X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/9d046ee0503d4c8cbfcb200c88986de876f6cae7..HEAD:/print-ospf6.c diff --git a/print-ospf6.c b/print-ospf6.c index c94a7793..c6f5f67d 100644 --- a/print-ospf6.c +++ b/print-ospf6.c @@ -23,9 +23,7 @@ /* \summary: IPv6 Open Shortest Path First (OSPFv3) printer */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" @@ -95,7 +93,7 @@ #define RLA_FLAG_E 0x02 #define RLA_FLAG_V 0x04 #define RLA_FLAG_W 0x08 -#define RLA_FLAG_N 0x10 +#define RLA_FLAG_Nt 0x10 /* lsa_prefix options */ #define LSA_PREFIX_OPT_NU 0x01 @@ -103,6 +101,7 @@ #define LSA_PREFIX_OPT_MC 0x04 #define LSA_PREFIX_OPT_P 0x08 #define LSA_PREFIX_OPT_DN 0x10 +#define LSA_PREFIX_OPT_N 0x20 /* sla_tosmetric breakdown */ #define SLA_MASK_TOS 0x7f000000 @@ -302,8 +301,8 @@ static const struct tok ospf6_rla_flag_values[] = { { RLA_FLAG_B, "ABR" }, { RLA_FLAG_E, "External" }, { RLA_FLAG_V, "Virtual-Link Endpoint" }, - { RLA_FLAG_W, "Wildcard Receiver" }, - { RLA_FLAG_N, "NSSA Translator" }, + { RLA_FLAG_W, "Deprecated" }, + { RLA_FLAG_Nt, "NSSA Translator" }, { 0, NULL } }; @@ -362,6 +361,7 @@ static const struct tok ospf6_lsa_prefix_option_values[] = { { LSA_PREFIX_OPT_MC, "Deprecated" }, { LSA_PREFIX_OPT_P, "Propagate" }, { LSA_PREFIX_OPT_DN, "Down" }, + { LSA_PREFIX_OPT_N, "N-bit" }, { 0, NULL } }; @@ -379,22 +379,30 @@ ospf6_print_ls_type(netdissect_options *ndo, ls_type & LS_TYPE_MASK, tok2str(ospf6_ls_scope_values, "Unknown", ls_type & LS_SCOPE_MASK), ls_type &0x8000 ? ", transitive" : "", /* U-bit */ - GET_IPADDR_STRING((const u_char *)ls_stateid)); + GET_IPADDR_STRING(ls_stateid)); } static int ospf6_print_lshdr(netdissect_options *ndo, const struct lsa6_hdr *lshp, const u_char *dataend) { + u_int ls_length; + if ((const u_char *)(lshp + 1) > dataend) goto trunc; - ND_TCHECK_4(lshp->ls_router); - ND_PRINT("\n\t Advertising Router %s, seq 0x%08x, age %us, length %u", - GET_IPADDR_STRING(lshp->ls_router), - GET_BE_U_4(lshp->ls_seq), - GET_BE_U_2(lshp->ls_age), - GET_BE_U_2(lshp->ls_length)-(u_int)sizeof(struct lsa6_hdr)); + ls_length = GET_BE_U_2(lshp->ls_length); + if (ls_length < sizeof(struct lsa_hdr)) { + ND_PRINT("\n\t Bogus length %u < header (%zu)", ls_length, + sizeof(struct lsa_hdr)); + goto trunc; + } + + ND_PRINT("\n\t Advertising Router %s, seq 0x%08x, age %us, length %zu", + GET_IPADDR_STRING(lshp->ls_router), + GET_BE_U_4(lshp->ls_seq), + GET_BE_U_2(lshp->ls_age), + ls_length-sizeof(struct lsa6_hdr)); ospf6_print_ls_type(ndo, GET_BE_U_2(lshp->ls_type), &lshp->ls_stateid); @@ -424,9 +432,8 @@ ospf6_print_lsaprefix(netdissect_options *ndo, if (lsa_length < wordlen * 4) goto trunc; lsa_length -= wordlen * 4; - ND_TCHECK_LEN(lsapp->lsa_p_prefix, wordlen * 4); memset(prefix, 0, sizeof(prefix)); - memcpy(prefix, lsapp->lsa_p_prefix, wordlen * 4); + GET_CPY_BYTES(prefix, lsapp->lsa_p_prefix, wordlen * 4); ND_PRINT("\n\t\t%s/%u", ip6addr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IP6ADDR_STRING() */ GET_U_1(lsapp->lsa_p_len)); if (GET_U_1(lsapp->lsa_p_opt)) { @@ -471,7 +478,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (ospf6_print_lshdr(ndo, &lsap->ls_hdr, dataend)) return (1); - ND_TCHECK_2(lsap->ls_hdr.ls_length); length = GET_BE_U_2(lsap->ls_hdr.ls_length); /* @@ -490,7 +496,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (lsap->lsa_un.un_rla.rla_options)) return (1); lsa_length -= sizeof (lsap->lsa_un.un_rla.rla_options); - ND_TCHECK_4(lsap->lsa_un.un_rla.rla_options); ND_PRINT("\n\t Options [%s]", bittok2str(ospf6_option_values, "none", GET_BE_U_4(lsap->lsa_un.un_rla.rla_options))); @@ -544,7 +549,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (lsap->lsa_un.un_nla.nla_options)) return (1); lsa_length -= sizeof (lsap->lsa_un.un_nla.nla_options); - ND_TCHECK_4(lsap->lsa_un.un_nla.nla_options); ND_PRINT("\n\t Options [%s]", bittok2str(ospf6_option_values, "none", GET_BE_U_4(lsap->lsa_un.un_nla.nla_options))); @@ -555,8 +559,7 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (*ap)) return (1); lsa_length -= sizeof (*ap); - ND_TCHECK_SIZE(ap); - ND_PRINT("\n\t\t%s", GET_IPADDR_STRING(*ap)); + ND_PRINT("\n\t\t%s", GET_IPADDR_STRING(ap)); ++ap; } break; @@ -565,7 +568,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (lsap->lsa_un.un_inter_ap.inter_ap_metric)) return (1); lsa_length -= sizeof (lsap->lsa_un.un_inter_ap.inter_ap_metric); - ND_TCHECK_4(lsap->lsa_un.un_inter_ap.inter_ap_metric); ND_PRINT(", metric %u", GET_BE_U_4(lsap->lsa_un.un_inter_ap.inter_ap_metric) & SLA_MASK_METRIC); @@ -574,6 +576,11 @@ ospf6_print_lsa(netdissect_options *ndo, bytelen = ospf6_print_lsaprefix(ndo, tptr, lsa_length); if (bytelen < 0) goto trunc; + /* + * ospf6_print_lsaprefix() will return -1 if + * the length is too high, so this will not + * underflow. + */ lsa_length -= bytelen; tptr += bytelen; } @@ -583,7 +590,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (lsap->lsa_un.un_asla.asla_metric)) return (1); lsa_length -= sizeof (lsap->lsa_un.un_asla.asla_metric); - ND_TCHECK_4(lsap->lsa_un.un_asla.asla_metric); flags32 = GET_BE_U_4(lsap->lsa_un.un_asla.asla_metric); ND_PRINT("\n\t Flags [%s]", bittok2str(ospf6_asla_flag_values, "none", flags32)); @@ -596,6 +602,11 @@ ospf6_print_lsa(netdissect_options *ndo, bytelen = ospf6_print_lsaprefix(ndo, tptr, lsa_length); if (bytelen < 0) goto trunc; + /* + * ospf6_print_lsaprefix() will return -1 if + * the length is too high, so this will not + * underflow. + */ lsa_length -= bytelen; tptr += bytelen; @@ -603,7 +614,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (nd_ipv6)) return (1); lsa_length -= sizeof (nd_ipv6); - ND_TCHECK_16(tptr); ND_PRINT(" forward %s", GET_IP6ADDR_STRING(tptr)); tptr += sizeof(nd_ipv6); @@ -613,7 +623,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (uint32_t)) return (1); lsa_length -= sizeof (uint32_t); - ND_TCHECK_4(tptr); ND_PRINT(" tag %s", GET_IPADDR_STRING(tptr)); tptr += sizeof(uint32_t); @@ -623,7 +632,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (uint32_t)) return (1); lsa_length -= sizeof (uint32_t); - ND_TCHECK_4(tptr); ND_PRINT(" RefLSID: %s", GET_IPADDR_STRING(tptr)); tptr += sizeof(uint32_t); @@ -644,7 +652,6 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (llsap->llsa_lladdr) + sizeof (llsap->llsa_nprefix)) return (1); lsa_length -= sizeof (llsap->llsa_lladdr) + sizeof (llsap->llsa_nprefix); - ND_TCHECK_4(llsap->llsa_nprefix); prefixes = GET_BE_U_4(llsap->llsa_nprefix); ND_PRINT("\n\t Priority %u, Link-local address %s, Prefixes %u:", GET_U_1(llsap->llsa_priority), @@ -652,11 +659,16 @@ ospf6_print_lsa(netdissect_options *ndo, prefixes); tptr = (const uint8_t *)llsap->llsa_prefix; - while (prefixes > 0) { + while (prefixes != 0) { bytelen = ospf6_print_lsaprefix(ndo, tptr, lsa_length); if (bytelen < 0) goto trunc; prefixes--; + /* + * ospf6_print_lsaprefix() will return -1 if + * the length is too high, so this will not + * underflow. + */ lsa_length -= bytelen; tptr += bytelen; } @@ -675,16 +687,20 @@ ospf6_print_lsa(netdissect_options *ndo, if (lsa_length < sizeof (lsap->lsa_un.un_intra_ap.intra_ap_nprefix)) return (1); lsa_length -= sizeof (lsap->lsa_un.un_intra_ap.intra_ap_nprefix); - ND_TCHECK_2(lsap->lsa_un.un_intra_ap.intra_ap_nprefix); prefixes = GET_BE_U_2(lsap->lsa_un.un_intra_ap.intra_ap_nprefix); ND_PRINT("\n\t Prefixes %u:", prefixes); tptr = (const uint8_t *)lsap->lsa_un.un_intra_ap.intra_ap_prefix; - while (prefixes > 0) { + while (prefixes != 0) { bytelen = ospf6_print_lsaprefix(ndo, tptr, lsa_length); if (bytelen < 0) goto trunc; prefixes--; + /* + * ospf6_print_lsaprefix() will return -1 if + * the length is too high, so this will not + * underflow. + */ lsa_length -= bytelen; tptr += bytelen; } @@ -725,30 +741,26 @@ ospf6_decode_v3(netdissect_options *ndo, const struct lsr6 *lsrp; const struct lsa6_hdr *lshp; const struct lsa6 *lsap; - int i; + uint32_t i; switch (GET_U_1(op->ospf6_type)) { case OSPF_TYPE_HELLO: { const struct hello6 *hellop = (const struct hello6 *)((const uint8_t *)op + OSPF6HDR_LEN); - ND_TCHECK_4(hellop->hello_options); ND_PRINT("\n\tOptions [%s]", bittok2str(ospf6_option_values, "none", GET_BE_U_4(hellop->hello_options))); - ND_TCHECK_2(hellop->hello_deadint); ND_PRINT("\n\t Hello Timer %us, Dead Timer %us, Interface-ID %s, Priority %u", GET_BE_U_2(hellop->hello_helloint), GET_BE_U_2(hellop->hello_deadint), GET_IPADDR_STRING(hellop->hello_ifid), GET_U_1(hellop->hello_priority)); - ND_TCHECK_4(hellop->hello_dr); if (GET_BE_U_4(hellop->hello_dr) != 0) ND_PRINT("\n\t Designated Router %s", GET_IPADDR_STRING(hellop->hello_dr)); - ND_TCHECK_4(hellop->hello_bdr); if (GET_BE_U_4(hellop->hello_bdr) != 0) ND_PRINT(", Backup Designated Router %s", GET_IPADDR_STRING(hellop->hello_bdr)); @@ -756,8 +768,7 @@ ospf6_decode_v3(netdissect_options *ndo, ND_PRINT("\n\t Neighbor List:"); ap = hellop->hello_neighbor; while ((const u_char *)ap < dataend) { - ND_TCHECK_SIZE(ap); - ND_PRINT("\n\t %s", GET_IPADDR_STRING(*ap)); + ND_PRINT("\n\t %s", GET_IPADDR_STRING(ap)); ++ap; } } @@ -767,15 +778,12 @@ ospf6_decode_v3(netdissect_options *ndo, case OSPF_TYPE_DD: { const struct dd6 *ddp = (const struct dd6 *)((const uint8_t *)op + OSPF6HDR_LEN); - ND_TCHECK_4(ddp->db_options); ND_PRINT("\n\tOptions [%s]", bittok2str(ospf6_option_values, "none", GET_BE_U_4(ddp->db_options))); - ND_TCHECK_1(ddp->db_flags); ND_PRINT(", DD Flags [%s]", bittok2str(ospf6_dd_flag_values,"none",GET_U_1(ddp->db_flags))); - ND_TCHECK_4(ddp->db_seq); ND_PRINT(", MTU %u, DD-Sequence 0x%08x", GET_BE_U_2(ddp->db_mtu), GET_BE_U_4(ddp->db_seq)); @@ -809,7 +817,6 @@ ospf6_decode_v3(netdissect_options *ndo, if (ndo->ndo_vflag > 1) { const struct lsu6 *lsup = (const struct lsu6 *)((const uint8_t *)op + OSPF6HDR_LEN); - ND_TCHECK_4(lsup->lsu_count); i = GET_BE_U_4(lsup->lsu_count); lsap = lsup->lsu_lsa; while ((const u_char *)lsap < dataend && i--) { @@ -851,11 +858,9 @@ ospf6_print_lls(netdissect_options *ndo, if (len < OSPF_LLS_HDRLEN) goto trunc; /* Checksum */ - ND_TCHECK_2(cp); ND_PRINT("\n\tLLS Checksum 0x%04x", GET_BE_U_2(cp)); cp += 2; /* LLS Data Length */ - ND_TCHECK_2(cp); llsdatalen = GET_BE_U_2(cp); ND_PRINT(", Data Length %u", llsdatalen); if (llsdatalen < OSPF_LLS_HDRLEN || llsdatalen > len) @@ -882,30 +887,24 @@ ospf6_decode_at(netdissect_options *ndo, if (len < OSPF6_AT_HDRLEN) goto trunc; /* Authentication Type */ - ND_TCHECK_2(cp); ND_PRINT("\n\tAuthentication Type %s", tok2str(ospf6_auth_type_str, "unknown (0x%04x)", GET_BE_U_2(cp))); cp += 2; /* Auth Data Len */ - ND_TCHECK_2(cp); authdatalen = GET_BE_U_2(cp); ND_PRINT(", Length %u", authdatalen); if (authdatalen < OSPF6_AT_HDRLEN || authdatalen > len) goto trunc; cp += 2; /* Reserved */ - ND_TCHECK_2(cp); cp += 2; /* Security Association ID */ - ND_TCHECK_2(cp); ND_PRINT(", SAID %u", GET_BE_U_2(cp)); cp += 2; /* Cryptographic Sequence Number (High-Order 32 Bits) */ - ND_TCHECK_4(cp); ND_PRINT(", CSN 0x%08x", GET_BE_U_4(cp)); cp += 4; /* Cryptographic Sequence Number (Low-Order 32 Bits) */ - ND_TCHECK_4(cp); ND_PRINT(":%08x", GET_BE_U_4(cp)); cp += 4; /* Authentication Data */ @@ -935,12 +934,10 @@ ospf6_decode_v3_trailer(netdissect_options *ndo, type = GET_U_1(op->ospf6_type); if (type == OSPF_TYPE_HELLO) { const struct hello6 *hellop = (const struct hello6 *)((const uint8_t *)op + OSPF6HDR_LEN); - ND_TCHECK_4(hellop->hello_options); if (GET_BE_U_4(hellop->hello_options) & OSPF6_OPTION_L) lls_hello = 1; } else if (type == OSPF_TYPE_DD) { const struct dd6 *ddp = (const struct dd6 *)((const uint8_t *)op + OSPF6HDR_LEN); - ND_TCHECK_4(ddp->db_options); if (GET_BE_U_4(ddp->db_options) & OSPF6_OPTION_L) lls_dd = 1; } @@ -966,7 +963,6 @@ ospf6_print(netdissect_options *ndo, /* If the type is valid translate it, or just print the type */ /* value. If it's not valid, say so and return */ - ND_TCHECK_1(op->ospf6_type); cp = tok2str(ospf6_type_values, "unknown packet type (%u)", GET_U_1(op->ospf6_type)); ND_PRINT("OSPFv%u, %s, length %u", GET_U_1(op->ospf6_version), cp, @@ -980,7 +976,6 @@ ospf6_print(netdissect_options *ndo, } /* OSPFv3 data always comes first and optional trailing data may follow. */ - ND_TCHECK_2(op->ospf6_len); datalen = GET_BE_U_2(op->ospf6_len); if (datalen > length) { ND_PRINT(" [len %u]", datalen); @@ -988,15 +983,12 @@ ospf6_print(netdissect_options *ndo, } dataend = bp + datalen; - ND_TCHECK_4(op->ospf6_routerid); ND_PRINT("\n\tRouter-ID %s", GET_IPADDR_STRING(op->ospf6_routerid)); - ND_TCHECK_4(op->ospf6_areaid); if (GET_BE_U_4(op->ospf6_areaid) != 0) ND_PRINT(", Area %s", GET_IPADDR_STRING(op->ospf6_areaid)); else ND_PRINT(", Backbone Area"); - ND_TCHECK_1(op->ospf6_instanceid); if (GET_U_1(op->ospf6_instanceid)) ND_PRINT(", Instance %u", GET_U_1(op->ospf6_instanceid));