X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/eba1a415343eef5b411c8b20fdf43fe034fe153c..47fc89d711eec0a073d9b3b293a1af901b5bd791:/print-l2tp.c

diff --git a/print-l2tp.c b/print-l2tp.c
index 67a3059a..ca98e9a9 100644
--- a/print-l2tp.c
+++ b/print-l2tp.c
@@ -21,34 +21,54 @@
  * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net)
  */
 
-#ifndef lint
-static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-l2tp.c,v 1.11 2002-05-25 09:41:07 guy Exp $";
-#endif
-
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
+#include <tcpdump-stdinc.h>
+
 #include <stdio.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
 
-#include "l2tp.h"
 #include "interface.h"
 #include "extract.h"
 
-static char tstr[] = " [|l2tp]";
+#define L2TP_FLAG_TYPE		0x8000	/* Type (0=Data, 1=Control) */
+#define L2TP_FLAG_LENGTH	0x4000	/* Length */
+#define L2TP_FLAG_SEQUENCE	0x0800	/* Sequence */
+#define L2TP_FLAG_OFFSET	0x0200	/* Offset */
+#define L2TP_FLAG_PRIORITY	0x0100	/* Priority */
 
-#ifndef TRUE
-#define TRUE 1
-#endif
+#define L2TP_VERSION_MASK	0x000f	/* Version Mask */
+#define L2TP_VERSION_L2F	0x0001	/* L2F */
+#define L2TP_VERSION_L2TP	0x0002	/* L2TP */
 
-#ifndef FALSE
-#define FALSE 0
-#endif
+#define L2TP_AVP_HDR_FLAG_MANDATORY	0x8000	/* Mandatory Flag */
+#define L2TP_AVP_HDR_FLAG_HIDDEN	0x4000	/* Hidden Flag */
+#define L2TP_AVP_HDR_LEN_MASK		0x03ff	/* Length Mask */
+
+#define L2TP_FRAMING_CAP_SYNC_MASK	0x00000001	/* Synchronous */
+#define L2TP_FRAMING_CAP_ASYNC_MASK	0x00000002	/* Asynchronous */
+
+#define L2TP_FRAMING_TYPE_SYNC_MASK	0x00000001	/* Synchronous */
+#define L2TP_FRAMING_TYPE_ASYNC_MASK	0x00000002	/* Asynchronous */
+
+#define L2TP_BEARER_CAP_DIGITAL_MASK	0x00000001	/* Digital */
+#define L2TP_BEARER_CAP_ANALOG_MASK	0x00000002	/* Analog */
+
+#define L2TP_BEARER_TYPE_DIGITAL_MASK	0x00000001	/* Digital */
+#define L2TP_BEARER_TYPE_ANALOG_MASK	0x00000002	/* Analog */
+
+/* Authen Type */
+#define L2TP_AUTHEN_TYPE_RESERVED	0x0000	/* Reserved */
+#define L2TP_AUTHEN_TYPE_TEXTUAL	0x0001	/* Textual username/password exchange */
+#define L2TP_AUTHEN_TYPE_CHAP		0x0002	/* PPP CHAP */
+#define L2TP_AUTHEN_TYPE_PAP		0x0003	/* PPP PAP */
+#define L2TP_AUTHEN_TYPE_NO_AUTH	0x0004	/* No Authentication */
+#define L2TP_AUTHEN_TYPE_MSCHAPv1	0x0005	/* MSCHAPv1 */
+
+#define L2TP_PROXY_AUTH_ID_MASK		0x00ff
+
+static const char tstr[] = " [|l2tp]";
 
 #define	L2TP_MSGTYPE_SCCRQ	1  /* Start-Control-Connection-Request */
 #define	L2TP_MSGTYPE_SCCRP	2  /* Start-Control-Connection-Reply */
@@ -65,7 +85,7 @@ static char tstr[] = " [|l2tp]";
 #define	L2TP_MSGTYPE_WEN	15 /* WAN-Error-Notify */
 #define	L2TP_MSGTYPE_SLI	16 /* Set-Link-Info */
 
-static struct tok l2tp_msgtype2str[] = {
+static const struct tok l2tp_msgtype2str[] = {
 	{ L2TP_MSGTYPE_SCCRQ, 	"SCCRQ" },
 	{ L2TP_MSGTYPE_SCCRP,	"SCCRP" },
 	{ L2TP_MSGTYPE_SCCCN,	"SCCCN" },
@@ -125,7 +145,7 @@ static struct tok l2tp_msgtype2str[] = {
 #define L2TP_AVP_SEQ_REQUIRED 		39 /* Sequencing Required */
 #define L2TP_AVP_PPP_DISCON_CC		46 /* PPP Disconnect Cause Code */
 
-static struct tok l2tp_avp2str[] = {
+static const struct tok l2tp_avp2str[] = {
 	{ L2TP_AVP_MSGTYPE,		"MSGTYPE" },
 	{ L2TP_AVP_RESULT_CODE,		"RESULT_CODE" },
 	{ L2TP_AVP_PROTO_VER,		"PROTO_VER" },
@@ -146,31 +166,31 @@ static struct tok l2tp_avp2str[] = {
 	{ L2TP_AVP_MAXIMUM_BPS,		"MAXIMUM_BPS" },
 	{ L2TP_AVP_BEARER_TYPE,		"BEARER_TYPE" },
 	{ L2TP_AVP_FRAMING_TYPE,	"FRAMING_TYPE" },
-	{ L2TP_AVP_PACKET_PROC_DELAY,	"PACKET_PROC_DELAY" },	
+	{ L2TP_AVP_PACKET_PROC_DELAY,	"PACKET_PROC_DELAY" },
 	{ L2TP_AVP_CALLED_NUMBER,	"CALLED_NUMBER" },
 	{ L2TP_AVP_CALLING_NUMBER,	"CALLING_NUMBER" },
 	{ L2TP_AVP_SUB_ADDRESS,		"SUB_ADDRESS" },
 	{ L2TP_AVP_TX_CONN_SPEED,	"TX_CONN_SPEED" },
 	{ L2TP_AVP_PHY_CHANNEL_ID,	"PHY_CHANNEL_ID" },
 	{ L2TP_AVP_INI_RECV_LCP,	"INI_RECV_LCP" },
-	{ L2TP_AVP_LAST_SENT_LCP,	"LAST_SENT_LCP" },	
-	{ L2TP_AVP_LAST_RECV_LCP,	"LAST_RECV_LCP" },	
-	{ L2TP_AVP_PROXY_AUTH_TYPE,	"PROXY_AUTH_TYPE" }, 	
+	{ L2TP_AVP_LAST_SENT_LCP,	"LAST_SENT_LCP" },
+	{ L2TP_AVP_LAST_RECV_LCP,	"LAST_RECV_LCP" },
+	{ L2TP_AVP_PROXY_AUTH_TYPE,	"PROXY_AUTH_TYPE" },
 	{ L2TP_AVP_PROXY_AUTH_NAME,	"PROXY_AUTH_NAME" },
-	{ L2TP_AVP_PROXY_AUTH_CHAL,	"PROXY_AUTH_CHAL" },	
+	{ L2TP_AVP_PROXY_AUTH_CHAL,	"PROXY_AUTH_CHAL" },
 	{ L2TP_AVP_PROXY_AUTH_ID,	"PROXY_AUTH_ID" },
 	{ L2TP_AVP_PROXY_AUTH_RESP,	"PROXY_AUTH_RESP" },
 	{ L2TP_AVP_CALL_ERRORS,		"CALL_ERRORS" },
-	{ L2TP_AVP_ACCM,		"ACCM" },		
-	{ L2TP_AVP_RANDOM_VECTOR,	"RANDOM_VECTOR" },	
+	{ L2TP_AVP_ACCM,		"ACCM" },
+	{ L2TP_AVP_RANDOM_VECTOR,	"RANDOM_VECTOR" },
 	{ L2TP_AVP_PRIVATE_GRP_ID,	"PRIVATE_GRP_ID" },
-	{ L2TP_AVP_RX_CONN_SPEED,	"RX_CONN_SPEED" }, 	
-	{ L2TP_AVP_SEQ_REQUIRED,	"SEQ_REQUIRED" }, 	
-	{ L2TP_AVP_PPP_DISCON_CC,	"PPP_DISCON_CC" },	
+	{ L2TP_AVP_RX_CONN_SPEED,	"RX_CONN_SPEED" },
+	{ L2TP_AVP_SEQ_REQUIRED,	"SEQ_REQUIRED" },
+	{ L2TP_AVP_PPP_DISCON_CC,	"PPP_DISCON_CC" },
 	{ 0,				NULL }
 };
 
-static struct tok l2tp_authentype2str[] = {
+static const struct tok l2tp_authentype2str[] = {
 	{ L2TP_AUTHEN_TYPE_RESERVED,	"Reserved" },
 	{ L2TP_AUTHEN_TYPE_TEXTUAL,	"Textual" },
 	{ L2TP_AUTHEN_TYPE_CHAP,	"CHAP" },
@@ -184,7 +204,7 @@ static struct tok l2tp_authentype2str[] = {
 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER	1
 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL	2
 
-static struct tok l2tp_cc_direction2str[] = {
+static const struct tok l2tp_cc_direction2str[] = {
 	{ L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL,	"global error" },
 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER,	"at peer" },
 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" },
@@ -243,19 +263,19 @@ static char *l2tp_error_code_general[] = {
 /******************************/
 /* generic print out routines */
 /******************************/
-static void 
+static void
 print_string(const u_char *dat, u_int length)
 {
-	int i;
+	u_int i;
 	for (i=0; i<length; i++) {
 		printf("%c", *dat++);
 	}
 }
 
-static void 
+static void
 print_octets(const u_char *dat, u_int length)
 {
-	int i;
+	u_int i;
 	for (i=0; i<length; i++) {
 		printf("%02x", *dat++);
 	}
@@ -289,7 +309,7 @@ static void
 l2tp_result_code_print(const u_char *dat, u_int length)
 {
 	u_int16_t *ptr = (u_int16_t *)dat;
-	
+
 	printf("%u", EXTRACT_16BITS(ptr)); ptr++;	/* Result Code */
 	if (length > 2) {				/* Error Code (opt) */
 	        printf("/%u", EXTRACT_16BITS(ptr)); ptr++;
@@ -341,7 +361,7 @@ l2tp_q931_cc_print(const u_char *dat, u_int length)
 	if (length > 3) {
 		printf(" ");
 		print_string(dat+3, length-3);
-	} 
+	}
 }
 
 static void
@@ -381,7 +401,7 @@ l2tp_proxy_auth_type_print(const u_char *dat)
 {
 	u_int16_t *ptr = (u_int16_t *)dat;
 
-	printf("%s", tok2str(l2tp_authentype2str, 
+	printf("%s", tok2str(l2tp_authentype2str,
 			     "AuthType-#%u", EXTRACT_16BITS(ptr)));
 }
 
@@ -398,7 +418,7 @@ l2tp_call_errors_print(const u_char *dat)
 {
 	u_int16_t *ptr = (u_int16_t *)dat;
 	u_int16_t val_h, val_l;
-	
+
 	ptr++;		/* skip "Reserved" */
 
 	val_h = EXTRACT_16BITS(ptr); ptr++;
@@ -437,7 +457,7 @@ l2tp_accm_print(const u_char *dat)
 	val_h = EXTRACT_16BITS(ptr); ptr++;
 	val_l = EXTRACT_16BITS(ptr); ptr++;
 	printf("send=%08x ", (val_h<<16) + val_l);
-	
+
 	val_h = EXTRACT_16BITS(ptr); ptr++;
 	val_l = EXTRACT_16BITS(ptr); ptr++;
 	printf("recv=%08x ", (val_h<<16) + val_l);
@@ -447,10 +467,10 @@ static void
 l2tp_ppp_discon_cc_print(const u_char *dat, u_int length)
 {
 	u_int16_t *ptr = (u_int16_t *)dat;
-	
+
 	printf("%04x, ", EXTRACT_16BITS(ptr)); ptr++;	/* Disconnect Code */
 	printf("%04x ",  EXTRACT_16BITS(ptr)); ptr++;	/* Control Protocol Number */
-	printf("%s", tok2str(l2tp_cc_direction2str, 
+	printf("%s", tok2str(l2tp_cc_direction2str,
 			     "Direction-#%u", *((u_char *)ptr++)));
 
 	if (length > 5) {
@@ -476,8 +496,17 @@ l2tp_avp_print(const u_char *dat, int length)
 	TCHECK(*ptr);	/* Flags & Length */
 	len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK;
 
-	/* If it is not long enough to decode the entire AVP, we'll 
-	   abandon. */
+	/* If it is not long enough to contain the header, we'll give up. */
+	if (len < 6)
+		goto trunc;
+
+	/* If it goes past the end of the remaining length of the packet,
+	   we'll give up. */
+	if (len > (u_int)length)
+		goto trunc;
+
+	/* If it goes past the end of the remaining length of the captured
+	   data, we'll give up. */
 	TCHECK2(*ptr, len);
 	/* After this point, no need to worry about truncation */
 
@@ -498,7 +527,7 @@ l2tp_avp_print(const u_char *dat, int length)
 		print_octets((u_char *)ptr, len-6);
 		printf(")");
 	} else {
-		/* IETF-defined Attributes */ 
+		/* IETF-defined Attributes */
 		ptr++;
 		attr_type = EXTRACT_16BITS(ptr); ptr++;
 		printf("%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type));
@@ -537,7 +566,7 @@ l2tp_avp_print(const u_char *dat, int length)
 			case L2TP_AVP_CALLED_NUMBER:
 			case L2TP_AVP_SUB_ADDRESS:
 			case L2TP_AVP_PROXY_AUTH_NAME:
-			case L2TP_AVP_PRIVATE_GRP_ID:	
+			case L2TP_AVP_PRIVATE_GRP_ID:
 				print_string((u_char *)ptr, len-6);
 				break;
 			case L2TP_AVP_CHALLENGE:
@@ -607,15 +636,15 @@ l2tp_avp_print(const u_char *dat, int length)
 void
 l2tp_print(const u_char *dat, u_int length)
 {
-	const u_int16_t *ptr = (u_int16_t *)dat;
+	const u_char *ptr = dat;
 	u_int cnt = 0;			/* total octets consumed */
 	u_int16_t pad;
-	int flag_t, flag_l, flag_s, flag_o, flag_p;
+	int flag_t, flag_l, flag_s, flag_o;
 	u_int16_t l2tp_len;
 
-	flag_t = flag_l = flag_s = flag_o = flag_p = FALSE;
+	flag_t = flag_l = flag_s = flag_o = FALSE;
 
-	TCHECK(*ptr);	/* Flags & Version */
+	TCHECK2(*ptr, 2);	/* Flags & Version */
 	if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) {
 		printf(" l2tp:");
 	} else if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) {
@@ -643,55 +672,73 @@ l2tp_print(const u_char *dat, u_int length)
 		flag_o = TRUE;
 		printf("O");
 	}
-	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY) {
-		flag_p = TRUE;
+	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY)
 		printf("P");
-	}
 	printf("]");
 
-	ptr++;
+	ptr += 2;
 	cnt += 2;
-	
+
 	if (flag_l) {
-		TCHECK(*ptr);	/* Length */
-		l2tp_len = EXTRACT_16BITS(ptr); ptr++;
+		TCHECK2(*ptr, 2);	/* Length */
+		l2tp_len = EXTRACT_16BITS(ptr);
+		ptr += 2;
 		cnt += 2;
 	} else {
 		l2tp_len = 0;
 	}
 
-	TCHECK(*ptr);		/* Tunnel ID */
-	printf("(%u/", EXTRACT_16BITS(ptr)); ptr++;
+	TCHECK2(*ptr, 2);		/* Tunnel ID */
+	printf("(%u/", EXTRACT_16BITS(ptr));
+	ptr += 2;
 	cnt += 2;
-	TCHECK(*ptr);		/* Session ID */
-	printf("%u)",  EXTRACT_16BITS(ptr)); ptr++;
+	TCHECK2(*ptr, 2);		/* Session ID */
+	printf("%u)",  EXTRACT_16BITS(ptr));
+	ptr += 2;
 	cnt += 2;
 
 	if (flag_s) {
-		TCHECK(*ptr);	/* Ns */
-		printf("Ns=%u,", EXTRACT_16BITS(ptr)); ptr++;
+		TCHECK2(*ptr, 2);	/* Ns */
+		printf("Ns=%u,", EXTRACT_16BITS(ptr));
+		ptr += 2;
 		cnt += 2;
-		TCHECK(*ptr);	/* Nr */
-		printf("Nr=%u",  EXTRACT_16BITS(ptr)); ptr++;
+		TCHECK2(*ptr, 2);	/* Nr */
+		printf("Nr=%u",  EXTRACT_16BITS(ptr));
+		ptr += 2;
 		cnt += 2;
 	}
 
 	if (flag_o) {
-		TCHECK(*ptr);	/* Offset Size */
-		pad =  EXTRACT_16BITS(ptr); ptr++;
-		ptr += pad / sizeof(*ptr);
+		TCHECK2(*ptr, 2);	/* Offset Size */
+		pad =  EXTRACT_16BITS(ptr);
+		ptr += (2 + pad);
 		cnt += (2 + pad);
 	}
 
+	if (flag_l) {
+		if (length < l2tp_len) {
+			printf(" Length %u larger than packet", l2tp_len);
+			return;
+		}
+		length = l2tp_len;
+	}
+	if (length < cnt) {
+		printf(" Length %u smaller than header length", length);
+		return;
+	}
 	if (flag_t) {
+		if (!flag_l) {
+			printf(" No length");
+			return;
+		}
 		if (length - cnt == 0) {
 			printf(" ZLB");
 		} else {
-			l2tp_avp_print((u_char *)ptr, length - cnt);
+			l2tp_avp_print(ptr, length - cnt);
 		}
 	} else {
 		printf(" {");
-		ppp_print((u_char *)ptr, length - cnt);
+		ppp_print(ptr, length - cnt);
 		printf("}");
 	}
 
@@ -699,4 +746,4 @@ l2tp_print(const u_char *dat, u_int length)
 
  trunc:
 	printf("%s", tstr);
-}	
+}