1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-27 11:55:06 +00:00
freebsd/contrib/tcpdump/print-sctp.c
Gleb Smirnoff 3340d77368 Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.

Security:	CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security:	CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security:	CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security:	CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security:	CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security:	CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security:	CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security:	CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security:	CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security:	CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security:	CVE-2017-5486
2017-02-01 20:26:42 +00:00

818 lines
23 KiB
C

/* Copyright (c) 2001 NETLAB, Temple University
* Copyright (c) 2001 Protocol Engineering Lab, University of Delaware
*
* Jerry Heinz <gheinz@astro.temple.edu>
* John Fiore <jfiore@joda.cis.temple.edu>
* Armando L. Caro Jr. <acaro@cis.udel.edu>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the University nor of the Laboratory may be used
* to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* \summary: Stream Control Transmission Protocol (SCTP) printer */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netdissect-stdinc.h>
#include "netdissect.h"
#include "addrtoname.h"
#include "extract.h"
#include "ip.h"
#include "ip6.h"
/* Definitions from:
*
* SCTP reference Implementation Copyright (C) 1999 Cisco And Motorola
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of Cisco nor of Motorola may be used
* to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the SCTP reference Implementation
*
*
* Please send any bug reports or fixes you make to one of the following email
* addresses:
*
* rstewar1@email.mot.com
* kmorneau@cisco.com
* qxie1@email.mot.com
*
* Any bugs reported given to us we will try to fix... any fixes shared will
* be incorperated into the next SCTP release.
*/
/* The valid defines for all message
* types know to SCTP. 0 is reserved
*/
#define SCTP_DATA 0x00
#define SCTP_INITIATION 0x01
#define SCTP_INITIATION_ACK 0x02
#define SCTP_SELECTIVE_ACK 0x03
#define SCTP_HEARTBEAT_REQUEST 0x04
#define SCTP_HEARTBEAT_ACK 0x05
#define SCTP_ABORT_ASSOCIATION 0x06
#define SCTP_SHUTDOWN 0x07
#define SCTP_SHUTDOWN_ACK 0x08
#define SCTP_OPERATION_ERR 0x09
#define SCTP_COOKIE_ECHO 0x0a
#define SCTP_COOKIE_ACK 0x0b
#define SCTP_ECN_ECHO 0x0c
#define SCTP_ECN_CWR 0x0d
#define SCTP_SHUTDOWN_COMPLETE 0x0e
#define SCTP_FORWARD_CUM_TSN 0xc0
#define SCTP_RELIABLE_CNTL 0xc1
#define SCTP_RELIABLE_CNTL_ACK 0xc2
static const struct tok sctp_chunkid_str[] = {
{ SCTP_DATA, "DATA" },
{ SCTP_INITIATION, "INIT" },
{ SCTP_INITIATION_ACK, "INIT ACK" },
{ SCTP_SELECTIVE_ACK, "SACK" },
{ SCTP_HEARTBEAT_REQUEST, "HB REQ" },
{ SCTP_HEARTBEAT_ACK, "HB ACK" },
{ SCTP_ABORT_ASSOCIATION, "ABORT" },
{ SCTP_SHUTDOWN, "SHUTDOWN" },
{ SCTP_SHUTDOWN_ACK, "SHUTDOWN ACK" },
{ SCTP_OPERATION_ERR, "OP ERR" },
{ SCTP_COOKIE_ECHO, "COOKIE ECHO" },
{ SCTP_COOKIE_ACK, "COOKIE ACK" },
{ SCTP_ECN_ECHO, "ECN ECHO" },
{ SCTP_ECN_CWR, "ECN CWR" },
{ SCTP_SHUTDOWN_COMPLETE, "SHUTDOWN COMPLETE" },
{ SCTP_FORWARD_CUM_TSN, "FOR CUM TSN" },
{ SCTP_RELIABLE_CNTL, "REL CTRL" },
{ SCTP_RELIABLE_CNTL_ACK, "REL CTRL ACK" },
{ 0, NULL }
};
/* Data Chuck Specific Flags */
#define SCTP_DATA_FRAG_MASK 0x03
#define SCTP_DATA_MIDDLE_FRAG 0x00
#define SCTP_DATA_LAST_FRAG 0x01
#define SCTP_DATA_FIRST_FRAG 0x02
#define SCTP_DATA_NOT_FRAG 0x03
#define SCTP_DATA_UNORDERED 0x04
#define SCTP_ADDRMAX 60
#define CHAN_HP 6704
#define CHAN_MP 6705
#define CHAN_LP 6706
/* the sctp common header */
struct sctpHeader{
uint16_t source;
uint16_t destination;
uint32_t verificationTag;
uint32_t adler32;
};
/* various descriptor parsers */
struct sctpChunkDesc{
uint8_t chunkID;
uint8_t chunkFlg;
uint16_t chunkLength;
};
struct sctpParamDesc{
uint16_t paramType;
uint16_t paramLength;
};
struct sctpRelChunkDesc{
struct sctpChunkDesc chk;
uint32_t serialNumber;
};
struct sctpVendorSpecificParam {
struct sctpParamDesc p; /* type must be 0xfffe */
uint32_t vendorId; /* vendor ID from RFC 1700 */
uint16_t vendorSpecificType;
uint16_t vendorSpecificLen;
};
/* Structures for the control parts */
/* Sctp association init request/ack */
/* this is used for init ack, too */
struct sctpInitiation{
uint32_t initTag; /* tag of mine */
uint32_t rcvWindowCredit; /* rwnd */
uint16_t NumPreopenStreams; /* OS */
uint16_t MaxInboundStreams; /* MIS */
uint32_t initialTSN;
/* optional param's follow in sctpParamDesc form */
};
struct sctpV4IpAddress{
struct sctpParamDesc p; /* type is set to SCTP_IPV4_PARAM_TYPE, len=10 */
uint32_t ipAddress;
};
struct sctpV6IpAddress{
struct sctpParamDesc p; /* type is set to SCTP_IPV6_PARAM_TYPE, len=22 */
uint8_t ipAddress[16];
};
struct sctpDNSName{
struct sctpParamDesc param;
uint8_t name[1];
};
struct sctpCookiePreserve{
struct sctpParamDesc p; /* type is set to SCTP_COOKIE_PRESERVE, len=8 */
uint32_t extraTime;
};
struct sctpTimeStamp{
uint32_t ts_sec;
uint32_t ts_usec;
};
/* wire structure of my cookie */
struct cookieMessage{
uint32_t TieTag_curTag; /* copied from assoc if present */
uint32_t TieTag_hisTag; /* copied from assoc if present */
int32_t cookieLife; /* life I will award this cookie */
struct sctpTimeStamp timeEnteringState; /* the time I built cookie */
struct sctpInitiation initAckISent; /* the INIT-ACK that I sent to my peer */
uint32_t addressWhereISent[4]; /* I make this 4 ints so I get 128bits for future */
int32_t addrtype; /* address type */
uint16_t locScope; /* V6 local scope flag */
uint16_t siteScope; /* V6 site scope flag */
/* at the end is tacked on the INIT chunk sent in
* its entirety and of course our
* signature.
*/
};
/* this guy is for use when
* I have a initiate message gloming the
* things together.
*/
struct sctpUnifiedInit{
struct sctpChunkDesc uh;
struct sctpInitiation initm;
};
struct sctpSendableInit{
struct sctpHeader mh;
struct sctpUnifiedInit msg;
};
/* Selective Acknowledgement
* has the following structure with
* a optional ammount of trailing int's
* on the last part (based on the numberOfDesc
* field).
*/
struct sctpSelectiveAck{
uint32_t highestConseqTSN;
uint32_t updatedRwnd;
uint16_t numberOfdesc;
uint16_t numDupTsns;
};
struct sctpSelectiveFrag{
uint16_t fragmentStart;
uint16_t fragmentEnd;
};
struct sctpUnifiedSack{
struct sctpChunkDesc uh;
struct sctpSelectiveAck sack;
};
/* for both RTT request/response the
* following is sent
*/
struct sctpHBrequest {
uint32_t time_value_1;
uint32_t time_value_2;
};
/* here is what I read and respond with to. */
struct sctpHBunified{
struct sctpChunkDesc hdr;
struct sctpParamDesc hb;
};
/* here is what I send */
struct sctpHBsender{
struct sctpChunkDesc hdr;
struct sctpParamDesc hb;
struct sctpHBrequest rtt;
int8_t addrFmt[SCTP_ADDRMAX];
uint16_t userreq;
};
/* for the abort and shutdown ACK
* we must carry the init tag in the common header. Just the
* common header is all that is needed with a chunk descriptor.
*/
struct sctpUnifiedAbort{
struct sctpChunkDesc uh;
};
struct sctpUnifiedAbortLight{
struct sctpHeader mh;
struct sctpChunkDesc uh;
};
struct sctpUnifiedAbortHeavy{
struct sctpHeader mh;
struct sctpChunkDesc uh;
uint16_t causeCode;
uint16_t causeLen;
};
/* For the graceful shutdown we must carry
* the tag (in common header) and the highest consequitive acking value
*/
struct sctpShutdown {
uint32_t TSN_Seen;
};
struct sctpUnifiedShutdown{
struct sctpChunkDesc uh;
struct sctpShutdown shut;
};
/* in the unified message we add the trailing
* stream id since it is the only message
* that is defined as a operation error.
*/
struct sctpOpErrorCause{
uint16_t cause;
uint16_t causeLen;
};
struct sctpUnifiedOpError{
struct sctpChunkDesc uh;
struct sctpOpErrorCause c;
};
struct sctpUnifiedStreamError{
struct sctpHeader mh;
struct sctpChunkDesc uh;
struct sctpOpErrorCause c;
uint16_t strmNum;
uint16_t reserved;
};
struct staleCookieMsg{
struct sctpHeader mh;
struct sctpChunkDesc uh;
struct sctpOpErrorCause c;
uint32_t moretime;
};
/* the following is used in all sends
* where nothing is needed except the
* chunk/type i.e. shutdownAck Abort */
struct sctpUnifiedSingleMsg{
struct sctpHeader mh;
struct sctpChunkDesc uh;
};
struct sctpDataPart{
uint32_t TSN;
uint16_t streamId;
uint16_t sequence;
uint32_t payloadtype;
};
struct sctpUnifiedDatagram{
struct sctpChunkDesc uh;
struct sctpDataPart dp;
};
struct sctpECN_echo{
struct sctpChunkDesc uh;
uint32_t Lowest_TSN;
};
struct sctpCWR{
struct sctpChunkDesc uh;
uint32_t TSN_reduced_at;
};
static const struct tok ForCES_channels[] = {
{ CHAN_HP, "ForCES HP" },
{ CHAN_MP, "ForCES MP" },
{ CHAN_LP, "ForCES LP" },
{ 0, NULL }
};
/* data chunk's payload protocol identifiers */
#define SCTP_PPID_IUA 1
#define SCTP_PPID_M2UA 2
#define SCTP_PPID_M3UA 3
#define SCTP_PPID_SUA 4
#define SCTP_PPID_M2PA 5
#define SCTP_PPID_V5UA 6
#define SCTP_PPID_H248 7
#define SCTP_PPID_BICC 8
#define SCTP_PPID_TALI 9
#define SCTP_PPID_DUA 10
#define SCTP_PPID_ASAP 11
#define SCTP_PPID_ENRP 12
#define SCTP_PPID_H323 13
#define SCTP_PPID_QIPC 14
#define SCTP_PPID_SIMCO 15
#define SCTP_PPID_DDPSC 16
#define SCTP_PPID_DDPSSC 17
#define SCTP_PPID_S1AP 18
#define SCTP_PPID_RUA 19
#define SCTP_PPID_HNBAP 20
#define SCTP_PPID_FORCES_HP 21
#define SCTP_PPID_FORCES_MP 22
#define SCTP_PPID_FORCES_LP 23
#define SCTP_PPID_SBC_AP 24
#define SCTP_PPID_NBAP 25
/* 26 */
#define SCTP_PPID_X2AP 27
static const struct tok PayloadProto_idents[] = {
{ SCTP_PPID_IUA, "ISDN Q.921" },
{ SCTP_PPID_M2UA, "M2UA" },
{ SCTP_PPID_M3UA, "M3UA" },
{ SCTP_PPID_SUA, "SUA" },
{ SCTP_PPID_M2PA, "M2PA" },
{ SCTP_PPID_V5UA, "V5.2" },
{ SCTP_PPID_H248, "H.248" },
{ SCTP_PPID_BICC, "BICC" },
{ SCTP_PPID_TALI, "TALI" },
{ SCTP_PPID_DUA, "DUA" },
{ SCTP_PPID_ASAP, "ASAP" },
{ SCTP_PPID_ENRP, "ENRP" },
{ SCTP_PPID_H323, "H.323" },
{ SCTP_PPID_QIPC, "Q.IPC" },
{ SCTP_PPID_SIMCO, "SIMCO" },
{ SCTP_PPID_DDPSC, "DDPSC" },
{ SCTP_PPID_DDPSSC, "DDPSSC" },
{ SCTP_PPID_S1AP, "S1AP" },
{ SCTP_PPID_RUA, "RUA" },
{ SCTP_PPID_HNBAP, "HNBAP" },
{ SCTP_PPID_FORCES_HP, "ForCES HP" },
{ SCTP_PPID_FORCES_MP, "ForCES MP" },
{ SCTP_PPID_FORCES_LP, "ForCES LP" },
{ SCTP_PPID_SBC_AP, "SBc-AP" },
{ SCTP_PPID_NBAP, "NBAP" },
/* 26 */
{ SCTP_PPID_X2AP, "X2AP" },
{ 0, NULL }
};
static inline int isForCES_port(u_short Port)
{
if (Port == CHAN_HP)
return 1;
if (Port == CHAN_MP)
return 1;
if (Port == CHAN_LP)
return 1;
return 0;
}
void sctp_print(netdissect_options *ndo,
const u_char *bp, /* beginning of sctp packet */
const u_char *bp2, /* beginning of enclosing */
u_int sctpPacketLength) /* ip packet */
{
u_int sctpPacketLengthRemaining;
const struct sctpHeader *sctpPktHdr;
const struct ip *ip;
const struct ip6_hdr *ip6;
u_short sourcePort, destPort;
int chunkCount;
const struct sctpChunkDesc *chunkDescPtr;
const char *sep;
int isforces = 0;
if (sctpPacketLength < sizeof(struct sctpHeader))
{
ND_PRINT((ndo, "truncated-sctp - %ld bytes missing!",
(long)(sizeof(struct sctpHeader) - sctpPacketLength)));
return;
}
sctpPktHdr = (const struct sctpHeader*) bp;
ND_TCHECK(*sctpPktHdr);
sctpPacketLengthRemaining = sctpPacketLength;
sourcePort = EXTRACT_16BITS(&sctpPktHdr->source);
destPort = EXTRACT_16BITS(&sctpPktHdr->destination);
ip = (const struct ip *)bp2;
if (IP_V(ip) == 6)
ip6 = (const struct ip6_hdr *)bp2;
else
ip6 = NULL;
if (ip6) {
ND_PRINT((ndo, "%s.%d > %s.%d: sctp",
ip6addr_string(ndo, &ip6->ip6_src),
sourcePort,
ip6addr_string(ndo, &ip6->ip6_dst),
destPort));
} else
{
ND_PRINT((ndo, "%s.%d > %s.%d: sctp",
ipaddr_string(ndo, &ip->ip_src),
sourcePort,
ipaddr_string(ndo, &ip->ip_dst),
destPort));
}
if (isForCES_port(sourcePort)) {
ND_PRINT((ndo, "[%s]", tok2str(ForCES_channels, NULL, sourcePort)));
isforces = 1;
}
if (isForCES_port(destPort)) {
ND_PRINT((ndo, "[%s]", tok2str(ForCES_channels, NULL, destPort)));
isforces = 1;
}
bp += sizeof(struct sctpHeader);
sctpPacketLengthRemaining -= sizeof(struct sctpHeader);
if (ndo->ndo_vflag >= 2)
sep = "\n\t";
else
sep = " (";
/* cycle through all chunks, printing information on each one */
for (chunkCount = 0, chunkDescPtr = (const struct sctpChunkDesc *)bp;
sctpPacketLengthRemaining != 0;
chunkCount++)
{
uint16_t chunkLength, chunkLengthRemaining;
uint16_t align;
chunkDescPtr = (const struct sctpChunkDesc *)bp;
if (sctpPacketLengthRemaining < sizeof(*chunkDescPtr)) {
ND_PRINT((ndo, "%s%d) [chunk descriptor cut off at end of packet]", sep, chunkCount+1));
break;
}
ND_TCHECK(*chunkDescPtr);
chunkLength = EXTRACT_16BITS(&chunkDescPtr->chunkLength);
if (chunkLength < sizeof(*chunkDescPtr)) {
ND_PRINT((ndo, "%s%d) [Bad chunk length %u, < size of chunk descriptor]", sep, chunkCount+1, chunkLength));
break;
}
chunkLengthRemaining = chunkLength;
align = chunkLength % 4;
if (align != 0)
align = 4 - align;
if (sctpPacketLengthRemaining < align) {
ND_PRINT((ndo, "%s%d) [Bad chunk length %u, > remaining data in packet]", sep, chunkCount+1, chunkLength));
break;
}
ND_TCHECK2(*bp, chunkLength);
bp += sizeof(*chunkDescPtr);
sctpPacketLengthRemaining -= sizeof(*chunkDescPtr);
chunkLengthRemaining -= sizeof(*chunkDescPtr);
ND_PRINT((ndo, "%s%d) ", sep, chunkCount+1));
ND_PRINT((ndo, "[%s] ", tok2str(sctp_chunkid_str, "Unknown chunk type: 0x%x",
chunkDescPtr->chunkID)));
switch (chunkDescPtr->chunkID)
{
case SCTP_DATA :
{
const struct sctpDataPart *dataHdrPtr;
uint32_t ppid;
u_int payload_size;
if ((chunkDescPtr->chunkFlg & SCTP_DATA_UNORDERED)
== SCTP_DATA_UNORDERED)
ND_PRINT((ndo, "(U)"));
if ((chunkDescPtr->chunkFlg & SCTP_DATA_FIRST_FRAG)
== SCTP_DATA_FIRST_FRAG)
ND_PRINT((ndo, "(B)"));
if ((chunkDescPtr->chunkFlg & SCTP_DATA_LAST_FRAG)
== SCTP_DATA_LAST_FRAG)
ND_PRINT((ndo, "(E)"));
if( ((chunkDescPtr->chunkFlg & SCTP_DATA_UNORDERED)
== SCTP_DATA_UNORDERED)
||
((chunkDescPtr->chunkFlg & SCTP_DATA_FIRST_FRAG)
== SCTP_DATA_FIRST_FRAG)
||
((chunkDescPtr->chunkFlg & SCTP_DATA_LAST_FRAG)
== SCTP_DATA_LAST_FRAG) )
ND_PRINT((ndo, " "));
if (chunkLengthRemaining < sizeof(*dataHdrPtr)) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
dataHdrPtr=(const struct sctpDataPart*)bp;
ppid = EXTRACT_32BITS(&dataHdrPtr->payloadtype);
ND_PRINT((ndo, "[TSN: %u] ", EXTRACT_32BITS(&dataHdrPtr->TSN)));
ND_PRINT((ndo, "[SID: %u] ", EXTRACT_16BITS(&dataHdrPtr->streamId)));
ND_PRINT((ndo, "[SSEQ %u] ", EXTRACT_16BITS(&dataHdrPtr->sequence)));
ND_PRINT((ndo, "[PPID %s] ",
tok2str(PayloadProto_idents, "0x%x", ppid)));
if (!isforces) {
isforces = (ppid == SCTP_PPID_FORCES_HP) ||
(ppid == SCTP_PPID_FORCES_MP) ||
(ppid == SCTP_PPID_FORCES_LP);
}
bp += sizeof(*dataHdrPtr);
sctpPacketLengthRemaining -= sizeof(*dataHdrPtr);
chunkLengthRemaining -= sizeof(*dataHdrPtr);
payload_size = chunkLengthRemaining;
if (payload_size == 0) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
if (isforces) {
forces_print(ndo, bp, payload_size);
} else if (ndo->ndo_vflag >= 2) { /* if verbose output is specified */
/* at the command line */
switch (ppid) {
case SCTP_PPID_M3UA :
m3ua_print(ndo, bp, payload_size);
break;
default:
ND_PRINT((ndo, "[Payload"));
if (!ndo->ndo_suppress_default_print) {
ND_PRINT((ndo, ":"));
ND_DEFAULTPRINT(bp, payload_size);
}
ND_PRINT((ndo, "]"));
break;
}
}
bp += payload_size;
sctpPacketLengthRemaining -= payload_size;
chunkLengthRemaining -= payload_size;
break;
}
case SCTP_INITIATION :
{
const struct sctpInitiation *init;
if (chunkLengthRemaining < sizeof(*init)) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
init=(const struct sctpInitiation*)bp;
ND_PRINT((ndo, "[init tag: %u] ", EXTRACT_32BITS(&init->initTag)));
ND_PRINT((ndo, "[rwnd: %u] ", EXTRACT_32BITS(&init->rcvWindowCredit)));
ND_PRINT((ndo, "[OS: %u] ", EXTRACT_16BITS(&init->NumPreopenStreams)));
ND_PRINT((ndo, "[MIS: %u] ", EXTRACT_16BITS(&init->MaxInboundStreams)));
ND_PRINT((ndo, "[init TSN: %u] ", EXTRACT_32BITS(&init->initialTSN)));
bp += sizeof(*init);
sctpPacketLengthRemaining -= sizeof(*init);
chunkLengthRemaining -= sizeof(*init);
#if 0 /* ALC you can add code for optional params here */
if( chunkLengthRemaining != 0 )
ND_PRINT((ndo, " @@@@@ UNFINISHED @@@@@@%s\n",
"Optional params present, but not printed."));
#endif
bp += chunkLengthRemaining;
sctpPacketLengthRemaining -= chunkLengthRemaining;
chunkLengthRemaining = 0;
break;
}
case SCTP_INITIATION_ACK :
{
const struct sctpInitiation *init;
if (chunkLengthRemaining < sizeof(*init)) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
init=(const struct sctpInitiation*)bp;
ND_PRINT((ndo, "[init tag: %u] ", EXTRACT_32BITS(&init->initTag)));
ND_PRINT((ndo, "[rwnd: %u] ", EXTRACT_32BITS(&init->rcvWindowCredit)));
ND_PRINT((ndo, "[OS: %u] ", EXTRACT_16BITS(&init->NumPreopenStreams)));
ND_PRINT((ndo, "[MIS: %u] ", EXTRACT_16BITS(&init->MaxInboundStreams)));
ND_PRINT((ndo, "[init TSN: %u] ", EXTRACT_32BITS(&init->initialTSN)));
bp += sizeof(*init);
sctpPacketLengthRemaining -= sizeof(*init);
chunkLengthRemaining -= sizeof(*init);
#if 0 /* ALC you can add code for optional params here */
if( chunkLengthRemaining != 0 )
ND_PRINT((ndo, " @@@@@ UNFINISHED @@@@@@%s\n",
"Optional params present, but not printed."));
#endif
bp += chunkLengthRemaining;
sctpPacketLengthRemaining -= chunkLengthRemaining;
chunkLengthRemaining = 0;
break;
}
case SCTP_SELECTIVE_ACK:
{
const struct sctpSelectiveAck *sack;
const struct sctpSelectiveFrag *frag;
int fragNo, tsnNo;
const u_char *dupTSN;
if (chunkLengthRemaining < sizeof(*sack)) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
sack=(const struct sctpSelectiveAck*)bp;
ND_PRINT((ndo, "[cum ack %u] ", EXTRACT_32BITS(&sack->highestConseqTSN)));
ND_PRINT((ndo, "[a_rwnd %u] ", EXTRACT_32BITS(&sack->updatedRwnd)));
ND_PRINT((ndo, "[#gap acks %u] ", EXTRACT_16BITS(&sack->numberOfdesc)));
ND_PRINT((ndo, "[#dup tsns %u] ", EXTRACT_16BITS(&sack->numDupTsns)));
bp += sizeof(*sack);
sctpPacketLengthRemaining -= sizeof(*sack);
chunkLengthRemaining -= sizeof(*sack);
/* print gaps */
for (fragNo=0;
chunkLengthRemaining != 0 && fragNo < EXTRACT_16BITS(&sack->numberOfdesc);
bp += sizeof(*frag), sctpPacketLengthRemaining -= sizeof(*frag), chunkLengthRemaining -= sizeof(*frag), fragNo++) {
if (chunkLengthRemaining < sizeof(*frag)) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
frag = (const struct sctpSelectiveFrag *)bp;
ND_PRINT((ndo, "\n\t\t[gap ack block #%d: start = %u, end = %u] ",
fragNo+1,
EXTRACT_32BITS(&sack->highestConseqTSN) + EXTRACT_16BITS(&frag->fragmentStart),
EXTRACT_32BITS(&sack->highestConseqTSN) + EXTRACT_16BITS(&frag->fragmentEnd)));
}
/* print duplicate TSNs */
for (tsnNo=0;
chunkLengthRemaining != 0 && tsnNo<EXTRACT_16BITS(&sack->numDupTsns);
bp += 4, sctpPacketLengthRemaining -= 4, chunkLengthRemaining -= 4, tsnNo++) {
if (chunkLengthRemaining < 4) {
ND_PRINT((ndo, "bogus chunk length %u]", chunkLength));
return;
}
dupTSN = (const u_char *)bp;
ND_PRINT((ndo, "\n\t\t[dup TSN #%u: %u] ", tsnNo+1,
EXTRACT_32BITS(dupTSN)));
}
break;
}
default :
{
bp += chunkLengthRemaining;
sctpPacketLengthRemaining -= chunkLengthRemaining;
chunkLengthRemaining = 0;
break;
}
}
/*
* Any extra stuff at the end of the chunk?
* XXX - report this?
*/
bp += chunkLengthRemaining;
sctpPacketLengthRemaining -= chunkLengthRemaining;
if (ndo->ndo_vflag < 2)
sep = ", (";
if (align != 0) {
/*
* Fail if the alignment padding isn't in the captured data.
* Otherwise, skip it.
*/
ND_TCHECK2(*bp, align);
bp += align;
sctpPacketLengthRemaining -= align;
}
}
return;
trunc:
ND_PRINT((ndo, "[|sctp]"));
}