summaryrefslogtreecommitdiff
path: root/print-cfm.c
diff options
context:
space:
mode:
authortaesub kim <taesub.kim@samsung.com>2018-05-25 18:41:28 +0900
committertaesub kim <taesub.kim@samsung.com>2018-05-25 18:41:46 +0900
commit68b0938829a42f1f5dbb099d79df2cae08bf9d73 (patch)
treeb533139096485b4fca980ba934021dd08cc31434 /print-cfm.c
parentbbace1d4c8912a4a02cc0322e2cbed1901c62d96 (diff)
downloadtcpdump-68b0938829a42f1f5dbb099d79df2cae08bf9d73.tar.gz
tcpdump-68b0938829a42f1f5dbb099d79df2cae08bf9d73.tar.bz2
tcpdump-68b0938829a42f1f5dbb099d79df2cae08bf9d73.zip
Imported Upstream version 4.9.2upstream/4.9.2
Change-Id: I490892f19c71ba126fa4e1d3d78e730429a3b454
Diffstat (limited to 'print-cfm.c')
-rw-r--r--print-cfm.c531
1 files changed, 325 insertions, 206 deletions
diff --git a/print-cfm.c b/print-cfm.c
index fb0476f..bad4add 100644
--- a/print-cfm.c
+++ b/print-cfm.c
@@ -12,44 +12,31 @@
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*
- * Support for the IEEE Connectivity Fault Management Protocols as per 802.1ag.
- *
- * Original code by Hannes Gredler (hannes@juniper.net)
+ * Original code by Hannes Gredler (hannes@gredler.at)
*/
-#ifndef lint
-static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-cfm.c,v 1.5 2007-07-24 16:01:42 hannes Exp $";
-#endif
+/* \summary: IEEE 802.1ag Connectivity Fault Management (CFM) protocols printer */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "interface.h"
+#include "netdissect.h"
#include "extract.h"
#include "ether.h"
#include "addrtoname.h"
#include "oui.h"
#include "af.h"
-/*
- * Prototypes
- */
-const char * cfm_egress_id_string(register const u_char *);
-int cfm_mgmt_addr_print(register const u_char *);
-
struct cfm_common_header_t {
- u_int8_t mdlevel_version;
- u_int8_t opcode;
- u_int8_t flags;
- u_int8_t first_tlv_offset;
+ uint8_t mdlevel_version;
+ uint8_t opcode;
+ uint8_t flags;
+ uint8_t first_tlv_offset;
};
#define CFM_VERSION 0
@@ -75,20 +62,17 @@ static const struct tok cfm_opcode_values[] = {
* Message Formats.
*/
struct cfm_ccm_t {
- u_int8_t sequence[4];
- u_int8_t ma_epi[2];
- u_int8_t md_nameformat;
- u_int8_t md_namelength;
- u_int8_t md_name[46]; /* md name and short ma name */
- u_int8_t reserved_itu[16];
- u_int8_t reserved[6];
+ uint8_t sequence[4];
+ uint8_t ma_epi[2];
+ uint8_t names[48];
+ uint8_t itu_t_y_1731[16];
};
/*
* Timer Bases for the CCM Interval field.
* Expressed in units of seconds.
*/
-const float ccm_interval_base[8] = {0, 0.003333, 0.01, 0.1, 1, 10, 60, 600};
+static const float ccm_interval_base[8] = {0, 0.003333, 0.01, 0.1, 1, 10, 60, 600};
#define CCM_INTERVAL_MIN_MULTIPLIER 3.25
#define CCM_INTERVAL_MAX_MULTIPLIER 3.5
@@ -126,17 +110,14 @@ static const struct tok cfm_ma_nameformat_values[] = {
};
struct cfm_lbm_t {
- u_int8_t transaction_id[4];
- u_int8_t reserved[4];
+ uint8_t transaction_id[4];
};
struct cfm_ltm_t {
- u_int8_t transaction_id[4];
- u_int8_t egress_id[8];
- u_int8_t ttl;
- u_int8_t original_mac[ETHER_ADDR_LEN];
- u_int8_t target_mac[ETHER_ADDR_LEN];
- u_int8_t reserved[3];
+ uint8_t transaction_id[4];
+ uint8_t ttl;
+ uint8_t original_mac[ETHER_ADDR_LEN];
+ uint8_t target_mac[ETHER_ADDR_LEN];
};
static const struct tok cfm_ltm_flag_values[] = {
@@ -145,17 +126,15 @@ static const struct tok cfm_ltm_flag_values[] = {
};
struct cfm_ltr_t {
- u_int8_t transaction_id[4];
- u_int8_t last_egress_id[8];
- u_int8_t next_egress_id[8];
- u_int8_t ttl;
- u_int8_t replay_action;
- u_int8_t reserved[6];
+ uint8_t transaction_id[4];
+ uint8_t ttl;
+ uint8_t replay_action;
};
static const struct tok cfm_ltr_flag_values[] = {
- { 0x80, "Forwarded"},
- { 0x40, "Terminal MEP"},
+ { 0x80, "UseFDB Only"},
+ { 0x40, "FwdYes"},
+ { 0x20, "Terminal MEP"},
{ 0, NULL}
};
@@ -193,8 +172,8 @@ static const struct tok cfm_tlv_values[] = {
*/
struct cfm_tlv_header_t {
- u_int8_t type;
- u_int8_t length[2];
+ uint8_t type;
+ uint8_t length[2];
};
/* FIXME define TLV formats */
@@ -236,10 +215,11 @@ static const struct tok cfm_tlv_senderid_chassisid_values[] = {
};
-int
-cfm_mgmt_addr_print(register const u_char *tptr) {
-
- u_int mgmt_addr_type;
+static int
+cfm_network_addr_print(netdissect_options *ndo,
+ register const u_char *tptr, const u_int length)
+{
+ u_int network_addr_type;
u_int hexdump = FALSE;
/*
@@ -247,24 +227,37 @@ cfm_mgmt_addr_print(register const u_char *tptr) {
* 802.1ab specifies that this field width
* is only once octet
*/
- mgmt_addr_type = *tptr;
- printf("\n\t Management Address Type %s (%u)",
- tok2str(af_values, "Unknown", mgmt_addr_type),
- mgmt_addr_type);
+ if (length < 1) {
+ ND_PRINT((ndo, "\n\t Network Address Type (invalid, no data"));
+ return hexdump;
+ }
+ /* The calling function must make any due ND_TCHECK calls. */
+ network_addr_type = *tptr;
+ ND_PRINT((ndo, "\n\t Network Address Type %s (%u)",
+ tok2str(af_values, "Unknown", network_addr_type),
+ network_addr_type));
/*
* Resolve the passed in Address.
*/
- switch(mgmt_addr_type) {
+ switch(network_addr_type) {
case AFNUM_INET:
- printf(", %s", ipaddr_string(tptr + 1));
+ if (length != 1 + 4) {
+ ND_PRINT((ndo, "(invalid IPv4 address length %u)", length - 1));
+ hexdump = TRUE;
+ break;
+ }
+ ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr + 1)));
break;
-#ifdef INET6
case AFNUM_INET6:
- printf(", %s", ip6addr_string(tptr + 1));
+ if (length != 1 + 16) {
+ ND_PRINT((ndo, "(invalid IPv6 address length %u)", length - 1));
+ hexdump = TRUE;
+ break;
+ }
+ ND_PRINT((ndo, ", %s", ip6addr_string(ndo, tptr + 1)));
break;
-#endif
default:
hexdump = TRUE;
@@ -274,27 +267,19 @@ cfm_mgmt_addr_print(register const u_char *tptr) {
return hexdump;
}
-/*
- * The egress-ID string is a 16-Bit string plus a MAC address.
- */
-const char *
-cfm_egress_id_string(register const u_char *tptr) {
- static char egress_id_buffer[80];
-
- snprintf(egress_id_buffer, sizeof(egress_id_buffer),
- "MAC %0x4x-%s",
- EXTRACT_16BITS(tptr),
- etheraddr_string(tptr+2));
-
- return egress_id_buffer;
-}
-
void
-cfm_print(register const u_char *pptr, register u_int length) {
-
+cfm_print(netdissect_options *ndo,
+ register const u_char *pptr, register u_int length)
+{
const struct cfm_common_header_t *cfm_common_header;
const struct cfm_tlv_header_t *cfm_tlv_header;
- const u_int8_t *tptr, *tlv_ptr, *ma_name, *ma_nameformat, *ma_namelength;
+ const uint8_t *tptr, *tlv_ptr;
+ const uint8_t *namesp;
+ u_int names_data_remaining;
+ uint8_t md_nameformat, md_namelength;
+ const uint8_t *md_name;
+ uint8_t ma_nameformat, ma_namelength;
+ const uint8_t *ma_name;
u_int hexdump, tlen, cfm_tlv_len, cfm_tlv_type, ccm_interval;
@@ -307,109 +292,164 @@ cfm_print(register const u_char *pptr, register u_int length) {
tptr=pptr;
cfm_common_header = (const struct cfm_common_header_t *)pptr;
- TCHECK(*cfm_common_header);
+ if (length < sizeof(*cfm_common_header))
+ goto tooshort;
+ ND_TCHECK(*cfm_common_header);
/*
* Sanity checking of the header.
*/
if (CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version) != CFM_VERSION) {
- printf("CFMv%u not supported, length %u",
- CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version), length);
+ ND_PRINT((ndo, "CFMv%u not supported, length %u",
+ CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version), length));
return;
}
- printf("CFMv%u %s, MD Level %u, length %u",
+ ND_PRINT((ndo, "CFMv%u %s, MD Level %u, length %u",
CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version),
tok2str(cfm_opcode_values, "unknown (%u)", cfm_common_header->opcode),
CFM_EXTRACT_MD_LEVEL(cfm_common_header->mdlevel_version),
- length);
+ length));
/*
* In non-verbose mode just print the opcode and md-level.
*/
- if (vflag < 1) {
+ if (ndo->ndo_vflag < 1) {
return;
}
- printf("\n\tFirst TLV offset %u", cfm_common_header->first_tlv_offset);
+ ND_PRINT((ndo, "\n\tFirst TLV offset %u", cfm_common_header->first_tlv_offset));
tptr += sizeof(const struct cfm_common_header_t);
tlen = length - sizeof(struct cfm_common_header_t);
+ /*
+ * Sanity check the first TLV offset.
+ */
+ if (cfm_common_header->first_tlv_offset > tlen) {
+ ND_PRINT((ndo, " (too large, must be <= %u)", tlen));
+ return;
+ }
+
switch (cfm_common_header->opcode) {
case CFM_OPCODE_CCM:
msg_ptr.cfm_ccm = (const struct cfm_ccm_t *)tptr;
+ if (cfm_common_header->first_tlv_offset < sizeof(*msg_ptr.cfm_ccm)) {
+ ND_PRINT((ndo, " (too small 1, must be >= %lu)",
+ (unsigned long) sizeof(*msg_ptr.cfm_ccm)));
+ return;
+ }
+ if (tlen < sizeof(*msg_ptr.cfm_ccm))
+ goto tooshort;
+ ND_TCHECK(*msg_ptr.cfm_ccm);
ccm_interval = CFM_EXTRACT_CCM_INTERVAL(cfm_common_header->flags);
- printf(", Flags [CCM Interval %u%s]",
+ ND_PRINT((ndo, ", Flags [CCM Interval %u%s]",
ccm_interval,
cfm_common_header->flags & CFM_CCM_RDI_FLAG ?
- ", RDI" : "");
+ ", RDI" : ""));
/*
* Resolve the CCM interval field.
*/
if (ccm_interval) {
- printf("\n\t CCM Interval %.3fs"
+ ND_PRINT((ndo, "\n\t CCM Interval %.3fs"
", min CCM Lifetime %.3fs, max CCM Lifetime %.3fs",
ccm_interval_base[ccm_interval],
ccm_interval_base[ccm_interval] * CCM_INTERVAL_MIN_MULTIPLIER,
- ccm_interval_base[ccm_interval] * CCM_INTERVAL_MAX_MULTIPLIER);
+ ccm_interval_base[ccm_interval] * CCM_INTERVAL_MAX_MULTIPLIER));
}
- printf("\n\t Sequence Number 0x%08x, MA-End-Point-ID 0x%04x",
+ ND_PRINT((ndo, "\n\t Sequence Number 0x%08x, MA-End-Point-ID 0x%04x",
EXTRACT_32BITS(msg_ptr.cfm_ccm->sequence),
- EXTRACT_16BITS(msg_ptr.cfm_ccm->ma_epi));
+ EXTRACT_16BITS(msg_ptr.cfm_ccm->ma_epi)));
+ namesp = msg_ptr.cfm_ccm->names;
+ names_data_remaining = sizeof(msg_ptr.cfm_ccm->names);
/*
* Resolve the MD fields.
*/
- printf("\n\t MD Name Format %s (%u), MD Name length %u",
- tok2str(cfm_md_nameformat_values, "Unknown",
- msg_ptr.cfm_ccm->md_nameformat),
- msg_ptr.cfm_ccm->md_nameformat,
- msg_ptr.cfm_ccm->md_namelength);
-
- if (msg_ptr.cfm_ccm->md_nameformat != CFM_CCM_MD_FORMAT_NONE) {
- printf("\n\t MD Name: ");
- switch (msg_ptr.cfm_ccm->md_nameformat) {
+ md_nameformat = *namesp;
+ namesp++;
+ names_data_remaining--; /* We know this is != 0 */
+ if (md_nameformat != CFM_CCM_MD_FORMAT_NONE) {
+ md_namelength = *namesp;
+ namesp++;
+ names_data_remaining--; /* We know this is !=0 */
+ ND_PRINT((ndo, "\n\t MD Name Format %s (%u), MD Name length %u",
+ tok2str(cfm_md_nameformat_values, "Unknown",
+ md_nameformat),
+ md_nameformat,
+ md_namelength));
+
+ /*
+ * -3 for the MA short name format and length and one byte
+ * of MA short name.
+ */
+ if (md_namelength > names_data_remaining - 3) {
+ ND_PRINT((ndo, " (too large, must be <= %u)", names_data_remaining - 2));
+ return;
+ }
+
+ md_name = namesp;
+ ND_PRINT((ndo, "\n\t MD Name: "));
+ switch (md_nameformat) {
case CFM_CCM_MD_FORMAT_DNS:
case CFM_CCM_MD_FORMAT_CHAR:
- safeputs((const char *)msg_ptr.cfm_ccm->md_name, msg_ptr.cfm_ccm->md_namelength);
+ safeputs(ndo, md_name, md_namelength);
break;
case CFM_CCM_MD_FORMAT_MAC:
- printf("\n\t MAC %s", etheraddr_string(
- msg_ptr.cfm_ccm->md_name));
+ if (md_namelength == 6) {
+ ND_PRINT((ndo, "\n\t MAC %s", etheraddr_string(ndo,
+ md_name)));
+ } else {
+ ND_PRINT((ndo, "\n\t MAC (length invalid)"));
+ }
break;
/* FIXME add printers for those MD formats - hexdump for now */
case CFM_CCM_MA_FORMAT_8021:
default:
- print_unknown_data(msg_ptr.cfm_ccm->md_name, "\n\t ",
- msg_ptr.cfm_ccm->md_namelength);
+ print_unknown_data(ndo, md_name, "\n\t ",
+ md_namelength);
}
+ namesp += md_namelength;
+ names_data_remaining -= md_namelength;
+ } else {
+ ND_PRINT((ndo, "\n\t MD Name Format %s (%u)",
+ tok2str(cfm_md_nameformat_values, "Unknown",
+ md_nameformat),
+ md_nameformat));
}
/*
* Resolve the MA fields.
*/
- ma_nameformat = msg_ptr.cfm_ccm->md_name + msg_ptr.cfm_ccm->md_namelength;
- ma_namelength = msg_ptr.cfm_ccm->md_name + msg_ptr.cfm_ccm->md_namelength + 1;
- ma_name = msg_ptr.cfm_ccm->md_name + msg_ptr.cfm_ccm->md_namelength + 2;
-
- printf("\n\t MA Name-Format %s (%u), MA name length %u",
+ ma_nameformat = *namesp;
+ namesp++;
+ names_data_remaining--; /* We know this is != 0 */
+ ma_namelength = *namesp;
+ namesp++;
+ names_data_remaining--; /* We know this is != 0 */
+ ND_PRINT((ndo, "\n\t MA Name-Format %s (%u), MA name length %u",
tok2str(cfm_ma_nameformat_values, "Unknown",
- *ma_nameformat),
- *ma_nameformat,
- *ma_namelength);
+ ma_nameformat),
+ ma_nameformat,
+ ma_namelength));
+
+ if (ma_namelength > names_data_remaining) {
+ ND_PRINT((ndo, " (too large, must be <= %u)", names_data_remaining));
+ return;
+ }
- printf("\n\t MA Name: ");
- switch (*ma_nameformat) {
+ ma_name = namesp;
+ ND_PRINT((ndo, "\n\t MA Name: "));
+ switch (ma_nameformat) {
case CFM_CCM_MA_FORMAT_CHAR:
- safeputs((const char *)ma_name, *ma_namelength);
+ safeputs(ndo, ma_name, ma_namelength);
break;
/* FIXME add printers for those MA formats - hexdump for now */
@@ -418,45 +458,56 @@ cfm_print(register const u_char *pptr, register u_int length) {
case CFM_CCM_MA_FORMAT_INT:
case CFM_CCM_MA_FORMAT_VPN:
default:
- print_unknown_data(ma_name, "\n\t ", *ma_namelength);
+ print_unknown_data(ndo, ma_name, "\n\t ", ma_namelength);
}
break;
case CFM_OPCODE_LTM:
msg_ptr.cfm_ltm = (const struct cfm_ltm_t *)tptr;
+ if (cfm_common_header->first_tlv_offset < sizeof(*msg_ptr.cfm_ltm)) {
+ ND_PRINT((ndo, " (too small 4, must be >= %lu)",
+ (unsigned long) sizeof(*msg_ptr.cfm_ltm)));
+ return;
+ }
+ if (tlen < sizeof(*msg_ptr.cfm_ltm))
+ goto tooshort;
+ ND_TCHECK(*msg_ptr.cfm_ltm);
- printf(", Flags [%s]",
- bittok2str(cfm_ltm_flag_values, "none", cfm_common_header->flags));
+ ND_PRINT((ndo, ", Flags [%s]",
+ bittok2str(cfm_ltm_flag_values, "none", cfm_common_header->flags)));
- printf("\n\t Transaction-ID 0x%08x, Egress-ID %s, ttl %u",
+ ND_PRINT((ndo, "\n\t Transaction-ID 0x%08x, ttl %u",
EXTRACT_32BITS(msg_ptr.cfm_ltm->transaction_id),
- cfm_egress_id_string(msg_ptr.cfm_ltm->egress_id),
- msg_ptr.cfm_ltm->ttl);
+ msg_ptr.cfm_ltm->ttl));
- printf("\n\t Original-MAC %s, Target-MAC %s",
- etheraddr_string(msg_ptr.cfm_ltm->original_mac),
- etheraddr_string(msg_ptr.cfm_ltm->target_mac));
+ ND_PRINT((ndo, "\n\t Original-MAC %s, Target-MAC %s",
+ etheraddr_string(ndo, msg_ptr.cfm_ltm->original_mac),
+ etheraddr_string(ndo, msg_ptr.cfm_ltm->target_mac)));
break;
case CFM_OPCODE_LTR:
msg_ptr.cfm_ltr = (const struct cfm_ltr_t *)tptr;
+ if (cfm_common_header->first_tlv_offset < sizeof(*msg_ptr.cfm_ltr)) {
+ ND_PRINT((ndo, " (too small 5, must be >= %lu)",
+ (unsigned long) sizeof(*msg_ptr.cfm_ltr)));
+ return;
+ }
+ if (tlen < sizeof(*msg_ptr.cfm_ltr))
+ goto tooshort;
+ ND_TCHECK(*msg_ptr.cfm_ltr);
- printf(", Flags [%s]",
- bittok2str(cfm_ltr_flag_values, "none", cfm_common_header->flags));
+ ND_PRINT((ndo, ", Flags [%s]",
+ bittok2str(cfm_ltr_flag_values, "none", cfm_common_header->flags)));
- printf("\n\t Transaction-ID 0x%08x, Last-Egress-ID %s",
+ ND_PRINT((ndo, "\n\t Transaction-ID 0x%08x, ttl %u",
EXTRACT_32BITS(msg_ptr.cfm_ltr->transaction_id),
- cfm_egress_id_string(msg_ptr.cfm_ltr->last_egress_id));
-
- printf("\n\t Next-Egress-ID %s, ttl %u",
- cfm_egress_id_string(msg_ptr.cfm_ltr->next_egress_id),
- msg_ptr.cfm_ltr->ttl);
+ msg_ptr.cfm_ltr->ttl));
- printf("\n\t Replay-Action %s (%u)",
+ ND_PRINT((ndo, "\n\t Replay-Action %s (%u)",
tok2str(cfm_ltr_replay_action_values,
"Unknown",
msg_ptr.cfm_ltr->replay_action),
- msg_ptr.cfm_ltr->replay_action);
+ msg_ptr.cfm_ltr->replay_action));
break;
/*
@@ -466,83 +517,78 @@ cfm_print(register const u_char *pptr, register u_int length) {
case CFM_OPCODE_LBR:
case CFM_OPCODE_LBM:
default:
- if (tlen > cfm_common_header->first_tlv_offset) {
- print_unknown_data(tptr, "\n\t ",
- tlen - cfm_common_header->first_tlv_offset);
- }
+ print_unknown_data(ndo, tptr, "\n\t ",
+ tlen - cfm_common_header->first_tlv_offset);
break;
}
- /*
- * Sanity check for not walking off.
- */
- if (tlen <= cfm_common_header->first_tlv_offset) {
- return;
- }
-
tptr += cfm_common_header->first_tlv_offset;
tlen -= cfm_common_header->first_tlv_offset;
-
+
while (tlen > 0) {
cfm_tlv_header = (const struct cfm_tlv_header_t *)tptr;
/* Enough to read the tlv type ? */
- TCHECK2(*tptr, 1);
+ ND_TCHECK2(*tptr, 1);
cfm_tlv_type=cfm_tlv_header->type;
- if (cfm_tlv_type != CFM_TLV_END) {
- /* did we capture enough for fully decoding the object header ? */
- TCHECK2(*tptr, sizeof(struct cfm_tlv_header_t));
- cfm_tlv_len=EXTRACT_16BITS(&cfm_tlv_header->length);
- } else {
- cfm_tlv_len = 0;
- }
-
- printf("\n\t%s TLV (0x%02x), length %u",
+ ND_PRINT((ndo, "\n\t%s TLV (0x%02x)",
tok2str(cfm_tlv_values, "Unknown", cfm_tlv_type),
- cfm_tlv_type,
- cfm_tlv_len);
-
- /* sanity check for not walking off and infinite loop check. */
- if ((cfm_tlv_type != CFM_TLV_END) &&
- ((cfm_tlv_len + sizeof(struct cfm_tlv_header_t) > tlen) ||
- (!cfm_tlv_len))) {
- print_unknown_data(tptr,"\n\t ",tlen);
+ cfm_tlv_type));
+
+ if (cfm_tlv_type == CFM_TLV_END) {
+ /* Length is "Not present if the Type field is 0." */
return;
}
+ /* do we have the full tlv header ? */
+ if (tlen < sizeof(struct cfm_tlv_header_t))
+ goto tooshort;
+ ND_TCHECK2(*tptr, sizeof(struct cfm_tlv_header_t));
+ cfm_tlv_len=EXTRACT_16BITS(&cfm_tlv_header->length);
+
+ ND_PRINT((ndo, ", length %u", cfm_tlv_len));
+
tptr += sizeof(struct cfm_tlv_header_t);
tlen -= sizeof(struct cfm_tlv_header_t);
tlv_ptr = tptr;
- /* did we capture enough for fully decoding the object ? */
- if (cfm_tlv_type != CFM_TLV_END) {
- TCHECK2(*tptr, cfm_tlv_len);
- }
+ /* do we have the full tlv ? */
+ if (tlen < cfm_tlv_len)
+ goto tooshort;
+ ND_TCHECK2(*tptr, cfm_tlv_len);
hexdump = FALSE;
switch(cfm_tlv_type) {
- case CFM_TLV_END:
- /* we are done - bail out */
- return;
-
case CFM_TLV_PORT_STATUS:
- printf(", Status: %s (%u)",
+ if (cfm_tlv_len < 1) {
+ ND_PRINT((ndo, " (too short, must be >= 1)"));
+ return;
+ }
+ ND_PRINT((ndo, ", Status: %s (%u)",
tok2str(cfm_tlv_port_status_values, "Unknown", *tptr),
- *tptr);
+ *tptr));
break;
case CFM_TLV_INTERFACE_STATUS:
- printf(", Status: %s (%u)",
+ if (cfm_tlv_len < 1) {
+ ND_PRINT((ndo, " (too short, must be >= 1)"));
+ return;
+ }
+ ND_PRINT((ndo, ", Status: %s (%u)",
tok2str(cfm_tlv_interface_status_values, "Unknown", *tptr),
- *tptr);
+ *tptr));
break;
case CFM_TLV_PRIVATE:
- printf(", Vendor: %s (%u), Sub-Type %u",
+ if (cfm_tlv_len < 4) {
+ ND_PRINT((ndo, " (too short, must be >= 4)"));
+ return;
+ }
+ ND_PRINT((ndo, ", Vendor: %s (%u), Sub-Type %u",
tok2str(oui_values,"Unknown", EXTRACT_24BITS(tptr)),
EXTRACT_24BITS(tptr),
- *(tptr+3));
+ *(tptr + 3)));
hexdump = TRUE;
break;
@@ -551,34 +597,57 @@ cfm_print(register const u_char *pptr, register u_int length) {
u_int chassis_id_type, chassis_id_length;
u_int mgmt_addr_length;
+ if (cfm_tlv_len < 1) {
+ ND_PRINT((ndo, " (too short, must be >= 1)"));
+ goto next_tlv;
+ }
+
/*
- * Check if there is a Chassis-ID.
+ * Get the Chassis ID length and check it.
+ * IEEE 802.1Q-2014 Section 21.5.3.1
*/
chassis_id_length = *tptr;
- if (chassis_id_length > tlen) {
- hexdump = TRUE;
- break;
- }
-
tptr++;
tlen--;
+ cfm_tlv_len--;
if (chassis_id_length) {
+ /*
+ * IEEE 802.1Q-2014 Section 21.5.3.2: Chassis ID Subtype, references
+ * IEEE 802.1AB-2005 Section 9.5.2.2, subsequently
+ * IEEE 802.1AB-2016 Section 8.5.2.2: chassis ID subtype
+ */
+ if (cfm_tlv_len < 1) {
+ ND_PRINT((ndo, "\n\t (TLV too short)"));
+ goto next_tlv;
+ }
chassis_id_type = *tptr;
- printf("\n\t Chassis-ID Type %s (%u), Chassis-ID length %u",
+ cfm_tlv_len--;
+ ND_PRINT((ndo, "\n\t Chassis-ID Type %s (%u), Chassis-ID length %u",
tok2str(cfm_tlv_senderid_chassisid_values,
"Unknown",
chassis_id_type),
chassis_id_type,
- chassis_id_length);
+ chassis_id_length));
+
+ if (cfm_tlv_len < chassis_id_length) {
+ ND_PRINT((ndo, "\n\t (TLV too short)"));
+ goto next_tlv;
+ }
+ /* IEEE 802.1Q-2014 Section 21.5.3.3: Chassis ID */
switch (chassis_id_type) {
case CFM_CHASSIS_ID_MAC_ADDRESS:
- printf("\n\t MAC %s", etheraddr_string(tptr+1));
+ if (chassis_id_length != ETHER_ADDR_LEN) {
+ ND_PRINT((ndo, " (invalid MAC address length)"));
+ hexdump = TRUE;
+ break;
+ }
+ ND_PRINT((ndo, "\n\t MAC %s", etheraddr_string(ndo, tptr + 1)));
break;
case CFM_CHASSIS_ID_NETWORK_ADDRESS:
- hexdump |= cfm_mgmt_addr_print(tptr);
+ hexdump |= cfm_network_addr_print(ndo, tptr + 1, chassis_id_length);
break;
case CFM_CHASSIS_ID_INTERFACE_NAME: /* fall through */
@@ -586,39 +655,83 @@ cfm_print(register const u_char *pptr, register u_int length) {
case CFM_CHASSIS_ID_LOCAL:
case CFM_CHASSIS_ID_CHASSIS_COMPONENT:
case CFM_CHASSIS_ID_PORT_COMPONENT:
- safeputs((const char *)tptr+1, chassis_id_length);
+ safeputs(ndo, tptr + 1, chassis_id_length);
break;
default:
hexdump = TRUE;
break;
}
- }
+ cfm_tlv_len -= chassis_id_length;
- tptr += chassis_id_length;
- tlen -= chassis_id_length;
+ tptr += 1 + chassis_id_length;
+ tlen -= 1 + chassis_id_length;
+ }
/*
* Check if there is a Management Address.
+ * IEEE 802.1Q-2014 Section 21.5.3.4: Management Address Domain Length
+ * This and all subsequent fields are not present if the TLV length
+ * allows only the above fields.
*/
- mgmt_addr_length = *tptr;
- if (mgmt_addr_length > tlen) {
- hexdump = TRUE;
+ if (cfm_tlv_len == 0) {
+ /* No, there isn't; we're done. */
break;
}
+ /* Here mgmt_addr_length stands for the management domain length. */
+ mgmt_addr_length = *tptr;
tptr++;
tlen--;
-
+ cfm_tlv_len--;
+ ND_PRINT((ndo, "\n\t Management Address Domain Length %u", mgmt_addr_length));
if (mgmt_addr_length) {
- hexdump |= cfm_mgmt_addr_print(tptr);
- }
-
- tptr += mgmt_addr_length;
- tlen -= mgmt_addr_length;
+ /* IEEE 802.1Q-2014 Section 21.5.3.5: Management Address Domain */
+ if (cfm_tlv_len < mgmt_addr_length) {
+ ND_PRINT((ndo, "\n\t (TLV too short)"));
+ goto next_tlv;
+ }
+ cfm_tlv_len -= mgmt_addr_length;
+ /*
+ * XXX - this is an OID; print it as such.
+ */
+ hex_print(ndo, "\n\t Management Address Domain: ", tptr, mgmt_addr_length);
+ tptr += mgmt_addr_length;
+ tlen -= mgmt_addr_length;
+
+ /*
+ * IEEE 802.1Q-2014 Section 21.5.3.6: Management Address Length
+ * This field is present if Management Address Domain Length is not 0.
+ */
+ if (cfm_tlv_len < 1) {
+ ND_PRINT((ndo, " (Management Address Length is missing)"));
+ hexdump = TRUE;
+ break;
+ }
+ /* Here mgmt_addr_length stands for the management address length. */
+ mgmt_addr_length = *tptr;
+ tptr++;
+ tlen--;
+ cfm_tlv_len--;
+ ND_PRINT((ndo, "\n\t Management Address Length %u", mgmt_addr_length));
+ if (mgmt_addr_length) {
+ /* IEEE 802.1Q-2014 Section 21.5.3.7: Management Address */
+ if (cfm_tlv_len < mgmt_addr_length) {
+ ND_PRINT((ndo, "\n\t (TLV too short)"));
+ return;
+ }
+ cfm_tlv_len -= mgmt_addr_length;
+ /*
+ * XXX - this is a TransportDomain; print it as such.
+ */
+ hex_print(ndo, "\n\t Management Address: ", tptr, mgmt_addr_length);
+ tptr += mgmt_addr_length;
+ tlen -= mgmt_addr_length;
+ }
+ }
+ break;
}
- break;
/*
* FIXME those are the defined TLVs that lack a decoder
@@ -633,13 +746,19 @@ cfm_print(register const u_char *pptr, register u_int length) {
break;
}
/* do we want to see an additional hexdump ? */
- if (hexdump || vflag > 1)
- print_unknown_data(tlv_ptr, "\n\t ", cfm_tlv_len);
+ if (hexdump || ndo->ndo_vflag > 1)
+ print_unknown_data(ndo, tlv_ptr, "\n\t ", cfm_tlv_len);
+next_tlv:
tptr+=cfm_tlv_len;
tlen-=cfm_tlv_len;
}
return;
+
+tooshort:
+ ND_PRINT((ndo, "\n\t\t packet is too short"));
+ return;
+
trunc:
- printf("\n\t\t packet exceeded snapshot");
+ ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 23:31:20 +0000