AH: Update in accordance with RFC4302

Remove the obsolete RFC1826 AH header.
Use nd_print_protocol_caps().
Print the fields in header order.
Fix the length field and print the bytes count of header (verbose mode).
Print the Reserved field if non-zero.
Add/update some comments.
Fix spaces.
Update the outputs of two tests accordingly.

Author: fxlb

ah.h

@@ -31,27 +31,37 @@
  */
 
 /*
- * RFC1826/2402 authentication header.
+ * RFC4302 authentication header.
  */
 
 #ifndef ND_AH_H_
 #define ND_AH_H_
 
-struct ah {
-	nd_uint8_t	ah_nxt;		/* Next Header */
-	nd_uint8_t	ah_len;		/* Length of data, in 32bit */
-	nd_uint16_t	ah_reserve;	/* Reserved for future use */
-	nd_uint32_t	ah_spi;		/* Security parameter index */
-	/* variable size, 32bit bound*/	/* Authentication data */
-};
+/*
+ *     0                   1                   2                   3
+ *     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   | Next Header   |  Payload Len  |          RESERVED             |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                 Security Parameters Index (SPI)               |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                    Sequence Number Field                      |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                                                               |
+ *   +                Integrity Check Value-ICV (variable)           |
+ *   |                                                               |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *                          Figure 1.  AH Format
+ */
 
-struct newah {
+struct ah {
 	nd_uint8_t	ah_nxt;		/* Next Header */
-	nd_uint8_t	ah_len;		/* Length of data + 1, in 32bit */
-	nd_uint16_t	ah_reserve;	/* Reserved for future use */
-	nd_uint32_t	ah_spi;		/* Security parameter index */
-	nd_uint32_t	ah_seq;		/* Sequence number field */
-	/* variable size, 32bit bound*/	/* Authentication data */
+	nd_uint8_t	ah_len;		/* Payload Len in 32bit words minus 2 */
+	nd_uint16_t	ah_reserved;	/* Reserved for future use */
+	nd_uint32_t	ah_spi;		/* Security Parameters Index */
+	nd_uint32_t	ah_seq;		/* Sequence Number Field */
+	/* variable size, 32bit bound*/	/* Integrity Check Value-ICV */
 };
 
 #endif /* ND_AH_H_ */

print-ah.c

@@ -38,24 +38,39 @@ int
 ah_print(netdissect_options *ndo, const u_char *bp)
 {
 	const struct ah *ah;
-	u_int sumlen;
+	uint8_t ah_len;
+	u_int ah_hdr_len;
+	uint16_t reserved;
 
 	ndo->ndo_protocol = "ah";
 	ah = (const struct ah *)bp;
 
 	ND_TCHECK_SIZE(ah);
+	nd_print_protocol_caps(ndo);
+/*
+ * RFC4302
+ *
+ * 2.2.  Payload Length
+ *
+ *    This 8-bit field specifies the length of AH in 32-bit words (4-byte
+ *    units), minus "2".
+ */
+	ah_len = GET_U_1(ah->ah_len);
+	ah_hdr_len = (ah_len + 2) * 4;
 
-	sumlen = GET_U_1(ah->ah_len) << 2;
-
-	ND_PRINT("AH(spi=0x%08x", GET_BE_U_4(ah->ah_spi));
+	ND_PRINT("(");
 	if (ndo->ndo_vflag)
-		ND_PRINT(",sumlen=%u", sumlen);
-	ND_PRINT(",seq=0x%x", GET_BE_U_4(ah + 1));
-	ND_TCHECK_LEN(bp, sizeof(struct ah) + sumlen);
+		ND_PRINT("length=%u(%u-bytes),", ah_len, ah_hdr_len);
+	reserved = GET_BE_U_2(ah->ah_reserved);
+	if (reserved)
+		ND_PRINT("reserved=0x%x[MustBeZero],", reserved);
+	ND_PRINT("spi=0x%08x,", GET_BE_U_4(ah->ah_spi));
+	ND_PRINT("seq=0x%x", GET_BE_U_4(ah->ah_seq));
+	ND_TCHECK_LEN(bp, ah_hdr_len);
 	ND_PRINT("): ");
 
-	return sizeof(struct ah) + sumlen;
- trunc:
+	return ah_hdr_len;
+trunc:
 	nd_print_trunc(ndo);
 	return -1;
 }

tests/heapoverflow-ip_demux_print.out

@@ -3,4 +3,4 @@
 	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
 	0x0020:  3030                                     00
     2  05:27:12.808464432 IP (tos 0x30, ttl 48, id 12336, offset 0, flags [none], proto AH (51), length 12336, bad cksum 3030 (->697b)!)
-    48.48.48.48 > 48.48.48.48: AH(spi=0x30303030,sumlen=192,seq=0x30303030 [|ah]
+    48.48.48.48 > 48.48.48.48: AH(length=48(200-bytes),reserved=0x3030[MustBeZero],spi=0x30303030,seq=0x30303030 [|ah]