tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [tcpdump] About struct in_addr / struct in6_addr

From: Guy Harris <gharris () sonic net>
Date: Mon, 20 Feb 2023 02:20:22 -0800
On Feb 20, 2023, at 12:17 AM, Denis Ovsienko <denis () ovsienko info> wrote:


AF_INET6 looks a bit more convoluted.  There is some code that uses
AF_INET6 to dissect wire encoding, which is usually a wrong idea.  For
example, pimv2_addr_print() switches on AF_INET and AF_INET6, and the
PIMv2 header encoding (RFC 4601 Section 4.9.1) clearly says the AF is
the IANA AF [1]:

1: IP
2: IP6


And RFC 7761:

        https://www.rfc-editor.org/rfc/rfc7761#section-4.9

says the same thing.


Which is different from most OS definitions of AF_INET and AF_INET6,
but this function has been implemented this way since 1999, and somehow
it seems to be able to decode a few PIMv2 packet captures I found on
the Internet.  So cases like this will require more attention and some
of the remaining AF_INET6 instances may become wire encoding constants
rather than the OS AF_INET6 constant.


That's handled by the code at the beginning of pimv2_addr_print():

        if (addr_len == 0) {
                if (len < 2)
                        goto trunc;
                switch (GET_U_1(bp)) {
                case 1:
                        af = AF_INET;
                        addr_len = (u_int)sizeof(nd_ipv4);
                        break;
                case 2:
                        af = AF_INET6;
                        addr_len = (u_int)sizeof(nd_ipv6);
                        break;
                default:
                        return -1;
                }
                if (GET_U_1(bp + 1) != 0)
                        return -1;
                hdrlen = 2;
        } else {
                switch (addr_len) {
                case sizeof(nd_ipv4):
                        af = AF_INET;
                        break;
                case sizeof(nd_ipv6):
                        af = AF_INET6;
                        break;
                default:
                        return -1;
                        break;
                }
                hdrlen = 0;
        }

so, after that code, af is either AF_INET for IPv4 addresses or AF_INET6 for IPv6 addresses, and af is what's tested 
against those two values.

So the code is correct, but could easily be misintrpreted.  Perhaps it'd be better if we used the values from af.h 
rather than using AF_INET and AF_INET6.  (And perhaps the values from af.h should be renamed AFNUM_IPv4 and AFNUM_IPv6, 
to make them look even less like socket API AF_ values.)
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
Previous By Date Next
Previous By Thread Next

Current thread: