X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/d2b1b6c7789fe9a717f6fae2fdc0c8fe1fc9b0a2..d7b497cac78b6e22a66a6bae9bdec60a8044f67a:/print-l2tp.c diff --git a/print-l2tp.c b/print-l2tp.c index dfc65582..6cf0c0ad 100644 --- a/print-l2tp.c +++ b/print-l2tp.c @@ -21,32 +21,54 @@ * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net) */ -#ifndef lint -static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-l2tp.c,v 1.19 2005-04-20 21:49:56 guy Exp $"; -#endif +/* \summary: Layer Two Tunneling Protocol (L2TP) printer */ #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include - -#include +#include -#include "l2tp.h" -#include "interface.h" +#include "netdissect.h" #include "extract.h" -static char tstr[] = " [|l2tp]"; +#define L2TP_FLAG_TYPE 0x8000 /* Type (0=Data, 1=Control) */ +#define L2TP_FLAG_LENGTH 0x4000 /* Length */ +#define L2TP_FLAG_SEQUENCE 0x0800 /* Sequence */ +#define L2TP_FLAG_OFFSET 0x0200 /* Offset */ +#define L2TP_FLAG_PRIORITY 0x0100 /* Priority */ -#ifndef TRUE -#define TRUE 1 -#endif +#define L2TP_VERSION_MASK 0x000f /* Version Mask */ +#define L2TP_VERSION_L2F 0x0001 /* L2F */ +#define L2TP_VERSION_L2TP 0x0002 /* L2TP */ -#ifndef FALSE -#define FALSE 0 -#endif +#define L2TP_AVP_HDR_FLAG_MANDATORY 0x8000 /* Mandatory Flag */ +#define L2TP_AVP_HDR_FLAG_HIDDEN 0x4000 /* Hidden Flag */ +#define L2TP_AVP_HDR_LEN_MASK 0x03ff /* Length Mask */ + +#define L2TP_FRAMING_CAP_SYNC_MASK 0x00000001 /* Synchronous */ +#define L2TP_FRAMING_CAP_ASYNC_MASK 0x00000002 /* Asynchronous */ + +#define L2TP_FRAMING_TYPE_SYNC_MASK 0x00000001 /* Synchronous */ +#define L2TP_FRAMING_TYPE_ASYNC_MASK 0x00000002 /* Asynchronous */ + +#define L2TP_BEARER_CAP_DIGITAL_MASK 0x00000001 /* Digital */ +#define L2TP_BEARER_CAP_ANALOG_MASK 0x00000002 /* Analog */ + +#define L2TP_BEARER_TYPE_DIGITAL_MASK 0x00000001 /* Digital */ +#define L2TP_BEARER_TYPE_ANALOG_MASK 0x00000002 /* Analog */ + +/* Authen Type */ +#define L2TP_AUTHEN_TYPE_RESERVED 0x0000 /* Reserved */ +#define L2TP_AUTHEN_TYPE_TEXTUAL 0x0001 /* Textual username/password exchange */ +#define L2TP_AUTHEN_TYPE_CHAP 0x0002 /* PPP CHAP */ +#define L2TP_AUTHEN_TYPE_PAP 0x0003 /* PPP PAP */ +#define L2TP_AUTHEN_TYPE_NO_AUTH 0x0004 /* No Authentication */ +#define L2TP_AUTHEN_TYPE_MSCHAPv1 0x0005 /* MSCHAPv1 */ + +#define L2TP_PROXY_AUTH_ID_MASK 0x00ff + +static const char tstr[] = " [|l2tp]"; #define L2TP_MSGTYPE_SCCRQ 1 /* Start-Control-Connection-Request */ #define L2TP_MSGTYPE_SCCRP 2 /* Start-Control-Connection-Reply */ @@ -63,7 +85,7 @@ static char tstr[] = " [|l2tp]"; #define L2TP_MSGTYPE_WEN 15 /* WAN-Error-Notify */ #define L2TP_MSGTYPE_SLI 16 /* Set-Link-Info */ -static struct tok l2tp_msgtype2str[] = { +static const struct tok l2tp_msgtype2str[] = { { L2TP_MSGTYPE_SCCRQ, "SCCRQ" }, { L2TP_MSGTYPE_SCCRP, "SCCRP" }, { L2TP_MSGTYPE_SCCCN, "SCCCN" }, @@ -123,7 +145,7 @@ static struct tok l2tp_msgtype2str[] = { #define L2TP_AVP_SEQ_REQUIRED 39 /* Sequencing Required */ #define L2TP_AVP_PPP_DISCON_CC 46 /* PPP Disconnect Cause Code */ -static struct tok l2tp_avp2str[] = { +static const struct tok l2tp_avp2str[] = { { L2TP_AVP_MSGTYPE, "MSGTYPE" }, { L2TP_AVP_RESULT_CODE, "RESULT_CODE" }, { L2TP_AVP_PROTO_VER, "PROTO_VER" }, @@ -168,7 +190,7 @@ static struct tok l2tp_avp2str[] = { { 0, NULL } }; -static struct tok l2tp_authentype2str[] = { +static const struct tok l2tp_authentype2str[] = { { L2TP_AUTHEN_TYPE_RESERVED, "Reserved" }, { L2TP_AUTHEN_TYPE_TEXTUAL, "Textual" }, { L2TP_AUTHEN_TYPE_CHAP, "CHAP" }, @@ -182,7 +204,7 @@ static struct tok l2tp_authentype2str[] = { #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER 1 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL 2 -static struct tok l2tp_cc_direction2str[] = { +static const struct tok l2tp_cc_direction2str[] = { { L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL, "global error" }, { L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER, "at peer" }, { L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" }, @@ -242,237 +264,349 @@ static char *l2tp_error_code_general[] = { /* generic print out routines */ /******************************/ static void -print_string(const u_char *dat, u_int length) +print_string(netdissect_options *ndo, const u_char *dat, u_int length) { u_int i; for (i=0; i 2) { /* Error Code (opt) */ - printf("/%u", EXTRACT_16BITS(ptr)); ptr++; + /* Result Code */ + if (length < 2) { + ND_PRINT((ndo, "AVP too short")); + return; } - if (length > 4) { /* Error Message (opt) */ - printf(" "); - print_string((u_char *)ptr, length - 4); + ND_PRINT((ndo, "%u", EXTRACT_BE_U_2(ptr))); + ptr++; + length -= 2; + + /* Error Code (opt) */ + if (length == 0) + return; + if (length < 2) { + ND_PRINT((ndo, " AVP too short")); + return; } + ND_PRINT((ndo, "/%u", EXTRACT_BE_U_2(ptr))); + ptr++; + length -= 2; + + /* Error Message (opt) */ + if (length == 0) + return; + ND_PRINT((ndo, " ")); + print_string(ndo, (const u_char *)ptr, length); } static void -l2tp_proto_ver_print(const u_int16_t *dat) +l2tp_proto_ver_print(netdissect_options *ndo, const uint16_t *dat, u_int length) { - printf("%u.%u", (EXTRACT_16BITS(dat) >> 8), - (EXTRACT_16BITS(dat) & 0xff)); + if (length < 2) { + ND_PRINT((ndo, "AVP too short")); + return; + } + ND_PRINT((ndo, "%u.%u", (EXTRACT_BE_U_2(dat) >> 8), + (EXTRACT_BE_U_2(dat) & 0xff))); } static void -l2tp_framing_cap_print(const u_char *dat) +l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int32_t *ptr = (u_int32_t *)dat; + const uint32_t *ptr = (const uint32_t *)dat; - if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_CAP_ASYNC_MASK) { - printf("A"); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; } - if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_CAP_SYNC_MASK) { - printf("S"); + if (EXTRACT_BE_U_4(ptr) & L2TP_FRAMING_CAP_ASYNC_MASK) { + ND_PRINT((ndo, "A")); + } + if (EXTRACT_BE_U_4(ptr) & L2TP_FRAMING_CAP_SYNC_MASK) { + ND_PRINT((ndo, "S")); } } static void -l2tp_bearer_cap_print(const u_char *dat) +l2tp_bearer_cap_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int32_t *ptr = (u_int32_t *)dat; + const uint32_t *ptr = (const uint32_t *)dat; - if (EXTRACT_32BITS(ptr) & L2TP_BEARER_CAP_ANALOG_MASK) { - printf("A"); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; } - if (EXTRACT_32BITS(ptr) & L2TP_BEARER_CAP_DIGITAL_MASK) { - printf("D"); + if (EXTRACT_BE_U_4(ptr) & L2TP_BEARER_CAP_ANALOG_MASK) { + ND_PRINT((ndo, "A")); + } + if (EXTRACT_BE_U_4(ptr) & L2TP_BEARER_CAP_DIGITAL_MASK) { + ND_PRINT((ndo, "D")); } } static void -l2tp_q931_cc_print(const u_char *dat, u_int length) +l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length) { - print_16bits_val((u_int16_t *)dat); - printf(", %02x", dat[2]); - if (length > 3) { - printf(" "); - print_string(dat+3, length-3); + if (length < 3) { + ND_PRINT((ndo, "AVP too short")); + return; + } + print_16bits_val(ndo, (const uint16_t *)dat); + ND_PRINT((ndo, ", %02x", EXTRACT_U_1(dat + 2))); + dat += 3; + length -= 3; + if (length != 0) { + ND_PRINT((ndo, " ")); + print_string(ndo, dat, length); } } static void -l2tp_bearer_type_print(const u_char *dat) +l2tp_bearer_type_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int32_t *ptr = (u_int32_t *)dat; + const uint32_t *ptr = (const uint32_t *)dat; - if (EXTRACT_32BITS(ptr) & L2TP_BEARER_TYPE_ANALOG_MASK) { - printf("A"); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + if (EXTRACT_BE_U_4(ptr) & L2TP_BEARER_TYPE_ANALOG_MASK) { + ND_PRINT((ndo, "A")); } - if (EXTRACT_32BITS(ptr) & L2TP_BEARER_TYPE_DIGITAL_MASK) { - printf("D"); + if (EXTRACT_BE_U_4(ptr) & L2TP_BEARER_TYPE_DIGITAL_MASK) { + ND_PRINT((ndo, "D")); } } static void -l2tp_framing_type_print(const u_char *dat) +l2tp_framing_type_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int32_t *ptr = (u_int32_t *)dat; + const uint32_t *ptr = (const uint32_t *)dat; - if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_TYPE_ASYNC_MASK) { - printf("A"); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + if (EXTRACT_BE_U_4(ptr) & L2TP_FRAMING_TYPE_ASYNC_MASK) { + ND_PRINT((ndo, "A")); } - if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_TYPE_SYNC_MASK) { - printf("S"); + if (EXTRACT_BE_U_4(ptr) & L2TP_FRAMING_TYPE_SYNC_MASK) { + ND_PRINT((ndo, "S")); } } static void -l2tp_packet_proc_delay_print(void) +l2tp_packet_proc_delay_print(netdissect_options *ndo) { - printf("obsolete"); + ND_PRINT((ndo, "obsolete")); } static void -l2tp_proxy_auth_type_print(const u_char *dat) +l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int16_t *ptr = (u_int16_t *)dat; + const uint16_t *ptr = (const uint16_t *)dat; - printf("%s", tok2str(l2tp_authentype2str, - "AuthType-#%u", EXTRACT_16BITS(ptr))); + if (length < 2) { + ND_PRINT((ndo, "AVP too short")); + return; + } + ND_PRINT((ndo, "%s", tok2str(l2tp_authentype2str, + "AuthType-#%u", EXTRACT_BE_U_2(ptr)))); } static void -l2tp_proxy_auth_id_print(const u_char *dat) +l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int16_t *ptr = (u_int16_t *)dat; + const uint16_t *ptr = (const uint16_t *)dat; - printf("%u", EXTRACT_16BITS(ptr) & L2TP_PROXY_AUTH_ID_MASK); + if (length < 2) { + ND_PRINT((ndo, "AVP too short")); + return; + } + ND_PRINT((ndo, "%u", EXTRACT_BE_U_2(ptr) & L2TP_PROXY_AUTH_ID_MASK)); } static void -l2tp_call_errors_print(const u_char *dat) +l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int16_t *ptr = (u_int16_t *)dat; - u_int16_t val_h, val_l; + const uint16_t *ptr = (const uint16_t *)dat; + uint16_t val_h, val_l; + if (length < 2) { + ND_PRINT((ndo, "AVP too short")); + return; + } ptr++; /* skip "Reserved" */ + length -= 2; - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("CRCErr=%u ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + val_l = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + ND_PRINT((ndo, "CRCErr=%u ", (val_h<<16) + val_l)); - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("FrameErr=%u ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + val_l = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + ND_PRINT((ndo, "FrameErr=%u ", (val_h<<16) + val_l)); - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("HardOver=%u ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + val_l = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + ND_PRINT((ndo, "HardOver=%u ", (val_h<<16) + val_l)); - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("BufOver=%u ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + val_l = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + ND_PRINT((ndo, "BufOver=%u ", (val_h<<16) + val_l)); - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("Timeout=%u ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + val_l = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + ND_PRINT((ndo, "Timeout=%u ", (val_h<<16) + val_l)); - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("AlignErr=%u ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; + val_l = EXTRACT_BE_U_2(ptr); ptr++; + ND_PRINT((ndo, "AlignErr=%u ", (val_h<<16) + val_l)); } static void -l2tp_accm_print(const u_char *dat) +l2tp_accm_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int16_t *ptr = (u_int16_t *)dat; - u_int16_t val_h, val_l; + const uint16_t *ptr = (const uint16_t *)dat; + uint16_t val_h, val_l; + if (length < 2) { + ND_PRINT((ndo, "AVP too short")); + return; + } ptr++; /* skip "Reserved" */ + length -= 2; - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("send=%08x ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + val_l = EXTRACT_BE_U_2(ptr); ptr++; length -= 2; + ND_PRINT((ndo, "send=%08x ", (val_h<<16) + val_l)); - val_h = EXTRACT_16BITS(ptr); ptr++; - val_l = EXTRACT_16BITS(ptr); ptr++; - printf("recv=%08x ", (val_h<<16) + val_l); + if (length < 4) { + ND_PRINT((ndo, "AVP too short")); + return; + } + val_h = EXTRACT_BE_U_2(ptr); ptr++; + val_l = EXTRACT_BE_U_2(ptr); ptr++; + ND_PRINT((ndo, "recv=%08x ", (val_h<<16) + val_l)); } static void -l2tp_ppp_discon_cc_print(const u_char *dat, u_int length) +l2tp_ppp_discon_cc_print(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int16_t *ptr = (u_int16_t *)dat; + const uint16_t *ptr = (const uint16_t *)dat; - printf("%04x, ", EXTRACT_16BITS(ptr)); ptr++; /* Disconnect Code */ - printf("%04x ", EXTRACT_16BITS(ptr)); ptr++; /* Control Protocol Number */ - printf("%s", tok2str(l2tp_cc_direction2str, - "Direction-#%u", *((u_char *)ptr++))); + if (length < 5) { + ND_PRINT((ndo, "AVP too short")); + return; + } + /* Disconnect Code */ + ND_PRINT((ndo, "%04x, ", EXTRACT_BE_U_2(dat))); + dat += 2; + length -= 2; + /* Control Protocol Number */ + ND_PRINT((ndo, "%04x ", EXTRACT_BE_U_2(dat))); + dat += 2; + length -= 2; + /* Direction */ + ND_PRINT((ndo, "%s", tok2str(l2tp_cc_direction2str, + "Direction-#%u", EXTRACT_U_1(ptr)))); + ptr++; + length--; - if (length > 5) { - printf(" "); - print_string((const u_char *)ptr, length-5); + if (length != 0) { + ND_PRINT((ndo, " ")); + print_string(ndo, (const u_char *)ptr, length); } } static void -l2tp_avp_print(const u_char *dat, int length) +l2tp_avp_print(netdissect_options *ndo, const u_char *dat, int length) { u_int len; - const u_int16_t *ptr = (u_int16_t *)dat; - u_int16_t attr_type; + const uint16_t *ptr = (const uint16_t *)dat; + uint16_t attr_type; int hidden = FALSE; if (length <= 0) { return; } - printf(" "); + ND_PRINT((ndo, " ")); - TCHECK(*ptr); /* Flags & Length */ - len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK; + ND_TCHECK(*ptr); /* Flags & Length */ + len = EXTRACT_BE_U_2(ptr) & L2TP_AVP_HDR_LEN_MASK; /* If it is not long enough to contain the header, we'll give up. */ if (len < 6) @@ -485,58 +619,71 @@ l2tp_avp_print(const u_char *dat, int length) /* If it goes past the end of the remaining length of the captured data, we'll give up. */ - TCHECK2(*ptr, len); - /* After this point, no need to worry about truncation */ + ND_TCHECK2(*ptr, len); + + /* + * After this point, we don't need to check whether we go past + * the length of the captured data; however, we *do* need to + * check whether we go past the end of the AVP. + */ - if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_MANDATORY) { - printf("*"); + if (EXTRACT_BE_U_2(ptr) & L2TP_AVP_HDR_FLAG_MANDATORY) { + ND_PRINT((ndo, "*")); } - if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_HIDDEN) { + if (EXTRACT_BE_U_2(ptr) & L2TP_AVP_HDR_FLAG_HIDDEN) { hidden = TRUE; - printf("?"); + ND_PRINT((ndo, "?")); } ptr++; - if (EXTRACT_16BITS(ptr)) { + if (EXTRACT_BE_U_2(ptr)) { /* Vendor Specific Attribute */ - printf("VENDOR%04x:", EXTRACT_16BITS(ptr)); ptr++; - printf("ATTR%04x", EXTRACT_16BITS(ptr)); ptr++; - printf("("); - print_octets((u_char *)ptr, len-6); - printf(")"); + ND_PRINT((ndo, "VENDOR%04x:", EXTRACT_BE_U_2(ptr))); ptr++; + ND_PRINT((ndo, "ATTR%04x", EXTRACT_BE_U_2(ptr))); ptr++; + ND_PRINT((ndo, "(")); + print_octets(ndo, (const u_char *)ptr, len-6); + ND_PRINT((ndo, ")")); } else { /* IETF-defined Attributes */ ptr++; - attr_type = EXTRACT_16BITS(ptr); ptr++; - printf("%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type)); - printf("("); + attr_type = EXTRACT_BE_U_2(ptr); ptr++; + ND_PRINT((ndo, "%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type))); + ND_PRINT((ndo, "(")); if (hidden) { - printf("???"); + ND_PRINT((ndo, "???")); } else { switch (attr_type) { case L2TP_AVP_MSGTYPE: - l2tp_msgtype_print((u_char *)ptr); + l2tp_msgtype_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_RESULT_CODE: - l2tp_result_code_print((u_char *)ptr, len-6); + l2tp_result_code_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_PROTO_VER: - l2tp_proto_ver_print(ptr); + l2tp_proto_ver_print(ndo, ptr, len-6); break; case L2TP_AVP_FRAMING_CAP: - l2tp_framing_cap_print((u_char *)ptr); + l2tp_framing_cap_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_BEARER_CAP: - l2tp_bearer_cap_print((u_char *)ptr); + l2tp_bearer_cap_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_TIE_BREAKER: - print_octets((u_char *)ptr, 8); + if (len-6 < 8) { + ND_PRINT((ndo, "AVP too short")); + break; + } + print_octets(ndo, (const u_char *)ptr, 8); break; case L2TP_AVP_FIRM_VER: case L2TP_AVP_ASSND_TUN_ID: case L2TP_AVP_RECV_WIN_SIZE: case L2TP_AVP_ASSND_SESS_ID: - print_16bits_val(ptr); + if (len-6 < 2) { + ND_PRINT((ndo, "AVP too short")); + break; + } + print_16bits_val(ndo, ptr); break; case L2TP_AVP_HOST_NAME: case L2TP_AVP_VENDOR_NAME: @@ -545,7 +692,7 @@ l2tp_avp_print(const u_char *dat, int length) case L2TP_AVP_SUB_ADDRESS: case L2TP_AVP_PROXY_AUTH_NAME: case L2TP_AVP_PRIVATE_GRP_ID: - print_string((u_char *)ptr, len-6); + print_string(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_CHALLENGE: case L2TP_AVP_INI_RECV_LCP: @@ -554,13 +701,17 @@ l2tp_avp_print(const u_char *dat, int length) case L2TP_AVP_PROXY_AUTH_CHAL: case L2TP_AVP_PROXY_AUTH_RESP: case L2TP_AVP_RANDOM_VECTOR: - print_octets((u_char *)ptr, len-6); + print_octets(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_Q931_CC: - l2tp_q931_cc_print((u_char *)ptr, len-6); + l2tp_q931_cc_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_CHALLENGE_RESP: - print_octets((u_char *)ptr, 16); + if (len-6 < 16) { + ND_PRINT((ndo, "AVP too short")); + break; + } + print_octets(ndo, (const u_char *)ptr, 16); break; case L2TP_AVP_CALL_SER_NUM: case L2TP_AVP_MINIMUM_BPS: @@ -568,155 +719,164 @@ l2tp_avp_print(const u_char *dat, int length) case L2TP_AVP_TX_CONN_SPEED: case L2TP_AVP_PHY_CHANNEL_ID: case L2TP_AVP_RX_CONN_SPEED: - print_32bits_val((u_int32_t *)ptr); + if (len-6 < 4) { + ND_PRINT((ndo, "AVP too short")); + break; + } + print_32bits_val(ndo, (const uint32_t *)ptr); break; case L2TP_AVP_BEARER_TYPE: - l2tp_bearer_type_print((u_char *)ptr); + l2tp_bearer_type_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_FRAMING_TYPE: - l2tp_framing_type_print((u_char *)ptr); + l2tp_framing_type_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_PACKET_PROC_DELAY: - l2tp_packet_proc_delay_print(); + l2tp_packet_proc_delay_print(ndo); break; case L2TP_AVP_PROXY_AUTH_TYPE: - l2tp_proxy_auth_type_print((u_char *)ptr); + l2tp_proxy_auth_type_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_PROXY_AUTH_ID: - l2tp_proxy_auth_id_print((u_char *)ptr); + l2tp_proxy_auth_id_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_CALL_ERRORS: - l2tp_call_errors_print((u_char *)ptr); + l2tp_call_errors_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_ACCM: - l2tp_accm_print((u_char *)ptr); + l2tp_accm_print(ndo, (const u_char *)ptr, len-6); break; case L2TP_AVP_SEQ_REQUIRED: break; /* No Attribute Value */ case L2TP_AVP_PPP_DISCON_CC: - l2tp_ppp_discon_cc_print((u_char *)ptr, len-6); + l2tp_ppp_discon_cc_print(ndo, (const u_char *)ptr, len-6); break; default: break; } } - printf(")"); + ND_PRINT((ndo, ")")); } - l2tp_avp_print(dat+len, length-len); + l2tp_avp_print(ndo, dat+len, length-len); return; trunc: - printf("|..."); + ND_PRINT((ndo, "|...")); } void -l2tp_print(const u_char *dat, u_int length) +l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) { - const u_int16_t *ptr = (u_int16_t *)dat; + const u_char *ptr = dat; u_int cnt = 0; /* total octets consumed */ - u_int16_t pad; + uint16_t pad; int flag_t, flag_l, flag_s, flag_o; - u_int16_t l2tp_len; + uint16_t l2tp_len; flag_t = flag_l = flag_s = flag_o = FALSE; - TCHECK(*ptr); /* Flags & Version */ - if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) { - printf(" l2tp:"); - } else if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) { - printf(" l2f:"); + ND_TCHECK_2(ptr); /* Flags & Version */ + if ((EXTRACT_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) { + ND_PRINT((ndo, " l2tp:")); + } else if ((EXTRACT_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) { + ND_PRINT((ndo, " l2f:")); return; /* nothing to do */ } else { - printf(" Unknown Version, neither L2F(1) nor L2TP(2)"); + ND_PRINT((ndo, " Unknown Version, neither L2F(1) nor L2TP(2)")); return; /* nothing we can do */ } - printf("["); - if (EXTRACT_16BITS(ptr) & L2TP_FLAG_TYPE) { + ND_PRINT((ndo, "[")); + if (EXTRACT_BE_U_2(ptr) & L2TP_FLAG_TYPE) { flag_t = TRUE; - printf("T"); + ND_PRINT((ndo, "T")); } - if (EXTRACT_16BITS(ptr) & L2TP_FLAG_LENGTH) { + if (EXTRACT_BE_U_2(ptr) & L2TP_FLAG_LENGTH) { flag_l = TRUE; - printf("L"); + ND_PRINT((ndo, "L")); } - if (EXTRACT_16BITS(ptr) & L2TP_FLAG_SEQUENCE) { + if (EXTRACT_BE_U_2(ptr) & L2TP_FLAG_SEQUENCE) { flag_s = TRUE; - printf("S"); + ND_PRINT((ndo, "S")); } - if (EXTRACT_16BITS(ptr) & L2TP_FLAG_OFFSET) { + if (EXTRACT_BE_U_2(ptr) & L2TP_FLAG_OFFSET) { flag_o = TRUE; - printf("O"); + ND_PRINT((ndo, "O")); } - if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY) - printf("P"); - printf("]"); + if (EXTRACT_BE_U_2(ptr) & L2TP_FLAG_PRIORITY) + ND_PRINT((ndo, "P")); + ND_PRINT((ndo, "]")); - ptr++; + ptr += 2; cnt += 2; if (flag_l) { - TCHECK(*ptr); /* Length */ - l2tp_len = EXTRACT_16BITS(ptr); ptr++; + ND_TCHECK_2(ptr); /* Length */ + l2tp_len = EXTRACT_BE_U_2(ptr); + ptr += 2; cnt += 2; } else { l2tp_len = 0; } - TCHECK(*ptr); /* Tunnel ID */ - printf("(%u/", EXTRACT_16BITS(ptr)); ptr++; + ND_TCHECK_2(ptr); /* Tunnel ID */ + ND_PRINT((ndo, "(%u/", EXTRACT_BE_U_2(ptr))); + ptr += 2; cnt += 2; - TCHECK(*ptr); /* Session ID */ - printf("%u)", EXTRACT_16BITS(ptr)); ptr++; + ND_TCHECK_2(ptr); /* Session ID */ + ND_PRINT((ndo, "%u)", EXTRACT_BE_U_2(ptr))); + ptr += 2; cnt += 2; if (flag_s) { - TCHECK(*ptr); /* Ns */ - printf("Ns=%u,", EXTRACT_16BITS(ptr)); ptr++; + ND_TCHECK_2(ptr); /* Ns */ + ND_PRINT((ndo, "Ns=%u,", EXTRACT_BE_U_2(ptr))); + ptr += 2; cnt += 2; - TCHECK(*ptr); /* Nr */ - printf("Nr=%u", EXTRACT_16BITS(ptr)); ptr++; + ND_TCHECK_2(ptr); /* Nr */ + ND_PRINT((ndo, "Nr=%u", EXTRACT_BE_U_2(ptr))); + ptr += 2; cnt += 2; } if (flag_o) { - TCHECK(*ptr); /* Offset Size */ - pad = EXTRACT_16BITS(ptr); ptr++; - ptr += pad / sizeof(*ptr); + ND_TCHECK_2(ptr); /* Offset Size */ + pad = EXTRACT_BE_U_2(ptr); + ptr += (2 + pad); cnt += (2 + pad); } if (flag_l) { if (length < l2tp_len) { - printf(" Length %u larger than packet", l2tp_len); + ND_PRINT((ndo, " Length %u larger than packet", l2tp_len)); return; } length = l2tp_len; } if (length < cnt) { - printf(" Length %u smaller than header length", length); + ND_PRINT((ndo, " Length %u smaller than header length", length)); return; } if (flag_t) { if (!flag_l) { - printf(" No length"); + ND_PRINT((ndo, " No length")); return; } if (length - cnt == 0) { - printf(" ZLB"); + ND_PRINT((ndo, " ZLB")); } else { - l2tp_avp_print((u_char *)ptr, length - cnt); + l2tp_avp_print(ndo, ptr, length - cnt); } } else { - printf(" {"); - ppp_print((u_char *)ptr, length - cnt); - printf("}"); + ND_PRINT((ndo, " {")); + ppp_print(ndo, ptr, length - cnt); + ND_PRINT((ndo, "}")); } return; trunc: - printf("%s", tstr); + ND_PRINT((ndo, "%s", tstr)); }