X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4d399db49937fa423cefe179173e351205796036..a4a13734bb167ab42f86da26c3aa1cb4da9954fd:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index 19026582..57637055 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -21,12 +21,12 @@ * Original code by Matt Thomas, Digital Equipment Corporation * * Extensively modified by Hannes Gredler (hannes@juniper.net) for more - * complete IS-IS support. + * complete IS-IS & CLNP support. */ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.122 2004-10-07 14:53:09 hannes Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.165 2008-08-16 13:38:15 hannes Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -46,9 +46,7 @@ static const char rcsid[] _U_ = #include "extract.h" #include "gmpls.h" #include "oui.h" - -#define IPV4 1 /* AFI value */ -#define IPV6 2 /* AFI value */ +#include "signature.h" /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. @@ -57,14 +55,15 @@ static const char rcsid[] _U_ = #define SYSTEM_ID_LEN ETHER_ADDR_LEN #define NODE_ID_LEN SYSTEM_ID_LEN+1 #define LSP_ID_LEN SYSTEM_ID_LEN+2 -#define NSAP_MAX_LENGTH 20 #define ISIS_VERSION 1 #define ESIS_VERSION 1 +#define CLNP_VERSION 1 #define ISIS_PDU_TYPE_MASK 0x1F #define ESIS_PDU_TYPE_MASK 0x1F #define CLNP_PDU_TYPE_MASK 0x1F +#define CLNP_FLAG_MASK 0xE0 #define ISIS_LAN_PRIORITY_MASK 0x7F #define ISIS_PDU_L1_LAN_IIH 15 @@ -109,7 +108,9 @@ static struct tok isis_pdu_values[] = { #define ISIS_TLV_LSP 9 /* iso10589 */ #define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ #define ISIS_TLV_CHECKSUM 12 /* rfc3358 */ +#define ISIS_TLV_CHECKSUM_MINLEN 2 #define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */ +#define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2 #define ISIS_TLV_EXT_IS_REACH 22 /* draft-ietf-isis-traffic-05 */ #define ISIS_TLV_IS_ALIAS_ID 24 /* draft-ietf-isis-ext-lsp-frags-02 */ #define ISIS_TLV_DECNET_PHASE4 42 @@ -118,6 +119,7 @@ static struct tok isis_pdu_values[] = { #define ISIS_TLV_PROTOCOLS 129 /* rfc1195 */ #define ISIS_TLV_EXT_IP_REACH 130 /* rfc1195, rfc2966 */ #define ISIS_TLV_IDRP_INFO 131 /* rfc1195 */ +#define ISIS_TLV_IDRP_INFO_MINLEN 1 #define ISIS_TLV_IPADDR 132 /* rfc1195 */ #define ISIS_TLV_IPAUTH 133 /* rfc1195 */ #define ISIS_TLV_TE_ROUTER_ID 134 /* draft-ietf-isis-traffic-05 */ @@ -126,16 +128,21 @@ static struct tok isis_pdu_values[] = { #define ISIS_TLV_SHARED_RISK_GROUP 138 /* draft-ietf-isis-gmpls-extensions */ #define ISIS_TLV_NORTEL_PRIVATE1 176 #define ISIS_TLV_NORTEL_PRIVATE2 177 -#define ISIS_TLV_RESTART_SIGNALING 211 /* draft-ietf-isis-restart-01 */ +#define ISIS_TLV_RESTART_SIGNALING 211 /* rfc3847 */ +#define ISIS_TLV_RESTART_SIGNALING_FLAGLEN 1 +#define ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN 2 #define ISIS_TLV_MT_IS_REACH 222 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_MT_SUPPORTED 229 /* draft-ietf-isis-wg-multi-topology-05 */ +#define ISIS_TLV_MT_SUPPORTED_MINLEN 2 #define ISIS_TLV_IP6ADDR 232 /* draft-ietf-isis-ipv6-02 */ #define ISIS_TLV_MT_IP_REACH 235 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_IP6_REACH 236 /* draft-ietf-isis-ipv6-02 */ #define ISIS_TLV_MT_IP6_REACH 237 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_PTP_ADJ 240 /* rfc3373 */ #define ISIS_TLV_IIH_SEQNR 241 /* draft-shen-isis-iih-sequence-00 */ +#define ISIS_TLV_IIH_SEQNR_MINLEN 4 #define ISIS_TLV_VENDOR_PRIVATE 250 /* draft-ietf-isis-experimental-tlv-01 */ +#define ISIS_TLV_VENDOR_PRIVATE_MINLEN 3 static struct tok isis_tlv_values[] = { { ISIS_TLV_AREA_ADDR, "Area address(es)"}, @@ -198,18 +205,150 @@ static struct tok esis_option_values[] = { { 0, NULL } }; +#define CLNP_OPTION_DISCARD_REASON 193 +#define CLNP_OPTION_QOS_MAINTENANCE 195 /* iso8473 */ +#define CLNP_OPTION_SECURITY 197 /* iso8473 */ +#define CLNP_OPTION_SOURCE_ROUTING 200 /* iso8473 */ +#define CLNP_OPTION_ROUTE_RECORDING 203 /* iso8473 */ +#define CLNP_OPTION_PADDING 204 /* iso8473 */ +#define CLNP_OPTION_PRIORITY 205 /* iso8473 */ + +static struct tok clnp_option_values[] = { + { CLNP_OPTION_DISCARD_REASON, "Discard Reason"}, + { CLNP_OPTION_PRIORITY, "Priority"}, + { CLNP_OPTION_QOS_MAINTENANCE, "QoS Maintenance"}, + { CLNP_OPTION_SECURITY, "Security"}, + { CLNP_OPTION_SOURCE_ROUTING, "Source Routing"}, + { CLNP_OPTION_ROUTE_RECORDING, "Route Recording"}, + { CLNP_OPTION_PADDING, "Padding"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_class_values[] = { + { 0x0, "General"}, + { 0x8, "Address"}, + { 0x9, "Source Routeing"}, + { 0xa, "Lifetime"}, + { 0xb, "PDU Discarded"}, + { 0xc, "Reassembly"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_general_values[] = { + { 0x0, "Reason not specified"}, + { 0x1, "Protocol procedure error"}, + { 0x2, "Incorrect checksum"}, + { 0x3, "PDU discarded due to congestion"}, + { 0x4, "Header syntax error (cannot be parsed)"}, + { 0x5, "Segmentation needed but not permitted"}, + { 0x6, "Incomplete PDU received"}, + { 0x7, "Duplicate option"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_address_values[] = { + { 0x0, "Destination address unreachable"}, + { 0x1, "Destination address unknown"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_source_routeing_values[] = { + { 0x0, "Unspecified source routeing error"}, + { 0x1, "Syntax error in source routeing field"}, + { 0x2, "Unknown address in source routeing field"}, + { 0x3, "Path not acceptable"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_lifetime_values[] = { + { 0x0, "Lifetime expired while data unit in transit"}, + { 0x1, "Lifetime expired during reassembly"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_pdu_discard_values[] = { + { 0x0, "Unsupported option not specified"}, + { 0x1, "Unsupported protocol version"}, + { 0x2, "Unsupported security option"}, + { 0x3, "Unsupported source routeing option"}, + { 0x4, "Unsupported recording of route option"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_reassembly_values[] = { + { 0x0, "Reassembly interference"}, + { 0, NULL } +}; + +/* array of 16 error-classes */ +static struct tok *clnp_option_rfd_error_class[] = { + clnp_option_rfd_general_values, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + clnp_option_rfd_address_values, + clnp_option_rfd_source_routeing_values, + clnp_option_rfd_lifetime_values, + clnp_option_rfd_pdu_discard_values, + clnp_option_rfd_reassembly_values, + NULL, + NULL, + NULL +}; + +#define CLNP_OPTION_OPTION_QOS_MASK 0x3f +#define CLNP_OPTION_SCOPE_MASK 0xc0 +#define CLNP_OPTION_SCOPE_SA_SPEC 0x40 +#define CLNP_OPTION_SCOPE_DA_SPEC 0x80 +#define CLNP_OPTION_SCOPE_GLOBAL 0xc0 + +static struct tok clnp_option_scope_values[] = { + { CLNP_OPTION_SCOPE_SA_SPEC, "Source Address Specific"}, + { CLNP_OPTION_SCOPE_DA_SPEC, "Destination Address Specific"}, + { CLNP_OPTION_SCOPE_GLOBAL, "Globally unique"}, + { 0, NULL } +}; + +static struct tok clnp_option_sr_rr_values[] = { + { 0x0, "partial"}, + { 0x1, "complete"}, + { 0, NULL } +}; + +static struct tok clnp_option_sr_rr_string_values[] = { + { CLNP_OPTION_SOURCE_ROUTING, "source routing"}, + { CLNP_OPTION_ROUTE_RECORDING, "recording of route in progress"}, + { 0, NULL } +}; + +static struct tok clnp_option_qos_global_values[] = { + { 0x20, "reserved"}, + { 0x10, "sequencing vs. delay"}, + { 0x08, "congested"}, + { 0x04, "delay vs. cost"}, + { 0x02, "error vs. delay"}, + { 0x01, "error vs. cost"}, + { 0, NULL } +}; + #define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* draft-ietf-isis-gmpls-extensions */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* draft-ietf-isis-traffic-05 */ #define ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR 6 /* draft-ietf-isis-traffic-05 */ #define ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR 8 /* draft-ietf-isis-traffic-05 */ #define ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW 9 /* draft-ietf-isis-traffic-05 */ #define ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW 10 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW 11 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_DIFFSERV_TE 12 /* draft-ietf-tewg-diff-te-proto-06 */ +#define ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW 11 /* rfc4124 */ +#define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD 12 /* draft-ietf-tewg-diff-te-proto-06 */ #define ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC 18 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* draft-ietf-isis-gmpls-extensions */ -#define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* draft-ietf-isis-gmpls-extensions */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE 19 /* draft-ietf-isis-link-attr-01 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* rfc4205 */ +#define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* rfc4205 */ +#define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS 22 /* rfc4124 */ static struct tok isis_ext_is_reach_subtlv_values[] = { { ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP, "Administrative groups" }, @@ -220,10 +359,12 @@ static struct tok isis_ext_is_reach_subtlv_values[] = { { ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW, "Maximum link bandwidth" }, { ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW, "Reservable link bandwidth" }, { ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW, "Unreserved bandwidth" }, - { ISIS_SUBTLV_EXT_IS_REACH_DIFFSERV_TE, "Diffserv TE" }, { ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC, "Traffic Engineering Metric" }, + { ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE, "Link Attribute" }, { ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE, "Link Protection Type" }, { ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR, "Interface Switching Capability" }, + { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD, "Bandwidth Constraints (old)" }, + { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS, "Bandwidth Constraints" }, { 250, "Reserved for cisco specific extensions" }, { 251, "Reserved for cisco specific extensions" }, { 252, "Reserved for cisco specific extensions" }, @@ -244,13 +385,22 @@ static struct tok isis_ext_ip_reach_subtlv_values[] = { { 0, NULL } }; +static struct tok isis_subtlv_link_attribute_values[] = { + { 0x01, "Local Protection Available" }, + { 0x02, "Link excluded from local protection path" }, + { 0x04, "Local maintenance required"}, + { 0, NULL } +}; + #define ISIS_SUBTLV_AUTH_SIMPLE 1 +#define ISIS_SUBTLV_AUTH_GENERIC 3 /* rfc 5310 */ #define ISIS_SUBTLV_AUTH_MD5 54 #define ISIS_SUBTLV_AUTH_MD5_LEN 16 #define ISIS_SUBTLV_AUTH_PRIVATE 255 static struct tok isis_subtlv_auth_values[] = { { ISIS_SUBTLV_AUTH_SIMPLE, "simple text password"}, + { ISIS_SUBTLV_AUTH_GENERIC, "Generic Crypto key-id"}, { ISIS_SUBTLV_AUTH_MD5, "HMAC-MD5 password"}, { ISIS_SUBTLV_AUTH_PRIVATE, "Routing Domain private password"}, { 0, NULL } @@ -267,6 +417,17 @@ static struct tok isis_subtlv_idrp_values[] = { { 0, NULL} }; +#define CLNP_SEGMENT_PART 0x80 +#define CLNP_MORE_SEGMENTS 0x40 +#define CLNP_REQUEST_ER 0x20 + +static struct tok clnp_flag_values[] = { + { CLNP_SEGMENT_PART, "Segmentation permitted"}, + { CLNP_MORE_SEGMENTS, "more Segments"}, + { CLNP_REQUEST_ER, "request Error Report"}, + { 0, NULL} +}; + #define ISIS_MASK_LSP_OL_BIT(x) ((x)&0x4) #define ISIS_MASK_LSP_ISTYPE_BITS(x) ((x)&0x3) #define ISIS_MASK_LSP_PARTITION_BIT(x) ((x)&0x80) @@ -280,8 +441,8 @@ static struct tok isis_subtlv_idrp_values[] = { #define ISIS_MASK_MTFLAGS(x) ((x)&0xf000) static struct tok isis_mt_flag_values[] = { - { 0x4000, "sub-TLVs present"}, - { 0x8000, "ATT bit set"}, + { 0x4000, "ATT bit set"}, + { 0x8000, "Overload bit set"}, { 0, NULL} }; @@ -323,7 +484,7 @@ static struct tok isis_lsp_istype_values[] = { { ISIS_LSP_TYPE_UNUSED0, "Unused 0x0 (invalid)"}, { ISIS_LSP_TYPE_LEVEL_1, "L1 IS"}, { ISIS_LSP_TYPE_UNUSED2, "Unused 0x2 (invalid)"}, - { ISIS_LSP_TYPE_LEVEL_2, "L1L2 IS"}, + { ISIS_LSP_TYPE_LEVEL_2, "L2 IS"}, { 0, NULL } }; @@ -350,7 +511,8 @@ struct isis_tlv_ptp_adj { u_int8_t neighbor_extd_local_circuit_id[4]; }; -static int osi_cksum(const u_int8_t *, u_int); +static void osi_print_cksum(const u_int8_t *pptr, u_int16_t checksum, + u_int checksum_offset, u_int length); static int clnp_print(const u_int8_t *, u_int); static void esis_print(const u_int8_t *, u_int); static int isis_print(const u_int8_t *, u_int); @@ -387,6 +549,7 @@ static struct tok isis_is_reach_virtual_values[] = { static struct tok isis_restart_flag_values[] = { { 0x1, "Restart Request"}, { 0x2, "Restart Acknowledgement"}, + { 0x4, "Suppress adjacency advertisement"}, { 0, NULL } }; @@ -446,35 +609,6 @@ struct isis_tlv_lsp { u_int8_t checksum[2]; }; -static char * -print_nsap(register const u_int8_t *pptr, register int nsap_length) -{ - int nsap_idx; - static char nsap_ascii_output[sizeof("xx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xx")]; - char *junk_buf = nsap_ascii_output; - - if (nsap_length < 1 || nsap_length > NSAP_MAX_LENGTH) { - snprintf(nsap_ascii_output, sizeof(nsap_ascii_output), - "illegal length"); - return (nsap_ascii_output); - } - - for (nsap_idx = 0; nsap_idx < nsap_length; nsap_idx++) { - if (!TTEST2(*pptr, 1)) - return (0); - snprintf(junk_buf, - sizeof(nsap_ascii_output) - (junk_buf - nsap_ascii_output), - "%02x", *pptr++); - junk_buf += strlen(junk_buf); - if (((nsap_idx & 1) == 0) && - (nsap_idx + 1 < nsap_length)) { - *junk_buf++ = '.'; - } - } - *(junk_buf) = '\0'; - return (nsap_ascii_output); -} - #define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header)) #define ISIS_IIH_LAN_HEADER_SIZE (sizeof(struct isis_iih_lan_header)) #define ISIS_IIH_PTP_HEADER_SIZE (sizeof(struct isis_iih_ptp_header)) @@ -484,16 +618,15 @@ print_nsap(register const u_int8_t *pptr, register int nsap_length) void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) { - const struct isis_common_header *header; - - header = (const struct isis_common_header *)p; - if (caplen <= 1) { /* enough bytes on the wire ? */ printf("|OSI"); return; } - printf("%s",tok2str(nlpid_values,"Unknown NLPID (0x%02x)",*p)); + if (eflag) + printf("OSI NLPID %s (0x%02x): ", + tok2str(nlpid_values,"Unknown",*p), + *p); switch (*p) { @@ -512,11 +645,35 @@ void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) break; case NLPID_NULLNS: - (void)printf(", length: %u", length); + (void)printf("%slength: %u", + eflag ? "" : ", ", + length); break; + case NLPID_Q933: + q933_print(p+1, length-1); + break; + + case NLPID_IP: + ip_print(gndo, p+1, length-1); + break; + +#ifdef INET6 + case NLPID_IP6: + ip6_print(gndo, p+1, length-1); + break; +#endif + + case NLPID_PPP: + ppp_print(p+1, length-1); + break; + default: - (void)printf(", length: %u", length); + if (!eflag) + printf("OSI NLPID 0x%02x unknown",*p); + (void)printf("%slength: %u", + eflag ? "" : ", ", + length); if (caplen > 1) print_unknown_data(p,"\n\t",caplen); break; @@ -548,6 +705,12 @@ struct clnp_header_t { u_int8_t cksum[2]; }; +struct clnp_segment_header_t { + u_int8_t data_unit_id[2]; + u_int8_t segment_offset[2]; + u_int8_t total_length[2]; +}; + /* * clnp_print * Decode CLNP packets. Return 0 on error. @@ -556,80 +719,233 @@ struct clnp_header_t { static int clnp_print (const u_int8_t *pptr, u_int length) { const u_int8_t *optr,*source_address,*dest_address; - u_int li,source_address_length,dest_address_length, clnp_pdu_type; + u_int li,tlen,nsap_offset,source_address_length,dest_address_length, clnp_pdu_type, clnp_flags; const struct clnp_header_t *clnp_header; + const struct clnp_segment_header_t *clnp_segment_header; + u_int8_t rfd_error_major,rfd_error_minor; clnp_header = (const struct clnp_header_t *) pptr; + TCHECK(*clnp_header); + li = clnp_header->length_indicator; optr = pptr; + if (!eflag) + printf("CLNP"); + /* * Sanity checking of the header. */ - /* FIXME */ + if (clnp_header->version != CLNP_VERSION) { + printf("version %d packet not supported", clnp_header->version); + return (0); + } + + /* FIXME further header sanity checking */ clnp_pdu_type = clnp_header->type & CLNP_PDU_TYPE_MASK; + clnp_flags = clnp_header->type & CLNP_FLAG_MASK; pptr += sizeof(struct clnp_header_t); + li -= sizeof(struct clnp_header_t); dest_address_length = *pptr; dest_address = pptr + 1; pptr += (1 + dest_address_length); + li -= (1 + dest_address_length); source_address_length = *pptr; source_address = pptr +1; pptr += (1 + source_address_length); + li -= (1 + source_address_length); if (vflag < 1) { - printf(", %s > %s, length %u", - print_nsap(source_address, source_address_length), - print_nsap(dest_address, dest_address_length), + printf("%s%s > %s, %s, length %u", + eflag ? "" : ", ", + isonsap_string(source_address, source_address_length), + isonsap_string(dest_address, dest_address_length), + tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), length); return (1); } - printf(", length %u", length); - - printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, PDU length: %u, checksum: 0x%04x ", - tok2str(clnp_pdu_values, - "unknown (%u)", - clnp_pdu_type), - clnp_header->length_indicator, - clnp_header->version, - clnp_header->lifetime/2, - (clnp_header->lifetime%2)*5, - EXTRACT_16BITS(clnp_header->segment_length), - EXTRACT_16BITS(clnp_header->cksum)); + printf("%slength %u",eflag ? "" : ", ",length); - /* do not attempt to verify the checksum if it is zero */ - if (EXTRACT_16BITS(clnp_header->cksum) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, li) ? "incorrect" : "correct"); + printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x", + tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type), + clnp_header->length_indicator, + clnp_header->version, + clnp_header->lifetime/2, + (clnp_header->lifetime%2)*5, + EXTRACT_16BITS(clnp_header->segment_length), + EXTRACT_16BITS(clnp_header->cksum)); + + osi_print_cksum(optr, EXTRACT_16BITS(clnp_header->cksum), 7, + clnp_header->length_indicator); + + printf("\n\tFlags [%s]", + bittok2str(clnp_flag_values,"none",clnp_flags)); printf("\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - print_nsap(source_address, source_address_length), + isonsap_string(source_address, source_address_length), dest_address_length, - print_nsap(dest_address, dest_address_length)); + isonsap_string(dest_address,dest_address_length)); + + if (clnp_flags & CLNP_SEGMENT_PART) { + clnp_segment_header = (const struct clnp_segment_header_t *) pptr; + TCHECK(*clnp_segment_header); + printf("\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u", + EXTRACT_16BITS(clnp_segment_header->data_unit_id), + EXTRACT_16BITS(clnp_segment_header->segment_offset), + EXTRACT_16BITS(clnp_segment_header->total_length)); + pptr+=sizeof(const struct clnp_segment_header_t); + li-=sizeof(const struct clnp_segment_header_t); + } + + /* now walk the options */ + while (li >= 2) { + u_int op, opli; + const u_int8_t *tptr; + + TCHECK2(*pptr, 2); + if (li < 2) { + printf(", bad opts/li"); + return (0); + } + op = *pptr++; + opli = *pptr++; + li -= 2; + TCHECK2(*pptr, opli); + if (opli > li) { + printf(", opt (%d) too long", op); + return (0); + } + li -= opli; + tptr = pptr; + tlen = opli; + + printf("\n\t %s Option #%u, length %u, value: ", + tok2str(clnp_option_values,"Unknown",op), + op, + opli); + + switch (op) { + + + case CLNP_OPTION_ROUTE_RECORDING: /* those two options share the format */ + case CLNP_OPTION_SOURCE_ROUTING: + printf("%s %s", + tok2str(clnp_option_sr_rr_values,"Unknown",*tptr), + tok2str(clnp_option_sr_rr_string_values,"Unknown Option %u",op)); + nsap_offset=*(tptr+1); + if (nsap_offset == 0) { + printf(" Bad NSAP offset (0)"); + break; + } + nsap_offset-=1; /* offset to nsap list */ + if (nsap_offset > tlen) { + printf(" Bad NSAP offset (past end of option)"); + break; + } + tptr+=nsap_offset; + tlen-=nsap_offset; + while (tlen > 0) { + source_address_length=*tptr; + if (tlen < source_address_length+1) { + printf("\n\t NSAP address goes past end of option"); + break; + } + if (source_address_length > 0) { + source_address=(tptr+1); + TCHECK2(*source_address, source_address_length); + printf("\n\t NSAP address (length %u): %s", + source_address_length, + isonsap_string(source_address, source_address_length)); + } + tlen-=source_address_length+1; + } + break; + + case CLNP_OPTION_PRIORITY: + printf("0x%1x", *tptr&0x0f); + break; - /* dump the remaining header data */ - print_unknown_data(pptr,"\n\t",clnp_header->length_indicator-(pptr-optr)); + case CLNP_OPTION_QOS_MAINTENANCE: + printf("\n\t Format Code: %s", + tok2str(clnp_option_scope_values,"Reserved",*tptr&CLNP_OPTION_SCOPE_MASK)); + + if ((*tptr&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL) + printf("\n\t QoS Flags [%s]", + bittok2str(clnp_option_qos_global_values, + "none", + *tptr&CLNP_OPTION_OPTION_QOS_MASK)); + break; + + case CLNP_OPTION_SECURITY: + printf("\n\t Format Code: %s, Security-Level %u", + tok2str(clnp_option_scope_values,"Reserved",*tptr&CLNP_OPTION_SCOPE_MASK), + *(tptr+1)); + break; + + case CLNP_OPTION_DISCARD_REASON: + rfd_error_major = (*tptr&0xf0) >> 4; + rfd_error_minor = *tptr&0x0f; + printf("\n\t Class: %s Error (0x%01x), %s (0x%01x)", + tok2str(clnp_option_rfd_class_values,"Unknown",rfd_error_major), + rfd_error_major, + tok2str(clnp_option_rfd_error_class[rfd_error_major],"Unknown",rfd_error_minor), + rfd_error_minor); + break; + + case CLNP_OPTION_PADDING: + printf("padding data"); + break; + + /* + * FIXME those are the defined Options that lack a decoder + * you are welcome to contribute code ;-) + */ + + default: + print_unknown_data(tptr,"\n\t ",opli); + break; + } + if (vflag > 1) + print_unknown_data(pptr,"\n\t ",opli); + pptr += opli; + } switch (clnp_pdu_type) { - case CLNP_PDU_ER: + case CLNP_PDU_ER: /* fall through */ + case CLNP_PDU_ERP: + TCHECK(*pptr); + if (*(pptr) == NLPID_CLNP) { + printf("\n\t-----original packet-----\n\t"); + /* FIXME recursion protection */ + clnp_print(pptr, length-clnp_header->length_indicator); + break; + } + case CLNP_PDU_DT: case CLNP_PDU_MD: case CLNP_PDU_ERQ: - case CLNP_PDU_ERP: - + default: /* dump the PDU specific data */ - print_unknown_data(optr+clnp_header->length_indicator,"\n\t ",length-clnp_header->length_indicator); - + if (length-(pptr-optr) > 0) { + printf("\n\t undecoded non-header data, length %u",length-clnp_header->length_indicator); + print_unknown_data(pptr,"\n\t ",length-(pptr-optr)); + } } return (1); + + trunc: + fputs("[|clnp]", stdout); + return (1); + } @@ -661,15 +977,19 @@ esis_print(const u_int8_t *pptr, u_int length) u_int li,esis_pdu_type,source_address_length, source_address_number; const struct esis_header_t *esis_header; + if (!eflag) + printf("ES-IS"); + if (length <= 2) { if (qflag) - printf(" bad pkt!"); + printf("bad pkt!"); else - printf(" no header at all!"); + printf("no header at all!"); return; } esis_header = (const struct esis_header_t *) pptr; + TCHECK(*esis_header); li = esis_header->length_indicator; optr = pptr; @@ -678,22 +998,22 @@ esis_print(const u_int8_t *pptr, u_int length) */ if (esis_header->nlpid != NLPID_ESIS) { - printf(", nlpid 0x%02x packet not supported", esis_header->nlpid); + printf(" nlpid 0x%02x packet not supported", esis_header->nlpid); return; } if (esis_header->version != ESIS_VERSION) { - printf(", version %d packet not supported", esis_header->version); + printf(" version %d packet not supported", esis_header->version); return; } if (li > length) { - printf(", length indicator(%d) > PDU size (%d)!", li, length); + printf(" length indicator(%d) > PDU size (%d)!", li, length); return; } if (li < sizeof(struct esis_header_t) + 2) { - printf(", length indicator < min PDU size %d:", li); + printf(" length indicator < min PDU size %d:", li); while (--length != 0) printf("%02X", *pptr++); return; @@ -702,22 +1022,22 @@ esis_print(const u_int8_t *pptr, u_int length) esis_pdu_type = esis_header->type & ESIS_PDU_TYPE_MASK; if (vflag < 1) { - printf(", %s, length %u", + printf("%s%s, length %u", + eflag ? "" : ", ", tok2str(esis_pdu_values,"unknown type (%u)",esis_pdu_type), length); return; } else - printf(", length %u\n\t%s (%u)", + printf("%slength %u\n\t%s (%u)", + eflag ? "" : ", ", length, tok2str(esis_pdu_values,"unknown type: %u", esis_pdu_type), esis_pdu_type); printf(", v: %u%s", esis_header->version, esis_header->version == ESIS_VERSION ? "" : "unsupported" ); - printf(", checksum: 0x%04x ", EXTRACT_16BITS(esis_header->cksum)); - /* do not attempt to verify the checksum if it is zero */ - if (EXTRACT_16BITS(esis_header->cksum) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(pptr, li) ? "incorrect" : "correct"); + printf(", checksum: 0x%04x", EXTRACT_16BITS(esis_header->cksum)); + + osi_print_cksum(pptr, EXTRACT_16BITS(esis_header->cksum), 7, li); printf(", holding time: %us, length indicator: %u",EXTRACT_16BITS(esis_header->holdtime),li); @@ -729,25 +1049,72 @@ esis_print(const u_int8_t *pptr, u_int length) switch (esis_pdu_type) { case ESIS_PDU_REDIRECT: { - const u_int8_t *dst, *snpa, *tptr; + const u_int8_t *dst, *snpa, *neta; + u_int dstl, snpal, netal; - dst = pptr; pptr += *pptr + 1; - if (pptr > snapend) + TCHECK(*pptr); + if (li < 1) { + printf(", bad redirect/li"); + return; + } + dstl = *pptr; + pptr++; + li--; + TCHECK2(*pptr, dstl); + if (li < dstl) { + printf(", bad redirect/li"); + return; + } + dst = pptr; + pptr += dstl; + li -= dstl; + printf("\n\t %s", isonsap_string(dst,dstl)); + + TCHECK(*pptr); + if (li < 1) { + printf(", bad redirect/li"); + return; + } + snpal = *pptr; + pptr++; + li--; + TCHECK2(*pptr, snpal); + if (li < snpal) { + printf(", bad redirect/li"); + return; + } + snpa = pptr; + pptr += snpal; + li -= snpal; + TCHECK(*pptr); + if (li < 1) { + printf(", bad redirect/li"); return; - printf("\n\t %s", isonsap_string(dst)); - snpa = pptr; pptr += *pptr + 1; - tptr = pptr; pptr += *pptr + 1; - if (pptr > snapend) + } + netal = *pptr; + pptr++; + TCHECK2(*pptr, netal); + if (li < netal) { + printf(", bad redirect/li"); return; + } + neta = pptr; + pptr += netal; + li -= netal; - if (tptr[0] == 0) - printf("\n\t %s", etheraddr_string(&snpa[1])); + if (netal == 0) + printf("\n\t %s", etheraddr_string(snpa)); else - printf("\n\t %s", isonsap_string(tptr)); + printf("\n\t %s", isonsap_string(neta,netal)); break; } case ESIS_PDU_ESH: + TCHECK(*pptr); + if (li < 1) { + printf(", bad esh/li"); + return; + } source_address_number = *pptr; pptr++; li--; @@ -755,23 +1122,47 @@ esis_print(const u_int8_t *pptr, u_int length) printf("\n\t Number of Source Addresses: %u", source_address_number); while (source_address_number > 0) { + TCHECK(*pptr); + if (li < 1) { + printf(", bad esh/li"); + return; + } source_address_length = *pptr; + pptr++; + li--; + + TCHECK2(*pptr, source_address_length); + if (li < source_address_length) { + printf(", bad esh/li"); + return; + } printf("\n\t NET (length: %u): %s", source_address_length, - print_nsap(pptr+1, source_address_length)); - - pptr += source_address_length+1; - li -= source_address_length+1; + isonsap_string(pptr,source_address_length)); + pptr += source_address_length; + li -= source_address_length; source_address_number--; } break; case ESIS_PDU_ISH: { + TCHECK(*pptr); + if (li < 1) { + printf(", bad ish/li"); + return; + } source_address_length = *pptr; - printf("\n\t NET (length: %u): %s", source_address_length, print_nsap(pptr+1, source_address_length)); - pptr += source_address_length+1; - li -= source_address_length +1; + pptr++; + li--; + TCHECK2(*pptr, source_address_length); + if (li < source_address_length) { + printf(", bad ish/li"); + return; + } + printf("\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length)); + pptr += source_address_length; + li -= source_address_length; break; } @@ -784,16 +1175,15 @@ esis_print(const u_int8_t *pptr, u_int length) } /* now walk the options */ - while (li >= 2) { + while (li != 0) { u_int op, opli; const u_int8_t *tptr; - if (snapend - pptr < 2) - return; if (li < 2) { printf(", bad opts/li"); return; } + TCHECK2(*pptr, 2); op = *pptr++; opli = *pptr++; li -= 2; @@ -804,9 +1194,6 @@ esis_print(const u_int8_t *pptr, u_int length) li -= opli; tptr = pptr; - if (snapend < pptr) - return; - printf("\n\t %s Option #%u, length %u, value: ", tok2str(esis_option_values,"Unknown",op), op, @@ -815,12 +1202,16 @@ esis_print(const u_int8_t *pptr, u_int length) switch (op) { case ESIS_OPTION_ES_CONF_TIME: - printf("%us", EXTRACT_16BITS(tptr)); + if (opli == 2) { + TCHECK2(*pptr, 2); + printf("%us", EXTRACT_16BITS(tptr)); + } else + printf("(bad length)"); break; - case ESIS_OPTION_PROTOCOLS: while (opli>0) { + TCHECK(*pptr); printf("%s (0x%02x)", tok2str(nlpid_values, "unknown", @@ -852,6 +1243,8 @@ esis_print(const u_int8_t *pptr, u_int length) print_unknown_data(pptr,"\n\t ",opli); pptr += opli; } +trunc: + return; } /* shared routine for printing system, node and lsp-ids */ @@ -1020,9 +1413,9 @@ trunctlv: */ static int -isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *ident) { +isis_print_is_reach_subtlv (const u_int8_t *tptr,u_int subt,u_int subl,const char *ident) { - int priority_level,bandwidth_constraint; + u_int te_class,priority_level,gmpls_switch_cap; union { /* int to float conversion buffer for several subTLVs */ float f; u_int32_t i; @@ -1046,13 +1439,13 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *i case ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: if (subl >= 4) { printf(", 0x%08x", EXTRACT_32BITS(tptr)); - if (subl == 8) /* draft-ietf-isis-gmpls-extensions */ + if (subl == 8) /* rfc4205 */ printf(", 0x%08x", EXTRACT_32BITS(tptr+4)); } break; case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: - if (subl >= 4) + if (subl >= sizeof(struct in_addr)) printf(", %s", ipaddr_string(tptr)); break; case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW : @@ -1064,28 +1457,29 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *i break; case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW : if (subl >= 32) { - for (priority_level = 0; priority_level < 8; priority_level++) { + for (te_class = 0; te_class < 8; te_class++) { bw.i = EXTRACT_32BITS(tptr); - printf("%s priority level %d: %.3f Mbps", + printf("%s TE-Class %u: %.3f Mbps", ident, - priority_level, + te_class, bw.f*8/1000000 ); tptr+=4; } } break; - case ISIS_SUBTLV_EXT_IS_REACH_DIFFSERV_TE: + case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS: /* fall through */ + case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD: printf("%sBandwidth Constraints Model ID: %s (%u)", ident, tok2str(diffserv_te_bc_values, "unknown", *tptr), *tptr); tptr++; /* decode BCs until the subTLV ends */ - for (bandwidth_constraint = 0; bandwidth_constraint < (subl-1)/4; bandwidth_constraint++) { + for (te_class = 0; te_class < (subl-1)/4; te_class++) { bw.i = EXTRACT_32BITS(tptr); - printf("%s Bandwidth constraint %d: %.3f Mbps", + printf("%s Bandwidth constraint CT%u: %.3f Mbps", ident, - bandwidth_constraint, + te_class, bw.f*8/1000000 ); tptr+=4; } @@ -1094,6 +1488,15 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *i if (subl >= 3) printf(", %u", EXTRACT_24BITS(tptr)); break; + case ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE: + if (subl == 2) { + printf(", [ %s ] (0x%04x)", + bittok2str(isis_subtlv_link_attribute_values, + "Unknown", + EXTRACT_16BITS(tptr)), + EXTRACT_16BITS(tptr)); + } + break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: if (subl >= 2) { printf(", %s, Priority %u", @@ -1103,9 +1506,10 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *i break; case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: if (subl >= 36) { + gmpls_switch_cap = *tptr; printf("%s Interface Switching Capability:%s", ident, - tok2str(gmpls_switch_cap_values, "Unknown", *(tptr))); + tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap)); printf(", LSP Encoding: %s", tok2str(gmpls_encoding_values, "Unknown", *(tptr+1))); tptr+=4; @@ -1119,12 +1523,29 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *i tptr+=4; } subl-=36; - /* there is some optional stuff left to decode but this is as of yet - not specified so just lets hexdump what is left */ - if(subl>0){ - if(!print_unknown_data(tptr,"\n\t\t ", - subl-36)) + switch (gmpls_switch_cap) { + case GMPLS_PSC1: + case GMPLS_PSC2: + case GMPLS_PSC3: + case GMPLS_PSC4: + bw.i = EXTRACT_32BITS(tptr); + printf("%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f*8/1000000); + printf("%s Interface MTU: %u", ident, EXTRACT_16BITS(tptr+4)); + break; + case GMPLS_TSC: + bw.i = EXTRACT_32BITS(tptr); + printf("%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f*8/1000000); + printf("%s Indication %s", ident, + tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", *(tptr+4))); + break; + default: + /* there is some optional stuff left to decode but this is as of yet + not specified so just lets hexdump what is left */ + if(subl>0){ + if(!print_unknown_data(tptr,"\n\t\t ", + subl)) return(0); + } } } break; @@ -1226,7 +1647,11 @@ static int isis_print_extd_ip_reach (const u_int8_t *tptr, const char *ident, u_int16_t afi) { char ident_buffer[20]; - u_int8_t prefix[16]; /* shared copy buffer for IPv4 and IPv6 prefixes */ +#ifdef INET6 + u_int8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ +#else + u_int8_t prefix[sizeof(struct in_addr)]; /* shared copy buffer for IPv4 prefixes */ +#endif u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; if (!TTEST2(*tptr, 4)) @@ -1235,18 +1660,30 @@ isis_print_extd_ip_reach (const u_int8_t *tptr, const char *ident, u_int16_t afi processed=4; tptr+=4; - if (afi == IPV4) { + if (afi == AF_INET) { if (!TTEST2(*tptr, 1)) /* fetch status byte */ return (0); status_byte=*(tptr++); bit_length = status_byte&0x3f; + if (bit_length > 32) { + printf("%sIPv4 prefix: bad bit length %u", + ident, + bit_length); + return (0); + } processed++; #ifdef INET6 - } else if (afi == IPV6) { + } else if (afi == AF_INET6) { if (!TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */ return (0); status_byte=*(tptr++); bit_length=*(tptr++); + if (bit_length > 128) { + printf("%sIPv6 prefix: bad bit length %u", + ident, + bit_length); + return (0); + } processed+=2; #endif } else @@ -1256,18 +1693,18 @@ isis_print_extd_ip_reach (const u_int8_t *tptr, const char *ident, u_int16_t afi if (!TTEST2(*tptr, byte_length)) return (0); - memset(prefix, 0, 16); /* clear the copy buffer */ + memset(prefix, 0, sizeof prefix); /* clear the copy buffer */ memcpy(prefix,tptr,byte_length); /* copy as much as is stored in the TLV */ tptr+=byte_length; processed+=byte_length; - if (afi == IPV4) + if (afi == AF_INET) printf("%sIPv4 prefix: %15s/%u", ident, ipaddr_string(prefix), bit_length); #ifdef INET6 - if (afi == IPV6) + if (afi == AF_INET6) printf("%sIPv6 prefix: %s/%u", ident, ip6addr_string(prefix), @@ -1278,17 +1715,20 @@ isis_print_extd_ip_reach (const u_int8_t *tptr, const char *ident, u_int16_t afi ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", metric); - if (afi == IPV4 && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) printf(", sub-TLVs present"); #ifdef INET6 - if (afi == IPV6) + if (afi == AF_INET6) printf(", %s%s", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""); #endif - if ((ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte) && afi == IPV4) || - (ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) && afi == IPV6)) { + if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) +#ifdef INET6 + || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) +#endif + ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect the aggregate bytecount of the subTLVs for this prefix @@ -1326,7 +1766,7 @@ static int isis_print (const u_int8_t *p, u_int length) const struct isis_iih_lan_header *header_iih_lan; const struct isis_iih_ptp_header *header_iih_ptp; - const struct isis_lsp_header *header_lsp; + struct isis_lsp_header *header_lsp; const struct isis_csnp_header *header_csnp; const struct isis_psnp_header *header_psnp; @@ -1338,38 +1778,43 @@ static int isis_print (const u_int8_t *p, u_int length) u_int8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len; u_int8_t ext_is_len, ext_ip_len, mt_len; const u_int8_t *optr, *pptr, *tptr; - u_short packet_len,pdu_len; + u_short packet_len,pdu_len, key_id; u_int i,vendor_id; + int sigcheck; packet_len=length; optr = p; /* initialize the _o_riginal pointer to the packet start - - need it for parsing the checksum TLV */ + need it for parsing the checksum TLV and authentication + TLV verification */ isis_header = (const struct isis_common_header *)p; TCHECK(*isis_header); pptr = p+(ISIS_COMMON_HEADER_SIZE); header_iih_lan = (const struct isis_iih_lan_header *)pptr; header_iih_ptp = (const struct isis_iih_ptp_header *)pptr; - header_lsp = (const struct isis_lsp_header *)pptr; + header_lsp = (struct isis_lsp_header *)pptr; header_csnp = (const struct isis_csnp_header *)pptr; header_psnp = (const struct isis_psnp_header *)pptr; + if (!eflag) + printf("IS-IS"); + /* * Sanity checking of the header. */ if (isis_header->version != ISIS_VERSION) { - printf(", version %d packet not supported", isis_header->version); + printf("version %d packet not supported", isis_header->version); return (0); } if ((isis_header->id_length != SYSTEM_ID_LEN) && (isis_header->id_length != 0)) { - printf(", system ID length of %d is not supported", + printf("system ID length of %d is not supported", isis_header->id_length); return (0); } if (isis_header->pdu_version != ISIS_VERSION) { - printf(", version %d packet not supported", isis_header->pdu_version); + printf("version %d packet not supported", isis_header->pdu_version); return (0); } @@ -1379,7 +1824,7 @@ static int isis_print (const u_int8_t *p, u_int length) max_area = 3; /* silly shit */ break; case 255: - printf(", bad packet -- 255 areas"); + printf("bad packet -- 255 areas"); return (0); default: break; @@ -1408,7 +1853,7 @@ static int isis_print (const u_int8_t *p, u_int length) /* toss any non 6-byte sys-ID len PDUs */ if (id_length != 6 ) { - printf(", bad packet -- illegal sys-ID length (%u)", id_length); + printf("bad packet -- illegal sys-ID length (%u)", id_length); return (0); } @@ -1416,7 +1861,9 @@ static int isis_print (const u_int8_t *p, u_int length) /* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/ if (vflag < 1) { - printf(", %s", tok2str(isis_pdu_values,"unknown PDU-Type %u",pdu_type)); + printf("%s%s", + eflag ? "" : ", ", + tok2str(isis_pdu_values,"unknown PDU-Type %u",pdu_type)); switch (pdu_type) { @@ -1454,7 +1901,7 @@ static int isis_print (const u_int8_t *p, u_int length) } /* ok they seem to want to know everything - lets fully decode it */ - printf(", length: %u",length); + printf("%slength %u", eflag ? "" : ", ",length); printf("\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", tok2str(isis_pdu_values, @@ -1566,15 +2013,18 @@ static int isis_print (const u_int8_t *p, u_int length) EXTRACT_16BITS(header_lsp->remaining_lifetime), EXTRACT_16BITS(header_lsp->checksum)); - /* if this is a purge do not attempt to verify the checksum */ - if ( EXTRACT_16BITS(header_lsp->remaining_lifetime) == 0 && - EXTRACT_16BITS(header_lsp->checksum) == 0) - printf(" (purged)"); - else - /* verify the checksum - - * checking starts at the lsp-id field at byte position [12] - * hence the length needs to be reduced by 12 bytes */ - printf(" (%s)", (osi_cksum((u_int8_t *)header_lsp->lsp_id, length-12)) ? "incorrect" : "correct"); + + osi_print_cksum((u_int8_t *)header_lsp->lsp_id, + EXTRACT_16BITS(header_lsp->checksum), 12, length-12); + + /* + * Clear checksum and lifetime prior to signature verification. + */ + header_lsp->checksum[0] = 0; + header_lsp->checksum[1] = 0; + header_lsp->remaining_lifetime[0] = 0; + header_lsp->remaining_lifetime[1] = 0; + printf(", PDU length: %u, Flags: [ %s", pdu_len, @@ -1696,6 +2146,9 @@ static int isis_print (const u_int8_t *p, u_int length) tlv_type, tlv_len); + if (tlv_len == 0) /* something is malformed */ + continue; + /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { case ISIS_TLV_AREA_ADDR: @@ -1705,7 +2158,7 @@ static int isis_print (const u_int8_t *p, u_int length) while (tmp && alen < tmp) { printf("\n\t Area address (length: %u): %s", alen, - print_nsap(tptr, alen)); + isonsap_string(tptr,alen)); tptr += alen; tmp -= alen + 1; if (tmp==0) /* if this is the last area address do not attemt a boundary check */ @@ -1726,9 +2179,13 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_ISNEIGH_VARLEN: - if (!TTEST2(*tptr, 1)) + if (!TTEST2(*tptr, 1) || tmp < 3) /* min. TLV length */ goto trunctlv; - lan_alen = *tptr++; /* LAN adress length */ + lan_alen = *tptr++; /* LAN address length */ + if (lan_alen == 0) { + printf("\n\t LAN address length 0 bytes (invalid)"); + break; + } tmp --; printf("\n\t LAN address length %u bytes ",lan_alen); while (tmp >= lan_alen) { @@ -1744,13 +2201,12 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IS_REACH: + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) /* did something go wrong ? */ + goto trunctlv; + tptr+=mt_len; + tmp-=mt_len; while (tmp >= 2+NODE_ID_LEN+3+1) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; - ext_is_len = isis_print_ext_is_reach(tptr,"\n\t ",tlv_type); if (ext_is_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -1820,7 +2276,7 @@ static int isis_print (const u_int8_t *p, u_int length) case ISIS_TLV_EXTD_IP_REACH: while (tmp>0) { - ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", IPV4); + ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; tptr+=ext_ip_len; @@ -1829,14 +2285,15 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IP_REACH: - while (tmp>0) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunctlv; + } + tptr+=mt_len; + tmp-=mt_len; - ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", IPV4); + while (tmp>0) { + ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; tptr+=ext_ip_len; @@ -1847,7 +2304,7 @@ static int isis_print (const u_int8_t *p, u_int length) #ifdef INET6 case ISIS_TLV_IP6_REACH: while (tmp>0) { - ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", IPV6); + ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET6); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; tptr+=ext_ip_len; @@ -1856,14 +2313,15 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IP6_REACH: - while (tmp>0) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunctlv; + } + tptr+=mt_len; + tmp-=mt_len; - ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", IPV6); + while (tmp>0) { + ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET6); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; tptr+=ext_ip_len; @@ -1872,15 +2330,15 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_IP6ADDR: - while (tmp>0) { - if (!TTEST2(*tptr, 16)) + while (tmp>=sizeof(struct in6_addr)) { + if (!TTEST2(*tptr, sizeof(struct in6_addr))) goto trunctlv; printf("\n\t IPv6 interface address: %s", ip6addr_string(tptr)); - tptr += 16; - tmp -= 16; + tptr += sizeof(struct in6_addr); + tmp -= sizeof(struct in6_addr); } break; #endif @@ -1909,7 +2367,25 @@ static int isis_print (const u_int8_t *p, u_int length) } if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1) printf(", (malformed subTLV) "); + +#ifdef HAVE_LIBCRYPTO + sigcheck = signature_verify(optr, length, + (unsigned char *)tptr + 1); +#else + sigcheck = CANT_CHECK_SIGNATURE; +#endif + printf(" (%s)", tok2str(signature_check_values, "Unknown", sigcheck)); + break; + case ISIS_SUBTLV_AUTH_GENERIC: + key_id = EXTRACT_16BITS((tptr+1)); + printf("%u, password: ", key_id); + for(i=1 + sizeof(u_int16_t);i0) { - if (!TTEST2(*tptr, 4)) + while (tmp>=sizeof(struct in_addr)) { + if (!TTEST2(*tptr, sizeof(struct in_addr))) goto trunctlv; printf("\n\t IPv4 interface address: %s", ipaddr_string(tptr)); - tptr += 4; - tmp -= 4; + tptr += sizeof(struct in_addr); + tmp -= sizeof(struct in_addr); } break; @@ -1996,30 +2472,38 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_SHARED_RISK_GROUP: + if (tmp < NODE_ID_LEN) + break; if (!TTEST2(*tptr, NODE_ID_LEN)) goto trunctlv; printf("\n\t IS Neighbor: %s", isis_print_id(tptr, NODE_ID_LEN)); tptr+=(NODE_ID_LEN); tmp-=(NODE_ID_LEN); + if (tmp < 1) + break; if (!TTEST2(*tptr, 1)) goto trunctlv; printf(", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(*tptr++) ? "numbered" : "unnumbered"); tmp--; - if (!TTEST2(*tptr,4)) + if (tmp < sizeof(struct in_addr)) + break; + if (!TTEST2(*tptr,sizeof(struct in_addr))) goto trunctlv; printf("\n\t IPv4 interface address: %s", ipaddr_string(tptr)); - tptr+=4; - tmp-=4; + tptr+=sizeof(struct in_addr); + tmp-=sizeof(struct in_addr); - if (!TTEST2(*tptr,4)) + if (tmp < sizeof(struct in_addr)) + break; + if (!TTEST2(*tptr,sizeof(struct in_addr))) goto trunctlv; printf("\n\t IPv4 neighbor address: %s", ipaddr_string(tptr)); - tptr+=4; - tmp-=4; + tptr+=sizeof(struct in_addr); + tmp-=sizeof(struct in_addr); - while (tmp>0) { + while (tmp>=4) { if (!TTEST2(*tptr, 4)) goto trunctlv; printf("\n\t Link-ID: 0x%08x", EXTRACT_32BITS(tptr)); @@ -2030,7 +2514,7 @@ static int isis_print (const u_int8_t *p, u_int length) case ISIS_TLV_LSP: tlv_lsp = (const struct isis_tlv_lsp *)tptr; - while(tmp>0) { + while(tmp>=sizeof(struct isis_tlv_lsp)) { if (!TTEST((tlv_lsp->lsp_id)[LSP_ID_LEN-1])) goto trunctlv; printf("\n\t lsp-id: %s", @@ -2050,7 +2534,9 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_CHECKSUM: - if (!TTEST2(*tptr, 2)) + if (tmp < ISIS_TLV_CHECKSUM_MINLEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_CHECKSUM_MINLEN)) goto trunctlv; printf("\n\t checksum: 0x%04x ", EXTRACT_16BITS(tptr)); /* do not attempt to verify the checksum if it is zero @@ -2058,12 +2544,12 @@ static int isis_print (const u_int8_t *p, u_int length) * to avoid conflicts the checksum TLV is zeroed. * see rfc3358 for details */ - if (EXTRACT_16BITS(tptr) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, length) ? "incorrect" : "correct"); + osi_print_cksum(optr, EXTRACT_16BITS(tptr), tptr-optr, length); break; case ISIS_TLV_MT_SUPPORTED: + if (tmp < ISIS_TLV_MT_SUPPORTED_MINLEN) + break; while (tmp>1) { /* length can only be a multiple of 2, otherwise there is something broken -> so decode down until length is 1 */ @@ -2081,16 +2567,41 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_RESTART_SIGNALING: - if (!TTEST2(*tptr, 3)) + /* first attempt to decode the flags */ + if (tmp < ISIS_TLV_RESTART_SIGNALING_FLAGLEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN)) goto trunctlv; - printf("\n\t Flags [%s], Remaining holding time %us", - bittok2str(isis_restart_flag_values, "none", *tptr), - EXTRACT_16BITS(tptr+1)); - tptr+=3; + printf("\n\t Flags [%s]", + bittok2str(isis_restart_flag_values, "none", *tptr)); + tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; + tmp-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; + + /* is there anything other than the flags field? */ + if (tmp == 0) + break; + + if (tmp < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN)) + goto trunctlv; + + printf(", Remaining holding time %us", EXTRACT_16BITS(tptr)); + tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; + tmp-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; + + /* is there an additional sysid field present ?*/ + if (tmp == SYSTEM_ID_LEN) { + if (!TTEST2(*tptr, SYSTEM_ID_LEN)) + goto trunctlv; + printf(", for %s",isis_print_id(tptr,SYSTEM_ID_LEN)); + } break; case ISIS_TLV_IDRP_INFO: - if (!TTEST2(*tptr, 1)) + if (tmp < ISIS_TLV_IDRP_INFO_MINLEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_IDRP_INFO_MINLEN)) goto trunctlv; printf("\n\t Inter-Domain Information Type: %s", tok2str(isis_subtlv_idrp_values, @@ -2112,7 +2623,9 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_LSP_BUFFERSIZE: - if (!TTEST2(*tptr, 2)) + if (tmp < ISIS_TLV_LSP_BUFFERSIZE_MINLEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN)) goto trunctlv; printf("\n\t LSP Buffersize: %u",EXTRACT_16BITS(tptr)); break; @@ -2128,6 +2641,8 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_PREFIX_NEIGH: + if (tmp < sizeof(struct isis_metric_block)) + break; if (!TTEST2(*tptr, sizeof(struct isis_metric_block))) goto trunctlv; printf("\n\t Metric Block"); @@ -2139,11 +2654,17 @@ static int isis_print (const u_int8_t *p, u_int length) if (!TTEST2(*tptr, 1)) goto trunctlv; prefix_len=*tptr++; /* read out prefix length in semioctets*/ + if (prefix_len < 2) { + printf("\n\t\tAddress: prefix length %u < 2", prefix_len); + break; + } tmp--; + if (tmp < prefix_len/2) + break; if (!TTEST2(*tptr, prefix_len/2)) goto trunctlv; printf("\n\t\tAddress: %s/%u", - print_nsap(tptr,prefix_len/2), + isonsap_string(tptr,prefix_len/2), prefix_len*4); tptr+=prefix_len/2; tmp-=prefix_len/2; @@ -2151,13 +2672,17 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_IIH_SEQNR: - if (!TTEST2(*tptr, 4)) /* check if four bytes are on the wire */ + if (tmp < ISIS_TLV_IIH_SEQNR_MINLEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_IIH_SEQNR_MINLEN)) /* check if four bytes are on the wire */ goto trunctlv; printf("\n\t Sequence number: %u", EXTRACT_32BITS(tptr) ); break; case ISIS_TLV_VENDOR_PRIVATE: - if (!TTEST2(*tptr, 3)) /* check if enough byte for a full oui */ + if (tmp < ISIS_TLV_VENDOR_PRIVATE_MINLEN) + break; + if (!TTEST2(*tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN)) /* check if enough byte for a full oui */ goto trunctlv; vendor_id = EXTRACT_24BITS(tptr); printf("\n\t Vendor: %s (%u)", @@ -2211,20 +2736,28 @@ static int isis_print (const u_int8_t *p, u_int length) return(1); } -/* - * Verify the checksum. See 8473-1, Appendix C, section C.4. - */ - -static int -osi_cksum(const u_int8_t *tptr, u_int len) +static void +osi_print_cksum (const u_int8_t *pptr, u_int16_t checksum, + u_int checksum_offset, u_int length) { - int32_t c0 = 0, c1 = 0; + u_int16_t calculated_checksum; - while ((int)--len >= 0) { - c0 += *tptr++; - c0 %= 255; - c1 += c0; - c1 %= 255; - } - return (c0 | c1); + /* do not attempt to verify the checksum if it is zero */ + if (!checksum) { + printf("(unverified)"); + } else { + calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); + if (checksum == calculated_checksum) { + printf(" (correct)"); + } else { + printf(" (incorrect should be 0x%04x)", calculated_checksum); + } + } } + +/* + * Local Variables: + * c-style: whitesmith + * c-basic-offset: 8 + * End: + */