X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/bbedebc666a341d8e14922dce37a92766400c798..c7b0738460b08e63a1bd15c88ef1f9599cd71a08:/print-juniper.c diff --git a/print-juniper.c b/print-juniper.c index 058bfd56..ff1de9c0 100644 --- a/print-juniper.c +++ b/print-juniper.c @@ -12,22 +12,25 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ +/* \summary: DLT_JUNIPER_* printers */ + #ifndef lint #else __RCSID("NetBSD: print-juniper.c,v 1.3 2007/07/25 06:31:32 dogcow Exp "); #endif -#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include + +#include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "extract.h" #include "ppp.h" @@ -89,7 +92,7 @@ enum { }; /* 1 byte type and 1-byte length */ -#define JUNIPER_EXT_TLV_OVERHEAD 2 +#define JUNIPER_EXT_TLV_OVERHEAD 2U static const struct tok jnx_ext_tlv_values[] = { { JUNIPER_EXT_TLV_IFD_IDX, "Device Interface Index" }, @@ -362,8 +365,8 @@ static const struct tok juniper_ifle_values[] = { }; struct juniper_cookie_table_t { - u_int32_t pictype; /* pic type */ - u_int8_t cookie_len; /* cookie len */ + uint32_t pictype; /* pic type */ + uint8_t cookie_len; /* cookie len */ const char *s; /* pic name */ }; @@ -405,17 +408,17 @@ static const struct juniper_cookie_table_t juniper_cookie_table[] = { }; struct juniper_l2info_t { - u_int32_t length; - u_int32_t caplen; - u_int32_t pictype; - u_int8_t direction; - u_int8_t header_len; - u_int8_t cookie_len; - u_int8_t cookie_type; - u_int8_t cookie[8]; - u_int8_t bundle; - u_int16_t proto; - u_int8_t flags; + uint32_t length; + uint32_t caplen; + uint32_t pictype; + uint8_t direction; + uint8_t header_len; + uint8_t cookie_len; + uint8_t cookie_type; + uint8_t cookie[8]; + uint8_t bundle; + uint16_t proto; + uint8_t flags; }; #define LS_COOKIE_ID 0x54 @@ -453,12 +456,12 @@ juniper_ggsn_print(netdissect_options *ndo, { struct juniper_l2info_t l2info; struct juniper_ggsn_header { - u_int8_t svc_id; - u_int8_t flags_len; - u_int8_t proto; - u_int8_t flags; - u_int8_t vlan_id[2]; - u_int8_t res[2]; + uint8_t svc_id; + uint8_t flags_len; + uint8_t proto; + uint8_t flags; + uint8_t vlan_id[2]; + uint8_t res[2]; }; const struct juniper_ggsn_header *gh; @@ -469,6 +472,7 @@ juniper_ggsn_print(netdissect_options *ndo, p+=l2info.header_len; gh = (struct juniper_ggsn_header *)&l2info.cookie; + ND_TCHECK(*gh); if (ndo->ndo_eflag) { ND_PRINT((ndo, "proto %s (%u), vlan %u: ", tok2str(juniper_protocol_values,"Unknown",gh->proto), @@ -480,17 +484,19 @@ juniper_ggsn_print(netdissect_options *ndo, case JUNIPER_PROTO_IPV4: ip_print(ndo, p, l2info.length); break; -#ifdef INET6 case JUNIPER_PROTO_IPV6: ip6_print(ndo, p, l2info.length); break; -#endif /* INET6 */ default: if (!ndo->ndo_eflag) ND_PRINT((ndo, "unknown GGSN proto (%u)", gh->proto)); } return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_services]")); + return l2info.header_len; } #endif @@ -501,12 +507,12 @@ juniper_es_print(netdissect_options *ndo, { struct juniper_l2info_t l2info; struct juniper_ipsec_header { - u_int8_t sa_index[2]; - u_int8_t ttl; - u_int8_t type; - u_int8_t spi[4]; - u_int8_t src_ip[4]; - u_int8_t dst_ip[4]; + uint8_t sa_index[2]; + uint8_t ttl; + uint8_t type; + uint8_t spi[4]; + uint8_t src_ip[4]; + uint8_t dst_ip[4]; }; u_int rewrite_len,es_type_bundle; const struct juniper_ipsec_header *ih; @@ -516,8 +522,9 @@ juniper_es_print(netdissect_options *ndo, return l2info.header_len; p+=l2info.header_len; - ih = (struct juniper_ipsec_header *)p; + ih = (const struct juniper_ipsec_header *)p; + ND_TCHECK(*ih); switch (ih->type) { case JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE: case JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE: @@ -563,6 +570,10 @@ juniper_es_print(netdissect_options *ndo, ip_print(ndo, p, l2info.length); return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_services]")); + return l2info.header_len; } #endif @@ -573,10 +584,10 @@ juniper_monitor_print(netdissect_options *ndo, { struct juniper_l2info_t l2info; struct juniper_monitor_header { - u_int8_t pkt_type; - u_int8_t padding; - u_int8_t iif[2]; - u_int8_t service_id[4]; + uint8_t pkt_type; + uint8_t padding; + uint8_t iif[2]; + uint8_t service_id[4]; }; const struct juniper_monitor_header *mh; @@ -585,8 +596,9 @@ juniper_monitor_print(netdissect_options *ndo, return l2info.header_len; p+=l2info.header_len; - mh = (struct juniper_monitor_header *)p; + mh = (const struct juniper_monitor_header *)p; + ND_TCHECK(*mh); if (ndo->ndo_eflag) ND_PRINT((ndo, "service-id %u, iif %u, pkt-type %u: ", EXTRACT_32BITS(&mh->service_id), @@ -597,6 +609,10 @@ juniper_monitor_print(netdissect_options *ndo, ip_heuristic_guess (ndo, p, l2info.length); return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_services]")); + return l2info.header_len; } #endif @@ -607,10 +623,10 @@ juniper_services_print(netdissect_options *ndo, { struct juniper_l2info_t l2info; struct juniper_services_header { - u_int8_t svc_id; - u_int8_t flags_len; - u_int8_t svc_set_id[2]; - u_int8_t dir_iif[4]; + uint8_t svc_id; + uint8_t flags_len; + uint8_t svc_set_id[2]; + uint8_t dir_iif[4]; }; const struct juniper_services_header *sh; @@ -619,8 +635,9 @@ juniper_services_print(netdissect_options *ndo, return l2info.header_len; p+=l2info.header_len; - sh = (struct juniper_services_header *)p; + sh = (const struct juniper_services_header *)p; + ND_TCHECK(*sh); if (ndo->ndo_eflag) ND_PRINT((ndo, "service-id %u flags 0x%02x service-set-id 0x%04x iif %u: ", sh->svc_id, @@ -632,6 +649,10 @@ juniper_services_print(netdissect_options *ndo, ip_heuristic_guess (ndo, p, l2info.length); return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_services]")); + return l2info.header_len; } #endif @@ -731,7 +752,7 @@ juniper_pppoe_atm_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; - u_int16_t extracted_ethertype; + uint16_t extracted_ethertype; l2info.pictype = DLT_JUNIPER_PPPOE_ATM; if (juniper_parse_header(ndo, p, h, &l2info) == 0) @@ -739,17 +760,23 @@ juniper_pppoe_atm_print(netdissect_options *ndo, p+=l2info.header_len; + ND_TCHECK2(p[0], 2); extracted_ethertype = EXTRACT_16BITS(p); /* this DLT contains nothing but raw PPPoE frames, * prepended with a type field*/ if (ethertype_print(ndo, extracted_ethertype, p+ETHERTYPE_LEN, l2info.length-ETHERTYPE_LEN, - l2info.caplen-ETHERTYPE_LEN) == 0) + l2info.caplen-ETHERTYPE_LEN, + NULL, NULL) == 0) /* ether_type not known, probably it wasn't one */ ND_PRINT((ndo, "unknown ethertype 0x%04x", extracted_ethertype)); return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_pppoe_atm]")); + return l2info.header_len; } #endif @@ -784,16 +811,14 @@ juniper_mlppp_print(netdissect_options *ndo, else ip_print(ndo, p, l2info.length); return l2info.header_len; -#ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; -#endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: - isoclns_print(ndo, p, l2info.length, l2info.caplen); + isoclns_print(ndo, p, l2info.length); return l2info.header_len; default: break; @@ -822,6 +847,7 @@ juniper_mfr_print(netdissect_options *ndo, { struct juniper_l2info_t l2info; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_MFR; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; @@ -840,16 +866,14 @@ juniper_mfr_print(netdissect_options *ndo, case JUNIPER_LSQ_L3_PROTO_IPV4: ip_print(ndo, p, l2info.length); return l2info.header_len; -#ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; -#endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: - isoclns_print(ndo, p, l2info.length, l2info.caplen); + isoclns_print(ndo, p, l2info.length); return l2info.header_len; default: break; @@ -862,13 +886,13 @@ juniper_mfr_print(netdissect_options *ndo, ND_PRINT((ndo, "Bundle-ID %u, ", l2info.bundle)); switch (l2info.proto) { case (LLCSAP_ISONS<<8 | LLCSAP_ISONS): - isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); + isoclns_print(ndo, p + 1, l2info.length - 1); break; case (LLC_UI<<8 | NLPID_Q933): case (LLC_UI<<8 | NLPID_IP): case (LLC_UI<<8 | NLPID_IP6): /* pass IP{4,6} to the OSI layer for proper link-layer printing */ - isoclns_print(ndo, p - 1, l2info.length + 1, l2info.caplen + 1); + isoclns_print(ndo, p - 1, l2info.length + 1); break; default: ND_PRINT((ndo, "unknown protocol 0x%04x, length %u", l2info.proto, l2info.length)); @@ -897,13 +921,13 @@ juniper_mlfr_print(netdissect_options *ndo, switch (l2info.proto) { case (LLC_UI): case (LLC_UI<<8): - isoclns_print(ndo, p, l2info.length, l2info.caplen); + isoclns_print(ndo, p, l2info.length); break; case (LLC_UI<<8 | NLPID_Q933): case (LLC_UI<<8 | NLPID_IP): case (LLC_UI<<8 | NLPID_IP6): /* pass IP{4,6} to the OSI layer for proper link-layer printing */ - isoclns_print(ndo, p - 1, l2info.length + 1, l2info.caplen + 1); + isoclns_print(ndo, p - 1, l2info.length + 1); break; default: ND_PRINT((ndo, "unknown protocol 0x%04x, length %u", l2info.proto, l2info.length)); @@ -926,7 +950,7 @@ u_int juniper_atm1_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { - u_int16_t extracted_ethertype; + int llc_hdrlen; struct juniper_l2info_t l2info; @@ -941,16 +965,17 @@ juniper_atm1_print(netdissect_options *ndo, return l2info.header_len; } + ND_TCHECK2(p[0], 3); if (EXTRACT_24BITS(p) == 0xfefe03 || /* NLPID encaps ? */ EXTRACT_24BITS(p) == 0xaaaa03) { /* SNAP encaps ? */ - if (llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL, - &extracted_ethertype) != 0) + llc_hdrlen = llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL); + if (llc_hdrlen > 0) return l2info.header_len; } if (p[0] == 0x03) { /* Cisco style NLPID encaps ? */ - isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); + isoclns_print(ndo, p + 1, l2info.length - 1); /* FIXME check if frame was recognized */ return l2info.header_len; } @@ -959,6 +984,10 @@ juniper_atm1_print(netdissect_options *ndo, return l2info.header_len; return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_atm1]")); + return l2info.header_len; } #endif @@ -975,7 +1004,7 @@ u_int juniper_atm2_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { - u_int16_t extracted_ethertype; + int llc_hdrlen; struct juniper_l2info_t l2info; @@ -990,11 +1019,12 @@ juniper_atm2_print(netdissect_options *ndo, return l2info.header_len; } + ND_TCHECK2(p[0], 3); if (EXTRACT_24BITS(p) == 0xfefe03 || /* NLPID encaps ? */ EXTRACT_24BITS(p) == 0xaaaa03) { /* SNAP encaps ? */ - if (llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL, - &extracted_ethertype) != 0) + llc_hdrlen = llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL); + if (llc_hdrlen > 0) return l2info.header_len; } @@ -1005,7 +1035,7 @@ juniper_atm2_print(netdissect_options *ndo, } if (p[0] == 0x03) { /* Cisco style NLPID encaps ? */ - isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); + isoclns_print(ndo, p + 1, l2info.length - 1); /* FIXME check if frame was recognized */ return l2info.header_len; } @@ -1017,6 +1047,10 @@ juniper_atm2_print(netdissect_options *ndo, return l2info.header_len; return l2info.header_len; + +trunc: + ND_PRINT((ndo, "[|juniper_atm2]")); + return l2info.header_len; } #endif @@ -1025,8 +1059,8 @@ juniper_atm2_print(netdissect_options *ndo, * a juniper router if the payload data is encapsulated using PPP */ static int juniper_ppp_heuristic_guess(netdissect_options *ndo, - register const u_char *p, u_int length) { - + register const u_char *p, u_int length) +{ switch(EXTRACT_16BITS(p)) { case PPP_IP : case PPP_OSI : @@ -1039,10 +1073,8 @@ juniper_ppp_heuristic_guess(netdissect_options *ndo, case PPP_PAP : case PPP_CHAP : case PPP_ML : -#ifdef INET6 case PPP_IPV6 : case PPP_IPV6CP : -#endif ppp_print(ndo, p, length); break; @@ -1055,8 +1087,8 @@ juniper_ppp_heuristic_guess(netdissect_options *ndo, static int ip_heuristic_guess(netdissect_options *ndo, - register const u_char *p, u_int length) { - + register const u_char *p, u_int length) +{ switch(p[0]) { case 0x45: case 0x46: @@ -1071,7 +1103,6 @@ ip_heuristic_guess(netdissect_options *ndo, case 0x4f: ip_print(ndo, p, length); break; -#ifdef INET6 case 0x60: case 0x61: case 0x62: @@ -1090,7 +1121,6 @@ ip_heuristic_guess(netdissect_options *ndo, case 0x6f: ip6_print(ndo, p, length); break; -#endif default: return 0; /* did not find a ip header */ break; @@ -1099,8 +1129,8 @@ ip_heuristic_guess(netdissect_options *ndo, } static int -juniper_read_tlv_value(const u_char *p, u_int tlv_type, u_int tlv_len) { - +juniper_read_tlv_value(const u_char *p, u_int tlv_type, u_int tlv_len) +{ int tlv_value; /* TLVs < 128 are little endian encoded */ @@ -1147,12 +1177,12 @@ juniper_read_tlv_value(const u_char *p, u_int tlv_type, u_int tlv_len) { static int juniper_parse_header(netdissect_options *ndo, - const u_char *p, const struct pcap_pkthdr *h, struct juniper_l2info_t *l2info) { - + const u_char *p, const struct pcap_pkthdr *h, struct juniper_l2info_t *l2info) +{ const struct juniper_cookie_table_t *lp = juniper_cookie_table; u_int idx, jnx_ext_len, jnx_header_len = 0; - u_int8_t tlv_type,tlv_len; - u_int32_t control_word; + uint8_t tlv_type,tlv_len; + uint32_t control_word; int tlv_value; const u_char *tptr; @@ -1208,9 +1238,11 @@ juniper_parse_header(netdissect_options *ndo, tlv_len = *(tptr++); tlv_value = 0; - /* sanity check */ + /* sanity checks */ if (tlv_type == 0 || tlv_len == 0) break; + if (tlv_len+JUNIPER_EXT_TLV_OVERHEAD > jnx_ext_len) + goto trunc; if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n\t %s Extension TLV #%u, length %u, value ", @@ -1283,6 +1315,7 @@ juniper_parse_header(netdissect_options *ndo, l2info->caplen -= l2info->header_len; /* search through the cookie table and copy values matching for our PIC type */ + ND_TCHECK(p[0]); while (lp->s != NULL) { if (lp->pictype == l2info->pictype) { @@ -1334,6 +1367,7 @@ juniper_parse_header(netdissect_options *ndo, if (ndo->ndo_eflag) ND_PRINT((ndo, ": ")); /* print demarc b/w L2/L3*/ + ND_TCHECK_16BITS(p+l2info->cookie_len); l2info->proto = EXTRACT_16BITS(p+l2info->cookie_len); break; } @@ -1363,6 +1397,7 @@ juniper_parse_header(netdissect_options *ndo, case DLT_JUNIPER_MLFR: switch (l2info->cookie_type) { case LS_COOKIE_ID: + ND_TCHECK2(p[0], 2); l2info->bundle = l2info->cookie[1]; l2info->proto = EXTRACT_16BITS(p); l2info->header_len += 2; @@ -1386,6 +1421,7 @@ juniper_parse_header(netdissect_options *ndo, case DLT_JUNIPER_MFR: switch (l2info->cookie_type) { case LS_COOKIE_ID: + ND_TCHECK2(p[0], 2); l2info->bundle = l2info->cookie[1]; l2info->proto = EXTRACT_16BITS(p); l2info->header_len += 2;