do not use gcc-ism for macro, instead abuse C-syntax

[tcpdump] / print-tcp.c
diff --git a/print-tcp.c b/print-tcp.c

index aa9217c44cc9329740fc988a0b5b20c542c7c257..86195a856086405f0ae1c78da8f3f3f7c76e41e7 100644 (file)
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -20,8 +20,8 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.101 2002-08-20 00:17:23 hannes Exp $ (LBL)";
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.112 2004-04-05 00:12:54 mcr Exp $ (LBL)";
  #endif
  
  #ifdef HAVE_CONFIG_H
  #endif
  
  #ifdef HAVE_CONFIG_H
@@ -46,9 +46,17 @@ static const char rcsid[] =
  #ifdef INET6
  #include "ip6.h"
  #endif
  #ifdef INET6
  #include "ip6.h"
  #endif
+#include "ipproto.h"
  
  #include "nameser.h"
  
  
  #include "nameser.h"
  
+#ifdef HAVE_LIBCRYPTO
+#include <openssl/md5.h>
+
+static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
+    const u_char *data, int length, const u_char *rcvsig);
+#endif
+
  static void print_tcp_rst_data(register const u_char *sp, u_int length);
  
  #define MAX_RST_DATA_LEN       30
  static void print_tcp_rst_data(register const u_char *sp, u_int length);
  
  #define MAX_RST_DATA_LEN       30
@@ -99,7 +107,7 @@ static struct tcp_seq_hash tcp_seq_hash[TSEQ_HASHSIZE];
  
  static int tcp_cksum(register const struct ip *ip,
                      register const struct tcphdr *tp,
  
  static int tcp_cksum(register const struct ip *ip,
                      register const struct tcphdr *tp,
-                    register int len)
+                    register u_int len)
  {
         union phu {
                 struct phdr {
  {
         union phu {
                 struct phdr {
@@ -114,7 +122,7 @@ static int tcp_cksum(register const struct ip *ip,
         const u_int16_t *sp;
  
         /* pseudo-header.. */
         const u_int16_t *sp;
  
         /* pseudo-header.. */
-       phu.ph.len = htons(len);        /* XXX */
+       phu.ph.len = htons((u_int16_t)len);
         phu.ph.mbz = 0;
         phu.ph.proto = IPPROTO_TCP;
         memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t));
         phu.ph.mbz = 0;
         phu.ph.proto = IPPROTO_TCP;
         memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t));
@@ -130,9 +138,9 @@ static int tcp_cksum(register const struct ip *ip,
  
  #ifdef INET6
  static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
  
  #ifdef INET6
  static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
-       int len)
+       u_int len)
  {
  {
-       int i, tlen;
+       size_t i;
         register const u_int16_t *sp;
         u_int32_t sum;
         union {
         register const u_int16_t *sp;
         u_int32_t sum;
         union {
@@ -146,14 +154,11 @@ static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
                 u_int16_t pa[20];
         } phu;
  
                 u_int16_t pa[20];
         } phu;
  
-       tlen = ntohs(ip6->ip6_plen) + sizeof(struct ip6_hdr) -
-           ((const char *)tp - (const char*)ip6);
-
         /* pseudo-header */
         memset(&phu, 0, sizeof(phu));
         phu.ph.ph_src = ip6->ip6_src;
         phu.ph.ph_dst = ip6->ip6_dst;
         /* pseudo-header */
         memset(&phu, 0, sizeof(phu));
         phu.ph.ph_src = ip6->ip6_src;
         phu.ph.ph_dst = ip6->ip6_dst;
-       phu.ph.ph_len = htonl(tlen);
+       phu.ph.ph_len = htonl(len);
         phu.ph.ph_nxt = IPPROTO_TCP;
  
         sum = 0;
         phu.ph.ph_nxt = IPPROTO_TCP;
  
         sum = 0;
@@ -162,10 +167,10 @@ static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
  
         sp = (const u_int16_t *)tp;
  
  
         sp = (const u_int16_t *)tp;
  
-       for (i = 0; i < (tlen & ~1); i += 2)
+       for (i = 0; i < (len & ~1); i += 2)
                 sum += *sp++;
  
                 sum += *sp++;
  
-       if (tlen & 1)
+       if (len & 1)
                 sum += htons((*(const u_int8_t *)sp) << 8);
  
         while (sum > 0xffff)
                 sum += htons((*(const u_int8_t *)sp) << 8);
  
         while (sum > 0xffff)
@@ -183,7 +188,7 @@ tcp_print(register const u_char *bp, register u_int length,
         register const struct tcphdr *tp;
         register const struct ip *ip;
         register u_char flags;
         register const struct tcphdr *tp;
         register const struct ip *ip;
         register u_char flags;
-       register int hlen;
+       register u_int hlen;
         register char ch;
         u_int16_t sport, dport, win, urp;
         u_int32_t seq, ack, thseq, thack;
         register char ch;
         u_int16_t sport, dport, win, urp;
         u_int32_t seq, ack, thseq, thack;
@@ -208,8 +213,8 @@ tcp_print(register const u_char *bp, register u_int length,
                 return;
         }
  
                 return;
         }
  
-       sport = ntohs(tp->th_sport);
-       dport = ntohs(tp->th_dport);
+       sport = EXTRACT_16BITS(&tp->th_sport);
+       dport = EXTRACT_16BITS(&tp->th_dport);
  
         hlen = TH_OFF(tp) * 4;
  
  
         hlen = TH_OFF(tp) * 4;
  
@@ -261,10 +266,10 @@ tcp_print(register const u_char *bp, register u_int length,
  
         TCHECK(*tp);
  
  
         TCHECK(*tp);
  
-       seq = (u_int32_t)ntohl(tp->th_seq);
-       ack = (u_int32_t)ntohl(tp->th_ack);
-       win = ntohs(tp->th_win);
-       urp = ntohs(tp->th_urp);
+       seq = EXTRACT_32BITS(&tp->th_seq);
+       ack = EXTRACT_32BITS(&tp->th_ack);
+       win = EXTRACT_16BITS(&tp->th_win);
+       urp = EXTRACT_16BITS(&tp->th_urp);
  
         if (qflag) {
                 (void)printf("tcp %d", length - TH_OFF(tp) * 4);
  
         if (qflag) {
                 (void)printf("tcp %d", length - TH_OFF(tp) * 4);
@@ -289,6 +294,7 @@ tcp_print(register const u_char *bp, register u_int length,
  
         if (!Sflag && (flags & TH_ACK)) {
                 register struct tcp_seq_hash *th;
  
         if (!Sflag && (flags & TH_ACK)) {
                 register struct tcp_seq_hash *th;
+               const void *src, *dst;
                 register int rev;
                 struct tha tha;
                 /*
                 register int rev;
                 struct tha tha;
                 /*
@@ -301,63 +307,68 @@ tcp_print(register const u_char *bp, register u_int length,
                 memset(&tha, 0, sizeof(tha));
                 rev = 0;
                 if (ip6) {
                 memset(&tha, 0, sizeof(tha));
                 rev = 0;
                 if (ip6) {
+                       src = &ip6->ip6_src;
+                       dst = &ip6->ip6_dst;
                         if (sport > dport)
                                 rev = 1;
                         else if (sport == dport) {
                         if (sport > dport)
                                 rev = 1;
                         else if (sport == dport) {
-                               int i;
-
-                               for (i = 0; i < 4; i++) {
-                                       if (((u_int32_t *)(&ip6->ip6_src))[i] >
-                                           ((u_int32_t *)(&ip6->ip6_dst))[i]) {
-                                               rev = 1;
-                                               break;
-                                       }
-                               }
+                               if (memcmp(src, dst, sizeof ip6->ip6_dst) > 0)
+                                       rev = 1;
                         }
                         if (rev) {
                         }
                         if (rev) {
-                               tha.src = ip6->ip6_dst;
-                               tha.dst = ip6->ip6_src;
+                               memcpy(&tha.src, dst, sizeof ip6->ip6_dst);
+                               memcpy(&tha.dst, src, sizeof ip6->ip6_src);
                                 tha.port = dport << 16 | sport;
                         } else {
                                 tha.port = dport << 16 | sport;
                         } else {
-                               tha.dst = ip6->ip6_dst;
-                               tha.src = ip6->ip6_src;
+                               memcpy(&tha.dst, dst, sizeof ip6->ip6_dst);
+                               memcpy(&tha.src, src, sizeof ip6->ip6_src);
                                 tha.port = sport << 16 | dport;
                         }
                 } else {
                                 tha.port = sport << 16 | dport;
                         }
                 } else {
-                       if (sport > dport ||
-                           (sport == dport &&
-                            ip->ip_src.s_addr > ip->ip_dst.s_addr)) {
+                       src = &ip->ip_src;
+                       dst = &ip->ip_dst;
+                       if (sport > dport)
                                 rev = 1;
                                 rev = 1;
+                       else if (sport == dport) {
+                               if (memcmp(src, dst, sizeof ip->ip_dst) > 0)
+                                       rev = 1;
                         }
                         if (rev) {
                         }
                         if (rev) {
-                               *(struct in_addr *)&tha.src = ip->ip_dst;
-                               *(struct in_addr *)&tha.dst = ip->ip_src;
+                               memcpy(&tha.src, dst, sizeof ip->ip_dst);
+                               memcpy(&tha.dst, src, sizeof ip->ip_src);
                                 tha.port = dport << 16 | sport;
                         } else {
                                 tha.port = dport << 16 | sport;
                         } else {
-                               *(struct in_addr *)&tha.dst = ip->ip_dst;
-                               *(struct in_addr *)&tha.src = ip->ip_src;
+                               memcpy(&tha.dst, dst, sizeof ip->ip_dst);
+                               memcpy(&tha.src, src, sizeof ip->ip_src);
                                 tha.port = sport << 16 | dport;
                         }
                 }
  #else
                                 tha.port = sport << 16 | dport;
                         }
                 }
  #else
-               if (sport < dport ||
-                   (sport == dport &&
-                    ip->ip_src.s_addr < ip->ip_dst.s_addr)) {
-                       tha.src = ip->ip_src, tha.dst = ip->ip_dst;
-                       tha.port = sport << 16 | dport;
-                       rev = 0;
-               } else {
-                       tha.src = ip->ip_dst, tha.dst = ip->ip_src;
-                       tha.port = dport << 16 | sport;
+               rev = 0;
+               src = &ip->ip_src;
+               dst = &ip->ip_dst;
+               if (sport > dport)
                         rev = 1;
                         rev = 1;
+               else if (sport == dport) {
+                       if (memcmp(src, dst, sizeof ip->ip_dst) > 0)
+                               rev = 1;
+               }
+               if (rev) {
+                       memcpy(&tha.src, dst, sizeof ip->ip_dst);
+                       memcpy(&tha.dst, src, sizeof ip->ip_src);
+                       tha.port = dport << 16 | sport;
+               } else {
+                       memcpy(&tha.dst, dst, sizeof ip->ip_dst);
+                       memcpy(&tha.src, src, sizeof ip->ip_src);
+                       tha.port = sport << 16 | dport;
                 }
  #endif
  
                 threv = rev;
                 for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];
                      th->nxt; th = th->nxt)
                 }
  #endif
  
                 threv = rev;
                 for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];
                      th->nxt; th = th->nxt)
-                       if (!memcmp((char *)&tha, (char *)&th->addr,
-                                 sizeof(th->addr)))
+                       if (memcmp((char *)&tha, (char *)&th->addr,
+                                 sizeof(th->addr)) == 0)
                                 break;
  
                 if (!th->nxt || (flags & TH_SYN)) {
                                 break;
  
                 if (!th->nxt || (flags & TH_SYN)) {
@@ -396,7 +407,7 @@ tcp_print(register const u_char *bp, register u_int length,
                 if (TTEST2(tp->th_sport, length)) {
                         sum = tcp_cksum(ip, tp, length);
                         if (sum != 0) {
                 if (TTEST2(tp->th_sport, length)) {
                         sum = tcp_cksum(ip, tp, length);
                         if (sum != 0) {
-                               tcp_sum = ntohs(tp->th_sum);
+                               tcp_sum = EXTRACT_16BITS(&tp->th_sum);
                                 (void)printf(" [bad tcp cksum %x (->%x)!]",
                                     tcp_sum, in_cksum_shouldbe(tcp_sum, sum));
                         } else
                                 (void)printf(" [bad tcp cksum %x (->%x)!]",
                                     tcp_sum, in_cksum_shouldbe(tcp_sum, sum));
                         } else
@@ -429,10 +440,12 @@ tcp_print(register const u_char *bp, register u_int length,
         /*
          * Handle any options.
          */
         /*
          * Handle any options.
          */
-       if ((hlen -= sizeof(*tp)) > 0) {
+       if (hlen > sizeof(*tp)) {
                 register const u_char *cp;
                 register const u_char *cp;
-               register int i, opt, len, datalen;
+               register u_int i, opt, datalen;
+               register u_int len;
  
  
+               hlen -= sizeof(*tp);
                 cp = (const u_char *)tp + sizeof(*tp);
                 putchar(' ');
                 ch = '<';
                 cp = (const u_char *)tp + sizeof(*tp);
                 putchar(' ');
                 ch = '<';
@@ -555,8 +568,28 @@ tcp_print(register const u_char *bp, register u_int length,
                                 (void)printf(" %u", EXTRACT_32BITS(cp));
                                 break;
  
                                 (void)printf(" %u", EXTRACT_32BITS(cp));
                                 break;
  
+                       case TCPOPT_SIGNATURE:
+                               (void)printf("md5:");
+                               if (IP_V(ip) != 4) {
+                                       (void)printf("!ipv4");
+                                       break;
+                               }
+                               datalen = TCP_SIGLEN;
+                               LENCHECK(datalen);
+#ifdef HAVE_LIBCRYPTO
+                               if (tcp_verify_signature(ip, tp,
+                                   bp + TH_OFF(tp) * 4, length, cp) == 0)
+                                       (void)printf("valid");
+                               else
+                                       (void)printf("invalid");
+#else
+                               for (i = 0; i < TCP_SIGLEN; ++i)
+                                       (void)printf("%02x", cp[i]);
+#endif
+                               break;
+
                         default:
                         default:
-                               (void)printf("opt-%d:", opt);
+                               (void)printf("opt-%u:", opt);
                                 datalen = len - 2;
                                 for (i = 0; i < datalen; ++i) {
                                         LENCHECK(i);
                                 datalen = len - 2;
                                 for (i = 0; i < datalen; ++i) {
                                         LENCHECK(i);
@@ -599,7 +632,7 @@ tcp_print(register const u_char *bp, register u_int length,
                 } else if (sport == BGP_PORT || dport == BGP_PORT)
                         bgp_print(bp, length);
                 else if (sport == PPTP_PORT || dport == PPTP_PORT)
                 } else if (sport == BGP_PORT || dport == BGP_PORT)
                         bgp_print(bp, length);
                 else if (sport == PPTP_PORT || dport == PPTP_PORT)
-                       pptp_print(bp, length);
+                       pptp_print(bp);
  #ifdef TCPDUMP_DO_SMB
                 else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT)
                         nbt_tcp_print(bp, length);
  #ifdef TCPDUMP_DO_SMB
                 else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT)
                         nbt_tcp_print(bp, length);
@@ -613,7 +646,7 @@ tcp_print(register const u_char *bp, register u_int length,
                          * TCP DNS query has 2byte length at the head.
                          * XXX packet could be unaligned, it can go strange
                          */
                          * TCP DNS query has 2byte length at the head.
                          * XXX packet could be unaligned, it can go strange
                          */
-                       ns_print(bp + 2, length - 2);
+                       ns_print(bp + 2, length - 2, 0);
                 } else if (sport == MSDP_PORT || dport == MSDP_PORT) {
                         msdp_print(bp, length);
                 }
                 } else if (sport == MSDP_PORT || dport == MSDP_PORT) {
                         msdp_print(bp, length);
                 }
@@ -667,3 +700,54 @@ print_tcp_rst_data(register const u_char *sp, u_int length)
         }
         putchar(']');
  }
         }
         putchar(']');
  }
+
+#ifdef HAVE_LIBCRYPTO
+static int
+tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
+    const u_char *data, int length, const u_char *rcvsig)
+{
+        struct tcphdr tp1;
+       char sig[TCP_SIGLEN];
+       char zero_proto = 0;
+       MD5_CTX ctx;
+       u_short savecsum, tlen;
+
+       tp1 = *tp;
+
+       if (tcpmd5secret == NULL)
+               return (-1);
+
+       MD5_Init(&ctx);
+       /*
+        * Step 1: Update MD5 hash with IP pseudo-header.
+        */
+       MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src));
+       MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst));
+       MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto));
+       MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p));
+       tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
+       tlen = htons(tlen);
+       MD5_Update(&ctx, (char *)&tlen, sizeof(tlen));
+
+       /*
+        * Step 2: Update MD5 hash with TCP header, excluding options.
+        * The TCP checksum must be set to zero.
+        */
+       savecsum = tp1.th_sum;
+       tp1.th_sum = 0;
+       MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr));
+       tp1.th_sum = savecsum;
+       /*
+        * Step 3: Update MD5 hash with TCP segment data, if present.
+        */
+       if (length > 0)
+               MD5_Update(&ctx, data, length);
+       /*
+        * Step 4: Update MD5 hash with shared secret.
+        */
+       MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
+       MD5_Final(sig, &ctx);
+
+       return (memcmp(rcvsig, sig, 16));
+}
+#endif /* HAVE_LIBCRYPTO */