From 7dfb7796544a63d7165a511336ed9f3f01b60656 Mon Sep 17 00:00:00 2001 From: Jason Wright Date: Thu, 20 Feb 2003 23:39:21 +0000 Subject: add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data --- usr.sbin/tcpdump/interface.h | 5 ++-- usr.sbin/tcpdump/print-ip.c | 11 +++++-- usr.sbin/tcpdump/print-ipsec.c | 67 ++++++++++++++++++++++++++++++++++-------- 3 files changed, 66 insertions(+), 17 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/tcpdump/interface.h b/usr.sbin/tcpdump/interface.h index 633b7967597..34cfdfb2595 100644 --- a/usr.sbin/tcpdump/interface.h +++ b/usr.sbin/tcpdump/interface.h @@ -1,4 +1,4 @@ -/* $OpenBSD: interface.h,v 1.35 2002/11/30 13:56:23 mickey Exp $ */ +/* $OpenBSD: interface.h,v 1.36 2003/02/20 23:39:20 jason Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -20,7 +20,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/interface.h,v 1.35 2002/11/30 13:56:23 mickey Exp $ (LBL) + * @(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/interface.h,v 1.36 2003/02/20 23:39:20 jason Exp $ (LBL) */ #ifndef tcpdump_interface_h @@ -251,6 +251,7 @@ extern void radius_print(const u_char *, u_int); extern void lwres_print(const u_char *, u_int); extern void ether_print(const u_char *, u_int); extern void etherip_print(const u_char *, u_int, const u_char *); +extern void ipcomp_print(const u_char *, u_int, const u_char *); #ifdef INET6 extern void ip6_print(const u_char *, int); diff --git a/usr.sbin/tcpdump/print-ip.c b/usr.sbin/tcpdump/print-ip.c index 587e9e460a0..fd0bafde914 100644 --- a/usr.sbin/tcpdump/print-ip.c +++ b/usr.sbin/tcpdump/print-ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-ip.c,v 1.18 2003/02/11 12:21:32 cedric Exp $ */ +/* $OpenBSD: print-ip.c,v 1.19 2003/02/20 23:39:20 jason Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ip.c,v 1.18 2003/02/11 12:21:32 cedric Exp $ (LBL)"; + "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ip.c,v 1.19 2003/02/20 23:39:20 jason Exp $ (LBL)"; #endif #include @@ -539,6 +539,13 @@ ip_print(register const u_char *bp, register u_int length) etherip_print(cp, len, (const u_char *)ip); break; +#ifndef IPPROTO_IPCOMP +#define IPPROTO_IPCOMP 108 +#endif + case IPPROTO_IPCOMP: + ipcomp_print(cp, len, (const u_char *)ip); + break; + #ifndef IPPROTO_VRRP #define IPPROTO_VRRP 112 #endif diff --git a/usr.sbin/tcpdump/print-ipsec.c b/usr.sbin/tcpdump/print-ipsec.c index 60c8f3dcb81..b1a3f8d797c 100644 --- a/usr.sbin/tcpdump/print-ipsec.c +++ b/usr.sbin/tcpdump/print-ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-ipsec.c,v 1.6 2001/06/27 03:34:44 angelos Exp $ */ +/* $OpenBSD: print-ipsec.c,v 1.7 2003/02/20 23:39:20 jason Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999 @@ -28,7 +28,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ipsec.c,v 1.6 2001/06/27 03:34:44 angelos Exp $ (XXX)"; + "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ipsec.c,v 1.7 2003/02/20 23:39:20 jason Exp $ (XXX)"; #endif #include @@ -67,15 +67,21 @@ esp_print (register const u_char *bp, register u_int len, { const struct ip *ip; const struct esp_hdr *esp; - + u_int plen = len; + ip = (const struct ip *)bp2; - esp = (const struct esp_hdr *)bp; - (void)printf("esp %s > %s spi 0x%08X seq %d len %d", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst), - ntohl(esp->esp_spi), ntohl(esp->esp_seq), len); + printf("esp %s > %s", + ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); + + if (plen < sizeof(struct esp_hdr)) { + printf("[|esp]"); + return; + } + esp = (const struct esp_hdr *)bp; + printf(" spi 0x%08X seq %d len %d", + ntohl(esp->esp_spi), ntohl(esp->esp_seq), len); } /* @@ -95,15 +101,21 @@ ah_print (register const u_char *bp, register u_int len, { const struct ip *ip; const struct ah_hdr *ah; - u_int pl_len; + u_int pl_len = len; ip = (const struct ip *)bp2; + + printf("ah %s > %s", + ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); + + if (pl_len < sizeof(struct ah_hdr)) { + printf("[|esp]"); + return; + } ah = (const struct ah_hdr *)bp; - (void)printf("ah %s > %s spi 0x%08X seq %d len %d", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst), - ntohl(ah->ah_spi), ntohl(ah->ah_seq), len); + printf(" spi 0x%08X seq %d len %d", + ntohl(ah->ah_spi), ntohl(ah->ah_seq), len); if (vflag) { (void)printf("\n\t[ "); @@ -154,3 +166,32 @@ out: } } + +struct ipcomp_hdr { + u_char ipcomp_nxt_hdr; + u_char ipcomp_flags; + u_short ipcomp_cpi; +}; + +void +ipcomp_print (register const u_char *bp, register u_int len, + register const u_char *bp2) +{ + const struct ip *ip; + const struct ipcomp_hdr *ipc; + u_int plen = len; + + ip = (const struct ip *)bp2; + + printf("ipcomp %s > %s", + ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); + + if (plen < sizeof(struct ipcomp_hdr)) { + printf("[|ipcomp]"); + return; + } + ipc = (const struct ipcomp_hdr *)bp; + + printf(" cpi 0x%04X flags %x next %x", + ntohs(ipc->ipcomp_cpi), ipc->ipcomp_flags, ipc->ipcomp_nxt_hdr); +} -- cgit v1.2.3