jer 15/01/07 16:23:14
Added: tcpdump-4.6.2-CVE-2014-8768.patch
tcpdump-4.6.2-CVE-2014-9140.patch
tcpdump-4.6.2-CVE-2014-8767.patch
tcpdump-4.6.2-CVE-2014-8769.patch
Log:
Patches for multiple vulnerabilities (bug #534660).
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key
A792A613)
Revision Changes Path
1.1
net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch?rev=1.1&content-type=text/plain
Index: tcpdump-4.6.2-CVE-2014-8768.patch
===================================================================
--- a/print-geonet.c
+++ b/print-geonet.c
@@ -56,16 +56,12 @@ static const struct tok msg_type_values[] = {
static void
print_btp_body(netdissect_options *ndo,
- const u_char *bp, u_int length)
+ const u_char *bp)
{
int version;
int msg_type;
const char *msg_type_str;
- if (length <= 2) {
- return;
- }
-
/* Assuming ItsDpuHeader */
version = bp[0];
msg_type = bp[1];
@@ -83,7 +79,7 @@ print_btp(netdissect_options *ndo,
ND_PRINT((ndo, "; BTP Dst:%u Src:%u", dest, src));
}
-static void
+static int
print_long_pos_vector(netdissect_options *ndo,
const u_char *bp)
{
@@ -91,10 +87,13 @@ print_long_pos_vector(netdissect_options *ndo,
ND_PRINT((ndo, "GN_ADDR:%s ", linkaddr_string (ndo, bp, 0,
GEONET_ADDR_LEN)));
+ if (!ND_TTEST2(*(bp+12), 8))
+ return (-1);
lat = EXTRACT_32BITS(bp+12);
ND_PRINT((ndo, "lat:%d ", lat));
lon = EXTRACT_32BITS(bp+16);
ND_PRINT((ndo, "lon:%d", lon));
+ return (0);
}
@@ -105,137 +104,170 @@ print_long_pos_vector(netdissect_options *ndo,
void
geonet_print(netdissect_options *ndo, const u_char *eth, const u_char *bp,
u_int length)
{
+ int version;
+ int next_hdr;
+ int hdr_type;
+ int hdr_subtype;
+ uint16_t payload_length;
+ int hop_limit;
+ const char *next_hdr_txt = "Unknown";
+ const char *hdr_type_txt = "Unknown";
+ int hdr_size = -1;
+
ND_PRINT((ndo, "GeoNet src:%s; ", etheraddr_string(ndo, eth+6)));
- if (length >= 36) {
- /* Process Common Header */
- int version = bp[0] >> 4;
- int next_hdr = bp[0] & 0x0f;
- int hdr_type = bp[1] >> 4;
- int hdr_subtype = bp[1] & 0x0f;
- uint16_t payload_length = EXTRACT_16BITS(bp+4);
- int hop_limit = bp[7];
- const char *next_hdr_txt = "Unknown";
- const char *hdr_type_txt = "Unknown";
- int hdr_size = -1;
+ /* Process Common Header */
+ if (length < 36)
+ goto malformed;
+
+ ND_TCHECK2(*bp, 7);
+ version = bp[0] >> 4;
+ next_hdr = bp[0] & 0x0f;
+ hdr_type = bp[1] >> 4;
+ hdr_subtype = bp[1] & 0x0f;
+ payload_length = EXTRACT_16BITS(bp+4);
+ hop_limit = bp[7];
- switch (next_hdr) {
- case 0: next_hdr_txt = "Any"; break;
- case 1: next_hdr_txt = "BTP-A"; break;
- case 2: next_hdr_txt = "BTP-B"; break;
- case 3: next_hdr_txt = "IPv6"; break;
- }
+ switch (next_hdr) {
+ case 0: next_hdr_txt = "Any"; break;
+ case 1: next_hdr_txt = "BTP-A"; break;
+ case 2: next_hdr_txt = "BTP-B"; break;
+ case 3: next_hdr_txt = "IPv6"; break;
+ }
- switch (hdr_type) {
- case 0: hdr_type_txt = "Any"; break;
- case 1: hdr_type_txt = "Beacon"; break;
- case 2: hdr_type_txt = "GeoUnicast"; break;
- case 3: switch (hdr_subtype) {
- case 0: hdr_type_txt =
"GeoAnycastCircle"; break;
- case 1: hdr_type_txt =
"GeoAnycastRect"; break;
- case 2: hdr_type_txt =
"GeoAnycastElipse"; break;
- }
- break;
- case 4: switch (hdr_subtype) {
- case 0: hdr_type_txt =
"GeoBroadcastCircle"; break;
- case 1: hdr_type_txt =
"GeoBroadcastRect"; break;
- case 2: hdr_type_txt =
"GeoBroadcastElipse"; break;
- }
- break;
- case 5: switch (hdr_subtype) {
- case 0: hdr_type_txt =
"TopoScopeBcast-SH"; break;
- case 1: hdr_type_txt =
"TopoScopeBcast-MH"; break;
- }
- break;
- case 6: switch (hdr_subtype) {
- case 0: hdr_type_txt =
"LocService-Request"; break;
- case 1: hdr_type_txt =
"LocService-Reply"; break;
- }
- break;
- }
+ switch (hdr_type) {
+ case 0: hdr_type_txt = "Any"; break;
+ case 1: hdr_type_txt = "Beacon"; break;
+ case 2: hdr_type_txt = "GeoUnicast"; break;
+ case 3: switch (hdr_subtype) {
+ case 0: hdr_type_txt = "GeoAnycastCircle";
break;
+ case 1: hdr_type_txt = "GeoAnycastRect"; break;
+ case 2: hdr_type_txt = "GeoAnycastElipse";
break;
+ }
+ break;
+ case 4: switch (hdr_subtype) {
+ case 0: hdr_type_txt = "GeoBroadcastCircle";
break;
+ case 1: hdr_type_txt = "GeoBroadcastRect";
break;
+ case 2: hdr_type_txt = "GeoBroadcastElipse";
break;
+ }
+ break;
+ case 5: switch (hdr_subtype) {
+ case 0: hdr_type_txt = "TopoScopeBcast-SH";
break;
+ case 1: hdr_type_txt = "TopoScopeBcast-MH";
break;
+ }
+ break;
+ case 6: switch (hdr_subtype) {
+ case 0: hdr_type_txt = "LocService-Request";
break;
+ case 1: hdr_type_txt = "LocService-Reply";
break;
+ }
+ break;
+ }
+
+ ND_PRINT((ndo, "v:%d ", version));
+ ND_PRINT((ndo, "NH:%d-%s ", next_hdr, next_hdr_txt));
+ ND_PRINT((ndo, "HT:%d-%d-%s ", hdr_type, hdr_subtype, hdr_type_txt));
+ ND_PRINT((ndo, "HopLim:%d ", hop_limit));
+ ND_PRINT((ndo, "Payload:%d ", payload_length));
+ if (print_long_pos_vector(ndo, bp + 8) == -1)
+ goto trunc;
- ND_PRINT((ndo, "v:%d ", version));
- ND_PRINT((ndo, "NH:%d-%s ", next_hdr, next_hdr_txt));
- ND_PRINT((ndo, "HT:%d-%d-%s ", hdr_type, hdr_subtype,
hdr_type_txt));
- ND_PRINT((ndo, "HopLim:%d ", hop_limit));
- ND_PRINT((ndo, "Payload:%d ", payload_length));
- print_long_pos_vector(ndo, bp + 8);
+ /* Skip Common Header */
+ length -= 36;
+ bp += 36;
- /* Skip Common Header */
- length -= 36;
- bp += 36;
+ /* Process Extended Headers */
+ switch (hdr_type) {
+ case 0: /* Any */
+ hdr_size = 0;
+ break;
+ case 1: /* Beacon */
+ hdr_size = 0;
+ break;
+ case 2: /* GeoUnicast */
+ break;
+ case 3: switch (hdr_subtype) {
+ case 0: /* GeoAnycastCircle */
+ break;
+ case 1: /* GeoAnycastRect */
+ break;
+ case 2: /* GeoAnycastElipse */
+ break;
+ }
+ break;
+ case 4: switch (hdr_subtype) {
+ case 0: /* GeoBroadcastCircle */
+ break;
+ case 1: /* GeoBroadcastRect */
+ break;
+ case 2: /* GeoBroadcastElipse */
+ break;
+ }
+ break;
+ case 5: switch (hdr_subtype) {
+ case 0: /* TopoScopeBcast-SH */
+ hdr_size = 0;
+ break;
+ case 1: /* TopoScopeBcast-MH */
+ hdr_size = 68 - 36;
+ break;
+ }
+ break;
+ case 6: switch (hdr_subtype) {
+ case 0: /* LocService-Request */
+ break;
+ case 1: /* LocService-Reply */
+ break;
+ }
+ break;
+ }
- /* Process Extended Headers */
- switch (hdr_type) {
+ /* Skip Extended headers */
+ if (hdr_size >= 0) {
+ if (length < (u_int)hdr_size)
+ goto malformed;
+ ND_TCHECK2(*bp, hdr_size);
+ length -= hdr_size;
+ bp += hdr_size;
+ switch (next_hdr) {
case 0: /* Any */
- hdr_size = 0;
- break;
- case 1: /* Beacon */
- hdr_size = 0;
- break;
- case 2: /* GeoUnicast */
break;
- case 3: switch (hdr_subtype) {
- case 0: /* GeoAnycastCircle */
- break;
- case 1: /* GeoAnycastRect */
- break;
- case 2: /* GeoAnycastElipse */
- break;
+ case 1:
+ case 2: /* BTP A/B */
+ if (length < 4)
+ goto malformed;
+ ND_TCHECK2(*bp, 4);
+ print_btp(ndo, bp);
+ length -= 4;
+ bp += 4;
+ if (length >= 2) {
+ /*
+ * XXX - did print_btp_body()
+ * return if length < 2
+ * because this is optional,
+ * or was that just not
+ * reporting genuine errors?
+ */
+ ND_TCHECK2(*bp, 2);
+ print_btp_body(ndo, bp);
}
break;
- case 4: switch (hdr_subtype) {
- case 0: /* GeoBroadcastCircle */
- break;
- case 1: /* GeoBroadcastRect */
- break;
- case 2: /* GeoBroadcastElipse */
- break;
- }
- break;
- case 5: switch (hdr_subtype) {
- case 0: /* TopoScopeBcast-SH */
- hdr_size = 0;
- break;
- case 1: /* TopoScopeBcast-MH */
- hdr_size = 68 - 36;
- break;
- }
- break;
- case 6: switch (hdr_subtype) {
- case 0: /* LocService-Request */
- break;
- case 1: /* LocService-Reply */
- break;
- }
+ case 3: /* IPv6 */
break;
}
-
- /* Skip Extended headers */
- if (hdr_size >= 0) {
- length -= hdr_size;
- bp += hdr_size;
- switch (next_hdr) {
- case 0: /* Any */
- break;
- case 1:
- case 2: /* BTP A/B */
- print_btp(ndo, bp);
- length -= 4;
- bp += 4;
- print_btp_body(ndo, bp, length);
- break;
- case 3: /* IPv6 */
- break;
- }
- }
- } else {
- ND_PRINT((ndo, "Malformed (small) "));
}
/* Print user data part */
if (ndo->ndo_vflag)
ND_DEFAULTPRINT(bp, length);
+ return;
+
+malformed:
+ ND_PRINT((ndo, " Malformed (small) "));
+ /* XXX - print the remaining data as hex? */
+ return;
+
+trunc:
+ ND_PRINT((ndo, "[|geonet]"));
}
1.1
net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch?rev=1.1&content-type=text/plain
Index: tcpdump-4.6.2-CVE-2014-9140.patch
===================================================================
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -1351,14 +1351,15 @@ static void
ppp_hdlc(netdissect_options *ndo,
const u_char *p, int length)
{
- u_char *b, *s, *t, c;
+ u_char *b, *t, c;
+ const u_char *s;
int i, proto;
const void *se;
if (length <= 0)
return;
- b = (uint8_t *)malloc(length);
+ b = (u_char *)malloc(length);
if (b == NULL)
return;
@@ -1367,14 +1368,13 @@ ppp_hdlc(netdissect_options *ndo,
* Do this so that we dont overwrite the original packet
* contents.
*/
- for (s = (u_char *)p, t = b, i = length; i > 0; i--) {
+ for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
c = *s++;
if (c == 0x7d) {
- if (i > 1) {
- i--;
- c = *s++ ^ 0x20;
- } else
- continue;
+ if (i <= 1 || !ND_TTEST(*s))
+ break;
+ i--;
+ c = *s++ ^ 0x20;
}
*t++ = c;
}
1.1
net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch?rev=1.1&content-type=text/plain
Index: tcpdump-4.6.2-CVE-2014-8767.patch
===================================================================
--- a/print-olsr.c
+++ b/print-olsr.c
@@ -178,7 +178,7 @@ struct olsr_lq_neighbor6 {
/*
* print a neighbor list with LQ extensions.
*/
-static void
+static int
olsr_print_lq_neighbor4(netdissect_options *ndo,
const u_char *msg_data, u_int hello_len)
{
@@ -187,6 +187,8 @@ olsr_print_lq_neighbor4(netdissect_options *ndo,
while (hello_len >= sizeof(struct olsr_lq_neighbor4)) {
lq_neighbor = (struct olsr_lq_neighbor4 *)msg_data;
+ if (!ND_TTEST(*lq_neighbor))
+ return (-1);
ND_PRINT((ndo, "\n\t neighbor %s, link-quality %.2lf%%"
", neighbor-link-quality %.2lf%%",
@@ -197,10 +199,11 @@ olsr_print_lq_neighbor4(netdissect_options *ndo,
msg_data += sizeof(struct olsr_lq_neighbor4);
hello_len -= sizeof(struct olsr_lq_neighbor4);
}
+ return (0);
}
#if INET6
-static void
+static int
olsr_print_lq_neighbor6(netdissect_options *ndo,
const u_char *msg_data, u_int hello_len)
{
@@ -209,6 +212,8 @@ olsr_print_lq_neighbor6(netdissect_options *ndo,
while (hello_len >= sizeof(struct olsr_lq_neighbor6)) {
lq_neighbor = (struct olsr_lq_neighbor6 *)msg_data;
+ if (!ND_TTEST(*lq_neighbor))
+ return (-1);
ND_PRINT((ndo, "\n\t neighbor %s, link-quality %.2lf%%"
", neighbor-link-quality %.2lf%%",
@@ -219,13 +224,14 @@ olsr_print_lq_neighbor6(netdissect_options *ndo,
msg_data += sizeof(struct olsr_lq_neighbor6);
hello_len -= sizeof(struct olsr_lq_neighbor6);
}
+ return (0);
}
#endif /* INET6 */
/*
* print a neighbor list.
*/
-static void
+static int
olsr_print_neighbor(netdissect_options *ndo,
const u_char *msg_data, u_int hello_len)
{
@@ -236,6 +242,8 @@ olsr_print_neighbor(netdissect_options *ndo,
while (hello_len >= sizeof(struct in_addr)) {
+ if (!ND_TTEST2(*msg_data, sizeof(struct in_addr)))
+ return (-1);
/* print 4 neighbors per line */
ND_PRINT((ndo, "%s%s", ipaddr_string(ndo, msg_data),
@@ -244,6 +252,7 @@ olsr_print_neighbor(netdissect_options *ndo,
msg_data += sizeof(struct in_addr);
hello_len -= sizeof(struct in_addr);
}
+ return (0);
}
@@ -326,6 +335,9 @@ olsr_print(netdissect_options *ndo,
ME_TO_DOUBLE(msgptr.v6->vtime),
EXTRACT_16BITS(msgptr.v6->msg_seq),
msg_len, (msg_len_valid == 0) ? " (invalid)" : ""));
+ if (!msg_len_valid) {
+ return;
+ }
msg_tlen = msg_len - sizeof(struct olsr_msg6);
msg_data = tptr + sizeof(struct olsr_msg6);
@@ -354,6 +366,9 @@ olsr_print(netdissect_options *ndo,
ME_TO_DOUBLE(msgptr.v4->vtime),
EXTRACT_16BITS(msgptr.v4->msg_seq),
msg_len, (msg_len_valid == 0) ? " (invalid)" : ""));
+ if (!msg_len_valid) {
+ return;
+ }
msg_tlen = msg_len - sizeof(struct olsr_msg4);
msg_data = tptr + sizeof(struct olsr_msg4);
@@ -362,6 +377,8 @@ olsr_print(netdissect_options *ndo,
switch (msg_type) {
case OLSR_HELLO_MSG:
case OLSR_HELLO_LQ_MSG:
+ if (msg_tlen < sizeof(struct olsr_hello))
+ goto trunc;
ND_TCHECK2(*msg_data, sizeof(struct olsr_hello));
ptr.hello = (struct olsr_hello *)msg_data;
@@ -401,15 +418,21 @@ olsr_print(netdissect_options *ndo,
msg_tlen -= sizeof(struct olsr_hello_link);
hello_len -= sizeof(struct olsr_hello_link);
+ ND_TCHECK2(*msg_data, hello_len);
if (msg_type == OLSR_HELLO_MSG) {
- olsr_print_neighbor(ndo, msg_data, hello_len);
+ if (olsr_print_neighbor(ndo, msg_data, hello_len) == -1)
+ goto trunc;
} else {
#if INET6
- if (is_ipv6)
- olsr_print_lq_neighbor6(ndo, msg_data, hello_len);
- else
+ if (is_ipv6) {
+ if (olsr_print_lq_neighbor6(ndo, msg_data, hello_len)
== -1)
+ goto trunc;
+ } else
#endif
- olsr_print_lq_neighbor4(ndo, msg_data, hello_len);
+ {
+ if (olsr_print_lq_neighbor4(ndo, msg_data, hello_len)
== -1)
+ goto trunc;
+ }
}
msg_data += hello_len;
@@ -419,6 +442,8 @@ olsr_print(netdissect_options *ndo,
case OLSR_TC_MSG:
case OLSR_TC_LQ_MSG:
+ if (msg_tlen < sizeof(struct olsr_tc))
+ goto trunc;
ND_TCHECK2(*msg_data, sizeof(struct olsr_tc));
ptr.tc = (struct olsr_tc *)msg_data;
@@ -428,14 +453,19 @@ olsr_print(netdissect_options *ndo,
msg_tlen -= sizeof(struct olsr_tc);
if (msg_type == OLSR_TC_MSG) {
- olsr_print_neighbor(ndo, msg_data, msg_tlen);
+ if (olsr_print_neighbor(ndo, msg_data, msg_tlen) == -1)
+ goto trunc;
} else {
#if INET6
- if (is_ipv6)
- olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen);
- else
+ if (is_ipv6) {
+ if (olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen) == -1)
+ goto trunc;
+ } else
#endif
- olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen);
+ {
+ if (olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen) == -1)
+ goto trunc;
+ }
}
break;
1.1
net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch?rev=1.1&content-type=text/plain
Index: tcpdump-4.6.2-CVE-2014-8769.patch
===================================================================
--- a/print-aodv.c
+++ b/print-aodv.c
@@ -37,9 +37,6 @@
#include <tcpdump-stdinc.h>
-/* for offsetof */
-#include <stddef.h>
-
#include "interface.h"
#include "addrtoname.h"
#include "extract.h" /* must come after interface.h */
@@ -146,13 +143,6 @@ struct aodv_rerr {
uint8_t rerr_flags; /* various flags */
uint8_t rerr_zero0; /* reserved, set to zero */
uint8_t rerr_dc; /* destination count */
- union {
- struct rerr_unreach dest[1];
-#ifdef INET6
- struct rerr_unreach6 dest6[1];
- struct rerr_unreach6_draft_01 dest6_draft_01[1];
-#endif
- } r;
};
#define RERR_NODELETE 0x80 /* don't delete the link */
@@ -163,19 +153,6 @@ struct aodv_rrep_ack {
uint8_t ra_zero0;
};
-union aodv {
- struct aodv_rreq rreq;
- struct aodv_rrep rrep;
- struct aodv_rerr rerr;
- struct aodv_rrep_ack rrep_ack;
-#ifdef INET6
- struct aodv_rreq6 rreq6;
- struct aodv_rreq6_draft_01 rreq6_draft_01;
- struct aodv_rrep6 rrep6;
- struct aodv_rrep6_draft_01 rrep6_draft_01;
-#endif
-};
-
#define AODV_RREQ 1 /* route request */
#define AODV_RREP 2 /* route response */
#define AODV_RERR 3 /* error report */
@@ -204,22 +181,14 @@ static void
aodv_extension(netdissect_options *ndo,
const struct aodv_ext *ep, u_int length)
{
- u_int i;
const struct aodv_hello *ah;
switch (ep->type) {
case AODV_EXT_HELLO:
- if (ndo->ndo_snapend < (u_char *) ep) {
- ND_PRINT((ndo, " [|hello]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - (u_char *)ep));
- if (i < sizeof(struct aodv_hello)) {
- ND_PRINT((ndo, " [|hello]"));
- return;
- }
- i -= sizeof(struct aodv_hello);
- ah = (void *)ep;
+ ah = (const struct aodv_hello *)(const void *)ep;
+ ND_TCHECK(*ah);
+ if (length < sizeof(struct aodv_hello))
+ goto trunc;
ND_PRINT((ndo, "\n\text HELLO %ld ms",
(unsigned long)EXTRACT_32BITS(&ah->interval)));
break;
@@ -228,141 +197,135 @@ aodv_extension(netdissect_options *ndo,
ND_PRINT((ndo, "\n\text %u %u", ep->type, ep->length));
break;
}
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|hello]"));
}
static void
-aodv_rreq(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_rreq(netdissect_options *ndo, const u_char *dat, u_int length)
{
u_int i;
+ const struct aodv_rreq *ap = (const struct aodv_rreq *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < sizeof(ap->rreq)) {
- ND_PRINT((ndo, " [|rreq]"));
- return;
- }
- i -= sizeof(ap->rreq);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n"
"\tdst %s seq %lu src %s seq %lu", length,
- ap->rreq.rreq_type & RREQ_JOIN ? "[J]" : "",
- ap->rreq.rreq_type & RREQ_REPAIR ? "[R]" : "",
- ap->rreq.rreq_type & RREQ_GRAT ? "[G]" : "",
- ap->rreq.rreq_type & RREQ_DEST ? "[D]" : "",
- ap->rreq.rreq_type & RREQ_UNKNOWN ? "[U] " : " ",
- ap->rreq.rreq_hops,
- (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_id),
- ipaddr_string(ndo, &ap->rreq.rreq_da),
- (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_ds),
- ipaddr_string(ndo, &ap->rreq.rreq_oa),
- (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_os)));
+ ap->rreq_type & RREQ_JOIN ? "[J]" : "",
+ ap->rreq_type & RREQ_REPAIR ? "[R]" : "",
+ ap->rreq_type & RREQ_GRAT ? "[G]" : "",
+ ap->rreq_type & RREQ_DEST ? "[D]" : "",
+ ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ",
+ ap->rreq_hops,
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_id),
+ ipaddr_string(ndo, &ap->rreq_da),
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_ds),
+ ipaddr_string(ndo, &ap->rreq_oa),
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_os)));
+ i = length - sizeof(*ap);
if (i >= sizeof(struct aodv_ext))
- aodv_extension(ndo, (void *)(&ap->rreq + 1), i);
+ aodv_extension(ndo, (const struct aodv_ext *)(dat +
sizeof(*ap)), i);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|rreq"));
}
static void
-aodv_rrep(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_rrep(netdissect_options *ndo, const u_char *dat, u_int length)
{
u_int i;
+ const struct aodv_rrep *ap = (const struct aodv_rrep *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < sizeof(ap->rrep)) {
- ND_PRINT((ndo, " [|rrep]"));
- return;
- }
- i -= sizeof(ap->rrep);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n"
"\tdst %s dseq %lu src %s %lu ms", length,
- ap->rrep.rrep_type & RREP_REPAIR ? "[R]" : "",
- ap->rrep.rrep_type & RREP_ACK ? "[A] " : " ",
- ap->rrep.rrep_ps & RREP_PREFIX_MASK,
- ap->rrep.rrep_hops,
- ipaddr_string(ndo, &ap->rrep.rrep_da),
- (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_ds),
- ipaddr_string(ndo, &ap->rrep.rrep_oa),
- (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_life)));
+ ap->rrep_type & RREP_REPAIR ? "[R]" : "",
+ ap->rrep_type & RREP_ACK ? "[A] " : " ",
+ ap->rrep_ps & RREP_PREFIX_MASK,
+ ap->rrep_hops,
+ ipaddr_string(ndo, &ap->rrep_da),
+ (unsigned long)EXTRACT_32BITS(&ap->rrep_ds),
+ ipaddr_string(ndo, &ap->rrep_oa),
+ (unsigned long)EXTRACT_32BITS(&ap->rrep_life)));
+ i = length - sizeof(*ap);
if (i >= sizeof(struct aodv_ext))
- aodv_extension(ndo, (void *)(&ap->rrep + 1), i);
+ aodv_extension(ndo, (const struct aodv_ext *)(dat +
sizeof(*ap)), i);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|rreq"));
}
static void
-aodv_rerr(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_rerr(netdissect_options *ndo, const u_char *dat, u_int length)
{
- u_int i;
- const struct rerr_unreach *dp = NULL;
- int n, trunc;
+ u_int i, dc;
+ const struct aodv_rerr *ap = (const struct aodv_rerr *)dat;
+ const struct rerr_unreach *dp;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < offsetof(struct aodv_rerr, r)) {
- ND_PRINT((ndo, " [|rerr]"));
- return;
- }
- i -= offsetof(struct aodv_rerr, r);
- dp = &ap->rerr.r.dest[0];
- n = ap->rerr.rerr_dc * sizeof(ap->rerr.r.dest[0]);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rerr %s [items %u] [%u]:",
- ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "",
- ap->rerr.rerr_dc, length));
- trunc = n - (i/sizeof(ap->rerr.r.dest[0]));
- for (; i >= sizeof(ap->rerr.r.dest[0]);
- ++dp, i -= sizeof(ap->rerr.r.dest[0])) {
+ ap->rerr_flags & RERR_NODELETE ? "[D]" : "",
+ ap->rerr_dc, length));
+ dp = (struct rerr_unreach *)(dat + sizeof(*ap));
+ i = length - sizeof(*ap);
+ for (dc = ap->rerr_dc; dc != 0; dc--) {
+ ND_TCHECK(*dp);
+ if (i < sizeof(*dp))
+ goto trunc;
ND_PRINT((ndo, " {%s}(%ld)", ipaddr_string(ndo, &dp->u_da),
(unsigned long)EXTRACT_32BITS(&dp->u_ds)));
+ dp++;
+ i -= sizeof(*dp);
}
- if (trunc)
- ND_PRINT((ndo, "[|rerr]"));
+ return;
+
+trunc:
+ ND_PRINT((ndo, "[|rerr]"));
}
static void
#ifdef INET6
-aodv_v6_rreq(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_v6_rreq(netdissect_options *ndo, const u_char *dat, u_int length)
#else
-aodv_v6_rreq(netdissect_options *ndo,
- const union aodv *ap _U_, const u_char *dat _U_, u_int length)
+aodv_v6_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length)
#endif
{
#ifdef INET6
u_int i;
+ const struct aodv_rreq6 *ap = (const struct aodv_rreq6 *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < sizeof(ap->rreq6)) {
- ND_PRINT((ndo, " [|rreq6]"));
- return;
- }
- i -= sizeof(ap->rreq6);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " v6 rreq %u %s%s%s%s%shops %u id 0x%08lx\n"
"\tdst %s seq %lu src %s seq %lu", length,
- ap->rreq6.rreq_type & RREQ_JOIN ? "[J]" : "",
- ap->rreq6.rreq_type & RREQ_REPAIR ? "[R]" : "",
- ap->rreq6.rreq_type & RREQ_GRAT ? "[G]" : "",
- ap->rreq6.rreq_type & RREQ_DEST ? "[D]" : "",
- ap->rreq6.rreq_type & RREQ_UNKNOWN ? "[U] " : " ",
- ap->rreq6.rreq_hops,
- (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_id),
- ip6addr_string(ndo, &ap->rreq6.rreq_da),
- (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_ds),
- ip6addr_string(ndo, &ap->rreq6.rreq_oa),
- (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_os)));
+ ap->rreq_type & RREQ_JOIN ? "[J]" : "",
+ ap->rreq_type & RREQ_REPAIR ? "[R]" : "",
+ ap->rreq_type & RREQ_GRAT ? "[G]" : "",
+ ap->rreq_type & RREQ_DEST ? "[D]" : "",
+ ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ",
+ ap->rreq_hops,
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_id),
+ ip6addr_string(ndo, &ap->rreq_da),
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_ds),
+ ip6addr_string(ndo, &ap->rreq_oa),
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_os)));
+ i = length - sizeof(*ap);
if (i >= sizeof(struct aodv_ext))
- aodv_extension(ndo, (void *)(&ap->rreq6 + 1), i);
+ aodv_extension(ndo, (const struct aodv_ext *)(dat +
sizeof(*ap)), i);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|rreq"));
#else
ND_PRINT((ndo, " v6 rreq %u", length));
#endif
@@ -370,38 +333,35 @@ aodv_v6_rreq(netdissect_options *ndo,
static void
#ifdef INET6
-aodv_v6_rrep(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_v6_rrep(netdissect_options *ndo, const u_char *dat, u_int length)
#else
-aodv_v6_rrep(netdissect_options *ndo,
- const union aodv *ap _U_, const u_char *dat _U_, u_int length)
+aodv_v6_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length)
#endif
{
#ifdef INET6
u_int i;
+ const struct aodv_rrep6 *ap = (const struct aodv_rrep6 *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < sizeof(ap->rrep6)) {
- ND_PRINT((ndo, " [|rrep6]"));
- return;
- }
- i -= sizeof(ap->rrep6);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n"
"\tdst %s dseq %lu src %s %lu ms", length,
- ap->rrep6.rrep_type & RREP_REPAIR ? "[R]" : "",
- ap->rrep6.rrep_type & RREP_ACK ? "[A] " : " ",
- ap->rrep6.rrep_ps & RREP_PREFIX_MASK,
- ap->rrep6.rrep_hops,
- ip6addr_string(ndo, &ap->rrep6.rrep_da),
- (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_ds),
- ip6addr_string(ndo, &ap->rrep6.rrep_oa),
- (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_life)));
+ ap->rrep_type & RREP_REPAIR ? "[R]" : "",
+ ap->rrep_type & RREP_ACK ? "[A] " : " ",
+ ap->rrep_ps & RREP_PREFIX_MASK,
+ ap->rrep_hops,
+ ip6addr_string(ndo, &ap->rrep_da),
+ (unsigned long)EXTRACT_32BITS(&ap->rrep_ds),
+ ip6addr_string(ndo, &ap->rrep_oa),
+ (unsigned long)EXTRACT_32BITS(&ap->rrep_life)));
+ i = length - sizeof(*ap);
if (i >= sizeof(struct aodv_ext))
- aodv_extension(ndo, (void *)(&ap->rrep6 + 1), i);
+ aodv_extension(ndo, (const struct aodv_ext *)(dat +
sizeof(*ap)), i);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|rreq"));
#else
ND_PRINT((ndo, " rrep %u", length));
#endif
@@ -409,31 +369,37 @@ aodv_v6_rrep(netdissect_options *ndo,
static void
#ifdef INET6
-aodv_v6_rerr(netdissect_options *ndo,
- const union aodv *ap, u_int length)
+aodv_v6_rerr(netdissect_options *ndo, const u_char *dat, u_int length)
#else
-aodv_v6_rerr(netdissect_options *ndo,
- const union aodv *ap _U_, u_int length)
+aodv_v6_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length)
#endif
{
#ifdef INET6
- const struct rerr_unreach6 *dp6 = NULL;
- int i, j, n, trunc;
+ u_int i, dc;
+ const struct aodv_rerr *ap = (const struct aodv_rerr *)dat;
+ const struct rerr_unreach6 *dp6;
- i = length - offsetof(struct aodv_rerr, r);
- j = sizeof(ap->rerr.r.dest6[0]);
- dp6 = &ap->rerr.r.dest6[0];
- n = ap->rerr.rerr_dc * j;
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rerr %s [items %u] [%u]:",
- ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "",
- ap->rerr.rerr_dc, length));
- trunc = n - (i/j);
- for (; i -= j >= 0; ++dp6) {
+ ap->rerr_flags & RERR_NODELETE ? "[D]" : "",
+ ap->rerr_dc, length));
+ dp6 = (struct rerr_unreach6 *)(void *)(ap + 1);
+ i = length - sizeof(*ap);
+ for (dc = ap->rerr_dc; dc != 0; dc--) {
+ ND_TCHECK(*dp6);
+ if (i < sizeof(*dp6))
+ goto trunc;
ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da),
(unsigned long)EXTRACT_32BITS(&dp6->u_ds)));
+ dp6++;
+ i -= sizeof(*dp6);
}
- if (trunc)
- ND_PRINT((ndo, "[|rerr]"));
+ return;
+
+trunc:
+ ND_PRINT((ndo, "[|rerr]"));
#else
ND_PRINT((ndo, " rerr %u", length));
#endif
@@ -441,42 +407,38 @@ aodv_v6_rerr(netdissect_options *ndo,
static void
#ifdef INET6
-aodv_v6_draft_01_rreq(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat, u_int length)
#else
-aodv_v6_draft_01_rreq(netdissect_options *ndo,
- const union aodv *ap _U_, const u_char *dat _U_,
- u_int length)
+aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int
length)
#endif
{
#ifdef INET6
u_int i;
+ const struct aodv_rreq6_draft_01 *ap = (const struct
aodv_rreq6_draft_01 *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < sizeof(ap->rreq6_draft_01)) {
- ND_PRINT((ndo, " [|rreq6]"));
- return;
- }
- i -= sizeof(ap->rreq6_draft_01);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n"
"\tdst %s seq %lu src %s seq %lu", length,
- ap->rreq6_draft_01.rreq_type & RREQ_JOIN ? "[J]" : "",
- ap->rreq6_draft_01.rreq_type & RREQ_REPAIR ? "[R]" : "",
- ap->rreq6_draft_01.rreq_type & RREQ_GRAT ? "[G]" : "",
- ap->rreq6_draft_01.rreq_type & RREQ_DEST ? "[D]" : "",
- ap->rreq6_draft_01.rreq_type & RREQ_UNKNOWN ? "[U] " : " ",
- ap->rreq6_draft_01.rreq_hops,
- (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_id),
- ip6addr_string(ndo, &ap->rreq6_draft_01.rreq_da),
- (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_ds),
- ip6addr_string(ndo, &ap->rreq6_draft_01.rreq_oa),
- (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_os)));
+ ap->rreq_type & RREQ_JOIN ? "[J]" : "",
+ ap->rreq_type & RREQ_REPAIR ? "[R]" : "",
+ ap->rreq_type & RREQ_GRAT ? "[G]" : "",
+ ap->rreq_type & RREQ_DEST ? "[D]" : "",
+ ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ",
+ ap->rreq_hops,
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_id),
+ ip6addr_string(ndo, &ap->rreq_da),
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_ds),
+ ip6addr_string(ndo, &ap->rreq_oa),
+ (unsigned long)EXTRACT_32BITS(&ap->rreq_os)));
+ i = length - sizeof(*ap);
if (i >= sizeof(struct aodv_ext))
- aodv_extension(ndo, (void *)(&ap->rreq6_draft_01 + 1), i);
+ aodv_extension(ndo, (const struct aodv_ext *)(dat +
sizeof(*ap)), i);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|rreq"));
#else
ND_PRINT((ndo, " rreq %u", length));
#endif
@@ -484,39 +446,35 @@ aodv_v6_draft_01_rreq(netdissect_options *ndo,
static void
#ifdef INET6
-aodv_v6_draft_01_rrep(netdissect_options *ndo,
- const union aodv *ap, const u_char *dat, u_int length)
+aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat, u_int length)
#else
-aodv_v6_draft_01_rrep(netdissect_options *ndo,
- const union aodv *ap _U_, const u_char *dat _U_,
- u_int length)
+aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int
length)
#endif
{
#ifdef INET6
u_int i;
+ const struct aodv_rrep6_draft_01 *ap = (const struct
aodv_rrep6_draft_01 *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- i = min(length, (u_int)(ndo->ndo_snapend - dat));
- if (i < sizeof(ap->rrep6_draft_01)) {
- ND_PRINT((ndo, " [|rrep6]"));
- return;
- }
- i -= sizeof(ap->rrep6_draft_01);
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n"
"\tdst %s dseq %lu src %s %lu ms", length,
- ap->rrep6_draft_01.rrep_type & RREP_REPAIR ? "[R]" : "",
- ap->rrep6_draft_01.rrep_type & RREP_ACK ? "[A] " : " ",
- ap->rrep6_draft_01.rrep_ps & RREP_PREFIX_MASK,
- ap->rrep6_draft_01.rrep_hops,
- ip6addr_string(ndo, &ap->rrep6_draft_01.rrep_da),
- (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_ds),
- ip6addr_string(ndo, &ap->rrep6_draft_01.rrep_oa),
- (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_life)));
+ ap->rrep_type & RREP_REPAIR ? "[R]" : "",
+ ap->rrep_type & RREP_ACK ? "[A] " : " ",
+ ap->rrep_ps & RREP_PREFIX_MASK,
+ ap->rrep_hops,
+ ip6addr_string(ndo, &ap->rrep_da),
+ (unsigned long)EXTRACT_32BITS(&ap->rrep_ds),
+ ip6addr_string(ndo, &ap->rrep_oa),
+ (unsigned long)EXTRACT_32BITS(&ap->rrep_life)));
+ i = length - sizeof(*ap);
if (i >= sizeof(struct aodv_ext))
- aodv_extension(ndo, (void *)(&ap->rrep6_draft_01 + 1), i);
+ aodv_extension(ndo, (const struct aodv_ext *)(dat +
sizeof(*ap)), i);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|rreq"));
#else
ND_PRINT((ndo, " rrep %u", length));
#endif
@@ -524,31 +482,37 @@ aodv_v6_draft_01_rrep(netdissect_options *ndo,
static void
#ifdef INET6
-aodv_v6_draft_01_rerr(netdissect_options *ndo,
- const union aodv *ap, u_int length)
+aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat, u_int length)
#else
-aodv_v6_draft_01_rerr(netdissect_options *ndo,
- const union aodv *ap _U_, u_int length)
+aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int
length)
#endif
{
#ifdef INET6
- const struct rerr_unreach6_draft_01 *dp6 = NULL;
- int i, j, n, trunc;
+ u_int i, dc;
+ const struct aodv_rerr *ap = (const struct aodv_rerr *)dat;
+ const struct rerr_unreach6_draft_01 *dp6;
- i = length - offsetof(struct aodv_rerr, r);
- j = sizeof(ap->rerr.r.dest6_draft_01[0]);
- dp6 = &ap->rerr.r.dest6_draft_01[0];
- n = ap->rerr.rerr_dc * j;
+ ND_TCHECK(*ap);
+ if (length < sizeof(*ap))
+ goto trunc;
ND_PRINT((ndo, " rerr %s [items %u] [%u]:",
- ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "",
- ap->rerr.rerr_dc, length));
- trunc = n - (i/j);
- for (; i -= j >= 0; ++dp6) {
+ ap->rerr_flags & RERR_NODELETE ? "[D]" : "",
+ ap->rerr_dc, length));
+ dp6 = (struct rerr_unreach6_draft_01 *)(void *)(ap + 1);
+ i = length - sizeof(*ap);
+ for (dc = ap->rerr_dc; dc != 0; dc--) {
+ ND_TCHECK(*dp6);
+ if (i < sizeof(*dp6))
+ goto trunc;
ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da),
(unsigned long)EXTRACT_32BITS(&dp6->u_ds)));
+ dp6++;
+ i -= sizeof(*dp6);
}
- if (trunc)
- ND_PRINT((ndo, "[|rerr]"));
+ return;
+
+trunc:
+ ND_PRINT((ndo, "[|rerr]"));
#else
ND_PRINT((ndo, " rerr %u", length));
#endif
@@ -558,40 +522,37 @@ void
aodv_print(netdissect_options *ndo,
const u_char *dat, u_int length, int is_ip6)
{
- const union aodv *ap;
-
- ap = (union aodv *)dat;
- if (ndo->ndo_snapend < dat) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
- if (min(length, (u_int)(ndo->ndo_snapend - dat)) <
sizeof(ap->rrep_ack)) {
- ND_PRINT((ndo, " [|aodv]"));
- return;
- }
+ uint8_t msg_type;
+
+ /*
+ * The message type is the first byte; make sure we have it
+ * and then fetch it.
+ */
+ ND_TCHECK(*dat);
+ msg_type = *dat;
ND_PRINT((ndo, " aodv"));
- switch (ap->rerr.rerr_type) {
+ switch (msg_type) {
case AODV_RREQ:
if (is_ip6)
- aodv_v6_rreq(ndo, ap, dat, length);
+ aodv_v6_rreq(ndo, dat, length);
else
- aodv_rreq(ndo, ap, dat, length);
+ aodv_rreq(ndo, dat, length);
break;
case AODV_RREP:
if (is_ip6)
- aodv_v6_rrep(ndo, ap, dat, length);
+ aodv_v6_rrep(ndo, dat, length);
else
- aodv_rrep(ndo, ap, dat, length);
+ aodv_rrep(ndo, dat, length);
break;
case AODV_RERR:
if (is_ip6)
- aodv_v6_rerr(ndo, ap, length);
+ aodv_v6_rerr(ndo, dat, length);
else
- aodv_rerr(ndo, ap, dat, length);
+ aodv_rerr(ndo, dat, length);
break;
case AODV_RREP_ACK:
@@ -599,15 +560,15 @@ aodv_print(netdissect_options *ndo,
break;
case AODV_V6_DRAFT_01_RREQ:
- aodv_v6_draft_01_rreq(ndo, ap, dat, length);
+ aodv_v6_draft_01_rreq(ndo, dat, length);
break;
case AODV_V6_DRAFT_01_RREP:
- aodv_v6_draft_01_rrep(ndo, ap, dat, length);
+ aodv_v6_draft_01_rrep(ndo, dat, length);
break;
case AODV_V6_DRAFT_01_RERR:
- aodv_v6_draft_01_rerr(ndo, ap, length);
+ aodv_v6_draft_01_rerr(ndo, dat, length);
break;
case AODV_V6_DRAFT_01_RREP_ACK:
@@ -615,6 +576,10 @@ aodv_print(netdissect_options *ndo,
break;
default:
- ND_PRINT((ndo, " %u %u", ap->rreq.rreq_type, length));
+ ND_PRINT((ndo, " type %u %u", msg_type, length));
}
+ return;
+
+trunc:
+ ND_PRINT((ndo, " [|aodv]"));
}
