X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/60a835d80f4b6c12dbe2d38fe4ca2de16f3302dc..refs/pull/482/head:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index bd109ab9..2d5ac459 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -24,16 +24,15 @@ * complete IS-IS & CLNP support. */ -#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "ether.h" #include "nlpid.h" @@ -103,6 +102,7 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ #define ISIS_TLV_CHECKSUM 12 /* rfc3358 */ #define ISIS_TLV_CHECKSUM_MINLEN 2 +#define ISIS_TLV_POI 13 /* rfc6232 */ #define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */ #define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2 #define ISIS_TLV_EXT_IS_REACH 22 /* draft-ietf-isis-traffic-05 */ @@ -152,6 +152,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_LSP, "LSP entries"}, { ISIS_TLV_AUTH, "Authentication"}, { ISIS_TLV_CHECKSUM, "Checksum"}, + { ISIS_TLV_POI, "Purge Originator Identifier"}, { ISIS_TLV_LSP_BUFFERSIZE, "LSP Buffersize"}, { ISIS_TLV_EXT_IS_REACH, "Extended IS Reachability"}, { ISIS_TLV_IS_ALIAS_ID, "IS Alias ID"}, @@ -559,8 +560,8 @@ struct isis_tlv_ptp_adj { uint8_t neighbor_extd_local_circuit_id[4]; }; -static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, uint16_t checksum, - u_int checksum_offset, u_int length); +static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, int length); static int clnp_print(netdissect_options *, const uint8_t *, u_int); static void esis_print(netdissect_options *, const uint8_t *, u_int); static int isis_print(netdissect_options *, const uint8_t *, u_int); @@ -806,8 +807,8 @@ clnp_print(netdissect_options *ndo, if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, "%s%s > %s, %s, length %u", ndo->ndo_eflag ? "" : ", ", - isonsap_string(source_address, source_address_length), - isonsap_string(dest_address, dest_address_length), + isonsap_string(ndo, source_address, source_address_length), + isonsap_string(ndo, dest_address, dest_address_length), tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), length)); return (1); @@ -831,9 +832,9 @@ clnp_print(netdissect_options *ndo, ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - isonsap_string(source_address, source_address_length), + isonsap_string(ndo, source_address, source_address_length), dest_address_length, - isonsap_string(dest_address, dest_address_length))); + isonsap_string(ndo, dest_address, dest_address_length))); if (clnp_flags & CLNP_SEGMENT_PART) { clnp_segment_header = (const struct clnp_segment_header_t *) pptr; @@ -904,7 +905,7 @@ clnp_print(netdissect_options *ndo, ND_TCHECK2(*source_address, source_address_length); ND_PRINT((ndo, "\n\t NSAP address (length %u): %s", source_address_length, - isonsap_string(source_address, source_address_length))); + isonsap_string(ndo, source_address, source_address_length))); } tlen-=source_address_length+1; } @@ -1110,7 +1111,7 @@ esis_print(netdissect_options *ndo, dst = pptr; pptr += dstl; li -= dstl; - ND_PRINT((ndo, "\n\t %s", isonsap_string(dst, dstl))); + ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, dst, dstl))); ND_TCHECK(*pptr); if (li < 1) { @@ -1147,7 +1148,7 @@ esis_print(netdissect_options *ndo, if (netal == 0) ND_PRINT((ndo, "\n\t %s", etheraddr_string(ndo, snpa))); else - ND_PRINT((ndo, "\n\t %s", isonsap_string(neta, netal))); + ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, neta, netal))); break; } @@ -1180,7 +1181,7 @@ esis_print(netdissect_options *ndo, } ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, - isonsap_string(pptr, source_address_length))); + isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; source_address_number--; @@ -1202,7 +1203,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad ish/li")); return; } - ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length))); + ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; break; @@ -1341,7 +1342,7 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN)) goto trunctlv; - subtlv_spb_mcid = (struct isis_subtlv_spb_mcid *)tptr; + subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr; ND_PRINT((ndo, "\n\t MCID: ")); isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid)); @@ -1948,11 +1949,7 @@ isis_print_extd_ip_reach(netdissect_options *ndo, const uint8_t *tptr, const char *ident, uint16_t afi) { char ident_buffer[20]; -#ifdef INET6 uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ -#else - uint8_t prefix[sizeof(struct in_addr)]; /* shared copy buffer for IPv4 prefixes */ -#endif u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; if (!ND_TTEST2(*tptr, 4)) @@ -1973,7 +1970,6 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (0); } processed++; -#ifdef INET6 } else if (afi == AF_INET6) { if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */ return (0); @@ -1986,7 +1982,6 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (0); } processed+=2; -#endif } else return (0); /* somebody is fooling us */ @@ -2004,13 +1999,11 @@ isis_print_extd_ip_reach(netdissect_options *ndo, ident, ipaddr_string(ndo, prefix), bit_length)); -#ifdef INET6 - if (afi == AF_INET6) + else if (afi == AF_INET6) ND_PRINT((ndo, "%sIPv6 prefix: %s/%u", ident, ip6addr_string(ndo, prefix), bit_length)); -#endif ND_PRINT((ndo, ", Distribution: %s, Metric: %u", ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", @@ -2018,17 +2011,13 @@ isis_print_extd_ip_reach(netdissect_options *ndo, if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) ND_PRINT((ndo, ", sub-TLVs present")); -#ifdef INET6 - if (afi == AF_INET6) + else if (afi == AF_INET6) ND_PRINT((ndo, ", %s%s", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : "")); -#endif if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) -#ifdef INET6 || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) -#endif ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect @@ -2449,7 +2438,7 @@ isis_print(netdissect_options *ndo, tlv_type, tlv_len)); - if (tlv_len == 0) /* something is malformed */ + if (tlv_len == 0) /* something is invalid */ continue; /* now check if we have a decoder otherwise do a hexdump at the end*/ @@ -2461,7 +2450,7 @@ isis_print(netdissect_options *ndo, while (tmp && alen < tmp) { ND_PRINT((ndo, "\n\t Area address (length: %u): %s", alen, - isonsap_string(tptr, alen))); + isonsap_string(ndo, tptr, alen))); tptr += alen; tmp -= alen + 1; if (tmp==0) /* if this is the last area address do not attemt a boundary check */ @@ -2604,7 +2593,6 @@ isis_print(netdissect_options *ndo, } break; -#ifdef INET6 case ISIS_TLV_IP6_REACH: while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); @@ -2644,7 +2632,6 @@ isis_print(netdissect_options *ndo, tmp -= sizeof(struct in6_addr); } break; -#endif case ISIS_TLV_AUTH: if (!ND_TTEST2(*tptr, 1)) goto trunctlv; @@ -2669,7 +2656,7 @@ isis_print(netdissect_options *ndo, ND_PRINT((ndo, "%02x", *(tptr + i))); } if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1) - ND_PRINT((ndo, ", (malformed subTLV) ")); + ND_PRINT((ndo, ", (invalid subTLV) ")); #ifdef HAVE_LIBCRYPTO sigcheck = signature_verify(ndo, optr, length, @@ -2886,6 +2873,22 @@ isis_print(netdissect_options *ndo, osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr, length); break; + case ISIS_TLV_POI: + if (tlv_len >= SYSTEM_ID_LEN + 1) { + if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN + 1)) + goto trunctlv; + ND_PRINT((ndo, "\n\t Purge Originator System-ID: %s", + isis_print_id(tptr + 1, SYSTEM_ID_LEN))); + } + + if (tlv_len == 2 * SYSTEM_ID_LEN + 1) { + if (!ND_TTEST2(*tptr, 2 * SYSTEM_ID_LEN + 1)) + goto trunctlv; + ND_PRINT((ndo, "\n\t Received from System-ID: %s", + isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN))); + } + break; + case ISIS_TLV_MT_SUPPORTED: if (tmp < ISIS_TLV_MT_SUPPORTED_MINLEN) break; @@ -2899,7 +2902,7 @@ isis_print(netdissect_options *ndo, tptr+=mt_len; tmp-=mt_len; } else { - ND_PRINT((ndo, "\n\t malformed MT-ID")); + ND_PRINT((ndo, "\n\t invalid MT-ID")); break; } } @@ -3003,7 +3006,7 @@ isis_print(netdissect_options *ndo, if (!ND_TTEST2(*tptr, prefix_len / 2)) goto trunctlv; ND_PRINT((ndo, "\n\t\tAddress: %s/%u", - isonsap_string(tptr, prefix_len / 2), prefix_len * 4)); + isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4)); tptr+=prefix_len/2; tmp-=prefix_len/2; } @@ -3075,21 +3078,38 @@ isis_print(netdissect_options *ndo, } static void -osi_print_cksum(netdissect_options *ndo, - const uint8_t *pptr, uint16_t checksum, - u_int checksum_offset, u_int length) +osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, int length) { uint16_t calculated_checksum; - /* do not attempt to verify the checksum if it is zero */ - if (!checksum) { - ND_PRINT((ndo, "(unverified)")); + /* do not attempt to verify the checksum if it is zero, + * if the total length is nonsense, + * if the offset is nonsense, + * or the base pointer is not sane + */ + if (!checksum + || length < 0 + || checksum_offset < 0 + || length > ndo->ndo_snaplen + || checksum_offset > ndo->ndo_snaplen + || checksum_offset > length) { + ND_PRINT((ndo, " (unverified)")); } else { + const char *truncated = "trunc"; +#if 0 + printf("\nosi_print_cksum: %p %u %u %u\n", pptr, checksum_offset, length, ndo->ndo_snaplen); + ND_TCHECK2(pptr, checksum_offset+length); +#endif calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); if (checksum == calculated_checksum) { ND_PRINT((ndo, " (correct)")); } else { - ND_PRINT((ndo, " (incorrect should be 0x%04x)", calculated_checksum)); + truncated = "incorrect"; +#if 0 + trunc: +#endif + ND_PRINT((ndo, " (%s should be 0x%04x)", truncated, calculated_checksum)); } } }