IPv6 mobility: Print the message name before the check on it

fxlb · fxlb · commit d839e5d3b611 · 2025-07-16T07:54:57.000Z
Print a more precise error message about the message header length.

This is an invalid case, not a truncation case.

Before:
(header length 8 is too small for type 6) [|mobility]
After:
BA (header length 8 &lt; 12) (invalid)
diff --git a/print-mobility.c b/print-mobility.c
@@ -221,11 +221,11 @@ mobility_print(netdissect_options *ndo,
 	/* XXX ip6m_cksum */
 
 	type = GET_U_1(mh->ip6m_type);
+	ND_PRINT("%s", tok2str(ip6m_str, "type-#%u", type));
 	if (type <= IP6M_MAX && mhlen < ip6m_hdrlen[type]) {
-		ND_PRINT("(header length %u is too small for type %u)", mhlen, type);
-		goto trunc;
+		ND_PRINT(" (header length %u < %u)", mhlen, ip6m_hdrlen[type]);
+		goto invalid;
 	}
-	ND_PRINT("%s", tok2str(ip6m_str, "type-#%u", type));
 	switch (type) {
 	case IP6M_BINDING_REQUEST:
 		hlen = IP6M_MINLEN;
@@ -314,4 +314,8 @@ mobility_print(netdissect_options *ndo,
 trunc:
 	nd_print_trunc(ndo);
 	return(-1);
+
+invalid:
+	nd_print_invalid(ndo);
+	return(-1);
 }
diff --git a/tests/cve2015-0261-ipv6.out b/tests/cve2015-0261-ipv6.out
@@ -1,2 +1,2 @@
     1  2002-12-31 13:55:31.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:6767:6767:6767:6767:6767:6705: mobility: (payload protocol 255 should be 59) BU seq#=26471 HL lifetime=105884(type-0x67: len=103) [|mobility]
-    2  2003-03-06 15:21:11.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:4f67:6767:6767:6767:6767:6767: mobility: (payload protocol 0 should be 59) (header length 8 is too small for type 6) [|mobility]
+    2  2003-03-06 15:21:11.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:4f67:6767:6767:6767:6767:6767: mobility: (payload protocol 0 should be 59) BA (header length 8 < 12) (invalid)

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`1 2002-12-31 13:55:31.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:6767:6767:6767:6767:6767:6705: mobility: (payload protocol 255 should be 59) BU seq#=26471 HL lifetime=105884(type-0x67: len=103) [\|mobility]`
`2`		`- 2 2003-03-06 15:21:11.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:4f67:6767:6767:6767:6767:6767: mobility: (payload protocol 0 should be 59) (header length 8 is too small for type 6) [\|mobility]`
	`2`	`+ 2 2003-03-06 15:21:11.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:4f67:6767:6767:6767:6767:6767: mobility: (payload protocol 0 should be 59) BA (header length 8 < 12) (invalid)`