diff options
author | rpaulo <rpaulo@FreeBSD.org> | 2010-10-28 19:06:17 +0000 |
---|---|---|
committer | rpaulo <rpaulo@FreeBSD.org> | 2010-10-28 19:06:17 +0000 |
commit | 1e8ad3bd802d66bed71b4c6405ff5d801a913e4a (patch) | |
tree | df5e0d876c3ec2ff0e3d9c6795cb5c1e20b7d5c4 /contrib/tcpdump/print-tcp.c | |
parent | 7ab661360c2131496bd3c111b5b3b2462fe3d2be (diff) | |
parent | 5f4de8e61a87fc21b6ffecf7ef9444827c09ee69 (diff) | |
download | FreeBSD-src-1e8ad3bd802d66bed71b4c6405ff5d801a913e4a.zip FreeBSD-src-1e8ad3bd802d66bed71b4c6405ff5d801a913e4a.tar.gz |
Merge tcpdump-4.1.1.
Diffstat (limited to 'contrib/tcpdump/print-tcp.c')
-rw-r--r-- | contrib/tcpdump/print-tcp.c | 69 |
1 files changed, 25 insertions, 44 deletions
diff --git a/contrib/tcpdump/print-tcp.c b/contrib/tcpdump/print-tcp.c index 4200c31..e2559ec 100644 --- a/contrib/tcpdump/print-tcp.c +++ b/contrib/tcpdump/print-tcp.c @@ -25,8 +25,8 @@ #ifndef lint static const char rcsid[] _U_ = -"@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.130.2.3 2007-12-22 03:08:45 guy Exp $ (LBL)"; - #else +"@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.135 2008-11-09 23:35:03 mcr Exp $ (LBL)"; +#else __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); #endif @@ -58,10 +58,7 @@ __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); #ifdef HAVE_LIBCRYPTO #include <openssl/md5.h> - -#define SIGNATURE_VALID 0 -#define SIGNATURE_INVALID 1 -#define CANT_CHECK_SIGNATURE 2 +#include <signature.h> static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, const u_char *data, int length, const u_char *rcvsig); @@ -159,37 +156,6 @@ static int tcp_cksum(register const struct ip *ip, sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]); } -#ifdef INET6 -static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp, - u_int len) -{ - size_t i; - u_int32_t sum = 0; - union { - struct { - struct in6_addr ph_src; - struct in6_addr ph_dst; - u_int32_t ph_len; - u_int8_t ph_zero[3]; - u_int8_t ph_nxt; - } ph; - u_int16_t pa[20]; - } phu; - - /* pseudo-header */ - memset(&phu, 0, sizeof(phu)); - phu.ph.ph_src = ip6->ip6_src; - phu.ph.ph_dst = ip6->ip6_dst; - phu.ph.ph_len = htonl(len); - phu.ph.ph_nxt = IPPROTO_TCP; - - for (i = 0; i < sizeof(phu.pa) / sizeof(phu.pa[0]); i++) - sum += phu.pa[i]; - - return in_cksum((u_short *)tp, len, sum); -} -#endif - void tcp_print(register const u_char *bp, register u_int length, register const u_char *bp2, int fragmented) @@ -201,6 +167,7 @@ tcp_print(register const u_char *bp, register u_int length, register char ch; u_int16_t sport, dport, win, urp; u_int32_t seq, ack, thseq, thack; + u_int utoval; int threv; #ifdef INET6 register const struct ip6_hdr *ip6; @@ -443,7 +410,7 @@ tcp_print(register const u_char *bp, register u_int length, if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !Kflag && !fragmented) { u_int16_t sum,tcp_sum; if (TTEST2(tp->th_sport, length)) { - sum = tcp6_cksum(ip6, tp, length); + sum = nextproto6_cksum(ip6, (u_short *)tp, length, IPPROTO_TCP); (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum)); if (sum != 0) { tcp_sum = EXTRACT_16BITS(&tp->th_sum); @@ -456,7 +423,7 @@ tcp_print(register const u_char *bp, register u_int length, #endif length -= hlen; - if (vflag > 1 || flags & (TH_SYN | TH_FIN | TH_RST)) { + if (vflag > 1 || length > 0 || flags & (TH_SYN | TH_FIN | TH_RST)) { (void)printf(", seq %u", seq); if (length > 0) { @@ -617,7 +584,8 @@ tcp_print(register const u_char *bp, register u_int length, case TCPOPT_UTO: datalen = 2; LENCHECK(datalen); - uint utoval = EXTRACT_16BITS(cp); + utoval = EXTRACT_16BITS(cp); + (void)printf("0x%x", utoval); if (utoval & 0x0001) utoval = (utoval >> 1) * 60; else @@ -762,10 +730,17 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, u_int8_t nxt; #endif + if (data + length > snapend) { + printf("snaplen too short, "); + return (CANT_CHECK_SIGNATURE); + } + tp1 = *tp; - if (tcpmd5secret == NULL) + if (sigsecret == NULL) { + printf("shared secret not supplied with -M, "); return (CANT_CHECK_SIGNATURE); + } MD5_Init(&ctx); /* @@ -784,7 +759,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, ip6 = (struct ip6_hdr *)ip; MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); - len32 = htonl(ntohs(ip6->ip6_plen)); + len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen)); MD5_Update(&ctx, (char *)&len32, sizeof(len32)); nxt = 0; MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); @@ -793,8 +768,14 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, nxt = IPPROTO_TCP; MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); #endif - } else + } else { +#ifdef INET6 + printf("IP version not 4 or 6, "); +#else + printf("IP version not 4, "); +#endif return (CANT_CHECK_SIGNATURE); + } /* * Step 2: Update MD5 hash with TCP header, excluding options. @@ -812,7 +793,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, /* * Step 4: Update MD5 hash with shared secret. */ - MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret)); + MD5_Update(&ctx, sigsecret, strlen(sigsecret)); MD5_Final(sig, &ctx); if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0) |