xref: /freebsd/contrib/tcpdump/print-isoclns.c (revision a35f04fba2ebb8f86d4cbdc710c89a094572b08e)
1 /*
2  * Copyright (c) 1992, 1993, 1994, 1995, 1996
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * Original code by Matt Thomas, Digital Equipment Corporation
22  *
23  * Extensively modified by Hannes Gredler (hannes@juniper.net) for more
24  * complete IS-IS & CLNP support.
25  */
26 
27 /* \summary: ISO CLNS, ESIS, and ISIS printer */
28 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32 
33 #include <netdissect-stdinc.h>
34 
35 #include <string.h>
36 
37 #include "netdissect.h"
38 #include "addrtoname.h"
39 #include "ether.h"
40 #include "nlpid.h"
41 #include "extract.h"
42 #include "gmpls.h"
43 #include "oui.h"
44 #include "signature.h"
45 
46 static const char tstr[] = " [|isis]";
47 
48 /*
49  * IS-IS is defined in ISO 10589.  Look there for protocol definitions.
50  */
51 
52 #define SYSTEM_ID_LEN	ETHER_ADDR_LEN
53 #define NODE_ID_LEN     SYSTEM_ID_LEN+1
54 #define LSP_ID_LEN      SYSTEM_ID_LEN+2
55 
56 #define ISIS_VERSION	1
57 #define ESIS_VERSION	1
58 #define CLNP_VERSION	1
59 
60 #define ISIS_PDU_TYPE_MASK      0x1F
61 #define ESIS_PDU_TYPE_MASK      0x1F
62 #define CLNP_PDU_TYPE_MASK      0x1F
63 #define CLNP_FLAG_MASK          0xE0
64 #define ISIS_LAN_PRIORITY_MASK  0x7F
65 
66 #define ISIS_PDU_L1_LAN_IIH	15
67 #define ISIS_PDU_L2_LAN_IIH	16
68 #define ISIS_PDU_PTP_IIH	17
69 #define ISIS_PDU_L1_LSP       	18
70 #define ISIS_PDU_L2_LSP       	20
71 #define ISIS_PDU_L1_CSNP  	24
72 #define ISIS_PDU_L2_CSNP  	25
73 #define ISIS_PDU_L1_PSNP        26
74 #define ISIS_PDU_L2_PSNP        27
75 
76 static const struct tok isis_pdu_values[] = {
77     { ISIS_PDU_L1_LAN_IIH,       "L1 Lan IIH"},
78     { ISIS_PDU_L2_LAN_IIH,       "L2 Lan IIH"},
79     { ISIS_PDU_PTP_IIH,          "p2p IIH"},
80     { ISIS_PDU_L1_LSP,           "L1 LSP"},
81     { ISIS_PDU_L2_LSP,           "L2 LSP"},
82     { ISIS_PDU_L1_CSNP,          "L1 CSNP"},
83     { ISIS_PDU_L2_CSNP,          "L2 CSNP"},
84     { ISIS_PDU_L1_PSNP,          "L1 PSNP"},
85     { ISIS_PDU_L2_PSNP,          "L2 PSNP"},
86     { 0, NULL}
87 };
88 
89 /*
90  * A TLV is a tuple of a type, length and a value and is normally used for
91  * encoding information in all sorts of places.  This is an enumeration of
92  * the well known types.
93  *
94  * list taken from rfc3359 plus some memory from veterans ;-)
95  */
96 
97 #define ISIS_TLV_AREA_ADDR           1   /* iso10589 */
98 #define ISIS_TLV_IS_REACH            2   /* iso10589 */
99 #define ISIS_TLV_ESNEIGH             3   /* iso10589 */
100 #define ISIS_TLV_PART_DIS            4   /* iso10589 */
101 #define ISIS_TLV_PREFIX_NEIGH        5   /* iso10589 */
102 #define ISIS_TLV_ISNEIGH             6   /* iso10589 */
103 #define ISIS_TLV_ISNEIGH_VARLEN      7   /* iso10589 */
104 #define ISIS_TLV_PADDING             8   /* iso10589 */
105 #define ISIS_TLV_LSP                 9   /* iso10589 */
106 #define ISIS_TLV_AUTH                10  /* iso10589, rfc3567 */
107 #define ISIS_TLV_CHECKSUM            12  /* rfc3358 */
108 #define ISIS_TLV_CHECKSUM_MINLEN 2
109 #define ISIS_TLV_POI                 13  /* rfc6232 */
110 #define ISIS_TLV_LSP_BUFFERSIZE      14  /* iso10589 rev2 */
111 #define ISIS_TLV_LSP_BUFFERSIZE_MINLEN 2
112 #define ISIS_TLV_EXT_IS_REACH        22  /* draft-ietf-isis-traffic-05 */
113 #define ISIS_TLV_IS_ALIAS_ID         24  /* draft-ietf-isis-ext-lsp-frags-02 */
114 #define ISIS_TLV_DECNET_PHASE4       42
115 #define ISIS_TLV_LUCENT_PRIVATE      66
116 #define ISIS_TLV_INT_IP_REACH        128 /* rfc1195, rfc2966 */
117 #define ISIS_TLV_PROTOCOLS           129 /* rfc1195 */
118 #define ISIS_TLV_EXT_IP_REACH        130 /* rfc1195, rfc2966 */
119 #define ISIS_TLV_IDRP_INFO           131 /* rfc1195 */
120 #define ISIS_TLV_IDRP_INFO_MINLEN      1
121 #define ISIS_TLV_IPADDR              132 /* rfc1195 */
122 #define ISIS_TLV_IPAUTH              133 /* rfc1195 */
123 #define ISIS_TLV_TE_ROUTER_ID        134 /* draft-ietf-isis-traffic-05 */
124 #define ISIS_TLV_EXTD_IP_REACH       135 /* draft-ietf-isis-traffic-05 */
125 #define ISIS_TLV_HOSTNAME            137 /* rfc2763 */
126 #define ISIS_TLV_SHARED_RISK_GROUP   138 /* draft-ietf-isis-gmpls-extensions */
127 #define ISIS_TLV_MT_PORT_CAP         143 /* rfc6165 */
128 #define ISIS_TLV_MT_CAPABILITY       144 /* rfc6329 */
129 #define ISIS_TLV_NORTEL_PRIVATE1     176
130 #define ISIS_TLV_NORTEL_PRIVATE2     177
131 #define ISIS_TLV_RESTART_SIGNALING   211 /* rfc3847 */
132 #define ISIS_TLV_RESTART_SIGNALING_FLAGLEN 1
133 #define ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN 2
134 #define ISIS_TLV_MT_IS_REACH         222 /* draft-ietf-isis-wg-multi-topology-05 */
135 #define ISIS_TLV_MT_SUPPORTED        229 /* draft-ietf-isis-wg-multi-topology-05 */
136 #define ISIS_TLV_MT_SUPPORTED_MINLEN 2
137 #define ISIS_TLV_IP6ADDR             232 /* draft-ietf-isis-ipv6-02 */
138 #define ISIS_TLV_MT_IP_REACH         235 /* draft-ietf-isis-wg-multi-topology-05 */
139 #define ISIS_TLV_IP6_REACH           236 /* draft-ietf-isis-ipv6-02 */
140 #define ISIS_TLV_MT_IP6_REACH        237 /* draft-ietf-isis-wg-multi-topology-05 */
141 #define ISIS_TLV_PTP_ADJ             240 /* rfc3373 */
142 #define ISIS_TLV_IIH_SEQNR           241 /* draft-shen-isis-iih-sequence-00 */
143 #define ISIS_TLV_IIH_SEQNR_MINLEN 4
144 #define ISIS_TLV_VENDOR_PRIVATE      250 /* draft-ietf-isis-experimental-tlv-01 */
145 #define ISIS_TLV_VENDOR_PRIVATE_MINLEN 3
146 
147 static const struct tok isis_tlv_values[] = {
148     { ISIS_TLV_AREA_ADDR,	   "Area address(es)"},
149     { ISIS_TLV_IS_REACH,           "IS Reachability"},
150     { ISIS_TLV_ESNEIGH,            "ES Neighbor(s)"},
151     { ISIS_TLV_PART_DIS,           "Partition DIS"},
152     { ISIS_TLV_PREFIX_NEIGH,       "Prefix Neighbors"},
153     { ISIS_TLV_ISNEIGH,            "IS Neighbor(s)"},
154     { ISIS_TLV_ISNEIGH_VARLEN,     "IS Neighbor(s) (variable length)"},
155     { ISIS_TLV_PADDING,            "Padding"},
156     { ISIS_TLV_LSP,                "LSP entries"},
157     { ISIS_TLV_AUTH,               "Authentication"},
158     { ISIS_TLV_CHECKSUM,           "Checksum"},
159     { ISIS_TLV_POI,                "Purge Originator Identifier"},
160     { ISIS_TLV_LSP_BUFFERSIZE,     "LSP Buffersize"},
161     { ISIS_TLV_EXT_IS_REACH,       "Extended IS Reachability"},
162     { ISIS_TLV_IS_ALIAS_ID,        "IS Alias ID"},
163     { ISIS_TLV_DECNET_PHASE4,      "DECnet Phase IV"},
164     { ISIS_TLV_LUCENT_PRIVATE,     "Lucent Proprietary"},
165     { ISIS_TLV_INT_IP_REACH,       "IPv4 Internal Reachability"},
166     { ISIS_TLV_PROTOCOLS,          "Protocols supported"},
167     { ISIS_TLV_EXT_IP_REACH,       "IPv4 External Reachability"},
168     { ISIS_TLV_IDRP_INFO,          "Inter-Domain Information Type"},
169     { ISIS_TLV_IPADDR,             "IPv4 Interface address(es)"},
170     { ISIS_TLV_IPAUTH,             "IPv4 authentication (deprecated)"},
171     { ISIS_TLV_TE_ROUTER_ID,       "Traffic Engineering Router ID"},
172     { ISIS_TLV_EXTD_IP_REACH,      "Extended IPv4 Reachability"},
173     { ISIS_TLV_SHARED_RISK_GROUP,  "Shared Risk Link Group"},
174     { ISIS_TLV_MT_PORT_CAP,        "Multi-Topology-Aware Port Capability"},
175     { ISIS_TLV_MT_CAPABILITY,      "Multi-Topology Capability"},
176     { ISIS_TLV_NORTEL_PRIVATE1,    "Nortel Proprietary"},
177     { ISIS_TLV_NORTEL_PRIVATE2,    "Nortel Proprietary"},
178     { ISIS_TLV_HOSTNAME,           "Hostname"},
179     { ISIS_TLV_RESTART_SIGNALING,  "Restart Signaling"},
180     { ISIS_TLV_MT_IS_REACH,        "Multi Topology IS Reachability"},
181     { ISIS_TLV_MT_SUPPORTED,       "Multi Topology"},
182     { ISIS_TLV_IP6ADDR,            "IPv6 Interface address(es)"},
183     { ISIS_TLV_MT_IP_REACH,        "Multi-Topology IPv4 Reachability"},
184     { ISIS_TLV_IP6_REACH,          "IPv6 reachability"},
185     { ISIS_TLV_MT_IP6_REACH,       "Multi-Topology IP6 Reachability"},
186     { ISIS_TLV_PTP_ADJ,            "Point-to-point Adjacency State"},
187     { ISIS_TLV_IIH_SEQNR,          "Hello PDU Sequence Number"},
188     { ISIS_TLV_VENDOR_PRIVATE,     "Vendor Private"},
189     { 0, NULL }
190 };
191 
192 #define ESIS_OPTION_PROTOCOLS        129
193 #define ESIS_OPTION_QOS_MAINTENANCE  195 /* iso9542 */
194 #define ESIS_OPTION_SECURITY         197 /* iso9542 */
195 #define ESIS_OPTION_ES_CONF_TIME     198 /* iso9542 */
196 #define ESIS_OPTION_PRIORITY         205 /* iso9542 */
197 #define ESIS_OPTION_ADDRESS_MASK     225 /* iso9542 */
198 #define ESIS_OPTION_SNPA_MASK        226 /* iso9542 */
199 
200 static const struct tok esis_option_values[] = {
201     { ESIS_OPTION_PROTOCOLS,       "Protocols supported"},
202     { ESIS_OPTION_QOS_MAINTENANCE, "QoS Maintenance" },
203     { ESIS_OPTION_SECURITY,        "Security" },
204     { ESIS_OPTION_ES_CONF_TIME,    "ES Configuration Time" },
205     { ESIS_OPTION_PRIORITY,        "Priority" },
206     { ESIS_OPTION_ADDRESS_MASK,    "Addressk Mask" },
207     { ESIS_OPTION_SNPA_MASK,       "SNPA Mask" },
208     { 0, NULL }
209 };
210 
211 #define CLNP_OPTION_DISCARD_REASON   193
212 #define CLNP_OPTION_QOS_MAINTENANCE  195 /* iso8473 */
213 #define CLNP_OPTION_SECURITY         197 /* iso8473 */
214 #define CLNP_OPTION_SOURCE_ROUTING   200 /* iso8473 */
215 #define CLNP_OPTION_ROUTE_RECORDING  203 /* iso8473 */
216 #define CLNP_OPTION_PADDING          204 /* iso8473 */
217 #define CLNP_OPTION_PRIORITY         205 /* iso8473 */
218 
219 static const struct tok clnp_option_values[] = {
220     { CLNP_OPTION_DISCARD_REASON,  "Discard Reason"},
221     { CLNP_OPTION_PRIORITY,        "Priority"},
222     { CLNP_OPTION_QOS_MAINTENANCE, "QoS Maintenance"},
223     { CLNP_OPTION_SECURITY, "Security"},
224     { CLNP_OPTION_SOURCE_ROUTING, "Source Routing"},
225     { CLNP_OPTION_ROUTE_RECORDING, "Route Recording"},
226     { CLNP_OPTION_PADDING, "Padding"},
227     { 0, NULL }
228 };
229 
230 static const struct tok clnp_option_rfd_class_values[] = {
231     { 0x0, "General"},
232     { 0x8, "Address"},
233     { 0x9, "Source Routeing"},
234     { 0xa, "Lifetime"},
235     { 0xb, "PDU Discarded"},
236     { 0xc, "Reassembly"},
237     { 0, NULL }
238 };
239 
240 static const struct tok clnp_option_rfd_general_values[] = {
241     { 0x0, "Reason not specified"},
242     { 0x1, "Protocol procedure error"},
243     { 0x2, "Incorrect checksum"},
244     { 0x3, "PDU discarded due to congestion"},
245     { 0x4, "Header syntax error (cannot be parsed)"},
246     { 0x5, "Segmentation needed but not permitted"},
247     { 0x6, "Incomplete PDU received"},
248     { 0x7, "Duplicate option"},
249     { 0, NULL }
250 };
251 
252 static const struct tok clnp_option_rfd_address_values[] = {
253     { 0x0, "Destination address unreachable"},
254     { 0x1, "Destination address unknown"},
255     { 0, NULL }
256 };
257 
258 static const struct tok clnp_option_rfd_source_routeing_values[] = {
259     { 0x0, "Unspecified source routeing error"},
260     { 0x1, "Syntax error in source routeing field"},
261     { 0x2, "Unknown address in source routeing field"},
262     { 0x3, "Path not acceptable"},
263     { 0, NULL }
264 };
265 
266 static const struct tok clnp_option_rfd_lifetime_values[] = {
267     { 0x0, "Lifetime expired while data unit in transit"},
268     { 0x1, "Lifetime expired during reassembly"},
269     { 0, NULL }
270 };
271 
272 static const struct tok clnp_option_rfd_pdu_discard_values[] = {
273     { 0x0, "Unsupported option not specified"},
274     { 0x1, "Unsupported protocol version"},
275     { 0x2, "Unsupported security option"},
276     { 0x3, "Unsupported source routeing option"},
277     { 0x4, "Unsupported recording of route option"},
278     { 0, NULL }
279 };
280 
281 static const struct tok clnp_option_rfd_reassembly_values[] = {
282     { 0x0, "Reassembly interference"},
283     { 0, NULL }
284 };
285 
286 /* array of 16 error-classes */
287 static const struct tok *clnp_option_rfd_error_class[] = {
288     clnp_option_rfd_general_values,
289     NULL,
290     NULL,
291     NULL,
292     NULL,
293     NULL,
294     NULL,
295     NULL,
296     clnp_option_rfd_address_values,
297     clnp_option_rfd_source_routeing_values,
298     clnp_option_rfd_lifetime_values,
299     clnp_option_rfd_pdu_discard_values,
300     clnp_option_rfd_reassembly_values,
301     NULL,
302     NULL,
303     NULL
304 };
305 
306 #define CLNP_OPTION_OPTION_QOS_MASK 0x3f
307 #define CLNP_OPTION_SCOPE_MASK      0xc0
308 #define CLNP_OPTION_SCOPE_SA_SPEC   0x40
309 #define CLNP_OPTION_SCOPE_DA_SPEC   0x80
310 #define CLNP_OPTION_SCOPE_GLOBAL    0xc0
311 
312 static const struct tok clnp_option_scope_values[] = {
313     { CLNP_OPTION_SCOPE_SA_SPEC, "Source Address Specific"},
314     { CLNP_OPTION_SCOPE_DA_SPEC, "Destination Address Specific"},
315     { CLNP_OPTION_SCOPE_GLOBAL, "Globally unique"},
316     { 0, NULL }
317 };
318 
319 static const struct tok clnp_option_sr_rr_values[] = {
320     { 0x0, "partial"},
321     { 0x1, "complete"},
322     { 0, NULL }
323 };
324 
325 static const struct tok clnp_option_sr_rr_string_values[] = {
326     { CLNP_OPTION_SOURCE_ROUTING, "source routing"},
327     { CLNP_OPTION_ROUTE_RECORDING, "recording of route in progress"},
328     { 0, NULL }
329 };
330 
331 static const struct tok clnp_option_qos_global_values[] = {
332     { 0x20, "reserved"},
333     { 0x10, "sequencing vs. delay"},
334     { 0x08, "congested"},
335     { 0x04, "delay vs. cost"},
336     { 0x02, "error vs. delay"},
337     { 0x01, "error vs. cost"},
338     { 0, NULL }
339 };
340 
341 #define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP           3 /* draft-ietf-isis-traffic-05 */
342 #define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID  4 /* rfc4205 */
343 #define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID        5 /* draft-ietf-isis-traffic-05 */
344 #define ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR        6 /* draft-ietf-isis-traffic-05 */
345 #define ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR    8 /* draft-ietf-isis-traffic-05 */
346 #define ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW           9 /* draft-ietf-isis-traffic-05 */
347 #define ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW        10 /* draft-ietf-isis-traffic-05 */
348 #define ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW        11 /* rfc4124 */
349 #define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD   12 /* draft-ietf-tewg-diff-te-proto-06 */
350 #define ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC            18 /* draft-ietf-isis-traffic-05 */
351 #define ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE       19 /* draft-ietf-isis-link-attr-01 */
352 #define ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE 20 /* rfc4205 */
353 #define ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR    21 /* rfc4205 */
354 #define ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS       22 /* rfc4124 */
355 
356 #define ISIS_SUBTLV_SPB_METRIC                        29 /* rfc6329 */
357 
358 static const struct tok isis_ext_is_reach_subtlv_values[] = {
359     { ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP,            "Administrative groups" },
360     { ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID,   "Link Local/Remote Identifier" },
361     { ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID,         "Link Remote Identifier" },
362     { ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR,         "IPv4 interface address" },
363     { ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR,     "IPv4 neighbor address" },
364     { ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW,            "Maximum link bandwidth" },
365     { ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW,          "Reservable link bandwidth" },
366     { ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW,          "Unreserved bandwidth" },
367     { ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC,              "Traffic Engineering Metric" },
368     { ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE,         "Link Attribute" },
369     { ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE,   "Link Protection Type" },
370     { ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR,      "Interface Switching Capability" },
371     { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD,     "Bandwidth Constraints (old)" },
372     { ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS,         "Bandwidth Constraints" },
373     { ISIS_SUBTLV_SPB_METRIC,                          "SPB Metric" },
374     { 250,                                             "Reserved for cisco specific extensions" },
375     { 251,                                             "Reserved for cisco specific extensions" },
376     { 252,                                             "Reserved for cisco specific extensions" },
377     { 253,                                             "Reserved for cisco specific extensions" },
378     { 254,                                             "Reserved for cisco specific extensions" },
379     { 255,                                             "Reserved for future expansion" },
380     { 0, NULL }
381 };
382 
383 #define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32          1 /* draft-ietf-isis-admin-tags-01 */
384 #define ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64          2 /* draft-ietf-isis-admin-tags-01 */
385 #define ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR  117 /* draft-ietf-isis-wg-multi-topology-05 */
386 
387 static const struct tok isis_ext_ip_reach_subtlv_values[] = {
388     { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32,           "32-Bit Administrative tag" },
389     { ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64,           "64-Bit Administrative tag" },
390     { ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR,     "Management Prefix Color" },
391     { 0, NULL }
392 };
393 
394 static const struct tok isis_subtlv_link_attribute_values[] = {
395     { 0x01, "Local Protection Available" },
396     { 0x02, "Link excluded from local protection path" },
397     { 0x04, "Local maintenance required"},
398     { 0, NULL }
399 };
400 
401 #define ISIS_SUBTLV_AUTH_SIMPLE        1
402 #define ISIS_SUBTLV_AUTH_GENERIC       3 /* rfc 5310 */
403 #define ISIS_SUBTLV_AUTH_MD5          54
404 #define ISIS_SUBTLV_AUTH_MD5_LEN      16
405 #define ISIS_SUBTLV_AUTH_PRIVATE     255
406 
407 static const struct tok isis_subtlv_auth_values[] = {
408     { ISIS_SUBTLV_AUTH_SIMPLE,	"simple text password"},
409     { ISIS_SUBTLV_AUTH_GENERIC, "Generic Crypto key-id"},
410     { ISIS_SUBTLV_AUTH_MD5,	"HMAC-MD5 password"},
411     { ISIS_SUBTLV_AUTH_PRIVATE,	"Routing Domain private password"},
412     { 0, NULL }
413 };
414 
415 #define ISIS_SUBTLV_IDRP_RES           0
416 #define ISIS_SUBTLV_IDRP_LOCAL         1
417 #define ISIS_SUBTLV_IDRP_ASN           2
418 
419 static const struct tok isis_subtlv_idrp_values[] = {
420     { ISIS_SUBTLV_IDRP_RES,         "Reserved"},
421     { ISIS_SUBTLV_IDRP_LOCAL,       "Routing-Domain Specific"},
422     { ISIS_SUBTLV_IDRP_ASN,         "AS Number Tag"},
423     { 0, NULL}
424 };
425 
426 #define ISIS_SUBTLV_SPB_MCID          4
427 #define ISIS_SUBTLV_SPB_DIGEST        5
428 #define ISIS_SUBTLV_SPB_BVID          6
429 
430 #define ISIS_SUBTLV_SPB_INSTANCE      1
431 #define ISIS_SUBTLV_SPBM_SI           3
432 
433 #define ISIS_SPB_MCID_LEN                         51
434 #define ISIS_SUBTLV_SPB_MCID_MIN_LEN              102
435 #define ISIS_SUBTLV_SPB_DIGEST_MIN_LEN            33
436 #define ISIS_SUBTLV_SPB_BVID_MIN_LEN              6
437 #define ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN          19
438 #define ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN   8
439 
440 static const struct tok isis_mt_port_cap_subtlv_values[] = {
441     { ISIS_SUBTLV_SPB_MCID,           "SPB MCID" },
442     { ISIS_SUBTLV_SPB_DIGEST,         "SPB Digest" },
443     { ISIS_SUBTLV_SPB_BVID,           "SPB BVID" },
444     { 0, NULL }
445 };
446 
447 static const struct tok isis_mt_capability_subtlv_values[] = {
448     { ISIS_SUBTLV_SPB_INSTANCE,      "SPB Instance" },
449     { ISIS_SUBTLV_SPBM_SI,      "SPBM Service Identifier and Unicast Address" },
450     { 0, NULL }
451 };
452 
453 struct isis_spb_mcid {
454   uint8_t  format_id;
455   uint8_t  name[32];
456   uint8_t  revision_lvl[2];
457   uint8_t  digest[16];
458 };
459 
460 struct isis_subtlv_spb_mcid {
461   struct isis_spb_mcid mcid;
462   struct isis_spb_mcid aux_mcid;
463 };
464 
465 struct isis_subtlv_spb_instance {
466   uint8_t cist_root_id[8];
467   uint8_t cist_external_root_path_cost[4];
468   uint8_t bridge_priority[2];
469   uint8_t spsourceid[4];
470   uint8_t no_of_trees;
471 };
472 
473 #define CLNP_SEGMENT_PART  0x80
474 #define CLNP_MORE_SEGMENTS 0x40
475 #define CLNP_REQUEST_ER    0x20
476 
477 static const struct tok clnp_flag_values[] = {
478     { CLNP_SEGMENT_PART, "Segmentation permitted"},
479     { CLNP_MORE_SEGMENTS, "more Segments"},
480     { CLNP_REQUEST_ER, "request Error Report"},
481     { 0, NULL}
482 };
483 
484 #define ISIS_MASK_LSP_OL_BIT(x)            ((x)&0x4)
485 #define ISIS_MASK_LSP_ISTYPE_BITS(x)       ((x)&0x3)
486 #define ISIS_MASK_LSP_PARTITION_BIT(x)     ((x)&0x80)
487 #define ISIS_MASK_LSP_ATT_BITS(x)          ((x)&0x78)
488 #define ISIS_MASK_LSP_ATT_ERROR_BIT(x)     ((x)&0x40)
489 #define ISIS_MASK_LSP_ATT_EXPENSE_BIT(x)   ((x)&0x20)
490 #define ISIS_MASK_LSP_ATT_DELAY_BIT(x)     ((x)&0x10)
491 #define ISIS_MASK_LSP_ATT_DEFAULT_BIT(x)   ((x)&0x8)
492 
493 #define ISIS_MASK_MTID(x)                  ((x)&0x0fff)
494 #define ISIS_MASK_MTFLAGS(x)               ((x)&0xf000)
495 
496 static const struct tok isis_mt_flag_values[] = {
497     { 0x4000,                  "ATT bit set"},
498     { 0x8000,                  "Overload bit set"},
499     { 0, NULL}
500 };
501 
502 #define ISIS_MASK_TLV_EXTD_IP_UPDOWN(x)     ((x)&0x80)
503 #define ISIS_MASK_TLV_EXTD_IP_SUBTLV(x)     ((x)&0x40)
504 
505 #define ISIS_MASK_TLV_EXTD_IP6_IE(x)        ((x)&0x40)
506 #define ISIS_MASK_TLV_EXTD_IP6_SUBTLV(x)    ((x)&0x20)
507 
508 #define ISIS_LSP_TLV_METRIC_SUPPORTED(x)   ((x)&0x80)
509 #define ISIS_LSP_TLV_METRIC_IE(x)          ((x)&0x40)
510 #define ISIS_LSP_TLV_METRIC_UPDOWN(x)      ((x)&0x80)
511 #define ISIS_LSP_TLV_METRIC_VALUE(x)	   ((x)&0x3f)
512 
513 #define ISIS_MASK_TLV_SHARED_RISK_GROUP(x) ((x)&0x1)
514 
515 static const struct tok isis_mt_values[] = {
516     { 0,    "IPv4 unicast"},
517     { 1,    "In-Band Management"},
518     { 2,    "IPv6 unicast"},
519     { 3,    "Multicast"},
520     { 4095, "Development, Experimental or Proprietary"},
521     { 0, NULL }
522 };
523 
524 static const struct tok isis_iih_circuit_type_values[] = {
525     { 1,    "Level 1 only"},
526     { 2,    "Level 2 only"},
527     { 3,    "Level 1, Level 2"},
528     { 0, NULL}
529 };
530 
531 #define ISIS_LSP_TYPE_UNUSED0   0
532 #define ISIS_LSP_TYPE_LEVEL_1   1
533 #define ISIS_LSP_TYPE_UNUSED2   2
534 #define ISIS_LSP_TYPE_LEVEL_2   3
535 
536 static const struct tok isis_lsp_istype_values[] = {
537     { ISIS_LSP_TYPE_UNUSED0,	"Unused 0x0 (invalid)"},
538     { ISIS_LSP_TYPE_LEVEL_1,	"L1 IS"},
539     { ISIS_LSP_TYPE_UNUSED2,	"Unused 0x2 (invalid)"},
540     { ISIS_LSP_TYPE_LEVEL_2,	"L2 IS"},
541     { 0, NULL }
542 };
543 
544 /*
545  * Katz's point to point adjacency TLV uses codes to tell us the state of
546  * the remote adjacency.  Enumerate them.
547  */
548 
549 #define ISIS_PTP_ADJ_UP   0
550 #define ISIS_PTP_ADJ_INIT 1
551 #define ISIS_PTP_ADJ_DOWN 2
552 
553 static const struct tok isis_ptp_adjancey_values[] = {
554     { ISIS_PTP_ADJ_UP,    "Up" },
555     { ISIS_PTP_ADJ_INIT,  "Initializing" },
556     { ISIS_PTP_ADJ_DOWN,  "Down" },
557     { 0, NULL}
558 };
559 
560 struct isis_tlv_ptp_adj {
561     uint8_t adjacency_state;
562     uint8_t extd_local_circuit_id[4];
563     uint8_t neighbor_sysid[SYSTEM_ID_LEN];
564     uint8_t neighbor_extd_local_circuit_id[4];
565 };
566 
567 static int osi_print_cksum(netdissect_options *, const uint8_t *pptr,
568 			    uint16_t checksum, int checksum_offset, int length);
569 static int clnp_print(netdissect_options *, const uint8_t *, u_int);
570 static void esis_print(netdissect_options *, const uint8_t *, u_int);
571 static int isis_print(netdissect_options *, const uint8_t *, u_int);
572 
573 struct isis_metric_block {
574     uint8_t metric_default;
575     uint8_t metric_delay;
576     uint8_t metric_expense;
577     uint8_t metric_error;
578 };
579 
580 struct isis_tlv_is_reach {
581     struct isis_metric_block isis_metric_block;
582     uint8_t neighbor_nodeid[NODE_ID_LEN];
583 };
584 
585 struct isis_tlv_es_reach {
586     struct isis_metric_block isis_metric_block;
587     uint8_t neighbor_sysid[SYSTEM_ID_LEN];
588 };
589 
590 struct isis_tlv_ip_reach {
591     struct isis_metric_block isis_metric_block;
592     uint8_t prefix[4];
593     uint8_t mask[4];
594 };
595 
596 static const struct tok isis_is_reach_virtual_values[] = {
597     { 0,    "IsNotVirtual"},
598     { 1,    "IsVirtual"},
599     { 0, NULL }
600 };
601 
602 static const struct tok isis_restart_flag_values[] = {
603     { 0x1,  "Restart Request"},
604     { 0x2,  "Restart Acknowledgement"},
605     { 0x4,  "Suppress adjacency advertisement"},
606     { 0, NULL }
607 };
608 
609 struct isis_common_header {
610     uint8_t nlpid;
611     uint8_t fixed_len;
612     uint8_t version;			/* Protocol version */
613     uint8_t id_length;
614     uint8_t pdu_type;		        /* 3 MSbits are reserved */
615     uint8_t pdu_version;		/* Packet format version */
616     uint8_t reserved;
617     uint8_t max_area;
618 };
619 
620 struct isis_iih_lan_header {
621     uint8_t circuit_type;
622     uint8_t source_id[SYSTEM_ID_LEN];
623     uint8_t holding_time[2];
624     uint8_t pdu_len[2];
625     uint8_t priority;
626     uint8_t lan_id[NODE_ID_LEN];
627 };
628 
629 struct isis_iih_ptp_header {
630     uint8_t circuit_type;
631     uint8_t source_id[SYSTEM_ID_LEN];
632     uint8_t holding_time[2];
633     uint8_t pdu_len[2];
634     uint8_t circuit_id;
635 };
636 
637 struct isis_lsp_header {
638     uint8_t pdu_len[2];
639     uint8_t remaining_lifetime[2];
640     uint8_t lsp_id[LSP_ID_LEN];
641     uint8_t sequence_number[4];
642     uint8_t checksum[2];
643     uint8_t typeblock;
644 };
645 
646 struct isis_csnp_header {
647     uint8_t pdu_len[2];
648     uint8_t source_id[NODE_ID_LEN];
649     uint8_t start_lsp_id[LSP_ID_LEN];
650     uint8_t end_lsp_id[LSP_ID_LEN];
651 };
652 
653 struct isis_psnp_header {
654     uint8_t pdu_len[2];
655     uint8_t source_id[NODE_ID_LEN];
656 };
657 
658 struct isis_tlv_lsp {
659     uint8_t remaining_lifetime[2];
660     uint8_t lsp_id[LSP_ID_LEN];
661     uint8_t sequence_number[4];
662     uint8_t checksum[2];
663 };
664 
665 #define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header))
666 #define ISIS_IIH_LAN_HEADER_SIZE (sizeof(struct isis_iih_lan_header))
667 #define ISIS_IIH_PTP_HEADER_SIZE (sizeof(struct isis_iih_ptp_header))
668 #define ISIS_LSP_HEADER_SIZE (sizeof(struct isis_lsp_header))
669 #define ISIS_CSNP_HEADER_SIZE (sizeof(struct isis_csnp_header))
670 #define ISIS_PSNP_HEADER_SIZE (sizeof(struct isis_psnp_header))
671 
672 void
673 isoclns_print(netdissect_options *ndo,
674               const uint8_t *p, u_int length, u_int caplen)
675 {
676 	if (caplen <= 1) { /* enough bytes on the wire ? */
677 		ND_PRINT((ndo, "|OSI"));
678 		return;
679 	}
680 
681 	if (ndo->ndo_eflag)
682 		ND_PRINT((ndo, "OSI NLPID %s (0x%02x): ", tok2str(nlpid_values, "Unknown", *p), *p));
683 
684 	switch (*p) {
685 
686 	case NLPID_CLNP:
687 		if (!clnp_print(ndo, p, length))
688 			print_unknown_data(ndo, p, "\n\t", caplen);
689 		break;
690 
691 	case NLPID_ESIS:
692 		esis_print(ndo, p, length);
693 		return;
694 
695 	case NLPID_ISIS:
696 		if (!isis_print(ndo, p, length))
697 			print_unknown_data(ndo, p, "\n\t", caplen);
698 		break;
699 
700 	case NLPID_NULLNS:
701 		ND_PRINT((ndo, "%slength: %u", ndo->ndo_eflag ? "" : ", ", length));
702 		break;
703 
704 	case NLPID_Q933:
705 		q933_print(ndo, p + 1, length - 1);
706 		break;
707 
708 	case NLPID_IP:
709 		ip_print(ndo, p + 1, length - 1);
710 		break;
711 
712 	case NLPID_IP6:
713 		ip6_print(ndo, p + 1, length - 1);
714 		break;
715 
716 	case NLPID_PPP:
717 		ppp_print(ndo, p + 1, length - 1);
718 		break;
719 
720 	default:
721 		if (!ndo->ndo_eflag)
722 			ND_PRINT((ndo, "OSI NLPID 0x%02x unknown", *p));
723 		ND_PRINT((ndo, "%slength: %u", ndo->ndo_eflag ? "" : ", ", length));
724 		if (caplen > 1)
725 			print_unknown_data(ndo, p, "\n\t", caplen);
726 		break;
727 	}
728 }
729 
730 #define	CLNP_PDU_ER	 1
731 #define	CLNP_PDU_DT	28
732 #define	CLNP_PDU_MD	29
733 #define	CLNP_PDU_ERQ	30
734 #define	CLNP_PDU_ERP	31
735 
736 static const struct tok clnp_pdu_values[] = {
737     { CLNP_PDU_ER,  "Error Report"},
738     { CLNP_PDU_MD,  "MD"},
739     { CLNP_PDU_DT,  "Data"},
740     { CLNP_PDU_ERQ, "Echo Request"},
741     { CLNP_PDU_ERP, "Echo Response"},
742     { 0, NULL }
743 };
744 
745 struct clnp_header_t {
746     uint8_t nlpid;
747     uint8_t length_indicator;
748     uint8_t version;
749     uint8_t lifetime; /* units of 500ms */
750     uint8_t type;
751     uint8_t segment_length[2];
752     uint8_t cksum[2];
753 };
754 
755 struct clnp_segment_header_t {
756     uint8_t data_unit_id[2];
757     uint8_t segment_offset[2];
758     uint8_t total_length[2];
759 };
760 
761 /*
762  * clnp_print
763  * Decode CLNP packets.  Return 0 on error.
764  */
765 
766 static int
767 clnp_print(netdissect_options *ndo,
768            const uint8_t *pptr, u_int length)
769 {
770 	const uint8_t *optr,*source_address,*dest_address;
771         u_int li,tlen,nsap_offset,source_address_length,dest_address_length, clnp_pdu_type, clnp_flags;
772 	const struct clnp_header_t *clnp_header;
773 	const struct clnp_segment_header_t *clnp_segment_header;
774         uint8_t rfd_error_major,rfd_error_minor;
775 
776 	clnp_header = (const struct clnp_header_t *) pptr;
777         ND_TCHECK(*clnp_header);
778 
779         li = clnp_header->length_indicator;
780         optr = pptr;
781 
782         if (!ndo->ndo_eflag)
783             ND_PRINT((ndo, "CLNP"));
784 
785         /*
786          * Sanity checking of the header.
787          */
788 
789         if (clnp_header->version != CLNP_VERSION) {
790             ND_PRINT((ndo, "version %d packet not supported", clnp_header->version));
791             return (0);
792         }
793 
794 	if (li > length) {
795             ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length));
796             return (0);
797 	}
798 
799         if (li < sizeof(struct clnp_header_t)) {
800             ND_PRINT((ndo, " length indicator %u < min PDU size:", li));
801             while (pptr < ndo->ndo_snapend)
802                 ND_PRINT((ndo, "%02X", *pptr++));
803             return (0);
804         }
805 
806         /* FIXME further header sanity checking */
807 
808         clnp_pdu_type = clnp_header->type & CLNP_PDU_TYPE_MASK;
809         clnp_flags = clnp_header->type & CLNP_FLAG_MASK;
810 
811         pptr += sizeof(struct clnp_header_t);
812         li -= sizeof(struct clnp_header_t);
813 
814         if (li < 1) {
815             ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
816             return (0);
817         }
818 	ND_TCHECK(*pptr);
819         dest_address_length = *pptr;
820         pptr += 1;
821         li -= 1;
822         if (li < dest_address_length) {
823             ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
824             return (0);
825         }
826         ND_TCHECK2(*pptr, dest_address_length);
827         dest_address = pptr;
828         pptr += dest_address_length;
829         li -= dest_address_length;
830 
831         if (li < 1) {
832             ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
833             return (0);
834         }
835 	ND_TCHECK(*pptr);
836         source_address_length = *pptr;
837         pptr += 1;
838         li -= 1;
839         if (li < source_address_length) {
840             ND_PRINT((ndo, "li < size of fixed part of CLNP header and addresses"));
841             return (0);
842         }
843         ND_TCHECK2(*pptr, source_address_length);
844         source_address = pptr;
845         pptr += source_address_length;
846         li -= source_address_length;
847 
848         if (ndo->ndo_vflag < 1) {
849             ND_PRINT((ndo, "%s%s > %s, %s, length %u",
850                    ndo->ndo_eflag ? "" : ", ",
851                    isonsap_string(ndo, source_address, source_address_length),
852                    isonsap_string(ndo, dest_address, dest_address_length),
853                    tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type),
854                    length));
855             return (1);
856         }
857         ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length));
858 
859         ND_PRINT((ndo, "\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x",
860                tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type),
861                clnp_header->length_indicator,
862                clnp_header->version,
863                clnp_header->lifetime/2,
864                (clnp_header->lifetime%2)*5,
865                EXTRACT_16BITS(clnp_header->segment_length),
866                EXTRACT_16BITS(clnp_header->cksum)));
867 
868         if (osi_print_cksum(ndo, optr, EXTRACT_16BITS(clnp_header->cksum), 7,
869                             clnp_header->length_indicator) == 0)
870                 goto trunc;
871 
872         ND_PRINT((ndo, "\n\tFlags [%s]",
873                bittok2str(clnp_flag_values, "none", clnp_flags)));
874 
875         ND_PRINT((ndo, "\n\tsource address (length %u): %s\n\tdest   address (length %u): %s",
876                source_address_length,
877                isonsap_string(ndo, source_address, source_address_length),
878                dest_address_length,
879                isonsap_string(ndo, dest_address, dest_address_length)));
880 
881         if (clnp_flags & CLNP_SEGMENT_PART) {
882                 if (li < sizeof(const struct clnp_segment_header_t)) {
883                     ND_PRINT((ndo, "li < size of fixed part of CLNP header, addresses, and segment part"));
884                     return (0);
885                 }
886             	clnp_segment_header = (const struct clnp_segment_header_t *) pptr;
887                 ND_TCHECK(*clnp_segment_header);
888                 ND_PRINT((ndo, "\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u",
889                        EXTRACT_16BITS(clnp_segment_header->data_unit_id),
890                        EXTRACT_16BITS(clnp_segment_header->segment_offset),
891                        EXTRACT_16BITS(clnp_segment_header->total_length)));
892                 pptr+=sizeof(const struct clnp_segment_header_t);
893                 li-=sizeof(const struct clnp_segment_header_t);
894         }
895 
896         /* now walk the options */
897         while (li >= 2) {
898             u_int op, opli;
899             const uint8_t *tptr;
900 
901             if (li < 2) {
902                 ND_PRINT((ndo, ", bad opts/li"));
903                 return (0);
904             }
905             ND_TCHECK2(*pptr, 2);
906             op = *pptr++;
907             opli = *pptr++;
908             li -= 2;
909             if (opli > li) {
910                 ND_PRINT((ndo, ", opt (%d) too long", op));
911                 return (0);
912             }
913             ND_TCHECK2(*pptr, opli);
914             li -= opli;
915             tptr = pptr;
916             tlen = opli;
917 
918             ND_PRINT((ndo, "\n\t  %s Option #%u, length %u, value: ",
919                    tok2str(clnp_option_values,"Unknown",op),
920                    op,
921                    opli));
922 
923             /*
924              * We've already checked that the entire option is present
925              * in the captured packet with the ND_TCHECK2() call.
926              * Therefore, we don't need to do ND_TCHECK()/ND_TCHECK2()
927              * checks.
928              * We do, however, need to check tlen, to make sure we
929              * don't run past the end of the option.
930 	     */
931             switch (op) {
932 
933 
934             case CLNP_OPTION_ROUTE_RECORDING: /* those two options share the format */
935             case CLNP_OPTION_SOURCE_ROUTING:
936                     if (tlen < 2) {
937                             ND_PRINT((ndo, ", bad opt len"));
938                             return (0);
939                     }
940                     ND_PRINT((ndo, "%s %s",
941                            tok2str(clnp_option_sr_rr_values,"Unknown",*tptr),
942                            tok2str(clnp_option_sr_rr_string_values, "Unknown Option %u", op)));
943                     nsap_offset=*(tptr+1);
944                     if (nsap_offset == 0) {
945                             ND_PRINT((ndo, " Bad NSAP offset (0)"));
946                             break;
947                     }
948                     nsap_offset-=1; /* offset to nsap list */
949                     if (nsap_offset > tlen) {
950                             ND_PRINT((ndo, " Bad NSAP offset (past end of option)"));
951                             break;
952                     }
953                     tptr+=nsap_offset;
954                     tlen-=nsap_offset;
955                     while (tlen > 0) {
956                             source_address_length=*tptr;
957                             if (tlen < source_address_length+1) {
958                                     ND_PRINT((ndo, "\n\t    NSAP address goes past end of option"));
959                                     break;
960                             }
961                             if (source_address_length > 0) {
962                                     source_address=(tptr+1);
963                                     ND_TCHECK2(*source_address, source_address_length);
964                                     ND_PRINT((ndo, "\n\t    NSAP address (length %u): %s",
965                                            source_address_length,
966                                            isonsap_string(ndo, source_address, source_address_length)));
967                             }
968                             tlen-=source_address_length+1;
969                     }
970                     break;
971 
972             case CLNP_OPTION_PRIORITY:
973                     if (tlen < 1) {
974                             ND_PRINT((ndo, ", bad opt len"));
975                             return (0);
976                     }
977                     ND_PRINT((ndo, "0x%1x", *tptr&0x0f));
978                     break;
979 
980             case CLNP_OPTION_QOS_MAINTENANCE:
981                     if (tlen < 1) {
982                             ND_PRINT((ndo, ", bad opt len"));
983                             return (0);
984                     }
985                     ND_PRINT((ndo, "\n\t    Format Code: %s",
986                            tok2str(clnp_option_scope_values, "Reserved", *tptr&CLNP_OPTION_SCOPE_MASK)));
987 
988                     if ((*tptr&CLNP_OPTION_SCOPE_MASK) == CLNP_OPTION_SCOPE_GLOBAL)
989                             ND_PRINT((ndo, "\n\t    QoS Flags [%s]",
990                                    bittok2str(clnp_option_qos_global_values,
991                                               "none",
992                                               *tptr&CLNP_OPTION_OPTION_QOS_MASK)));
993                     break;
994 
995             case CLNP_OPTION_SECURITY:
996                     if (tlen < 2) {
997                             ND_PRINT((ndo, ", bad opt len"));
998                             return (0);
999                     }
1000                     ND_PRINT((ndo, "\n\t    Format Code: %s, Security-Level %u",
1001                            tok2str(clnp_option_scope_values,"Reserved",*tptr&CLNP_OPTION_SCOPE_MASK),
1002                            *(tptr+1)));
1003                     break;
1004 
1005             case CLNP_OPTION_DISCARD_REASON:
1006                 if (tlen < 1) {
1007                         ND_PRINT((ndo, ", bad opt len"));
1008                         return (0);
1009                 }
1010                 rfd_error_major = (*tptr&0xf0) >> 4;
1011                 rfd_error_minor = *tptr&0x0f;
1012                 ND_PRINT((ndo, "\n\t    Class: %s Error (0x%01x), %s (0x%01x)",
1013                        tok2str(clnp_option_rfd_class_values,"Unknown",rfd_error_major),
1014                        rfd_error_major,
1015                        tok2str(clnp_option_rfd_error_class[rfd_error_major],"Unknown",rfd_error_minor),
1016                        rfd_error_minor));
1017                 break;
1018 
1019             case CLNP_OPTION_PADDING:
1020                     ND_PRINT((ndo, "padding data"));
1021                 break;
1022 
1023                 /*
1024                  * FIXME those are the defined Options that lack a decoder
1025                  * you are welcome to contribute code ;-)
1026                  */
1027 
1028             default:
1029                 print_unknown_data(ndo, tptr, "\n\t  ", opli);
1030                 break;
1031             }
1032             if (ndo->ndo_vflag > 1)
1033                 print_unknown_data(ndo, pptr, "\n\t  ", opli);
1034             pptr += opli;
1035         }
1036 
1037         switch (clnp_pdu_type) {
1038 
1039         case    CLNP_PDU_ER: /* fall through */
1040         case 	CLNP_PDU_ERP:
1041             ND_TCHECK(*pptr);
1042             if (*(pptr) == NLPID_CLNP) {
1043                 ND_PRINT((ndo, "\n\t-----original packet-----\n\t"));
1044                 /* FIXME recursion protection */
1045                 clnp_print(ndo, pptr, length - clnp_header->length_indicator);
1046                 break;
1047             }
1048 
1049         case 	CLNP_PDU_DT:
1050         case 	CLNP_PDU_MD:
1051         case 	CLNP_PDU_ERQ:
1052 
1053         default:
1054             /* dump the PDU specific data */
1055             if (length-(pptr-optr) > 0) {
1056                 ND_PRINT((ndo, "\n\t  undecoded non-header data, length %u", length-clnp_header->length_indicator));
1057                 print_unknown_data(ndo, pptr, "\n\t  ", length - (pptr - optr));
1058             }
1059         }
1060 
1061         return (1);
1062 
1063  trunc:
1064     ND_PRINT((ndo, "[|clnp]"));
1065     return (1);
1066 
1067 }
1068 
1069 
1070 #define	ESIS_PDU_REDIRECT	6
1071 #define	ESIS_PDU_ESH	        2
1072 #define	ESIS_PDU_ISH	        4
1073 
1074 static const struct tok esis_pdu_values[] = {
1075     { ESIS_PDU_REDIRECT, "redirect"},
1076     { ESIS_PDU_ESH,      "ESH"},
1077     { ESIS_PDU_ISH,      "ISH"},
1078     { 0, NULL }
1079 };
1080 
1081 struct esis_header_t {
1082 	uint8_t nlpid;
1083 	uint8_t length_indicator;
1084 	uint8_t version;
1085 	uint8_t reserved;
1086 	uint8_t type;
1087 	uint8_t holdtime[2];
1088 	uint8_t cksum[2];
1089 };
1090 
1091 static void
1092 esis_print(netdissect_options *ndo,
1093            const uint8_t *pptr, u_int length)
1094 {
1095 	const uint8_t *optr;
1096 	u_int li,esis_pdu_type,source_address_length, source_address_number;
1097 	const struct esis_header_t *esis_header;
1098 
1099 	if (!ndo->ndo_eflag)
1100 		ND_PRINT((ndo, "ES-IS"));
1101 
1102 	if (length <= 2) {
1103 		ND_PRINT((ndo, ndo->ndo_qflag ? "bad pkt!" : "no header at all!"));
1104 		return;
1105 	}
1106 
1107 	esis_header = (const struct esis_header_t *) pptr;
1108         ND_TCHECK(*esis_header);
1109         li = esis_header->length_indicator;
1110         optr = pptr;
1111 
1112         /*
1113          * Sanity checking of the header.
1114          */
1115 
1116         if (esis_header->nlpid != NLPID_ESIS) {
1117             ND_PRINT((ndo, " nlpid 0x%02x packet not supported", esis_header->nlpid));
1118             return;
1119         }
1120 
1121         if (esis_header->version != ESIS_VERSION) {
1122             ND_PRINT((ndo, " version %d packet not supported", esis_header->version));
1123             return;
1124         }
1125 
1126 	if (li > length) {
1127             ND_PRINT((ndo, " length indicator(%u) > PDU size (%u)!", li, length));
1128             return;
1129 	}
1130 
1131 	if (li < sizeof(struct esis_header_t) + 2) {
1132             ND_PRINT((ndo, " length indicator %u < min PDU size:", li));
1133             while (pptr < ndo->ndo_snapend)
1134                 ND_PRINT((ndo, "%02X", *pptr++));
1135             return;
1136 	}
1137 
1138         esis_pdu_type = esis_header->type & ESIS_PDU_TYPE_MASK;
1139 
1140         if (ndo->ndo_vflag < 1) {
1141             ND_PRINT((ndo, "%s%s, length %u",
1142                    ndo->ndo_eflag ? "" : ", ",
1143                    tok2str(esis_pdu_values,"unknown type (%u)",esis_pdu_type),
1144                    length));
1145             return;
1146         } else
1147             ND_PRINT((ndo, "%slength %u\n\t%s (%u)",
1148                    ndo->ndo_eflag ? "" : ", ",
1149                    length,
1150                    tok2str(esis_pdu_values,"unknown type: %u", esis_pdu_type),
1151                    esis_pdu_type));
1152 
1153         ND_PRINT((ndo, ", v: %u%s", esis_header->version, esis_header->version == ESIS_VERSION ? "" : "unsupported" ));
1154         ND_PRINT((ndo, ", checksum: 0x%04x", EXTRACT_16BITS(esis_header->cksum)));
1155 
1156         if (osi_print_cksum(ndo, pptr, EXTRACT_16BITS(esis_header->cksum), 7, li) == 0)
1157                 goto trunc;
1158 
1159         ND_PRINT((ndo, ", holding time: %us, length indicator: %u",
1160                   EXTRACT_16BITS(esis_header->holdtime), li));
1161 
1162         if (ndo->ndo_vflag > 1)
1163             print_unknown_data(ndo, optr, "\n\t", sizeof(struct esis_header_t));
1164 
1165 	pptr += sizeof(struct esis_header_t);
1166 	li -= sizeof(struct esis_header_t);
1167 
1168 	switch (esis_pdu_type) {
1169 	case ESIS_PDU_REDIRECT: {
1170 		const uint8_t *dst, *snpa, *neta;
1171 		u_int dstl, snpal, netal;
1172 
1173 		ND_TCHECK(*pptr);
1174 		if (li < 1) {
1175 			ND_PRINT((ndo, ", bad redirect/li"));
1176 			return;
1177 		}
1178 		dstl = *pptr;
1179 		pptr++;
1180 		li--;
1181 		ND_TCHECK2(*pptr, dstl);
1182 		if (li < dstl) {
1183 			ND_PRINT((ndo, ", bad redirect/li"));
1184 			return;
1185 		}
1186 		dst = pptr;
1187 		pptr += dstl;
1188                 li -= dstl;
1189 		ND_PRINT((ndo, "\n\t  %s", isonsap_string(ndo, dst, dstl)));
1190 
1191 		ND_TCHECK(*pptr);
1192 		if (li < 1) {
1193 			ND_PRINT((ndo, ", bad redirect/li"));
1194 			return;
1195 		}
1196 		snpal = *pptr;
1197 		pptr++;
1198 		li--;
1199 		ND_TCHECK2(*pptr, snpal);
1200 		if (li < snpal) {
1201 			ND_PRINT((ndo, ", bad redirect/li"));
1202 			return;
1203 		}
1204 		snpa = pptr;
1205 		pptr += snpal;
1206                 li -= snpal;
1207 		ND_TCHECK(*pptr);
1208 		if (li < 1) {
1209 			ND_PRINT((ndo, ", bad redirect/li"));
1210 			return;
1211 		}
1212 		netal = *pptr;
1213 		pptr++;
1214 		ND_TCHECK2(*pptr, netal);
1215 		if (li < netal) {
1216 			ND_PRINT((ndo, ", bad redirect/li"));
1217 			return;
1218 		}
1219 		neta = pptr;
1220 		pptr += netal;
1221                 li -= netal;
1222 
1223 		if (netal == 0)
1224 			ND_PRINT((ndo, "\n\t  %s", etheraddr_string(ndo, snpa)));
1225 		else
1226 			ND_PRINT((ndo, "\n\t  %s", isonsap_string(ndo, neta, netal)));
1227 		break;
1228 	}
1229 
1230 	case ESIS_PDU_ESH:
1231             ND_TCHECK(*pptr);
1232             if (li < 1) {
1233                 ND_PRINT((ndo, ", bad esh/li"));
1234                 return;
1235             }
1236             source_address_number = *pptr;
1237             pptr++;
1238             li--;
1239 
1240             ND_PRINT((ndo, "\n\t  Number of Source Addresses: %u", source_address_number));
1241 
1242             while (source_address_number > 0) {
1243                 ND_TCHECK(*pptr);
1244             	if (li < 1) {
1245                     ND_PRINT((ndo, ", bad esh/li"));
1246             	    return;
1247             	}
1248                 source_address_length = *pptr;
1249                 pptr++;
1250             	li--;
1251 
1252                 ND_TCHECK2(*pptr, source_address_length);
1253             	if (li < source_address_length) {
1254                     ND_PRINT((ndo, ", bad esh/li"));
1255             	    return;
1256             	}
1257                 ND_PRINT((ndo, "\n\t  NET (length: %u): %s",
1258                        source_address_length,
1259                        isonsap_string(ndo, pptr, source_address_length)));
1260                 pptr += source_address_length;
1261                 li -= source_address_length;
1262                 source_address_number--;
1263             }
1264 
1265             break;
1266 
1267 	case ESIS_PDU_ISH: {
1268             ND_TCHECK(*pptr);
1269             if (li < 1) {
1270                 ND_PRINT((ndo, ", bad ish/li"));
1271                 return;
1272             }
1273             source_address_length = *pptr;
1274             pptr++;
1275             li--;
1276             ND_TCHECK2(*pptr, source_address_length);
1277             if (li < source_address_length) {
1278                 ND_PRINT((ndo, ", bad ish/li"));
1279                 return;
1280             }
1281             ND_PRINT((ndo, "\n\t  NET (length: %u): %s", source_address_length, isonsap_string(ndo, pptr, source_address_length)));
1282             pptr += source_address_length;
1283             li -= source_address_length;
1284             break;
1285 	}
1286 
1287 	default:
1288 		if (ndo->ndo_vflag <= 1) {
1289 			if (pptr < ndo->ndo_snapend)
1290 				print_unknown_data(ndo, pptr, "\n\t  ", ndo->ndo_snapend - pptr);
1291 		}
1292 		return;
1293 	}
1294 
1295         /* now walk the options */
1296         while (li != 0) {
1297             u_int op, opli;
1298             const uint8_t *tptr;
1299 
1300             if (li < 2) {
1301                 ND_PRINT((ndo, ", bad opts/li"));
1302                 return;
1303             }
1304             ND_TCHECK2(*pptr, 2);
1305             op = *pptr++;
1306             opli = *pptr++;
1307             li -= 2;
1308             if (opli > li) {
1309                 ND_PRINT((ndo, ", opt (%d) too long", op));
1310                 return;
1311             }
1312             li -= opli;
1313             tptr = pptr;
1314 
1315             ND_PRINT((ndo, "\n\t  %s Option #%u, length %u, value: ",
1316                    tok2str(esis_option_values,"Unknown",op),
1317                    op,
1318                    opli));
1319 
1320             switch (op) {
1321 
1322             case ESIS_OPTION_ES_CONF_TIME:
1323                 if (opli == 2) {
1324                     ND_TCHECK2(*pptr, 2);
1325                     ND_PRINT((ndo, "%us", EXTRACT_16BITS(tptr)));
1326                 } else
1327                     ND_PRINT((ndo, "(bad length)"));
1328                 break;
1329 
1330             case ESIS_OPTION_PROTOCOLS:
1331                 while (opli>0) {
1332                     ND_TCHECK(*pptr);
1333                     ND_PRINT((ndo, "%s (0x%02x)",
1334                            tok2str(nlpid_values,
1335                                    "unknown",
1336                                    *tptr),
1337                            *tptr));
1338                     if (opli>1) /* further NPLIDs ? - put comma */
1339                         ND_PRINT((ndo, ", "));
1340                     tptr++;
1341                     opli--;
1342                 }
1343                 break;
1344 
1345                 /*
1346                  * FIXME those are the defined Options that lack a decoder
1347                  * you are welcome to contribute code ;-)
1348                  */
1349 
1350             case ESIS_OPTION_QOS_MAINTENANCE:
1351             case ESIS_OPTION_SECURITY:
1352             case ESIS_OPTION_PRIORITY:
1353             case ESIS_OPTION_ADDRESS_MASK:
1354             case ESIS_OPTION_SNPA_MASK:
1355 
1356             default:
1357                 print_unknown_data(ndo, tptr, "\n\t  ", opli);
1358                 break;
1359             }
1360             if (ndo->ndo_vflag > 1)
1361                 print_unknown_data(ndo, pptr, "\n\t  ", opli);
1362             pptr += opli;
1363         }
1364 trunc:
1365 	return;
1366 }
1367 
1368 static void
1369 isis_print_mcid(netdissect_options *ndo,
1370                 const struct isis_spb_mcid *mcid)
1371 {
1372   int i;
1373 
1374   ND_TCHECK(*mcid);
1375   ND_PRINT((ndo,  "ID: %d, Name: ", mcid->format_id));
1376 
1377   if (fn_printzp(ndo, mcid->name, 32, ndo->ndo_snapend))
1378     goto trunc;
1379 
1380   ND_PRINT((ndo, "\n\t              Lvl: %d", EXTRACT_16BITS(mcid->revision_lvl)));
1381 
1382   ND_PRINT((ndo,  ", Digest: "));
1383 
1384   for(i=0;i<16;i++)
1385     ND_PRINT((ndo, "%.2x ", mcid->digest[i]));
1386 
1387 trunc:
1388   ND_PRINT((ndo, "%s", tstr));
1389 }
1390 
1391 static int
1392 isis_print_mt_port_cap_subtlv(netdissect_options *ndo,
1393                               const uint8_t *tptr, int len)
1394 {
1395   int stlv_type, stlv_len;
1396   const struct isis_subtlv_spb_mcid *subtlv_spb_mcid;
1397   int i;
1398 
1399   while (len > 2)
1400   {
1401     stlv_type = *(tptr++);
1402     stlv_len  = *(tptr++);
1403 
1404     /* first lets see if we know the subTLVs name*/
1405     ND_PRINT((ndo, "\n\t       %s subTLV #%u, length: %u",
1406                tok2str(isis_mt_port_cap_subtlv_values, "unknown", stlv_type),
1407                stlv_type,
1408                stlv_len));
1409 
1410     /*len -= TLV_TYPE_LEN_OFFSET;*/
1411     len = len -2;
1412 
1413     switch (stlv_type)
1414     {
1415       case ISIS_SUBTLV_SPB_MCID:
1416       {
1417         ND_TCHECK2(*(tptr), ISIS_SUBTLV_SPB_MCID_MIN_LEN);
1418 
1419         subtlv_spb_mcid = (const struct isis_subtlv_spb_mcid *)tptr;
1420 
1421         ND_PRINT((ndo,  "\n\t         MCID: "));
1422         isis_print_mcid(ndo, &(subtlv_spb_mcid->mcid));
1423 
1424           /*tptr += SPB_MCID_MIN_LEN;
1425             len -= SPB_MCID_MIN_LEN; */
1426 
1427         ND_PRINT((ndo,  "\n\t         AUX-MCID: "));
1428         isis_print_mcid(ndo, &(subtlv_spb_mcid->aux_mcid));
1429 
1430           /*tptr += SPB_MCID_MIN_LEN;
1431             len -= SPB_MCID_MIN_LEN; */
1432         tptr = tptr + sizeof(struct isis_subtlv_spb_mcid);
1433         len = len - sizeof(struct isis_subtlv_spb_mcid);
1434 
1435         break;
1436       }
1437 
1438       case ISIS_SUBTLV_SPB_DIGEST:
1439       {
1440         ND_TCHECK2(*(tptr), ISIS_SUBTLV_SPB_DIGEST_MIN_LEN);
1441 
1442         ND_PRINT((ndo, "\n\t        RES: %d V: %d A: %d D: %d",
1443                         (*(tptr) >> 5), (((*tptr)>> 4) & 0x01),
1444                         ((*(tptr) >> 2) & 0x03), ((*tptr) & 0x03)));
1445 
1446         tptr++;
1447 
1448         ND_PRINT((ndo,  "\n\t         Digest: "));
1449 
1450         for(i=1;i<=8; i++)
1451         {
1452             ND_PRINT((ndo, "%08x ", EXTRACT_32BITS(tptr)));
1453             if (i%4 == 0 && i != 8)
1454               ND_PRINT((ndo, "\n\t                 "));
1455             tptr = tptr + 4;
1456         }
1457 
1458         len = len - ISIS_SUBTLV_SPB_DIGEST_MIN_LEN;
1459 
1460         break;
1461       }
1462 
1463       case ISIS_SUBTLV_SPB_BVID:
1464       {
1465         ND_TCHECK2(*(tptr), stlv_len);
1466 
1467         while (len >= ISIS_SUBTLV_SPB_BVID_MIN_LEN)
1468         {
1469           ND_TCHECK2(*(tptr), ISIS_SUBTLV_SPB_BVID_MIN_LEN);
1470 
1471           ND_PRINT((ndo, "\n\t           ECT: %08x",
1472                       EXTRACT_32BITS(tptr)));
1473 
1474           tptr = tptr+4;
1475 
1476           ND_PRINT((ndo, " BVID: %d, U:%01x M:%01x ",
1477                      (EXTRACT_16BITS (tptr) >> 4) ,
1478                      (EXTRACT_16BITS (tptr) >> 3) & 0x01,
1479                      (EXTRACT_16BITS (tptr) >> 2) & 0x01));
1480 
1481           tptr = tptr + 2;
1482           len = len - ISIS_SUBTLV_SPB_BVID_MIN_LEN;
1483         }
1484 
1485         break;
1486       }
1487 
1488       default:
1489           break;
1490     }
1491   }
1492 
1493   return 0;
1494 
1495   trunc:
1496     ND_PRINT((ndo, "\n\t\t"));
1497     ND_PRINT((ndo, "%s", tstr));
1498     return(1);
1499 }
1500 
1501 static int
1502 isis_print_mt_capability_subtlv(netdissect_options *ndo,
1503                                 const uint8_t *tptr, int len)
1504 {
1505   int stlv_type, stlv_len, tmp;
1506 
1507   while (len > 2)
1508   {
1509     stlv_type = *(tptr++);
1510     stlv_len  = *(tptr++);
1511 
1512     /* first lets see if we know the subTLVs name*/
1513     ND_PRINT((ndo, "\n\t      %s subTLV #%u, length: %u",
1514                tok2str(isis_mt_capability_subtlv_values, "unknown", stlv_type),
1515                stlv_type,
1516                stlv_len));
1517 
1518     len = len - 2;
1519 
1520     switch (stlv_type)
1521     {
1522       case ISIS_SUBTLV_SPB_INSTANCE:
1523 
1524           ND_TCHECK2(*tptr, ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN);
1525 
1526           ND_PRINT((ndo, "\n\t        CIST Root-ID: %08x", EXTRACT_32BITS(tptr)));
1527           tptr = tptr+4;
1528           ND_PRINT((ndo, " %08x", EXTRACT_32BITS(tptr)));
1529           tptr = tptr+4;
1530           ND_PRINT((ndo, ", Path Cost: %08x", EXTRACT_32BITS(tptr)));
1531           tptr = tptr+4;
1532           ND_PRINT((ndo, ", Prio: %d", EXTRACT_16BITS(tptr)));
1533           tptr = tptr + 2;
1534           ND_PRINT((ndo, "\n\t        RES: %d",
1535                     EXTRACT_16BITS(tptr) >> 5));
1536           ND_PRINT((ndo, ", V: %d",
1537                     (EXTRACT_16BITS(tptr) >> 4) & 0x0001));
1538           ND_PRINT((ndo, ", SPSource-ID: %d",
1539                     (EXTRACT_32BITS(tptr) & 0x000fffff)));
1540           tptr = tptr+4;
1541           ND_PRINT((ndo, ", No of Trees: %x", *(tptr)));
1542 
1543           tmp = *(tptr++);
1544 
1545           len = len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN;
1546 
1547           while (tmp)
1548           {
1549             ND_TCHECK2(*tptr, ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN);
1550 
1551             ND_PRINT((ndo, "\n\t         U:%d, M:%d, A:%d, RES:%d",
1552                       *(tptr) >> 7, (*(tptr) >> 6) & 0x01,
1553                       (*(tptr) >> 5) & 0x01, (*(tptr) & 0x1f)));
1554 
1555             tptr++;
1556 
1557             ND_PRINT((ndo, ", ECT: %08x", EXTRACT_32BITS(tptr)));
1558 
1559             tptr = tptr + 4;
1560 
1561             ND_PRINT((ndo, ", BVID: %d, SPVID: %d",
1562                       (EXTRACT_24BITS(tptr) >> 12) & 0x000fff,
1563                       EXTRACT_24BITS(tptr) & 0x000fff));
1564 
1565             tptr = tptr + 3;
1566             len = len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN;
1567             tmp--;
1568           }
1569 
1570           break;
1571 
1572       case ISIS_SUBTLV_SPBM_SI:
1573 
1574           ND_TCHECK2(*tptr, 8);
1575 
1576           ND_PRINT((ndo, "\n\t        BMAC: %08x", EXTRACT_32BITS(tptr)));
1577           tptr = tptr+4;
1578           ND_PRINT((ndo, "%04x", EXTRACT_16BITS(tptr)));
1579           tptr = tptr+2;
1580 
1581           ND_PRINT((ndo, ", RES: %d, VID: %d", EXTRACT_16BITS(tptr) >> 12,
1582                     (EXTRACT_16BITS(tptr)) & 0x0fff));
1583 
1584           tptr = tptr+2;
1585           len = len - 8;
1586           stlv_len = stlv_len - 8;
1587 
1588           while (stlv_len >= 4) {
1589             ND_TCHECK2(*tptr, 4);
1590             ND_PRINT((ndo, "\n\t        T: %d, R: %d, RES: %d, ISID: %d",
1591                     (EXTRACT_32BITS(tptr) >> 31),
1592                     (EXTRACT_32BITS(tptr) >> 30) & 0x01,
1593                     (EXTRACT_32BITS(tptr) >> 24) & 0x03f,
1594                     (EXTRACT_32BITS(tptr)) & 0x0ffffff));
1595 
1596             tptr = tptr + 4;
1597             len = len - 4;
1598             stlv_len = stlv_len - 4;
1599           }
1600 
1601         break;
1602 
1603       default:
1604         break;
1605     }
1606   }
1607   return 0;
1608 
1609   trunc:
1610     ND_PRINT((ndo, "\n\t\t"));
1611     ND_PRINT((ndo, "%s", tstr));
1612     return(1);
1613 }
1614 
1615 /* shared routine for printing system, node and lsp-ids */
1616 static char *
1617 isis_print_id(const uint8_t *cp, int id_len)
1618 {
1619     int i;
1620     static char id[sizeof("xxxx.xxxx.xxxx.yy-zz")];
1621     char *pos = id;
1622 
1623     for (i = 1; i <= SYSTEM_ID_LEN; i++) {
1624         snprintf(pos, sizeof(id) - (pos - id), "%02x", *cp++);
1625 	pos += strlen(pos);
1626 	if (i == 2 || i == 4)
1627 	    *pos++ = '.';
1628 	}
1629     if (id_len >= NODE_ID_LEN) {
1630         snprintf(pos, sizeof(id) - (pos - id), ".%02x", *cp++);
1631 	pos += strlen(pos);
1632     }
1633     if (id_len == LSP_ID_LEN)
1634         snprintf(pos, sizeof(id) - (pos - id), "-%02x", *cp);
1635     return (id);
1636 }
1637 
1638 /* print the 4-byte metric block which is common found in the old-style TLVs */
1639 static int
1640 isis_print_metric_block(netdissect_options *ndo,
1641                         const struct isis_metric_block *isis_metric_block)
1642 {
1643     ND_PRINT((ndo, ", Default Metric: %d, %s",
1644            ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_default),
1645            ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_default) ? "External" : "Internal"));
1646     if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_delay))
1647         ND_PRINT((ndo, "\n\t\t  Delay Metric: %d, %s",
1648                ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_delay),
1649                ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_delay) ? "External" : "Internal"));
1650     if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_expense))
1651         ND_PRINT((ndo, "\n\t\t  Expense Metric: %d, %s",
1652                ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_expense),
1653                ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_expense) ? "External" : "Internal"));
1654     if (!ISIS_LSP_TLV_METRIC_SUPPORTED(isis_metric_block->metric_error))
1655         ND_PRINT((ndo, "\n\t\t  Error Metric: %d, %s",
1656                ISIS_LSP_TLV_METRIC_VALUE(isis_metric_block->metric_error),
1657                ISIS_LSP_TLV_METRIC_IE(isis_metric_block->metric_error) ? "External" : "Internal"));
1658 
1659     return(1); /* everything is ok */
1660 }
1661 
1662 static int
1663 isis_print_tlv_ip_reach(netdissect_options *ndo,
1664                         const uint8_t *cp, const char *ident, int length)
1665 {
1666 	int prefix_len;
1667 	const struct isis_tlv_ip_reach *tlv_ip_reach;
1668 
1669 	tlv_ip_reach = (const struct isis_tlv_ip_reach *)cp;
1670 
1671 	while (length > 0) {
1672 		if ((size_t)length < sizeof(*tlv_ip_reach)) {
1673 			ND_PRINT((ndo, "short IPv4 Reachability (%d vs %lu)",
1674                                length,
1675                                (unsigned long)sizeof(*tlv_ip_reach)));
1676 			return (0);
1677 		}
1678 
1679 		if (!ND_TTEST(*tlv_ip_reach))
1680 		    return (0);
1681 
1682 		prefix_len = mask2plen(EXTRACT_32BITS(tlv_ip_reach->mask));
1683 
1684 		if (prefix_len == -1)
1685 			ND_PRINT((ndo, "%sIPv4 prefix: %s mask %s",
1686                                ident,
1687 			       ipaddr_string(ndo, (tlv_ip_reach->prefix)),
1688 			       ipaddr_string(ndo, (tlv_ip_reach->mask))));
1689 		else
1690 			ND_PRINT((ndo, "%sIPv4 prefix: %15s/%u",
1691                                ident,
1692 			       ipaddr_string(ndo, (tlv_ip_reach->prefix)),
1693 			       prefix_len));
1694 
1695 		ND_PRINT((ndo, ", Distribution: %s, Metric: %u, %s",
1696                        ISIS_LSP_TLV_METRIC_UPDOWN(tlv_ip_reach->isis_metric_block.metric_default) ? "down" : "up",
1697                        ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_default),
1698                        ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_default) ? "External" : "Internal"));
1699 
1700 		if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_delay))
1701                     ND_PRINT((ndo, "%s  Delay Metric: %u, %s",
1702                            ident,
1703                            ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_delay),
1704                            ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_delay) ? "External" : "Internal"));
1705 
1706 		if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_expense))
1707                     ND_PRINT((ndo, "%s  Expense Metric: %u, %s",
1708                            ident,
1709                            ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_expense),
1710                            ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_expense) ? "External" : "Internal"));
1711 
1712 		if (!ISIS_LSP_TLV_METRIC_SUPPORTED(tlv_ip_reach->isis_metric_block.metric_error))
1713                     ND_PRINT((ndo, "%s  Error Metric: %u, %s",
1714                            ident,
1715                            ISIS_LSP_TLV_METRIC_VALUE(tlv_ip_reach->isis_metric_block.metric_error),
1716                            ISIS_LSP_TLV_METRIC_IE(tlv_ip_reach->isis_metric_block.metric_error) ? "External" : "Internal"));
1717 
1718 		length -= sizeof(struct isis_tlv_ip_reach);
1719 		tlv_ip_reach++;
1720 	}
1721 	return (1);
1722 }
1723 
1724 /*
1725  * this is the common IP-REACH subTLV decoder it is called
1726  * from various EXTD-IP REACH TLVs (135,235,236,237)
1727  */
1728 
1729 static int
1730 isis_print_ip_reach_subtlv(netdissect_options *ndo,
1731                            const uint8_t *tptr, int subt, int subl,
1732                            const char *ident)
1733 {
1734     /* first lets see if we know the subTLVs name*/
1735     ND_PRINT((ndo, "%s%s subTLV #%u, length: %u",
1736               ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt),
1737               subt, subl));
1738 
1739     ND_TCHECK2(*tptr,subl);
1740 
1741     switch(subt) {
1742     case ISIS_SUBTLV_EXTD_IP_REACH_MGMT_PREFIX_COLOR: /* fall through */
1743     case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG32:
1744         while (subl >= 4) {
1745 	    ND_PRINT((ndo, ", 0x%08x (=%u)",
1746 		   EXTRACT_32BITS(tptr),
1747 		   EXTRACT_32BITS(tptr)));
1748 	    tptr+=4;
1749 	    subl-=4;
1750 	}
1751 	break;
1752     case ISIS_SUBTLV_EXTD_IP_REACH_ADMIN_TAG64:
1753         while (subl >= 8) {
1754 	    ND_PRINT((ndo, ", 0x%08x%08x",
1755 		   EXTRACT_32BITS(tptr),
1756 		   EXTRACT_32BITS(tptr+4)));
1757 	    tptr+=8;
1758 	    subl-=8;
1759 	}
1760 	break;
1761     default:
1762 	if (!print_unknown_data(ndo, tptr, "\n\t\t    ", subl))
1763 	  return(0);
1764 	break;
1765     }
1766     return(1);
1767 
1768 trunc:
1769     ND_PRINT((ndo, "%s", ident));
1770     ND_PRINT((ndo, "%s", tstr));
1771     return(0);
1772 }
1773 
1774 /*
1775  * this is the common IS-REACH subTLV decoder it is called
1776  * from isis_print_ext_is_reach()
1777  */
1778 
1779 static int
1780 isis_print_is_reach_subtlv(netdissect_options *ndo,
1781                            const uint8_t *tptr, u_int subt, u_int subl,
1782                            const char *ident)
1783 {
1784         u_int te_class,priority_level,gmpls_switch_cap;
1785         union { /* int to float conversion buffer for several subTLVs */
1786             float f;
1787             uint32_t i;
1788         } bw;
1789 
1790         /* first lets see if we know the subTLVs name*/
1791 	ND_PRINT((ndo, "%s%s subTLV #%u, length: %u",
1792 	          ident, tok2str(isis_ext_is_reach_subtlv_values, "unknown", subt),
1793 	          subt, subl));
1794 
1795 	ND_TCHECK2(*tptr, subl);
1796 
1797         switch(subt) {
1798         case ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP:
1799         case ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID:
1800         case ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID:
1801 	    if (subl >= 4) {
1802 	      ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr)));
1803 	      if (subl == 8) /* rfc4205 */
1804 	        ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr+4)));
1805 	    }
1806 	    break;
1807         case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR:
1808         case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR:
1809             if (subl >= sizeof(struct in_addr))
1810               ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr)));
1811             break;
1812         case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW :
1813 	case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW:
1814             if (subl >= 4) {
1815               bw.i = EXTRACT_32BITS(tptr);
1816               ND_PRINT((ndo, ", %.3f Mbps", bw.f * 8 / 1000000));
1817             }
1818             break;
1819         case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW :
1820             if (subl >= 32) {
1821               for (te_class = 0; te_class < 8; te_class++) {
1822                 bw.i = EXTRACT_32BITS(tptr);
1823                 ND_PRINT((ndo, "%s  TE-Class %u: %.3f Mbps",
1824                        ident,
1825                        te_class,
1826                        bw.f * 8 / 1000000));
1827 		tptr+=4;
1828 	      }
1829             }
1830             break;
1831         case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS: /* fall through */
1832         case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD:
1833             ND_PRINT((ndo, "%sBandwidth Constraints Model ID: %s (%u)",
1834                    ident,
1835                    tok2str(diffserv_te_bc_values, "unknown", *tptr),
1836                    *tptr));
1837             tptr++;
1838             /* decode BCs until the subTLV ends */
1839             for (te_class = 0; te_class < (subl-1)/4; te_class++) {
1840                 ND_TCHECK2(*tptr, 4);
1841                 bw.i = EXTRACT_32BITS(tptr);
1842                 ND_PRINT((ndo, "%s  Bandwidth constraint CT%u: %.3f Mbps",
1843                        ident,
1844                        te_class,
1845                        bw.f * 8 / 1000000));
1846 		tptr+=4;
1847             }
1848             break;
1849         case ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC:
1850             if (subl >= 3)
1851               ND_PRINT((ndo, ", %u", EXTRACT_24BITS(tptr)));
1852             break;
1853         case ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE:
1854             if (subl == 2) {
1855                ND_PRINT((ndo, ", [ %s ] (0x%04x)",
1856                       bittok2str(isis_subtlv_link_attribute_values,
1857                                  "Unknown",
1858                                  EXTRACT_16BITS(tptr)),
1859                       EXTRACT_16BITS(tptr)));
1860             }
1861             break;
1862         case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE:
1863             if (subl >= 2) {
1864               ND_PRINT((ndo, ", %s, Priority %u",
1865 		   bittok2str(gmpls_link_prot_values, "none", *tptr),
1866                    *(tptr+1)));
1867             }
1868             break;
1869         case ISIS_SUBTLV_SPB_METRIC:
1870             if (subl >= 6) {
1871               ND_PRINT((ndo, ", LM: %u", EXTRACT_24BITS(tptr)));
1872               tptr=tptr+3;
1873               ND_PRINT((ndo, ", P: %u", *(tptr)));
1874               tptr++;
1875               ND_PRINT((ndo, ", P-ID: %u", EXTRACT_16BITS(tptr)));
1876             }
1877             break;
1878         case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR:
1879             if (subl >= 36) {
1880               gmpls_switch_cap = *tptr;
1881               ND_PRINT((ndo, "%s  Interface Switching Capability:%s",
1882                    ident,
1883                    tok2str(gmpls_switch_cap_values, "Unknown", gmpls_switch_cap)));
1884               ND_PRINT((ndo, ", LSP Encoding: %s",
1885                    tok2str(gmpls_encoding_values, "Unknown", *(tptr + 1))));
1886 	      tptr+=4;
1887               ND_PRINT((ndo, "%s  Max LSP Bandwidth:", ident));
1888               for (priority_level = 0; priority_level < 8; priority_level++) {
1889                 bw.i = EXTRACT_32BITS(tptr);
1890                 ND_PRINT((ndo, "%s    priority level %d: %.3f Mbps",
1891                        ident,
1892                        priority_level,
1893                        bw.f * 8 / 1000000));
1894 		tptr+=4;
1895               }
1896               subl-=36;
1897               switch (gmpls_switch_cap) {
1898               case GMPLS_PSC1:
1899               case GMPLS_PSC2:
1900               case GMPLS_PSC3:
1901               case GMPLS_PSC4:
1902                 ND_TCHECK2(*tptr, 6);
1903                 bw.i = EXTRACT_32BITS(tptr);
1904                 ND_PRINT((ndo, "%s  Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000));
1905                 ND_PRINT((ndo, "%s  Interface MTU: %u", ident, EXTRACT_16BITS(tptr + 4)));
1906                 break;
1907               case GMPLS_TSC:
1908                 ND_TCHECK2(*tptr, 8);
1909                 bw.i = EXTRACT_32BITS(tptr);
1910                 ND_PRINT((ndo, "%s  Min LSP Bandwidth: %.3f Mbps", ident, bw.f * 8 / 1000000));
1911                 ND_PRINT((ndo, "%s  Indication %s", ident,
1912                        tok2str(gmpls_switch_cap_tsc_indication_values, "Unknown (%u)", *(tptr + 4))));
1913                 break;
1914               default:
1915                 /* there is some optional stuff left to decode but this is as of yet
1916                    not specified so just lets hexdump what is left */
1917                 if(subl>0){
1918                   if (!print_unknown_data(ndo, tptr, "\n\t\t    ", subl))
1919                     return(0);
1920                 }
1921               }
1922             }
1923             break;
1924         default:
1925             if (!print_unknown_data(ndo, tptr, "\n\t\t    ", subl))
1926                 return(0);
1927             break;
1928         }
1929         return(1);
1930 
1931 trunc:
1932     return(0);
1933 }
1934 
1935 /*
1936  * this is the common IS-REACH decoder it is called
1937  * from various EXTD-IS REACH style TLVs (22,24,222)
1938  */
1939 
1940 static int
1941 isis_print_ext_is_reach(netdissect_options *ndo,
1942                         const uint8_t *tptr, const char *ident, int tlv_type)
1943 {
1944     char ident_buffer[20];
1945     int subtlv_type,subtlv_len,subtlv_sum_len;
1946     int proc_bytes = 0; /* how many bytes did we process ? */
1947 
1948     if (!ND_TTEST2(*tptr, NODE_ID_LEN))
1949         return(0);
1950 
1951     ND_PRINT((ndo, "%sIS Neighbor: %s", ident, isis_print_id(tptr, NODE_ID_LEN)));
1952     tptr+=(NODE_ID_LEN);
1953 
1954     if (tlv_type != ISIS_TLV_IS_ALIAS_ID) { /* the Alias TLV Metric field is implicit 0 */
1955         if (!ND_TTEST2(*tptr, 3))    /* and is therefore skipped */
1956 	    return(0);
1957 	ND_PRINT((ndo, ", Metric: %d", EXTRACT_24BITS(tptr)));
1958 	tptr+=3;
1959     }
1960 
1961     if (!ND_TTEST2(*tptr, 1))
1962         return(0);
1963     subtlv_sum_len=*(tptr++); /* read out subTLV length */
1964     proc_bytes=NODE_ID_LEN+3+1;
1965     ND_PRINT((ndo, ", %ssub-TLVs present",subtlv_sum_len ? "" : "no "));
1966     if (subtlv_sum_len) {
1967         ND_PRINT((ndo, " (%u)", subtlv_sum_len));
1968         while (subtlv_sum_len>0) {
1969             if (!ND_TTEST2(*tptr,2))
1970                 return(0);
1971             subtlv_type=*(tptr++);
1972             subtlv_len=*(tptr++);
1973             /* prepend the indent string */
1974             snprintf(ident_buffer, sizeof(ident_buffer), "%s  ",ident);
1975             if (!isis_print_is_reach_subtlv(ndo, tptr, subtlv_type, subtlv_len, ident_buffer))
1976                 return(0);
1977             tptr+=subtlv_len;
1978             subtlv_sum_len-=(subtlv_len+2);
1979             proc_bytes+=(subtlv_len+2);
1980         }
1981     }
1982     return(proc_bytes);
1983 }
1984 
1985 /*
1986  * this is the common Multi Topology ID decoder
1987  * it is called from various MT-TLVs (222,229,235,237)
1988  */
1989 
1990 static int
1991 isis_print_mtid(netdissect_options *ndo,
1992                 const uint8_t *tptr, const char *ident)
1993 {
1994     if (!ND_TTEST2(*tptr, 2))
1995         return(0);
1996 
1997     ND_PRINT((ndo, "%s%s",
1998            ident,
1999            tok2str(isis_mt_values,
2000                    "Reserved for IETF Consensus",
2001                    ISIS_MASK_MTID(EXTRACT_16BITS(tptr)))));
2002 
2003     ND_PRINT((ndo, " Topology (0x%03x), Flags: [%s]",
2004            ISIS_MASK_MTID(EXTRACT_16BITS(tptr)),
2005            bittok2str(isis_mt_flag_values, "none",ISIS_MASK_MTFLAGS(EXTRACT_16BITS(tptr)))));
2006 
2007     return(2);
2008 }
2009 
2010 /*
2011  * this is the common extended IP reach decoder
2012  * it is called from TLVs (135,235,236,237)
2013  * we process the TLV and optional subTLVs and return
2014  * the amount of processed bytes
2015  */
2016 
2017 static int
2018 isis_print_extd_ip_reach(netdissect_options *ndo,
2019                          const uint8_t *tptr, const char *ident, uint16_t afi)
2020 {
2021     char ident_buffer[20];
2022     uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */
2023     u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen;
2024 
2025     if (!ND_TTEST2(*tptr, 4))
2026         return (0);
2027     metric = EXTRACT_32BITS(tptr);
2028     processed=4;
2029     tptr+=4;
2030 
2031     if (afi == AF_INET) {
2032         if (!ND_TTEST2(*tptr, 1)) /* fetch status byte */
2033             return (0);
2034         status_byte=*(tptr++);
2035         bit_length = status_byte&0x3f;
2036         if (bit_length > 32) {
2037             ND_PRINT((ndo, "%sIPv4 prefix: bad bit length %u",
2038                    ident,
2039                    bit_length));
2040             return (0);
2041         }
2042         processed++;
2043     } else if (afi == AF_INET6) {
2044         if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */
2045             return (0);
2046         status_byte=*(tptr++);
2047         bit_length=*(tptr++);
2048         if (bit_length > 128) {
2049             ND_PRINT((ndo, "%sIPv6 prefix: bad bit length %u",
2050                    ident,
2051                    bit_length));
2052             return (0);
2053         }
2054         processed+=2;
2055     } else
2056         return (0); /* somebody is fooling us */
2057 
2058     byte_length = (bit_length + 7) / 8; /* prefix has variable length encoding */
2059 
2060     if (!ND_TTEST2(*tptr, byte_length))
2061         return (0);
2062     memset(prefix, 0, sizeof prefix);   /* clear the copy buffer */
2063     memcpy(prefix,tptr,byte_length);    /* copy as much as is stored in the TLV */
2064     tptr+=byte_length;
2065     processed+=byte_length;
2066 
2067     if (afi == AF_INET)
2068         ND_PRINT((ndo, "%sIPv4 prefix: %15s/%u",
2069                ident,
2070                ipaddr_string(ndo, prefix),
2071                bit_length));
2072     else if (afi == AF_INET6)
2073         ND_PRINT((ndo, "%sIPv6 prefix: %s/%u",
2074                ident,
2075                ip6addr_string(ndo, prefix),
2076                bit_length));
2077 
2078     ND_PRINT((ndo, ", Distribution: %s, Metric: %u",
2079            ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? "down" : "up",
2080            metric));
2081 
2082     if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte))
2083         ND_PRINT((ndo, ", sub-TLVs present"));
2084     else if (afi == AF_INET6)
2085         ND_PRINT((ndo, ", %s%s",
2086                ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? "External" : "Internal",
2087                ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? ", sub-TLVs present" : ""));
2088 
2089     if ((afi == AF_INET  && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte))
2090      || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte))
2091 	) {
2092         /* assume that one prefix can hold more
2093            than one subTLV - therefore the first byte must reflect
2094            the aggregate bytecount of the subTLVs for this prefix
2095         */
2096         if (!ND_TTEST2(*tptr, 1))
2097             return (0);
2098         sublen=*(tptr++);
2099         processed+=sublen+1;
2100         ND_PRINT((ndo, " (%u)", sublen));   /* print out subTLV length */
2101 
2102         while (sublen>0) {
2103             if (!ND_TTEST2(*tptr,2))
2104                 return (0);
2105             subtlvtype=*(tptr++);
2106             subtlvlen=*(tptr++);
2107             /* prepend the indent string */
2108             snprintf(ident_buffer, sizeof(ident_buffer), "%s  ",ident);
2109             if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer))
2110                 return(0);
2111             tptr+=subtlvlen;
2112             sublen-=(subtlvlen+2);
2113         }
2114     }
2115     return (processed);
2116 }
2117 
2118 /*
2119  * Clear checksum and lifetime prior to signature verification.
2120  */
2121 static void
2122 isis_clear_checksum_lifetime(void *header)
2123 {
2124     struct isis_lsp_header *header_lsp = (struct isis_lsp_header *) header;
2125 
2126     header_lsp->checksum[0] = 0;
2127     header_lsp->checksum[1] = 0;
2128     header_lsp->remaining_lifetime[0] = 0;
2129     header_lsp->remaining_lifetime[1] = 0;
2130 }
2131 
2132 /*
2133  * isis_print
2134  * Decode IS-IS packets.  Return 0 on error.
2135  */
2136 
2137 static int
2138 isis_print(netdissect_options *ndo,
2139            const uint8_t *p, u_int length)
2140 {
2141     const struct isis_common_header *isis_header;
2142 
2143     const struct isis_iih_lan_header *header_iih_lan;
2144     const struct isis_iih_ptp_header *header_iih_ptp;
2145     const struct isis_lsp_header *header_lsp;
2146     const struct isis_csnp_header *header_csnp;
2147     const struct isis_psnp_header *header_psnp;
2148 
2149     const struct isis_tlv_lsp *tlv_lsp;
2150     const struct isis_tlv_ptp_adj *tlv_ptp_adj;
2151     const struct isis_tlv_is_reach *tlv_is_reach;
2152     const struct isis_tlv_es_reach *tlv_es_reach;
2153 
2154     uint8_t pdu_type, max_area, id_length, tlv_type, tlv_len, tmp, alen, lan_alen, prefix_len;
2155     uint8_t ext_is_len, ext_ip_len, mt_len;
2156     const uint8_t *optr, *pptr, *tptr;
2157     u_short packet_len,pdu_len, key_id;
2158     u_int i,vendor_id;
2159     int sigcheck;
2160 
2161     packet_len=length;
2162     optr = p; /* initialize the _o_riginal pointer to the packet start -
2163                  need it for parsing the checksum TLV and authentication
2164                  TLV verification */
2165     isis_header = (const struct isis_common_header *)p;
2166     ND_TCHECK(*isis_header);
2167     pptr = p+(ISIS_COMMON_HEADER_SIZE);
2168     header_iih_lan = (const struct isis_iih_lan_header *)pptr;
2169     header_iih_ptp = (const struct isis_iih_ptp_header *)pptr;
2170     header_lsp = (const struct isis_lsp_header *)pptr;
2171     header_csnp = (const struct isis_csnp_header *)pptr;
2172     header_psnp = (const struct isis_psnp_header *)pptr;
2173 
2174     if (!ndo->ndo_eflag)
2175         ND_PRINT((ndo, "IS-IS"));
2176 
2177     /*
2178      * Sanity checking of the header.
2179      */
2180 
2181     if (isis_header->version != ISIS_VERSION) {
2182 	ND_PRINT((ndo, "version %d packet not supported", isis_header->version));
2183 	return (0);
2184     }
2185 
2186     if ((isis_header->id_length != SYSTEM_ID_LEN) && (isis_header->id_length != 0)) {
2187 	ND_PRINT((ndo, "system ID length of %d is not supported",
2188 	       isis_header->id_length));
2189 	return (0);
2190     }
2191 
2192     if (isis_header->pdu_version != ISIS_VERSION) {
2193 	ND_PRINT((ndo, "version %d packet not supported", isis_header->pdu_version));
2194 	return (0);
2195     }
2196 
2197     max_area = isis_header->max_area;
2198     switch(max_area) {
2199     case 0:
2200 	max_area = 3;	 /* silly shit */
2201 	break;
2202     case 255:
2203 	ND_PRINT((ndo, "bad packet -- 255 areas"));
2204 	return (0);
2205     default:
2206 	break;
2207     }
2208 
2209     id_length = isis_header->id_length;
2210     switch(id_length) {
2211     case 0:
2212         id_length = 6;	 /* silly shit again */
2213 	break;
2214     case 1:              /* 1-8 are valid sys-ID lenghts */
2215     case 2:
2216     case 3:
2217     case 4:
2218     case 5:
2219     case 6:
2220     case 7:
2221     case 8:
2222         break;
2223     case 255:
2224         id_length = 0;   /* entirely useless */
2225 	break;
2226     default:
2227         break;
2228     }
2229 
2230     /* toss any non 6-byte sys-ID len PDUs */
2231     if (id_length != 6 ) {
2232 	ND_PRINT((ndo, "bad packet -- illegal sys-ID length (%u)", id_length));
2233 	return (0);
2234     }
2235 
2236     pdu_type=isis_header->pdu_type;
2237 
2238     /* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/
2239     if (ndo->ndo_vflag < 1) {
2240         ND_PRINT((ndo, "%s%s",
2241                ndo->ndo_eflag ? "" : ", ",
2242                tok2str(isis_pdu_values, "unknown PDU-Type %u", pdu_type)));
2243 
2244 	switch (pdu_type) {
2245 
2246 	case ISIS_PDU_L1_LAN_IIH:
2247 	case ISIS_PDU_L2_LAN_IIH:
2248 	    ND_TCHECK(*header_iih_lan);
2249 	    ND_PRINT((ndo, ", src-id %s",
2250                    isis_print_id(header_iih_lan->source_id, SYSTEM_ID_LEN)));
2251 	    ND_PRINT((ndo, ", lan-id %s, prio %u",
2252                    isis_print_id(header_iih_lan->lan_id,NODE_ID_LEN),
2253                    header_iih_lan->priority));
2254 	    break;
2255 	case ISIS_PDU_PTP_IIH:
2256 	    ND_TCHECK(*header_iih_ptp);
2257 	    ND_PRINT((ndo, ", src-id %s", isis_print_id(header_iih_ptp->source_id, SYSTEM_ID_LEN)));
2258 	    break;
2259 	case ISIS_PDU_L1_LSP:
2260 	case ISIS_PDU_L2_LSP:
2261 	    ND_TCHECK(*header_lsp);
2262 	    ND_PRINT((ndo, ", lsp-id %s, seq 0x%08x, lifetime %5us",
2263 		   isis_print_id(header_lsp->lsp_id, LSP_ID_LEN),
2264 		   EXTRACT_32BITS(header_lsp->sequence_number),
2265 		   EXTRACT_16BITS(header_lsp->remaining_lifetime)));
2266 	    break;
2267 	case ISIS_PDU_L1_CSNP:
2268 	case ISIS_PDU_L2_CSNP:
2269 	    ND_TCHECK(*header_csnp);
2270 	    ND_PRINT((ndo, ", src-id %s", isis_print_id(header_csnp->source_id, NODE_ID_LEN)));
2271 	    break;
2272 	case ISIS_PDU_L1_PSNP:
2273 	case ISIS_PDU_L2_PSNP:
2274 	    ND_TCHECK(*header_psnp);
2275 	    ND_PRINT((ndo, ", src-id %s", isis_print_id(header_psnp->source_id, NODE_ID_LEN)));
2276 	    break;
2277 
2278 	}
2279 	ND_PRINT((ndo, ", length %u", length));
2280 
2281         return(1);
2282     }
2283 
2284     /* ok they seem to want to know everything - lets fully decode it */
2285     ND_PRINT((ndo, "%slength %u", ndo->ndo_eflag ? "" : ", ", length));
2286 
2287     ND_PRINT((ndo, "\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)",
2288            tok2str(isis_pdu_values,
2289                    "unknown, type %u",
2290                    pdu_type),
2291            isis_header->fixed_len,
2292            isis_header->version,
2293            isis_header->pdu_version,
2294 	   id_length,
2295 	   isis_header->id_length,
2296            max_area,
2297            isis_header->max_area));
2298 
2299     if (ndo->ndo_vflag > 1) {
2300         if (!print_unknown_data(ndo, optr, "\n\t", 8)) /* provide the _o_riginal pointer */
2301             return(0);                         /* for optionally debugging the common header */
2302     }
2303 
2304     switch (pdu_type) {
2305 
2306     case ISIS_PDU_L1_LAN_IIH:
2307     case ISIS_PDU_L2_LAN_IIH:
2308 	if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE)) {
2309 	    ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
2310 		   isis_header->fixed_len, (unsigned long)ISIS_IIH_LAN_HEADER_SIZE));
2311 	    return (0);
2312 	}
2313 
2314 	ND_TCHECK(*header_iih_lan);
2315 	pdu_len=EXTRACT_16BITS(header_iih_lan->pdu_len);
2316 	if (packet_len>pdu_len) {
2317             packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
2318             length=pdu_len;
2319 	}
2320 
2321 	ND_PRINT((ndo, "\n\t  source-id: %s,  holding time: %us, Flags: [%s]",
2322                isis_print_id(header_iih_lan->source_id,SYSTEM_ID_LEN),
2323                EXTRACT_16BITS(header_iih_lan->holding_time),
2324                tok2str(isis_iih_circuit_type_values,
2325                        "unknown circuit type 0x%02x",
2326                        header_iih_lan->circuit_type)));
2327 
2328 	ND_PRINT((ndo, "\n\t  lan-id:    %s, Priority: %u, PDU length: %u",
2329                isis_print_id(header_iih_lan->lan_id, NODE_ID_LEN),
2330                (header_iih_lan->priority) & ISIS_LAN_PRIORITY_MASK,
2331                pdu_len));
2332 
2333 	if (ndo->ndo_vflag > 1) {
2334 		if (!print_unknown_data(ndo, pptr, "\n\t  ", ISIS_IIH_LAN_HEADER_SIZE))
2335 			return(0);
2336 	}
2337 
2338 	packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE);
2339 	pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_LAN_HEADER_SIZE);
2340 	break;
2341 
2342     case ISIS_PDU_PTP_IIH:
2343 	if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE)) {
2344 	    ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
2345 		   isis_header->fixed_len, (unsigned long)ISIS_IIH_PTP_HEADER_SIZE));
2346 	    return (0);
2347 	}
2348 
2349 	ND_TCHECK(*header_iih_ptp);
2350 	pdu_len=EXTRACT_16BITS(header_iih_ptp->pdu_len);
2351 	if (packet_len>pdu_len) {
2352             packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
2353             length=pdu_len;
2354 	}
2355 
2356 	ND_PRINT((ndo, "\n\t  source-id: %s, holding time: %us, Flags: [%s]",
2357                isis_print_id(header_iih_ptp->source_id,SYSTEM_ID_LEN),
2358                EXTRACT_16BITS(header_iih_ptp->holding_time),
2359                tok2str(isis_iih_circuit_type_values,
2360                        "unknown circuit type 0x%02x",
2361                        header_iih_ptp->circuit_type)));
2362 
2363 	ND_PRINT((ndo, "\n\t  circuit-id: 0x%02x, PDU length: %u",
2364                header_iih_ptp->circuit_id,
2365                pdu_len));
2366 
2367 	if (ndo->ndo_vflag > 1) {
2368 		if (!print_unknown_data(ndo, pptr, "\n\t  ", ISIS_IIH_PTP_HEADER_SIZE))
2369 			return(0);
2370 	}
2371 
2372 	packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE);
2373 	pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_IIH_PTP_HEADER_SIZE);
2374 	break;
2375 
2376     case ISIS_PDU_L1_LSP:
2377     case ISIS_PDU_L2_LSP:
2378 	if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE)) {
2379 	    ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
2380 		   isis_header->fixed_len, (unsigned long)ISIS_LSP_HEADER_SIZE));
2381 	    return (0);
2382 	}
2383 
2384 	ND_TCHECK(*header_lsp);
2385 	pdu_len=EXTRACT_16BITS(header_lsp->pdu_len);
2386 	if (packet_len>pdu_len) {
2387             packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
2388             length=pdu_len;
2389 	}
2390 
2391 	ND_PRINT((ndo, "\n\t  lsp-id: %s, seq: 0x%08x, lifetime: %5us\n\t  chksum: 0x%04x",
2392                isis_print_id(header_lsp->lsp_id, LSP_ID_LEN),
2393                EXTRACT_32BITS(header_lsp->sequence_number),
2394                EXTRACT_16BITS(header_lsp->remaining_lifetime),
2395                EXTRACT_16BITS(header_lsp->checksum)));
2396 
2397         if (osi_print_cksum(ndo, (const uint8_t *)header_lsp->lsp_id,
2398                             EXTRACT_16BITS(header_lsp->checksum),
2399                             12, length-12) == 0)
2400                                 goto trunc;
2401 
2402 	ND_PRINT((ndo, ", PDU length: %u, Flags: [ %s",
2403                pdu_len,
2404                ISIS_MASK_LSP_OL_BIT(header_lsp->typeblock) ? "Overload bit set, " : ""));
2405 
2406 	if (ISIS_MASK_LSP_ATT_BITS(header_lsp->typeblock)) {
2407 	    ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DEFAULT_BIT(header_lsp->typeblock) ? "default " : ""));
2408 	    ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_DELAY_BIT(header_lsp->typeblock) ? "delay " : ""));
2409 	    ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_EXPENSE_BIT(header_lsp->typeblock) ? "expense " : ""));
2410 	    ND_PRINT((ndo, "%s", ISIS_MASK_LSP_ATT_ERROR_BIT(header_lsp->typeblock) ? "error " : ""));
2411 	    ND_PRINT((ndo, "ATT bit set, "));
2412 	}
2413 	ND_PRINT((ndo, "%s", ISIS_MASK_LSP_PARTITION_BIT(header_lsp->typeblock) ? "P bit set, " : ""));
2414 	ND_PRINT((ndo, "%s ]", tok2str(isis_lsp_istype_values, "Unknown(0x%x)",
2415 	          ISIS_MASK_LSP_ISTYPE_BITS(header_lsp->typeblock))));
2416 
2417 	if (ndo->ndo_vflag > 1) {
2418 		if (!print_unknown_data(ndo, pptr, "\n\t  ", ISIS_LSP_HEADER_SIZE))
2419 			return(0);
2420 	}
2421 
2422 	packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE);
2423 	pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_LSP_HEADER_SIZE);
2424 	break;
2425 
2426     case ISIS_PDU_L1_CSNP:
2427     case ISIS_PDU_L2_CSNP:
2428 	if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE)) {
2429 	    ND_PRINT((ndo, ", bogus fixed header length %u should be %lu",
2430 		   isis_header->fixed_len, (unsigned long)ISIS_CSNP_HEADER_SIZE));
2431 	    return (0);
2432 	}
2433 
2434 	ND_TCHECK(*header_csnp);
2435 	pdu_len=EXTRACT_16BITS(header_csnp->pdu_len);
2436 	if (packet_len>pdu_len) {
2437             packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
2438             length=pdu_len;
2439 	}
2440 
2441 	ND_PRINT((ndo, "\n\t  source-id:    %s, PDU length: %u",
2442                isis_print_id(header_csnp->source_id, NODE_ID_LEN),
2443                pdu_len));
2444 	ND_PRINT((ndo, "\n\t  start lsp-id: %s",
2445                isis_print_id(header_csnp->start_lsp_id, LSP_ID_LEN)));
2446 	ND_PRINT((ndo, "\n\t  end lsp-id:   %s",
2447                isis_print_id(header_csnp->end_lsp_id, LSP_ID_LEN)));
2448 
2449 	if (ndo->ndo_vflag > 1) {
2450 		if (!print_unknown_data(ndo, pptr, "\n\t  ", ISIS_CSNP_HEADER_SIZE))
2451 			return(0);
2452 	}
2453 
2454 	packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE);
2455 	pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_CSNP_HEADER_SIZE);
2456         break;
2457 
2458     case ISIS_PDU_L1_PSNP:
2459     case ISIS_PDU_L2_PSNP:
2460 	if (isis_header->fixed_len != (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE)) {
2461 	    ND_PRINT((ndo, "- bogus fixed header length %u should be %lu",
2462 		   isis_header->fixed_len, (unsigned long)ISIS_PSNP_HEADER_SIZE));
2463 	    return (0);
2464 	}
2465 
2466 	ND_TCHECK(*header_psnp);
2467 	pdu_len=EXTRACT_16BITS(header_psnp->pdu_len);
2468 	if (packet_len>pdu_len) {
2469             packet_len=pdu_len; /* do TLV decoding as long as it makes sense */
2470             length=pdu_len;
2471 	}
2472 
2473 	ND_PRINT((ndo, "\n\t  source-id:    %s, PDU length: %u",
2474                isis_print_id(header_psnp->source_id, NODE_ID_LEN),
2475                pdu_len));
2476 
2477 	if (ndo->ndo_vflag > 1) {
2478 		if (!print_unknown_data(ndo, pptr, "\n\t  ", ISIS_PSNP_HEADER_SIZE))
2479 			return(0);
2480 	}
2481 
2482 	packet_len -= (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE);
2483 	pptr = p + (ISIS_COMMON_HEADER_SIZE+ISIS_PSNP_HEADER_SIZE);
2484 	break;
2485 
2486     default:
2487 	(void)print_unknown_data(ndo, pptr, "\n\t  ", length);
2488 	return (0);
2489     }
2490 
2491     /*
2492      * Now print the TLV's.
2493      */
2494 
2495     while (packet_len >= 2) {
2496         if (pptr == ndo->ndo_snapend) {
2497             return (1);
2498         }
2499 
2500 	ND_TCHECK2(*pptr, 2);
2501 	tlv_type = *pptr++;
2502 	tlv_len = *pptr++;
2503         tmp =tlv_len; /* copy temporary len & pointer to packet data */
2504         tptr = pptr;
2505 	packet_len -= 2;
2506 	if (tlv_len > packet_len) {
2507 	    break;
2508 	}
2509 
2510         /* first lets see if we know the TLVs name*/
2511 	ND_PRINT((ndo, "\n\t    %s TLV #%u, length: %u",
2512                tok2str(isis_tlv_values,
2513                        "unknown",
2514                        tlv_type),
2515                tlv_type,
2516                tlv_len));
2517 
2518         if (tlv_len == 0) /* something is invalid */
2519 	    continue;
2520 
2521         /* now check if we have a decoder otherwise do a hexdump at the end*/
2522 	switch (tlv_type) {
2523 	case ISIS_TLV_AREA_ADDR:
2524 	    ND_TCHECK2(*tptr, 1);
2525 	    alen = *tptr++;
2526 	    while (tmp && alen < tmp) {
2527 		ND_PRINT((ndo, "\n\t      Area address (length: %u): %s",
2528                        alen,
2529                        isonsap_string(ndo, tptr, alen)));
2530 		tptr += alen;
2531 		tmp -= alen + 1;
2532 		if (tmp==0) /* if this is the last area address do not attemt a boundary check */
2533                     break;
2534 		ND_TCHECK2(*tptr, 1);
2535 		alen = *tptr++;
2536 	    }
2537 	    break;
2538 	case ISIS_TLV_ISNEIGH:
2539 	    while (tmp >= ETHER_ADDR_LEN) {
2540                 ND_TCHECK2(*tptr, ETHER_ADDR_LEN);
2541                 ND_PRINT((ndo, "\n\t      SNPA: %s", isis_print_id(tptr, ETHER_ADDR_LEN)));
2542                 tmp -= ETHER_ADDR_LEN;
2543                 tptr += ETHER_ADDR_LEN;
2544 	    }
2545 	    break;
2546 
2547         case ISIS_TLV_ISNEIGH_VARLEN:
2548             if (!ND_TTEST2(*tptr, 1) || tmp < 3) /* min. TLV length */
2549 		goto trunctlv;
2550 	    lan_alen = *tptr++; /* LAN address length */
2551 	    if (lan_alen == 0) {
2552                 ND_PRINT((ndo, "\n\t      LAN address length 0 bytes (invalid)"));
2553                 break;
2554             }
2555             tmp --;
2556             ND_PRINT((ndo, "\n\t      LAN address length %u bytes ", lan_alen));
2557 	    while (tmp >= lan_alen) {
2558                 ND_TCHECK2(*tptr, lan_alen);
2559                 ND_PRINT((ndo, "\n\t\tIS Neighbor: %s", isis_print_id(tptr, lan_alen)));
2560                 tmp -= lan_alen;
2561                 tptr +=lan_alen;
2562             }
2563             break;
2564 
2565 	case ISIS_TLV_PADDING:
2566 	    break;
2567 
2568         case ISIS_TLV_MT_IS_REACH:
2569             mt_len = isis_print_mtid(ndo, tptr, "\n\t      ");
2570             if (mt_len == 0) /* did something go wrong ? */
2571                 goto trunctlv;
2572             tptr+=mt_len;
2573             tmp-=mt_len;
2574             while (tmp >= 2+NODE_ID_LEN+3+1) {
2575                 ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t      ", tlv_type);
2576                 if (ext_is_len == 0) /* did something go wrong ? */
2577                     goto trunctlv;
2578 
2579                 tmp-=ext_is_len;
2580                 tptr+=ext_is_len;
2581             }
2582             break;
2583 
2584         case ISIS_TLV_IS_ALIAS_ID:
2585 	    while (tmp >= NODE_ID_LEN+1) { /* is it worth attempting a decode ? */
2586 	        ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t      ", tlv_type);
2587 		if (ext_is_len == 0) /* did something go wrong ? */
2588 	            goto trunctlv;
2589 		tmp-=ext_is_len;
2590 		tptr+=ext_is_len;
2591 	    }
2592 	    break;
2593 
2594         case ISIS_TLV_EXT_IS_REACH:
2595             while (tmp >= NODE_ID_LEN+3+1) { /* is it worth attempting a decode ? */
2596                 ext_is_len = isis_print_ext_is_reach(ndo, tptr, "\n\t      ", tlv_type);
2597                 if (ext_is_len == 0) /* did something go wrong ? */
2598                     goto trunctlv;
2599                 tmp-=ext_is_len;
2600                 tptr+=ext_is_len;
2601             }
2602             break;
2603         case ISIS_TLV_IS_REACH:
2604 	    ND_TCHECK2(*tptr,1);  /* check if there is one byte left to read out the virtual flag */
2605             ND_PRINT((ndo, "\n\t      %s",
2606                    tok2str(isis_is_reach_virtual_values,
2607                            "bogus virtual flag 0x%02x",
2608                            *tptr++)));
2609 	    tlv_is_reach = (const struct isis_tlv_is_reach *)tptr;
2610             while (tmp >= sizeof(struct isis_tlv_is_reach)) {
2611 		ND_TCHECK(*tlv_is_reach);
2612 		ND_PRINT((ndo, "\n\t      IS Neighbor: %s",
2613 		       isis_print_id(tlv_is_reach->neighbor_nodeid, NODE_ID_LEN)));
2614 		isis_print_metric_block(ndo, &tlv_is_reach->isis_metric_block);
2615 		tmp -= sizeof(struct isis_tlv_is_reach);
2616 		tlv_is_reach++;
2617 	    }
2618             break;
2619 
2620         case ISIS_TLV_ESNEIGH:
2621 	    tlv_es_reach = (const struct isis_tlv_es_reach *)tptr;
2622             while (tmp >= sizeof(struct isis_tlv_es_reach)) {
2623 		ND_TCHECK(*tlv_es_reach);
2624 		ND_PRINT((ndo, "\n\t      ES Neighbor: %s",
2625                        isis_print_id(tlv_es_reach->neighbor_sysid, SYSTEM_ID_LEN)));
2626 		isis_print_metric_block(ndo, &tlv_es_reach->isis_metric_block);
2627 		tmp -= sizeof(struct isis_tlv_es_reach);
2628 		tlv_es_reach++;
2629 	    }
2630             break;
2631 
2632             /* those two TLVs share the same format */
2633 	case ISIS_TLV_INT_IP_REACH:
2634 	case ISIS_TLV_EXT_IP_REACH:
2635 		if (!isis_print_tlv_ip_reach(ndo, pptr, "\n\t      ", tlv_len))
2636 			return (1);
2637 		break;
2638 
2639 	case ISIS_TLV_EXTD_IP_REACH:
2640 	    while (tmp>0) {
2641                 ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t      ", AF_INET);
2642                 if (ext_ip_len == 0) /* did something go wrong ? */
2643                     goto trunctlv;
2644                 tptr+=ext_ip_len;
2645 		tmp-=ext_ip_len;
2646 	    }
2647 	    break;
2648 
2649         case ISIS_TLV_MT_IP_REACH:
2650             mt_len = isis_print_mtid(ndo, tptr, "\n\t      ");
2651             if (mt_len == 0) { /* did something go wrong ? */
2652                 goto trunctlv;
2653             }
2654             tptr+=mt_len;
2655             tmp-=mt_len;
2656 
2657             while (tmp>0) {
2658                 ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t      ", AF_INET);
2659                 if (ext_ip_len == 0) /* did something go wrong ? */
2660                     goto trunctlv;
2661                 tptr+=ext_ip_len;
2662 		tmp-=ext_ip_len;
2663 	    }
2664 	    break;
2665 
2666 	case ISIS_TLV_IP6_REACH:
2667 	    while (tmp>0) {
2668                 ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t      ", AF_INET6);
2669                 if (ext_ip_len == 0) /* did something go wrong ? */
2670                     goto trunctlv;
2671                 tptr+=ext_ip_len;
2672 		tmp-=ext_ip_len;
2673 	    }
2674 	    break;
2675 
2676 	case ISIS_TLV_MT_IP6_REACH:
2677             mt_len = isis_print_mtid(ndo, tptr, "\n\t      ");
2678             if (mt_len == 0) { /* did something go wrong ? */
2679                 goto trunctlv;
2680             }
2681             tptr+=mt_len;
2682             tmp-=mt_len;
2683 
2684 	    while (tmp>0) {
2685                 ext_ip_len = isis_print_extd_ip_reach(ndo, tptr, "\n\t      ", AF_INET6);
2686                 if (ext_ip_len == 0) /* did something go wrong ? */
2687                     goto trunctlv;
2688                 tptr+=ext_ip_len;
2689 		tmp-=ext_ip_len;
2690 	    }
2691 	    break;
2692 
2693 	case ISIS_TLV_IP6ADDR:
2694 	    while (tmp>=sizeof(struct in6_addr)) {
2695 		ND_TCHECK2(*tptr, sizeof(struct in6_addr));
2696 
2697                 ND_PRINT((ndo, "\n\t      IPv6 interface address: %s",
2698 		       ip6addr_string(ndo, tptr)));
2699 
2700 		tptr += sizeof(struct in6_addr);
2701 		tmp -= sizeof(struct in6_addr);
2702 	    }
2703 	    break;
2704 	case ISIS_TLV_AUTH:
2705 	    ND_TCHECK2(*tptr, 1);
2706 
2707             ND_PRINT((ndo, "\n\t      %s: ",
2708                    tok2str(isis_subtlv_auth_values,
2709                            "unknown Authentication type 0x%02x",
2710                            *tptr)));
2711 
2712 	    switch (*tptr) {
2713 	    case ISIS_SUBTLV_AUTH_SIMPLE:
2714 		if (fn_printzp(ndo, tptr + 1, tlv_len - 1, ndo->ndo_snapend))
2715 		    goto trunctlv;
2716 		break;
2717 	    case ISIS_SUBTLV_AUTH_MD5:
2718 		for(i=1;i<tlv_len;i++) {
2719 		    ND_TCHECK2(*(tptr + i), 1);
2720 		    ND_PRINT((ndo, "%02x", *(tptr + i)));
2721 		}
2722 		if (tlv_len != ISIS_SUBTLV_AUTH_MD5_LEN+1)
2723                     ND_PRINT((ndo, ", (invalid subTLV) "));
2724 
2725                 sigcheck = signature_verify(ndo, optr, length, tptr + 1,
2726                                             isis_clear_checksum_lifetime,
2727                                             header_lsp);
2728                 ND_PRINT((ndo, " (%s)", tok2str(signature_check_values, "Unknown", sigcheck)));
2729 
2730 		break;
2731             case ISIS_SUBTLV_AUTH_GENERIC:
2732 		ND_TCHECK2(*(tptr + 1), 2);
2733                 key_id = EXTRACT_16BITS((tptr+1));
2734                 ND_PRINT((ndo, "%u, password: ", key_id));
2735                 for(i=1 + sizeof(uint16_t);i<tlv_len;i++) {
2736                     ND_TCHECK2(*(tptr + i), 1);
2737                     ND_PRINT((ndo, "%02x", *(tptr + i)));
2738                 }
2739                 break;
2740 	    case ISIS_SUBTLV_AUTH_PRIVATE:
2741 	    default:
2742 		if (!print_unknown_data(ndo, tptr + 1, "\n\t\t  ", tlv_len - 1))
2743 		    return(0);
2744 		break;
2745 	    }
2746 	    break;
2747 
2748 	case ISIS_TLV_PTP_ADJ:
2749 	    tlv_ptp_adj = (const struct isis_tlv_ptp_adj *)tptr;
2750 	    if(tmp>=1) {
2751 		ND_TCHECK2(*tptr, 1);
2752 		ND_PRINT((ndo, "\n\t      Adjacency State: %s (%u)",
2753 		       tok2str(isis_ptp_adjancey_values, "unknown", *tptr),
2754                         *tptr));
2755 		tmp--;
2756 	    }
2757 	    if(tmp>sizeof(tlv_ptp_adj->extd_local_circuit_id)) {
2758 		ND_TCHECK(tlv_ptp_adj->extd_local_circuit_id);
2759 		ND_PRINT((ndo, "\n\t      Extended Local circuit-ID: 0x%08x",
2760 		       EXTRACT_32BITS(tlv_ptp_adj->extd_local_circuit_id)));
2761 		tmp-=sizeof(tlv_ptp_adj->extd_local_circuit_id);
2762 	    }
2763 	    if(tmp>=SYSTEM_ID_LEN) {
2764 		ND_TCHECK2(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN);
2765 		ND_PRINT((ndo, "\n\t      Neighbor System-ID: %s",
2766 		       isis_print_id(tlv_ptp_adj->neighbor_sysid, SYSTEM_ID_LEN)));
2767 		tmp-=SYSTEM_ID_LEN;
2768 	    }
2769 	    if(tmp>=sizeof(tlv_ptp_adj->neighbor_extd_local_circuit_id)) {
2770 		ND_TCHECK(tlv_ptp_adj->neighbor_extd_local_circuit_id);
2771 		ND_PRINT((ndo, "\n\t      Neighbor Extended Local circuit-ID: 0x%08x",
2772 		       EXTRACT_32BITS(tlv_ptp_adj->neighbor_extd_local_circuit_id)));
2773 	    }
2774 	    break;
2775 
2776 	case ISIS_TLV_PROTOCOLS:
2777 	    ND_PRINT((ndo, "\n\t      NLPID(s): "));
2778 	    while (tmp>0) {
2779 		ND_TCHECK2(*(tptr), 1);
2780 		ND_PRINT((ndo, "%s (0x%02x)",
2781                        tok2str(nlpid_values,
2782                                "unknown",
2783                                *tptr),
2784                        *tptr));
2785 		if (tmp>1) /* further NPLIDs ? - put comma */
2786 		    ND_PRINT((ndo, ", "));
2787                 tptr++;
2788                 tmp--;
2789 	    }
2790 	    break;
2791 
2792     case ISIS_TLV_MT_PORT_CAP:
2793     {
2794       ND_TCHECK2(*(tptr), 2);
2795 
2796       ND_PRINT((ndo, "\n\t       RES: %d, MTID(s): %d",
2797               (EXTRACT_16BITS (tptr) >> 12),
2798               (EXTRACT_16BITS (tptr) & 0x0fff)));
2799 
2800       tmp = tmp-2;
2801       tptr = tptr+2;
2802 
2803       if (tmp)
2804         isis_print_mt_port_cap_subtlv(ndo, tptr, tmp);
2805 
2806       break;
2807     }
2808 
2809     case ISIS_TLV_MT_CAPABILITY:
2810 
2811       ND_TCHECK2(*(tptr), 2);
2812 
2813       ND_PRINT((ndo, "\n\t      O: %d, RES: %d, MTID(s): %d",
2814                 (EXTRACT_16BITS(tptr) >> 15) & 0x01,
2815                 (EXTRACT_16BITS(tptr) >> 12) & 0x07,
2816                 EXTRACT_16BITS(tptr) & 0x0fff));
2817 
2818       tmp = tmp-2;
2819       tptr = tptr+2;
2820 
2821       if (tmp)
2822         isis_print_mt_capability_subtlv(ndo, tptr, tmp);
2823 
2824       break;
2825 
2826 	case ISIS_TLV_TE_ROUTER_ID:
2827 	    ND_TCHECK2(*pptr, sizeof(struct in_addr));
2828 	    ND_PRINT((ndo, "\n\t      Traffic Engineering Router ID: %s", ipaddr_string(ndo, pptr)));
2829 	    break;
2830 
2831 	case ISIS_TLV_IPADDR:
2832 	    while (tmp>=sizeof(struct in_addr)) {
2833 		ND_TCHECK2(*tptr, sizeof(struct in_addr));
2834 		ND_PRINT((ndo, "\n\t      IPv4 interface address: %s", ipaddr_string(ndo, tptr)));
2835 		tptr += sizeof(struct in_addr);
2836 		tmp -= sizeof(struct in_addr);
2837 	    }
2838 	    break;
2839 
2840 	case ISIS_TLV_HOSTNAME:
2841 	    ND_PRINT((ndo, "\n\t      Hostname: "));
2842 	    if (fn_printzp(ndo, tptr, tmp, ndo->ndo_snapend))
2843 		goto trunctlv;
2844 	    break;
2845 
2846 	case ISIS_TLV_SHARED_RISK_GROUP:
2847 	    if (tmp < NODE_ID_LEN)
2848 	        break;
2849 	    ND_TCHECK2(*tptr, NODE_ID_LEN);
2850 	    ND_PRINT((ndo, "\n\t      IS Neighbor: %s", isis_print_id(tptr, NODE_ID_LEN)));
2851 	    tptr+=(NODE_ID_LEN);
2852 	    tmp-=(NODE_ID_LEN);
2853 
2854 	    if (tmp < 1)
2855 	        break;
2856 	    ND_TCHECK2(*tptr, 1);
2857 	    ND_PRINT((ndo, ", Flags: [%s]", ISIS_MASK_TLV_SHARED_RISK_GROUP(*tptr++) ? "numbered" : "unnumbered"));
2858 	    tmp--;
2859 
2860 	    if (tmp < sizeof(struct in_addr))
2861 	        break;
2862 	    ND_TCHECK2(*tptr, sizeof(struct in_addr));
2863 	    ND_PRINT((ndo, "\n\t      IPv4 interface address: %s", ipaddr_string(ndo, tptr)));
2864 	    tptr+=sizeof(struct in_addr);
2865 	    tmp-=sizeof(struct in_addr);
2866 
2867 	    if (tmp < sizeof(struct in_addr))
2868 	        break;
2869 	    ND_TCHECK2(*tptr, sizeof(struct in_addr));
2870 	    ND_PRINT((ndo, "\n\t      IPv4 neighbor address: %s", ipaddr_string(ndo, tptr)));
2871 	    tptr+=sizeof(struct in_addr);
2872 	    tmp-=sizeof(struct in_addr);
2873 
2874 	    while (tmp>=4) {
2875                 ND_TCHECK2(*tptr, 4);
2876                 ND_PRINT((ndo, "\n\t      Link-ID: 0x%08x", EXTRACT_32BITS(tptr)));
2877                 tptr+=4;
2878                 tmp-=4;
2879 	    }
2880 	    break;
2881 
2882 	case ISIS_TLV_LSP:
2883 	    tlv_lsp = (const struct isis_tlv_lsp *)tptr;
2884 	    while(tmp>=sizeof(struct isis_tlv_lsp)) {
2885 		ND_TCHECK((tlv_lsp->lsp_id)[LSP_ID_LEN-1]);
2886 		ND_PRINT((ndo, "\n\t      lsp-id: %s",
2887                        isis_print_id(tlv_lsp->lsp_id, LSP_ID_LEN)));
2888 		ND_TCHECK2(tlv_lsp->sequence_number, 4);
2889 		ND_PRINT((ndo, ", seq: 0x%08x", EXTRACT_32BITS(tlv_lsp->sequence_number)));
2890 		ND_TCHECK2(tlv_lsp->remaining_lifetime, 2);
2891 		ND_PRINT((ndo, ", lifetime: %5ds", EXTRACT_16BITS(tlv_lsp->remaining_lifetime)));
2892 		ND_TCHECK2(tlv_lsp->checksum, 2);
2893 		ND_PRINT((ndo, ", chksum: 0x%04x", EXTRACT_16BITS(tlv_lsp->checksum)));
2894 		tmp-=sizeof(struct isis_tlv_lsp);
2895 		tlv_lsp++;
2896 	    }
2897 	    break;
2898 
2899 	case ISIS_TLV_CHECKSUM:
2900 	    if (tmp < ISIS_TLV_CHECKSUM_MINLEN)
2901 	        break;
2902 	    ND_TCHECK2(*tptr, ISIS_TLV_CHECKSUM_MINLEN);
2903 	    ND_PRINT((ndo, "\n\t      checksum: 0x%04x ", EXTRACT_16BITS(tptr)));
2904             /* do not attempt to verify the checksum if it is zero
2905              * most likely a HMAC-MD5 TLV is also present and
2906              * to avoid conflicts the checksum TLV is zeroed.
2907              * see rfc3358 for details
2908              */
2909             if (osi_print_cksum(ndo, optr, EXTRACT_16BITS(tptr), tptr-optr,
2910                 length) == 0)
2911                     goto trunc;
2912 	    break;
2913 
2914 	case ISIS_TLV_POI:
2915 	    if (tlv_len >= SYSTEM_ID_LEN + 1) {
2916 		ND_TCHECK2(*tptr, SYSTEM_ID_LEN + 1);
2917 		ND_PRINT((ndo, "\n\t      Purge Originator System-ID: %s",
2918 		       isis_print_id(tptr + 1, SYSTEM_ID_LEN)));
2919 	    }
2920 
2921 	    if (tlv_len == 2 * SYSTEM_ID_LEN + 1) {
2922 		ND_TCHECK2(*tptr, 2 * SYSTEM_ID_LEN + 1);
2923 		ND_PRINT((ndo, "\n\t      Received from System-ID: %s",
2924 		       isis_print_id(tptr + SYSTEM_ID_LEN + 1, SYSTEM_ID_LEN)));
2925 	    }
2926 	    break;
2927 
2928 	case ISIS_TLV_MT_SUPPORTED:
2929             if (tmp < ISIS_TLV_MT_SUPPORTED_MINLEN)
2930                 break;
2931 	    while (tmp>1) {
2932 		/* length can only be a multiple of 2, otherwise there is
2933 		   something broken -> so decode down until length is 1 */
2934 		if (tmp!=1) {
2935                     mt_len = isis_print_mtid(ndo, tptr, "\n\t      ");
2936                     if (mt_len == 0) /* did something go wrong ? */
2937                         goto trunctlv;
2938                     tptr+=mt_len;
2939                     tmp-=mt_len;
2940 		} else {
2941 		    ND_PRINT((ndo, "\n\t      invalid MT-ID"));
2942 		    break;
2943 		}
2944 	    }
2945 	    break;
2946 
2947 	case ISIS_TLV_RESTART_SIGNALING:
2948             /* first attempt to decode the flags */
2949             if (tmp < ISIS_TLV_RESTART_SIGNALING_FLAGLEN)
2950                 break;
2951             ND_TCHECK2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN);
2952             ND_PRINT((ndo, "\n\t      Flags [%s]",
2953                    bittok2str(isis_restart_flag_values, "none", *tptr)));
2954             tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN;
2955             tmp-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN;
2956 
2957             /* is there anything other than the flags field? */
2958             if (tmp == 0)
2959                 break;
2960 
2961             if (tmp < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN)
2962                 break;
2963             ND_TCHECK2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN);
2964 
2965             ND_PRINT((ndo, ", Remaining holding time %us", EXTRACT_16BITS(tptr)));
2966             tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN;
2967             tmp-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN;
2968 
2969             /* is there an additional sysid field present ?*/
2970             if (tmp == SYSTEM_ID_LEN) {
2971                     ND_TCHECK2(*tptr, SYSTEM_ID_LEN);
2972                     ND_PRINT((ndo, ", for %s", isis_print_id(tptr,SYSTEM_ID_LEN)));
2973             }
2974 	    break;
2975 
2976         case ISIS_TLV_IDRP_INFO:
2977 	    if (tmp < ISIS_TLV_IDRP_INFO_MINLEN)
2978 	        break;
2979             ND_TCHECK2(*tptr, ISIS_TLV_IDRP_INFO_MINLEN);
2980             ND_PRINT((ndo, "\n\t      Inter-Domain Information Type: %s",
2981                    tok2str(isis_subtlv_idrp_values,
2982                            "Unknown (0x%02x)",
2983                            *tptr)));
2984             switch (*tptr++) {
2985             case ISIS_SUBTLV_IDRP_ASN:
2986                 ND_TCHECK2(*tptr, 2); /* fetch AS number */
2987                 ND_PRINT((ndo, "AS Number: %u", EXTRACT_16BITS(tptr)));
2988                 break;
2989             case ISIS_SUBTLV_IDRP_LOCAL:
2990             case ISIS_SUBTLV_IDRP_RES:
2991             default:
2992                 if (!print_unknown_data(ndo, tptr, "\n\t      ", tlv_len - 1))
2993                     return(0);
2994                 break;
2995             }
2996             break;
2997 
2998         case ISIS_TLV_LSP_BUFFERSIZE:
2999 	    if (tmp < ISIS_TLV_LSP_BUFFERSIZE_MINLEN)
3000 	        break;
3001             ND_TCHECK2(*tptr, ISIS_TLV_LSP_BUFFERSIZE_MINLEN);
3002             ND_PRINT((ndo, "\n\t      LSP Buffersize: %u", EXTRACT_16BITS(tptr)));
3003             break;
3004 
3005         case ISIS_TLV_PART_DIS:
3006             while (tmp >= SYSTEM_ID_LEN) {
3007                 ND_TCHECK2(*tptr, SYSTEM_ID_LEN);
3008                 ND_PRINT((ndo, "\n\t      %s", isis_print_id(tptr, SYSTEM_ID_LEN)));
3009                 tptr+=SYSTEM_ID_LEN;
3010                 tmp-=SYSTEM_ID_LEN;
3011             }
3012             break;
3013 
3014         case ISIS_TLV_PREFIX_NEIGH:
3015 	    if (tmp < sizeof(struct isis_metric_block))
3016 	        break;
3017             ND_TCHECK2(*tptr, sizeof(struct isis_metric_block));
3018             ND_PRINT((ndo, "\n\t      Metric Block"));
3019             isis_print_metric_block(ndo, (const struct isis_metric_block *)tptr);
3020             tptr+=sizeof(struct isis_metric_block);
3021             tmp-=sizeof(struct isis_metric_block);
3022 
3023             while(tmp>0) {
3024                 ND_TCHECK2(*tptr, 1);
3025                 prefix_len=*tptr++; /* read out prefix length in semioctets*/
3026                 if (prefix_len < 2) {
3027                     ND_PRINT((ndo, "\n\t\tAddress: prefix length %u < 2", prefix_len));
3028                     break;
3029                 }
3030                 tmp--;
3031                 if (tmp < prefix_len/2)
3032                     break;
3033                 ND_TCHECK2(*tptr, prefix_len / 2);
3034                 ND_PRINT((ndo, "\n\t\tAddress: %s/%u",
3035                        isonsap_string(ndo, tptr, prefix_len / 2), prefix_len * 4));
3036                 tptr+=prefix_len/2;
3037                 tmp-=prefix_len/2;
3038             }
3039             break;
3040 
3041         case ISIS_TLV_IIH_SEQNR:
3042 	    if (tmp < ISIS_TLV_IIH_SEQNR_MINLEN)
3043 	        break;
3044             ND_TCHECK2(*tptr, ISIS_TLV_IIH_SEQNR_MINLEN); /* check if four bytes are on the wire */
3045             ND_PRINT((ndo, "\n\t      Sequence number: %u", EXTRACT_32BITS(tptr)));
3046             break;
3047 
3048         case ISIS_TLV_VENDOR_PRIVATE:
3049 	    if (tmp < ISIS_TLV_VENDOR_PRIVATE_MINLEN)
3050 	        break;
3051             ND_TCHECK2(*tptr, ISIS_TLV_VENDOR_PRIVATE_MINLEN); /* check if enough byte for a full oui */
3052             vendor_id = EXTRACT_24BITS(tptr);
3053             ND_PRINT((ndo, "\n\t      Vendor: %s (%u)",
3054                    tok2str(oui_values, "Unknown", vendor_id),
3055                    vendor_id));
3056             tptr+=3;
3057             tmp-=3;
3058             if (tmp > 0) /* hexdump the rest */
3059                 if (!print_unknown_data(ndo, tptr, "\n\t\t", tmp))
3060                     return(0);
3061             break;
3062             /*
3063              * FIXME those are the defined TLVs that lack a decoder
3064              * you are welcome to contribute code ;-)
3065              */
3066 
3067         case ISIS_TLV_DECNET_PHASE4:
3068         case ISIS_TLV_LUCENT_PRIVATE:
3069         case ISIS_TLV_IPAUTH:
3070         case ISIS_TLV_NORTEL_PRIVATE1:
3071         case ISIS_TLV_NORTEL_PRIVATE2:
3072 
3073 	default:
3074 		if (ndo->ndo_vflag <= 1) {
3075 			if (!print_unknown_data(ndo, pptr, "\n\t\t", tlv_len))
3076 				return(0);
3077 		}
3078 		break;
3079 	}
3080         /* do we want to see an additionally hexdump ? */
3081 	if (ndo->ndo_vflag> 1) {
3082 		if (!print_unknown_data(ndo, pptr, "\n\t      ", tlv_len))
3083 			return(0);
3084 	}
3085 
3086 	pptr += tlv_len;
3087 	packet_len -= tlv_len;
3088     }
3089 
3090     if (packet_len != 0) {
3091 	ND_PRINT((ndo, "\n\t      %u straggler bytes", packet_len));
3092     }
3093     return (1);
3094 
3095  trunc:
3096     ND_PRINT((ndo, "%s", tstr));
3097     return (1);
3098 
3099  trunctlv:
3100     ND_PRINT((ndo, "\n\t\t"));
3101     ND_PRINT((ndo, "%s", tstr));
3102     return(1);
3103 }
3104 
3105 static int
3106 osi_print_cksum(netdissect_options *ndo, const uint8_t *pptr,
3107 	        uint16_t checksum, int checksum_offset, int length)
3108 {
3109         uint16_t calculated_checksum;
3110 
3111         /* do not attempt to verify the checksum if it is zero,
3112          * if the total length is nonsense,
3113          * if the offset is nonsense,
3114          * or the base pointer is not sane
3115          */
3116         if (!checksum
3117             || length < 0
3118             || checksum_offset < 0
3119             || length > ndo->ndo_snaplen
3120             || checksum_offset > ndo->ndo_snaplen
3121             || checksum_offset > length) {
3122                 ND_PRINT((ndo, " (unverified)"));
3123                 return 1;
3124         } else {
3125 #if 0
3126                 printf("\nosi_print_cksum: %p %u %u %u\n", pptr, checksum_offset, length, ndo->ndo_snaplen);
3127 #endif
3128                 ND_TCHECK2(*pptr, length);
3129                 calculated_checksum = create_osi_cksum(pptr, checksum_offset, length);
3130                 if (checksum == calculated_checksum) {
3131                         ND_PRINT((ndo, " (correct)"));
3132                 } else {
3133                         ND_PRINT((ndo, " (incorrect should be 0x%04x)", calculated_checksum));
3134                 }
3135                 return 1;
3136         }
3137 trunc:
3138         return 0;
3139 }
3140 
3141 /*
3142  * Local Variables:
3143  * c-style: whitesmith
3144  * c-basic-offset: 8
3145  * End:
3146  */
3147