]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-isakmp.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
travis: try removing the matrix: clause and putting back the Coverity stuff.
[tcpdump] / print-isakmp.c
diff --git a/print-isakmp.c b/print-isakmp.c
index 0acab5a3e8a737b38d6b00d9bb8543a2f6c40b5e..b3854d15f93d58da53e11dcc166026294d8e7bb9 100644 (file)
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -47,6 +47,8 @@
 
 #include <string.h>
 
+#include "netdissect-ctype.h"
+
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -635,8 +637,8 @@ ikev1_print(netdissect_options *ndo,
 #define MAXINITIATORS  20
 static int ninitiator = 0;
 union inaddr_u {
-       struct in_addr in4;
-       struct in6_addr in6;
+       nd_ipv4 in4;
+       nd_ipv6 in6;
 };
 static struct {
        cookie_t initiator;
@@ -1390,7 +1392,7 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
                        if (len < 4)
                                ND_PRINT(" len=%u [bad: < 4]", len);
                        else
-                               ND_PRINT(" len=%u %s", len, ipaddr_string(ndo, data));
+                               ND_PRINT(" len=%u %s", len, GET_IPADDR_STRING(data));
                        len = 0;
                        break;
                case IPSECDOI_ID_FQDN:
@@ -1411,7 +1413,7 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
                        else {
                                mask = data + sizeof(nd_ipv4);
                                ND_PRINT(" len=%u %s/%u.%u.%u.%u", len,
-                                         ipaddr_string(ndo, data),
+                                         GET_IPADDR_STRING(data),
                                          GET_U_1(mask), GET_U_1(mask + 1),
                                          GET_U_1(mask + 2),
                                          GET_U_1(mask + 3));
@@ -1423,7 +1425,7 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
                        if (len < 16)
                                ND_PRINT(" len=%u [bad: < 16]", len);
                        else
-                               ND_PRINT(" len=%u %s", len, ip6addr_string(ndo, data));
+                               ND_PRINT(" len=%u %s", len, GET_IP6ADDR_STRING(data));
                        len = 0;
                        break;
                case IPSECDOI_ID_IPV6_ADDR_SUBNET:
@@ -1435,7 +1437,7 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
                                mask = (const u_char *)(data + sizeof(nd_ipv6));
                                /*XXX*/
                                ND_PRINT(" len=%u %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", len,
-                                         ip6addr_string(ndo, data),
+                                         GET_IP6ADDR_STRING(data),
                                          GET_U_1(mask), GET_U_1(mask + 1),
                                          GET_U_1(mask + 2),
                                          GET_U_1(mask + 3),
@@ -1460,8 +1462,8 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
                                ND_PRINT(" len=%u [bad: < 8]", len);
                        else {
                                ND_PRINT(" len=%u %s-%s", len,
-                                         ipaddr_string(ndo, data),
-                                         ipaddr_string(ndo, data + sizeof(nd_ipv4)));
+                                         GET_IPADDR_STRING(data),
+                                         GET_IPADDR_STRING(data + sizeof(nd_ipv4)));
                        }
                        len = 0;
                        break;
@@ -1470,8 +1472,8 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
                                ND_PRINT(" len=%u [bad: < 32]", len);
                        else {
                                ND_PRINT(" len=%u %s-%s", len,
-                                         ip6addr_string(ndo, data),
-                                         ip6addr_string(ndo, data + sizeof(nd_ipv6)));
+                                         GET_IP6ADDR_STRING(data),
+                                         GET_IP6ADDR_STRING(data + sizeof(nd_ipv6)));
                        }
                        len = 0;
                        break;
@@ -2267,7 +2269,7 @@ ikev2_ID_print(netdissect_options *ndo, u_char tpay,
        if(dumpascii) {
                ND_TCHECK_LEN(typedata, idtype_len);
                for(i=0; i<idtype_len; i++) {
-                       if(ND_ISPRINT(GET_U_1(typedata + i))) {
+                       if(ND_ASCII_ISPRINT(GET_U_1(typedata + i))) {
                                ND_PRINT("%c", GET_U_1(typedata + i));
                        } else {
                                ND_PRINT(".");
@@ -2610,7 +2612,7 @@ ikev2_vid_print(netdissect_options *ndo, u_char tpay,
        len = item_len - 4;
        ND_TCHECK_LEN(vid, len);
        for(i=0; i<len; i++) {
-               if(ND_ISPRINT(GET_U_1(vid + i)))
+               if(ND_ASCII_ISPRINT(GET_U_1(vid + i)))
                        ND_PRINT("%c", GET_U_1(vid + i));
                else ND_PRINT(".");
        }
@@ -2687,7 +2689,7 @@ ikev2_e_print(netdissect_options *ndo,
        np = GET_U_1(ext->np);
 
        /* try to decrypt it! */
-       if(esp_print_decrypt_buffer_by_ikev2(ndo,
+       if(esp_decrypt_buffer_by_ikev2_print(ndo,
                                             GET_U_1(base->flags) & ISAKMP_FLAG_I,
                                             base->i_ck, base->r_ck,
                                             dat, dat+dlen)) {
@@ -2697,6 +2699,13 @@ ikev2_e_print(netdissect_options *ndo,
                /* got it decrypted, print stuff inside. */
                ikev2_sub_print(ndo, base, np, ext,
                                ndo->ndo_snapend, phase, doi, proto, depth+1);
+
+               /*
+                * esp_decrypt_buffer_by_ikev2_print pushed information
+                * on the buffer stack; we're done with the buffer, so
+                * pop it (which frees the buffer)
+                */
+               nd_pop_packet_info(ndo);
        }
 #endif
 
@@ -2813,7 +2822,7 @@ static char *
 numstr(u_int x)
 {
        static char buf[20];
-       nd_snprintf(buf, sizeof(buf), "#%u", x);
+       snprintf(buf, sizeof(buf), "#%u", x);
        return buf;
 }
 
@@ -3050,7 +3059,7 @@ isakmp_print(netdissect_options *ndo,
        /* initialize SAs */
        if (ndo->ndo_sa_list_head == NULL) {
                if (ndo->ndo_espsecret)
-                       esp_print_decodesecret(ndo);
+                       esp_decodesecret_print(ndo);
        }
 #endif
 
@@ -3124,20 +3133,16 @@ isakmp_rfc3948_print(netdissect_options *ndo,
 
        /* must be an ESP packet */
        {
-               u_int nh, enh, padlen;
-               int advance;
-
                ND_PRINT("UDP-encap: ");
 
-               advance = esp_print(ndo, bp, length, bp2, &enh, &padlen);
-               if(advance <= 0)
-                       return;
-
-               bp += advance;
-               length -= advance + padlen;
-               nh = enh & 0xff;
+               esp_print(ndo, bp, length, bp2, ver, fragmented, ttl_hl);
 
-               ip_print_demux(ndo, bp, length, ver, fragmented, ttl_hl, nh, bp2);
+               /*
+                * Either this has decrypted the payload and
+                * printed it, in which case there's nothing more
+                * to do, or it hasn't, in which case there's
+                * nothing more to do.
+                */
                return;
        }
 
[mirror] the TCPdump network dissector