X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/38700c7f24646dfbc6ac0ed529d3ed727c545cd0..HEAD:/print-rsvp.c diff --git a/print-rsvp.c b/print-rsvp.c index 2c510f30..153070e8 100644 --- a/print-rsvp.c +++ b/print-rsvp.c @@ -12,16 +12,19 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +/* \summary: Resource ReSerVation Protocol (RSVP) printer */ -#include +/* specification: RFC 2205 */ -#include "interface.h" +#include + +#include "netdissect-stdinc.h" + +#define ND_LONGJMP_FROM_TCHECK +#include "netdissect.h" #include "extract.h" #include "addrtoname.h" #include "ethertype.h" @@ -29,6 +32,7 @@ #include "af.h" #include "signature.h" + /* * RFC 2205 common header * @@ -42,12 +46,12 @@ */ struct rsvp_common_header { - uint8_t version_flags; - uint8_t msg_type; - uint8_t checksum[2]; - uint8_t ttl; - uint8_t reserved; - uint8_t length[2]; + nd_uint8_t version_flags; + nd_uint8_t msg_type; + nd_uint16_t checksum; + nd_uint8_t ttl; + nd_byte reserved[1]; + nd_uint16_t length; }; /* @@ -65,9 +69,9 @@ struct rsvp_common_header { */ struct rsvp_object_header { - uint8_t length[2]; - uint8_t class_num; - uint8_t ctype; + nd_uint16_t length; + nd_uint8_t class_num; + nd_uint8_t ctype; }; #define RSVP_VERSION 1 @@ -81,7 +85,7 @@ struct rsvp_object_header { #define RSVP_MSGTYPE_PATHTEAR 5 #define RSVP_MSGTYPE_RESVTEAR 6 #define RSVP_MSGTYPE_RESVCONF 7 -#define RSVP_MSGTYPE_AGGREGATE 12 +#define RSVP_MSGTYPE_BUNDLE 12 #define RSVP_MSGTYPE_ACK 13 #define RSVP_MSGTYPE_HELLO_OLD 14 /* ancient Hellos */ #define RSVP_MSGTYPE_SREFRESH 15 @@ -95,7 +99,7 @@ static const struct tok rsvp_msg_type_values[] = { { RSVP_MSGTYPE_PATHTEAR, "PathTear" }, { RSVP_MSGTYPE_RESVTEAR, "ResvTear" }, { RSVP_MSGTYPE_RESVCONF, "ResvConf" }, - { RSVP_MSGTYPE_AGGREGATE, "Aggregate" }, + { RSVP_MSGTYPE_BUNDLE, "Bundle" }, { RSVP_MSGTYPE_ACK, "Acknowledgement" }, { RSVP_MSGTYPE_HELLO_OLD, "Hello (Old)" }, { RSVP_MSGTYPE_SREFRESH, "Refresh" }, @@ -108,6 +112,13 @@ static const struct tok rsvp_header_flag_values[] = { { 0, NULL} }; +static const struct tok rsvp_obj_capability_flag_values[] = { + { 0x0004, "RecoveryPath Transmit Enabled" }, + { 0x0002, "RecoveryPath Desired" }, + { 0x0001, "RecoveryPath Srefresh Capable" }, + { 0, NULL} +}; + #define RSVP_OBJ_SESSION 1 /* rfc2205 */ #define RSVP_OBJ_RSVP_HOP 3 /* rfc2205, rfc3473 */ #define RSVP_OBJ_INTEGRITY 4 /* rfc2747 */ @@ -135,16 +146,17 @@ static const struct tok rsvp_header_flag_values[] = { #define RSVP_OBJ_LABEL_SET 36 /* rfc3473 */ #define RSVP_OBJ_PROTECTION 37 /* rfc3473 */ #define RSVP_OBJ_S2L 50 /* rfc4875 */ -#define RSVP_OBJ_DETOUR 63 /* draft-ietf-mpls-rsvp-lsp-fastreroute-07 */ +#define RSVP_OBJ_DETOUR 63 /* rfc4090 */ #define RSVP_OBJ_CLASSTYPE 66 /* rfc4124 */ #define RSVP_OBJ_CLASSTYPE_OLD 125 /* draft-ietf-tewg-diff-te-proto-07 */ #define RSVP_OBJ_SUGGESTED_LABEL 129 /* rfc3473 */ #define RSVP_OBJ_ACCEPT_LABEL_SET 130 /* rfc3473 */ #define RSVP_OBJ_RESTART_CAPABILITY 131 /* rfc3473 */ +#define RSVP_OBJ_CAPABILITY 134 /* rfc5063 */ #define RSVP_OBJ_NOTIFY_REQ 195 /* rfc3473 */ #define RSVP_OBJ_ADMIN_STATUS 196 /* rfc3473 */ #define RSVP_OBJ_PROPERTIES 204 /* juniper proprietary */ -#define RSVP_OBJ_FASTREROUTE 205 /* draft-ietf-mpls-rsvp-lsp-fastreroute-07 */ +#define RSVP_OBJ_FASTREROUTE 205 /* rfc4090 */ #define RSVP_OBJ_SESSION_ATTRIBUTE 207 /* rfc3209 */ #define RSVP_OBJ_GENERALIZED_UNI 229 /* OIF RSVP extensions UNI 1.0 Signaling, Rel. 2 */ #define RSVP_OBJ_CALL_ID 230 /* rfc3474 */ @@ -188,6 +200,7 @@ static const struct tok rsvp_obj_values[] = { { RSVP_OBJ_CALL_ID, "Call-ID" }, { RSVP_OBJ_CALL_OPS, "Call Capability" }, { RSVP_OBJ_RESTART_CAPABILITY, "Restart Capability" }, + { RSVP_OBJ_CAPABILITY, "Capability" }, { RSVP_OBJ_NOTIFY_REQ, "Notify Request" }, { RSVP_OBJ_PROTECTION, "Protection" }, { RSVP_OBJ_ADMIN_STATUS, "Administrative Status" }, @@ -275,6 +288,7 @@ static const struct tok rsvp_ctype_values[] = { { 256*RSVP_OBJ_ERROR_SPEC+RSVP_CTYPE_3, "IPv4 plus opt. TLVs" }, { 256*RSVP_OBJ_ERROR_SPEC+RSVP_CTYPE_4, "IPv6 plus opt. TLVs" }, { 256*RSVP_OBJ_RESTART_CAPABILITY+RSVP_CTYPE_1, "IPv4" }, + { 256*RSVP_OBJ_CAPABILITY+RSVP_CTYPE_1, "1" }, { 256*RSVP_OBJ_SESSION_ATTRIBUTE+RSVP_CTYPE_TUNNEL_IPV4, "Tunnel IPv4" }, { 256*RSVP_OBJ_FASTREROUTE+RSVP_CTYPE_TUNNEL_IPV4, "Tunnel IPv4" }, /* old style*/ { 256*RSVP_OBJ_FASTREROUTE+RSVP_CTYPE_1, "1" }, /* new style */ @@ -290,12 +304,20 @@ static const struct tok rsvp_ctype_values[] = { { 0, NULL} }; +/* + * XXX - this assumes a 16-byte digest, which is true for HMAC-MD5, but + * isn't necessarily the case for other hash algorithms. + * + * Unless I've missed something, there's nothing in RFC 2747 to indicate + * the hash algorithm being used, so it's presumably something set up + * out-of-band, or negotiated by other RSVP objects. + */ struct rsvp_obj_integrity_t { - uint8_t flags; - uint8_t res; - uint8_t key_id[6]; - uint8_t sequence[8]; - uint8_t digest[16]; + nd_uint8_t flags; + nd_uint8_t res; + nd_byte key_id[6]; + nd_byte sequence[8]; + nd_byte digest[16]; }; static const struct tok rsvp_obj_integrity_flag_values[] = { @@ -304,20 +326,22 @@ static const struct tok rsvp_obj_integrity_flag_values[] = { }; struct rsvp_obj_frr_t { - uint8_t setup_prio; - uint8_t hold_prio; - uint8_t hop_limit; - uint8_t flags; - uint8_t bandwidth[4]; - uint8_t include_any[4]; - uint8_t exclude_any[4]; - uint8_t include_all[4]; + nd_uint8_t setup_prio; + nd_uint8_t hold_prio; + nd_uint8_t hop_limit; + nd_uint8_t flags; + nd_float bandwidth; + nd_uint32_t include_any; + nd_uint32_t exclude_any; + nd_uint32_t include_all; }; #define RSVP_OBJ_XRO_MASK_SUBOBJ(x) ((x)&0x7f) #define RSVP_OBJ_XRO_MASK_LOOSE(x) ((x)&0x80) +#define RSVP_OBJ_CAPABILITY_FLAGS_MASK 0x7U + #define RSVP_OBJ_XRO_RES 0 #define RSVP_OBJ_XRO_IPV4 1 #define RSVP_OBJ_XRO_IPV6 2 @@ -335,7 +359,7 @@ static const struct tok rsvp_obj_xro_values[] = { { 0, NULL} }; -/* draft-ietf-mpls-rsvp-lsp-fastreroute-07.txt */ +/* RFC4090 */ static const struct tok rsvp_obj_rro_flag_values[] = { { 0x01, "Local protection available" }, { 0x02, "Local protection in use" }, @@ -435,7 +459,7 @@ static const struct tok rsvp_obj_error_code_diffserv_te_values[] = { { 6, "CT/setup priority and CT/holding priority do not form a configured TE-Class" }, { 7, "Inconsistency between signaled PSC and signaled CT" }, { 8, "Inconsistency between signaled PHBs and signaled CT" }, - { 0, NULL} + { 0, NULL} }; /* rfc3473 / rfc 3471 */ @@ -483,29 +507,23 @@ static const struct tok rsvp_obj_generalized_uni_values[] = { * it is called from various rsvp objects; * returns the amount of bytes being processed */ -static int +static u_int rsvp_intserv_print(netdissect_options *ndo, - const u_char *tptr, u_short obj_tlen) + const u_char *tptr, u_int obj_tlen) { - int parameter_id,parameter_length; - union { - float f; - uint32_t i; - } bw; + u_int parameter_id,parameter_length; - if (obj_tlen < 4) - return 0; - parameter_id = *(tptr); - parameter_length = EXTRACT_16BITS(tptr+2)<<2; /* convert wordcount to bytecount */ + ND_ICHECK_U(obj_tlen, <, 4); + parameter_id = GET_U_1(tptr); + parameter_length = GET_BE_U_2(tptr + 2)<<2; /* convert wordcount to bytecount */ - ND_PRINT((ndo, "\n\t Parameter ID: %s (%u), length: %u, Flags: [0x%02x]", + ND_PRINT("\n\t Parameter ID: %s (%u), length: %u, Flags: [0x%02x]", tok2str(rsvp_intserv_parameter_id_values,"unknown",parameter_id), parameter_id, parameter_length, - *(tptr + 1))); + GET_U_1(tptr + 1)); - if (obj_tlen < parameter_length+4) - return 0; + ND_ICHECK_U(obj_tlen, <, parameter_length + 4); switch(parameter_id) { /* parameter_id */ case 4: @@ -516,8 +534,9 @@ rsvp_intserv_print(netdissect_options *ndo, * | IS hop cnt (32-bit unsigned integer) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - if (parameter_length == 4) - ND_PRINT((ndo, "\n\t\tIS hop count: %u", EXTRACT_32BITS(tptr + 4))); + if (parameter_length == 4) { + ND_PRINT("\n\t\tIS hop count: %u", GET_BE_U_4(tptr + 4)); + } break; case 6: @@ -529,8 +548,8 @@ rsvp_intserv_print(netdissect_options *ndo, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ if (parameter_length == 4) { - bw.i = EXTRACT_32BITS(tptr+4); - ND_PRINT((ndo, "\n\t\tPath b/w estimate: %.10g Mbps", bw.f / 125000)); + ND_PRINT("\n\t\tPath b/w estimate: %.10g Mbps", + GET_BE_F_4(tptr + 4) / 125000); } break; @@ -543,11 +562,11 @@ rsvp_intserv_print(netdissect_options *ndo, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ if (parameter_length == 4) { - ND_PRINT((ndo, "\n\t\tMinimum path latency: ")); - if (EXTRACT_32BITS(tptr+4) == 0xffffffff) - ND_PRINT((ndo, "don't care")); + ND_PRINT("\n\t\tMinimum path latency: "); + if (GET_BE_U_4(tptr + 4) == 0xffffffff) + ND_PRINT("don't care"); else - ND_PRINT((ndo, "%u", EXTRACT_32BITS(tptr + 4))); + ND_PRINT("%u", GET_BE_U_4(tptr + 4)); } break; @@ -560,8 +579,9 @@ rsvp_intserv_print(netdissect_options *ndo, * | Composed MTU (32-bit unsigned integer) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - if (parameter_length == 4) - ND_PRINT((ndo, "\n\t\tComposed MTU: %u bytes", EXTRACT_32BITS(tptr + 4))); + if (parameter_length == 4) { + ND_PRINT("\n\t\tComposed MTU: %u bytes", GET_BE_U_4(tptr + 4)); + } break; case 127: /* @@ -581,14 +601,16 @@ rsvp_intserv_print(netdissect_options *ndo, */ if (parameter_length == 20) { - bw.i = EXTRACT_32BITS(tptr+4); - ND_PRINT((ndo, "\n\t\tToken Bucket Rate: %.10g Mbps", bw.f / 125000)); - bw.i = EXTRACT_32BITS(tptr+8); - ND_PRINT((ndo, "\n\t\tToken Bucket Size: %.10g bytes", bw.f)); - bw.i = EXTRACT_32BITS(tptr+12); - ND_PRINT((ndo, "\n\t\tPeak Data Rate: %.10g Mbps", bw.f / 125000)); - ND_PRINT((ndo, "\n\t\tMinimum Policed Unit: %u bytes", EXTRACT_32BITS(tptr + 16))); - ND_PRINT((ndo, "\n\t\tMaximum Packet Size: %u bytes", EXTRACT_32BITS(tptr + 20))); + ND_PRINT("\n\t\tToken Bucket Rate: %.10g Mbps", + GET_BE_F_4(tptr + 4) / 125000); + ND_PRINT("\n\t\tToken Bucket Size: %.10g bytes", + GET_BE_F_4(tptr + 8)); + ND_PRINT("\n\t\tPeak Data Rate: %.10g Mbps", + GET_BE_F_4(tptr + 12) / 125000); + ND_PRINT("\n\t\tMinimum Policed Unit: %u bytes", + GET_BE_U_4(tptr + 16)); + ND_PRINT("\n\t\tMaximum Packet Size: %u bytes", + GET_BE_U_4(tptr + 20)); } break; @@ -604,9 +626,8 @@ rsvp_intserv_print(netdissect_options *ndo, */ if (parameter_length == 8) { - bw.i = EXTRACT_32BITS(tptr+4); - ND_PRINT((ndo, "\n\t\tRate: %.10g Mbps", bw.f / 125000)); - ND_PRINT((ndo, "\n\t\tSlack Term: %u", EXTRACT_32BITS(tptr + 8))); + ND_PRINT("\n\t\tRate: %.10g Mbps", GET_BE_F_4(tptr + 4) / 125000); + ND_PRINT("\n\t\tSlack Term: %u", GET_BE_U_4(tptr + 8)); } break; @@ -614,8 +635,9 @@ rsvp_intserv_print(netdissect_options *ndo, case 134: case 135: case 136: - if (parameter_length == 4) - ND_PRINT((ndo, "\n\t\tValue: %u", EXTRACT_32BITS(tptr + 4))); + if (parameter_length == 4) { + ND_PRINT("\n\t\tValue: %u", GET_BE_U_4(tptr + 4)); + } break; default: @@ -623,20 +645,29 @@ rsvp_intserv_print(netdissect_options *ndo, print_unknown_data(ndo, tptr + 4, "\n\t\t", parameter_length); } return (parameter_length+4); /* header length 4 bytes */ + +invalid: + nd_print_invalid(ndo); + return 0; +} + +/* + * Clear checksum prior to signature verification. + */ +static void +rsvp_clear_checksum(void *header) +{ + struct rsvp_common_header *rsvp_com_header = (struct rsvp_common_header *) header; + + rsvp_com_header->checksum[0] = 0; + rsvp_com_header->checksum[1] = 0; } static int rsvp_obj_print(netdissect_options *ndo, - const u_char *pptr -#ifndef HAVE_LIBCRYPTO -_U_ -#endif -, u_int plen -#ifndef HAVE_LIBCRYPTO -_U_ -#endif -, const u_char *tptr, - const char *ident, u_int tlen) + const u_char *pptr, u_int plen, const u_char *tptr, + const char *indent, u_int tlen, + const struct rsvp_common_header *rsvp_com_header) { const struct rsvp_object_header *rsvp_obj_header; const u_char *obj_tptr; @@ -645,55 +676,50 @@ _U_ const struct rsvp_obj_frr_t *rsvp_obj_frr; } obj_ptr; - u_short rsvp_obj_len,rsvp_obj_ctype,obj_tlen,intserv_serv_tlen; - int hexdump,processed,padbytes,error_code,error_value,i,sigcheck; - union { - float f; - uint32_t i; - } bw; - uint8_t namelen; + u_short rsvp_obj_len,rsvp_obj_ctype,rsvp_obj_class_num; + u_int obj_tlen,intserv_serv_tlen; + int hexdump; + u_int processed,padbytes,error_code,error_value,sigcheck; + u_int namelen; u_int action, subchannel; while(tlen>=sizeof(struct rsvp_object_header)) { - /* did we capture enough for fully decoding the object header ? */ - ND_TCHECK2(*tptr, sizeof(struct rsvp_object_header)); - rsvp_obj_header = (const struct rsvp_object_header *)tptr; - rsvp_obj_len=EXTRACT_16BITS(rsvp_obj_header->length); - rsvp_obj_ctype=rsvp_obj_header->ctype; + rsvp_obj_len=GET_BE_U_2(rsvp_obj_header->length); + rsvp_obj_ctype=GET_U_1(rsvp_obj_header->ctype); if(rsvp_obj_len % 4) { - ND_PRINT((ndo, "%sERROR: object header size %u not a multiple of 4", ident, rsvp_obj_len)); + ND_PRINT("%sERROR: object header size %u not a multiple of 4", indent, rsvp_obj_len); return -1; } if(rsvp_obj_len < sizeof(struct rsvp_object_header)) { - ND_PRINT((ndo, "%sERROR: object header too short %u < %lu", ident, rsvp_obj_len, - (unsigned long)sizeof(const struct rsvp_object_header))); + ND_PRINT("%sERROR: object header too short %u < %zu", indent, rsvp_obj_len, + sizeof(struct rsvp_object_header)); return -1; } - ND_PRINT((ndo, "%s%s Object (%u) Flags: [%s", - ident, + rsvp_obj_class_num = GET_U_1(rsvp_obj_header->class_num); + ND_PRINT("%s%s Object (%u) Flags: [%s", + indent, tok2str(rsvp_obj_values, "Unknown", - rsvp_obj_header->class_num), - rsvp_obj_header->class_num, - ((rsvp_obj_header->class_num) & 0x80) ? "ignore" : "reject")); - - if (rsvp_obj_header->class_num > 128) - ND_PRINT((ndo, " %s", - ((rsvp_obj_header->class_num) & 0x40) ? "and forward" : "silently")); - - ND_PRINT((ndo, " if unknown], Class-Type: %s (%u), length: %u", + rsvp_obj_class_num), + rsvp_obj_class_num, + (rsvp_obj_class_num & 0x80) ? + ((rsvp_obj_class_num & 0x40) ? "ignore and forward" : + "ignore silently") : + "reject"); + + ND_PRINT(" if unknown], Class-Type: %s (%u), length: %u", tok2str(rsvp_ctype_values, "Unknown", - ((rsvp_obj_header->class_num)<<8)+rsvp_obj_ctype), + (rsvp_obj_class_num<<8)+rsvp_obj_ctype), rsvp_obj_ctype, - rsvp_obj_len)); + rsvp_obj_len); if(tlen < rsvp_obj_len) { - ND_PRINT((ndo, "%sERROR: object goes past end of objects TLV", ident)); + ND_PRINT("%sERROR: object goes past end of objects TLV", indent); return -1; } @@ -701,87 +727,84 @@ _U_ obj_tlen=rsvp_obj_len-sizeof(struct rsvp_object_header); /* did we capture enough for fully decoding the object ? */ - if (!ND_TTEST2(*tptr, rsvp_obj_len)) - return -1; + ND_TCHECK_LEN(tptr, rsvp_obj_len); hexdump=FALSE; - switch(rsvp_obj_header->class_num) { + switch(rsvp_obj_class_num) { case RSVP_OBJ_SESSION: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; - ND_PRINT((ndo, "%s IPv4 DestAddress: %s, Protocol ID: 0x%02x", - ident, - ipaddr_string(ndo, obj_tptr), - *(obj_tptr + sizeof(struct in_addr)))); - ND_PRINT((ndo, "%s Flags: [0x%02x], DestPort %u", - ident, - *(obj_tptr+5), - EXTRACT_16BITS(obj_tptr + 6))); + goto obj_tooshort; + ND_PRINT("%s IPv4 DestAddress: %s, Protocol ID: 0x%02x", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_U_1(obj_tptr + sizeof(nd_ipv4))); + ND_PRINT("%s Flags: [0x%02x], DestPort %u", + indent, + GET_U_1((obj_tptr + 5)), + GET_BE_U_2(obj_tptr + 6)); obj_tlen-=8; obj_tptr+=8; break; -#ifdef INET6 case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; - ND_PRINT((ndo, "%s IPv6 DestAddress: %s, Protocol ID: 0x%02x", - ident, - ip6addr_string(ndo, obj_tptr), - *(obj_tptr + sizeof(struct in6_addr)))); - ND_PRINT((ndo, "%s Flags: [0x%02x], DestPort %u", - ident, - *(obj_tptr+sizeof(struct in6_addr)+1), - EXTRACT_16BITS(obj_tptr + sizeof(struct in6_addr) + 2))); + goto obj_tooshort; + ND_PRINT("%s IPv6 DestAddress: %s, Protocol ID: 0x%02x", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_U_1(obj_tptr + sizeof(nd_ipv6))); + ND_PRINT("%s Flags: [0x%02x], DestPort %u", + indent, + GET_U_1((obj_tptr + sizeof(nd_ipv6) + 1)), + GET_BE_U_2(obj_tptr + sizeof(nd_ipv6) + 2)); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 36) - return -1; - ND_PRINT((ndo, "%s IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+18), - ip6addr_string(ndo, obj_tptr + 20))); + goto obj_tooshort; + ND_PRINT("%s IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 18), + GET_IP6ADDR_STRING(obj_tptr + 20)); obj_tlen-=36; obj_tptr+=36; break; case RSVP_CTYPE_14: /* IPv6 p2mp LSP Tunnel */ if (obj_tlen < 26) - return -1; - ND_PRINT((ndo, "%s IPv6 P2MP LSP ID: 0x%08x, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", - ident, - EXTRACT_32BITS(obj_tptr), - EXTRACT_16BITS(obj_tptr+6), - ip6addr_string(ndo, obj_tptr + 8))); + goto obj_tooshort; + ND_PRINT("%s IPv6 P2MP LSP ID: 0x%08x, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", + indent, + GET_BE_U_4(obj_tptr), + GET_BE_U_2(obj_tptr + 6), + GET_IP6ADDR_STRING(obj_tptr + 8)); obj_tlen-=26; obj_tptr+=26; break; -#endif case RSVP_CTYPE_13: /* IPv4 p2mp LSP Tunnel */ if (obj_tlen < 12) - return -1; - ND_PRINT((ndo, "%s IPv4 P2MP LSP ID: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+6), - ipaddr_string(ndo, obj_tptr + 8))); + goto obj_tooshort; + ND_PRINT("%s IPv4 P2MP LSP ID: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6), + GET_IPADDR_STRING(obj_tptr + 8)); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_TUNNEL_IPV4: case RSVP_CTYPE_UNI_IPV4: if (obj_tlen < 12) - return -1; - ND_PRINT((ndo, "%s IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+6), - ipaddr_string(ndo, obj_tptr + 8))); + goto obj_tooshort; + ND_PRINT("%s IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6), + GET_IPADDR_STRING(obj_tptr + 8)); obj_tlen-=12; obj_tptr+=12; break; @@ -793,25 +816,23 @@ _U_ case RSVP_OBJ_CONFIRM: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: - if (obj_tlen < sizeof(struct in_addr)) - return -1; - ND_PRINT((ndo, "%s IPv4 Receiver Address: %s", - ident, - ipaddr_string(ndo, obj_tptr))); - obj_tlen-=sizeof(struct in_addr); - obj_tptr+=sizeof(struct in_addr); + if (obj_tlen < sizeof(nd_ipv4)) + goto obj_tooshort; + ND_PRINT("%s IPv4 Receiver Address: %s", + indent, + GET_IPADDR_STRING(obj_tptr)); + obj_tlen-=sizeof(nd_ipv4); + obj_tptr+=sizeof(nd_ipv4); break; -#ifdef INET6 case RSVP_CTYPE_IPV6: - if (obj_tlen < sizeof(struct in6_addr)) - return -1; - ND_PRINT((ndo, "%s IPv6 Receiver Address: %s", - ident, - ip6addr_string(ndo, obj_tptr))); - obj_tlen-=sizeof(struct in6_addr); - obj_tptr+=sizeof(struct in6_addr); + if (obj_tlen < sizeof(nd_ipv6)) + goto obj_tooshort; + ND_PRINT("%s IPv6 Receiver Address: %s", + indent, + GET_IP6ADDR_STRING(obj_tptr)); + obj_tlen-=sizeof(nd_ipv6); + obj_tptr+=sizeof(nd_ipv6); break; -#endif default: hexdump=TRUE; } @@ -820,25 +841,23 @@ _U_ case RSVP_OBJ_NOTIFY_REQ: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: - if (obj_tlen < sizeof(struct in_addr)) - return -1; - ND_PRINT((ndo, "%s IPv4 Notify Node Address: %s", - ident, - ipaddr_string(ndo, obj_tptr))); - obj_tlen-=sizeof(struct in_addr); - obj_tptr+=sizeof(struct in_addr); + if (obj_tlen < sizeof(nd_ipv4)) + goto obj_tooshort; + ND_PRINT("%s IPv4 Notify Node Address: %s", + indent, + GET_IPADDR_STRING(obj_tptr)); + obj_tlen-=sizeof(nd_ipv4); + obj_tptr+=sizeof(nd_ipv4); break; -#ifdef INET6 case RSVP_CTYPE_IPV6: - if (obj_tlen < sizeof(struct in6_addr)) - return-1; - ND_PRINT((ndo, "%s IPv6 Notify Node Address: %s", - ident, - ip6addr_string(ndo, obj_tptr))); - obj_tlen-=sizeof(struct in6_addr); - obj_tptr+=sizeof(struct in6_addr); + if (obj_tlen < sizeof(nd_ipv6)) + goto obj_tooshort; + ND_PRINT("%s IPv6 Notify Node Address: %s", + indent, + GET_IP6ADDR_STRING(obj_tptr)); + obj_tlen-=sizeof(nd_ipv6); + obj_tptr+=sizeof(nd_ipv6); break; -#endif default: hexdump=TRUE; } @@ -851,29 +870,29 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { - ND_PRINT((ndo, "%s Label: %u", ident, EXTRACT_32BITS(obj_tptr))); + ND_PRINT("%s Label: %u", indent, GET_BE_U_4(obj_tptr)); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s Generalized Label: %u", - ident, - EXTRACT_32BITS(obj_tptr))); + goto obj_tooshort; + ND_PRINT("%s Generalized Label: %u", + indent, + GET_BE_U_4(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; case RSVP_CTYPE_3: if (obj_tlen < 12) - return-1; - ND_PRINT((ndo, "%s Waveband ID: %u%s Start Label: %u, Stop Label: %u", - ident, - EXTRACT_32BITS(obj_tptr), - ident, - EXTRACT_32BITS(obj_tptr+4), - EXTRACT_32BITS(obj_tptr + 8))); + goto obj_tooshort; + ND_PRINT("%s Waveband ID: %u%s Start Label: %u, Stop Label: %u", + indent, + GET_BE_U_4(obj_tptr), + indent, + GET_BE_U_4(obj_tptr + 4), + GET_BE_U_4(obj_tptr + 8)); obj_tlen-=12; obj_tptr+=12; break; @@ -886,13 +905,13 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s Reservation Style: %s, Flags: [0x%02x]", - ident, + goto obj_tooshort; + ND_PRINT("%s Reservation Style: %s, Flags: [0x%02x]", + indent, tok2str(rsvp_resstyle_values, "Unknown", - EXTRACT_24BITS(obj_tptr+1)), - *(obj_tptr))); + GET_BE_U_3(obj_tptr + 1)), + GET_U_1(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; @@ -905,61 +924,59 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, Source Port: %u", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 6))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, Source Port: %u", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6)); obj_tlen-=8; obj_tptr+=8; break; -#ifdef INET6 case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, Source Port: %u", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 18))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, Source Port: %u", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 18)); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_13: /* IPv6 p2mp LSP tunnel */ if (obj_tlen < 40) - return-1; - ND_PRINT((ndo, "%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" + goto obj_tooshort; + ND_PRINT("%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+18), - ident, - ip6addr_string(ndo, obj_tptr+20), - EXTRACT_16BITS(obj_tptr + 38))); + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 18), + indent, + GET_IP6ADDR_STRING(obj_tptr+20), + GET_BE_U_2(obj_tptr + 38)); obj_tlen-=40; obj_tptr+=40; break; -#endif case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 6))); + goto obj_tooshort; + ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6)); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_12: /* IPv4 p2mp LSP tunnel */ if (obj_tlen < 16) - return-1; - ND_PRINT((ndo, "%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" + goto obj_tooshort; + ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+6), - ident, - ipaddr_string(ndo, obj_tptr+8), - EXTRACT_16BITS(obj_tptr + 12))); + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6), + indent, + GET_IPADDR_STRING(obj_tptr+8), + GET_BE_U_2(obj_tptr + 12)); obj_tlen-=16; obj_tptr+=16; break; @@ -972,71 +989,72 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { - ND_PRINT((ndo, "%s L3 Protocol ID: %s", - ident, + ND_PRINT("%s L3 Protocol ID: %s", + indent, tok2str(ethertype_values, "Unknown Protocol (0x%04x)", - EXTRACT_16BITS(obj_tptr + 2)))); + GET_BE_U_2(obj_tptr + 2))); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: if (obj_tlen < 12) - return-1; - ND_PRINT((ndo, "%s L3 Protocol ID: %s", - ident, + goto obj_tooshort; + ND_PRINT("%s L3 Protocol ID: %s", + indent, tok2str(ethertype_values, "Unknown Protocol (0x%04x)", - EXTRACT_16BITS(obj_tptr + 2)))); - ND_PRINT((ndo, ",%s merge capability",((*(obj_tptr + 4)) & 0x80) ? "no" : "" )); - ND_PRINT((ndo, "%s Minimum VPI/VCI: %u/%u", - ident, - (EXTRACT_16BITS(obj_tptr+4))&0xfff, - (EXTRACT_16BITS(obj_tptr + 6)) & 0xfff)); - ND_PRINT((ndo, "%s Maximum VPI/VCI: %u/%u", - ident, - (EXTRACT_16BITS(obj_tptr+8))&0xfff, - (EXTRACT_16BITS(obj_tptr + 10)) & 0xfff)); + GET_BE_U_2(obj_tptr + 2))); + ND_PRINT(",%s merge capability", + ((GET_U_1(obj_tptr + 4)) & 0x80) ? "no" : "" ); + ND_PRINT("%s Minimum VPI/VCI: %u/%u", + indent, + (GET_BE_U_2(obj_tptr + 4))&0xfff, + (GET_BE_U_2(obj_tptr + 6)) & 0xfff); + ND_PRINT("%s Maximum VPI/VCI: %u/%u", + indent, + (GET_BE_U_2(obj_tptr + 8))&0xfff, + (GET_BE_U_2(obj_tptr + 10)) & 0xfff); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_3: if (obj_tlen < 12) - return-1; - ND_PRINT((ndo, "%s L3 Protocol ID: %s", - ident, + goto obj_tooshort; + ND_PRINT("%s L3 Protocol ID: %s", + indent, tok2str(ethertype_values, "Unknown Protocol (0x%04x)", - EXTRACT_16BITS(obj_tptr + 2)))); - ND_PRINT((ndo, "%s Minimum/Maximum DLCI: %u/%u, %s%s bit DLCI", - ident, - (EXTRACT_32BITS(obj_tptr+4))&0x7fffff, - (EXTRACT_32BITS(obj_tptr+8))&0x7fffff, - (((EXTRACT_16BITS(obj_tptr+4)>>7)&3) == 0 ) ? "10" : "", - (((EXTRACT_16BITS(obj_tptr + 4) >> 7) & 3) == 2 ) ? "23" : "")); + GET_BE_U_2(obj_tptr + 2))); + ND_PRINT("%s Minimum/Maximum DLCI: %u/%u, %s%s bit DLCI", + indent, + (GET_BE_U_4(obj_tptr + 4))&0x7fffff, + (GET_BE_U_4(obj_tptr + 8))&0x7fffff, + (((GET_BE_U_2(obj_tptr + 4)>>7)&3) == 0 ) ? "10" : "", + (((GET_BE_U_2(obj_tptr + 4) >> 7) & 3) == 2 ) ? "23" : ""); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_4: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s LSP Encoding Type: %s (%u)", - ident, + goto obj_tooshort; + ND_PRINT("%s LSP Encoding Type: %s (%u)", + indent, tok2str(gmpls_encoding_values, "Unknown", - *obj_tptr), - *obj_tptr)); - ND_PRINT((ndo, "%s Switching Type: %s (%u), Payload ID: %s (0x%04x)", - ident, + GET_U_1(obj_tptr)), + GET_U_1(obj_tptr)); + ND_PRINT("%s Switching Type: %s (%u), Payload ID: %s (0x%04x)", + indent, tok2str(gmpls_switch_cap_values, "Unknown", - *(obj_tptr+1)), - *(obj_tptr+1), + GET_U_1((obj_tptr + 1))), + GET_U_1(obj_tptr + 1), tok2str(gmpls_payload_values, "Unknown", - EXTRACT_16BITS(obj_tptr+2)), - EXTRACT_16BITS(obj_tptr + 2))); + GET_BE_U_2(obj_tptr + 2)), + GET_BE_U_2(obj_tptr + 2)); obj_tlen-=4; obj_tptr+=4; break; @@ -1050,42 +1068,67 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: while(obj_tlen >= 4 ) { - ND_PRINT((ndo, "%s Subobject Type: %s, length %u", - ident, + u_char length; + + ND_TCHECK_4(obj_tptr); + length = GET_U_1(obj_tptr + 1); + ND_PRINT("%s Subobject Type: %s, length %u", + indent, tok2str(rsvp_obj_xro_values, "Unknown %u", - RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)), - *(obj_tptr + 1))); + RSVP_OBJ_XRO_MASK_SUBOBJ(GET_U_1(obj_tptr))), + length); + if (obj_tlen < length) { + ND_PRINT("%s ERROR: ERO subobject length > object length", indent); + break; + } - if (*(obj_tptr+1) == 0) { /* prevent infinite loops */ - ND_PRINT((ndo, "%s ERROR: zero length ERO subtype", ident)); + if (length == 0) { /* prevent infinite loops */ + ND_PRINT("%s ERROR: zero length ERO subtype", indent); break; } - switch(RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)) { + switch(RSVP_OBJ_XRO_MASK_SUBOBJ(GET_U_1(obj_tptr))) { + u_char prefix_length; + case RSVP_OBJ_XRO_IPV4: - ND_PRINT((ndo, ", %s, %s/%u, Flags: [%s]", - RSVP_OBJ_XRO_MASK_LOOSE(*obj_tptr) ? "Loose" : "Strict", - ipaddr_string(ndo, obj_tptr+2), - *(obj_tptr+6), + if (length != 8) { + ND_PRINT(" ERROR: length != 8"); + goto invalid; + } + ND_TCHECK_8(obj_tptr); + prefix_length = GET_U_1(obj_tptr + 6); + if (prefix_length != 32) { + ND_PRINT(" ERROR: Prefix length %u != 32", + prefix_length); + goto invalid; + } + ND_PRINT(", %s, %s/%u, Flags: [%s]", + RSVP_OBJ_XRO_MASK_LOOSE(GET_U_1(obj_tptr)) ? "Loose" : "Strict", + GET_IPADDR_STRING(obj_tptr+2), + GET_U_1((obj_tptr + 6)), bittok2str(rsvp_obj_rro_flag_values, "none", - *(obj_tptr + 7)))); /* rfc3209 says that this field is rsvd. */ + GET_U_1((obj_tptr + 7)))); /* rfc3209 says that this field is rsvd. */ break; case RSVP_OBJ_XRO_LABEL: - ND_PRINT((ndo, ", Flags: [%s] (%#x), Class-Type: %s (%u), %u", + if (length != 8) { + ND_PRINT(" ERROR: length != 8"); + goto invalid; + } + ND_PRINT(", Flags: [%s] (%#x), Class-Type: %s (%u), %u", bittok2str(rsvp_obj_rro_label_flag_values, "none", - *(obj_tptr+2)), - *(obj_tptr+2), + GET_U_1((obj_tptr + 2))), + GET_U_1(obj_tptr + 2), tok2str(rsvp_ctype_values, "Unknown", - *(obj_tptr+3) + 256*RSVP_OBJ_RRO), - *(obj_tptr+3), - EXTRACT_32BITS(obj_tptr + 4))); + GET_U_1((obj_tptr + 3)) + (256 * RSVP_OBJ_RRO)), + GET_U_1((obj_tptr + 3)), + GET_BE_U_4(obj_tptr + 4)); } - obj_tlen-=*(obj_tptr+1); - obj_tptr+=*(obj_tptr+1); + obj_tlen-=length; + obj_tptr+=length; } break; default: @@ -1098,11 +1141,11 @@ _U_ case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Source Instance: 0x%08x, Destination Instance: 0x%08x", - ident, - EXTRACT_32BITS(obj_tptr), - EXTRACT_32BITS(obj_tptr + 4))); + goto obj_tooshort; + ND_PRINT("%s Source Instance: 0x%08x, Destination Instance: 0x%08x", + indent, + GET_BE_U_4(obj_tptr), + GET_BE_U_4(obj_tptr + 4)); obj_tlen-=8; obj_tptr+=8; break; @@ -1115,11 +1158,11 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Restart Time: %ums, Recovery Time: %ums", - ident, - EXTRACT_32BITS(obj_tptr), - EXTRACT_32BITS(obj_tptr + 4))); + goto obj_tooshort; + ND_PRINT("%s Restart Time: %ums, Recovery Time: %ums", + indent, + GET_BE_U_4(obj_tptr), + GET_BE_U_4(obj_tptr + 4)); obj_tlen-=8; obj_tptr+=8; break; @@ -1128,27 +1171,48 @@ _U_ } break; + case RSVP_OBJ_CAPABILITY: + switch(rsvp_obj_ctype) { + case RSVP_CTYPE_1: + if (obj_tlen < 4) + goto obj_tooshort; + uint32_t unused_and_flags = GET_BE_U_4(obj_tptr); + if (unused_and_flags & ~RSVP_OBJ_CAPABILITY_FLAGS_MASK) + ND_PRINT("%s [reserved=0x%08x must be zero]", indent, + unused_and_flags & ~RSVP_OBJ_CAPABILITY_FLAGS_MASK); + ND_PRINT("%s Flags: [%s]", + indent, + bittok2str(rsvp_obj_capability_flag_values, + "none", + (unused_and_flags & RSVP_OBJ_CAPABILITY_FLAGS_MASK))); + obj_tlen-=4; + obj_tptr+=4; + break; + default: + hexdump=TRUE; + } + break; + case RSVP_OBJ_SESSION_ATTRIBUTE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 4) - return-1; - namelen = *(obj_tptr+3); + goto obj_tooshort; + namelen = GET_U_1(obj_tptr + 3); if (obj_tlen < 4+namelen) - return-1; - ND_PRINT((ndo, "%s Session Name: ", ident)); - for (i = 0; i < namelen; i++) - safeputchar(ndo, *(obj_tptr + 4 + i)); - ND_PRINT((ndo, "%s Setup Priority: %u, Holding Priority: %u, Flags: [%s] (%#x)", - ident, - (int)*obj_tptr, - (int)*(obj_tptr+1), + goto obj_tooshort; + ND_PRINT("%s Session Name: ", indent); + nd_printjn(ndo, obj_tptr + 4, namelen); + ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Flags: [%s] (%#x)", + indent, + GET_U_1(obj_tptr), + GET_U_1(obj_tptr + 1), bittok2str(rsvp_session_attribute_flag_values, "none", - *(obj_tptr+2)), - *(obj_tptr + 2))); - obj_tlen-=4+*(obj_tptr+3); - obj_tptr+=4+*(obj_tptr+3); + GET_U_1((obj_tptr + 2))), + GET_U_1(obj_tptr + 2)); + obj_tlen-=4+namelen; + obj_tptr+=4+namelen; break; default: hexdump=TRUE; @@ -1157,46 +1221,84 @@ _U_ case RSVP_OBJ_GENERALIZED_UNI: switch(rsvp_obj_ctype) { - int subobj_type,af,subobj_len,total_subobj_len; + u_int subobj_type,af,subobj_len,total_subobj_len; case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; /* read variable length subobjects */ total_subobj_len = obj_tlen; - while(total_subobj_len > 0) { - subobj_len = EXTRACT_16BITS(obj_tptr); - subobj_type = (EXTRACT_16BITS(obj_tptr+2))>>8; - af = (EXTRACT_16BITS(obj_tptr+2))&0x00FF; - - ND_PRINT((ndo, "%s Subobject Type: %s (%u), AF: %s (%u), length: %u", - ident, + while(total_subobj_len != 0) { + /* If RFC 3476 Section 3.1 defined that a sub-object of the + * GENERALIZED_UNI RSVP object must have the Length field as + * a multiple of 4, instead of the check below it would be + * better to test total_subobj_len only once before the loop. + * So long as it does not define it and this while loop does + * not implement such a requirement, let's accept that within + * each iteration subobj_len may happen to be a multiple of 1 + * and test it and total_subobj_len respectively. + */ + ND_ICHECK_U(total_subobj_len, <, 4); + subobj_len = GET_BE_U_2(obj_tptr); + subobj_type = (GET_BE_U_2(obj_tptr + 2))>>8; + af = (GET_BE_U_2(obj_tptr + 2))&0x00FF; + + ND_PRINT("%s Subobject Type: %s (%u), AF: %s (%u), length: %u", + indent, tok2str(rsvp_obj_generalized_uni_values, "Unknown", subobj_type), subobj_type, tok2str(af_values, "Unknown", af), af, - subobj_len)); + subobj_len); + + /* In addition to what is explained above, the same spec does not + * explicitly say that the same Length field includes the 4-octet + * sub-object header, but as long as this while loop implements it + * as it does include, let's keep the check below consistent with + * the rest of the code. + * + * XXX - RFC 3476 Section 3.1 says "The contents of these + * sub-objects are described in [8]", where [8] is + * UNI 1.0 Signaling Specification, The Optical + * Internetworking Forum. The URL they give for that + * document is + * + * http://www.oiforum.com/public/UNI_1.0_ia.html + * + * but that doesn't work; the new URL appears to be + * + * https://web.archive.org/web/20160401194747/http://www.oiforum.com/public/documents/OIF-UNI-01.0.pdf + * + * and *that* document, in section 12.5.2.3 + * "GENERALIZED_UNI Object (Class-Num=11bbbbbb (TBA))", + * says nothing about the length field in general, but + * some of the examples it gives in subsections have + * length field values that clearly includes the length + * of the sub-object header as well as the length of the + * value. + */ + if(subobj_len < 4 || subobj_len > total_subobj_len || + obj_tlen < subobj_len) + goto invalid; switch(subobj_type) { case RSVP_GEN_UNI_SUBOBJ_SOURCE_TNA_ADDRESS: case RSVP_GEN_UNI_SUBOBJ_DESTINATION_TNA_ADDRESS: switch(af) { - case AFNUM_INET: + case AFNUM_IP: if (subobj_len < 8) - return -1; - ND_PRINT((ndo, "%s UNI IPv4 TNA address: %s", - ident, ipaddr_string(ndo, obj_tptr + 4))); + goto subobj_tooshort; + ND_PRINT("%s UNI IPv4 TNA address: %s", + indent, GET_IPADDR_STRING(obj_tptr + 4)); break; -#ifdef INET6 - case AFNUM_INET6: + case AFNUM_IP6: if (subobj_len < 20) - return -1; - ND_PRINT((ndo, "%s UNI IPv6 TNA address: %s", - ident, ip6addr_string(ndo, obj_tptr + 4))); + goto subobj_tooshort; + ND_PRINT("%s UNI IPv6 TNA address: %s", + indent, GET_IP6ADDR_STRING(obj_tptr + 4)); break; -#endif case AFNUM_NSAP: if (subobj_len) { /* unless we have a TLV parser lets just hexdump */ @@ -1207,7 +1309,7 @@ _U_ break; case RSVP_GEN_UNI_SUBOBJ_DIVERSITY: - if (subobj_len) { + if (subobj_len > 4) { /* unless we have a TLV parser lets just hexdump */ hexdump=TRUE; } @@ -1215,24 +1317,24 @@ _U_ case RSVP_GEN_UNI_SUBOBJ_EGRESS_LABEL: if (subobj_len < 16) { - return -1; + goto subobj_tooshort; } - ND_PRINT((ndo, "%s U-bit: %x, Label type: %u, Logical port id: %u, Label: %u", - ident, - ((EXTRACT_32BITS(obj_tptr+4))>>31), - ((EXTRACT_32BITS(obj_tptr+4))&0xFF), - EXTRACT_32BITS(obj_tptr+8), - EXTRACT_32BITS(obj_tptr + 12))); + ND_PRINT("%s U-bit: %x, Label type: %u, Logical port id: %u, Label: %u", + indent, + ((GET_BE_U_4(obj_tptr + 4))>>31), + ((GET_BE_U_4(obj_tptr + 4))&0xFF), + GET_BE_U_4(obj_tptr + 8), + GET_BE_U_4(obj_tptr + 12)); break; case RSVP_GEN_UNI_SUBOBJ_SERVICE_LEVEL: if (subobj_len < 8) { - return -1; + goto subobj_tooshort; } - ND_PRINT((ndo, "%s Service level: %u", - ident, (EXTRACT_32BITS(obj_tptr + 4)) >> 24)); + ND_PRINT("%s Service level: %u", + indent, (GET_BE_U_4(obj_tptr + 4)) >> 24); break; default: @@ -1243,11 +1345,6 @@ _U_ obj_tptr+=subobj_len; obj_tlen+=subobj_len; } - - if (total_subobj_len) { - /* unless we have a TLV parser lets just hexdump */ - hexdump=TRUE; - } break; default: @@ -1260,30 +1357,28 @@ _U_ case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_32BITS(obj_tptr + 4))); + goto obj_tooshort; + ND_PRINT("%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_4(obj_tptr + 4)); obj_tlen-=8; obj_tptr+=8; if (obj_tlen) hexdump=TRUE; /* unless we have a TLV parser lets just hexdump */ break; -#ifdef INET6 case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; - ND_PRINT((ndo, "%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_32BITS(obj_tptr + 16))); + goto obj_tooshort; + ND_PRINT("%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_4(obj_tptr + 16)); obj_tlen-=20; obj_tptr+=20; hexdump=TRUE; /* unless we have a TLV parser lets just hexdump */ break; -#endif default: hexdump=TRUE; } @@ -1293,10 +1388,10 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s Refresh Period: %ums", - ident, - EXTRACT_32BITS(obj_tptr))); + goto obj_tooshort; + ND_PRINT("%s Refresh Period: %ums", + indent, + GET_BE_U_4(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; @@ -1312,22 +1407,22 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_2: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s Msg-Version: %u, length: %u", - ident, - (*obj_tptr & 0xf0) >> 4, - EXTRACT_16BITS(obj_tptr + 2) << 2)); + goto obj_tooshort; + ND_PRINT("%s Msg-Version: %u, length: %u", + indent, + (GET_U_1(obj_tptr) & 0xf0) >> 4, + GET_BE_U_2(obj_tptr + 2) << 2); obj_tptr+=4; /* get to the start of the service header */ obj_tlen-=4; while (obj_tlen >= 4) { - intserv_serv_tlen=EXTRACT_16BITS(obj_tptr+2)<<2; - ND_PRINT((ndo, "%s Service Type: %s (%u), break bit %s set, Service length: %u", - ident, - tok2str(rsvp_intserv_service_type_values,"unknown",*(obj_tptr)), - *(obj_tptr), - (*(obj_tptr+1)&0x80) ? "" : "not", - intserv_serv_tlen)); + intserv_serv_tlen=GET_BE_U_2(obj_tptr + 2)<<2; + ND_PRINT("%s Service Type: %s (%u), break bit %sset, Service length: %u", + indent, + tok2str(rsvp_intserv_service_type_values,"unknown",GET_U_1((obj_tptr))), + GET_U_1(obj_tptr), + (GET_U_1(obj_tptr + 1)&0x80) ? "" : "not ", + intserv_serv_tlen); obj_tptr+=4; /* get to the start of the parameter list */ obj_tlen-=4; @@ -1351,81 +1446,79 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, Source Port: %u", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 6))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, Source Port: %u", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6)); obj_tlen-=8; obj_tptr+=8; break; -#ifdef INET6 case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, Source Port: %u", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 18))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, Source Port: %u", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 18)); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_3: if (obj_tlen < 20) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, Flow Label: %u", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_24BITS(obj_tptr + 17))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, Flow Label: %u", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_3(obj_tptr + 17)); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 20) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, LSP-ID: 0x%04x", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 18))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, LSP-ID: 0x%04x", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 18)); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_13: /* IPv6 p2mp LSP tunnel */ if (obj_tlen < 40) - return-1; - ND_PRINT((ndo, "%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" + goto obj_tooshort; + ND_PRINT("%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", - ident, - ip6addr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+18), - ident, - ip6addr_string(ndo, obj_tptr+20), - EXTRACT_16BITS(obj_tptr + 38))); + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 18), + indent, + GET_IP6ADDR_STRING(obj_tptr+20), + GET_BE_U_2(obj_tptr + 38)); obj_tlen-=40; obj_tptr+=40; break; -#endif case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Source Address: %s, LSP-ID: 0x%04x", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr + 6))); + goto obj_tooshort; + ND_PRINT("%s Source Address: %s, LSP-ID: 0x%04x", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6)); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_12: /* IPv4 p2mp LSP tunnel */ if (obj_tlen < 16) - return-1; - ND_PRINT((ndo, "%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" + goto obj_tooshort; + ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", - ident, - ipaddr_string(ndo, obj_tptr), - EXTRACT_16BITS(obj_tptr+6), - ident, - ipaddr_string(ndo, obj_tptr+8), - EXTRACT_16BITS(obj_tptr + 12))); + indent, + GET_IPADDR_STRING(obj_tptr), + GET_BE_U_2(obj_tptr + 6), + indent, + GET_IPADDR_STRING(obj_tptr+8), + GET_BE_U_2(obj_tptr + 12)); obj_tlen-=16; obj_tptr+=16; break; @@ -1437,40 +1530,39 @@ _U_ case RSVP_OBJ_FASTREROUTE: /* the differences between c-type 1 and 7 are minor */ obj_ptr.rsvp_obj_frr = (const struct rsvp_obj_frr_t *)obj_tptr; - bw.i = EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->bandwidth); switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: /* new style */ if (obj_tlen < sizeof(struct rsvp_obj_frr_t)) - return-1; - ND_PRINT((ndo, "%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", - ident, - (int)obj_ptr.rsvp_obj_frr->setup_prio, - (int)obj_ptr.rsvp_obj_frr->hold_prio, - (int)obj_ptr.rsvp_obj_frr->hop_limit, - bw.f * 8 / 1000000)); - ND_PRINT((ndo, "%s Include-any: 0x%08x, Exclude-any: 0x%08x, Include-all: 0x%08x", - ident, - EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_any), - EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->exclude_any), - EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_all))); + goto obj_tooshort; + ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", + indent, + GET_U_1(obj_ptr.rsvp_obj_frr->setup_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hold_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hop_limit), + GET_BE_F_4(obj_ptr.rsvp_obj_frr->bandwidth) * 8 / 1000000); + ND_PRINT("%s Include-any: 0x%08x, Exclude-any: 0x%08x, Include-all: 0x%08x", + indent, + GET_BE_U_4(obj_ptr.rsvp_obj_frr->include_any), + GET_BE_U_4(obj_ptr.rsvp_obj_frr->exclude_any), + GET_BE_U_4(obj_ptr.rsvp_obj_frr->include_all)); obj_tlen-=sizeof(struct rsvp_obj_frr_t); obj_tptr+=sizeof(struct rsvp_obj_frr_t); break; case RSVP_CTYPE_TUNNEL_IPV4: /* old style */ if (obj_tlen < 16) - return-1; - ND_PRINT((ndo, "%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", - ident, - (int)obj_ptr.rsvp_obj_frr->setup_prio, - (int)obj_ptr.rsvp_obj_frr->hold_prio, - (int)obj_ptr.rsvp_obj_frr->hop_limit, - bw.f * 8 / 1000000)); - ND_PRINT((ndo, "%s Include Colors: 0x%08x, Exclude Colors: 0x%08x", - ident, - EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_any), - EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->exclude_any))); + goto obj_tooshort; + ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", + indent, + GET_U_1(obj_ptr.rsvp_obj_frr->setup_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hold_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hop_limit), + GET_BE_F_4(obj_ptr.rsvp_obj_frr->bandwidth) * 8 / 1000000); + ND_PRINT("%s Include Colors: 0x%08x, Exclude Colors: 0x%08x", + indent, + GET_BE_U_4(obj_ptr.rsvp_obj_frr->include_any), + GET_BE_U_4(obj_ptr.rsvp_obj_frr->exclude_any)); obj_tlen-=16; obj_tptr+=16; break; @@ -1484,10 +1576,10 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: while(obj_tlen >= 8) { - ND_PRINT((ndo, "%s PLR-ID: %s, Avoid-Node-ID: %s", - ident, - ipaddr_string(ndo, obj_tptr), - ipaddr_string(ndo, obj_tptr + 4))); + ND_PRINT("%s PLR-ID: %s, Avoid-Node-ID: %s", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_IPADDR_STRING(obj_tptr + 4)); obj_tlen-=8; obj_tptr+=8; } @@ -1501,9 +1593,11 @@ _U_ case RSVP_OBJ_CLASSTYPE_OLD: /* fall through */ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: - ND_PRINT((ndo, "%s CT: %u", - ident, - EXTRACT_32BITS(obj_tptr) & 0x7)); + if (obj_tlen < 4) + goto obj_tooshort; + ND_PRINT("%s CT: %u", + indent, + GET_BE_U_4(obj_tptr) & 0x7); obj_tlen-=4; obj_tptr+=4; break; @@ -1517,55 +1611,54 @@ _U_ case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; - error_code=*(obj_tptr+5); - error_value=EXTRACT_16BITS(obj_tptr+6); - ND_PRINT((ndo, "%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", - ident, - ipaddr_string(ndo, obj_tptr), - *(obj_tptr+4), - ident, + goto obj_tooshort; + error_code=GET_U_1(obj_tptr + 5); + error_value=GET_BE_U_2(obj_tptr + 6); + ND_PRINT("%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", + indent, + GET_IPADDR_STRING(obj_tptr), + GET_U_1(obj_tptr + 4), + indent, tok2str(rsvp_obj_error_code_values,"unknown",error_code), - error_code)); + error_code); switch (error_code) { case RSVP_OBJ_ERROR_SPEC_CODE_ROUTING: - ND_PRINT((ndo, ", Error Value: %s (%u)", + ND_PRINT(", Error Value: %s (%u)", tok2str(rsvp_obj_error_code_routing_values,"unknown",error_value), - error_value)); + error_value); break; case RSVP_OBJ_ERROR_SPEC_CODE_DIFFSERV_TE: /* fall through */ case RSVP_OBJ_ERROR_SPEC_CODE_DIFFSERV_TE_OLD: - ND_PRINT((ndo, ", Error Value: %s (%u)", + ND_PRINT(", Error Value: %s (%u)", tok2str(rsvp_obj_error_code_diffserv_te_values,"unknown",error_value), - error_value)); + error_value); break; default: - ND_PRINT((ndo, ", Unknown Error Value (%u)", error_value)); + ND_PRINT(", Unknown Error Value (%u)", error_value); break; } obj_tlen-=8; obj_tptr+=8; break; -#ifdef INET6 case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; - error_code=*(obj_tptr+17); - error_value=EXTRACT_16BITS(obj_tptr+18); - ND_PRINT((ndo, "%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", - ident, - ip6addr_string(ndo, obj_tptr), - *(obj_tptr+16), - ident, + goto obj_tooshort; + error_code=GET_U_1(obj_tptr + 17); + error_value=GET_BE_U_2(obj_tptr + 18); + ND_PRINT("%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", + indent, + GET_IP6ADDR_STRING(obj_tptr), + GET_U_1(obj_tptr + 16), + indent, tok2str(rsvp_obj_error_code_values,"unknown",error_code), - error_code)); + error_code); switch (error_code) { case RSVP_OBJ_ERROR_SPEC_CODE_ROUTING: - ND_PRINT((ndo, ", Error Value: %s (%u)", + ND_PRINT(", Error Value: %s (%u)", tok2str(rsvp_obj_error_code_routing_values,"unknown",error_value), - error_value)); + error_value); break; default: break; @@ -1573,7 +1666,6 @@ _U_ obj_tlen-=20; obj_tptr+=20; break; -#endif default: hexdump=TRUE; } @@ -1583,28 +1675,31 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; - padbytes = EXTRACT_16BITS(obj_tptr+2); - ND_PRINT((ndo, "%s TLV count: %u, padding bytes: %u", - ident, - EXTRACT_16BITS(obj_tptr), - padbytes)); + goto obj_tooshort; + padbytes = GET_BE_U_2(obj_tptr + 2); + ND_PRINT("%s TLV count: %u, padding bytes: %u", + indent, + GET_BE_U_2(obj_tptr), + padbytes); obj_tlen-=4; obj_tptr+=4; /* loop through as long there is anything longer than the TLV header (2) */ while(obj_tlen >= 2 + padbytes) { - ND_PRINT((ndo, "%s %s TLV (0x%02x), length: %u", /* length includes header */ - ident, - tok2str(rsvp_obj_prop_tlv_values,"unknown",*obj_tptr), - *obj_tptr, - *(obj_tptr + 1))); - if (obj_tlen < *(obj_tptr+1)) - return-1; - if (*(obj_tptr+1) < 2) + ND_PRINT("%s %s TLV (0x%02x), length: %u", /* length includes header */ + indent, + tok2str(rsvp_obj_prop_tlv_values,"unknown",GET_U_1(obj_tptr)), + GET_U_1(obj_tptr), + GET_U_1(obj_tptr + 1)); + if (obj_tlen < GET_U_1(obj_tptr + 1)) + goto obj_tooshort; + if (GET_U_1(obj_tptr + 1) < 2) { + ND_PRINT("%sERROR: property TLV is too short", indent); return -1; - print_unknown_data(ndo, obj_tptr + 2, "\n\t\t", *(obj_tptr + 1) - 2); - obj_tlen-=*(obj_tptr+1); - obj_tptr+=*(obj_tptr+1); + } + print_unknown_data(ndo, obj_tptr + 2, "\n\t\t", + GET_U_1(obj_tptr + 1) - 2); + obj_tlen-=GET_U_1(obj_tptr + 1); + obj_tptr+=GET_U_1(obj_tptr + 1); } break; default: @@ -1618,20 +1713,20 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: - if (obj_tlen < 8) - return-1; - ND_PRINT((ndo, "%s Flags [0x%02x], epoch: %u", - ident, - *obj_tptr, - EXTRACT_24BITS(obj_tptr + 1))); + if (obj_tlen < 4) + goto obj_tooshort; + ND_PRINT("%s Flags [0x%02x], epoch: %u", + indent, + GET_U_1(obj_tptr), + GET_BE_U_3(obj_tptr + 1)); obj_tlen-=4; obj_tptr+=4; /* loop through as long there are no messages left */ while(obj_tlen >= 4) { - ND_PRINT((ndo, "%s Message-ID 0x%08x (%u)", - ident, - EXTRACT_32BITS(obj_tptr), - EXTRACT_32BITS(obj_tptr))); + ND_PRINT("%s Message-ID 0x%08x (%u)", + indent, + GET_BE_U_4(obj_tptr), + GET_BE_U_4(obj_tptr)); obj_tlen-=4; obj_tptr+=4; } @@ -1645,31 +1740,29 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_integrity_t)) - return-1; + goto obj_tooshort; obj_ptr.rsvp_obj_integrity = (const struct rsvp_obj_integrity_t *)obj_tptr; - ND_PRINT((ndo, "%s Key-ID 0x%04x%08x, Sequence 0x%08x%08x, Flags [%s]", - ident, - EXTRACT_16BITS(obj_ptr.rsvp_obj_integrity->key_id), - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->key_id+2), - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->sequence), - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->sequence+4), + ND_PRINT("%s Key-ID 0x%04x%08x, Sequence 0x%08x%08x, Flags [%s]", + indent, + GET_BE_U_2(obj_ptr.rsvp_obj_integrity->key_id), + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->key_id + 2), + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->sequence), + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->sequence + 4), bittok2str(rsvp_obj_integrity_flag_values, "none", - obj_ptr.rsvp_obj_integrity->flags))); - ND_PRINT((ndo, "%s MD5-sum 0x%08x%08x%08x%08x ", - ident, - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest), - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest+4), - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest+8), - EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest + 12))); - -#ifdef HAVE_LIBCRYPTO - sigcheck = signature_verify(ndo, pptr, plen, (unsigned char *)obj_ptr.\ - rsvp_obj_integrity->digest); -#else - sigcheck = CANT_CHECK_SIGNATURE; -#endif - ND_PRINT((ndo, " (%s)", tok2str(signature_check_values, "Unknown", sigcheck))); + GET_U_1(obj_ptr.rsvp_obj_integrity->flags))); + ND_PRINT("%s MD5-sum 0x%08x%08x%08x%08x ", + indent, + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->digest), + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->digest + 4), + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->digest + 8), + GET_BE_U_4(obj_ptr.rsvp_obj_integrity->digest + 12)); + + sigcheck = signature_verify(ndo, pptr, plen, + obj_ptr.rsvp_obj_integrity->digest, + rsvp_clear_checksum, + rsvp_com_header); + ND_PRINT(" (%s)", tok2str(signature_check_values, "Unknown", sigcheck)); obj_tlen+=sizeof(struct rsvp_obj_integrity_t); obj_tptr+=sizeof(struct rsvp_obj_integrity_t); @@ -1683,10 +1776,10 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s Flags [%s]", ident, + goto obj_tooshort; + ND_PRINT("%s Flags [%s]", indent, bittok2str(rsvp_obj_admin_status_flag_values, "none", - EXTRACT_32BITS(obj_tptr)))); + GET_BE_U_4(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; @@ -1699,12 +1792,12 @@ _U_ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; - action = (EXTRACT_16BITS(obj_tptr)>>8); + goto obj_tooshort; + action = (GET_BE_U_2(obj_tptr)>>8); - ND_PRINT((ndo, "%s Action: %s (%u), Label type: %u", ident, + ND_PRINT("%s Action: %s (%u), Label type: %u", indent, tok2str(rsvp_obj_label_set_action_values, "Unknown", action), - action, ((EXTRACT_32BITS(obj_tptr) & 0x7F)))); + action, (GET_BE_U_4(obj_tptr) & 0x7F)); switch (action) { case LABEL_SET_INCLUSIVE_RANGE: @@ -1712,10 +1805,10 @@ _U_ /* only a couple of subchannels are expected */ if (obj_tlen < 12) - return -1; - ND_PRINT((ndo, "%s Start range: %u, End range: %u", ident, - EXTRACT_32BITS(obj_tptr+4), - EXTRACT_32BITS(obj_tptr + 8))); + goto obj_tooshort; + ND_PRINT("%s Start range: %u, End range: %u", indent, + GET_BE_U_4(obj_tptr + 4), + GET_BE_U_4(obj_tptr + 8)); obj_tlen-=12; obj_tptr+=12; break; @@ -1725,8 +1818,8 @@ _U_ obj_tptr+=4; subchannel = 1; while(obj_tlen >= 4 ) { - ND_PRINT((ndo, "%s Subchannel #%u: %u", ident, subchannel, - EXTRACT_32BITS(obj_tptr))); + ND_PRINT("%s Subchannel #%u: %u", indent, subchannel, + GET_BE_U_4(obj_tptr)); obj_tptr+=4; obj_tlen-=4; subchannel++; @@ -1737,32 +1830,32 @@ _U_ default: hexdump=TRUE; } + break; case RSVP_OBJ_S2L: switch (rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 4) - return-1; - ND_PRINT((ndo, "%s Sub-LSP destination address: %s", - ident, ipaddr_string(ndo, obj_tptr))); + goto obj_tooshort; + ND_PRINT("%s Sub-LSP destination address: %s", + indent, GET_IPADDR_STRING(obj_tptr)); obj_tlen-=4; obj_tptr+=4; break; -#ifdef INET6 case RSVP_CTYPE_IPV6: if (obj_tlen < 16) - return-1; - ND_PRINT((ndo, "%s Sub-LSP destination address: %s", - ident, ip6addr_string(ndo, obj_tptr))); + goto obj_tooshort; + ND_PRINT("%s Sub-LSP destination address: %s", + indent, GET_IP6ADDR_STRING(obj_tptr)); obj_tlen-=16; obj_tptr+=16; break; -#endif default: hexdump=TRUE; } + break; /* * FIXME those are the defined objects that lack a decoder @@ -1787,123 +1880,137 @@ _U_ tlen-=rsvp_obj_len; } return 0; -trunc: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); +subobj_tooshort: + ND_PRINT("%sERROR: sub-object is too short", indent); + return -1; +obj_tooshort: + ND_PRINT("%sERROR: object is too short", indent); + return -1; +invalid: + nd_print_invalid(ndo); return -1; } void rsvp_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) + const u_char *pptr, u_int len) { - struct rsvp_common_header *rsvp_com_header; - const u_char *tptr,*subtptr; - u_short plen, tlen, subtlen; + const struct rsvp_common_header *rsvp_com_header; + uint8_t version_flags, msg_type; + const u_char *tptr; + u_short plen, tlen; + ndo->ndo_protocol = "rsvp"; tptr=pptr; - rsvp_com_header = (struct rsvp_common_header *)pptr; - ND_TCHECK(*rsvp_com_header); + rsvp_com_header = (const struct rsvp_common_header *)pptr; + ND_TCHECK_SIZE(rsvp_com_header); + version_flags = GET_U_1(rsvp_com_header->version_flags); /* * Sanity checking of the header. */ - if (RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags) != RSVP_VERSION) { - ND_PRINT((ndo, "ERROR: RSVP version %u packet not supported", - RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags))); + if (RSVP_EXTRACT_VERSION(version_flags) != RSVP_VERSION) { + ND_PRINT("ERROR: RSVP version %u packet not supported", + RSVP_EXTRACT_VERSION(version_flags)); return; } + msg_type = GET_U_1(rsvp_com_header->msg_type); + /* in non-verbose mode just lets print the basic Message Type*/ if (ndo->ndo_vflag < 1) { - ND_PRINT((ndo, "RSVPv%u %s Message, length: %u", - RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags), - tok2str(rsvp_msg_type_values, "unknown (%u)",rsvp_com_header->msg_type), - len)); + ND_PRINT("RSVPv%u %s Message, length: %u", + RSVP_EXTRACT_VERSION(version_flags), + tok2str(rsvp_msg_type_values, "unknown (%u)",msg_type), + len); return; } /* ok they seem to want to know everything - lets fully decode it */ - plen = tlen = EXTRACT_16BITS(rsvp_com_header->length); + plen = tlen = GET_BE_U_2(rsvp_com_header->length); - ND_PRINT((ndo, "\n\tRSVPv%u %s Message (%u), Flags: [%s], length: %u, ttl: %u, checksum: 0x%04x", - RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags), - tok2str(rsvp_msg_type_values, "unknown, type: %u",rsvp_com_header->msg_type), - rsvp_com_header->msg_type, - bittok2str(rsvp_header_flag_values,"none",RSVP_EXTRACT_FLAGS(rsvp_com_header->version_flags)), + ND_PRINT("\n\tRSVPv%u %s Message (%u), Flags: [%s], length: %u, ttl: %u, checksum: 0x%04x", + RSVP_EXTRACT_VERSION(version_flags), + tok2str(rsvp_msg_type_values, "unknown, type: %u",msg_type), + msg_type, + bittok2str(rsvp_header_flag_values,"none",RSVP_EXTRACT_FLAGS(version_flags)), tlen, - rsvp_com_header->ttl, - EXTRACT_16BITS(rsvp_com_header->checksum))); - - /* - * Clear checksum prior to signature verification. - */ - rsvp_com_header->checksum[0] = 0; - rsvp_com_header->checksum[1] = 0; + GET_U_1(rsvp_com_header->ttl), + GET_BE_U_2(rsvp_com_header->checksum)); - if (tlen < sizeof(const struct rsvp_common_header)) { - ND_PRINT((ndo, "ERROR: common header too short %u < %lu", tlen, - (unsigned long)sizeof(const struct rsvp_common_header))); + if (tlen < sizeof(struct rsvp_common_header)) { + ND_PRINT("ERROR: common header too short %u < %zu", tlen, + sizeof(struct rsvp_common_header)); return; } - tptr+=sizeof(const struct rsvp_common_header); - tlen-=sizeof(const struct rsvp_common_header); + tptr+=sizeof(struct rsvp_common_header); + tlen-=sizeof(struct rsvp_common_header); + + switch(msg_type) { + + case RSVP_MSGTYPE_BUNDLE: + /* + * Process each submessage in the bundle message. + * Bundle messages may not contain bundle submessages, so we don't + * need to handle bundle submessages specially. + */ + while(tlen != 0) { + const u_char *subpptr=tptr, *subtptr; + u_short subplen, subtlen; - switch(rsvp_com_header->msg_type) { + subtptr=subpptr; - case RSVP_MSGTYPE_AGGREGATE: - while(tlen > 0) { - subtptr=tptr; - rsvp_com_header = (struct rsvp_common_header *)subtptr; - ND_TCHECK(*rsvp_com_header); + rsvp_com_header = (const struct rsvp_common_header *)subpptr; + ND_TCHECK_SIZE(rsvp_com_header); + version_flags = GET_U_1(rsvp_com_header->version_flags); /* * Sanity checking of the header. */ - if (RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags) != RSVP_VERSION) { - ND_PRINT((ndo, "ERROR: RSVP version %u packet not supported", - RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags))); + if (RSVP_EXTRACT_VERSION(version_flags) != RSVP_VERSION) { + ND_PRINT("ERROR: RSVP version %u packet not supported", + RSVP_EXTRACT_VERSION(version_flags)); return; } - subtlen=EXTRACT_16BITS(rsvp_com_header->length); - ND_PRINT((ndo, "\n\t RSVPv%u %s Message (%u), Flags: [%s], length: %u, ttl: %u, checksum: 0x%04x", - RSVP_EXTRACT_VERSION(rsvp_com_header->version_flags), - tok2str(rsvp_msg_type_values, "unknown, type: %u",rsvp_com_header->msg_type), - rsvp_com_header->msg_type, - bittok2str(rsvp_header_flag_values,"none",RSVP_EXTRACT_FLAGS(rsvp_com_header->version_flags)), - subtlen, - rsvp_com_header->ttl, - EXTRACT_16BITS(rsvp_com_header->checksum))); + subplen = subtlen = GET_BE_U_2(rsvp_com_header->length); - /* - * Clear checksum prior to signature verification. - */ - rsvp_com_header->checksum[0] = 0; - rsvp_com_header->checksum[1] = 0; + msg_type = GET_U_1(rsvp_com_header->msg_type); + ND_PRINT("\n\t RSVPv%u %s Message (%u), Flags: [%s], length: %u, ttl: %u, checksum: 0x%04x", + RSVP_EXTRACT_VERSION(version_flags), + tok2str(rsvp_msg_type_values, "unknown, type: %u",msg_type), + msg_type, + bittok2str(rsvp_header_flag_values,"none",RSVP_EXTRACT_FLAGS(version_flags)), + subtlen, + GET_U_1(rsvp_com_header->ttl), + GET_BE_U_2(rsvp_com_header->checksum)); - if (subtlen < sizeof(const struct rsvp_common_header)) { - ND_PRINT((ndo, "ERROR: common header too short %u < %lu", subtlen, - (unsigned long)sizeof(const struct rsvp_common_header))); + if (subtlen < sizeof(struct rsvp_common_header)) { + ND_PRINT("ERROR: common header too short %u < %zu", subtlen, + sizeof(struct rsvp_common_header)); return; } if (tlen < subtlen) { - ND_PRINT((ndo, "ERROR: common header too large %u > %u", subtlen, - tlen)); + ND_PRINT("ERROR: common header too large %u > %u", subtlen, + tlen); return; } - subtptr+=sizeof(const struct rsvp_common_header); - subtlen-=sizeof(const struct rsvp_common_header); + subtptr+=sizeof(struct rsvp_common_header); + subtlen-=sizeof(struct rsvp_common_header); - if (rsvp_obj_print(ndo, pptr, plen, subtptr, "\n\t ", subtlen) == -1) + /* + * Print all objects in the submessage. + */ + if (rsvp_obj_print(ndo, subpptr, subplen, subtptr, "\n\t ", subtlen, rsvp_com_header) == -1) return; - tptr+=subtlen+sizeof(const struct rsvp_common_header); - tlen-=subtlen+sizeof(const struct rsvp_common_header); + tptr+=subtlen+sizeof(struct rsvp_common_header); + tlen-=subtlen+sizeof(struct rsvp_common_header); } break; @@ -1919,7 +2026,10 @@ rsvp_print(netdissect_options *ndo, case RSVP_MSGTYPE_HELLO: case RSVP_MSGTYPE_ACK: case RSVP_MSGTYPE_SREFRESH: - if (rsvp_obj_print(ndo, pptr, plen, tptr, "\n\t ", tlen) == -1) + /* + * Print all objects in the message. + */ + if (rsvp_obj_print(ndo, pptr, plen, tptr, "\n\t ", tlen, rsvp_com_header) == -1) return; break; @@ -1927,8 +2037,4 @@ rsvp_print(netdissect_options *ndo, print_unknown_data(ndo, tptr, "\n\t ", tlen); break; } - - return; -trunc: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); }