aboutsummaryrefslogtreecommitdiffstats
path: root/print-tcp.c
diff options
context:
space:
mode:
authorRui Paulo <rpaulo@FreeBSD.org>2010-10-28 16:23:25 +0000
committerRui Paulo <rpaulo@FreeBSD.org>2010-10-28 16:23:25 +0000
commit6d59e2f382406def185ce5261b8723a174cd28a3 (patch)
tree554972ce0ce297205c6d41cc6fc9a8a393910a6f /print-tcp.c
parent0ea0e7ad03dff03bb5448f640640d7904c01c8d4 (diff)
downloadsrc-6d59e2f382406def185ce5261b8723a174cd28a3.tar.gz
src-6d59e2f382406def185ce5261b8723a174cd28a3.zip
Update tcpdump to 4.1.1.vendor/tcpdump/4.1.1
Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
Notes
Notes: svn path=/vendor/tcpdump/dist/; revision=214456 svn path=/vendor/tcpdump/4.1.1/; revision=214468; tag=vendor/tcpdump/4.1.1
Diffstat (limited to 'print-tcp.c')
-rw-r--r--print-tcp.c79
1 files changed, 36 insertions, 43 deletions
diff --git a/print-tcp.c b/print-tcp.c
index 5b0a7969a583..e2559ecf64ca 100644
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -25,8 +25,8 @@
#ifndef lint
static const char rcsid[] _U_ =
-"@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.130.2.3 2007-12-22 03:08:45 guy Exp $ (LBL)";
- #else
+"@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.135 2008-11-09 23:35:03 mcr Exp $ (LBL)";
+#else
__RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $");
#endif
@@ -58,10 +58,7 @@ __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $");
#ifdef HAVE_LIBCRYPTO
#include <openssl/md5.h>
-
-#define SIGNATURE_VALID 0
-#define SIGNATURE_INVALID 1
-#define CANT_CHECK_SIGNATURE 2
+#include <signature.h>
static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
const u_char *data, int length, const u_char *rcvsig);
@@ -124,6 +121,7 @@ struct tok tcp_option_values[] = {
{ TCPOPT_CCECHO, "" },
{ TCPOPT_SIGNATURE, "md5" },
{ TCPOPT_AUTH, "enhanced auth" },
+ { TCPOPT_UTO, "uto" },
{ 0, NULL }
};
@@ -158,37 +156,6 @@ static int tcp_cksum(register const struct ip *ip,
sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]);
}
-#ifdef INET6
-static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
- u_int len)
-{
- size_t i;
- u_int32_t sum = 0;
- union {
- struct {
- struct in6_addr ph_src;
- struct in6_addr ph_dst;
- u_int32_t ph_len;
- u_int8_t ph_zero[3];
- u_int8_t ph_nxt;
- } ph;
- u_int16_t pa[20];
- } phu;
-
- /* pseudo-header */
- memset(&phu, 0, sizeof(phu));
- phu.ph.ph_src = ip6->ip6_src;
- phu.ph.ph_dst = ip6->ip6_dst;
- phu.ph.ph_len = htonl(len);
- phu.ph.ph_nxt = IPPROTO_TCP;
-
- for (i = 0; i < sizeof(phu.pa) / sizeof(phu.pa[0]); i++)
- sum += phu.pa[i];
-
- return in_cksum((u_short *)tp, len, sum);
-}
-#endif
-
void
tcp_print(register const u_char *bp, register u_int length,
register const u_char *bp2, int fragmented)
@@ -200,6 +167,7 @@ tcp_print(register const u_char *bp, register u_int length,
register char ch;
u_int16_t sport, dport, win, urp;
u_int32_t seq, ack, thseq, thack;
+ u_int utoval;
int threv;
#ifdef INET6
register const struct ip6_hdr *ip6;
@@ -442,7 +410,7 @@ tcp_print(register const u_char *bp, register u_int length,
if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !Kflag && !fragmented) {
u_int16_t sum,tcp_sum;
if (TTEST2(tp->th_sport, length)) {
- sum = tcp6_cksum(ip6, tp, length);
+ sum = nextproto6_cksum(ip6, (u_short *)tp, length, IPPROTO_TCP);
(void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum));
if (sum != 0) {
tcp_sum = EXTRACT_16BITS(&tp->th_sum);
@@ -455,7 +423,7 @@ tcp_print(register const u_char *bp, register u_int length,
#endif
length -= hlen;
- if (vflag > 1 || flags & (TH_SYN | TH_FIN | TH_RST)) {
+ if (vflag > 1 || length > 0 || flags & (TH_SYN | TH_FIN | TH_RST)) {
(void)printf(", seq %u", seq);
if (length > 0) {
@@ -613,6 +581,18 @@ tcp_print(register const u_char *bp, register u_int length,
*/
break;
+ case TCPOPT_UTO:
+ datalen = 2;
+ LENCHECK(datalen);
+ utoval = EXTRACT_16BITS(cp);
+ (void)printf("0x%x", utoval);
+ if (utoval & 0x0001)
+ utoval = (utoval >> 1) * 60;
+ else
+ utoval >>= 1;
+ (void)printf(" %u", utoval);
+ break;
+
default:
datalen = len - 2;
for (i = 0; i < datalen; ++i) {
@@ -750,10 +730,17 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
u_int8_t nxt;
#endif
+ if (data + length > snapend) {
+ printf("snaplen too short, ");
+ return (CANT_CHECK_SIGNATURE);
+ }
+
tp1 = *tp;
- if (tcpmd5secret == NULL)
+ if (sigsecret == NULL) {
+ printf("shared secret not supplied with -M, ");
return (CANT_CHECK_SIGNATURE);
+ }
MD5_Init(&ctx);
/*
@@ -772,7 +759,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
ip6 = (struct ip6_hdr *)ip;
MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst));
- len32 = htonl(ntohs(ip6->ip6_plen));
+ len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen));
MD5_Update(&ctx, (char *)&len32, sizeof(len32));
nxt = 0;
MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
@@ -781,8 +768,14 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
nxt = IPPROTO_TCP;
MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
#endif
- } else
+ } else {
+#ifdef INET6
+ printf("IP version not 4 or 6, ");
+#else
+ printf("IP version not 4, ");
+#endif
return (CANT_CHECK_SIGNATURE);
+ }
/*
* Step 2: Update MD5 hash with TCP header, excluding options.
@@ -800,7 +793,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
/*
* Step 4: Update MD5 hash with shared secret.
*/
- MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
+ MD5_Update(&ctx, sigsecret, strlen(sigsecret));
MD5_Final(sig, &ctx);
if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0)