add basic support for Ethernet OAM Frames as per 802.3ah

[tcpdump] / print-tcp.c
diff --git a/print-tcp.c b/print-tcp.c

index cd1299d9947e8a70775b4af4dcbef79fed2484ad..b5d70c82f66f2c80989e0a7e27d73de7fcdc15ee 100644 (file)
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -2,6 +2,8 @@
   * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
   *     The Regents of the University of California.  All rights reserved.
   *
   * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
   *     The Regents of the University of California.  All rights reserved.
   *
+ * Copyright (c) 1999-2004 The tcpdump.org project
+ *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that: (1) source code distributions
   * retain the above copyright notice and this paragraph in its entirety, (2)
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that: (1) source code distributions
   * retain the above copyright notice and this paragraph in its entirety, (2)
@@ -20,26 +22,19 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.95 2001-12-10 08:21:24 guy Exp $ (LBL)";
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.124 2005-11-29 09:07:47 hannes Exp $ (LBL)";
  #endif
  
  #ifdef HAVE_CONFIG_H
  #include "config.h"
  #endif
  
  #endif
  
  #ifdef HAVE_CONFIG_H
  #include "config.h"
  #endif
  
-#include <sys/param.h>
-#include <sys/time.h>
-
-#include <rpc/rpc.h>
-
-#include <netinet/in.h>
+#include <tcpdump-stdinc.h>
  
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
-#include <ctype.h>
-#include <unistd.h>
  
  #include "interface.h"
  #include "addrtoname.h"
  
  #include "interface.h"
  #include "addrtoname.h"
@@ -51,9 +46,23 @@ static const char rcsid[] =
  #ifdef INET6
  #include "ip6.h"
  #endif
  #ifdef INET6
  #include "ip6.h"
  #endif
+#include "ipproto.h"
+#include "rpc_auth.h"
+#include "rpc_msg.h"
  
  #include "nameser.h"
  
  
  #include "nameser.h"
  
+#ifdef HAVE_LIBCRYPTO
+#include <openssl/md5.h>
+
+#define SIGNATURE_VALID                0
+#define SIGNATURE_INVALID      1
+#define CANT_CHECK_SIGNATURE   2
+
+static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
+    const u_char *data, int length, const u_char *rcvsig);
+#endif
+
  static void print_tcp_rst_data(register const u_char *sp, u_int length);
  
  #define MAX_RST_DATA_LEN       30
  static void print_tcp_rst_data(register const u_char *sp, u_int length);
  
  #define MAX_RST_DATA_LEN       30
@@ -100,10 +109,11 @@ static struct tcp_seq_hash tcp_seq_hash[TSEQ_HASHSIZE];
  #define NFS_PORT       2049
  #endif
  #define MSDP_PORT      639
  #define NFS_PORT       2049
  #endif
  #define MSDP_PORT      639
+#define LDP_PORT        646
  
  static int tcp_cksum(register const struct ip *ip,
                      register const struct tcphdr *tp,
  
  static int tcp_cksum(register const struct ip *ip,
                      register const struct tcphdr *tp,
-                    register int len)
+                    register u_int len)
  {
         union phu {
                 struct phdr {
  {
         union phu {
                 struct phdr {
@@ -118,11 +128,14 @@ static int tcp_cksum(register const struct ip *ip,
         const u_int16_t *sp;
  
         /* pseudo-header.. */
         const u_int16_t *sp;
  
         /* pseudo-header.. */
-       phu.ph.len = htons(len);        /* XXX */
+       phu.ph.len = htons((u_int16_t)len);
         phu.ph.mbz = 0;
         phu.ph.proto = IPPROTO_TCP;
         memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t));
         phu.ph.mbz = 0;
         phu.ph.proto = IPPROTO_TCP;
         memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t));
-       memcpy(&phu.ph.dst, &ip->ip_dst.s_addr, sizeof(u_int32_t));
+       if (IP_HL(ip) == 5)
+               memcpy(&phu.ph.dst, &ip->ip_dst.s_addr, sizeof(u_int32_t));
+       else
+               phu.ph.dst = ip_finddst(ip);
  
         sp = &phu.pa[0];
         return in_cksum((u_short *)tp, len,
  
         sp = &phu.pa[0];
         return in_cksum((u_short *)tp, len,
@@ -131,9 +144,9 @@ static int tcp_cksum(register const struct ip *ip,
  
  #ifdef INET6
  static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
  
  #ifdef INET6
  static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
-       int len)
+       u_int len)
  {
  {
-       int i, tlen;
+       size_t i;
         register const u_int16_t *sp;
         u_int32_t sum;
         union {
         register const u_int16_t *sp;
         u_int32_t sum;
         union {
@@ -147,14 +160,11 @@ static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
                 u_int16_t pa[20];
         } phu;
  
                 u_int16_t pa[20];
         } phu;
  
-       tlen = ntohs(ip6->ip6_plen) + sizeof(struct ip6_hdr) -
-           ((const char *)tp - (const char*)ip6);
-
         /* pseudo-header */
         memset(&phu, 0, sizeof(phu));
         phu.ph.ph_src = ip6->ip6_src;
         phu.ph.ph_dst = ip6->ip6_dst;
         /* pseudo-header */
         memset(&phu, 0, sizeof(phu));
         phu.ph.ph_src = ip6->ip6_src;
         phu.ph.ph_dst = ip6->ip6_dst;
-       phu.ph.ph_len = htonl(tlen);
+       phu.ph.ph_len = htonl(len);
         phu.ph.ph_nxt = IPPROTO_TCP;
  
         sum = 0;
         phu.ph.ph_nxt = IPPROTO_TCP;
  
         sum = 0;
@@ -163,10 +173,10 @@ static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp,
  
         sp = (const u_int16_t *)tp;
  
  
         sp = (const u_int16_t *)tp;
  
-       for (i = 0; i < (tlen & ~1); i += 2)
+       for (i = 0; i < (len & ~1); i += 2)
                 sum += *sp++;
  
                 sum += *sp++;
  
-       if (tlen & 1)
+       if (len & 1)
                 sum += htons((*(const u_int8_t *)sp) << 8);
  
         while (sum > 0xffff)
                 sum += htons((*(const u_int8_t *)sp) << 8);
  
         while (sum > 0xffff)
@@ -184,7 +194,7 @@ tcp_print(register const u_char *bp, register u_int length,
         register const struct tcphdr *tp;
         register const struct ip *ip;
         register u_char flags;
         register const struct tcphdr *tp;
         register const struct ip *ip;
         register u_char flags;
-       register int hlen;
+       register u_int hlen;
         register char ch;
         u_int16_t sport, dport, win, urp;
         u_int32_t seq, ack, thseq, thack;
         register char ch;
         u_int16_t sport, dport, win, urp;
         u_int32_t seq, ack, thseq, thack;
@@ -209,23 +219,24 @@ tcp_print(register const u_char *bp, register u_int length,
                 return;
         }
  
                 return;
         }
  
-       sport = ntohs(tp->th_sport);
-       dport = ntohs(tp->th_dport);
+       sport = EXTRACT_16BITS(&tp->th_sport);
+       dport = EXTRACT_16BITS(&tp->th_dport);
  
         hlen = TH_OFF(tp) * 4;
  
         /*
  
         hlen = TH_OFF(tp) * 4;
  
         /*
-        * If data present and NFS port used, assume NFS.
+        * If data present, header length valid, and NFS port used,
+        * assume NFS.
          * Pass offset of data plus 4 bytes for RPC TCP msg length
          * to NFS print routines.
          */
          * Pass offset of data plus 4 bytes for RPC TCP msg length
          * to NFS print routines.
          */
-       if (!qflag) {
-               if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend &&
+       if (!qflag && hlen >= sizeof(*tp) && hlen <= length) {
+               if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend &&
                     dport == NFS_PORT) {
                         nfsreq_print((u_char *)tp + hlen + 4, length - hlen,
                                      (u_char *)ip);
                         return;
                     dport == NFS_PORT) {
                         nfsreq_print((u_char *)tp + hlen + 4, length - hlen,
                                      (u_char *)ip);
                         return;
-               } else if ((u_char *)tp + 4 + sizeof(struct rpc_msg)
+               } else if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg)
                            <= snapend &&
                            sport == NFS_PORT) {
                         nfsreply_print((u_char *)tp + hlen + 4, length - hlen,
                            <= snapend &&
                            sport == NFS_PORT) {
                         nfsreply_print((u_char *)tp + hlen + 4, length - hlen,
@@ -260,15 +271,25 @@ tcp_print(register const u_char *bp, register u_int length,
                 }
         }
  
                 }
         }
  
+       if (hlen < sizeof(*tp)) {
+               (void)printf(" tcp %d [bad hdr length %u - too short, < %lu]",
+                   length - hlen, hlen, (unsigned long)sizeof(*tp));
+               return;
+       }
+
         TCHECK(*tp);
  
         TCHECK(*tp);
  
-       seq = (u_int32_t)ntohl(tp->th_seq);
-       ack = (u_int32_t)ntohl(tp->th_ack);
-       win = ntohs(tp->th_win);
-       urp = ntohs(tp->th_urp);
+       seq = EXTRACT_32BITS(&tp->th_seq);
+       ack = EXTRACT_32BITS(&tp->th_ack);
+       win = EXTRACT_16BITS(&tp->th_win);
+       urp = EXTRACT_16BITS(&tp->th_urp);
  
         if (qflag) {
  
         if (qflag) {
-               (void)printf("tcp %d", length - TH_OFF(tp) * 4);
+               (void)printf("tcp %d", length - hlen);
+               if (hlen > length) {
+                       (void)printf(" [bad hdr length %u - too long, > %u]",
+                           hlen, length);
+               }
                 return;
         }
         if ((flags = tp->th_flags) & (TH_SYN|TH_FIN|TH_RST|TH_PUSH|
                 return;
         }
         if ((flags = tp->th_flags) & (TH_SYN|TH_FIN|TH_RST|TH_PUSH|
@@ -290,6 +311,7 @@ tcp_print(register const u_char *bp, register u_int length,
  
         if (!Sflag && (flags & TH_ACK)) {
                 register struct tcp_seq_hash *th;
  
         if (!Sflag && (flags & TH_ACK)) {
                 register struct tcp_seq_hash *th;
+               const void *src, *dst;
                 register int rev;
                 struct tha tha;
                 /*
                 register int rev;
                 struct tha tha;
                 /*
@@ -302,63 +324,68 @@ tcp_print(register const u_char *bp, register u_int length,
                 memset(&tha, 0, sizeof(tha));
                 rev = 0;
                 if (ip6) {
                 memset(&tha, 0, sizeof(tha));
                 rev = 0;
                 if (ip6) {
+                       src = &ip6->ip6_src;
+                       dst = &ip6->ip6_dst;
                         if (sport > dport)
                                 rev = 1;
                         else if (sport == dport) {
                         if (sport > dport)
                                 rev = 1;
                         else if (sport == dport) {
-                               int i;
-
-                               for (i = 0; i < 4; i++) {
-                                       if (((u_int32_t *)(&ip6->ip6_src))[i] >
-                                           ((u_int32_t *)(&ip6->ip6_dst))[i]) {
-                                               rev = 1;
-                                               break;
-                                       }
-                               }
+                               if (memcmp(src, dst, sizeof ip6->ip6_dst) > 0)
+                                       rev = 1;
                         }
                         if (rev) {
                         }
                         if (rev) {
-                               tha.src = ip6->ip6_dst;
-                               tha.dst = ip6->ip6_src;
+                               memcpy(&tha.src, dst, sizeof ip6->ip6_dst);
+                               memcpy(&tha.dst, src, sizeof ip6->ip6_src);
                                 tha.port = dport << 16 | sport;
                         } else {
                                 tha.port = dport << 16 | sport;
                         } else {
-                               tha.dst = ip6->ip6_dst;
-                               tha.src = ip6->ip6_src;
+                               memcpy(&tha.dst, dst, sizeof ip6->ip6_dst);
+                               memcpy(&tha.src, src, sizeof ip6->ip6_src);
                                 tha.port = sport << 16 | dport;
                         }
                 } else {
                                 tha.port = sport << 16 | dport;
                         }
                 } else {
-                       if (sport > dport ||
-                           (sport == dport &&
-                            ip->ip_src.s_addr > ip->ip_dst.s_addr)) {
+                       src = &ip->ip_src;
+                       dst = &ip->ip_dst;
+                       if (sport > dport)
                                 rev = 1;
                                 rev = 1;
+                       else if (sport == dport) {
+                               if (memcmp(src, dst, sizeof ip->ip_dst) > 0)
+                                       rev = 1;
                         }
                         if (rev) {
                         }
                         if (rev) {
-                               *(struct in_addr *)&tha.src = ip->ip_dst;
-                               *(struct in_addr *)&tha.dst = ip->ip_src;
+                               memcpy(&tha.src, dst, sizeof ip->ip_dst);
+                               memcpy(&tha.dst, src, sizeof ip->ip_src);
                                 tha.port = dport << 16 | sport;
                         } else {
                                 tha.port = dport << 16 | sport;
                         } else {
-                               *(struct in_addr *)&tha.dst = ip->ip_dst;
-                               *(struct in_addr *)&tha.src = ip->ip_src;
+                               memcpy(&tha.dst, dst, sizeof ip->ip_dst);
+                               memcpy(&tha.src, src, sizeof ip->ip_src);
                                 tha.port = sport << 16 | dport;
                         }
                 }
  #else
                                 tha.port = sport << 16 | dport;
                         }
                 }
  #else
-               if (sport < dport ||
-                   (sport == dport &&
-                    ip->ip_src.s_addr < ip->ip_dst.s_addr)) {
-                       tha.src = ip->ip_src, tha.dst = ip->ip_dst;
-                       tha.port = sport << 16 | dport;
-                       rev = 0;
-               } else {
-                       tha.src = ip->ip_dst, tha.dst = ip->ip_src;
-                       tha.port = dport << 16 | sport;
+               rev = 0;
+               src = &ip->ip_src;
+               dst = &ip->ip_dst;
+               if (sport > dport)
                         rev = 1;
                         rev = 1;
+               else if (sport == dport) {
+                       if (memcmp(src, dst, sizeof ip->ip_dst) > 0)
+                               rev = 1;
+               }
+               if (rev) {
+                       memcpy(&tha.src, dst, sizeof ip->ip_dst);
+                       memcpy(&tha.dst, src, sizeof ip->ip_src);
+                       tha.port = dport << 16 | sport;
+               } else {
+                       memcpy(&tha.dst, dst, sizeof ip->ip_dst);
+                       memcpy(&tha.src, src, sizeof ip->ip_src);
+                       tha.port = sport << 16 | dport;
                 }
  #endif
  
                 threv = rev;
                 for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];
                      th->nxt; th = th->nxt)
                 }
  #endif
  
                 threv = rev;
                 for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];
                      th->nxt; th = th->nxt)
-                       if (!memcmp((char *)&tha, (char *)&th->addr,
-                                 sizeof(th->addr)))
+                       if (memcmp((char *)&tha, (char *)&th->addr,
+                                 sizeof(th->addr)) == 0)
                                 break;
  
                 if (!th->nxt || (flags & TH_SYN)) {
                                 break;
  
                 if (!th->nxt || (flags & TH_SYN)) {
@@ -388,29 +415,36 @@ tcp_print(register const u_char *bp, register u_int length,
                 thseq = thack = threv = 0;
         }
         if (hlen > length) {
                 thseq = thack = threv = 0;
         }
         if (hlen > length) {
-               (void)printf(" [bad hdr length]");
+               (void)printf(" [bad hdr length %u - too long, > %u]",
+                   hlen, length);
                 return;
         }
  
         if (IP_V(ip) == 4 && vflag && !fragmented) {
                 return;
         }
  
         if (IP_V(ip) == 4 && vflag && !fragmented) {
-               int sum;
+               u_int16_t sum, tcp_sum;
                 if (TTEST2(tp->th_sport, length)) {
                         sum = tcp_cksum(ip, tp, length);
                 if (TTEST2(tp->th_sport, length)) {
                         sum = tcp_cksum(ip, tp, length);
-                       if (sum != 0)
-                               (void)printf(" [bad tcp cksum %x!]", sum);
-                       else
-                               (void)printf(" [tcp sum ok]");
+
+                        (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum));
+                       if (sum != 0) {
+                               tcp_sum = EXTRACT_16BITS(&tp->th_sum);
+                               (void)printf(" (incorrect (-> 0x%04x),",in_cksum_shouldbe(tcp_sum, sum));
+                       } else
+                               (void)printf(" (correct),");
                 }
         }
  #ifdef INET6
         if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !fragmented) {
                 }
         }
  #ifdef INET6
         if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !fragmented) {
-               int sum;
+               u_int16_t sum,tcp_sum;
                 if (TTEST2(tp->th_sport, length)) {
                         sum = tcp6_cksum(ip6, tp, length);
                 if (TTEST2(tp->th_sport, length)) {
                         sum = tcp6_cksum(ip6, tp, length);
-                       if (sum != 0)
-                               (void)printf(" [bad tcp cksum %x!]", sum);
-                       else
-                               (void)printf(" [tcp sum ok]");
+                        (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum));
+                       if (sum != 0) {
+                               tcp_sum = EXTRACT_16BITS(&tp->th_sum);
+                               (void)printf(" (incorrect (-> 0x%04x),",in_cksum_shouldbe(tcp_sum, sum));
+                       } else
+                               (void)printf(" (correct),");
+
                 }
         }
  #endif
                 }
         }
  #endif
@@ -428,10 +462,12 @@ tcp_print(register const u_char *bp, register u_int length,
         /*
          * Handle any options.
          */
         /*
          * Handle any options.
          */
-       if ((hlen -= sizeof(*tp)) > 0) {
+       if (hlen > sizeof(*tp)) {
                 register const u_char *cp;
                 register const u_char *cp;
-               register int i, opt, len, datalen;
+               register u_int i, opt, datalen;
+               register u_int len;
  
  
+               hlen -= sizeof(*tp);
                 cp = (const u_char *)tp + sizeof(*tp);
                 putchar(' ');
                 ch = '<';
                 cp = (const u_char *)tp + sizeof(*tp);
                 putchar(' ');
                 ch = '<';
@@ -484,14 +520,13 @@ tcp_print(register const u_char *bp, register u_int length,
                                 break;
  
                         case TCPOPT_SACK:
                                 break;
  
                         case TCPOPT_SACK:
-                               (void)printf("sack");
                                 datalen = len - 2;
                                 if (datalen % 8 != 0) {
                                 datalen = len - 2;
                                 if (datalen % 8 != 0) {
-                                       (void)printf(" malformed sack ");
+                                       (void)printf("malformed sack");
                                 } else {
                                         u_int32_t s, e;
  
                                 } else {
                                         u_int32_t s, e;
  
-                                       (void)printf(" sack %d ", datalen / 8);
+                                       (void)printf("sack %d ", datalen / 8);
                                         for (i = 0; i < datalen; i += 8) {
                                                 LENCHECK(i + 4);
                                                 s = EXTRACT_32BITS(cp + i);
                                         for (i = 0; i < datalen; i += 8) {
                                                 LENCHECK(i + 4);
                                                 s = EXTRACT_32BITS(cp + i);
@@ -506,7 +541,6 @@ tcp_print(register const u_char *bp, register u_int length,
                                                 }
                                                 (void)printf("{%u:%u}", s, e);
                                         }
                                                 }
                                                 (void)printf("{%u:%u}", s, e);
                                         }
-                                       (void)printf(" ");
                                 }
                                 break;
  
                                 }
                                 break;
  
@@ -554,8 +588,45 @@ tcp_print(register const u_char *bp, register u_int length,
                                 (void)printf(" %u", EXTRACT_32BITS(cp));
                                 break;
  
                                 (void)printf(" %u", EXTRACT_32BITS(cp));
                                 break;
  
+                       case TCPOPT_SIGNATURE:
+                               (void)printf("md5:");
+                               datalen = TCP_SIGLEN;
+                               LENCHECK(datalen);
+#ifdef HAVE_LIBCRYPTO
+                               switch (tcp_verify_signature(ip, tp,
+                                   bp + TH_OFF(tp) * 4, length, cp)) {
+
+                               case SIGNATURE_VALID:
+                                       (void)printf("valid");
+                                       break;
+
+                               case SIGNATURE_INVALID:
+                                       (void)printf("invalid");
+                                       break;
+
+                               case CANT_CHECK_SIGNATURE:
+                                       (void)printf("can't check - ");
+                                       for (i = 0; i < TCP_SIGLEN; ++i)
+                                               (void)printf("%02x", cp[i]);
+                                       break;
+                               }
+#else
+                               for (i = 0; i < TCP_SIGLEN; ++i)
+                                       (void)printf("%02x", cp[i]);
+#endif
+                               break;
+
+                        case TCPOPT_AUTH:
+                                (void)printf("Enhanced Auth: keyid %d", *cp++);
+                                datalen = len - 3;
+                                for (i = 0; i < datalen; ++i) {
+                                    LENCHECK(i);
+                                    (void)printf("%02x", cp[i]);
+                                }
+                            break;
+
                         default:
                         default:
-                               (void)printf("opt-%d:", opt);
+                               (void)printf("opt-%u:", opt);
                                 datalen = len - 2;
                                 for (i = 0; i < datalen; ++i) {
                                         LENCHECK(i);
                                 datalen = len - 2;
                                 for (i = 0; i < datalen; ++i) {
                                         LENCHECK(i);
@@ -598,7 +669,7 @@ tcp_print(register const u_char *bp, register u_int length,
                 } else if (sport == BGP_PORT || dport == BGP_PORT)
                         bgp_print(bp, length);
                 else if (sport == PPTP_PORT || dport == PPTP_PORT)
                 } else if (sport == BGP_PORT || dport == BGP_PORT)
                         bgp_print(bp, length);
                 else if (sport == PPTP_PORT || dport == PPTP_PORT)
-                       pptp_print(bp, length);
+                       pptp_print(bp);
  #ifdef TCPDUMP_DO_SMB
                 else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT)
                         nbt_tcp_print(bp, length);
  #ifdef TCPDUMP_DO_SMB
                 else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT)
                         nbt_tcp_print(bp, length);
@@ -606,15 +677,19 @@ tcp_print(register const u_char *bp, register u_int length,
                 else if (sport == BEEP_PORT || dport == BEEP_PORT)
                         beep_print(bp, length);
                 else if (length > 2 &&
                 else if (sport == BEEP_PORT || dport == BEEP_PORT)
                         beep_print(bp, length);
                 else if (length > 2 &&
-                   (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT)) {
+                   (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT ||
+                    sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) {
                         /*
                          * TCP DNS query has 2byte length at the head.
                          * XXX packet could be unaligned, it can go strange
                          */
                         /*
                          * TCP DNS query has 2byte length at the head.
                          * XXX packet could be unaligned, it can go strange
                          */
-                       ns_print(bp + 2, length - 2);
+                       ns_print(bp + 2, length - 2, 0);
                 } else if (sport == MSDP_PORT || dport == MSDP_PORT) {
                         msdp_print(bp, length);
                 }
                 } else if (sport == MSDP_PORT || dport == MSDP_PORT) {
                         msdp_print(bp, length);
                 }
+                else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) {
+                        ldp_print(bp, length);
+               }
         }
         return;
  bad:
         }
         return;
  bad:
@@ -663,3 +738,79 @@ print_tcp_rst_data(register const u_char *sp, u_int length)
         }
         putchar(']');
  }
         }
         putchar(']');
  }
+
+#ifdef HAVE_LIBCRYPTO
+static int
+tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
+    const u_char *data, int length, const u_char *rcvsig)
+{
+        struct tcphdr tp1;
+       u_char sig[TCP_SIGLEN];
+       char zero_proto = 0;
+       MD5_CTX ctx;
+       u_int16_t savecsum, tlen;
+#ifdef INET6
+       struct ip6_hdr *ip6;
+#endif
+       u_int32_t len32;
+       u_int8_t nxt;
+
+       tp1 = *tp;
+
+       if (tcpmd5secret == NULL)
+               return (CANT_CHECK_SIGNATURE);
+
+       MD5_Init(&ctx);
+       /*
+        * Step 1: Update MD5 hash with IP pseudo-header.
+        */
+       if (IP_V(ip) == 4) {
+               MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src));
+               MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst));
+               MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto));
+               MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p));
+               tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
+               tlen = htons(tlen);
+               MD5_Update(&ctx, (char *)&tlen, sizeof(tlen));
+#ifdef INET6
+       } else if (IP_V(ip) == 6) {
+               ip6 = (struct ip6_hdr *)ip;
+               MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
+               MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst));
+               len32 = htonl(ntohs(ip6->ip6_plen));
+               MD5_Update(&ctx, (char *)&len32, sizeof(len32));
+               nxt = 0;
+               MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+               MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+               MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+               nxt = IPPROTO_TCP;
+               MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+#endif
+       } else
+               return (CANT_CHECK_SIGNATURE);
+
+       /*
+        * Step 2: Update MD5 hash with TCP header, excluding options.
+        * The TCP checksum must be set to zero.
+        */
+       savecsum = tp1.th_sum;
+       tp1.th_sum = 0;
+       MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr));
+       tp1.th_sum = savecsum;
+       /*
+        * Step 3: Update MD5 hash with TCP segment data, if present.
+        */
+       if (length > 0)
+               MD5_Update(&ctx, data, length);
+       /*
+        * Step 4: Update MD5 hash with shared secret.
+        */
+       MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
+       MD5_Final(sig, &ctx);
+
+       if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0)
+               return (SIGNATURE_VALID);
+       else
+               return (SIGNATURE_INVALID);
+}
+#endif /* HAVE_LIBCRYPTO */