X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/99c91c3aec40b691641374f58e798bd8d6b657bd..10ac80fdecfa9b9b7d259d8f50d0b72ef1b18f12:/print-openflow-1.0.c diff --git a/print-openflow-1.0.c b/print-openflow-1.0.c index bc7fa42b..99b0d1de 100644 --- a/print-openflow-1.0.c +++ b/print-openflow-1.0.c @@ -6,17 +6,18 @@ * up bogus values of selected message fields and decodes partially captured * messages up to the snapshot end. It is based on the specification below: * - * [OF10] http://www.openflow.org/documents/openflow-spec-v1.0.0.pdf + * [OF10] https://www.opennetworking.org/wp-content/uploads/2013/04/openflow-spec-v1.0.0.pdf * - * Most functions in this file take 3 arguments into account: + * Most functions in this file take the following arguments: * * cp -- the pointer to the first octet to decode - * * len -- the length of the current structure as declared on the wire - * * ep -- the pointer to the end of the captured frame - * They return either the pointer to the next not-yet-decoded part of the frame - * or the value of ep, which means the current frame processing is over as it - * has been fully decoded or is invalid or truncated. This way it is possible - * to chain and nest such functions uniformly to decode an OF1.0 message, which - * consists of several layers of nested structures. + * * len -- the declared length of the structure to decode + * The convention is that a printer function returns iff the given structure is + * completely within the packet buffer; otherwise it processes the part that is + * within the buffer, sooner of later takes the "truncated packet" shortcut via + * longjmp() and never returns. With that in mind, the function may return + * without printing the structure completely if it is invalid or the ndo_vflag + * value is not high enough. This way the calling function can try to decode + * the next data item. * * Decoding of Ethernet frames nested in OFPT_PACKET_IN and OFPT_PACKET_OUT * messages is done only when the verbosity level set by command-line argument @@ -56,23 +57,23 @@ * POSSIBILITY OF SUCH DAMAGE. */ +/* \summary: OpenFlow protocol version 1.0 printer */ + #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include +#include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" #include "addrtoname.h" -#include "ether.h" #include "ethertype.h" #include "ipproto.h" #include "oui.h" #include "openflow.h" -static const char tstr[] = " [|openflow]"; -static const char istr[] = " (invalid)"; #define OFPT_HELLO 0x00 #define OFPT_ERROR 0x01 @@ -122,13 +123,13 @@ static const struct tok ofpt_str[] = { { 0, NULL } }; -#define OFPPC_PORT_DOWN (1 << 0) -#define OFPPC_NO_STP (1 << 1) -#define OFPPC_NO_RECV (1 << 2) -#define OFPPC_NO_RECV_STP (1 << 3) -#define OFPPC_NO_FLOOD (1 << 4) -#define OFPPC_NO_FWD (1 << 5) -#define OFPPC_NO_PACKET_IN (1 << 6) +#define OFPPC_PORT_DOWN (1U <<0) +#define OFPPC_NO_STP (1U <<1) +#define OFPPC_NO_RECV (1U <<2) +#define OFPPC_NO_RECV_STP (1U <<3) +#define OFPPC_NO_FLOOD (1U <<4) +#define OFPPC_NO_FWD (1U <<5) +#define OFPPC_NO_PACKET_IN (1U <<6) static const struct tok ofppc_bm[] = { { OFPPC_PORT_DOWN, "PORT_DOWN" }, { OFPPC_NO_STP, "NO_STP" }, @@ -143,14 +144,18 @@ static const struct tok ofppc_bm[] = { OFPPC_NO_RECV_STP | OFPPC_NO_FLOOD | OFPPC_NO_FWD | \ OFPPC_NO_PACKET_IN)) -#define OFPPS_LINK_DOWN (1 << 0) -#define OFPPS_STP_LISTEN (0 << 8) -#define OFPPS_STP_LEARN (1 << 8) -#define OFPPS_STP_FORWARD (2 << 8) -#define OFPPS_STP_BLOCK (3 << 8) -#define OFPPS_STP_MASK (3 << 8) -static const struct tok ofpps_bm[] = { - { OFPPS_LINK_DOWN, "LINK_DOWN" }, +/* + * [OF10] lists all FPPS_ constants in one enum, but they mean a 1-bit bitmap + * in the least significant octet and a 2-bit code point in the next octet. + * Remember to mix or to separate these two parts as the context requires. + */ +#define OFPPS_LINK_DOWN (1U << 0) /* bitmap */ +#define OFPPS_STP_LISTEN (0U << 8) /* code point */ +#define OFPPS_STP_LEARN (1U << 8) /* code point */ +#define OFPPS_STP_FORWARD (2U << 8) /* code point */ +#define OFPPS_STP_BLOCK (3U << 8) /* code point */ +#define OFPPS_STP_MASK (3U << 8) /* code point bitmask */ +static const struct tok ofpps_stp_str[] = { { OFPPS_STP_LISTEN, "STP_LISTEN" }, { OFPPS_STP_LEARN, "STP_LEARN" }, { OFPPS_STP_FORWARD, "STP_FORWARD" }, @@ -160,15 +165,15 @@ static const struct tok ofpps_bm[] = { #define OFPPS_U (~(OFPPS_LINK_DOWN | OFPPS_STP_LISTEN | OFPPS_STP_LEARN | \ OFPPS_STP_FORWARD | OFPPS_STP_BLOCK)) -#define OFPP_MAX 0xff00 -#define OFPP_IN_PORT 0xfff8 -#define OFPP_TABLE 0xfff9 -#define OFPP_NORMAL 0xfffa -#define OFPP_FLOOD 0xfffb -#define OFPP_ALL 0xfffc -#define OFPP_CONTROLLER 0xfffd -#define OFPP_LOCAL 0xfffe -#define OFPP_NONE 0xffff +#define OFPP_MAX 0xff00U +#define OFPP_IN_PORT 0xfff8U +#define OFPP_TABLE 0xfff9U +#define OFPP_NORMAL 0xfffaU +#define OFPP_FLOOD 0xfffbU +#define OFPP_ALL 0xfffcU +#define OFPP_CONTROLLER 0xfffdU +#define OFPP_LOCAL 0xfffeU +#define OFPP_NONE 0xffffU static const struct tok ofpp_str[] = { { OFPP_MAX, "MAX" }, { OFPP_IN_PORT, "IN_PORT" }, @@ -182,18 +187,18 @@ static const struct tok ofpp_str[] = { { 0, NULL } }; -#define OFPPF_10MB_HD (1 << 0) -#define OFPPF_10MB_FD (1 << 1) -#define OFPPF_100MB_HD (1 << 2) -#define OFPPF_100MB_FD (1 << 3) -#define OFPPF_1GB_HD (1 << 4) -#define OFPPF_1GB_FD (1 << 5) -#define OFPPF_10GB_FD (1 << 6) -#define OFPPF_COPPER (1 << 7) -#define OFPPF_FIBER (1 << 8) -#define OFPPF_AUTONEG (1 << 9) -#define OFPPF_PAUSE (1 << 10) -#define OFPPF_PAUSE_ASYM (1 << 11) +#define OFPPF_10MB_HD (1U << 0) +#define OFPPF_10MB_FD (1U << 1) +#define OFPPF_100MB_HD (1U << 2) +#define OFPPF_100MB_FD (1U << 3) +#define OFPPF_1GB_HD (1U << 4) +#define OFPPF_1GB_FD (1U << 5) +#define OFPPF_10GB_FD (1U << 6) +#define OFPPF_COPPER (1U << 7) +#define OFPPF_FIBER (1U << 8) +#define OFPPF_AUTONEG (1U << 9) +#define OFPPF_PAUSE (1U <<10) +#define OFPPF_PAUSE_ASYM (1U <<11) static const struct tok ofppf_bm[] = { { OFPPF_10MB_HD, "10MB_HD" }, { OFPPF_10MB_FD, "10MB_FD" }, @@ -222,23 +227,23 @@ static const struct tok ofpqt_str[] = { { 0, NULL } }; -#define OFPFW_IN_PORT (1 << 0) -#define OFPFW_DL_VLAN (1 << 1) -#define OFPFW_DL_SRC (1 << 2) -#define OFPFW_DL_DST (1 << 3) -#define OFPFW_DL_TYPE (1 << 4) -#define OFPFW_NW_PROTO (1 << 5) -#define OFPFW_TP_SRC (1 << 6) -#define OFPFW_TP_DST (1 << 7) +#define OFPFW_IN_PORT (1U <<0) +#define OFPFW_DL_VLAN (1U <<1) +#define OFPFW_DL_SRC (1U <<2) +#define OFPFW_DL_DST (1U <<3) +#define OFPFW_DL_TYPE (1U <<4) +#define OFPFW_NW_PROTO (1U <<5) +#define OFPFW_TP_SRC (1U <<6) +#define OFPFW_TP_DST (1U <<7) #define OFPFW_NW_SRC_SHIFT 8 #define OFPFW_NW_SRC_BITS 6 -#define OFPFW_NW_SRC_MASK (((1 << OFPFW_NW_SRC_BITS) - 1) << OFPFW_NW_SRC_SHIFT) +#define OFPFW_NW_SRC_MASK (((1U < 0 && vid < 0x0fff) ? "%u" : "%u (bogus)"; - snprintf(buf, sizeof(buf), fmt, vid); + snprintf(buf, sizeof(buf), "%u%s", vid, + (vid > 0 && vid < 0x0fff) ? "" : " (bogus)"); return buf; } @@ -711,60 +717,23 @@ static const char * pcp_str(const uint8_t pcp) { static char buf[sizeof("255 (bogus)")]; - snprintf(buf, sizeof(buf), pcp <= 7 ? "%u" : "%u (bogus)", pcp); + snprintf(buf, sizeof(buf), "%u%s", pcp, + pcp <= 7 ? "" : " (bogus)"); return buf; } static void -of10_bitmap_print(netdissect_options *ndo, - const struct tok *t, const uint32_t v, const uint32_t u) -{ - const char *sep = " ("; - - if (v == 0) - return; - /* assigned bits */ - for (; t->s != NULL; t++) - if (v & t->v) { - ND_PRINT((ndo, "%s%s", sep, t->s)); - sep = ", "; - } - /* unassigned bits? */ - ND_PRINT((ndo, v & u ? ") (bogus)" : ")")); -} - -static const u_char * -of10_data_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) -{ - if (len == 0) - return cp; - /* data */ - ND_PRINT((ndo, "\n\t data (%u octets)", len)); - ND_TCHECK2(*cp, len); - if (ndo->ndo_vflag >= 2) - hex_and_ascii_print(ndo, "\n\t ", cp, len); - return cp + len; - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; -} - -static const u_char * of10_bsn_message_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; uint32_t subtype; if (len < 4) goto invalid; /* subtype */ - ND_TCHECK2(*cp, 4); - subtype = EXTRACT_32BITS(cp); - cp += 4; - ND_PRINT((ndo, "\n\t subtype %s", tok2str(bsn_subtype_str, "unknown (0x%08x)", subtype))); + subtype = GET_BE_U_4(cp); + OF_FWD(4); + ND_PRINT("\n\t subtype %s", tok2str(bsn_subtype_str, "unknown (0x%08x)", subtype)); switch (subtype) { case BSN_GET_IP_MASK_REQUEST: /* @@ -779,15 +748,14 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 12) + if (len != 8) goto invalid; /* index */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", index %u", *cp)); - cp += 1; + ND_PRINT(", index %u", GET_U_1(cp)); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 7); - cp += 7; + /* Always the last field, check bounds. */ + ND_TCHECK_7(cp); break; case BSN_SET_IP_MASK: case BSN_GET_IP_MASK_REPLY: @@ -803,19 +771,15 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 12) + if (len != 8) goto invalid; /* index */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", index %u", *cp)); - cp += 1; + ND_PRINT(", index %u", GET_U_1(cp)); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + OF_FWD(3); /* mask */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", mask %s", ipaddr_string(ndo, cp))); - cp += 4; + ND_PRINT(", mask %s", GET_IPADDR_STRING(cp)); break; case BSN_SET_MIRRORING: case BSN_GET_MIRRORING_REQUEST: @@ -830,15 +794,15 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 8) + if (len != 4) goto invalid; /* report_mirror_ports */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", report_mirror_ports %s", tok2str(bsn_onoff_str, "bogus (%u)", *cp))); - cp += 1; + ND_PRINT(", report_mirror_ports %s", + tok2str(bsn_onoff_str, "bogus (%u)", GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + /* Always the last field, check bounds. */ + ND_TCHECK_3(cp); break; case BSN_GET_INTERFACES_REQUEST: case BSN_GET_L2_TABLE_REQUEST: @@ -853,7 +817,7 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 4) + if (len) goto invalid; break; case BSN_VIRTUAL_PORT_REMOVE_REQUEST: @@ -867,12 +831,10 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 8) + if (len != 4) goto invalid; /* vport_no */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", vport_no %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", vport_no %u", GET_BE_U_4(cp)); break; case BSN_SHELL_COMMAND: /* @@ -887,20 +849,15 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+-------- * */ - if (len < 8) + if (len < 4) goto invalid; /* service */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", service %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", service %u", GET_BE_U_4(cp)); + OF_FWD(4); /* data */ - ND_PRINT((ndo, ", data '")); - if (fn_printn(ndo, cp, len - 8, ep)) { - ND_PRINT((ndo, "'")); - goto trunc; - } - ND_PRINT((ndo, "'")); - cp += len - 8; + ND_PRINT(", data '"); + nd_printn(ndo, cp, len, NULL); + ND_PRINT("'"); break; case BSN_SHELL_OUTPUT: /* @@ -915,13 +872,9 @@ of10_bsn_message_print(netdissect_options *ndo, */ /* already checked that len >= 4 */ /* data */ - ND_PRINT((ndo, ", data '")); - if (fn_printn(ndo, cp, len - 4, ep)) { - ND_PRINT((ndo, "'")); - goto trunc; - } - ND_PRINT((ndo, "'")); - cp += len - 4; + ND_PRINT(", data '"); + nd_printn(ndo, cp, len, NULL); + ND_PRINT("'"); break; case BSN_SHELL_STATUS: /* @@ -934,42 +887,33 @@ of10_bsn_message_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 8) + if (len != 4) goto invalid; /* status */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", status 0x%08x", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", status 0x%08x", GET_BE_U_4(cp)); break; default: - ND_TCHECK2(*cp, len - 4); - cp += len - 4; + ND_TCHECK_LEN(cp, len); } - return cp; + return; invalid: /* skip the undersized data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len); - return cp0 + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } -static const u_char * +static void of10_bsn_actions_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; uint32_t subtype, vlan_tag; if (len < 4) goto invalid; /* subtype */ - ND_TCHECK2(*cp, 4); - subtype = EXTRACT_32BITS(cp); - cp += 4; - ND_PRINT((ndo, "\n\t subtype %s", tok2str(bsn_action_subtype_str, "unknown (0x%08x)", subtype))); + subtype = GET_BE_U_4(cp); + OF_FWD(4); + ND_PRINT("\n\t subtype %s", tok2str(bsn_action_subtype_str, "unknown (0x%08x)", subtype)); switch (subtype) { case BSN_ACTION_MIRROR: /* @@ -986,489 +930,408 @@ of10_bsn_actions_print(netdissect_options *ndo, * +---------------+---------------+---------------+---------------+ * */ - if (len != 16) + if (len != 12) goto invalid; /* dest_port */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", dest_port %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", dest_port %u", GET_BE_U_4(cp)); + OF_FWD(4); /* vlan_tag */ - ND_TCHECK2(*cp, 4); - vlan_tag = EXTRACT_32BITS(cp); - cp += 4; + vlan_tag = GET_BE_U_4(cp); + OF_FWD(4); switch (vlan_tag >> 16) { case 0: - ND_PRINT((ndo, ", vlan_tag none")); + ND_PRINT(", vlan_tag none"); break; case ETHERTYPE_8021Q: - ND_PRINT((ndo, ", vlan_tag 802.1Q (%s)", ieee8021q_tci_string(vlan_tag & 0xffff))); + ND_PRINT(", vlan_tag 802.1Q (%s)", ieee8021q_tci_string(vlan_tag & 0xffff)); break; default: - ND_PRINT((ndo, ", vlan_tag unknown (0x%04x)", vlan_tag >> 16)); + ND_PRINT(", vlan_tag unknown (0x%04x)", vlan_tag >> 16); } /* copy_stage */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", copy_stage %s", tok2str(bsn_mirror_copy_stage_str, "unknown (%u)", *cp))); - cp += 1; + ND_PRINT(", copy_stage %s", + tok2str(bsn_mirror_copy_stage_str, "unknown (%u)", GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + /* Always the last field, check bounds. */ + ND_TCHECK_3(cp); break; default: - ND_TCHECK2(*cp, len - 4); - cp += len - 4; + ND_TCHECK_LEN(cp, len); } - - return cp; + return; invalid: - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len); - return cp0 + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } -static const u_char * +static void of10_vendor_action_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { uint32_t vendor; - const u_char *(*decoder)(netdissect_options *, const u_char *, const u_char *, const u_int); + void (*decoder)(netdissect_options *, const u_char *, u_int); if (len < 4) goto invalid; /* vendor */ - ND_TCHECK2(*cp, 4); - vendor = EXTRACT_32BITS(cp); - cp += 4; - ND_PRINT((ndo, ", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor))); + vendor = GET_BE_U_4(cp); + OF_FWD(4); + ND_PRINT(", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor)); /* data */ decoder = vendor == OUI_BSN ? of10_bsn_actions_print : - of10_data_print; - return decoder(ndo, cp, ep, len - 4); + of_data_print; + decoder(ndo, cp, len); + return; invalid: /* skip the undersized data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp, len); - return cp + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } -static const u_char * +/* [OF10] Section 5.5.4 */ +static void of10_vendor_message_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { uint32_t vendor; - const u_char *(*decoder)(netdissect_options *, const u_char *, const u_char *, u_int); + void (*decoder)(netdissect_options *, const u_char *, u_int); - if (len < 4) - goto invalid; /* vendor */ - ND_TCHECK2(*cp, 4); - vendor = EXTRACT_32BITS(cp); - cp += 4; - ND_PRINT((ndo, ", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor))); + vendor = GET_BE_U_4(cp); + OF_FWD(4); + ND_PRINT(", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor)); /* data */ decoder = vendor == OUI_BSN ? of10_bsn_message_print : - of10_data_print; - return decoder(ndo, cp, ep, len - 4); - -invalid: /* skip the undersized data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp, len); - return cp + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + of_data_print; + decoder(ndo, cp, len); } /* Vendor ID is mandatory, data is optional. */ -static const u_char * +static void of10_vendor_data_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { uint32_t vendor; if (len < 4) goto invalid; /* vendor */ - ND_TCHECK2(*cp, 4); - vendor = EXTRACT_32BITS(cp); - cp += 4; - ND_PRINT((ndo, ", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor))); + vendor = GET_BE_U_4(cp); + OF_FWD(4); + ND_PRINT(", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor)); /* data */ - return of10_data_print(ndo, cp, ep, len - 4); + of_data_print(ndo, cp, len); + return; invalid: /* skip the undersized data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp, len); - return cp + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } -static const u_char * +static void of10_packet_data_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, const u_int len) { if (len == 0) - return cp; + return; /* data */ - ND_PRINT((ndo, "\n\t data (%u octets)", len)); - if (ndo->ndo_vflag < 3) - return cp + len; - ND_TCHECK2(*cp, len); + ND_PRINT("\n\t data (%u octets)", len); + if (ndo->ndo_vflag < 3) { + ND_TCHECK_LEN(cp, len); + return; + } ndo->ndo_vflag -= 3; - ND_PRINT((ndo, ", frame decoding below\n")); - ether_print(ndo, cp, len, ndo->ndo_snapend - cp, NULL, NULL); + ND_PRINT(", frame decoding below\n"); + ether_print(ndo, cp, len, ND_BYTES_AVAILABLE_AFTER(cp), NULL, NULL); ndo->ndo_vflag += 3; - return cp + len; - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; } /* [OF10] Section 5.2.1 */ -static const u_char * -of10_phy_ports_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) +static void +of10_phy_port_print(netdissect_options *ndo, + const u_char *cp) { - const u_char *cp0 = cp; - const u_int len0 = len; + uint32_t state; - while (len) { - if (len < OF_PHY_PORT_LEN) - goto invalid; - /* port_no */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; - /* hw_addr */ - ND_TCHECK2(*cp, ETHER_ADDR_LEN); - ND_PRINT((ndo, ", hw_addr %s", etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; - /* name */ - ND_TCHECK2(*cp, OFP_MAX_PORT_NAME_LEN); - ND_PRINT((ndo, ", name '")); - fn_print(ndo, cp, cp + OFP_MAX_PORT_NAME_LEN); - ND_PRINT((ndo, "'")); - cp += OFP_MAX_PORT_NAME_LEN; - - if (ndo->ndo_vflag < 2) { - ND_TCHECK2(*cp, 24); - cp += 24; - goto next_port; - } - /* config */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t config 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppc_bm, EXTRACT_32BITS(cp), OFPPC_U); - cp += 4; - /* state */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t state 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofpps_bm, EXTRACT_32BITS(cp), OFPPS_U); - cp += 4; - /* curr */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t curr 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppf_bm, EXTRACT_32BITS(cp), OFPPF_U); - cp += 4; - /* advertised */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t advertised 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppf_bm, EXTRACT_32BITS(cp), OFPPF_U); - cp += 4; - /* supported */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t supported 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppf_bm, EXTRACT_32BITS(cp), OFPPF_U); - cp += 4; - /* peer */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t peer 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppf_bm, EXTRACT_32BITS(cp), OFPPF_U); - cp += 4; -next_port: - len -= OF_PHY_PORT_LEN; - } /* while */ - return cp; - -invalid: /* skip the undersized trailing data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + /* port_no */ + ND_PRINT("\n\t port_no %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + cp += 2; + /* hw_addr */ + ND_PRINT(", hw_addr %s", GET_ETHERADDR_STRING(cp)); + cp += MAC_ADDR_LEN; + /* name */ + ND_PRINT(", name '"); + (void)nd_print(ndo, cp, cp + OFP_MAX_PORT_NAME_LEN); + ND_PRINT("'"); + cp += OFP_MAX_PORT_NAME_LEN; + + if (ndo->ndo_vflag < 2) { + ND_TCHECK_LEN(cp, 24); + return; + } + /* config */ + ND_PRINT("\n\t config 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppc_bm, GET_BE_U_4(cp), OFPPC_U); + cp += 4; + /* state */ + state = GET_BE_U_4(cp); + /* + * Decode the code point and the single bit separately, but + * format the result as a single sequence of comma-separated + * strings (see the comments at the OFPPS_ props). + */ + ND_PRINT("\n\t state 0x%08x (%s%s)%s", state, + tok2str(ofpps_stp_str, "", state & OFPPS_STP_MASK), + state & OFPPS_LINK_DOWN ? ", LINK_DOWN" : "", + state & OFPPS_U ? " (bogus)" : ""); + cp += 4; + /* curr */ + ND_PRINT("\n\t curr 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppf_bm, GET_BE_U_4(cp), OFPPF_U); + cp += 4; + /* advertised */ + ND_PRINT("\n\t advertised 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppf_bm, GET_BE_U_4(cp), OFPPF_U); + cp += 4; + /* supported */ + ND_PRINT("\n\t supported 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppf_bm, GET_BE_U_4(cp), OFPPF_U); + cp += 4; + /* peer */ + ND_PRINT("\n\t peer 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppf_bm, GET_BE_U_4(cp), OFPPF_U); } /* [OF10] Section 5.2.2 */ -static const u_char * +static void of10_queue_props_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - uint16_t property, plen, rate; - while (len) { + uint16_t property, plen; u_char plen_bogus = 0, skip = 0; - if (len < OF_QUEUE_PROP_HEADER_LEN) + if (len < OF_QUEUE_PROP_MINLEN) goto invalid; /* property */ - ND_TCHECK2(*cp, 2); - property = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, "\n\t property %s", tok2str(ofpqt_str, "invalid (0x%04x)", property))); + property = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT("\n\t property %s", tok2str(ofpqt_str, "invalid (0x%04x)", property)); /* len */ - ND_TCHECK2(*cp, 2); - plen = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, ", len %u", plen)); - if (plen < OF_QUEUE_PROP_HEADER_LEN || plen > len) + plen = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT(", len %u", plen); + if (plen < OF_QUEUE_PROP_MINLEN || plen > len + 4) goto invalid; /* pad */ - ND_TCHECK2(*cp, 4); - cp += 4; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(4); /* property-specific constraints and decoding */ switch (property) { case OFPQT_NONE: - plen_bogus = plen != OF_QUEUE_PROP_HEADER_LEN; + plen_bogus = plen != OF_QUEUE_PROP_MINLEN; break; case OFPQT_MIN_RATE: - plen_bogus = plen != OF_QUEUE_PROP_MIN_RATE_LEN; + plen_bogus = plen != OF_QUEUE_PROP_MIN_RATE_FIXLEN; break; default: skip = 1; } if (plen_bogus) { - ND_PRINT((ndo, " (bogus)")); + ND_PRINT(" (bogus)"); skip = 1; } if (skip) { - ND_TCHECK2(*cp, plen - 4); - cp += plen - 4; - goto next_property; + /* + * plen >= OF_QUEUE_PROP_MINLEN + * cp is OF_QUEUE_PROP_MINLEN bytes in + */ + OF_CHK_FWD(plen - OF_QUEUE_PROP_MINLEN); + continue; } if (property == OFPQT_MIN_RATE) { /* the only case of property decoding */ /* rate */ - ND_TCHECK2(*cp, 2); - rate = EXTRACT_16BITS(cp); - cp += 2; + uint16_t rate = GET_BE_U_2(cp); + OF_FWD(2); if (rate > 1000) - ND_PRINT((ndo, ", rate disabled")); + ND_PRINT(", rate disabled"); else - ND_PRINT((ndo, ", rate %u.%u%%", rate / 10, rate % 10)); + ND_PRINT(", rate %u.%u%%", rate / 10, rate % 10); /* pad */ - ND_TCHECK2(*cp, 6); - cp += 6; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(6); } -next_property: - len -= plen; } /* while */ - return cp; + return; invalid: /* skip the rest of queue properties */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_queues_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - uint16_t desclen; - while (len) { - if (len < OF_PACKET_QUEUE_LEN) + uint16_t desclen; + + if (len < OF_PACKET_QUEUE_MINLEN) goto invalid; /* queue_id */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t queue_id %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT("\n\t queue_id %u", GET_BE_U_4(cp)); + OF_FWD(4); /* len */ - ND_TCHECK2(*cp, 2); - desclen = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, ", len %u", desclen)); - if (desclen < OF_PACKET_QUEUE_LEN || desclen > len) + desclen = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT(", len %u", desclen); + if (desclen < OF_PACKET_QUEUE_MINLEN || desclen > len + 6) goto invalid; /* pad */ - ND_TCHECK2(*cp, 2); - cp += 2; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(2); /* properties */ - if (ndo->ndo_vflag < 2) { - ND_TCHECK2(*cp, desclen - OF_PACKET_QUEUE_LEN); - cp += desclen - OF_PACKET_QUEUE_LEN; - goto next_queue; - } - if (ep == (cp = of10_queue_props_print(ndo, cp, ep, desclen - OF_PACKET_QUEUE_LEN))) - return ep; /* end of snapshot */ -next_queue: - len -= desclen; + if (ndo->ndo_vflag >= 2) + of10_queue_props_print(ndo, cp, desclen - OF_PACKET_QUEUE_MINLEN); + else + ND_TCHECK_LEN(cp, desclen - OF_PACKET_QUEUE_MINLEN); + OF_FWD(desclen - OF_PACKET_QUEUE_MINLEN); } /* while */ - return cp; + return; invalid: /* skip the rest of queues */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* [OF10] Section 5.2.3 */ -static const u_char * +static void of10_match_print(netdissect_options *ndo, - const char *pfx, const u_char *cp, const u_char *ep) + const char *pfx, const u_char *cp) { uint32_t wildcards; uint16_t dl_type; uint8_t nw_proto; - u_char nw_bits; + u_int nw_bits; const char *field_name; /* wildcards */ - ND_TCHECK2(*cp, 4); - wildcards = EXTRACT_32BITS(cp); + wildcards = GET_BE_U_4(cp); if (wildcards & OFPFW_U) - ND_PRINT((ndo, "%swildcards 0x%08x (bogus)", pfx, wildcards)); + ND_PRINT("%swildcards 0x%08x (bogus)", pfx, wildcards); cp += 4; /* in_port */ - ND_TCHECK2(*cp, 2); if (! (wildcards & OFPFW_IN_PORT)) - ND_PRINT((ndo, "%smatch in_port %s", pfx, tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); + ND_PRINT("%smatch in_port %s", pfx, + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); cp += 2; /* dl_src */ - ND_TCHECK2(*cp, ETHER_ADDR_LEN); if (! (wildcards & OFPFW_DL_SRC)) - ND_PRINT((ndo, "%smatch dl_src %s", pfx, etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; + ND_PRINT("%smatch dl_src %s", pfx, GET_ETHERADDR_STRING(cp)); + cp += MAC_ADDR_LEN; /* dl_dst */ - ND_TCHECK2(*cp, ETHER_ADDR_LEN); if (! (wildcards & OFPFW_DL_DST)) - ND_PRINT((ndo, "%smatch dl_dst %s", pfx, etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; + ND_PRINT("%smatch dl_dst %s", pfx, GET_ETHERADDR_STRING(cp)); + cp += MAC_ADDR_LEN; /* dl_vlan */ - ND_TCHECK2(*cp, 2); if (! (wildcards & OFPFW_DL_VLAN)) - ND_PRINT((ndo, "%smatch dl_vlan %s", pfx, vlan_str(EXTRACT_16BITS(cp)))); + ND_PRINT("%smatch dl_vlan %s", pfx, vlan_str(GET_BE_U_2(cp))); cp += 2; /* dl_vlan_pcp */ - ND_TCHECK2(*cp, 1); if (! (wildcards & OFPFW_DL_VLAN_PCP)) - ND_PRINT((ndo, "%smatch dl_vlan_pcp %s", pfx, pcp_str(*cp))); + ND_PRINT("%smatch dl_vlan_pcp %s", pfx, pcp_str(GET_U_1(cp))); cp += 1; /* pad1 */ - ND_TCHECK2(*cp, 1); cp += 1; /* dl_type */ - ND_TCHECK2(*cp, 2); - dl_type = EXTRACT_16BITS(cp); + dl_type = GET_BE_U_2(cp); cp += 2; if (! (wildcards & OFPFW_DL_TYPE)) - ND_PRINT((ndo, "%smatch dl_type 0x%04x", pfx, dl_type)); + ND_PRINT("%smatch dl_type 0x%04x", pfx, dl_type); /* nw_tos */ - ND_TCHECK2(*cp, 1); if (! (wildcards & OFPFW_NW_TOS)) - ND_PRINT((ndo, "%smatch nw_tos 0x%02x", pfx, *cp)); + ND_PRINT("%smatch nw_tos 0x%02x", pfx, GET_U_1(cp)); cp += 1; /* nw_proto */ - ND_TCHECK2(*cp, 1); - nw_proto = *cp; + nw_proto = GET_U_1(cp); cp += 1; if (! (wildcards & OFPFW_NW_PROTO)) { field_name = ! (wildcards & OFPFW_DL_TYPE) && dl_type == ETHERTYPE_ARP ? "arp_opcode" : "nw_proto"; - ND_PRINT((ndo, "%smatch %s %u", pfx, field_name, nw_proto)); + ND_PRINT("%smatch %s %u", pfx, field_name, nw_proto); } /* pad2 */ - ND_TCHECK2(*cp, 2); cp += 2; /* nw_src */ - ND_TCHECK2(*cp, 4); nw_bits = (wildcards & OFPFW_NW_SRC_MASK) >> OFPFW_NW_SRC_SHIFT; if (nw_bits < 32) - ND_PRINT((ndo, "%smatch nw_src %s/%u", pfx, ipaddr_string(ndo, cp), 32 - nw_bits)); + ND_PRINT("%smatch nw_src %s/%u", pfx, GET_IPADDR_STRING(cp), 32 - nw_bits); cp += 4; /* nw_dst */ - ND_TCHECK2(*cp, 4); nw_bits = (wildcards & OFPFW_NW_DST_MASK) >> OFPFW_NW_DST_SHIFT; if (nw_bits < 32) - ND_PRINT((ndo, "%smatch nw_dst %s/%u", pfx, ipaddr_string(ndo, cp), 32 - nw_bits)); + ND_PRINT("%smatch nw_dst %s/%u", pfx, GET_IPADDR_STRING(cp), 32 - nw_bits); cp += 4; /* tp_src */ - ND_TCHECK2(*cp, 2); if (! (wildcards & OFPFW_TP_SRC)) { field_name = ! (wildcards & OFPFW_DL_TYPE) && dl_type == ETHERTYPE_IP && ! (wildcards & OFPFW_NW_PROTO) && nw_proto == IPPROTO_ICMP ? "icmp_type" : "tp_src"; - ND_PRINT((ndo, "%smatch %s %u", pfx, field_name, EXTRACT_16BITS(cp))); + ND_PRINT("%smatch %s %u", pfx, field_name, GET_BE_U_2(cp)); } cp += 2; /* tp_dst */ - ND_TCHECK2(*cp, 2); + /* The last unconditional check was at nw_proto, so have an "else" here. */ if (! (wildcards & OFPFW_TP_DST)) { field_name = ! (wildcards & OFPFW_DL_TYPE) && dl_type == ETHERTYPE_IP && ! (wildcards & OFPFW_NW_PROTO) && nw_proto == IPPROTO_ICMP ? "icmp_code" : "tp_dst"; - ND_PRINT((ndo, "%smatch %s %u", pfx, field_name, EXTRACT_16BITS(cp))); + ND_PRINT("%smatch %s %u", pfx, field_name, GET_BE_U_2(cp)); } - return cp + 2; - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + else + ND_TCHECK_2(cp); } /* [OF10] Section 5.2.4 */ -static const u_char * +static void of10_actions_print(netdissect_options *ndo, - const char *pfx, const u_char *cp, const u_char *ep, - u_int len) + const char *pfx, const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - uint16_t type, alen, output_port; - while (len) { + uint16_t type, alen, output_port; u_char alen_bogus = 0, skip = 0; - if (len < OF_ACTION_HEADER_LEN) + if (len < OF_ACTION_MINLEN) goto invalid; /* type */ - ND_TCHECK2(*cp, 2); - type = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, "%saction type %s", pfx, tok2str(ofpat_str, "invalid (0x%04x)", type))); + type = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT("%saction type %s", pfx, tok2str(ofpat_str, "invalid (0x%04x)", type)); /* length */ - ND_TCHECK2(*cp, 2); - alen = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, ", len %u", alen)); + alen = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT(", len %u", alen); + /* + * The 4-byte "pad" in the specification is not a field of the + * action header, but a placeholder to illustrate the 64-bit + * alignment requirement. Action type specific case blocks + * below fetch these 4 bytes. + */ + /* On action size underrun/overrun skip the rest of the action list. */ - if (alen < OF_ACTION_HEADER_LEN || alen > len) + if (alen < OF_ACTION_MINLEN || alen > len + 4) goto invalid; - /* On action size inappropriate for the given type or invalid type just skip - * the current action, as the basic length constraint has been met. */ + /* + * After validating the basic length constraint it will be safe + * to skip the current action if the action size is not valid + * for the type or the type is invalid. + */ switch (type) { case OFPAT_OUTPUT: case OFPAT_SET_VLAN_VID: @@ -1493,710 +1356,622 @@ of10_actions_print(netdissect_options *ndo, skip = 1; } if (alen_bogus) { - ND_PRINT((ndo, " (bogus)")); + ND_PRINT(" (bogus)"); skip = 1; } if (skip) { - ND_TCHECK2(*cp, alen - 4); - cp += alen - 4; - goto next_action; + /* + * alen >= OF_ACTION_MINLEN + * cp is 4 bytes in + */ + OF_CHK_FWD(alen - 4); + continue; } /* OK to decode the rest of the action structure */ switch (type) { case OFPAT_OUTPUT: /* port */ - ND_TCHECK2(*cp, 2); - output_port = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, ", port %s", tok2str(ofpp_str, "%u", output_port))); + output_port = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT(", port %s", tok2str(ofpp_str, "%u", output_port)); /* max_len */ - ND_TCHECK2(*cp, 2); if (output_port == OFPP_CONTROLLER) - ND_PRINT((ndo, ", max_len %u", EXTRACT_16BITS(cp))); - cp += 2; + ND_PRINT(", max_len %u", GET_BE_U_2(cp)); + else + ND_TCHECK_2(cp); + OF_FWD(2); break; case OFPAT_SET_VLAN_VID: /* vlan_vid */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", vlan_vid %s", vlan_str(EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT(", vlan_vid %s", vlan_str(GET_BE_U_2(cp))); + OF_FWD(2); /* pad */ - ND_TCHECK2(*cp, 2); - cp += 2; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(2); break; case OFPAT_SET_VLAN_PCP: /* vlan_pcp */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", vlan_pcp %s", pcp_str(*cp))); - cp += 1; + ND_PRINT(", vlan_pcp %s", pcp_str(GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(3); break; case OFPAT_SET_DL_SRC: case OFPAT_SET_DL_DST: /* dl_addr */ - ND_TCHECK2(*cp, ETHER_ADDR_LEN); - ND_PRINT((ndo, ", dl_addr %s", etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; + ND_PRINT(", dl_addr %s", GET_ETHERADDR_STRING(cp)); + OF_FWD(MAC_ADDR_LEN); /* pad */ - ND_TCHECK2(*cp, 6); - cp += 6; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(6); break; case OFPAT_SET_NW_SRC: case OFPAT_SET_NW_DST: /* nw_addr */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", nw_addr %s", ipaddr_string(ndo, cp))); - cp += 4; + ND_PRINT(", nw_addr %s", GET_IPADDR_STRING(cp)); + OF_FWD(4); break; case OFPAT_SET_NW_TOS: /* nw_tos */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", nw_tos 0x%02x", *cp)); - cp += 1; + ND_PRINT(", nw_tos 0x%02x", GET_U_1(cp)); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(3); break; case OFPAT_SET_TP_SRC: case OFPAT_SET_TP_DST: /* nw_tos */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", tp_port %u", EXTRACT_16BITS(cp))); - cp += 2; + ND_PRINT(", tp_port %u", GET_BE_U_2(cp)); + OF_FWD(2); /* pad */ - ND_TCHECK2(*cp, 2); - cp += 2; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(2); break; case OFPAT_ENQUEUE: /* port */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", port %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT(", port %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* pad */ - ND_TCHECK2(*cp, 6); - cp += 6; + OF_FWD(6); /* queue_id */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", queue_id %s", tok2str(ofpq_str, "%u", EXTRACT_32BITS(cp)))); - cp += 4; + ND_PRINT(", queue_id %s", + tok2str(ofpq_str, "%u", GET_BE_U_4(cp))); + OF_FWD(4); break; case OFPAT_VENDOR: - if (ep == (cp = of10_vendor_action_print(ndo, cp, ep, alen - 4))) - return ep; /* end of snapshot */ + of10_vendor_action_print(ndo, cp, alen - 4); + OF_FWD(alen - 4); break; case OFPAT_STRIP_VLAN: /* pad */ - ND_TCHECK2(*cp, 4); - cp += 4; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(4); break; } /* switch */ -next_action: - len -= alen; } /* while */ - return cp; + return; invalid: /* skip the rest of actions */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* [OF10] Section 5.3.1 */ -static const u_char * +static void of10_features_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { /* datapath_id */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, "\n\t dpid 0x%016" PRIx64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT("\n\t dpid 0x%016" PRIx64, GET_BE_U_8(cp)); + OF_FWD(8); /* n_buffers */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", n_buffers %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", n_buffers %u", GET_BE_U_4(cp)); + OF_FWD(4); /* n_tables */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", n_tables %u", *cp)); - cp += 1; + ND_PRINT(", n_tables %u", GET_U_1(cp)); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + OF_FWD(3); /* capabilities */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t capabilities 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofp_capabilities_bm, EXTRACT_32BITS(cp), OFPCAP_U); - cp += 4; + ND_PRINT("\n\t capabilities 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofp_capabilities_bm, GET_BE_U_4(cp), OFPCAP_U); + OF_FWD(4); /* actions */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t actions 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofpat_bm, EXTRACT_32BITS(cp), OFPAT_U); - cp += 4; + ND_PRINT("\n\t actions 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofpat_bm, GET_BE_U_4(cp), OFPAT_U); + OF_FWD(4); /* ports */ - return of10_phy_ports_print(ndo, cp, ep, len - OF_SWITCH_FEATURES_LEN); + while (len) { + if (len < OF_PHY_PORT_FIXLEN) + goto invalid; + of10_phy_port_print(ndo, cp); + OF_FWD(OF_PHY_PORT_FIXLEN); + } + return; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; +invalid: /* skip the undersized trailing data */ + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); +} + +/* [OF10] Section 5.3.2 */ +static void +of10_switch_config_msg_print(netdissect_options *ndo, + const u_char *cp) +{ + /* flags */ + ND_PRINT("\n\t flags %s", + tok2str(ofp_config_str, "invalid (0x%04x)", GET_BE_U_2(cp))); + cp += 2; + /* miss_send_len */ + ND_PRINT(", miss_send_len %u", GET_BE_U_2(cp)); } /* [OF10] Section 5.3.3 */ -static const u_char * +static void of10_flow_mod_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { uint16_t command; /* match */ - if (ep == (cp = of10_match_print(ndo, "\n\t ", cp, ep))) - return ep; /* end of snapshot */ + of10_match_print(ndo, "\n\t ", cp); + OF_FWD(OF_MATCH_FIXLEN); /* cookie */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, "\n\t cookie 0x%016" PRIx64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT("\n\t cookie 0x%016" PRIx64, GET_BE_U_8(cp)); + OF_FWD(8); /* command */ - ND_TCHECK2(*cp, 2); - command = EXTRACT_16BITS(cp); - ND_PRINT((ndo, ", command %s", tok2str(ofpfc_str, "invalid (0x%04x)", command))); - cp += 2; + command = GET_BE_U_2(cp); + ND_PRINT(", command %s", tok2str(ofpfc_str, "invalid (0x%04x)", command)); + OF_FWD(2); /* idle_timeout */ - ND_TCHECK2(*cp, 2); - if (EXTRACT_16BITS(cp)) - ND_PRINT((ndo, ", idle_timeout %u", EXTRACT_16BITS(cp))); - cp += 2; + if (GET_BE_U_2(cp)) + ND_PRINT(", idle_timeout %u", GET_BE_U_2(cp)); + OF_FWD(2); /* hard_timeout */ - ND_TCHECK2(*cp, 2); - if (EXTRACT_16BITS(cp)) - ND_PRINT((ndo, ", hard_timeout %u", EXTRACT_16BITS(cp))); - cp += 2; + if (GET_BE_U_2(cp)) + ND_PRINT(", hard_timeout %u", GET_BE_U_2(cp)); + OF_FWD(2); /* priority */ - ND_TCHECK2(*cp, 2); - if (EXTRACT_16BITS(cp)) - ND_PRINT((ndo, ", priority %u", EXTRACT_16BITS(cp))); - cp += 2; + if (GET_BE_U_2(cp)) + ND_PRINT(", priority %u", GET_BE_U_2(cp)); + OF_FWD(2); /* buffer_id */ - ND_TCHECK2(*cp, 4); if (command == OFPFC_ADD || command == OFPFC_MODIFY || command == OFPFC_MODIFY_STRICT) - ND_PRINT((ndo, ", buffer_id %s", tok2str(bufferid_str, "0x%08x", EXTRACT_32BITS(cp)))); - cp += 4; + ND_PRINT(", buffer_id %s", + tok2str(bufferid_str, "0x%08x", GET_BE_U_4(cp))); + OF_FWD(4); /* out_port */ - ND_TCHECK2(*cp, 2); if (command == OFPFC_DELETE || command == OFPFC_DELETE_STRICT) - ND_PRINT((ndo, ", out_port %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT(", out_port %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* flags */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", flags 0x%04x", EXTRACT_16BITS(cp))); - of10_bitmap_print(ndo, ofpff_bm, EXTRACT_16BITS(cp), OFPFF_U); - cp += 2; + ND_PRINT(", flags 0x%04x", GET_BE_U_2(cp)); + of_bitmap_print(ndo, ofpff_bm, GET_BE_U_2(cp), OFPFF_U); + OF_FWD(2); /* actions */ - return of10_actions_print(ndo, "\n\t ", cp, ep, len - OF_FLOW_MOD_LEN); - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + of10_actions_print(ndo, "\n\t ", cp, len); } /* ibid */ -static const u_char * +static void of10_port_mod_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep) + const u_char *cp) { /* port_no */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); + ND_PRINT("\n\t port_no %s", tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); cp += 2; /* hw_addr */ - ND_TCHECK2(*cp, ETHER_ADDR_LEN); - ND_PRINT((ndo, ", hw_addr %s", etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; + ND_PRINT(", hw_addr %s", GET_ETHERADDR_STRING(cp)); + cp += MAC_ADDR_LEN; /* config */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t config 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppc_bm, EXTRACT_32BITS(cp), OFPPC_U); + ND_PRINT("\n\t config 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppc_bm, GET_BE_U_4(cp), OFPPC_U); cp += 4; /* mask */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t mask 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppc_bm, EXTRACT_32BITS(cp), OFPPC_U); + ND_PRINT("\n\t mask 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppc_bm, GET_BE_U_4(cp), OFPPC_U); cp += 4; /* advertise */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t advertise 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofppf_bm, EXTRACT_32BITS(cp), OFPPF_U); + ND_PRINT("\n\t advertise 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofppf_bm, GET_BE_U_4(cp), OFPPF_U); cp += 4; /* pad */ - ND_TCHECK2(*cp, 4); - return cp + 4; + /* Always the last field, check bounds. */ + ND_TCHECK_4(cp); +} + +/* [OF10] Section 5.3.4 */ +static void +of10_queue_get_config_request_print(netdissect_options *ndo, + const u_char *cp) +{ + /* port */ + ND_PRINT("\n\t port %s", tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + cp += 2; + /* pad */ + /* Always the last field, check bounds. */ + ND_TCHECK_2(cp); +} -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; +/* ibid */ +static void +of10_queue_get_config_reply_print(netdissect_options *ndo, + const u_char *cp, u_int len) +{ + /* port */ + ND_PRINT("\n\t port %s", tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); + /* pad */ + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(6); + /* queues */ + of10_queues_print(ndo, cp, len); } /* [OF10] Section 5.3.5 */ -static const u_char * +static void of10_stats_request_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; uint16_t type; /* type */ - ND_TCHECK2(*cp, 2); - type = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, "\n\t type %s", tok2str(ofpst_str, "invalid (0x%04x)", type))); + type = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT("\n\t type %s", tok2str(ofpst_str, "invalid (0x%04x)", type)); /* flags */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", flags 0x%04x", EXTRACT_16BITS(cp))); - if (EXTRACT_16BITS(cp)) - ND_PRINT((ndo, " (bogus)")); - cp += 2; + ND_PRINT(", flags 0x%04x", GET_BE_U_2(cp)); + if (GET_BE_U_2(cp)) + ND_PRINT(" (bogus)"); + OF_FWD(2); /* type-specific body of one of fixed lengths */ - len -= OF_STATS_REQUEST_LEN; switch(type) { case OFPST_DESC: case OFPST_TABLE: if (len) goto invalid; - return cp; + return; case OFPST_FLOW: case OFPST_AGGREGATE: - if (len != OF_FLOW_STATS_REQUEST_LEN) + if (len != OF_FLOW_STATS_REQUEST_FIXLEN) goto invalid; /* match */ - if (ep == (cp = of10_match_print(ndo, "\n\t ", cp, ep))) - return ep; /* end of snapshot */ + of10_match_print(ndo, "\n\t ", cp); + OF_FWD(OF_MATCH_FIXLEN); /* table_id */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, "\n\t table_id %s", tok2str(tableid_str, "%u", *cp))); - cp += 1; + ND_PRINT("\n\t table_id %s", + tok2str(tableid_str, "%u", GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 1); - cp += 1; + OF_FWD(1); /* out_port */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", out_port %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - return cp + 2; + ND_PRINT(", out_port %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + return; case OFPST_PORT: - if (len != OF_PORT_STATS_REQUEST_LEN) + if (len != OF_PORT_STATS_REQUEST_FIXLEN) goto invalid; /* port_no */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT("\n\t port_no %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* pad */ - ND_TCHECK2(*cp, 6); - return cp + 6; + /* Always the last field, check bounds. */ + OF_CHK_FWD(6); + return; case OFPST_QUEUE: - if (len != OF_QUEUE_STATS_REQUEST_LEN) + if (len != OF_QUEUE_STATS_REQUEST_FIXLEN) goto invalid; /* port_no */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT("\n\t port_no %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* pad */ - ND_TCHECK2(*cp, 2); - cp += 2; + OF_FWD(2); /* queue_id */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", queue_id %s", tok2str(ofpq_str, "%u", EXTRACT_32BITS(cp)))); - return cp + 4; + ND_PRINT(", queue_id %s", + tok2str(ofpq_str, "%u", GET_BE_U_4(cp))); + return; case OFPST_VENDOR: - return of10_vendor_data_print(ndo, cp, ep, len); + of10_vendor_data_print(ndo, cp, len); + return; } - return cp; + return; invalid: /* skip the message body */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_desc_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { - if (len != OF_DESC_STATS_LEN) + if (len != OF_DESC_STATS_REPLY_FIXLEN) goto invalid; /* mfr_desc */ - ND_TCHECK2(*cp, DESC_STR_LEN); - ND_PRINT((ndo, "\n\t mfr_desc '")); - fn_print(ndo, cp, cp + DESC_STR_LEN); - ND_PRINT((ndo, "'")); - cp += DESC_STR_LEN; + ND_PRINT("\n\t mfr_desc '"); + (void)nd_print(ndo, cp, cp + DESC_STR_LEN); + ND_PRINT("'"); + OF_FWD(DESC_STR_LEN); /* hw_desc */ - ND_TCHECK2(*cp, DESC_STR_LEN); - ND_PRINT((ndo, "\n\t hw_desc '")); - fn_print(ndo, cp, cp + DESC_STR_LEN); - ND_PRINT((ndo, "'")); - cp += DESC_STR_LEN; + ND_PRINT("\n\t hw_desc '"); + (void)nd_print(ndo, cp, cp + DESC_STR_LEN); + ND_PRINT("'"); + OF_FWD(DESC_STR_LEN); /* sw_desc */ - ND_TCHECK2(*cp, DESC_STR_LEN); - ND_PRINT((ndo, "\n\t sw_desc '")); - fn_print(ndo, cp, cp + DESC_STR_LEN); - ND_PRINT((ndo, "'")); - cp += DESC_STR_LEN; + ND_PRINT("\n\t sw_desc '"); + (void)nd_print(ndo, cp, cp + DESC_STR_LEN); + ND_PRINT("'"); + OF_FWD(DESC_STR_LEN); /* serial_num */ - ND_TCHECK2(*cp, SERIAL_NUM_LEN); - ND_PRINT((ndo, "\n\t serial_num '")); - fn_print(ndo, cp, cp + SERIAL_NUM_LEN); - ND_PRINT((ndo, "'")); - cp += SERIAL_NUM_LEN; + ND_PRINT("\n\t serial_num '"); + (void)nd_print(ndo, cp, cp + SERIAL_NUM_LEN); + ND_PRINT("'"); + OF_FWD(SERIAL_NUM_LEN); /* dp_desc */ - ND_TCHECK2(*cp, DESC_STR_LEN); - ND_PRINT((ndo, "\n\t dp_desc '")); - fn_print(ndo, cp, cp + DESC_STR_LEN); - ND_PRINT((ndo, "'")); - return cp + DESC_STR_LEN; + ND_PRINT("\n\t dp_desc '"); + (void)nd_print(ndo, cp, cp + DESC_STR_LEN); + ND_PRINT("'"); + return; invalid: /* skip the message body */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp, len); - return cp + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_flow_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - uint16_t entry_len; - while (len) { - if (len < OF_FLOW_STATS_LEN) + uint16_t entry_len; + + if (len < OF_FLOW_STATS_REPLY_MINLEN) goto invalid; /* length */ - ND_TCHECK2(*cp, 2); - entry_len = EXTRACT_16BITS(cp); - ND_PRINT((ndo, "\n\t length %u", entry_len)); - if (entry_len < OF_FLOW_STATS_LEN || entry_len > len) + entry_len = GET_BE_U_2(cp); + ND_PRINT("\n\t length %u", entry_len); + if (entry_len < OF_FLOW_STATS_REPLY_MINLEN || entry_len > len) goto invalid; - cp += 2; + OF_FWD(2); /* table_id */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", table_id %s", tok2str(tableid_str, "%u", *cp))); - cp += 1; + ND_PRINT(", table_id %s", + tok2str(tableid_str, "%u", GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 1); - cp += 1; + OF_FWD(1); /* match */ - if (ep == (cp = of10_match_print(ndo, "\n\t ", cp, ep))) - return ep; /* end of snapshot */ + of10_match_print(ndo, "\n\t ", cp); + OF_FWD(OF_MATCH_FIXLEN); /* duration_sec */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t duration_sec %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT("\n\t duration_sec %u", GET_BE_U_4(cp)); + OF_FWD(4); /* duration_nsec */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", duration_nsec %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", duration_nsec %u", GET_BE_U_4(cp)); + OF_FWD(4); /* priority */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", priority %u", EXTRACT_16BITS(cp))); - cp += 2; + ND_PRINT(", priority %u", GET_BE_U_2(cp)); + OF_FWD(2); /* idle_timeout */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", idle_timeout %u", EXTRACT_16BITS(cp))); - cp += 2; + ND_PRINT(", idle_timeout %u", GET_BE_U_2(cp)); + OF_FWD(2); /* hard_timeout */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", hard_timeout %u", EXTRACT_16BITS(cp))); - cp += 2; + ND_PRINT(", hard_timeout %u", GET_BE_U_2(cp)); + OF_FWD(2); /* pad2 */ - ND_TCHECK2(*cp, 6); - cp += 6; + OF_FWD(6); /* cookie */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", cookie 0x%016" PRIx64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", cookie 0x%016" PRIx64, GET_BE_U_8(cp)); + OF_FWD(8); /* packet_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", packet_count %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", packet_count %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* byte_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", byte_count %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", byte_count %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* actions */ - if (ep == (cp = of10_actions_print(ndo, "\n\t ", cp, ep, entry_len - OF_FLOW_STATS_LEN))) - return ep; /* end of snapshot */ - - len -= entry_len; + of10_actions_print(ndo, "\n\t ", cp, entry_len - OF_FLOW_STATS_REPLY_MINLEN); + OF_FWD(entry_len - OF_FLOW_STATS_REPLY_MINLEN); } /* while */ - return cp; + return; invalid: /* skip the rest of flow statistics entries */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_aggregate_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, - const u_int len) + const u_char *cp, u_int len) { - if (len != OF_AGGREGATE_STATS_REPLY_LEN) + if (len != OF_AGGREGATE_STATS_REPLY_FIXLEN) goto invalid; /* packet_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, "\n\t packet_count %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT("\n\t packet_count %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* byte_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", byte_count %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", byte_count %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* flow_count */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", flow_count %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", flow_count %u", GET_BE_U_4(cp)); + OF_FWD(4); /* pad */ - ND_TCHECK2(*cp, 4); - return cp + 4; + /* Always the last field, check bounds. */ + ND_TCHECK_4(cp); + return; invalid: /* skip the message body */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp, len); - return cp + len; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_table_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - while (len) { - if (len < OF_TABLE_STATS_LEN) + if (len < OF_TABLE_STATS_REPLY_FIXLEN) goto invalid; /* table_id */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, "\n\t table_id %s", tok2str(tableid_str, "%u", *cp))); - cp += 1; + ND_PRINT("\n\t table_id %s", + tok2str(tableid_str, "%u", GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 3); - cp += 3; + OF_FWD(3); /* name */ - ND_TCHECK2(*cp, OFP_MAX_TABLE_NAME_LEN); - ND_PRINT((ndo, ", name '")); - fn_print(ndo, cp, cp + OFP_MAX_TABLE_NAME_LEN); - ND_PRINT((ndo, "'")); - cp += OFP_MAX_TABLE_NAME_LEN; + ND_PRINT(", name '"); + (void)nd_print(ndo, cp, cp + OFP_MAX_TABLE_NAME_LEN); + ND_PRINT("'"); + OF_FWD(OFP_MAX_TABLE_NAME_LEN); /* wildcards */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t wildcards 0x%08x", EXTRACT_32BITS(cp))); - of10_bitmap_print(ndo, ofpfw_bm, EXTRACT_32BITS(cp), OFPFW_U); - cp += 4; + ND_PRINT("\n\t wildcards 0x%08x", GET_BE_U_4(cp)); + of_bitmap_print(ndo, ofpfw_bm, GET_BE_U_4(cp), OFPFW_U); + OF_FWD(4); /* max_entries */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t max_entries %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT("\n\t max_entries %u", GET_BE_U_4(cp)); + OF_FWD(4); /* active_count */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", active_count %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", active_count %u", GET_BE_U_4(cp)); + OF_FWD(4); /* lookup_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", lookup_count %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", lookup_count %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* matched_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", matched_count %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; - - len -= OF_TABLE_STATS_LEN; + ND_PRINT(", matched_count %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); } /* while */ - return cp; + return; invalid: /* skip the undersized trailing data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_port_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - while (len) { - if (len < OF_PORT_STATS_LEN) + if (len < OF_PORT_STATS_REPLY_FIXLEN) goto invalid; /* port_no */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT("\n\t port_no %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); if (ndo->ndo_vflag < 2) { - ND_TCHECK2(*cp, OF_PORT_STATS_LEN - 2); - cp += OF_PORT_STATS_LEN - 2; - goto next_port; + OF_CHK_FWD(OF_PORT_STATS_REPLY_FIXLEN - 2); + continue; } /* pad */ - ND_TCHECK2(*cp, 6); - cp += 6; + OF_FWD(6); /* rx_packets */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_packets %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_packets %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* tx_packets */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_packets %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", tx_packets %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* rx_bytes */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_bytes %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_bytes %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* tx_bytes */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_bytes %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", tx_bytes %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* rx_dropped */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_dropped %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_dropped %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* tx_dropped */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_dropped %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", tx_dropped %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* rx_errors */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_errors %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_errors %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* tx_errors */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_errors %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", tx_errors %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* rx_frame_err */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_frame_err %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_frame_err %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* rx_over_err */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_over_err %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_over_err %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* rx_crc_err */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", rx_crc_err %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", rx_crc_err %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* collisions */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", collisions %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; -next_port: - len -= OF_PORT_STATS_LEN; + ND_PRINT(", collisions %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); } /* while */ - return cp; + return; invalid: /* skip the undersized trailing data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_queue_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; - while (len) { - if (len < OF_QUEUE_STATS_LEN) + if (len < OF_QUEUE_STATS_REPLY_FIXLEN) goto invalid; /* port_no */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT("\n\t port_no %s", + tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* pad */ - ND_TCHECK2(*cp, 2); - cp += 2; + OF_FWD(2); /* queue_id */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", queue_id %u", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT(", queue_id %u", GET_BE_U_4(cp)); + OF_FWD(4); /* tx_bytes */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_bytes %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", tx_bytes %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* tx_packets */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_packets %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; + ND_PRINT(", tx_packets %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); /* tx_errors */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", tx_errors %" PRIu64, EXTRACT_64BITS(cp))); - cp += 8; - - len -= OF_QUEUE_STATS_LEN; + ND_PRINT(", tx_errors %" PRIu64, GET_BE_U_8(cp)); + OF_FWD(8); } /* while */ - return cp; + return; invalid: /* skip the undersized trailing data */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* ibid */ -static const u_char * +static void of10_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; uint16_t type; /* type */ - ND_TCHECK2(*cp, 2); - type = EXTRACT_16BITS(cp); - ND_PRINT((ndo, "\n\t type %s", tok2str(ofpst_str, "invalid (0x%04x)", type))); - cp += 2; + type = GET_BE_U_2(cp); + ND_PRINT("\n\t type %s", tok2str(ofpst_str, "invalid (0x%04x)", type)); + OF_FWD(2); /* flags */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", flags 0x%04x", EXTRACT_16BITS(cp))); - of10_bitmap_print(ndo, ofpsf_reply_bm, EXTRACT_16BITS(cp), OFPSF_REPLY_U); - cp += 2; + ND_PRINT(", flags 0x%04x", GET_BE_U_2(cp)); + of_bitmap_print(ndo, ofpsf_reply_bm, GET_BE_U_2(cp), OFPSF_REPLY_U); + OF_FWD(2); if (ndo->ndo_vflag > 0) { - const u_char *(*decoder)(netdissect_options *, const u_char *, const u_char *, u_int) = + void (*decoder)(netdissect_options *, const u_char *, u_int) = type == OFPST_DESC ? of10_desc_stats_reply_print : type == OFPST_FLOW ? of10_flow_stats_reply_print : type == OFPST_AGGREGATE ? of10_aggregate_stats_reply_print : @@ -2205,355 +1980,317 @@ of10_stats_reply_print(netdissect_options *ndo, type == OFPST_QUEUE ? of10_queue_stats_reply_print : type == OFPST_VENDOR ? of10_vendor_data_print : NULL; - if (decoder != NULL) - return decoder(ndo, cp, ep, len - OF_STATS_REPLY_LEN); + if (decoder != NULL) { + decoder(ndo, cp, len); + return; + } } - ND_TCHECK2(*cp0, len); - return cp0 + len; - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + ND_TCHECK_LEN(cp, len); } /* [OF10] Section 5.3.6 */ -static const u_char * +static void of10_packet_out_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { - const u_char *cp0 = cp; - const u_int len0 = len; uint16_t actions_len; /* buffer_id */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t buffer_id 0x%08x", EXTRACT_32BITS(cp))); - cp += 4; + ND_PRINT("\n\t buffer_id 0x%08x", GET_BE_U_4(cp)); + OF_FWD(4); /* in_port */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", in_port %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT(", in_port %s", tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* actions_len */ - ND_TCHECK2(*cp, 2); - actions_len = EXTRACT_16BITS(cp); - cp += 2; - if (actions_len > len - OF_PACKET_OUT_LEN) + actions_len = GET_BE_U_2(cp); + OF_FWD(2); + if (actions_len > len) goto invalid; /* actions */ - if (ep == (cp = of10_actions_print(ndo, "\n\t ", cp, ep, actions_len))) - return ep; /* end of snapshot */ + of10_actions_print(ndo, "\n\t ", cp, actions_len); + OF_FWD(actions_len); /* data */ - return of10_packet_data_print(ndo, cp, ep, len - OF_PACKET_OUT_LEN - actions_len); + of10_packet_data_print(ndo, cp, len); + return; invalid: /* skip the rest of the message body */ - ND_PRINT((ndo, "%s", istr)); - ND_TCHECK2(*cp0, len0); - return cp0 + len0; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); } /* [OF10] Section 5.4.1 */ -static const u_char * +static void of10_packet_in_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { /* buffer_id */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, "\n\t buffer_id %s", tok2str(bufferid_str, "0x%08x", EXTRACT_32BITS(cp)))); - cp += 4; + ND_PRINT("\n\t buffer_id %s", + tok2str(bufferid_str, "0x%08x", GET_BE_U_4(cp))); + OF_FWD(4); /* total_len */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", total_len %u", EXTRACT_16BITS(cp))); - cp += 2; + ND_PRINT(", total_len %u", GET_BE_U_2(cp)); + OF_FWD(2); /* in_port */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", in_port %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; + ND_PRINT(", in_port %s", tok2str(ofpp_str, "%u", GET_BE_U_2(cp))); + OF_FWD(2); /* reason */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", reason %s", tok2str(ofpr_str, "invalid (0x%02x)", *cp))); - cp += 1; + ND_PRINT(", reason %s", + tok2str(ofpr_str, "invalid (0x%02x)", GET_U_1(cp))); + OF_FWD(1); /* pad */ - ND_TCHECK2(*cp, 1); - cp += 1; + /* Sometimes the last field, check bounds. */ + OF_CHK_FWD(1); /* data */ - /* 2 mock octets count in OF_PACKET_IN_LEN but not in len */ - return of10_packet_data_print(ndo, cp, ep, len - (OF_PACKET_IN_LEN - 2)); - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + of10_packet_data_print(ndo, cp, len); } /* [OF10] Section 5.4.2 */ -static const u_char * +static void of10_flow_removed_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep) + const u_char *cp) { /* match */ - if (ep == (cp = of10_match_print(ndo, "\n\t ", cp, ep))) - return ep; /* end of snapshot */ + of10_match_print(ndo, "\n\t ", cp); + cp += OF_MATCH_FIXLEN; /* cookie */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, "\n\t cookie 0x%016" PRIx64, EXTRACT_64BITS(cp))); + ND_PRINT("\n\t cookie 0x%016" PRIx64, GET_BE_U_8(cp)); cp += 8; /* priority */ - ND_TCHECK2(*cp, 2); - if (EXTRACT_16BITS(cp)) - ND_PRINT((ndo, ", priority %u", EXTRACT_16BITS(cp))); + if (GET_BE_U_2(cp)) + ND_PRINT(", priority %u", GET_BE_U_2(cp)); cp += 2; /* reason */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, ", reason %s", tok2str(ofprr_str, "unknown (0x%02x)", *cp))); + ND_PRINT(", reason %s", + tok2str(ofprr_str, "unknown (0x%02x)", GET_U_1(cp))); cp += 1; /* pad */ - ND_TCHECK2(*cp, 1); cp += 1; /* duration_sec */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", duration_sec %u", EXTRACT_32BITS(cp))); + ND_PRINT(", duration_sec %u", GET_BE_U_4(cp)); cp += 4; /* duration_nsec */ - ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", duration_nsec %u", EXTRACT_32BITS(cp))); + ND_PRINT(", duration_nsec %u", GET_BE_U_4(cp)); cp += 4; /* idle_timeout */ - ND_TCHECK2(*cp, 2); - if (EXTRACT_16BITS(cp)) - ND_PRINT((ndo, ", idle_timeout %u", EXTRACT_16BITS(cp))); + if (GET_BE_U_2(cp)) + ND_PRINT(", idle_timeout %u", GET_BE_U_2(cp)); cp += 2; /* pad2 */ - ND_TCHECK2(*cp, 2); cp += 2; /* packet_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", packet_count %" PRIu64, EXTRACT_64BITS(cp))); + ND_PRINT(", packet_count %" PRIu64, GET_BE_U_8(cp)); cp += 8; /* byte_count */ - ND_TCHECK2(*cp, 8); - ND_PRINT((ndo, ", byte_count %" PRIu64, EXTRACT_64BITS(cp))); - return cp + 8; + ND_PRINT(", byte_count %" PRIu64, GET_BE_U_8(cp)); +} -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; +/* [OF10] Section 5.4.3 */ +static void +of10_port_status_print(netdissect_options *ndo, + const u_char *cp) +{ + /* reason */ + ND_PRINT("\n\t reason %s", + tok2str(ofppr_str, "invalid (0x%02x)", GET_U_1(cp))); + cp += 1; + /* pad */ + /* No need to check bounds, more data follows. */ + cp += 7; + /* desc */ + of10_phy_port_print(ndo, cp); } /* [OF10] Section 5.4.4 */ -static const u_char * +static void of10_error_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) + const u_char *cp, u_int len) { - uint16_t type; + uint16_t type, code; const struct tok *code_str; /* type */ - ND_TCHECK2(*cp, 2); - type = EXTRACT_16BITS(cp); - cp += 2; - ND_PRINT((ndo, "\n\t type %s", tok2str(ofpet_str, "invalid (0x%04x)", type))); + type = GET_BE_U_2(cp); + OF_FWD(2); + ND_PRINT("\n\t type %s", tok2str(ofpet_str, "invalid (0x%04x)", type)); /* code */ - ND_TCHECK2(*cp, 2); - code_str = - type == OFPET_HELLO_FAILED ? ofphfc_str : - type == OFPET_BAD_REQUEST ? ofpbrc_str : - type == OFPET_BAD_ACTION ? ofpbac_str : - type == OFPET_FLOW_MOD_FAILED ? ofpfmfc_str : - type == OFPET_PORT_MOD_FAILED ? ofppmfc_str : - type == OFPET_QUEUE_OP_FAILED ? ofpqofc_str : - empty_str; - ND_PRINT((ndo, ", code %s", tok2str(code_str, "invalid (0x%04x)", EXTRACT_16BITS(cp)))); - cp += 2; + code = GET_BE_U_2(cp); + OF_FWD(2); + code_str = uint2tokary(of10_ofpet2tokary, type); + if (code_str != NULL) + ND_PRINT(", code %s", + tok2str(code_str, "invalid (0x%04x)", code)); + else + ND_PRINT(", code invalid (0x%04x)", code); /* data */ - return of10_data_print(ndo, cp, ep, len - OF_ERROR_MSG_LEN); - -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + of_data_print(ndo, cp, len); } -const u_char * -of10_header_body_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const uint8_t type, - const uint16_t len, const uint32_t xid) +void +of10_message_print(netdissect_options *ndo, + const u_char *cp, uint16_t len, const uint8_t type) { - const u_char *cp0 = cp; - const u_int len0 = len; - /* Thus far message length is not less than the basic header size, but most - * message types have additional assorted constraints on the length. Wherever - * possible, check that message length meets the constraint, in remaining - * cases check that the length is OK to begin decoding and leave any final - * verification up to a lower-layer function. When the current message is - * invalid, proceed to the next message. */ - - /* [OF10] Section 5.1 */ - ND_PRINT((ndo, "\n\tversion 1.0, type %s, length %u, xid 0x%08x", - tok2str(ofpt_str, "invalid (0x%02x)", type), len, xid)); + /* + * Here "cp" and "len" stand for the message part beyond the common + * OpenFlow 1.0 header, if any. Subtract OF_HEADER_FIXLEN from the + * type-specific lengths, which include the header length, when (and + * only when) validating the length in this function. No other code + * in this file needs to take OF_HEADER_FIXLEN into account. + * + * Most message types are longer than just the header, and the length + * constraints may be complex. When possible, validate the constraint + * completely here, otherwise check that the message is long enough to + * begin the decoding and let the lower-layer function do any remaining + * validation. + */ switch (type) { /* OpenFlow header only. */ case OFPT_FEATURES_REQUEST: /* [OF10] Section 5.3.1 */ case OFPT_GET_CONFIG_REQUEST: /* [OF10] Section 5.3.2 */ case OFPT_BARRIER_REQUEST: /* [OF10] Section 5.3.7 */ case OFPT_BARRIER_REPLY: /* ibid */ - if (len != OF_HEADER_LEN) + if (len) goto invalid; - break; + return; /* OpenFlow header and fixed-size message body. */ case OFPT_SET_CONFIG: /* [OF10] Section 5.3.2 */ case OFPT_GET_CONFIG_REPLY: /* ibid */ - if (len != OF_SWITCH_CONFIG_LEN) + if (len != OF_SWITCH_CONFIG_FIXLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - /* flags */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t flags %s", tok2str(ofp_config_str, "invalid (0x%04x)", EXTRACT_16BITS(cp)))); - cp += 2; - /* miss_send_len */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, ", miss_send_len %u", EXTRACT_16BITS(cp))); - return cp + 2; + break; + of10_switch_config_msg_print(ndo, cp); + return; case OFPT_PORT_MOD: - if (len != OF_PORT_MOD_LEN) + if (len != OF_PORT_MOD_FIXLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_port_mod_print(ndo, cp, ep); + break; + of10_port_mod_print(ndo, cp); + return; case OFPT_QUEUE_GET_CONFIG_REQUEST: /* [OF10] Section 5.3.4 */ - if (len != OF_QUEUE_GET_CONFIG_REQUEST_LEN) + if (len != OF_QUEUE_GET_CONFIG_REQUEST_FIXLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - /* port */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; - /* pad */ - ND_TCHECK2(*cp, 2); - return cp + 2; + break; + of10_queue_get_config_request_print(ndo, cp); + return; case OFPT_FLOW_REMOVED: - if (len != OF_FLOW_REMOVED_LEN) + if (len != OF_FLOW_REMOVED_FIXLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_flow_removed_print(ndo, cp, ep); + break; + of10_flow_removed_print(ndo, cp); + return; case OFPT_PORT_STATUS: /* [OF10] Section 5.4.3 */ - if (len != OF_PORT_STATUS_LEN) + if (len != OF_PORT_STATUS_FIXLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - /* reason */ - ND_TCHECK2(*cp, 1); - ND_PRINT((ndo, "\n\t reason %s", tok2str(ofppr_str, "invalid (0x%02x)", *cp))); - cp += 1; - /* pad */ - ND_TCHECK2(*cp, 7); - cp += 7; - /* desc */ - return of10_phy_ports_print(ndo, cp, ep, OF_PHY_PORT_LEN); + break; + of10_port_status_print(ndo, cp); + return; /* OpenFlow header, fixed-size message body and n * fixed-size data units. */ case OFPT_FEATURES_REPLY: - if (len < OF_SWITCH_FEATURES_LEN) + if (len < OF_FEATURES_REPLY_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_features_reply_print(ndo, cp, ep, len); + break; + of10_features_reply_print(ndo, cp, len); + return; /* OpenFlow header and variable-size data. */ case OFPT_HELLO: /* [OF10] Section 5.5.1 */ case OFPT_ECHO_REQUEST: /* [OF10] Section 5.5.2 */ case OFPT_ECHO_REPLY: /* [OF10] Section 5.5.3 */ if (ndo->ndo_vflag < 1) - goto next_message; - return of10_data_print(ndo, cp, ep, len - OF_HEADER_LEN); + break; + of_data_print(ndo, cp, len); + return; /* OpenFlow header, fixed-size message body and variable-size data. */ case OFPT_ERROR: - if (len < OF_ERROR_MSG_LEN) + if (len < OF_ERROR_MSG_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_error_print(ndo, cp, ep, len); + break; + of10_error_print(ndo, cp, len); + return; case OFPT_VENDOR: - /* [OF10] Section 5.5.4 */ - if (len < OF_VENDOR_HEADER_LEN) + /* [OF10] Section 5.5.4 */ + if (len < OF_VENDOR_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_vendor_message_print(ndo, cp, ep, len - OF_HEADER_LEN); + break; + of10_vendor_message_print(ndo, cp, len); + return; case OFPT_PACKET_IN: - /* 2 mock octets count in OF_PACKET_IN_LEN but not in len */ - if (len < OF_PACKET_IN_LEN - 2) + /* 2 mock octets count in OF_PACKET_IN_MINLEN but not in len */ + if (len < OF_PACKET_IN_MINLEN - 2 - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_packet_in_print(ndo, cp, ep, len); + break; + of10_packet_in_print(ndo, cp, len); + return; /* a. OpenFlow header. */ /* b. OpenFlow header and one of the fixed-size message bodies. */ /* c. OpenFlow header, fixed-size message body and variable-size data. */ case OFPT_STATS_REQUEST: - if (len < OF_STATS_REQUEST_LEN) + if (len < OF_STATS_REQUEST_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_stats_request_print(ndo, cp, ep, len); + break; + of10_stats_request_print(ndo, cp, len); + return; /* a. OpenFlow header and fixed-size message body. */ /* b. OpenFlow header and n * fixed-size data units. */ /* c. OpenFlow header and n * variable-size data units. */ /* d. OpenFlow header, fixed-size message body and variable-size data. */ case OFPT_STATS_REPLY: - if (len < OF_STATS_REPLY_LEN) + if (len < OF_STATS_REPLY_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_stats_reply_print(ndo, cp, ep, len); + break; + of10_stats_reply_print(ndo, cp, len); + return; /* OpenFlow header and n * variable-size data units and variable-size data. */ case OFPT_PACKET_OUT: - if (len < OF_PACKET_OUT_LEN) + if (len < OF_PACKET_OUT_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_packet_out_print(ndo, cp, ep, len); + break; + of10_packet_out_print(ndo, cp, len); + return; /* OpenFlow header, fixed-size message body and n * variable-size data units. */ case OFPT_FLOW_MOD: - if (len < OF_FLOW_MOD_LEN) + if (len < OF_FLOW_MOD_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - return of10_flow_mod_print(ndo, cp, ep, len); + break; + of10_flow_mod_print(ndo, cp, len); + return; /* OpenFlow header, fixed-size message body and n * variable-size data units. */ case OFPT_QUEUE_GET_CONFIG_REPLY: /* [OF10] Section 5.3.4 */ - if (len < OF_QUEUE_GET_CONFIG_REPLY_LEN) + if (len < OF_QUEUE_GET_CONFIG_REPLY_MINLEN - OF_HEADER_FIXLEN) goto invalid; if (ndo->ndo_vflag < 1) - goto next_message; - /* port */ - ND_TCHECK2(*cp, 2); - ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); - cp += 2; - /* pad */ - ND_TCHECK2(*cp, 6); - cp += 6; - /* queues */ - return of10_queues_print(ndo, cp, ep, len - OF_QUEUE_GET_CONFIG_REPLY_LEN); + break; + of10_queue_get_config_reply_print(ndo, cp, len); + return; } /* switch (type) */ - goto next_message; + /* + * Not a recognised type or did not print the details, fall back to + * a bounds check. + */ + ND_TCHECK_LEN(cp, len); + return; invalid: /* skip the message body */ - ND_PRINT((ndo, "%s", istr)); -next_message: - ND_TCHECK2(*cp0, len0 - OF_HEADER_LEN); - return cp0 + len0 - OF_HEADER_LEN; -trunc: - ND_PRINT((ndo, "%s", tstr)); - return ep; + nd_print_invalid(ndo); + ND_TCHECK_LEN(cp, len); }