frag6: Fix invalid 32-bit versus 64-bit printouts

Print "[length < 0] (invalid)" when fragment length is negative.

In this case, e.g. when IPv6 payload length is zero, the 32-bit and
64-bit printouts were different.

Example:
32-bit:
frag (0x80000074:1280|4294967288)
---
64-bit:
frag (0x80000074:1280|18446744073709551608)

Add a test file.

Author: fxlb

print-frag6.c

@@ -43,10 +43,14 @@ frag6_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2)
 	ND_PRINT("frag (");
 	if (ndo->ndo_vflag)
 		ND_PRINT("0x%08x:", GET_BE_U_4(dp->ip6f_ident));
-	ND_PRINT("%u|%zu)",
-		 GET_BE_U_2(dp->ip6f_offlg) & IP6F_OFF_MASK,
-		 sizeof(struct ip6_hdr) + GET_BE_U_2(ip6->ip6_plen) -
-			(bp - bp2) - sizeof(struct ip6_frag));
+	ND_PRINT("%u|", GET_BE_U_2(dp->ip6f_offlg) & IP6F_OFF_MASK);
+	if ((bp - bp2) + sizeof(struct ip6_frag) >
+	    sizeof(struct ip6_hdr) + GET_BE_U_2(ip6->ip6_plen))
+		ND_PRINT("[length < 0] (invalid))");
+	else
+		ND_PRINT("%zu)",
+			 sizeof(struct ip6_hdr) + GET_BE_U_2(ip6->ip6_plen) -
+			 (bp - bp2) - sizeof(struct ip6_frag));
 
 	/* it is meaningless to decode non-first fragment */
 	if ((GET_BE_U_2(dp->ip6f_offlg) & IP6F_OFF_MASK) != 0)

tests/TESTLIST

@@ -386,6 +386,7 @@ ipv6_invalid_length_2 ipv6_invalid_length_2.pcap ipv6_invalid_length_2.out -v
 ipv6_jumbogram_invalid_length ipv6_jumbogram_invalid_length.pcap ipv6_jumbogram_invalid_length.out -v
 ipv6_39_byte_header ipv6_39_byte_header.pcap ipv6_39_byte_header.out -v
 ipv6_missing_jumbo_payload_option ipv6_missing_jumbo_payload_option.pcap ipv6_missing_jumbo_payload_option.out
+ipv6_frag6_negative_len ipv6_frag6_negative_len.pcap ipv6_frag6_negative_len.out -v
 
 # Loopback/CTP test case
 loopback	loopback.pcap		loopback.out

tests/ipv6_frag6_negative_len.out

@@ -0,0 +1 @@
+    1  1975-11-02 10:29:20.131862 IP6 (class 0x50, flowlabel 0x00073, hlim 28, next-header Fragment (44) payload length: 0) 7fff:ffff:c3b2:a102:1305:80:38:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: frag (0x80000074:1280|[length < 0] (invalid))