freebsd-nq/contrib/tcpdump/print-tcp.c

921 lines
36 KiB
C
Raw Normal View History

2009-03-21 16:23:46 +00:00
/* $NetBSD: print-tcp.c,v 1.9 2007/07/26 18:15:12 plunky Exp $ */
/*
1998-09-15 19:36:32 +00:00
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* Copyright (c) 1999-2004 The tcpdump.org project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
2017-01-31 19:17:06 +00:00
/* \summary: TCP printer */
#ifndef lint
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
#else
2009-03-21 16:23:46 +00:00
__RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $");
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
2017-01-31 19:17:06 +00:00
#include <netdissect-stdinc.h>
#include <stdlib.h>
#include <string.h>
2017-01-31 19:17:06 +00:00
#include "netdissect.h"
#include "addrtoname.h"
#include "extract.h"
#include "tcp.h"
#include "ip.h"
#include "ip6.h"
#include "ipproto.h"
#include "rpc_auth.h"
#include "rpc_msg.h"
#ifdef HAVE_LIBCRYPTO
#include <openssl/md5.h>
2017-01-31 19:17:06 +00:00
#include "signature.h"
2015-01-06 19:03:11 +00:00
static int tcp_verify_signature(netdissect_options *ndo,
const struct ip *ip, const struct tcphdr *tp,
2009-03-21 16:23:46 +00:00
const u_char *data, int length, const u_char *rcvsig);
#endif
2015-01-06 19:03:11 +00:00
static void print_tcp_rst_data(netdissect_options *, register const u_char *sp, u_int length);
2017-01-31 19:17:06 +00:00
static void print_tcp_fastopen_option(netdissect_options *ndo, register const u_char *cp,
u_int datalen, int exp);
#define MAX_RST_DATA_LEN 30
struct tha {
2009-03-21 16:23:46 +00:00
struct in_addr src;
struct in_addr dst;
u_int port;
};
struct tcp_seq_hash {
2009-03-21 16:23:46 +00:00
struct tcp_seq_hash *nxt;
struct tha addr;
tcp_seq seq;
tcp_seq ack;
};
2015-01-06 19:03:11 +00:00
struct tha6 {
struct in6_addr src;
struct in6_addr dst;
u_int port;
};
struct tcp_seq_hash6 {
struct tcp_seq_hash6 *nxt;
struct tha6 addr;
tcp_seq seq;
tcp_seq ack;
};
#define TSEQ_HASHSIZE 919
/* These tcp optinos do not have the size octet */
#define ZEROLENOPT(o) ((o) == TCPOPT_EOL || (o) == TCPOPT_NOP)
2015-01-06 19:03:11 +00:00
static struct tcp_seq_hash tcp_seq_hash4[TSEQ_HASHSIZE];
static struct tcp_seq_hash6 tcp_seq_hash6[TSEQ_HASHSIZE];
2015-01-06 19:03:11 +00:00
static const struct tok tcp_flag_values[] = {
2009-03-21 16:23:46 +00:00
{ TH_FIN, "F" },
{ TH_SYN, "S" },
{ TH_RST, "R" },
{ TH_PUSH, "P" },
{ TH_ACK, "." },
{ TH_URG, "U" },
{ TH_ECNECHO, "E" },
{ TH_CWR, "W" },
{ 0, NULL }
};
2015-01-06 19:03:11 +00:00
static const struct tok tcp_option_values[] = {
2009-03-21 16:23:46 +00:00
{ TCPOPT_EOL, "eol" },
{ TCPOPT_NOP, "nop" },
{ TCPOPT_MAXSEG, "mss" },
{ TCPOPT_WSCALE, "wscale" },
{ TCPOPT_SACKOK, "sackOK" },
{ TCPOPT_SACK, "sack" },
{ TCPOPT_ECHO, "echo" },
{ TCPOPT_ECHOREPLY, "echoreply" },
{ TCPOPT_TIMESTAMP, "TS" },
{ TCPOPT_CC, "cc" },
{ TCPOPT_CCNEW, "ccnew" },
{ TCPOPT_CCECHO, "" },
{ TCPOPT_SIGNATURE, "md5" },
2017-01-31 19:17:06 +00:00
{ TCPOPT_SCPS, "scps" },
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
{ TCPOPT_UTO, "uto" },
2017-01-31 19:17:06 +00:00
{ TCPOPT_TCPAO, "tcp-ao" },
2015-01-06 19:03:11 +00:00
{ TCPOPT_MPTCP, "mptcp" },
2017-01-31 19:17:06 +00:00
{ TCPOPT_FASTOPEN, "tfo" },
2015-01-06 19:03:11 +00:00
{ TCPOPT_EXPERIMENT2, "exp" },
2009-03-21 16:23:46 +00:00
{ 0, NULL }
};
2015-01-06 19:03:11 +00:00
static int
tcp_cksum(netdissect_options *ndo,
register const struct ip *ip,
register const struct tcphdr *tp,
register u_int len)
{
2015-01-06 19:03:11 +00:00
return nextproto4_cksum(ndo, ip, (const uint8_t *)tp, len, len,
IPPROTO_TCP);
}
2017-01-31 19:17:06 +00:00
static int
tcp6_cksum(netdissect_options *ndo,
register const struct ip6_hdr *ip6,
register const struct tcphdr *tp,
register u_int len)
{
return nextproto6_cksum(ndo, ip6, (const uint8_t *)tp, len, len,
IPPROTO_TCP);
}
void
2015-01-06 19:03:11 +00:00
tcp_print(netdissect_options *ndo,
register const u_char *bp, register u_int length,
register const u_char *bp2, int fragmented)
{
2009-03-21 16:23:46 +00:00
register const struct tcphdr *tp;
register const struct ip *ip;
register u_char flags;
register u_int hlen;
register char ch;
2015-01-06 19:03:11 +00:00
uint16_t sport, dport, win, urp;
uint32_t seq, ack, thseq, thack;
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
u_int utoval;
2015-01-06 19:03:11 +00:00
uint16_t magic;
register int rev;
2009-03-21 16:23:46 +00:00
register const struct ip6_hdr *ip6;
2017-01-31 19:17:06 +00:00
tp = (const struct tcphdr *)bp;
ip = (const struct ip *)bp2;
2009-03-21 16:23:46 +00:00
if (IP_V(ip) == 6)
2017-01-31 19:17:06 +00:00
ip6 = (const struct ip6_hdr *)bp2;
2009-03-21 16:23:46 +00:00
else
ip6 = NULL;
ch = '\0';
2015-01-06 19:03:11 +00:00
if (!ND_TTEST(tp->th_dport)) {
ND_PRINT((ndo, "%s > %s: [|tcp]",
ipaddr_string(ndo, &ip->ip_src),
ipaddr_string(ndo, &ip->ip_dst)));
2009-03-21 16:23:46 +00:00
return;
}
2009-03-21 16:23:46 +00:00
sport = EXTRACT_16BITS(&tp->th_sport);
dport = EXTRACT_16BITS(&tp->th_dport);
2009-03-21 16:23:46 +00:00
if (ip6) {
if (ip6->ip6_nxt == IPPROTO_TCP) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%s.%s > %s.%s: ",
ip6addr_string(ndo, &ip6->ip6_src),
2017-01-31 19:17:06 +00:00
tcpport_string(ndo, sport),
2015-01-06 19:03:11 +00:00
ip6addr_string(ndo, &ip6->ip6_dst),
2017-01-31 19:17:06 +00:00
tcpport_string(ndo, dport)));
2009-03-21 16:23:46 +00:00
} else {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%s > %s: ",
2017-01-31 19:17:06 +00:00
tcpport_string(ndo, sport), tcpport_string(ndo, dport)));
2009-03-21 16:23:46 +00:00
}
2017-01-31 19:17:06 +00:00
} else {
2009-03-21 16:23:46 +00:00
if (ip->ip_p == IPPROTO_TCP) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%s.%s > %s.%s: ",
ipaddr_string(ndo, &ip->ip_src),
2017-01-31 19:17:06 +00:00
tcpport_string(ndo, sport),
2015-01-06 19:03:11 +00:00
ipaddr_string(ndo, &ip->ip_dst),
2017-01-31 19:17:06 +00:00
tcpport_string(ndo, dport)));
2009-03-21 16:23:46 +00:00
} else {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%s > %s: ",
2017-01-31 19:17:06 +00:00
tcpport_string(ndo, sport), tcpport_string(ndo, dport)));
2009-03-21 16:23:46 +00:00
}
}
2017-01-31 19:17:06 +00:00
ND_TCHECK(*tp);
hlen = TH_OFF(tp) * 4;
2009-03-21 16:23:46 +00:00
if (hlen < sizeof(*tp)) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " tcp %d [bad hdr length %u - too short, < %lu]",
length - hlen, hlen, (unsigned long)sizeof(*tp)));
2009-03-21 16:23:46 +00:00
return;
}
seq = EXTRACT_32BITS(&tp->th_seq);
ack = EXTRACT_32BITS(&tp->th_ack);
win = EXTRACT_16BITS(&tp->th_win);
urp = EXTRACT_16BITS(&tp->th_urp);
2015-01-06 19:03:11 +00:00
if (ndo->ndo_qflag) {
ND_PRINT((ndo, "tcp %d", length - hlen));
2009-03-21 16:23:46 +00:00
if (hlen > length) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " [bad hdr length %u - too long, > %u]",
hlen, length));
2009-03-21 16:23:46 +00:00
}
return;
}
flags = tp->th_flags;
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags)));
2009-03-21 16:23:46 +00:00
2015-01-06 19:03:11 +00:00
if (!ndo->ndo_Sflag && (flags & TH_ACK)) {
2009-03-21 16:23:46 +00:00
/*
* Find (or record) the initial sequence numbers for
* this conversation. (we pick an arbitrary
* collating order so there's only one entry for
* both directions).
*/
rev = 0;
if (ip6) {
2015-01-06 19:03:11 +00:00
register struct tcp_seq_hash6 *th;
struct tcp_seq_hash6 *tcp_seq_hash;
const struct in6_addr *src, *dst;
struct tha6 tha;
tcp_seq_hash = tcp_seq_hash6;
2009-03-21 16:23:46 +00:00
src = &ip6->ip6_src;
dst = &ip6->ip6_dst;
if (sport > dport)
rev = 1;
else if (sport == dport) {
2015-01-06 19:03:11 +00:00
if (UNALIGNED_MEMCMP(src, dst, sizeof ip6->ip6_dst) > 0)
2009-03-21 16:23:46 +00:00
rev = 1;
}
if (rev) {
2015-01-06 19:03:11 +00:00
UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip6->ip6_dst);
UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip6->ip6_src);
2009-03-21 16:23:46 +00:00
tha.port = dport << 16 | sport;
} else {
2015-01-06 19:03:11 +00:00
UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip6->ip6_dst);
UNALIGNED_MEMCPY(&tha.src, src, sizeof ip6->ip6_src);
2009-03-21 16:23:46 +00:00
tha.port = sport << 16 | dport;
}
2015-01-06 19:03:11 +00:00
for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];
th->nxt; th = th->nxt)
if (memcmp((char *)&tha, (char *)&th->addr,
sizeof(th->addr)) == 0)
break;
if (!th->nxt || (flags & TH_SYN)) {
/* didn't find it or new conversation */
if (th->nxt == NULL) {
th->nxt = (struct tcp_seq_hash6 *)
calloc(1, sizeof(*th));
if (th->nxt == NULL)
2017-01-31 19:17:06 +00:00
(*ndo->ndo_error)(ndo,
"tcp_print: calloc");
2015-01-06 19:03:11 +00:00
}
th->addr = tha;
if (rev)
th->ack = seq, th->seq = ack - 1;
else
th->seq = seq, th->ack = ack - 1;
} else {
if (rev)
seq -= th->ack, ack -= th->seq;
else
seq -= th->seq, ack -= th->ack;
}
thseq = th->seq;
thack = th->ack;
2009-03-21 16:23:46 +00:00
} else {
2015-01-06 19:03:11 +00:00
register struct tcp_seq_hash *th;
struct tcp_seq_hash *tcp_seq_hash;
struct tha tha;
tcp_seq_hash = tcp_seq_hash4;
2009-03-21 16:23:46 +00:00
if (sport > dport)
rev = 1;
else if (sport == dport) {
2017-01-31 19:17:06 +00:00
if (UNALIGNED_MEMCMP(&ip->ip_src, &ip->ip_dst, sizeof ip->ip_dst) > 0)
2009-03-21 16:23:46 +00:00
rev = 1;
}
if (rev) {
2017-01-31 19:17:06 +00:00
UNALIGNED_MEMCPY(&tha.src, &ip->ip_dst, sizeof ip->ip_dst);
UNALIGNED_MEMCPY(&tha.dst, &ip->ip_src, sizeof ip->ip_src);
2009-03-21 16:23:46 +00:00
tha.port = dport << 16 | sport;
} else {
2017-01-31 19:17:06 +00:00
UNALIGNED_MEMCPY(&tha.dst, &ip->ip_dst, sizeof ip->ip_dst);
UNALIGNED_MEMCPY(&tha.src, &ip->ip_src, sizeof ip->ip_src);
2009-03-21 16:23:46 +00:00
tha.port = sport << 16 | dport;
}
2015-01-06 19:03:11 +00:00
for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];
th->nxt; th = th->nxt)
if (memcmp((char *)&tha, (char *)&th->addr,
sizeof(th->addr)) == 0)
break;
2009-03-21 16:23:46 +00:00
2015-01-06 19:03:11 +00:00
if (!th->nxt || (flags & TH_SYN)) {
/* didn't find it or new conversation */
if (th->nxt == NULL) {
th->nxt = (struct tcp_seq_hash *)
calloc(1, sizeof(*th));
if (th->nxt == NULL)
2017-01-31 19:17:06 +00:00
(*ndo->ndo_error)(ndo,
"tcp_print: calloc");
2015-01-06 19:03:11 +00:00
}
th->addr = tha;
if (rev)
th->ack = seq, th->seq = ack - 1;
else
th->seq = seq, th->ack = ack - 1;
} else {
if (rev)
seq -= th->ack, ack -= th->seq;
else
seq -= th->seq, ack -= th->ack;
2009-03-21 16:23:46 +00:00
}
2015-01-06 19:03:11 +00:00
thseq = th->seq;
thack = th->ack;
}
2009-03-21 16:23:46 +00:00
} else {
/*fool gcc*/
2015-01-06 19:03:11 +00:00
thseq = thack = rev = 0;
2009-03-21 16:23:46 +00:00
}
if (hlen > length) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " [bad hdr length %u - too long, > %u]",
hlen, length));
2009-03-21 16:23:46 +00:00
return;
}
2015-01-06 19:03:11 +00:00
if (ndo->ndo_vflag && !ndo->ndo_Kflag && !fragmented) {
2012-05-14 08:01:48 +00:00
/* Check the checksum, if possible. */
2015-01-06 19:03:11 +00:00
uint16_t sum, tcp_sum;
2012-05-14 08:01:48 +00:00
if (IP_V(ip) == 4) {
2015-01-06 19:03:11 +00:00
if (ND_TTEST2(tp->th_sport, length)) {
sum = tcp_cksum(ndo, ip, tp, length);
2009-03-21 16:23:46 +00:00
tcp_sum = EXTRACT_16BITS(&tp->th_sum);
2012-05-14 08:01:48 +00:00
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", cksum 0x%04x", tcp_sum));
2012-05-14 08:01:48 +00:00
if (sum != 0)
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " (incorrect -> 0x%04x)",
in_cksum_shouldbe(tcp_sum, sum)));
2012-05-14 08:01:48 +00:00
else
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " (correct)"));
2012-05-14 08:01:48 +00:00
}
2017-01-31 19:17:06 +00:00
} else if (IP_V(ip) == 6 && ip6->ip6_plen) {
2015-01-06 19:03:11 +00:00
if (ND_TTEST2(tp->th_sport, length)) {
2017-01-31 19:17:06 +00:00
sum = tcp6_cksum(ndo, ip6, tp, length);
2009-03-21 16:23:46 +00:00
tcp_sum = EXTRACT_16BITS(&tp->th_sum);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", cksum 0x%04x", tcp_sum));
2012-05-14 08:01:48 +00:00
if (sum != 0)
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " (incorrect -> 0x%04x)",
in_cksum_shouldbe(tcp_sum, sum)));
2012-05-14 08:01:48 +00:00
else
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " (correct)"));
2012-05-14 08:01:48 +00:00
}
2009-03-21 16:23:46 +00:00
}
2012-05-14 08:01:48 +00:00
}
2009-03-21 16:23:46 +00:00
length -= hlen;
2015-01-06 19:03:11 +00:00
if (ndo->ndo_vflag > 1 || length > 0 || flags & (TH_SYN | TH_FIN | TH_RST)) {
ND_PRINT((ndo, ", seq %u", seq));
2009-03-21 16:23:46 +00:00
if (length > 0) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ":%u", seq + length));
2009-03-21 16:23:46 +00:00
}
}
if (flags & TH_ACK) {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", ack %u", ack));
2009-03-21 16:23:46 +00:00
}
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", win %d", win));
2009-03-21 16:23:46 +00:00
if (flags & TH_URG)
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", urg %d", urp));
2009-03-21 16:23:46 +00:00
/*
* Handle any options.
*/
if (hlen > sizeof(*tp)) {
register const u_char *cp;
register u_int i, opt, datalen;
register u_int len;
hlen -= sizeof(*tp);
cp = (const u_char *)tp + sizeof(*tp);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", options ["));
2009-03-21 16:23:46 +00:00
while (hlen > 0) {
if (ch != '\0')
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%c", ch));
ND_TCHECK(*cp);
2009-03-21 16:23:46 +00:00
opt = *cp++;
if (ZEROLENOPT(opt))
len = 1;
else {
2015-01-06 19:03:11 +00:00
ND_TCHECK(*cp);
2009-03-21 16:23:46 +00:00
len = *cp++; /* total including type, len */
if (len < 2 || len > hlen)
goto bad;
--hlen; /* account for length byte */
}
--hlen; /* account for type byte */
datalen = 0;
1997-05-27 02:11:31 +00:00
/* Bail if "l" bytes of data are not left or were not captured */
2015-01-06 19:03:11 +00:00
#define LENCHECK(l) { if ((l) > hlen) goto bad; ND_TCHECK2(*cp, l); }
1997-05-27 02:11:31 +00:00
2009-03-21 16:23:46 +00:00
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%s", tok2str(tcp_option_values, "unknown-%u", opt)));
2009-03-21 16:23:46 +00:00
switch (opt) {
case TCPOPT_MAXSEG:
datalen = 2;
LENCHECK(datalen);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " %u", EXTRACT_16BITS(cp)));
2009-03-21 16:23:46 +00:00
break;
case TCPOPT_WSCALE:
datalen = 1;
LENCHECK(datalen);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " %u", *cp));
2009-03-21 16:23:46 +00:00
break;
case TCPOPT_SACK:
datalen = len - 2;
if (datalen % 8 != 0) {
2017-01-31 19:17:06 +00:00
ND_PRINT((ndo, " invalid sack"));
2009-03-21 16:23:46 +00:00
} else {
2015-01-06 19:03:11 +00:00
uint32_t s, e;
2009-03-21 16:23:46 +00:00
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " %d ", datalen / 8));
2009-03-21 16:23:46 +00:00
for (i = 0; i < datalen; i += 8) {
LENCHECK(i + 4);
s = EXTRACT_32BITS(cp + i);
LENCHECK(i + 8);
e = EXTRACT_32BITS(cp + i + 4);
2015-01-06 19:03:11 +00:00
if (rev) {
2009-03-21 16:23:46 +00:00
s -= thseq;
e -= thseq;
} else {
s -= thack;
e -= thack;
}
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "{%u:%u}", s, e));
2009-03-21 16:23:46 +00:00
}
}
break;
case TCPOPT_CC:
case TCPOPT_CCNEW:
case TCPOPT_CCECHO:
case TCPOPT_ECHO:
case TCPOPT_ECHOREPLY:
/*
* those options share their semantics.
* fall through
*/
datalen = 4;
LENCHECK(datalen);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
2009-03-21 16:23:46 +00:00
break;
case TCPOPT_TIMESTAMP:
datalen = 8;
LENCHECK(datalen);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " val %u ecr %u",
2009-03-21 16:23:46 +00:00
EXTRACT_32BITS(cp),
2015-01-06 19:03:11 +00:00
EXTRACT_32BITS(cp + 4)));
2009-03-21 16:23:46 +00:00
break;
case TCPOPT_SIGNATURE:
datalen = TCP_SIGLEN;
LENCHECK(datalen);
2017-01-31 19:17:06 +00:00
ND_PRINT((ndo, " "));
#ifdef HAVE_LIBCRYPTO
2015-01-06 19:03:11 +00:00
switch (tcp_verify_signature(ndo, ip, tp,
2009-03-21 16:23:46 +00:00
bp + TH_OFF(tp) * 4, length, cp)) {
case SIGNATURE_VALID:
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "valid"));
2009-03-21 16:23:46 +00:00
break;
case SIGNATURE_INVALID:
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "invalid"));
2009-03-21 16:23:46 +00:00
break;
case CANT_CHECK_SIGNATURE:
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "can't check - "));
2009-03-21 16:23:46 +00:00
for (i = 0; i < TCP_SIGLEN; ++i)
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%02x", cp[i]));
2009-03-21 16:23:46 +00:00
break;
}
#else
2009-03-21 16:23:46 +00:00
for (i = 0; i < TCP_SIGLEN; ++i)
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%02x", cp[i]));
#endif
2009-03-21 16:23:46 +00:00
break;
2017-01-31 19:17:06 +00:00
case TCPOPT_SCPS:
datalen = 2;
LENCHECK(datalen);
ND_PRINT((ndo, " cap %02x id %u", cp[0], cp[1]));
2009-03-21 16:23:46 +00:00
break;
2017-01-31 19:17:06 +00:00
case TCPOPT_TCPAO:
datalen = len - 2;
/* RFC 5925 Section 2.2:
* "The Length value MUST be greater than or equal to 4."
* (This includes the Kind and Length fields already processed
* at this point.)
*/
if (datalen < 2) {
ND_PRINT((ndo, " invalid"));
} else {
LENCHECK(1);
ND_PRINT((ndo, " keyid %u", cp[0]));
LENCHECK(2);
ND_PRINT((ndo, " rnextkeyid %u", cp[1]));
if (datalen > 2) {
ND_PRINT((ndo, " mac 0x"));
for (i = 2; i < datalen; i++) {
LENCHECK(i + 1);
ND_PRINT((ndo, "%02x", cp[i]));
}
}
}
break;
2009-03-21 16:23:46 +00:00
case TCPOPT_EOL:
case TCPOPT_NOP:
case TCPOPT_SACKOK:
/*
* Nothing interesting.
* fall through
*/
break;
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
case TCPOPT_UTO:
datalen = 2;
LENCHECK(datalen);
utoval = EXTRACT_16BITS(cp);
2017-01-31 19:17:06 +00:00
ND_PRINT((ndo, " 0x%x", utoval));
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
if (utoval & 0x0001)
utoval = (utoval >> 1) * 60;
else
utoval >>= 1;
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " %u", utoval));
break;
case TCPOPT_MPTCP:
datalen = len - 2;
LENCHECK(datalen);
if (!mptcp_print(ndo, cp-2, len, flags))
goto bad;
break;
2017-01-31 19:17:06 +00:00
case TCPOPT_FASTOPEN:
datalen = len - 2;
LENCHECK(datalen);
ND_PRINT((ndo, " "));
print_tcp_fastopen_option(ndo, cp, datalen, FALSE);
break;
2015-01-06 19:03:11 +00:00
case TCPOPT_EXPERIMENT2:
datalen = len - 2;
LENCHECK(datalen);
if (datalen < 2)
goto bad;
/* RFC6994 */
magic = EXTRACT_16BITS(cp);
ND_PRINT((ndo, "-"));
switch(magic) {
2017-01-31 19:17:06 +00:00
case 0xf989: /* TCP Fast Open RFC 7413 */
print_tcp_fastopen_option(ndo, cp + 2, datalen - 2, TRUE);
2015-01-06 19:03:11 +00:00
break;
default:
/* Unknown magic number */
ND_PRINT((ndo, "%04x", magic));
break;
}
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
break;
2009-03-21 16:23:46 +00:00
default:
datalen = len - 2;
2015-01-06 19:03:11 +00:00
if (datalen)
ND_PRINT((ndo, " 0x"));
2009-03-21 16:23:46 +00:00
for (i = 0; i < datalen; ++i) {
2017-01-31 19:17:06 +00:00
LENCHECK(i + 1);
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "%02x", cp[i]));
2009-03-21 16:23:46 +00:00
}
break;
}
/* Account for data printed */
cp += datalen;
hlen -= datalen;
/* Check specification against observed length */
++datalen; /* option octet */
if (!ZEROLENOPT(opt))
++datalen; /* size octet */
if (datalen != len)
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "[len %d]", len));
2009-03-21 16:23:46 +00:00
ch = ',';
if (opt == TCPOPT_EOL)
break;
}
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "]"));
2009-03-21 16:23:46 +00:00
}
/*
* Print length field before crawling down the stack.
*/
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ", length %u", length));
2009-03-21 16:23:46 +00:00
if (length <= 0)
return;
/*
* Decode payload if necessary.
*/
bp += TH_OFF(tp) * 4;
2015-01-06 19:03:11 +00:00
if ((flags & TH_RST) && ndo->ndo_vflag) {
print_tcp_rst_data(ndo, bp, length);
2009-03-21 16:23:46 +00:00
return;
2015-01-06 19:03:11 +00:00
}
2009-03-21 16:23:46 +00:00
2015-01-06 19:03:11 +00:00
if (ndo->ndo_packettype) {
switch (ndo->ndo_packettype) {
2013-05-30 06:46:26 +00:00
case PT_ZMTP1:
2015-01-06 19:03:11 +00:00
zmtp1_print(ndo, bp, length);
2013-05-30 06:46:26 +00:00
break;
2017-01-31 19:17:06 +00:00
case PT_RESP:
resp_print(ndo, bp, length);
break;
2013-05-30 06:46:26 +00:00
}
return;
}
2017-01-31 19:17:06 +00:00
if (IS_SRC_OR_DST_PORT(TELNET_PORT)) {
telnet_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
} else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) {
ND_PRINT((ndo, ": "));
smtp_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
} else if (IS_SRC_OR_DST_PORT(BGP_PORT))
2015-01-06 19:03:11 +00:00
bgp_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
else if (IS_SRC_OR_DST_PORT(PPTP_PORT))
2015-01-06 19:03:11 +00:00
pptp_print(ndo, bp);
2017-01-31 19:17:06 +00:00
else if (IS_SRC_OR_DST_PORT(REDIS_PORT))
resp_print(ndo, bp, length);
#ifdef ENABLE_SMB
else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT))
2015-01-06 19:03:11 +00:00
nbt_tcp_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
else if (IS_SRC_OR_DST_PORT(SMB_PORT))
2015-01-06 19:03:11 +00:00
smb_tcp_print(ndo, bp, length);
#endif
2017-01-31 19:17:06 +00:00
else if (IS_SRC_OR_DST_PORT(BEEP_PORT))
2015-01-06 19:03:11 +00:00
beep_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
else if (IS_SRC_OR_DST_PORT(OPENFLOW_PORT_OLD) || IS_SRC_OR_DST_PORT(OPENFLOW_PORT_IANA))
2015-01-06 19:03:11 +00:00
openflow_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
else if (IS_SRC_OR_DST_PORT(FTP_PORT)) {
ND_PRINT((ndo, ": "));
ftp_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
} else if (IS_SRC_OR_DST_PORT(HTTP_PORT) || IS_SRC_OR_DST_PORT(HTTP_PORT_ALT)) {
ND_PRINT((ndo, ": "));
http_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
} else if (IS_SRC_OR_DST_PORT(RTSP_PORT) || IS_SRC_OR_DST_PORT(RTSP_PORT_ALT)) {
ND_PRINT((ndo, ": "));
rtsp_print(ndo, bp, length);
} else if (length > 2 &&
2017-01-31 19:17:06 +00:00
(IS_SRC_OR_DST_PORT(NAMESERVER_PORT))) {
2009-03-21 16:23:46 +00:00
/*
* TCP DNS query has 2byte length at the head.
* XXX packet could be unaligned, it can go strange
*/
2015-01-06 19:03:11 +00:00
ns_print(ndo, bp + 2, length - 2, 0);
2017-01-31 19:17:06 +00:00
} else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) {
2015-01-06 19:03:11 +00:00
msdp_print(ndo, bp, length);
2017-01-31 19:17:06 +00:00
} else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) {
2015-01-06 19:03:11 +00:00
rpki_rtr_print(ndo, bp, length);
2009-03-21 16:23:46 +00:00
}
2017-01-31 19:17:06 +00:00
else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) {
2015-01-06 19:03:11 +00:00
ldp_print(ndo, bp, length);
}
2017-01-31 19:17:06 +00:00
else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) &&
2015-01-06 19:03:11 +00:00
length >= 4 && ND_TTEST2(*bp, 4)) {
/*
* If data present, header length valid, and NFS port used,
* assume NFS.
* Pass offset of data plus 4 bytes for RPC TCP msg length
* to NFS print routines.
*/
uint32_t fraglen;
2017-01-31 19:17:06 +00:00
register const struct sunrpc_msg *rp;
2015-01-06 19:03:11 +00:00
enum sunrpc_msg_type direction;
fraglen = EXTRACT_32BITS(bp) & 0x7FFFFFFF;
if (fraglen > (length) - 4)
fraglen = (length) - 4;
2017-01-31 19:17:06 +00:00
rp = (const struct sunrpc_msg *)(bp + 4);
2015-01-06 19:03:11 +00:00
if (ND_TTEST(rp->rm_direction)) {
direction = (enum sunrpc_msg_type)EXTRACT_32BITS(&rp->rm_direction);
if (dport == NFS_PORT && direction == SUNRPC_CALL) {
ND_PRINT((ndo, ": NFS request xid %u ", EXTRACT_32BITS(&rp->rm_xid)));
2017-01-31 19:17:06 +00:00
nfsreq_print_noaddr(ndo, (const u_char *)rp, fraglen, (const u_char *)ip);
2015-01-06 19:03:11 +00:00
return;
}
if (sport == NFS_PORT && direction == SUNRPC_REPLY) {
ND_PRINT((ndo, ": NFS reply xid %u ", EXTRACT_32BITS(&rp->rm_xid)));
2017-01-31 19:17:06 +00:00
nfsreply_print_noaddr(ndo, (const u_char *)rp, fraglen, (const u_char *)ip);
2015-01-06 19:03:11 +00:00
return;
}
}
2009-03-21 16:23:46 +00:00
}
return;
bad:
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "[bad opt]"));
2009-03-21 16:23:46 +00:00
if (ch != '\0')
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ">"));
2009-03-21 16:23:46 +00:00
return;
trunc:
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "[|tcp]"));
2009-03-21 16:23:46 +00:00
if (ch != '\0')
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ">"));
}
/*
* RFC1122 says the following on data in RST segments:
*
* 4.2.2.12 RST Segment: RFC-793 Section 3.4
*
* A TCP SHOULD allow a received RST segment to include data.
*
* DISCUSSION
* It has been suggested that a RST segment could contain
* ASCII text that encoded and explained the cause of the
* RST. No standard has yet been established for such
* data.
*
*/
static void
2015-01-06 19:03:11 +00:00
print_tcp_rst_data(netdissect_options *ndo,
register const u_char *sp, u_int length)
{
2009-03-21 16:23:46 +00:00
int c;
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, ND_TTEST2(*sp, length) ? " [RST" : " [!RST"));
2009-03-21 16:23:46 +00:00
if (length > MAX_RST_DATA_LEN) {
length = MAX_RST_DATA_LEN; /* can use -X for longer */
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "+")); /* indicate we truncate */
2009-03-21 16:23:46 +00:00
}
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, " "));
2017-01-31 19:17:06 +00:00
while (length-- && sp < ndo->ndo_snapend) {
2009-03-21 16:23:46 +00:00
c = *sp++;
2015-01-06 19:03:11 +00:00
safeputchar(ndo, c);
2009-03-21 16:23:46 +00:00
}
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "]"));
}
2017-01-31 19:17:06 +00:00
static void
print_tcp_fastopen_option(netdissect_options *ndo, register const u_char *cp,
u_int datalen, int exp)
{
u_int i;
if (exp)
ND_PRINT((ndo, "tfo"));
if (datalen == 0) {
/* Fast Open Cookie Request */
ND_PRINT((ndo, " cookiereq"));
} else {
/* Fast Open Cookie */
if (datalen % 2 != 0 || datalen < 4 || datalen > 16) {
ND_PRINT((ndo, " invalid"));
} else {
ND_PRINT((ndo, " cookie "));
for (i = 0; i < datalen; ++i)
ND_PRINT((ndo, "%02x", cp[i]));
}
}
}
#ifdef HAVE_LIBCRYPTO
2015-01-06 19:03:11 +00:00
USES_APPLE_DEPRECATED_API
static int
2015-01-06 19:03:11 +00:00
tcp_verify_signature(netdissect_options *ndo,
const struct ip *ip, const struct tcphdr *tp,
2009-03-21 16:23:46 +00:00
const u_char *data, int length, const u_char *rcvsig)
{
struct tcphdr tp1;
2009-03-21 16:23:46 +00:00
u_char sig[TCP_SIGLEN];
char zero_proto = 0;
MD5_CTX ctx;
2015-01-06 19:03:11 +00:00
uint16_t savecsum, tlen;
2017-01-31 19:17:06 +00:00
const struct ip6_hdr *ip6;
2015-01-06 19:03:11 +00:00
uint32_t len32;
uint8_t nxt;
2015-01-06 19:03:11 +00:00
if (data + length > ndo->ndo_snapend) {
ND_PRINT((ndo, "snaplen too short, "));
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
return (CANT_CHECK_SIGNATURE);
}
2009-03-21 16:23:46 +00:00
tp1 = *tp;
2015-01-06 19:03:11 +00:00
if (ndo->ndo_sigsecret == NULL) {
ND_PRINT((ndo, "shared secret not supplied with -M, "));
2009-03-21 16:23:46 +00:00
return (CANT_CHECK_SIGNATURE);
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
}
2009-03-21 16:23:46 +00:00
MD5_Init(&ctx);
/*
* Step 1: Update MD5 hash with IP pseudo-header.
*/
if (IP_V(ip) == 4) {
2017-01-31 19:17:06 +00:00
MD5_Update(&ctx, (const char *)&ip->ip_src, sizeof(ip->ip_src));
MD5_Update(&ctx, (const char *)&ip->ip_dst, sizeof(ip->ip_dst));
MD5_Update(&ctx, (const char *)&zero_proto, sizeof(zero_proto));
MD5_Update(&ctx, (const char *)&ip->ip_p, sizeof(ip->ip_p));
2009-03-21 16:23:46 +00:00
tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
tlen = htons(tlen);
2017-01-31 19:17:06 +00:00
MD5_Update(&ctx, (const char *)&tlen, sizeof(tlen));
2009-03-21 16:23:46 +00:00
} else if (IP_V(ip) == 6) {
2017-01-31 19:17:06 +00:00
ip6 = (const struct ip6_hdr *)ip;
MD5_Update(&ctx, (const char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
MD5_Update(&ctx, (const char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst));
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen));
2017-01-31 19:17:06 +00:00
MD5_Update(&ctx, (const char *)&len32, sizeof(len32));
2009-03-21 16:23:46 +00:00
nxt = 0;
2017-01-31 19:17:06 +00:00
MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt));
MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt));
MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt));
2009-03-21 16:23:46 +00:00
nxt = IPPROTO_TCP;
2017-01-31 19:17:06 +00:00
MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt));
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
} else {
2015-01-06 19:03:11 +00:00
ND_PRINT((ndo, "IP version not 4 or 6, "));
2009-03-21 16:23:46 +00:00
return (CANT_CHECK_SIGNATURE);
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6)
2010-10-28 16:23:25 +00:00
}
2009-03-21 16:23:46 +00:00
/*
* Step 2: Update MD5 hash with TCP header, excluding options.
* The TCP checksum must be set to zero.
*/
savecsum = tp1.th_sum;
tp1.th_sum = 0;
2017-01-31 19:17:06 +00:00
MD5_Update(&ctx, (const char *)&tp1, sizeof(struct tcphdr));
2009-03-21 16:23:46 +00:00
tp1.th_sum = savecsum;
/*
* Step 3: Update MD5 hash with TCP segment data, if present.
*/
if (length > 0)
MD5_Update(&ctx, data, length);
/*
* Step 4: Update MD5 hash with shared secret.
*/
2015-01-06 19:03:11 +00:00
MD5_Update(&ctx, ndo->ndo_sigsecret, strlen(ndo->ndo_sigsecret));
2009-03-21 16:23:46 +00:00
MD5_Final(sig, &ctx);
if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0)
return (SIGNATURE_VALID);
else
return (SIGNATURE_INVALID);
}
2015-01-06 19:03:11 +00:00
USES_APPLE_RST
#endif /* HAVE_LIBCRYPTO */
2009-03-21 16:23:46 +00:00
/*
* Local Variables:
* c-style: whitesmith
* c-basic-offset: 8
* End:
*/