Squelch some alignment warnings.

[tcpdump] / print-tcp.c
diff --git a/print-tcp.c b/print-tcp.c

index 35b18492f8cb018c08cd8e5cb4f5e1b62ca15a60..c9b50feedb1570932c55003fec9052e340d660e3 100644 (file)
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -129,7 +129,7 @@ static const struct tok tcp_option_values[] = {
          { TCPOPT_SIGNATURE, "md5" },
          { TCPOPT_SCPS, "scps" },
          { TCPOPT_UTO, "uto" },
          { TCPOPT_SIGNATURE, "md5" },
          { TCPOPT_SCPS, "scps" },
          { TCPOPT_UTO, "uto" },
-        { TCPOPT_AUTH, "enhanced auth" },
+        { TCPOPT_TCPAO, "tcp-ao" },
          { TCPOPT_MPTCP, "mptcp" },
          { TCPOPT_FASTOPEN, "tfo" },
          { TCPOPT_EXPERIMENT2, "exp" },
          { TCPOPT_MPTCP, "mptcp" },
          { TCPOPT_FASTOPEN, "tfo" },
          { TCPOPT_EXPERIMENT2, "exp" },
@@ -190,8 +190,6 @@ tcp_print(netdissect_options *ndo,
          sport = EXTRACT_16BITS(&tp->th_sport);
          dport = EXTRACT_16BITS(&tp->th_dport);
  
          sport = EXTRACT_16BITS(&tp->th_sport);
          dport = EXTRACT_16BITS(&tp->th_dport);
  
-        hlen = TH_OFF(tp) * 4;
-
          if (ip6) {
                  if (ip6->ip6_nxt == IPPROTO_TCP) {
                          ND_PRINT((ndo, "%s.%s > %s.%s: ",
          if (ip6) {
                  if (ip6->ip6_nxt == IPPROTO_TCP) {
                          ND_PRINT((ndo, "%s.%s > %s.%s: ",
@@ -216,14 +214,16 @@ tcp_print(netdissect_options *ndo,
                  }
          }
  
                  }
          }
  
+        ND_TCHECK(*tp);
+
+        hlen = TH_OFF(tp) * 4;
+
          if (hlen < sizeof(*tp)) {
                  ND_PRINT((ndo, " tcp %d [bad hdr length %u - too short, < %lu]",
                               length - hlen, hlen, (unsigned long)sizeof(*tp)));
                  return;
          }
  
          if (hlen < sizeof(*tp)) {
                  ND_PRINT((ndo, " tcp %d [bad hdr length %u - too short, < %lu]",
                               length - hlen, hlen, (unsigned long)sizeof(*tp)));
                  return;
          }
  
-        ND_TCHECK(*tp);
-
          seq = EXTRACT_32BITS(&tp->th_seq);
          ack = EXTRACT_32BITS(&tp->th_ack);
          win = EXTRACT_16BITS(&tp->th_win);
          seq = EXTRACT_32BITS(&tp->th_seq);
          ack = EXTRACT_32BITS(&tp->th_ack);
          win = EXTRACT_16BITS(&tp->th_win);
@@ -252,12 +252,12 @@ tcp_print(netdissect_options *ndo,
                  if (ip6) {
                          register struct tcp_seq_hash6 *th;
                          struct tcp_seq_hash6 *tcp_seq_hash;
                  if (ip6) {
                          register struct tcp_seq_hash6 *th;
                          struct tcp_seq_hash6 *tcp_seq_hash;
-                        const struct in6_addr *src, *dst;
+                        const void *src, *dst;
                          struct tha6 tha;
  
                          tcp_seq_hash = tcp_seq_hash6;
                          struct tha6 tha;
  
                          tcp_seq_hash = tcp_seq_hash6;
-                        src = &ip6->ip6_src;
-                        dst = &ip6->ip6_dst;
+                        src = (const void *)&ip6->ip6_src;
+                        dst = (const void *)&ip6->ip6_dst;
                          if (sport > dport)
                                  rev = 1;
                          else if (sport == dport) {
                          if (sport > dport)
                                  rev = 1;
                          else if (sport == dport) {
@@ -544,16 +544,30 @@ tcp_print(netdissect_options *ndo,
                                  ND_PRINT((ndo, " cap %02x id %u", cp[0], cp[1]));
                                  break;
  
                                  ND_PRINT((ndo, " cap %02x id %u", cp[0], cp[1]));
                                  break;
  
-                        case TCPOPT_AUTH:
-                                ND_PRINT((ndo, " keyid %d", *cp++));
-                                datalen = len - 3;
-                                for (i = 0; i < datalen; ++i) {
-                                        LENCHECK(i);
-                                        ND_PRINT((ndo, "%02x", cp[i]));
+                        case TCPOPT_TCPAO:
+                                datalen = len - 2;
+                                /* RFC 5925 Section 2.2:
+                                 * "The Length value MUST be greater than or equal to 4."
+                                 * (This includes the Kind and Length fields already processed
+                                 * at this point.)
+                                 */
+                                if (datalen < 2) {
+                                        ND_PRINT((ndo, " invalid"));
+                                } else {
+                                        LENCHECK(1);
+                                        ND_PRINT((ndo, " keyid %u", cp[0]));
+                                        LENCHECK(2);
+                                        ND_PRINT((ndo, " rnextkeyid %u", cp[1]));
+                                        if (datalen > 2) {
+                                                ND_PRINT((ndo, " mac 0x"));
+                                                for (i = 2; i < datalen; i++) {
+                                                        LENCHECK(i + 1);
+                                                        ND_PRINT((ndo, "%02x", cp[i]));
+                                                }
+                                        }
                                  }
                                  break;
  
                                  }
                                  break;
  
-
                          case TCPOPT_EOL:
                          case TCPOPT_NOP:
                          case TCPOPT_SACKOK:
                          case TCPOPT_EOL:
                          case TCPOPT_NOP:
                          case TCPOPT_SACKOK:
@@ -616,7 +630,7 @@ tcp_print(netdissect_options *ndo,
                                  if (datalen)
                                          ND_PRINT((ndo, " 0x"));
                                  for (i = 0; i < datalen; ++i) {
                                  if (datalen)
                                          ND_PRINT((ndo, " 0x"));
                                  for (i = 0; i < datalen; ++i) {
-                                        LENCHECK(i);
+                                        LENCHECK(i + 1);
                                          ND_PRINT((ndo, "%02x", cp[i]));
                                  }
                                  break;
                                          ND_PRINT((ndo, "%02x", cp[i]));
                                  }
                                  break;