X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4aac37f04316b37b73b99bdcdbfa97347bb2fe51..51a470b91366db5d36eb11feb24cfcdb2f7a5d3e:/print-icmp.c diff --git a/print-icmp.c b/print-icmp.c index 2c4dde25..124fc05d 100644 --- a/print-icmp.c +++ b/print-icmp.c @@ -86,13 +86,13 @@ struct icmp { #define icmp_data icmp_dun.id_data }; -#define ICMP_MPLS_EXT_EXTRACT_VERSION(x) (((x)&0xf0)>>4) +#define ICMP_EXT_EXTRACT_VERSION(x) (((x)&0xf0)>>4) #define ICMP_MPLS_EXT_VERSION 2 /* * Lower bounds on packet lengths for various types. * For the error advice packets must first insure that the - * packet is large enought to contain the returned ip header. + * packet is large enough to contain the returned ip header. * Only then can we do the check to see if 64 bits of packet * data have been returned, since we need to check the returned * ip header length. @@ -150,7 +150,7 @@ struct icmp { ((type) == ICMP_UNREACH || (type) == ICMP_SOURCEQUENCH || \ (type) == ICMP_REDIRECT || (type) == ICMP_TIMXCEED || \ (type) == ICMP_PARAMPROB) -#define ICMP_MPLS_EXT_TYPE(type) \ +#define ICMP_MULTIPART_EXT_TYPE(type) \ ((type) == ICMP_UNREACH || \ (type) == ICMP_TIMXCEED || \ (type) == ICMP_PARAMPROB) @@ -188,6 +188,11 @@ struct icmp { #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* precedence cutoff */ #endif +/* rfc4950 */ +#define MPLS_STACK_ENTRY_OBJECT_CLASS 1 +/* rfc5837 */ +#define INTERFACE_INFORMATION_OBJECT_CLASS 2 + /* Most of the icmp types */ static const struct tok icmp2str[] = { { ICMP_ECHOREPLY, "echo reply" }, @@ -226,7 +231,7 @@ struct id_rdiscovery { * The Destination Unreachable, Time Exceeded * and Parameter Problem messages are slightly changed as per * the above draft. A new Length field gets added to give - * the caller an idea about the length of the piggypacked + * the caller an idea about the length of the piggybacked * IP packet before the MPLS extension header starts. * * The Length field represents length of the padded "original datagram" @@ -259,18 +264,54 @@ struct icmp_ext_t { nd_byte icmp_ext_data[1]; }; -struct icmp_mpls_ext_object_header_t { +struct icmp_multipart_ext_object_header_t { nd_uint16_t length; nd_uint8_t class_num; nd_uint8_t ctype; }; -static const struct tok icmp_mpls_ext_obj_values[] = { +static const struct tok icmp_multipart_ext_obj_values[] = { { 1, "MPLS Stack Entry" }, - { 2, "Extended Payload" }, + { 2, "Interface Identification" }, { 0, NULL} }; +/* rfc5837 */ +static const struct tok icmp_interface_identification_role_values[] = { + { 0, "the IP interface upon which a datagram arrived"}, + { 1, "the sub-IP component of an IP interface upon which a datagram arrived"}, + { 2, "the IP interface through which the datagram would have been forwarded had it been forwardable"}, + { 3, "the IP next hop to which the datagram would have been forwarded"}, + { 0, NULL } +}; + +/* +Interface IP Address Sub-Object +0 31 ++-------+-------+-------+-------+ +| AFI | Reserved | ++-------+-------+-------+-------+ +| IP Address .... +*/ +struct icmp_interface_identification_ipaddr_subobject_t { + nd_uint16_t afi; + nd_uint16_t reserved; + nd_uint32_t ip_addr; +}; + +/* +Interface Name Sub-Object +octet 0 1 63 + +--------+-----------................-----------------+ + | length | interface name octets 1-63 | + +--------+-----------................-----------------+ +*/ +struct icmp_interface_identification_ifname_subobject_t { + nd_uint8_t length; + nd_byte if_name[63]; +}; + + /* prototypes */ const char *icmp_tstamp_print(u_int); @@ -305,8 +346,11 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * const struct udphdr *ouh; const uint8_t *obj_tptr; uint32_t raw_label; - const u_char *snapend_save; - const struct icmp_mpls_ext_object_header_t *icmp_mpls_ext_object_header; + const struct icmp_multipart_ext_object_header_t *icmp_multipart_ext_object_header; + u_int interface_role, if_index_flag, ipaddr_flag, name_flag, mtu_flag; + const uint8_t *offset; + const struct icmp_interface_identification_ipaddr_subobject_t *ipaddr_subobj; + const struct icmp_interface_identification_ifname_subobject_t *ifname_subobj; u_int hlen, mtu, obj_tlen, obj_class_num, obj_ctype; uint16_t dport; char buf[MAXHOSTNAMELEN + 100]; @@ -318,14 +362,12 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * ip = (const struct ip *)bp2; str = buf; - ND_TCHECK_1(dp->icmp_code); icmp_type = GET_U_1(dp->icmp_type); icmp_code = GET_U_1(dp->icmp_code); switch (icmp_type) { case ICMP_ECHO: case ICMP_ECHOREPLY: - ND_TCHECK_2(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), "echo %s, id %u, seq %u", icmp_type == ICMP_ECHO ? "request" : "reply", @@ -334,7 +376,6 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * break; case ICMP_UNREACH: - ND_TCHECK_4(dp->icmp_ip.ip_dst); switch (icmp_code) { case ICMP_UNREACH_NET: @@ -350,7 +391,6 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * break; case ICMP_UNREACH_PROTOCOL: - ND_TCHECK_1(dp->icmp_ip.ip_p); (void)snprintf(buf, sizeof(buf), "%s protocol %u unreachable", GET_IPADDR_STRING(dp->icmp_ip.ip_dst), @@ -362,7 +402,6 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * oip = &dp->icmp_ip; hlen = IP_HL(oip) * 4; ouh = (const struct udphdr *)(((const u_char *)oip) + hlen); - ND_TCHECK_2(ouh->uh_dport); dport = GET_BE_U_2(ouh->uh_dport); ip_proto = GET_U_1(oip->ip_p); switch (ip_proto) { @@ -483,7 +522,6 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * break; case ICMP_REDIRECT: - ND_TCHECK_4(dp->icmp_ip.ip_dst); switch (icmp_code) { case ICMP_REDIRECT_NET: @@ -599,7 +637,6 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * (void)snprintf(buf, sizeof(buf), "parameter problem - code %u", icmp_code); else { - ND_TCHECK_1(dp->icmp_pptr); (void)snprintf(buf, sizeof(buf), "parameter problem - octet %u", GET_U_1(dp->icmp_pptr)); @@ -607,13 +644,11 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * break; case ICMP_MASKREPLY: - ND_TCHECK_4(dp->icmp_mask); (void)snprintf(buf, sizeof(buf), "address mask is 0x%08x", GET_BE_U_4(dp->icmp_mask)); break; case ICMP_TSTAMP: - ND_TCHECK_2(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), "time stamp query id %u seq %u", GET_BE_U_2(dp->icmp_id), @@ -657,30 +692,42 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * /* * print the remnants of the IP packet. - * save the snaplength as this may get overidden in the IP printer. + * save the snaplength as this may get overridden in the IP printer. */ if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(icmp_type)) { + const u_char *snapend_save; + bp += 8; ND_PRINT("\n\t"); ip = (const struct ip *)bp; - snapend_save = ndo->ndo_snapend; - ND_TCHECK_2(ip->ip_len); + snapend_save = ndo->ndo_snapend; + /* + * Update the snapend because extensions (MPLS, ...) may be + * present after the IP packet. In this case the current + * (outer) packet's snapend is not what ip_print() needs to + * decode an IP packet nested in the middle of an ICMP payload. + * + * This prevents that, in ip_print(), for the nested IP packet, + * the remaining length < remaining caplen. + */ + ndo->ndo_snapend = ND_MIN(bp + GET_BE_U_2(ip->ip_len), + ndo->ndo_snapend); ip_print(ndo, bp, GET_BE_U_2(ip->ip_len)); - ndo->ndo_snapend = snapend_save; + ndo->ndo_snapend = snapend_save; } /* ndo_protocol reassignment after ip_print() call */ ndo->ndo_protocol = "icmp"; /* - * Attempt to decode the MPLS extensions only for some ICMP types. + * Attempt to decode multi-part message extensions (rfc4884) only for some ICMP types. */ - if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MPLS_EXT_TYPE(icmp_type)) { + if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MULTIPART_EXT_TYPE(icmp_type)) { ND_TCHECK_SIZE(ext_dp); /* - * Check first if the mpls extension header shows a non-zero length. + * Check first if the multi-part extension header shows a non-zero length. * If the length field is not set then silently verify the checksum * to check if an extension header is present. This is expedient, * however not all implementations set the length field proper. @@ -694,13 +741,13 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * } } - ND_PRINT("\n\tMPLS extension v%u", - ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res))); + ND_PRINT("\n\tICMP Multi-Part extension v%u", + ICMP_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res))); /* * Sanity checking of the header. */ - if (ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != + if (ICMP_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != ICMP_MPLS_EXT_VERSION) { ND_PRINT(" packet not supported"); return; @@ -719,37 +766,36 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * hlen -= 4; /* subtract common header size */ obj_tptr = (const uint8_t *)ext_dp->icmp_ext_data; - while (hlen > sizeof(struct icmp_mpls_ext_object_header_t)) { + while (hlen > sizeof(struct icmp_multipart_ext_object_header_t)) { - icmp_mpls_ext_object_header = (const struct icmp_mpls_ext_object_header_t *)obj_tptr; - ND_TCHECK_SIZE(icmp_mpls_ext_object_header); - obj_tlen = GET_BE_U_2(icmp_mpls_ext_object_header->length); - obj_class_num = GET_U_1(icmp_mpls_ext_object_header->class_num); - obj_ctype = GET_U_1(icmp_mpls_ext_object_header->ctype); - obj_tptr += sizeof(struct icmp_mpls_ext_object_header_t); + icmp_multipart_ext_object_header = (const struct icmp_multipart_ext_object_header_t *)obj_tptr; + ND_TCHECK_SIZE(icmp_multipart_ext_object_header); + obj_tlen = GET_BE_U_2(icmp_multipart_ext_object_header->length); + obj_class_num = GET_U_1(icmp_multipart_ext_object_header->class_num); + obj_ctype = GET_U_1(icmp_multipart_ext_object_header->ctype); + obj_tptr += sizeof(struct icmp_multipart_ext_object_header_t); ND_PRINT("\n\t %s Object (%u), Class-Type: %u, length %u", - tok2str(icmp_mpls_ext_obj_values,"unknown",obj_class_num), + tok2str(icmp_multipart_ext_obj_values,"unknown",obj_class_num), obj_class_num, obj_ctype, obj_tlen); - hlen-=sizeof(struct icmp_mpls_ext_object_header_t); /* length field includes tlv header */ + hlen-=sizeof(struct icmp_multipart_ext_object_header_t); /* length field includes tlv header */ /* infinite loop protection */ if ((obj_class_num == 0) || - (obj_tlen < sizeof(struct icmp_mpls_ext_object_header_t))) { + (obj_tlen < sizeof(struct icmp_multipart_ext_object_header_t))) { return; } - obj_tlen-=sizeof(struct icmp_mpls_ext_object_header_t); + obj_tlen-=sizeof(struct icmp_multipart_ext_object_header_t); switch (obj_class_num) { - case 1: + case MPLS_STACK_ENTRY_OBJECT_CLASS: switch(obj_ctype) { case 1: - ND_TCHECK_4(obj_tptr); raw_label = GET_BE_U_4(obj_tptr); - ND_PRINT("\n\t label %u, exp %u", MPLS_LABEL(raw_label), MPLS_EXP(raw_label)); + ND_PRINT("\n\t label %u, tc %u", MPLS_LABEL(raw_label), MPLS_TC(raw_label)); if (MPLS_STACK(raw_label)) ND_PRINT(", [S]"); ND_PRINT(", ttl %u", MPLS_TTL(raw_label)); @@ -759,11 +805,78 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * } break; - /* - * FIXME those are the defined objects that lack a decoder - * you are welcome to contribute code ;-) - */ - case 2: + case INTERFACE_INFORMATION_OBJECT_CLASS: + /* + Ctype in a INTERFACE_INFORMATION_OBJECT_CLASS object: + + Bit 0 1 2 3 4 5 6 7 + +-------+-------+-------+-------+-------+-------+-------+-------+ + | Interface Role| Rsvd1 | Rsvd2 |ifIndex| IPAddr| name | MTU | + +-------+-------+-------+-------+-------+-------+-------+-------+ + */ + interface_role = (obj_ctype & 0xc0) >> 6; + if_index_flag = (obj_ctype & 0x8) >> 3; + ipaddr_flag = (obj_ctype & 0x4) >> 2; + name_flag = (obj_ctype & 0x2) >> 1; + mtu_flag = (obj_ctype & 0x1); + + ND_PRINT("\n\t\t This object describes %s", + tok2str(icmp_interface_identification_role_values, + "an unknown interface role",interface_role)); + + offset = obj_tptr; + + if (if_index_flag) { + ND_PRINT("\n\t\t Interface Index: %u", GET_BE_U_4(offset)); + offset += 4; + } + if (ipaddr_flag) { + ND_PRINT("\n\t\t IP Address sub-object: "); + ipaddr_subobj = (const struct icmp_interface_identification_ipaddr_subobject_t *) offset; + switch (GET_BE_U_2(ipaddr_subobj->afi)) { + case 1: + ND_PRINT("%s", GET_IPADDR_STRING(ipaddr_subobj->ip_addr)); + offset += 4; + break; + case 2: + ND_PRINT("%s", GET_IP6ADDR_STRING(ipaddr_subobj->ip_addr)); + offset += 16; + break; + default: + ND_PRINT("Unknown Address Family Identifier"); + return; + } + offset += 4; + } + if (name_flag) { + uint8_t inft_name_length_field; + + ifname_subobj = (const struct icmp_interface_identification_ifname_subobject_t *) offset; + inft_name_length_field = GET_U_1(ifname_subobj->length); + ND_PRINT("\n\t\t Interface Name"); + if (inft_name_length_field % 4 != 0) { + ND_PRINT(" [length %u != N x 4]", inft_name_length_field); + nd_print_invalid(ndo); + offset += inft_name_length_field; + break; + } + if (inft_name_length_field > 64) { + ND_PRINT(" [length %u > 64]", inft_name_length_field); + nd_print_invalid(ndo); + offset += inft_name_length_field; + break; + } + ND_PRINT(", length %u: ", inft_name_length_field); + nd_printjnp(ndo, ifname_subobj->if_name, + inft_name_length_field - 1); + offset += inft_name_length_field; + } + if (mtu_flag) { + ND_PRINT("\n\t\t MTU: %u", GET_BE_U_4(offset)); + offset += 4; + } + break; + default: print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); break;