diff options
Diffstat (limited to 'print-icmp.c')
| -rw-r--r-- | print-icmp.c | 523 |
1 files changed, 308 insertions, 215 deletions
diff --git a/print-icmp.c b/print-icmp.c index 170d5438f20f..54d215e1d7fe 100644 --- a/print-icmp.c +++ b/print-icmp.c @@ -22,10 +22,10 @@ /* \summary: Internet Control Message Protocol (ICMP) printer */ #ifdef HAVE_CONFIG_H -#include "config.h" +#include <config.h> #endif -#include <netdissect-stdinc.h> +#include "netdissect-stdinc.h" #include <stdio.h> #include <string.h> @@ -48,17 +48,17 @@ * Structure of an icmp header. */ struct icmp { - uint8_t icmp_type; /* type of message, see below */ - uint8_t icmp_code; /* type sub code */ - uint16_t icmp_cksum; /* ones complement cksum of struct */ + nd_uint8_t icmp_type; /* type of message, see below */ + nd_uint8_t icmp_code; /* type sub code */ + nd_uint16_t icmp_cksum; /* ones complement cksum of struct */ union { - uint8_t ih_pptr; /* ICMP_PARAMPROB */ - struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ + nd_uint8_t ih_pptr; /* ICMP_PARAMPROB */ + nd_ipv4 ih_gwaddr; /* ICMP_REDIRECT */ struct ih_idseq { - uint16_t icd_id; - uint16_t icd_seq; + nd_uint16_t icd_id; + nd_uint16_t icd_seq; } ih_idseq; - uint32_t ih_void; + nd_uint32_t ih_void; } icmp_hun; #define icmp_pptr icmp_hun.ih_pptr #define icmp_gwaddr icmp_hun.ih_gwaddr @@ -67,16 +67,16 @@ struct icmp { #define icmp_void icmp_hun.ih_void union { struct id_ts { - uint32_t its_otime; - uint32_t its_rtime; - uint32_t its_ttime; + nd_uint32_t its_otime; + nd_uint32_t its_rtime; + nd_uint32_t its_ttime; } id_ts; struct id_ip { struct ip idi_ip; /* options and then 64 bits of data */ } id_ip; - uint32_t id_mask; - uint8_t id_data[1]; + nd_uint32_t id_mask; + nd_byte id_data[1]; } icmp_dun; #define icmp_otime icmp_dun.id_ts.its_otime #define icmp_rtime icmp_dun.id_ts.its_rtime @@ -86,13 +86,10 @@ struct icmp { #define icmp_data icmp_dun.id_data }; -#define ICMP_MPLS_EXT_EXTRACT_VERSION(x) (((x)&0xf0)>>4) -#define ICMP_MPLS_EXT_VERSION 2 - /* * Lower bounds on packet lengths for various types. * For the error advice packets must first insure that the - * packet is large enought to contain the returned ip header. + * packet is large enough to contain the returned ip header. * Only then can we do the check to see if 64 bits of packet * data have been returned, since we need to check the returned * ip header length. @@ -150,7 +147,7 @@ struct icmp { ((type) == ICMP_UNREACH || (type) == ICMP_SOURCEQUENCH || \ (type) == ICMP_REDIRECT || (type) == ICMP_TIMXCEED || \ (type) == ICMP_PARAMPROB) -#define ICMP_MPLS_EXT_TYPE(type) \ +#define ICMP_MULTIPART_EXT_TYPE(type) \ ((type) == ICMP_UNREACH || \ (type) == ICMP_TIMXCEED || \ (type) == ICMP_PARAMPROB) @@ -202,68 +199,36 @@ static const struct tok icmp2str[] = { { 0, NULL } }; -/* Formats for most of the ICMP_UNREACH codes */ -static const struct tok unreach2str[] = { - { ICMP_UNREACH_NET, "net %s unreachable" }, - { ICMP_UNREACH_HOST, "host %s unreachable" }, - { ICMP_UNREACH_SRCFAIL, - "%s unreachable - source route failed" }, - { ICMP_UNREACH_NET_UNKNOWN, "net %s unreachable - unknown" }, - { ICMP_UNREACH_HOST_UNKNOWN, "host %s unreachable - unknown" }, - { ICMP_UNREACH_ISOLATED, - "%s unreachable - source host isolated" }, - { ICMP_UNREACH_NET_PROHIB, - "net %s unreachable - admin prohibited" }, - { ICMP_UNREACH_HOST_PROHIB, - "host %s unreachable - admin prohibited" }, - { ICMP_UNREACH_TOSNET, - "net %s unreachable - tos prohibited" }, - { ICMP_UNREACH_TOSHOST, - "host %s unreachable - tos prohibited" }, - { ICMP_UNREACH_FILTER_PROHIB, - "host %s unreachable - admin prohibited filter" }, - { ICMP_UNREACH_HOST_PRECEDENCE, - "host %s unreachable - host precedence violation" }, - { ICMP_UNREACH_PRECEDENCE_CUTOFF, - "host %s unreachable - precedence cutoff" }, - { 0, NULL } -}; - -/* Formats for the ICMP_REDIRECT codes */ -static const struct tok type2str[] = { - { ICMP_REDIRECT_NET, "redirect %s to net %s" }, - { ICMP_REDIRECT_HOST, "redirect %s to host %s" }, - { ICMP_REDIRECT_TOSNET, "redirect-tos %s to net %s" }, - { ICMP_REDIRECT_TOSHOST, "redirect-tos %s to host %s" }, - { 0, NULL } -}; - /* rfc1191 */ struct mtu_discovery { - uint16_t unused; - uint16_t nexthopmtu; + nd_uint16_t unused; + nd_uint16_t nexthopmtu; }; /* rfc1256 */ struct ih_rdiscovery { - uint8_t ird_addrnum; - uint8_t ird_addrsiz; - uint16_t ird_lifetime; + nd_uint8_t ird_addrnum; + nd_uint8_t ird_addrsiz; + nd_uint16_t ird_lifetime; }; struct id_rdiscovery { - uint32_t ird_addr; - uint32_t ird_pref; + nd_uint32_t ird_addr; + nd_uint32_t ird_pref; }; /* - * draft-bonica-internet-icmp-08 + * RFC 4884 - Extended ICMP to Support Multi-Part Messages + * + * This is a general extension mechanism, based on the mechanism + * in draft-bonica-icmp-mpls-02 ICMP Extensions for MultiProtocol + * Label Switching. * * The Destination Unreachable, Time Exceeded - * and Parameter Problem messages are slighly changed as per - * the above draft. A new Length field gets added to give - * the caller an idea about the length of the piggypacked - * IP packet before the MPLS extension header starts. + * and Parameter Problem messages are slightly changed as per + * the above RFC. A new Length field gets added to give + * the caller an idea about the length of the piggybacked + * IP packet before the extension header starts. * * The Length field represents length of the padded "original datagram" * field measured in 32-bit words. @@ -283,27 +248,46 @@ struct id_rdiscovery { */ struct icmp_ext_t { - uint8_t icmp_type; - uint8_t icmp_code; - uint8_t icmp_checksum[2]; - uint8_t icmp_reserved; - uint8_t icmp_length; - uint8_t icmp_reserved2[2]; - uint8_t icmp_ext_legacy_header[128]; /* extension header starts 128 bytes after ICMP header */ - uint8_t icmp_ext_version_res[2]; - uint8_t icmp_ext_checksum[2]; - uint8_t icmp_ext_data[1]; + nd_uint8_t icmp_type; + nd_uint8_t icmp_code; + nd_uint16_t icmp_checksum; + nd_byte icmp_reserved; + nd_uint8_t icmp_length; + nd_byte icmp_reserved2[2]; + nd_byte icmp_ext_legacy_header[128]; /* extension header starts 128 bytes after ICMP header */ + nd_byte icmp_ext_version_res[2]; + nd_uint16_t icmp_ext_checksum; + nd_byte icmp_ext_data[1]; }; -struct icmp_mpls_ext_object_header_t { - uint8_t length[2]; - uint8_t class_num; - uint8_t ctype; +/* + * Extract version from the first octet of icmp_ext_version_res. + */ +#define ICMP_EXT_EXTRACT_VERSION(x) (((x)&0xf0)>>4) + +/* + * Current version. + */ +#define ICMP_EXT_VERSION 2 + +/* + * Extension object class numbers. + * + * Class 1 dates back to draft-bonica-icmp-mpls-02. + */ + +/* rfc4950 */ +#define MPLS_STACK_ENTRY_OBJECT_CLASS 1 + +struct icmp_multipart_ext_object_header_t { + nd_uint16_t length; + nd_uint8_t class_num; + nd_uint8_t ctype; }; -static const struct tok icmp_mpls_ext_obj_values[] = { +static const struct tok icmp_multipart_ext_obj_values[] = { { 1, "MPLS Stack Entry" }, - { 2, "Extended Payload" }, + { 2, "Interface Identification" }, { 0, NULL} }; @@ -332,130 +316,240 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * { char *cp; const struct icmp *dp; + uint8_t icmp_type, icmp_code; const struct icmp_ext_t *ext_dp; const struct ip *ip; - const char *str, *fmt; + const char *str; const struct ip *oip; + uint8_t ip_proto; const struct udphdr *ouh; const uint8_t *obj_tptr; uint32_t raw_label; - const u_char *snapend_save; - const struct icmp_mpls_ext_object_header_t *icmp_mpls_ext_object_header; - u_int hlen, dport, mtu, obj_tlen, obj_class_num, obj_ctype; + const struct icmp_multipart_ext_object_header_t *icmp_multipart_ext_object_header; + u_int hlen, mtu, obj_tlen, obj_class_num, obj_ctype; + uint16_t dport; char buf[MAXHOSTNAMELEN + 100]; struct cksum_vec vec[1]; + ndo->ndo_protocol = "icmp"; dp = (const struct icmp *)bp; ext_dp = (const struct icmp_ext_t *)bp; ip = (const struct ip *)bp2; str = buf; - ND_TCHECK(dp->icmp_code); - switch (dp->icmp_type) { + icmp_type = GET_U_1(dp->icmp_type); + icmp_code = GET_U_1(dp->icmp_code); + switch (icmp_type) { case ICMP_ECHO: case ICMP_ECHOREPLY: - ND_TCHECK(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), "echo %s, id %u, seq %u", - dp->icmp_type == ICMP_ECHO ? + icmp_type == ICMP_ECHO ? "request" : "reply", - EXTRACT_16BITS(&dp->icmp_id), - EXTRACT_16BITS(&dp->icmp_seq)); + GET_BE_U_2(dp->icmp_id), + GET_BE_U_2(dp->icmp_seq)); break; case ICMP_UNREACH: - ND_TCHECK(dp->icmp_ip.ip_dst); - switch (dp->icmp_code) { + switch (icmp_code) { + + case ICMP_UNREACH_NET: + (void)snprintf(buf, sizeof(buf), + "net %s unreachable", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_HOST: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; case ICMP_UNREACH_PROTOCOL: - ND_TCHECK(dp->icmp_ip.ip_p); (void)snprintf(buf, sizeof(buf), - "%s protocol %d unreachable", - ipaddr_string(ndo, &dp->icmp_ip.ip_dst), - dp->icmp_ip.ip_p); + "%s protocol %u unreachable", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + GET_U_1(dp->icmp_ip.ip_p)); break; case ICMP_UNREACH_PORT: - ND_TCHECK(dp->icmp_ip.ip_p); + ND_TCHECK_1(dp->icmp_ip.ip_p); oip = &dp->icmp_ip; hlen = IP_HL(oip) * 4; ouh = (const struct udphdr *)(((const u_char *)oip) + hlen); - ND_TCHECK(ouh->uh_dport); - dport = EXTRACT_16BITS(&ouh->uh_dport); - switch (oip->ip_p) { + dport = GET_BE_U_2(ouh->uh_dport); + ip_proto = GET_U_1(oip->ip_p); + switch (ip_proto) { case IPPROTO_TCP: (void)snprintf(buf, sizeof(buf), "%s tcp port %s unreachable", - ipaddr_string(ndo, &oip->ip_dst), + GET_IPADDR_STRING(oip->ip_dst), tcpport_string(ndo, dport)); break; case IPPROTO_UDP: (void)snprintf(buf, sizeof(buf), "%s udp port %s unreachable", - ipaddr_string(ndo, &oip->ip_dst), + GET_IPADDR_STRING(oip->ip_dst), udpport_string(ndo, dport)); break; default: (void)snprintf(buf, sizeof(buf), "%s protocol %u port %u unreachable", - ipaddr_string(ndo, &oip->ip_dst), - oip->ip_p, dport); + GET_IPADDR_STRING(oip->ip_dst), + ip_proto, dport); break; } break; case ICMP_UNREACH_NEEDFRAG: { - register const struct mtu_discovery *mp; + const struct mtu_discovery *mp; mp = (const struct mtu_discovery *)(const u_char *)&dp->icmp_void; - mtu = EXTRACT_16BITS(&mp->nexthopmtu); + mtu = GET_BE_U_2(mp->nexthopmtu); if (mtu) { (void)snprintf(buf, sizeof(buf), - "%s unreachable - need to frag (mtu %d)", - ipaddr_string(ndo, &dp->icmp_ip.ip_dst), mtu); + "%s unreachable - need to frag (mtu %u)", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), mtu); } else { (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag", - ipaddr_string(ndo, &dp->icmp_ip.ip_dst)); + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); } } break; + case ICMP_UNREACH_SRCFAIL: + (void)snprintf(buf, sizeof(buf), + "%s unreachable - source route failed", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_NET_UNKNOWN: + (void)snprintf(buf, sizeof(buf), + "net %s unreachable - unknown", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_HOST_UNKNOWN: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable - unknown", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_ISOLATED: + (void)snprintf(buf, sizeof(buf), + "%s unreachable - source host isolated", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_NET_PROHIB: + (void)snprintf(buf, sizeof(buf), + "net %s unreachable - admin prohibited", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_HOST_PROHIB: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable - admin prohibited", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_TOSNET: + (void)snprintf(buf, sizeof(buf), + "net %s unreachable - tos prohibited", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_TOSHOST: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable - tos prohibited", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_FILTER_PROHIB: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable - admin prohibited filter", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_HOST_PRECEDENCE: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable - host precedence violation", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + + case ICMP_UNREACH_PRECEDENCE_CUTOFF: + (void)snprintf(buf, sizeof(buf), + "host %s unreachable - precedence cutoff", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); + break; + default: - fmt = tok2str(unreach2str, "#%d %%s unreachable", - dp->icmp_code); - (void)snprintf(buf, sizeof(buf), fmt, - ipaddr_string(ndo, &dp->icmp_ip.ip_dst)); + (void)snprintf(buf, sizeof(buf), + "%s unreachable - #%u", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + icmp_code); break; } break; case ICMP_REDIRECT: - ND_TCHECK(dp->icmp_ip.ip_dst); - fmt = tok2str(type2str, "redirect-#%d %%s to net %%s", - dp->icmp_code); - (void)snprintf(buf, sizeof(buf), fmt, - ipaddr_string(ndo, &dp->icmp_ip.ip_dst), - ipaddr_string(ndo, &dp->icmp_gwaddr)); + switch (icmp_code) { + + case ICMP_REDIRECT_NET: + (void)snprintf(buf, sizeof(buf), + "redirect %s to net %s", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + GET_IPADDR_STRING(dp->icmp_gwaddr)); + break; + + case ICMP_REDIRECT_HOST: + (void)snprintf(buf, sizeof(buf), + "redirect %s to host %s", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + GET_IPADDR_STRING(dp->icmp_gwaddr)); + break; + + case ICMP_REDIRECT_TOSNET: + (void)snprintf(buf, sizeof(buf), + "redirect-tos %s to net %s", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + GET_IPADDR_STRING(dp->icmp_gwaddr)); + break; + + case ICMP_REDIRECT_TOSHOST: + (void)snprintf(buf, sizeof(buf), + "redirect-tos %s to host %s", + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + GET_IPADDR_STRING(dp->icmp_gwaddr)); + break; + + default: + (void)snprintf(buf, sizeof(buf), + "redirect-#%u %s to %s", icmp_code, + GET_IPADDR_STRING(dp->icmp_ip.ip_dst), + GET_IPADDR_STRING(dp->icmp_gwaddr)); + break; + } break; case ICMP_ROUTERADVERT: { - register const struct ih_rdiscovery *ihp; - register const struct id_rdiscovery *idp; + const struct ih_rdiscovery *ihp; + const struct id_rdiscovery *idp; u_int lifetime, num, size; (void)snprintf(buf, sizeof(buf), "router advertisement"); cp = buf + strlen(buf); ihp = (const struct ih_rdiscovery *)&dp->icmp_void; - ND_TCHECK(*ihp); + ND_TCHECK_SIZE(ihp); (void)strncpy(cp, " lifetime ", sizeof(buf) - (cp - buf)); cp = buf + strlen(buf); - lifetime = EXTRACT_16BITS(&ihp->ird_lifetime); + lifetime = GET_BE_U_2(ihp->ird_lifetime); if (lifetime < 60) { (void)snprintf(cp, sizeof(buf) - (cp - buf), "%u", lifetime); @@ -471,31 +565,32 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * } cp = buf + strlen(buf); - num = ihp->ird_addrnum; - (void)snprintf(cp, sizeof(buf) - (cp - buf), " %d:", num); + num = GET_U_1(ihp->ird_addrnum); + (void)snprintf(cp, sizeof(buf) - (cp - buf), " %u:", num); cp = buf + strlen(buf); - size = ihp->ird_addrsiz; + size = GET_U_1(ihp->ird_addrsiz); if (size != 2) { (void)snprintf(cp, sizeof(buf) - (cp - buf), - " [size %d]", size); + " [size %u]", size); break; } idp = (const struct id_rdiscovery *)&dp->icmp_data; - while (num-- > 0) { - ND_TCHECK(*idp); + while (num > 0) { + ND_TCHECK_SIZE(idp); (void)snprintf(cp, sizeof(buf) - (cp - buf), " {%s %u}", - ipaddr_string(ndo, &idp->ird_addr), - EXTRACT_32BITS(&idp->ird_pref)); + GET_IPADDR_STRING(idp->ird_addr), + GET_BE_U_4(idp->ird_pref)); cp = buf + strlen(buf); ++idp; + num--; } } break; case ICMP_TIMXCEED: - ND_TCHECK(dp->icmp_ip.ip_dst); - switch (dp->icmp_code) { + ND_TCHECK_4(dp->icmp_ip.ip_dst); + switch (icmp_code) { case ICMP_TIMXCEED_INTRANS: str = "time exceeded in-transit"; @@ -507,103 +602,113 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * default: (void)snprintf(buf, sizeof(buf), "time exceeded-#%u", - dp->icmp_code); + icmp_code); break; } break; case ICMP_PARAMPROB: - if (dp->icmp_code) + if (icmp_code) (void)snprintf(buf, sizeof(buf), - "parameter problem - code %u", dp->icmp_code); + "parameter problem - code %u", icmp_code); else { - ND_TCHECK(dp->icmp_pptr); (void)snprintf(buf, sizeof(buf), - "parameter problem - octet %u", dp->icmp_pptr); + "parameter problem - octet %u", + GET_U_1(dp->icmp_pptr)); } break; case ICMP_MASKREPLY: - ND_TCHECK(dp->icmp_mask); (void)snprintf(buf, sizeof(buf), "address mask is 0x%08x", - EXTRACT_32BITS(&dp->icmp_mask)); + GET_BE_U_4(dp->icmp_mask)); break; case ICMP_TSTAMP: - ND_TCHECK(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), "time stamp query id %u seq %u", - EXTRACT_16BITS(&dp->icmp_id), - EXTRACT_16BITS(&dp->icmp_seq)); + GET_BE_U_2(dp->icmp_id), + GET_BE_U_2(dp->icmp_seq)); break; case ICMP_TSTAMPREPLY: - ND_TCHECK(dp->icmp_ttime); + ND_TCHECK_4(dp->icmp_ttime); (void)snprintf(buf, sizeof(buf), "time stamp reply id %u seq %u: org %s", - EXTRACT_16BITS(&dp->icmp_id), - EXTRACT_16BITS(&dp->icmp_seq), - icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_otime))); + GET_BE_U_2(dp->icmp_id), + GET_BE_U_2(dp->icmp_seq), + icmp_tstamp_print(GET_BE_U_4(dp->icmp_otime))); (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", recv %s", - icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_rtime))); + icmp_tstamp_print(GET_BE_U_4(dp->icmp_rtime))); (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", xmit %s", - icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_ttime))); + icmp_tstamp_print(GET_BE_U_4(dp->icmp_ttime))); break; default: - str = tok2str(icmp2str, "type-#%d", dp->icmp_type); + str = tok2str(icmp2str, "type-#%u", icmp_type); break; } - ND_PRINT((ndo, "ICMP %s, length %u", str, plen)); + ND_PRINT("ICMP %s, length %u", str, plen); if (ndo->ndo_vflag && !fragmented) { /* don't attempt checksumming if this is a frag */ - if (ND_TTEST2(*bp, plen)) { + if (ND_TTEST_LEN(bp, plen)) { uint16_t sum; vec[0].ptr = (const uint8_t *)(const void *)dp; vec[0].len = plen; sum = in_cksum(vec, 1); if (sum != 0) { - uint16_t icmp_sum; - ND_TCHECK_16BITS(&dp->icmp_cksum); - icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum); - ND_PRINT((ndo, " (wrong icmp cksum %x (->%x)!)", + uint16_t icmp_sum = GET_BE_U_2(dp->icmp_cksum); + ND_PRINT(" (wrong icmp cksum %x (->%x)!)", icmp_sum, - in_cksum_shouldbe(icmp_sum, sum))); + in_cksum_shouldbe(icmp_sum, sum)); } } } /* * print the remnants of the IP packet. - * save the snaplength as this may get overidden in the IP printer. + * save the snaplength as this may get overridden in the IP printer. */ - if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(dp->icmp_type)) { + if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(icmp_type)) { + const u_char *snapend_save; + bp += 8; - ND_PRINT((ndo, "\n\t")); + ND_PRINT("\n\t"); ip = (const struct ip *)bp; - ndo->ndo_snaplen = ndo->ndo_snapend - bp; - snapend_save = ndo->ndo_snapend; - ND_TCHECK_16BITS(&ip->ip_len); - ip_print(ndo, bp, EXTRACT_16BITS(&ip->ip_len)); - ndo->ndo_snapend = snapend_save; + snapend_save = ndo->ndo_snapend; + /* + * Update the snapend because extensions (MPLS, ...) may be + * present after the IP packet. In this case the current + * (outer) packet's snapend is not what ip_print() needs to + * decode an IP packet nested in the middle of an ICMP payload. + * + * This prevents that, in ip_print(), for the nested IP packet, + * the remaining length < remaining caplen. + */ + ndo->ndo_snapend = ND_MIN(bp + GET_BE_U_2(ip->ip_len), + ndo->ndo_snapend); + ip_print(ndo, bp, GET_BE_U_2(ip->ip_len)); + ndo->ndo_snapend = snapend_save; } + /* ndo_protocol reassignment after ip_print() call */ + ndo->ndo_protocol = "icmp"; + /* - * Attempt to decode the MPLS extensions only for some ICMP types. + * Attempt to decode multi-part message extensions (rfc4884) only for some ICMP types. */ - if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MPLS_EXT_TYPE(dp->icmp_type)) { + if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MULTIPART_EXT_TYPE(icmp_type)) { - ND_TCHECK(*ext_dp); + ND_TCHECK_SIZE(ext_dp); /* - * Check first if the mpls extension header shows a non-zero length. + * Check first if the multi-part extension header shows a non-zero length. * If the length field is not set then silently verify the checksum * to check if an extension header is present. This is expedient, * however not all implementations set the length field proper. */ - if (!ext_dp->icmp_length && - ND_TTEST2(ext_dp->icmp_ext_version_res, plen - ICMP_EXTD_MINLEN)) { + if (GET_U_1(ext_dp->icmp_length) == 0 && + ND_TTEST_LEN(ext_dp->icmp_ext_version_res, plen - ICMP_EXTD_MINLEN)) { vec[0].ptr = (const uint8_t *)(const void *)&ext_dp->icmp_ext_version_res; vec[0].len = plen - ICMP_EXTD_MINLEN; if (in_cksum(vec, 1)) { @@ -611,76 +716,70 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * } } - ND_PRINT((ndo, "\n\tMPLS extension v%u", - ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)))); + ND_PRINT("\n\tICMP Multi-Part extension v%u", + ICMP_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res))); /* * Sanity checking of the header. */ - if (ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != - ICMP_MPLS_EXT_VERSION) { - ND_PRINT((ndo, " packet not supported")); + if (ICMP_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != + ICMP_EXT_VERSION) { + ND_PRINT(" packet not supported"); return; } hlen = plen - ICMP_EXTD_MINLEN; - if (ND_TTEST2(ext_dp->icmp_ext_version_res, hlen)) { + if (ND_TTEST_LEN(ext_dp->icmp_ext_version_res, hlen)) { vec[0].ptr = (const uint8_t *)(const void *)&ext_dp->icmp_ext_version_res; vec[0].len = hlen; - ND_PRINT((ndo, ", checksum 0x%04x (%scorrect), length %u", - EXTRACT_16BITS(ext_dp->icmp_ext_checksum), + ND_PRINT(", checksum 0x%04x (%scorrect), length %u", + GET_BE_U_2(ext_dp->icmp_ext_checksum), in_cksum(vec, 1) ? "in" : "", - hlen)); + hlen); } hlen -= 4; /* subtract common header size */ obj_tptr = (const uint8_t *)ext_dp->icmp_ext_data; - while (hlen > sizeof(struct icmp_mpls_ext_object_header_t)) { + while (hlen > sizeof(struct icmp_multipart_ext_object_header_t)) { - icmp_mpls_ext_object_header = (const struct icmp_mpls_ext_object_header_t *)obj_tptr; - ND_TCHECK(*icmp_mpls_ext_object_header); - obj_tlen = EXTRACT_16BITS(icmp_mpls_ext_object_header->length); - obj_class_num = icmp_mpls_ext_object_header->class_num; - obj_ctype = icmp_mpls_ext_object_header->ctype; - obj_tptr += sizeof(struct icmp_mpls_ext_object_header_t); + icmp_multipart_ext_object_header = (const struct icmp_multipart_ext_object_header_t *)obj_tptr; + ND_TCHECK_SIZE(icmp_multipart_ext_object_header); + obj_tlen = GET_BE_U_2(icmp_multipart_ext_object_header->length); + obj_class_num = GET_U_1(icmp_multipart_ext_object_header->class_num); + obj_ctype = GET_U_1(icmp_multipart_ext_object_header->ctype); + obj_tptr += sizeof(struct icmp_multipart_ext_object_header_t); - ND_PRINT((ndo, "\n\t %s Object (%u), Class-Type: %u, length %u", - tok2str(icmp_mpls_ext_obj_values,"unknown",obj_class_num), + ND_PRINT("\n\t %s Object (%u), Class-Type: %u, length %u", + tok2str(icmp_multipart_ext_obj_values,"unknown",obj_class_num), obj_class_num, obj_ctype, - obj_tlen)); + obj_tlen); - hlen-=sizeof(struct icmp_mpls_ext_object_header_t); /* length field includes tlv header */ + hlen-=sizeof(struct icmp_multipart_ext_object_header_t); /* length field includes tlv header */ /* infinite loop protection */ if ((obj_class_num == 0) || - (obj_tlen < sizeof(struct icmp_mpls_ext_object_header_t))) { + (obj_tlen < sizeof(struct icmp_multipart_ext_object_header_t))) { return; } - obj_tlen-=sizeof(struct icmp_mpls_ext_object_header_t); + obj_tlen-=sizeof(struct icmp_multipart_ext_object_header_t); switch (obj_class_num) { - case 1: + case MPLS_STACK_ENTRY_OBJECT_CLASS: switch(obj_ctype) { case 1: - ND_TCHECK2(*obj_tptr, 4); - raw_label = EXTRACT_32BITS(obj_tptr); - ND_PRINT((ndo, "\n\t label %u, exp %u", MPLS_LABEL(raw_label), MPLS_EXP(raw_label))); + raw_label = GET_BE_U_4(obj_tptr); + ND_PRINT("\n\t label %u, tc %u", MPLS_LABEL(raw_label), MPLS_TC(raw_label)); if (MPLS_STACK(raw_label)) - ND_PRINT((ndo, ", [S]")); - ND_PRINT((ndo, ", ttl %u", MPLS_TTL(raw_label))); + ND_PRINT(", [S]"); + ND_PRINT(", ttl %u", MPLS_TTL(raw_label)); break; default: print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); } break; - /* - * FIXME those are the defined objects that lack a decoder - * you are welcome to contribute code ;-) - */ - case 2: default: print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); break; @@ -694,11 +793,5 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * return; trunc: - ND_PRINT((ndo, "[|icmp]")); + nd_print_trunc(ndo); } -/* - * Local Variables: - * c-style: whitesmith - * c-basic-offset: 8 - * End: - */ |