From Ben Byer <[email protected]>: add a "-K" flag to suppress the

[tcpdump] / print-tcp.c

diff --git a/print-tcp.c b/print-tcp.c
index 025e50d23f375e600e84e8d5ece2cf5341ddb76a..8a3e293aee810703eca955c7a48dd94be962a311 100644 (file)
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -2,6 +2,8 @@
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
  *     The Regents of the University of California.  All rights reserved.
  *
+ * Copyright (c) 1999-2004 The tcpdump.org project
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that: (1) source code distributions
  * retain the above copyright notice and this paragraph in its entirety, (2)
@@ -21,7 +23,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.119 2004-12-27 00:41:31 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.125 2006-05-05 23:13:00 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -418,7 +420,7 @@ tcp_print(register const u_char *bp, register u_int length,
                return;
        }
 
-       if (IP_V(ip) == 4 && vflag && !fragmented) {
+       if (IP_V(ip) == 4 && vflag && !Kflag && !fragmented) {
                u_int16_t sum, tcp_sum;
                if (TTEST2(tp->th_sport, length)) {
                        sum = tcp_cksum(ip, tp, length);
@@ -432,7 +434,7 @@ tcp_print(register const u_char *bp, register u_int length,
                }
        }
 #ifdef INET6
-       if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !fragmented) {
+       if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !Kflag && !fragmented) {
                u_int16_t sum,tcp_sum;
                if (TTEST2(tp->th_sport, length)) {
                        sum = tcp6_cksum(ip6, tp, length);
@@ -518,14 +520,13 @@ tcp_print(register const u_char *bp, register u_int length,
                                break;
 
                        case TCPOPT_SACK:
-                               (void)printf("sack");
                                datalen = len - 2;
                                if (datalen % 8 != 0) {
-                                       (void)printf(" malformed sack ");
+                                       (void)printf("malformed sack");
                                } else {
                                        u_int32_t s, e;
 
-                                       (void)printf(" sack %d ", datalen / 8);
+                                       (void)printf("sack %d ", datalen / 8);
                                        for (i = 0; i < datalen; i += 8) {
                                                LENCHECK(i + 4);
                                                s = EXTRACT_32BITS(cp + i);
@@ -540,7 +541,6 @@ tcp_print(register const u_char *bp, register u_int length,
                                                }
                                                (void)printf("{%u:%u}", s, e);
                                        }
-                                       (void)printf(" ");
                                }
                                break;
 
@@ -616,6 +616,15 @@ tcp_print(register const u_char *bp, register u_int length,
 #endif
                                break;
 
+                        case TCPOPT_AUTH:
+                                (void)printf("Enhanced Auth: keyid %d", *cp++);
+                                datalen = len - 3;
+                                for (i = 0; i < datalen; ++i) {
+                                    LENCHECK(i);
+                                    (void)printf("%02x", cp[i]);
+                                }
+                            break;
+
                        default:
                                (void)printf("opt-%u:", opt);
                                datalen = len - 2;
@@ -736,7 +745,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
     const u_char *data, int length, const u_char *rcvsig)
 {
         struct tcphdr tp1;
-       char sig[TCP_SIGLEN];
+       u_char sig[TCP_SIGLEN];
        char zero_proto = 0;
        MD5_CTX ctx;
        u_int16_t savecsum, tlen;
@@ -799,7 +808,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
        MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
        MD5_Final(sig, &ctx);
 
-       if (memcmp(rcvsig, sig, 16))
+       if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0)
                return (SIGNATURE_VALID);
        else
                return (SIGNATURE_INVALID);