X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/edb0e92cdcaf06168a38e632847b8fd2c0a62a2d..296d466cd6bbf2f7e75e15bb6a01268e88c76ed0:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index 4d65f7c9..5b8c2c2d 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -20,69 +20,73 @@ * * Original code by Matt Thomas, Digital Equipment Corporation * - * Extensively modified by Hannes Gredler (hannes@juniper.net) for more - * complete IS-IS support. + * Extensively modified by Hannes Gredler (hannes@gredler.at) for more + * complete IS-IS & CLNP support. */ -#ifndef lint -static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.61 2002-09-05 00:00:14 guy Exp $ (LBL)"; -#endif +/* \summary: ISO CLNS, ESIS, and ISIS printer */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +/* + * specification: + * + * CLNP: ISO 8473 (respective ITU version is at https://www.itu.int/rec/T-REC-X.233/en/) + * ES-IS: ISO 9542 + * IS-IS: ISO 10589 + */ + +#include -#include +#include "netdissect-stdinc.h" -#include #include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" -#include "ethertype.h" -#include "ether.h" +#include "nlpid.h" #include "extract.h" +#include "gmpls.h" +#include "oui.h" +#include "signature.h" -#define NLPID_CLNS 129 /* 0x81 */ -#define NLPID_ESIS 130 /* 0x82 */ -#define NLPID_ISIS 131 /* 0x83 */ -#define NLPID_IP6 0x8e -#define NLPID_IP 0xcc -#define NLPID_NULLNS 0 /* * IS-IS is defined in ISO 10589. Look there for protocol definitions. */ -#define SYSTEM_ID_LEN ETHER_ADDR_LEN -#define NODE_ID_LEN SYSTEM_ID_LEN+1 -#define LSP_ID_LEN SYSTEM_ID_LEN+2 +#define SYSTEM_ID_LEN MAC_ADDR_LEN +#define NODE_ID_LEN (SYSTEM_ID_LEN+1) +#define LSP_ID_LEN (SYSTEM_ID_LEN+2) #define ISIS_VERSION 1 -#define PDU_TYPE_MASK 0x1F -#define PRIORITY_MASK 0x7F - -#define L1_LAN_IIH 15 -#define L2_LAN_IIH 16 -#define PTP_IIH 17 -#define L1_LSP 18 -#define L2_LSP 20 -#define L1_CSNP 24 -#define L2_CSNP 25 -#define L1_PSNP 26 -#define L2_PSNP 27 - -static struct tok isis_pdu_values[] = { - { L1_LAN_IIH, "L1 Lan IIH"}, - { L2_LAN_IIH, "L2 Lan IIH"}, - { PTP_IIH, "p2p IIH"}, - { L1_LSP, "L1 LSP"}, - { L2_LSP, "L2 LSP"}, - { L1_CSNP, "L1 CSNP"}, - { L2_CSNP, "L2 CSNP"}, - { L1_PSNP, "L1 PSNP"}, - { L2_PSNP, "L2 PSNP"}, +#define ESIS_VERSION 1 +#define CLNP_VERSION 1 + +#define ISIS_PDU_TYPE_MASK 0x1F +#define ESIS_PDU_TYPE_MASK 0x1F +#define CLNP_PDU_TYPE_MASK 0x1F +#define CLNP_FLAG_MASK 0xE0 +#define ISIS_LAN_PRIORITY_MASK 0x7F + +#define ISIS_PDU_L1_LAN_IIH 15 +#define ISIS_PDU_L2_LAN_IIH 16 +#define ISIS_PDU_PTP_IIH 17 +#define ISIS_PDU_L1_LSP 18 +#define ISIS_PDU_L2_LSP 20 +#define ISIS_PDU_L1_CSNP 24 +#define ISIS_PDU_L2_CSNP 25 +#define ISIS_PDU_L1_PSNP 26 +#define ISIS_PDU_L2_PSNP 27 + +static const struct tok isis_pdu_values[] = { + { ISIS_PDU_L1_LAN_IIH, "L1 Lan IIH"}, + { ISIS_PDU_L2_LAN_IIH, "L2 Lan IIH"}, + { ISIS_PDU_PTP_IIH, "p2p IIH"}, + { ISIS_PDU_L1_LSP, "L1 LSP"}, + { ISIS_PDU_L2_LSP, "L2 LSP"}, + { ISIS_PDU_L1_CSNP, "L1 CSNP"}, + { ISIS_PDU_L2_CSNP, "L2 CSNP"}, + { ISIS_PDU_L1_PSNP, "L1 PSNP"}, + { ISIS_PDU_L2_PSNP, "L2 PSNP"}, { 0, NULL} }; @@ -91,197 +95,484 @@ static struct tok isis_pdu_values[] = { * encoding information in all sorts of places. This is an enumeration of * the well known types. * - * list taken from draft-ietf-isis-wg-tlv-codepoints-01.txt + * list taken from rfc3359 plus some memory from veterans ;-) */ -#define TLV_AREA_ADDR 1 -#define TLV_IS_REACH 2 -#define TLV_ESNEIGH 3 -#define TLV_PART_DIS 4 -#define TLV_PREFIX_NEIGH 5 -#define TLV_ISNEIGH 6 -#define TLV_ISNEIGH_VARLEN 7 -#define TLV_PADDING 8 -#define TLV_LSP 9 -#define TLV_AUTH 10 -#define TLV_CHECKSUM 12 -#define TLV_LSP_BUFFERSIZE 14 -#define TLV_EXT_IS_REACH 22 -#define TLV_IS_ALIAS_ID 24 -#define TLV_DECNET_PHASE4 42 -#define TLV_LUCENT_PRIVATE 66 -#define TLV_IP_REACH 128 -#define TLV_PROTOCOLS 129 -#define TLV_IP_REACH_EXT 130 -#define TLV_IDRP_INFO 131 -#define TLV_IPADDR 132 -#define TLV_IPAUTH 133 -#define TLV_TE_ROUTER_ID 134 -#define TLV_EXT_IP_REACH 135 -#define TLV_HOSTNAME 137 -#define TLV_SHARED_RISK_GROUP 138 -#define TLV_NORTEL_PRIVATE1 176 -#define TLV_NORTEL_PRIVATE2 177 -#define TLV_RESTART_SIGNALING 211 -#define TLV_MT_IS_REACH 222 -#define TLV_MT_SUPPORTED 229 -#define TLV_IP6ADDR 232 -#define TLV_MT_IP_REACH 235 -#define TLV_IP6_REACH 236 -#define TLV_MT_IP6_REACH 237 -#define TLV_PTP_ADJ 240 -#define TLV_IIH_SEQNR 241 /* draft-shen-isis-iih-sequence-00.txt */ - -static struct tok isis_tlv_values[] = { - { TLV_AREA_ADDR, "Area address(es)"}, - { TLV_IS_REACH, "IS Reachability"}, - { TLV_ESNEIGH, "ES Neighbor(s)"}, - { TLV_PART_DIS, "Partition DIS"}, - { TLV_PREFIX_NEIGH, "Prefix Neighbors"}, - { TLV_ISNEIGH, "IS Neighbor(s)"}, - { TLV_ISNEIGH_VARLEN, "IS Neighbor(s) (variable length)"}, - { TLV_PADDING, "Padding"}, - { TLV_LSP, "LSP entries"}, - { TLV_AUTH, "Authentication"}, - { TLV_CHECKSUM, "Checksum"}, - { TLV_LSP_BUFFERSIZE, "LSP Buffersize"}, - { TLV_EXT_IS_REACH, "Extended IS Reachability"}, - { TLV_IS_ALIAS_ID, "IS Alias ID"}, - { TLV_DECNET_PHASE4, "DECnet Phase IV"}, - { TLV_LUCENT_PRIVATE, "Lucent Proprietary"}, - { TLV_IP_REACH, "IPv4 Internal reachability"}, - { TLV_PROTOCOLS, "Protocols supported"}, - { TLV_IP_REACH_EXT, "IPv4 External reachability"}, - { TLV_IDRP_INFO, "Inter-Domain Information Type"}, - { TLV_IPADDR, "IPv4 Interface address(es)"}, - { TLV_IPAUTH, "IPv4 authentication (deprecated)"}, - { TLV_TE_ROUTER_ID, "Traffic Engineering Router ID"}, - { TLV_EXT_IP_REACH, "Extended IPv4 reachability"}, - { TLV_HOSTNAME, "Hostname"}, - { TLV_SHARED_RISK_GROUP, "Shared Risk Link Group"}, - { TLV_NORTEL_PRIVATE1, "Nortel Proprietary"}, - { TLV_NORTEL_PRIVATE2, "Nortel Proprietary"}, - { TLV_RESTART_SIGNALING, "Restart Signaling"}, - { TLV_MT_IS_REACH, "Multi Topology IS Reachability"}, - { TLV_MT_SUPPORTED, "Multi Topology"}, - { TLV_IP6ADDR, "IPv6 Interface address(es)"}, - { TLV_MT_IP_REACH, "Multi-Topology IPv4 reachability"}, - { TLV_IP6_REACH, "IPv6 reachability"}, - { TLV_MT_IP6_REACH, "Multi-Topology IP6 reachability"}, - { TLV_PTP_ADJ, "Point-to-point Adjacency State"}, - { TLV_IIH_SEQNR, "Hello PDU Sequence Number"}, +#define ISIS_TLV_AREA_ADDR 1 /* iso10589 */ +#define ISIS_TLV_IS_REACH 2 /* iso10589 */ +#define ISIS_TLV_ESNEIGH 3 /* iso10589 */ +#define ISIS_TLV_PART_DIS 4 /* iso10589 */ +#define ISIS_TLV_PREFIX_NEIGH 5 /* iso10589 */ +#define ISIS_TLV_ISNEIGH 6 /* iso10589 */ +#define ISIS_TLV_INSTANCE_ID 7 /* rfc8202 */ +#define ISIS_TLV_PADDING 8 /* iso10589 */ +#define ISIS_TLV_LSP 9 /* iso10589 */ +#define ISIS_TLV_AUTH 10 /* iso10589, rfc3567 */ +#define ISIS_TLV_CHECKSUM 12 /* rfc3358 */ +#define ISIS_TLV_CHECKSUM_MINLEN 2 +#define ISIS_TLV_POI 13 /* rfc6232 */ +#define ISIS_TLV_LSP_BUFFERSIZE 14 /* iso10589 rev2 */ +#define ISIS_TLV_EXT_IS_REACH 22 /* rfc5305 */ +#define ISIS_TLV_IS_ALIAS_ID 24 /* rfc5311 */ +#define ISIS_TLV_DECNET_PHASE4 42 +#define ISIS_TLV_LUCENT_PRIVATE 66 +#define ISIS_TLV_INT_IP_REACH 128 /* rfc1195, rfc2966 */ +#define ISIS_TLV_PROTOCOLS 129 /* rfc1195 */ +#define ISIS_TLV_EXT_IP_REACH 130 /* rfc1195, rfc2966 */ +#define ISIS_TLV_IDRP_INFO 131 /* rfc1195 */ +#define ISIS_TLV_IPADDR 132 /* rfc1195 */ +#define ISIS_TLV_IPAUTH 133 /* rfc1195 */ +#define ISIS_TLV_TE_ROUTER_ID 134 /* rfc5305 */ +#define ISIS_TLV_EXTD_IP_REACH 135 /* rfc5305 */ +#define ISIS_TLV_HOSTNAME 137 /* rfc2763 */ +#define ISIS_TLV_SHARED_RISK_GROUP 138 /* draft-ietf-isis-gmpls-extensions */ +#define ISIS_TLV_MT_PORT_CAP 143 /* rfc6165 */ +#define ISIS_TLV_MT_CAPABILITY 144 /* rfc6329 */ +#define ISIS_TLV_NORTEL_PRIVATE1 176 +#define ISIS_TLV_NORTEL_PRIVATE2 177 +#define ISIS_TLV_RESTART_SIGNALING 211 /* rfc3847 */ +#define ISIS_TLV_RESTART_SIGNALING_FLAGLEN 1 +#define ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN 2 +#define ISIS_TLV_MT_IS_REACH 222 /* draft-ietf-isis-wg-multi-topology-05 */ +#define ISIS_TLV_MT_SUPPORTED 229 /* draft-ietf-isis-wg-multi-topology-05 */ +#define ISIS_TLV_IP6ADDR 232 /* draft-ietf-isis-ipv6-02 */ +#define ISIS_TLV_MT_IP_REACH 235 /* draft-ietf-isis-wg-multi-topology-05 */ +#define ISIS_TLV_IP6_REACH 236 /* draft-ietf-isis-ipv6-02 */ +#define ISIS_TLV_MT_IP6_REACH 237 /* draft-ietf-isis-wg-multi-topology-05 */ +#define ISIS_TLV_PTP_ADJ 240 /* rfc3373 */ +#define ISIS_TLV_IIH_SEQNR 241 /* draft-shen-isis-iih-sequence-00 */ +#define ISIS_TLV_ROUTER_CAPABILITY 242 /* rfc7981 */ +#define ISIS_TLV_VENDOR_PRIVATE 250 /* draft-ietf-isis-experimental-tlv-01 */ +#define ISIS_TLV_VENDOR_PRIVATE_MINLEN 3 + +static const struct tok isis_tlv_values[] = { + { ISIS_TLV_AREA_ADDR, "Area address(es)"}, + { ISIS_TLV_IS_REACH, "IS Reachability"}, + { ISIS_TLV_ESNEIGH, "ES Neighbor(s)"}, + { ISIS_TLV_PART_DIS, "Partition DIS"}, + { ISIS_TLV_PREFIX_NEIGH, "Prefix Neighbors"}, + { ISIS_TLV_ISNEIGH, "IS Neighbor(s)"}, + { ISIS_TLV_INSTANCE_ID, "Instance Identifier"}, + { ISIS_TLV_PADDING, "Padding"}, + { ISIS_TLV_LSP, "LSP entries"}, + { ISIS_TLV_AUTH, "Authentication"}, + { ISIS_TLV_CHECKSUM, "Checksum"}, + { ISIS_TLV_POI, "Purge Originator Identifier"}, + { ISIS_TLV_LSP_BUFFERSIZE, "LSP Buffersize"}, + { ISIS_TLV_EXT_IS_REACH, "Extended IS Reachability"}, + { ISIS_TLV_IS_ALIAS_ID, "IS Alias ID"}, + { ISIS_TLV_DECNET_PHASE4, "DECnet Phase IV"}, + { ISIS_TLV_LUCENT_PRIVATE, "Lucent Proprietary"}, + { ISIS_TLV_INT_IP_REACH, "IPv4 Internal Reachability"}, + { ISIS_TLV_PROTOCOLS, "Protocols supported"}, + { ISIS_TLV_EXT_IP_REACH, "IPv4 External Reachability"}, + { ISIS_TLV_IDRP_INFO, "Inter-Domain Information Type"}, + { ISIS_TLV_IPADDR, "IPv4 Interface address(es)"}, + { ISIS_TLV_IPAUTH, "IPv4 authentication (deprecated)"}, + { ISIS_TLV_TE_ROUTER_ID, "Traffic Engineering Router ID"}, + { ISIS_TLV_EXTD_IP_REACH, "Extended IPv4 Reachability"}, + { ISIS_TLV_SHARED_RISK_GROUP, "Shared Risk Link Group"}, + { ISIS_TLV_MT_PORT_CAP, "Multi-Topology-Aware Port Capability"}, + { ISIS_TLV_MT_CAPABILITY, "Multi-Topology Capability"}, + { ISIS_TLV_NORTEL_PRIVATE1, "Nortel Proprietary"}, + { ISIS_TLV_NORTEL_PRIVATE2, "Nortel Proprietary"}, + { ISIS_TLV_HOSTNAME, "Hostname"}, + { ISIS_TLV_RESTART_SIGNALING, "Restart Signaling"}, + { ISIS_TLV_MT_IS_REACH, "Multi Topology IS Reachability"}, + { ISIS_TLV_MT_SUPPORTED, "Multi Topology"}, + { ISIS_TLV_IP6ADDR, "IPv6 Interface address(es)"}, + { ISIS_TLV_MT_IP_REACH, "Multi-Topology IPv4 Reachability"}, + { ISIS_TLV_IP6_REACH, "IPv6 reachability"}, + { ISIS_TLV_MT_IP6_REACH, "Multi-Topology IP6 Reachability"}, + { ISIS_TLV_PTP_ADJ, "Point-to-point Adjacency State"}, + { ISIS_TLV_IIH_SEQNR, "Hello PDU Sequence Number"}, + { ISIS_TLV_ROUTER_CAPABILITY, "IS-IS Router Capability"}, + { ISIS_TLV_VENDOR_PRIVATE, "Vendor Private"}, { 0, NULL } }; -#define SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 -#define SUBTLV_EXT_IS_REACH_LINK_LOCAL_ID 4 -#define SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 -#define SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR 6 -#define SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR 8 -#define SUBTLV_EXT_IS_REACH_MAX_LINK_BW 9 -#define SUBTLV_EXT_IS_REACH_RESERVABLE_BW 10 -#define SUBTLV_EXT_IS_REACH_UNRESERVED_BW 11 -#define SUBTLV_EXT_IS_REACH_TE_METRIC 18 -#define SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 -#define SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 - -#define SUBTLV_IP_REACH_ADMIN_TAG32 1 -#define SUBTLV_IP_REACH_ADMIN_TAG64 2 - -#define SUBTLV_AUTH_SIMPLE 1 -#define SUBTLV_AUTH_MD5 54 -#define SUBTLV_AUTH_MD5_LEN 16 -#define SUBTLV_AUTH_PRIVATE 255 - -static struct tok isis_subtlv_auth_values[] = { - { SUBTLV_AUTH_SIMPLE, "simple text password"}, - { SUBTLV_AUTH_MD5, "HMAC-MD5 password"}, - { SUBTLV_AUTH_PRIVATE, "Routing Domain private password"}, +#define ESIS_OPTION_PROTOCOLS 129 +#define ESIS_OPTION_QOS_MAINTENANCE 195 /* iso9542 */ +#define ESIS_OPTION_SECURITY 197 /* iso9542 */ +#define ESIS_OPTION_ES_CONF_TIME 198 /* iso9542 */ +#define ESIS_OPTION_PRIORITY 205 /* iso9542 */ +#define ESIS_OPTION_ADDRESS_MASK 225 /* iso9542 */ +#define ESIS_OPTION_SNPA_MASK 226 /* iso9542 */ + +static const struct tok esis_option_values[] = { + { ESIS_OPTION_PROTOCOLS, "Protocols supported"}, + { ESIS_OPTION_QOS_MAINTENANCE, "QoS Maintenance" }, + { ESIS_OPTION_SECURITY, "Security" }, + { ESIS_OPTION_ES_CONF_TIME, "ES Configuration Time" }, + { ESIS_OPTION_PRIORITY, "Priority" }, + { ESIS_OPTION_ADDRESS_MASK, "Address Mask" }, + { ESIS_OPTION_SNPA_MASK, "SNPA Mask" }, { 0, NULL } }; -#define SUBTLV_IDRP_RES 0 -#define SUBTLV_IDRP_LOCAL 1 -#define SUBTLV_IDRP_ASN 2 +#define CLNP_OPTION_DISCARD_REASON 193 +#define CLNP_OPTION_QOS_MAINTENANCE 195 /* iso8473 */ +#define CLNP_OPTION_SECURITY 197 /* iso8473 */ +#define CLNP_OPTION_SOURCE_ROUTING 200 /* iso8473 */ +#define CLNP_OPTION_ROUTE_RECORDING 203 /* iso8473 */ +#define CLNP_OPTION_PADDING 204 /* iso8473 */ +#define CLNP_OPTION_PRIORITY 205 /* iso8473 */ + +static const struct tok clnp_option_values[] = { + { CLNP_OPTION_DISCARD_REASON, "Discard Reason"}, + { CLNP_OPTION_PRIORITY, "Priority"}, + { CLNP_OPTION_QOS_MAINTENANCE, "QoS Maintenance"}, + { CLNP_OPTION_SECURITY, "Security"}, + { CLNP_OPTION_SOURCE_ROUTING, "Source Routing"}, + { CLNP_OPTION_ROUTE_RECORDING, "Route Recording"}, + { CLNP_OPTION_PADDING, "Padding"}, + { 0, NULL } +}; -static struct tok isis_subtlv_idrp_values[] = { - { SUBTLV_IDRP_RES, "Reserved"}, - { SUBTLV_IDRP_LOCAL, "Routing-Domain Specific"}, - { SUBTLV_IDRP_ASN, "AS Number Tag"}, - { 0, NULL} +static const struct tok clnp_option_rfd_class_values[] = { + { 0x0, "General"}, + { 0x8, "Address"}, + { 0x9, "Source Routeing"}, + { 0xa, "Lifetime"}, + { 0xb, "PDU Discarded"}, + { 0xc, "Reassembly"}, + { 0, NULL } +}; + +static const struct tok clnp_option_rfd_general_values[] = { + { 0x0, "Reason not specified"}, + { 0x1, "Protocol procedure error"}, + { 0x2, "Incorrect checksum"}, + { 0x3, "PDU discarded due to congestion"}, + { 0x4, "Header syntax error (cannot be parsed)"}, + { 0x5, "Segmentation needed but not permitted"}, + { 0x6, "Incomplete PDU received"}, + { 0x7, "Duplicate option"}, + { 0, NULL } }; -#define ISIS_8BIT_MASK(x) ((x)&0xff) +static const struct tok clnp_option_rfd_address_values[] = { + { 0x0, "Destination address unreachable"}, + { 0x1, "Destination address unknown"}, + { 0, NULL } +}; -#define ISIS_MASK_LSP_OL_BIT(x) ((x)&0x4) -#define ISIS_MASK_LSP_ISTYPE_BITS(x) ((x)&0x3) -#define ISIS_MASK_LSP_PARTITION_BIT(x) ((x)&0x80) -#define ISIS_MASK_LSP_ATT_BITS(x) ((x)&0x78) -#define ISIS_MASK_LSP_ATT_ERROR_BIT(x) ((x)&0x40) -#define ISIS_MASK_LSP_ATT_EXPENSE_BIT(x) ((x)&0x20) -#define ISIS_MASK_LSP_ATT_DELAY_BIT(x) ((x)&0x10) -#define ISIS_MASK_LSP_ATT_DEFAULT_BIT(x) ((x)&0x8) +static const struct tok clnp_option_rfd_source_routeing_values[] = { + { 0x0, "Unspecified source routeing error"}, + { 0x1, "Syntax error in source routeing field"}, + { 0x2, "Unknown address in source routeing field"}, + { 0x3, "Path not acceptable"}, + { 0, NULL } +}; -#define ISIS_MASK_MTID(x) ((x)&0xfff) -#define ISIS_MASK_MTSUB(x) ((x)&0x8000) -#define ISIS_MASK_MTATT(x) ((x)&0x4000) +static const struct tok clnp_option_rfd_lifetime_values[] = { + { 0x0, "Lifetime expired while data unit in transit"}, + { 0x1, "Lifetime expired during reassembly"}, + { 0, NULL } +}; -#define ISIS_MASK_TLV_EXT_IP_UPDOWN(x) ((x)&0x80) -#define ISIS_MASK_TLV_EXT_IP_SUBTLV(x) ((x)&0x40) +static const struct tok clnp_option_rfd_pdu_discard_values[] = { + { 0x0, "Unsupported option not specified"}, + { 0x1, "Unsupported protocol version"}, + { 0x2, "Unsupported security option"}, + { 0x3, "Unsupported source routeing option"}, + { 0x4, "Unsupported recording of route option"}, + { 0, NULL } +}; -#define ISIS_MASK_TLV_IP6_UPDOWN(x) ((x)&0x80) -#define ISIS_MASK_TLV_IP6_IE(x) ((x)&0x40) -#define ISIS_MASK_TLV_IP6_SUBTLV(x) ((x)&0x20) +static const struct tok clnp_option_rfd_reassembly_values[] = { + { 0x0, "Reassembly interference"}, + { 0, NULL } +}; -#define ISIS_MASK_TLV_RESTART_RR(x) ((x)&0x1) -#define ISIS_MASK_TLV_RESTART_RA(x) ((x)&0x2) +/* array of 16 error-classes */ +static const struct tok *clnp_option_rfd_error_class[] = { + clnp_option_rfd_general_values, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + clnp_option_rfd_address_values, + clnp_option_rfd_source_routeing_values, + clnp_option_rfd_lifetime_values, + clnp_option_rfd_pdu_discard_values, + clnp_option_rfd_reassembly_values, + NULL, + NULL, + NULL +}; -#define ISIS_LSP_TLV_METRIC_SUPPORTED(x) ((x)&0x80) -#define ISIS_LSP_TLV_METRIC_IE(x) ((x)&0x40) -#define ISIS_LSP_TLV_METRIC_UPDOWN(x) ((x)&0x80) -#define ISIS_LSP_TLV_METRIC_VALUE(x) ((x)&0x3f) +#define CLNP_OPTION_OPTION_QOS_MASK 0x3f +#define CLNP_OPTION_SCOPE_MASK 0xc0 +#define CLNP_OPTION_SCOPE_SA_SPEC 0x40 +#define CLNP_OPTION_SCOPE_DA_SPEC 0x80 +#define CLNP_OPTION_SCOPE_GLOBAL 0xc0 -#define ISIS_MASK_TLV_SHARED_RISK_GROUP(x) ((x)&0x1) +static const struct tok clnp_option_scope_values[] = { + { CLNP_OPTION_SCOPE_SA_SPEC, "Source Address Specific"}, + { CLNP_OPTION_SCOPE_DA_SPEC, "Destination Address Specific"}, + { CLNP_OPTION_SCOPE_GLOBAL, "Globally unique"}, + { 0, NULL } +}; + +static const struct tok clnp_option_sr_rr_values[] = { + { 0x0, "partial"}, + { 0x1, "complete"}, + { 0, NULL } +}; + +static const struct tok clnp_option_sr_rr_string_values[] = { + { CLNP_OPTION_SOURCE_ROUTING, "source routing"}, + { CLNP_OPTION_ROUTE_RECORDING, "recording of route in progress"}, + { 0, NULL } +}; + +static const struct tok clnp_option_qos_global_values[] = { + { 0x20, "reserved"}, + { 0x10, "sequencing vs. delay"}, + { 0x08, "congested"}, + { 0x04, "delay vs. cost"}, + { 0x02, "error vs. delay"}, + { 0x01, "error vs. cost"}, + { 0, NULL } +}; + +static const struct tok isis_tlv_router_capability_flags[] = { + { 0x01, "S bit"}, + { 0x02, "D bit"}, + { 0, NULL } +}; + +#define ISIS_SUBTLV_ROUTER_CAP_SR 2 /* rfc 8667 */ + +static const struct tok isis_router_capability_subtlv_values[] = { + { ISIS_SUBTLV_ROUTER_CAP_SR, "SR-Capabilities"}, + { 0, NULL } +}; + +static const struct tok isis_router_capability_sr_flags[] = { + { 0x80, "ipv4"}, + { 0x40, "ipv6"}, + { 0, NULL } +}; + +#define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* rfc4205 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR 6 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR 8 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW 9 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW 10 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW 11 /* rfc4124 */ +#define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD 12 /* draft-ietf-tewg-diff-te-proto-06 */ +#define ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC 18 /* rfc5305 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE 19 /* draft-ietf-isis-link-attr-01 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* rfc4205 */ +#define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR 21 /* rfc4205 */ +#define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS 22 /* rfc4124 */ +#define ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID 32 /* rfc8667 */ + +#define ISIS_SUBTLV_SPB_METRIC 29 /* rfc6329 */ + +static const struct tok isis_ext_is_reach_subtlv_values[] = { + { ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP, "Administrative groups" }, + { ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID, "Link Local/Remote Identifier" }, + { ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID, "Link Remote Identifier" }, + { ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR, "IPv4 interface address" }, + { ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR, "IPv4 neighbor address" }, + { ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW, "Maximum link bandwidth" }, + { ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW, "Reservable link bandwidth" }, + { ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW, "Unreserved bandwidth" }, + { ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC, "Traffic Engineering Metric" }, + { ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE, "Link Attribute" }, + { ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE, "Link Protection Type" }, + { ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR, "Interface Switching Capability" }, + { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD, "Bandwidth Constraints (old)" }, + { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS, "Bandwidth Constraints" }, + { ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID, "LAN Adjacency Segment Identifier" }, + { ISIS_SUBTLV_SPB_METRIC, "SPB Metric" }, + { 250, "Reserved for cisco specific extensions" }, + { 251, "Reserved for cisco specific extensions" }, + { 252, "Reserved for cisco specific extensions" }, + { 253, "Reserved for cisco specific extensions" }, + { 254, "Reserved for cisco specific extensions" }, + { 255, "Reserved for future expansion" }, + { 0, NULL } +}; + +#define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32 1 /* draft-ietf-isis-admin-tags-01 */ +#define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64 2 /* draft-ietf-isis-admin-tags-01 */ +#define ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID 3 /* rfc8667 */ +#define ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR 117 /* draft-ietf-isis-wg-multi-topology-05 */ + +static const struct tok isis_ext_ip_reach_subtlv_values[] = { + { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32, "32-Bit Administrative tag" }, + { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64, "64-Bit Administrative tag" }, + { ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID, "Prefix SID" }, + { ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR, "Management Prefix Color" }, + { 0, NULL } +}; + +#define ISIS_PREFIX_SID_FLAG_R 0x80 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_N 0x40 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_P 0x20 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_E 0x10 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_V 0x08 /* rfc 8667 */ +#define ISIS_PREFIX_SID_FLAG_L 0x04 /* rfc 8667 */ + +static const struct tok prefix_sid_flag_values[] = { + { ISIS_PREFIX_SID_FLAG_R, "Readvertisement"}, + { ISIS_PREFIX_SID_FLAG_N, "Node"}, + { ISIS_PREFIX_SID_FLAG_P, "No-PHP"}, + { ISIS_PREFIX_SID_FLAG_E, "Explicit NULL"}, + { ISIS_PREFIX_SID_FLAG_V, "Value"}, + { ISIS_PREFIX_SID_FLAG_L, "Local"}, + { 0, NULL} +}; + + +/* rfc 8667 */ +static const struct tok prefix_sid_algo_values[] = { + { 0, "SPF"}, + { 1, "strict-SPF"}, + { 0, NULL} +}; + +static const struct tok isis_subtlv_link_attribute_values[] = { + { 0x01, "Local Protection Available" }, + { 0x02, "Link excluded from local protection path" }, + { 0x04, "Local maintenance required"}, + { 0, NULL } +}; + +static const struct tok isis_lan_adj_sid_flag_values[] = { + { 0x80, "Address family IPv6" }, + { 0x40, "Backup" }, + { 0x20, "Value" }, + { 0x10, "Local significance" }, + { 0x08, "Set of adjacencies" }, + { 0x04, "Persistent" }, + { 0, NULL } +}; -static const char *isis_gmpls_link_prot_values[] = { - "Extra", - "Unprotected", - "Shared", - "Dedicated 1:1", - "Dedicated 1+1", - "Enhanced", - "Reserved", - "Reserved" +#define ISIS_SUBTLV_AUTH_SIMPLE 1 +#define ISIS_SUBTLV_AUTH_GENERIC 3 /* rfc 5310 */ +#define ISIS_SUBTLV_AUTH_MD5 54 +#define ISIS_SUBTLV_AUTH_MD5_LEN 16 +#define ISIS_SUBTLV_AUTH_PRIVATE 255 + +static const struct tok isis_subtlv_auth_values[] = { + { ISIS_SUBTLV_AUTH_SIMPLE, "simple text password"}, + { ISIS_SUBTLV_AUTH_GENERIC, "Generic Crypto key-id"}, + { ISIS_SUBTLV_AUTH_MD5, "HMAC-MD5 password"}, + { ISIS_SUBTLV_AUTH_PRIVATE, "Routing Domain private password"}, + { 0, NULL } }; -static struct tok isis_gmpls_sw_cap_values[] = { - { 1, "Packet-Switch Capable-1"}, - { 2, "Packet-Switch Capable-2"}, - { 3, "Packet-Switch Capable-3"}, - { 4, "Packet-Switch Capable-4"}, - { 51, "Layer-2 Switch Capable"}, - { 100, "Time-Division-Multiplex"}, - { 150, "Lambda-Switch Capable"}, - { 200, "Fiber-Switch Capable"}, +#define ISIS_SUBTLV_IDRP_RES 0 +#define ISIS_SUBTLV_IDRP_LOCAL 1 +#define ISIS_SUBTLV_IDRP_ASN 2 + +static const struct tok isis_subtlv_idrp_values[] = { + { ISIS_SUBTLV_IDRP_RES, "Reserved"}, + { ISIS_SUBTLV_IDRP_LOCAL, "Routing-Domain Specific"}, + { ISIS_SUBTLV_IDRP_ASN, "AS Number Tag"}, + { 0, NULL} +}; + +#define ISIS_SUBTLV_SPB_MCID 4 +#define ISIS_SUBTLV_SPB_DIGEST 5 +#define ISIS_SUBTLV_SPB_BVID 6 + +#define ISIS_SUBTLV_SPB_INSTANCE 1 +#define ISIS_SUBTLV_SPBM_SI 3 + +#define ISIS_SPB_MCID_LEN 51 +#define ISIS_SUBTLV_SPB_MCID_MIN_LEN 102 +#define ISIS_SUBTLV_SPB_DIGEST_MIN_LEN 33 +#define ISIS_SUBTLV_SPB_BVID_MIN_LEN 6 +#define ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN 19 +#define ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN 8 + +static const struct tok isis_mt_port_cap_subtlv_values[] = { + { ISIS_SUBTLV_SPB_MCID, "SPB MCID" }, + { ISIS_SUBTLV_SPB_DIGEST, "SPB Digest" }, + { ISIS_SUBTLV_SPB_BVID, "SPB BVID" }, { 0, NULL } }; -static struct tok isis_gmpls_lsp_enc_values[] = { - { 1, "Packet"}, - { 2, "Ethernet V2/DIX"}, - { 3, "ANSI PDH"}, - { 4, "ETSI PDH"}, - { 5, "SDH ITU-T G.707"}, - { 6, "SONET ANSI T1.105"}, - { 7, "Digital Wrapper"}, - { 8, "Lambda (photonic)"}, - { 9, "Fiber"}, - { 10, "Ethernet 802.3"}, - { 11, "FiberChannel"}, +static const struct tok isis_mt_capability_subtlv_values[] = { + { ISIS_SUBTLV_SPB_INSTANCE, "SPB Instance" }, + { ISIS_SUBTLV_SPBM_SI, "SPBM Service Identifier and Unicast Address" }, { 0, NULL } }; -static struct tok isis_mt_values[] = { +struct isis_spb_mcid { + nd_uint8_t format_id; + nd_byte name[32]; + nd_uint16_t revision_lvl; + nd_byte digest[16]; +}; + +struct isis_subtlv_spb_mcid { + struct isis_spb_mcid mcid; + struct isis_spb_mcid aux_mcid; +}; + +struct isis_subtlv_spb_instance { + nd_byte cist_root_id[8]; + nd_uint32_t cist_external_root_path_cost; + nd_uint16_t bridge_priority; + nd_uint32_t spsourceid; + nd_uint8_t no_of_trees; +}; + +#define CLNP_SEGMENT_PART 0x80 +#define CLNP_MORE_SEGMENTS 0x40 +#define CLNP_REQUEST_ER 0x20 + +static const struct tok clnp_flag_values[] = { + { CLNP_SEGMENT_PART, "Segmentation permitted"}, + { CLNP_MORE_SEGMENTS, "more Segments"}, + { CLNP_REQUEST_ER, "request Error Report"}, + { 0, NULL} +}; + +#define ISIS_MASK_LSP_OL_BIT(x) (GET_U_1(x)&0x4) +#define ISIS_MASK_LSP_ISTYPE_BITS(x) (GET_U_1(x)&0x3) +#define ISIS_MASK_LSP_PARTITION_BIT(x) (GET_U_1(x)&0x80) +#define ISIS_MASK_LSP_ATT_BITS(x) (GET_U_1(x)&0x78) +#define ISIS_MASK_LSP_ATT_ERROR_BIT(x) (GET_U_1(x)&0x40) +#define ISIS_MASK_LSP_ATT_EXPENSE_BIT(x) (GET_U_1(x)&0x20) +#define ISIS_MASK_LSP_ATT_DELAY_BIT(x) (GET_U_1(x)&0x10) +#define ISIS_MASK_LSP_ATT_DEFAULT_BIT(x) (GET_U_1(x)&0x8) + +#define ISIS_MASK_MTID(x) ((x)&0x0fff) +#define ISIS_MASK_MTFLAGS(x) ((x)&0xf000) + +static const struct tok isis_mt_flag_values[] = { + { 0x4000, "ATT bit set"}, + { 0x8000, "Overload bit set"}, + { 0, NULL} +}; + +#define ISIS_MASK_TLV_EXTD_IP_UPDOWN(x) ((x)&0x80) +#define ISIS_MASK_TLV_EXTD_IP_SUBTLV(x) ((x)&0x40) + +#define ISIS_MASK_TLV_EXTD_IP6_IE(x) ((x)&0x40) +#define ISIS_MASK_TLV_EXTD_IP6_SUBTLV(x) ((x)&0x20) + +#define ISIS_LSP_TLV_METRIC_SUPPORTED(x) (GET_U_1(x)&0x80) +#define ISIS_LSP_TLV_METRIC_IE(x) (GET_U_1(x)&0x40) +#define ISIS_LSP_TLV_METRIC_UPDOWN(x) (GET_U_1(x)&0x80) +#define ISIS_LSP_TLV_METRIC_VALUE(x) (GET_U_1(x)&0x3f) + +#define ISIS_MASK_TLV_SHARED_RISK_GROUP(x) ((x)&0x1) + +static const struct tok isis_mt_values[] = { { 0, "IPv4 unicast"}, { 1, "In-Band Management"}, { 2, "IPv6 unicast"}, @@ -290,7 +581,7 @@ static struct tok isis_mt_values[] = { { 0, NULL } }; -static struct tok isis_iih_circuit_type_values[] = { +static const struct tok isis_iih_circuit_type_values[] = { { 1, "Level 1 only"}, { 2, "Level 2 only"}, { 3, "Level 1, Level 2"}, @@ -302,18 +593,11 @@ static struct tok isis_iih_circuit_type_values[] = { #define ISIS_LSP_TYPE_UNUSED2 2 #define ISIS_LSP_TYPE_LEVEL_2 3 -static struct tok isis_lsp_istype_values[] = { +static const struct tok isis_lsp_istype_values[] = { { ISIS_LSP_TYPE_UNUSED0, "Unused 0x0 (invalid)"}, { ISIS_LSP_TYPE_LEVEL_1, "L1 IS"}, { ISIS_LSP_TYPE_UNUSED2, "Unused 0x2 (invalid)"}, - { ISIS_LSP_TYPE_LEVEL_2, "L1L2 IS"}, - { 0, NULL } -}; - -static struct tok isis_nlpid_values[] = { - { NLPID_CLNS, "CLNS"}, - { NLPID_IP, "IPv4"}, - { NLPID_IP6, "IPv6"}, + { ISIS_LSP_TYPE_LEVEL_2, "L2 IS"}, { 0, NULL } }; @@ -326,8 +610,7 @@ static struct tok isis_nlpid_values[] = { #define ISIS_PTP_ADJ_INIT 1 #define ISIS_PTP_ADJ_DOWN 2 - -static struct tok isis_ptp_adjancey_values[] = { +static const struct tok isis_ptp_adjacency_values[] = { { ISIS_PTP_ADJ_UP, "Up" }, { ISIS_PTP_ADJ_INIT, "Initializing" }, { ISIS_PTP_ADJ_DOWN, "Down" }, @@ -335,131 +618,110 @@ static struct tok isis_ptp_adjancey_values[] = { }; struct isis_tlv_ptp_adj { - u_char adjacency_state; - u_char extd_local_circuit_id[4]; - u_char neighbor_sysid[SYSTEM_ID_LEN]; - u_char neighbor_extd_local_circuit_id[4]; + nd_uint8_t adjacency_state; + nd_uint32_t extd_local_circuit_id; + nd_byte neighbor_sysid[SYSTEM_ID_LEN]; + nd_uint32_t neighbor_extd_local_circuit_id; }; -static int osi_cksum(const u_char *, u_int); -static void esis_print(const u_char *, u_int); -static int isis_print(const u_char *, u_int); +static void osi_print_cksum(netdissect_options *, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, u_int length); +static int clnp_print(netdissect_options *, const uint8_t *, u_int); +static void esis_print(netdissect_options *, const uint8_t *, u_int); +static int isis_print(netdissect_options *, const uint8_t *, u_int); struct isis_metric_block { - u_char metric_default; - u_char metric_delay; - u_char metric_expense; - u_char metric_error; + nd_uint8_t metric_default; + nd_uint8_t metric_delay; + nd_uint8_t metric_expense; + nd_uint8_t metric_error; }; struct isis_tlv_is_reach { struct isis_metric_block isis_metric_block; - u_char neighbor_nodeid[NODE_ID_LEN]; + nd_byte neighbor_nodeid[NODE_ID_LEN]; }; struct isis_tlv_es_reach { struct isis_metric_block isis_metric_block; - u_char neighbor_sysid[SYSTEM_ID_LEN]; + nd_byte neighbor_sysid[SYSTEM_ID_LEN]; }; struct isis_tlv_ip_reach { struct isis_metric_block isis_metric_block; - u_char prefix[4]; - u_char mask[4]; + nd_ipv4 prefix; + nd_ipv4 mask; }; -static struct tok isis_is_reach_virtual_values[] = { +static const struct tok isis_is_reach_virtual_values[] = { { 0, "IsNotVirtual"}, { 1, "IsVirtual"}, { 0, NULL } }; +static const struct tok isis_restart_flag_values[] = { + { 0x1, "Restart Request"}, + { 0x2, "Restart Acknowledgement"}, + { 0x4, "Suppress adjacency advertisement"}, + { 0, NULL } +}; + struct isis_common_header { - u_char nlpid; - u_char fixed_len; - u_char version; /* Protocol version? */ - u_char id_length; - u_char pdu_type; /* 3 MSbs are reserved */ - u_char pdu_version; /* Packet format version? */ - u_char reserved; - u_char max_area; + nd_uint8_t nlpid; + nd_uint8_t fixed_len; + nd_uint8_t version; /* Protocol version */ + nd_uint8_t id_length; + nd_uint8_t pdu_type; /* 3 MSbits are reserved */ + nd_uint8_t pdu_version; /* Packet format version */ + nd_byte reserved; + nd_uint8_t max_area; }; struct isis_iih_lan_header { - u_char circuit_type; - u_char source_id[SYSTEM_ID_LEN]; - u_char holding_time[2]; - u_char pdu_len[2]; - u_char priority; - u_char lan_id[NODE_ID_LEN]; + nd_uint8_t circuit_type; + nd_byte source_id[SYSTEM_ID_LEN]; + nd_uint16_t holding_time; + nd_uint16_t pdu_len; + nd_uint8_t priority; + nd_byte lan_id[NODE_ID_LEN]; }; struct isis_iih_ptp_header { - u_char circuit_type; - u_char source_id[SYSTEM_ID_LEN]; - u_char holding_time[2]; - u_char pdu_len[2]; - u_char circuit_id; + nd_uint8_t circuit_type; + nd_byte source_id[SYSTEM_ID_LEN]; + nd_uint16_t holding_time; + nd_uint16_t pdu_len; + nd_uint8_t circuit_id; }; struct isis_lsp_header { - u_char pdu_len[2]; - u_char remaining_lifetime[2]; - u_char lsp_id[LSP_ID_LEN]; - u_char sequence_number[4]; - u_char checksum[2]; - u_char typeblock; + nd_uint16_t pdu_len; + nd_uint16_t remaining_lifetime; + nd_byte lsp_id[LSP_ID_LEN]; + nd_uint32_t sequence_number; + nd_uint16_t checksum; + nd_uint8_t typeblock; }; struct isis_csnp_header { - u_char pdu_len[2]; - u_char source_id[NODE_ID_LEN]; - u_char start_lsp_id[LSP_ID_LEN]; - u_char end_lsp_id[LSP_ID_LEN]; + nd_uint16_t pdu_len; + nd_byte source_id[NODE_ID_LEN]; + nd_byte start_lsp_id[LSP_ID_LEN]; + nd_byte end_lsp_id[LSP_ID_LEN]; }; struct isis_psnp_header { - u_char pdu_len[2]; - u_char source_id[NODE_ID_LEN]; + nd_uint16_t pdu_len; + nd_byte source_id[NODE_ID_LEN]; }; struct isis_tlv_lsp { - u_char remaining_lifetime[2]; - u_char lsp_id[LSP_ID_LEN]; - u_char sequence_number[4]; - u_char checksum[2]; + nd_uint16_t remaining_lifetime; + nd_byte lsp_id[LSP_ID_LEN]; + nd_uint32_t sequence_number; + nd_uint16_t checksum; }; - -/* allocate space for the following string - * xx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx - * 32 bytes plus one termination byte */ -static char * -print_nsap(register const u_char *pptr, register int nsap_length) -{ - int nsap_idx; - static char nsap_ascii_output[33]; - char *junk_buf = nsap_ascii_output; - - if (nsap_length < 1 || nsap_length > 13) { - junk_buf+=sprintf(junk_buf, "illegal length"); - *(junk_buf) = '\0'; - return (nsap_ascii_output); - } - - for (nsap_idx = 0; nsap_idx < nsap_length; nsap_idx++) { - if (!TTEST2(*pptr, 1)) - return (0); - junk_buf+=sprintf(junk_buf, "%02x", *pptr++); - if (((nsap_idx & 1) == 0) && - (nsap_idx + 1 < nsap_length)) { - junk_buf+=sprintf(junk_buf, "."); - } - } - *(junk_buf) = '\0'; - return (nsap_ascii_output); -} - #define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header)) #define ISIS_IIH_LAN_HEADER_SIZE (sizeof(struct isis_iih_lan_header)) #define ISIS_IIH_PTP_HEADER_SIZE (sizeof(struct isis_iih_ptp_header)) @@ -467,318 +729,1063 @@ print_nsap(register const u_char *pptr, register int nsap_length) #define ISIS_CSNP_HEADER_SIZE (sizeof(struct isis_csnp_header)) #define ISIS_PSNP_HEADER_SIZE (sizeof(struct isis_psnp_header)) -void isoclns_print(const u_char *p, u_int length, u_int caplen, - const u_char *esrc, const u_char *edst) +void +isoclns_print(netdissect_options *ndo, const u_char *p, u_int length) { - u_char pdu_type; - const struct isis_common_header *header; - - header = (const struct isis_common_header *)p; - pdu_type = header->pdu_type & PDU_TYPE_MASK; - - if (caplen < 1) { - printf("[|iso-clns] "); - if (!eflag && esrc != NULL && edst != NULL) - printf("%s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); - return; - } + ndo->ndo_protocol = "isoclns"; - switch (*p) { + if (ndo->ndo_eflag) + ND_PRINT("OSI NLPID %s (0x%02x): ", + tok2str(nlpid_values, "Unknown", GET_U_1(p)), + GET_U_1(p)); - case NLPID_CLNS: - (void)printf("CLNS, length: %u", length); - if (!eflag && esrc != NULL && edst != NULL) - (void)printf(", %s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); + switch (GET_U_1(p)) { + + case NLPID_CLNP: + if (!clnp_print(ndo, p, length)) + print_unknown_data(ndo, p, "\n\t", length); break; case NLPID_ESIS: - (void)printf("ESIS, length: %u", length); - if (!eflag && esrc != NULL && edst != NULL) - (void)printf(", %s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); - esis_print(p, length); + esis_print(ndo, p, length); return; case NLPID_ISIS: - (void)printf("ISIS, length: %u", length); - if (!eflag && esrc != NULL && edst != NULL) - (void)printf(", %s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); - if (!isis_print(p, length)) - default_print_unaligned(p, caplen); + if (!isis_print(ndo, p, length)) + print_unknown_data(ndo, p, "\n\t", length); break; case NLPID_NULLNS: - (void)printf("ISO NULLNS, length: %u", length); - if (!eflag && esrc != NULL && edst != NULL) - (void)printf(", %s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); + ND_PRINT("%slength: %u", ndo->ndo_eflag ? "" : ", ", length); + break; + + case NLPID_Q933: + q933_print(ndo, p + 1, length - 1); + break; + + case NLPID_IP: + ip_print(ndo, p + 1, length - 1); + break; + + case NLPID_IP6: + ip6_print(ndo, p + 1, length - 1); + break; + + case NLPID_PPP: + ppp_print(ndo, p + 1, length - 1); break; default: - (void)printf("CLNS 0x%02x, length: %u", p[0], length); - if (!eflag && esrc != NULL && edst != NULL) - (void)printf(", %s > %s", - etheraddr_string(esrc), - etheraddr_string(edst)); - if (caplen > 1) - default_print_unaligned(p, caplen); + if (!ndo->ndo_eflag) + ND_PRINT("OSI NLPID 0x%02x unknown", GET_U_1(p)); + ND_PRINT("%slength: %u", ndo->ndo_eflag ? "" : ", ", length); + if (length > 1) + print_unknown_data(ndo, p, "\n\t", length); break; } } -#define ESIS_REDIRECT 6 -#define ESIS_ESH 2 -#define ESIS_ISH 4 +#define CLNP_PDU_ER 1 +#define CLNP_PDU_DT 28 +#define CLNP_PDU_MD 29 +#define CLNP_PDU_ERQ 30 +#define CLNP_PDU_ERP 31 + +static const struct tok clnp_pdu_values[] = { + { CLNP_PDU_ER, "Error Report"}, + { CLNP_PDU_MD, "MD"}, + { CLNP_PDU_DT, "Data"}, + { CLNP_PDU_ERQ, "Echo Request"}, + { CLNP_PDU_ERP, "Echo Response"}, + { 0, NULL } +}; + +struct clnp_header_t { + nd_uint8_t nlpid; + nd_uint8_t length_indicator; + nd_uint8_t version; + nd_uint8_t lifetime; /* units of 500ms */ + nd_uint8_t type; + nd_uint16_t segment_length; + nd_uint16_t cksum; +}; + +struct clnp_segment_header_t { + nd_uint16_t data_unit_id; + nd_uint16_t segment_offset; + nd_uint16_t total_length; +}; + +/* + * clnp_print + * Decode CLNP packets. Return 0 on error. + */ + +static int +clnp_print(netdissect_options *ndo, + const uint8_t *pptr, u_int length) +{ + const uint8_t *optr,*source_address,*dest_address; + u_int li,li_remaining,tlen,nsap_offset,source_address_length,dest_address_length, clnp_pdu_type, clnp_flags; + const struct clnp_header_t *clnp_header; + const struct clnp_segment_header_t *clnp_segment_header; + uint8_t rfd_error,rfd_error_major,rfd_error_minor; + + ndo->ndo_protocol = "clnp"; + clnp_header = (const struct clnp_header_t *) pptr; + ND_TCHECK_SIZE(clnp_header); + + li = GET_U_1(clnp_header->length_indicator); + li_remaining = li; + optr = pptr; + + if (!ndo->ndo_eflag) + nd_print_protocol_caps(ndo); + + /* + * Sanity checking of the header. + */ + + if (GET_U_1(clnp_header->version) != CLNP_VERSION) { + ND_PRINT("version %u packet not supported", + GET_U_1(clnp_header->version)); + return (0); + } + + if (li > length) { + ND_PRINT(" length indicator(%u) > PDU size (%u)!", li, length); + return (0); + } + + if (li < sizeof(struct clnp_header_t)) { + ND_PRINT(" length indicator %u < min PDU size:", li); + while (pptr < ndo->ndo_snapend) { + ND_PRINT("%02X", GET_U_1(pptr)); + pptr++; + } + return (0); + } + + /* FIXME further header sanity checking */ + + clnp_pdu_type = GET_U_1(clnp_header->type) & CLNP_PDU_TYPE_MASK; + clnp_flags = GET_U_1(clnp_header->type) & CLNP_FLAG_MASK; + + pptr += sizeof(struct clnp_header_t); + li_remaining -= sizeof(struct clnp_header_t); + + if (li_remaining < 1) { + ND_PRINT("li < size of fixed part of CLNP header and addresses"); + return (0); + } + dest_address_length = GET_U_1(pptr); + pptr += 1; + li_remaining -= 1; + if (li_remaining < dest_address_length) { + ND_PRINT("li < size of fixed part of CLNP header and addresses"); + return (0); + } + ND_TCHECK_LEN(pptr, dest_address_length); + dest_address = pptr; + pptr += dest_address_length; + li_remaining -= dest_address_length; + + if (li_remaining < 1) { + ND_PRINT("li < size of fixed part of CLNP header and addresses"); + return (0); + } + source_address_length = GET_U_1(pptr); + pptr += 1; + li_remaining -= 1; + if (li_remaining < source_address_length) { + ND_PRINT("li < size of fixed part of CLNP header and addresses"); + return (0); + } + ND_TCHECK_LEN(pptr, source_address_length); + source_address = pptr; + pptr += source_address_length; + li_remaining -= source_address_length; + + if (ndo->ndo_vflag < 1) { + ND_PRINT("%s%s > %s, %s, length %u", + ndo->ndo_eflag ? "" : ", ", + GET_ISONSAP_STRING(source_address, source_address_length), + GET_ISONSAP_STRING(dest_address, dest_address_length), + tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), + length); + return (1); + } + ND_PRINT("%slength %u", ndo->ndo_eflag ? "" : ", ", length); + + ND_PRINT("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x", + tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type), + GET_U_1(clnp_header->length_indicator), + GET_U_1(clnp_header->version), + GET_U_1(clnp_header->lifetime)/2, + (GET_U_1(clnp_header->lifetime)%2)*5, + GET_BE_U_2(clnp_header->segment_length), + GET_BE_U_2(clnp_header->cksum)); + + osi_print_cksum(ndo, optr, GET_BE_U_2(clnp_header->cksum), 7, + GET_U_1(clnp_header->length_indicator)); + + ND_PRINT("\n\tFlags [%s]", + bittok2str(clnp_flag_values, "none", clnp_flags)); + + ND_PRINT("\n\tsource address (length %u): %s\n\tdest address (length %u): %s", + source_address_length, + GET_ISONSAP_STRING(source_address, source_address_length), + dest_address_length, + GET_ISONSAP_STRING(dest_address, dest_address_length)); + + if (clnp_flags & CLNP_SEGMENT_PART) { + if (li_remaining < sizeof(struct clnp_segment_header_t)) { + ND_PRINT("li < size of fixed part of CLNP header, addresses, and segment part"); + return (0); + } + clnp_segment_header = (const struct clnp_segment_header_t *) pptr; + ND_TCHECK_SIZE(clnp_segment_header); + ND_PRINT("\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u", + GET_BE_U_2(clnp_segment_header->data_unit_id), + GET_BE_U_2(clnp_segment_header->segment_offset), + GET_BE_U_2(clnp_segment_header->total_length)); + pptr+=sizeof(struct clnp_segment_header_t); + li_remaining-=sizeof(struct clnp_segment_header_t); + } + + /* now walk the options */ + while (li_remaining != 0) { + u_int op, opli; + const uint8_t *tptr; + + if (li_remaining < 2) { + ND_PRINT(", bad opts/li"); + return (0); + } + op = GET_U_1(pptr); + opli = GET_U_1(pptr + 1); + pptr += 2; + li_remaining -= 2; + if (opli > li_remaining) { + ND_PRINT(", opt (%u) too long", op); + return (0); + } + ND_TCHECK_LEN(pptr, opli); + li_remaining -= opli; + tptr = pptr; + tlen = opli; + + ND_PRINT("\n\t %s Option #%u, length %u, value: ", + tok2str(clnp_option_values,"Unknown",op), + op, + opli); + + /* + * We've already checked that the entire option is present + * in the captured packet with the ND_TCHECK_LEN() call. + * Therefore, we don't need to do ND_TCHECK()/ND_TCHECK_LEN() + * checks. + * We do, however, need to check tlen, to make sure we + * don't run past the end of the option. + */ + switch (op) { + + + case CLNP_OPTION_ROUTE_RECORDING: /* those two options share the format */ + case CLNP_OPTION_SOURCE_ROUTING: + if (tlen < 2) { + ND_PRINT(", bad opt len"); + return (0); + } + ND_PRINT("%s %s", + tok2str(clnp_option_sr_rr_values,"Unknown",GET_U_1(tptr)), + tok2str(clnp_option_sr_rr_string_values, "Unknown Option %u", op)); + nsap_offset=GET_U_1(tptr + 1); + if (nsap_offset == 0) { + ND_PRINT(" Bad NSAP offset (0)"); + break; + } + nsap_offset-=1; /* offset to nsap list */ + if (nsap_offset > tlen) { + ND_PRINT(" Bad NSAP offset (past end of option)"); + break; + } + tptr+=nsap_offset; + tlen-=nsap_offset; + while (tlen > 0) { + source_address_length=GET_U_1(tptr); + if (tlen < source_address_length+1) { + ND_PRINT("\n\t NSAP address goes past end of option"); + break; + } + if (source_address_length > 0) { + source_address=(tptr+1); + ND_PRINT("\n\t NSAP address (length %u): %s", + source_address_length, + GET_ISONSAP_STRING(source_address, source_address_length)); + } + tlen-=source_address_length+1; + } + break; + + case CLNP_OPTION_PRIORITY: + if (tlen < 1) { + ND_PRINT(", bad opt len"); + return (0); + } + ND_PRINT("0x%1x", GET_U_1(tptr)&0x0f); + break; + + case CLNP_OPTION_QOS_MAINTENANCE: + if (tlen < 1) { + ND_PRINT(", bad opt len"); + return (0); + } + ND_PRINT("\n\t Format Code: %s", + tok2str(clnp_option_scope_values, "Reserved", GET_U_1(tptr) & CLNP_OPTION_SCOPE_MASK)); + + if ((GET_U_1(tptr)&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL) + ND_PRINT("\n\t QoS Flags [%s]", + bittok2str(clnp_option_qos_global_values, + "none", + GET_U_1(tptr)&CLNP_OPTION_OPTION_QOS_MASK)); + break; + + case CLNP_OPTION_SECURITY: + if (tlen < 2) { + ND_PRINT(", bad opt len"); + return (0); + } + ND_PRINT("\n\t Format Code: %s, Security-Level %u", + tok2str(clnp_option_scope_values,"Reserved",GET_U_1(tptr)&CLNP_OPTION_SCOPE_MASK), + GET_U_1(tptr + 1)); + break; + + case CLNP_OPTION_DISCARD_REASON: + if (tlen < 1) { + ND_PRINT(", bad opt len"); + return (0); + } + rfd_error = GET_U_1(tptr); + rfd_error_major = (rfd_error&0xf0) >> 4; + rfd_error_minor = rfd_error&0x0f; + ND_PRINT("\n\t Class: %s Error (0x%01x), %s (0x%01x)", + tok2str(clnp_option_rfd_class_values,"Unknown",rfd_error_major), + rfd_error_major, + tok2str(clnp_option_rfd_error_class[rfd_error_major],"Unknown",rfd_error_minor), + rfd_error_minor); + break; + + case CLNP_OPTION_PADDING: + ND_PRINT("padding data"); + break; + + /* + * FIXME those are the defined Options that lack a decoder + * you are welcome to contribute code ;-) + */ + + default: + print_unknown_data(ndo, tptr, "\n\t ", opli); + break; + } + if (ndo->ndo_vflag > 1) + print_unknown_data(ndo, pptr, "\n\t ", opli); + pptr += opli; + } + + switch (clnp_pdu_type) { + + case CLNP_PDU_ER: /* fall through */ + case CLNP_PDU_ERP: + if (GET_U_1(pptr) == NLPID_CLNP) { + ND_PRINT("\n\t-----original packet-----\n\t"); + /* FIXME recursion protection */ + clnp_print(ndo, pptr, length - li); + break; + } + + /* The cases above break from the switch block if they see and print + * a CLNP header in the Data part. For an Error Report PDU this is + * described in Section 7.9.6 of ITU X.233 (1997 E), also known as + * ISO/IEC 8473-1:1998(E). It is not clear why in this code the same + * applies to an Echo Response PDU, as the standard does not specify + * the contents -- could be a proprietary extension or a bug. In either + * case, if the Data part does not contain a CLNP header, its structure + * is considered unknown and the decoding falls through to print the + * contents as-is. + */ + ND_FALL_THROUGH; + + case CLNP_PDU_DT: + case CLNP_PDU_MD: + case CLNP_PDU_ERQ: + + default: + /* dump the PDU specific data */ + if (length > ND_BYTES_BETWEEN(optr, pptr)) { + ND_PRINT("\n\t undecoded non-header data, length %u", length-li); + print_unknown_data(ndo, pptr, "\n\t ", + length - ND_BYTES_BETWEEN(optr, pptr)); + } + } + + return (1); + + trunc: + nd_print_trunc(ndo); + return (1); + +} + + +#define ESIS_PDU_REDIRECT 6 +#define ESIS_PDU_ESH 2 +#define ESIS_PDU_ISH 4 + +static const struct tok esis_pdu_values[] = { + { ESIS_PDU_REDIRECT, "redirect"}, + { ESIS_PDU_ESH, "ESH"}, + { ESIS_PDU_ISH, "ISH"}, + { 0, NULL } +}; -struct esis_hdr { - u_char version; - u_char reserved; - u_char type; - u_char tmo[2]; - u_char cksum[2]; +struct esis_header_t { + nd_uint8_t nlpid; + nd_uint8_t length_indicator; + nd_uint8_t version; + nd_byte reserved; + nd_uint8_t type; + nd_uint16_t holdtime; + nd_uint16_t cksum; }; static void -esis_print(const u_char *p, u_int length) +esis_print(netdissect_options *ndo, + const uint8_t *pptr, u_int length) { - const u_char *ep; - u_int li; - const struct esis_hdr *eh; + const uint8_t *optr; + u_int li, version, esis_pdu_type, source_address_length, source_address_number; + const struct esis_header_t *esis_header; + + ndo->ndo_protocol = "esis"; + if (!ndo->ndo_eflag) + ND_PRINT("ES-IS"); if (length <= 2) { - if (qflag) - printf(" bad pkt!"); - else - printf(" no header at all!"); + ND_PRINT(ndo->ndo_qflag ? "bad pkt!" : "no header at all!"); return; } - li = p[1]; - eh = (const struct esis_hdr *) &p[2]; - ep = p + li; + + esis_header = (const struct esis_header_t *) pptr; + ND_TCHECK_SIZE(esis_header); + li = GET_U_1(esis_header->length_indicator); + optr = pptr; + + /* + * Sanity checking of the header. + */ + + if (GET_U_1(esis_header->nlpid) != NLPID_ESIS) { + ND_PRINT(" nlpid 0x%02x packet not supported", + GET_U_1(esis_header->nlpid)); + return; + } + + version = GET_U_1(esis_header->version); + if (version != ESIS_VERSION) { + ND_PRINT(" version %u packet not supported", version); + return; + } + if (li > length) { - if (qflag) - printf(" bad pkt!"); - else - printf(" LI(%d) > PDU size (%d)!", li, length); - return; + ND_PRINT(" length indicator(%u) > PDU size (%u)!", li, length); + return; } - if (li < sizeof(struct esis_hdr) + 2) { - if (qflag) - printf(" bad pkt!"); - else { - printf(" too short for esis header %d:", li); - while (--length != 0) - printf("%02X", *p++); - } - return; + + if (li < sizeof(struct esis_header_t) + 2) { + ND_PRINT(" length indicator %u < min PDU size:", li); + while (pptr < ndo->ndo_snapend) { + ND_PRINT("%02X", GET_U_1(pptr)); + pptr++; + } + return; } - switch (eh->type & 0x1f) { - case ESIS_REDIRECT: - printf(" redirect"); - break; + esis_pdu_type = GET_U_1(esis_header->type) & ESIS_PDU_TYPE_MASK; - case ESIS_ESH: - printf(" ESH"); - break; + if (ndo->ndo_vflag < 1) { + ND_PRINT("%s%s, length %u", + ndo->ndo_eflag ? "" : ", ", + tok2str(esis_pdu_values,"unknown type (%u)",esis_pdu_type), + length); + return; + } else + ND_PRINT("%slength %u\n\t%s (%u)", + ndo->ndo_eflag ? "" : ", ", + length, + tok2str(esis_pdu_values,"unknown type: %u", esis_pdu_type), + esis_pdu_type); - case ESIS_ISH: - printf(" ISH"); - break; + ND_PRINT(", v: %u%s", version, version == ESIS_VERSION ? "" : "unsupported" ); + ND_PRINT(", checksum: 0x%04x", GET_BE_U_2(esis_header->cksum)); - default: - printf(" type %d", eh->type & 0x1f); - break; - } - if (vflag && osi_cksum(p, li)) { - printf(" bad cksum (got 0x%02x%02x)", - eh->cksum[1], eh->cksum[0]); - default_print(p, length); - return; - } - if (eh->version != 1) { - printf(" unsupported version %d", eh->version); - return; - } - p += sizeof(*eh) + 2; - li -= sizeof(*eh) + 2; /* protoid * li */ + osi_print_cksum(ndo, pptr, GET_BE_U_2(esis_header->cksum), 7, + li); + + ND_PRINT(", holding time: %us, length indicator: %u", + GET_BE_U_2(esis_header->holdtime), li); - switch (eh->type & 0x1f) { - case ESIS_REDIRECT: { - const u_char *dst, *snpa, *is; + if (ndo->ndo_vflag > 1) + print_unknown_data(ndo, optr, "\n\t", sizeof(struct esis_header_t)); - dst = p; p += *p + 1; - if (p > snapend) + pptr += sizeof(struct esis_header_t); + li -= sizeof(struct esis_header_t); + + switch (esis_pdu_type) { + case ESIS_PDU_REDIRECT: { + const uint8_t *dst, *snpa, *neta; + u_int dstl, snpal, netal; + + ND_TCHECK_1(pptr); + if (li < 1) { + ND_PRINT(", bad redirect/li"); return; - printf("\n\t\t %s", isonsap_string(dst)); - snpa = p; p += *p + 1; - is = p; p += *p + 1; - if (p > snapend) + } + dstl = GET_U_1(pptr); + pptr++; + li--; + ND_TCHECK_LEN(pptr, dstl); + if (li < dstl) { + ND_PRINT(", bad redirect/li"); return; - if (p > ep) { - printf(" [bad li]"); + } + dst = pptr; + pptr += dstl; + li -= dstl; + ND_PRINT("\n\t %s", GET_ISONSAP_STRING(dst, dstl)); + + ND_TCHECK_1(pptr); + if (li < 1) { + ND_PRINT(", bad redirect/li"); return; } - if (is[0] == 0) - printf(" > %s", etheraddr_string(&snpa[1])); + snpal = GET_U_1(pptr); + pptr++; + li--; + ND_TCHECK_LEN(pptr, snpal); + if (li < snpal) { + ND_PRINT(", bad redirect/li"); + return; + } + snpa = pptr; + pptr += snpal; + li -= snpal; + ND_TCHECK_1(pptr); + if (li < 1) { + ND_PRINT(", bad redirect/li"); + return; + } + netal = GET_U_1(pptr); + pptr++; + ND_TCHECK_LEN(pptr, netal); + if (li < netal) { + ND_PRINT(", bad redirect/li"); + return; + } + neta = pptr; + pptr += netal; + li -= netal; + + if (snpal == MAC_ADDR_LEN) + ND_PRINT("\n\t SNPA (length: %u): %s", + snpal, + GET_ETHERADDR_STRING(snpa)); else - printf(" > %s", isonsap_string(is)); - li = ep - p; + ND_PRINT("\n\t SNPA (length: %u): %s", + snpal, + GET_LINKADDR_STRING(snpa, LINKADDR_OTHER, snpal)); + if (netal != 0) + ND_PRINT("\n\t NET (length: %u) %s", + netal, + GET_ISONSAP_STRING(neta, netal)); break; } -#if 0 - case ESIS_ESH: - printf(" ESH"); - break; -#endif - case ESIS_ISH: { - const u_char *is; - is = p; p += *p + 1; - if (p > ep) { - printf(" [bad li]"); - return; + case ESIS_PDU_ESH: + ND_TCHECK_1(pptr); + if (li < 1) { + ND_PRINT(", bad esh/li"); + return; + } + source_address_number = GET_U_1(pptr); + pptr++; + li--; + + ND_PRINT("\n\t Number of Source Addresses: %u", source_address_number); + + while (source_address_number > 0) { + ND_TCHECK_1(pptr); + if (li < 1) { + ND_PRINT(", bad esh/li"); + return; } - if (p > snapend) - return; - if (!qflag) - printf("\n\tNET: %s", print_nsap(is+1,*is)); - li = ep - p; - break; + source_address_length = GET_U_1(pptr); + pptr++; + li--; + + ND_TCHECK_LEN(pptr, source_address_length); + if (li < source_address_length) { + ND_PRINT(", bad esh/li"); + return; + } + ND_PRINT("\n\t NET (length: %u): %s", + source_address_length, + GET_ISONSAP_STRING(pptr, source_address_length)); + pptr += source_address_length; + li -= source_address_length; + source_address_number--; + } + + break; + + case ESIS_PDU_ISH: { + ND_TCHECK_1(pptr); + if (li < 1) { + ND_PRINT(", bad ish/li"); + return; + } + source_address_length = GET_U_1(pptr); + pptr++; + li--; + ND_TCHECK_LEN(pptr, source_address_length); + if (li < source_address_length) { + ND_PRINT(", bad ish/li"); + return; + } + ND_PRINT("\n\t NET (length: %u): %s", source_address_length, GET_ISONSAP_STRING(pptr, source_address_length)); + pptr += source_address_length; + li -= source_address_length; + break; } default: - (void)printf(" len=%d", length); - if (length && p < snapend) { - length = snapend - p; - default_print(p, length); + if (ndo->ndo_vflag <= 1) { + /* + * If there's at least one byte to print, print + * it/them. + */ + if (ND_TTEST_LEN(pptr, 1)) + print_unknown_data(ndo, pptr, "\n\t ", ND_BYTES_AVAILABLE_AFTER(pptr)); } return; } - if (vflag) - while (p < ep && li) { - u_int op, opli; - const u_char *q; - - if (snapend - p < 2) - return; - if (li < 2) { - printf(" bad opts/li"); - return; - } - op = *p++; - opli = *p++; - li -= 2; - if (opli > li) { - printf(" opt (%d) too long", op); - return; - } - li -= opli; - q = p; - p += opli; - if (snapend < p) - return; - if (op == 198 && opli == 2) { - printf(" tmo=%d", q[0] * 256 + q[1]); - continue; - } - printf (" %d:<", op); - while (opli-- > 0) - printf("%02x", *q++); - printf (">"); - } + + /* now walk the options */ + while (li != 0) { + u_int op, opli; + const uint8_t *tptr; + + if (li < 2) { + ND_PRINT(", bad opts/li"); + return; + } + op = GET_U_1(pptr); + opli = GET_U_1(pptr + 1); + pptr += 2; + li -= 2; + if (opli > li) { + ND_PRINT(", opt (%u) too long", op); + return; + } + li -= opli; + tptr = pptr; + + ND_PRINT("\n\t %s Option #%u, length %u, value: ", + tok2str(esis_option_values,"Unknown",op), + op, + opli); + + switch (op) { + + case ESIS_OPTION_ES_CONF_TIME: + if (opli == 2) { + ND_TCHECK_2(pptr); + ND_PRINT("%us", GET_BE_U_2(tptr)); + } else + ND_PRINT("(bad length)"); + break; + + case ESIS_OPTION_PROTOCOLS: + while (opli>0) { + ND_PRINT("%s (0x%02x)", + tok2str(nlpid_values, + "unknown", + GET_U_1(tptr)), + GET_U_1(tptr)); + if (opli>1) /* further NPLIDs ? - put comma */ + ND_PRINT(", "); + tptr++; + opli--; + } + break; + + /* + * FIXME those are the defined Options that lack a decoder + * you are welcome to contribute code ;-) + */ + + case ESIS_OPTION_QOS_MAINTENANCE: + case ESIS_OPTION_SECURITY: + case ESIS_OPTION_PRIORITY: + case ESIS_OPTION_ADDRESS_MASK: + case ESIS_OPTION_SNPA_MASK: + + default: + print_unknown_data(ndo, tptr, "\n\t ", opli); + break; + } + if (ndo->ndo_vflag > 1) + print_unknown_data(ndo, pptr, "\n\t ", opli); + pptr += opli; + } + return; + +trunc: + nd_print_trunc(ndo); } -/* allocate space for the following string - * xxxx.xxxx.xxxx - * 14 bytes plus one termination byte */ -static char * -isis_print_sysid(const u_char *cp, int sysid_len) +static void +isis_print_mcid(netdissect_options *ndo, + const struct isis_spb_mcid *mcid) { - int i; - static char sysid[15]; - char *pos = sysid; + int i; - for (i = 1; i <= sysid_len; i++) { - if (!TTEST2(*cp, 1)) - return (0); - pos+=sprintf(pos, "%02x", *cp++); - if ((i==2)^(i==4)) { - pos+=sprintf(pos, "."); - } - } - *(pos) = '\0'; - return (sysid); + ND_TCHECK_SIZE(mcid); + ND_PRINT("ID: %u, Name: ", GET_U_1(mcid->format_id)); + + nd_printjnp(ndo, mcid->name, sizeof(mcid->name)); + + ND_PRINT("\n\t Lvl: %u", GET_BE_U_2(mcid->revision_lvl)); + + ND_PRINT(", Digest: "); + + for(i=0;i<16;i++) + ND_PRINT("%.2x ", mcid->digest[i]); + return; + +trunc: + nd_print_trunc(ndo); } +static int +isis_print_mt_port_cap_subtlv(netdissect_options *ndo, + const uint8_t *tptr, u_int len) +{ + u_int stlv_type, stlv_len; + const struct isis_subtlv_spb_mcid *subtlv_spb_mcid; + int i; -/* allocate space for the following string - * xxxx.xxxx.xxxx.yy - * 17 bytes plus one termination byte */ -static char * -isis_print_nodeid(const u_char *cp) + while (len > 2) { + stlv_type = GET_U_1(tptr); + stlv_len = GET_U_1(tptr + 1); + + /* first lets see if we know the subTLVs name*/ + ND_PRINT("\n\t %s subTLV #%u, length: %u", + tok2str(isis_mt_port_cap_subtlv_values, "unknown", stlv_type), + stlv_type, + stlv_len); + + tptr += 2; + /*len -= TLV_TYPE_LEN_OFFSET;*/ + len -= 2; + + /* Make sure the subTLV fits within the space left */ + if (len < stlv_len) + goto subtlv_too_long; + /* Make sure the entire subTLV is in the captured data */ + ND_TCHECK_LEN(tptr, stlv_len); + + switch (stlv_type) { + case ISIS_SUBTLV_SPB_MCID: + { + if (stlv_len < ISIS_SUBTLV_SPB_MCID_MIN_LEN) + goto subtlv_too_short; + + subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr; + + ND_PRINT("\n\t MCID: "); + isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid)); + + /*tptr += SPB_MCID_MIN_LEN; + len -= SPB_MCID_MIN_LEN; */ + + ND_PRINT("\n\t AUX-MCID: "); + isis_print_mcid(ndo, &(subtlv_spb_mcid->aux_mcid)); + + /*tptr += SPB_MCID_MIN_LEN; + len -= SPB_MCID_MIN_LEN; */ + tptr += ISIS_SUBTLV_SPB_MCID_MIN_LEN; + len -= ISIS_SUBTLV_SPB_MCID_MIN_LEN; + stlv_len -= ISIS_SUBTLV_SPB_MCID_MIN_LEN; + + break; + } + + case ISIS_SUBTLV_SPB_DIGEST: + { + if (stlv_len < ISIS_SUBTLV_SPB_DIGEST_MIN_LEN) + goto subtlv_too_short; + + ND_PRINT("\n\t RES: %u V: %u A: %u D: %u", + (GET_U_1(tptr) >> 5), + ((GET_U_1(tptr) >> 4) & 0x01), + ((GET_U_1(tptr) >> 2) & 0x03), + (GET_U_1(tptr) & 0x03)); + + tptr++; + + ND_PRINT("\n\t Digest: "); + + for(i=1;i<=8; i++) { + ND_PRINT("%08x ", GET_BE_U_4(tptr)); + if (i%4 == 0 && i != 8) + ND_PRINT("\n\t "); + tptr += 4; + } + + len -= ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; + stlv_len -= ISIS_SUBTLV_SPB_DIGEST_MIN_LEN; + + break; + } + + case ISIS_SUBTLV_SPB_BVID: + { + while (stlv_len != 0) { + if (stlv_len < 4) + goto subtlv_too_short; + ND_PRINT("\n\t ECT: %08x", + GET_BE_U_4(tptr)); + + tptr += 4; + len -= 4; + stlv_len -= 4; + + if (stlv_len < 2) + goto subtlv_too_short; + ND_PRINT(" BVID: %u, U:%01x M:%01x ", + (GET_BE_U_2(tptr) >> 4) , + (GET_BE_U_2(tptr) >> 3) & 0x01, + (GET_BE_U_2(tptr) >> 2) & 0x01); + + tptr += 2; + len -= 2; + stlv_len -= 2; + } + + break; + } + + default: + break; + } + tptr += stlv_len; + len -= stlv_len; + } + return (0); + +trunc: + nd_print_trunc(ndo); + return (1); + +subtlv_too_long: + ND_PRINT(" (> containing TLV length)"); + return (1); + +subtlv_too_short: + ND_PRINT(" (too short)"); + return (1); +} + +static int +isis_print_mt_capability_subtlv(netdissect_options *ndo, + const uint8_t *tptr, u_int len) { - int i; - static char nodeid[18]; - char *pos = nodeid; + u_int stlv_type, stlv_len, treecount; + + while (len > 2) { + stlv_type = GET_U_1(tptr); + stlv_len = GET_U_1(tptr + 1); + tptr += 2; + len -= 2; + + /* first lets see if we know the subTLVs name*/ + ND_PRINT("\n\t %s subTLV #%u, length: %u", + tok2str(isis_mt_capability_subtlv_values, "unknown", stlv_type), + stlv_type, + stlv_len); + + /* Make sure the subTLV fits within the space left */ + if (len < stlv_len) + goto subtlv_too_long; + /* Make sure the entire subTLV is in the captured data */ + ND_TCHECK_LEN(tptr, stlv_len); + + switch (stlv_type) { + case ISIS_SUBTLV_SPB_INSTANCE: + if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN) + goto subtlv_too_short; + + ND_PRINT("\n\t CIST Root-ID: %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT(" %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT(", Path Cost: %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT(", Prio: %u", GET_BE_U_2(tptr)); + tptr += 2; + ND_PRINT("\n\t RES: %u", + GET_BE_U_2(tptr) >> 5); + ND_PRINT(", V: %u", + (GET_BE_U_2(tptr) >> 4) & 0x0001); + ND_PRINT(", SPSource-ID: %u", + (GET_BE_U_4(tptr) & 0x000fffff)); + tptr += 4; + ND_PRINT(", No of Trees: %x", GET_U_1(tptr)); + + treecount = GET_U_1(tptr); + tptr++; + + len -= ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; + stlv_len -= ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; + + while (treecount) { + if (stlv_len < ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN) + goto trunc; + + ND_PRINT("\n\t U:%u, M:%u, A:%u, RES:%u", + GET_U_1(tptr) >> 7, + (GET_U_1(tptr) >> 6) & 0x01, + (GET_U_1(tptr) >> 5) & 0x01, + (GET_U_1(tptr) & 0x1f)); + + tptr++; + + ND_PRINT(", ECT: %08x", GET_BE_U_4(tptr)); + + tptr += 4; + + ND_PRINT(", BVID: %u, SPVID: %u", + (GET_BE_U_3(tptr) >> 12) & 0x000fff, + GET_BE_U_3(tptr) & 0x000fff); + + tptr += 3; + len -= ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; + stlv_len -= ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; + treecount--; + } + + break; + + case ISIS_SUBTLV_SPBM_SI: + if (stlv_len < 8) + goto trunc; + + ND_PRINT("\n\t BMAC: %08x", GET_BE_U_4(tptr)); + tptr += 4; + ND_PRINT("%04x", GET_BE_U_2(tptr)); + tptr += 2; + + ND_PRINT(", RES: %u, VID: %u", GET_BE_U_2(tptr) >> 12, + (GET_BE_U_2(tptr)) & 0x0fff); + + tptr += 2; + len -= 8; + stlv_len -= 8; + + while (stlv_len >= 4) { + ND_PRINT("\n\t T: %u, R: %u, RES: %u, ISID: %u", + (GET_BE_U_4(tptr) >> 31), + (GET_BE_U_4(tptr) >> 30) & 0x01, + (GET_BE_U_4(tptr) >> 24) & 0x03f, + (GET_BE_U_4(tptr)) & 0x0ffffff); + + tptr += 4; + len -= 4; + stlv_len -= 4; + } - for (i = 1; i <= 7; i++) { - if (!TTEST2(*cp, 1)) - return (0); - pos+=sprintf(pos, "%02x", *cp++); - if ((i & 1) == 0) { - pos+=sprintf(pos, "."); - } - } - *(pos) = '\0'; - return (nodeid); + break; + + default: + break; + } + tptr += stlv_len; + len -= stlv_len; + } + return (0); + +trunc: + nd_print_trunc(ndo); + return (1); + +subtlv_too_long: + ND_PRINT(" (> containing TLV length)"); + return (1); + +subtlv_too_short: + ND_PRINT(" (too short)"); + return (1); } -/* allocate space for the following string - * xxxx.xxxx.xxxx.yy-zz - * 20 bytes plus one termination byte */ +/* shared routine for printing system, node and lsp-ids */ static char * -isis_print_lspid(const u_char *cp) +isis_print_id(netdissect_options *ndo, const uint8_t *cp, u_int id_len) { - int i; - static char lspid[21]; - char *pos = lspid; - - for (i = 1; i <= 7; i++) { - pos+=sprintf(pos, "%02x", *cp++); - if ((i & 1) == 0) - pos+=sprintf(pos, "."); + u_int i; + static char id[sizeof("xxxx.xxxx.xxxx.yy-zz")]; + char *pos = id; + u_int sysid_len; + + sysid_len = SYSTEM_ID_LEN; + if (sysid_len > id_len) + sysid_len = id_len; + for (i = 1; i <= sysid_len; i++) { + snprintf(pos, sizeof(id) - (pos - id), "%02x", GET_U_1(cp)); + cp++; + pos += strlen(pos); + if (i == 2 || i == 4) + *pos++ = '.'; } - pos+=sprintf(pos, "-%02x", *cp); - return (lspid); + if (id_len >= NODE_ID_LEN) { + snprintf(pos, sizeof(id) - (pos - id), ".%02x", GET_U_1(cp)); + cp++; + pos += strlen(pos); + } + if (id_len == LSP_ID_LEN) + snprintf(pos, sizeof(id) - (pos - id), "-%02x", GET_U_1(cp)); + return (id); } /* print the 4-byte metric block which is common found in the old-style TLVs */ - static int -isis_print_metric_block (const struct isis_metric_block *isis_metric_block) +isis_print_metric_block(netdissect_options *ndo, + const struct isis_metric_block *isis_metric_block) { - printf(", Default Metric: %d, %s", + ND_PRINT(", Default Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_default), ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_default) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_delay)) - printf("\n\t\t Delay Metric: %d, %s", + ND_PRINT("\n\t\t Delay Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_delay), ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_delay) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_expense)) - printf("\n\t\t Expense Metric: %d, %s", + ND_PRINT("\n\t\t Expense Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_expense), ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_expense) ? "External" : "Internal"); if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_error)) - printf("\n\t\t Error Metric: %d, %s", + ND_PRINT("\n\t\t Error Metric: %u, %s", ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_error), ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_error) ? "External" : "Internal"); @@ -786,20 +1793,9 @@ isis_print_metric_block (const struct isis_metric_block *isis_metric_block) } static int -isis_print_tlv_ip_reach (const u_char *cp, int length) +isis_print_tlv_ip_reach(netdissect_options *ndo, + const uint8_t *cp, const char *ident, u_int length) { - u_int bitmasks[33] = { - 0x00000000, - 0x80000000, 0xc0000000, 0xe0000000, 0xf0000000, - 0xf8000000, 0xfc000000, 0xfe000000, 0xff000000, - 0xff800000, 0xffc00000, 0xffe00000, 0xfff00000, - 0xfff80000, 0xfffc0000, 0xfffe0000, 0xffff0000, - 0xffff8000, 0xffffc000, 0xffffe000, 0xfffff000, - 0xfffff800, 0xfffffc00, 0xfffffe00, 0xffffff00, - 0xffffff80, 0xffffffc0, 0xffffffe0, 0xfffffff0, - 0xfffffff8, 0xfffffffc, 0xfffffffe, 0xffffffff - }; - u_int mask; int prefix_len; const struct isis_tlv_ip_reach *tlv_ip_reach; @@ -807,288 +1803,671 @@ isis_print_tlv_ip_reach (const u_char *cp, int length) while (length > 0) { if ((size_t)length < sizeof(*tlv_ip_reach)) { - printf("short IPv4 reachability (%d vs %lu)", length, - (unsigned long)sizeof(*tlv_ip_reach)); + ND_PRINT("short IPv4 Reachability (%u vs %zu)", + length, + sizeof(*tlv_ip_reach)); return (0); } - if (!TTEST(*tlv_ip_reach)) - return (0); + ND_TCHECK_SIZE(tlv_ip_reach); + + prefix_len = mask2plen(GET_IPV4_TO_HOST_ORDER(tlv_ip_reach->mask)); + + if (prefix_len == -1) + ND_PRINT("%sIPv4 prefix: %s mask %s", + ident, + GET_IPADDR_STRING(tlv_ip_reach->prefix), + GET_IPADDR_STRING(tlv_ip_reach->mask)); + else + ND_PRINT("%sIPv4 prefix: %15s/%u", + ident, + GET_IPADDR_STRING(tlv_ip_reach->prefix), + prefix_len); + + ND_PRINT(", Distribution: %s, Metric: %u, %s", + ISIS_LSP_TLV_METRIC_UPDOWN(tlv_ip_reach->isis_metric_block.metric_default) ? "down" : "up", + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_default), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_default) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_delay)) + ND_PRINT("%s Delay Metric: %u, %s", + ident, + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_delay), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_delay) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_expense)) + ND_PRINT("%s Expense Metric: %u, %s", + ident, + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_expense), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_expense) ? "External" : "Internal"); + + if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_error)) + ND_PRINT("%s Error Metric: %u, %s", + ident, + ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_error), + ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_error) ? "External" : "Internal"); + + length -= sizeof(struct isis_tlv_ip_reach); + tlv_ip_reach++; + } + return (1); +trunc: + return 0; +} + +/* + * this is the common IP-REACH subTLV decoder it is called + * from various EXTD-IP REACH TLVs (135,235,236,237) + */ + +static int +isis_print_ip_reach_subtlv(netdissect_options *ndo, + const uint8_t *tptr, u_int subt, u_int subl, + const char *ident) +{ + /* first lets see if we know the subTLVs name*/ + ND_PRINT("%s%s subTLV #%u, length: %u", + ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), + subt, subl); + + ND_TCHECK_LEN(tptr, subl); + + switch(subt) { + case ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR: /* fall through */ + case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32: + while (subl >= 4) { + ND_PRINT(", 0x%08x (=%u)", + GET_BE_U_4(tptr), + GET_BE_U_4(tptr)); + tptr+=4; + subl-=4; + } + break; + case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64: + while (subl >= 8) { + ND_PRINT(", 0x%08x%08x", + GET_BE_U_4(tptr), + GET_BE_U_4(tptr + 4)); + tptr+=8; + subl-=8; + } + break; + case ISIS_SUBTLV_EXTD_IP_REACH_PREFIX_SID: + { + uint8_t algo, flags; + uint32_t sid; + + flags = GET_U_1(tptr); + algo = GET_U_1(tptr+1); + + if (flags & ISIS_PREFIX_SID_FLAG_V) { + if (subl < 5) + goto trunc; + sid = GET_BE_U_3(tptr+2); + tptr+=5; + subl-=5; + } else { + if (subl < 6) + goto trunc; + sid = GET_BE_U_4(tptr+2); + tptr+=6; + subl-=6; + } + + ND_PRINT(", Flags [%s], Algo %s (%u), %s %u", + bittok2str(prefix_sid_flag_values, "None", flags), + tok2str(prefix_sid_algo_values, "Unknown", algo), algo, + flags & ISIS_PREFIX_SID_FLAG_V ? "label" : "index", + sid); + } + break; + default: + if (!print_unknown_data(ndo, tptr, "\n\t\t ", subl)) + return(0); + break; + } + return(1); + +trunc: + nd_print_trunc(ndo); + return(0); +} + +/* + * this is the common IS-REACH decoder it is called + * from various EXTD-IS REACH style TLVs (22,24,222) + */ + +static int +isis_print_ext_is_reach(netdissect_options *ndo, + const uint8_t *tptr, const char *ident, u_int tlv_type, + u_int tlv_remaining) +{ + char ident_buffer[20]; + u_int subtlv_type,subtlv_len,subtlv_sum_len; + int proc_bytes = 0; /* how many bytes did we process ? */ + u_int te_class,priority_level,gmpls_switch_cap; + union { /* int to float conversion buffer for several subTLVs */ + float f; + uint32_t i; + } bw; + + ND_TCHECK_LEN(tptr, NODE_ID_LEN); + if (tlv_remaining < NODE_ID_LEN) + return(0); + + ND_PRINT("%sIS Neighbor: %s", ident, isis_print_id(ndo, tptr, NODE_ID_LEN)); + tptr+=NODE_ID_LEN; + tlv_remaining-=NODE_ID_LEN; + proc_bytes+=NODE_ID_LEN; + + if (tlv_type != ISIS_TLV_IS_ALIAS_ID) { /* the Alias TLV Metric field is implicit 0 */ + ND_TCHECK_3(tptr); + if (tlv_remaining < 3) + return(0); + ND_PRINT(", Metric: %u", GET_BE_U_3(tptr)); + tptr+=3; + tlv_remaining-=3; + proc_bytes+=3; + } + + ND_TCHECK_1(tptr); + if (tlv_remaining < 1) + return(0); + subtlv_sum_len=GET_U_1(tptr); /* read out subTLV length */ + tptr++; + tlv_remaining--; + proc_bytes++; + ND_PRINT(", %ssub-TLVs present",subtlv_sum_len ? "" : "no "); + if (subtlv_sum_len) { + ND_PRINT(" (%u)", subtlv_sum_len); + /* prepend the indent string */ + snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); + ident = ident_buffer; + while (subtlv_sum_len != 0) { + ND_TCHECK_2(tptr); + if (tlv_remaining < 2) { + ND_PRINT("%sRemaining data in TLV shorter than a subTLV header",ident); + proc_bytes += tlv_remaining; + break; + } + if (subtlv_sum_len < 2) { + ND_PRINT("%sRemaining data in subTLVs shorter than a subTLV header",ident); + proc_bytes += subtlv_sum_len; + break; + } + subtlv_type=GET_U_1(tptr); + subtlv_len=GET_U_1(tptr + 1); + tptr += 2; + tlv_remaining -= 2; + subtlv_sum_len -= 2; + proc_bytes += 2; + ND_PRINT("%s%s subTLV #%u, length: %u", + ident, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subtlv_type), + subtlv_type, subtlv_len); + + if (subtlv_sum_len < subtlv_len) { + ND_PRINT(" (remaining data in subTLVs shorter than the current subTLV)"); + proc_bytes += subtlv_sum_len; + break; + } + + if (tlv_remaining < subtlv_len) { + ND_PRINT(" (> remaining tlv length)"); + proc_bytes += tlv_remaining; + break; + } + + ND_TCHECK_LEN(tptr, subtlv_len); - mask = EXTRACT_32BITS(tlv_ip_reach->mask); - prefix_len = 0; + switch(subtlv_type) { + case ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP: + case ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID: + case ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: + if (subtlv_len >= 4) { + ND_PRINT(", 0x%08x", GET_BE_U_4(tptr)); + if (subtlv_len == 8) /* rfc4205 */ + ND_PRINT(", 0x%08x", GET_BE_U_4(tptr + 4)); + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: + case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: + if (subtlv_len >= sizeof(nd_ipv4)) + ND_PRINT(", %s", GET_IPADDR_STRING(tptr)); + break; + case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW : + case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW: + if (subtlv_len >= 4) { + bw.i = GET_BE_U_4(tptr); + ND_PRINT(", %.3f Mbps", bw.f * 8 / 1000000); + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW : + if (subtlv_len >= 32) { + for (te_class = 0; te_class < 8; te_class++) { + bw.i = GET_BE_U_4(tptr); + ND_PRINT("%s TE-Class %u: %.3f Mbps", + ident, + te_class, + bw.f * 8 / 1000000); + tptr += 4; + subtlv_len -= 4; + subtlv_sum_len -= 4; + proc_bytes += 4; + } + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS: /* fall through */ + case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD: + if (subtlv_len == 0) + break; + ND_PRINT("%sBandwidth Constraints Model ID: %s (%u)", + ident, + tok2str(diffserv_te_bc_values, "unknown", GET_U_1(tptr)), + GET_U_1(tptr)); + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + /* decode BCs until the subTLV ends */ + for (te_class = 0; subtlv_len != 0; te_class++) { + if (subtlv_len < 4) + break; + bw.i = GET_BE_U_4(tptr); + ND_PRINT("%s Bandwidth constraint CT%u: %.3f Mbps", + ident, + te_class, + bw.f * 8 / 1000000); + tptr += 4; + subtlv_len -= 4; + subtlv_sum_len -= 4; + proc_bytes += 4; + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC: + if (subtlv_len >= 3) + ND_PRINT(", %u", GET_BE_U_3(tptr)); + break; + case ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE: + if (subtlv_len == 2) { + ND_PRINT(", [ %s ] (0x%04x)", + bittok2str(isis_subtlv_link_attribute_values, + "Unknown", + GET_BE_U_2(tptr)), + GET_BE_U_2(tptr)); + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: + if (subtlv_len >= 2) { + ND_PRINT(", %s, Priority %u", + bittok2str(gmpls_link_prot_values, "none", GET_U_1(tptr)), + GET_U_1(tptr + 1)); + } + break; + case ISIS_SUBTLV_SPB_METRIC: + if (subtlv_len >= 6) { + ND_PRINT(", LM: %u", GET_BE_U_3(tptr)); + tptr += 3; + subtlv_len -= 3; + subtlv_sum_len -= 3; + proc_bytes += 3; + ND_PRINT(", P: %u", GET_U_1(tptr)); + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + ND_PRINT(", P-ID: %u", GET_BE_U_2(tptr)); + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: + if (subtlv_len >= 36) { + gmpls_switch_cap = GET_U_1(tptr); + ND_PRINT("%s Interface Switching Capability:%s", + ident, + tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap)); + ND_PRINT(", LSP Encoding: %s", + tok2str(gmpls_encoding_values, "Unknown", GET_U_1((tptr + 1)))); + tptr += 4; + subtlv_len -= 4; + subtlv_sum_len -= 4; + proc_bytes += 4; + ND_PRINT("%s Max LSP Bandwidth:", ident); + for (priority_level = 0; priority_level < 8; priority_level++) { + bw.i = GET_BE_U_4(tptr); + ND_PRINT("%s priority level %u: %.3f Mbps", + ident, + priority_level, + bw.f * 8 / 1000000); + tptr += 4; + subtlv_len -= 4; + subtlv_sum_len -= 4; + proc_bytes += 4; + } + switch (gmpls_switch_cap) { + case GMPLS_PSC1: + case GMPLS_PSC2: + case GMPLS_PSC3: + case GMPLS_PSC4: + if (subtlv_len < 6) + break; + bw.i = GET_BE_U_4(tptr); + ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000); + ND_PRINT("%s Interface MTU: %u", ident, + GET_BE_U_2(tptr + 4)); + break; + case GMPLS_TSC: + if (subtlv_len < 8) + break; + bw.i = GET_BE_U_4(tptr); + ND_PRINT("%s Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000); + ND_PRINT("%s Indication %s", ident, + tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", GET_U_1((tptr + 4)))); + break; + default: + /* there is some optional stuff left to decode but this is as of yet + not specified so just lets hexdump what is left */ + if (subtlv_len != 0) { + if (!print_unknown_data(ndo, tptr, "\n\t\t ", subtlv_len)) + return(0); + } + } + } + break; + case ISIS_SUBTLV_EXT_IS_REACH_LAN_ADJ_SEGMENT_ID: + if (subtlv_len >= 8) { + ND_PRINT("%s Flags: [%s]", ident, + bittok2str(isis_lan_adj_sid_flag_values, + "none", + GET_U_1(tptr))); + int vflag = (GET_U_1(tptr) & 0x20) ? 1:0; + int lflag = (GET_U_1(tptr) & 0x10) ? 1:0; + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + ND_PRINT("%s Weight: %u", ident, GET_U_1(tptr)); + tptr++; + subtlv_len--; + subtlv_sum_len--; + proc_bytes++; + if(subtlv_len>=SYSTEM_ID_LEN) { + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT("%s Neighbor System-ID: %s", ident, + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + } + /* RFC 8667 section 2.2.2 */ + /* if V-flag is set to 1 and L-flag is set to 1 ==> 3 octet label */ + /* if V-flag is set to 0 and L-flag is set to 0 ==> 4 octet index */ + if (vflag && lflag) { + ND_PRINT("%s Label: %u", + ident, GET_BE_U_3(tptr+SYSTEM_ID_LEN)); + } else if ((!vflag) && (!lflag)) { + ND_PRINT("%s Index: %u", + ident, GET_BE_U_4(tptr+SYSTEM_ID_LEN)); + } else + nd_print_invalid(ndo); + } + break; + default: + if (!print_unknown_data(ndo, tptr, "\n\t\t ", subtlv_len)) + return(0); + break; + } - /* lets see if we can transform the mask into a prefixlen */ - while (prefix_len <= 33) { - if (bitmasks[prefix_len++] == mask) { - prefix_len--; - break; - } - } + tptr += subtlv_len; + tlv_remaining -= subtlv_len; + subtlv_sum_len -= subtlv_len; + proc_bytes += subtlv_len; + } + } + return(proc_bytes); - /* - * 34 indicates no match -> must be a discontiguous netmask - * lets dump the mask, otherwise print the prefix_len - */ - if (prefix_len == 34) - printf("\n\t\tIPv4 prefix: %s mask %s", - ipaddr_string((tlv_ip_reach->prefix)), - ipaddr_string((tlv_ip_reach->mask))); - else - printf("\n\t\tIPv4 prefix: %s/%u", - ipaddr_string((tlv_ip_reach->prefix)), - prefix_len); +trunc: + return(0); +} - printf("\n\t\t Default Metric: %02d, %s, Distribution: %s", - ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_default), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_default) ? "External" : "Internal", - ISIS_LSP_TLV_METRIC_UPDOWN(tlv_ip_reach->isis_metric_block.metric_default) ? "down" : "up"); +/* + * this is the common Multi Topology ID decoder + * it is called from various MT-TLVs (222,229,235,237) + */ - if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_delay)) - printf("\n\t\t Delay Metric: %02d, %s", - ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_delay), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_delay) ? "External" : "Internal"); +static uint8_t +isis_print_mtid(netdissect_options *ndo, + const uint8_t *tptr, const char *ident, u_int tlv_remaining) +{ + if (tlv_remaining < 2) + goto trunc; - if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_expense)) - printf("\n\t\t Expense Metric: %02d, %s", - ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_expense), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_expense) ? "External" : "Internal"); + ND_PRINT("%s%s", + ident, + tok2str(isis_mt_values, + "Reserved for IETF Consensus", + ISIS_MASK_MTID(GET_BE_U_2(tptr)))); - if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_error)) - printf("\n\t\t Error Metric: %02d, %s", - ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_error), - ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_error) ? "External" : "Internal"); + ND_PRINT(" Topology (0x%03x), Flags: [%s]", + ISIS_MASK_MTID(GET_BE_U_2(tptr)), + bittok2str(isis_mt_flag_values, "none",ISIS_MASK_MTFLAGS(GET_BE_U_2(tptr)))); - length -= sizeof(struct isis_tlv_ip_reach); - tlv_ip_reach++; - } - return (1); + return(2); +trunc: + return 0; } /* - * this is the common IP-REACH subTLV decoder it is called - * from various EXTD-IP REACH TLVs (135,235,236,237) + * this is the common extended IP reach decoder + * it is called from TLVs (135,235,236,237) + * we process the TLV and optional subTLVs and return + * the amount of processed bytes */ -static int -isis_print_ip_reach_subtlv (const u_char *tptr,int subt,int subl,const char *lf) { - - switch(subt) { - case SUBTLV_IP_REACH_ADMIN_TAG32: - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("%s32-Bit Administrative tag: 0x%08x", - lf, - EXTRACT_32BITS(tptr)); - break; - case SUBTLV_IP_REACH_ADMIN_TAG64: - if (!TTEST2(*tptr,8)) - goto trunctlv; - printf("%s64-Bit Administrative tag: 0x%08x%08x", - lf, - EXTRACT_32BITS(tptr), - EXTRACT_32BITS(tptr+4)); - break; - default: - printf("%sunknown subTLV, type %d, length %d", - lf, - subt, - subl); - if(!print_unknown_data(tptr,"\n\t\t ", - subl)) +static u_int +isis_print_extd_ip_reach(netdissect_options *ndo, + const uint8_t *tptr, const char *ident, uint16_t afi) +{ + char ident_buffer[20]; + uint8_t prefix[sizeof(nd_ipv6)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ + u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; + + metric = GET_BE_U_4(tptr); + processed=4; + tptr+=4; + + if (afi == AF_INET) { + status_byte=GET_U_1(tptr); + tptr++; + bit_length = status_byte&0x3f; + if (bit_length > 32) { + ND_PRINT("%sIPv4 prefix: bad bit length %u", + ident, + bit_length); + return (0); + } + processed++; + } else if (afi == AF_INET6) { + status_byte=GET_U_1(tptr); + bit_length=GET_U_1(tptr + 1); + if (bit_length > 128) { + ND_PRINT("%sIPv6 prefix: bad bit length %u", + ident, + bit_length); + return (0); + } + tptr+=2; + processed+=2; + } else + return (0); /* somebody is fooling us */ + + byte_length = (bit_length + 7) / 8; /* prefix has variable length encoding */ + + memset(prefix, 0, sizeof(prefix)); /* clear the copy buffer */ + GET_CPY_BYTES(prefix,tptr,byte_length); /* copy as much as is stored in the TLV */ + tptr+=byte_length; + processed+=byte_length; + + if (afi == AF_INET) + ND_PRINT("%sIPv4 prefix: %15s/%u", + ident, + ipaddr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IPADDR_STRING() */ + bit_length); + else if (afi == AF_INET6) + ND_PRINT("%sIPv6 prefix: %s/%u", + ident, + ip6addr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IP6ADDR_STRING() */ + bit_length); + + ND_PRINT(", Distribution: %s, Metric: %u", + ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up", + metric); + + if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + ND_PRINT(", sub-TLVs present"); + else if (afi == AF_INET6) + ND_PRINT(", %s%s", + ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal", + ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""); + + if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) + || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) + ) { + /* assume that one prefix can hold more + than one subTLV - therefore the first byte must reflect + the aggregate bytecount of the subTLVs for this prefix + */ + sublen=GET_U_1(tptr); + tptr++; + processed+=sublen+1; + ND_PRINT(" (%u)", sublen); /* print out subTLV length */ + + while (sublen>0) { + subtlvtype=GET_U_1(tptr); + subtlvlen=GET_U_1(tptr + 1); + tptr+=2; + /* prepend the indent string */ + snprintf(ident_buffer, sizeof(ident_buffer), "%s ",ident); + if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer)) return(0); - break; + tptr+=subtlvlen; + sublen-=(subtlvlen+2); } - return(1); + } + return (processed); +} -trunctlv: - printf("%spacket exceeded snapshot",lf); - return(0); +static void +isis_print_router_cap_subtlv(netdissect_options *ndo, const uint8_t *tptr, uint8_t tlen) +{ + uint8_t subt, subl; + + while (tlen >= 2) { + subt = GET_U_1(tptr); + subl = GET_U_1(tptr+1); + tlen -= 2; + tptr += 2; + + /* first lets see if we know the subTLVs name*/ + ND_PRINT("\n\t\t%s subTLV #%u, length: %u", + tok2str(isis_router_capability_subtlv_values, "unknown", subt), + subt, subl); + + /* + * Boundary check. + */ + if (subl > tlen) { + break; + } + ND_TCHECK_LEN(tptr, subl); + + switch (subt) { + case ISIS_SUBTLV_ROUTER_CAP_SR: + { + uint8_t flags, sid_tlen, sid_type, sid_len; + uint32_t range; + const uint8_t *sid_ptr; + + flags = GET_U_1(tptr); + range = GET_BE_U_3(tptr+1); + ND_PRINT(", Flags [%s], Range %u", + bittok2str(isis_router_capability_sr_flags, "None", flags), + range); + sid_ptr = tptr + 4; + sid_tlen = subl - 4; + + while (sid_tlen >= 5) { + sid_type = GET_U_1(sid_ptr); + sid_len = GET_U_1(sid_ptr+1); + sid_tlen -= 2; + sid_ptr += 2; + + /* + * Boundary check. + */ + if (sid_len > sid_tlen) { + break; + } + + switch (sid_type) { + case 1: + if (sid_len == 3) { + ND_PRINT(", SID value %u", GET_BE_U_3(sid_ptr)); + } else if (sid_len == 4) { + ND_PRINT(", SID value %u", GET_BE_U_4(sid_ptr)); + } else { + ND_PRINT(", Unknown SID length%u", sid_len); + } + break; + default: + print_unknown_data(ndo, sid_ptr, "\n\t\t ", sid_len); + } + + sid_ptr += sid_len; + sid_tlen -= sid_len; + } + } + break; + default: + print_unknown_data(ndo, tptr, "\n\t\t", subl); + break; + } + + tlen -= subl; + tptr += subl; + } + trunc: + return; } /* - * this is the common IS-REACH subTLV decoder it is called - * from various EXTD-IS REACH TLVs (22,24,222) + * Clear checksum and lifetime prior to signature verification. */ +static void +isis_clear_checksum_lifetime(void *header) +{ + struct isis_lsp_header *header_lsp = (struct isis_lsp_header *) header; -static int -isis_print_is_reach_subtlv (const u_char *tptr,int subt,int subl,const char *lf) { - - int i,j; - float bw; /* copy buffer for several subTLVs */ - - switch(subt) { - case SUBTLV_EXT_IS_REACH_ADMIN_GROUP: - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("%sAdministrative groups: 0x%08x", - lf, - EXTRACT_32BITS(tptr)); - break; - case SUBTLV_EXT_IS_REACH_LINK_LOCAL_ID: - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("%sLink Local Identifier: 0x%08x", - lf, - EXTRACT_32BITS(tptr)); - break; - case SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("%sLink Remote Identifier: 0x%08x", - lf, - EXTRACT_32BITS(tptr)); - break; - case SUBTLV_EXT_IS_REACH_MAX_LINK_BW : - if (!TTEST2(*tptr,4)) - goto trunctlv; - j = EXTRACT_32BITS(tptr); - memcpy (&bw, &j, 4); - printf("%sMaximum link bandwidth : %.3f Mbps", - lf, - bw*8/1000000 ); - break; - case SUBTLV_EXT_IS_REACH_RESERVABLE_BW : - if (!TTEST2(*tptr,4)) - goto trunctlv; - j = EXTRACT_32BITS(tptr); - memcpy (&bw, &j, 4); - printf("%sReservable link bandwidth: %.3f Mbps", - lf, - bw*8/1000000 ); - break; - case SUBTLV_EXT_IS_REACH_UNRESERVED_BW : - printf("%sUnreserved bandwidth:",lf); - for (i = 0; i < 8; i++) { - if (!TTEST2(*(tptr+i*4),4)) - goto trunctlv; - j = EXTRACT_32BITS(tptr); - memcpy (&bw, &j, 4); - printf("%s priority level %d: %.3f Mbps", - lf, - i, - bw*8/1000000 ); - } - break; - case SUBTLV_EXT_IS_REACH_TE_METRIC: - if (!TTEST2(*tptr,3)) - goto trunctlv; - printf("%sTraffic Engineering Metric: %d", - lf, - EXTRACT_24BITS(tptr)); - break; - case SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("%sIPv4 interface address: %s", - lf, - ipaddr_string(tptr)); - break; - case SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("%sIPv4 neighbor address: %s", - lf, - ipaddr_string(tptr)); - break; - case SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: - if (!TTEST2(*tptr,2)) - goto trunctlv; - i = 0; - j = (ISIS_8BIT_MASK(*tptr)); /* fetch the typecode and make sure - that no high-order LSBs are set */ - printf("%sLink Protection Type: %s", - lf, - (j) ? "" : "none" ); - /* scan through the bits until the typecode is zero */ - while(!j) { - printf("%s", isis_gmpls_link_prot_values[i]); - j=j>>1; - if (j) /*any other bit set ?*/ - printf(", "); - i++; - } - printf(", Priority %u", *(tptr+1)); - break; - case SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: - printf("%sInterface Switching Capability",lf); - - if (!TTEST2(*tptr,1)) - goto trunctlv; - printf("%s Interface Switching Capability:%s", - lf, - tok2str(isis_gmpls_sw_cap_values, "Unknown", *(tptr))); - - if (!TTEST2(*(tptr+1),1)) - goto trunctlv; - printf(", LSP Encoding: %s", - tok2str(isis_gmpls_lsp_enc_values, "Unknown", *(tptr+1))); - - if (!TTEST2(*(tptr+2),2)) /* skip 2 res. bytes */ - goto trunctlv; - - printf("%s Max LSP Bandwidth:",lf); - for (i = 0; i < 8; i++) { - if (!TTEST2(*(tptr+(i*4)+4),4)) - goto trunctlv; - j = EXTRACT_32BITS(tptr); - memcpy (&bw, &j, 4); - printf("%s priority level %d: %.3f Mbps", - lf, - i, - bw*8/1000000 ); - } - subl-=36; - /* there is some optional stuff left to decode but this is as of yet - not specified so just lets hexdump what is left */ - if(subl>0){ - if(!print_unknown_data(tptr,"\n\t\t ", - subl-36)) - return(0); - } - break; - case 250: - case 251: - case 252: - case 253: - case 254: - printf("%sReserved for cisco specific extensions, type %d, length %d", - lf, - subt, - subl); - break; - case 255: - printf("%sReserved for future expansion, type %d, length %d", - lf, - subt, - subl); - break; - default: - printf("%sunknown subTLV, type %d, length %d", - lf, - subt, - subl); - if(!print_unknown_data(tptr,"\n\t\t ", - subl)) - return(0); - break; - } - return(1); - -trunctlv: - printf("%spacket exceeded snapshot",lf); - return(0); + header_lsp->checksum[0] = 0; + header_lsp->checksum[1] = 0; + header_lsp->remaining_lifetime[0] = 0; + header_lsp->remaining_lifetime[1] = 0; } - /* * isis_print * Decode IS-IS packets. Return 0 on error. */ -static int isis_print (const u_char *p, u_int length) +#define INVALID_OR_DECREMENT(length,decr) \ + if ((length) < (decr)) { \ + ND_PRINT(" [packet length %u < %zu]", (length), (decr)); \ + nd_print_invalid(ndo); \ + return 1; \ + } \ + length -= (decr); + +static int +isis_print(netdissect_options *ndo, + const uint8_t *p, u_int length) { - const struct isis_common_header *header; + const struct isis_common_header *isis_header; const struct isis_iih_lan_header *header_iih_lan; const struct isis_iih_ptp_header *header_iih_ptp; @@ -1101,19 +2480,28 @@ static int isis_print (const u_char *p, u_int length) const struct isis_tlv_is_reach *tlv_is_reach; const struct isis_tlv_es_reach *tlv_es_reach; - u_char pdu_type, max_area, id_length, type, len, tmp, alen, lan_alen, prefix_len, subl, subt, tslen; - const u_char *optr, *pptr, *tptr; - u_short packet_len,pdu_len,time_remain; - u_int i,j,bit_length,byte_length,metric,ra,rr; - u_char prefix[4]; /* copy buffer for ipv4 prefixes */ -#ifdef INET6 - u_char prefix6[16]; /* copy buffer for ipv6 prefixes */ -#endif + uint8_t version, pdu_version, fixed_len; + uint8_t pdu_type, pdu_max_area, max_area, pdu_id_length, id_length, tlv_type, tlv_len, tlen, alen, prefix_len; + u_int ext_is_len, ext_ip_len; + uint8_t mt_len; + uint8_t isis_subtlv_idrp; + const uint8_t *optr, *pptr, *tptr; + u_int packet_len; + u_short pdu_len, key_id; + u_int i,vendor_id, num_vals; + uint8_t auth_type; + uint8_t num_system_ids; + int sigcheck; + + ndo->ndo_protocol = "isis"; packet_len=length; optr = p; /* initialize the _o_riginal pointer to the packet start - - need it for parsing the checksum TLV */ - header = (const struct isis_common_header *)p; - TCHECK(*header); + need it for parsing the checksum TLV and authentication + TLV verification */ + isis_header = (const struct isis_common_header *)p; + ND_TCHECK_SIZE(isis_header); + if (length < ISIS_COMMON_HEADER_SIZE) + goto trunc; pptr = p+(ISIS_COMMON_HEADER_SIZE); header_iih_lan = (const struct isis_iih_lan_header *)pptr; header_iih_ptp = (const struct isis_iih_ptp_header *)pptr; @@ -1121,48 +2509,61 @@ static int isis_print (const u_char *p, u_int length) header_csnp = (const struct isis_csnp_header *)pptr; header_psnp = (const struct isis_psnp_header *)pptr; + if (!ndo->ndo_eflag) + ND_PRINT("IS-IS"); + /* * Sanity checking of the header. */ - if (header->nlpid != NLPID_ISIS) { - printf(", coding error!"); + + version = GET_U_1(isis_header->version); + if (version != ISIS_VERSION) { + ND_PRINT("version %u packet not supported", version); + return (0); + } + + pdu_id_length = GET_U_1(isis_header->id_length); + if ((pdu_id_length != SYSTEM_ID_LEN) && (pdu_id_length != 0)) { + ND_PRINT("system ID length of %u is not supported", + pdu_id_length); return (0); } - if (header->version != ISIS_VERSION) { - printf(", version %d packet not supported", header->version); + pdu_version = GET_U_1(isis_header->pdu_version); + if (pdu_version != ISIS_VERSION) { + ND_PRINT("version %u packet not supported", pdu_version); return (0); } - if ((header->id_length != SYSTEM_ID_LEN) && (header->id_length != 0)) { - printf(", system ID length of %d is not supported", - header->id_length); + fixed_len = GET_U_1(isis_header->fixed_len); + if (length < fixed_len) { + ND_PRINT("fixed header length %u > packet length %u", fixed_len, length); return (0); } - if (header->pdu_version != ISIS_VERSION) { - printf(", version %d packet not supported", header->pdu_version); + if (fixed_len < ISIS_COMMON_HEADER_SIZE) { + ND_PRINT("fixed header length %u < minimum header size %u", fixed_len, (u_int)ISIS_COMMON_HEADER_SIZE); return (0); } - max_area = header->max_area; - switch(max_area) { + pdu_max_area = GET_U_1(isis_header->max_area); + switch(pdu_max_area) { case 0: max_area = 3; /* silly shit */ break; case 255: - printf(", bad packet -- 255 areas"); + ND_PRINT("bad packet -- 255 areas"); return (0); default: + max_area = pdu_max_area; break; } - id_length = header->id_length; - switch(id_length) { + switch(pdu_id_length) { case 0: id_length = 6; /* silly shit again */ break; - case 1: /* 1-8 are valid sys-ID lenghts */ + case 1: /* 1-8 are valid sys-ID lengths */ case 2: case 3: case 4: @@ -1170,188 +2571,274 @@ static int isis_print (const u_char *p, u_int length) case 6: case 7: case 8: + id_length = pdu_id_length; break; case 255: id_length = 0; /* entirely useless */ break; default: - printf(", bad packet -- illegal sys-ID length (%u)", id_length); - return (0); - break; + id_length = pdu_id_length; + break; } - printf("\n\thlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", - header->fixed_len, - header->version, - header->pdu_version, - id_length, - header->id_length, - max_area, - header->max_area); - - pdu_type=header->pdu_type; + /* toss any non 6-byte sys-ID len PDUs */ + if (id_length != 6 ) { + ND_PRINT("bad packet -- illegal sys-ID length (%u)", id_length); + return (0); + } - /* first lets see if we know the PDU name*/ - printf(", pdu-type: %s", - tok2str(isis_pdu_values, - "unknown, type %d", - pdu_type)); + pdu_type = GET_U_1(isis_header->pdu_type); + + /* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/ + if (ndo->ndo_vflag == 0) { + ND_PRINT("%s%s", + ndo->ndo_eflag ? "" : ", ", + tok2str(isis_pdu_values, "unknown PDU-Type %u", pdu_type)); + } else { + /* ok they seem to want to know everything - lets fully decode it */ + ND_PRINT("%slength %u", ndo->ndo_eflag ? "" : ", ", length); + + ND_PRINT("\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", + tok2str(isis_pdu_values, + "unknown, type %u", + pdu_type), + fixed_len, + version, + pdu_version, + id_length, + pdu_id_length, + max_area, + pdu_max_area); + + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */ + return (0); /* for optionally debugging the common header */ + } + } switch (pdu_type) { - case L1_LAN_IIH: - case L2_LAN_IIH: - if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { - printf(", bogus fixed header length %u should be %lu", - header->fixed_len, (unsigned long)ISIS_IIH_LAN_HEADER_SIZE); - return (0); - } - - pdu_len=EXTRACT_16BITS(header_iih_lan->pdu_len); - if (packet_len>pdu_len) { - packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ - length=pdu_len; - } - - TCHECK(*header_iih_lan); - printf("\n\t source-id: %s, holding time: %u, %s", - isis_print_sysid(header_iih_lan->source_id,SYSTEM_ID_LEN), - EXTRACT_16BITS(header_iih_lan->holding_time), - tok2str(isis_iih_circuit_type_values, - "unknown circuit type 0x%02x", - header_iih_lan->circuit_type)); - - printf("\n\t lan-id: %s, Priority: %u, PDU length: %u", - isis_print_nodeid(header_iih_lan->lan_id), - (header_iih_lan->priority) & PRIORITY_MASK, - pdu_len); - - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); - break; - - case PTP_IIH: - if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { - printf(", bogus fixed header length %u should be %lu", - header->fixed_len, (unsigned long)ISIS_IIH_PTP_HEADER_SIZE); - return (0); - } + case ISIS_PDU_L1_LAN_IIH: + case ISIS_PDU_L2_LAN_IIH: + if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) { + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + return (0); + } + ND_TCHECK_SIZE(header_iih_lan); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT(", src-id %s", + isis_print_id(ndo, header_iih_lan->source_id, SYSTEM_ID_LEN)); + ND_PRINT(", lan-id %s, prio %u", + isis_print_id(ndo, header_iih_lan->lan_id,NODE_ID_LEN), + GET_U_1(header_iih_lan->priority)); + ND_PRINT(", length %u", length); + return (1); + } + pdu_len=GET_BE_U_2(header_iih_lan->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } - pdu_len=EXTRACT_16BITS(header_iih_ptp->pdu_len); - if (packet_len>pdu_len) { - packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ - length=pdu_len; - } + ND_PRINT("\n\t source-id: %s, holding time: %us, Flags: [%s]", + isis_print_id(ndo, header_iih_lan->source_id,SYSTEM_ID_LEN), + GET_BE_U_2(header_iih_lan->holding_time), + tok2str(isis_iih_circuit_type_values, + "unknown circuit type 0x%02x", + GET_U_1(header_iih_lan->circuit_type))); + + ND_PRINT("\n\t lan-id: %s, Priority: %u, PDU length: %u", + isis_print_id(ndo, header_iih_lan->lan_id, NODE_ID_LEN), + GET_U_1(header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK, + pdu_len); + + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_LAN_HEADER_SIZE)) + return (0); + } - TCHECK(*header_iih_ptp); - printf("\n\t source-id: %s, holding time: %us, circuit-id: 0x%02x, %s, PDU length: %u", - isis_print_sysid(header_iih_ptp->source_id,SYSTEM_ID_LEN), - EXTRACT_16BITS(header_iih_ptp->holding_time), - header_iih_ptp->circuit_id, - tok2str(isis_iih_circuit_type_values, - "unknown circuit type 0x%02x", - header_iih_ptp->circuit_type), - pdu_len); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE); + break; - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); - break; + case ISIS_PDU_PTP_IIH: + if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) { + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + return (0); + } + ND_TCHECK_SIZE(header_iih_ptp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT(", src-id %s", isis_print_id(ndo, header_iih_ptp->source_id, SYSTEM_ID_LEN)); + ND_PRINT(", length %u", length); + return (1); + } + pdu_len=GET_BE_U_2(header_iih_ptp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } - case L1_LSP: - case L2_LSP: - if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { - printf(", bogus fixed header length %u should be %lu", - header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE); - return (0); - } + ND_PRINT("\n\t source-id: %s, holding time: %us, Flags: [%s]", + isis_print_id(ndo, header_iih_ptp->source_id,SYSTEM_ID_LEN), + GET_BE_U_2(header_iih_ptp->holding_time), + tok2str(isis_iih_circuit_type_values, + "unknown circuit type 0x%02x", + GET_U_1(header_iih_ptp->circuit_type))); - pdu_len=EXTRACT_16BITS(header_lsp->pdu_len); - if (packet_len>pdu_len) { - packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ - length=pdu_len; - } + ND_PRINT("\n\t circuit-id: 0x%02x, PDU length: %u", + GET_U_1(header_iih_ptp->circuit_id), + pdu_len); - TCHECK(*header_lsp); - printf("\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us", - isis_print_lspid(header_lsp->lsp_id), - EXTRACT_32BITS(header_lsp->sequence_number), - EXTRACT_16BITS(header_lsp->remaining_lifetime)); - /* verify the checksum - - * checking starts at the lsp-id field - * which is 12 bytes after the packet start*/ - printf("\n\t chksum: 0x%04x (%s), PDU length: %u", - EXTRACT_16BITS(header_lsp->checksum), - (osi_cksum(optr+12, length-12)) ? "incorrect" : "correct", - pdu_len); + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_IIH_PTP_HEADER_SIZE)) + return (0); + } + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE); + break; - printf(", %s", ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : ""); + case ISIS_PDU_L1_LSP: + case ISIS_PDU_L2_LSP: + if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) { + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_LSP_HEADER_SIZE); + return (0); + } + ND_TCHECK_SIZE(header_lsp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT(", lsp-id %s, seq 0x%08x, lifetime %5us", + isis_print_id(ndo, header_lsp->lsp_id, LSP_ID_LEN), + GET_BE_U_4(header_lsp->sequence_number), + GET_BE_U_2(header_lsp->remaining_lifetime)); + ND_PRINT(", length %u", length); + return (1); + } + pdu_len=GET_BE_U_2(header_lsp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } - if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) { - printf("%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""); - printf("%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""); - printf("%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""); - printf("%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""); - printf("ATT bit set, "); - } - printf("%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""); - printf("%s", tok2str(isis_lsp_istype_values,"Unknown(0x%x)",ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))); + ND_PRINT("\n\t lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t chksum: 0x%04x", + isis_print_id(ndo, header_lsp->lsp_id, LSP_ID_LEN), + GET_BE_U_4(header_lsp->sequence_number), + GET_BE_U_2(header_lsp->remaining_lifetime), + GET_BE_U_2(header_lsp->checksum)); + + osi_print_cksum(ndo, (const uint8_t *)header_lsp->lsp_id, + GET_BE_U_2(header_lsp->checksum), + 12, length-12); + + ND_PRINT(", PDU length: %u, Flags: [ %s", + pdu_len, + ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : ""); + + if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) { + ND_PRINT("%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""); + ND_PRINT("%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""); + ND_PRINT("ATT bit set, "); + } + ND_PRINT("%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""); + ND_PRINT("%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)", + ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))); - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); - break; + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_LSP_HEADER_SIZE)) + return (0); + } - case L1_CSNP: - case L2_CSNP: - if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { - printf(", bogus fixed header length %u should be %lu", - header->fixed_len, (unsigned long)ISIS_CSNP_HEADER_SIZE); - return (0); - } + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE); + break; - pdu_len=EXTRACT_16BITS(header_csnp->pdu_len); - if (packet_len>pdu_len) { - packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ - length=pdu_len; - } + case ISIS_PDU_L1_CSNP: + case ISIS_PDU_L2_CSNP: + if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) { + ND_PRINT(", bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + return (0); + } + ND_TCHECK_SIZE(header_csnp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT(", src-id %s", isis_print_id(ndo, header_csnp->source_id, NODE_ID_LEN)); + ND_PRINT(", length %u", length); + return (1); + } + pdu_len=GET_BE_U_2(header_csnp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } - TCHECK(*header_csnp); - printf("\n\t source-id: %s, PDU length: %u", - isis_print_nodeid(header_csnp->source_id), + ND_PRINT("\n\t source-id: %s, PDU length: %u", + isis_print_id(ndo, header_csnp->source_id, NODE_ID_LEN), pdu_len); - printf("\n\t start lsp-id: %s", - isis_print_lspid(header_csnp->start_lsp_id)); - printf("\n\t end lsp-id: %s", - isis_print_lspid(header_csnp->end_lsp_id)); + ND_PRINT("\n\t start lsp-id: %s", + isis_print_id(ndo, header_csnp->start_lsp_id, LSP_ID_LEN)); + ND_PRINT("\n\t end lsp-id: %s", + isis_print_id(ndo, header_csnp->end_lsp_id, LSP_ID_LEN)); + + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_CSNP_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE); break; - case L1_PSNP: - case L2_PSNP: - if (header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { - printf("- bogus fixed header length %u should be %lu", - header->fixed_len, (unsigned long)ISIS_PSNP_HEADER_SIZE); - return (0); - } + case ISIS_PDU_L1_PSNP: + case ISIS_PDU_L2_PSNP: + if (fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) { + ND_PRINT("- bogus fixed header length %u should be %zu", + fixed_len, ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + return (0); + } + ND_TCHECK_SIZE(header_psnp); + if (length < ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE) + goto trunc; + if (ndo->ndo_vflag == 0) { + ND_PRINT(", src-id %s", isis_print_id(ndo, header_psnp->source_id, NODE_ID_LEN)); + ND_PRINT(", length %u", length); + return (1); + } + pdu_len=GET_BE_U_2(header_psnp->pdu_len); + if (packet_len>pdu_len) { + packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ + length=pdu_len; + } - pdu_len=EXTRACT_16BITS(header_psnp->pdu_len); - if (packet_len>pdu_len) { - packet_len=pdu_len; /* do TLV decoding as long as it makes sense */ - length=pdu_len; - } + ND_PRINT("\n\t source-id: %s, PDU length: %u", + isis_print_id(ndo, header_psnp->source_id, NODE_ID_LEN), + pdu_len); - TCHECK(*header_psnp); - printf("\n\t source-id: %s", - isis_print_nodeid(header_psnp->source_id)); + if (ndo->ndo_vflag > 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", ISIS_PSNP_HEADER_SIZE)) + return (0); + } - packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); - pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); - break; + INVALID_OR_DECREMENT(packet_len,ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE); + break; default: - if(!print_unknown_data(pptr,"\n\t ",length)) - return(0); + if (ndo->ndo_vflag == 0) { + ND_PRINT(", length %u", length); + return (1); + } + (void)print_unknown_data(ndo, pptr, "\n\t ", length); return (0); } @@ -1359,715 +2846,708 @@ static int isis_print (const u_char *p, u_int length) * Now print the TLV's. */ - while (packet_len >= 2) { - if (pptr == snapend) { - return (1); - } - - if (!TTEST2(*pptr, 2)) { - printf("\n\t\t packet exceeded snapshot (%ld) bytes", - (long)(pptr-snapend)); - return (1); - } - type = *pptr++; - len = *pptr++; - tmp =len; /* copy temporary len & pointer to packet data */ - tptr = pptr; + while (packet_len > 0) { + ND_TCHECK_2(pptr); + if (packet_len < 2) + goto trunc; + tlv_type = GET_U_1(pptr); + tlv_len = GET_U_1(pptr + 1); + pptr += 2; packet_len -= 2; - if (len > packet_len) { - break; - } + tlen = tlv_len; /* copy temporary len & pointer to packet data */ + tptr = pptr; /* first lets see if we know the TLVs name*/ - printf("\n\t %s TLV #%u, length: %u", + ND_PRINT("\n\t %s TLV #%u, length: %u", tok2str(isis_tlv_values, "unknown", - type), - type, - len); + tlv_type), + tlv_type, + tlv_len); + + if (packet_len < tlv_len) + goto trunc; /* now check if we have a decoder otherwise do a hexdump at the end*/ - switch (type) { - case TLV_AREA_ADDR: - if (!TTEST2(*tptr, 1)) - goto trunctlv; - alen = *tptr++; - while (tmp && alen < tmp) { - printf("\n\t\tArea address (length: %u): %s", + switch (tlv_type) { + case ISIS_TLV_AREA_ADDR: + while (tlen != 0) { + alen = GET_U_1(tptr); + tptr++; + tlen--; + if (tlen < alen) + goto tlv_trunc; + ND_PRINT("\n\t Area address (length: %u): %s", alen, - print_nsap(tptr, alen)); + GET_ISONSAP_STRING(tptr, alen)); tptr += alen; - tmp -= alen + 1; - if (tmp==0) /* if this is the last area address do not attemt a boundary check */ - break; - if (!TTEST2(*tptr, 1)) - goto trunctlv; - alen = *tptr++; + tlen -= alen; } break; - case TLV_ISNEIGH: - while (tmp >= ETHER_ADDR_LEN) { - if (!TTEST2(*tptr, ETHER_ADDR_LEN)) - goto trunctlv; - printf("\n\t\tIS Neighbor: %s",isis_print_sysid(tptr,ETHER_ADDR_LEN)); - tmp -= ETHER_ADDR_LEN; - tptr += ETHER_ADDR_LEN; + case ISIS_TLV_ISNEIGH: + while (tlen != 0) { + if (tlen < MAC_ADDR_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, MAC_ADDR_LEN); + ND_PRINT("\n\t SNPA: %s", isis_print_id(ndo, tptr, MAC_ADDR_LEN)); + tlen -= MAC_ADDR_LEN; + tptr += MAC_ADDR_LEN; } break; - case TLV_ISNEIGH_VARLEN: - if (!TTEST2(*tptr, 1)) - goto trunctlv; - lan_alen = *tptr++; /* LAN adress length */ - tmp --; - printf("\n\t\tLAN address length %u bytes ",lan_alen); - while (tmp >= lan_alen) { - if (!TTEST2(*tptr, lan_alen)) - goto trunctlv; - printf("\n\t\tIS Neighbor: %s",isis_print_sysid(tptr,lan_alen)); - tmp -= lan_alen; - tptr +=lan_alen; + case ISIS_TLV_INSTANCE_ID: + if (tlen < 4) + goto tlv_trunc; + num_vals = (tlen-2)/2; + ND_PRINT("\n\t Instance ID: %u, ITIDs(%u)%s ", + GET_BE_U_2(tptr), num_vals, + num_vals ? ":" : ""); + tptr += 2; + tlen -= 2; + for (i=0; i < num_vals; i++) { + ND_PRINT("%u", GET_BE_U_2(tptr)); + if (i < (num_vals - 1)) { + ND_PRINT(", "); + } + tptr += 2; + tlen -= 2; } break; - case TLV_PADDING: + case ISIS_TLV_PADDING: break; - case TLV_MT_IS_REACH: - while (tmp>0) { - if (!TTEST2(*tptr, 2)) - goto trunctlv; - printf("\n\t\t%s", - tok2str(isis_mt_values, - "Reserved for IETF Consensus", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr)))); - - printf(" Topology (0x%03x)", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr))); - tptr+=2; - if (!TTEST2(*tptr, NODE_ID_LEN)) - goto trunctlv; - printf("\n\t\t IS Neighbor: %s", isis_print_nodeid(tptr)); - tptr+=(NODE_ID_LEN); - if (!TTEST2(*tptr, 3)) - goto trunctlv; - printf(", Metric: %d",EXTRACT_24BITS(tptr)); - tptr+=3; - if (!TTEST2(*tptr, 1)) - goto trunctlv; - tslen=*(tptr++); - printf(", %ssub-TLVs present",tslen ? "" : "no "); - if (tslen) { - printf(" (%u)",tslen); - while (tslen>0) { - if (!TTEST2(*tptr,2)) - goto trunctlv; - subt=*(tptr++); - subl=*(tptr++); - if(!isis_print_is_reach_subtlv(tptr,subt,subl,"\n\t\t ")) - return(0); - tptr+=subl; - tslen-=(subl+2); - tmp-=(subl+2); - } + case ISIS_TLV_MT_IS_REACH: + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); + if (mt_len == 0) /* did something go wrong ? */ + goto trunc; + tptr+=mt_len; + tlen-=mt_len; + while (tlen != 0) { + ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tlen); + if (ext_is_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_is_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_is_len); + nd_print_invalid(ndo); + break; } - tmp-=(SYSTEM_ID_LEN+7); + tlen-=(uint8_t)ext_is_len; + tptr+=(uint8_t)ext_is_len; } break; - case TLV_EXT_IS_REACH: - while (tmp>0) { - if (!TTEST2(*tptr, NODE_ID_LEN)) - goto trunctlv; - printf("\n\t\tIS Neighbor: %s", isis_print_nodeid(tptr)); - tptr+=(NODE_ID_LEN); - - if (!TTEST2(*tptr, 3)) - goto trunctlv; - printf(", Metric: %d",EXTRACT_24BITS(tptr)); - tptr+=3; - - if (!TTEST2(*tptr, 1)) - goto trunctlv; - tslen=*(tptr++); /* read out subTLV length */ - printf(", %ssub-TLVs present",tslen ? "" : "no "); - if (tslen) { - printf(" (%u)",tslen); - while (tslen>0) { - if (!TTEST2(*tptr,2)) - goto trunctlv; - subt=*(tptr++); - subl=*(tptr++); - if(!isis_print_is_reach_subtlv(tptr,subt,subl,"\n\t\t ")) - return(0); - tptr+=subl; - tslen-=(subl+2); - tmp-=(subl+2); - } + case ISIS_TLV_IS_ALIAS_ID: + while (tlen != 0) { + ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tlen); + if (ext_is_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_is_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_is_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_is_len; + tptr+=(uint8_t)ext_is_len; + } + break; + + case ISIS_TLV_EXT_IS_REACH: + while (tlen != 0) { + ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t ", tlv_type, tlen); + if (ext_is_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_is_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_is_len); + nd_print_invalid(ndo); + break; } - tmp-=(SYSTEM_ID_LEN+5); + tlen-=(uint8_t)ext_is_len; + tptr+=(uint8_t)ext_is_len; } break; - case TLV_IS_REACH: - if (!TTEST2(*tptr,1)) /* check if there is one byte left to read out the virtual flag */ - goto trunctlv; - printf("\n\t\t%s", + case ISIS_TLV_IS_REACH: + if (tlen < 1) + goto tlv_trunc; + ND_PRINT("\n\t %s", tok2str(isis_is_reach_virtual_values, "bogus virtual flag 0x%02x", - *tptr++)); + GET_U_1(tptr))); + tptr++; + tlen--; tlv_is_reach = (const struct isis_tlv_is_reach *)tptr; - while (tmp >= sizeof(struct isis_tlv_is_reach)) { - if (!TTEST(*tlv_is_reach)) - goto trunctlv; - printf("\n\t\tIS Neighbor: %s", isis_print_nodeid(tlv_is_reach->neighbor_nodeid)); - isis_print_metric_block(&tlv_is_reach->isis_metric_block); - tmp -= sizeof(struct isis_tlv_is_reach); + while (tlen != 0) { + if (tlen < sizeof(struct isis_tlv_is_reach)) + goto tlv_trunc; + ND_TCHECK_SIZE(tlv_is_reach); + ND_PRINT("\n\t IS Neighbor: %s", + isis_print_id(ndo, tlv_is_reach->neighbor_nodeid, NODE_ID_LEN)); + isis_print_metric_block(ndo, &tlv_is_reach->isis_metric_block); + tlen -= sizeof(struct isis_tlv_is_reach); tlv_is_reach++; } break; - case TLV_ESNEIGH: + case ISIS_TLV_ESNEIGH: tlv_es_reach = (const struct isis_tlv_es_reach *)tptr; - while (tmp >= sizeof(struct isis_tlv_es_reach)) { - if (!TTEST(*tlv_es_reach)) - goto trunctlv; - printf("\n\t\tES Neighbor: %s", - isis_print_sysid(tlv_es_reach->neighbor_sysid,SYSTEM_ID_LEN)); - isis_print_metric_block(&tlv_es_reach->isis_metric_block); - tmp -= sizeof(struct isis_tlv_es_reach); + while (tlen != 0) { + if (tlen < sizeof(struct isis_tlv_es_reach)) + goto tlv_trunc; + ND_TCHECK_SIZE(tlv_es_reach); + ND_PRINT("\n\t ES Neighbor: %s", + isis_print_id(ndo, tlv_es_reach->neighbor_sysid, SYSTEM_ID_LEN)); + isis_print_metric_block(ndo, &tlv_es_reach->isis_metric_block); + tlen -= sizeof(struct isis_tlv_es_reach); tlv_es_reach++; } break; /* those two TLVs share the same format */ - case TLV_IP_REACH: - case TLV_IP_REACH_EXT: - if (!isis_print_tlv_ip_reach(pptr, len)) - return (1); - break; - - case TLV_MT_IP_REACH: - while (tmp>0) { - if (!TTEST2(*tptr, 2)) - goto trunctlv; - - printf("\n\t\t%s", - tok2str(isis_mt_values, - "Reserved for IETF Consensus", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr)))); - - printf(" Topology (0x%03x)", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr))); - tptr+=2; - - memset (prefix, 0, 4); - if (!TTEST2(*tptr, 4)) - return (1); - metric = EXTRACT_32BITS(tptr); - tptr+=4; - - if (!TTEST2(*tptr, 1)) /* fetch status byte */ - return (1); - j=*(tptr); - bit_length = (*(tptr)++&0x3f); - byte_length = (bit_length + 7) / 8; /* prefix has variable length encoding */ - - if (!TTEST2(*tptr, byte_length)) - return (1); - memcpy(prefix,tptr,byte_length); - tptr+=byte_length; - printf("\n\t\tIPv4 prefix: %s/%d", - ipaddr_string(prefix), - bit_length); - - printf("\n\t\t Metric: %u, Distribution: %s", - metric, - ISIS_MASK_TLV_EXT_IP_UPDOWN(j) ? "down" : "up"); - - printf(", %ssub-TLVs present", - ISIS_MASK_TLV_EXT_IP_SUBTLV(j) ? "" : "no "); - - if (ISIS_MASK_TLV_EXT_IP_SUBTLV(j)) { - /* assume that one prefix can hold more - than one subTLV - therefore the first byte must reflect - the aggregate bytecount of the subTLVs for this prefix - */ - if (!TTEST2(*tptr, 1)) - return (1); - tslen=*(tptr++); - tmp--; - printf(" (%u)",tslen); /* print out subTLV length */ - - while (tslen>0) { - if (!TTEST2(*tptr,2)) - goto trunctlv; - subt=*(tptr++); - subl=*(tptr++); - if(!isis_print_ip_reach_subtlv(tptr,subt,subl,"\n\t\t ")) - return(0); - tptr+=subl; - tslen-=(subl+2); - tmp-=(subl+2); - } - } - tmp-=(7+byte_length); - } - break; + case ISIS_TLV_INT_IP_REACH: + case ISIS_TLV_EXT_IP_REACH: + if (!isis_print_tlv_ip_reach(ndo, pptr, "\n\t ", tlv_len)) + return (1); + break; - case TLV_EXT_IP_REACH: - while (tmp>0) { - memset (prefix, 0, 4); - if (!TTEST2(*tptr, 4)) - return (1); - metric = EXTRACT_32BITS(tptr); - tptr+=4; - - if (!TTEST2(*tptr, 1)) /* fetch status byte */ - return (1); - j=*(tptr); - bit_length = (*(tptr)++&0x3f); - byte_length = (bit_length + 7) / 8; /* prefix has variable length encoding */ - - if (!TTEST2(*tptr, byte_length)) - return (1); - memcpy(prefix,tptr,byte_length); - tptr+=byte_length; - printf("\n\t\tIPv4 prefix: %s/%d", - ipaddr_string(prefix), - bit_length); - - printf("\n\t\t Metric: %u, Distribution: %s", - metric, - ISIS_MASK_TLV_EXT_IP_UPDOWN(j) ? "down" : "up"); - - printf(", %ssub-TLVs present", - ISIS_MASK_TLV_EXT_IP_SUBTLV(j) ? "" : "no "); - - if (ISIS_MASK_TLV_EXT_IP_SUBTLV(j)) { - /* assume that one prefix can hold more - than one subTLV - therefore the first byte must reflect - the aggregate bytecount of the subTLVs for this prefix - */ - if (!TTEST2(*tptr, 1)) - return (1); - tslen=*(tptr++); - tmp--; - printf(" (%u)",tslen); /* print out subTLV length */ - - while (tslen>0) { - if (!TTEST2(*tptr,2)) - goto trunctlv; - subt=*(tptr++); - subl=*(tptr++); - if(!isis_print_ip_reach_subtlv(tptr,subt,subl,"\n\t\t ")) - return(0); - tptr+=subl; - tslen-=(subl+2); - tmp-=(subl+2); - } - } - tmp-=(5+byte_length); - } - break; + case ISIS_TLV_EXTD_IP_REACH: + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET); + if (ext_ip_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; -#ifdef INET6 - - case TLV_IP6_REACH: - while (tmp>0) { - if (!TTEST2(*tptr, 4)) - return (1); - metric = EXTRACT_32BITS(tptr); - tptr+=4; - - if (!TTEST2(*tptr, 2)) - return (1); - j=*(tptr++); - bit_length = (*(tptr)++); - byte_length = (bit_length + 7) / 8; - if (!TTEST2(*tptr, byte_length)) - return (1); - - memset(prefix6, 0, 16); - memcpy(prefix6,tptr,byte_length); - tptr+=byte_length; - printf("\n\t\tIPv6 prefix: %s/%u", - ip6addr_string(prefix6), - bit_length); - - printf("\n\t\t Metric: %u, %s, Distribution: %s, %ssub-TLVs present", - metric, - ISIS_MASK_TLV_IP6_IE(j) ? "External" : "Internal", - ISIS_MASK_TLV_IP6_UPDOWN(j) ? "down" : "up", - ISIS_MASK_TLV_IP6_SUBTLV(j) ? "" : "no "); - - if (ISIS_MASK_TLV_IP6_SUBTLV(j)) { - /* assume that one prefix can hold more - than one subTLV - therefore the first byte must reflect - the aggregate bytecount of the subTLVs for this prefix - */ - if (!TTEST2(*tptr, 1)) - return (1); - tslen=*(tptr++); - tmp--; - printf(" (%u)",tslen); /* print out subTLV length */ - - while (tslen>0) { - if (!TTEST2(*tptr,2)) - goto trunctlv; - subt=*(tptr++); - subl=*(tptr++); - if(!isis_print_ip_reach_subtlv(tptr,subt,subl,"\n\t\t ")) - return(0); - tptr+=subl; - tslen-=(subl+2); - tmp-=(subl+2); - } - } - tmp-=(6+byte_length); - } + case ISIS_TLV_MT_IP_REACH: + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunc; + } + tptr+=mt_len; + tlen-=mt_len; + + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET); + if (ext_ip_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; - break; -#endif + case ISIS_TLV_IP6_REACH: + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); + if (ext_ip_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; -#ifdef INET6 - case TLV_IP6ADDR: - while (tmp>0) { - if (!TTEST2(*tptr, 16)) - goto trunctlv; + case ISIS_TLV_MT_IP6_REACH: + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); + if (mt_len == 0) { /* did something go wrong ? */ + goto trunc; + } + tptr+=mt_len; + tlen-=mt_len; + + while (tlen != 0) { + ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t ", AF_INET6); + if (ext_ip_len == 0) /* did something go wrong ? */ + goto trunc; + if (tlen < ext_ip_len) { + ND_PRINT(" [remaining tlv length %u < %u]", tlen, ext_ip_len); + nd_print_invalid(ndo); + break; + } + tlen-=(uint8_t)ext_ip_len; + tptr+=(uint8_t)ext_ip_len; + } + break; - printf("\n\t\tIPv6 interface address: %s", - ip6addr_string(tptr)); + case ISIS_TLV_IP6ADDR: + while (tlen != 0) { + if (tlen < sizeof(nd_ipv6)) + goto tlv_trunc; + ND_PRINT("\n\t IPv6 interface address: %s", + GET_IP6ADDR_STRING(tptr)); - tptr += 16; - tmp -= 16; + tptr += sizeof(nd_ipv6); + tlen -= sizeof(nd_ipv6); } break; -#endif - case TLV_AUTH: - if (!TTEST2(*tptr, 1)) - goto trunctlv; + case ISIS_TLV_AUTH: + if (tlen < 1) + goto tlv_trunc; + auth_type = GET_U_1(tptr); + tptr++; + tlen--; - printf("\n\t\t%s: ", + ND_PRINT("\n\t %s: ", tok2str(isis_subtlv_auth_values, "unknown Authentication type 0x%02x", - *tptr)); - - switch (*tptr) { - case SUBTLV_AUTH_SIMPLE: - for(i=1;i=1) { - if (!TTEST2(*tptr, 1)) - goto trunctlv; - printf("\n\t\tAdjacency State: %s", - tok2str(isis_ptp_adjancey_values, "0x%02x", *tptr)); - tmp--; + if(tlen>=1) { + ND_PRINT("\n\t Adjacency State: %s (%u)", + tok2str(isis_ptp_adjacency_values, "unknown", GET_U_1(tptr)), + GET_U_1(tptr)); + tlen--; } - if(tmp>sizeof(tlv_ptp_adj->extd_local_circuit_id)) { - if (!TTEST2(tlv_ptp_adj->extd_local_circuit_id, - sizeof(tlv_ptp_adj->extd_local_circuit_id))) - goto trunctlv; - printf("\n\t\tExtended Local circuit ID: 0x%08x", - EXTRACT_32BITS(tlv_ptp_adj->extd_local_circuit_id)); - tmp-=sizeof(tlv_ptp_adj->extd_local_circuit_id); + if(tlen>sizeof(tlv_ptp_adj->extd_local_circuit_id)) { + ND_PRINT("\n\t Extended Local circuit-ID: 0x%08x", + GET_BE_U_4(tlv_ptp_adj->extd_local_circuit_id)); + tlen-=sizeof(tlv_ptp_adj->extd_local_circuit_id); } - if(tmp>=SYSTEM_ID_LEN) { - if (!TTEST2(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN)) - goto trunctlv; - printf("\n\t\tNeighbor SystemID: %s", - isis_print_sysid(tlv_ptp_adj->neighbor_sysid,SYSTEM_ID_LEN)); - tmp-=SYSTEM_ID_LEN; + if(tlen>=SYSTEM_ID_LEN) { + ND_TCHECK_LEN(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN); + ND_PRINT("\n\t Neighbor System-ID: %s", + isis_print_id(ndo, tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN)); + tlen-=SYSTEM_ID_LEN; } - if(tmp>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) { - if (!TTEST2(tlv_ptp_adj->neighbor_extd_local_circuit_id, - sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id))) - goto trunctlv; - printf("\n\t\tNeighbor Extended Local circuit ID: 0x%08x", - EXTRACT_32BITS(tlv_ptp_adj->neighbor_extd_local_circuit_id)); + if(tlen>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) { + ND_PRINT("\n\t Neighbor Extended Local circuit-ID: 0x%08x", + GET_BE_U_4(tlv_ptp_adj->neighbor_extd_local_circuit_id)); } break; - case TLV_PROTOCOLS: - printf("\n\t\tNLPID(s): "); - while (tmp>0) { - if (!TTEST2(*(tptr), 1)) - goto trunctlv; - printf("%s", - tok2str(isis_nlpid_values, - "Unknown 0x%02x", - *tptr++)); - if (tmp>1) /* further NPLIDs ? - put comma */ - printf(", "); - tmp--; + case ISIS_TLV_PROTOCOLS: + ND_PRINT("\n\t NLPID(s): "); + while (tlen != 0) { + ND_PRINT("%s (0x%02x)", + tok2str(nlpid_values, + "unknown", + GET_U_1(tptr)), + GET_U_1(tptr)); + if (tlen>1) /* further NPLIDs ? - put comma */ + ND_PRINT(", "); + tptr++; + tlen--; } break; - case TLV_TE_ROUTER_ID: - if (!TTEST2(*pptr, 4)) - goto trunctlv; - printf("\n\t\tTraffic Engineering Router ID: %s", ipaddr_string(pptr)); - break; + case ISIS_TLV_MT_PORT_CAP: + { + if (tlen < 2) + goto tlv_trunc; - case TLV_IPADDR: - while (tmp>0) { - if (!TTEST2(*tptr, 4)) - goto trunctlv; - printf("\n\t\tIPv4 interface address: %s", ipaddr_string(tptr)); - tptr += 4; - tmp -= 4; - } + ND_PRINT("\n\t RES: %u, MTID(s): %u", + (GET_BE_U_2(tptr) >> 12), + (GET_BE_U_2(tptr) & 0x0fff)); + + tptr += 2; + tlen -= 2; + + if (tlen) + isis_print_mt_port_cap_subtlv(ndo, tptr, tlen); + + break; + } + + case ISIS_TLV_MT_CAPABILITY: + if (tlen < 2) + goto tlv_trunc; + + ND_PRINT("\n\t O: %u, RES: %u, MTID(s): %u", + (GET_BE_U_2(tptr) >> 15) & 0x01, + (GET_BE_U_2(tptr) >> 12) & 0x07, + GET_BE_U_2(tptr) & 0x0fff); + + tptr += 2; + tlen -= 2; + + if (tlen) + isis_print_mt_capability_subtlv(ndo, tptr, tlen); + + break; + + case ISIS_TLV_TE_ROUTER_ID: + if (tlen < sizeof(nd_ipv4)) + goto tlv_trunc; + ND_PRINT("\n\t Traffic Engineering Router ID: %s", GET_IPADDR_STRING(pptr)); break; - case TLV_HOSTNAME: - printf("\n\t\tHostname: "); - while (tmp>0) { - if (!TTEST2(*tptr, 1)) - goto trunctlv; - printf("%c",*tptr++); - tmp--; + case ISIS_TLV_IPADDR: + while (tlen != 0) { + if (tlen < sizeof(nd_ipv4)) + goto tlv_trunc; + ND_PRINT("\n\t IPv4 interface address: %s", GET_IPADDR_STRING(tptr)); + tptr += sizeof(nd_ipv4); + tlen -= sizeof(nd_ipv4); } break; - case TLV_SHARED_RISK_GROUP: - if (!TTEST2(*tptr, NODE_ID_LEN)) - goto trunctlv; - printf("\n\t\tIS Neighbor: %s", isis_print_nodeid(tptr)); - tptr+=(NODE_ID_LEN); - len-=(NODE_ID_LEN); - - if (!TTEST2(*tptr, 1)) - goto trunctlv; - printf(", %s", ISIS_MASK_TLV_SHARED_RISK_GROUP(*tptr++) ? "numbered" : "unnumbered"); - len--; - - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("\n\t\tIPv4 interface address: %s", ipaddr_string(tptr)); - tptr+=4; - len-=4; + case ISIS_TLV_HOSTNAME: + ND_PRINT("\n\t Hostname: "); + nd_printjnp(ndo, tptr, tlen); + break; - if (!TTEST2(*tptr,4)) - goto trunctlv; - printf("\n\t\tIPv4 neighbor address: %s", ipaddr_string(tptr)); - tptr+=4; - len-=4; - - while (tmp>0) { - if (!TTEST2(*tptr, 4)) - goto trunctlv; - printf("\n\t\tLink-ID: 0x%08x", EXTRACT_32BITS(tptr)); - tptr+=4; - len-=4; + case ISIS_TLV_SHARED_RISK_GROUP: + if (tlen < NODE_ID_LEN) + break; + ND_TCHECK_LEN(tptr, NODE_ID_LEN); + ND_PRINT("\n\t IS Neighbor: %s", isis_print_id(ndo, tptr, NODE_ID_LEN)); + tptr+=NODE_ID_LEN; + tlen-=NODE_ID_LEN; + + if (tlen < 1) + break; + ND_PRINT(", Flags: [%s]", + ISIS_MASK_TLV_SHARED_RISK_GROUP(GET_U_1(tptr)) ? "numbered" : "unnumbered"); + tptr++; + tlen--; + + if (tlen < sizeof(nd_ipv4)) + break; + ND_PRINT("\n\t IPv4 interface address: %s", GET_IPADDR_STRING(tptr)); + tptr+=sizeof(nd_ipv4); + tlen-=sizeof(nd_ipv4); + + if (tlen < sizeof(nd_ipv4)) + break; + ND_PRINT("\n\t IPv4 neighbor address: %s", GET_IPADDR_STRING(tptr)); + tptr+=sizeof(nd_ipv4); + tlen-=sizeof(nd_ipv4); + + while (tlen != 0) { + if (tlen < 4) + goto tlv_trunc; + ND_PRINT("\n\t Link-ID: 0x%08x", GET_BE_U_4(tptr)); + tptr+=4; + tlen-=4; } break; - case TLV_LSP: + case ISIS_TLV_LSP: tlv_lsp = (const struct isis_tlv_lsp *)tptr; - while(tmp>0) { - printf("\n\t\tlsp-id: %s", - isis_print_nodeid(tlv_lsp->lsp_id)); - if (!TTEST((tlv_lsp->lsp_id)[NODE_ID_LEN])) - goto trunctlv; - printf("-%02x",(tlv_lsp->lsp_id)[NODE_ID_LEN]); - if (!TTEST2(tlv_lsp->sequence_number, 4)) - goto trunctlv; - printf(", seq: 0x%08x",EXTRACT_32BITS(tlv_lsp->sequence_number)); - if (!TTEST2(tlv_lsp->remaining_lifetime, 2)) - goto trunctlv; - printf(", lifetime: %5ds",EXTRACT_16BITS(tlv_lsp->remaining_lifetime)); - if (!TTEST2(tlv_lsp->checksum, 2)) - goto trunctlv; - printf(", chksum: 0x%04x",EXTRACT_16BITS(tlv_lsp->checksum)); - tmp-=sizeof(struct isis_tlv_lsp); + while (tlen != 0) { + if (tlen < sizeof(struct isis_tlv_lsp)) + goto tlv_trunc; + ND_TCHECK_1(tlv_lsp->lsp_id + LSP_ID_LEN - 1); + ND_PRINT("\n\t lsp-id: %s", + isis_print_id(ndo, tlv_lsp->lsp_id, LSP_ID_LEN)); + ND_PRINT(", seq: 0x%08x", + GET_BE_U_4(tlv_lsp->sequence_number)); + ND_PRINT(", lifetime: %5ds", + GET_BE_U_2(tlv_lsp->remaining_lifetime)); + ND_PRINT(", chksum: 0x%04x", GET_BE_U_2(tlv_lsp->checksum)); + tlen-=sizeof(struct isis_tlv_lsp); tlv_lsp++; } break; - case TLV_CHECKSUM: - if (!TTEST2(*tptr, 2)) - goto trunctlv; - printf("\n\t\tchecksum: 0x%04x (%s)", - EXTRACT_16BITS(tptr), - (osi_cksum(optr, length)) ? "incorrect" : "correct"); + case ISIS_TLV_CHECKSUM: + if (tlen < ISIS_TLV_CHECKSUM_MINLEN) + break; + ND_TCHECK_LEN(tptr, ISIS_TLV_CHECKSUM_MINLEN); + ND_PRINT("\n\t checksum: 0x%04x ", GET_BE_U_2(tptr)); + /* do not attempt to verify the checksum if it is zero + * most likely a HMAC-MD5 TLV is also present and + * to avoid conflicts the checksum TLV is zeroed. + * see rfc3358 for details + */ + osi_print_cksum(ndo, optr, GET_BE_U_2(tptr), (int)(tptr-optr), + length); + break; + + case ISIS_TLV_POI: + if (tlen < 1) + goto tlv_trunc; + num_system_ids = GET_U_1(tptr); + tptr++; + tlen--; + if (num_system_ids == 0) { + /* Not valid */ + ND_PRINT(" No system IDs supplied"); + } else { + if (tlen < SYSTEM_ID_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT("\n\t Purge Originator System-ID: %s", + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + tptr += SYSTEM_ID_LEN; + tlen -= SYSTEM_ID_LEN; + + if (num_system_ids > 1) { + if (tlen < SYSTEM_ID_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_TCHECK_LEN(tptr, 2 * SYSTEM_ID_LEN + 1); + ND_PRINT("\n\t Received from System-ID: %s", + isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + } + } break; - case TLV_MT_SUPPORTED: - while (tmp>1) { + case ISIS_TLV_MT_SUPPORTED: + while (tlen != 0) { /* length can only be a multiple of 2, otherwise there is something broken -> so decode down until length is 1 */ - if (tmp!=1) { - if (!TTEST2(*tptr, 2)) - goto trunctlv; - printf("\n\t\t%s", - tok2str(isis_mt_values, - "Reserved for IETF Consensus", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr)))); - - printf(" Topology (0x%03x)%s%s", - ISIS_MASK_MTID(EXTRACT_16BITS(tptr)), - ISIS_MASK_MTSUB(EXTRACT_16BITS(tptr)) ? "" : ", no sub-TLVs present", - ISIS_MASK_MTATT(EXTRACT_16BITS(tptr)) ? ", ATT bit set" : "" ); + if (tlen!=1) { + mt_len = isis_print_mtid(ndo, tptr, "\n\t ", tlen); + if (mt_len == 0) /* did something go wrong ? */ + goto trunc; + tptr+=mt_len; + tlen-=mt_len; } else { - printf("\n\t\tmalformed MT-ID"); + ND_PRINT("\n\t invalid MT-ID"); break; } - tmp-=2; - tptr+=2; } break; - case TLV_RESTART_SIGNALING: - if (!TTEST2(*tptr, 3)) - goto trunctlv; - rr = ISIS_MASK_TLV_RESTART_RR(*tptr); - ra = ISIS_MASK_TLV_RESTART_RA(*tptr); - tptr++; - time_remain = EXTRACT_16BITS(tptr); - printf("\n\t\tRestart Request bit %s, Restart Acknowledgement bit %s\n\t\tRemaining holding time: %us", - rr ? "set" : "clear", ra ? "set" : "clear", time_remain); + case ISIS_TLV_RESTART_SIGNALING: + /* first attempt to decode the flags */ + if (tlen < ISIS_TLV_RESTART_SIGNALING_FLAGLEN) + break; + ND_TCHECK_LEN(tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN); + ND_PRINT("\n\t Flags [%s]", + bittok2str(isis_restart_flag_values, "none", GET_U_1(tptr))); + tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; + tlen-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN; + + /* is there anything other than the flags field? */ + if (tlen == 0) + break; + + if (tlen < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN) + break; + ND_TCHECK_LEN(tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN); + + ND_PRINT(", Remaining holding time %us", GET_BE_U_2(tptr)); + tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; + tlen-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN; + + /* is there an additional sysid field present ?*/ + if (tlen == SYSTEM_ID_LEN) { + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT(", for %s", isis_print_id(ndo, tptr,SYSTEM_ID_LEN)); + } break; - case TLV_IDRP_INFO: - if (!TTEST2(*tptr, 1)) - goto trunctlv; - printf("\n\t\tInter-Domain Information Type: %s", + case ISIS_TLV_IDRP_INFO: + if (tlen < 1) + break; + isis_subtlv_idrp = GET_U_1(tptr); + ND_PRINT("\n\t Inter-Domain Information Type: %s", tok2str(isis_subtlv_idrp_values, "Unknown (0x%02x)", - *tptr)); - switch (*tptr++) { - case SUBTLV_IDRP_ASN: - if (!TTEST2(*tptr, 2)) /* fetch AS number */ - goto trunctlv; - printf("AS Number: %u",EXTRACT_16BITS(tptr)); + isis_subtlv_idrp)); + tptr++; + tlen--; + switch (isis_subtlv_idrp) { + case ISIS_SUBTLV_IDRP_ASN: + if (tlen < 2) + goto tlv_trunc; + ND_PRINT("AS Number: %u", GET_BE_U_2(tptr)); break; - case SUBTLV_IDRP_LOCAL: - case SUBTLV_IDRP_RES: + case ISIS_SUBTLV_IDRP_LOCAL: + case ISIS_SUBTLV_IDRP_RES: default: - if(!print_unknown_data(tptr,"\n\t\t",len-1)) + if (!print_unknown_data(ndo, tptr, "\n\t ", tlen)) return(0); break; } break; - case TLV_LSP_BUFFERSIZE: - if (!TTEST2(*tptr, 2)) - goto trunctlv; - printf("LSP Buffersize: %u",EXTRACT_16BITS(tptr)); + case ISIS_TLV_LSP_BUFFERSIZE: + if (tlen < 2) + break; + ND_PRINT("\n\t LSP Buffersize: %u", GET_BE_U_2(tptr)); break; - case TLV_PART_DIS: - while (tmp >= SYSTEM_ID_LEN) { - if (!TTEST2(*tptr, SYSTEM_ID_LEN)) - goto trunctlv; - printf("%s",isis_print_sysid(tptr,SYSTEM_ID_LEN)); - tptr+=SYSTEM_ID_LEN; - tmp-=SYSTEM_ID_LEN; + case ISIS_TLV_PART_DIS: + while (tlen != 0) { + if (tlen < SYSTEM_ID_LEN) + goto tlv_trunc; + ND_TCHECK_LEN(tptr, SYSTEM_ID_LEN); + ND_PRINT("\n\t %s", isis_print_id(ndo, tptr, SYSTEM_ID_LEN)); + tptr+=SYSTEM_ID_LEN; + tlen-=SYSTEM_ID_LEN; } break; - case TLV_PREFIX_NEIGH: - if (!TTEST2(*tptr, sizeof(struct isis_metric_block))) - goto trunctlv; - printf("Metric Block"); - isis_print_metric_block((const struct isis_metric_block *)tptr); + case ISIS_TLV_PREFIX_NEIGH: + if (tlen < sizeof(struct isis_metric_block)) + break; + ND_TCHECK_LEN(tptr, sizeof(struct isis_metric_block)); + ND_PRINT("\n\t Metric Block"); + isis_print_metric_block(ndo, (const struct isis_metric_block *)tptr); tptr+=sizeof(struct isis_metric_block); - tmp-=sizeof(struct isis_metric_block); - - while(tmp>0) { - if (!TTEST2(*tptr, 1)) - goto trunctlv; - prefix_len=*tptr++; /* read out prefix length in semioctets*/ - tmp--; - if (!TTEST2(*tptr, prefix_len/2)) - goto trunctlv; - printf("\n\t\tAddress: %s/%u", - print_nsap(tptr,prefix_len/2), - prefix_len*4); + tlen-=sizeof(struct isis_metric_block); + + while (tlen != 0) { + prefix_len=GET_U_1(tptr); /* read out prefix length in semioctets*/ + tptr++; + tlen--; + if (prefix_len < 2) { + ND_PRINT("\n\t\tAddress: prefix length %u < 2", prefix_len); + break; + } + if (tlen < prefix_len/2) + break; + ND_PRINT("\n\t\tAddress: %s/%u", + GET_ISONSAP_STRING(tptr, prefix_len / 2), prefix_len * 4); tptr+=prefix_len/2; - tmp-=prefix_len/2; + tlen-=prefix_len/2; } break; - case TLV_IIH_SEQNR: - if (!TTEST2(*tptr, 4)) /* check if four bytes are on the wire */ - goto trunctlv; - printf("\n\t\tSequence number: %u", EXTRACT_32BITS(tptr) ); + case ISIS_TLV_IIH_SEQNR: + if (tlen < 4) + break; + ND_PRINT("\n\t Sequence number: %u", GET_BE_U_4(tptr)); + break; + + case ISIS_TLV_ROUTER_CAPABILITY: + if (tlen < 5) { + ND_PRINT(" [object length %u < 5]", tlen); + nd_print_invalid(ndo); + break; + } + ND_PRINT("\n\t Router-ID %s", GET_IPADDR_STRING(tptr)); + ND_PRINT(", Flags [%s]", + bittok2str(isis_tlv_router_capability_flags, "none", GET_U_1(tptr+4))); + + /* Optional set of sub-TLV */ + if (tlen > 5) { + isis_print_router_cap_subtlv(ndo, tptr+5, tlen-5); + } break; + case ISIS_TLV_VENDOR_PRIVATE: + if (tlen < 3) + break; + vendor_id = GET_BE_U_3(tptr); + ND_PRINT("\n\t Vendor: %s (%u)", + tok2str(oui_values, "Unknown", vendor_id), + vendor_id); + tptr+=3; + tlen-=3; + if (tlen != 0) /* hexdump the rest */ + if (!print_unknown_data(ndo, tptr, "\n\t\t", tlen)) + return(0); + break; /* * FIXME those are the defined TLVs that lack a decoder * you are welcome to contribute code ;-) */ - case TLV_IS_ALIAS_ID: - case TLV_DECNET_PHASE4: - case TLV_LUCENT_PRIVATE: - case TLV_IPAUTH: - case TLV_NORTEL_PRIVATE1: - case TLV_NORTEL_PRIVATE2: - case TLV_MT_IP6_REACH: + case ISIS_TLV_DECNET_PHASE4: + case ISIS_TLV_LUCENT_PRIVATE: + case ISIS_TLV_IPAUTH: + case ISIS_TLV_NORTEL_PRIVATE1: + case ISIS_TLV_NORTEL_PRIVATE2: default: - if(!print_unknown_data(pptr,"\n\t\t",len)) - return(0); - break; + if (ndo->ndo_vflag <= 1) { + if (!print_unknown_data(ndo, pptr, "\n\t\t", tlv_len)) + return(0); + } + break; + } +tlv_trunc: + /* do we want to see an additionally hexdump ? */ + if (ndo->ndo_vflag> 1) { + if (!print_unknown_data(ndo, pptr, "\n\t ", tlv_len)) + return(0); } - pptr += len; - packet_len -= len; + pptr += tlv_len; + packet_len -= tlv_len; } if (packet_len != 0) { - printf("\n\t\t %d straggler bytes", packet_len); + ND_PRINT("\n\t %u straggler bytes", packet_len); } return (1); trunc: - fputs("[|isis]", stdout); + nd_print_trunc(ndo); return (1); - -trunctlv: - printf("\n\t\t packet exceeded snapshot"); - return(1); } -/* - * Verify the checksum. See 8473-1, Appendix C, section C.4. - */ - -static int -osi_cksum(const u_char *tptr, u_int len) +static void +osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr, + uint16_t checksum, int checksum_offset, u_int length) { - int32_t c0 = 0, c1 = 0; - - while ((int)--len >= 0) { - c0 += *tptr++; - c0 %= 255; - c1 += c0; - c1 %= 255; - } - return (c0 | c1); + uint16_t calculated_checksum; + + /* do not attempt to verify the checksum if it is zero, + * if the offset is nonsense, + * or the base pointer is not sane + */ + if (!checksum + || checksum_offset < 0 + || !ND_TTEST_2(pptr + checksum_offset) + || (u_int)checksum_offset > length + || !ND_TTEST_LEN(pptr, length)) { + ND_PRINT(" (unverified)"); + } else { +#if 0 + ND_PRINT("\nosi_print_cksum: %p %d %u\n", pptr, checksum_offset, length); +#endif + calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); + if (checksum == calculated_checksum) { + ND_PRINT(" (correct)"); + } else { + ND_PRINT(" (incorrect should be 0x%04x)", calculated_checksum); + } + } }