X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/65ba981d2ea8aa42ff6ac4300fe192ed994f2ea9..a9a7c86c7875a38358a9ff1f2a35e93febf6f41e:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index 39c49bad..ea58d8a3 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -26,7 +26,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.157 2006-04-10 21:07:35 hannes Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.165 2008-08-16 13:38:15 hannes Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -46,6 +46,7 @@ static const char rcsid[] _U_ = #include "extract.h" #include "gmpls.h" #include "oui.h" +#include "signature.h" /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. @@ -481,7 +482,7 @@ static struct tok isis_lsp_istype_values[] = { { ISIS_LSP_TYPE_UNUSED0, "Unused 0x0 (invalid)"}, { ISIS_LSP_TYPE_LEVEL_1, "L1 IS"}, { ISIS_LSP_TYPE_UNUSED2, "Unused 0x2 (invalid)"}, - { ISIS_LSP_TYPE_LEVEL_2, "L1L2 IS"}, + { ISIS_LSP_TYPE_LEVEL_2, "L2 IS"}, { 0, NULL } }; @@ -508,7 +509,8 @@ struct isis_tlv_ptp_adj { u_int8_t neighbor_extd_local_circuit_id[4]; }; -static int osi_cksum(const u_int8_t *, u_int); +static void osi_print_cksum(const u_int8_t *pptr, u_int16_t checksum, + u_int checksum_offset, u_int length); static int clnp_print(const u_int8_t *, u_int); static void esis_print(const u_int8_t *, u_int); static int isis_print(const u_int8_t *, u_int); @@ -771,7 +773,7 @@ static int clnp_print (const u_int8_t *pptr, u_int length) } printf("%slength %u",eflag ? "" : ", ",length); - printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x ", + printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x", tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type), clnp_header->length_indicator, clnp_header->version, @@ -780,10 +782,8 @@ static int clnp_print (const u_int8_t *pptr, u_int length) EXTRACT_16BITS(clnp_header->segment_length), EXTRACT_16BITS(clnp_header->cksum)); - /* do not attempt to verify the checksum if it is zero */ - if (EXTRACT_16BITS(clnp_header->cksum) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, clnp_header->length_indicator) ? "incorrect" : "correct"); + osi_print_cksum(optr, EXTRACT_16BITS(clnp_header->cksum), 7, + clnp_header->length_indicator); printf("\n\tFlags [%s]", bittok2str(clnp_flag_values,"none",clnp_flags)); @@ -1037,12 +1037,9 @@ esis_print(const u_int8_t *pptr, u_int length) esis_pdu_type); printf(", v: %u%s", esis_header->version, esis_header->version == ESIS_VERSION ? "" : "unsupported" ); - printf(", checksum: 0x%04x ", EXTRACT_16BITS(esis_header->cksum)); - /* do not attempt to verify the checksum if it is zero */ - if (EXTRACT_16BITS(esis_header->cksum) == 0) - printf("(unverified)"); - else - printf("(%s)", osi_cksum(pptr, li) ? "incorrect" : "correct"); + printf(", checksum: 0x%04x", EXTRACT_16BITS(esis_header->cksum)); + + osi_print_cksum(pptr, EXTRACT_16BITS(esis_header->cksum), 7, li); printf(", holding time: %us, length indicator: %u",EXTRACT_16BITS(esis_header->holdtime),li); @@ -1496,7 +1493,7 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,u_int subt,u_int subl,const cha bittok2str(isis_subtlv_link_attribute_values, "Unknown", EXTRACT_16BITS(tptr)), - EXTRACT_16BITS(tptr); + EXTRACT_16BITS(tptr)); } break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: @@ -1726,8 +1723,11 @@ isis_print_extd_ip_reach (const u_int8_t *tptr, const char *ident, u_int16_t afi ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""); #endif - if ((ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte) && afi == AF_INET) || - (ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) && afi == AF_INET6)) { + if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) +#ifdef INET6 + || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) +#endif + ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect the aggregate bytecount of the subTLVs for this prefix @@ -1765,7 +1765,7 @@ static int isis_print (const u_int8_t *p, u_int length) const struct isis_iih_lan_header *header_iih_lan; const struct isis_iih_ptp_header *header_iih_ptp; - const struct isis_lsp_header *header_lsp; + struct isis_lsp_header *header_lsp; const struct isis_csnp_header *header_csnp; const struct isis_psnp_header *header_psnp; @@ -1779,16 +1779,18 @@ static int isis_print (const u_int8_t *p, u_int length) const u_int8_t *optr, *pptr, *tptr; u_short packet_len,pdu_len; u_int i,vendor_id; + int sigcheck; packet_len=length; optr = p; /* initialize the _o_riginal pointer to the packet start - - need it for parsing the checksum TLV */ + need it for parsing the checksum TLV and authentication + TLV verification */ isis_header = (const struct isis_common_header *)p; TCHECK(*isis_header); pptr = p+(ISIS_COMMON_HEADER_SIZE); header_iih_lan = (const struct isis_iih_lan_header *)pptr; header_iih_ptp = (const struct isis_iih_ptp_header *)pptr; - header_lsp = (const struct isis_lsp_header *)pptr; + header_lsp = (struct isis_lsp_header *)pptr; header_csnp = (const struct isis_csnp_header *)pptr; header_psnp = (const struct isis_psnp_header *)pptr; @@ -2010,15 +2012,18 @@ static int isis_print (const u_int8_t *p, u_int length) EXTRACT_16BITS(header_lsp->remaining_lifetime), EXTRACT_16BITS(header_lsp->checksum)); - /* if this is a purge do not attempt to verify the checksum */ - if ( EXTRACT_16BITS(header_lsp->remaining_lifetime) == 0 && - EXTRACT_16BITS(header_lsp->checksum) == 0) - printf(" (purged)"); - else - /* verify the checksum - - * checking starts at the lsp-id field at byte position [12] - * hence the length needs to be reduced by 12 bytes */ - printf(" (%s)", (osi_cksum((u_int8_t *)header_lsp->lsp_id, length-12)) ? "incorrect" : "correct"); + + osi_print_cksum((u_int8_t *)header_lsp->lsp_id, + EXTRACT_16BITS(header_lsp->checksum), 12, length-12); + + /* + * Clear checksum and lifetime prior to signature verification. + */ + header_lsp->checksum[0] = 0; + header_lsp->checksum[1] = 0; + header_lsp->remaining_lifetime[0] = 0; + header_lsp->remaining_lifetime[1] = 0; + printf(", PDU length: %u, Flags: [ %s", pdu_len, @@ -2141,7 +2146,7 @@ static int isis_print (const u_int8_t *p, u_int length) tlv_len); if (tlv_len == 0) /* something is malformed */ - break; + continue; /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { @@ -2195,13 +2200,12 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IS_REACH: + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) /* did something go wrong ? */ + goto trunctlv; + tptr+=mt_len; + tmp-=mt_len; while (tmp >= 2+NODE_ID_LEN+3+1) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; - ext_is_len = isis_print_ext_is_reach(tptr,"\n\t ",tlv_type); if (ext_is_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -2280,13 +2284,14 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IP_REACH: - while (tmp>0) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunctlv; + } + tptr+=mt_len; + tmp-=mt_len; + while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -2307,13 +2312,14 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IP6_REACH: - while (tmp>0) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunctlv; + } + tptr+=mt_len; + tmp-=mt_len; + while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET6); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -2360,6 +2366,15 @@ static int isis_print (const u_int8_t *p, u_int length) } if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1) printf(", (malformed subTLV) "); + +#ifdef HAVE_LIBCRYPTO + sigcheck = signature_verify(optr, length, + (unsigned char *)tptr + 1); +#else + sigcheck = CANT_CHECK_SIGNATURE; +#endif + printf(" (%s)", tok2str(signature_check_values, "Unknown", sigcheck)); + break; case ISIS_SUBTLV_AUTH_PRIVATE: default: @@ -2519,9 +2534,7 @@ static int isis_print (const u_int8_t *p, u_int length) * to avoid conflicts the checksum TLV is zeroed. * see rfc3358 for details */ - if (EXTRACT_16BITS(tptr) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, length) ? "incorrect" : "correct"); + osi_print_cksum(optr, EXTRACT_16BITS(tptr), tptr-optr, length); break; case ISIS_TLV_MT_SUPPORTED: @@ -2713,25 +2726,25 @@ static int isis_print (const u_int8_t *p, u_int length) return(1); } -/* - * Verify the checksum. See 8473-1, Appendix C, section C.4. - */ - -static int -osi_cksum(const u_int8_t *tptr, u_int len) +static void +osi_print_cksum (const u_int8_t *pptr, u_int16_t checksum, + u_int checksum_offset, u_int length) { - int32_t c0 = 0, c1 = 0; + u_int16_t calculated_checksum; - while ((int)--len >= 0) { - c0 += *tptr++; - c0 %= 255; - c1 += c0; - c1 %= 255; - } - return (c0 | c1); + /* do not attempt to verify the checksum if it is zero */ + if (!checksum) { + printf("(unverified)"); + } else { + calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); + if (checksum == calculated_checksum) { + printf(" (correct)"); + } else { + printf(" (incorrect should be 0x%04x)", calculated_checksum); + } + } } - /* * Local Variables: * c-style: whitesmith