#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.117 2004-07-15 00:13:01 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.119 2004-12-27 00:41:31 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include <tcpdump-stdinc.h>
-#include <rpc/rpc.h>
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "ip6.h"
#endif
#include "ipproto.h"
+#include "rpc_auth.h"
+#include "rpc_msg.h"
#include "nameser.h"
#ifdef HAVE_LIBCRYPTO
#include <openssl/md5.h>
+#define SIGNATURE_VALID 0
+#define SIGNATURE_INVALID 1
+#define CANT_CHECK_SIGNATURE 2
+
static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
const u_char *data, int length, const u_char *rcvsig);
#endif
* to NFS print routines.
*/
if (!qflag && hlen >= sizeof(*tp) && hlen <= length) {
- if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend &&
+ if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend &&
dport == NFS_PORT) {
nfsreq_print((u_char *)tp + hlen + 4, length - hlen,
(u_char *)ip);
return;
- } else if ((u_char *)tp + 4 + sizeof(struct rpc_msg)
+ } else if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg)
<= snapend &&
sport == NFS_PORT) {
nfsreply_print((u_char *)tp + hlen + 4, length - hlen,
datalen = TCP_SIGLEN;
LENCHECK(datalen);
#ifdef HAVE_LIBCRYPTO
- if (tcp_verify_signature(ip, tp,
- bp + TH_OFF(tp) * 4, length, cp) == 0)
+ switch (tcp_verify_signature(ip, tp,
+ bp + TH_OFF(tp) * 4, length, cp)) {
+
+ case SIGNATURE_VALID:
(void)printf("valid");
- else
+ break;
+
+ case SIGNATURE_INVALID:
(void)printf("invalid");
+ break;
+
+ case CANT_CHECK_SIGNATURE:
+ (void)printf("can't check - ");
+ for (i = 0; i < TCP_SIGLEN; ++i)
+ (void)printf("%02x", cp[i]);
+ break;
+ }
#else
for (i = 0; i < TCP_SIGLEN; ++i)
(void)printf("%02x", cp[i]);
char zero_proto = 0;
MD5_CTX ctx;
u_int16_t savecsum, tlen;
+#ifdef INET6
struct ip6_hdr *ip6;
+#endif
u_int32_t len32;
u_int8_t nxt;
tp1 = *tp;
if (tcpmd5secret == NULL)
- return (-1);
+ return (CANT_CHECK_SIGNATURE);
MD5_Init(&ctx);
/*
tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
tlen = htons(tlen);
MD5_Update(&ctx, (char *)&tlen, sizeof(tlen));
+#ifdef INET6
} else if (IP_V(ip) == 6) {
ip6 = (struct ip6_hdr *)ip;
MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
nxt = IPPROTO_TCP;
MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+#endif
} else
- return (-1);
+ return (CANT_CHECK_SIGNATURE);
/*
* Step 2: Update MD5 hash with TCP header, excluding options.
MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
MD5_Final(sig, &ctx);
- return (memcmp(rcvsig, sig, 16));
+ if (memcmp(rcvsig, sig, 16))
+ return (SIGNATURE_VALID);
+ else
+ return (SIGNATURE_INVALID);
}
#endif /* HAVE_LIBCRYPTO */
projects / tcpdump / blobdiff