X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/eff98c50c682a5f40c4bdc0f4ce58df3af52cf43..532534b6366927708baa6dc8dcf62d8924ab5efc:/print-ip.c diff --git a/print-ip.c b/print-ip.c index 6103b11a..f8e02c1e 100644 --- a/print-ip.c +++ b/print-ip.c @@ -54,7 +54,7 @@ static const struct tok ip_option_values[] = { /* * print the recorded route in an IP RR, LSRR or SSRR option. */ -static void +static int ip_printroute(netdissect_options *ndo, register const u_char *cp, u_int length) { @@ -63,19 +63,25 @@ ip_printroute(netdissect_options *ndo, if (length < 3) { ND_PRINT((ndo, " [bad length %u]", length)); - return; + return (0); } if ((length + 1) & 3) ND_PRINT((ndo, " [bad length %u]", length)); + ND_TCHECK(cp[2]); ptr = cp[2] - 1; if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) ND_PRINT((ndo, " [bad ptr %u]", cp[2])); for (len = 3; len < length; len += 4) { + ND_TCHECK2(cp[len], 4); ND_PRINT((ndo, " %s", ipaddr_string(ndo, &cp[len]))); if (ptr > len) ND_PRINT((ndo, ",")); } + return (0); + +trunc: + return (-1); } /* @@ -162,7 +168,7 @@ nextproto4_cksum(netdissect_options *ndo, return (in_cksum(vec, 2)); } -static void +static int ip_printts(netdissect_options *ndo, register const u_char *cp, u_int length) { @@ -173,16 +179,18 @@ ip_printts(netdissect_options *ndo, if (length < 4) { ND_PRINT((ndo, "[bad length %u]", length)); - return; + return (0); } ND_PRINT((ndo, " TS{")); hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; if ((length - 4) & (hoplen-1)) ND_PRINT((ndo, "[bad length %u]", length)); + ND_TCHECK(cp[2]); ptr = cp[2] - 1; len = 0; if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) ND_PRINT((ndo, "[bad ptr %u]", cp[2])); + ND_TCHECK(cp[3]); switch (cp[3]&0xF) { case IPOPT_TS_TSONLY: ND_PRINT((ndo, "TSONLY")); @@ -211,6 +219,7 @@ ip_printts(netdissect_options *ndo, for (len = 4; len < length; len += hoplen) { if (ptr == len) type = " ^ "; + ND_TCHECK2(cp[len], hoplen); ND_PRINT((ndo, "%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]), hoplen!=8 ? "" : ipaddr_string(ndo, &cp[len]))); type = " "; @@ -223,6 +232,10 @@ done: ND_PRINT((ndo, " [%d hops not recorded]} ", cp[3]>>4)); else ND_PRINT((ndo, "}")); + return (0); + +trunc: + return (-1); } /* @@ -272,13 +285,15 @@ ip_optprint(netdissect_options *ndo, return; case IPOPT_TS: - ip_printts(ndo, cp, option_len); + if (ip_printts(ndo, cp, option_len) == -1) + goto trunc; break; case IPOPT_RR: /* fall through */ case IPOPT_SSRR: case IPOPT_LSRR: - ip_printroute(ndo, cp, option_len); + if (ip_printroute(ndo, cp, option_len) == -1) + goto trunc; break; case IPOPT_RA: @@ -324,12 +339,16 @@ static void ip_print_demux(netdissect_options *ndo, struct ip_print_demux_state *ipds) { - struct protoent *proto; + const char *p_name; again: switch (ipds->nh) { case IPPROTO_AH: + if (!ND_TTEST(*ipds->cp)) { + ND_PRINT((ndo, "[|AH]")); + break; + } ipds->nh = *ipds->cp; ipds->advance = ah_print(ndo, ipds->cp); if (ipds->advance <= 0) @@ -354,14 +373,14 @@ again: case IPPROTO_IPCOMP: { - int enh; - ipds->advance = ipcomp_print(ndo, ipds->cp, &enh); - if (ipds->advance <= 0) - break; - ipds->cp += ipds->advance; - ipds->len -= ipds->advance; - ipds->nh = enh & 0xff; - goto again; + ipcomp_print(ndo, ipds->cp); + /* + * Either this has decompressed the payload and + * printed it, in which case there's nothing more + * to do, or it hasn't, in which case there's + * nothing more to do. + */ + break; } case IPPROTO_SCTP: @@ -480,8 +499,8 @@ again: break; default: - if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL) - ND_PRINT((ndo, " %s", proto->p_name)); + if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) + ND_PRINT((ndo, " %s", p_name)); else ND_PRINT((ndo, " ip-proto-%d", ipds->nh)); ND_PRINT((ndo, " %d", ipds->len)); @@ -522,17 +541,18 @@ ip_print(netdissect_options *ndo, u_int hlen; struct cksum_vec vec[1]; uint16_t sum, ip_sum; - struct protoent *proto; + const char *p_name; ipds->ip = (const struct ip *)bp; ND_TCHECK(ipds->ip->ip_vhl); - if (IP_V(ipds->ip) != 4) { /* print version if != 4 */ + if (IP_V(ipds->ip) != 4) { /* print version and fail if != 4 */ if (IP_V(ipds->ip) == 6) ND_PRINT((ndo, "IP6, wrong link-layer encapsulation ")); else ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip))); + return; } - else if (!ndo->ndo_eflag) + if (!ndo->ndo_eflag) ND_PRINT((ndo, "IP ")); ND_TCHECK(*ipds->ip); @@ -581,14 +601,21 @@ ip_print(netdissect_options *ndo, ND_PRINT((ndo, "(tos 0x%x", (int)ipds->ip->ip_tos)); /* ECN bits */ switch (ipds->ip->ip_tos & 0x03) { + + case 0: + break; + case 1: ND_PRINT((ndo, ",ECT(1)")); break; + case 2: ND_PRINT((ndo, ",ECT(0)")); break; + case 3: ND_PRINT((ndo, ",CE")); + break; } if (ipds->ip->ip_ttl >= 1) @@ -659,8 +686,8 @@ ip_print(netdissect_options *ndo, */ ND_PRINT((ndo, "%s > %s:", ipaddr_string(ndo, &ipds->ip->ip_src), ipaddr_string(ndo, &ipds->ip->ip_dst))); - if (!ndo->ndo_nflag && (proto = getprotobynumber(ipds->ip->ip_p)) != NULL) - ND_PRINT((ndo, " %s", proto->p_name)); + if (!ndo->ndo_nflag && (p_name = netdb_protoname(ipds->ip->ip_p)) != NULL) + ND_PRINT((ndo, " %s", p_name)); else ND_PRINT((ndo, " ip-proto-%d", ipds->ip->ip_p)); } @@ -674,24 +701,28 @@ trunc: void ipN_print(netdissect_options *ndo, register const u_char *bp, register u_int length) { - struct ip hdr; - - if (length < 4) { + if (length < 1) { ND_PRINT((ndo, "truncated-ip %d", length)); return; } - memcpy (&hdr, bp, 4); - switch (IP_V(&hdr)) { - case 4: + + ND_TCHECK(*bp); + switch (*bp & 0xF0) { + case 0x40: ip_print (ndo, bp, length); - return; - case 6: + break; + case 0x60: ip6_print (ndo, bp, length); - return; + break; default: - ND_PRINT((ndo, "unknown ip %d", IP_V(&hdr))); - return; + ND_PRINT((ndo, "unknown ip %d", (*bp & 0xF0) >> 4)); + break; } + return; + +trunc: + ND_PRINT((ndo, "%s", tstr)); + return; } /*