X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/ed85e20e4d6a27d5405f37366dd34b64c10a9211..refs/pull/482/head:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index bc710e4a..2d5ac459 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -24,16 +24,15 @@ * complete IS-IS & CLNP support. */ -#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "ether.h" #include "nlpid.h" @@ -103,6 +102,7 @@ static const struct tok isis_pdu_values[] = { #define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ #define ISIS_TLV_CHECKSUM 12 /* rfc3358 */ #define ISIS_TLV_CHECKSUM_MINLEN 2 +#define ISIS_TLV_POI 13 /* rfc6232 */ #define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */ #define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2 #define ISIS_TLV_EXT_IS_REACH 22 /* draft-ietf-isis-traffic-05 */ @@ -152,6 +152,7 @@ static const struct tok isis_tlv_values[] = { { ISIS_TLV_LSP, "LSP entries"}, { ISIS_TLV_AUTH, "Authentication"}, { ISIS_TLV_CHECKSUM, "Checksum"}, + { ISIS_TLV_POI, "Purge Originator Identifier"}, { ISIS_TLV_LSP_BUFFERSIZE, "LSP Buffersize"}, { ISIS_TLV_EXT_IS_REACH, "Extended IS Reachability"}, { ISIS_TLV_IS_ALIAS_ID, "IS Alias ID"}, @@ -559,8 +560,8 @@ struct isis_tlv_ptp_adj { uint8_t neighbor_extd_local_circuit_id[4]; }; -static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, uint16_t checksum, - u_int checksum_offset, u_int length); +static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, int length); static int clnp_print(netdissect_options *, const uint8_t *, u_int); static void esis_print(netdissect_options *, const uint8_t *, u_int); static int isis_print(netdissect_options *, const uint8_t *, u_int); @@ -703,11 +704,9 @@ void isoclns_print(netdissect_options *ndo, ip_print(ndo, p + 1, length - 1); break; -#ifdef INET6 case NLPID_IP6: ip6_print(ndo, p + 1, length - 1); break; -#endif case NLPID_PPP: ppp_print(ndo, p + 1, length - 1); @@ -808,8 +807,8 @@ clnp_print(netdissect_options *ndo, if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, "%s%s > %s, %s, length %u", ndo->ndo_eflag ? "" : ", ", - isonsap_string(source_address, source_address_length), - isonsap_string(dest_address, dest_address_length), + isonsap_string(ndo, source_address, source_address_length), + isonsap_string(ndo, dest_address, dest_address_length), tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), length)); return (1); @@ -833,9 +832,9 @@ clnp_print(netdissect_options *ndo, ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - isonsap_string(source_address, source_address_length), + isonsap_string(ndo, source_address, source_address_length), dest_address_length, - isonsap_string(dest_address, dest_address_length))); + isonsap_string(ndo, dest_address, dest_address_length))); if (clnp_flags & CLNP_SEGMENT_PART) { clnp_segment_header = (const struct clnp_segment_header_t *) pptr; @@ -906,7 +905,7 @@ clnp_print(netdissect_options *ndo, ND_TCHECK2(*source_address, source_address_length); ND_PRINT((ndo, "\n\t NSAP address (length %u): %s", source_address_length, - isonsap_string(source_address, source_address_length))); + isonsap_string(ndo, source_address, source_address_length))); } tlen-=source_address_length+1; } @@ -1057,7 +1056,7 @@ esis_print(netdissect_options *ndo, if (li < sizeof(struct esis_header_t) + 2) { ND_PRINT((ndo, " length indicator < min PDU size %d:", li)); - while (--length != 0) + while (pptr < ndo->ndo_snapend) ND_PRINT((ndo, "%02X", *pptr++)); return; } @@ -1112,7 +1111,7 @@ esis_print(netdissect_options *ndo, dst = pptr; pptr += dstl; li -= dstl; - ND_PRINT((ndo, "\n\t %s", isonsap_string(dst, dstl))); + ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, dst, dstl))); ND_TCHECK(*pptr); if (li < 1) { @@ -1149,7 +1148,7 @@ esis_print(netdissect_options *ndo, if (netal == 0) ND_PRINT((ndo, "\n\t %s", etheraddr_string(ndo, snpa))); else - ND_PRINT((ndo, "\n\t %s", isonsap_string(neta, netal))); + ND_PRINT((ndo, "\n\t %s", isonsap_string(ndo, neta, netal))); break; } @@ -1182,7 +1181,7 @@ esis_print(netdissect_options *ndo, } ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, - isonsap_string(pptr, source_address_length))); + isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; source_address_number--; @@ -1204,7 +1203,7 @@ esis_print(netdissect_options *ndo, ND_PRINT((ndo, ", bad ish/li")); return; } - ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length))); + ND_PRINT((ndo, "\n\t NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; break; @@ -1343,7 +1342,7 @@ isis_print_mt_port_cap_subtlv(netdissect_options *ndo, if (!ND_TTEST2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN)) goto trunctlv; - subtlv_spb_mcid = (struct isis_subtlv_spb_mcid *)tptr; + subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr; ND_PRINT((ndo, "\n\t MCID: ")); isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid)); @@ -1660,8 +1659,8 @@ isis_print_tlv_ip_reach(netdissect_options *ndo, static int isis_print_ip_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, int subt, int subl, - const char *ident) { - + const char *ident) +{ /* first lets see if we know the subTLVs name*/ ND_PRINT((ndo, "%s%s subTLV #%u, length: %u", ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), @@ -1710,8 +1709,8 @@ trunctlv: static int isis_print_is_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int subt, u_int subl, - const char *ident) { - + const char *ident) +{ u_int te_class,priority_level,gmpls_switch_cap; union { /* int to float conversion buffer for several subTLVs */ float f; @@ -1870,8 +1869,8 @@ trunctlv: static int isis_print_ext_is_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, int tlv_type) { - + const uint8_t *tptr, const char *ident, int tlv_type) +{ char ident_buffer[20]; int subtlv_type,subtlv_len,subtlv_sum_len; int proc_bytes = 0; /* how many bytes did we process ? */ @@ -1920,8 +1919,8 @@ isis_print_ext_is_reach(netdissect_options *ndo, static int isis_print_mtid(netdissect_options *ndo, - const uint8_t *tptr, const char *ident) { - + const uint8_t *tptr, const char *ident) +{ if (!ND_TTEST2(*tptr, 2)) return(0); @@ -1947,14 +1946,10 @@ isis_print_mtid(netdissect_options *ndo, static int isis_print_extd_ip_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, uint16_t afi) { - + const uint8_t *tptr, const char *ident, uint16_t afi) +{ char ident_buffer[20]; -#ifdef INET6 uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ -#else - uint8_t prefix[sizeof(struct in_addr)]; /* shared copy buffer for IPv4 prefixes */ -#endif u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; if (!ND_TTEST2(*tptr, 4)) @@ -1975,7 +1970,6 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (0); } processed++; -#ifdef INET6 } else if (afi == AF_INET6) { if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */ return (0); @@ -1988,7 +1982,6 @@ isis_print_extd_ip_reach(netdissect_options *ndo, return (0); } processed+=2; -#endif } else return (0); /* somebody is fooling us */ @@ -2006,13 +1999,11 @@ isis_print_extd_ip_reach(netdissect_options *ndo, ident, ipaddr_string(ndo, prefix), bit_length)); -#ifdef INET6 - if (afi == AF_INET6) + else if (afi == AF_INET6) ND_PRINT((ndo, "%sIPv6 prefix: %s/%u", ident, ip6addr_string(ndo, prefix), bit_length)); -#endif ND_PRINT((ndo, ", Distribution: %s, Metric: %u", ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", @@ -2020,17 +2011,13 @@ isis_print_extd_ip_reach(netdissect_options *ndo, if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) ND_PRINT((ndo, ", sub-TLVs present")); -#ifdef INET6 - if (afi == AF_INET6) + else if (afi == AF_INET6) ND_PRINT((ndo, ", %s%s", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : "")); -#endif if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) -#ifdef INET6 || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) -#endif ) { /* assume that one prefix can hold more than one subTLV - therefore the first byte must reflect @@ -2416,8 +2403,7 @@ isis_print(netdissect_options *ndo, break; default: - if (!print_unknown_data(ndo, pptr, "\n\t ", length)) - return(0); + (void)print_unknown_data(ndo, pptr, "\n\t ", length); return (0); } @@ -2452,7 +2438,7 @@ isis_print(netdissect_options *ndo, tlv_type, tlv_len)); - if (tlv_len == 0) /* something is malformed */ + if (tlv_len == 0) /* something is invalid */ continue; /* now check if we have a decoder otherwise do a hexdump at the end*/ @@ -2464,7 +2450,7 @@ isis_print(netdissect_options *ndo, while (tmp && alen < tmp) { ND_PRINT((ndo, "\n\t Area address (length: %u): %s", alen, - isonsap_string(tptr, alen))); + isonsap_string(ndo, tptr, alen))); tptr += alen; tmp -= alen + 1; if (tmp==0) /* if this is the last area address do not attemt a boundary check */ @@ -2607,7 +2593,6 @@ isis_print(netdissect_options *ndo, } break; -#ifdef INET6 case ISIS_TLV_IP6_REACH: while (tmp>0) { ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); @@ -2647,7 +2632,6 @@ isis_print(netdissect_options *ndo, tmp -= sizeof(struct in6_addr); } break; -#endif case ISIS_TLV_AUTH: if (!ND_TTEST2(*tptr, 1)) goto trunctlv; @@ -2672,7 +2656,7 @@ isis_print(netdissect_options *ndo, ND_PRINT((ndo, "%02x", *(tptr + i))); } if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1) - ND_PRINT((ndo, ", (malformed subTLV) ")); + ND_PRINT((ndo, ", (invalid subTLV) ")); #ifdef HAVE_LIBCRYPTO sigcheck = signature_verify(ndo, optr, length, @@ -2889,6 +2873,22 @@ isis_print(netdissect_options *ndo, osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr, length); break; + case ISIS_TLV_POI: + if (tlv_len >= SYSTEM_ID_LEN + 1) { + if (!ND_TTEST2(*tptr, SYSTEM_ID_LEN + 1)) + goto trunctlv; + ND_PRINT((ndo, "\n\t Purge Originator System-ID: %s", + isis_print_id(tptr + 1, SYSTEM_ID_LEN))); + } + + if (tlv_len == 2 * SYSTEM_ID_LEN + 1) { + if (!ND_TTEST2(*tptr, 2 * SYSTEM_ID_LEN + 1)) + goto trunctlv; + ND_PRINT((ndo, "\n\t Received from System-ID: %s", + isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN))); + } + break; + case ISIS_TLV_MT_SUPPORTED: if (tmp < ISIS_TLV_MT_SUPPORTED_MINLEN) break; @@ -2902,7 +2902,7 @@ isis_print(netdissect_options *ndo, tptr+=mt_len; tmp-=mt_len; } else { - ND_PRINT((ndo, "\n\t malformed MT-ID")); + ND_PRINT((ndo, "\n\t invalid MT-ID")); break; } } @@ -3006,7 +3006,7 @@ isis_print(netdissect_options *ndo, if (!ND_TTEST2(*tptr, prefix_len / 2)) goto trunctlv; ND_PRINT((ndo, "\n\t\tAddress: %s/%u", - isonsap_string(tptr, prefix_len / 2), prefix_len * 4)); + isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4)); tptr+=prefix_len/2; tmp-=prefix_len/2; } @@ -3078,21 +3078,38 @@ isis_print(netdissect_options *ndo, } static void -osi_print_cksum(netdissect_options *ndo, - const uint8_t *pptr, uint16_t checksum, - u_int checksum_offset, u_int length) +osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, int length) { uint16_t calculated_checksum; - /* do not attempt to verify the checksum if it is zero */ - if (!checksum) { - ND_PRINT((ndo, "(unverified)")); + /* do not attempt to verify the checksum if it is zero, + * if the total length is nonsense, + * if the offset is nonsense, + * or the base pointer is not sane + */ + if (!checksum + || length < 0 + || checksum_offset < 0 + || length > ndo->ndo_snaplen + || checksum_offset > ndo->ndo_snaplen + || checksum_offset > length) { + ND_PRINT((ndo, " (unverified)")); } else { + const char *truncated = "trunc"; +#if 0 + printf("\nosi_print_cksum: %p %u %u %u\n", pptr, checksum_offset, length, ndo->ndo_snaplen); + ND_TCHECK2(pptr, checksum_offset+length); +#endif calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); if (checksum == calculated_checksum) { ND_PRINT((ndo, " (correct)")); } else { - ND_PRINT((ndo, " (incorrect should be 0x%04x)", calculated_checksum)); + truncated = "incorrect"; +#if 0 + trunc: +#endif + ND_PRINT((ndo, " (%s should be 0x%04x)", truncated, calculated_checksum)); } } }