diff options
author | Michael Mann <mmann78@netscape.net> | 2014-10-25 19:44:56 -0400 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2014-10-26 01:26:37 +0000 |
commit | 803a2f9518b9d207094dabfc01ad462e46588ef3 (patch) | |
tree | 62285591fc2287149725fe4c84daa133d5d81d4c | |
parent | 3ffd8c57d9f94d1ac3d9d94f8f5aebd78022777c (diff) |
Various Mobile IPv6 bugfixes
Most of this was found by Boaz Brickner, but to prevent a few more bug reports, I tried to find any remaining MIPv6 options that used -1 to read until "end of packet" instead of "end of option"
1. Option-Code and Reserved fields should be 1 byte, not 2 in Local Mobility Anchor Address mobility option
2. IPv6 AUTH mobility option parses Mobility SPI
3. IPv6 MESG-ID (should just be a timestamp field)
4. IPv6 Redirect Mobility Option K and N bits are parsed incorrectly
5. The following options had a field that read until the end of the packet instead of the end of the option:
DNS-UPDATE-TYPE
AUTH Authentication Data
Care Of Test
Permanent Home Keygen Token
CGA Parameters
Signature
Experimental Mobility Option
Bug: 10630
Bug: 10629
Bug: 10626
Bug: 10625
Bug: 10624
Bug: 10622
Bug: 10619
Change-Id: I14c984a237efc1d1a09618d9a4a1caef1eaf8df0
Reviewed-on: https://code.wireshark.org/review/4932
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-rw-r--r-- | epan/dissectors/packet-mip6.c | 70 |
1 files changed, 42 insertions, 28 deletions
diff --git a/epan/dissectors/packet-mip6.c b/epan/dissectors/packet-mip6.c index 8cc9c2dd46..ef06f48adb 100644 --- a/epan/dissectors/packet-mip6.c +++ b/epan/dissectors/packet-mip6.c @@ -917,9 +917,9 @@ static const value_string mip6_mng_id_type_vals[] = { #define MIP6_RECAP_LEN 2 #define MIP6_REDIR_MIN_LEN 6 -#define MIP6_REDIR_FLAG_K 0x80 -#define MIP6_REDIR_FLAG_N 0x40 -#define MIP6_REDIR_FLAG_RSV 0x3F +#define MIP6_REDIR_FLAG_K 0x8000 +#define MIP6_REDIR_FLAG_N 0x4000 +#define MIP6_REDIR_FLAG_RSV 0x3FFF #define MIP6_LOAD_INF_LEN 18 #define MIP6_ALT_IP4_LEN 4 @@ -1046,6 +1046,7 @@ static int hf_mip6_opt_badff_auth = -1; static int hf_mip6_opt_auth_sub_type = -1; static int hf_mip6_opt_auth_mobility_spi = -1; static int hf_mip6_opt_auth_auth_data = -1; +static int hf_mip6_opt_mseg_id_timestamp = -1; static int hf_mip6_opt_cgar_cga_par = -1; static int hf_mip6_opt_sign_sign = -1; @@ -2054,14 +2055,9 @@ dissect_mip6_opt_mnid(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: Mobility Message Authentication Option */ -/* 10 MESG-ID-OPTION-TYPE [RFC4285] - * 5.1. MN-HA Mobility Message Authentication Option - * The format of the MN-HA mobility message authentication option is as - * defined in Figure 2. - */ static void dissect_mip6_opt_auth(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; @@ -2069,54 +2065,68 @@ dissect_mip6_opt_auth(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, offset++; proto_tree_add_item(opt_tree, hf_mip6_opt_auth_sub_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_auth_mobility_spi, tvb, offset, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(opt_tree, hf_mip6_opt_auth_mobility_spi, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; - proto_tree_add_item(opt_tree, hf_mip6_opt_auth_auth_data, tvb, offset, -1, ENC_NA); + proto_tree_add_item(opt_tree, hf_mip6_opt_auth_auth_data, tvb, offset, optlen-4-2, ENC_NA); + +} + +/* 10 MESG-ID-OPTION-TYPE [RFC4285] */ +static void +dissect_mip6_opt_mseg_id(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, + guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) +{ + /* offset points to tag(opt) */ + offset++; + proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN); + offset++; + proto_tree_add_item(opt_tree, hf_mip6_opt_mseg_id_timestamp, tvb, offset, 8, ENC_BIG_ENDIAN); } + /* 11 CGA Parameters Request [RFC4866] */ /* Carries no data */ /* 12 CGA Parameters [RFC4866] */ static void dissect_mip6_opt_cgar(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_cgar_cga_par, tvb, offset, -1, ENC_NA); + proto_tree_add_item(opt_tree, hf_mip6_opt_cgar_cga_par, tvb, offset, optlen-2, ENC_NA); } /* 13 Signature [RFC4866] */ static void dissect_mip6_opt_sign(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_sign_sign, tvb, offset, -1, ENC_NA); + proto_tree_add_item(opt_tree, hf_mip6_opt_sign_sign, tvb, offset, optlen-2, ENC_NA); } /* 14 Permanent Home Keygen Token [RFC4866] */ static void dissect_mip6_opt_phkt(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_phkt_phkt, tvb, offset, -1, ENC_NA); + proto_tree_add_item(opt_tree, hf_mip6_opt_phkt_phkt, tvb, offset, optlen-2, ENC_NA); } /* 15 Care-of Test Init [RFC4866] @@ -2126,15 +2136,14 @@ dissect_mip6_opt_phkt(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, /* 16 Care-of Test [RFC4866] */ static void dissect_mip6_opt_mocot(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_mocot_co_keygen_tok, tvb, offset, -1, ENC_NA); - + proto_tree_add_item(opt_tree, hf_mip6_opt_mocot_co_keygen_tok, tvb, offset, optlen-2, ENC_NA); } /* 17 DNS-UPDATE-TYPE [RFC5026] @@ -2154,7 +2163,7 @@ dissect_mip6_opt_mocot(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, */ static void dissect_mip6_opt_dnsu(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; @@ -2167,20 +2176,20 @@ dissect_mip6_opt_dnsu(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, proto_tree_add_item(opt_tree, hf_mip6_opt_dnsu_flag_r, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_dnsu_mn_id, tvb, offset, -1, ENC_NA); + proto_tree_add_item(opt_tree, hf_mip6_opt_dnsu_mn_id, tvb, offset, optlen-2-2, ENC_NA); } /* 18 Experimental Mobility Option [RFC5096] */ static void dissect_mip6_opt_em(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, - guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) + guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ ) { /* offset points to tag(opt) */ offset++; proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; - proto_tree_add_item(opt_tree, hf_mip6_opt_em_data, tvb, offset, -1, ENC_NA); + proto_tree_add_item(opt_tree, hf_mip6_opt_em_data, tvb, offset, optlen-2, ENC_NA); } @@ -2890,10 +2899,10 @@ dissect_pmip6_opt_lmaa(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset, offset++; opt_code = tvb_get_guint8(tvb,offset); - proto_tree_add_item(opt_tree, hf_mip6_lmaa_opt_code, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(opt_tree, hf_mip6_lmaa_opt_code, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; - proto_tree_add_item(opt_tree, hf_mip6_lmaa_reserved, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(opt_tree, hf_mip6_lmaa_reserved, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; if (opt_code == 1) { @@ -3255,7 +3264,7 @@ static const mip6_opt mip6_opts[] = { &ett_mip6_opt_mesgid, OPT_LEN_VARIABLE_LENGTH, MIP6_AUTH_MINLEN, - dissect_mip6_opt_auth + dissect_mip6_opt_mseg_id }, { MIP6_CGAPR, /* 11 CGA Parameters Request [RFC4866] */ @@ -4341,6 +4350,11 @@ proto_register_mip6(void) FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_mip6_opt_mseg_id_timestamp, + { "Timestamp", "mip6.mseg_id.timestamp", + FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0, + NULL, HFILL } + }, { &hf_mip6_opt_cgar_cga_par, { "CGA Parameters", "mip6.cgar.cga_par", FT_BYTES, BASE_NONE, NULL, 0, @@ -4699,7 +4713,7 @@ proto_register_mip6(void) }, { &hf_mip6_opt_redir_n, { "N", "mip6.redir.n", - FT_BOOLEAN, 16, NULL, MIP6_REDIR_FLAG_K, + FT_BOOLEAN, 16, NULL, MIP6_REDIR_FLAG_N, "bit is set (1) if the Optional IPv4 r2LMA Address is included in the mobility option", HFILL } }, { &hf_mip6_opt_redir_reserved, |