X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/d526e47658b691c4b5ca0d29759d1f67b7fb037b..HEAD:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index 21fa263e..89598b2d 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -29,16 +29,14 @@ /* * specification: * - * CLNP: ISO 8473 + * CLNP: ISO 8473 (respective ITU version is at https://www.itu.int/rec/T-REC-X.233/en/) * ES-IS: ISO 9542 * IS-IS: ISO 10589 */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +#include -#include +#include "netdissect-stdinc.h" #include @@ -49,14 +47,14 @@ #include "gmpls.h" #include "oui.h" #include "signature.h" +#include "af.h" -static const char tstr[] = " [|isis]"; /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. */ -#define SYSTEM_ID_LEN MAC_ADDR_LEN +#define SYSTEM_ID_LEN MAC48_LEN #define NODE_ID_LEN (SYSTEM_ID_LEN+1) #define LSP_ID_LEN (SYSTEM_ID_LEN+2) @@ -73,10 +71,10 @@ static const char tstr[] = " [|isis]"; #define ISIS_PDU_L1_LAN_IIH 15 #define ISIS_PDU_L2_LAN_IIH 16 #define ISIS_PDU_PTP_IIH 17 -#define ISIS_PDU_L1_LSP 18 -#define ISIS_PDU_L2_LSP 20 -#define ISIS_PDU_L1_CSNP 24 -#define ISIS_PDU_L2_CSNP 25 +#define ISIS_PDU_L1_LSP 18 +#define ISIS_PDU_L2_LSP 20 +#define ISIS_PDU_L1_CSNP 24 +#define ISIS_PDU_L2_CSNP 25 #define ISIS_PDU_L1_PSNP 26 #define ISIS_PDU_L2_PSNP 27 @@ -107,7 +105,7 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_PART_DIS 4 /* iso10589 */ #define ISIS_TLV_PREFIX_NEIGH 5 /* iso10589 */ #define ISIS_TLV_ISNEIGH 6 /* iso10589 */ -#define ISIS_TLV_ISNEIGH_VARLEN 7 /* iso10589 */ +#define ISIS_TLV_INSTANCE_ID 7 /* rfc8202 */ #define ISIS_TLV_PADDING 8 /* iso10589 */ #define ISIS_TLV_LSP 9 /* iso10589 */ #define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ @@ -115,7 +113,6 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_CHECKSUM_MINLEN 2 #define ISIS_TLV_POI 13 /* rfc6232 */ #define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */ -#define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2 #define ISIS_TLV_EXT_IS_REACH 22 /* rfc5305 */ #define ISIS_TLV_IS_ALIAS_ID 24 /* rfc5311 */ #define ISIS_TLV_DECNET_PHASE4 42 @@ -124,7 +121,6 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_PROTOCOLS 129 /* rfc1195 */ #define ISIS_TLV_EXT_IP_REACH 130 /* rfc1195, rfc2966 */ #define ISIS_TLV_IDRP_INFO 131 /* rfc1195 */ -#define ISIS_TLV_IDRP_INFO_MINLEN 1 #define ISIS_TLV_IPADDR 132 /* rfc1195 */ #define ISIS_TLV_IPAUTH 133 /* rfc1195 */ #define ISIS_TLV_TE_ROUTER_ID 134 /* rfc5305 */ @@ -140,14 +136,13 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN 2 #define ISIS_TLV_MT_IS_REACH 222 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_MT_SUPPORTED 229 /* draft-ietf-isis-wg-multi-topology-05 */ -#define ISIS_TLV_MT_SUPPORTED_MINLEN 2 #define ISIS_TLV_IP6ADDR 232 /* draft-ietf-isis-ipv6-02 */ #define ISIS_TLV_MT_IP_REACH 235 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_IP6_REACH 236 /* draft-ietf-isis-ipv6-02 */ #define ISIS_TLV_MT_IP6_REACH 237 /* draft-ietf-isis-wg-multi-topology-05 */ #define ISIS_TLV_PTP_ADJ 240 /* rfc3373 */ #define ISIS_TLV_IIH_SEQNR 241 /* draft-shen-isis-iih-sequence-00 */ -#define ISIS_TLV_IIH_SEQNR_MINLEN 4 +#define ISIS_TLV_ROUTER_CAPABILITY 242 /* rfc7981 */ #define ISIS_TLV_VENDOR_PRIVATE 250 /* draft-ietf-isis-experimental-tlv-01 */ #define ISIS_TLV_VENDOR_PRIVATE_MINLEN 3 @@ -158,7 +153,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_PART_DIS, "Partition DIS"}, { ISIS_TLV_PREFIX_NEIGH, "Prefix Neighbors"}, { ISIS_TLV_ISNEIGH, "IS Neighbor(s)"}, - { ISIS_TLV_ISNEIGH_VARLEN, "IS Neighbor(s) (variable length)"}, + { ISIS_TLV_INSTANCE_ID, "Instance Identifier"}, { ISIS_TLV_PADDING, "Padding"}, { ISIS_TLV_LSP, "LSP entries"}, { ISIS_TLV_AUTH, "Authentication"}, @@ -192,6 +187,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_MT_IP6_REACH, "Multi-Topology IP6 Reachability"}, { ISIS_TLV_PTP_ADJ, "Point-to-point Adjacency State"}, { ISIS_TLV_IIH_SEQNR, "Hello PDU Sequence Number"}, + { ISIS_TLV_ROUTER_CAPABILITY, "IS-IS Router Capability"}, { ISIS_TLV_VENDOR_PRIVATE, "Vendor Private"}, { 0, NULL } }; @@ -210,7 +206,7 @@ static const struct tok esis_option_values[] = { { ESIS_OPTION_SECURITY, "Security" }, { ESIS_OPTION_ES_CONF_TIME, "ES Configuration Time" }, { ESIS_OPTION_PRIORITY, "Priority" }, - { ESIS_OPTION_ADDRESS_MASK, "Addressk Mask" }, + { ESIS_OPTION_ADDRESS_MASK, "Address Mask" }, { ESIS_OPTION_SNPA_MASK, "SNPA Mask" }, { 0, NULL } }; @@ -345,6 +341,25 @@ static const struct tok clnp_option_qos_global_values[] = { { 0, NULL } }; +static const struct tok isis_tlv_router_capability_flags[] = { + { 0x01, "S bit"}, + { 0x02, "D bit"}, + { 0, NULL } +}; + +#define ISIS_SUBTLV_ROUTER_CAP_SR 2 /* rfc 8667 */ + +static const struct tok isis_router_capability_subtlv_values[] = { + { ISIS_SUBTLV_ROUTER_CAP_SR, "SR-Capabilities"}, + { 0, NULL } +}; + +static const struct tok isis_router_capability_sr_flags[] = { + { 0x80, "ipv4"}, + { 0x40, "ipv6"}, + { 0, NULL } +}; + #define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* rfc5305 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* rfc5305 */ @@ -359,6 +374,7 @@ static const struct tok clnp_option_qos_global_values[] = { #define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS 22 /* rfc4124 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID 32 /* rfc8667 */ #define ISIS_SUBTLV_SPB_METRIC 29 /* rfc6329 */ @@ -377,6 +393,7 @@ static const struct tok isis_ext_is_reach_subtlv_values[] = { { ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR, "Interface Switching Capability" }, { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD, "Bandwidth Constraints (old)" }, { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS, "Bandwidth Constraints" }, + { ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID, "LAN Adjacency Segment Identifier" }, { ISIS_SUBTLV_SPB_METRIC, "SPB Metric" }, { 250, "Reserved for cisco specific extensions" }, { 251, "Reserved for cisco specific extensions" }, @@ -389,15 +406,42 @@ static const struct tok isis_ext_is_reach_subtlv_values[] = { #define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32 1 /* draft-ietf-isis-admin-tags-01 */ #define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64 2 /* draft-ietf-isis-admin-tags-01 */ +#define ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID 3 /* rfc8667 */ #define ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR 117 /* draft-ietf-isis-wg-multi-topology-05 */ static const struct tok isis_ext_ip_reach_subtlv_values[] = { { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32, "32-Bit Administrative tag" }, { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64, "64-Bit Administrative tag" }, + { ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID, "Prefix SID" }, { ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR, "Management Prefix Color" }, { 0, NULL } }; +#define ISIS_PREFIX_SID_FLAG_R 0x80 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_N 0x40 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_P 0x20 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_E 0x10 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_V 0x08 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_L 0x04 /* rfc 8667 */ + +static const struct tok prefix_sid_flag_values[] = { + { ISIS_PREFIX_SID_FLAG_R, "Readvertisement"}, + { ISIS_PREFIX_SID_FLAG_N, "Node"}, + { ISIS_PREFIX_SID_FLAG_P, "No-PHP"}, + { ISIS_PREFIX_SID_FLAG_E, "Explicit NULL"}, + { ISIS_PREFIX_SID_FLAG_V, "Value"}, + { ISIS_PREFIX_SID_FLAG_L, "Local"}, + { 0, NULL} +}; + + +/* rfc 8667 */ +static const struct tok prefix_sid_algo_values[] = { + { 0, "SPF"}, + { 1, "strict-SPF"}, + { 0, NULL} +}; + static const struct tok isis_subtlv_link_attribute_values[] = { { 0x01, "Local Protection Available" }, { 0x02, "Link excluded from local protection path" }, @@ -405,6 +449,16 @@ static const struct tok isis_subtlv_link_attribute_values[] = { { 0, NULL } }; +static const struct tok isis_lan_adj_sid_flag_values[] = { + { 0x80, "Address family IPv6" }, + { 0x40, "Backup" }, + { 0x20, "Value" }, + { 0x10, "Local significance" }, + { 0x08, "Set of adjacencies" }, + { 0x04, "Persistent" }, + { 0, NULL } +}; + #define ISIS_SUBTLV_AUTH_SIMPLE 1 #define ISIS_SUBTLV_AUTH_GENERIC 3 /* rfc 5310 */ #define ISIS_SUBTLV_AUTH_MD5 54 @@ -488,14 +542,14 @@ static const struct tok clnp_flag_values[] = { { 0, NULL} }; -#define ISIS_MASK_LSP_OL_BIT(x) (EXTRACT_U_1(x)&0x4) -#define ISIS_MASK_LSP_ISTYPE_BITS(x) (EXTRACT_U_1(x)&0x3) -#define ISIS_MASK_LSP_PARTITION_BIT(x) (EXTRACT_U_1(x)&0x80) -#define ISIS_MASK_LSP_ATT_BITS(x) (EXTRACT_U_1(x)&0x78) -#define ISIS_MASK_LSP_ATT_ERROR_BIT(x) (EXTRACT_U_1(x)&0x40) -#define ISIS_MASK_LSP_ATT_EXPENSE_BIT(x) (EXTRACT_U_1(x)&0x20) -#define ISIS_MASK_LSP_ATT_DELAY_BIT(x) (EXTRACT_U_1(x)&0x10) -#define ISIS_MASK_LSP_ATT_DEFAULT_BIT(x) (EXTRACT_U_1(x)&0x8) +#define ISIS_MASK_LSP_OL_BIT(x) (GET_U_1(x)&0x4) +#define ISIS_MASK_LSP_ISTYPE_BITS(x) (GET_U_1(x)&0x3) +#define ISIS_MASK_LSP_PARTITION_BIT(x) (GET_U_1(x)&0x80) +#define ISIS_MASK_LSP_ATT_BITS(x) (GET_U_1(x)&0x78) +#define ISIS_MASK_LSP_ATT_ERROR_BIT(x) (GET_U_1(x)&0x40) +#define ISIS_MASK_LSP_ATT_EXPENSE_BIT(x) (GET_U_1(x)&0x20) +#define ISIS_MASK_LSP_ATT_DELAY_BIT(x) (GET_U_1(x)&0x10) +#define ISIS_MASK_LSP_ATT_DEFAULT_BIT(x) (GET_U_1(x)&0x8) #define ISIS_MASK_MTID(x) ((x)&0x0fff) #define ISIS_MASK_MTFLAGS(x) ((x)&0xf000) @@ -512,10 +566,10 @@ static const struct tok isis_mt_flag_values[] = { #define ISIS_MASK_TLV_EXTD_IP6_IE(x) ((x)&0x40) #define ISIS_MASK_TLV_EXTD_IP6_SUBTLV(x) ((x)&0x20) -#define ISIS_LSP_TLV_METRIC_SUPPORTED(x) (EXTRACT_U_1(x)&0x80) -#define ISIS_LSP_TLV_METRIC_IE(x) (EXTRACT_U_1(x)&0x40) -#define ISIS_LSP_TLV_METRIC_UPDOWN(x) (EXTRACT_U_1(x)&0x80) -#define ISIS_LSP_TLV_METRIC_VALUE(x) (EXTRACT_U_1(x)&0x3f) +#define ISIS_LSP_TLV_METRIC_SUPPORTED(x) (GET_U_1(x)&0x80) +#define ISIS_LSP_TLV_METRIC_IE(x) (GET_U_1(x)&0x40) +#define ISIS_LSP_TLV_METRIC_UPDOWN(x) (GET_U_1(x)&0x80) +#define ISIS_LSP_TLV_METRIC_VALUE(x) (GET_U_1(x)&0x3f) #define ISIS_MASK_TLV_SHARED_RISK_GROUP(x) ((x)&0x1) @@ -557,7 +611,7 @@ static const struct tok isis_lsp_istype_values[] = { #define ISIS_PTP_ADJ_INIT 1 #define ISIS_PTP_ADJ_DOWN 2 -static const struct tok isis_ptp_adjancey_values[] = { +static const struct tok isis_ptp_adjacency_values[] = { { ISIS_PTP_ADJ_UP, "Up" }, { ISIS_PTP_ADJ_INIT, "Initializing" }, { ISIS_PTP_ADJ_DOWN, "Down" }, @@ -677,17 +731,16 @@ struct isis_tlv_lsp { #define ISIS_PSNP_HEADER_SIZE (sizeof(struct isis_psnp_header)) void -isoclns_print(netdissect_options *ndo, const uint8_t *p, u_int length) +isoclns_print(netdissect_options *ndo, const u_char *p, u_int length) { - if (!ND_TTEST_1(p)) { /* enough bytes on the wire ? */ - ND_PRINT((ndo, "|OSI")); - return; - } + ndo->ndo_protocol = "isoclns"; if (ndo->ndo_eflag) - ND_PRINT((ndo, "OSI NLPID %s (0x%02x): ", tok2str(nlpid_values, "Unknown", EXTRACT_U_1(p)), EXTRACT_U_1(p))); + ND_PRINT("OSI NLPID %s (0x%02x): ", + tok2str(nlpid_values, "Unknown", GET_U_1(p)), + GET_U_1(p)); - switch (EXTRACT_U_1(p)) { + switch (GET_U_1(p)) { case NLPID_CLNP: if (!clnp_print(ndo, p, length)) @@ -704,7 +757,7 @@ isoclns_print(netdissect_options *ndo, const uint8_t *p, u_int length) break; case NLPID_NULLNS: - ND_PRINT((ndo, "%slength: %u", ndo->ndo_eflag ? "" : ", ", length)); + ND_PRINT("%slength: %u", ndo->ndo_eflag ? "" : ", ", length); break; case NLPID_Q933: @@ -725,8 +778,8 @@ isoclns_print(netdissect_options *ndo, const uint8_t *p, u_int length) default: if (!ndo->ndo_eflag) - ND_PRINT((ndo, "OSI NLPID 0x%02x unknown", EXTRACT_U_1(p))); - ND_PRINT((ndo, "%slength: %u", ndo->ndo_eflag ? "" : ", ", length)); + ND_PRINT("OSI NLPID 0x%02x unknown", GET_U_1(p)); + ND_PRINT("%slength: %u", ndo->ndo_eflag ? "" : ", ", length); if (length > 1) print_unknown_data(ndo, p, "\n\t", length); break; @@ -779,34 +832,36 @@ clnp_print(netdissect_options *ndo, const struct clnp_segment_header_t *clnp_segment_header; uint8_t rfd_error,rfd_error_major,rfd_error_minor; + ndo->ndo_protocol = "clnp"; clnp_header = (const struct clnp_header_t *) pptr; ND_TCHECK_SIZE(clnp_header); - li = EXTRACT_U_1(clnp_header->length_indicator); + li = GET_U_1(clnp_header->length_indicator); li_remaining = li; optr = pptr; if (!ndo->ndo_eflag) - ND_PRINT((ndo, "CLNP")); + nd_print_protocol_caps(ndo); /* * Sanity checking of the header. */ - if (EXTRACT_U_1(clnp_header->version) != CLNP_VERSION) { - ND_PRINT((ndo, "version %u packet not supported", EXTRACT_U_1(clnp_header->version))); + if (GET_U_1(clnp_header->version) != CLNP_VERSION) { + ND_PRINT("version %u packet not supported", + GET_U_1(clnp_header->version)); return (0); } if (li > length) { - ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length)); + ND_PRINT(" length indicator(%u) > PDU size (%u)!", li, length); return (0); } if (li < sizeof(struct clnp_header_t)) { - ND_PRINT((ndo, " length indicator %u < min PDU size:", li)); + ND_PRINT(" length indicator %u < min PDU size:", li); while (pptr < ndo->ndo_snapend) { - ND_PRINT((ndo, "%02X", EXTRACT_U_1(pptr))); + ND_PRINT("%02X", GET_U_1(pptr)); pptr++; } return (0); @@ -814,22 +869,21 @@ clnp_print(netdissect_options *ndo, /* FIXME further header sanity checking */ - clnp_pdu_type = EXTRACT_U_1(clnp_header->type) & CLNP_PDU_TYPE_MASK; - clnp_flags = EXTRACT_U_1(clnp_header->type) & CLNP_FLAG_MASK; + clnp_pdu_type = GET_U_1(clnp_header->type) & CLNP_PDU_TYPE_MASK; + clnp_flags = GET_U_1(clnp_header->type) & CLNP_FLAG_MASK; pptr += sizeof(struct clnp_header_t); li_remaining -= sizeof(struct clnp_header_t); if (li_remaining < 1) { - ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + ND_PRINT("li < size of fixed part of CLNP header and addresses"); return (0); } - ND_TCHECK_1(pptr); - dest_address_length = EXTRACT_U_1(pptr); + dest_address_length = GET_U_1(pptr); pptr += 1; li_remaining -= 1; if (li_remaining < dest_address_length) { - ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + ND_PRINT("li < size of fixed part of CLNP header and addresses"); return (0); } ND_TCHECK_LEN(pptr, dest_address_length); @@ -838,15 +892,14 @@ clnp_print(netdissect_options *ndo, li_remaining -= dest_address_length; if (li_remaining < 1) { - ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + ND_PRINT("li < size of fixed part of CLNP header and addresses"); return (0); } - ND_TCHECK_1(pptr); - source_address_length = EXTRACT_U_1(pptr); + source_address_length = GET_U_1(pptr); pptr += 1; li_remaining -= 1; if (li_remaining < source_address_length) { - ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + ND_PRINT("li < size of fixed part of CLNP header and addresses"); return (0); } ND_TCHECK_LEN(pptr, source_address_length); @@ -855,68 +908,67 @@ clnp_print(netdissect_options *ndo, li_remaining -= source_address_length; if (ndo->ndo_vflag < 1) { - ND_PRINT((ndo, "%s%s > %s, %s, length %u", + ND_PRINT("%s%s > %s, %s, length %u", ndo->ndo_eflag ? "" : ", ", - isonsap_string(ndo, source_address, source_address_length), - isonsap_string(ndo, dest_address, dest_address_length), + GET_ISONSAP_STRING(source_address, source_address_length), + GET_ISONSAP_STRING(dest_address, dest_address_length), tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), - length)); + length); return (1); } - ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length)); + ND_PRINT("%slength %u", ndo->ndo_eflag ? "" : ", ", length); - ND_PRINT((ndo, "\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x", + ND_PRINT("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x", tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type), - EXTRACT_U_1(clnp_header->length_indicator), - EXTRACT_U_1(clnp_header->version), - EXTRACT_U_1(clnp_header->lifetime)/2, - (EXTRACT_U_1(clnp_header->lifetime)%2)*5, - EXTRACT_BE_U_2(clnp_header->segment_length), - EXTRACT_BE_U_2(clnp_header->cksum))); + GET_U_1(clnp_header->length_indicator), + GET_U_1(clnp_header->version), + GET_U_1(clnp_header->lifetime)/2, + (GET_U_1(clnp_header->lifetime)%2)*5, + GET_BE_U_2(clnp_header->segment_length), + GET_BE_U_2(clnp_header->cksum)); - osi_print_cksum(ndo, optr, EXTRACT_BE_U_2(clnp_header->cksum), 7, - EXTRACT_U_1(clnp_header->length_indicator)); + osi_print_cksum(ndo, optr, GET_BE_U_2(clnp_header->cksum), 7, + GET_U_1(clnp_header->length_indicator)); - ND_PRINT((ndo, "\n\tFlags [%s]", - bittok2str(clnp_flag_values, "none", clnp_flags))); + ND_PRINT("\n\tFlags [%s]", + bittok2str(clnp_flag_values, "none", clnp_flags)); - ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest address (length %u): %s", + ND_PRINT("\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - isonsap_string(ndo, source_address, source_address_length), + GET_ISONSAP_STRING(source_address, source_address_length), dest_address_length, - isonsap_string(ndo, dest_address, dest_address_length))); + GET_ISONSAP_STRING(dest_address, dest_address_length)); if (clnp_flags & CLNP_SEGMENT_PART) { if (li_remaining < sizeof(struct clnp_segment_header_t)) { - ND_PRINT((ndo, "li < size of fixed part of CLNP header, addresses, and segment part")); + ND_PRINT("li < size of fixed part of CLNP header, addresses, and segment part"); return (0); } - clnp_segment_header = (const struct clnp_segment_header_t *) pptr; + clnp_segment_header = (const struct clnp_segment_header_t *) pptr; ND_TCHECK_SIZE(clnp_segment_header); - ND_PRINT((ndo, "\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u", - EXTRACT_BE_U_2(clnp_segment_header->data_unit_id), - EXTRACT_BE_U_2(clnp_segment_header->segment_offset), - EXTRACT_BE_U_2(clnp_segment_header->total_length))); + ND_PRINT("\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u", + GET_BE_U_2(clnp_segment_header->data_unit_id), + GET_BE_U_2(clnp_segment_header->segment_offset), + GET_BE_U_2(clnp_segment_header->total_length)); pptr+=sizeof(struct clnp_segment_header_t); li_remaining-=sizeof(struct clnp_segment_header_t); } /* now walk the options */ - while (li_remaining >= 2) { + while (li_remaining != 0) { u_int op, opli; const uint8_t *tptr; if (li_remaining < 2) { - ND_PRINT((ndo, ", bad opts/li")); + ND_PRINT(", bad opts/li"); return (0); } - ND_TCHECK_2(pptr); - op = EXTRACT_U_1(pptr); - opli = EXTRACT_U_1(pptr + 1); + op = GET_U_1(pptr); + opli = GET_U_1(pptr + 1); pptr += 2; li_remaining -= 2; if (opli > li_remaining) { - ND_PRINT((ndo, ", opt (%u) too long", op)); + ND_PRINT(", opt (%u) too long", op); return (0); } ND_TCHECK_LEN(pptr, opli); @@ -924,10 +976,10 @@ clnp_print(netdissect_options *ndo, tptr = pptr; tlen = opli; - ND_PRINT((ndo, "\n\t %s Option #%u, length %u, value: ", + ND_PRINT("\n\t %s Option #%u, length %u, value: ", tok2str(clnp_option_values,"Unknown",op), op, - opli)); + opli); /* * We've already checked that the entire option is present @@ -943,37 +995,35 @@ clnp_print(netdissect_options *ndo, case CLNP_OPTION_ROUTE_RECORDING: /* those two options share the format */ case CLNP_OPTION_SOURCE_ROUTING: if (tlen < 2) { - ND_PRINT((ndo, ", bad opt len")); + ND_PRINT(", bad opt len"); return (0); } - ND_PRINT((ndo, "%s %s", - tok2str(clnp_option_sr_rr_values,"Unknown",EXTRACT_U_1(tptr)), - tok2str(clnp_option_sr_rr_string_values, "Unknown Option %u", op))); - nsap_offset=EXTRACT_U_1(tptr + 1); + ND_PRINT("%s %s", + tok2str(clnp_option_sr_rr_values,"Unknown",GET_U_1(tptr)), + tok2str(clnp_option_sr_rr_string_values, "Unknown Option %u", op)); + nsap_offset=GET_U_1(tptr + 1); if (nsap_offset == 0) { - ND_PRINT((ndo, " Bad NSAP offset (0)")); + ND_PRINT(" Bad NSAP offset (0)"); break; } nsap_offset-=1; /* offset to nsap list */ if (nsap_offset > tlen) { - ND_PRINT((ndo, " Bad NSAP offset (past end of option)")); + ND_PRINT(" Bad NSAP offset (past end of option)"); break; } tptr+=nsap_offset; tlen-=nsap_offset; - while (tlen > 0) { - source_address_length=EXTRACT_U_1(tptr); + while (tlen != 0) { + source_address_length=GET_U_1(tptr); if (tlen < source_address_length+1) { - ND_PRINT((ndo, "\n\t NSAP address goes past end of option")); + ND_PRINT("\n\t NSAP address goes past end of option"); break; } if (source_address_length > 0) { source_address=(tptr+1); - ND_TCHECK_LEN(source_address, - source_address_length); - ND_PRINT((ndo, "\n\t NSAP address (length %u): %s", + ND_PRINT("\n\t NSAP address (length %u): %s", source_address_length, - isonsap_string(ndo, source_address, source_address_length))); + GET_ISONSAP_STRING(source_address, source_address_length)); } tlen-=source_address_length+1; } @@ -981,54 +1031,54 @@ clnp_print(netdissect_options *ndo, case CLNP_OPTION_PRIORITY: if (tlen < 1) { - ND_PRINT((ndo, ", bad opt len")); + ND_PRINT(", bad opt len"); return (0); } - ND_PRINT((ndo, "0x%1x", EXTRACT_U_1(tptr)&0x0f)); + ND_PRINT("0x%1x", GET_U_1(tptr)&0x0f); break; case CLNP_OPTION_QOS_MAINTENANCE: if (tlen < 1) { - ND_PRINT((ndo, ", bad opt len")); + ND_PRINT(", bad opt len"); return (0); } - ND_PRINT((ndo, "\n\t Format Code: %s", - tok2str(clnp_option_scope_values, "Reserved", EXTRACT_U_1(tptr) & CLNP_OPTION_SCOPE_MASK))); + ND_PRINT("\n\t Format Code: %s", + tok2str(clnp_option_scope_values, "Reserved", GET_U_1(tptr) & CLNP_OPTION_SCOPE_MASK)); - if ((EXTRACT_U_1(tptr)&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL) - ND_PRINT((ndo, "\n\t QoS Flags [%s]", + if ((GET_U_1(tptr)&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL) + ND_PRINT("\n\t QoS Flags [%s]", bittok2str(clnp_option_qos_global_values, "none", - EXTRACT_U_1(tptr)&CLNP_OPTION_OPTION_QOS_MASK))); + GET_U_1(tptr)&CLNP_OPTION_OPTION_QOS_MASK)); break; case CLNP_OPTION_SECURITY: if (tlen < 2) { - ND_PRINT((ndo, ", bad opt len")); + ND_PRINT(", bad opt len"); return (0); } - ND_PRINT((ndo, "\n\t Format Code: %s, Security-Level %u", - tok2str(clnp_option_scope_values,"Reserved",EXTRACT_U_1(tptr)&CLNP_OPTION_SCOPE_MASK), - EXTRACT_U_1(tptr + 1))); + ND_PRINT("\n\t Format Code: %s, Security-Level %u", + tok2str(clnp_option_scope_values,"Reserved",GET_U_1(tptr)&CLNP_OPTION_SCOPE_MASK), + GET_U_1(tptr + 1)); break; case CLNP_OPTION_DISCARD_REASON: if (tlen < 1) { - ND_PRINT((ndo, ", bad opt len")); + ND_PRINT(", bad opt len"); return (0); } - rfd_error = EXTRACT_U_1(tptr); + rfd_error = GET_U_1(tptr); rfd_error_major = (rfd_error&0xf0) >> 4; rfd_error_minor = rfd_error&0x0f; - ND_PRINT((ndo, "\n\t Class: %s Error (0x%01x), %s (0x%01x)", + ND_PRINT("\n\t Class: %s Error (0x%01x), %s (0x%01x)", tok2str(clnp_option_rfd_class_values,"Unknown",rfd_error_major), rfd_error_major, tok2str(clnp_option_rfd_error_class[rfd_error_major],"Unknown",rfd_error_minor), - rfd_error_minor)); + rfd_error_minor); break; case CLNP_OPTION_PADDING: - ND_PRINT((ndo, "padding data")); + ND_PRINT("padding data"); break; /* @@ -1048,31 +1098,43 @@ clnp_print(netdissect_options *ndo, switch (clnp_pdu_type) { case CLNP_PDU_ER: /* fall through */ - case CLNP_PDU_ERP: - ND_TCHECK_1(pptr); - if (EXTRACT_U_1(pptr) == NLPID_CLNP) { - ND_PRINT((ndo, "\n\t-----original packet-----\n\t")); + case CLNP_PDU_ERP: + if (GET_U_1(pptr) == NLPID_CLNP) { + ND_PRINT("\n\t-----original packet-----\n\t"); /* FIXME recursion protection */ clnp_print(ndo, pptr, length - li); break; } - case CLNP_PDU_DT: - case CLNP_PDU_MD: - case CLNP_PDU_ERQ: + /* The cases above break from the switch block if they see and print + * a CLNP header in the Data part. For an Error Report PDU this is + * described in Section 7.9.6 of ITU X.233 (1997 E), also known as + * ISO/IEC 8473-1:1998(E). It is not clear why in this code the same + * applies to an Echo Response PDU, as the standard does not specify + * the contents -- could be a proprietary extension or a bug. In either + * case, if the Data part does not contain a CLNP header, its structure + * is considered unknown and the decoding falls through to print the + * contents as-is. + */ + ND_FALL_THROUGH; + + case CLNP_PDU_DT: + case CLNP_PDU_MD: + case CLNP_PDU_ERQ: default: /* dump the PDU specific data */ - if (length-(pptr-optr) > 0) { - ND_PRINT((ndo, "\n\t undecoded non-header data, length %u", length-li)); - print_unknown_data(ndo, pptr, "\n\t ", length - (pptr - optr)); + if (length > ND_BYTES_BETWEEN(optr, pptr)) { + ND_PRINT("\n\t undecoded non-header data, length %u", length-li); + print_unknown_data(ndo, pptr, "\n\t ", + length - ND_BYTES_BETWEEN(optr, pptr)); } } return (1); trunc: - ND_PRINT((ndo, "[|clnp]")); + nd_print_trunc(ndo); return (1); } @@ -1107,71 +1169,73 @@ esis_print(netdissect_options *ndo, u_int li, version, esis_pdu_type, source_address_length, source_address_number; const struct esis_header_t *esis_header; + ndo->ndo_protocol = "esis"; if (!ndo->ndo_eflag) - ND_PRINT((ndo, "ES-IS")); + ND_PRINT("ES-IS"); if (length <= 2) { - ND_PRINT((ndo, ndo->ndo_qflag ? "bad pkt!" : "no header at all!")); + ND_PRINT(ndo->ndo_qflag ? "bad pkt!" : "no header at all!"); return; } esis_header = (const struct esis_header_t *) pptr; ND_TCHECK_SIZE(esis_header); - li = EXTRACT_U_1(esis_header->length_indicator); + li = GET_U_1(esis_header->length_indicator); optr = pptr; /* * Sanity checking of the header. */ - if (EXTRACT_U_1(esis_header->nlpid) != NLPID_ESIS) { - ND_PRINT((ndo, " nlpid 0x%02x packet not supported", EXTRACT_U_1(esis_header->nlpid))); + if (GET_U_1(esis_header->nlpid) != NLPID_ESIS) { + ND_PRINT(" nlpid 0x%02x packet not supported", + GET_U_1(esis_header->nlpid)); return; } - version = EXTRACT_U_1(esis_header->version); + version = GET_U_1(esis_header->version); if (version != ESIS_VERSION) { - ND_PRINT((ndo, " version %u packet not supported", version)); + ND_PRINT(" version %u packet not supported", version); return; } if (li > length) { - ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length)); + ND_PRINT(" length indicator(%u) > PDU size (%u)!", li, length); return; } if (li < sizeof(struct esis_header_t) + 2) { - ND_PRINT((ndo, " length indicator %u < min PDU size:", li)); + ND_PRINT(" length indicator %u < min PDU size:", li); while (pptr < ndo->ndo_snapend) { - ND_PRINT((ndo, "%02X", EXTRACT_U_1(pptr))); + ND_PRINT("%02X", GET_U_1(pptr)); pptr++; } return; } - esis_pdu_type = EXTRACT_U_1(esis_header->type) & ESIS_PDU_TYPE_MASK; + esis_pdu_type = GET_U_1(esis_header->type) & ESIS_PDU_TYPE_MASK; if (ndo->ndo_vflag < 1) { - ND_PRINT((ndo, "%s%s, length %u", + ND_PRINT("%s%s, length %u", ndo->ndo_eflag ? "" : ", ", tok2str(esis_pdu_values,"unknown type (%u)",esis_pdu_type), - length)); + length); return; } else - ND_PRINT((ndo, "%slength %u\n\t%s (%u)", + ND_PRINT("%slength %u\n\t%s (%u)", ndo->ndo_eflag ? "" : ", ", length, tok2str(esis_pdu_values,"unknown type: %u", esis_pdu_type), - esis_pdu_type)); + esis_pdu_type); - ND_PRINT((ndo, ", v: %u%s", version, version == ESIS_VERSION ? "" : "unsupported" )); - ND_PRINT((ndo, ", checksum: 0x%04x", EXTRACT_BE_U_2(esis_header->cksum))); + ND_PRINT(", v: %u%s", version, version == ESIS_VERSION ? "" : "unsupported" ); + ND_PRINT(", checksum: 0x%04x", GET_BE_U_2(esis_header->cksum)); - osi_print_cksum(ndo, pptr, EXTRACT_BE_U_2(esis_header->cksum), 7, + osi_print_cksum(ndo, pptr, GET_BE_U_2(esis_header->cksum), 7, li); - ND_PRINT((ndo, ", holding time: %us, length indicator: %u", - EXTRACT_BE_U_2(esis_header->holdtime), li)); + ND_PRINT(", holding time: %us, length indicator: %u", + GET_BE_U_2(esis_header->holdtime), li); if (ndo->ndo_vflag > 1) print_unknown_data(ndo, optr, "\n\t", sizeof(struct esis_header_t)); @@ -1186,33 +1250,33 @@ esis_print(netdissect_options *ndo, ND_TCHECK_1(pptr); if (li < 1) { - ND_PRINT((ndo, ", bad redirect/li")); + ND_PRINT(", bad redirect/li"); return; } - dstl = EXTRACT_U_1(pptr); + dstl = GET_U_1(pptr); pptr++; li--; ND_TCHECK_LEN(pptr, dstl); if (li < dstl) { - ND_PRINT((ndo, ", bad redirect/li")); + ND_PRINT(", bad redirect/li"); return; } dst = pptr; pptr += dstl; li -= dstl; - ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, dst, dstl))); + ND_PRINT("\n\t %s", GET_ISONSAP_STRING(dst, dstl)); ND_TCHECK_1(pptr); if (li < 1) { - ND_PRINT((ndo, ", bad redirect/li")); + ND_PRINT(", bad redirect/li"); return; } - snpal = EXTRACT_U_1(pptr); + snpal = GET_U_1(pptr); pptr++; li--; ND_TCHECK_LEN(pptr, snpal); if (li < snpal) { - ND_PRINT((ndo, ", bad redirect/li")); + ND_PRINT(", bad redirect/li"); return; } snpa = pptr; @@ -1220,65 +1284,65 @@ esis_print(netdissect_options *ndo, li -= snpal; ND_TCHECK_1(pptr); if (li < 1) { - ND_PRINT((ndo, ", bad redirect/li")); + ND_PRINT(", bad redirect/li"); return; } - netal = EXTRACT_U_1(pptr); + netal = GET_U_1(pptr); pptr++; ND_TCHECK_LEN(pptr, netal); if (li < netal) { - ND_PRINT((ndo, ", bad redirect/li")); + ND_PRINT(", bad redirect/li"); return; } neta = pptr; pptr += netal; li -= netal; - if (snpal == 6) - ND_PRINT((ndo, "\n\t SNPA (length: %u): %s", + if (snpal == MAC48_LEN) + ND_PRINT("\n\t SNPA (length: %u): %s", snpal, - etheraddr_string(ndo, snpa))); + GET_MAC48_STRING(snpa)); else - ND_PRINT((ndo, "\n\t SNPA (length: %u): %s", + ND_PRINT("\n\t SNPA (length: %u): %s", snpal, - linkaddr_string(ndo, snpa, LINKADDR_OTHER, snpal))); + GET_LINKADDR_STRING(snpa, LINKADDR_OTHER, snpal)); if (netal != 0) - ND_PRINT((ndo, "\n\t NET (length: %u) %s", + ND_PRINT("\n\t NET (length: %u) %s", netal, - isonsap_string(ndo, neta, netal))); + GET_ISONSAP_STRING(neta, netal)); break; } case ESIS_PDU_ESH: ND_TCHECK_1(pptr); if (li < 1) { - ND_PRINT((ndo, ", bad esh/li")); + ND_PRINT(", bad esh/li"); return; } - source_address_number = EXTRACT_U_1(pptr); + source_address_number = GET_U_1(pptr); pptr++; li--; - ND_PRINT((ndo, "\n\t Number of Source Addresses: %u", source_address_number)); + ND_PRINT("\n\t Number of Source Addresses: %u", source_address_number); - while (source_address_number > 0) { + while (source_address_number != 0) { ND_TCHECK_1(pptr); - if (li < 1) { - ND_PRINT((ndo, ", bad esh/li")); - return; - } - source_address_length = EXTRACT_U_1(pptr); + if (li < 1) { + ND_PRINT(", bad esh/li"); + return; + } + source_address_length = GET_U_1(pptr); pptr++; - li--; + li--; ND_TCHECK_LEN(pptr, source_address_length); - if (li < source_address_length) { - ND_PRINT((ndo, ", bad esh/li")); - return; - } - ND_PRINT((ndo, "\n\t NET (length: %u): %s", + if (li < source_address_length) { + ND_PRINT(", bad esh/li"); + return; + } + ND_PRINT("\n\t NET (length: %u): %s", source_address_length, - isonsap_string(ndo, pptr, source_address_length))); + GET_ISONSAP_STRING(pptr, source_address_length)); pptr += source_address_length; li -= source_address_length; source_address_number--; @@ -1289,18 +1353,18 @@ esis_print(netdissect_options *ndo, case ESIS_PDU_ISH: { ND_TCHECK_1(pptr); if (li < 1) { - ND_PRINT((ndo, ", bad ish/li")); + ND_PRINT(", bad ish/li"); return; } - source_address_length = EXTRACT_U_1(pptr); + source_address_length = GET_U_1(pptr); pptr++; li--; ND_TCHECK_LEN(pptr, source_address_length); if (li < source_address_length) { - ND_PRINT((ndo, ", bad ish/li")); + ND_PRINT(", bad ish/li"); return; } - ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length))); + ND_PRINT("\n\t NET (length: %u): %s", source_address_length, GET_ISONSAP_STRING(pptr, source_address_length)); pptr += source_address_length; li -= source_address_length; break; @@ -1308,8 +1372,12 @@ esis_print(netdissect_options *ndo, default: if (ndo->ndo_vflag <= 1) { - if (pptr < ndo->ndo_snapend) - print_unknown_data(ndo, pptr, "\n\t ", ndo->ndo_snapend - pptr); + /* + * If there's at least one byte to print, print + * it/them. + */ + if (ND_TTEST_LEN(pptr, 1)) + print_unknown_data(ndo, pptr, "\n\t ", ND_BYTES_AVAILABLE_AFTER(pptr)); } return; } @@ -1320,46 +1388,44 @@ esis_print(netdissect_options *ndo, const uint8_t *tptr; if (li < 2) { - ND_PRINT((ndo, ", bad opts/li")); + ND_PRINT(", bad opts/li"); return; } - ND_TCHECK_2(pptr); - op = EXTRACT_U_1(pptr); - opli = EXTRACT_U_1(pptr + 1); + op = GET_U_1(pptr); + opli = GET_U_1(pptr + 1); pptr += 2; li -= 2; if (opli > li) { - ND_PRINT((ndo, ", opt (%u) too long", op)); + ND_PRINT(", opt (%u) too long", op); return; } li -= opli; tptr = pptr; - ND_PRINT((ndo, "\n\t %s Option #%u, length %u, value: ", + ND_PRINT("\n\t %s Option #%u, length %u, value: ", tok2str(esis_option_values,"Unknown",op), op, - opli)); + opli); switch (op) { case ESIS_OPTION_ES_CONF_TIME: if (opli == 2) { ND_TCHECK_2(pptr); - ND_PRINT((ndo, "%us", EXTRACT_BE_U_2(tptr))); + ND_PRINT("%us", GET_BE_U_2(tptr)); } else - ND_PRINT((ndo, "(bad length)")); + ND_PRINT("(bad length)"); break; case ESIS_OPTION_PROTOCOLS: - while (opli>0) { - ND_TCHECK_1(tptr); - ND_PRINT((ndo, "%s (0x%02x)", + while (opli != 0) { + ND_PRINT("%s (0x%02x)", tok2str(nlpid_values, "unknown", - EXTRACT_U_1(tptr)), - EXTRACT_U_1(tptr))); + GET_U_1(tptr)), + GET_U_1(tptr)); if (opli>1) /* further NPLIDs ? - put comma */ - ND_PRINT((ndo, ", ")); + ND_PRINT(", "); tptr++; opli--; } @@ -1384,8 +1450,10 @@ esis_print(netdissect_options *ndo, print_unknown_data(ndo, pptr, "\n\t ", opli); pptr += opli; } + return; + trunc: - ND_PRINT((ndo, "[|esis]")); + nd_print_trunc(ndo); } static void @@ -1395,20 +1463,20 @@ isis_print_mcid(netdissect_options *ndo, int i; ND_TCHECK_SIZE(mcid); - ND_PRINT((ndo, "ID: %u, Name: ", EXTRACT_U_1(mcid->format_id))); + ND_PRINT("ID: %u, Name: ", GET_U_1(mcid->format_id)); - if (fn_printzp(ndo, mcid->name, 32, ndo->ndo_snapend)) - goto trunc; + nd_printjnp(ndo, mcid->name, sizeof(mcid->name)); - ND_PRINT((ndo, "\n\t Lvl: %u", EXTRACT_BE_U_2(mcid->revision_lvl))); + ND_PRINT("\n\t Lvl: %u", GET_BE_U_2(mcid->revision_lvl)); - ND_PRINT((ndo, ", Digest: ")); + ND_PRINT(", Digest: "); for(i=0;i<16;i++) - ND_PRINT((ndo, "%.2x ", mcid->digest[i])); + ND_PRINT("%.2x ", mcid->digest[i]); + return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); } static int @@ -1419,51 +1487,48 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, const struct isis_subtlv_spb_mcid *subtlv_spb_mcid; int i; - while (len > 2) - { - ND_TCHECK_2(tptr); - stlv_type = EXTRACT_U_1(tptr); - stlv_len = EXTRACT_U_1(tptr + 1); + while (len > 2) { + stlv_type = GET_U_1(tptr); + stlv_len = GET_U_1(tptr + 1); /* first lets see if we know the subTLVs name*/ - ND_PRINT((ndo, "\n\t %s subTLV #%u, length: %u", + ND_PRINT("\n\t %s subTLV #%u, length: %u", tok2str(isis_mt_port_cap_subtlv_values, "unknown", stlv_type), stlv_type, - stlv_len)); + stlv_len); - tptr = tptr + 2; + tptr += 2; /*len -= TLV_TYPE_LEN_OFFSET;*/ - len = len - 2; + len -= 2; /* Make sure the subTLV fits within the space left */ if (len < stlv_len) - goto trunc; + goto subtlv_too_long; /* Make sure the entire subTLV is in the captured data */ ND_TCHECK_LEN(tptr, stlv_len); - switch (stlv_type) - { + switch (stlv_type) { case ISIS_SUBTLV_SPB_MCID: { - if (stlv_len < ISIS_SUBTLV_SPB_MCID_MIN_LEN) - goto trunc; + if (stlv_len < ISIS_SUBTLV_SPB_MCID_MIN_LEN) + goto subtlv_too_short; subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr; - ND_PRINT((ndo, "\n\t MCID: ")); + ND_PRINT("\n\t MCID: "); isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid)); /*tptr += SPB_MCID_MIN_LEN; len -= SPB_MCID_MIN_LEN; */ - ND_PRINT((ndo, "\n\t AUX-MCID: ")); + ND_PRINT("\n\t AUX-MCID: "); isis_print_mcid(ndo, &(subtlv_spb_mcid->aux_mcid)); /*tptr += SPB_MCID_MIN_LEN; len -= SPB_MCID_MIN_LEN; */ - tptr = tptr + ISIS_SUBTLV_SPB_MCID_MIN_LEN; - len = len - ISIS_SUBTLV_SPB_MCID_MIN_LEN; - stlv_len = stlv_len - ISIS_SUBTLV_SPB_MCID_MIN_LEN; + tptr += ISIS_SUBTLV_SPB_MCID_MIN_LEN; + len -= ISIS_SUBTLV_SPB_MCID_MIN_LEN; + stlv_len -= ISIS_SUBTLV_SPB_MCID_MIN_LEN; break; } @@ -1471,49 +1536,53 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, case ISIS_SUBTLV_SPB_DIGEST: { if (stlv_len < ISIS_SUBTLV_SPB_DIGEST_MIN_LEN) - goto trunc; + goto subtlv_too_short; - ND_PRINT((ndo, "\n\t RES: %u V: %u A: %u D: %u", - (EXTRACT_U_1(tptr) >> 5), - ((EXTRACT_U_1(tptr) >> 4) & 0x01), - ((EXTRACT_U_1(tptr) >> 2) & 0x03), - (EXTRACT_U_1(tptr) & 0x03))); + ND_PRINT("\n\t RES: %u V: %u A: %u D: %u", + (GET_U_1(tptr) >> 5), + ((GET_U_1(tptr) >> 4) & 0x01), + ((GET_U_1(tptr) >> 2) & 0x03), + (GET_U_1(tptr) & 0x03)); tptr++; - ND_PRINT((ndo, "\n\t Digest: ")); + ND_PRINT("\n\t Digest: "); - for(i=1;i<=8; i++) - { - ND_PRINT((ndo, "%08x ", EXTRACT_BE_U_4(tptr))); + for(i=1;i<=8; i++) { + ND_PRINT("%08x ", GET_BE_U_4(tptr)); if (i%4 == 0 && i != 8) - ND_PRINT((ndo, "\n\t ")); - tptr = tptr + 4; + ND_PRINT("\n\t "); + tptr += 4; } - len = len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; - stlv_len = stlv_len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; + len -= ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; + stlv_len -= ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; break; } case ISIS_SUBTLV_SPB_BVID: { - while (stlv_len >= ISIS_SUBTLV_SPB_BVID_MIN_LEN) - { - ND_PRINT((ndo, "\n\t ECT: %08x", - EXTRACT_BE_U_4(tptr))); - - tptr = tptr+4; - - ND_PRINT((ndo, " BVID: %u, U:%01x M:%01x ", - (EXTRACT_BE_U_2(tptr) >> 4) , - (EXTRACT_BE_U_2(tptr) >> 3) & 0x01, - (EXTRACT_BE_U_2(tptr) >> 2) & 0x01)); - - tptr = tptr + 2; - len = len - ISIS_SUBTLV_SPB_BVID_MIN_LEN; - stlv_len = stlv_len - ISIS_SUBTLV_SPB_BVID_MIN_LEN; + while (stlv_len != 0) { + if (stlv_len < 4) + goto subtlv_too_short; + ND_PRINT("\n\t ECT: %08x", + GET_BE_U_4(tptr)); + + tptr += 4; + len -= 4; + stlv_len -= 4; + + if (stlv_len < 2) + goto subtlv_too_short; + ND_PRINT(" BVID: %u, U:%01x M:%01x ", + (GET_BE_U_2(tptr) >> 4) , + (GET_BE_U_2(tptr) >> 3) & 0x01, + (GET_BE_U_2(tptr) >> 2) & 0x01); + + tptr += 2; + len -= 2; + stlv_len -= 2; } break; @@ -1525,95 +1594,97 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, tptr += stlv_len; len -= stlv_len; } + return (0); - return 0; +trunc: + nd_print_trunc(ndo); + return (1); - trunc: - ND_PRINT((ndo, "\n\t\t")); - ND_PRINT((ndo, "%s", tstr)); - return(1); +subtlv_too_long: + ND_PRINT(" (> containing TLV length)"); + return (1); + +subtlv_too_short: + ND_PRINT(" (too short)"); + return (1); } static int isis_print_mt_capability_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int len) { - u_int stlv_type, stlv_len, tmp; + u_int stlv_type, stlv_len, treecount; - while (len > 2) - { - ND_TCHECK_2(tptr); - stlv_type = EXTRACT_U_1(tptr); - stlv_len = EXTRACT_U_1(tptr + 1); - tptr = tptr + 2; - len = len - 2; + while (len > 2) { + stlv_type = GET_U_1(tptr); + stlv_len = GET_U_1(tptr + 1); + tptr += 2; + len -= 2; /* first lets see if we know the subTLVs name*/ - ND_PRINT((ndo, "\n\t %s subTLV #%u, length: %u", + ND_PRINT("\n\t %s subTLV #%u, length: %u", tok2str(isis_mt_capability_subtlv_values, "unknown", stlv_type), stlv_type, - stlv_len)); + stlv_len); /* Make sure the subTLV fits within the space left */ if (len < stlv_len) - goto trunc; + goto subtlv_too_long; /* Make sure the entire subTLV is in the captured data */ ND_TCHECK_LEN(tptr, stlv_len); - switch (stlv_type) - { + switch (stlv_type) { case ISIS_SUBTLV_SPB_INSTANCE: if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN) - goto trunc; - - ND_PRINT((ndo, "\n\t CIST Root-ID: %08x", EXTRACT_BE_U_4(tptr))); - tptr = tptr+4; - ND_PRINT((ndo, " %08x", EXTRACT_BE_U_4(tptr))); - tptr = tptr+4; - ND_PRINT((ndo, ", Path Cost: %08x", EXTRACT_BE_U_4(tptr))); - tptr = tptr+4; - ND_PRINT((ndo, ", Prio: %u", EXTRACT_BE_U_2(tptr))); - tptr = tptr + 2; - ND_PRINT((ndo, "\n\t RES: %u", - EXTRACT_BE_U_2(tptr) >> 5)); - ND_PRINT((ndo, ", V: %u", - (EXTRACT_BE_U_2(tptr) >> 4) & 0x0001)); - ND_PRINT((ndo, ", SPSource-ID: %u", - (EXTRACT_BE_U_4(tptr) & 0x000fffff))); - tptr = tptr+4; - ND_PRINT((ndo, ", No of Trees: %x", EXTRACT_U_1(tptr))); - - tmp = EXTRACT_U_1(tptr); + goto subtlv_too_short; + + ND_PRINT("\n\t CIST Root-ID: %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT(" %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT(", Path Cost: %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT(", Prio: %u", GET_BE_U_2(tptr)); + tptr += 2; + ND_PRINT("\n\t RES: %u", + GET_BE_U_2(tptr) >> 5); + ND_PRINT(", V: %u", + (GET_BE_U_2(tptr) >> 4) & 0x0001); + ND_PRINT(", SPSource-ID: %u", + (GET_BE_U_4(tptr) & 0x000fffff)); + tptr += 4; + ND_PRINT(", No of Trees: %x", GET_U_1(tptr)); + + treecount = GET_U_1(tptr); tptr++; - len = len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; - stlv_len = stlv_len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; + len -= ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; + stlv_len -= ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; - while (tmp) - { + while (treecount) { if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN) goto trunc; - ND_PRINT((ndo, "\n\t U:%u, M:%u, A:%u, RES:%u", - EXTRACT_U_1(tptr) >> 7, - (EXTRACT_U_1(tptr) >> 6) & 0x01, - (EXTRACT_U_1(tptr) >> 5) & 0x01, - (EXTRACT_U_1(tptr) & 0x1f))); + ND_PRINT("\n\t U:%u, M:%u, A:%u, RES:%u", + GET_U_1(tptr) >> 7, + (GET_U_1(tptr) >> 6) & 0x01, + (GET_U_1(tptr) >> 5) & 0x01, + (GET_U_1(tptr) & 0x1f)); tptr++; - ND_PRINT((ndo, ", ECT: %08x", EXTRACT_BE_U_4(tptr))); + ND_PRINT(", ECT: %08x", GET_BE_U_4(tptr)); - tptr = tptr + 4; + tptr += 4; - ND_PRINT((ndo, ", BVID: %u, SPVID: %u", - (EXTRACT_BE_U_3(tptr) >> 12) & 0x000fff, - EXTRACT_BE_U_3(tptr) & 0x000fff)); + ND_PRINT(", BVID: %u, SPVID: %u", + (GET_BE_U_3(tptr) >> 12) & 0x000fff, + GET_BE_U_3(tptr) & 0x000fff); - tptr = tptr + 3; - len = len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; - stlv_len = stlv_len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; - tmp--; + tptr += 3; + len -= ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; + stlv_len -= ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; + treecount--; } break; @@ -1622,29 +1693,28 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, if (stlv_len < 8) goto trunc; - ND_PRINT((ndo, "\n\t BMAC: %08x", EXTRACT_BE_U_4(tptr))); - tptr = tptr+4; - ND_PRINT((ndo, "%04x", EXTRACT_BE_U_2(tptr))); - tptr = tptr+2; + ND_PRINT("\n\t BMAC: %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT("%04x", GET_BE_U_2(tptr)); + tptr += 2; - ND_PRINT((ndo, ", RES: %u, VID: %u", EXTRACT_BE_U_2(tptr) >> 12, - (EXTRACT_BE_U_2(tptr)) & 0x0fff)); + ND_PRINT(", RES: %u, VID: %u", GET_BE_U_2(tptr) >> 12, + (GET_BE_U_2(tptr)) & 0x0fff); - tptr = tptr+2; - len = len - 8; - stlv_len = stlv_len - 8; + tptr += 2; + len -= 8; + stlv_len -= 8; while (stlv_len >= 4) { - ND_TCHECK_4(tptr); - ND_PRINT((ndo, "\n\t T: %u, R: %u, RES: %u, ISID: %u", - (EXTRACT_BE_U_4(tptr) >> 31), - (EXTRACT_BE_U_4(tptr) >> 30) & 0x01, - (EXTRACT_BE_U_4(tptr) >> 24) & 0x03f, - (EXTRACT_BE_U_4(tptr)) & 0x0ffffff)); - - tptr = tptr + 4; - len = len - 4; - stlv_len = stlv_len - 4; + ND_PRINT("\n\t T: %u, R: %u, RES: %u, ISID: %u", + (GET_BE_U_4(tptr) >> 31), + (GET_BE_U_4(tptr) >> 30) & 0x01, + (GET_BE_U_4(tptr) >> 24) & 0x03f, + (GET_BE_U_4(tptr)) & 0x0ffffff); + + tptr += 4; + len -= 4; + stlv_len -= 4; } break; @@ -1655,17 +1725,24 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, tptr += stlv_len; len -= stlv_len; } - return 0; + return (0); - trunc: - ND_PRINT((ndo, "\n\t\t")); - ND_PRINT((ndo, "%s", tstr)); - return(1); +trunc: + nd_print_trunc(ndo); + return (1); + +subtlv_too_long: + ND_PRINT(" (> containing TLV length)"); + return (1); + +subtlv_too_short: + ND_PRINT(" (too short)"); + return (1); } /* shared routine for printing system, node and lsp-ids */ static char * -isis_print_id(const uint8_t *cp, u_int id_len) +isis_print_id(netdissect_options *ndo, const uint8_t *cp, u_int id_len) { u_int i; static char id[sizeof("xxxx.xxxx.xxxx.yy-zz")]; @@ -1676,19 +1753,19 @@ isis_print_id(const uint8_t *cp, u_int id_len) if (sysid_len > id_len) sysid_len = id_len; for (i = 1; i <= sysid_len; i++) { - snprintf(pos, sizeof(id) - (pos - id), "%02x", EXTRACT_U_1(cp)); + snprintf(pos, sizeof(id) - (pos - id), "%02x", GET_U_1(cp)); cp++; pos += strlen(pos); if (i == 2 || i == 4) *pos++ = '.'; } if (id_len >= NODE_ID_LEN) { - snprintf(pos, sizeof(id) - (pos - id), ".%02x", EXTRACT_U_1(cp)); + snprintf(pos, sizeof(id) - (pos - id), ".%02x", GET_U_1(cp)); cp++; pos += strlen(pos); } if (id_len == LSP_ID_LEN) - snprintf(pos, sizeof(id) - (pos - id), "-%02x", EXTRACT_U_1(cp)); + snprintf(pos, sizeof(id) - (pos - id), "-%02x", GET_U_1(cp)); return (id); } @@ -1697,85 +1774,86 @@ static int isis_print_metric_block(netdissect_options *ndo, const struct isis_metric_block *isis_metric_block) { - ND_PRINT((ndo, ", Default Metric: %u, %s", + ND_PRINT(", Default Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_default), - ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_default) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_default) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_delay)) - ND_PRINT((ndo, "\n\t\t Delay Metric: %u, %s", + ND_PRINT("\n\t\t Delay Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_delay), - ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_delay) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_delay) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_expense)) - ND_PRINT((ndo, "\n\t\t Expense Metric: %u, %s", + ND_PRINT("\n\t\t Expense Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_expense), - ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_expense) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_expense) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_error)) - ND_PRINT((ndo, "\n\t\t Error Metric: %u, %s", + ND_PRINT("\n\t\t Error Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_error), - ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_error) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_error) ? "External" : "Internal"); return(1); /* everything is ok */ } static int isis_print_tlv_ip_reach(netdissect_options *ndo, - const uint8_t *cp, const char *ident, u_int length) + const uint8_t *cp, const char *indent, u_int length) { int prefix_len; const struct isis_tlv_ip_reach *tlv_ip_reach; tlv_ip_reach = (const struct isis_tlv_ip_reach *)cp; - while (length > 0) { + while (length != 0) { if ((size_t)length < sizeof(*tlv_ip_reach)) { - ND_PRINT((ndo, "short IPv4 Reachability (%u vs %lu)", + ND_PRINT("short IPv4 Reachability (%u vs %zu)", length, - (unsigned long)sizeof(*tlv_ip_reach))); + sizeof(*tlv_ip_reach)); return (0); } - if (!ND_TTEST_SIZE(tlv_ip_reach)) - return (0); + ND_TCHECK_SIZE(tlv_ip_reach); - prefix_len = mask2plen(EXTRACT_IPV4_TO_HOST_ORDER(tlv_ip_reach->mask)); + prefix_len = mask2plen(GET_IPV4_TO_HOST_ORDER(tlv_ip_reach->mask)); if (prefix_len == -1) - ND_PRINT((ndo, "%sIPv4 prefix: %s mask %s", - ident, - ipaddr_string(ndo, (tlv_ip_reach->prefix)), - ipaddr_string(ndo, (tlv_ip_reach->mask)))); + ND_PRINT("%sIPv4 prefix: %s mask %s", + indent, + GET_IPADDR_STRING(tlv_ip_reach->prefix), + GET_IPADDR_STRING(tlv_ip_reach->mask)); else - ND_PRINT((ndo, "%sIPv4 prefix: %15s/%u", - ident, - ipaddr_string(ndo, (tlv_ip_reach->prefix)), - prefix_len)); + ND_PRINT("%sIPv4 prefix: %15s/%u", + indent, + GET_IPADDR_STRING(tlv_ip_reach->prefix), + prefix_len); - ND_PRINT((ndo, ", Distribution: %s, Metric: %u, %s", + ND_PRINT(", Distribution: %s, Metric: %u, %s", ISIS_LSP_TLV_METRIC_UPDOWN(tlv_ip_reach->isis_metric_block.metric_default) ? "down" : "up", ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_default), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_default) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_default) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_delay)) - ND_PRINT((ndo, "%s Delay Metric: %u, %s", - ident, + ND_PRINT("%s Delay Metric: %u, %s", + indent, ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_delay), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_delay) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_delay) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_expense)) - ND_PRINT((ndo, "%s Expense Metric: %u, %s", - ident, + ND_PRINT("%s Expense Metric: %u, %s", + indent, ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_expense), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_expense) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_expense) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_error)) - ND_PRINT((ndo, "%s Error Metric: %u, %s", - ident, + ND_PRINT("%s Error Metric: %u, %s", + indent, ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_error), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_error) ? "External" : "Internal")); + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_error) ? "External" : "Internal"); length -= sizeof(struct isis_tlv_ip_reach); tlv_ip_reach++; } return (1); +trunc: + return 0; } /* @@ -1786,12 +1864,12 @@ isis_print_tlv_ip_reach(netdissect_options *ndo, static int isis_print_ip_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int subt, u_int subl, - const char *ident) + const char *indent) { /* first lets see if we know the subTLVs name*/ - ND_PRINT((ndo, "%s%s subTLV #%u, length: %u", - ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), - subt, subl)); + ND_PRINT("%s%s subTLV #%u, length: %u", + indent, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), + subt, subl); ND_TCHECK_LEN(tptr, subl); @@ -1799,22 +1877,51 @@ isis_print_ip_reach_subtlv(netdissect_options *ndo, case ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR: /* fall through */ case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32: while (subl >= 4) { - ND_PRINT((ndo, ", 0x%08x (=%u)", - EXTRACT_BE_U_4(tptr), - EXTRACT_BE_U_4(tptr))); + ND_PRINT(", 0x%08x (=%u)", + GET_BE_U_4(tptr), + GET_BE_U_4(tptr)); tptr+=4; subl-=4; } break; case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64: while (subl >= 8) { - ND_PRINT((ndo, ", 0x%08x%08x", - EXTRACT_BE_U_4(tptr), - EXTRACT_BE_U_4(tptr + 4))); + ND_PRINT(", 0x%08x%08x", + GET_BE_U_4(tptr), + GET_BE_U_4(tptr + 4)); tptr+=8; subl-=8; } break; + case ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID: + { + uint8_t algo, flags; + uint32_t sid; + + flags = GET_U_1(tptr); + algo = GET_U_1(tptr+1); + + if (flags & ISIS_PREFIX_SID_FLAG_V) { + if (subl < 5) + goto trunc; + sid = GET_BE_U_3(tptr+2); + tptr+=5; + subl-=5; + } else { + if (subl < 6) + goto trunc; + sid = GET_BE_U_4(tptr+2); + tptr+=6; + subl-=6; + } + + ND_PRINT(", Flags [%s], Algo %s (%u), %s %u", + bittok2str(prefix_sid_flag_values, "None", flags), + tok2str(prefix_sid_algo_values, "Unknown", algo), algo, + flags & ISIS_PREFIX_SID_FLAG_V ? "label" : "index", + sid); + } + break; default: if (!print_unknown_data(ndo, tptr, "\n\t\t ", subl)) return(0); @@ -1823,8 +1930,7 @@ isis_print_ip_reach_subtlv(netdissect_options *ndo, return(1); trunc: - ND_PRINT((ndo, "%s", ident)); - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); return(0); } @@ -1835,82 +1941,76 @@ trunc: static int isis_print_ext_is_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, u_int tlv_type, + const uint8_t *tptr, const char *indent, u_int tlv_type, u_int tlv_remaining) { - char ident_buffer[20]; + char indent_buffer[20]; u_int subtlv_type,subtlv_len,subtlv_sum_len; int proc_bytes = 0; /* how many bytes did we process ? */ u_int te_class,priority_level,gmpls_switch_cap; - union { /* int to float conversion buffer for several subTLVs */ - float f; - uint32_t i; - } bw; - if (!ND_TTEST_LEN(tptr, NODE_ID_LEN)) - return(0); + ND_TCHECK_LEN(tptr, NODE_ID_LEN); if (tlv_remaining < NODE_ID_LEN) return(0); - ND_PRINT((ndo, "%sIS Neighbor: %s", ident, isis_print_id(tptr, NODE_ID_LEN))); + ND_PRINT("%sIS Neighbor: %s", indent, isis_print_id(ndo, tptr, NODE_ID_LEN)); tptr+=NODE_ID_LEN; tlv_remaining-=NODE_ID_LEN; + proc_bytes+=NODE_ID_LEN; if (tlv_type != ISIS_TLV_IS_ALIAS_ID) { /* the Alias TLV Metric field is implicit 0 */ - if (!ND_TTEST_3(tptr)) /* and is therefore skipped */ - return(0); + ND_TCHECK_3(tptr); if (tlv_remaining < 3) return(0); - ND_PRINT((ndo, ", Metric: %u", EXTRACT_BE_U_3(tptr))); + ND_PRINT(", Metric: %u", GET_BE_U_3(tptr)); tptr+=3; tlv_remaining-=3; + proc_bytes+=3; } - if (!ND_TTEST_1(tptr)) - return(0); + ND_TCHECK_1(tptr); if (tlv_remaining < 1) return(0); - subtlv_sum_len=EXTRACT_U_1(tptr); /* read out subTLV length */ + subtlv_sum_len=GET_U_1(tptr); /* read out subTLV length */ tptr++; tlv_remaining--; - proc_bytes=NODE_ID_LEN+3+1; - ND_PRINT((ndo, ", %ssub-TLVs present",subtlv_sum_len ? "" : "no ")); + proc_bytes++; + ND_PRINT(", %ssub-TLVs present",subtlv_sum_len ? "" : "no "); if (subtlv_sum_len) { - ND_PRINT((ndo, " (%u)", subtlv_sum_len)); + ND_PRINT(" (%u)", subtlv_sum_len); /* prepend the indent string */ - snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); - ident = ident_buffer; + snprintf(indent_buffer, sizeof(indent_buffer), "%s ", indent); + indent = indent_buffer; while (subtlv_sum_len != 0) { - if (!ND_TTEST_2(tptr)) - return(0); + ND_TCHECK_2(tptr); if (tlv_remaining < 2) { - ND_PRINT((ndo, "%sRemaining data in TLV shorter than a subTLV header",ident)); + ND_PRINT("%sRemaining data in TLV shorter than a subTLV header", indent); proc_bytes += tlv_remaining; break; } if (subtlv_sum_len < 2) { - ND_PRINT((ndo, "%sRemaining data in subTLVs shorter than a subTLV header",ident)); + ND_PRINT("%sRemaining data in subTLVs shorter than a subTLV header", indent); proc_bytes += subtlv_sum_len; break; } - subtlv_type=EXTRACT_U_1(tptr); - subtlv_len=EXTRACT_U_1(tptr + 1); + subtlv_type=GET_U_1(tptr); + subtlv_len=GET_U_1(tptr + 1); tptr += 2; tlv_remaining -= 2; subtlv_sum_len -= 2; proc_bytes += 2; - ND_PRINT((ndo, "%s%s subTLV #%u, length: %u", - ident, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subtlv_type), - subtlv_type, subtlv_len)); + ND_PRINT("%s%s subTLV #%u, length: %u", + indent, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subtlv_type), + subtlv_type, subtlv_len); if (subtlv_sum_len < subtlv_len) { - ND_PRINT((ndo, " (remaining data in subTLVs shorter than the current subTLV)")); + ND_PRINT(" (remaining data in subTLVs shorter than the current subTLV)"); proc_bytes += subtlv_sum_len; break; } if (tlv_remaining < subtlv_len) { - ND_PRINT((ndo, " (> remaining tlv length)")); + ND_PRINT(" (> remaining tlv length)"); proc_bytes += tlv_remaining; break; } @@ -1922,31 +2022,28 @@ isis_print_ext_is_reach(netdissect_options *ndo, case ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID: case ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: if (subtlv_len >= 4) { - ND_PRINT((ndo, ", 0x%08x", EXTRACT_BE_U_4(tptr))); + ND_PRINT(", 0x%08x", GET_BE_U_4(tptr)); if (subtlv_len == 8) /* rfc4205 */ - ND_PRINT((ndo, ", 0x%08x", EXTRACT_BE_U_4(tptr + 4))); + ND_PRINT(", 0x%08x", GET_BE_U_4(tptr + 4)); } break; case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: - if (subtlv_len >= sizeof(struct in_addr)) - ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr))); + if (subtlv_len >= sizeof(nd_ipv4)) + ND_PRINT(", %s", GET_IPADDR_STRING(tptr)); break; case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW : case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW: - if (subtlv_len >= 4) { - bw.i = EXTRACT_BE_U_4(tptr); - ND_PRINT((ndo, ", %.3f Mbps", bw.f * 8 / 1000000)); - } + if (subtlv_len >= 4) + ND_PRINT(", %.3f Mbps", GET_BE_F_4(tptr) * 8 / 1000000); break; case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW : if (subtlv_len >= 32) { for (te_class = 0; te_class < 8; te_class++) { - bw.i = EXTRACT_BE_U_4(tptr); - ND_PRINT((ndo, "%s TE-Class %u: %.3f Mbps", - ident, + ND_PRINT("%s TE-Class %u: %.3f Mbps", + indent, te_class, - bw.f * 8 / 1000000)); + GET_BE_F_4(tptr) * 8 / 1000000); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; @@ -1958,10 +2055,10 @@ isis_print_ext_is_reach(netdissect_options *ndo, case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD: if (subtlv_len == 0) break; - ND_PRINT((ndo, "%sBandwidth Constraints Model ID: %s (%u)", - ident, - tok2str(diffserv_te_bc_values, "unknown", EXTRACT_U_1(tptr)), - EXTRACT_U_1(tptr))); + ND_PRINT("%sBandwidth Constraints Model ID: %s (%u)", + indent, + tok2str(diffserv_te_bc_values, "unknown", GET_U_1(tptr)), + GET_U_1(tptr)); tptr++; subtlv_len--; subtlv_sum_len--; @@ -1970,11 +2067,10 @@ isis_print_ext_is_reach(netdissect_options *ndo, for (te_class = 0; subtlv_len != 0; te_class++) { if (subtlv_len < 4) break; - bw.i = EXTRACT_BE_U_4(tptr); - ND_PRINT((ndo, "%s Bandwidth constraint CT%u: %.3f Mbps", - ident, + ND_PRINT("%s Bandwidth constraint CT%u: %.3f Mbps", + indent, te_class, - bw.f * 8 / 1000000)); + GET_BE_F_4(tptr) * 8 / 1000000); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; @@ -1983,58 +2079,57 @@ isis_print_ext_is_reach(netdissect_options *ndo, break; case ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC: if (subtlv_len >= 3) - ND_PRINT((ndo, ", %u", EXTRACT_BE_U_3(tptr))); + ND_PRINT(", %u", GET_BE_U_3(tptr)); break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE: if (subtlv_len == 2) { - ND_PRINT((ndo, ", [ %s ] (0x%04x)", + ND_PRINT(", [ %s ] (0x%04x)", bittok2str(isis_subtlv_link_attribute_values, "Unknown", - EXTRACT_BE_U_2(tptr)), - EXTRACT_BE_U_2(tptr))); + GET_BE_U_2(tptr)), + GET_BE_U_2(tptr)); } break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: if (subtlv_len >= 2) { - ND_PRINT((ndo, ", %s, Priority %u", - bittok2str(gmpls_link_prot_values, "none", EXTRACT_U_1(tptr)), - EXTRACT_U_1(tptr + 1))); + ND_PRINT(", %s, Priority %u", + bittok2str(gmpls_link_prot_values, "none", GET_U_1(tptr)), + GET_U_1(tptr + 1)); } break; case ISIS_SUBTLV_SPB_METRIC: if (subtlv_len >= 6) { - ND_PRINT((ndo, ", LM: %u", EXTRACT_BE_U_3(tptr))); + ND_PRINT(", LM: %u", GET_BE_U_3(tptr)); tptr += 3; subtlv_len -= 3; subtlv_sum_len -= 3; proc_bytes += 3; - ND_PRINT((ndo, ", P: %u", EXTRACT_U_1(tptr))); + ND_PRINT(", P: %u", GET_U_1(tptr)); tptr++; subtlv_len--; subtlv_sum_len--; proc_bytes++; - ND_PRINT((ndo, ", P-ID: %u", EXTRACT_BE_U_2(tptr))); + ND_PRINT(", P-ID: %u", GET_BE_U_2(tptr)); } break; case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: if (subtlv_len >= 36) { - gmpls_switch_cap = EXTRACT_U_1(tptr); - ND_PRINT((ndo, "%s Interface Switching Capability:%s", - ident, - tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap))); - ND_PRINT((ndo, ", LSP Encoding: %s", - tok2str(gmpls_encoding_values, "Unknown", EXTRACT_U_1((tptr + 1))))); + gmpls_switch_cap = GET_U_1(tptr); + ND_PRINT("%s Interface Switching Capability:%s", + indent, + tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap)); + ND_PRINT(", LSP Encoding: %s", + tok2str(gmpls_encoding_values, "Unknown", GET_U_1((tptr + 1)))); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; proc_bytes += 4; - ND_PRINT((ndo, "%s Max LSP Bandwidth:", ident)); + ND_PRINT("%s Max LSP Bandwidth:", indent); for (priority_level = 0; priority_level < 8; priority_level++) { - bw.i = EXTRACT_BE_U_4(tptr); - ND_PRINT((ndo, "%s priority level %u: %.3f Mbps", - ident, + ND_PRINT("%s priority level %u: %.3f Mbps", + indent, priority_level, - bw.f * 8 / 1000000)); + GET_BE_F_4(tptr) * 8 / 1000000); tptr += 4; subtlv_len -= 4; subtlv_sum_len -= 4; @@ -2047,17 +2142,19 @@ isis_print_ext_is_reach(netdissect_options *ndo, case GMPLS_PSC4: if (subtlv_len < 6) break; - bw.i = EXTRACT_BE_U_4(tptr); - ND_PRINT((ndo, "%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000)); - ND_PRINT((ndo, "%s Interface MTU: %u", ident, EXTRACT_BE_U_2(tptr + 4))); + ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", + indent, + GET_BE_F_4(tptr) * 8 / 1000000); + ND_PRINT("%s Interface MTU: %u", indent, + GET_BE_U_2(tptr + 4)); break; case GMPLS_TSC: if (subtlv_len < 8) break; - bw.i = EXTRACT_BE_U_4(tptr); - ND_PRINT((ndo, "%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000)); - ND_PRINT((ndo, "%s Indication %s", ident, - tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", EXTRACT_U_1((tptr + 4))))); + ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", indent, + GET_BE_F_4(tptr) * 8 / 1000000); + ND_PRINT("%s Indication %s", indent, + tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", GET_U_1((tptr + 4)))); break; default: /* there is some optional stuff left to decode but this is as of yet @@ -2069,6 +2166,41 @@ isis_print_ext_is_reach(netdissect_options *ndo, } } break; + case ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID: + if (subtlv_len >= 8) { + ND_PRINT("%s Flags: [%s]", indent, + bittok2str(isis_lan_adj_sid_flag_values, + "none", + GET_U_1(tptr))); + int vflag = (GET_U_1(tptr) & 0x20) ? 1:0; + int lflag = (GET_U_1(tptr) & 0x10) ? 1:0; + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + ND_PRINT("%s Weight: %u", indent, GET_U_1(tptr)); + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + if(subtlv_len>=SYSTEM_ID_LEN) { + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT("%s Neighbor System-ID: %s", indent, + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + } + /* RFC 8667 section 2.2.2 */ + /* if V-flag is set to 1 and L-flag is set to 1 ==> 3 octet label */ + /* if V-flag is set to 0 and L-flag is set to 0 ==> 4 octet index */ + if (vflag && lflag) { + ND_PRINT("%s Label: %u", + indent, GET_BE_U_3(tptr+SYSTEM_ID_LEN)); + } else if ((!vflag) && (!lflag)) { + ND_PRINT("%s Index: %u", + indent, GET_BE_U_4(tptr+SYSTEM_ID_LEN)); + } else + nd_print_invalid(ndo); + } + break; default: if (!print_unknown_data(ndo, tptr, "\n\t\t ", subtlv_len)) return(0); @@ -2092,24 +2224,26 @@ trunc: * it is called from various MT-TLVs (222,229,235,237) */ -static int +static uint8_t isis_print_mtid(netdissect_options *ndo, - const uint8_t *tptr, const char *ident) + const uint8_t *tptr, const char *indent, u_int tlv_remaining) { - if (!ND_TTEST_2(tptr)) - return(0); + if (tlv_remaining < 2) + goto trunc; - ND_PRINT((ndo, "%s%s", - ident, + ND_PRINT("%s%s", + indent, tok2str(isis_mt_values, "Reserved for IETF Consensus", - ISIS_MASK_MTID(EXTRACT_BE_U_2(tptr))))); + ISIS_MASK_MTID(GET_BE_U_2(tptr)))); - ND_PRINT((ndo, " Topology (0x%03x), Flags: [%s]", - ISIS_MASK_MTID(EXTRACT_BE_U_2(tptr)), - bittok2str(isis_mt_flag_values, "none",ISIS_MASK_MTFLAGS(EXTRACT_BE_U_2(tptr))))); + ND_PRINT(" Topology (0x%03x), Flags: [%s]", + ISIS_MASK_MTID(GET_BE_U_2(tptr)), + bittok2str(isis_mt_flag_values, "none",ISIS_MASK_MTFLAGS(GET_BE_U_2(tptr)))); return(2); +trunc: + return 0; } /* @@ -2119,42 +2253,36 @@ isis_print_mtid(netdissect_options *ndo, * the amount of processed bytes */ -static int +static u_int isis_print_extd_ip_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, uint16_t afi) + const uint8_t *tptr, const char *indent, uint16_t afi) { - char ident_buffer[20]; - uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ + char indent_buffer[20]; + uint8_t prefix[sizeof(nd_ipv6)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; - if (!ND_TTEST_4(tptr)) - return (0); - metric = EXTRACT_BE_U_4(tptr); + metric = GET_BE_U_4(tptr); processed=4; tptr+=4; - if (afi == AF_INET) { - if (!ND_TTEST_1(tptr)) /* fetch status byte */ - return (0); - status_byte=EXTRACT_U_1(tptr); + if (afi == AFNUM_IP) { + status_byte=GET_U_1(tptr); tptr++; bit_length = status_byte&0x3f; if (bit_length > 32) { - ND_PRINT((ndo, "%sIPv4 prefix: bad bit length %u", - ident, - bit_length)); + ND_PRINT("%sIPv4 prefix: bad bit length %u", + indent, + bit_length); return (0); } processed++; - } else if (afi == AF_INET6) { - if (!ND_TTEST_2(tptr)) /* fetch status & prefix_len byte */ - return (0); - status_byte=EXTRACT_U_1(tptr); - bit_length=EXTRACT_U_1(tptr + 1); + } else if (afi == AFNUM_IP6) { + status_byte=GET_U_1(tptr); + bit_length=GET_U_1(tptr + 1); if (bit_length > 128) { - ND_PRINT((ndo, "%sIPv6 prefix: bad bit length %u", - ident, - bit_length)); + ND_PRINT("%sIPv6 prefix: bad bit length %u", + indent, + bit_length); return (0); } tptr+=2; @@ -2164,58 +2292,52 @@ isis_print_extd_ip_reach(netdissect_options *ndo, byte_length = (bit_length + 7) / 8; /* prefix has variable length encoding */ - if (!ND_TTEST_LEN(tptr, byte_length)) - return (0); - memset(prefix, 0, sizeof prefix); /* clear the copy buffer */ - memcpy(prefix,tptr,byte_length); /* copy as much as is stored in the TLV */ + memset(prefix, 0, sizeof(prefix)); /* clear the copy buffer */ + GET_CPY_BYTES(prefix,tptr,byte_length); /* copy as much as is stored in the TLV */ tptr+=byte_length; processed+=byte_length; - if (afi == AF_INET) - ND_PRINT((ndo, "%sIPv4 prefix: %15s/%u", - ident, - ipaddr_string(ndo, prefix), - bit_length)); - else if (afi == AF_INET6) - ND_PRINT((ndo, "%sIPv6 prefix: %s/%u", - ident, - ip6addr_string(ndo, prefix), - bit_length)); - - ND_PRINT((ndo, ", Distribution: %s, Metric: %u", + if (afi == AFNUM_IP) + ND_PRINT("%sIPv4 prefix: %15s/%u", + indent, + ipaddr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IPADDR_STRING() */ + bit_length); + else if (afi == AFNUM_IP6) + ND_PRINT("%sIPv6 prefix: %s/%u", + indent, + ip6addr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IP6ADDR_STRING() */ + bit_length); + + ND_PRINT(", Distribution: %s, Metric: %u", ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", - metric)); + metric); - if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) - ND_PRINT((ndo, ", sub-TLVs present")); - else if (afi == AF_INET6) - ND_PRINT((ndo, ", %s%s", + if (afi == AFNUM_IP && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + ND_PRINT(", sub-TLVs present"); + else if (afi == AFNUM_IP6) + ND_PRINT(", %s%s", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", - ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : "")); + ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""); - if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) - || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) + if ((afi == AFNUM_IP && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + || (afi == AFNUM_IP6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect the aggregate bytecount of the subTLVs for this prefix */ - if (!ND_TTEST_1(tptr)) - return (0); - sublen=EXTRACT_U_1(tptr); + sublen=GET_U_1(tptr); tptr++; processed+=sublen+1; - ND_PRINT((ndo, " (%u)", sublen)); /* print out subTLV length */ + ND_PRINT(" (%u)", sublen); /* print out subTLV length */ - while (sublen>0) { - if (!ND_TTEST_2(tptr)) - return (0); - subtlvtype=EXTRACT_U_1(tptr); - subtlvlen=EXTRACT_U_1(tptr + 1); + while (sublen != 0) { + subtlvtype=GET_U_1(tptr); + subtlvlen=GET_U_1(tptr + 1); tptr+=2; /* prepend the indent string */ - snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); - if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer)) + snprintf(indent_buffer, sizeof(indent_buffer), "%s ", indent); + if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, indent_buffer)) return(0); tptr+=subtlvlen; sublen-=(subtlvlen+2); @@ -2224,6 +2346,89 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (processed); } +static void +isis_print_router_cap_subtlv(netdissect_options *ndo, const uint8_t *tptr, uint8_t tlen) +{ + uint8_t subt, subl; + + while (tlen >= 2) { + subt = GET_U_1(tptr); + subl = GET_U_1(tptr+1); + tlen -= 2; + tptr += 2; + + /* first lets see if we know the subTLVs name*/ + ND_PRINT("\n\t\t%s subTLV #%u, length: %u", + tok2str(isis_router_capability_subtlv_values, "unknown", subt), + subt, subl); + + /* + * Boundary check. + */ + if (subl > tlen) { + break; + } + ND_TCHECK_LEN(tptr, subl); + + switch (subt) { + case ISIS_SUBTLV_ROUTER_CAP_SR: + { + uint8_t flags, sid_tlen, sid_type, sid_len; + uint32_t range; + const uint8_t *sid_ptr; + + flags = GET_U_1(tptr); + range = GET_BE_U_3(tptr+1); + ND_PRINT(", Flags [%s], Range %u", + bittok2str(isis_router_capability_sr_flags, "None", flags), + range); + sid_ptr = tptr + 4; + sid_tlen = subl - 4; + + while (sid_tlen >= 5) { + sid_type = GET_U_1(sid_ptr); + sid_len = GET_U_1(sid_ptr+1); + sid_tlen -= 2; + sid_ptr += 2; + + /* + * Boundary check. + */ + if (sid_len > sid_tlen) { + break; + } + + switch (sid_type) { + case 1: + if (sid_len == 3) { + ND_PRINT(", SID value %u", GET_BE_U_3(sid_ptr)); + } else if (sid_len == 4) { + ND_PRINT(", SID value %u", GET_BE_U_4(sid_ptr)); + } else { + ND_PRINT(", Unknown SID length%u", sid_len); + } + break; + default: + print_unknown_data(ndo, sid_ptr, "\n\t\t ", sid_len); + } + + sid_ptr += sid_len; + sid_tlen -= sid_len; + } + } + break; + default: + print_unknown_data(ndo, tptr, "\n\t\t", subl); + break; + } + + tlen -= subl; + tptr += subl; + } + trunc: + return; +} + /* * Clear checksum and lifetime prior to signature verification. */ @@ -2243,6 +2448,14 @@ isis_clear_checksum_lifetime(void *header) * Decode IS-IS packets. Return 0 on error. */ +#define INVALID_OR_DECREMENT(length,decr) \ + if ((length) < (decr)) { \ + ND_PRINT(" [packet length %u < %zu]", (length), (decr)); \ + nd_print_invalid(ndo); \ + return 1; \ + } \ + length -= (decr); + static int isis_print(netdissect_options *ndo, const uint8_t *p, u_int length) @@ -2261,14 +2474,19 @@ isis_print(netdissect_options *ndo, const struct isis_tlv_es_reach *tlv_es_reach; uint8_t version, pdu_version, fixed_len; - uint8_t pdu_type, pdu_max_area, max_area, pdu_id_length, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len; - uint8_t ext_is_len, ext_ip_len, mt_len; + uint8_t pdu_type, pdu_max_area, max_area, pdu_id_length, id_length, tlv_type, tlv_len, tlen, alen, prefix_len; + u_int ext_is_len, ext_ip_len; + uint8_t mt_len; uint8_t isis_subtlv_idrp; const uint8_t *optr, *pptr, *tptr; - u_short packet_len,pdu_len, key_id; - u_int i,vendor_id; + u_int packet_len; + u_short pdu_len, key_id; + u_int i,vendor_id, num_vals; + uint8_t auth_type; + uint8_t num_system_ids; int sigcheck; + ndo->ndo_protocol = "isis"; packet_len=length; optr = p; /* initialize the _o_riginal pointer to the packet start - need it for parsing the checksum TLV and authentication @@ -2285,49 +2503,49 @@ isis_print(netdissect_options *ndo, header_psnp = (const struct isis_psnp_header *)pptr; if (!ndo->ndo_eflag) - ND_PRINT((ndo, "IS-IS")); + ND_PRINT("IS-IS"); /* * Sanity checking of the header. */ - version = EXTRACT_U_1(isis_header->version); + version = GET_U_1(isis_header->version); if (version != ISIS_VERSION) { - ND_PRINT((ndo, "version %u packet not supported", version)); + ND_PRINT("version %u packet not supported", version); return (0); } - pdu_id_length = EXTRACT_U_1(isis_header->id_length); + pdu_id_length = GET_U_1(isis_header->id_length); if ((pdu_id_length != SYSTEM_ID_LEN) && (pdu_id_length != 0)) { - ND_PRINT((ndo, "system ID length of %u is not supported", - pdu_id_length)); + ND_PRINT("system ID length of %u is not supported", + pdu_id_length); return (0); } - pdu_version = EXTRACT_U_1(isis_header->pdu_version); + pdu_version = GET_U_1(isis_header->pdu_version); if (pdu_version != ISIS_VERSION) { - ND_PRINT((ndo, "version %u packet not supported", pdu_version)); + ND_PRINT("version %u packet not supported", pdu_version); return (0); } - fixed_len = EXTRACT_U_1(isis_header->fixed_len); + fixed_len = GET_U_1(isis_header->fixed_len); if (length < fixed_len) { - ND_PRINT((ndo, "fixed header length %u > packet length %u", fixed_len, length)); + ND_PRINT("fixed header length %u > packet length %u", fixed_len, length); return (0); } if (fixed_len < ISIS_COMMON_HEADER_SIZE) { - ND_PRINT((ndo, "fixed header length %u < minimum header size %u", fixed_len, (u_int)ISIS_COMMON_HEADER_SIZE)); + ND_PRINT("fixed header length %u < minimum header size %u", fixed_len, (u_int)ISIS_COMMON_HEADER_SIZE); return (0); } - pdu_max_area = EXTRACT_U_1(isis_header->max_area); + pdu_max_area = GET_U_1(isis_header->max_area); switch(pdu_max_area) { case 0: max_area = 3; /* silly shit */ break; case 255: - ND_PRINT((ndo, "bad packet -- 255 areas")); + ND_PRINT("bad packet -- 255 areas"); return (0); default: max_area = pdu_max_area; @@ -2338,7 +2556,7 @@ isis_print(netdissect_options *ndo, case 0: id_length = 6; /* silly shit again */ break; - case 1: /* 1-8 are valid sys-ID lenghts */ + case 1: /* 1-8 are valid sys-ID lengths */ case 2: case 3: case 4: @@ -2358,22 +2576,22 @@ isis_print(netdissect_options *ndo, /* toss any non 6-byte sys-ID len PDUs */ if (id_length != 6 ) { - ND_PRINT((ndo, "bad packet -- illegal sys-ID length (%u)", id_length)); + ND_PRINT("bad packet -- illegal sys-ID length (%u)", id_length); return (0); } - pdu_type = EXTRACT_U_1(isis_header->pdu_type); + pdu_type = GET_U_1(isis_header->pdu_type); /* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/ if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, "%s%s", + ND_PRINT("%s%s", ndo->ndo_eflag ? "" : ", ", - tok2str(isis_pdu_values, "unknown PDU-Type %u", pdu_type))); + tok2str(isis_pdu_values, "unknown PDU-Type %u", pdu_type)); } else { /* ok they seem to want to know everything - lets fully decode it */ - ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length)); + ND_PRINT("%slength %u", ndo->ndo_eflag ? "" : ", ", length); - ND_PRINT((ndo, "\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", + ND_PRINT("\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", tok2str(isis_pdu_values, "unknown, type %u", pdu_type), @@ -2383,7 +2601,7 @@ isis_print(netdissect_options *ndo, id_length, pdu_id_length, max_area, - pdu_max_area)); + pdu_max_area); if (ndo->ndo_vflag > 1) { if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */ @@ -2396,222 +2614,221 @@ isis_print(netdissect_options *ndo, case ISIS_PDU_L1_LAN_IIH: case ISIS_PDU_L2_LAN_IIH: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE))); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_iih_lan); if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE) goto trunc; if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, ", src-id %s", - isis_print_id(header_iih_lan->source_id, SYSTEM_ID_LEN))); - ND_PRINT((ndo, ", lan-id %s, prio %u", - isis_print_id(header_iih_lan->lan_id,NODE_ID_LEN), - EXTRACT_U_1(header_iih_lan->priority))); - ND_PRINT((ndo, ", length %u", length)); + ND_PRINT(", src-id %s", + isis_print_id(ndo, header_iih_lan->source_id, SYSTEM_ID_LEN)); + ND_PRINT(", lan-id %s, prio %u", + isis_print_id(ndo, header_iih_lan->lan_id,NODE_ID_LEN), + GET_U_1(header_iih_lan->priority)); + ND_PRINT(", length %u", length); return (1); } - pdu_len=EXTRACT_BE_U_2(header_iih_lan->pdu_len); + pdu_len=GET_BE_U_2(header_iih_lan->pdu_len); if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; } - ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]", - isis_print_id(header_iih_lan->source_id,SYSTEM_ID_LEN), - EXTRACT_BE_U_2(header_iih_lan->holding_time), + ND_PRINT("\n\t source-id: %s, holding time: %us, Flags: [%s]", + isis_print_id(ndo, header_iih_lan->source_id,SYSTEM_ID_LEN), + GET_BE_U_2(header_iih_lan->holding_time), tok2str(isis_iih_circuit_type_values, "unknown circuit type 0x%02x", - EXTRACT_U_1(header_iih_lan->circuit_type)))); + GET_U_1(header_iih_lan->circuit_type))); - ND_PRINT((ndo, "\n\t lan-id: %s, Priority: %u, PDU length: %u", - isis_print_id(header_iih_lan->lan_id, NODE_ID_LEN), - EXTRACT_U_1(header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK, - pdu_len)); + ND_PRINT("\n\t lan-id: %s, Priority: %u, PDU length: %u", + isis_print_id(ndo, header_iih_lan->lan_id, NODE_ID_LEN), + GET_U_1(header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK, + pdu_len); if (ndo->ndo_vflag > 1) { if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_LAN_HEADER_SIZE)) return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); break; case ISIS_PDU_PTP_IIH: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE))); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_iih_ptp); if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE) goto trunc; if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, ", src-id %s", isis_print_id(header_iih_ptp->source_id, SYSTEM_ID_LEN))); - ND_PRINT((ndo, ", length %u", length)); + ND_PRINT(", src-id %s", isis_print_id(ndo, header_iih_ptp->source_id, SYSTEM_ID_LEN)); + ND_PRINT(", length %u", length); return (1); } - pdu_len=EXTRACT_BE_U_2(header_iih_ptp->pdu_len); + pdu_len=GET_BE_U_2(header_iih_ptp->pdu_len); if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; } - ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]", - isis_print_id(header_iih_ptp->source_id,SYSTEM_ID_LEN), - EXTRACT_BE_U_2(header_iih_ptp->holding_time), + ND_PRINT("\n\t source-id: %s, holding time: %us, Flags: [%s]", + isis_print_id(ndo, header_iih_ptp->source_id,SYSTEM_ID_LEN), + GET_BE_U_2(header_iih_ptp->holding_time), tok2str(isis_iih_circuit_type_values, "unknown circuit type 0x%02x", - EXTRACT_U_1(header_iih_ptp->circuit_type)))); + GET_U_1(header_iih_ptp->circuit_type))); - ND_PRINT((ndo, "\n\t circuit-id: 0x%02x, PDU length: %u", - EXTRACT_U_1(header_iih_ptp->circuit_id), - pdu_len)); + ND_PRINT("\n\t circuit-id: 0x%02x, PDU length: %u", + GET_U_1(header_iih_ptp->circuit_id), + pdu_len); if (ndo->ndo_vflag > 1) { if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE)) return (0); } - - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); break; case ISIS_PDU_L1_LSP: case ISIS_PDU_L2_LSP: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE)); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_LSP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_lsp); if (length < ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE) goto trunc; if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, ", lsp-id %s, seq 0x%08x, lifetime %5us", - isis_print_id(header_lsp->lsp_id, LSP_ID_LEN), - EXTRACT_BE_U_4(header_lsp->sequence_number), - EXTRACT_BE_U_2(header_lsp->remaining_lifetime))); - ND_PRINT((ndo, ", length %u", length)); + ND_PRINT(", lsp-id %s, seq 0x%08x, lifetime %5us", + isis_print_id(ndo, header_lsp->lsp_id, LSP_ID_LEN), + GET_BE_U_4(header_lsp->sequence_number), + GET_BE_U_2(header_lsp->remaining_lifetime)); + ND_PRINT(", length %u", length); return (1); } - pdu_len=EXTRACT_BE_U_2(header_lsp->pdu_len); + pdu_len=GET_BE_U_2(header_lsp->pdu_len); if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; } - ND_PRINT((ndo, "\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x", - isis_print_id(header_lsp->lsp_id, LSP_ID_LEN), - EXTRACT_BE_U_4(header_lsp->sequence_number), - EXTRACT_BE_U_2(header_lsp->remaining_lifetime), - EXTRACT_BE_U_2(header_lsp->checksum))); + ND_PRINT("\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x", + isis_print_id(ndo, header_lsp->lsp_id, LSP_ID_LEN), + GET_BE_U_4(header_lsp->sequence_number), + GET_BE_U_2(header_lsp->remaining_lifetime), + GET_BE_U_2(header_lsp->checksum)); osi_print_cksum(ndo, (const uint8_t *)header_lsp->lsp_id, - EXTRACT_BE_U_2(header_lsp->checksum), + GET_BE_U_2(header_lsp->checksum), 12, length-12); - ND_PRINT((ndo, ", PDU length: %u, Flags: [ %s", + ND_PRINT(", PDU length: %u, Flags: [ %s", pdu_len, - ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : "")); + ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : ""); if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) { - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : "")); - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : "")); - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : "")); - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : "")); - ND_PRINT((ndo, "ATT bit set, ")); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""); + ND_PRINT("ATT bit set, "); } - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : "")); - ND_PRINT((ndo, "%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)", - ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock)))); + ND_PRINT("%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""); + ND_PRINT("%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)", + ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))); if (ndo->ndo_vflag > 1) { if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_LSP_HEADER_SIZE)) return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); break; case ISIS_PDU_L1_CSNP: case ISIS_PDU_L2_CSNP: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE))); + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_csnp); if (length < ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE) goto trunc; if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, ", src-id %s", isis_print_id(header_csnp->source_id, NODE_ID_LEN))); - ND_PRINT((ndo, ", length %u", length)); + ND_PRINT(", src-id %s", isis_print_id(ndo, header_csnp->source_id, NODE_ID_LEN)); + ND_PRINT(", length %u", length); return (1); } - pdu_len=EXTRACT_BE_U_2(header_csnp->pdu_len); + pdu_len=GET_BE_U_2(header_csnp->pdu_len); if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; } - ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u", - isis_print_id(header_csnp->source_id, NODE_ID_LEN), - pdu_len)); - ND_PRINT((ndo, "\n\t start lsp-id: %s", - isis_print_id(header_csnp->start_lsp_id, LSP_ID_LEN))); - ND_PRINT((ndo, "\n\t end lsp-id: %s", - isis_print_id(header_csnp->end_lsp_id, LSP_ID_LEN))); + ND_PRINT("\n\t source-id: %s, PDU length: %u", + isis_print_id(ndo, header_csnp->source_id, NODE_ID_LEN), + pdu_len); + ND_PRINT("\n\t start lsp-id: %s", + isis_print_id(ndo, header_csnp->start_lsp_id, LSP_ID_LEN)); + ND_PRINT("\n\t end lsp-id: %s", + isis_print_id(ndo, header_csnp->end_lsp_id, LSP_ID_LEN)); if (ndo->ndo_vflag > 1) { if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_CSNP_HEADER_SIZE)) return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); break; case ISIS_PDU_L1_PSNP: case ISIS_PDU_L2_PSNP: if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { - ND_PRINT((ndo, "- bogus fixed header length %u should be %lu", - fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE))); + ND_PRINT("- bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); return (0); } ND_TCHECK_SIZE(header_psnp); if (length < ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE) goto trunc; if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, ", src-id %s", isis_print_id(header_psnp->source_id, NODE_ID_LEN))); - ND_PRINT((ndo, ", length %u", length)); + ND_PRINT(", src-id %s", isis_print_id(ndo, header_psnp->source_id, NODE_ID_LEN)); + ND_PRINT(", length %u", length); return (1); } - pdu_len=EXTRACT_BE_U_2(header_psnp->pdu_len); + pdu_len=GET_BE_U_2(header_psnp->pdu_len); if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; } - ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u", - isis_print_id(header_psnp->source_id, NODE_ID_LEN), - pdu_len)); + ND_PRINT("\n\t source-id: %s, PDU length: %u", + isis_print_id(ndo, header_psnp->source_id, NODE_ID_LEN), + pdu_len); if (ndo->ndo_vflag > 1) { if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_PSNP_HEADER_SIZE)) return (0); } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); break; default: if (ndo->ndo_vflag == 0) { - ND_PRINT((ndo, ", length %u", length)); + ND_PRINT(", length %u", length); return (1); } (void)print_unknown_data(ndo, pptr, "\n\t ", length); @@ -2622,27 +2839,24 @@ isis_print(netdissect_options *ndo, * Now print the TLV's. */ - while (packet_len > 0) { + while (packet_len != 0) { ND_TCHECK_2(pptr); if (packet_len < 2) goto trunc; - tlv_type = EXTRACT_U_1(pptr); - tlv_len = EXTRACT_U_1(pptr + 1); + tlv_type = GET_U_1(pptr); + tlv_len = GET_U_1(pptr + 1); pptr += 2; packet_len -= 2; - tmp =tlv_len; /* copy temporary len & pointer to packet data */ + tlen = tlv_len; /* copy temporary len & pointer to packet data */ tptr = pptr; /* first lets see if we know the TLVs name*/ - ND_PRINT((ndo, "\n\t %s TLV #%u, length: %u", + ND_PRINT("\n\t %s TLV #%u, length: %u", tok2str(isis_tlv_values, "unknown", tlv_type), tlv_type, - tlv_len)); - - if (tlv_len == 0) /* something is invalid */ - continue; + tlv_len); if (packet_len < tlv_len) goto trunc; @@ -2650,48 +2864,46 @@ isis_print(netdissect_options *ndo, /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { case ISIS_TLV_AREA_ADDR: - ND_TCHECK_1(tptr); - alen = EXTRACT_U_1(tptr); - tptr++; - while (tmp && alen < tmp) { - ND_TCHECK_LEN(tptr, alen); - ND_PRINT((ndo, "\n\t Area address (length: %u): %s", + while (tlen != 0) { + alen = GET_U_1(tptr); + tptr++; + tlen--; + if (tlen < alen) + goto tlv_trunc; + ND_PRINT("\n\t Area address (length: %u): %s", alen, - isonsap_string(ndo, tptr, alen))); + GET_ISONSAP_STRING(tptr, alen)); tptr += alen; - tmp -= alen + 1; - if (tmp==0) /* if this is the last area address do not attemt a boundary check */ - break; - ND_TCHECK_1(tptr); - alen = EXTRACT_U_1(tptr); - tptr++; + tlen -= alen; } break; case ISIS_TLV_ISNEIGH: - while (tmp >= MAC_ADDR_LEN) { - ND_TCHECK_LEN(tptr, MAC_ADDR_LEN); - ND_PRINT((ndo, "\n\t SNPA: %s", isis_print_id(tptr, MAC_ADDR_LEN))); - tmp -= MAC_ADDR_LEN; - tptr += MAC_ADDR_LEN; + while (tlen != 0) { + if (tlen < MAC48_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, MAC48_LEN); + ND_PRINT("\n\t SNPA: %s", isis_print_id(ndo, tptr, MAC48_LEN)); + tlen -= MAC48_LEN; + tptr += MAC48_LEN; } break; - case ISIS_TLV_ISNEIGH_VARLEN: - if (!ND_TTEST_1(tptr) || tmp < 3) /* min. TLV length */ - goto trunctlv; - lan_alen = EXTRACT_U_1(tptr); /* LAN address length */ - tptr++; - if (lan_alen == 0) { - ND_PRINT((ndo, "\n\t LAN address length 0 bytes (invalid)")); - break; - } - tmp --; - ND_PRINT((ndo, "\n\t LAN address length %u bytes ", lan_alen)); - while (tmp >= lan_alen) { - ND_TCHECK_LEN(tptr, lan_alen); - ND_PRINT((ndo, "\n\t\tIS Neighbor: %s", isis_print_id(tptr, lan_alen))); - tmp -= lan_alen; - tptr +=lan_alen; + case ISIS_TLV_INSTANCE_ID: + if (tlen < 4) + goto tlv_trunc; + num_vals = (tlen-2)/2; + ND_PRINT("\n\t Instance ID: %u, ITIDs(%u)%s ", + GET_BE_U_2(tptr), num_vals, + num_vals ? ":" : ""); + tptr += 2; + tlen -= 2; + for (i=0; i < num_vals; i++) { + ND_PRINT("%u", GET_BE_U_2(tptr)); + if (i < (num_vals - 1)) { + ND_PRINT(", "); + } + tptr += 2; + tlen -= 2; } break; @@ -2699,66 +2911,86 @@ isis_print(netdissect_options *ndo, break; case ISIS_TLV_MT_IS_REACH: - mt_len = isis_print_mtid(ndo, tptr, "\n\t "); + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; + goto trunc; tptr+=mt_len; - tmp-=mt_len; - while (tmp >= 2+NODE_ID_LEN+3+1) { - ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tmp); + tlen-=mt_len; + while (tlen != 0) { + ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tlen); if (ext_is_len == 0) /* did something go wrong ? */ - goto trunctlv; - - tmp-=ext_is_len; - tptr+=ext_is_len; + goto trunc; + if (tlen < ext_is_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_is_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_is_len; + tptr+=(uint8_t)ext_is_len; } break; case ISIS_TLV_IS_ALIAS_ID: - while (tmp >= NODE_ID_LEN+1) { /* is it worth attempting a decode ? */ - ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tmp); + while (tlen != 0) { + ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tlen); if (ext_is_len == 0) /* did something go wrong ? */ - goto trunctlv; - tmp-=ext_is_len; - tptr+=ext_is_len; + goto trunc; + if (tlen < ext_is_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_is_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_is_len; + tptr+=(uint8_t)ext_is_len; } break; case ISIS_TLV_EXT_IS_REACH: - while (tmp >= NODE_ID_LEN+3+1) { /* is it worth attempting a decode ? */ - ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tmp); + while (tlen != 0) { + ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tlen); if (ext_is_len == 0) /* did something go wrong ? */ - goto trunctlv; - tmp-=ext_is_len; - tptr+=ext_is_len; + goto trunc; + if (tlen < ext_is_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_is_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_is_len; + tptr+=(uint8_t)ext_is_len; } break; case ISIS_TLV_IS_REACH: - ND_TCHECK_1(tptr); /* check if there is one byte left to read out the virtual flag */ - ND_PRINT((ndo, "\n\t %s", + if (tlen < 1) + goto tlv_trunc; + ND_PRINT("\n\t %s", tok2str(isis_is_reach_virtual_values, "bogus virtual flag 0x%02x", - EXTRACT_U_1(tptr)))); + GET_U_1(tptr))); tptr++; + tlen--; tlv_is_reach = (const struct isis_tlv_is_reach *)tptr; - while (tmp >= sizeof(struct isis_tlv_is_reach)) { + while (tlen != 0) { + if (tlen < sizeof(struct isis_tlv_is_reach)) + goto tlv_trunc; ND_TCHECK_SIZE(tlv_is_reach); - ND_PRINT((ndo, "\n\t IS Neighbor: %s", - isis_print_id(tlv_is_reach->neighbor_nodeid, NODE_ID_LEN))); + ND_PRINT("\n\t IS Neighbor: %s", + isis_print_id(ndo, tlv_is_reach->neighbor_nodeid, NODE_ID_LEN)); isis_print_metric_block(ndo, &tlv_is_reach->isis_metric_block); - tmp -= sizeof(struct isis_tlv_is_reach); + tlen -= sizeof(struct isis_tlv_is_reach); tlv_is_reach++; } break; case ISIS_TLV_ESNEIGH: tlv_es_reach = (const struct isis_tlv_es_reach *)tptr; - while (tmp >= sizeof(struct isis_tlv_es_reach)) { + while (tlen != 0) { + if (tlen < sizeof(struct isis_tlv_es_reach)) + goto tlv_trunc; ND_TCHECK_SIZE(tlv_es_reach); - ND_PRINT((ndo, "\n\t ES Neighbor: %s", - isis_print_id(tlv_es_reach->neighbor_sysid, SYSTEM_ID_LEN))); + ND_PRINT("\n\t ES Neighbor: %s", + isis_print_id(ndo, tlv_es_reach->neighbor_sysid, SYSTEM_ID_LEN)); isis_print_metric_block(ndo, &tlv_es_reach->isis_metric_block); - tmp -= sizeof(struct isis_tlv_es_reach); + tlen -= sizeof(struct isis_tlv_es_reach); tlv_es_reach++; } break; @@ -2771,109 +3003,133 @@ isis_print(netdissect_options *ndo, break; case ISIS_TLV_EXTD_IP_REACH: - while (tmp>0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET); + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP); if (ext_ip_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=ext_ip_len; - tmp-=ext_ip_len; - } - break; + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; case ISIS_TLV_MT_IP_REACH: - mt_len = isis_print_mtid(ndo, tptr, "\n\t "); + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); if (mt_len == 0) { /* did something go wrong ? */ - goto trunctlv; + goto trunc; } tptr+=mt_len; - tmp-=mt_len; + tlen-=mt_len; - while (tmp>0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET); + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP); if (ext_ip_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=ext_ip_len; - tmp-=ext_ip_len; - } - break; + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; case ISIS_TLV_IP6_REACH: - while (tmp>0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP6); if (ext_ip_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=ext_ip_len; - tmp-=ext_ip_len; - } - break; + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; case ISIS_TLV_MT_IP6_REACH: - mt_len = isis_print_mtid(ndo, tptr, "\n\t "); + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); if (mt_len == 0) { /* did something go wrong ? */ - goto trunctlv; + goto trunc; } tptr+=mt_len; - tmp-=mt_len; + tlen-=mt_len; - while (tmp>0) { - ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AFNUM_IP6); if (ext_ip_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=ext_ip_len; - tmp-=ext_ip_len; - } - break; + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; case ISIS_TLV_IP6ADDR: - while (tmp>=sizeof(struct in6_addr)) { - ND_TCHECK_LEN(tptr, sizeof(struct in6_addr)); - - ND_PRINT((ndo, "\n\t IPv6 interface address: %s", - ip6addr_string(ndo, tptr))); - - tptr += sizeof(struct in6_addr); - tmp -= sizeof(struct in6_addr); + while (tlen != 0) { + if (tlen < sizeof(nd_ipv6)) + goto tlv_trunc; + ND_PRINT("\n\t IPv6 interface address: %s", + GET_IP6ADDR_STRING(tptr)); + + tptr += sizeof(nd_ipv6); + tlen -= sizeof(nd_ipv6); } break; case ISIS_TLV_AUTH: - ND_TCHECK_1(tptr); + if (tlen < 1) + goto tlv_trunc; + auth_type = GET_U_1(tptr); + tptr++; + tlen--; - ND_PRINT((ndo, "\n\t %s: ", + ND_PRINT("\n\t %s: ", tok2str(isis_subtlv_auth_values, "unknown Authentication type 0x%02x", - EXTRACT_U_1(tptr)))); + auth_type)); - switch (EXTRACT_U_1(tptr)) { + switch (auth_type) { case ISIS_SUBTLV_AUTH_SIMPLE: - if (fn_printzp(ndo, tptr + 1, tlv_len - 1, ndo->ndo_snapend)) - goto trunctlv; + nd_printjnp(ndo, tptr, tlen); break; case ISIS_SUBTLV_AUTH_MD5: - for(i=1;i=1) { - ND_TCHECK_1(tptr); - ND_PRINT((ndo, "\n\t Adjacency State: %s (%u)", - tok2str(isis_ptp_adjancey_values, "unknown", EXTRACT_U_1(tptr)), - EXTRACT_U_1(tptr))); - tmp--; + if(tlen>=1) { + ND_PRINT("\n\t Adjacency State: %s (%u)", + tok2str(isis_ptp_adjacency_values, "unknown", GET_U_1(tptr)), + GET_U_1(tptr)); + tlen--; } - if(tmp>sizeof(tlv_ptp_adj->extd_local_circuit_id)) { - ND_TCHECK(tlv_ptp_adj->extd_local_circuit_id); - ND_PRINT((ndo, "\n\t Extended Local circuit-ID: 0x%08x", - EXTRACT_BE_U_4(tlv_ptp_adj->extd_local_circuit_id))); - tmp-=sizeof(tlv_ptp_adj->extd_local_circuit_id); + if(tlen>sizeof(tlv_ptp_adj->extd_local_circuit_id)) { + ND_PRINT("\n\t Extended Local circuit-ID: 0x%08x", + GET_BE_U_4(tlv_ptp_adj->extd_local_circuit_id)); + tlen-=sizeof(tlv_ptp_adj->extd_local_circuit_id); } - if(tmp>=SYSTEM_ID_LEN) { + if(tlen>=SYSTEM_ID_LEN) { ND_TCHECK_LEN(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN); - ND_PRINT((ndo, "\n\t Neighbor System-ID: %s", - isis_print_id(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN))); - tmp-=SYSTEM_ID_LEN; + ND_PRINT("\n\t Neighbor System-ID: %s", + isis_print_id(ndo, tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN)); + tlen-=SYSTEM_ID_LEN; } - if(tmp>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) { - ND_TCHECK(tlv_ptp_adj->neighbor_extd_local_circuit_id); - ND_PRINT((ndo, "\n\t Neighbor Extended Local circuit-ID: 0x%08x", - EXTRACT_BE_U_4(tlv_ptp_adj->neighbor_extd_local_circuit_id))); + if(tlen>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) { + ND_PRINT("\n\t Neighbor Extended Local circuit-ID: 0x%08x", + GET_BE_U_4(tlv_ptp_adj->neighbor_extd_local_circuit_id)); } break; case ISIS_TLV_PROTOCOLS: - ND_PRINT((ndo, "\n\t NLPID(s): ")); - while (tmp>0) { - ND_TCHECK_1(tptr); - ND_PRINT((ndo, "%s (0x%02x)", + ND_PRINT("\n\t NLPID(s): "); + while (tlen != 0) { + ND_PRINT("%s (0x%02x)", tok2str(nlpid_values, "unknown", - EXTRACT_U_1(tptr)), - EXTRACT_U_1(tptr))); - if (tmp>1) /* further NPLIDs ? - put comma */ - ND_PRINT((ndo, ", ")); + GET_U_1(tptr)), + GET_U_1(tptr)); + if (tlen>1) /* further NPLIDs ? - put comma */ + ND_PRINT(", "); tptr++; - tmp--; + tlen--; } break; - case ISIS_TLV_MT_PORT_CAP: - { - ND_TCHECK_2(tptr); - - ND_PRINT((ndo, "\n\t RES: %u, MTID(s): %u", - (EXTRACT_BE_U_2(tptr) >> 12), - (EXTRACT_BE_U_2(tptr) & 0x0fff))); + case ISIS_TLV_MT_PORT_CAP: + { + if (tlen < 2) + goto tlv_trunc; - tmp = tmp-2; - tptr = tptr+2; + ND_PRINT("\n\t RES: %u, MTID(s): %u", + (GET_BE_U_2(tptr) >> 12), + (GET_BE_U_2(tptr) & 0x0fff)); - if (tmp) - isis_print_mt_port_cap_subtlv(ndo, tptr, tmp); + tptr += 2; + tlen -= 2; - break; - } + if (tlen) + isis_print_mt_port_cap_subtlv(ndo, tptr, tlen); - case ISIS_TLV_MT_CAPABILITY: + break; + } - ND_TCHECK_2(tptr); + case ISIS_TLV_MT_CAPABILITY: + if (tlen < 2) + goto tlv_trunc; - ND_PRINT((ndo, "\n\t O: %u, RES: %u, MTID(s): %u", - (EXTRACT_BE_U_2(tptr) >> 15) & 0x01, - (EXTRACT_BE_U_2(tptr) >> 12) & 0x07, - EXTRACT_BE_U_2(tptr) & 0x0fff)); + ND_PRINT("\n\t O: %u, RES: %u, MTID(s): %u", + (GET_BE_U_2(tptr) >> 15) & 0x01, + (GET_BE_U_2(tptr) >> 12) & 0x07, + GET_BE_U_2(tptr) & 0x0fff); - tmp = tmp-2; - tptr = tptr+2; + tptr += 2; + tlen -= 2; - if (tmp) - isis_print_mt_capability_subtlv(ndo, tptr, tmp); + if (tlen) + isis_print_mt_capability_subtlv(ndo, tptr, tlen); - break; + break; case ISIS_TLV_TE_ROUTER_ID: - ND_TCHECK_LEN(pptr, sizeof(struct in_addr)); - ND_PRINT((ndo, "\n\t Traffic Engineering Router ID: %s", ipaddr_string(ndo, pptr))); + if (tlen < sizeof(nd_ipv4)) + goto tlv_trunc; + ND_PRINT("\n\t Traffic Engineering Router ID: %s", GET_IPADDR_STRING(pptr)); break; case ISIS_TLV_IPADDR: - while (tmp>=sizeof(struct in_addr)) { - ND_TCHECK_LEN(tptr, sizeof(struct in_addr)); - ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr))); - tptr += sizeof(struct in_addr); - tmp -= sizeof(struct in_addr); + while (tlen != 0) { + if (tlen < sizeof(nd_ipv4)) + goto tlv_trunc; + ND_PRINT("\n\t IPv4 interface address: %s", GET_IPADDR_STRING(tptr)); + tptr += sizeof(nd_ipv4); + tlen -= sizeof(nd_ipv4); } break; case ISIS_TLV_HOSTNAME: - ND_PRINT((ndo, "\n\t Hostname: ")); - if (fn_printzp(ndo, tptr, tmp, ndo->ndo_snapend)) - goto trunctlv; + ND_PRINT("\n\t Hostname: "); + nd_printjnp(ndo, tptr, tlen); break; case ISIS_TLV_SHARED_RISK_GROUP: - if (tmp < NODE_ID_LEN) + if (tlen < NODE_ID_LEN) break; ND_TCHECK_LEN(tptr, NODE_ID_LEN); - ND_PRINT((ndo, "\n\t IS Neighbor: %s", isis_print_id(tptr, NODE_ID_LEN))); + ND_PRINT("\n\t IS Neighbor: %s", isis_print_id(ndo, tptr, NODE_ID_LEN)); tptr+=NODE_ID_LEN; - tmp-=NODE_ID_LEN; + tlen-=NODE_ID_LEN; - if (tmp < 1) + if (tlen < 1) break; - ND_TCHECK_1(tptr); - ND_PRINT((ndo, ", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(EXTRACT_U_1(tptr)) ? "numbered" : "unnumbered")); + ND_PRINT(", Flags: [%s]", + ISIS_MASK_TLV_SHARED_RISK_GROUP(GET_U_1(tptr)) ? "numbered" : "unnumbered"); tptr++; - tmp--; + tlen--; - if (tmp < sizeof(struct in_addr)) + if (tlen < sizeof(nd_ipv4)) break; - ND_TCHECK_LEN(tptr, sizeof(struct in_addr)); - ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr))); - tptr+=sizeof(struct in_addr); - tmp-=sizeof(struct in_addr); + ND_PRINT("\n\t IPv4 interface address: %s", GET_IPADDR_STRING(tptr)); + tptr+=sizeof(nd_ipv4); + tlen-=sizeof(nd_ipv4); - if (tmp < sizeof(struct in_addr)) + if (tlen < sizeof(nd_ipv4)) break; - ND_TCHECK_LEN(tptr, sizeof(struct in_addr)); - ND_PRINT((ndo, "\n\t IPv4 neighbor address: %s", ipaddr_string(ndo, tptr))); - tptr+=sizeof(struct in_addr); - tmp-=sizeof(struct in_addr); - - while (tmp>=4) { - ND_TCHECK_4(tptr); - ND_PRINT((ndo, "\n\t Link-ID: 0x%08x", EXTRACT_BE_U_4(tptr))); + ND_PRINT("\n\t IPv4 neighbor address: %s", GET_IPADDR_STRING(tptr)); + tptr+=sizeof(nd_ipv4); + tlen-=sizeof(nd_ipv4); + + while (tlen != 0) { + if (tlen < 4) + goto tlv_trunc; + ND_PRINT("\n\t Link-ID: 0x%08x", GET_BE_U_4(tptr)); tptr+=4; - tmp-=4; + tlen-=4; } break; case ISIS_TLV_LSP: tlv_lsp = (const struct isis_tlv_lsp *)tptr; - while(tmp>=sizeof(struct isis_tlv_lsp)) { - ND_TCHECK((tlv_lsp->lsp_id)[LSP_ID_LEN-1]); - ND_PRINT((ndo, "\n\t lsp-id: %s", - isis_print_id(tlv_lsp->lsp_id, LSP_ID_LEN))); - ND_TCHECK_LEN(tlv_lsp->sequence_number, 4); - ND_PRINT((ndo, ", seq: 0x%08x", EXTRACT_BE_U_4(tlv_lsp->sequence_number))); - ND_TCHECK_LEN(tlv_lsp->remaining_lifetime, 2); - ND_PRINT((ndo, ", lifetime: %5ds", EXTRACT_BE_U_2(tlv_lsp->remaining_lifetime))); - ND_TCHECK_LEN(tlv_lsp->checksum, 2); - ND_PRINT((ndo, ", chksum: 0x%04x", EXTRACT_BE_U_2(tlv_lsp->checksum))); - tmp-=sizeof(struct isis_tlv_lsp); + while (tlen != 0) { + if (tlen < sizeof(struct isis_tlv_lsp)) + goto tlv_trunc; + ND_TCHECK_1(tlv_lsp->lsp_id + LSP_ID_LEN - 1); + ND_PRINT("\n\t lsp-id: %s", + isis_print_id(ndo, tlv_lsp->lsp_id, LSP_ID_LEN)); + ND_PRINT(", seq: 0x%08x", + GET_BE_U_4(tlv_lsp->sequence_number)); + ND_PRINT(", lifetime: %5ds", + GET_BE_U_2(tlv_lsp->remaining_lifetime)); + ND_PRINT(", chksum: 0x%04x", GET_BE_U_2(tlv_lsp->checksum)); + tlen-=sizeof(struct isis_tlv_lsp); tlv_lsp++; } break; case ISIS_TLV_CHECKSUM: - if (tmp < ISIS_TLV_CHECKSUM_MINLEN) + if (tlen < ISIS_TLV_CHECKSUM_MINLEN) break; ND_TCHECK_LEN(tptr, ISIS_TLV_CHECKSUM_MINLEN); - ND_PRINT((ndo, "\n\t checksum: 0x%04x ", EXTRACT_BE_U_2(tptr))); + ND_PRINT("\n\t checksum: 0x%04x ", GET_BE_U_2(tptr)); /* do not attempt to verify the checksum if it is zero * most likely a HMAC-MD5 TLV is also present and * to avoid conflicts the checksum TLV is zeroed. * see rfc3358 for details */ - osi_print_cksum(ndo, optr, EXTRACT_BE_U_2(tptr), tptr-optr, + osi_print_cksum(ndo, optr, GET_BE_U_2(tptr), (int)(tptr-optr), length); break; case ISIS_TLV_POI: - if (tlv_len >= SYSTEM_ID_LEN + 1) { - ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN + 1); - ND_PRINT((ndo, "\n\t Purge Originator System-ID: %s", - isis_print_id(tptr + 1, SYSTEM_ID_LEN))); - } - - if (tlv_len == 2 * SYSTEM_ID_LEN + 1) { - ND_TCHECK_LEN(tptr, 2 * SYSTEM_ID_LEN + 1); - ND_PRINT((ndo, "\n\t Received from System-ID: %s", - isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN))); + if (tlen < 1) + goto tlv_trunc; + num_system_ids = GET_U_1(tptr); + tptr++; + tlen--; + if (num_system_ids == 0) { + /* Not valid */ + ND_PRINT(" No system IDs supplied"); + } else { + if (tlen < SYSTEM_ID_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT("\n\t Purge Originator System-ID: %s", + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + tptr += SYSTEM_ID_LEN; + tlen -= SYSTEM_ID_LEN; + + if (num_system_ids > 1) { + if (tlen < SYSTEM_ID_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_TCHECK_LEN(tptr, 2 * SYSTEM_ID_LEN + 1); + ND_PRINT("\n\t Received from System-ID: %s", + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + } } break; case ISIS_TLV_MT_SUPPORTED: - if (tmp < ISIS_TLV_MT_SUPPORTED_MINLEN) - break; - while (tmp>1) { + while (tlen != 0) { /* length can only be a multiple of 2, otherwise there is something broken -> so decode down until length is 1 */ - if (tmp!=1) { - mt_len = isis_print_mtid(ndo, tptr, "\n\t "); + if (tlen!=1) { + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; + goto trunc; tptr+=mt_len; - tmp-=mt_len; + tlen-=mt_len; } else { - ND_PRINT((ndo, "\n\t invalid MT-ID")); + ND_PRINT("\n\t invalid MT-ID"); break; } } @@ -3080,120 +3347,134 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_RESTART_SIGNALING: /* first attempt to decode the flags */ - if (tmp < ISIS_TLV_RESTART_SIGNALING_FLAGLEN) + if (tlen < ISIS_TLV_RESTART_SIGNALING_FLAGLEN) break; ND_TCHECK_LEN(tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN); - ND_PRINT((ndo, "\n\t Flags [%s]", - bittok2str(isis_restart_flag_values, "none", EXTRACT_U_1(tptr)))); + ND_PRINT("\n\t Flags [%s]", + bittok2str(isis_restart_flag_values, "none", GET_U_1(tptr))); tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; - tmp-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; + tlen-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; /* is there anything other than the flags field? */ - if (tmp == 0) + if (tlen == 0) break; - if (tmp < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN) + if (tlen < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN) break; ND_TCHECK_LEN(tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN); - ND_PRINT((ndo, ", Remaining holding time %us", EXTRACT_BE_U_2(tptr))); + ND_PRINT(", Remaining holding time %us", GET_BE_U_2(tptr)); tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; - tmp-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; + tlen-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; /* is there an additional sysid field present ?*/ - if (tmp == SYSTEM_ID_LEN) { + if (tlen == SYSTEM_ID_LEN) { ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); - ND_PRINT((ndo, ", for %s", isis_print_id(tptr,SYSTEM_ID_LEN))); + ND_PRINT(", for %s", isis_print_id(ndo, tptr,SYSTEM_ID_LEN)); } break; case ISIS_TLV_IDRP_INFO: - if (tmp < ISIS_TLV_IDRP_INFO_MINLEN) + if (tlen < 1) break; - ND_TCHECK_LEN(tptr, ISIS_TLV_IDRP_INFO_MINLEN); - ND_PRINT((ndo, "\n\t Inter-Domain Information Type: %s", + isis_subtlv_idrp = GET_U_1(tptr); + ND_PRINT("\n\t Inter-Domain Information Type: %s", tok2str(isis_subtlv_idrp_values, "Unknown (0x%02x)", - EXTRACT_U_1(tptr)))); - isis_subtlv_idrp = EXTRACT_U_1(tptr); + isis_subtlv_idrp)); tptr++; + tlen--; switch (isis_subtlv_idrp) { case ISIS_SUBTLV_IDRP_ASN: - ND_TCHECK_2(tptr); /* fetch AS number */ - ND_PRINT((ndo, "AS Number: %u", EXTRACT_BE_U_2(tptr))); + if (tlen < 2) + goto tlv_trunc; + ND_PRINT("AS Number: %u", GET_BE_U_2(tptr)); break; case ISIS_SUBTLV_IDRP_LOCAL: case ISIS_SUBTLV_IDRP_RES: default: - if (!print_unknown_data(ndo, tptr, "\n\t ", tlv_len - 1)) + if (!print_unknown_data(ndo, tptr, "\n\t ", tlen)) return(0); break; } break; case ISIS_TLV_LSP_BUFFERSIZE: - if (tmp < ISIS_TLV_LSP_BUFFERSIZE_MINLEN) + if (tlen < 2) break; - ND_TCHECK_LEN(tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN); - ND_PRINT((ndo, "\n\t LSP Buffersize: %u", EXTRACT_BE_U_2(tptr))); + ND_PRINT("\n\t LSP Buffersize: %u", GET_BE_U_2(tptr)); break; case ISIS_TLV_PART_DIS: - while (tmp >= SYSTEM_ID_LEN) { + while (tlen != 0) { + if (tlen < SYSTEM_ID_LEN) + goto tlv_trunc; ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); - ND_PRINT((ndo, "\n\t %s", isis_print_id(tptr, SYSTEM_ID_LEN))); + ND_PRINT("\n\t %s", isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); tptr+=SYSTEM_ID_LEN; - tmp-=SYSTEM_ID_LEN; + tlen-=SYSTEM_ID_LEN; } break; case ISIS_TLV_PREFIX_NEIGH: - if (tmp < sizeof(struct isis_metric_block)) + if (tlen < sizeof(struct isis_metric_block)) break; ND_TCHECK_LEN(tptr, sizeof(struct isis_metric_block)); - ND_PRINT((ndo, "\n\t Metric Block")); + ND_PRINT("\n\t Metric Block"); isis_print_metric_block(ndo, (const struct isis_metric_block *)tptr); tptr+=sizeof(struct isis_metric_block); - tmp-=sizeof(struct isis_metric_block); + tlen-=sizeof(struct isis_metric_block); - while(tmp>0) { - ND_TCHECK_1(tptr); - prefix_len=EXTRACT_U_1(tptr); /* read out prefix length in semioctets*/ + while (tlen != 0) { + prefix_len=GET_U_1(tptr); /* read out prefix length in semioctets*/ tptr++; + tlen--; if (prefix_len < 2) { - ND_PRINT((ndo, "\n\t\tAddress: prefix length %u < 2", prefix_len)); + ND_PRINT("\n\t\tAddress: prefix length %u < 2", prefix_len); break; } - tmp--; - if (tmp < prefix_len/2) + if (tlen < prefix_len/2) break; - ND_TCHECK_LEN(tptr, prefix_len / 2); - ND_PRINT((ndo, "\n\t\tAddress: %s/%u", - isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4)); + ND_PRINT("\n\t\tAddress: %s/%u", + GET_ISONSAP_STRING(tptr, prefix_len / 2), prefix_len * 4); tptr+=prefix_len/2; - tmp-=prefix_len/2; + tlen-=prefix_len/2; } break; case ISIS_TLV_IIH_SEQNR: - if (tmp < ISIS_TLV_IIH_SEQNR_MINLEN) + if (tlen < 4) break; - ND_TCHECK_LEN(tptr, ISIS_TLV_IIH_SEQNR_MINLEN); /* check if four bytes are on the wire */ - ND_PRINT((ndo, "\n\t Sequence number: %u", EXTRACT_BE_U_4(tptr))); + ND_PRINT("\n\t Sequence number: %u", GET_BE_U_4(tptr)); + break; + + case ISIS_TLV_ROUTER_CAPABILITY: + if (tlen < 5) { + ND_PRINT(" [object length %u < 5]", tlen); + nd_print_invalid(ndo); + break; + } + ND_PRINT("\n\t Router-ID %s", GET_IPADDR_STRING(tptr)); + ND_PRINT(", Flags [%s]", + bittok2str(isis_tlv_router_capability_flags, "none", GET_U_1(tptr+4))); + + /* Optional set of sub-TLV */ + if (tlen > 5) { + isis_print_router_cap_subtlv(ndo, tptr+5, tlen-5); + } break; case ISIS_TLV_VENDOR_PRIVATE: - if (tmp < ISIS_TLV_VENDOR_PRIVATE_MINLEN) + if (tlen < 3) break; - ND_TCHECK_LEN(tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN); /* check if enough byte for a full oui */ - vendor_id = EXTRACT_BE_U_3(tptr); - ND_PRINT((ndo, "\n\t Vendor: %s (%u)", + vendor_id = GET_BE_U_3(tptr); + ND_PRINT("\n\t Vendor: %s (%u)", tok2str(oui_values, "Unknown", vendor_id), - vendor_id)); + vendor_id); tptr+=3; - tmp-=3; - if (tmp > 0) /* hexdump the rest */ - if (!print_unknown_data(ndo, tptr, "\n\t\t", tmp)) + tlen-=3; + if (tlen != 0) /* hexdump the rest */ + if (!print_unknown_data(ndo, tptr, "\n\t\t", tlen)) return(0); break; /* @@ -3214,6 +3495,7 @@ isis_print(netdissect_options *ndo, } break; } +tlv_trunc: /* do we want to see an additionally hexdump ? */ if (ndo->ndo_vflag> 1) { if (!print_unknown_data(ndo, pptr, "\n\t ", tlv_len)) @@ -3225,18 +3507,13 @@ isis_print(netdissect_options *ndo, } if (packet_len != 0) { - ND_PRINT((ndo, "\n\t %u straggler bytes", packet_len)); + ND_PRINT("\n\t %u straggler bytes", packet_len); } return (1); - trunc: - ND_PRINT((ndo, "%s", tstr)); +trunc: + nd_print_trunc(ndo); return (1); - - trunctlv: - ND_PRINT((ndo, "\n\t\t")); - ND_PRINT((ndo, "%s", tstr)); - return(1); } static void @@ -3254,23 +3531,16 @@ osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr, || !ND_TTEST_2(pptr + checksum_offset) || (u_int)checksum_offset > length || !ND_TTEST_LEN(pptr, length)) { - ND_PRINT((ndo, " (unverified)")); + ND_PRINT(" (unverified)"); } else { #if 0 - printf("\nosi_print_cksum: %p %u %u\n", pptr, checksum_offset, length); + ND_PRINT("\nosi_print_cksum: %p %d %u\n", pptr, checksum_offset, length); #endif calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); if (checksum == calculated_checksum) { - ND_PRINT((ndo, " (correct)")); + ND_PRINT(" (correct)"); } else { - ND_PRINT((ndo, " (incorrect should be 0x%04x)", calculated_checksum)); + ND_PRINT(" (incorrect should be 0x%04x)", calculated_checksum); } } } - -/* - * Local Variables: - * c-style: whitesmith - * c-basic-offset: 8 - * End: - */