2012-10-05 07:51:21 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2012 Gleb Smirnoff <glebius@FreeBSD.org>
|
|
|
|
* Copyright (c) 2002 Michael Shalayeff
|
|
|
|
* Copyright (c) 2001 Daniel Hartmeier
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
|
|
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
* SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
|
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
|
|
|
* THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* $OpenBSD: print-pfsync.c,v 1.38 2012/09/19 13:50:36 mikeb Exp $
|
|
|
|
* $OpenBSD: pf_print_state.c,v 1.11 2012/07/08 17:48:37 lteo Exp $
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
#ifndef HAVE_NET_PFVAR_H
|
|
|
|
#error "No pf headers available"
|
|
|
|
#endif
|
2012-10-05 07:51:21 +00:00
|
|
|
#include <sys/endian.h>
|
|
|
|
#include <net/if.h>
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
#include <net/pfvar.h>
|
2012-10-05 07:51:21 +00:00
|
|
|
#include <net/if_pfsync.h>
|
|
|
|
#define TCPSTATES
|
|
|
|
#include <netinet/tcp_fsm.h>
|
|
|
|
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
#include <netdissect-stdinc.h>
|
2012-10-05 07:51:21 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
#include "netdissect.h"
|
2012-10-05 07:51:21 +00:00
|
|
|
#include "interface.h"
|
|
|
|
#include "addrtoname.h"
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
static void pfsync_print(netdissect_options *, struct pfsync_header *,
|
|
|
|
const u_char *, u_int);
|
|
|
|
static void print_src_dst(netdissect_options *,
|
|
|
|
const struct pfsync_state_peer *,
|
2012-10-05 07:51:21 +00:00
|
|
|
const struct pfsync_state_peer *, uint8_t);
|
2015-04-24 16:11:22 +00:00
|
|
|
static void print_state(netdissect_options *, struct pfsync_state *);
|
2012-10-05 07:51:21 +00:00
|
|
|
|
|
|
|
#ifdef notyet
|
|
|
|
void
|
|
|
|
pfsync_if_print(u_char *user, const struct pcap_pkthdr *h,
|
|
|
|
register const u_char *p)
|
|
|
|
{
|
|
|
|
u_int caplen = h->caplen;
|
|
|
|
|
|
|
|
ts_print(&h->ts);
|
|
|
|
|
|
|
|
if (caplen < PFSYNC_HDRLEN) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "[|pfsync]"));
|
2012-10-05 07:51:21 +00:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
pfsync_print((struct pfsync_header *)p,
|
|
|
|
p + sizeof(struct pfsync_header),
|
|
|
|
caplen - sizeof(struct pfsync_header));
|
|
|
|
out:
|
|
|
|
if (xflag) {
|
|
|
|
default_print((const u_char *)p, caplen);
|
|
|
|
}
|
2015-04-24 16:11:22 +00:00
|
|
|
safeputchar(ndo, '\n');
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
#endif /* notyet */
|
|
|
|
|
|
|
|
void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_ip_print(netdissect_options *ndo , const u_char *bp, u_int len)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
struct pfsync_header *hdr = (struct pfsync_header *)bp;
|
|
|
|
|
|
|
|
if (len < PFSYNC_HDRLEN)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "[|pfsync]"));
|
2012-10-05 07:51:21 +00:00
|
|
|
else
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print(ndo, hdr, bp + sizeof(struct pfsync_header),
|
2012-10-05 07:51:21 +00:00
|
|
|
len - sizeof(struct pfsync_header));
|
|
|
|
}
|
|
|
|
|
|
|
|
struct pfsync_actions {
|
|
|
|
const char *name;
|
|
|
|
size_t len;
|
2015-04-24 16:11:22 +00:00
|
|
|
void (*print)(netdissect_options *, const void *);
|
2012-10-05 07:51:21 +00:00
|
|
|
};
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
static void pfsync_print_clr(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_state(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_ins_ack(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_upd_c(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_upd_req(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_del_c(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_bus(netdissect_options *, const void *);
|
|
|
|
static void pfsync_print_tdb(netdissect_options *, const void *);
|
2012-10-05 07:51:21 +00:00
|
|
|
|
|
|
|
struct pfsync_actions actions[] = {
|
|
|
|
{ "clear all", sizeof(struct pfsync_clr), pfsync_print_clr },
|
|
|
|
{ "insert", sizeof(struct pfsync_state), pfsync_print_state },
|
|
|
|
{ "insert ack", sizeof(struct pfsync_ins_ack), pfsync_print_ins_ack },
|
|
|
|
{ "update", sizeof(struct pfsync_ins_ack), pfsync_print_state },
|
|
|
|
{ "update compressed", sizeof(struct pfsync_upd_c),
|
|
|
|
pfsync_print_upd_c },
|
|
|
|
{ "request uncompressed", sizeof(struct pfsync_upd_req),
|
|
|
|
pfsync_print_upd_req },
|
|
|
|
{ "delete", sizeof(struct pfsync_state), pfsync_print_state },
|
|
|
|
{ "delete compressed", sizeof(struct pfsync_del_c),
|
|
|
|
pfsync_print_del_c },
|
|
|
|
{ "frag insert", 0, NULL },
|
|
|
|
{ "frag delete", 0, NULL },
|
|
|
|
{ "bulk update status", sizeof(struct pfsync_bus),
|
|
|
|
pfsync_print_bus },
|
|
|
|
{ "tdb", 0, pfsync_print_tdb },
|
|
|
|
{ "eof", 0, NULL },
|
|
|
|
};
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print(netdissect_options *ndo, struct pfsync_header *hdr,
|
|
|
|
const u_char *bp, u_int len)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
struct pfsync_subheader *subh;
|
|
|
|
int count, plen, i;
|
|
|
|
u_int alen;
|
|
|
|
|
|
|
|
plen = ntohs(hdr->len);
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "PFSYNCv%d len %d", hdr->version, plen));
|
2012-10-05 07:51:21 +00:00
|
|
|
|
|
|
|
if (hdr->version != PFSYNC_VERSION)
|
|
|
|
return;
|
|
|
|
|
|
|
|
plen -= sizeof(*hdr);
|
|
|
|
|
|
|
|
while (plen > 0) {
|
|
|
|
if (len < sizeof(*subh))
|
|
|
|
break;
|
|
|
|
|
|
|
|
subh = (struct pfsync_subheader *)bp;
|
|
|
|
bp += sizeof(*subh);
|
|
|
|
len -= sizeof(*subh);
|
|
|
|
plen -= sizeof(*subh);
|
|
|
|
|
|
|
|
if (subh->action >= PFSYNC_ACT_MAX) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n act UNKNOWN id %d",
|
|
|
|
subh->action));
|
2012-10-05 07:51:21 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
count = ntohs(subh->count);
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n %s count %d", actions[subh->action].name,
|
|
|
|
count));
|
2012-10-05 07:51:21 +00:00
|
|
|
alen = actions[subh->action].len;
|
|
|
|
|
|
|
|
if (subh->action == PFSYNC_ACT_EOF)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (actions[subh->action].print == NULL) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n unimplemented action %hhu",
|
|
|
|
subh->action));
|
2012-10-05 07:51:21 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
if (len < alen) {
|
|
|
|
len = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
if (ndo->ndo_vflag)
|
2015-04-24 16:11:22 +00:00
|
|
|
actions[subh->action].print(ndo, bp);
|
2012-10-05 07:51:21 +00:00
|
|
|
|
|
|
|
bp += alen;
|
|
|
|
len -= alen;
|
|
|
|
plen -= alen;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (plen > 0) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n ..."));
|
2012-10-05 07:51:21 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (plen < 0) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n invalid header length"));
|
2012-10-05 07:51:21 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (len > 0)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n invalid packet length"));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_clr(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_clr *clr = bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tcreatorid: %08x", htonl(clr->creatorid)));
|
2012-10-05 07:51:21 +00:00
|
|
|
if (clr->ifname[0] != '\0')
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " interface: %s", clr->ifname));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_state(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
struct pfsync_state *st = (struct pfsync_state *)bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
safeputchar(ndo, '\n');
|
|
|
|
print_state(ndo, st);
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_ins_ack(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_ins_ack *iack = bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x",
|
|
|
|
(uintmax_t)be64toh(iack->id), ntohl(iack->creatorid)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_upd_c(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_upd_c *u = bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x",
|
|
|
|
(uintmax_t)be64toh(u->id), ntohl(u->creatorid)));
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
if (ndo->ndo_vflag > 2) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tTCP? :"));
|
|
|
|
print_src_dst(ndo, &u->src, &u->dst, IPPROTO_TCP);
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_upd_req(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_upd_req *ur = bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x",
|
|
|
|
(uintmax_t)be64toh(ur->id), ntohl(ur->creatorid)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_del_c(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_del_c *d = bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x",
|
|
|
|
(uintmax_t)be64toh(d->id), ntohl(d->creatorid)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_bus(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_bus *b = bp;
|
|
|
|
uint32_t endtime;
|
|
|
|
int min, sec;
|
|
|
|
const char *status;
|
|
|
|
|
|
|
|
endtime = ntohl(b->endtime);
|
|
|
|
sec = endtime % 60;
|
|
|
|
endtime /= 60;
|
|
|
|
min = endtime % 60;
|
|
|
|
endtime /= 60;
|
|
|
|
|
|
|
|
switch (b->status) {
|
|
|
|
case PFSYNC_BUS_START:
|
|
|
|
status = "start";
|
|
|
|
break;
|
|
|
|
case PFSYNC_BUS_END:
|
|
|
|
status = "end";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
status = "UNKNOWN";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tcreatorid: %08x age: %.2u:%.2u:%.2u status: %s",
|
|
|
|
htonl(b->creatorid), endtime, min, sec, status));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
pfsync_print_tdb(netdissect_options *ndo, const void *bp)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
const struct pfsync_tdb *t = bp;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tspi: 0x%08x rpl: %ju cur_bytes: %ju",
|
2012-10-05 07:51:21 +00:00
|
|
|
ntohl(t->spi), (uintmax_t )be64toh(t->rpl),
|
2015-04-24 16:11:22 +00:00
|
|
|
(uintmax_t )be64toh(t->cur_bytes)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
print_host(netdissect_options *ndo, struct pf_addr *addr, uint16_t port,
|
|
|
|
sa_family_t af, const char *proto)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
char buf[48];
|
|
|
|
|
|
|
|
if (inet_ntop(af, addr, buf, sizeof(buf)) == NULL)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "?"));
|
2012-10-05 07:51:21 +00:00
|
|
|
else
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "%s", buf));
|
2012-10-05 07:51:21 +00:00
|
|
|
|
|
|
|
if (port)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, ".%hu", ntohs(port)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
print_seq(netdissect_options *ndo, const struct pfsync_state_peer *p)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
if (p->seqdiff)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "[%u + %u](+%u)", ntohl(p->seqlo),
|
|
|
|
ntohl(p->seqhi) - ntohl(p->seqlo), ntohl(p->seqdiff)));
|
2012-10-05 07:51:21 +00:00
|
|
|
else
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "[%u + %u]", ntohl(p->seqlo),
|
|
|
|
ntohl(p->seqhi) - ntohl(p->seqlo)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
print_src_dst(netdissect_options *ndo, const struct pfsync_state_peer *src,
|
2012-10-05 07:51:21 +00:00
|
|
|
const struct pfsync_state_peer *dst, uint8_t proto)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (proto == IPPROTO_TCP) {
|
|
|
|
if (src->state <= TCPS_TIME_WAIT &&
|
|
|
|
dst->state <= TCPS_TIME_WAIT)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " %s:%s", tcpstates[src->state],
|
|
|
|
tcpstates[dst->state]));
|
2012-10-05 07:51:21 +00:00
|
|
|
else if (src->state == PF_TCPS_PROXY_SRC ||
|
|
|
|
dst->state == PF_TCPS_PROXY_SRC)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " PROXY:SRC"));
|
2012-10-05 07:51:21 +00:00
|
|
|
else if (src->state == PF_TCPS_PROXY_DST ||
|
|
|
|
dst->state == PF_TCPS_PROXY_DST)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " PROXY:DST"));
|
2012-10-05 07:51:21 +00:00
|
|
|
else
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " <BAD STATE LEVELS %u:%u>",
|
|
|
|
src->state, dst->state));
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
if (ndo->ndo_vflag > 1) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\t"));
|
|
|
|
print_seq(ndo, src);
|
2012-10-05 07:51:21 +00:00
|
|
|
if (src->wscale && dst->wscale)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " wscale %u",
|
|
|
|
src->wscale & PF_WSCALE_MASK));
|
|
|
|
ND_PRINT((ndo, " "));
|
|
|
|
print_seq(ndo, dst);
|
2012-10-05 07:51:21 +00:00
|
|
|
if (src->wscale && dst->wscale)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " wscale %u",
|
|
|
|
dst->wscale & PF_WSCALE_MASK));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
} else if (proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
|
|
|
|
dst->state < PFUDPS_NSTATES) {
|
|
|
|
const char *states[] = PFUDPS_NAMES;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " %s:%s", states[src->state], states[dst->state]));
|
2012-10-05 07:51:21 +00:00
|
|
|
} else if (proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES &&
|
|
|
|
dst->state < PFOTHERS_NSTATES) {
|
|
|
|
/* XXX ICMP doesn't really have state levels */
|
|
|
|
const char *states[] = PFOTHERS_NAMES;
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " %s:%s", states[src->state], states[dst->state]));
|
2012-10-05 07:51:21 +00:00
|
|
|
} else {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " %u:%u", src->state, dst->state));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-04-24 16:11:22 +00:00
|
|
|
print_state(netdissect_options *ndo, struct pfsync_state *s)
|
2012-10-05 07:51:21 +00:00
|
|
|
{
|
|
|
|
struct pfsync_state_peer *src, *dst;
|
|
|
|
struct pfsync_state_key *sk, *nk;
|
|
|
|
int min, sec;
|
|
|
|
|
|
|
|
if (s->direction == PF_OUT) {
|
|
|
|
src = &s->src;
|
|
|
|
dst = &s->dst;
|
|
|
|
sk = &s->key[PF_SK_STACK];
|
|
|
|
nk = &s->key[PF_SK_WIRE];
|
|
|
|
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
|
|
|
|
sk->port[0] = nk->port[0];
|
|
|
|
} else {
|
|
|
|
src = &s->dst;
|
|
|
|
dst = &s->src;
|
|
|
|
sk = &s->key[PF_SK_WIRE];
|
|
|
|
nk = &s->key[PF_SK_STACK];
|
|
|
|
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
|
|
|
|
sk->port[1] = nk->port[1];
|
|
|
|
}
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\t%s ", s->ifname));
|
|
|
|
ND_PRINT((ndo, "proto %u ", s->proto));
|
2012-10-05 07:51:21 +00:00
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
print_host(ndo, &nk->addr[1], nk->port[1], s->af, NULL);
|
2012-10-05 07:51:21 +00:00
|
|
|
if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) ||
|
|
|
|
nk->port[1] != sk->port[1]) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " ("));
|
|
|
|
print_host(ndo, &sk->addr[1], sk->port[1], s->af, NULL);
|
|
|
|
ND_PRINT((ndo, ")"));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
if (s->direction == PF_OUT)
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " -> "));
|
2012-10-05 07:51:21 +00:00
|
|
|
else
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " <- "));
|
|
|
|
print_host(ndo, &nk->addr[0], nk->port[0], s->af, NULL);
|
2012-10-05 07:51:21 +00:00
|
|
|
if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) ||
|
|
|
|
nk->port[0] != sk->port[0]) {
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, " ("));
|
|
|
|
print_host(ndo, &sk->addr[0], sk->port[0], s->af, NULL);
|
|
|
|
ND_PRINT((ndo, ")"));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
|
2015-04-24 16:11:22 +00:00
|
|
|
print_src_dst(ndo, src, dst, s->proto);
|
2012-10-05 07:51:21 +00:00
|
|
|
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
if (ndo->ndo_vflag > 1) {
|
2012-10-05 07:51:21 +00:00
|
|
|
uint64_t packets[2];
|
|
|
|
uint64_t bytes[2];
|
|
|
|
uint32_t creation = ntohl(s->creation);
|
|
|
|
uint32_t expire = ntohl(s->expire);
|
|
|
|
|
|
|
|
sec = creation % 60;
|
|
|
|
creation /= 60;
|
|
|
|
min = creation % 60;
|
|
|
|
creation /= 60;
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tage %.2u:%.2u:%.2u", creation, min, sec));
|
2012-10-05 07:51:21 +00:00
|
|
|
sec = expire % 60;
|
|
|
|
expire /= 60;
|
|
|
|
min = expire % 60;
|
|
|
|
expire /= 60;
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, ", expires in %.2u:%.2u:%.2u", expire, min, sec));
|
2012-10-05 07:51:21 +00:00
|
|
|
|
|
|
|
bcopy(s->packets[0], &packets[0], sizeof(uint64_t));
|
|
|
|
bcopy(s->packets[1], &packets[1], sizeof(uint64_t));
|
|
|
|
bcopy(s->bytes[0], &bytes[0], sizeof(uint64_t));
|
|
|
|
bcopy(s->bytes[1], &bytes[1], sizeof(uint64_t));
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, ", %ju:%ju pkts, %ju:%ju bytes",
|
2012-10-05 07:51:21 +00:00
|
|
|
be64toh(packets[0]), be64toh(packets[1]),
|
2015-04-24 16:11:22 +00:00
|
|
|
be64toh(bytes[0]), be64toh(bytes[1])));
|
2012-10-05 07:51:21 +00:00
|
|
|
if (s->anchor != ntohl(-1))
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, ", anchor %u", ntohl(s->anchor)));
|
2012-10-05 07:51:21 +00:00
|
|
|
if (s->rule != ntohl(-1))
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, ", rule %u", ntohl(s->rule)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
|
|
|
if (ndo->ndo_vflag > 1) {
|
2012-10-05 07:51:21 +00:00
|
|
|
uint64_t id;
|
|
|
|
|
|
|
|
bcopy(&s->id, &id, sizeof(uint64_t));
|
2015-04-24 16:11:22 +00:00
|
|
|
ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x",
|
|
|
|
(uintmax_t )be64toh(id), ntohl(s->creatorid)));
|
2012-10-05 07:51:21 +00:00
|
|
|
}
|
|
|
|
}
|