X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/3f78017c596d4d4172f817d96238d6b958796796..refs/heads/coverity_scan:/print-ip6opts.c diff --git a/print-ip6opts.c b/print-ip6opts.c index 784edcee..ca000602 100644 --- a/print-ip6opts.c +++ b/print-ip6opts.c @@ -27,189 +27,239 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +/* \summary: IPv6 header option printer */ -#ifdef INET6 -#include +#include -#include +#include "netdissect-stdinc.h" -#include "ip6.h" - -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "extract.h" -static void -ip6_sopt_print(const u_char *bp, int len) +#include "ip6.h" + +static int +ip6_sopt_print(netdissect_options *ndo, const u_char *bp, int len) { int i; int optlen; for (i = 0; i < len; i += optlen) { - if (bp[i] == IP6OPT_PAD1) + if (GET_U_1(bp + i) == IP6OPT_PAD1) optlen = 1; else { if (i + 1 < len) - optlen = bp[i + 1] + 2; + optlen = GET_U_1(bp + i + 1) + 2; else goto trunc; } if (i + optlen > len) goto trunc; - switch (bp[i]) { + switch (GET_U_1(bp + i)) { case IP6OPT_PAD1: - printf(", pad1"); + ND_PRINT(", pad1"); break; case IP6OPT_PADN: if (len - i < IP6OPT_MINLEN) { - printf(", padn: trunc"); + ND_PRINT(", padn: trunc"); goto trunc; } - printf(", padn"); + ND_PRINT(", padn"); break; default: if (len - i < IP6OPT_MINLEN) { - printf(", sopt_type %d: trunc)", bp[i]); + ND_PRINT(", sopt_type %u: trunc)", GET_U_1(bp + i)); goto trunc; } - printf(", sopt_type 0x%02x: len=%d", bp[i], bp[i + 1]); + ND_PRINT(", sopt_type 0x%02x: len=%u", GET_U_1(bp + i), + GET_U_1(bp + i + 1)); break; } } - return; + return 0; trunc: - printf("[trunc] "); + return -1; } -void -ip6_opt_print(const u_char *bp, int len) +static int +ip6_opt_process(netdissect_options *ndo, const u_char *bp, int len, + int *found_jumbop, uint32_t *payload_len) { int i; int optlen = 0; + int found_jumbo = 0; + uint32_t jumbolen = 0; if (len == 0) - return; + return 0; for (i = 0; i < len; i += optlen) { - if (bp[i] == IP6OPT_PAD1) + if (GET_U_1(bp + i) == IP6OPT_PAD1) optlen = 1; else { if (i + 1 < len) - optlen = bp[i + 1] + 2; + optlen = GET_U_1(bp + i + 1) + 2; else goto trunc; } if (i + optlen > len) goto trunc; - switch (bp[i]) { + switch (GET_U_1(bp + i)) { case IP6OPT_PAD1: - printf("(pad1)"); + if (ndo->ndo_vflag) + ND_PRINT("(pad1)"); break; case IP6OPT_PADN: if (len - i < IP6OPT_MINLEN) { - printf("(padn: trunc)"); + ND_PRINT("(padn: trunc)"); goto trunc; } - printf("(padn)"); + if (ndo->ndo_vflag) + ND_PRINT("(padn)"); break; case IP6OPT_ROUTER_ALERT: if (len - i < IP6OPT_RTALERT_LEN) { - printf("(rtalert: trunc)"); + ND_PRINT("(rtalert: trunc)"); goto trunc; } - if (bp[i + 1] != IP6OPT_RTALERT_LEN - 2) { - printf("(rtalert: invalid len %d)", bp[i + 1]); + if (GET_U_1(bp + i + 1) != IP6OPT_RTALERT_LEN - 2) { + ND_PRINT("(rtalert: invalid len %u)", GET_U_1(bp + i + 1)); goto trunc; } - printf("(rtalert: 0x%04x) ", EXTRACT_16BITS(&bp[i + 2])); + if (ndo->ndo_vflag) + ND_PRINT("(rtalert: 0x%04x) ", GET_BE_U_2(bp + i + 2)); break; case IP6OPT_JUMBO: if (len - i < IP6OPT_JUMBO_LEN) { - printf("(jumbo: trunc)"); + ND_PRINT("(jumbo: trunc)"); goto trunc; } - if (bp[i + 1] != IP6OPT_JUMBO_LEN - 2) { - printf("(jumbo: invalid len %d)", bp[i + 1]); + if (GET_U_1(bp + i + 1) != IP6OPT_JUMBO_LEN - 2) { + ND_PRINT("(jumbo: invalid len %u)", GET_U_1(bp + i + 1)); goto trunc; } - printf("(jumbo: %u) ", EXTRACT_32BITS(&bp[i + 2])); + jumbolen = GET_BE_U_4(bp + i + 2); + if (found_jumbo) { + /* More than one Jumbo Payload option */ + if (ndo->ndo_vflag) + ND_PRINT("(jumbo: %u - already seen) ", jumbolen); + } else { + found_jumbo = 1; + if (payload_len == NULL) { + /* Not a hop-by-hop option - not valid */ + if (ndo->ndo_vflag) + ND_PRINT("(jumbo: %u - not a hop-by-hop option) ", jumbolen); + } else if (*payload_len != 0) { + /* Payload length was non-zero - not valid */ + if (ndo->ndo_vflag) + ND_PRINT("(jumbo: %u - payload len != 0) ", jumbolen); + } else { + /* + * This is a hop-by-hop option, and Payload length + * was zero in the IPv6 header. + */ + if (jumbolen < 65536) { + /* Too short */ + if (ndo->ndo_vflag) + ND_PRINT("(jumbo: %u - < 65536) ", jumbolen); + } else { + /* OK, this is valid */ + *found_jumbop = 1; + *payload_len = jumbolen; + if (ndo->ndo_vflag) + ND_PRINT("(jumbo: %u) ", jumbolen); + } + } + } break; case IP6OPT_HOME_ADDRESS: if (len - i < IP6OPT_HOMEADDR_MINLEN) { - printf("(homeaddr: trunc)"); + ND_PRINT("(homeaddr: trunc)"); goto trunc; } - if (bp[i + 1] < IP6OPT_HOMEADDR_MINLEN - 2) { - printf("(homeaddr: invalid len %d)", bp[i + 1]); + if (GET_U_1(bp + i + 1) < IP6OPT_HOMEADDR_MINLEN - 2) { + ND_PRINT("(homeaddr: invalid len %u)", GET_U_1(bp + i + 1)); goto trunc; } - printf("(homeaddr: %s", ip6addr_string(&bp[i + 2])); - if (bp[i + 1] > IP6OPT_HOMEADDR_MINLEN - 2) { - ip6_sopt_print(&bp[i + IP6OPT_HOMEADDR_MINLEN], - (optlen - IP6OPT_HOMEADDR_MINLEN)); + if (ndo->ndo_vflag) { + ND_PRINT("(homeaddr: %s", GET_IP6ADDR_STRING(bp + i + 2)); + if (GET_U_1(bp + i + 1) > IP6OPT_HOMEADDR_MINLEN - 2) { + if (ip6_sopt_print(ndo, bp + i + IP6OPT_HOMEADDR_MINLEN, + (optlen - IP6OPT_HOMEADDR_MINLEN)) == -1) + goto trunc; + } + ND_PRINT(")"); } - printf(")"); break; default: if (len - i < IP6OPT_MINLEN) { - printf("(type %d: trunc)", bp[i]); + ND_PRINT("(type %u: trunc)", GET_U_1(bp + i)); goto trunc; } - printf("(opt_type 0x%02x: len=%d)", bp[i], bp[i + 1]); + if (ndo->ndo_vflag) + ND_PRINT("(opt_type 0x%02x: len=%u)", GET_U_1(bp + i), + GET_U_1(bp + i + 1)); break; } } - printf(" "); - return; + if (ndo->ndo_vflag) + ND_PRINT(" "); + return 0; trunc: - printf("[trunc] "); + return -1; } int -hbhopt_print(register const u_char *bp) +hbhopt_process(netdissect_options *ndo, const u_char *bp, int *found_jumbo, + uint32_t *jumbolen) { - const struct ip6_hbh *dp = (struct ip6_hbh *)bp; - int hbhlen = 0; + const struct ip6_hbh *dp = (const struct ip6_hbh *)bp; + u_int hbhlen = 0; - TCHECK(dp->ip6h_len); - hbhlen = (int)((dp->ip6h_len + 1) << 3); - TCHECK2(*dp, hbhlen); - printf("HBH "); - if (vflag) - ip6_opt_print((const u_char *)dp + sizeof(*dp), hbhlen - sizeof(*dp)); + ndo->ndo_protocol = "hbh"; + hbhlen = (GET_U_1(dp->ip6h_len) + 1) << 3; + ND_TCHECK_LEN(dp, hbhlen); + nd_print_protocol_caps(ndo); + ND_PRINT(" "); + if (ip6_opt_process(ndo, (const u_char *)dp + sizeof(*dp), + hbhlen - sizeof(*dp), found_jumbo, jumbolen) == -1) + goto trunc; + return hbhlen; - return(hbhlen); - - trunc: - fputs("[|HBH]", stdout); - return(-1); +trunc: + nd_print_trunc(ndo); + return -1; } int -dstopt_print(register const u_char *bp) +dstopt_process(netdissect_options *ndo, const u_char *bp) { - const struct ip6_dest *dp = (struct ip6_dest *)bp; - int dstoptlen = 0; - - TCHECK(dp->ip6d_len); - dstoptlen = (int)((dp->ip6d_len + 1) << 3); - TCHECK2(*dp, dstoptlen); - printf("DSTOPT "); - if (vflag) { - ip6_opt_print((const u_char *)dp + sizeof(*dp), - dstoptlen - sizeof(*dp)); + const struct ip6_dest *dp = (const struct ip6_dest *)bp; + u_int dstoptlen = 0; + + ndo->ndo_protocol = "dstopt"; + dstoptlen = (GET_U_1(dp->ip6d_len) + 1) << 3; + ND_TCHECK_LEN(dp, dstoptlen); + nd_print_protocol_caps(ndo); + ND_PRINT(" "); + if (ndo->ndo_vflag) { + /* + * The Jumbo Payload option is a hop-by-hop option; we don't + * honor Jumbo Payload destination options, reporting them + * as invalid. + */ + if (ip6_opt_process(ndo, (const u_char *)dp + sizeof(*dp), + dstoptlen - sizeof(*dp), NULL, NULL) == -1) + goto trunc; } - return(dstoptlen); + return dstoptlen; - trunc: - fputs("[|DSTOPT]", stdout); - return(-1); +trunc: + nd_print_trunc(ndo); + return -1; } -#endif /* INET6 */