id, num_vals; uint8_t auth_type; uint8_t num_system_ids; int sigcheck; @@ -2435,8 +2614,8 @@ isis_print(netdissect_options *ndo, case ISIS_PDU_L1_LAN_IIH: case ISIS_PDU_L2_LAN_IIH: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { - ND_PRINT(", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_iih_lan); @@ -2474,14 +2653,14 @@ isis_print(netdissect_options *ndo, return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); break; case ISIS_PDU_PTP_IIH: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { - ND_PRINT(", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_iih_ptp); @@ -2513,16 +2692,15 @@ isis_print(netdissect_options *ndo, if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE)) return (0); } - - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); break; case ISIS_PDU_L1_LSP: case ISIS_PDU_L2_LSP: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { - ND_PRINT(", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_LSP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_lsp); @@ -2572,15 +2750,15 @@ isis_print(netdissect_options *ndo, return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); break; case ISIS_PDU_L1_CSNP: case ISIS_PDU_L2_CSNP: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { - ND_PRINT(", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_csnp); @@ -2610,15 +2788,15 @@ isis_print(netdissect_options *ndo, return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); break; case ISIS_PDU_L1_PSNP: case ISIS_PDU_L2_PSNP: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { - ND_PRINT("- bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)); + ND_PRINT("- bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_psnp); @@ -2644,7 +2822,7 @@ isis_print(netdissect_options *ndo, return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); break; @@ -2661,7 +2839,7 @@ isis_print(netdissect_options *ndo, * Now print the TLV's. */ - while (packet_len > 0) { + while (packet_len != 0) { ND_TCHECK_2(pptr); if (packet_len < 2) goto trunc; @@ -2687,51 +2865,45 @@ isis_print(netdissect_options *ndo, switch (tlv_type) { case ISIS_TLV_AREA_ADDR: while (tlen != 0) { - ND_TCHECK_1(tptr); alen = GET_U_1(tptr); tptr++; tlen--; if (tlen < alen) goto tlv_trunc; - ND_TCHECK_LEN(tptr, alen); ND_PRINT("\n\t Area address (length: %u): %s", alen, - isonsap_string(ndo, tptr, alen)); + GET_ISONSAP_STRING(tptr, alen)); tptr += alen; tlen -= alen; } break; case ISIS_TLV_ISNEIGH: while (tlen != 0) { - if (tlen < MAC_ADDR_LEN) - goto tlv_trunc; - ND_TCHECK_LEN(tptr, MAC_ADDR_LEN); - ND_PRINT("\n\t SNPA: %s", isis_print_id(ndo, tptr, MAC_ADDR_LEN)); - tlen -= MAC_ADDR_LEN; - tptr += MAC_ADDR_LEN; + if (tlen < MAC48_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, MAC48_LEN); + ND_PRINT("\n\t SNPA: %s", isis_print_id(ndo, tptr, MAC48_LEN)); + tlen -= MAC48_LEN; + tptr += MAC48_LEN; } break; - case ISIS_TLV_ISNEIGH_VARLEN: - if (tlen < 1) - goto tlv_trunc; - ND_TCHECK_1(tptr); - lan_alen = GET_U_1(tptr); /* LAN address length */ - tptr++; - tlen--; - if (lan_alen == 0) { - ND_PRINT("\n\t LAN address length 0 bytes"); - nd_print_invalid(ndo); - break; - } - ND_PRINT("\n\t LAN address length %u bytes ", lan_alen); - while (tlen != 0) { - if (tlen < lan_alen) - goto tlv_trunc; - ND_TCHECK_LEN(tptr, lan_alen); - ND_PRINT("\n\t\tIS Neighbor: %s", isis_print_id(ndo, tptr, lan_alen)); - tlen -= lan_alen; - tptr +=lan_alen; + case ISIS_TLV_INSTANCE_ID: + if (tlen < 4) + goto tlv_trunc; + num_vals = (tlen-2)/2; + ND_PRINT("\n\t Instance ID: %u, ITIDs(%u)%s ", + GET_BE_U_2(tptr), num_vals, + num_vals ? ":" : ""); + tptr += 2; + tlen -= 2; + for (i=0; i < num_vals; i++) { + ND_PRINT("%u", GET_BE_U_2(tptr)); + if (i < (num_vals - 1)) { + ND_PRINT(", "); + } + tptr += 2; + tlen -= 2; } break; @@ -2790,7 +2962,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IS_REACH: if (tlen < 1) goto tlv_trunc; - ND_TCHECK_1(tptr); /* check if there is one byte left to read out the virtual flag */ ND_PRINT("\n\t %s", tok2str(isis_is_reach_virtual_values, "bogus virtual flag 0x%02x", @@ -2833,7 +3004,7 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_EXTD_IP_REACH: while (tlen != 0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET); + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunc; if (tlen < ext_ip_len) { @@ -2855,7 +3026,7 @@ isis_print(netdissect_options *ndo, tlen-=mt_len; while (tlen != 0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET); + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunc; if (tlen < ext_ip_len) { @@ -2870,7 +3041,7 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IP6_REACH: while (tlen != 0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP6); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunc; if (tlen < ext_ip_len) { @@ -2892,7 +3063,7 @@ isis_print(netdissect_options *ndo, tlen-=mt_len; while (tlen != 0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP6); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunc; if (tlen < ext_ip_len) { @@ -2909,10 +3080,8 @@ isis_print(netdissect_options *ndo, while (tlen != 0) { if (tlen < sizeof(nd_ipv6)) goto tlv_trunc; - ND_TCHECK_LEN(tptr, sizeof(nd_ipv6)); - ND_PRINT("\n\t IPv6 interface address: %s", - ip6addr_string(ndo, tptr)); + GET_IP6ADDR_STRING(tptr)); tptr += sizeof(nd_ipv6); tlen -= sizeof(nd_ipv6); @@ -2921,7 +3090,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_AUTH: if (tlen < 1) goto tlv_trunc; - ND_TCHECK_1(tptr); auth_type = GET_U_1(tptr); tptr++; tlen--; @@ -2933,12 +3101,10 @@ isis_print(netdissect_options *ndo, switch (auth_type) { case ISIS_SUBTLV_AUTH_SIMPLE: - if (nd_printzp(ndo, tptr, tlen, ndo->ndo_snapend)) - goto trunc; + nd_printjnp(ndo, tptr, tlen); break; case ISIS_SUBTLV_AUTH_MD5: for(i=0;i=1) { - ND_TCHECK_1(tptr); ND_PRINT("\n\t Adjacency State: %s (%u)", - tok2str(isis_ptp_adjancey_values, "unknown", GET_U_1(tptr)), + tok2str(isis_ptp_adjacency_values, "unknown", GET_U_1(tptr)), GET_U_1(tptr)); tlen--; } if(tlen>sizeof(tlv_ptp_adj->extd_local_circuit_id)) { - ND_TCHECK_4(tlv_ptp_adj->extd_local_circuit_id); ND_PRINT("\n\t Extended Local circuit-ID: 0x%08x", GET_BE_U_4(tlv_ptp_adj->extd_local_circuit_id)); tlen-=sizeof(tlv_ptp_adj->extd_local_circuit_id); @@ -2993,7 +3155,6 @@ isis_print(netdissect_options *ndo, tlen-=SYSTEM_ID_LEN; } if(tlen>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) { - ND_TCHECK_4(tlv_ptp_adj->neighbor_extd_local_circuit_id); ND_PRINT("\n\t Neighbor Extended Local circuit-ID: 0x%08x", GET_BE_U_4(tlv_ptp_adj->neighbor_extd_local_circuit_id)); } @@ -3002,7 +3163,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_PROTOCOLS: ND_PRINT("\n\t NLPID(s): "); while (tlen != 0) { - ND_TCHECK_1(tptr); ND_PRINT("%s (0x%02x)", tok2str(nlpid_values, "unknown", @@ -3019,7 +3179,6 @@ isis_print(netdissect_options *ndo, { if (tlen < 2) goto tlv_trunc; - ND_TCHECK_2(tptr); ND_PRINT("\n\t RES: %u, MTID(s): %u", (GET_BE_U_2(tptr) >> 12), @@ -3037,7 +3196,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_MT_CAPABILITY: if (tlen < 2) goto tlv_trunc; - ND_TCHECK_2(tptr); ND_PRINT("\n\t O: %u, RES: %u, MTID(s): %u", (GET_BE_U_2(tptr) >> 15) & 0x01, @@ -3055,16 +3213,14 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_TE_ROUTER_ID: if (tlen < sizeof(nd_ipv4)) goto tlv_trunc; - ND_TCHECK_LEN(pptr, sizeof(nd_ipv4)); - ND_PRINT("\n\t Traffic Engineering Router ID: %s", ipaddr_string(ndo, pptr)); + ND_PRINT("\n\t Traffic Engineering Router ID: %s", GET_IPADDR_STRING(pptr)); break; case ISIS_TLV_IPADDR: while (tlen != 0) { if (tlen < sizeof(nd_ipv4)) goto tlv_trunc; - ND_TCHECK_LEN(tptr, sizeof(nd_ipv4)); - ND_PRINT("\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr)); + ND_PRINT("\n\t IPv4 interface address: %s", GET_IPADDR_STRING(tptr)); tptr += sizeof(nd_ipv4); tlen -= sizeof(nd_ipv4); } @@ -3072,8 +3228,7 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_HOSTNAME: ND_PRINT("\n\t Hostname: "); - if (nd_printzp(ndo, tptr, tlen, ndo->ndo_snapend)) - goto trunc; + nd_printjnp(ndo, tptr, tlen); break; case ISIS_TLV_SHARED_RISK_GROUP: @@ -3086,7 +3241,6 @@ isis_print(netdissect_options *ndo, if (tlen < 1) break; - ND_TCHECK_1(tptr); ND_PRINT(", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(GET_U_1(tptr)) ? "numbered" : "unnumbered"); tptr++; @@ -3094,22 +3248,19 @@ isis_print(netdissect_options *ndo, if (tlen < sizeof(nd_ipv4)) break; - ND_TCHECK_LEN(tptr, sizeof(nd_ipv4)); - ND_PRINT("\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr)); + ND_PRINT("\n\t IPv4 interface address: %s", GET_IPADDR_STRING(tptr)); tptr+=sizeof(nd_ipv4); tlen-=sizeof(nd_ipv4); if (tlen < sizeof(nd_ipv4)) break; - ND_TCHECK_LEN(tptr, sizeof(nd_ipv4)); - ND_PRINT("\n\t IPv4 neighbor address: %s", ipaddr_string(ndo, tptr)); + ND_PRINT("\n\t IPv4 neighbor address: %s", GET_IPADDR_STRING(tptr)); tptr+=sizeof(nd_ipv4); tlen-=sizeof(nd_ipv4); while (tlen != 0) { - if (tlen < 4) - goto tlv_trunc; - ND_TCHECK_4(tptr); + if (tlen < 4) + goto tlv_trunc; ND_PRINT("\n\t Link-ID: 0x%08x", GET_BE_U_4(tptr)); tptr+=4; tlen-=4; @@ -3119,18 +3270,15 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_LSP: tlv_lsp = (const struct isis_tlv_lsp *)tptr; while (tlen != 0) { - if (tlen < sizeof(struct isis_tlv_lsp)) - goto tlv_trunc; + if (tlen < sizeof(struct isis_tlv_lsp)) + goto tlv_trunc; ND_TCHECK_1(tlv_lsp->lsp_id + LSP_ID_LEN - 1); ND_PRINT("\n\t lsp-id: %s", isis_print_id(ndo, tlv_lsp->lsp_id, LSP_ID_LEN)); - ND_TCHECK_4(tlv_lsp->sequence_number); ND_PRINT(", seq: 0x%08x", GET_BE_U_4(tlv_lsp->sequence_number)); - ND_TCHECK_2(tlv_lsp->remaining_lifetime); ND_PRINT(", lifetime: %5ds", GET_BE_U_2(tlv_lsp->remaining_lifetime)); - ND_TCHECK_2(tlv_lsp->checksum); ND_PRINT(", chksum: 0x%04x", GET_BE_U_2(tlv_lsp->checksum)); tlen-=sizeof(struct isis_tlv_lsp); tlv_lsp++; @@ -3154,7 +3302,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_POI: if (tlen < 1) goto tlv_trunc; - ND_TCHECK_1(tptr); num_system_ids = GET_U_1(tptr); tptr++; tlen--; @@ -3230,7 +3377,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IDRP_INFO: if (tlen < 1) break; - ND_TCHECK_1(tptr); isis_subtlv_idrp = GET_U_1(tptr); ND_PRINT("\n\t Inter-Domain Information Type: %s", tok2str(isis_subtlv_idrp_values, @@ -3242,7 +3388,6 @@ isis_print(netdissect_options *ndo, case ISIS_SUBTLV_IDRP_ASN: if (tlen < 2) goto tlv_trunc; - ND_TCHECK_2(tptr); /* fetch AS number */ ND_PRINT("AS Number: %u", GET_BE_U_2(tptr)); break; case ISIS_SUBTLV_IDRP_LOCAL: @@ -3257,7 +3402,6 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_LSP_BUFFERSIZE: if (tlen < 2) break; - ND_TCHECK_2(tptr); ND_PRINT("\n\t LSP Buffersize: %u", GET_BE_U_2(tptr)); break; @@ -3282,7 +3426,6 @@ isis_print(netdissect_options *ndo, tlen-=sizeof(struct isis_metric_block); while (tlen != 0) { - ND_TCHECK_1(tptr); prefix_len=GET_U_1(tptr); /* read out prefix length in semioctets*/ tptr++; tlen--; @@ -3292,9 +3435,8 @@ isis_print(netdissect_options *ndo, } if (tlen < prefix_len/2) break; - ND_TCHECK_LEN(tptr, prefix_len / 2); ND_PRINT("\n\t\tAddress: %s/%u", - isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4); + GET_ISONSAP_STRING(tptr, prefix_len / 2), prefix_len * 4); tptr+=prefix_len/2; tlen-=prefix_len/2; } @@ -3303,14 +3445,28 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IIH_SEQNR: if (tlen < 4) break; - ND_TCHECK_4(tptr); /* check if four bytes are on the wire */ ND_PRINT("\n\t Sequence number: %u", GET_BE_U_4(tptr)); break; + case ISIS_TLV_ROUTER_CAPABILITY: + if (tlen < 5) { + ND_PRINT(" [object length %u < 5]", tlen); + nd_print_invalid(ndo); + break; + } + ND_PRINT("\n\t Router-ID %s", GET_IPADDR_STRING(tptr)); + ND_PRINT(", Flags [%s]", + bittok2str(isis_tlv_router_capability_flags, "none", GET_U_1(tptr+4))); + + /* Optional set of sub-TLV */ + if (tlen > 5) { + isis_print_router_cap_subtlv(ndo, tptr+5, tlen-5); + } + break; + case ISIS_TLV_VENDOR_PRIVATE: if (tlen < 3) break; - ND_TCHECK_3(tptr); /* check if enough byte for a full oui */ vendor_id = GET_BE_U_3(tptr); ND_PRINT("\n\t Vendor: %s (%u)", tok2str(oui_values, "Unknown", vendor_id),