X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/6ec714988caac3bf9fedc766ae51a2248896ec80..refs/heads/master:/print-ip6.c diff --git a/print-ip6.c b/print-ip6.c index 72297aae..269b41fb 100644 --- a/print-ip6.c +++ b/print-ip6.c @@ -21,11 +21,9 @@ /* \summary: IPv6 printer */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +#include -#include +#include "netdissect-stdinc.h" #include @@ -44,7 +42,7 @@ * calculation. */ static void -ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, +ip6_finddst(netdissect_options *ndo, nd_ipv6 *dst, const struct ip6_hdr *ip6) { const u_char *cp; @@ -53,13 +51,14 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, const void *dst_addr; const struct ip6_rthdr *dp; const struct ip6_rthdr0 *dp0; - const struct in6_addr *addr; + const struct ip6_srh *srh; + const u_char *p; int i, len; cp = (const u_char *)ip6; advance = sizeof(struct ip6_hdr); - nh = EXTRACT_U_1(ip6->ip6_nxt); - dst_addr = (const void *)&ip6->ip6_dst; + nh = GET_U_1(ip6->ip6_nxt); + dst_addr = (const void *)ip6->ip6_dst; while (cp < ndo->ndo_snapend) { cp += advance; @@ -76,9 +75,8 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, * the header, in units of 8 octets, excluding * the first 8 octets. */ - ND_TCHECK_2(cp); - advance = (EXTRACT_U_1(cp + 1) + 1) << 3; - nh = EXTRACT_U_1(cp); + advance = (GET_U_1(cp + 1) + 1) << 3; + nh = GET_U_1(cp); break; case IPPROTO_FRAGMENT: @@ -87,9 +85,8 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, * marked as reserved, and the header is always * the same size. */ - ND_TCHECK_1(cp); advance = sizeof(struct ip6_frag); - nh = EXTRACT_U_1(cp); + nh = GET_U_1(cp); break; case IPPROTO_ROUTING: @@ -97,9 +94,9 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, * OK, we found it. */ dp = (const struct ip6_rthdr *)cp; - ND_TCHECK(*dp); - len = EXTRACT_U_1(dp->ip6r_len); - switch (EXTRACT_U_1(dp->ip6r_type)) { + ND_TCHECK_SIZE(dp); + len = GET_U_1(dp->ip6r_len); + switch (GET_U_1(dp->ip6r_type)) { case IPV6_RTHDR_TYPE_0: case IPV6_RTHDR_TYPE_2: /* Mobile IPv6 ID-20 */ @@ -107,15 +104,26 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, if (len % 2 == 1) goto trunc; len >>= 1; - addr = &dp0->ip6r0_addr[0]; + p = (const u_char *) dp0->ip6r0_addr; for (i = 0; i < len; i++) { - if ((const u_char *)(addr + 1) > ndo->ndo_snapend) - goto trunc; - - dst_addr = (const void *)addr; - addr++; + ND_TCHECK_16(p); + dst_addr = (const void *)p; + p += 16; } break; + case IPV6_RTHDR_TYPE_4: + /* IPv6 Segment Routing Header (SRH) */ + srh = (const struct ip6_srh *)dp; + if (len % 2 == 1) + goto trunc; + p = (const u_char *) srh->srh_segments; + /* + * The list of segments are encoded in the reverse order. + * Accordingly, the final DA is encoded in srh_segments[0] + */ + ND_TCHECK_16(p); + dst_addr = (const void *)p; + break; default: break; @@ -153,20 +161,20 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, done: trunc: - UNALIGNED_MEMCPY(dst, dst_addr, sizeof(struct in6_addr)); + GET_CPY_BYTES(dst, dst_addr, sizeof(nd_ipv6)); } /* * Compute a V6-style checksum by building a pseudoheader. */ -int +uint16_t nextproto6_cksum(netdissect_options *ndo, const struct ip6_hdr *ip6, const uint8_t *data, - u_int len, u_int covlen, u_int next_proto) + u_int len, u_int covlen, uint8_t next_proto) { struct { - struct in6_addr ph_src; - struct in6_addr ph_dst; + nd_ipv6 ph_src; + nd_ipv6 ph_dst; uint32_t ph_len; uint8_t ph_zero[3]; uint8_t ph_nxt; @@ -176,8 +184,8 @@ nextproto6_cksum(netdissect_options *ndo, /* pseudo-header */ memset(&ph, 0, sizeof(ph)); - UNALIGNED_MEMCPY(&ph.ph_src, &ip6->ip6_src, sizeof (struct in6_addr)); - nh = EXTRACT_U_1(ip6->ip6_nxt); + GET_CPY_BYTES(&ph.ph_src, ip6->ip6_src, sizeof(nd_ipv6)); + nh = GET_U_1(ip6->ip6_nxt); switch (nh) { case IPPROTO_HOPOPTS: @@ -195,7 +203,7 @@ nextproto6_cksum(netdissect_options *ndo, break; default: - UNALIGNED_MEMCPY(&ph.ph_dst, &ip6->ip6_dst, sizeof (struct in6_addr)); + GET_CPY_BYTES(&ph.ph_dst, ip6->ip6_dst, sizeof(nd_ipv6)); break; } ph.ph_len = htonl(len); @@ -218,212 +226,282 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) const struct ip6_hdr *ip6; int advance; u_int len; - const u_char *ipend; + u_int total_advance; const u_char *cp; - u_int payload_len; - u_int nh; + uint32_t payload_len; + uint8_t ph, nh; int fragmented = 0; u_int flow; + int found_extension_header; + int found_jumbo; + int found_hbh; + ndo->ndo_protocol = "ip6"; ip6 = (const struct ip6_hdr *)bp; - ND_TCHECK(*ip6); - if (length < sizeof (struct ip6_hdr)) { - ND_PRINT((ndo, "truncated-ip6 %u", length)); - return; + if (!ndo->ndo_eflag) { + nd_print_protocol_caps(ndo); + ND_PRINT(" "); } - if (!ndo->ndo_eflag) - ND_PRINT((ndo, "IP6 ")); + ND_ICHECK_ZU(length, <, sizeof (struct ip6_hdr)); + ND_ICHECKMSG_U("version", IP6_VERSION(ip6), !=, 6); - if (IP6_VERSION(ip6) != 6) { - ND_PRINT((ndo,"version error: %u != 6", IP6_VERSION(ip6))); - return; + payload_len = GET_BE_U_2(ip6->ip6_plen); + /* + * RFC 1883 says: + * + * The Payload Length field in the IPv6 header must be set to zero + * in every packet that carries the Jumbo Payload option. If a + * packet is received with a valid Jumbo Payload option present and + * a non-zero IPv6 Payload Length field, an ICMP Parameter Problem + * message, Code 0, should be sent to the packet's source, pointing + * to the Option Type field of the Jumbo Payload option. + * + * Later versions of the IPv6 spec don't discuss the Jumbo Payload + * option. + * + * If the payload length is 0, we temporarily just set the total + * length to the remaining data in the packet (which, for Ethernet, + * could include frame padding, but if it's a Jumbo Payload frame, + * it shouldn't even be sendable over Ethernet, so we don't worry + * about that), so we can process the extension headers in order + * to *find* a Jumbo Payload hop-by-hop option and, when we've + * processed all the extension headers, check whether we found + * a Jumbo Payload option, and fail if we haven't. + */ + if (payload_len != 0) { + len = payload_len + sizeof(struct ip6_hdr); + if (len > length) { + ND_PRINT("[header+payload length %u > length %u]", + len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } + } else + len = length + sizeof(struct ip6_hdr); + + ph = 255; + nh = GET_U_1(ip6->ip6_nxt); + if (ndo->ndo_vflag) { + flow = GET_BE_U_4(ip6->ip6_flow); + ND_PRINT("("); + /* RFC 2460 */ + if (flow & 0x0ff00000) + ND_PRINT("class 0x%02x, ", (flow & 0x0ff00000) >> 20); + if (flow & 0x000fffff) + ND_PRINT("flowlabel 0x%05x, ", flow & 0x000fffff); + + ND_PRINT("hlim %u, next-header %s (%u), payload length %u) ", + GET_U_1(ip6->ip6_hlim), + tok2str(ipproto_values,"unknown",nh), + nh, + payload_len); } - - payload_len = EXTRACT_BE_U_2(ip6->ip6_plen); - len = payload_len + sizeof(struct ip6_hdr); - if (length < len) - ND_PRINT((ndo, "truncated-ip6 - %u bytes missing!", - len - length)); - - nh = EXTRACT_U_1(ip6->ip6_nxt); - if (ndo->ndo_vflag) { - flow = EXTRACT_BE_U_4(ip6->ip6_flow); - ND_PRINT((ndo, "(")); -#if 0 - /* rfc1883 */ - if (flow & 0x0f000000) - ND_PRINT((ndo, "pri 0x%02x, ", (flow & 0x0f000000) >> 24)); - if (flow & 0x00ffffff) - ND_PRINT((ndo, "flowlabel 0x%06x, ", flow & 0x00ffffff)); -#else - /* RFC 2460 */ - if (flow & 0x0ff00000) - ND_PRINT((ndo, "class 0x%02x, ", (flow & 0x0ff00000) >> 20)); - if (flow & 0x000fffff) - ND_PRINT((ndo, "flowlabel 0x%05x, ", flow & 0x000fffff)); -#endif - - ND_PRINT((ndo, "hlim %u, next-header %s (%u) payload length: %u) ", - EXTRACT_U_1(ip6->ip6_hlim), - tok2str(ipproto_values,"unknown",nh), - nh, - payload_len)); - } + ND_TCHECK_SIZE(ip6); /* - * Cut off the snapshot length to the end of the IP payload. + * Cut off the snapshot length to the end of the IP payload + * or the end of the data in which it's contained, whichever + * comes first. */ - ipend = bp + len; - if (ipend < ndo->ndo_snapend) - ndo->ndo_snapend = ipend; + if (!nd_push_snaplen(ndo, bp, ND_MIN(length, len))) { + (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, + "%s: can't push snaplen on buffer stack", __func__); + } cp = (const u_char *)ip6; advance = sizeof(struct ip6_hdr); + total_advance = 0; + /* Process extension headers */ + found_extension_header = 0; + found_jumbo = 0; + found_hbh = 0; while (cp < ndo->ndo_snapend && advance > 0) { if (len < (u_int)advance) goto trunc; cp += advance; len -= advance; + total_advance += advance; if (cp == (const u_char *)(ip6 + 1) && nh != IPPROTO_TCP && nh != IPPROTO_UDP && nh != IPPROTO_DCCP && nh != IPPROTO_SCTP) { - ND_PRINT((ndo, "%s > %s: ", ip6addr_string(ndo, &ip6->ip6_src), - ip6addr_string(ndo, &ip6->ip6_dst))); + ND_PRINT("%s > %s: ", GET_IP6ADDR_STRING(ip6->ip6_src), + GET_IP6ADDR_STRING(ip6->ip6_dst)); } switch (nh) { + case IPPROTO_HOPOPTS: - advance = hbhopt_print(ndo, cp); - if (advance < 0) + /* + * The Hop-by-Hop Options header, when present, + * must immediately follow the IPv6 header (RFC 8200) + */ + if (found_hbh == 1) { + ND_PRINT("[The Hop-by-Hop Options header was already found]"); + nd_print_invalid(ndo); + return; + } + if (ph != 255) { + ND_PRINT("[The Hop-by-Hop Options header don't follow the IPv6 header]"); + nd_print_invalid(ndo); return; - nh = EXTRACT_U_1(cp); + } + advance = hbhopt_process(ndo, cp, &found_jumbo, &payload_len); + if (payload_len == 0 && found_jumbo == 0) { + ND_PRINT("[No valid Jumbo Payload Hop-by-Hop option found]"); + nd_print_invalid(ndo); + return; + } + if (advance < 0) { + nd_pop_packet_info(ndo); + return; + } + found_extension_header = 1; + found_hbh = 1; + nh = GET_U_1(cp); break; + case IPPROTO_DSTOPTS: - advance = dstopt_print(ndo, cp); - if (advance < 0) + advance = dstopt_process(ndo, cp); + if (advance < 0) { + nd_pop_packet_info(ndo); return; - nh = EXTRACT_U_1(cp); + } + found_extension_header = 1; + nh = GET_U_1(cp); break; + case IPPROTO_FRAGMENT: advance = frag6_print(ndo, cp, (const u_char *)ip6); - if (advance < 0 || ndo->ndo_snapend <= cp + advance) + if (advance < 0 || ndo->ndo_snapend <= cp + advance) { + nd_pop_packet_info(ndo); return; - nh = EXTRACT_U_1(cp); + } + found_extension_header = 1; + nh = GET_U_1(cp); fragmented = 1; break; case IPPROTO_MOBILITY_OLD: case IPPROTO_MOBILITY: /* - * XXX - we don't use "advance"; RFC 3775 says that + * RFC 3775 says that * the next header field in a mobility header * should be IPPROTO_NONE, but speaks of - * the possiblity of a future extension in + * the possibility of a future extension in * which payload can be piggybacked atop a * mobility header. */ advance = mobility_print(ndo, cp, (const u_char *)ip6); - if (advance < 0) + if (advance < 0) { + nd_pop_packet_info(ndo); return; - nh = EXTRACT_U_1(cp); + } + found_extension_header = 1; + nh = GET_U_1(cp); + nd_pop_packet_info(ndo); return; + case IPPROTO_ROUTING: ND_TCHECK_1(cp); advance = rt6_print(ndo, cp, (const u_char *)ip6); - if (advance < 0) + if (advance < 0) { + nd_pop_packet_info(ndo); return; - nh = EXTRACT_U_1(cp); - break; - case IPPROTO_SCTP: - sctp_print(ndo, cp, (const u_char *)ip6, len); - return; - case IPPROTO_DCCP: - dccp_print(ndo, cp, (const u_char *)ip6, len); - return; - case IPPROTO_TCP: - tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; - case IPPROTO_UDP: - udp_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; - case IPPROTO_ICMPV6: - icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; - case IPPROTO_AH: - advance = ah_print(ndo, cp); - if (advance < 0) - return; - nh = EXTRACT_U_1(cp); - break; - case IPPROTO_ESP: - { - u_int enh, padlen; - advance = esp_print(ndo, cp, len, (const u_char *)ip6, &enh, &padlen); - if (advance < 0) - return; - nh = enh & 0xff; - len -= padlen; + } + found_extension_header = 1; + nh = GET_U_1(cp); break; - } - case IPPROTO_IPCOMP: - { - ipcomp_print(ndo, cp); + + default: /* - * Either this has decompressed the payload and - * printed it, in which case there's nothing more - * to do, or it hasn't, in which case there's - * nothing more to do. + * Not an extension header; hand off to the + * IP protocol demuxer. */ - advance = -1; - break; - } - - case IPPROTO_PIM: - pim_print(ndo, cp, len, (const u_char *)ip6); - return; - - case IPPROTO_OSPF: - ospf6_print(ndo, cp, len); - return; - - case IPPROTO_IPV6: - ip6_print(ndo, cp, len); - return; - - case IPPROTO_IPV4: - ip_print(ndo, cp, len); - return; - - case IPPROTO_PGM: - pgm_print(ndo, cp, len, (const u_char *)ip6); - return; - - case IPPROTO_GRE: - gre_print(ndo, cp, len); - return; - - case IPPROTO_RSVP: - rsvp_print(ndo, cp, len); - return; - - case IPPROTO_EIGRP: - eigrp_print(ndo, cp, len); - return; - - case IPPROTO_NONE: - ND_PRINT((ndo, "no next header")); - return; + if (found_jumbo) { + /* + * We saw a Jumbo Payload option. + * Set the length to the payload length + * plus the IPv6 header length, and + * change the snapshot length accordingly. + * + * But make sure it's not shorter than + * the total number of bytes we've + * processed so far. + */ + len = payload_len + sizeof(struct ip6_hdr); + if (len < total_advance) + goto trunc; + if (len > length) { + ND_PRINT("[header+payload length %u > length %u]", + len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } + nd_change_snaplen(ndo, bp, len); + + /* + * Now subtract the length of the IPv6 + * header plus extension headers to get + * the payload length. + */ + len -= total_advance; + } else { + /* + * We didn't see a Jumbo Payload option; + * was the payload length zero? + */ + if (payload_len == 0) { + /* + * Yes. If we found an extension + * header, treat that as a truncated + * packet header, as there was + * no payload to contain an + * extension header. + */ + if (found_extension_header) + goto trunc; - default: - ND_PRINT((ndo, "ip-proto-%d %d", nh, len)); + /* + * OK, we didn't see any extension + * header, but that means we have + * no payload, so set the length + * to the IPv6 header length, + * and change the snapshot length + * accordingly. + */ + len = sizeof(struct ip6_hdr); + nd_change_snaplen(ndo, bp, len); + + /* + * Now subtract the length of + * the IPv6 header plus extension + * headers (there weren't any, so + * that's just the IPv6 header + * length) to get the payload length. + */ + len -= total_advance; + } + } + ip_demux_print(ndo, cp, len, 6, fragmented, + GET_U_1(ip6->ip6_hlim), nh, bp); + nd_pop_packet_info(ndo); return; } + ph = nh; + + /* ndo_protocol reassignment after xxx_print() calls */ + ndo->ndo_protocol = "ip6"; } + nd_pop_packet_info(ndo); return; trunc: - ND_PRINT((ndo, "[|ip6]")); + nd_print_trunc(ndo); + return; + +invalid: + nd_print_invalid(ndo); }