diff options
| author | David Gwynne <dlg@cvs.openbsd.org> | 2018-07-06 05:47:23 +0000 |
|---|---|---|
| committer | David Gwynne <dlg@cvs.openbsd.org> | 2018-07-06 05:47:23 +0000 |
| commit | e19c28f1db826244140d75296023d58b91bc4a02 (patch) | |
| tree | 531d9d5436cf3eeb883bbd1026e6ac0c9e589e93 /usr.sbin/tcpdump/print-ipsec.c | |
| parent | 04bd2f589b2208321a63a19a762c6067c4decca8 (diff) | |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between
the UDP header information and the payload parsing, but while doing
that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all
the other places that IP addresses were printed assumed IPv4. It
looks like it is possible that udp_print() can be called without
an IP header, which made these blind IPv4 prints turn into NULL
derefs.
This fixes the problem above by only having a single place that
prints the addresses out, and makes sure to get the difference
between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds
the UDP checksum by feeding the IPv4 and v6 addresses in separately,
then using common code for the rest of the pseudo header and actual
payload.
Lastly, this does make printing the space between the UDP header
and its payload consistent. The UDP code is now responsible for
adding a space after itself so the payload parsers don't have to.
They got it wrong in some cases anyway, so this should be a lot
more uniform.
help and ok sthen@
Diffstat (limited to 'usr.sbin/tcpdump/print-ipsec.c')
| -rw-r--r-- | usr.sbin/tcpdump/print-ipsec.c | 24 |
1 files changed, 3 insertions, 21 deletions
diff --git a/usr.sbin/tcpdump/print-ipsec.c b/usr.sbin/tcpdump/print-ipsec.c index 32b9d177393..733ecdb75cc 100644 --- a/usr.sbin/tcpdump/print-ipsec.c +++ b/usr.sbin/tcpdump/print-ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-ipsec.c,v 1.23 2015/11/16 00:16:39 mmcc Exp $ */ +/* $OpenBSD: print-ipsec.c,v 1.24 2018/07/06 05:47:22 dlg Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999 @@ -201,33 +201,15 @@ esp_decrypt (const u_char *bp, u_int len, const u_char *bp2) void esp_print (const u_char *bp, u_int len, const u_char *bp2) { - const struct ip *ip; const struct esp_hdr *esp; - u_int plen = len; -#ifdef INET6 - const struct ip6_hdr *ip6; -#endif - - ip = (const struct ip *)bp2; -#ifdef INET6 - if (ip->ip_v == 6) { - ip6 = (const struct ip6_hdr *)bp2; - printf("esp %s > %s", ip6addr_string(&ip6->ip6_src), - ip6addr_string(&ip6->ip6_dst)); - } else -#endif - { - printf("esp %s > %s", - ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); - } - if (plen < sizeof(struct esp_hdr)) { + if (len < sizeof(struct esp_hdr)) { printf("[|esp]"); return; } esp = (const struct esp_hdr *)bp; - printf(" spi 0x%08x seq %u len %d", + printf("esp spi 0x%08x seq %u len %d", ntohl(esp->esp_spi), ntohl(esp->esp_seq), len); if (espinit) |