X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/59690cf6b7ffce3cc86936cbe658909c6ec3a687..da20bc56d6100b5275d6f85c4a25bac1dab4e57e:/print-pim.c diff --git a/print-pim.c b/print-pim.c index 645a4901..859d7bc6 100644 --- a/print-pim.c +++ b/print-pim.c @@ -19,18 +19,42 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#define NETDISSECT_REWORKED +/* \summary: Protocol Independent Multicast (PIM) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "extract.h" #include "ip.h" +#include "ip6.h" +#include "ipproto.h" + +#define PIMV1_TYPE_QUERY 0 +#define PIMV1_TYPE_REGISTER 1 +#define PIMV1_TYPE_REGISTER_STOP 2 +#define PIMV1_TYPE_JOIN_PRUNE 3 +#define PIMV1_TYPE_RP_REACHABILITY 4 +#define PIMV1_TYPE_ASSERT 5 +#define PIMV1_TYPE_GRAFT 6 +#define PIMV1_TYPE_GRAFT_ACK 7 + +static const struct tok pimv1_type_str[] = { + { PIMV1_TYPE_QUERY, "Query" }, + { PIMV1_TYPE_REGISTER, "Register" }, + { PIMV1_TYPE_REGISTER_STOP, "Register-Stop" }, + { PIMV1_TYPE_JOIN_PRUNE, "Join/Prune" }, + { PIMV1_TYPE_RP_REACHABILITY, "RP-reachable" }, + { PIMV1_TYPE_ASSERT, "Assert" }, + { PIMV1_TYPE_GRAFT, "Graft" }, + { PIMV1_TYPE_GRAFT_ACK, "Graft-ACK" }, + { 0, NULL } +}; #define PIMV2_TYPE_HELLO 0 #define PIMV2_TYPE_REGISTER 1 @@ -42,6 +66,8 @@ #define PIMV2_TYPE_GRAFT_ACK 7 #define PIMV2_TYPE_CANDIDATE_RP 8 #define PIMV2_TYPE_PRUNE_REFRESH 9 +#define PIMV2_TYPE_DF_ELECTION 10 +#define PIMV2_TYPE_ECMP_REDIRECT 11 static const struct tok pimv2_type_values[] = { { PIMV2_TYPE_HELLO, "Hello" }, @@ -54,6 +80,8 @@ static const struct tok pimv2_type_values[] = { { PIMV2_TYPE_GRAFT_ACK, "Graft Acknowledgement" }, { PIMV2_TYPE_CANDIDATE_RP, "Candidate RP Advertisement" }, { PIMV2_TYPE_PRUNE_REFRESH, "Prune Refresh" }, + { PIMV2_TYPE_DF_ELECTION, "DF Election" }, + { PIMV2_TYPE_ECMP_REDIRECT, "ECMP Redirect" }, { 0, NULL} }; @@ -96,7 +124,7 @@ static const struct tok pimv2_register_flag_values[] = { */ struct pim { - u_int8_t pim_typever; + uint8_t pim_typever; /* upper 4bit: PIM version number; 2 for PIMv2 */ /* lower 4bit: the PIM message type, currently they are: * Hello, Register, Register-Stop, Join/Prune, @@ -109,7 +137,7 @@ struct pim { u_short pim_cksum; /* IP style check sum */ }; -static void pimv2_print(netdissect_options *, register const u_char *bp, register u_int len, u_int cksum); +static void pimv2_print(netdissect_options *, register const u_char *bp, register u_int len, const u_char *); static void pimv1_join_prune_print(netdissect_options *ndo, @@ -120,20 +148,20 @@ pimv1_join_prune_print(netdissect_options *ndo, /* If it's a single group and a single source, use 1-line output. */ if (ND_TTEST2(bp[0], 30) && bp[11] == 1 && - ((njoin = EXTRACT_16BITS(&bp[20])) + EXTRACT_16BITS(&bp[22])) == 1) { + ((njoin = EXTRACT_BE_U_2(bp + 20)) + EXTRACT_BE_U_2(bp + 22)) == 1) { int hold; - ND_PRINT((ndo, " RPF %s ", ipaddr_string(bp))); - hold = EXTRACT_16BITS(&bp[6]); + ND_PRINT((ndo, " RPF %s ", ipaddr_string(ndo, bp))); + hold = EXTRACT_BE_U_2(bp + 6); if (hold != 180) { ND_PRINT((ndo, "Hold ")); - relts_print(hold); + unsigned_relts_print(ndo, hold); } ND_PRINT((ndo, "%s (%s/%d, %s", njoin ? "Join" : "Prune", - ipaddr_string(&bp[26]), bp[25] & 0x3f, - ipaddr_string(&bp[12]))); - if (EXTRACT_32BITS(&bp[16]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(&bp[16]))); + ipaddr_string(ndo, &bp[26]), bp[25] & 0x3f, + ipaddr_string(ndo, &bp[12]))); + if (EXTRACT_BE_U_4(bp + 16) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[16]))); ND_PRINT((ndo, ") %s%s %s", (bp[24] & 0x01) ? "Sparse" : "Dense", (bp[25] & 0x80) ? " WC" : "", @@ -141,20 +169,28 @@ pimv1_join_prune_print(netdissect_options *ndo, return; } + if (len < sizeof(struct in_addr)) + goto trunc; ND_TCHECK2(bp[0], sizeof(struct in_addr)); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n")); - ND_PRINT((ndo, " Upstream Nbr: %s", ipaddr_string(bp))); - ND_TCHECK2(bp[6], 2); + ND_PRINT((ndo, " Upstream Nbr: %s", ipaddr_string(ndo, bp))); + bp += 4; + len -= 4; + if (len < 4) + goto trunc; + ND_TCHECK2(bp[2], 2); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n")); ND_PRINT((ndo, " Hold time: ")); - relts_print(EXTRACT_16BITS(&bp[6])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 2)); if (ndo->ndo_vflag < 2) return; - bp += 8; - len -= 8; + bp += 4; + len -= 4; + if (len < 4) + goto trunc; ND_TCHECK2(bp[0], 4); ngroups = bp[3]; bp += 4; @@ -164,17 +200,27 @@ pimv1_join_prune_print(netdissect_options *ndo, * XXX - does the address have length "addrlen" and the * mask length "maddrlen"? */ + if (len < 4) + goto trunc; + ND_TCHECK2(bp[0], sizeof(struct in_addr)); + ND_PRINT((ndo, "\n\tGroup: %s", ipaddr_string(ndo, bp))); + bp += 4; + len -= 4; + if (len < 4) + goto trunc; ND_TCHECK2(bp[0], sizeof(struct in_addr)); - ND_PRINT((ndo, "\n\tGroup: %s", ipaddr_string(bp))); - ND_TCHECK2(bp[4], sizeof(struct in_addr)); - if (EXTRACT_32BITS(&bp[4]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(&bp[4]))); - ND_TCHECK2(bp[8], 4); - njoin = EXTRACT_16BITS(&bp[8]); - nprune = EXTRACT_16BITS(&bp[10]); + if (EXTRACT_BE_U_4(bp) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[0]))); + bp += 4; + len -= 4; + if (len < 4) + goto trunc; + ND_TCHECK2(bp[0], 4); + njoin = EXTRACT_BE_U_2(bp); + nprune = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, " joined: %d pruned: %d", njoin, nprune)); - bp += 12; - len -= 12; + bp += 4; + len -= 4; for (njp = 0; njp < (njoin + nprune); njp++) { const char *type; @@ -182,12 +228,15 @@ pimv1_join_prune_print(netdissect_options *ndo, type = "Join "; else type = "Prune"; + if (len < 6) + goto trunc; ND_TCHECK2(bp[0], 6); ND_PRINT((ndo, "\n\t%s %s%s%s%s/%d", type, (bp[0] & 0x01) ? "Sparse " : "Dense ", (bp[1] & 0x80) ? "WC " : "", (bp[1] & 0x40) ? "RP " : "SPT ", - ipaddr_string(&bp[2]), bp[1] & 0x3f)); + ipaddr_string(ndo, &bp[2]), + bp[1] & 0x3f)); bp += 6; len -= 6; } @@ -202,19 +251,14 @@ void pimv1_print(netdissect_options *ndo, register const u_char *bp, register u_int len) { - register const u_char *ep; register u_char type; - ep = (const u_char *)ndo->ndo_snapend; - if (bp >= ep) - return; - ND_TCHECK(bp[1]); type = bp[1]; + ND_PRINT((ndo, " %s", tok2str(pimv1_type_str, "[type %u]", type))); switch (type) { - case 0: - ND_PRINT((ndo, " Query")); + case PIMV1_TYPE_QUERY: if (ND_TTEST(bp[8])) { switch (bp[8] >> 4) { case 0: @@ -234,69 +278,54 @@ pimv1_print(netdissect_options *ndo, if (ndo->ndo_vflag) { ND_TCHECK2(bp[10],2); ND_PRINT((ndo, " (Hold-time ")); - relts_print(EXTRACT_16BITS(&bp[10])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 10)); ND_PRINT((ndo, ")")); } break; - case 1: - ND_PRINT((ndo, " Register")); + case PIMV1_TYPE_REGISTER: ND_TCHECK2(bp[8], 20); /* ip header */ - ND_PRINT((ndo, " for %s > %s", ipaddr_string(&bp[20]), - ipaddr_string(&bp[24]))); + ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[20]), + ipaddr_string(ndo, &bp[24]))); break; - case 2: - ND_PRINT((ndo, " Register-Stop")); + case PIMV1_TYPE_REGISTER_STOP: ND_TCHECK2(bp[12], sizeof(struct in_addr)); - ND_PRINT((ndo, " for %s > %s", ipaddr_string(&bp[8]), - ipaddr_string(&bp[12]))); - break; - case 3: - ND_PRINT((ndo, " Join/Prune")); - if (ndo->ndo_vflag) - pimv1_join_prune_print(ndo, &bp[8], len - 8); + ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[8]), + ipaddr_string(ndo, &bp[12]))); break; - case 4: - ND_PRINT((ndo, " RP-reachable")); + case PIMV1_TYPE_RP_REACHABILITY: if (ndo->ndo_vflag) { ND_TCHECK2(bp[22], 2); - ND_PRINT((ndo, " group %s", ipaddr_string(&bp[8]))); - if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(&bp[12]))); - ND_PRINT((ndo, " RP %s hold ", ipaddr_string(&bp[16]))); - relts_print(EXTRACT_16BITS(&bp[22])); + ND_PRINT((ndo, " group %s", ipaddr_string(ndo, &bp[8]))); + if (EXTRACT_BE_U_4(bp + 12) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[12]))); + ND_PRINT((ndo, " RP %s hold ", ipaddr_string(ndo, &bp[16]))); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 22)); } break; - case 5: - ND_PRINT((ndo, " Assert")); + case PIMV1_TYPE_ASSERT: ND_TCHECK2(bp[16], sizeof(struct in_addr)); - ND_PRINT((ndo, " for %s > %s", ipaddr_string(&bp[16]), - ipaddr_string(&bp[8]))); - if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(&bp[12]))); + ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[16]), + ipaddr_string(ndo, &bp[8]))); + if (EXTRACT_BE_U_4(bp + 12) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[12]))); ND_TCHECK2(bp[24], 4); ND_PRINT((ndo, " %s pref %d metric %d", (bp[20] & 0x80) ? "RP-tree" : "SPT", - EXTRACT_32BITS(&bp[20]) & 0x7fffffff, - EXTRACT_32BITS(&bp[24]))); + EXTRACT_BE_U_4(bp + 20) & 0x7fffffff, + EXTRACT_BE_U_4(bp + 24))); break; - case 6: - ND_PRINT((ndo, " Graft")); - if (ndo->ndo_vflag) - pimv1_join_prune_print(ndo, &bp[8], len - 8); - break; - case 7: - ND_PRINT((ndo, " Graft-ACK")); - if (ndo->ndo_vflag) + case PIMV1_TYPE_JOIN_PRUNE: + case PIMV1_TYPE_GRAFT: + case PIMV1_TYPE_GRAFT_ACK: + if (ndo->ndo_vflag) { + if (len < 8) + goto trunc; pimv1_join_prune_print(ndo, &bp[8], len - 8); - break; - case 8: - ND_PRINT((ndo, " Mode")); - break; - default: - ND_PRINT((ndo, " [type %d]", type)); + } break; } + ND_TCHECK(bp[4]); if ((bp[4] >> 4) != 1) ND_PRINT((ndo, " [v%d]", bp[4] >> 4)); return; @@ -320,6 +349,8 @@ cisco_autorp_print(netdissect_options *ndo, int numrps; int hold; + if (len < 8) + goto trunc; ND_TCHECK(bp[0]); ND_PRINT((ndo, " auto-rp ")); type = bp[0]; @@ -340,9 +371,9 @@ cisco_autorp_print(netdissect_options *ndo, ND_TCHECK2(bp[2], 2); ND_PRINT((ndo, " Hold ")); - hold = EXTRACT_16BITS(&bp[2]); + hold = EXTRACT_BE_U_2(bp + 2); if (hold) - relts_print(EXTRACT_16BITS(&bp[2])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 2)); else ND_PRINT((ndo, "FOREVER")); @@ -367,10 +398,16 @@ cisco_autorp_print(netdissect_options *ndo, int nentries; char s; + if (len < 4) + goto trunc; ND_TCHECK2(bp[0], 4); - ND_PRINT((ndo, " RP %s", ipaddr_string(bp))); - ND_TCHECK(bp[4]); - switch (bp[4] & 0x3) { + ND_PRINT((ndo, " RP %s", ipaddr_string(ndo, bp))); + bp += 4; + len -= 4; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + switch (bp[0] & 0x3) { case 0: ND_PRINT((ndo, " PIMv?")); break; case 1: ND_PRINT((ndo, " PIMv1")); @@ -380,16 +417,23 @@ cisco_autorp_print(netdissect_options *ndo, case 3: ND_PRINT((ndo, " PIMv1+2")); break; } - if (bp[4] & 0xfc) - ND_PRINT((ndo, " [rsvd=0x%02x]", bp[4] & 0xfc)); - ND_TCHECK(bp[5]); - nentries = bp[5]; - bp += 6; len -= 6; + if (bp[0] & 0xfc) + ND_PRINT((ndo, " [rsvd=0x%02x]", bp[0] & 0xfc)); + bp += 1; + len -= 1; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + nentries = bp[0]; + bp += 1; + len -= 1; s = ' '; for (; nentries; nentries--) { + if (len < 6) + goto trunc; ND_TCHECK2(bp[0], 6); ND_PRINT((ndo, "%c%s%s/%d", s, bp[0] & 1 ? "!" : "", - ipaddr_string(&bp[2]), bp[1])); + ipaddr_string(ndo, &bp[2]), bp[1])); if (bp[0] & 0x02) { ND_PRINT((ndo, " bidir")); } @@ -409,18 +453,15 @@ trunc: void pim_print(netdissect_options *ndo, - register const u_char *bp, register u_int len, u_int cksum) + register const u_char *bp, register u_int len, const u_char *bp2) { - register const u_char *ep; - register struct pim *pim = (struct pim *)bp; + register const struct pim *pim = (const struct pim *)bp; - ep = (const u_char *)ndo->ndo_snapend; - if (bp >= ep) - return; #ifdef notyet /* currently we see only version and type */ ND_TCHECK(pim->pim_rsv); #endif + ND_TCHECK(pim->pim_typever); switch (PIM_VER(pim->pim_typever)) { case 2: if (!ndo->ndo_vflag) { @@ -434,7 +475,7 @@ pim_print(netdissect_options *ndo, PIM_VER(pim->pim_typever), len, tok2str(pimv2_type_values,"Unknown Type",PIM_TYPE(pim->pim_typever)))); - pimv2_print(ndo, bp, len, cksum); + pimv2_print(ndo, bp, len, bp2); } break; default: @@ -444,6 +485,10 @@ pim_print(netdissect_options *ndo, break; } return; + +trunc: + ND_PRINT((ndo, "[|pim]")); + return; } /* @@ -486,8 +531,6 @@ pim_print(netdissect_options *ndo, * */ -static int pimv2_addr_len; - enum pimv2_addrtype { pimv2_unicast, pimv2_group, pimv2_source }; @@ -514,26 +557,25 @@ enum pimv2_addrtype { */ static int pimv2_addr_print(netdissect_options *ndo, - const u_char *bp, enum pimv2_addrtype at, int silent) + const u_char *bp, u_int len, enum pimv2_addrtype at, + u_int addr_len, int silent) { int af; - int len, hdrlen; - - ND_TCHECK(bp[0]); + int hdrlen; - if (pimv2_addr_len == 0) { + if (addr_len == 0) { + if (len < 2) + goto trunc; ND_TCHECK(bp[1]); switch (bp[0]) { case 1: af = AF_INET; - len = sizeof(struct in_addr); + addr_len = (u_int)sizeof(struct in_addr); break; -#ifdef INET6 case 2: af = AF_INET6; - len = sizeof(struct in6_addr); + addr_len = (u_int)sizeof(struct in6_addr); break; -#endif default: return -1; } @@ -541,57 +583,55 @@ pimv2_addr_print(netdissect_options *ndo, return -1; hdrlen = 2; } else { - switch (pimv2_addr_len) { + switch (addr_len) { case sizeof(struct in_addr): af = AF_INET; break; -#ifdef INET6 case sizeof(struct in6_addr): af = AF_INET6; break; -#endif default: return -1; break; } - len = pimv2_addr_len; hdrlen = 0; } bp += hdrlen; + len -= hdrlen; switch (at) { case pimv2_unicast: - ND_TCHECK2(bp[0], len); + if (len < addr_len) + goto trunc; + ND_TCHECK2(bp[0], addr_len); if (af == AF_INET) { if (!silent) - ND_PRINT((ndo, "%s", ipaddr_string(bp))); + ND_PRINT((ndo, "%s", ipaddr_string(ndo, bp))); } -#ifdef INET6 else if (af == AF_INET6) { if (!silent) - ND_PRINT((ndo, "%s", ip6addr_string(bp))); + ND_PRINT((ndo, "%s", ip6addr_string(ndo, bp))); } -#endif - return hdrlen + len; + return hdrlen + addr_len; case pimv2_group: case pimv2_source: - ND_TCHECK2(bp[0], len + 2); + if (len < addr_len + 2) + goto trunc; + ND_TCHECK2(bp[0], addr_len + 2); if (af == AF_INET) { if (!silent) { - ND_PRINT((ndo, "%s", ipaddr_string(bp + 2))); + ND_PRINT((ndo, "%s", ipaddr_string(ndo, bp + 2))); if (bp[1] != 32) ND_PRINT((ndo, "/%u", bp[1])); } } -#ifdef INET6 else if (af == AF_INET6) { if (!silent) { - ND_PRINT((ndo, "%s", ip6addr_string(bp + 2))); + ND_PRINT((ndo, "%s", ip6addr_string(ndo, bp + 2))); if (bp[1] != 128) ND_PRINT((ndo, "/%u", bp[1])); } } -#endif if (bp[0] && !silent) { if (at == pimv2_group) { ND_PRINT((ndo, "(0x%02x)", bp[0])); @@ -606,7 +646,7 @@ pimv2_addr_print(netdissect_options *ndo, ND_PRINT((ndo, ")")); } } - return hdrlen + 2 + len; + return hdrlen + 2 + addr_len; default: return -1; } @@ -614,50 +654,132 @@ trunc: return -1; } +enum checksum_status { + CORRECT, + INCORRECT, + UNVERIFIED +}; + +static enum checksum_status +pimv2_check_checksum(netdissect_options *ndo, const u_char *bp, + const u_char *bp2, u_int len) +{ + const struct ip *ip; + u_int cksum; + + if (!ND_TTEST2(bp[0], len)) { + /* We don't have all the data. */ + return (UNVERIFIED); + } + ip = (const struct ip *)bp2; + if (IP_V(ip) == 4) { + struct cksum_vec vec[1]; + + vec[0].ptr = bp; + vec[0].len = len; + cksum = in_cksum(vec, 1); + return (cksum ? INCORRECT : CORRECT); + } else if (IP_V(ip) == 6) { + const struct ip6_hdr *ip6; + + ip6 = (const struct ip6_hdr *)bp2; + cksum = nextproto6_cksum(ndo, ip6, bp, len, len, IPPROTO_PIM); + return (cksum ? INCORRECT : CORRECT); + } else { + return (UNVERIFIED); + } +} + static void pimv2_print(netdissect_options *ndo, - register const u_char *bp, register u_int len, u_int cksum) + register const u_char *bp, register u_int len, const u_char *bp2) { - register const u_char *ep; - register struct pim *pim = (struct pim *)bp; + register const struct pim *pim = (const struct pim *)bp; int advance; + enum checksum_status cksum_status; + int pimv2_addr_len; - ep = (const u_char *)ndo->ndo_snapend; - if (bp >= ep) - return; - if (ep > bp + len) - ep = bp + len; + if (len < 2) + goto trunc; ND_TCHECK(pim->pim_rsv); pimv2_addr_len = pim->pim_rsv; if (pimv2_addr_len != 0) ND_PRINT((ndo, ", RFC2117-encoding")); - ND_PRINT((ndo, ", cksum 0x%04x ", EXTRACT_16BITS(&pim->pim_cksum))); - if (EXTRACT_16BITS(&pim->pim_cksum) == 0) { + if (len < 4) + goto trunc; + ND_TCHECK(pim->pim_cksum); + ND_PRINT((ndo, ", cksum 0x%04x ", EXTRACT_BE_U_2(&pim->pim_cksum))); + if (EXTRACT_BE_U_2(&pim->pim_cksum) == 0) { ND_PRINT((ndo, "(unverified)")); } else { - ND_PRINT((ndo, "(%scorrect)", ND_TTEST2(bp[0], len) && cksum ? "in" : "" )); + if (PIM_TYPE(pim->pim_typever) == PIMV2_TYPE_REGISTER) { + /* + * The checksum only covers the packet header, + * not the encapsulated packet. + */ + cksum_status = pimv2_check_checksum(ndo, bp, bp2, 8); + if (cksum_status == INCORRECT) { + /* + * To quote RFC 4601, "For interoperability + * reasons, a message carrying a checksum + * calculated over the entire PIM Register + * message should also be accepted." + */ + cksum_status = pimv2_check_checksum(ndo, bp, bp2, len); + } + } else { + /* + * The checksum covers the entire packet. + */ + cksum_status = pimv2_check_checksum(ndo, bp, bp2, len); + } + switch (cksum_status) { + + case CORRECT: + ND_PRINT((ndo, "(correct)")); + break; + + case INCORRECT: + ND_PRINT((ndo, "(incorrect)")); + break; + + case UNVERIFIED: + ND_PRINT((ndo, "(unverified)")); + break; + } } + bp += 4; + len -= 4; switch (PIM_TYPE(pim->pim_typever)) { case PIMV2_TYPE_HELLO: { - u_int16_t otype, olen; - bp += 4; - while (bp < ep) { + uint16_t otype, olen; + while (len > 0) { + if (len < 4) + goto trunc; ND_TCHECK2(bp[0], 4); - otype = EXTRACT_16BITS(&bp[0]); - olen = EXTRACT_16BITS(&bp[2]); - ND_TCHECK2(bp[0], 4 + olen); + otype = EXTRACT_BE_U_2(bp); + olen = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, "\n\t %s Option (%u), length %u, Value: ", tok2str(pimv2_hello_option_values, "Unknown", otype), otype, olen)); bp += 4; + len -= 4; + if (len < olen) + goto trunc; + ND_TCHECK2(bp[0], olen); switch (otype) { case PIMV2_HELLO_OPTION_HOLDTIME: - relts_print(EXTRACT_16BITS(bp)); + if (olen != 2) { + ND_PRINT((ndo, "ERROR: Option Length != 2 Bytes (%u)", olen)); + } else { + unsigned_relts_print(ndo, + EXTRACT_BE_U_2(bp)); + } break; case PIMV2_HELLO_OPTION_LANPRUNEDELAY: @@ -665,9 +787,9 @@ pimv2_print(netdissect_options *ndo, ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); } else { char t_bit; - u_int16_t lan_delay, override_interval; - lan_delay = EXTRACT_16BITS(bp); - override_interval = EXTRACT_16BITS(bp+2); + uint16_t lan_delay, override_interval; + lan_delay = EXTRACT_BE_U_2(bp); + override_interval = EXTRACT_BE_U_2(bp + 2); t_bit = (lan_delay & 0x8000)? 1 : 0; lan_delay &= ~0x8000; ND_PRINT((ndo, "\n\t T-bit=%d, LAN delay %dms, Override interval %dms", @@ -682,7 +804,7 @@ pimv2_print(netdissect_options *ndo, ND_PRINT((ndo, "Bi-Directional Capability (Old)")); break; case 4: - ND_PRINT((ndo, "%u", EXTRACT_32BITS(bp))); + ND_PRINT((ndo, "%u", EXTRACT_BE_U_4(bp))); break; default: ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); @@ -691,17 +813,25 @@ pimv2_print(netdissect_options *ndo, break; case PIMV2_HELLO_OPTION_GENID: - ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(bp))); + if (olen != 4) { + ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); + } else { + ND_PRINT((ndo, "0x%08x", EXTRACT_BE_U_4(bp))); + } break; case PIMV2_HELLO_OPTION_REFRESH_CAP: - ND_PRINT((ndo, "v%d", *bp)); - if (*(bp+1) != 0) { - ND_PRINT((ndo, ", interval ")); - relts_print(*(bp+1)); - } - if (EXTRACT_16BITS(bp+2) != 0) { - ND_PRINT((ndo, " ?0x%04x?", EXTRACT_16BITS(bp+2))); + if (olen != 4) { + ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); + } else { + ND_PRINT((ndo, "v%d", *bp)); + if (*(bp+1) != 0) { + ND_PRINT((ndo, ", interval ")); + unsigned_relts_print(ndo, *(bp+1)); + } + if (EXTRACT_BE_U_2(bp + 2) != 0) { + ND_PRINT((ndo, " ?0x%04x?", EXTRACT_BE_U_2(bp + 2))); + } } break; @@ -712,16 +842,14 @@ pimv2_print(netdissect_options *ndo, case PIMV2_HELLO_OPTION_ADDRESS_LIST: if (ndo->ndo_vflag > 1) { const u_char *ptr = bp; + u_int plen = len; while (ptr < (bp+olen)) { - int advance; - ND_PRINT((ndo, "\n\t ")); - advance = pimv2_addr_print(ndo, ptr, pimv2_unicast, 0); - if (advance < 0) { - ND_PRINT((ndo, "...")); - break; - } + advance = pimv2_addr_print(ndo, ptr, plen, pimv2_unicast, pimv2_addr_len, 0); + if (advance < 0) + goto trunc; ptr += advance; + plen -= advance; } } break; @@ -734,40 +862,46 @@ pimv2_print(netdissect_options *ndo, if (ndo->ndo_vflag> 1) print_unknown_data(ndo, bp, "\n\t ", olen); bp += olen; + len -= olen; } break; } case PIMV2_TYPE_REGISTER: { - struct ip *ip; + const struct ip *ip; - if (!ND_TTEST2(*(bp+4), PIMV2_REGISTER_FLAG_LEN)) + if (len < 4) goto trunc; + ND_TCHECK2(*bp, PIMV2_REGISTER_FLAG_LEN); ND_PRINT((ndo, ", Flags [ %s ]\n\t", tok2str(pimv2_register_flag_values, "none", - EXTRACT_32BITS(bp+4)))); + EXTRACT_BE_U_4(bp)))); - bp += 8; len -= 8; + bp += 4; len -= 4; /* encapsulated multicast packet */ - ip = (struct ip *)bp; + if (len == 0) + goto trunc; + ip = (const struct ip *)bp; + ND_TCHECK(ip->ip_vhl); switch (IP_V(ip)) { case 0: /* Null header */ + ND_TCHECK(ip->ip_dst); ND_PRINT((ndo, "IP-Null-header %s > %s", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst))); + ipaddr_string(ndo, &ip->ip_src), + ipaddr_string(ndo, &ip->ip_dst))); break; case 4: /* IPv4 */ ip_print(ndo, bp, len); break; -#ifdef INET6 + case 6: /* IPv6 */ ip6_print(ndo, bp, len); break; -#endif + default: ND_PRINT((ndo, "IP ver %d", IP_V(ip))); break; @@ -776,22 +910,13 @@ pimv2_print(netdissect_options *ndo, } case PIMV2_TYPE_REGISTER_STOP: - bp += 4; len -= 4; - if (bp >= ep) - break; ND_PRINT((ndo, " group=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp >= ep) - break; ND_PRINT((ndo, " source=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; break; @@ -836,236 +961,220 @@ pimv2_print(netdissect_options *ndo, */ { - u_int8_t ngroup; - u_int16_t holdtime; - u_int16_t njoin; - u_int16_t nprune; + uint8_t ngroup; + uint16_t holdtime; + uint16_t njoin; + uint16_t nprune; int i, j; - bp += 4; len -= 4; if (PIM_TYPE(pim->pim_typever) != 7) { /*not for Graft-ACK*/ - if (bp >= ep) - break; ND_PRINT((ndo, ", upstream-neighbor: ")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; } - if (bp + 4 > ep) - break; + if (len < 4) + goto trunc; + ND_TCHECK2(*bp, 4); ngroup = bp[1]; - holdtime = EXTRACT_16BITS(&bp[2]); + holdtime = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, "\n\t %u group(s)", ngroup)); if (PIM_TYPE(pim->pim_typever) != 7) { /*not for Graft-ACK*/ ND_PRINT((ndo, ", holdtime: ")); if (holdtime == 0xffff) ND_PRINT((ndo, "infinite")); else - relts_print(holdtime); + unsigned_relts_print(ndo, holdtime); } bp += 4; len -= 4; for (i = 0; i < ngroup; i++) { - if (bp >= ep) - goto jp_done; ND_PRINT((ndo, "\n\t group #%u: ", i+1)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp + 4 > ep) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } - njoin = EXTRACT_16BITS(&bp[0]); - nprune = EXTRACT_16BITS(&bp[2]); + if (len < 4) + goto trunc; + ND_TCHECK2(*bp, 4); + njoin = EXTRACT_BE_U_2(bp); + nprune = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, ", joined sources: %u, pruned sources: %u", njoin, nprune)); bp += 4; len -= 4; for (j = 0; j < njoin; j++) { ND_PRINT((ndo, "\n\t joined source #%u: ", j+1)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_source, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; } for (j = 0; j < nprune; j++) { ND_PRINT((ndo, "\n\t pruned source #%u: ", j+1)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_source, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; } } - jp_done: break; } case PIMV2_TYPE_BOOTSTRAP: { int i, j, frpcnt; - bp += 4; /* Fragment Tag, Hash Mask len, and BSR-priority */ - if (bp + sizeof(u_int16_t) >= ep) break; - ND_PRINT((ndo, " tag=%x", EXTRACT_16BITS(bp))); - bp += sizeof(u_int16_t); - if (bp >= ep) break; + if (len < 2) + goto trunc; + ND_TCHECK_2(bp); + ND_PRINT((ndo, " tag=%x", EXTRACT_BE_U_2(bp))); + bp += 2; + len -= 2; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); ND_PRINT((ndo, " hashmlen=%d", bp[0])); - if (bp + 1 >= ep) break; + if (len < 2) + goto trunc; + ND_TCHECK(bp[2]); ND_PRINT((ndo, " BSRprio=%d", bp[1])); bp += 2; + len -= 2; /* Encoded-Unicast-BSR-Address */ - if (bp >= ep) break; ND_PRINT((ndo, " BSR=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; - for (i = 0; bp < ep; i++) { + for (i = 0; len > 0; i++) { /* Encoded-Group Address */ ND_PRINT((ndo, " (group%d: ", i)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) - < 0) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; /* RP-Count, Frag RP-Cnt, and rsvd */ - if (bp >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); ND_PRINT((ndo, " RPcnt=%d", bp[0])); - if (bp + 1 >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + if (len < 2) + goto trunc; + ND_TCHECK(bp[1]); ND_PRINT((ndo, " FRPcnt=%d", frpcnt = bp[1])); + if (len < 4) + goto trunc; bp += 4; + len -= 4; - for (j = 0; j < frpcnt && bp < ep; j++) { + for (j = 0; j < frpcnt && len > 0; j++) { /* each RP info */ ND_PRINT((ndo, " RP%d=", j)); - if ((advance = pimv2_addr_print(ndo, bp, + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, - 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + pimv2_addr_len, + 0)) < 0) + goto trunc; bp += advance; + len -= advance; - if (bp + 1 >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + if (len < 2) + goto trunc; + ND_TCHECK_2(bp); ND_PRINT((ndo, ",holdtime=")); - relts_print(EXTRACT_16BITS(bp)); - if (bp + 2 >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + unsigned_relts_print(ndo, + EXTRACT_BE_U_2(bp)); + if (len < 3) + goto trunc; + ND_TCHECK(bp[2]); ND_PRINT((ndo, ",prio=%d", bp[2])); + if (len < 4) + goto trunc; bp += 4; + len -= 4; } ND_PRINT((ndo, ")")); } - bs_done: break; } case PIMV2_TYPE_ASSERT: - bp += 4; len -= 4; - if (bp >= ep) - break; ND_PRINT((ndo, " group=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp >= ep) - break; ND_PRINT((ndo, " src=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp + 8 > ep) - break; + if (len < 8) + goto trunc; + ND_TCHECK2(*bp, 8); if (bp[0] & 0x80) ND_PRINT((ndo, " RPT")); - ND_PRINT((ndo, " pref=%u", EXTRACT_32BITS(&bp[0]) & 0x7fffffff)); - ND_PRINT((ndo, " metric=%u", EXTRACT_32BITS(&bp[4]))); + ND_PRINT((ndo, " pref=%u", EXTRACT_BE_U_4(bp) & 0x7fffffff)); + ND_PRINT((ndo, " metric=%u", EXTRACT_BE_U_4(bp + 4))); break; case PIMV2_TYPE_CANDIDATE_RP: { int i, pfxcnt; - bp += 4; /* Prefix-Cnt, Priority, and Holdtime */ - if (bp >= ep) break; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); ND_PRINT((ndo, " prefix-cnt=%d", bp[0])); pfxcnt = bp[0]; - if (bp + 1 >= ep) break; + if (len < 2) + goto trunc; + ND_TCHECK(bp[1]); ND_PRINT((ndo, " prio=%d", bp[1])); - if (bp + 3 >= ep) break; + if (len < 4) + goto trunc; + ND_TCHECK_2(&bp[2]); ND_PRINT((ndo, " holdtime=")); - relts_print(EXTRACT_16BITS(&bp[2])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 2)); bp += 4; + len -= 4; /* Encoded-Unicast-RP-Address */ - if (bp >= ep) break; ND_PRINT((ndo, " RP=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; /* Encoded-Group Addresses */ - for (i = 0; i < pfxcnt && bp < ep; i++) { + for (i = 0; i < pfxcnt && len > 0; i++) { ND_PRINT((ndo, " Group%d=", i)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) - < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; } break; } case PIMV2_TYPE_PRUNE_REFRESH: ND_PRINT((ndo, " src=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; ND_PRINT((ndo, " grp=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; ND_PRINT((ndo, " forwarder=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; - ND_TCHECK2(bp[0], 2); + len -= advance; + if (len < 2) + goto trunc; + ND_TCHECK_2(bp); ND_PRINT((ndo, " TUNR ")); - relts_print(EXTRACT_16BITS(bp)); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp)); break;