Upgrade to tcpdump 4.9.0.
From CHANGES:
Wednesday January 18, 2017 devel.fx.lebail@orange.fr
Summary for 4.9.0 tcpdump release
General updates:
Improve separation frontend/backend (tcpdump/libnetdissect)
Don't require IPv6 library support in order to support IPv6 addresses
Introduce data types to use for integral values in packet structures
Fix display of timestamps with -tt, -ttt and -ttttt options
Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
(More information in the log with CVE-2016-* and CVE-2017-*)
Change the way protocols print link-layer addresses (Fix heap overflows
in CALM-FAST and GeoNetworking printers)
Pass correct caplen value to ether_print() and some other functions
Fix lookup_nsap() to match what isonsap_string() expects
Clean up relative time stamp printing (Fix an array overflow)
Fix some alignment issues with GCC on Solaris 10 SPARC
Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
Add a fn_printztn() which returns the number of bytes processed
Add nd_init() and nd_cleanup() functions. Improve libsmi support
Add CONTRIBUTING file
Add a summary comment in all printers
Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
Fix some leaks found by Valgrind/Memcheck
Fix a bunch of de-constifications
Squelch some Coverity warnings and some compiler warnings
Update Coverity and Travis-CI setup
Update Visual Studio files
Frontend:
Fix capsicum support to work with zerocopy buffers in bpf
Try opening interfaces by name first, then by name-as-index
Work around pcap_create() failures fetching time stamp type lists
Fix a segmentation fault with 'tcpdump -J'
Improve addrtostr6() bounds checking
Add exit_tcpdump() function
Don't drop CAP_SYS_CHROOT before chrooting
Fixes issue where statistics not reported when -G and -W options used
New printers supporting:
Generic Protocol Extension for VXLAN (VXLAN-GPE)
Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
Marvell Extended Distributed Switch Architecture header (MEDSA)
Network Service Header (NSH)
REdis Serialization Protocol (RESP)
Updated printers:
802.11: Beginnings of 11ac radiotap support
802.11: Check the Protected bit for management frames
802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
802.11: Fix the radiotap printer to handle the special bits correctly
802.11: If we have the MCS field, it's 11n
802.11: Only print unknown frame type or subtype messages once
802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
802.11: Source and destination addresses were backwards
AH: Add a bounds check
AH: Report to our caller that dissection failed if a bounds check fails
AP1394: Print src > dst, not dst > src
ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
ATALK: Add bounds and length checks (Fix heap overflows)
ATM: Add some bounds checks (Fix a heap overflow)
ATM: Fix an incorrect bounds check
BFD: Update specification from draft to RFC 5880
BFD: Update to print optional authentication field
BGP: Add decoding of ADD-PATH capability
BGP: Add support for the AIGP attribute (RFC7311)
BGP: Print LARGE_COMMUNITY Path Attribute
BGP: Update BGP numbers from IANA; Print minor values for FSM notification
BOOTP: Add a bounds check
Babel: Add decoder for source-specific extension
CDP: Filter out non-printable characters
CFM: Fixes to match the IEEE standard, additional bounds and length checks
CSLIP: Add more bounds checks (Fix a heap overflow)
ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
DHCP: Fix MUDURL and TZ options
DHCPv6: Process MUDURL and TZ options
DHCPv6: Update Status Codes with RFCs/IANA names
DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
DTP: Improve packet integrity checks
EGP: Fix bounds checks
ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
ESP: Handle OpenSSL 1.1.x
Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
Ethernet: Print the Length/Type field as length when needed
FDDI: Fix -e output for FDDI
FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
GRE: Add some bounds checks (Fix heap overflows)
Geneve: Fix error message with invalid option length; Update list option classes
HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
IGMP: Add a length check
IP: Add a bounds check (Fix a heap overflow)
IP: Check before fetching the protocol version (Fix a heap overflow)
IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
IPoFC: Fix -e output (IP-over-Fibre Channel)
IPv6: Don't overwrite the destination IPv6 address for routing headers
IPv6: Fix header printing
IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
ISAKMP: Clean up parsing of IKEv2 Security Associations
ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
ISOCLNS/IS-IS: Filter out non-printable characters
ISOCLNS/IS-IS: Fix segmentation faults
ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
ISOCLNS: Add some bounds checks
Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
LLC: Add a bounds check (Fix a heap overflow)
LLC: Clean up printing of LLC packets
LLC: Fix the printing of RFC 948-style IP packets
LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
LLDP: Implement IANA OUI and LLDP MUD option
MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
MPLS: "length" is now the *remaining* packet length
MPLS: Add bounds and length checks (Fix a heap overflow)
NFS: Add a test that makes unaligned accesses
NFS: Don't assume the ONC RPC header is nicely aligned
NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
NFS: Don't run past the end of an NFSv3 file handle
OLSR: Add a test to cover a HNA sgw case
OLSR: Fix 'Advertised networks' count
OLSR: Fix printing of smart-gateway HNAs in IPv4
OSPF: Add a bounds check for the Hello packet options
OSPF: Do more bounds checking
OSPF: Fix a segmentation fault
OSPF: Fix printing 'ospf_topology_values' default
OTV: Add missing bounds checks
PGM: Print the formatted IP address, not the raw binary address, as a string
PIM: Add some bounds checking (Fix a heap overflow)
PIMv2: Fix checksumming of Register messages
PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
PPP: Add some bounds checks (Fix a heap overflow)
PPP: Report invalid PAP AACK/ANAK packets
Q.933: Add a missing bounds check
RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
RADIUS: Filter out non-printable characters
RADIUS: Translate UDP/1700 as RADIUS
RESP: Do better checking of RESP packets
RPKI-RTR: Add a return value check for "fn_printn" call
RPKI-RTR: Remove printing when truncated condition already detected
RPL: Fix 'Consistency Check' control code
RPL: Fix suboption print
RSVP: An INTEGRITY object in a submessage covers only the submessage
RSVP: Fix an infinite loop; Add bounds and length checks
RSVP: Fix some if statements missing brackets
RSVP: Have signature_verify() do the copying and clearing
RTCP: Add some bounds checks
RTP: Add some bounds checks, fix two segmentation faults
SCTP: Do more bounds checking
SFLOW: Fix bounds checking
SLOW: Fix bugs, add checks
SMB: Before fetching the flags2 field, make sure we have it
SMB: Do bounds checks on NBNS resource types and resource data lengths
SNMP: Clean up the "have libsmi but no modules loaded" case
SNMP: Clean up the object abbreviation list and fix the code to match them
SNMP: Do bounds checks when printing character and octet strings
SNMP: Improve ASN.1 bounds checks
SNMP: More bounds and length checks
STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
STP: Filter out non-printable characters
TCP: Add bounds and length checks for packets with TCP option 20
TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
TCP: Fix two bounds checks (Fix heap overflows)
TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
TCP: Put TCP-AO option decoding right
TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
Telnet: Add some bounds checks
TokenRing: Fix -e output
UDLD: Fix an infinite loop
UDP: Add a bounds check (Fix a heap overflow)
UDP: Check against the packet length first
UDP: Don't do the DDP-over-UDP heuristic check up front
VAT: Add some bounds checks
VTP: Add a test on Mgmt Domain Name length
VTP: Add bounds checks and filter out non-printable characters
VXLAN: Add a bound check and a test case
ZeroMQ: Fix an infinite loop
Tuesday April 14, 2015 guy@alum.mit.edu
Summary for 4.8.0 tcpdump release
Fix "-x" for Apple PKTAP and PPI packets
Bug: N/A
Test: "adb shell tcpdump"
Change-Id: I81df72cf1ebdbe61c5b6069d8532ae817570f23f
diff --git a/print-lspping.c b/print-lspping.c
index 888adfa..4d260db 100644
--- a/print-lspping.c
+++ b/print-lspping.c
@@ -13,20 +13,23 @@
* Original code by Hannes Gredler (hannes@juniper.net)
*/
-#define NETDISSECT_REWORKED
+/* \summary: MPLS LSP PING printer */
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
-#include "interface.h"
+#include "netdissect.h"
#include "extract.h"
#include "addrtoname.h"
#include "l2vpn.h"
#include "oui.h"
+/* RFC 4349 */
+
/*
* LSPPING common header
*
@@ -57,7 +60,7 @@
struct lspping_common_header {
uint8_t version[2];
- uint8_t reserved[2];
+ uint8_t global_flags[2];
uint8_t msg_type;
uint8_t reply_mode;
uint8_t return_code;
@@ -100,6 +103,7 @@
{ 10, "Mapping for this FEC is not the given label at stack depth"},
{ 11, "No label entry at stack-depth"},
{ 12, "Protocol not associated with interface at FEC stack depth"},
+ { 13, "Premature termination of ping due to label stack shrinking to a single label"},
};
@@ -126,9 +130,12 @@
#define LSPPING_TLV_TARGET_FEC_STACK 1
#define LSPPING_TLV_DOWNSTREAM_MAPPING 2
#define LSPPING_TLV_PAD 3
+/* not assigned 4 */
#define LSPPING_TLV_VENDOR_ENTERPRISE 5
#define LSPPING_TLV_VENDOR_ENTERPRISE_LEN 4
+/* not assigned 6 */
#define LSPPING_TLV_INTERFACE_LABEL_STACK 7
+/* not assigned 8 */
#define LSPPING_TLV_ERROR_CODE 9
#define LSPPING_TLV_REPLY_TOS_BYTE 10
#define LSPPING_TLV_BFD_DISCRIMINATOR 15 /* draft-ietf-bfd-mpls-02 */
@@ -148,17 +155,22 @@
{ 0, NULL}
};
-#define LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4 1
-#define LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV6 2
-#define LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV4 3
-#define LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV6 4
-#define LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4 6
-#define LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6 7
-#define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT 8
-#define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID_OLD 9
-#define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID 10
-#define LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4 11
-#define LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6 12
+#define LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4 1
+#define LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV6 2
+#define LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV4 3
+#define LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV6 4
+/* not assigned 5 */
+#define LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4 6
+#define LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6 7
+#define LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT 8
+#define LSPPING_TLV_TARGETFEC_SUBTLV_FEC_128_PW_OLD 9
+#define LSPPING_TLV_TARGETFEC_SUBTLV_FEC_128_PW 10
+#define LSPPING_TLV_TARGETFEC_SUBTLV_FEC_129_PW 11
+#define LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4 12
+#define LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6 13
+#define LSPPING_TLV_TARGETFEC_SUBTLV_GENERIC_IPV4 14
+#define LSPPING_TLV_TARGETFEC_SUBTLV_GENERIC_IPV6 15
+#define LSPPING_TLV_TARGETFEC_SUBTLV_NIL_FEC 16
static const struct tok lspping_tlvtargetfec_subtlv_values[] = {
{ LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4, "LDP IPv4 prefix"},
@@ -169,8 +181,8 @@
{ LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4, "VPN IPv4 prefix"},
{ LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6, "VPN IPv6 prefix"},
{ LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT, "L2 VPN endpoint"},
- { LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID_OLD, "L2 circuit ID (old)"},
- { LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID, "L2 circuit ID"},
+ { LSPPING_TLV_TARGETFEC_SUBTLV_FEC_128_PW_OLD, "FEC 128 pseudowire (old)"},
+ { LSPPING_TLV_TARGETFEC_SUBTLV_FEC_128_PW, "FEC 128 pseudowire"},
{ LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4, "BGP labeled IPv4 prefix"},
{ LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6, "BGP labeled IPv6 prefix"},
{ 0, NULL}
@@ -208,44 +220,6 @@
};
/*
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Sender identifier |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | IPv4 prefix |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Prefix Length | Must Be Zero |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t {
- uint8_t sender_id [4];
- uint8_t prefix [4];
- uint8_t prefix_len;
-};
-
-/*
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Sender identifier |
- * | (16 octets) |
- * | |
- * | |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | IPv6 prefix |
- * | (16 octets) |
- * | |
- * | |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Prefix Length | Must Be Zero |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t {
- uint8_t sender_id [16];
- uint8_t prefix [16];
- uint8_t prefix_len;
-};
-
-/*
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -350,7 +324,7 @@
* | Route Distinguisher |
* | (8 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Sender's CE ID | Receiver's CE ID |
+ * | Sender's VE ID | Receiver's VE ID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Encapsulation Type | Must Be Zero |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -358,8 +332,8 @@
*/
struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t {
uint8_t rd [8];
- uint8_t sender_ce_id [2];
- uint8_t receiver_ce_id [2];
+ uint8_t sender_ve_id [2];
+ uint8_t receiver_ve_id [2];
uint8_t encapsulation[2];
};
@@ -368,15 +342,15 @@
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Remote PE Address |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | VC ID |
+ * | PW ID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Encapsulation Type | Must Be Zero |
+ * | PW Type | Must Be Zero |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_old_t {
+struct lspping_tlv_targetfec_subtlv_fec_128_pw_old {
uint8_t remote_pe_address [4];
- uint8_t vc_id [4];
- uint8_t encapsulation[2];
+ uint8_t pw_id [4];
+ uint8_t pw_type[2];
};
/*
@@ -386,16 +360,45 @@
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Remote PE Address |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | VC ID |
+ * | PW ID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Encapsulation Type | Must Be Zero |
+ * | PW Type | Must Be Zero |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_t {
+struct lspping_tlv_targetfec_subtlv_fec_128_pw {
uint8_t sender_pe_address [4];
uint8_t remote_pe_address [4];
- uint8_t vc_id [4];
- uint8_t encapsulation[2];
+ uint8_t pw_id [4];
+ uint8_t pw_type[2];
+};
+
+/*
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | IPv4 prefix |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Prefix Length | Must Be Zero |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t {
+ uint8_t prefix [4];
+ uint8_t prefix_len;
+};
+
+/*
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | IPv6 prefix |
+ * | (16 octets) |
+ * | |
+ * | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Prefix Length | Must Be Zero |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t {
+ uint8_t prefix [16];
+ uint8_t prefix_len;
};
/*
@@ -408,7 +411,7 @@
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Downstream Interface Address (4 or 16 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Hash Key Type | Depth Limit | Multipath Length |
+ * | Multipath Type| Depth Limit | Multipath Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* . .
* . (Multipath Information) .
@@ -423,10 +426,25 @@
* | Downstream Label | Protocol |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
+/* Enough to get the address type */
+struct lspping_tlv_downstream_map_t {
+ uint8_t mtu [2];
+ uint8_t address_type;
+ uint8_t ds_flags;
+};
+
struct lspping_tlv_downstream_map_ipv4_t {
uint8_t mtu [2];
uint8_t address_type;
- uint8_t res;
+ uint8_t ds_flags;
+ uint8_t downstream_ip[4];
+ uint8_t downstream_interface[4];
+};
+
+struct lspping_tlv_downstream_map_ipv4_unmb_t {
+ uint8_t mtu [2];
+ uint8_t address_type;
+ uint8_t ds_flags;
uint8_t downstream_ip[4];
uint8_t downstream_interface[4];
};
@@ -434,25 +452,35 @@
struct lspping_tlv_downstream_map_ipv6_t {
uint8_t mtu [2];
uint8_t address_type;
- uint8_t res;
+ uint8_t ds_flags;
uint8_t downstream_ip[16];
uint8_t downstream_interface[16];
};
+struct lspping_tlv_downstream_map_ipv6_unmb_t {
+ uint8_t mtu [2];
+ uint8_t address_type;
+ uint8_t ds_flags;
+ uint8_t downstream_ip[16];
+ uint8_t downstream_interface[4];
+};
+
struct lspping_tlv_downstream_map_info_t {
- uint8_t hash_key_type;
+ uint8_t multipath_type;
uint8_t depth_limit;
uint8_t multipath_length [2];
};
-#define LSPPING_AFI_IPV4 1
-#define LSPPING_AFI_UNMB 2
-#define LSPPING_AFI_IPV6 3
+#define LSPPING_AFI_IPV4 1
+#define LSPPING_AFI_IPV4_UNMB 2
+#define LSPPING_AFI_IPV6 3
+#define LSPPING_AFI_IPV6_UNMB 4
static const struct tok lspping_tlv_downstream_addr_values[] = {
- { LSPPING_AFI_IPV4, "IPv4"},
- { LSPPING_AFI_IPV6, "IPv6"},
- { LSPPING_AFI_UNMB, "Unnumbered"},
+ { LSPPING_AFI_IPV4, "IPv4"},
+ { LSPPING_AFI_IPV4_UNMB, "Unnumbered IPv4"},
+ { LSPPING_AFI_IPV6, "IPv6"},
+ { LSPPING_AFI_IPV6_UNMB, "IPv6"},
{ 0, NULL}
};
@@ -464,14 +492,17 @@
const struct lspping_tlv_header *lspping_tlv_header;
const struct lspping_tlv_header *lspping_subtlv_header;
const u_char *tptr,*tlv_tptr,*subtlv_tptr;
- int tlen,lspping_tlv_len,lspping_tlv_type,tlv_tlen;
+ u_int tlen,lspping_tlv_len,lspping_tlv_type,tlv_tlen;
int tlv_hexdump,subtlv_hexdump;
- int lspping_subtlv_len,lspping_subtlv_type;
+ u_int lspping_subtlv_len,lspping_subtlv_type;
struct timeval timestamp;
union {
+ const struct lspping_tlv_downstream_map_t *lspping_tlv_downstream_map;
const struct lspping_tlv_downstream_map_ipv4_t *lspping_tlv_downstream_map_ipv4;
+ const struct lspping_tlv_downstream_map_ipv4_unmb_t *lspping_tlv_downstream_map_ipv4_unmb;
const struct lspping_tlv_downstream_map_ipv6_t *lspping_tlv_downstream_map_ipv6;
+ const struct lspping_tlv_downstream_map_ipv6_unmb_t *lspping_tlv_downstream_map_ipv6_unmb;
const struct lspping_tlv_downstream_map_info_t *lspping_tlv_downstream_map_info;
} tlv_ptr;
@@ -483,14 +514,16 @@
const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv4_t *lspping_tlv_targetfec_subtlv_l3vpn_ipv4;
const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv6_t *lspping_tlv_targetfec_subtlv_l3vpn_ipv6;
const struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t *lspping_tlv_targetfec_subtlv_l2vpn_endpt;
- const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_old_t *lspping_tlv_targetfec_subtlv_l2vpn_vcid_old;
- const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_t *lspping_tlv_targetfec_subtlv_l2vpn_vcid;
+ const struct lspping_tlv_targetfec_subtlv_fec_128_pw_old *lspping_tlv_targetfec_subtlv_l2vpn_vcid_old;
+ const struct lspping_tlv_targetfec_subtlv_fec_128_pw *lspping_tlv_targetfec_subtlv_l2vpn_vcid;
const struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t *lspping_tlv_targetfec_subtlv_bgp_ipv4;
const struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t *lspping_tlv_targetfec_subtlv_bgp_ipv6;
} subtlv_ptr;
tptr=pptr;
lspping_com_header = (const struct lspping_common_header *)pptr;
+ if (len < sizeof(const struct lspping_common_header))
+ goto tooshort;
ND_TCHECK(*lspping_com_header);
/*
@@ -565,7 +598,10 @@
tptr+=sizeof(const struct lspping_common_header);
tlen-=sizeof(const struct lspping_common_header);
- while(tlen>(int)sizeof(struct lspping_tlv_header)) {
+ while (tlen != 0) {
+ /* Does the TLV go past the end of the packet? */
+ if (tlen < sizeof(struct lspping_tlv_header))
+ goto tooshort;
/* did we capture enough for fully decoding the tlv header ? */
ND_TCHECK2(*tptr, sizeof(struct lspping_tlv_header));
@@ -574,15 +610,6 @@
lspping_tlv_type=EXTRACT_16BITS(lspping_tlv_header->type);
lspping_tlv_len=EXTRACT_16BITS(lspping_tlv_header->length);
- /* some little sanity checking */
- if (lspping_tlv_type == 0 || lspping_tlv_len == 0)
- return;
-
- if(lspping_tlv_len < 4) {
- ND_PRINT((ndo, "\n\t ERROR: TLV %u bogus size %u",lspping_tlv_type,lspping_tlv_len));
- return;
- }
-
ND_PRINT((ndo, "\n\t %s TLV (%u), length: %u",
tok2str(lspping_tlv_values,
"Unknown",
@@ -590,19 +617,34 @@
lspping_tlv_type,
lspping_tlv_len));
+ /* some little sanity checking */
+ if (lspping_tlv_len == 0) {
+ tptr+=sizeof(struct lspping_tlv_header);
+ tlen-=sizeof(struct lspping_tlv_header);
+ continue; /* no value to dissect */
+ }
+
tlv_tptr=tptr+sizeof(struct lspping_tlv_header);
tlv_tlen=lspping_tlv_len; /* header not included -> no adjustment */
+ /* Does the TLV go past the end of the packet? */
+ if (tlen < lspping_tlv_len+sizeof(struct lspping_tlv_header))
+ goto tooshort;
/* did we capture enough for fully decoding the tlv ? */
- ND_TCHECK2(*tptr, lspping_tlv_len);
+ ND_TCHECK2(*tlv_tptr, lspping_tlv_len);
tlv_hexdump=FALSE;
switch(lspping_tlv_type) {
case LSPPING_TLV_TARGET_FEC_STACK:
- while(tlv_tlen>(int)sizeof(struct lspping_tlv_header)) {
-
+ while (tlv_tlen != 0) {
+ /* Does the subTLV header go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_header)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
/* did we capture enough for fully decoding the subtlv header ? */
- ND_TCHECK2(*tptr, sizeof(struct lspping_tlv_header));
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_header));
subtlv_hexdump=FALSE;
lspping_subtlv_header = (const struct lspping_tlv_header *)tlv_tptr;
@@ -610,8 +652,15 @@
lspping_subtlv_len=EXTRACT_16BITS(lspping_subtlv_header->length);
subtlv_tptr=tlv_tptr+sizeof(struct lspping_tlv_header);
- if (lspping_subtlv_len == 0)
- break;
+ /* Does the subTLV go past the end of the TLV? */
+ if (tlv_tlen < lspping_subtlv_len+sizeof(struct lspping_tlv_header)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+
+ /* Did we capture enough for fully decoding the subTLV? */
+ ND_TCHECK2(*subtlv_tptr, lspping_subtlv_len);
ND_PRINT((ndo, "\n\t %s subTLV (%u), length: %u",
tok2str(lspping_tlvtargetfec_subtlv_values,
@@ -623,132 +672,185 @@
switch(lspping_subtlv_type) {
case LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV4:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4 = \
- (const struct lspping_tlv_targetfec_subtlv_ldp_ipv4_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t %s/%u",
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4->prefix),
- subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4->prefix_len));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 5) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 5"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4 = \
+ (const struct lspping_tlv_targetfec_subtlv_ldp_ipv4_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t %s/%u",
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4->prefix),
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv4->prefix_len));
+ }
break;
-#ifdef INET6
case LSPPING_TLV_TARGETFEC_SUBTLV_LDP_IPV6:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6 = \
- (const struct lspping_tlv_targetfec_subtlv_ldp_ipv6_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t %s/%u",
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6->prefix),
- subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6->prefix_len));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 17) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 17"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6 = \
+ (const struct lspping_tlv_targetfec_subtlv_ldp_ipv6_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t %s/%u",
+ ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6->prefix),
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_ldp_ipv6->prefix_len));
+ }
break;
-#endif
case LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV4:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4 = \
- (const struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t %s/%u, sender-id %s",
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->prefix),
- subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->prefix_len,
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->sender_id)));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 5) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 5"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4 = \
+ (const struct lspping_tlv_targetfec_subtlv_bgp_ipv4_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t %s/%u",
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->prefix),
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv4->prefix_len));
+ }
break;
-#ifdef INET6
case LSPPING_TLV_TARGETFEC_SUBTLV_BGP_IPV6:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6 = \
- (const struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t %s/%u, sender-id %s",
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->prefix),
- subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->prefix_len,
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->sender_id)));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 17) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 17"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6 = \
+ (const struct lspping_tlv_targetfec_subtlv_bgp_ipv6_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t %s/%u",
+ ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->prefix),
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_bgp_ipv6->prefix_len));
+ }
break;
-#endif
case LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV4:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4 = \
- (const struct lspping_tlv_targetfec_subtlv_rsvp_ipv4_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t tunnel end-point %s, tunnel sender %s, lsp-id 0x%04x" \
- "\n\t tunnel-id 0x%04x, extended tunnel-id %s",
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_endpoint),
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_sender),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->lsp_id),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_id),
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->extended_tunnel_id)));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 20) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 20"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4 = \
+ (const struct lspping_tlv_targetfec_subtlv_rsvp_ipv4_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t tunnel end-point %s, tunnel sender %s, lsp-id 0x%04x" \
+ "\n\t tunnel-id 0x%04x, extended tunnel-id %s",
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_endpoint),
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_sender),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->lsp_id),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->tunnel_id),
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv4->extended_tunnel_id)));
+ }
break;
-#ifdef INET6
case LSPPING_TLV_TARGETFEC_SUBTLV_RSVP_IPV6:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6 = \
- (const struct lspping_tlv_targetfec_subtlv_rsvp_ipv6_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t tunnel end-point %s, tunnel sender %s, lsp-id 0x%04x" \
- "\n\t tunnel-id 0x%04x, extended tunnel-id %s",
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_endpoint),
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_sender),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->lsp_id),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_id),
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->extended_tunnel_id)));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 56) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 56"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6 = \
+ (const struct lspping_tlv_targetfec_subtlv_rsvp_ipv6_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t tunnel end-point %s, tunnel sender %s, lsp-id 0x%04x" \
+ "\n\t tunnel-id 0x%04x, extended tunnel-id %s",
+ ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_endpoint),
+ ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_sender),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->lsp_id),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->tunnel_id),
+ ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_rsvp_ipv6->extended_tunnel_id)));
+ }
break;
-#endif
case LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV4:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4 = \
- (const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv4_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t RD: %s, %s/%u",
- bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->rd),
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->prefix),
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->prefix_len));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 13) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 13"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4 = \
+ (const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv4_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t RD: %s, %s/%u",
+ bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->rd),
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->prefix),
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv4->prefix_len));
+ }
break;
-#ifdef INET6
case LSPPING_TLV_TARGETFEC_SUBTLV_L3VPN_IPV6:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6 = \
- (const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv6_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t RD: %s, %s/%u",
- bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->rd),
- ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->prefix),
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->prefix_len));
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 25) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 25"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6 = \
+ (const struct lspping_tlv_targetfec_subtlv_l3vpn_ipv6_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t RD: %s, %s/%u",
+ bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->rd),
+ ip6addr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->prefix),
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l3vpn_ipv6->prefix_len));
+ }
break;
-#endif
case LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_ENDPT:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt = \
- (const struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t RD: %s, Sender CE-ID: %u, Receiver CE-ID: %u" \
- "\n\t Encapsulation Type: %s (%u)",
- bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->rd),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->sender_ce_id),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->receiver_ce_id),
- tok2str(l2vpn_encaps_values,
- "unknown",
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->encapsulation)),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->encapsulation)));
-
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 14) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 14"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt = \
+ (const struct lspping_tlv_targetfec_subtlv_l2vpn_endpt_t *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t RD: %s, Sender VE ID: %u, Receiver VE ID: %u" \
+ "\n\t Encapsulation Type: %s (%u)",
+ bgp_vpn_rd_print(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->rd),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->sender_ve_id),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->receiver_ve_id),
+ tok2str(mpls_pw_types_values,
+ "unknown",
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->encapsulation)),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_endpt->encapsulation)));
+ }
break;
/* the old L2VPN VCID subTLV does not have support for the sender field */
- case LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID_OLD:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old = \
- (const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_old_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t Remote PE: %s" \
- "\n\t VC-ID: 0x%08x, Encapsulation Type: %s (%u)",
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->remote_pe_address),
- EXTRACT_32BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->vc_id),
- tok2str(l2vpn_encaps_values,
- "unknown",
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->encapsulation)),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->encapsulation)));
-
+ case LSPPING_TLV_TARGETFEC_SUBTLV_FEC_128_PW_OLD:
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 10) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 10"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old = \
+ (const struct lspping_tlv_targetfec_subtlv_fec_128_pw_old *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t Remote PE: %s" \
+ "\n\t PW ID: 0x%08x, PW Type: %s (%u)",
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->remote_pe_address),
+ EXTRACT_32BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->pw_id),
+ tok2str(mpls_pw_types_values,
+ "unknown",
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->pw_type)),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid_old->pw_type)));
+ }
break;
- case LSPPING_TLV_TARGETFEC_SUBTLV_L2VPN_VCID:
- subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid = \
- (const struct lspping_tlv_targetfec_subtlv_l2vpn_vcid_t *)subtlv_tptr;
- ND_PRINT((ndo, "\n\t Sender PE: %s, Remote PE: %s" \
- "\n\t VC-ID: 0x%08x, Encapsulation Type: %s (%u)",
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->sender_pe_address),
- ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->remote_pe_address),
- EXTRACT_32BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->vc_id),
- tok2str(l2vpn_encaps_values,
- "unknown",
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->encapsulation)),
- EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->encapsulation)));
-
+ case LSPPING_TLV_TARGETFEC_SUBTLV_FEC_128_PW:
+ /* Is the subTLV length correct? */
+ if (lspping_subtlv_len != 14) {
+ ND_PRINT((ndo, "\n\t invalid subTLV length, should be 14"));
+ subtlv_hexdump=TRUE; /* unknown subTLV just hexdump it */
+ } else {
+ subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid = \
+ (const struct lspping_tlv_targetfec_subtlv_fec_128_pw *)subtlv_tptr;
+ ND_PRINT((ndo, "\n\t Sender PE: %s, Remote PE: %s" \
+ "\n\t PW ID: 0x%08x, PW Type: %s (%u)",
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->sender_pe_address),
+ ipaddr_string(ndo, subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->remote_pe_address),
+ EXTRACT_32BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->pw_id),
+ tok2str(mpls_pw_types_values,
+ "unknown",
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->pw_type)),
+ EXTRACT_16BITS(subtlv_ptr.lspping_tlv_targetfec_subtlv_l2vpn_vcid->pw_type)));
+ }
break;
default:
@@ -761,30 +863,58 @@
"\n\t ",
lspping_subtlv_len);
+ /* All subTLVs are aligned to four octet boundary */
+ if (lspping_subtlv_len % 4) {
+ lspping_subtlv_len += 4 - (lspping_subtlv_len % 4);
+ /* Does the subTLV, including padding, go past the end of the TLV? */
+ if (tlv_tlen < lspping_subtlv_len+sizeof(struct lspping_tlv_header)) {
+ ND_PRINT((ndo, "\n\t\t TLV is too short"));
+ return;
+ }
+ }
tlv_tptr+=lspping_subtlv_len;
tlv_tlen-=lspping_subtlv_len+sizeof(struct lspping_tlv_header);
}
break;
case LSPPING_TLV_DOWNSTREAM_MAPPING:
- /* that strange thing with the downstream map TLV is that until now
- * we do not know if its IPv4 or IPv6 , after we found the address-type
- * lets recast the tlv_tptr and move on */
+ /* Does the header go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_downstream_map_t)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+ /* Did we capture enough to get the address family? */
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_downstream_map_t));
- tlv_ptr.lspping_tlv_downstream_map_ipv4= \
- (const struct lspping_tlv_downstream_map_ipv4_t *)tlv_tptr;
- tlv_ptr.lspping_tlv_downstream_map_ipv6= \
- (const struct lspping_tlv_downstream_map_ipv6_t *)tlv_tptr;
+ tlv_ptr.lspping_tlv_downstream_map= \
+ (const struct lspping_tlv_downstream_map_t *)tlv_tptr;
+
+ /* that strange thing with the downstream map TLV is that until now
+ * we do not know if its IPv4 or IPv6 or is unnumbered; after
+ * we find the address-type, we recast the tlv_tptr and move on. */
+
ND_PRINT((ndo, "\n\t MTU: %u, Address-Type: %s (%u)",
- EXTRACT_16BITS(tlv_ptr.lspping_tlv_downstream_map_ipv4->mtu),
+ EXTRACT_16BITS(tlv_ptr.lspping_tlv_downstream_map->mtu),
tok2str(lspping_tlv_downstream_addr_values,
"unknown",
- tlv_ptr.lspping_tlv_downstream_map_ipv4->address_type),
- tlv_ptr.lspping_tlv_downstream_map_ipv4->address_type));
+ tlv_ptr.lspping_tlv_downstream_map->address_type),
+ tlv_ptr.lspping_tlv_downstream_map->address_type));
- switch(tlv_ptr.lspping_tlv_downstream_map_ipv4->address_type) {
+ switch(tlv_ptr.lspping_tlv_downstream_map->address_type) {
case LSPPING_AFI_IPV4:
+ /* Does the data go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_downstream_map_ipv4_t)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+ /* Did we capture enough for this part of the TLV? */
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_downstream_map_ipv4_t));
+
+ tlv_ptr.lspping_tlv_downstream_map_ipv4= \
+ (const struct lspping_tlv_downstream_map_ipv4_t *)tlv_tptr;
ND_PRINT((ndo, "\n\t Downstream IP: %s" \
"\n\t Downstream Interface IP: %s",
ipaddr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_ip),
@@ -792,8 +922,37 @@
tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv4_t);
tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv4_t);
break;
-#ifdef INET6
- case LSPPING_AFI_IPV6:
+ case LSPPING_AFI_IPV4_UNMB:
+ /* Does the data go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_downstream_map_ipv4_unmb_t)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+ /* Did we capture enough for this part of the TLV? */
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_downstream_map_ipv4_unmb_t));
+
+ tlv_ptr.lspping_tlv_downstream_map_ipv4_unmb= \
+ (const struct lspping_tlv_downstream_map_ipv4_unmb_t *)tlv_tptr;
+ ND_PRINT((ndo, "\n\t Downstream IP: %s" \
+ "\n\t Downstream Interface Index: 0x%08x",
+ ipaddr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv4_unmb->downstream_ip),
+ EXTRACT_32BITS(tlv_ptr.lspping_tlv_downstream_map_ipv4_unmb->downstream_interface)));
+ tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv4_unmb_t);
+ tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv4_unmb_t);
+ break;
+ case LSPPING_AFI_IPV6:
+ /* Does the data go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_downstream_map_ipv6_t)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+ /* Did we capture enough for this part of the TLV? */
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_downstream_map_ipv6_t));
+
+ tlv_ptr.lspping_tlv_downstream_map_ipv6= \
+ (const struct lspping_tlv_downstream_map_ipv6_t *)tlv_tptr;
ND_PRINT((ndo, "\n\t Downstream IP: %s" \
"\n\t Downstream Interface IP: %s",
ip6addr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv6->downstream_ip),
@@ -801,14 +960,24 @@
tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv6_t);
tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv6_t);
break;
-#endif
- case LSPPING_AFI_UNMB:
+ case LSPPING_AFI_IPV6_UNMB:
+ /* Does the data go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_downstream_map_ipv6_unmb_t)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+ /* Did we capture enough for this part of the TLV? */
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_downstream_map_ipv6_unmb_t));
+
+ tlv_ptr.lspping_tlv_downstream_map_ipv6_unmb= \
+ (const struct lspping_tlv_downstream_map_ipv6_unmb_t *)tlv_tptr;
ND_PRINT((ndo, "\n\t Downstream IP: %s" \
"\n\t Downstream Interface Index: 0x%08x",
- ipaddr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_ip),
- EXTRACT_32BITS(tlv_ptr.lspping_tlv_downstream_map_ipv4->downstream_interface)));
- tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv4_t);
- tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv4_t);
+ ip6addr_string(ndo, tlv_ptr.lspping_tlv_downstream_map_ipv6_unmb->downstream_ip),
+ EXTRACT_32BITS(tlv_ptr.lspping_tlv_downstream_map_ipv6_unmb->downstream_interface)));
+ tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_ipv6_unmb_t);
+ tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_ipv6_unmb_t);
break;
default:
@@ -816,37 +985,55 @@
break;
}
+ /* Does the data go past the end of the TLV? */
+ if (tlv_tlen < sizeof(struct lspping_tlv_downstream_map_info_t)) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ }
+ /* Did we capture enough for this part of the TLV? */
+ ND_TCHECK2(*tlv_tptr, sizeof(struct lspping_tlv_downstream_map_info_t));
+
tlv_ptr.lspping_tlv_downstream_map_info= \
(const struct lspping_tlv_downstream_map_info_t *)tlv_tptr;
/* FIXME add hash-key type, depth limit, multipath processing */
-
tlv_tptr+=sizeof(struct lspping_tlv_downstream_map_info_t);
tlv_tlen-=sizeof(struct lspping_tlv_downstream_map_info_t);
/* FIXME print downstream labels */
-
tlv_hexdump=TRUE; /* dump the TLV until code complete */
break;
case LSPPING_TLV_BFD_DISCRIMINATOR:
- tptr += sizeof(struct lspping_tlv_header);
- ND_TCHECK2(*tptr, LSPPING_TLV_BFD_DISCRIMINATOR_LEN);
- ND_PRINT((ndo, "\n\t BFD Discriminator 0x%08x", EXTRACT_32BITS(tptr)));
+ if (tlv_tlen < LSPPING_TLV_BFD_DISCRIMINATOR_LEN) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ } else {
+ ND_TCHECK2(*tptr, LSPPING_TLV_BFD_DISCRIMINATOR_LEN);
+ ND_PRINT((ndo, "\n\t BFD Discriminator 0x%08x", EXTRACT_32BITS(tptr)));
+ }
break;
case LSPPING_TLV_VENDOR_ENTERPRISE:
{
uint32_t vendor_id;
- ND_TCHECK2(*tptr, LSPPING_TLV_VENDOR_ENTERPRISE_LEN);
- vendor_id = EXTRACT_32BITS(tlv_tptr);
- ND_PRINT((ndo, "\n\t Vendor: %s (0x%04x)",
- tok2str(smi_values, "Unknown", vendor_id),
- vendor_id));
+ if (tlv_tlen < LSPPING_TLV_VENDOR_ENTERPRISE_LEN) {
+ ND_PRINT((ndo, "\n\t TLV is too short"));
+ tlv_hexdump = TRUE;
+ goto tlv_tooshort;
+ } else {
+ ND_TCHECK2(*tptr, LSPPING_TLV_VENDOR_ENTERPRISE_LEN);
+ vendor_id = EXTRACT_32BITS(tlv_tptr);
+ ND_PRINT((ndo, "\n\t Vendor: %s (0x%04x)",
+ tok2str(smi_values, "Unknown", vendor_id),
+ vendor_id));
+ }
}
break;
@@ -864,6 +1051,7 @@
break;
}
/* do we want to see an additionally tlv hexdump ? */
+ tlv_tooshort:
if (ndo->ndo_vflag > 1 || tlv_hexdump==TRUE)
print_unknown_data(ndo, tptr+sizeof(struct lspping_tlv_header), "\n\t ",
lspping_tlv_len);
@@ -872,14 +1060,21 @@
/* All TLVs are aligned to four octet boundary */
if (lspping_tlv_len % 4) {
lspping_tlv_len += (4 - lspping_tlv_len % 4);
+ /* Does the TLV, including padding, go past the end of the packet? */
+ if (tlen < lspping_tlv_len+sizeof(struct lspping_tlv_header))
+ goto tooshort;
}
tptr+=lspping_tlv_len+sizeof(struct lspping_tlv_header);
tlen-=lspping_tlv_len+sizeof(struct lspping_tlv_header);
}
return;
+tooshort:
+ ND_PRINT((ndo, "\n\t\t packet is too short"));
+ return;
trunc:
ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
+ return;
}
/*
* Local Variables: