X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/31a4462cfe1fdefdf66b87db4d3f021b4c1f0f98..f1fa25bfefac7dd95768d949ef0ef232c4540331:/print-rsvp.c diff --git a/print-rsvp.c b/print-rsvp.c index 4af9a2d9..1afb9639 100644 --- a/print-rsvp.c +++ b/print-rsvp.c @@ -14,8 +14,8 @@ */ #ifndef lint -static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-rsvp.c,v 1.21 2003-06-07 23:05:19 hannes Exp $"; +static const char rcsid[] _U_ = + "@(#) $Header: /tcpdump/master/tcpdump/print-rsvp.c,v 1.27 2004-03-24 04:00:38 guy Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -77,6 +77,7 @@ struct rsvp_object_header { #define RSVP_VERSION 1 #define RSVP_EXTRACT_VERSION(x) (((x)&0xf0)>>4) +#define RSVP_EXTRACT_FLAGS(x) ((x)&0x0f) #define RSVP_MSGTYPE_PATH 1 #define RSVP_MSGTYPE_RESV 2 @@ -107,6 +108,11 @@ static const struct tok rsvp_msg_type_values[] = { { 0, NULL} }; +static const struct tok rsvp_header_flag_values[] = { + { 0x01, "Refresh reduction capable" }, /* rfc2961 */ + { 0, NULL} +}; + #define RSVP_OBJ_SESSION 1 /* rfc2205 */ #define RSVP_OBJ_RSVP_HOP 3 /* rfc2205, rfc3473 */ #define RSVP_OBJ_INTEGRITY 4 @@ -231,7 +237,7 @@ static const struct tok rsvp_ctype_values[] = { { 256*RSVP_OBJ_LABEL_REQ+RSVP_CTYPE_1, "without label range" }, { 256*RSVP_OBJ_LABEL_REQ+RSVP_CTYPE_2, "with ATM label range" }, { 256*RSVP_OBJ_LABEL_REQ+RSVP_CTYPE_3, "with FR label range" }, - { 256*RSVP_OBJ_LABEL_REQ+RSVP_CTYPE_4, "generalized" }, + { 256*RSVP_OBJ_LABEL_REQ+RSVP_CTYPE_4, "Generalized Label" }, { 256*RSVP_OBJ_LABEL+RSVP_CTYPE_1, "Label" }, { 256*RSVP_OBJ_LABEL+RSVP_CTYPE_2, "Generalized Label" }, { 256*RSVP_OBJ_LABEL+RSVP_CTYPE_3, "Waveband Switching" }, @@ -361,7 +367,7 @@ static struct tok rsvp_obj_error_code_routing_values[] = { #define TRUE 1 -int rsvp_intserv_print(const u_char *); +static int rsvp_intserv_print(const u_char *, u_short); /* * this is a dissector for all the intserv defined @@ -369,8 +375,8 @@ int rsvp_intserv_print(const u_char *); * it is called from various rsvp objects; * returns the amount of bytes being processed */ -int -rsvp_intserv_print(const u_char *tptr) { +static int +rsvp_intserv_print(const u_char *tptr, u_short obj_tlen) { int parameter_id,parameter_length; union { @@ -378,6 +384,8 @@ rsvp_intserv_print(const u_char *tptr) { u_int32_t i; } bw; + if (obj_tlen < 4) + return 0; parameter_id = *(tptr); parameter_length = EXTRACT_16BITS(tptr+2)<<2; /* convert wordcount to bytecount */ @@ -387,6 +395,8 @@ rsvp_intserv_print(const u_char *tptr) { parameter_length, *(tptr+1)); + if (obj_tlen < parameter_length+4) + return 0; switch(parameter_id) { /* parameter_id */ case 4: @@ -397,7 +407,8 @@ rsvp_intserv_print(const u_char *tptr) { * | IS hop cnt (32-bit unsigned integer) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - printf("\n\t\tIS hop cnt: %u", EXTRACT_32BITS(tptr+4)); + if (parameter_length == 4) + printf("\n\t\tIS hop count: %u", EXTRACT_32BITS(tptr+4)); break; case 6: @@ -408,8 +419,10 @@ rsvp_intserv_print(const u_char *tptr) { * | Path b/w estimate (32-bit IEEE floating point number) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - bw.i = EXTRACT_32BITS(tptr+4); - printf("\n\t\tPath b/w estimate: %.10g Mbps", bw.f/125000); + if (parameter_length == 4) { + bw.i = EXTRACT_32BITS(tptr+4); + printf("\n\t\tPath b/w estimate: %.10g Mbps", bw.f/125000); + } break; case 8: @@ -420,11 +433,13 @@ rsvp_intserv_print(const u_char *tptr) { * | Minimum path latency (32-bit integer) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - printf("\n\t\tMinimum path latency: "); - if (EXTRACT_32BITS(tptr+4) == 0xffffffff) - printf("don't care"); - else - printf("%u", EXTRACT_32BITS(tptr+4)); + if (parameter_length == 4) { + printf("\n\t\tMinimum path latency: "); + if (EXTRACT_32BITS(tptr+4) == 0xffffffff) + printf("don't care"); + else + printf("%u", EXTRACT_32BITS(tptr+4)); + } break; case 10: @@ -436,7 +451,8 @@ rsvp_intserv_print(const u_char *tptr) { * | Composed MTU (32-bit unsigned integer) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - printf("\n\t\tComposed MTU: %u bytes", EXTRACT_32BITS(tptr+4)); + if (parameter_length == 4) + printf("\n\t\tComposed MTU: %u bytes", EXTRACT_32BITS(tptr+4)); break; case 127: /* @@ -455,14 +471,16 @@ rsvp_intserv_print(const u_char *tptr) { * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - bw.i = EXTRACT_32BITS(tptr+4); - printf("\n\t\tToken Bucket Rate: %.10g Mbps", bw.f/125000); - bw.i = EXTRACT_32BITS(tptr+8); - printf("\n\t\tToken Bucket Size: %.10g bytes", bw.f); - bw.i = EXTRACT_32BITS(tptr+12); - printf("\n\t\tPeak Data Rate: %.10g Mbps", bw.f/125000); - printf("\n\t\tMinimum Policed Unit: %u bytes", EXTRACT_32BITS(tptr+16)); - printf("\n\t\tMaximum Packet Size: %u bytes", EXTRACT_32BITS(tptr+20)); + if (parameter_length == 20) { + bw.i = EXTRACT_32BITS(tptr+4); + printf("\n\t\tToken Bucket Rate: %.10g Mbps", bw.f/125000); + bw.i = EXTRACT_32BITS(tptr+8); + printf("\n\t\tToken Bucket Size: %.10g bytes", bw.f); + bw.i = EXTRACT_32BITS(tptr+12); + printf("\n\t\tPeak Data Rate: %.10g Mbps", bw.f/125000); + printf("\n\t\tMinimum Policed Unit: %u bytes", EXTRACT_32BITS(tptr+16)); + printf("\n\t\tMaximum Packet Size: %u bytes", EXTRACT_32BITS(tptr+20)); + } break; case 130: @@ -476,16 +494,19 @@ rsvp_intserv_print(const u_char *tptr) { * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - bw.i = EXTRACT_32BITS(tptr+4); - printf("\n\t\tRate: %.10g Mbps", bw.f/125000); - printf("\n\t\tSlack Term: %u", EXTRACT_32BITS(tptr+8)); + if (parameter_length == 8) { + bw.i = EXTRACT_32BITS(tptr+4); + printf("\n\t\tRate: %.10g Mbps", bw.f/125000); + printf("\n\t\tSlack Term: %u", EXTRACT_32BITS(tptr+8)); + } break; case 133: case 134: case 135: case 136: - printf("\n\t\tValue: %u", EXTRACT_32BITS(tptr+4)); + if (parameter_length == 4) + printf("\n\t\tValue: %u", EXTRACT_32BITS(tptr+4)); break; default: @@ -507,6 +528,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { float f; u_int32_t i; } bw; + u_int8_t namelen; + u_int i; tptr=pptr; rsvp_com_header = (const struct rsvp_common_header *)pptr; @@ -533,13 +556,16 @@ rsvp_print(register const u_char *pptr, register u_int len) { tlen=EXTRACT_16BITS(rsvp_com_header->length); - printf("RSVP\n\tv: %u, msg-type: %s, length: %u, ttl: %u, checksum: 0x%04x", + printf("RSVP\n\tv: %u, msg-type: %s, Flags: [%s], length: %u, ttl: %u, checksum: 0x%04x", RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags), tok2str(rsvp_msg_type_values, "unknown, type: %u",rsvp_com_header->msg_type), + bittok2str(rsvp_header_flag_values,"none",RSVP_EXTRACT_FLAGS(rsvp_com_header->version_flags)), tlen, rsvp_com_header->ttl, EXTRACT_16BITS(rsvp_com_header->checksum)); + if (tlen < sizeof(const struct rsvp_common_header)) + return; tptr+=sizeof(const struct rsvp_common_header); tlen-=sizeof(const struct rsvp_common_header); @@ -552,7 +578,7 @@ rsvp_print(register const u_char *pptr, register u_int len) { rsvp_obj_len=EXTRACT_16BITS(rsvp_obj_header->length); rsvp_obj_ctype=rsvp_obj_header->ctype; - if(rsvp_obj_len % 4 || rsvp_obj_len < 4) + if(rsvp_obj_len % 4 || rsvp_obj_len < sizeof(struct rsvp_object_header)) return; printf("\n\t %s Object (%u) Flags: [%s", @@ -585,6 +611,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_SESSION: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: + if (obj_tlen < 8) + return; printf("\n\t IPv4 DestAddress: %s, Protocol ID: 0x%02x", ipaddr_string(obj_tptr), *(obj_tptr+4)); @@ -596,6 +624,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; #ifdef INET6 case RSVP_CTYPE_IPV6: + if (obj_tlen < 20) + return; printf("\n\t IPv6 DestAddress: %s, Protocol ID: 0x%02x", ip6addr_string(obj_tptr), *(obj_tptr+16)); @@ -607,6 +637,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; case RSVP_CTYPE_TUNNEL_IPV6: + if (obj_tlen < 36) + return; printf("\n\t IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", ip6addr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+18), @@ -616,6 +648,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; #endif case RSVP_CTYPE_TUNNEL_IPV4: + if (obj_tlen < 12) + return; printf("\n\t IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", ipaddr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+6), @@ -631,14 +665,18 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_CONFIRM: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: - printf("\n\t IPv4 Receiver Address %s", + if (obj_tlen < 4) + return; + printf("\n\t IPv4 Receiver Address: %s", ipaddr_string(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; #ifdef INET6 case RSVP_CTYPE_IPV6: - printf("\n\t IPv6 Receiver Address %s", + if (obj_tlen < 16) + return; + printf("\n\t IPv6 Receiver Address: %s", ip6addr_string(obj_tptr)); obj_tlen-=16; obj_tptr+=16; @@ -652,14 +690,18 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_NOTIFY_REQ: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: - printf("\n\t IPv4 Notify Node Address %s", + if (obj_tlen < 4) + return; + printf("\n\t IPv4 Notify Node Address: %s", ipaddr_string(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; #ifdef INET6 case RSVP_CTYPE_IPV6: - printf("\n\t IPv6 Notify Node Address %s", + if (obj_tlen < 16) + return; + printf("\n\t IPv6 Notify Node Address: %s", ip6addr_string(obj_tptr)); obj_tlen-=16; obj_tptr+=16; @@ -677,19 +719,23 @@ rsvp_print(register const u_char *pptr, register u_int len) { switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { - printf("\n\t Label %u", EXTRACT_32BITS(obj_tptr)); + printf("\n\t Label: %u", EXTRACT_32BITS(obj_tptr)); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: - printf("\n\t Generalized Label %u", + if (obj_tlen < 4) + return; + printf("\n\t Generalized Label: %u", EXTRACT_32BITS(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; case RSVP_CTYPE_3: - printf("\n\t Waveband ID %u\n\t Start Label %u, Stop Label %u", + if (obj_tlen < 12) + return; + printf("\n\t Waveband ID: %u\n\t Start Label: %u, Stop Label: %u", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr+4), EXTRACT_32BITS(obj_tptr+8)); @@ -704,6 +750,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_STYLE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: + if (obj_tlen < 4) + return; printf("\n\t Reservation Style: %s, Flags: [0x%02x]", tok2str(rsvp_resstyle_values, "Unknown", @@ -720,6 +768,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_SENDER_TEMPLATE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: + if (obj_tlen < 8) + return; printf("\n\t Source Address: %s, Source Port: %u", ipaddr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+6)); @@ -728,6 +778,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; #ifdef INET6 case RSVP_CTYPE_IPV6: + if (obj_tlen < 20) + return; printf("\n\t Source Address: %s, Source Port: %u", ip6addr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+18)); @@ -736,6 +788,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; #endif case RSVP_CTYPE_TUNNEL_IPV4: + if (obj_tlen < 8) + return; printf("\n\t IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x", ipaddr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+6)); @@ -751,7 +805,7 @@ rsvp_print(register const u_char *pptr, register u_int len) { switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { - printf("\n\t L3 Protocol ID %s", + printf("\n\t L3 Protocol ID: %s", tok2str(ethertype_values, "Unknown Protocol (0x%04x)", EXTRACT_16BITS(obj_tptr+2))); @@ -760,26 +814,30 @@ rsvp_print(register const u_char *pptr, register u_int len) { } break; case RSVP_CTYPE_2: - printf("\n\t L3 Protocol ID %s", + if (obj_tlen < 12) + return; + printf("\n\t L3 Protocol ID: %s", tok2str(ethertype_values, "Unknown Protocol (0x%04x)", EXTRACT_16BITS(obj_tptr+2))); printf(",%s merge capability",((*(obj_tptr+4))&0x80) ? "no" : "" ); - printf("\n\t Minimum VPI/VCI %u/%u", + printf("\n\t Minimum VPI/VCI: %u/%u", (EXTRACT_16BITS(obj_tptr+4))&0xfff, (EXTRACT_16BITS(obj_tptr+6))&0xfff); - printf("\n\t Maximum VPI/VCI %u/%u", + printf("\n\t Maximum VPI/VCI: %u/%u", (EXTRACT_16BITS(obj_tptr+8))&0xfff, (EXTRACT_16BITS(obj_tptr+10))&0xfff); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_3: - printf("\n\t L3 Protocol ID %s", + if (obj_tlen < 12) + return; + printf("\n\t L3 Protocol ID: %s", tok2str(ethertype_values, "Unknown Protocol (0x%04x)", EXTRACT_16BITS(obj_tptr+2))); - printf("\n\t Minimum/Maximum DLCI %u/%u, %s%s bit DLCI", + printf("\n\t Minimum/Maximum DLCI: %u/%u, %s%s bit DLCI", (EXTRACT_32BITS(obj_tptr+4))&0x7fffff, (EXTRACT_32BITS(obj_tptr+8))&0x7fffff, (((EXTRACT_16BITS(obj_tptr+4)>>7)&3) == 0 ) ? "10" : "", @@ -788,17 +846,22 @@ rsvp_print(register const u_char *pptr, register u_int len) { obj_tptr+=12; break; case RSVP_CTYPE_4: - printf("\n\t LSP Encoding Type %s", + if (obj_tlen < 8) + return; + printf("\n\t LSP Encoding Type: %s (%u)", tok2str(gmpls_encoding_values, - "Unknown (0x%02x)", - *obj_tptr)); - printf("\n\t Switching Type %s, Payload ID %s", + "Unknown", + *obj_tptr), + *obj_tptr); + printf("\n\t Switching Type: %s (%u), Payload ID: %s (0x%04x)", tok2str(gmpls_switch_cap_values, - "Unknown (0x%02x)", + "Unknown", *(obj_tptr+1)), + *(obj_tptr+1), tok2str(gmpls_payload_values, - "Unknown (0x%04x)", - EXTRACT_16BITS(obj_tptr+2))); + "Unknown", + EXTRACT_16BITS(obj_tptr+2)), + EXTRACT_16BITS(obj_tptr+2)); obj_tlen-=8; obj_tptr+=8; break; @@ -839,7 +902,9 @@ rsvp_print(register const u_char *pptr, register u_int len) { switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: - printf("\n\t Source Instance 0x%08x, Destination Instance 0x%08x", + if (obj_tlen < 8) + return; + printf("\n\t Source Instance: 0x%08x, Destination Instance: 0x%08x", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr+4)); obj_tlen-=8; @@ -853,9 +918,13 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_RESTART_CAPABILITY: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: - printf("\n\t Restart Time: %ums\n\t Recovery Time: %ums", + if (obj_tlen < 8) + return; + printf("\n\t Restart Time: %ums, Recovery Time: %ums", EXTRACT_16BITS(obj_tptr), EXTRACT_16BITS(obj_tptr+4)); + obj_tlen-=8; + obj_tptr+=8; break; default: hexdump=TRUE; @@ -865,7 +934,14 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_SESSION_ATTRIBUTE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: - printf("\n\t Session Name: %s",(obj_tptr+4)); + if (obj_tlen < 4) + return; + namelen = *(obj_tptr+3); + if (obj_tlen < 4+namelen) + return; + printf("\n\t Session Name: "); + for (i = 0; i < namelen; i++) + safeputchar(*(obj_tptr+4+i)); printf("\n\t Setup Priority: %u, Holding Priority: %u, Flags: [%s]", (int)*obj_tptr, (int)*(obj_tptr+1), @@ -885,20 +961,26 @@ rsvp_print(register const u_char *pptr, register u_int len) { switch(rsvp_obj_ctype) { case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: + if (obj_tlen < 8) + return; printf("\n\t Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", ipaddr_string(obj_tptr), EXTRACT_32BITS(obj_tptr+4)); obj_tlen-=8; obj_tptr+=8; + hexdump=TRUE; /* unless we have a TLV parser lets just hexdump */ break; #ifdef INET6 case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: + if (obj_tlen < 20) + return; printf("\n\t Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", ip6addr_string(obj_tptr), EXTRACT_32BITS(obj_tptr+16)); obj_tlen-=20; obj_tptr+=20; + hexdump=TRUE; /* unless we have a TLV parser lets just hexdump */ break; #endif default: @@ -909,6 +991,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_TIME_VALUES: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: + if (obj_tlen < 4) + return; printf("\n\t Refresh Period: %ums", EXTRACT_32BITS(obj_tptr)); obj_tlen-=4; @@ -925,6 +1009,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_FLOWSPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_2: + if (obj_tlen < 4) + return; printf("\n\t Msg-Version: %u, length: %u", (*obj_tptr & 0xf0) >> 4, EXTRACT_16BITS(obj_tptr+2)<<2); @@ -943,7 +1029,7 @@ rsvp_print(register const u_char *pptr, register u_int len) { obj_tlen-=4; while (intserv_serv_tlen>=4) { - processed = rsvp_intserv_print(obj_tptr); + processed = rsvp_intserv_print(obj_tptr, obj_tlen); if (processed == 0) break; obj_tlen-=processed; @@ -960,6 +1046,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_FILTERSPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: + if (obj_tlen < 8) + return; printf("\n\t Source Address: %s, Source Port: %u", ipaddr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+6)); @@ -968,6 +1056,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; #ifdef INET6 case RSVP_CTYPE_IPV6: + if (obj_tlen < 20) + return; printf("\n\t Source Address: %s, Source Port: %u", ip6addr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+18)); @@ -975,6 +1065,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { obj_tptr+=20; break; case RSVP_CTYPE_3: + if (obj_tlen < 20) + return; printf("\n\t Source Address: %s, Flow Label: %u", ip6addr_string(obj_tptr), EXTRACT_24BITS(obj_tptr+17)); @@ -982,6 +1074,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: + if (obj_tlen < 20) + return; printf("\n\t Source Address: %s, LSP-ID: 0x%04x", ipaddr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+18)); @@ -990,6 +1084,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { break; #endif case RSVP_CTYPE_TUNNEL_IPV4: + if (obj_tlen < 8) + return; printf("\n\t Source Address: %s, LSP-ID: 0x%04x", ipaddr_string(obj_tptr), EXTRACT_16BITS(obj_tptr+6)); @@ -1004,6 +1100,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_FASTREROUTE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: + if (obj_tlen < 16) + return; bw.i = EXTRACT_32BITS(obj_tptr+4); printf("\n\t Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", (int)*obj_tptr, @@ -1041,6 +1139,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { switch(rsvp_obj_ctype) { case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: + if (obj_tlen < 8) + return; error_code=*(obj_tptr+5); error_value=EXTRACT_16BITS(obj_tptr+6); printf("\n\t Error Node Adress: %s, Flags: [0x%02x]\n\t Error Code: %s (%u)", @@ -1058,10 +1158,14 @@ rsvp_print(register const u_char *pptr, register u_int len) { printf(", Unknown Error Value (%u)", error_value); break; } + obj_tlen-=8; + obj_tptr+=8; break; #ifdef INET6 case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: + if (obj_tlen < 20) + return; error_code=*(obj_tptr+17); error_value=EXTRACT_16BITS(obj_tptr+18); printf("\n\t Error Node Adress: %s, Flags: [0x%02x]\n\t Error Code: %s (%u)", @@ -1079,7 +1183,8 @@ rsvp_print(register const u_char *pptr, register u_int len) { default: break; } - + obj_tlen-=20; + obj_tptr+=20; break; #endif default: @@ -1090,18 +1195,22 @@ rsvp_print(register const u_char *pptr, register u_int len) { case RSVP_OBJ_PROPERTIES: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: + if (obj_tlen < 4) + return; padbytes = EXTRACT_16BITS(obj_tptr+2); printf("\n\t TLV count: %u, padding bytes: %u", EXTRACT_16BITS(obj_tptr), padbytes); - obj_tlen-=4; - obj_tptr+=4; + obj_tlen-=4; + obj_tptr+=4; /* loop through as long there is anything longer than the TLV header (2) */ while(obj_tlen >= 2 + padbytes) { printf("\n\t %s TLV (0x%02x), length: %u", /* length includes header */ tok2str(rsvp_obj_prop_tlv_values,"unknown",*obj_tptr), *obj_tptr, *(obj_tptr+1)); + if (obj_tlen < *(obj_tptr+1)) + return; print_unknown_data(obj_tptr+2,"\n\t\t",*(obj_tptr+1)-2); obj_tlen-=*(obj_tptr+1); obj_tptr+=*(obj_tptr+1);