X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/d5be981c91f153934cda3361567c857fc8d64886..f085c93f59fb2332e09f3da20eef5fb2bbd04431:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index e990a91d..8ec06584 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -20,20 +20,21 @@ * * Original code by Matt Thomas, Digital Equipment Corporation * - * Extensively modified by Hannes Gredler (hannes@juniper.net) for more + * Extensively modified by Hannes Gredler (hannes@gredler.at) for more * complete IS-IS & CLNP support. */ -#define NETDISSECT_REWORKED +/* \summary: ISO CLNS, ESIS, and ISIS printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "ether.h" #include "nlpid.h" @@ -42,13 +43,15 @@ #include "oui.h" #include "signature.h" +static const char tstr[] = " [|isis]"; + /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. */ #define SYSTEM_ID_LEN ETHER_ADDR_LEN -#define NODE_ID_LEN SYSTEM_ID_LEN+1 -#define LSP_ID_LEN SYSTEM_ID_LEN+2 +#define NODE_ID_LEN (SYSTEM_ID_LEN+1) +#define LSP_ID_LEN (SYSTEM_ID_LEN+2) #define ISIS_VERSION 1 #define ESIS_VERSION 1 @@ -103,9 +106,10 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ #define ISIS_TLV_CHECKSUM 12 /* rfc3358 */ #define ISIS_TLV_CHECKSUM_MINLEN 2 +#define ISIS_TLV_POI 13 /* rfc6232 */ #define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */ #define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2 -#define ISIS_TLV_EXT_IS_REACH 22 /* draft-ietf-isis-traffic-05 */ +#define ISIS_TLV_EXT_IS_REACH 22 /* rfc5305 */ #define ISIS_TLV_IS_ALIAS_ID 24 /* draft-ietf-isis-ext-lsp-frags-02 */ #define ISIS_TLV_DECNET_PHASE4 42 #define ISIS_TLV_LUCENT_PRIVATE 66 @@ -116,8 +120,8 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_IDRP_INFO_MINLEN 1 #define ISIS_TLV_IPADDR 132 /* rfc1195 */ #define ISIS_TLV_IPAUTH 133 /* rfc1195 */ -#define ISIS_TLV_TE_ROUTER_ID 134 /* draft-ietf-isis-traffic-05 */ -#define ISIS_TLV_EXTD_IP_REACH 135 /* draft-ietf-isis-traffic-05 */ +#define ISIS_TLV_TE_ROUTER_ID 134 /* rfc5305 */ +#define ISIS_TLV_EXTD_IP_REACH 135 /* rfc5305 */ #define ISIS_TLV_HOSTNAME 137 /* rfc2763 */ #define ISIS_TLV_SHARED_RISK_GROUP 138 /* draft-ietf-isis-gmpls-extensions */ #define ISIS_TLV_MT_PORT_CAP 143 /* rfc6165 */ @@ -152,6 +156,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_LSP, "LSP entries"}, { ISIS_TLV_AUTH, "Authentication"}, { ISIS_TLV_CHECKSUM, "Checksum"}, + { ISIS_TLV_POI, "Purge Originator Identifier"}, { ISIS_TLV_LSP_BUFFERSIZE, "LSP Buffersize"}, { ISIS_TLV_EXT_IS_REACH, "Extended IS Reachability"}, { ISIS_TLV_IS_ALIAS_ID, "IS Alias ID"}, @@ -333,16 +338,16 @@ static const struct tok clnp_option_qos_global_values[] = { { 0, NULL } }; -#define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* draft-ietf-isis-traffic-05 */ +#define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* rfc5305 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* rfc4205 */ -#define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR 6 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR 8 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW 9 /* draft-ietf-isis-traffic-05 */ -#define ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW 10 /* draft-ietf-isis-traffic-05 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR 6 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR 8 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW 9 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW 10 /* rfc5305 */ #define ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW 11 /* rfc4124 */ #define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD 12 /* draft-ietf-tewg-diff-te-proto-06 */ -#define ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC 18 /* draft-ietf-isis-traffic-05 */ +#define ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC 18 /* rfc5305 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE 19 /* draft-ietf-isis-link-attr-01 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* rfc4205 */ @@ -559,8 +564,8 @@ struct isis_tlv_ptp_adj { uint8_t neighbor_extd_local_circuit_id[4]; }; -static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, uint16_t checksum, - u_int checksum_offset, u_int length); +static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, u_int length); static int clnp_print(netdissect_options *, const uint8_t *, u_int); static void esis_print(netdissect_options *, const uint8_t *, u_int); static int isis_print(netdissect_options *, const uint8_t *, u_int); @@ -664,22 +669,22 @@ struct isis_tlv_lsp { #define ISIS_CSNP_HEADER_SIZE (sizeof(struct isis_csnp_header)) #define ISIS_PSNP_HEADER_SIZE (sizeof(struct isis_psnp_header)) -void isoclns_print(netdissect_options *ndo, - const uint8_t *p, u_int length, u_int caplen) +void +isoclns_print(netdissect_options *ndo, const uint8_t *p, u_int length) { - if (caplen <= 1) { /* enough bytes on the wire ? */ + if (!ND_TTEST(*p)) { /* enough bytes on the wire ? */ ND_PRINT((ndo, "|OSI")); return; } if (ndo->ndo_eflag) - ND_PRINT((ndo, "OSI NLPID %s (0x%02x): ", tok2str(nlpid_values, "Unknown", *p), *p)); + ND_PRINT((ndo, "OSI NLPID %s (0x%02x): ", tok2str(nlpid_values, "Unknown", EXTRACT_U_1(p)), EXTRACT_U_1(p))); switch (*p) { case NLPID_CLNP: if (!clnp_print(ndo, p, length)) - print_unknown_data(ndo, p, "\n\t", caplen); + print_unknown_data(ndo, p, "\n\t", length); break; case NLPID_ESIS: @@ -688,7 +693,7 @@ void isoclns_print(netdissect_options *ndo, case NLPID_ISIS: if (!isis_print(ndo, p, length)) - print_unknown_data(ndo, p, "\n\t", caplen); + print_unknown_data(ndo, p, "\n\t", length); break; case NLPID_NULLNS: @@ -713,10 +718,10 @@ void isoclns_print(netdissect_options *ndo, default: if (!ndo->ndo_eflag) - ND_PRINT((ndo, "OSI NLPID 0x%02x unknown", *p)); + ND_PRINT((ndo, "OSI NLPID 0x%02x unknown", EXTRACT_U_1(p))); ND_PRINT((ndo, "%slength: %u", ndo->ndo_eflag ? "" : ", ", length)); - if (caplen > 1) - print_unknown_data(ndo, p, "\n\t", caplen); + if (length > 1) + print_unknown_data(ndo, p, "\n\t", length); break; } } @@ -765,7 +770,7 @@ clnp_print(netdissect_options *ndo, u_int li,tlen,nsap_offset,source_address_length,dest_address_length, clnp_pdu_type, clnp_flags; const struct clnp_header_t *clnp_header; const struct clnp_segment_header_t *clnp_segment_header; - uint8_t rfd_error_major,rfd_error_minor; + uint8_t rfd_error,rfd_error_major,rfd_error_minor; clnp_header = (const struct clnp_header_t *) pptr; ND_TCHECK(*clnp_header); @@ -785,6 +790,20 @@ clnp_print(netdissect_options *ndo, return (0); } + if (li > length) { + ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length)); + return (0); + } + + if (li < sizeof(struct clnp_header_t)) { + ND_PRINT((ndo, " length indicator %u < min PDU size:", li)); + while (pptr < ndo->ndo_snapend) { + ND_PRINT((ndo, "%02X", EXTRACT_U_1(pptr))); + pptr++; + } + return (0); + } + /* FIXME further header sanity checking */ clnp_pdu_type = clnp_header->type & CLNP_PDU_TYPE_MASK; @@ -792,22 +811,46 @@ clnp_print(netdissect_options *ndo, pptr += sizeof(struct clnp_header_t); li -= sizeof(struct clnp_header_t); - dest_address_length = *pptr; - dest_address = pptr + 1; - pptr += (1 + dest_address_length); - li -= (1 + dest_address_length); - source_address_length = *pptr; - source_address = pptr +1; + if (li < 1) { + ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + return (0); + } + ND_TCHECK(*pptr); + dest_address_length = EXTRACT_U_1(pptr); + pptr += 1; + li -= 1; + if (li < dest_address_length) { + ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + return (0); + } + ND_TCHECK2(*pptr, dest_address_length); + dest_address = pptr; + pptr += dest_address_length; + li -= dest_address_length; - pptr += (1 + source_address_length); - li -= (1 + source_address_length); + if (li < 1) { + ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + return (0); + } + ND_TCHECK(*pptr); + source_address_length = EXTRACT_U_1(pptr); + pptr += 1; + li -= 1; + if (li < source_address_length) { + ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses")); + return (0); + } + ND_TCHECK2(*pptr, source_address_length); + source_address = pptr; + pptr += source_address_length; + li -= source_address_length; if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, "%s%s > %s, %s, length %u", ndo->ndo_eflag ? "" : ", ", - isonsap_string(source_address, source_address_length), - isonsap_string(dest_address, dest_address_length), + isonsap_string(ndo, source_address, source_address_length), + isonsap_string(ndo, dest_address, dest_address_length), tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), length)); return (1); @@ -820,10 +863,10 @@ clnp_print(netdissect_options *ndo, clnp_header->version, clnp_header->lifetime/2, (clnp_header->lifetime%2)*5, - EXTRACT_16BITS(clnp_header->segment_length), - EXTRACT_16BITS(clnp_header->cksum))); + EXTRACT_BE_U_2(clnp_header->segment_length), + EXTRACT_BE_U_2(clnp_header->cksum))); - osi_print_cksum(ndo, optr, EXTRACT_16BITS(clnp_header->cksum), 7, + osi_print_cksum(ndo, optr, EXTRACT_BE_U_2(clnp_header->cksum), 7, clnp_header->length_indicator); ND_PRINT((ndo, "\n\tFlags [%s]", @@ -831,19 +874,23 @@ clnp_print(netdissect_options *ndo, ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - isonsap_string(source_address, source_address_length), + isonsap_string(ndo, source_address, source_address_length), dest_address_length, - isonsap_string(dest_address, dest_address_length))); + isonsap_string(ndo, dest_address, dest_address_length))); if (clnp_flags & CLNP_SEGMENT_PART) { + if (li < sizeof(struct clnp_segment_header_t)) { + ND_PRINT((ndo, "li < size of fixed part of CLNP header, addresses, and segment part")); + return (0); + } clnp_segment_header = (const struct clnp_segment_header_t *) pptr; ND_TCHECK(*clnp_segment_header); ND_PRINT((ndo, "\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u", - EXTRACT_16BITS(clnp_segment_header->data_unit_id), - EXTRACT_16BITS(clnp_segment_header->segment_offset), - EXTRACT_16BITS(clnp_segment_header->total_length))); - pptr+=sizeof(const struct clnp_segment_header_t); - li-=sizeof(const struct clnp_segment_header_t); + EXTRACT_BE_U_2(clnp_segment_header->data_unit_id), + EXTRACT_BE_U_2(clnp_segment_header->segment_offset), + EXTRACT_BE_U_2(clnp_segment_header->total_length))); + pptr+=sizeof(struct clnp_segment_header_t); + li-=sizeof(struct clnp_segment_header_t); } /* now walk the options */ @@ -851,19 +898,20 @@ clnp_print(netdissect_options *ndo, u_int op, opli; const uint8_t *tptr; - ND_TCHECK2(*pptr, 2); if (li < 2) { ND_PRINT((ndo, ", bad opts/li")); return (0); } - op = *pptr++; - opli = *pptr++; + ND_TCHECK_2(pptr); + op = EXTRACT_U_1(pptr); + opli = EXTRACT_U_1(pptr + 1); + pptr += 2; li -= 2; - ND_TCHECK2(*pptr, opli); if (opli > li) { ND_PRINT((ndo, ", opt (%d) too long", op)); return (0); } + ND_TCHECK2(*pptr, opli); li -= opli; tptr = pptr; tlen = opli; @@ -873,15 +921,27 @@ clnp_print(netdissect_options *ndo, op, opli)); + /* + * We've already checked that the entire option is present + * in the captured packet with the ND_TCHECK2() call. + * Therefore, we don't need to do ND_TCHECK()/ND_TCHECK2() + * checks. + * We do, however, need to check tlen, to make sure we + * don't run past the end of the option. + */ switch (op) { case CLNP_OPTION_ROUTE_RECORDING: /* those two options share the format */ case CLNP_OPTION_SOURCE_ROUTING: + if (tlen < 2) { + ND_PRINT((ndo, ", bad opt len")); + return (0); + } ND_PRINT((ndo, "%s %s", - tok2str(clnp_option_sr_rr_values,"Unknown",*tptr), + tok2str(clnp_option_sr_rr_values,"Unknown",EXTRACT_U_1(tptr)), tok2str(clnp_option_sr_rr_string_values, "Unknown Option %u", op))); - nsap_offset=*(tptr+1); + nsap_offset=EXTRACT_U_1(tptr + 1); if (nsap_offset == 0) { ND_PRINT((ndo, " Bad NSAP offset (0)")); break; @@ -894,7 +954,7 @@ clnp_print(netdissect_options *ndo, tptr+=nsap_offset; tlen-=nsap_offset; while (tlen > 0) { - source_address_length=*tptr; + source_address_length=EXTRACT_U_1(tptr); if (tlen < source_address_length+1) { ND_PRINT((ndo, "\n\t NSAP address goes past end of option")); break; @@ -904,36 +964,53 @@ clnp_print(netdissect_options *ndo, ND_TCHECK2(*source_address, source_address_length); ND_PRINT((ndo, "\n\t NSAP address (length %u): %s", source_address_length, - isonsap_string(source_address, source_address_length))); + isonsap_string(ndo, source_address, source_address_length))); } tlen-=source_address_length+1; } break; case CLNP_OPTION_PRIORITY: - ND_PRINT((ndo, "0x%1x", *tptr&0x0f)); + if (tlen < 1) { + ND_PRINT((ndo, ", bad opt len")); + return (0); + } + ND_PRINT((ndo, "0x%1x", EXTRACT_U_1(tptr)&0x0f)); break; case CLNP_OPTION_QOS_MAINTENANCE: + if (tlen < 1) { + ND_PRINT((ndo, ", bad opt len")); + return (0); + } ND_PRINT((ndo, "\n\t Format Code: %s", - tok2str(clnp_option_scope_values, "Reserved", *tptr&CLNP_OPTION_SCOPE_MASK))); + tok2str(clnp_option_scope_values, "Reserved", EXTRACT_U_1(tptr) & CLNP_OPTION_SCOPE_MASK))); - if ((*tptr&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL) + if ((EXTRACT_U_1(tptr)&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL) ND_PRINT((ndo, "\n\t QoS Flags [%s]", bittok2str(clnp_option_qos_global_values, "none", - *tptr&CLNP_OPTION_OPTION_QOS_MASK))); + EXTRACT_U_1(tptr)&CLNP_OPTION_OPTION_QOS_MASK))); break; case CLNP_OPTION_SECURITY: + if (tlen < 2) { + ND_PRINT((ndo, ", bad opt len")); + return (0); + } ND_PRINT((ndo, "\n\t Format Code: %s, Security-Level %u", - tok2str(clnp_option_scope_values,"Reserved",*tptr&CLNP_OPTION_SCOPE_MASK), - *(tptr+1))); + tok2str(clnp_option_scope_values,"Reserved",EXTRACT_U_1(tptr)&CLNP_OPTION_SCOPE_MASK), + EXTRACT_U_1(tptr + 1))); break; case CLNP_OPTION_DISCARD_REASON: - rfd_error_major = (*tptr&0xf0) >> 4; - rfd_error_minor = *tptr&0x0f; + if (tlen < 1) { + ND_PRINT((ndo, ", bad opt len")); + return (0); + } + rfd_error = EXTRACT_U_1(tptr); + rfd_error_major = (rfd_error&0xf0) >> 4; + rfd_error_minor = rfd_error&0x0f; ND_PRINT((ndo, "\n\t Class: %s Error (0x%01x), %s (0x%01x)", tok2str(clnp_option_rfd_class_values,"Unknown",rfd_error_major), rfd_error_major, @@ -964,7 +1041,7 @@ clnp_print(netdissect_options *ndo, case CLNP_PDU_ER: /* fall through */ case CLNP_PDU_ERP: ND_TCHECK(*pptr); - if (*(pptr) == NLPID_CLNP) { + if (EXTRACT_U_1(pptr) == NLPID_CLNP) { ND_PRINT((ndo, "\n\t-----original packet-----\n\t")); /* FIXME recursion protection */ clnp_print(ndo, pptr, length - clnp_header->length_indicator); @@ -1049,14 +1126,16 @@ esis_print(netdissect_options *ndo, } if (li > length) { - ND_PRINT((ndo, " length indicator(%d) > PDU size (%d)!", li, length)); + ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length)); return; } if (li < sizeof(struct esis_header_t) + 2) { - ND_PRINT((ndo, " length indicator < min PDU size %d:", li)); - while (--length != 0) - ND_PRINT((ndo, "%02X", *pptr++)); + ND_PRINT((ndo, " length indicator %u < min PDU size:", li)); + while (pptr < ndo->ndo_snapend) { + ND_PRINT((ndo, "%02X", EXTRACT_U_1(pptr))); + pptr++; + } return; } @@ -1076,12 +1155,13 @@ esis_print(netdissect_options *ndo, esis_pdu_type)); ND_PRINT((ndo, ", v: %u%s", esis_header->version, esis_header->version == ESIS_VERSION ? "" : "unsupported" )); - ND_PRINT((ndo, ", checksum: 0x%04x", EXTRACT_16BITS(esis_header->cksum))); + ND_PRINT((ndo, ", checksum: 0x%04x", EXTRACT_BE_U_2(esis_header->cksum))); - osi_print_cksum(ndo, pptr, EXTRACT_16BITS(esis_header->cksum), 7, li); + osi_print_cksum(ndo, pptr, EXTRACT_BE_U_2(esis_header->cksum), 7, + li); ND_PRINT((ndo, ", holding time: %us, length indicator: %u", - EXTRACT_16BITS(esis_header->holdtime), li)); + EXTRACT_BE_U_2(esis_header->holdtime), li)); if (ndo->ndo_vflag > 1) print_unknown_data(ndo, optr, "\n\t", sizeof(struct esis_header_t)); @@ -1099,7 +1179,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad redirect/li")); return; } - dstl = *pptr; + dstl = EXTRACT_U_1(pptr); pptr++; li--; ND_TCHECK2(*pptr, dstl); @@ -1110,14 +1190,14 @@ esis_print(netdissect_options *ndo, dst = pptr; pptr += dstl; li -= dstl; - ND_PRINT((ndo, "\n\t %s", isonsap_string(dst, dstl))); + ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, dst, dstl))); ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, ", bad redirect/li")); return; } - snpal = *pptr; + snpal = EXTRACT_U_1(pptr); pptr++; li--; ND_TCHECK2(*pptr, snpal); @@ -1133,7 +1213,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad redirect/li")); return; } - netal = *pptr; + netal = EXTRACT_U_1(pptr); pptr++; ND_TCHECK2(*pptr, netal); if (li < netal) { @@ -1144,10 +1224,18 @@ esis_print(netdissect_options *ndo, pptr += netal; li -= netal; - if (netal == 0) - ND_PRINT((ndo, "\n\t %s", etheraddr_string(ndo, snpa))); + if (snpal == 6) + ND_PRINT((ndo, "\n\t SNPA (length: %u): %s", + snpal, + etheraddr_string(ndo, snpa))); else - ND_PRINT((ndo, "\n\t %s", isonsap_string(neta, netal))); + ND_PRINT((ndo, "\n\t SNPA (length: %u): %s", + snpal, + linkaddr_string(ndo, snpa, LINKADDR_OTHER, snpal))); + if (netal != 0) + ND_PRINT((ndo, "\n\t NET (length: %u) %s", + netal, + isonsap_string(ndo, neta, netal))); break; } @@ -1157,7 +1245,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad esh/li")); return; } - source_address_number = *pptr; + source_address_number = EXTRACT_U_1(pptr); pptr++; li--; @@ -1169,7 +1257,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad esh/li")); return; } - source_address_length = *pptr; + source_address_length = EXTRACT_U_1(pptr); pptr++; li--; @@ -1180,7 +1268,7 @@ esis_print(netdissect_options *ndo, } ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, - isonsap_string(pptr, source_address_length))); + isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; source_address_number--; @@ -1194,7 +1282,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad ish/li")); return; } - source_address_length = *pptr; + source_address_length = EXTRACT_U_1(pptr); pptr++; li--; ND_TCHECK2(*pptr, source_address_length); @@ -1202,7 +1290,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad ish/li")); return; } - ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length))); + ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; break; @@ -1225,9 +1313,10 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad opts/li")); return; } - ND_TCHECK2(*pptr, 2); - op = *pptr++; - opli = *pptr++; + ND_TCHECK_2(pptr); + op = EXTRACT_U_1(pptr); + opli = EXTRACT_U_1(pptr + 1); + pptr += 2; li -= 2; if (opli > li) { ND_PRINT((ndo, ", opt (%d) too long", op)); @@ -1245,20 +1334,20 @@ esis_print(netdissect_options *ndo, case ESIS_OPTION_ES_CONF_TIME: if (opli == 2) { - ND_TCHECK2(*pptr, 2); - ND_PRINT((ndo, "%us", EXTRACT_16BITS(tptr))); + ND_TCHECK_2(pptr); + ND_PRINT((ndo, "%us", EXTRACT_BE_U_2(tptr))); } else ND_PRINT((ndo, "(bad length)")); break; case ESIS_OPTION_PROTOCOLS: while (opli>0) { - ND_TCHECK(*pptr); + ND_TCHECK_1(tptr); ND_PRINT((ndo, "%s (0x%02x)", tok2str(nlpid_values, "unknown", - *tptr), - *tptr)); + EXTRACT_U_1(tptr)), + EXTRACT_U_1(tptr))); if (opli>1) /* further NPLIDs ? - put comma */ ND_PRINT((ndo, ", ")); tptr++; @@ -1286,7 +1375,7 @@ esis_print(netdissect_options *ndo, pptr += opli; } trunc: - return; + ND_PRINT((ndo, "[|esis]")); } static void @@ -1295,21 +1384,21 @@ isis_print_mcid(netdissect_options *ndo, { int i; + ND_TCHECK(*mcid); ND_PRINT((ndo, "ID: %d, Name: ", mcid->format_id)); - for(i=0; i<32; i++) - { - ND_PRINT((ndo, "%c", mcid->name[i])); - if(mcid->name[i] == '\0') - break; - } + if (fn_printzp(ndo, mcid->name, 32, ndo->ndo_snapend)) + goto trunc; - ND_PRINT((ndo, "\n\t Lvl: %d", EXTRACT_16BITS(mcid->revision_lvl))); + ND_PRINT((ndo, "\n\t Lvl: %d", EXTRACT_BE_U_2(mcid->revision_lvl))); ND_PRINT((ndo, ", Digest: ")); for(i=0;i<16;i++) ND_PRINT((ndo, "%.2x ", mcid->digest[i])); + +trunc: + ND_PRINT((ndo, "%s", tstr)); } static int @@ -1320,10 +1409,11 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, const struct isis_subtlv_spb_mcid *subtlv_spb_mcid; int i; - while (len > 0) + while (len > 2) { - stlv_type = *(tptr++); - stlv_len = *(tptr++); + ND_TCHECK_2(tptr); + stlv_type = EXTRACT_U_1(tptr); + stlv_len = EXTRACT_U_1(tptr + 1); /* first lets see if we know the subTLVs name*/ ND_PRINT((ndo, "\n\t %s subTLV #%u, length: %u", @@ -1331,17 +1421,24 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, stlv_type, stlv_len)); + tptr = tptr + 2; /*len -= TLV_TYPE_LEN_OFFSET;*/ - len = len -2; + len = len - 2; + + /* Make sure the subTLV fits within the space left */ + if (len < stlv_len) + goto trunc; + /* Make sure the entire subTLV is in the captured data */ + ND_TCHECK2(*(tptr), stlv_len); switch (stlv_type) { case ISIS_SUBTLV_SPB_MCID: { - if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN)) - goto trunctlv; + if (stlv_len < ISIS_SUBTLV_SPB_MCID_MIN_LEN) + goto trunc; - subtlv_spb_mcid = (struct isis_subtlv_spb_mcid *)tptr; + subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr; ND_PRINT((ndo, "\n\t MCID: ")); isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid)); @@ -1354,20 +1451,23 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, /*tptr += SPB_MCID_MIN_LEN; len -= SPB_MCID_MIN_LEN; */ - tptr = tptr + sizeof(struct isis_subtlv_spb_mcid); - len = len - sizeof(struct isis_subtlv_spb_mcid); + tptr = tptr + ISIS_SUBTLV_SPB_MCID_MIN_LEN; + len = len - ISIS_SUBTLV_SPB_MCID_MIN_LEN; + stlv_len = stlv_len - ISIS_SUBTLV_SPB_MCID_MIN_LEN; break; } case ISIS_SUBTLV_SPB_DIGEST: { - if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_DIGEST_MIN_LEN)) - goto trunctlv; + if (stlv_len < ISIS_SUBTLV_SPB_DIGEST_MIN_LEN) + goto trunc; ND_PRINT((ndo, "\n\t RES: %d V: %d A: %d D: %d", - (*(tptr) >> 5), (((*tptr)>> 4) & 0x01), - ((*(tptr) >> 2) & 0x03), ((*tptr) & 0x03))); + (EXTRACT_U_1(tptr) >> 5), + ((EXTRACT_U_1(tptr) >> 4) & 0x01), + ((EXTRACT_U_1(tptr) >> 2) & 0x03), + (EXTRACT_U_1(tptr) & 0x03))); tptr++; @@ -1375,53 +1475,52 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, for(i=1;i<=8; i++) { - ND_PRINT((ndo, "%08x ", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, "%08x ", EXTRACT_BE_U_4(tptr))); if (i%4 == 0 && i != 8) ND_PRINT((ndo, "\n\t ")); tptr = tptr + 4; } len = len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; + stlv_len = stlv_len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; break; } case ISIS_SUBTLV_SPB_BVID: { - if (!ND_TTEST2(*(tptr), stlv_len)) - goto trunctlv; - - while (len) + while (stlv_len >= ISIS_SUBTLV_SPB_BVID_MIN_LEN) { - if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_BVID_MIN_LEN)) - goto trunctlv; - ND_PRINT((ndo, "\n\t ECT: %08x", - EXTRACT_32BITS(tptr))); + EXTRACT_BE_U_4(tptr))); tptr = tptr+4; ND_PRINT((ndo, " BVID: %d, U:%01x M:%01x ", - (EXTRACT_16BITS (tptr) >> 4) , - (EXTRACT_16BITS (tptr) >> 3) & 0x01, - (EXTRACT_16BITS (tptr) >> 2) & 0x01)); + (EXTRACT_BE_U_2(tptr) >> 4) , + (EXTRACT_BE_U_2(tptr) >> 3) & 0x01, + (EXTRACT_BE_U_2(tptr) >> 2) & 0x01)); tptr = tptr + 2; len = len - ISIS_SUBTLV_SPB_BVID_MIN_LEN; + stlv_len = stlv_len - ISIS_SUBTLV_SPB_BVID_MIN_LEN; } break; } default: - break; + break; } + tptr += stlv_len; + len -= stlv_len; } return 0; - trunctlv: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); + trunc: + ND_PRINT((ndo, "\n\t\t")); + ND_PRINT((ndo, "%s", tstr)); return(1); } @@ -1431,10 +1530,13 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, { int stlv_type, stlv_len, tmp; - while (len > 0) + while (len > 2) { - stlv_type = *(tptr++); - stlv_len = *(tptr++); + ND_TCHECK_2(tptr); + stlv_type = EXTRACT_U_1(tptr); + stlv_len = EXTRACT_U_1(tptr + 1); + tptr = tptr + 2; + len = len - 2; /* first lets see if we know the subTLVs name*/ ND_PRINT((ndo, "\n\t %s subTLV #%u, length: %u", @@ -1442,86 +1544,93 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, stlv_type, stlv_len)); - len = len - 2; + /* Make sure the subTLV fits within the space left */ + if (len < stlv_len) + goto trunc; + /* Make sure the entire subTLV is in the captured data */ + ND_TCHECK2(*(tptr), stlv_len); switch (stlv_type) { case ISIS_SUBTLV_SPB_INSTANCE: + if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN) + goto trunc; - if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN)) - goto trunctlv; - - ND_PRINT((ndo, "\n\t CIST Root-ID: %08x", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, "\n\t CIST Root-ID: %08x", EXTRACT_BE_U_4(tptr))); tptr = tptr+4; - ND_PRINT((ndo, " %08x", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, " %08x", EXTRACT_BE_U_4(tptr))); tptr = tptr+4; - ND_PRINT((ndo, ", Path Cost: %08x", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, ", Path Cost: %08x", EXTRACT_BE_U_4(tptr))); tptr = tptr+4; - ND_PRINT((ndo, ", Prio: %d", EXTRACT_16BITS(tptr))); + ND_PRINT((ndo, ", Prio: %d", EXTRACT_BE_U_2(tptr))); tptr = tptr + 2; ND_PRINT((ndo, "\n\t RES: %d", - EXTRACT_16BITS(tptr) >> 5)); + EXTRACT_BE_U_2(tptr) >> 5)); ND_PRINT((ndo, ", V: %d", - (EXTRACT_16BITS(tptr) >> 4) & 0x0001)); + (EXTRACT_BE_U_2(tptr) >> 4) & 0x0001)); ND_PRINT((ndo, ", SPSource-ID: %d", - (EXTRACT_32BITS(tptr) & 0x000fffff))); + (EXTRACT_BE_U_4(tptr) & 0x000fffff))); tptr = tptr+4; - ND_PRINT((ndo, ", No of Trees: %x", *(tptr))); + ND_PRINT((ndo, ", No of Trees: %x", EXTRACT_U_1(tptr))); - tmp = *(tptr++); + tmp = EXTRACT_U_1(tptr); + tptr++; len = len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; + stlv_len = stlv_len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; while (tmp) { - if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN)) - goto trunctlv; + if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN) + goto trunc; ND_PRINT((ndo, "\n\t U:%d, M:%d, A:%d, RES:%d", - *(tptr) >> 7, (*(tptr) >> 6) & 0x01, - (*(tptr) >> 5) & 0x01, (*(tptr) & 0x1f))); + EXTRACT_U_1(tptr) >> 7, + (EXTRACT_U_1(tptr) >> 6) & 0x01, + (EXTRACT_U_1(tptr) >> 5) & 0x01, + (EXTRACT_U_1(tptr) & 0x1f))); tptr++; - ND_PRINT((ndo, ", ECT: %08x", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, ", ECT: %08x", EXTRACT_BE_U_4(tptr))); tptr = tptr + 4; ND_PRINT((ndo, ", BVID: %d, SPVID: %d", - (EXTRACT_24BITS(tptr) >> 12) & 0x000fff, - EXTRACT_24BITS(tptr) & 0x000fff)); + (EXTRACT_BE_U_3(tptr) >> 12) & 0x000fff, + EXTRACT_BE_U_3(tptr) & 0x000fff)); tptr = tptr + 3; len = len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; + stlv_len = stlv_len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; tmp--; } break; case ISIS_SUBTLV_SPBM_SI: + if (stlv_len < 8) + goto trunc; - if (!ND_TTEST2(*(tptr), 6)) - goto trunctlv; - - ND_PRINT((ndo, "\n\t BMAC: %08x", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, "\n\t BMAC: %08x", EXTRACT_BE_U_4(tptr))); tptr = tptr+4; - ND_PRINT((ndo, "%04x", EXTRACT_16BITS(tptr))); + ND_PRINT((ndo, "%04x", EXTRACT_BE_U_2(tptr))); tptr = tptr+2; - ND_PRINT((ndo, ", RES: %d, VID: %d", EXTRACT_16BITS(tptr) >> 12, - (EXTRACT_16BITS(tptr)) & 0x0fff)); + ND_PRINT((ndo, ", RES: %d, VID: %d", EXTRACT_BE_U_2(tptr) >> 12, + (EXTRACT_BE_U_2(tptr)) & 0x0fff)); tptr = tptr+2; len = len - 8; stlv_len = stlv_len - 8; - while (stlv_len) - { + while (stlv_len >= 4) { + ND_TCHECK_4(tptr); ND_PRINT((ndo, "\n\t T: %d, R: %d, RES: %d, ISID: %d", - (EXTRACT_32BITS(tptr) >> 31), - (EXTRACT_32BITS(tptr) >> 30) & 0x01, - (EXTRACT_32BITS(tptr) >> 24) & 0x03f, - (EXTRACT_32BITS(tptr)) & 0x0ffffff)); + (EXTRACT_BE_U_4(tptr) >> 31), + (EXTRACT_BE_U_4(tptr) >> 30) & 0x01, + (EXTRACT_BE_U_4(tptr) >> 24) & 0x03f, + (EXTRACT_BE_U_4(tptr)) & 0x0ffffff)); tptr = tptr + 4; len = len - 4; @@ -1533,11 +1642,14 @@ isis_print_mt_capability_subtlv(netdissect_options *ndo, default: break; } + tptr += stlv_len; + len -= stlv_len; } return 0; - trunctlv: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); + trunc: + ND_PRINT((ndo, "\n\t\t")); + ND_PRINT((ndo, "%s", tstr)); return(1); } @@ -1548,8 +1660,12 @@ isis_print_id(const uint8_t *cp, int id_len) int i; static char id[sizeof("xxxx.xxxx.xxxx.yy-zz")]; char *pos = id; + int sysid_len; - for (i = 1; i <= SYSTEM_ID_LEN; i++) { + sysid_len = SYSTEM_ID_LEN; + if (sysid_len > id_len) + sysid_len = id_len; + for (i = 1; i <= sysid_len; i++) { snprintf(pos, sizeof(id) - (pos - id), "%02x", *cp++); pos += strlen(pos); if (i == 2 || i == 4) @@ -1608,7 +1724,7 @@ isis_print_tlv_ip_reach(netdissect_options *ndo, if (!ND_TTEST(*tlv_ip_reach)) return (0); - prefix_len = mask2plen(EXTRACT_32BITS(tlv_ip_reach->mask)); + prefix_len = mask2plen(EXTRACT_BE_U_4(tlv_ip_reach->mask)); if (prefix_len == -1) ND_PRINT((ndo, "%sIPv4 prefix: %s mask %s", @@ -1658,23 +1774,22 @@ isis_print_tlv_ip_reach(netdissect_options *ndo, static int isis_print_ip_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, int subt, int subl, - const char *ident) { - - /* first lets see if we know the subTLVs name*/ - ND_PRINT((ndo, "%s%s subTLV #%u, length: %u", - ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), - subt, subl)); + const char *ident) +{ + /* first lets see if we know the subTLVs name*/ + ND_PRINT((ndo, "%s%s subTLV #%u, length: %u", + ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), + subt, subl)); - if (!ND_TTEST2(*tptr,subl)) - goto trunctlv; + ND_TCHECK2(*tptr,subl); switch(subt) { case ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR: /* fall through */ case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32: while (subl >= 4) { ND_PRINT((ndo, ", 0x%08x (=%u)", - EXTRACT_32BITS(tptr), - EXTRACT_32BITS(tptr))); + EXTRACT_BE_U_4(tptr), + EXTRACT_BE_U_4(tptr))); tptr+=4; subl-=4; } @@ -1682,8 +1797,8 @@ isis_print_ip_reach_subtlv(netdissect_options *ndo, case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64: while (subl >= 8) { ND_PRINT((ndo, ", 0x%08x%08x", - EXTRACT_32BITS(tptr), - EXTRACT_32BITS(tptr+4))); + EXTRACT_BE_U_4(tptr), + EXTRACT_BE_U_4(tptr + 4))); tptr+=8; subl-=8; } @@ -1695,8 +1810,9 @@ isis_print_ip_reach_subtlv(netdissect_options *ndo, } return(1); -trunctlv: - ND_PRINT((ndo, "%spacket exceeded snapshot", ident)); +trunc: + ND_PRINT((ndo, "%s", ident)); + ND_PRINT((ndo, "%s", tstr)); return(0); } @@ -1708,8 +1824,8 @@ trunctlv: static int isis_print_is_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int subt, u_int subl, - const char *ident) { - + const char *ident) +{ u_int te_class,priority_level,gmpls_switch_cap; union { /* int to float conversion buffer for several subTLVs */ float f; @@ -1721,17 +1837,16 @@ isis_print_is_reach_subtlv(netdissect_options *ndo, ident, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subt), subt, subl)); - if (!ND_TTEST2(*tptr,subl)) - goto trunctlv; + ND_TCHECK2(*tptr, subl); switch(subt) { case ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP: case ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID: case ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: if (subl >= 4) { - ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr))); + ND_PRINT((ndo, ", 0x%08x", EXTRACT_BE_U_4(tptr))); if (subl == 8) /* rfc4205 */ - ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr+4))); + ND_PRINT((ndo, ", 0x%08x", EXTRACT_BE_U_4(tptr + 4))); } break; case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: @@ -1742,14 +1857,14 @@ isis_print_is_reach_subtlv(netdissect_options *ndo, case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW : case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW: if (subl >= 4) { - bw.i = EXTRACT_32BITS(tptr); + bw.i = EXTRACT_BE_U_4(tptr); ND_PRINT((ndo, ", %.3f Mbps", bw.f * 8 / 1000000)); } break; case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW : if (subl >= 32) { for (te_class = 0; te_class < 8; te_class++) { - bw.i = EXTRACT_32BITS(tptr); + bw.i = EXTRACT_BE_U_4(tptr); ND_PRINT((ndo, "%s TE-Class %u: %.3f Mbps", ident, te_class, @@ -1760,14 +1875,16 @@ isis_print_is_reach_subtlv(netdissect_options *ndo, break; case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS: /* fall through */ case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD: + if (subl == 0) + break; ND_PRINT((ndo, "%sBandwidth Constraints Model ID: %s (%u)", ident, - tok2str(diffserv_te_bc_values, "unknown", *tptr), - *tptr)); + tok2str(diffserv_te_bc_values, "unknown", EXTRACT_U_1(tptr)), + EXTRACT_U_1(tptr))); tptr++; /* decode BCs until the subTLV ends */ for (te_class = 0; te_class < (subl-1)/4; te_class++) { - bw.i = EXTRACT_32BITS(tptr); + bw.i = EXTRACT_BE_U_4(tptr); ND_PRINT((ndo, "%s Bandwidth constraint CT%u: %.3f Mbps", ident, te_class, @@ -1777,45 +1894,45 @@ isis_print_is_reach_subtlv(netdissect_options *ndo, break; case ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC: if (subl >= 3) - ND_PRINT((ndo, ", %u", EXTRACT_24BITS(tptr))); + ND_PRINT((ndo, ", %u", EXTRACT_BE_U_3(tptr))); break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE: if (subl == 2) { ND_PRINT((ndo, ", [ %s ] (0x%04x)", bittok2str(isis_subtlv_link_attribute_values, "Unknown", - EXTRACT_16BITS(tptr)), - EXTRACT_16BITS(tptr))); + EXTRACT_BE_U_2(tptr)), + EXTRACT_BE_U_2(tptr))); } break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: if (subl >= 2) { ND_PRINT((ndo, ", %s, Priority %u", - bittok2str(gmpls_link_prot_values, "none", *tptr), - *(tptr+1))); + bittok2str(gmpls_link_prot_values, "none", EXTRACT_U_1(tptr)), + EXTRACT_U_1(tptr + 1))); } break; case ISIS_SUBTLV_SPB_METRIC: if (subl >= 6) { - ND_PRINT((ndo, ", LM: %u", EXTRACT_24BITS(tptr))); + ND_PRINT((ndo, ", LM: %u", EXTRACT_BE_U_3(tptr))); tptr=tptr+3; - ND_PRINT((ndo, ", P: %u", *(tptr))); + ND_PRINT((ndo, ", P: %u", EXTRACT_U_1(tptr))); tptr++; - ND_PRINT((ndo, ", P-ID: %u", EXTRACT_16BITS(tptr))); + ND_PRINT((ndo, ", P-ID: %u", EXTRACT_BE_U_2(tptr))); } break; case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: if (subl >= 36) { - gmpls_switch_cap = *tptr; + gmpls_switch_cap = EXTRACT_U_1(tptr); ND_PRINT((ndo, "%s Interface Switching Capability:%s", ident, tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap))); ND_PRINT((ndo, ", LSP Encoding: %s", - tok2str(gmpls_encoding_values, "Unknown", *(tptr + 1)))); + tok2str(gmpls_encoding_values, "Unknown", EXTRACT_U_1((tptr + 1))))); tptr+=4; ND_PRINT((ndo, "%s Max LSP Bandwidth:", ident)); for (priority_level = 0; priority_level < 8; priority_level++) { - bw.i = EXTRACT_32BITS(tptr); + bw.i = EXTRACT_BE_U_4(tptr); ND_PRINT((ndo, "%s priority level %d: %.3f Mbps", ident, priority_level, @@ -1828,15 +1945,19 @@ isis_print_is_reach_subtlv(netdissect_options *ndo, case GMPLS_PSC2: case GMPLS_PSC3: case GMPLS_PSC4: - bw.i = EXTRACT_32BITS(tptr); + if (subl < 6) + break; + bw.i = EXTRACT_BE_U_4(tptr); ND_PRINT((ndo, "%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000)); - ND_PRINT((ndo, "%s Interface MTU: %u", ident, EXTRACT_16BITS(tptr + 4))); + ND_PRINT((ndo, "%s Interface MTU: %u", ident, EXTRACT_BE_U_2(tptr + 4))); break; case GMPLS_TSC: - bw.i = EXTRACT_32BITS(tptr); + if (subl < 8) + break; + bw.i = EXTRACT_BE_U_4(tptr); ND_PRINT((ndo, "%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000)); ND_PRINT((ndo, "%s Indication %s", ident, - tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", *(tptr + 4)))); + tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", EXTRACT_U_1((tptr + 4))))); break; default: /* there is some optional stuff left to decode but this is as of yet @@ -1855,12 +1976,10 @@ isis_print_is_reach_subtlv(netdissect_options *ndo, } return(1); -trunctlv: - ND_PRINT((ndo, "%spacket exceeded snapshot", ident)); +trunc: return(0); } - /* * this is the common IS-REACH decoder it is called * from various EXTD-IS REACH style TLVs (22,24,222) @@ -1868,8 +1987,8 @@ trunctlv: static int isis_print_ext_is_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, int tlv_type) { - + const uint8_t *tptr, const char *ident, int tlv_type) +{ char ident_buffer[20]; int subtlv_type,subtlv_len,subtlv_sum_len; int proc_bytes = 0; /* how many bytes did we process ? */ @@ -1878,28 +1997,30 @@ isis_print_ext_is_reach(netdissect_options *ndo, return(0); ND_PRINT((ndo, "%sIS Neighbor: %s", ident, isis_print_id(tptr, NODE_ID_LEN))); - tptr+=(NODE_ID_LEN); + tptr+=NODE_ID_LEN; if (tlv_type != ISIS_TLV_IS_ALIAS_ID) { /* the Alias TLV Metric field is implicit 0 */ - if (!ND_TTEST2(*tptr, 3)) /* and is therefore skipped */ + if (!ND_TTEST_3(tptr)) /* and is therefore skipped */ return(0); - ND_PRINT((ndo, ", Metric: %d", EXTRACT_24BITS(tptr))); + ND_PRINT((ndo, ", Metric: %d", EXTRACT_BE_U_3(tptr))); tptr+=3; } - if (!ND_TTEST2(*tptr, 1)) + if (!ND_TTEST_1(tptr)) return(0); - subtlv_sum_len=*(tptr++); /* read out subTLV length */ + subtlv_sum_len=EXTRACT_U_1(tptr); /* read out subTLV length */ + tptr++; proc_bytes=NODE_ID_LEN+3+1; ND_PRINT((ndo, ", %ssub-TLVs present",subtlv_sum_len ? "" : "no ")); if (subtlv_sum_len) { ND_PRINT((ndo, " (%u)", subtlv_sum_len)); while (subtlv_sum_len>0) { - if (!ND_TTEST2(*tptr,2)) + if (!ND_TTEST_2(tptr)) return(0); - subtlv_type=*(tptr++); - subtlv_len=*(tptr++); - /* prepend the ident string */ + subtlv_type=EXTRACT_U_1(tptr); + subtlv_len=EXTRACT_U_1(tptr + 1); + tptr+=2; + /* prepend the indent string */ snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); if (!isis_print_is_reach_subtlv(ndo, tptr, subtlv_type, subtlv_len, ident_buffer)) return(0); @@ -1918,20 +2039,20 @@ isis_print_ext_is_reach(netdissect_options *ndo, static int isis_print_mtid(netdissect_options *ndo, - const uint8_t *tptr, const char *ident) { - - if (!ND_TTEST2(*tptr, 2)) + const uint8_t *tptr, const char *ident) +{ + if (!ND_TTEST_2(tptr)) return(0); ND_PRINT((ndo, "%s%s", ident, tok2str(isis_mt_values, "Reserved for IETF Consensus", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr))))); + ISIS_MASK_MTID(EXTRACT_BE_U_2(tptr))))); ND_PRINT((ndo, " Topology (0x%03x), Flags: [%s]", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr)), - bittok2str(isis_mt_flag_values, "none",ISIS_MASK_MTFLAGS(EXTRACT_16BITS(tptr))))); + ISIS_MASK_MTID(EXTRACT_BE_U_2(tptr)), + bittok2str(isis_mt_flag_values, "none",ISIS_MASK_MTFLAGS(EXTRACT_BE_U_2(tptr))))); return(2); } @@ -1945,26 +2066,23 @@ isis_print_mtid(netdissect_options *ndo, static int isis_print_extd_ip_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, uint16_t afi) { - + const uint8_t *tptr, const char *ident, uint16_t afi) +{ char ident_buffer[20]; -#ifdef INET6 uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ -#else - uint8_t prefix[sizeof(struct in_addr)]; /* shared copy buffer for IPv4 prefixes */ -#endif u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; - if (!ND_TTEST2(*tptr, 4)) + if (!ND_TTEST_4(tptr)) return (0); - metric = EXTRACT_32BITS(tptr); + metric = EXTRACT_BE_U_4(tptr); processed=4; tptr+=4; if (afi == AF_INET) { - if (!ND_TTEST2(*tptr, 1)) /* fetch status byte */ + if (!ND_TTEST_1(tptr)) /* fetch status byte */ return (0); - status_byte=*(tptr++); + status_byte=EXTRACT_U_1(tptr); + tptr++; bit_length = status_byte&0x3f; if (bit_length > 32) { ND_PRINT((ndo, "%sIPv4 prefix: bad bit length %u", @@ -1973,20 +2091,19 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (0); } processed++; -#ifdef INET6 } else if (afi == AF_INET6) { - if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */ + if (!ND_TTEST_2(tptr)) /* fetch status & prefix_len byte */ return (0); - status_byte=*(tptr++); - bit_length=*(tptr++); + status_byte=EXTRACT_U_1(tptr); + bit_length=EXTRACT_U_1(tptr + 1); if (bit_length > 128) { ND_PRINT((ndo, "%sIPv6 prefix: bad bit length %u", ident, bit_length)); return (0); } + tptr+=2; processed+=2; -#endif } else return (0); /* somebody is fooling us */ @@ -2004,13 +2121,11 @@ isis_print_extd_ip_reach(netdissect_options *ndo, ident, ipaddr_string(ndo, prefix), bit_length)); -#ifdef INET6 - if (afi == AF_INET6) + else if (afi == AF_INET6) ND_PRINT((ndo, "%sIPv6 prefix: %s/%u", ident, ip6addr_string(ndo, prefix), bit_length)); -#endif ND_PRINT((ndo, ", Distribution: %s, Metric: %u", ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", @@ -2018,34 +2133,32 @@ isis_print_extd_ip_reach(netdissect_options *ndo, if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) ND_PRINT((ndo, ", sub-TLVs present")); -#ifdef INET6 - if (afi == AF_INET6) + else if (afi == AF_INET6) ND_PRINT((ndo, ", %s%s", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : "")); -#endif if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) -#ifdef INET6 || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) -#endif ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect the aggregate bytecount of the subTLVs for this prefix */ - if (!ND_TTEST2(*tptr, 1)) + if (!ND_TTEST_1(tptr)) return (0); - sublen=*(tptr++); + sublen=EXTRACT_U_1(tptr); + tptr++; processed+=sublen+1; ND_PRINT((ndo, " (%u)", sublen)); /* print out subTLV length */ while (sublen>0) { - if (!ND_TTEST2(*tptr,2)) + if (!ND_TTEST_2(tptr)) return (0); - subtlvtype=*(tptr++); - subtlvlen=*(tptr++); - /* prepend the ident string */ + subtlvtype=EXTRACT_U_1(tptr); + subtlvlen=EXTRACT_U_1(tptr + 1); + tptr+=2; + /* prepend the indent string */ snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer)) return(0); @@ -2056,6 +2169,20 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (processed); } +/* + * Clear checksum and lifetime prior to signature verification. + */ +static void +isis_clear_checksum_lifetime(void *header) +{ + struct isis_lsp_header *header_lsp = (struct isis_lsp_header *) header; + + header_lsp->checksum[0] = 0; + header_lsp->checksum[1] = 0; + header_lsp->remaining_lifetime[0] = 0; + header_lsp->remaining_lifetime[1] = 0; +} + /* * isis_print * Decode IS-IS packets. Return 0 on error. @@ -2069,7 +2196,7 @@ isis_print(netdissect_options *ndo, const struct isis_iih_lan_header *header_iih_lan; const struct isis_iih_ptp_header *header_iih_ptp; - struct isis_lsp_header *header_lsp; + const struct isis_lsp_header *header_lsp; const struct isis_csnp_header *header_csnp; const struct isis_psnp_header *header_psnp; @@ -2080,6 +2207,7 @@ isis_print(netdissect_options *ndo, uint8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len; uint8_t ext_is_len, ext_ip_len, mt_len; + uint8_t isis_subtlv_idrp; const uint8_t *optr, *pptr, *tptr; u_short packet_len,pdu_len, key_id; u_int i,vendor_id; @@ -2091,10 +2219,12 @@ isis_print(netdissect_options *ndo, TLV verification */ isis_header = (const struct isis_common_header *)p; ND_TCHECK(*isis_header); + if (length < ISIS_COMMON_HEADER_SIZE) + goto trunc; pptr = p+(ISIS_COMMON_HEADER_SIZE); header_iih_lan = (const struct isis_iih_lan_header *)pptr; header_iih_ptp = (const struct isis_iih_ptp_header *)pptr; - header_lsp = (struct isis_lsp_header *)pptr; + header_lsp = (const struct isis_lsp_header *)pptr; header_csnp = (const struct isis_csnp_header *)pptr; header_psnp = (const struct isis_psnp_header *)pptr; @@ -2121,6 +2251,16 @@ isis_print(netdissect_options *ndo, return (0); } + if (length < isis_header->fixed_len) { + ND_PRINT((ndo, "fixed header length %u > packet length %u", isis_header->fixed_len, length)); + return (0); + } + + if (isis_header->fixed_len < ISIS_COMMON_HEADER_SIZE) { + ND_PRINT((ndo, "fixed header length %u < minimum header size %u", isis_header->fixed_len, (u_int)ISIS_COMMON_HEADER_SIZE)); + return (0); + } + max_area = isis_header->max_area; switch(max_area) { case 0: @@ -2163,257 +2303,255 @@ isis_print(netdissect_options *ndo, pdu_type=isis_header->pdu_type; /* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/ - if (ndo->ndo_vflag < 1) { + if (ndo->ndo_vflag == 0) { ND_PRINT((ndo, "%s%s", ndo->ndo_eflag ? "" : ", ", tok2str(isis_pdu_values, "unknown PDU-Type %u", pdu_type))); + } else { + /* ok they seem to want to know everything - lets fully decode it */ + ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length)); - switch (pdu_type) { - - case ISIS_PDU_L1_LAN_IIH: - case ISIS_PDU_L2_LAN_IIH: - ND_PRINT((ndo, ", src-id %s", - isis_print_id(header_iih_lan->source_id, SYSTEM_ID_LEN))); - ND_PRINT((ndo, ", lan-id %s, prio %u", - isis_print_id(header_iih_lan->lan_id,NODE_ID_LEN), - header_iih_lan->priority)); - break; - case ISIS_PDU_PTP_IIH: - ND_PRINT((ndo, ", src-id %s", isis_print_id(header_iih_ptp->source_id, SYSTEM_ID_LEN))); - break; - case ISIS_PDU_L1_LSP: - case ISIS_PDU_L2_LSP: - ND_PRINT((ndo, ", lsp-id %s, seq 0x%08x, lifetime %5us", - isis_print_id(header_lsp->lsp_id, LSP_ID_LEN), - EXTRACT_32BITS(header_lsp->sequence_number), - EXTRACT_16BITS(header_lsp->remaining_lifetime))); - break; - case ISIS_PDU_L1_CSNP: - case ISIS_PDU_L2_CSNP: - ND_PRINT((ndo, ", src-id %s", isis_print_id(header_csnp->source_id, NODE_ID_LEN))); - break; - case ISIS_PDU_L1_PSNP: - case ISIS_PDU_L2_PSNP: - ND_PRINT((ndo, ", src-id %s", isis_print_id(header_psnp->source_id, NODE_ID_LEN))); - break; - - } - ND_PRINT((ndo, ", length %u", length)); - - return(1); - } - - /* ok they seem to want to know everything - lets fully decode it */ - ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length)); - - ND_PRINT((ndo, "\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", - tok2str(isis_pdu_values, - "unknown, type %u", - pdu_type), - isis_header->fixed_len, - isis_header->version, - isis_header->pdu_version, - id_length, - isis_header->id_length, - max_area, - isis_header->max_area)); - - if (ndo->ndo_vflag > 1) { - if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */ - return(0); /* for optionally debugging the common header */ + ND_PRINT((ndo, "\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", + tok2str(isis_pdu_values, + "unknown, type %u", + pdu_type), + isis_header->fixed_len, + isis_header->version, + isis_header->pdu_version, + id_length, + isis_header->id_length, + max_area, + isis_header->max_area)); + + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */ + return (0); /* for optionally debugging the common header */ + } } switch (pdu_type) { case ISIS_PDU_L1_LAN_IIH: case ISIS_PDU_L2_LAN_IIH: - if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - isis_header->fixed_len, (unsigned long)ISIS_IIH_LAN_HEADER_SIZE)); - return (0); - } + if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { + ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", + isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE))); + return (0); + } + ND_TCHECK(*header_iih_lan); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT((ndo, ", src-id %s", + isis_print_id(header_iih_lan->source_id, SYSTEM_ID_LEN))); + ND_PRINT((ndo, ", lan-id %s, prio %u", + isis_print_id(header_iih_lan->lan_id,NODE_ID_LEN), + header_iih_lan->priority)); + ND_PRINT((ndo, ", length %u", length)); + return (1); + } + pdu_len=EXTRACT_BE_U_2(header_iih_lan->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } - pdu_len=EXTRACT_16BITS(header_iih_lan->pdu_len); - if (packet_len>pdu_len) { - packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ - length=pdu_len; - } + ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]", + isis_print_id(header_iih_lan->source_id,SYSTEM_ID_LEN), + EXTRACT_BE_U_2(header_iih_lan->holding_time), + tok2str(isis_iih_circuit_type_values, + "unknown circuit type 0x%02x", + header_iih_lan->circuit_type))); - ND_TCHECK(*header_iih_lan); - ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]", - isis_print_id(header_iih_lan->source_id,SYSTEM_ID_LEN), - EXTRACT_16BITS(header_iih_lan->holding_time), - tok2str(isis_iih_circuit_type_values, - "unknown circuit type 0x%02x", - header_iih_lan->circuit_type))); - - ND_PRINT((ndo, "\n\t lan-id: %s, Priority: %u, PDU length: %u", - isis_print_id(header_iih_lan->lan_id, NODE_ID_LEN), - (header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK, - pdu_len)); + ND_PRINT((ndo, "\n\t lan-id: %s, Priority: %u, PDU length: %u", + isis_print_id(header_iih_lan->lan_id, NODE_ID_LEN), + (header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK, + pdu_len)); - if (ndo->ndo_vflag > 1) { - if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_LAN_HEADER_SIZE)) - return(0); - } + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_LAN_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); - break; + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + break; case ISIS_PDU_PTP_IIH: - if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - isis_header->fixed_len, (unsigned long)ISIS_IIH_PTP_HEADER_SIZE)); - return (0); - } - - pdu_len=EXTRACT_16BITS(header_iih_ptp->pdu_len); - if (packet_len>pdu_len) { + if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { + ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", + isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE))); + return (0); + } + ND_TCHECK(*header_iih_ptp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT((ndo, ", src-id %s", isis_print_id(header_iih_ptp->source_id, SYSTEM_ID_LEN))); + ND_PRINT((ndo, ", length %u", length)); + return (1); + } + pdu_len=EXTRACT_BE_U_2(header_iih_ptp->pdu_len); + if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; - } + } - ND_TCHECK(*header_iih_ptp); - ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]", - isis_print_id(header_iih_ptp->source_id,SYSTEM_ID_LEN), - EXTRACT_16BITS(header_iih_ptp->holding_time), - tok2str(isis_iih_circuit_type_values, - "unknown circuit type 0x%02x", - header_iih_ptp->circuit_type))); + ND_PRINT((ndo, "\n\t source-id: %s, holding time: %us, Flags: [%s]", + isis_print_id(header_iih_ptp->source_id,SYSTEM_ID_LEN), + EXTRACT_BE_U_2(header_iih_ptp->holding_time), + tok2str(isis_iih_circuit_type_values, + "unknown circuit type 0x%02x", + header_iih_ptp->circuit_type))); - ND_PRINT((ndo, "\n\t circuit-id: 0x%02x, PDU length: %u", - header_iih_ptp->circuit_id, - pdu_len)); + ND_PRINT((ndo, "\n\t circuit-id: 0x%02x, PDU length: %u", + header_iih_ptp->circuit_id, + pdu_len)); - if (ndo->ndo_vflag > 1) { - if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE)) - return(0); - } + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); - break; + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + break; case ISIS_PDU_L1_LSP: case ISIS_PDU_L2_LSP: - if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - isis_header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE)); - return (0); - } - - pdu_len=EXTRACT_16BITS(header_lsp->pdu_len); - if (packet_len>pdu_len) { + if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { + ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", + isis_header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE)); + return (0); + } + ND_TCHECK(*header_lsp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT((ndo, ", lsp-id %s, seq 0x%08x, lifetime %5us", + isis_print_id(header_lsp->lsp_id, LSP_ID_LEN), + EXTRACT_BE_U_4(header_lsp->sequence_number), + EXTRACT_BE_U_2(header_lsp->remaining_lifetime))); + ND_PRINT((ndo, ", length %u", length)); + return (1); + } + pdu_len=EXTRACT_BE_U_2(header_lsp->pdu_len); + if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; - } + } - ND_TCHECK(*header_lsp); - ND_PRINT((ndo, "\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x", + ND_PRINT((ndo, "\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x", isis_print_id(header_lsp->lsp_id, LSP_ID_LEN), - EXTRACT_32BITS(header_lsp->sequence_number), - EXTRACT_16BITS(header_lsp->remaining_lifetime), - EXTRACT_16BITS(header_lsp->checksum))); + EXTRACT_BE_U_4(header_lsp->sequence_number), + EXTRACT_BE_U_2(header_lsp->remaining_lifetime), + EXTRACT_BE_U_2(header_lsp->checksum))); + osi_print_cksum(ndo, (const uint8_t *)header_lsp->lsp_id, + EXTRACT_BE_U_2(header_lsp->checksum), + 12, length-12); - osi_print_cksum(ndo, (uint8_t *)header_lsp->lsp_id, - EXTRACT_16BITS(header_lsp->checksum), 12, length-12); - - /* - * Clear checksum and lifetime prior to signature verification. - */ - header_lsp->checksum[0] = 0; - header_lsp->checksum[1] = 0; - header_lsp->remaining_lifetime[0] = 0; - header_lsp->remaining_lifetime[1] = 0; - - - ND_PRINT((ndo, ", PDU length: %u, Flags: [ %s", + ND_PRINT((ndo, ", PDU length: %u, Flags: [ %s", pdu_len, ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : "")); - if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) { - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : "")); - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : "")); - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : "")); - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : "")); - ND_PRINT((ndo, "ATT bit set, ")); - } - ND_PRINT((ndo, "%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : "")); - ND_PRINT((ndo, "%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)", - ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock)))); + if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) { + ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : "")); + ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : "")); + ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : "")); + ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : "")); + ND_PRINT((ndo, "ATT bit set, ")); + } + ND_PRINT((ndo, "%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : "")); + ND_PRINT((ndo, "%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)", + ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock)))); - if (ndo->ndo_vflag > 1) { - if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_LSP_HEADER_SIZE)) - return(0); - } + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_LSP_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); - break; + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + break; case ISIS_PDU_L1_CSNP: case ISIS_PDU_L2_CSNP: - if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { - ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", - isis_header->fixed_len, (unsigned long)ISIS_CSNP_HEADER_SIZE)); - return (0); - } - - pdu_len=EXTRACT_16BITS(header_csnp->pdu_len); - if (packet_len>pdu_len) { + if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { + ND_PRINT((ndo, ", bogus fixed header length %u should be %lu", + isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE))); + return (0); + } + ND_TCHECK(*header_csnp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT((ndo, ", src-id %s", isis_print_id(header_csnp->source_id, NODE_ID_LEN))); + ND_PRINT((ndo, ", length %u", length)); + return (1); + } + pdu_len=EXTRACT_BE_U_2(header_csnp->pdu_len); + if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; - } + } - ND_TCHECK(*header_csnp); - ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u", + ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u", isis_print_id(header_csnp->source_id, NODE_ID_LEN), pdu_len)); - ND_PRINT((ndo, "\n\t start lsp-id: %s", + ND_PRINT((ndo, "\n\t start lsp-id: %s", isis_print_id(header_csnp->start_lsp_id, LSP_ID_LEN))); - ND_PRINT((ndo, "\n\t end lsp-id: %s", + ND_PRINT((ndo, "\n\t end lsp-id: %s", isis_print_id(header_csnp->end_lsp_id, LSP_ID_LEN))); - if (ndo->ndo_vflag > 1) { - if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_CSNP_HEADER_SIZE)) - return(0); - } + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_CSNP_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); break; case ISIS_PDU_L1_PSNP: case ISIS_PDU_L2_PSNP: - if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { - ND_PRINT((ndo, "- bogus fixed header length %u should be %lu", - isis_header->fixed_len, (unsigned long)ISIS_PSNP_HEADER_SIZE)); - return (0); - } - - pdu_len=EXTRACT_16BITS(header_psnp->pdu_len); - if (packet_len>pdu_len) { + if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { + ND_PRINT((ndo, "- bogus fixed header length %u should be %lu", + isis_header->fixed_len, (unsigned long)(ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE))); + return (0); + } + ND_TCHECK(*header_psnp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT((ndo, ", src-id %s", isis_print_id(header_psnp->source_id, NODE_ID_LEN))); + ND_PRINT((ndo, ", length %u", length)); + return (1); + } + pdu_len=EXTRACT_BE_U_2(header_psnp->pdu_len); + if (packet_len>pdu_len) { packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ length=pdu_len; - } + } - ND_TCHECK(*header_psnp); - ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u", + ND_PRINT((ndo, "\n\t source-id: %s, PDU length: %u", isis_print_id(header_psnp->source_id, NODE_ID_LEN), pdu_len)); - if (ndo->ndo_vflag > 1) { - if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_PSNP_HEADER_SIZE)) - return(0); - } + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_PSNP_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); - break; + packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + break; default: + if (ndo->ndo_vflag == 0) { + ND_PRINT((ndo, ", length %u", length)); + return (1); + } (void)print_unknown_data(ndo, pptr, "\n\t ", length); return (0); } @@ -2422,24 +2560,16 @@ isis_print(netdissect_options *ndo, * Now print the TLV's. */ - while (packet_len >= 2) { - if (pptr == ndo->ndo_snapend) { - return (1); - } - - if (!ND_TTEST2(*pptr, 2)) { - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot (%ld) bytes", - (long)(pptr - ndo->ndo_snapend))); - return (1); - } - tlv_type = *pptr++; - tlv_len = *pptr++; + while (packet_len > 0) { + ND_TCHECK_2(pptr); + if (packet_len < 2) + goto trunc; + tlv_type = EXTRACT_U_1(pptr); + tlv_len = EXTRACT_U_1(pptr + 1); + pptr += 2; + packet_len -= 2; tmp =tlv_len; /* copy temporary len & pointer to packet data */ tptr = pptr; - packet_len -= 2; - if (tlv_len > packet_len) { - break; - } /* first lets see if we know the TLVs name*/ ND_PRINT((ndo, "\n\t %s TLV #%u, length: %u", @@ -2449,32 +2579,35 @@ isis_print(netdissect_options *ndo, tlv_type, tlv_len)); - if (tlv_len == 0) /* something is malformed */ + if (tlv_len == 0) /* something is invalid */ continue; + if (packet_len < tlv_len) + goto trunc; + /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { case ISIS_TLV_AREA_ADDR: - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; - alen = *tptr++; + ND_TCHECK_1(tptr); + alen = EXTRACT_U_1(tptr); + tptr++; while (tmp && alen < tmp) { + ND_TCHECK2(*tptr, alen); ND_PRINT((ndo, "\n\t Area address (length: %u): %s", alen, - isonsap_string(tptr, alen))); + isonsap_string(ndo, tptr, alen))); tptr += alen; tmp -= alen + 1; if (tmp==0) /* if this is the last area address do not attemt a boundary check */ break; - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; - alen = *tptr++; + ND_TCHECK_1(tptr); + alen = EXTRACT_U_1(tptr); + tptr++; } break; case ISIS_TLV_ISNEIGH: while (tmp >= ETHER_ADDR_LEN) { - if (!ND_TTEST2(*tptr, ETHER_ADDR_LEN)) - goto trunctlv; + ND_TCHECK2(*tptr, ETHER_ADDR_LEN); ND_PRINT((ndo, "\n\t SNPA: %s", isis_print_id(tptr, ETHER_ADDR_LEN))); tmp -= ETHER_ADDR_LEN; tptr += ETHER_ADDR_LEN; @@ -2482,9 +2615,10 @@ isis_print(netdissect_options *ndo, break; case ISIS_TLV_ISNEIGH_VARLEN: - if (!ND_TTEST2(*tptr, 1) || tmp < 3) /* min. TLV length */ + if (!ND_TTEST_1(tptr) || tmp < 3) /* min. TLV length */ goto trunctlv; - lan_alen = *tptr++; /* LAN address length */ + lan_alen = EXTRACT_U_1(tptr); /* LAN address length */ + tptr++; if (lan_alen == 0) { ND_PRINT((ndo, "\n\t LAN address length 0 bytes (invalid)")); break; @@ -2492,8 +2626,7 @@ isis_print(netdissect_options *ndo, tmp --; ND_PRINT((ndo, "\n\t LAN address length %u bytes ", lan_alen)); while (tmp >= lan_alen) { - if (!ND_TTEST2(*tptr, lan_alen)) - goto trunctlv; + ND_TCHECK2(*tptr, lan_alen); ND_PRINT((ndo, "\n\t\tIS Neighbor: %s", isis_print_id(tptr, lan_alen))); tmp -= lan_alen; tptr +=lan_alen; @@ -2539,16 +2672,15 @@ isis_print(netdissect_options *ndo, } break; case ISIS_TLV_IS_REACH: - if (!ND_TTEST2(*tptr,1)) /* check if there is one byte left to read out the virtual flag */ - goto trunctlv; + ND_TCHECK_1(tptr); /* check if there is one byte left to read out the virtual flag */ ND_PRINT((ndo, "\n\t %s", tok2str(isis_is_reach_virtual_values, "bogus virtual flag 0x%02x", - *tptr++))); + EXTRACT_U_1(tptr)))); + tptr++; tlv_is_reach = (const struct isis_tlv_is_reach *)tptr; while (tmp >= sizeof(struct isis_tlv_is_reach)) { - if (!ND_TTEST(*tlv_is_reach)) - goto trunctlv; + ND_TCHECK(*tlv_is_reach); ND_PRINT((ndo, "\n\t IS Neighbor: %s", isis_print_id(tlv_is_reach->neighbor_nodeid, NODE_ID_LEN))); isis_print_metric_block(ndo, &tlv_is_reach->isis_metric_block); @@ -2560,8 +2692,7 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_ESNEIGH: tlv_es_reach = (const struct isis_tlv_es_reach *)tptr; while (tmp >= sizeof(struct isis_tlv_es_reach)) { - if (!ND_TTEST(*tlv_es_reach)) - goto trunctlv; + ND_TCHECK(*tlv_es_reach); ND_PRINT((ndo, "\n\t ES Neighbor: %s", isis_print_id(tlv_es_reach->neighbor_sysid, SYSTEM_ID_LEN))); isis_print_metric_block(ndo, &tlv_es_reach->isis_metric_block); @@ -2604,7 +2735,6 @@ isis_print(netdissect_options *ndo, } break; -#ifdef INET6 case ISIS_TLV_IP6_REACH: while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); @@ -2634,8 +2764,7 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IP6ADDR: while (tmp>=sizeof(struct in6_addr)) { - if (!ND_TTEST2(*tptr, sizeof(struct in6_addr))) - goto trunctlv; + ND_TCHECK2(*tptr, sizeof(struct in6_addr)); ND_PRINT((ndo, "\n\t IPv6 interface address: %s", ip6addr_string(ndo, tptr))); @@ -2644,49 +2773,40 @@ isis_print(netdissect_options *ndo, tmp -= sizeof(struct in6_addr); } break; -#endif case ISIS_TLV_AUTH: - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; + ND_TCHECK_1(tptr); ND_PRINT((ndo, "\n\t %s: ", tok2str(isis_subtlv_auth_values, "unknown Authentication type 0x%02x", - *tptr))); + EXTRACT_U_1(tptr)))); - switch (*tptr) { + switch (EXTRACT_U_1(tptr)) { case ISIS_SUBTLV_AUTH_SIMPLE: - for(i=1;indo_snapend)) + goto trunctlv; break; case ISIS_SUBTLV_AUTH_MD5: for(i=1;i=1) { - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; + ND_TCHECK_1(tptr); ND_PRINT((ndo, "\n\t Adjacency State: %s (%u)", - tok2str(isis_ptp_adjancey_values, "unknown", *tptr), - *tptr)); + tok2str(isis_ptp_adjancey_values, "unknown", EXTRACT_U_1(tptr)), + EXTRACT_U_1(tptr))); tmp--; } if(tmp>sizeof(tlv_ptp_adj->extd_local_circuit_id)) { - if (!ND_TTEST2(tlv_ptp_adj->extd_local_circuit_id, - sizeof(tlv_ptp_adj->extd_local_circuit_id))) - goto trunctlv; + ND_TCHECK(tlv_ptp_adj->extd_local_circuit_id); ND_PRINT((ndo, "\n\t Extended Local circuit-ID: 0x%08x", - EXTRACT_32BITS(tlv_ptp_adj->extd_local_circuit_id))); + EXTRACT_BE_U_4(tlv_ptp_adj->extd_local_circuit_id))); tmp-=sizeof(tlv_ptp_adj->extd_local_circuit_id); } if(tmp>=SYSTEM_ID_LEN) { - if (!ND_TTEST2(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN)) - goto trunctlv; + ND_TCHECK2(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN); ND_PRINT((ndo, "\n\t Neighbor System-ID: %s", isis_print_id(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN))); tmp-=SYSTEM_ID_LEN; } if(tmp>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) { - if (!ND_TTEST2(tlv_ptp_adj->neighbor_extd_local_circuit_id, - sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id))) - goto trunctlv; + ND_TCHECK(tlv_ptp_adj->neighbor_extd_local_circuit_id); ND_PRINT((ndo, "\n\t Neighbor Extended Local circuit-ID: 0x%08x", - EXTRACT_32BITS(tlv_ptp_adj->neighbor_extd_local_circuit_id))); + EXTRACT_BE_U_4(tlv_ptp_adj->neighbor_extd_local_circuit_id))); } break; case ISIS_TLV_PROTOCOLS: ND_PRINT((ndo, "\n\t NLPID(s): ")); while (tmp>0) { - if (!ND_TTEST2(*(tptr), 1)) - goto trunctlv; + ND_TCHECK_1(tptr); ND_PRINT((ndo, "%s (0x%02x)", tok2str(nlpid_values, "unknown", - *tptr), - *tptr)); + EXTRACT_U_1(tptr)), + EXTRACT_U_1(tptr))); if (tmp>1) /* further NPLIDs ? - put comma */ ND_PRINT((ndo, ", ")); tptr++; @@ -2750,12 +2863,11 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_MT_PORT_CAP: { - if (!ND_TTEST2(*(tptr), 2)) - goto trunctlv; + ND_TCHECK_2(tptr); ND_PRINT((ndo, "\n\t RES: %d, MTID(s): %d", - (EXTRACT_16BITS (tptr) >> 12), - (EXTRACT_16BITS (tptr) & 0x0fff))); + (EXTRACT_BE_U_2(tptr) >> 12), + (EXTRACT_BE_U_2(tptr) & 0x0fff))); tmp = tmp-2; tptr = tptr+2; @@ -2768,13 +2880,12 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_MT_CAPABILITY: - if (!ND_TTEST2(*(tptr), 2)) - goto trunctlv; + ND_TCHECK_2(tptr); ND_PRINT((ndo, "\n\t O: %d, RES: %d, MTID(s): %d", - (EXTRACT_16BITS(tptr) >> 15) & 0x01, - (EXTRACT_16BITS(tptr) >> 12) & 0x07, - EXTRACT_16BITS(tptr) & 0x0fff)); + (EXTRACT_BE_U_2(tptr) >> 15) & 0x01, + (EXTRACT_BE_U_2(tptr) >> 12) & 0x07, + EXTRACT_BE_U_2(tptr) & 0x0fff)); tmp = tmp-2; tptr = tptr+2; @@ -2785,15 +2896,13 @@ isis_print(netdissect_options *ndo, break; case ISIS_TLV_TE_ROUTER_ID: - if (!ND_TTEST2(*pptr, sizeof(struct in_addr))) - goto trunctlv; + ND_TCHECK2(*pptr, sizeof(struct in_addr)); ND_PRINT((ndo, "\n\t Traffic Engineering Router ID: %s", ipaddr_string(ndo, pptr))); break; case ISIS_TLV_IPADDR: while (tmp>=sizeof(struct in_addr)) { - if (!ND_TTEST2(*tptr, sizeof(struct in_addr))) - goto trunctlv; + ND_TCHECK2(*tptr, sizeof(struct in_addr)); ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr))); tptr += sizeof(struct in_addr); tmp -= sizeof(struct in_addr); @@ -2802,50 +2911,42 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_HOSTNAME: ND_PRINT((ndo, "\n\t Hostname: ")); - while (tmp>0) { - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; - ND_PRINT((ndo, "%c", *tptr++)); - tmp--; - } + if (fn_printzp(ndo, tptr, tmp, ndo->ndo_snapend)) + goto trunctlv; break; case ISIS_TLV_SHARED_RISK_GROUP: if (tmp < NODE_ID_LEN) break; - if (!ND_TTEST2(*tptr, NODE_ID_LEN)) - goto trunctlv; + ND_TCHECK2(*tptr, NODE_ID_LEN); ND_PRINT((ndo, "\n\t IS Neighbor: %s", isis_print_id(tptr, NODE_ID_LEN))); - tptr+=(NODE_ID_LEN); - tmp-=(NODE_ID_LEN); + tptr+=NODE_ID_LEN; + tmp-=NODE_ID_LEN; if (tmp < 1) break; - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; - ND_PRINT((ndo, ", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(*tptr++) ? "numbered" : "unnumbered")); + ND_TCHECK_1(tptr); + ND_PRINT((ndo, ", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(EXTRACT_U_1(tptr)) ? "numbered" : "unnumbered")); + tptr++; tmp--; if (tmp < sizeof(struct in_addr)) break; - if (!ND_TTEST2(*tptr, sizeof(struct in_addr))) - goto trunctlv; + ND_TCHECK2(*tptr, sizeof(struct in_addr)); ND_PRINT((ndo, "\n\t IPv4 interface address: %s", ipaddr_string(ndo, tptr))); tptr+=sizeof(struct in_addr); tmp-=sizeof(struct in_addr); if (tmp < sizeof(struct in_addr)) break; - if (!ND_TTEST2(*tptr, sizeof(struct in_addr))) - goto trunctlv; + ND_TCHECK2(*tptr, sizeof(struct in_addr)); ND_PRINT((ndo, "\n\t IPv4 neighbor address: %s", ipaddr_string(ndo, tptr))); tptr+=sizeof(struct in_addr); tmp-=sizeof(struct in_addr); while (tmp>=4) { - if (!ND_TTEST2(*tptr, 4)) - goto trunctlv; - ND_PRINT((ndo, "\n\t Link-ID: 0x%08x", EXTRACT_32BITS(tptr))); + ND_TCHECK_4(tptr); + ND_PRINT((ndo, "\n\t Link-ID: 0x%08x", EXTRACT_BE_U_4(tptr))); tptr+=4; tmp-=4; } @@ -2854,19 +2955,15 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_LSP: tlv_lsp = (const struct isis_tlv_lsp *)tptr; while(tmp>=sizeof(struct isis_tlv_lsp)) { - if (!ND_TTEST((tlv_lsp->lsp_id)[LSP_ID_LEN-1])) - goto trunctlv; + ND_TCHECK((tlv_lsp->lsp_id)[LSP_ID_LEN-1]); ND_PRINT((ndo, "\n\t lsp-id: %s", isis_print_id(tlv_lsp->lsp_id, LSP_ID_LEN))); - if (!ND_TTEST2(tlv_lsp->sequence_number, 4)) - goto trunctlv; - ND_PRINT((ndo, ", seq: 0x%08x", EXTRACT_32BITS(tlv_lsp->sequence_number))); - if (!ND_TTEST2(tlv_lsp->remaining_lifetime, 2)) - goto trunctlv; - ND_PRINT((ndo, ", lifetime: %5ds", EXTRACT_16BITS(tlv_lsp->remaining_lifetime))); - if (!ND_TTEST2(tlv_lsp->checksum, 2)) - goto trunctlv; - ND_PRINT((ndo, ", chksum: 0x%04x", EXTRACT_16BITS(tlv_lsp->checksum))); + ND_TCHECK2(tlv_lsp->sequence_number, 4); + ND_PRINT((ndo, ", seq: 0x%08x", EXTRACT_BE_U_4(tlv_lsp->sequence_number))); + ND_TCHECK2(tlv_lsp->remaining_lifetime, 2); + ND_PRINT((ndo, ", lifetime: %5ds", EXTRACT_BE_U_2(tlv_lsp->remaining_lifetime))); + ND_TCHECK2(tlv_lsp->checksum, 2); + ND_PRINT((ndo, ", chksum: 0x%04x", EXTRACT_BE_U_2(tlv_lsp->checksum))); tmp-=sizeof(struct isis_tlv_lsp); tlv_lsp++; } @@ -2875,15 +2972,29 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_CHECKSUM: if (tmp < ISIS_TLV_CHECKSUM_MINLEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_CHECKSUM_MINLEN)) - goto trunctlv; - ND_PRINT((ndo, "\n\t checksum: 0x%04x ", EXTRACT_16BITS(tptr))); + ND_TCHECK2(*tptr, ISIS_TLV_CHECKSUM_MINLEN); + ND_PRINT((ndo, "\n\t checksum: 0x%04x ", EXTRACT_BE_U_2(tptr))); /* do not attempt to verify the checksum if it is zero * most likely a HMAC-MD5 TLV is also present and * to avoid conflicts the checksum TLV is zeroed. * see rfc3358 for details */ - osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr, length); + osi_print_cksum(ndo, optr, EXTRACT_BE_U_2(tptr), tptr-optr, + length); + break; + + case ISIS_TLV_POI: + if (tlv_len >= SYSTEM_ID_LEN + 1) { + ND_TCHECK2(*tptr, SYSTEM_ID_LEN + 1); + ND_PRINT((ndo, "\n\t Purge Originator System-ID: %s", + isis_print_id(tptr + 1, SYSTEM_ID_LEN))); + } + + if (tlv_len == 2 * SYSTEM_ID_LEN + 1) { + ND_TCHECK2(*tptr, 2 * SYSTEM_ID_LEN + 1); + ND_PRINT((ndo, "\n\t Received from System-ID: %s", + isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN))); + } break; case ISIS_TLV_MT_SUPPORTED: @@ -2899,7 +3010,7 @@ isis_print(netdissect_options *ndo, tptr+=mt_len; tmp-=mt_len; } else { - ND_PRINT((ndo, "\n\t malformed MT-ID")); + ND_PRINT((ndo, "\n\t invalid MT-ID")); break; } } @@ -2909,10 +3020,9 @@ isis_print(netdissect_options *ndo, /* first attempt to decode the flags */ if (tmp < ISIS_TLV_RESTART_SIGNALING_FLAGLEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN)) - goto trunctlv; + ND_TCHECK2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN); ND_PRINT((ndo, "\n\t Flags [%s]", - bittok2str(isis_restart_flag_values, "none", *tptr))); + bittok2str(isis_restart_flag_values, "none", EXTRACT_U_1(tptr)))); tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; tmp-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; @@ -2922,17 +3032,15 @@ isis_print(netdissect_options *ndo, if (tmp < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN)) - goto trunctlv; + ND_TCHECK2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN); - ND_PRINT((ndo, ", Remaining holding time %us", EXTRACT_16BITS(tptr))); + ND_PRINT((ndo, ", Remaining holding time %us", EXTRACT_BE_U_2(tptr))); tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; tmp-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; /* is there an additional sysid field present ?*/ if (tmp == SYSTEM_ID_LEN) { - if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN)) - goto trunctlv; + ND_TCHECK2(*tptr, SYSTEM_ID_LEN); ND_PRINT((ndo, ", for %s", isis_print_id(tptr,SYSTEM_ID_LEN))); } break; @@ -2940,17 +3048,17 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IDRP_INFO: if (tmp < ISIS_TLV_IDRP_INFO_MINLEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_IDRP_INFO_MINLEN)) - goto trunctlv; + ND_TCHECK2(*tptr, ISIS_TLV_IDRP_INFO_MINLEN); ND_PRINT((ndo, "\n\t Inter-Domain Information Type: %s", tok2str(isis_subtlv_idrp_values, "Unknown (0x%02x)", - *tptr))); - switch (*tptr++) { + EXTRACT_U_1(tptr)))); + isis_subtlv_idrp = EXTRACT_U_1(tptr); + tptr++; + switch (isis_subtlv_idrp) { case ISIS_SUBTLV_IDRP_ASN: - if (!ND_TTEST2(*tptr, 2)) /* fetch AS number */ - goto trunctlv; - ND_PRINT((ndo, "AS Number: %u", EXTRACT_16BITS(tptr))); + ND_TCHECK_2(tptr); /* fetch AS number */ + ND_PRINT((ndo, "AS Number: %u", EXTRACT_BE_U_2(tptr))); break; case ISIS_SUBTLV_IDRP_LOCAL: case ISIS_SUBTLV_IDRP_RES: @@ -2964,15 +3072,13 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_LSP_BUFFERSIZE: if (tmp < ISIS_TLV_LSP_BUFFERSIZE_MINLEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN)) - goto trunctlv; - ND_PRINT((ndo, "\n\t LSP Buffersize: %u", EXTRACT_16BITS(tptr))); + ND_TCHECK2(*tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN); + ND_PRINT((ndo, "\n\t LSP Buffersize: %u", EXTRACT_BE_U_2(tptr))); break; case ISIS_TLV_PART_DIS: while (tmp >= SYSTEM_ID_LEN) { - if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN)) - goto trunctlv; + ND_TCHECK2(*tptr, SYSTEM_ID_LEN); ND_PRINT((ndo, "\n\t %s", isis_print_id(tptr, SYSTEM_ID_LEN))); tptr+=SYSTEM_ID_LEN; tmp-=SYSTEM_ID_LEN; @@ -2982,17 +3088,16 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_PREFIX_NEIGH: if (tmp < sizeof(struct isis_metric_block)) break; - if (!ND_TTEST2(*tptr, sizeof(struct isis_metric_block))) - goto trunctlv; + ND_TCHECK2(*tptr, sizeof(struct isis_metric_block)); ND_PRINT((ndo, "\n\t Metric Block")); isis_print_metric_block(ndo, (const struct isis_metric_block *)tptr); tptr+=sizeof(struct isis_metric_block); tmp-=sizeof(struct isis_metric_block); while(tmp>0) { - if (!ND_TTEST2(*tptr, 1)) - goto trunctlv; - prefix_len=*tptr++; /* read out prefix length in semioctets*/ + ND_TCHECK_1(tptr); + prefix_len=EXTRACT_U_1(tptr); /* read out prefix length in semioctets*/ + tptr++; if (prefix_len < 2) { ND_PRINT((ndo, "\n\t\tAddress: prefix length %u < 2", prefix_len)); break; @@ -3000,10 +3105,9 @@ isis_print(netdissect_options *ndo, tmp--; if (tmp < prefix_len/2) break; - if (!ND_TTEST2(*tptr, prefix_len / 2)) - goto trunctlv; + ND_TCHECK2(*tptr, prefix_len / 2); ND_PRINT((ndo, "\n\t\tAddress: %s/%u", - isonsap_string(tptr, prefix_len / 2), prefix_len * 4)); + isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4)); tptr+=prefix_len/2; tmp-=prefix_len/2; } @@ -3012,17 +3116,15 @@ isis_print(netdissect_options *ndo, case ISIS_TLV_IIH_SEQNR: if (tmp < ISIS_TLV_IIH_SEQNR_MINLEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_IIH_SEQNR_MINLEN)) /* check if four bytes are on the wire */ - goto trunctlv; - ND_PRINT((ndo, "\n\t Sequence number: %u", EXTRACT_32BITS(tptr))); + ND_TCHECK2(*tptr, ISIS_TLV_IIH_SEQNR_MINLEN); /* check if four bytes are on the wire */ + ND_PRINT((ndo, "\n\t Sequence number: %u", EXTRACT_BE_U_4(tptr))); break; case ISIS_TLV_VENDOR_PRIVATE: if (tmp < ISIS_TLV_VENDOR_PRIVATE_MINLEN) break; - if (!ND_TTEST2(*tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN)) /* check if enough byte for a full oui */ - goto trunctlv; - vendor_id = EXTRACT_24BITS(tptr); + ND_TCHECK2(*tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN); /* check if enough byte for a full oui */ + vendor_id = EXTRACT_BE_U_3(tptr); ND_PRINT((ndo, "\n\t Vendor: %s (%u)", tok2str(oui_values, "Unknown", vendor_id), vendor_id)); @@ -3066,25 +3168,35 @@ isis_print(netdissect_options *ndo, return (1); trunc: - ND_PRINT((ndo, "[|isis]")); + ND_PRINT((ndo, "%s", tstr)); return (1); trunctlv: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); + ND_PRINT((ndo, "\n\t\t")); + ND_PRINT((ndo, "%s", tstr)); return(1); } static void -osi_print_cksum(netdissect_options *ndo, - const uint8_t *pptr, uint16_t checksum, - u_int checksum_offset, u_int length) +osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, u_int length) { uint16_t calculated_checksum; - /* do not attempt to verify the checksum if it is zero */ - if (!checksum) { - ND_PRINT((ndo, "(unverified)")); + /* do not attempt to verify the checksum if it is zero, + * if the offset is nonsense, + * or the base pointer is not sane + */ + if (!checksum + || checksum_offset < 0 + || !ND_TTEST_2(pptr + checksum_offset) + || (u_int)checksum_offset > length + || !ND_TTEST2(*pptr, length)) { + ND_PRINT((ndo, " (unverified)")); } else { +#if 0 + printf("\nosi_print_cksum: %p %u %u\n", pptr, checksum_offset, length); +#endif calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); if (checksum == calculated_checksum) { ND_PRINT((ndo, " (correct)"));