handle IPSec processed packets (DLT_ENC) in libpcap, display them with

tcpdump + additional info (SPI + which type of transforms where passed).

4 files changed, 106 insertions, 4 deletions

diff --git a/usr.sbin/tcpdump/Makefile b/usr.sbin/tcpdump/Makefile
index da4a1b10b27..648256b4e20 100644
--- a/usr.sbin/tcpdump/Makefile
+++ b/usr.sbin/tcpdump/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.11 1998/02/26 16:02:53 niklas Exp $
+#	$OpenBSD: Makefile,v 1.12 1998/06/11 00:01:22 provos Exp $
 #
 #  Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
 # 	The Regents of the University of California.  All rights reserved.
@@ -40,7 +40,7 @@ SRCS=	tcpdump.c addrtoname.c \
 	print-wb.c print-decnet.c print-isoclns.c print-ipx.c \
 	print-atm.c print-dvmrp.c print-krb.c print-pim.c print-netbios.c \
 	util.c bpf_dump.c parsenfsfh.c version.c machdep.c print-igrp.c \
-        print-gre.c print-radius.c
+        print-gre.c print-radius.c print-enc.c
 
 AWKS =	atime.awk packetdat.awk send-ack.awk stime.awk
 
diff --git a/usr.sbin/tcpdump/interface.h b/usr.sbin/tcpdump/interface.h
index 3143da01122..f4c3dfa1924 100644
--- a/usr.sbin/tcpdump/interface.h
+++ b/usr.sbin/tcpdump/interface.h
@@ -18,7 +18,7 @@
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * @(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/interface.h,v 1.7 1997/07/25 20:12:20 mickey Exp $ (LBL)
+ * @(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/interface.h,v 1.8 1998/06/11 00:01:23 provos Exp $ (LBL)
  */
 
 #ifndef tcpdump_interface_h
@@ -194,6 +194,7 @@ extern void null_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
 extern void ospf_print(const u_char *, u_int, const u_char *);
 extern void pim_print(const u_char *, u_int);
 extern void ppp_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
+extern void enc_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
 extern void rip_print(const u_char *, u_int);
 extern void sl_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
 extern void snmp_print(const u_char *, u_int);
diff --git a/usr.sbin/tcpdump/print-enc.c b/usr.sbin/tcpdump/print-enc.c
new file mode 100644
index 00000000000..4df56011a1d
--- /dev/null
+++ b/usr.sbin/tcpdump/print-enc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code distributions
+ * retain the above copyright notice and this paragraph in its entirety, (2)
+ * distributions including binary code include the above copyright notice and
+ * this paragraph in its entirety in the documentation or other materials
+ * provided with the distribution, and (3) all advertising materials mentioning
+ * features or use of this software display the following acknowledgement:
+ * ``This product includes software developed by the University of California,
+ * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+ * the University nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static const char rcsid[] =
+    "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-enc.c,v 1.1 1998/06/11 00:01:25 provos Exp $ (LBL)";
+#endif
+
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+
+#ifdef __STDC__
+struct rtentry;
+#endif
+#include <net/if.h>
+#include <net/if_enc.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <ctype.h>
+#include <netdb.h>
+#include <pcap.h>
+#include <signal.h>
+#include <stdio.h>
+
+#include "interface.h"
+#include "addrtoname.h"
+
+#define ENC_PRINT_TYPE(wh, xf, nam) \
+	if ((wh) & (xf)) { \
+		printf("%s%s", nam, (wh) == (xf) ? "): " : ","); \
+		(wh) &= ~(xf); \
+	}
+
+void
+enc_if_print(u_char *user, const struct pcap_pkthdr *h,
+	     register const u_char *p)
+{
+	register u_int length = h->len;
+	register u_int caplen = h->caplen;
+	int flags;
+	const struct ip *ip;
+	const struct enchdr *hdr;
+
+	ts_print(&h->ts);
+
+	if (caplen < ENC_HDRLEN) {
+		printf("[|enc]");
+		goto out;
+	}
+
+	/*
+	 * Some printers want to get back at the link level addresses,
+	 * and/or check that they're not walking off the end of the packet.
+	 * Rather than pass them all the way down, we set these globals.
+	 */
+	packetp = p;
+	snapend = p + caplen;
+	
+	hdr = (struct enchdr *)p;
+	printf("SPI 0x%08x (", ntohl(hdr->spi));
+	flags = hdr->flags;
+	ENC_PRINT_TYPE(flags, M_AUTH, "authentic");
+	ENC_PRINT_TYPE(flags, M_CONF, "confidential");
+	ENC_PRINT_TYPE(flags, M_TUNNEL, "tunnel");
+
+	length -= ENC_HDRLEN;
+	ip = (struct ip *)(p + ENC_HDRLEN);
+	ip_print((const u_char *)ip, length);
+
+	if (xflag)
+		default_print((const u_char *)ip, caplen - ENC_HDRLEN);
+out:
+	putchar('\n');
+}
diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c
index e2f849d3b6a..15c00f4a87f 100644
--- a/usr.sbin/tcpdump/tcpdump.c
+++ b/usr.sbin/tcpdump/tcpdump.c
@@ -24,7 +24,7 @@ static const char copyright[] =
     "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996\n\
 The Regents of the University of California.  All rights reserved.\n";
 static const char rcsid[] =
-    "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/tcpdump.c,v 1.8 1998/06/04 23:11:42 deraadt Exp $ (LBL)";
+    "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/tcpdump.c,v 1.9 1998/06/11 00:01:24 provos Exp $ (LBL)";
 #endif
 
 /*
@@ -99,6 +99,8 @@ static struct printer printers[] = {
 	{ null_if_print,	DLT_NULL },
 	{ atm_if_print,		DLT_ATM_RFC1483 },
 	{ null_if_print, 	DLT_LOOP },
+	{ enc_if_print, 	DLT_ENC },
+	{ null_if_print, 	DLT_LOOP },
 	{ NULL,			0 },
 };