IP: Report another invalid case as invalid, not truncated

When the IP total length is > (original) length, output example:
  [total length 85 > length 84] (invalid)

We treat this as a warning and so don't stop decoding (as before).

No need to use ND_TCHECK_SIZE(ip) before GET_BE_U_2(ip->ip_len).
ND_TCHECK_SIZE(ip) could be moved further into the code in a future
update.

Add a test file.

Update some test outputs accordingly.
cve-2014-8769-AODV.out updated also because AODV has not yet been
modernized in the 4.99 branch.

(backported from commit 19fbfa53460f641b050f9f7fdfd718e2a30a4f0c)

diff --git a/print-ip.c b/print-ip.c
index da11bebadbe669b4cb8d2018dc44fd31310b28ef..62daa81a491b6dd01b4c9c37e65fddf2985cf382 100644 (file)
--- a/print-ip.c
+++ b/print-ip.c
@@ -343,12 +343,14 @@ ip_print(netdissect_options *ndo,
 
        hlen = IP_HL(ip) * 4;
        ND_ICHECKMSG_ZU("header length", hlen, <, sizeof (struct ip));
-       ND_TCHECK_SIZE(ip);
 
        len = GET_BE_U_2(ip->ip_len);
-       if (length < len)
-               ND_PRINT("truncated-ip - %u bytes missing! ",
-                       len - length);
+       if (len > length) {
+               ND_PRINT("[total length %u > length %u]", len, length);
+               nd_print_invalid(ndo);
+               ND_PRINT(" ");
+       }
+       ND_TCHECK_SIZE(ip);
        if (len < hlen) {
 #ifdef GUESS_TSO
             if (len) {

diff --git a/tests/TESTLIST b/tests/TESTLIST
index c7c2c5cfdbb662e0e0baacd182839b1e91855cc7..7ade2ff337312ea5ed37fca1acacee864d994348 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -307,6 +307,7 @@ dnssec-vv   dnssec.pcap             dnssec-vv.out           -vv
 #IPv4 tests
 ipv4_invalid_length ipv4_invalid_length.pcap ipv4_invalid_length.out -v
 ipv4_invalid_hdr_length ipv4_invalid_hdr_length.pcap ipv4_invalid_hdr_length.out -v
+ipv4_invalid_total_length ipv4_invalid_total_length.pcap ipv4_invalid_total_length.out -v
 
 #IPv6 tests
 ipv6-bad-version       ipv6-bad-version.pcap   ipv6-bad-version.out

diff --git a/tests/cve-2014-8769-AODV.out b/tests/cve-2014-8769-AODV.out
index 2a73aa896ed1ccd2761bdc41b0473edd1185d32e..693889f255f54823f7981f81bcc12d7189e73ce5 100644 (file)
--- a/tests/cve-2014-8769-AODV.out
+++ b/tests/cve-2014-8769-AODV.out
@@ -1,2 +1,2 @@
-    1  19:22:25.721827 IP truncated-ip - 58880 bytes missing! (tos 0x0, ttl 64, id 62335, offset 0, flags [DF], proto UDP (17), length 58941, bad cksum 30c6 (->49c3)!)
+    1  19:22:25.721827 IP [total length 58941 > length 61] (invalid) (tos 0x0, ttl 64, id 62335, offset 0, flags [DF], proto UDP (17), length 58941, bad cksum 30c6 (->49c3)!)
     10.1.1.104.654 > 10.2.2.2.3328:  aodv rerr  [items 0] [19192]:

diff --git a/tests/hncp_dhcpv4data-oobr.out b/tests/hncp_dhcpv4data-oobr.out
index e97cd04439974df655052185a6531ceb5a5ff9d5..4f429db4f9444bf2304ee998e8866d3ffb6218b0 100644 (file)
--- a/tests/hncp_dhcpv4data-oobr.out
+++ b/tests/hncp_dhcpv4data-oobr.out
@@ -1,4 +1,4 @@
-    1  [Error converting time] IP truncated-ip - 231 bytes missing! (tos 0x12,ECT(0), ttl 48, id 21323, offset 0, flags [+, DF, rsvd], proto UDP (17), length 296, bad cksum 8e0f (->cd08)!)
+    1  [Error converting time] IP [total length 296 > length 65] (invalid) (tos 0x12,ECT(0), ttl 48, id 21323, offset 0, flags [+, DF, rsvd], proto UDP (17), length 296, bad cksum 8e0f (->cd08)!)
     1.2.7.0.1812 > 128.253.0.96.8231: hncp (268)
        DHCPv4-Data (6)
                DNS-server (98) (invalid)

diff --git a/tests/hoobr_bfd_print.out b/tests/hoobr_bfd_print.out
index c602709ae5809eba11ae610aa45ce3f934bef03b..27c10b0ecac049254f3935b471fbd2a6c5c9f940 100644 (file)
--- a/tests/hoobr_bfd_print.out
+++ b/tests/hoobr_bfd_print.out
@@ -4,4 +4,4 @@
     2  05:27:12.808464432 30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 262144: 
        0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
        0x0010:  3030 3030 3030 3030 3030 3030            000000000000
-    3  05:27:12.808464432 IP truncated-ip - 14 bytes missing! 48.48.48.48.12336 > 48.48.48.48.3785: BFD, Echo, length: 12308
+    3  05:27:12.808464432 IP [total length 12336 > length 12322] (invalid) 48.48.48.48.12336 > 48.48.48.48.3785: BFD, Echo, length: 12308

diff --git a/tests/icmp-cksum-oobr-1.out b/tests/icmp-cksum-oobr-1.out
index 4e2b1c97af4ce784c5c57f3a01a5aa4fb859f70f..cf05d25da52b33a9b88fe0dfd28a8c900f276eef 100644 (file)
--- a/tests/icmp-cksum-oobr-1.out
+++ b/tests/icmp-cksum-oobr-1.out
@@ -1,4 +1,4 @@
-    1  21:08:39.847328 Out 00:16:3e:27:78:a2 ethertype IPv4 (0x0800), length 204: truncated-ip - 13723 bytes missing! (tos 0x72,ECT(0), ttl 64, id 9472, offset 0, flags [none], proto ICMP (1), length 13911, bad cksum 67ea (->8c0c)!)
+    1  21:08:39.847328 Out 00:16:3e:27:78:a2 ethertype IPv4 (0x0800), length 204: [total length 13911 > length 188] (invalid) (tos 0x72,ECT(0), ttl 64, id 9472, offset 0, flags [none], proto ICMP (1), length 13911, bad cksum 67ea (->8c0c)!)
     62.220.31.247 > 62.225.245.115: ICMP 62.220.31.247 udp port 1027 unreachable, length 13891
        (tos 0xa0, ttl 114, id 30054, offset 0, flags [none], proto UDP (17), length 13728, bad cksum 3f1f (->a1f)!)
     62.225.245.115.9109 > 62.220.31.247.1027: [bad udp cksum 0xdfe7 -> 0xdb95!] UDP, length 132

diff --git a/tests/icmp-cksum-oobr-2.out b/tests/icmp-cksum-oobr-2.out
index aad76ac8129574563a911edefa30ae17631cfbe3..c46243b9e20ec88096450ea97328f9f2696d293f 100644 (file)
--- a/tests/icmp-cksum-oobr-2.out
+++ b/tests/icmp-cksum-oobr-2.out
@@ -1,4 +1,4 @@
-    1  10:13:29.331681 IP (0x0021), length 244: truncated-ip - 32768 bytes missing! (tos 0x0, ttl 254, id 59168, offset 0, flags [DF], proto ICMP (1), length 33008, bad cksum 7ade (->fabd)!)
+    1  10:13:29.331681 IP (0x0021), length 244: [total length 33008 > length 240] (invalid) (tos 0x0, ttl 254, id 59168, offset 0, flags [DF], proto ICMP (1), length 33008, bad cksum 7ade (->fabd)!)
     10.4.0.34 > 12.4.4.4: ICMP time exceeded in-transit, length 32988
        (tos 0x0, ttl 1, id 42321, offset 0, flags [none], proto UDP (17), length 40)
     12.4.4.4.42315 > 12.1.1.1.33440: [bad udp cksum 0x1000 -> 0xbad0!] UDP, length 12

diff --git a/tests/icmp-cksum-oobr-3.out b/tests/icmp-cksum-oobr-3.out
index 309afdbd18de3de5b29347ef991f705b9949bcba..38ff4f74ae6a6dab4f40b8d93da85bef0251ad39 100644 (file)
--- a/tests/icmp-cksum-oobr-3.out
+++ b/tests/icmp-cksum-oobr-3.out
@@ -1,4 +1,4 @@
-    1  15:12:14.670533 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 337: truncated-ip - 4096 bytes missing! (tos 0x0, ttl 64, id 30662, offset 0, flags [DF], proto ICMP (1), length 4419, bad cksum cdf9 (->bdf9)!)
+    1  15:12:14.670533 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 337: [total length 4419 > length 323] (invalid) (tos 0x0, ttl 64, id 30662, offset 0, flags [DF], proto ICMP (1), length 4419, bad cksum cdf9 (->bdf9)!)
     97.242.24.11 > 97.242.24.11: ICMP 97.242.24.11 udp port 162 unreachable, length 4399
        (tos 0x0, ttl 128, id 30661, offset 0, flags [DF], proto UDP (17), length 295)
     97.242.24.11.60377 > 97.242.24.11.162: [udp sum ok]  { SNMPv1 C="trap" { Trap(251)  .1.3.6.1.4.1.3830.1.1.2.2.1 97.242.24.11 enterpriseSpecific s=52 61498489 .1.3.6.1.4.1.3830.1.1.2.1.1.1=3 .1.3.6.1.4.1.3830.1.1.2.1.1.2=2 .1.3.6.1.4.1.3830.1.1.2.1.1.3="%SMSA-E-POLLERR, Polling the SMSC was not successful." .1.3.6.1.4.1.3830.1.1.2.1.1.4="OPCOM" .1.3.6.1.4.1.3830.1.1.2.1.1.5="28-OCT-2010 20:42:14.67" .1.3.6.1.4.1.3830.1.1.2.1.1.6="SMRL51" } } 

diff --git a/tests/icmp-cksum-oobr-4.out b/tests/icmp-cksum-oobr-4.out
index 7c263c26caefd157847318d12848abe9ce7a5267..6133b969430c21fc526350f57ceda9d8aaebc0ca 100644 (file)
--- a/tests/icmp-cksum-oobr-4.out
+++ b/tests/icmp-cksum-oobr-4.out
@@ -1,4 +1,4 @@
-    1  08:51:32.546678 IP (0x0021), length 172: truncated-ip - 8192 bytes missing! (tos 0xc0, ttl 251, id 5047, offset 0, flags [none], proto ICMP (1), length 8360, bad cksum 7edb (->5edb)!)
+    1  08:51:32.546678 IP (0x0021), length 172: [total length 8360 > length 168] (invalid) (tos 0xc0, ttl 251, id 5047, offset 0, flags [none], proto ICMP (1), length 8360, bad cksum 7edb (->5edb)!)
     10.0.12.2 > 10.0.12.1: ICMP time exceeded in-transit, length 8340
        (tos 0x0, ttl 1, id 2574, offset 0, flags [none], proto UDP (17), length 28)
     10.0.12.1.49215 > 10.255.255.4.33435: [udp sum ok] UDP, length 0

diff --git a/tests/ip-snmp-leftshift-unsigned.out b/tests/ip-snmp-leftshift-unsigned.out
index eaf0779b28a8c3d469b56eb98611ab1dacfa9aa3..c6feb9a6215722e45a3d465c5585f14aa416fd4c 100644 (file)
--- a/tests/ip-snmp-leftshift-unsigned.out
+++ b/tests/ip-snmp-leftshift-unsigned.out
@@ -1 +1 @@
-    1  14:35:45.695106 IP truncated-ip - 34734 bytes missing! 10.0.0.0.162 > 154.1.214.234.65535:  [!init SEQ]-1
+    1  14:35:45.695106 IP [total length 34817 > length 83] (invalid) 10.0.0.0.162 > 154.1.214.234.65535:  [!init SEQ]-1

diff --git a/tests/ipv4_invalid_total_length.out b/tests/ipv4_invalid_total_length.out
new file mode 100644 (file)
index 0000000..c27fe30
--- /dev/null
+++ b/tests/ipv4_invalid_total_length.out
@@ -0,0 +1,2 @@
+    1  08:57:44.621711 IP [total length 85 > length 84] (invalid) (tos 0x0, ttl 64, id 61862, offset 0, flags [none], proto UDP (17), length 85)
+    140.211.9.206.39095 > 45.33.127.156.53: 37546+ [1au] A? www.tcpdump.org. (56)

diff --git a/tests/ipv4_invalid_total_length.pcap b/tests/ipv4_invalid_total_length.pcap
new file mode 100644 (file)
index 0000000..351f5a2
Binary files /dev/null and b/tests/ipv4_invalid_total_length.pcap differ

diff --git a/tests/kday4.out b/tests/kday4.out
index 5ad5b9baf768addde4cfe63cea41c879bf11c743..75e022f52119ccedabfbfa6d108fd21e93794d99 100644 (file)
--- a/tests/kday4.out
+++ b/tests/kday4.out
@@ -21,7 +21,7 @@
     9  17:19:33.703625 IP (tos 0x0, ttl 64, id 36752, offset 0, flags [DF], proto TCP (6), length 399, bad cksum a46b (->a474)!)
     204.0.55.10.323 > 204.9.54.80.55936: Flags [P.], cksum 0xc9b6 (incorrect -> 0xfa70), seq 0:347, ack 4294959105, win 1040, options [nop,nop,TS val 2364757411 ecr 3084508609], length 347
        RPKI-RTRv197 (unknown)
-   10  23:52:05.672232 IP truncated-ip - 768 bytes missing! (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!)
+   10  23:52:05.672232 IP [total length 820 > length 52] (invalid) (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!)
     204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 [|ssh]
    11  17:19:33.684826 IP (tos 0x6,ECT(0), ttl 62, id 62920, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4504 (->4524)!)
     204.9.51.132.50079 > 204.243.53.80.22: Flags [.], cksum 0x858b (incorrect -> 0x85a1), ack 1, win 4092, options [nop,nop,TS val 941371913 ecr 1340592084], length 0

diff --git a/tests/kday7.out b/tests/kday7.out
index 2c53200637395d8d994d8d00ef37fd7af764ad67..e6f1ce243d78a5e86cdaeb845adc72869c74ec84 100644 (file)
--- a/tests/kday7.out
+++ b/tests/kday7.out
@@ -21,7 +21,7 @@
     9  17:19:33.703625 IP (tos 0x0, ttl 64, id 36752, offset 0, flags [DF], proto TCP (6), length 399, bad cksum a46b (->a474)!)
     204.0.55.10.323 > 204.9.54.80.55936: Flags [P.], cksum 0xc9b6 (incorrect -> 0xfa86), seq 0:347, ack 4294959105, win 1040, options [nop,nop,TS val 2364757411 ecr 3084508609], length 347
        RPKI-RTRv197 (unknown)
-   10  23:52:05.672232 IP truncated-ip - 768 bytes missing! (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!)
+   10  23:52:05.672232 IP [total length 820 > length 52] (invalid) (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!)
     204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 [|ssh]
    11  17:19:33.684826 IP (tos 0x6,ECT(0), ttl 62, id 62920, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4504 (->4524)!)
     204.9.51.132.50079 > 204.243.53.80.22: Flags [.], cksum 0x858b (incorrect -> 0x85a1), ack 1, win 4092, options [nop,nop,TS val 941371913 ecr 1340592084], length 0

diff --git a/tests/kh-timed-001-oobr.out b/tests/kh-timed-001-oobr.out
index 8fd3180c4dc071602aa46f33e1a6dd7b2ce985b5..f14124cf5342e3336aafffc2f0b76045ea552ed3 100644 (file)
--- a/tests/kh-timed-001-oobr.out
+++ b/tests/kh-timed-001-oobr.out
@@ -14,4 +14,4 @@
        0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
        0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
        0x0020:  3030                                     00
-    5  05:27:12.808464432 IP truncated-ip - 14 bytes missing! 48.48.48.48.525 > 48.48.48.48.12336: (tsp_type 0x30) vers 48 seq 12336 name  [|timed]
+    5  05:27:12.808464432 IP [total length 12336 > length 12322] (invalid) 48.48.48.48.525 > 48.48.48.48.12336: (tsp_type 0x30) vers 48 seq 12336 name  [|timed]

diff --git a/tests/kh-timed-004-oobr.out b/tests/kh-timed-004-oobr.out
index 2ac6f85b4a82fa473c7c436bf8158dc9146960dd..fd0b16f7468f4900b3ab1c0da75a95e991462973 100644 (file)
--- a/tests/kh-timed-004-oobr.out
+++ b/tests/kh-timed-004-oobr.out
@@ -2,4 +2,4 @@
        0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
        0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
        0x0020:  3030                                     00
-    2  05:27:12.808464432 IP truncated-ip - 14 bytes missing! 48.48.48.48.525 > 48.48.48.48.12336: (tsp_type 0x30) vers 48 seq 12336 name  [|timed]
+    2  05:27:12.808464432 IP [total length 12336 > length 12322] (invalid) 48.48.48.48.525 > 48.48.48.48.12336: (tsp_type 0x30) vers 48 seq 12336 name  [|timed]

diff --git a/tests/olsr-oobr-1.out b/tests/olsr-oobr-1.out
index 37e2ed66ceff4382d615f29ea6a581d60e95a011..15e5a7aabb25c13ac402301f4a75e8802dbad352 100644 (file)
--- a/tests/olsr-oobr-1.out
+++ b/tests/olsr-oobr-1.out
@@ -1,16 +1,16 @@
-    1  13:38:25.134349078 IP truncated-ip - 2315 bytes missing! (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->9764)!)
+    1  13:38:25.134349078 IP [total length 5373 > length 3058] (invalid) (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->9764)!)
     15.251.128.192.698 > 193.192.186.0.122: OLSRv4, seq 0x0800, length 2056
        Nameservice Message (0x82), originator 126.198.193.192, ttl 26, hop 145
          vtime 0.062s, msg-seq 0x0008, length 127 [|olsr]
-    2  [Error converting time] IP truncated-ip - 2315 bytes missing! (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->975f)!)
+    2  [Error converting time] IP [total length 5373 > length 3058] (invalid) (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->975f)!)
     16.0.128.192.698 > 193.192.186.0.122: OLSRv4, seq 0x0400, length 512
        Powerinfo Message (0x80), originator 0.1.0.0, ttl 255, hop 255
          vtime 0.500s, msg-seq 0x0000, length 9216 (invalid)
-    3  13:38:25.134349078 IP truncated-ip - 2315 bytes missing! (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->9764)!)
+    3  13:38:25.134349078 IP [total length 5373 > length 3058] (invalid) (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->9764)!)
     15.251.128.192.698 > 193.192.186.0.122: OLSRv4, seq 0x0800, length 2056
        Nameservice Message (0x82), originator 126.198.193.192, ttl 26, hop 145
          vtime 0.062s, msg-seq 0x0008, length 100 [|olsr]
-    4  [Error converting time] IP truncated-ip - 2315 bytes missing! (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->975f)!)
+    4  [Error converting time] IP [total length 5373 > length 3058] (invalid) (tos 0x0, ttl 18, id 4111, offset 0, flags [+, DF, rsvd], proto UDP (17), length 5373, bad cksum 8e7f (->975f)!)
     16.0.128.192.698 > 193.192.186.0.122: OLSRv4, seq 0x0800, length 2056
        Nameservice Message (0x82), originator 126.198.193.192, ttl 26, hop 145
          vtime 0.062s, msg-seq 0x5c50, length 185 [|olsr]

diff --git a/tests/rpki-rtr-oobr.out b/tests/rpki-rtr-oobr.out
index a9dc9b8cee5269ba24b90836364858cf1212713d..e42139c50c963f0d338ac895d17333da2682c43f 100644 (file)
--- a/tests/rpki-rtr-oobr.out
+++ b/tests/rpki-rtr-oobr.out
@@ -1,3 +1,3 @@
-    1  03:20:48.134349590 IP truncated-ip - 12 bytes missing! (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!)
+    1  03:20:48.134349590 IP [total length 62 > length 50] (invalid) (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!)
     19.128.128.20.323 > 76.19.6.127.49600: Flags [none], seq 2684354563:2684354585, win 28672, length 22
        RPKI-RTRv171 (unknown)

diff --git a/tests/rx_ubik-oobr.out b/tests/rx_ubik-oobr.out
index 330355279f9f5bddd277495f3eb90a03fb10eb5d..2335e905348d4abeaff2e77a77ff36a5c23b3bb9 100644 (file)
--- a/tests/rx_ubik-oobr.out
+++ b/tests/rx_ubik-oobr.out
@@ -1 +1 @@
-    1  20:27:12.000006 IP truncated-ip - 2580 bytes missing! 222.241.104.198.3503 > 131.63.241.146.7002:  rx data pt ubik call disk-lock tid 50266112.32382 file 2122216448 pos 545160708 length 1087685554 [|rx]
+    1  20:27:12.000006 IP [total length 2660 > length 80] (invalid) 222.241.104.198.3503 > 131.63.241.146.7002:  rx data pt ubik call disk-lock tid 50266112.32382 file 2122216448 pos 545160708 length 1087685554 [|rx]