X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/b38f324af9dd953a661b9f35910f8c6d8eb2cc06..HEAD:/print-cfm.c diff --git a/print-cfm.c b/print-cfm.c index 745492bd..84fd5d94 100644 --- a/print-cfm.c +++ b/print-cfm.c @@ -12,35 +12,31 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ /* \summary: IEEE 802.1ag Connectivity Fault Management (CFM) protocols printer */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +#include -#include - -#include +#include "netdissect-stdinc.h" #include "netdissect.h" #include "extract.h" -#include "ether.h" #include "addrtoname.h" #include "oui.h" #include "af.h" + struct cfm_common_header_t { - uint8_t mdlevel_version; - uint8_t opcode; - uint8_t flags; - uint8_t first_tlv_offset; + nd_uint8_t mdlevel_version; + nd_uint8_t opcode; + nd_uint8_t flags; + nd_uint8_t first_tlv_offset; }; #define CFM_VERSION 0 -#define CFM_EXTRACT_VERSION(x) (((x)&0x1f)) +#define CFM_EXTRACT_VERSION(x) ((x)&0x1f) #define CFM_EXTRACT_MD_LEVEL(x) (((x)&0xe0)>>5) #define CFM_OPCODE_CCM 1 @@ -50,7 +46,7 @@ struct cfm_common_header_t { #define CFM_OPCODE_LTM 5 static const struct tok cfm_opcode_values[] = { - { CFM_OPCODE_CCM, "Continouity Check Message"}, + { CFM_OPCODE_CCM, "Continuity Check Message"}, { CFM_OPCODE_LBR, "Loopback Reply"}, { CFM_OPCODE_LBM, "Loopback Message"}, { CFM_OPCODE_LTR, "Linktrace Reply"}, @@ -62,25 +58,22 @@ static const struct tok cfm_opcode_values[] = { * Message Formats. */ struct cfm_ccm_t { - uint8_t sequence[4]; - uint8_t ma_epi[2]; - uint8_t md_nameformat; - uint8_t md_namelength; - uint8_t md_name[46]; /* md name and short ma name */ - uint8_t reserved_itu[16]; - uint8_t reserved[6]; + nd_uint32_t sequence; + nd_uint16_t ma_epi; + nd_byte names[48]; + nd_byte itu_t_y_1731[16]; }; /* * Timer Bases for the CCM Interval field. * Expressed in units of seconds. */ -const float ccm_interval_base[8] = {0, 0.003333, 0.01, 0.1, 1, 10, 60, 600}; +static const float ccm_interval_base[8] = {0.0f, 0.003333f, 0.01f, 0.1f, 1.0f, 10.0f, 60.0f, 600.0f}; #define CCM_INTERVAL_MIN_MULTIPLIER 3.25 #define CCM_INTERVAL_MAX_MULTIPLIER 3.5 #define CFM_CCM_RDI_FLAG 0x80 -#define CFM_EXTRACT_CCM_INTERVAL(x) (((x)&0x07)) +#define CFM_EXTRACT_CCM_INTERVAL(x) ((x)&0x07) #define CFM_CCM_MD_FORMAT_8021 0 #define CFM_CCM_MD_FORMAT_NONE 1 @@ -113,17 +106,14 @@ static const struct tok cfm_ma_nameformat_values[] = { }; struct cfm_lbm_t { - uint8_t transaction_id[4]; - uint8_t reserved[4]; + nd_uint32_t transaction_id; }; struct cfm_ltm_t { - uint8_t transaction_id[4]; - uint8_t egress_id[8]; - uint8_t ttl; - uint8_t original_mac[ETHER_ADDR_LEN]; - uint8_t target_mac[ETHER_ADDR_LEN]; - uint8_t reserved[3]; + nd_uint32_t transaction_id; + nd_uint8_t ttl; + nd_mac48 original_mac; + nd_mac48 target_mac; }; static const struct tok cfm_ltm_flag_values[] = { @@ -132,12 +122,9 @@ static const struct tok cfm_ltm_flag_values[] = { }; struct cfm_ltr_t { - uint8_t transaction_id[4]; - uint8_t last_egress_id[8]; - uint8_t next_egress_id[8]; - uint8_t ttl; - uint8_t replay_action; - uint8_t reserved[6]; + nd_uint32_t transaction_id; + nd_uint8_t ttl; + nd_uint8_t replay_action; }; static const struct tok cfm_ltr_flag_values[] = { @@ -181,8 +168,8 @@ static const struct tok cfm_tlv_values[] = { */ struct cfm_tlv_header_t { - uint8_t type; - uint8_t length[2]; + nd_uint8_t type; + nd_uint16_t length; }; /* FIXME define TLV formats */ @@ -225,32 +212,47 @@ static const struct tok cfm_tlv_senderid_chassisid_values[] = { static int -cfm_mgmt_addr_print(netdissect_options *ndo, - register const u_char *tptr) +cfm_network_addr_print(netdissect_options *ndo, + const u_char *tptr, const u_int length) { - u_int mgmt_addr_type; + u_int network_addr_type; u_int hexdump = FALSE; /* - * Altough AFIs are tpically 2 octects wide, + * Although AFIs are typically 2 octets wide, * 802.1ab specifies that this field width - * is only once octet + * is only one octet. */ - mgmt_addr_type = *tptr; - ND_PRINT((ndo, "\n\t Management Address Type %s (%u)", - tok2str(af_values, "Unknown", mgmt_addr_type), - mgmt_addr_type)); + if (length < 1) { + ND_PRINT("\n\t Network Address Type (invalid, no data"); + return hexdump; + } + /* The calling function must make any due ND_TCHECK calls. */ + network_addr_type = GET_U_1(tptr); + ND_PRINT("\n\t Network Address Type %s (%u)", + tok2str(af_values, "Unknown", network_addr_type), + network_addr_type); /* * Resolve the passed in Address. */ - switch(mgmt_addr_type) { - case AFNUM_INET: - ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr + 1))); + switch(network_addr_type) { + case AFNUM_IP: + if (length != 1 + 4) { + ND_PRINT("(invalid IPv4 address length %u)", length - 1); + hexdump = TRUE; + break; + } + ND_PRINT(", %s", GET_IPADDR_STRING(tptr + 1)); break; - case AFNUM_INET6: - ND_PRINT((ndo, ", %s", ip6addr_string(ndo, tptr + 1))); + case AFNUM_IP6: + if (length != 1 + 16) { + ND_PRINT("(invalid IPv6 address length %u)", length - 1); + hexdump = TRUE; + break; + } + ND_PRINT(", %s", GET_IP6ADDR_STRING(tptr + 1)); break; default: @@ -261,29 +263,20 @@ cfm_mgmt_addr_print(netdissect_options *ndo, return hexdump; } -/* - * The egress-ID string is a 16-Bit string plus a MAC address. - */ -static const char * -cfm_egress_id_string(netdissect_options *ndo, register const u_char *tptr) -{ - static char egress_id_buffer[80]; - - snprintf(egress_id_buffer, sizeof(egress_id_buffer), - "MAC 0x%4x-%s", - EXTRACT_16BITS(tptr), - etheraddr_string(ndo, tptr+2)); - - return egress_id_buffer; -} - void cfm_print(netdissect_options *ndo, - register const u_char *pptr, register u_int length) + const u_char *pptr, u_int length) { const struct cfm_common_header_t *cfm_common_header; + uint8_t mdlevel_version, opcode, flags, first_tlv_offset; const struct cfm_tlv_header_t *cfm_tlv_header; - const uint8_t *tptr, *tlv_ptr, *ma_name, *ma_nameformat, *ma_namelength; + const uint8_t *tptr, *tlv_ptr; + const uint8_t *namesp; + u_int names_data_remaining; + uint8_t md_nameformat, md_namelength; + const uint8_t *md_name; + uint8_t ma_nameformat, ma_namelength; + const uint8_t *ma_name; u_int hexdump, tlen, cfm_tlv_len, cfm_tlv_type, ccm_interval; @@ -294,24 +287,29 @@ cfm_print(netdissect_options *ndo, const struct cfm_ltr_t *cfm_ltr; } msg_ptr; + ndo->ndo_protocol = "cfm"; tptr=pptr; cfm_common_header = (const struct cfm_common_header_t *)pptr; - ND_TCHECK(*cfm_common_header); + if (length < sizeof(*cfm_common_header)) + goto tooshort; + ND_TCHECK_SIZE(cfm_common_header); /* * Sanity checking of the header. */ - if (CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version) != CFM_VERSION) { - ND_PRINT((ndo, "CFMv%u not supported, length %u", - CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version), length)); + mdlevel_version = GET_U_1(cfm_common_header->mdlevel_version); + if (CFM_EXTRACT_VERSION(mdlevel_version) != CFM_VERSION) { + ND_PRINT("CFMv%u not supported, length %u", + CFM_EXTRACT_VERSION(mdlevel_version), length); return; } - ND_PRINT((ndo, "CFMv%u %s, MD Level %u, length %u", - CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version), - tok2str(cfm_opcode_values, "unknown (%u)", cfm_common_header->opcode), - CFM_EXTRACT_MD_LEVEL(cfm_common_header->mdlevel_version), - length)); + opcode = GET_U_1(cfm_common_header->opcode); + ND_PRINT("CFMv%u %s, MD Level %u, length %u", + CFM_EXTRACT_VERSION(mdlevel_version), + tok2str(cfm_opcode_values, "unknown (%u)", opcode), + CFM_EXTRACT_MD_LEVEL(mdlevel_version), + length); /* * In non-verbose mode just print the opcode and md-level. @@ -320,85 +318,139 @@ cfm_print(netdissect_options *ndo, return; } - ND_PRINT((ndo, "\n\tFirst TLV offset %u", cfm_common_header->first_tlv_offset)); + flags = GET_U_1(cfm_common_header->flags); + first_tlv_offset = GET_U_1(cfm_common_header->first_tlv_offset); + ND_PRINT("\n\tFirst TLV offset %u", first_tlv_offset); - tptr += sizeof(const struct cfm_common_header_t); + tptr += sizeof(struct cfm_common_header_t); tlen = length - sizeof(struct cfm_common_header_t); - switch (cfm_common_header->opcode) { + /* + * Sanity check the first TLV offset. + */ + if (first_tlv_offset > tlen) { + ND_PRINT(" (too large, must be <= %u)", tlen); + return; + } + + switch (opcode) { case CFM_OPCODE_CCM: msg_ptr.cfm_ccm = (const struct cfm_ccm_t *)tptr; + if (first_tlv_offset < sizeof(*msg_ptr.cfm_ccm)) { + ND_PRINT(" (too small 1, must be >= %zu)", + sizeof(*msg_ptr.cfm_ccm)); + return; + } + if (tlen < sizeof(*msg_ptr.cfm_ccm)) + goto tooshort; + ND_TCHECK_SIZE(msg_ptr.cfm_ccm); - ccm_interval = CFM_EXTRACT_CCM_INTERVAL(cfm_common_header->flags); - ND_PRINT((ndo, ", Flags [CCM Interval %u%s]", + ccm_interval = CFM_EXTRACT_CCM_INTERVAL(flags); + ND_PRINT(", Flags [CCM Interval %u%s]", ccm_interval, - cfm_common_header->flags & CFM_CCM_RDI_FLAG ? - ", RDI" : "")); + flags & CFM_CCM_RDI_FLAG ? + ", RDI" : ""); /* * Resolve the CCM interval field. */ if (ccm_interval) { - ND_PRINT((ndo, "\n\t CCM Interval %.3fs" + ND_PRINT("\n\t CCM Interval %.3fs" ", min CCM Lifetime %.3fs, max CCM Lifetime %.3fs", ccm_interval_base[ccm_interval], ccm_interval_base[ccm_interval] * CCM_INTERVAL_MIN_MULTIPLIER, - ccm_interval_base[ccm_interval] * CCM_INTERVAL_MAX_MULTIPLIER)); + ccm_interval_base[ccm_interval] * CCM_INTERVAL_MAX_MULTIPLIER); } - ND_PRINT((ndo, "\n\t Sequence Number 0x%08x, MA-End-Point-ID 0x%04x", - EXTRACT_32BITS(msg_ptr.cfm_ccm->sequence), - EXTRACT_16BITS(msg_ptr.cfm_ccm->ma_epi))); + ND_PRINT("\n\t Sequence Number 0x%08x, MA-End-Point-ID 0x%04x", + GET_BE_U_4(msg_ptr.cfm_ccm->sequence), + GET_BE_U_2(msg_ptr.cfm_ccm->ma_epi)); + namesp = msg_ptr.cfm_ccm->names; + names_data_remaining = sizeof(msg_ptr.cfm_ccm->names); /* * Resolve the MD fields. */ - ND_PRINT((ndo, "\n\t MD Name Format %s (%u), MD Name length %u", - tok2str(cfm_md_nameformat_values, "Unknown", - msg_ptr.cfm_ccm->md_nameformat), - msg_ptr.cfm_ccm->md_nameformat, - msg_ptr.cfm_ccm->md_namelength)); - - if (msg_ptr.cfm_ccm->md_nameformat != CFM_CCM_MD_FORMAT_NONE) { - ND_PRINT((ndo, "\n\t MD Name: ")); - switch (msg_ptr.cfm_ccm->md_nameformat) { + md_nameformat = GET_U_1(namesp); + namesp++; + names_data_remaining--; /* We know this is != 0 */ + if (md_nameformat != CFM_CCM_MD_FORMAT_NONE) { + md_namelength = GET_U_1(namesp); + namesp++; + names_data_remaining--; /* We know this is !=0 */ + ND_PRINT("\n\t MD Name Format %s (%u), MD Name length %u", + tok2str(cfm_md_nameformat_values, "Unknown", + md_nameformat), + md_nameformat, + md_namelength); + + /* + * -3 for the MA short name format and length and one byte + * of MA short name. + */ + if (md_namelength > names_data_remaining - 3) { + ND_PRINT(" (too large, must be <= %u)", names_data_remaining - 2); + return; + } + + md_name = namesp; + ND_PRINT("\n\t MD Name: "); + switch (md_nameformat) { case CFM_CCM_MD_FORMAT_DNS: case CFM_CCM_MD_FORMAT_CHAR: - safeputs(ndo, msg_ptr.cfm_ccm->md_name, msg_ptr.cfm_ccm->md_namelength); + nd_printjnp(ndo, md_name, md_namelength); break; case CFM_CCM_MD_FORMAT_MAC: - ND_PRINT((ndo, "\n\t MAC %s", etheraddr_string(ndo, - msg_ptr.cfm_ccm->md_name))); + if (md_namelength == MAC48_LEN) { + ND_PRINT("\n\t MAC %s", GET_MAC48_STRING(md_name)); + } else { + ND_PRINT("\n\t MAC (length invalid)"); + } break; /* FIXME add printers for those MD formats - hexdump for now */ case CFM_CCM_MA_FORMAT_8021: default: - print_unknown_data(ndo, msg_ptr.cfm_ccm->md_name, "\n\t ", - msg_ptr.cfm_ccm->md_namelength); + print_unknown_data(ndo, md_name, "\n\t ", + md_namelength); } + namesp += md_namelength; + names_data_remaining -= md_namelength; + } else { + ND_PRINT("\n\t MD Name Format %s (%u)", + tok2str(cfm_md_nameformat_values, "Unknown", + md_nameformat), + md_nameformat); } /* * Resolve the MA fields. */ - ma_nameformat = msg_ptr.cfm_ccm->md_name + msg_ptr.cfm_ccm->md_namelength; - ma_namelength = msg_ptr.cfm_ccm->md_name + msg_ptr.cfm_ccm->md_namelength + 1; - ma_name = msg_ptr.cfm_ccm->md_name + msg_ptr.cfm_ccm->md_namelength + 2; - - ND_PRINT((ndo, "\n\t MA Name-Format %s (%u), MA name length %u", + ma_nameformat = GET_U_1(namesp); + namesp++; + names_data_remaining--; /* We know this is != 0 */ + ma_namelength = GET_U_1(namesp); + namesp++; + names_data_remaining--; /* We know this is != 0 */ + ND_PRINT("\n\t MA Name-Format %s (%u), MA name length %u", tok2str(cfm_ma_nameformat_values, "Unknown", - *ma_nameformat), - *ma_nameformat, - *ma_namelength)); + ma_nameformat), + ma_nameformat, + ma_namelength); - ND_PRINT((ndo, "\n\t MA Name: ")); - switch (*ma_nameformat) { + if (ma_namelength > names_data_remaining) { + ND_PRINT(" (too large, must be <= %u)", names_data_remaining); + return; + } + + ma_name = namesp; + ND_PRINT("\n\t MA Name: "); + switch (ma_nameformat) { case CFM_CCM_MA_FORMAT_CHAR: - safeputs(ndo, ma_name, *ma_namelength); + nd_printjnp(ndo, ma_name, ma_namelength); break; /* FIXME add printers for those MA formats - hexdump for now */ @@ -407,45 +459,56 @@ cfm_print(netdissect_options *ndo, case CFM_CCM_MA_FORMAT_INT: case CFM_CCM_MA_FORMAT_VPN: default: - print_unknown_data(ndo, ma_name, "\n\t ", *ma_namelength); + print_unknown_data(ndo, ma_name, "\n\t ", ma_namelength); } break; case CFM_OPCODE_LTM: msg_ptr.cfm_ltm = (const struct cfm_ltm_t *)tptr; + if (first_tlv_offset < sizeof(*msg_ptr.cfm_ltm)) { + ND_PRINT(" (too small 4, must be >= %zu)", + sizeof(*msg_ptr.cfm_ltm)); + return; + } + if (tlen < sizeof(*msg_ptr.cfm_ltm)) + goto tooshort; + ND_TCHECK_SIZE(msg_ptr.cfm_ltm); - ND_PRINT((ndo, ", Flags [%s]", - bittok2str(cfm_ltm_flag_values, "none", cfm_common_header->flags))); + ND_PRINT(", Flags [%s]", + bittok2str(cfm_ltm_flag_values, "none", flags)); - ND_PRINT((ndo, "\n\t Transaction-ID 0x%08x, Egress-ID %s, ttl %u", - EXTRACT_32BITS(msg_ptr.cfm_ltm->transaction_id), - cfm_egress_id_string(ndo, msg_ptr.cfm_ltm->egress_id), - msg_ptr.cfm_ltm->ttl)); + ND_PRINT("\n\t Transaction-ID 0x%08x, ttl %u", + GET_BE_U_4(msg_ptr.cfm_ltm->transaction_id), + GET_U_1(msg_ptr.cfm_ltm->ttl)); - ND_PRINT((ndo, "\n\t Original-MAC %s, Target-MAC %s", - etheraddr_string(ndo, msg_ptr.cfm_ltm->original_mac), - etheraddr_string(ndo, msg_ptr.cfm_ltm->target_mac))); + ND_PRINT("\n\t Original-MAC %s, Target-MAC %s", + GET_MAC48_STRING(msg_ptr.cfm_ltm->original_mac), + GET_MAC48_STRING(msg_ptr.cfm_ltm->target_mac)); break; case CFM_OPCODE_LTR: msg_ptr.cfm_ltr = (const struct cfm_ltr_t *)tptr; + if (first_tlv_offset < sizeof(*msg_ptr.cfm_ltr)) { + ND_PRINT(" (too small 5, must be >= %zu)", + sizeof(*msg_ptr.cfm_ltr)); + return; + } + if (tlen < sizeof(*msg_ptr.cfm_ltr)) + goto tooshort; + ND_TCHECK_SIZE(msg_ptr.cfm_ltr); - ND_PRINT((ndo, ", Flags [%s]", - bittok2str(cfm_ltr_flag_values, "none", cfm_common_header->flags))); - - ND_PRINT((ndo, "\n\t Transaction-ID 0x%08x, Last-Egress-ID %s", - EXTRACT_32BITS(msg_ptr.cfm_ltr->transaction_id), - cfm_egress_id_string(ndo, msg_ptr.cfm_ltr->last_egress_id))); + ND_PRINT(", Flags [%s]", + bittok2str(cfm_ltr_flag_values, "none", flags)); - ND_PRINT((ndo, "\n\t Next-Egress-ID %s, ttl %u", - cfm_egress_id_string(ndo, msg_ptr.cfm_ltr->next_egress_id), - msg_ptr.cfm_ltr->ttl)); + ND_PRINT("\n\t Transaction-ID 0x%08x, ttl %u", + GET_BE_U_4(msg_ptr.cfm_ltr->transaction_id), + GET_U_1(msg_ptr.cfm_ltr->ttl)); - ND_PRINT((ndo, "\n\t Replay-Action %s (%u)", + ND_PRINT("\n\t Replay-Action %s (%u)", tok2str(cfm_ltr_replay_action_values, "Unknown", - msg_ptr.cfm_ltr->replay_action), - msg_ptr.cfm_ltr->replay_action)); + GET_U_1(msg_ptr.cfm_ltr->replay_action)), + GET_U_1(msg_ptr.cfm_ltr->replay_action)); break; /* @@ -455,83 +518,77 @@ cfm_print(netdissect_options *ndo, case CFM_OPCODE_LBR: case CFM_OPCODE_LBM: default: - if (tlen > cfm_common_header->first_tlv_offset) { - print_unknown_data(ndo, tptr, "\n\t ", - tlen - cfm_common_header->first_tlv_offset); - } + print_unknown_data(ndo, tptr, "\n\t ", + tlen - first_tlv_offset); break; } - /* - * Sanity check for not walking off. - */ - if (tlen <= cfm_common_header->first_tlv_offset) { - return; - } + tptr += first_tlv_offset; + tlen -= first_tlv_offset; - tptr += cfm_common_header->first_tlv_offset; - tlen -= cfm_common_header->first_tlv_offset; - - while (tlen > 0) { + while (tlen != 0) { cfm_tlv_header = (const struct cfm_tlv_header_t *)tptr; /* Enough to read the tlv type ? */ - ND_TCHECK2(*tptr, 1); - cfm_tlv_type=cfm_tlv_header->type; - - if (cfm_tlv_type != CFM_TLV_END) { - /* did we capture enough for fully decoding the object header ? */ - ND_TCHECK2(*tptr, sizeof(struct cfm_tlv_header_t)); - cfm_tlv_len=EXTRACT_16BITS(&cfm_tlv_header->length); - } else { - cfm_tlv_len = 0; - } + cfm_tlv_type = GET_U_1(cfm_tlv_header->type); - ND_PRINT((ndo, "\n\t%s TLV (0x%02x), length %u", + ND_PRINT("\n\t%s TLV (0x%02x)", tok2str(cfm_tlv_values, "Unknown", cfm_tlv_type), - cfm_tlv_type, - cfm_tlv_len)); - - /* sanity check for not walking off and infinite loop check. */ - if ((cfm_tlv_type != CFM_TLV_END) && - ((cfm_tlv_len + sizeof(struct cfm_tlv_header_t) > tlen) || - (!cfm_tlv_len))) { - print_unknown_data(ndo, tptr, "\n\t ", tlen); + cfm_tlv_type); + + if (cfm_tlv_type == CFM_TLV_END) { + /* Length is "Not present if the Type field is 0." */ return; } + /* do we have the full tlv header ? */ + if (tlen < sizeof(struct cfm_tlv_header_t)) + goto tooshort; + ND_TCHECK_LEN(tptr, sizeof(struct cfm_tlv_header_t)); + cfm_tlv_len=GET_BE_U_2(cfm_tlv_header->length); + + ND_PRINT(", length %u", cfm_tlv_len); + tptr += sizeof(struct cfm_tlv_header_t); tlen -= sizeof(struct cfm_tlv_header_t); tlv_ptr = tptr; - /* did we capture enough for fully decoding the object ? */ - if (cfm_tlv_type != CFM_TLV_END) { - ND_TCHECK2(*tptr, cfm_tlv_len); - } + /* do we have the full tlv ? */ + if (tlen < cfm_tlv_len) + goto tooshort; + ND_TCHECK_LEN(tptr, cfm_tlv_len); hexdump = FALSE; switch(cfm_tlv_type) { - case CFM_TLV_END: - /* we are done - bail out */ - return; - case CFM_TLV_PORT_STATUS: - ND_PRINT((ndo, ", Status: %s (%u)", - tok2str(cfm_tlv_port_status_values, "Unknown", *tptr), - *tptr)); + if (cfm_tlv_len < 1) { + ND_PRINT(" (too short, must be >= 1)"); + return; + } + ND_PRINT(", Status: %s (%u)", + tok2str(cfm_tlv_port_status_values, "Unknown", GET_U_1(tptr)), + GET_U_1(tptr)); break; case CFM_TLV_INTERFACE_STATUS: - ND_PRINT((ndo, ", Status: %s (%u)", - tok2str(cfm_tlv_interface_status_values, "Unknown", *tptr), - *tptr)); + if (cfm_tlv_len < 1) { + ND_PRINT(" (too short, must be >= 1)"); + return; + } + ND_PRINT(", Status: %s (%u)", + tok2str(cfm_tlv_interface_status_values, "Unknown", GET_U_1(tptr)), + GET_U_1(tptr)); break; case CFM_TLV_PRIVATE: - ND_PRINT((ndo, ", Vendor: %s (%u), Sub-Type %u", - tok2str(oui_values,"Unknown", EXTRACT_24BITS(tptr)), - EXTRACT_24BITS(tptr), - *(tptr + 3))); + if (cfm_tlv_len < 4) { + ND_PRINT(" (too short, must be >= 4)"); + return; + } + ND_PRINT(", Vendor: %s (%u), Sub-Type %u", + tok2str(oui_values,"Unknown", GET_BE_U_3(tptr)), + GET_BE_U_3(tptr), + GET_U_1(tptr + 3)); hexdump = TRUE; break; @@ -540,34 +597,57 @@ cfm_print(netdissect_options *ndo, u_int chassis_id_type, chassis_id_length; u_int mgmt_addr_length; - /* - * Check if there is a Chassis-ID. - */ - chassis_id_length = *tptr; - if (chassis_id_length > tlen) { - hexdump = TRUE; - break; + if (cfm_tlv_len < 1) { + ND_PRINT(" (too short, must be >= 1)"); + goto next_tlv; } + /* + * Get the Chassis ID length and check it. + * IEEE 802.1Q-2014 Section 21.5.3.1 + */ + chassis_id_length = GET_U_1(tptr); tptr++; tlen--; + cfm_tlv_len--; if (chassis_id_length) { - chassis_id_type = *tptr; - ND_PRINT((ndo, "\n\t Chassis-ID Type %s (%u), Chassis-ID length %u", + /* + * IEEE 802.1Q-2014 Section 21.5.3.2: Chassis ID Subtype, references + * IEEE 802.1AB-2005 Section 9.5.2.2, subsequently + * IEEE 802.1AB-2016 Section 8.5.2.2: chassis ID subtype + */ + if (cfm_tlv_len < 1) { + ND_PRINT("\n\t (TLV too short)"); + goto next_tlv; + } + chassis_id_type = GET_U_1(tptr); + cfm_tlv_len--; + ND_PRINT("\n\t Chassis-ID Type %s (%u), Chassis-ID length %u", tok2str(cfm_tlv_senderid_chassisid_values, "Unknown", chassis_id_type), chassis_id_type, - chassis_id_length)); + chassis_id_length); + if (cfm_tlv_len < chassis_id_length) { + ND_PRINT("\n\t (TLV too short)"); + goto next_tlv; + } + + /* IEEE 802.1Q-2014 Section 21.5.3.3: Chassis ID */ switch (chassis_id_type) { case CFM_CHASSIS_ID_MAC_ADDRESS: - ND_PRINT((ndo, "\n\t MAC %s", etheraddr_string(ndo, tptr + 1))); + if (chassis_id_length != MAC48_LEN) { + ND_PRINT(" (invalid MAC address length)"); + hexdump = TRUE; + break; + } + ND_PRINT("\n\t MAC %s", GET_MAC48_STRING(tptr + 1)); break; case CFM_CHASSIS_ID_NETWORK_ADDRESS: - hexdump |= cfm_mgmt_addr_print(ndo, tptr); + hexdump |= cfm_network_addr_print(ndo, tptr + 1, chassis_id_length); break; case CFM_CHASSIS_ID_INTERFACE_NAME: /* fall through */ @@ -575,39 +655,83 @@ cfm_print(netdissect_options *ndo, case CFM_CHASSIS_ID_LOCAL: case CFM_CHASSIS_ID_CHASSIS_COMPONENT: case CFM_CHASSIS_ID_PORT_COMPONENT: - safeputs(ndo, tptr + 1, chassis_id_length); + nd_printjnp(ndo, tptr + 1, chassis_id_length); break; default: hexdump = TRUE; break; } - } + cfm_tlv_len -= chassis_id_length; - tptr += chassis_id_length; - tlen -= chassis_id_length; + tptr += 1 + chassis_id_length; + tlen -= 1 + chassis_id_length; + } /* * Check if there is a Management Address. + * IEEE 802.1Q-2014 Section 21.5.3.4: Management Address Domain Length + * This and all subsequent fields are not present if the TLV length + * allows only the above fields. */ - mgmt_addr_length = *tptr; - if (mgmt_addr_length > tlen) { - hexdump = TRUE; + if (cfm_tlv_len == 0) { + /* No, there isn't; we're done. */ break; } + /* Here mgmt_addr_length stands for the management domain length. */ + mgmt_addr_length = GET_U_1(tptr); tptr++; tlen--; - + cfm_tlv_len--; + ND_PRINT("\n\t Management Address Domain Length %u", mgmt_addr_length); if (mgmt_addr_length) { - hexdump |= cfm_mgmt_addr_print(ndo, tptr); - } - - tptr += mgmt_addr_length; - tlen -= mgmt_addr_length; + /* IEEE 802.1Q-2014 Section 21.5.3.5: Management Address Domain */ + if (cfm_tlv_len < mgmt_addr_length) { + ND_PRINT("\n\t (TLV too short)"); + goto next_tlv; + } + cfm_tlv_len -= mgmt_addr_length; + /* + * XXX - this is an OID; print it as such. + */ + hex_print(ndo, "\n\t Management Address Domain: ", tptr, mgmt_addr_length); + tptr += mgmt_addr_length; + tlen -= mgmt_addr_length; + + /* + * IEEE 802.1Q-2014 Section 21.5.3.6: Management Address Length + * This field is present if Management Address Domain Length is not 0. + */ + if (cfm_tlv_len < 1) { + ND_PRINT(" (Management Address Length is missing)"); + hexdump = TRUE; + break; + } + /* Here mgmt_addr_length stands for the management address length. */ + mgmt_addr_length = GET_U_1(tptr); + tptr++; + tlen--; + cfm_tlv_len--; + ND_PRINT("\n\t Management Address Length %u", mgmt_addr_length); + if (mgmt_addr_length) { + /* IEEE 802.1Q-2014 Section 21.5.3.7: Management Address */ + if (cfm_tlv_len < mgmt_addr_length) { + ND_PRINT("\n\t (TLV too short)"); + return; + } + cfm_tlv_len -= mgmt_addr_length; + /* + * XXX - this is a TransportDomain; print it as such. + */ + hex_print(ndo, "\n\t Management Address: ", tptr, mgmt_addr_length); + tptr += mgmt_addr_length; + tlen -= mgmt_addr_length; + } + } + break; } - break; /* * FIXME those are the defined TLVs that lack a decoder @@ -625,10 +749,16 @@ cfm_print(netdissect_options *ndo, if (hexdump || ndo->ndo_vflag > 1) print_unknown_data(ndo, tlv_ptr, "\n\t ", cfm_tlv_len); +next_tlv: tptr+=cfm_tlv_len; tlen-=cfm_tlv_len; } return; + +tooshort: + ND_PRINT("\n\t\t packet is too short"); + return; + trunc: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); + nd_print_trunc(ndo); }