#endif
#include "netdissect.h"
-#include "strtoaddr.h"
#include "extract.h"
+#include "diag-control.h"
+
+#ifdef HAVE_LIBCRYPTO
+#include "strtoaddr.h"
#include "ascii_strcasecmp.h"
+#endif
#include "ip.h"
#include "ip6.h"
* we can't decrypt on top of the input buffer.
*/
ptlen = ctlen;
- pt = (u_char *)malloc(ptlen);
+ pt = (u_char *)calloc(1, ptlen);
if (pt == NULL) {
EVP_CIPHER_CTX_free(ctx);
(*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
* dissecting anything in it and before it does any dissection of
* anything in the old buffer. That will free the new buffer.
*/
-USES_APPLE_DEPRECATED_API
-int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
+DIAG_OFF_DEPRECATION
+int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo,
int initiator,
const u_char spii[8],
const u_char spir[8],
if(end <= ct) return 0;
- pt = do_decrypt(ndo, "esp_print_decrypt_buffer_by_ikev2", sa, iv,
+ pt = do_decrypt(ndo, __func__, sa, iv,
ct, ctlen);
if (pt == NULL)
return 0;
* on the buffer stack so it can be freed; our caller must
* pop it when done.
*/
- if (!nd_push_buffer(ndo, pt, pt, pt + ctlen)) {
+ if (!nd_push_buffer(ndo, pt, pt, ctlen)) {
free(pt);
- return 0;
+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+ "%s: can't push buffer on buffer stack", __func__);
}
return 1;
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
static void esp_print_addsa(netdissect_options *ndo,
- struct sa_list *sa, int sa_def)
+ const struct sa_list *sa, int sa_def)
{
/* copy the "sa" */
nsa = (struct sa_list *)malloc(sizeof(struct sa_list));
if (nsa == NULL)
(*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
- "esp_print_addsa: malloc");
+ "%s: malloc", __func__);
*nsa = *sa;
/*
* returns size of binary, 0 on failure.
*/
-static
-int espprint_decode_hex(netdissect_options *ndo,
- u_char *binbuf, unsigned int binbuf_len,
- char *hex)
+static int
+espprint_decode_hex(netdissect_options *ndo,
+ u_char *binbuf, unsigned int binbuf_len, char *hex)
{
unsigned int len;
int i;
* decode the form: SPINUM@IP <tab> ALGONAME:0xsecret
*/
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
static int
espprint_decode_encalgo(netdissect_options *ndo,
char *decode, struct sa_list *sa)
return 1;
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
/*
* for the moment, ignore the auth algorithm, just hard code the authenticator
secretfile = fopen(filename, FOPEN_READ_TXT);
if (secretfile == NULL) {
(*ndo->ndo_error)(ndo, S_ERR_ND_OPEN_FILE,
- "print_esp: can't open %s: %s\n",
- filename, strerror(errno));
+ "%s: can't open %s: %s\n",
+ __func__, filename, strerror(errno));
}
while (fgets(fileline, sizeof(fileline)-1, secretfile) != NULL) {
esp_print_addsa(ndo, &sa1, sa_def);
}
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
static void esp_init(netdissect_options *ndo _U_)
{
/*
#endif
EVP_add_cipher_alias(SN_des_ede3_cbc, "3des");
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
-void esp_print_decodesecret(netdissect_options *ndo)
+void esp_decodesecret_print(netdissect_options *ndo)
{
char *line;
char *p;
#endif
#ifdef HAVE_LIBCRYPTO
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
#endif
void
esp_print(netdissect_options *ndo,
ND_PRINT(", length %u", length);
#ifdef HAVE_LIBCRYPTO
- /* initiailize SAs */
+ /* initialize SAs */
if (ndo->ndo_sa_list_head == NULL) {
if (!ndo->ndo_espsecret)
return;
- esp_print_decodesecret(ndo);
+ esp_decodesecret_print(ndo);
}
if (ndo->ndo_sa_list_head == NULL)
return;
}
- pt = do_decrypt(ndo, "esp_print", sa, iv, ct, payloadlen);
+ pt = do_decrypt(ndo, __func__, sa, iv, ct, payloadlen);
if (pt == NULL)
return;
* Switch to the output buffer for dissection, and
* save it on the buffer stack so it can be freed.
*/
- ep = pt + payloadlen;
- if (!nd_push_buffer(ndo, pt, pt, ep)) {
+ if (!nd_push_buffer(ndo, pt, pt, payloadlen)) {
free(pt);
(*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
- "esp_print: can't push buffer on buffer stack");
+ "%s: can't push buffer on buffer stack", __func__);
}
/*
* it was not decrypted with the correct key, so that the
* "plaintext" is not what was being sent.
*/
- padlen = GET_U_1(ep - 2);
+ padlen = GET_U_1(pt + payloadlen - 2);
if (padlen + 2 > payloadlen) {
nd_print_trunc(ndo);
return;
}
/* Get the next header */
- nh = GET_U_1(ep - 1);
+ nh = GET_U_1(pt + payloadlen - 1);
ND_PRINT(": ");
+ /*
+ * Don't put padding + padding length(1 byte) + next header(1 byte)
+ * in the buffer because they are not part of the plaintext to decode.
+ */
+ if (!nd_push_snaplen(ndo, pt, payloadlen - (padlen + 2))) {
+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+ "%s: can't push snaplen on buffer stack", __func__);
+ }
+
/* Now dissect the plaintext. */
- ip_print_demux(ndo, pt, payloadlen - (padlen + 2), ver, fragmented,
- ttl_hl, nh, bp2);
+ ip_demux_print(ndo, pt, payloadlen - (padlen + 2), ver, fragmented,
+ ttl_hl, nh, bp2);
/* Pop the buffer, freeing it. */
nd_pop_packet_info(ndo);
+ /* Pop the nd_push_snaplen */
+ nd_pop_packet_info(ndo);
#endif
}
#ifdef HAVE_LIBCRYPTO
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
#endif
projects / tcpdump / blobdiff