From: Francois-Xavier Le Bail Date: Thu, 21 Nov 2024 12:36:49 +0000 (+0100) Subject: LISP: Modernize packet parsing X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/85f1d1ea3b15d7c8b39c5ddd0abd718d90fe7d54 LISP: Modernize packet parsing Define ND_LONGJMP_FROM_TCHECK and remove a 'trunc' label. Make a bounds check conditional. Use ND_ICHECK_U() for a length test. Fix a bounds check, not invalid, but truncated. (The bounds check is done by hex_print_with_offset() via hex_print().) Use ND_TTEST_LEN() instead of testing ndo->ndo_snapend. Remove an useless variable ('packet_iterator' same as 'bp'). Remove/update some comments. Fix some indentations. Remove some extra blank lines. Update the outputs of two tests accordingly. --- diff --git a/print-lisp.c b/print-lisp.c index b995f2df..24255564 100644 --- a/print-lisp.c +++ b/print-lisp.c @@ -97,6 +97,8 @@ #include #include "netdissect-stdinc.h" + +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "ip.h" @@ -105,7 +107,6 @@ #include "extract.h" #include "addrtoname.h" - #define IPv4_AFI 1 #define IPv6_AFI 2 #define TYPE_INDEX 4 @@ -239,28 +240,26 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) uint16_t packet_offset; uint16_t auth_data_len; uint32_t ttl; - const u_char *packet_iterator; const lisp_map_register_hdr *lisp_hdr; const lisp_map_register_eid *lisp_eid; const lisp_map_register_loc *lisp_loc; ndo->ndo_protocol = "lisp"; - /* Check if enough bytes for header are available */ - ND_TCHECK_LEN(bp, MAP_REGISTER_HDR_LEN); lisp_hdr = (const lisp_map_register_hdr *) bp; lisp_hdr_flag(ndo, lisp_hdr); /* Supporting only MAP NOTIFY and MAP REGISTER LISP packets */ type_and_flag = GET_U_1(lisp_hdr->type_and_flag); type = extract_lisp_type(type_and_flag); - if ((type != LISP_MAP_REGISTER) && (type != LISP_MAP_NOTIFY)) + if ((type != LISP_MAP_REGISTER) && (type != LISP_MAP_NOTIFY)) { + ND_TCHECK_LEN(bp, MAP_REGISTER_HDR_LEN); return; + } /* Find if the packet contains xTR and Site-ID data */ xtr_present = is_xtr_data_present(type, type_and_flag); /* Extract the number of EID records present */ auth_data_len = GET_BE_U_2(lisp_hdr->auth_data_len); - packet_iterator = (const u_char *)(lisp_hdr); packet_offset = MAP_REGISTER_HDR_LEN; record_count = GET_U_1(lisp_hdr->record_count); @@ -268,25 +267,22 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) key_id = GET_BE_U_2(lisp_hdr->key_id); ND_PRINT("\n %u record(s), ", record_count); ND_PRINT("Authentication %s,", - tok2str(auth_type, "unknown-type", key_id)); - hex_print(ndo, "\n Authentication-Data: ", packet_iterator + - packet_offset, auth_data_len); + tok2str(auth_type, "unknown-type", key_id)); + hex_print(ndo, "\n Authentication-Data: ", + bp + packet_offset, auth_data_len); } else { ND_PRINT(" %u record(s),", record_count); } packet_offset += auth_data_len; - if (record_count == 0) - goto invalid; + ND_ICHECK_U(record_count, ==, 0); /* Print all the EID records */ while ((length > packet_offset) && (record_count != 0)) { record_count--; - ND_TCHECK_LEN(packet_iterator + packet_offset, - MAP_REGISTER_EID_LEN); + ND_TCHECK_LEN(bp + packet_offset, MAP_REGISTER_EID_LEN); ND_PRINT("\n"); - lisp_eid = (const lisp_map_register_eid *) - ((const u_char *)lisp_hdr + packet_offset); + lisp_eid = (const lisp_map_register_eid *) (bp + packet_offset); packet_offset += MAP_REGISTER_EID_LEN; mask_len = GET_U_1(lisp_eid->eid_prefix_mask_length); eid_afi = GET_BE_U_2(lisp_eid->eid_prefix_afi); @@ -303,14 +299,14 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) switch (eid_afi) { case IPv4_AFI: ND_PRINT(" EID %s/%u,", - GET_IPADDR_STRING(packet_iterator + packet_offset), - mask_len); + GET_IPADDR_STRING(bp + packet_offset), + mask_len); packet_offset += 4; break; case IPv6_AFI: ND_PRINT(" EID %s/%u,", - GET_IP6ADDR_STRING(packet_iterator + packet_offset), - mask_len); + GET_IP6ADDR_STRING(bp + packet_offset), + mask_len); packet_offset += 16; break; default: @@ -324,9 +320,8 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) while (loc_count != 0) { loc_count--; - ND_TCHECK_LEN(packet_iterator + packet_offset, - MAP_REGISTER_LOC_LEN); - lisp_loc = (const lisp_map_register_loc *) (packet_iterator + packet_offset); + ND_TCHECK_LEN(bp + packet_offset, MAP_REGISTER_LOC_LEN); + lisp_loc = (const lisp_map_register_loc *) (bp + packet_offset); packet_offset += MAP_REGISTER_LOC_LEN; loc_afi = GET_BE_U_2(lisp_loc->locator_afi); @@ -336,14 +331,12 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) switch (loc_afi) { case IPv4_AFI: ND_PRINT(" LOC %s", - GET_IPADDR_STRING(packet_iterator + - packet_offset)); + GET_IPADDR_STRING(bp + packet_offset)); packet_offset += 4; break; case IPv6_AFI: ND_PRINT(" LOC %s", - GET_IP6ADDR_STRING(packet_iterator + - packet_offset)); + GET_IP6ADDR_STRING(bp + packet_offset)); packet_offset += 16; break; default: @@ -363,27 +356,23 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) } /* - * Print xTR and Site ID. Handle the fact that the packet could be invalid. - * If the xTR_ID_Present bit is not set, and we still have data to display, - * show it as hex data. + * Print xTR and Site ID. + * If the xTR_ID_Present bit is not set, and we still have data to + * display, show it as hex data. */ if (xtr_present) { - if (!ND_TTEST_LEN(packet_iterator + packet_offset, 24)) - goto invalid; - hex_print(ndo, "\n xTR-ID: ", packet_iterator + packet_offset, 16); + hex_print(ndo, "\n xTR-ID: ", bp + packet_offset, 16); ND_PRINT("\n SITE-ID: %" PRIu64, - GET_BE_U_8(packet_iterator + packet_offset + 16)); + GET_BE_U_8(bp + packet_offset + 16)); } else { - /* Check if packet isn't over yet */ - if (packet_iterator + packet_offset < ndo->ndo_snapend) { - hex_print(ndo, "\n Data: ", packet_iterator + packet_offset, - ND_BYTES_AVAILABLE_AFTER(packet_iterator + packet_offset)); + /* If there's at least one byte to print */ + if (ND_TTEST_LEN(bp + packet_offset, 1)) { + hex_print(ndo, "\n Data: ", bp + packet_offset, + ND_BYTES_AVAILABLE_AFTER(bp + packet_offset)); } } return; -trunc: - nd_print_trunc(ndo); - return; + invalid: nd_print_invalid(ndo); } @@ -411,12 +400,9 @@ static void lisp_hdr_flag(netdissect_options *ndo, const lisp_map_register_hdr * { uint8_t type = extract_lisp_type(GET_U_1(lisp_hdr->type_and_flag)); - if (!ndo->ndo_vflag) { - ND_PRINT("%s,", tok2str(lisp_type, "unknown-type-%u", type)); + ND_PRINT("%s,", tok2str(lisp_type, "unknown-type-%u", type)); + if (!ndo->ndo_vflag) return; - } else { - ND_PRINT("%s,", tok2str(lisp_type, "unknown-type-%u", type)); - } if (type == LISP_MAP_REGISTER) { ND_PRINT(" flags [%s],", bittok2str(map_register_hdr_flag, @@ -447,4 +433,3 @@ static void loc_hdr_flag(netdissect_options *ndo, uint16_t flag) { ND_PRINT(" flags [%s],", bittok2str(lisp_loc_flag, "none", flag)); } - diff --git a/tests/lisp_eid_notify-v.out b/tests/lisp_eid_notify-v.out index 155fbb38..70eac74f 100644 --- a/tests/lisp_eid_notify-v.out +++ b/tests/lisp_eid_notify-v.out @@ -44,7 +44,7 @@ Priority/Weight 1/100, Multicast Priority/Weight 1/100, flags [none], Record TTL 1440, Authoritative, No-Action, Map Version: 0, EID 10.30.1.80/32, 1 locator(s) LOC 20.20.8.239 - Priority/Weight 1/100, Multicast Priority/Weight 1/100, flags [none], (invalid) + Priority/Weight 1/100, Multicast Priority/Weight 1/100, flags [none], [|lisp] 4 2015-08-22 11:09:07.451778 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 156) 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, flags [none], 2 record(s), Authentication SHA1, diff --git a/tests/lisp_eid_notify.out b/tests/lisp_eid_notify.out index 9e953d71..e89db25d 100644 --- a/tests/lisp_eid_notify.out +++ b/tests/lisp_eid_notify.out @@ -10,7 +10,7 @@ 3 2015-08-22 11:09:06.507423 IP 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, 3 record(s), EID 10.30.1.100/32, 1 locator(s) LOC 20.20.8.253 EID 10.30.1.96/32, 2 locator(s) LOC 20.20.8.251 LOC 20.20.8.252 - EID 10.30.1.80/32, 1 locator(s) LOC 20.20.8.239 (invalid) + EID 10.30.1.80/32, 1 locator(s) LOC 20.20.8.239 [|lisp] 4 2015-08-22 11:09:07.451778 IP 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, 2 record(s), EID 10.30.1.100/32, 1 locator(s) LOC 20.20.8.253 EID 10.30.1.96/32, 2 locator(s) LOC 20.20.8.251 LOC 20.20.8.252