X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/df7c862246f5fd92d04913bb4f86ac127df004d9..1afd3f308e25f7bf070f3932a28ed6b2be8173f6:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index 81bbab16..b8b18138 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -26,7 +26,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.159 2006-05-12 02:10:21 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.165 2008-08-16 13:38:15 hannes Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -46,6 +46,7 @@ static const char rcsid[] _U_ = #include "extract.h" #include "gmpls.h" #include "oui.h" +#include "signature.h" /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. @@ -125,6 +126,8 @@ static struct tok isis_pdu_values[] = { #define ISIS_TLV_EXTD_IP_REACH 135 /* draft-ietf-isis-traffic-05 */ #define ISIS_TLV_HOSTNAME 137 /* rfc2763 */ #define ISIS_TLV_SHARED_RISK_GROUP 138 /* draft-ietf-isis-gmpls-extensions */ +#define ISIS_TLV_MT_PORT_CAP 143 /* rfc6165 */ +#define ISIS_TLV_MT_CAPABILITY 144 /* rfc6329 */ #define ISIS_TLV_NORTEL_PRIVATE1 176 #define ISIS_TLV_NORTEL_PRIVATE2 177 #define ISIS_TLV_RESTART_SIGNALING 211 /* rfc3847 */ @@ -169,6 +172,8 @@ static struct tok isis_tlv_values[] = { { ISIS_TLV_TE_ROUTER_ID, "Traffic Engineering Router ID"}, { ISIS_TLV_EXTD_IP_REACH, "Extended IPv4 Reachability"}, { ISIS_TLV_SHARED_RISK_GROUP, "Shared Risk Link Group"}, + { ISIS_TLV_MT_PORT_CAP, "Multi-Topology-Aware Port Capability"}, + { ISIS_TLV_MT_CAPABILITY, "Multi-Topology Capability"}, { ISIS_TLV_NORTEL_PRIVATE1, "Nortel Proprietary"}, { ISIS_TLV_NORTEL_PRIVATE2, "Nortel Proprietary"}, { ISIS_TLV_HOSTNAME, "Hostname"}, @@ -349,6 +354,8 @@ static struct tok clnp_option_qos_global_values[] = { #define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* rfc4205 */ #define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS 22 /* rfc4124 */ +#define ISIS_SUBTLV_SPB_METRIC 29 /* rfc6329 */ + static struct tok isis_ext_is_reach_subtlv_values[] = { { ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP, "Administrative groups" }, { ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID, "Link Local/Remote Identifier" }, @@ -364,6 +371,7 @@ static struct tok isis_ext_is_reach_subtlv_values[] = { { ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR, "Interface Switching Capability" }, { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD, "Bandwidth Constraints (old)" }, { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS, "Bandwidth Constraints" }, + { ISIS_SUBTLV_SPB_METRIC, "SPB Metric" }, { 250, "Reserved for cisco specific extensions" }, { 251, "Reserved for cisco specific extensions" }, { 252, "Reserved for cisco specific extensions" }, @@ -392,12 +400,14 @@ static struct tok isis_subtlv_link_attribute_values[] = { }; #define ISIS_SUBTLV_AUTH_SIMPLE 1 +#define ISIS_SUBTLV_AUTH_GENERIC 3 /* rfc 5310 */ #define ISIS_SUBTLV_AUTH_MD5 54 #define ISIS_SUBTLV_AUTH_MD5_LEN 16 #define ISIS_SUBTLV_AUTH_PRIVATE 255 static struct tok isis_subtlv_auth_values[] = { { ISIS_SUBTLV_AUTH_SIMPLE, "simple text password"}, + { ISIS_SUBTLV_AUTH_GENERIC, "Generic Crypto key-id"}, { ISIS_SUBTLV_AUTH_MD5, "HMAC-MD5 password"}, { ISIS_SUBTLV_AUTH_PRIVATE, "Routing Domain private password"}, { 0, NULL } @@ -414,6 +424,53 @@ static struct tok isis_subtlv_idrp_values[] = { { 0, NULL} }; +#define ISIS_SUBTLV_SPB_MCID 4 +#define ISIS_SUBTLV_SPB_DIGEST 5 +#define ISIS_SUBTLV_SPB_BVID 6 + +#define ISIS_SUBTLV_SPB_INSTANCE 1 +#define ISIS_SUBTLV_SPBM_SI 3 + +#define ISIS_SPB_MCID_LEN 51 +#define ISIS_SUBTLV_SPB_MCID_MIN_LEN 102 +#define ISIS_SUBTLV_SPB_DIGEST_MIN_LEN 33 +#define ISIS_SUBTLV_SPB_BVID_MIN_LEN 6 +#define ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN 19 +#define ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN 8 + +static struct tok isis_mt_port_cap_subtlv_values[] = { + { ISIS_SUBTLV_SPB_MCID, "SPB MCID" }, + { ISIS_SUBTLV_SPB_DIGEST, "SPB Digest" }, + { ISIS_SUBTLV_SPB_BVID, "SPB BVID" }, + { 0, NULL } +}; + +static struct tok isis_mt_capability_subtlv_values[] = { + { ISIS_SUBTLV_SPB_INSTANCE, "SPB Instance" }, + { ISIS_SUBTLV_SPBM_SI, "SPBM Service Identifier and Unicast Address" }, + { 0, NULL } +}; + +struct isis_spb_mcid { + u_int8_t format_id; + u_int8_t name[32]; + u_int8_t revision_lvl[2]; + u_int8_t digest[16]; +}; + +struct isis_subtlv_spb_mcid { + struct isis_spb_mcid mcid; + struct isis_spb_mcid aux_mcid; +}; + +struct isis_subtlv_spb_instance { + u_int8_t cist_root_id[8]; + u_int8_t cist_external_root_path_cost[4]; + u_int8_t bridge_priority[2]; + u_int8_t spsourceid[4]; + u_int8_t no_of_trees; +}; + #define CLNP_SEGMENT_PART 0x80 #define CLNP_MORE_SEGMENTS 0x40 #define CLNP_REQUEST_ER 0x20 @@ -438,8 +495,8 @@ static struct tok clnp_flag_values[] = { #define ISIS_MASK_MTFLAGS(x) ((x)&0xf000) static struct tok isis_mt_flag_values[] = { - { 0x4000, "sub-TLVs present"}, - { 0x8000, "ATT bit set"}, + { 0x4000, "ATT bit set"}, + { 0x8000, "Overload bit set"}, { 0, NULL} }; @@ -481,7 +538,7 @@ static struct tok isis_lsp_istype_values[] = { { ISIS_LSP_TYPE_UNUSED0, "Unused 0x0 (invalid)"}, { ISIS_LSP_TYPE_LEVEL_1, "L1 IS"}, { ISIS_LSP_TYPE_UNUSED2, "Unused 0x2 (invalid)"}, - { ISIS_LSP_TYPE_LEVEL_2, "L1L2 IS"}, + { ISIS_LSP_TYPE_LEVEL_2, "L2 IS"}, { 0, NULL } }; @@ -508,7 +565,8 @@ struct isis_tlv_ptp_adj { u_int8_t neighbor_extd_local_circuit_id[4]; }; -static int osi_cksum(const u_int8_t *, u_int); +static void osi_print_cksum(const u_int8_t *pptr, u_int16_t checksum, + u_int checksum_offset, u_int length); static int clnp_print(const u_int8_t *, u_int); static void esis_print(const u_int8_t *, u_int); static int isis_print(const u_int8_t *, u_int); @@ -614,10 +672,6 @@ struct isis_tlv_lsp { void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) { - const struct isis_common_header *header; - - header = (const struct isis_common_header *)p; - if (caplen <= 1) { /* enough bytes on the wire ? */ printf("|OSI"); return; @@ -660,7 +714,7 @@ void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) #ifdef INET6 case NLPID_IP6: - ip6_print(p+1, length-1); + ip6_print(gndo, p+1, length-1); break; #endif @@ -771,7 +825,7 @@ static int clnp_print (const u_int8_t *pptr, u_int length) } printf("%slength %u",eflag ? "" : ", ",length); - printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x ", + printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x", tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type), clnp_header->length_indicator, clnp_header->version, @@ -780,10 +834,8 @@ static int clnp_print (const u_int8_t *pptr, u_int length) EXTRACT_16BITS(clnp_header->segment_length), EXTRACT_16BITS(clnp_header->cksum)); - /* do not attempt to verify the checksum if it is zero */ - if (EXTRACT_16BITS(clnp_header->cksum) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, clnp_header->length_indicator) ? "incorrect" : "correct"); + osi_print_cksum(optr, EXTRACT_16BITS(clnp_header->cksum), 7, + clnp_header->length_indicator); printf("\n\tFlags [%s]", bittok2str(clnp_flag_values,"none",clnp_flags)); @@ -1037,12 +1089,9 @@ esis_print(const u_int8_t *pptr, u_int length) esis_pdu_type); printf(", v: %u%s", esis_header->version, esis_header->version == ESIS_VERSION ? "" : "unsupported" ); - printf(", checksum: 0x%04x ", EXTRACT_16BITS(esis_header->cksum)); - /* do not attempt to verify the checksum if it is zero */ - if (EXTRACT_16BITS(esis_header->cksum) == 0) - printf("(unverified)"); - else - printf("(%s)", osi_cksum(pptr, li) ? "incorrect" : "correct"); + printf(", checksum: 0x%04x", EXTRACT_16BITS(esis_header->cksum)); + + osi_print_cksum(pptr, EXTRACT_16BITS(esis_header->cksum), 7, li); printf(", holding time: %us, length indicator: %u",EXTRACT_16BITS(esis_header->holdtime),li); @@ -1180,15 +1229,15 @@ esis_print(const u_int8_t *pptr, u_int length) } /* now walk the options */ - while (li >= 2) { + while (li != 0) { u_int op, opli; const u_int8_t *tptr; - TCHECK2(*pptr, 2); if (li < 2) { printf(", bad opts/li"); return; } + TCHECK2(*pptr, 2); op = *pptr++; opli = *pptr++; li -= 2; @@ -1207,8 +1256,11 @@ esis_print(const u_int8_t *pptr, u_int length) switch (op) { case ESIS_OPTION_ES_CONF_TIME: - TCHECK2(*pptr, 2); - printf("%us", EXTRACT_16BITS(tptr)); + if (opli == 2) { + TCHECK2(*pptr, 2); + printf("%us", EXTRACT_16BITS(tptr)); + } else + printf("(bad length)"); break; case ESIS_OPTION_PROTOCOLS: @@ -1249,6 +1301,252 @@ trunc: return; } + +static void +isis_print_mcid (const struct isis_spb_mcid *mcid) +{ + int i; + + printf( "ID: %d, Name: ", mcid->format_id); + + for(i=0; i<32; i++) + { + printf("%c", mcid->name[i]); + if(mcid->name[i] == '\0') + break; + } + + printf("\n\t Lvl: %d", + EXTRACT_16BITS(mcid->revision_lvl)); + + printf( ", Digest: "); + + for(i=0;i<16;i++) + printf("%.2x ",mcid->digest[i]); +} + +static int +isis_print_mt_port_cap_subtlv (const u_int8_t *tptr, int len) +{ + int stlv_type; + int stlv_len; + const struct isis_subtlv_spb_mcid *subtlv_spb_mcid; + int i; + + while (len > 0) + { + stlv_type = *(tptr++); + stlv_len = *(tptr++); + + /* first lets see if we know the subTLVs name*/ + printf("\n\t %s subTLV #%u, length: %u", + tok2str(isis_mt_port_cap_subtlv_values, "unknown", stlv_type), + stlv_type, + stlv_len); + + len = len -2; + + switch (stlv_type) + { + case ISIS_SUBTLV_SPB_MCID: + + if (!TTEST2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN)) + goto trunctlv; + + subtlv_spb_mcid = (struct isis_subtlv_spb_mcid *)tptr; + + printf( "\n\t MCID: "); + isis_print_mcid (&(subtlv_spb_mcid->mcid)); + + printf( "\n\t AUX-MCID: "); + isis_print_mcid (&(subtlv_spb_mcid->aux_mcid)); + + tptr = tptr + sizeof(struct isis_subtlv_spb_mcid); + len = len - sizeof(struct isis_subtlv_spb_mcid); + + break; + + case ISIS_SUBTLV_SPB_DIGEST: + + if (!TTEST2(*(tptr), ISIS_SUBTLV_SPB_DIGEST_MIN_LEN)) + goto trunctlv; + + printf ("\n\t RES: %d V: %d A: %d D: %d", + (*(tptr) >> 5), (((*tptr)>> 4) & 0x01), + ((*(tptr) >> 2) & 0x03), ((*tptr) & 0x03)); + + tptr++; + + printf( "\n\t Digest: "); + + for(i=1;i<=8; i++) + { + printf("%08x ", EXTRACT_32BITS(tptr)); + if (i%4 == 0 && i != 8) + printf("\n\t "); + tptr = tptr + 4; + } + + len = len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; + + break; + + case ISIS_SUBTLV_SPB_BVID: + + if (!TTEST2(*(tptr), stlv_len)) + goto trunctlv; + + while (len) + { + if (!TTEST2(*(tptr), ISIS_SUBTLV_SPB_BVID_MIN_LEN)) + goto trunctlv; + + printf("\n\t ECT: %08x", + EXTRACT_32BITS(tptr)); + + tptr = tptr+4; + + printf(" B-Vlan: %d, U:%01x, M:%01x RES: %01x", + (EXTRACT_16BITS (tptr) >> 4) , + (EXTRACT_16BITS (tptr) >> 3) & 0x01, + (EXTRACT_16BITS (tptr) >> 2) & 0x01, + (EXTRACT_16BITS (tptr) & 0x03)); + + tptr = tptr + 2; + len = len - ISIS_SUBTLV_SPB_BVID_MIN_LEN; + } + + break; + + default: + break; + } + } + + return 0; + + trunctlv: + printf("\n\t\t packet exceeded snapshot"); + return(1); +} + + +static int +isis_print_mt_capability_subtlv (const u_int8_t *tptr, int len) +{ + int stlv_type, stlv_len, tmp; + + while (len > 0) + { + stlv_type = *(tptr++); + stlv_len = *(tptr++); + + /* first lets see if we know the subTLVs name*/ + printf("\n\t %s subTLV #%u, length: %u", + tok2str(isis_mt_capability_subtlv_values, "unknown", stlv_type), + stlv_type, + stlv_len); + + len = len - 2; + + switch (stlv_type) + { + case ISIS_SUBTLV_SPB_INSTANCE: + + if (!TTEST2(*(tptr), ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN)) + goto trunctlv; + + printf("\n\t CIST Root-ID: %08x", EXTRACT_32BITS(tptr)); + tptr = tptr+4; + printf(" %08x", EXTRACT_32BITS(tptr)); + tptr = tptr+4; + printf(", Path Cost: %08x", EXTRACT_32BITS(tptr)); + tptr = tptr+4; + printf(", Prio: %d", EXTRACT_16BITS(tptr)); + tptr = tptr + 2; + printf("\n\t RES: %d", + EXTRACT_16BITS(tptr) >> 5); + printf(", V: %d", + (EXTRACT_16BITS(tptr) >> 4) & 0x0001); + printf(", SPSource-ID: %d", + (EXTRACT_32BITS(tptr) & 0x000fffff)); + tptr = tptr+4; + printf(", No of Trees: %x", *(tptr)); + + tmp = *(tptr++); + + len = len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; + + while (tmp) + { + if (!TTEST2(*(tptr), ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN)) + goto trunctlv; + + printf ("\n\t U:%d, M:%d, A:%d, RES:%d", + *(tptr) >> 7, (*(tptr) >> 6) & 0x01, + (*(tptr) >> 5) & 0x01, (*(tptr) & 0x1f)); + + tptr++; + + printf (", ECT: %08x", EXTRACT_32BITS(tptr)); + + tptr = tptr + 4; + + printf (", BVID: %d, SPVID: %d", + (EXTRACT_24BITS(tptr) >> 12) & 0x000fff, + EXTRACT_24BITS(tptr) & 0x000fff); + + tptr = tptr + 3; + len = len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; + tmp--; + } + + break; + + case ISIS_SUBTLV_SPBM_SI: + + if (!TTEST2(*(tptr), 6)) + goto trunctlv; + + printf("\n\t BMAC: %08x", EXTRACT_32BITS(tptr)); + tptr = tptr+4; + printf("%04x", EXTRACT_16BITS(tptr)); + tptr = tptr+2; + + printf (", RES: %d, VID: %d", EXTRACT_16BITS(tptr) >> 12, + (EXTRACT_16BITS(tptr)) & 0x0fff); + + tptr = tptr+2; + len = len - 8; + stlv_len = stlv_len - 8; + + while (stlv_len) + { + printf("\n\t T: %d, R: %d, RES: %d, ISID: %d", + (EXTRACT_32BITS(tptr) >> 31), + (EXTRACT_32BITS(tptr) >> 30) & 0x01, + (EXTRACT_32BITS(tptr) >> 24) & 0x03f, + (EXTRACT_32BITS(tptr)) & 0x0ffffff); + + tptr = tptr + 4; + len = len - 4; + stlv_len = stlv_len - 4; + } + + break; + + default: + break; + } + } + return 0; + + trunctlv: + printf("\n\t\t packet exceeded snapshot"); + return(1); +} + + /* shared routine for printing system, node and lsp-ids */ static char * isis_print_id(const u_int8_t *cp, int id_len) @@ -1506,6 +1804,14 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,u_int subt,u_int subl,const cha *(tptr+1)); } break; + case ISIS_SUBTLV_SPB_METRIC: + if (subl >= 6) { + printf (", LM: %u", EXTRACT_24BITS(tptr)); + tptr=tptr+3; + printf (", P: %u", *(tptr)); + printf (", P-ID: %u", EXTRACT_16BITS(++tptr)); + } + break; case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: if (subl >= 36) { gmpls_switch_cap = *tptr; @@ -1768,7 +2074,7 @@ static int isis_print (const u_int8_t *p, u_int length) const struct isis_iih_lan_header *header_iih_lan; const struct isis_iih_ptp_header *header_iih_ptp; - const struct isis_lsp_header *header_lsp; + struct isis_lsp_header *header_lsp; const struct isis_csnp_header *header_csnp; const struct isis_psnp_header *header_psnp; @@ -1780,18 +2086,20 @@ static int isis_print (const u_int8_t *p, u_int length) u_int8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len; u_int8_t ext_is_len, ext_ip_len, mt_len; const u_int8_t *optr, *pptr, *tptr; - u_short packet_len,pdu_len; + u_short packet_len,pdu_len, key_id; u_int i,vendor_id; + int sigcheck; packet_len=length; optr = p; /* initialize the _o_riginal pointer to the packet start - - need it for parsing the checksum TLV */ + need it for parsing the checksum TLV and authentication + TLV verification */ isis_header = (const struct isis_common_header *)p; TCHECK(*isis_header); pptr = p+(ISIS_COMMON_HEADER_SIZE); header_iih_lan = (const struct isis_iih_lan_header *)pptr; header_iih_ptp = (const struct isis_iih_ptp_header *)pptr; - header_lsp = (const struct isis_lsp_header *)pptr; + header_lsp = (struct isis_lsp_header *)pptr; header_csnp = (const struct isis_csnp_header *)pptr; header_psnp = (const struct isis_psnp_header *)pptr; @@ -2013,15 +2321,18 @@ static int isis_print (const u_int8_t *p, u_int length) EXTRACT_16BITS(header_lsp->remaining_lifetime), EXTRACT_16BITS(header_lsp->checksum)); - /* if this is a purge do not attempt to verify the checksum */ - if ( EXTRACT_16BITS(header_lsp->remaining_lifetime) == 0 && - EXTRACT_16BITS(header_lsp->checksum) == 0) - printf(" (purged)"); - else - /* verify the checksum - - * checking starts at the lsp-id field at byte position [12] - * hence the length needs to be reduced by 12 bytes */ - printf(" (%s)", (osi_cksum((u_int8_t *)header_lsp->lsp_id, length-12)) ? "incorrect" : "correct"); + + osi_print_cksum((u_int8_t *)header_lsp->lsp_id, + EXTRACT_16BITS(header_lsp->checksum), 12, length-12); + + /* + * Clear checksum and lifetime prior to signature verification. + */ + header_lsp->checksum[0] = 0; + header_lsp->checksum[1] = 0; + header_lsp->remaining_lifetime[0] = 0; + header_lsp->remaining_lifetime[1] = 0; + printf(", PDU length: %u, Flags: [ %s", pdu_len, @@ -2144,7 +2455,7 @@ static int isis_print (const u_int8_t *p, u_int length) tlv_len); if (tlv_len == 0) /* something is malformed */ - break; + continue; /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { @@ -2198,13 +2509,12 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IS_REACH: + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) /* did something go wrong ? */ + goto trunctlv; + tptr+=mt_len; + tmp-=mt_len; while (tmp >= 2+NODE_ID_LEN+3+1) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; - ext_is_len = isis_print_ext_is_reach(tptr,"\n\t ",tlv_type); if (ext_is_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -2283,13 +2593,14 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IP_REACH: - while (tmp>0) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunctlv; + } + tptr+=mt_len; + tmp-=mt_len; + while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -2310,13 +2621,14 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_MT_IP6_REACH: - while (tmp>0) { - mt_len = isis_print_mtid(tptr, "\n\t "); - if (mt_len == 0) /* did something go wrong ? */ - goto trunctlv; - tptr+=mt_len; - tmp-=mt_len; + mt_len = isis_print_mtid(tptr, "\n\t "); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunctlv; + } + tptr+=mt_len; + tmp-=mt_len; + while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(tptr, "\n\t ", AF_INET6); if (ext_ip_len == 0) /* did something go wrong ? */ goto trunctlv; @@ -2363,7 +2675,25 @@ static int isis_print (const u_int8_t *p, u_int length) } if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1) printf(", (malformed subTLV) "); + +#ifdef HAVE_LIBCRYPTO + sigcheck = signature_verify(optr, length, + (unsigned char *)tptr + 1); +#else + sigcheck = CANT_CHECK_SIGNATURE; +#endif + printf(" (%s)", tok2str(signature_check_values, "Unknown", sigcheck)); + break; + case ISIS_SUBTLV_AUTH_GENERIC: + key_id = EXTRACT_16BITS((tptr+1)); + printf("%u, password: ", key_id); + for(i=1 + sizeof(u_int16_t);i> 12), + (EXTRACT_16BITS (tptr) & 0x0fff)); + + tmp = tmp-2; + tptr = tptr+2; + + if (tmp) + isis_print_mt_port_cap_subtlv (tptr, tmp); + break; + + case ISIS_TLV_MT_CAPABILITY: + + if (!TTEST2(*(tptr), 2)) + goto trunctlv; + + printf("\n\t O: %d, RES: %d, MTID(s): %d", + (EXTRACT_16BITS(tptr) >> 15) & 0x01, + (EXTRACT_16BITS(tptr) >> 12) & 0x07, + EXTRACT_16BITS(tptr) & 0x0fff); + + tmp = tmp-2; + tptr = tptr+2; + + if (tmp) + isis_print_mt_capability_subtlv (tptr, tmp); + + break; + case ISIS_TLV_TE_ROUTER_ID: if (!TTEST2(*pptr, sizeof(struct in_addr))) goto trunctlv; @@ -2522,9 +2886,7 @@ static int isis_print (const u_int8_t *p, u_int length) * to avoid conflicts the checksum TLV is zeroed. * see rfc3358 for details */ - if (EXTRACT_16BITS(tptr) == 0) - printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, length) ? "incorrect" : "correct"); + osi_print_cksum(optr, EXTRACT_16BITS(tptr), tptr-optr, length); break; case ISIS_TLV_MT_SUPPORTED: @@ -2716,25 +3078,25 @@ static int isis_print (const u_int8_t *p, u_int length) return(1); } -/* - * Verify the checksum. See 8473-1, Appendix C, section C.4. - */ - -static int -osi_cksum(const u_int8_t *tptr, u_int len) +static void +osi_print_cksum (const u_int8_t *pptr, u_int16_t checksum, + u_int checksum_offset, u_int length) { - int32_t c0 = 0, c1 = 0; + u_int16_t calculated_checksum; - while ((int)--len >= 0) { - c0 += *tptr++; - c0 %= 255; - c1 += c0; - c1 %= 255; - } - return (c0 | c1); + /* do not attempt to verify the checksum if it is zero */ + if (!checksum) { + printf("(unverified)"); + } else { + calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); + if (checksum == calculated_checksum) { + printf(" (correct)"); + } else { + printf(" (incorrect should be 0x%04x)", calculated_checksum); + } + } } - /* * Local Variables: * c-style: whitesmith