summaryrefslogtreecommitdiff
path: root/print-lmp.c
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2017-02-19 21:13:25 -0800
committerDenis Ovsienko <denis@ovsienko.info>2017-09-13 12:25:44 +0100
commita25211918f2e790c67d859d20ccf8dbb81da1598 (patch)
treea23e3ea36c807014da485cf339e6a5b6e1376764 /print-lmp.c
parentcbddb98484ea8ec1deece351abd56e063d775b38 (diff)
downloadtcpdump-a25211918f2e790c67d859d20ccf8dbb81da1598.tar.gz
CVE-2017-13003/Clean up the LMP dissector.
Do a lot more bounds and length checks. Add a EXTRACT_8BITS() macro, for completeness, and so as not to confuse people into thinking that, to fetch a 1-byte value from a packet, they need to use EXTRACT_16BITS() to fetch a 2-byte value and then use shifting and masking to extract the desired byte. Use that rather than using EXTRACT_16BITS() to fetch a 2-byte value and then shifting and masking to extract the desired byte. Don't treat IPv4 addresses and unnumbered interface IDs the same; the first should be printed as an IPv4 address but the latter should just be printed as numbers. Handle IPv6 addresses in more object types while we're at it. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s).
Diffstat (limited to 'print-lmp.c')
-rw-r--r--print-lmp.c432
1 files changed, 350 insertions, 82 deletions
diff --git a/print-lmp.c b/print-lmp.c
index 076259b2..916a1d67 100644
--- a/print-lmp.c
+++ b/print-lmp.c
@@ -11,13 +11,14 @@
* FOR A PARTICULAR PURPOSE.
*
* Original code by Hannes Gredler (hannes@gredler.at)
- * Support for LMP service discovery extensions (defined by UNI 1.0) added
- * by Manu Pathak (mapathak@cisco.com), May 2005
+ * Support for LMP service discovery extensions (defined by OIF UNI 1.0)
+ * added by Manu Pathak (mapathak@cisco.com), May 2005
*/
/* \summary: Link Management Protocol (LMP) printer */
/* specification: RFC 4204 */
+/* OIF UNI 1.0: http://www.oiforum.com/public/documents/OIF-UNI-01.0.pdf */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -353,6 +354,73 @@ static const struct tok lmp_ctype_values[] = {
{ 0, NULL}
};
+static int
+lmp_print_data_link_subobjs(netdissect_options *ndo, const u_char *obj_tptr,
+ int total_subobj_len, int offset)
+{
+ int hexdump = FALSE;
+ int subobj_type, subobj_len;
+
+ union { /* int to float conversion buffer */
+ float f;
+ uint32_t i;
+ } bw;
+
+ while (total_subobj_len > 0 && hexdump == FALSE ) {
+ subobj_type = EXTRACT_8BITS(obj_tptr+offset);
+ subobj_len = EXTRACT_8BITS(obj_tptr+offset+1);
+ ND_PRINT((ndo, "\n\t Subobject, Type: %s (%u), Length: %u",
+ tok2str(lmp_data_link_subobj,
+ "Unknown",
+ subobj_type),
+ subobj_type,
+ subobj_len));
+ if (subobj_len < 4) {
+ ND_PRINT((ndo, " (too short)"));
+ break;
+ }
+ if ((subobj_len % 4) != 0) {
+ ND_PRINT((ndo, " (not a multiple of 4)"));
+ break;
+ }
+ if (total_subobj_len < subobj_len) {
+ ND_PRINT((ndo, " (goes past the end of the object)"));
+ break;
+ }
+ switch(subobj_type) {
+ case INT_SWITCHING_TYPE_SUBOBJ:
+ ND_PRINT((ndo, "\n\t Switching Type: %s (%u)",
+ tok2str(gmpls_switch_cap_values,
+ "Unknown",
+ EXTRACT_8BITS(obj_tptr+offset+2)),
+ EXTRACT_8BITS(obj_tptr+offset+2)));
+ ND_PRINT((ndo, "\n\t Encoding Type: %s (%u)",
+ tok2str(gmpls_encoding_values,
+ "Unknown",
+ EXTRACT_8BITS(obj_tptr+offset+3)),
+ EXTRACT_8BITS(obj_tptr+offset+3)));
+ bw.i = EXTRACT_32BITS(obj_tptr+offset+4);
+ ND_PRINT((ndo, "\n\t Min Reservable Bandwidth: %.3f Mbps",
+ bw.f*8/1000000));
+ bw.i = EXTRACT_32BITS(obj_tptr+offset+8);
+ ND_PRINT((ndo, "\n\t Max Reservable Bandwidth: %.3f Mbps",
+ bw.f*8/1000000));
+ break;
+ case WAVELENGTH_SUBOBJ:
+ ND_PRINT((ndo, "\n\t Wavelength: %u",
+ EXTRACT_32BITS(obj_tptr+offset+4)));
+ break;
+ default:
+ /* Any Unknown Subobject ==> Exit loop */
+ hexdump=TRUE;
+ break;
+ }
+ total_subobj_len-=subobj_len;
+ offset+=subobj_len;
+ }
+ return (hexdump);
+}
+
void
lmp_print(netdissect_options *ndo,
register const u_char *pptr, register u_int len)
@@ -360,10 +428,10 @@ lmp_print(netdissect_options *ndo,
const struct lmp_common_header *lmp_com_header;
const struct lmp_object_header *lmp_obj_header;
const u_char *tptr,*obj_tptr;
- int tlen,lmp_obj_len,lmp_obj_ctype,obj_tlen;
+ u_int tlen,lmp_obj_len,lmp_obj_ctype,obj_tlen;
int hexdump;
- int offset,subobj_type,subobj_len,total_subobj_len;
- int link_type;
+ u_int offset;
+ u_int link_type;
union { /* int to float conversion buffer */
float f;
@@ -401,6 +469,14 @@ lmp_print(netdissect_options *ndo,
tok2str(lmp_msg_type_values, "unknown, type: %u",lmp_com_header->msg_type),
bittok2str(lmp_header_flag_values,"none",lmp_com_header->flags),
tlen));
+ if (tlen < sizeof(const struct lmp_common_header)) {
+ ND_PRINT((ndo, " (too short)"));
+ return;
+ }
+ if (tlen > len) {
+ ND_PRINT((ndo, " (too long)"));
+ tlen = len;
+ }
tptr+=sizeof(const struct lmp_common_header);
tlen-=sizeof(const struct lmp_common_header);
@@ -413,9 +489,6 @@ lmp_print(netdissect_options *ndo,
lmp_obj_len=EXTRACT_16BITS(lmp_obj_header->length);
lmp_obj_ctype=(lmp_obj_header->ctype)&0x7f;
- if(lmp_obj_len % 4 || lmp_obj_len < 4)
- return;
-
ND_PRINT((ndo, "\n\t %s Object (%u), Class-Type: %s (%u) Flags: [%snegotiable], length: %u",
tok2str(lmp_obj_values,
"Unknown",
@@ -428,6 +501,15 @@ lmp_print(netdissect_options *ndo,
(lmp_obj_header->ctype)&0x80 ? "" : "non-",
lmp_obj_len));
+ if (lmp_obj_len < 4) {
+ ND_PRINT((ndo, " (too short)"));
+ return;
+ }
+ if ((lmp_obj_len % 4) != 0) {
+ ND_PRINT((ndo, " (not a multiple of 4)"));
+ return;
+ }
+
obj_tptr=tptr+sizeof(struct lmp_object_header);
obj_tlen=lmp_obj_len-sizeof(struct lmp_object_header);
@@ -441,6 +523,10 @@ lmp_print(netdissect_options *ndo,
switch(lmp_obj_ctype) {
case LMP_CTYPE_LOC:
case LMP_CTYPE_RMT:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Control Channel ID: %u (0x%08x)",
EXTRACT_32BITS(obj_tptr),
EXTRACT_32BITS(obj_tptr)));
@@ -456,18 +542,30 @@ lmp_print(netdissect_options *ndo,
switch(lmp_obj_ctype) {
case LMP_CTYPE_IPV4_LOC:
case LMP_CTYPE_IPV4_RMT:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t IPv4 Link ID: %s (0x%08x)",
ipaddr_string(ndo, obj_tptr),
EXTRACT_32BITS(obj_tptr)));
break;
case LMP_CTYPE_IPV6_LOC:
case LMP_CTYPE_IPV6_RMT:
+ if (obj_tlen != 16) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t IPv6 Link ID: %s (0x%08x)",
ip6addr_string(ndo, obj_tptr),
EXTRACT_32BITS(obj_tptr)));
break;
case LMP_CTYPE_UNMD_LOC:
case LMP_CTYPE_UNMD_RMT:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Link ID: %u (0x%08x)",
EXTRACT_32BITS(obj_tptr),
EXTRACT_32BITS(obj_tptr)));
@@ -480,11 +578,19 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_MESSAGE_ID:
switch(lmp_obj_ctype) {
case LMP_CTYPE_1:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Message ID: %u (0x%08x)",
EXTRACT_32BITS(obj_tptr),
EXTRACT_32BITS(obj_tptr)));
break;
case LMP_CTYPE_2:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Message ID Ack: %u (0x%08x)",
EXTRACT_32BITS(obj_tptr),
EXTRACT_32BITS(obj_tptr)));
@@ -498,6 +604,10 @@ lmp_print(netdissect_options *ndo,
switch(lmp_obj_ctype) {
case LMP_CTYPE_LOC:
case LMP_CTYPE_RMT:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Node ID: %s (0x%08x)",
ipaddr_string(ndo, obj_tptr),
EXTRACT_32BITS(obj_tptr)));
@@ -511,6 +621,10 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_CONFIG:
switch(lmp_obj_ctype) {
case LMP_CTYPE_HELLO_CONFIG:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Hello Interval: %u\n\t Hello Dead Interval: %u",
EXTRACT_16BITS(obj_tptr),
EXTRACT_16BITS(obj_tptr+2)));
@@ -524,6 +638,10 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_HELLO:
switch(lmp_obj_ctype) {
case LMP_CTYPE_HELLO:
+ if (obj_tlen != 8) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Tx Seq: %u, Rx Seq: %u",
EXTRACT_32BITS(obj_tptr),
EXTRACT_32BITS(obj_tptr+4)));
@@ -535,13 +653,17 @@ lmp_print(netdissect_options *ndo,
break;
case LMP_OBJ_TE_LINK:
+ switch(lmp_obj_ctype) {
+ case LMP_CTYPE_IPV4:
+ if (obj_tlen != 12) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Flags: [%s]",
- bittok2str(lmp_obj_te_link_flag_values,
+ bittok2str(lmp_obj_te_link_flag_values,
"none",
- EXTRACT_16BITS(obj_tptr)>>8)));
+ EXTRACT_8BITS(obj_tptr))));
- switch(lmp_obj_ctype) {
- case LMP_CTYPE_IPV4:
ND_PRINT((ndo, "\n\t Local Link-ID: %s (0x%08x)"
"\n\t Remote Link-ID: %s (0x%08x)",
ipaddr_string(ndo, obj_tptr+4),
@@ -551,21 +673,57 @@ lmp_print(netdissect_options *ndo,
break;
case LMP_CTYPE_IPV6:
+ if (obj_tlen != 36) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
+ ND_PRINT((ndo, "\n\t Flags: [%s]",
+ bittok2str(lmp_obj_te_link_flag_values,
+ "none",
+ EXTRACT_8BITS(obj_tptr))));
+
+ ND_PRINT((ndo, "\n\t Local Link-ID: %s (0x%08x)"
+ "\n\t Remote Link-ID: %s (0x%08x)",
+ ip6addr_string(ndo, obj_tptr+4),
+ EXTRACT_32BITS(obj_tptr+4),
+ ip6addr_string(ndo, obj_tptr+20),
+ EXTRACT_32BITS(obj_tptr+20)));
+ break;
+
case LMP_CTYPE_UNMD:
+ if (obj_tlen != 12) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
+ ND_PRINT((ndo, "\n\t Flags: [%s]",
+ bittok2str(lmp_obj_te_link_flag_values,
+ "none",
+ EXTRACT_8BITS(obj_tptr))));
+
+ ND_PRINT((ndo, "\n\t Local Link-ID: %u (0x%08x)"
+ "\n\t Remote Link-ID: %u (0x%08x)",
+ EXTRACT_32BITS(obj_tptr+4),
+ EXTRACT_32BITS(obj_tptr+4),
+ EXTRACT_32BITS(obj_tptr+8),
+ EXTRACT_32BITS(obj_tptr+8)));
+ break;
+
default:
hexdump=TRUE;
}
break;
case LMP_OBJ_DATA_LINK:
- ND_PRINT((ndo, "\n\t Flags: [%s]",
- bittok2str(lmp_obj_data_link_flag_values,
- "none",
- EXTRACT_16BITS(obj_tptr)>>8)));
-
switch(lmp_obj_ctype) {
case LMP_CTYPE_IPV4:
- case LMP_CTYPE_UNMD:
+ if (obj_tlen < 12) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
+ ND_PRINT((ndo, "\n\t Flags: [%s]",
+ bittok2str(lmp_obj_data_link_flag_values,
+ "none",
+ EXTRACT_8BITS(obj_tptr))));
ND_PRINT((ndo, "\n\t Local Interface ID: %s (0x%08x)"
"\n\t Remote Interface ID: %s (0x%08x)",
ipaddr_string(ndo, obj_tptr+4),
@@ -573,51 +731,50 @@ lmp_print(netdissect_options *ndo,
ipaddr_string(ndo, obj_tptr+8),
EXTRACT_32BITS(obj_tptr+8)));
- total_subobj_len = lmp_obj_len - 16;
- offset = 12;
- while (total_subobj_len > 0 && hexdump == FALSE ) {
- subobj_type = EXTRACT_16BITS(obj_tptr+offset)>>8;
- subobj_len = EXTRACT_16BITS(obj_tptr+offset)&0x00FF;
- ND_PRINT((ndo, "\n\t Subobject, Type: %s (%u), Length: %u",
- tok2str(lmp_data_link_subobj,
- "Unknown",
- subobj_type),
- subobj_type,
- subobj_len));
- switch(subobj_type) {
- case INT_SWITCHING_TYPE_SUBOBJ:
- ND_PRINT((ndo, "\n\t Switching Type: %s (%u)",
- tok2str(gmpls_switch_cap_values,
- "Unknown",
- EXTRACT_16BITS(obj_tptr+offset+2)>>8),
- EXTRACT_16BITS(obj_tptr+offset+2)>>8));
- ND_PRINT((ndo, "\n\t Encoding Type: %s (%u)",
- tok2str(gmpls_encoding_values,
- "Unknown",
- EXTRACT_16BITS(obj_tptr+offset+2)&0x00FF),
- EXTRACT_16BITS(obj_tptr+offset+2)&0x00FF));
- bw.i = EXTRACT_32BITS(obj_tptr+offset+4);
- ND_PRINT((ndo, "\n\t Min Reservable Bandwidth: %.3f Mbps",
- bw.f*8/1000000));
- bw.i = EXTRACT_32BITS(obj_tptr+offset+8);
- ND_PRINT((ndo, "\n\t Max Reservable Bandwidth: %.3f Mbps",
- bw.f*8/1000000));
- break;
- case WAVELENGTH_SUBOBJ:
- ND_PRINT((ndo, "\n\t Wavelength: %u",
- EXTRACT_32BITS(obj_tptr+offset+4)));
- break;
- default:
- /* Any Unknown Subobject ==> Exit loop */
- hexdump=TRUE;
- break;
- }
- total_subobj_len-=subobj_len;
- offset+=subobj_len;
- }
-
+ if (lmp_print_data_link_subobjs(ndo, obj_tptr, obj_tlen - 12, 12))
+ hexdump=TRUE;
break;
+
case LMP_CTYPE_IPV6:
+ if (obj_tlen < 36) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
+ ND_PRINT((ndo, "\n\t Flags: [%s]",
+ bittok2str(lmp_obj_data_link_flag_values,
+ "none",
+ EXTRACT_8BITS(obj_tptr))));
+ ND_PRINT((ndo, "\n\t Local Interface ID: %s (0x%08x)"
+ "\n\t Remote Interface ID: %s (0x%08x)",
+ ip6addr_string(ndo, obj_tptr+4),
+ EXTRACT_32BITS(obj_tptr+4),
+ ip6addr_string(ndo, obj_tptr+20),
+ EXTRACT_32BITS(obj_tptr+20)));
+
+ if (lmp_print_data_link_subobjs(ndo, obj_tptr, obj_tlen - 36, 36))
+ hexdump=TRUE;
+ break;
+
+ case LMP_CTYPE_UNMD:
+ if (obj_tlen < 12) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
+ ND_PRINT((ndo, "\n\t Flags: [%s]",
+ bittok2str(lmp_obj_data_link_flag_values,
+ "none",
+ EXTRACT_8BITS(obj_tptr))));
+ ND_PRINT((ndo, "\n\t Local Interface ID: %u (0x%08x)"
+ "\n\t Remote Interface ID: %u (0x%08x)",
+ EXTRACT_32BITS(obj_tptr+4),
+ EXTRACT_32BITS(obj_tptr+4),
+ EXTRACT_32BITS(obj_tptr+8),
+ EXTRACT_32BITS(obj_tptr+8)));
+
+ if (lmp_print_data_link_subobjs(ndo, obj_tptr, obj_tlen - 12, 12))
+ hexdump=TRUE;
+ break;
+
default:
hexdump=TRUE;
}
@@ -626,6 +783,10 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_VERIFY_BEGIN:
switch(lmp_obj_ctype) {
case LMP_CTYPE_1:
+ if (obj_tlen != 20) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Flags: %s",
bittok2str(lmp_obj_begin_verify_flag_values,
"none",
@@ -654,6 +815,10 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_VERIFY_BEGIN_ACK:
switch(lmp_obj_ctype) {
case LMP_CTYPE_1:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Verify Dead Interval: %u"
"\n\t Verify Transport Response: %u",
EXTRACT_16BITS(obj_tptr),
@@ -668,6 +833,10 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_VERIFY_ID:
switch(lmp_obj_ctype) {
case LMP_CTYPE_1:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Verify ID: %u",
EXTRACT_32BITS(obj_tptr)));
break;
@@ -680,19 +849,20 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_CHANNEL_STATUS:
switch(lmp_obj_ctype) {
case LMP_CTYPE_IPV4:
- case LMP_CTYPE_UNMD:
offset = 0;
/* Decode pairs: <Interface_ID (4 bytes), Channel_status (4 bytes)> */
- while (offset < (lmp_obj_len-(int)sizeof(struct lmp_object_header)) ) {
+ while (offset+8 <= obj_tlen) {
ND_PRINT((ndo, "\n\t Interface ID: %s (0x%08x)",
ipaddr_string(ndo, obj_tptr+offset),
EXTRACT_32BITS(obj_tptr+offset)));
- ND_PRINT((ndo, "\n\t\t Active: %s (%u)", (EXTRACT_32BITS(obj_tptr+offset+4)>>31) ?
+ ND_PRINT((ndo, "\n\t\t Active: %s (%u)",
+ (EXTRACT_32BITS(obj_tptr+offset+4)>>31) ?
"Allocated" : "Non-allocated",
(EXTRACT_32BITS(obj_tptr+offset+4)>>31)));
- ND_PRINT((ndo, "\n\t\t Direction: %s (%u)", (EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1 ?
+ ND_PRINT((ndo, "\n\t\t Direction: %s (%u)",
+ (EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1 ?
"Transmit" : "Receive",
(EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1));
@@ -704,7 +874,61 @@ lmp_print(netdissect_options *ndo,
offset+=8;
}
break;
+
case LMP_CTYPE_IPV6:
+ offset = 0;
+ /* Decode pairs: <Interface_ID (16 bytes), Channel_status (4 bytes)> */
+ while (offset+20 <= obj_tlen) {
+ ND_PRINT((ndo, "\n\t Interface ID: %s (0x%08x)",
+ ip6addr_string(ndo, obj_tptr+offset),
+ EXTRACT_32BITS(obj_tptr+offset)));
+
+ ND_PRINT((ndo, "\n\t\t Active: %s (%u)",
+ (EXTRACT_32BITS(obj_tptr+offset+16)>>31) ?
+ "Allocated" : "Non-allocated",
+ (EXTRACT_32BITS(obj_tptr+offset+16)>>31)));
+
+ ND_PRINT((ndo, "\n\t\t Direction: %s (%u)",
+ (EXTRACT_32BITS(obj_tptr+offset+16)>>30)&0x1 ?
+ "Transmit" : "Receive",
+ (EXTRACT_32BITS(obj_tptr+offset+16)>>30)&0x1));
+
+ ND_PRINT((ndo, "\n\t\t Channel Status: %s (%u)",
+ tok2str(lmp_obj_channel_status_values,
+ "Unknown",
+ EXTRACT_32BITS(obj_tptr+offset+16)&0x3FFFFFF),
+ EXTRACT_32BITS(obj_tptr+offset+16)&0x3FFFFFF));
+ offset+=20;
+ }
+ break;
+
+ case LMP_CTYPE_UNMD:
+ offset = 0;
+ /* Decode pairs: <Interface_ID (4 bytes), Channel_status (4 bytes)> */
+ while (offset+8 <= obj_tlen) {
+ ND_PRINT((ndo, "\n\t Interface ID: %u (0x%08x)",
+ EXTRACT_32BITS(obj_tptr+offset),
+ EXTRACT_32BITS(obj_tptr+offset)));
+
+ ND_PRINT((ndo, "\n\t\t Active: %s (%u)",
+ (EXTRACT_32BITS(obj_tptr+offset+4)>>31) ?
+ "Allocated" : "Non-allocated",
+ (EXTRACT_32BITS(obj_tptr+offset+4)>>31)));
+
+ ND_PRINT((ndo, "\n\t\t Direction: %s (%u)",
+ (EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1 ?
+ "Transmit" : "Receive",
+ (EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1));
+
+ ND_PRINT((ndo, "\n\t\t Channel Status: %s (%u)",
+ tok2str(lmp_obj_channel_status_values,
+ "Unknown",
+ EXTRACT_32BITS(obj_tptr+offset+4)&0x3FFFFFF),
+ EXTRACT_32BITS(obj_tptr+offset+4)&0x3FFFFFF));
+ offset+=8;
+ }
+ break;
+
default:
hexdump=TRUE;
}
@@ -713,16 +937,35 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_CHANNEL_STATUS_REQ:
switch(lmp_obj_ctype) {
case LMP_CTYPE_IPV4:
- case LMP_CTYPE_UNMD:
offset = 0;
- while (offset < (lmp_obj_len-(int)sizeof(struct lmp_object_header)) ) {
+ while (offset+4 <= obj_tlen) {
ND_PRINT((ndo, "\n\t Interface ID: %s (0x%08x)",
ipaddr_string(ndo, obj_tptr+offset),
EXTRACT_32BITS(obj_tptr+offset)));
offset+=4;
}
break;
+
case LMP_CTYPE_IPV6:
+ offset = 0;
+ while (offset+16 <= obj_tlen) {
+ ND_PRINT((ndo, "\n\t Interface ID: %s (0x%08x)",
+ ip6addr_string(ndo, obj_tptr+offset),
+ EXTRACT_32BITS(obj_tptr+offset)));
+ offset+=16;
+ }
+ break;
+
+ case LMP_CTYPE_UNMD:
+ offset = 0;
+ while (offset+4 <= obj_tlen) {
+ ND_PRINT((ndo, "\n\t Interface ID: %u (0x%08x)",
+ EXTRACT_32BITS(obj_tptr+offset),
+ EXTRACT_32BITS(obj_tptr+offset)));
+ offset+=4;
+ }
+ break;
+
default:
hexdump=TRUE;
}
@@ -731,6 +974,10 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_ERROR_CODE:
switch(lmp_obj_ctype) {
case LMP_CTYPE_BEGIN_VERIFY_ERROR:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Error Code: %s",
bittok2str(lmp_obj_begin_verify_error_values,
"none",
@@ -738,6 +985,10 @@ lmp_print(netdissect_options *ndo,
break;
case LMP_CTYPE_LINK_SUMMARY_ERROR:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Error Code: %s",
bittok2str(lmp_obj_link_summary_error_values,
"none",
@@ -751,51 +1002,60 @@ lmp_print(netdissect_options *ndo,
case LMP_OBJ_SERVICE_CONFIG:
switch (lmp_obj_ctype) {
case LMP_CTYPE_SERVICE_CONFIG_SP:
-
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Flags: %s",
bittok2str(lmp_obj_service_config_sp_flag_values,
"none",
- EXTRACT_16BITS(obj_tptr)>>8)));
+ EXTRACT_8BITS(obj_tptr))));
ND_PRINT((ndo, "\n\t UNI Version: %u",
- EXTRACT_16BITS(obj_tptr) & 0x00FF));
+ EXTRACT_8BITS(obj_tptr+1)));
break;
case LMP_CTYPE_SERVICE_CONFIG_CPSA:
+ if (obj_tlen != 16) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
- link_type = EXTRACT_16BITS(obj_tptr)>>8;
+ link_type = EXTRACT_8BITS(obj_tptr);
ND_PRINT((ndo, "\n\t Link Type: %s (%u)",
tok2str(lmp_sd_service_config_cpsa_link_type_values,
"Unknown", link_type),
link_type));
- if (link_type == LMP_SD_SERVICE_CONFIG_CPSA_LINK_TYPE_SDH) {
+ switch (link_type) {
+ case LMP_SD_SERVICE_CONFIG_CPSA_LINK_TYPE_SDH:
ND_PRINT((ndo, "\n\t Signal Type: %s (%u)",
tok2str(lmp_sd_service_config_cpsa_signal_type_sdh_values,
"Unknown",
- EXTRACT_16BITS(obj_tptr) & 0x00FF),
- EXTRACT_16BITS(obj_tptr) & 0x00FF));
- }
+ EXTRACT_8BITS(obj_tptr+1)),
+ EXTRACT_8BITS(obj_tptr+1)));
+ break;
- if (link_type == LMP_SD_SERVICE_CONFIG_CPSA_LINK_TYPE_SONET) {
+ case LMP_SD_SERVICE_CONFIG_CPSA_LINK_TYPE_SONET:
ND_PRINT((ndo, "\n\t Signal Type: %s (%u)",
tok2str(lmp_sd_service_config_cpsa_signal_type_sonet_values,
"Unknown",
- EXTRACT_16BITS(obj_tptr) & 0x00FF),
- EXTRACT_16BITS(obj_tptr) & 0x00FF));
+ EXTRACT_8BITS(obj_tptr+1)),
+ EXTRACT_8BITS(obj_tptr+1)));
+ break;
}
ND_PRINT((ndo, "\n\t Transparency: %s",
bittok2str(lmp_obj_service_config_cpsa_tp_flag_values,
"none",
- EXTRACT_16BITS(obj_tptr+2)>>8)));
+ EXTRACT_8BITS(obj_tptr+2))));
ND_PRINT((ndo, "\n\t Contiguous Concatenation Types: %s",
bittok2str(lmp_obj_service_config_cpsa_cct_flag_values,
"none",
- EXTRACT_16BITS(obj_tptr+2)>>8 & 0x00FF)));
+ EXTRACT_8BITS(obj_tptr+3))));
ND_PRINT((ndo, "\n\t Minimum NCC: %u",
EXTRACT_16BITS(obj_tptr+4)));
@@ -816,6 +1076,10 @@ lmp_print(netdissect_options *ndo,
break;
case LMP_CTYPE_SERVICE_CONFIG_TRANSPARENCY_TCM:
+ if (obj_tlen != 8) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Transparency Flags: %s",
bittok2str(
@@ -827,17 +1091,21 @@ lmp_print(netdissect_options *ndo,
bittok2str(
lmp_obj_service_config_nsa_tcm_flag_values,
"none",
- EXTRACT_16BITS(obj_tptr+6) & 0x00FF)));
+ EXTRACT_8BITS(obj_tptr+7))));
break;
case LMP_CTYPE_SERVICE_CONFIG_NETWORK_DIVERSITY:
+ if (obj_tlen != 4) {
+ ND_PRINT((ndo, " (not correct for object)"));
+ break;
+ }
ND_PRINT((ndo, "\n\t Diversity: Flags: %s",
bittok2str(
lmp_obj_service_config_nsa_network_diversity_flag_values,
"none",
- EXTRACT_16BITS(obj_tptr+2) & 0x00FF)));
+ EXTRACT_8BITS(obj_tptr+3))));
break;
default:
View Lorry Controller Status