X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/38700c7f24646dfbc6ac0ed529d3ed727c545cd0..91d032ddef9c198e4a78bccebbe33b38b6f5949b:/print-tcp.c?ds=inline diff --git a/print-tcp.c b/print-tcp.c index 466fc48e..9334a2d0 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -63,6 +63,8 @@ static int tcp_verify_signature(netdissect_options *ndo, #endif static void print_tcp_rst_data(netdissect_options *, register const u_char *sp, u_int length); +static void print_tcp_fastopen_option(netdissect_options *ndo, register const u_char *cp, + u_int datalen, int exp); #define MAX_RST_DATA_LEN 30 @@ -134,6 +136,7 @@ static const struct tok tcp_option_values[] = { { TCPOPT_AUTH, "enhanced auth" }, { TCPOPT_UTO, "uto" }, { TCPOPT_MPTCP, "mptcp" }, + { TCPOPT_FASTOPEN, "tfo" }, { TCPOPT_EXPERIMENT2, "exp" }, { 0, NULL } }; @@ -167,11 +170,11 @@ tcp_print(netdissect_options *ndo, register const struct ip6_hdr *ip6; #endif - tp = (struct tcphdr *)bp; - ip = (struct ip *)bp2; + tp = (const struct tcphdr *)bp; + ip = (const struct ip *)bp2; #ifdef INET6 if (IP_V(ip) == 6) - ip6 = (struct ip6_hdr *)bp2; + ip6 = (const struct ip6_hdr *)bp2; else ip6 = NULL; #endif /*INET6*/ @@ -583,6 +586,12 @@ tcp_print(netdissect_options *ndo, goto bad; break; + case TCPOPT_FASTOPEN: + datalen = len - 2; + LENCHECK(datalen); + print_tcp_fastopen_option(ndo, cp, datalen, FALSE); + break; + case TCPOPT_EXPERIMENT2: datalen = len - 2; LENCHECK(datalen); @@ -594,21 +603,8 @@ tcp_print(netdissect_options *ndo, switch(magic) { - case 0xf989: - /* TCP Fast Open: RFC 7413 */ - if (datalen == 2) { - /* Fast Open Cookie Request */ - ND_PRINT((ndo, "tfo cookiereq")); - } else { - /* Fast Open Cookie */ - if (datalen % 2 != 0 || datalen < 6 || datalen > 18) { - ND_PRINT((ndo, "tfo malformed")); - } else { - ND_PRINT((ndo, "tfo cookie ")); - for (i = 2; i < datalen; ++i) - ND_PRINT((ndo, "%02x", cp[i])); - } - } + case 0xf989: /* TCP Fast Open RFC 7413 */ + print_tcp_fastopen_option(ndo, cp + 2, datalen - 2, TRUE); break; default: @@ -728,23 +724,23 @@ tcp_print(netdissect_options *ndo, * to NFS print routines. */ uint32_t fraglen; - register struct sunrpc_msg *rp; + register const struct sunrpc_msg *rp; enum sunrpc_msg_type direction; fraglen = EXTRACT_32BITS(bp) & 0x7FFFFFFF; if (fraglen > (length) - 4) fraglen = (length) - 4; - rp = (struct sunrpc_msg *)(bp + 4); + rp = (const struct sunrpc_msg *)(bp + 4); if (ND_TTEST(rp->rm_direction)) { direction = (enum sunrpc_msg_type)EXTRACT_32BITS(&rp->rm_direction); if (dport == NFS_PORT && direction == SUNRPC_CALL) { ND_PRINT((ndo, ": NFS request xid %u ", EXTRACT_32BITS(&rp->rm_xid))); - nfsreq_print_noaddr(ndo, (u_char *)rp, fraglen, (u_char *)ip); + nfsreq_print_noaddr(ndo, (const u_char *)rp, fraglen, (const u_char *)ip); return; } if (sport == NFS_PORT && direction == SUNRPC_REPLY) { ND_PRINT((ndo, ": NFS reply xid %u ", EXTRACT_32BITS(&rp->rm_xid))); - nfsreply_print_noaddr(ndo, (u_char *)rp, fraglen, (u_char *)ip); + nfsreply_print_noaddr(ndo, (const u_char *)rp, fraglen, (const u_char *)ip); return; } } @@ -796,6 +792,30 @@ print_tcp_rst_data(netdissect_options *ndo, ND_PRINT((ndo, "]")); } +static void +print_tcp_fastopen_option(netdissect_options *ndo, register const u_char *cp, + u_int datalen, int exp) +{ + u_int i; + + if (exp) + ND_PRINT((ndo, "tfo")); + + if (datalen == 0) { + /* Fast Open Cookie Request */ + ND_PRINT((ndo, " cookiereq")); + } else { + /* Fast Open Cookie */ + if (datalen % 2 != 0 || datalen < 4 || datalen > 16) { + ND_PRINT((ndo, " malformed")); + } else { + ND_PRINT((ndo, " cookie ")); + for (i = 0; i < datalen; ++i) + ND_PRINT((ndo, "%02x", cp[i])); + } + } +} + #ifdef HAVE_LIBCRYPTO USES_APPLE_DEPRECATED_API static int @@ -809,7 +829,7 @@ tcp_verify_signature(netdissect_options *ndo, MD5_CTX ctx; uint16_t savecsum, tlen; #ifdef INET6 - struct ip6_hdr *ip6; + const struct ip6_hdr *ip6; uint32_t len32; uint8_t nxt; #endif @@ -831,26 +851,26 @@ tcp_verify_signature(netdissect_options *ndo, * Step 1: Update MD5 hash with IP pseudo-header. */ if (IP_V(ip) == 4) { - MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src)); - MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst)); - MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto)); - MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p)); + MD5_Update(&ctx, (const char *)&ip->ip_src, sizeof(ip->ip_src)); + MD5_Update(&ctx, (const char *)&ip->ip_dst, sizeof(ip->ip_dst)); + MD5_Update(&ctx, (const char *)&zero_proto, sizeof(zero_proto)); + MD5_Update(&ctx, (const char *)&ip->ip_p, sizeof(ip->ip_p)); tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4; tlen = htons(tlen); - MD5_Update(&ctx, (char *)&tlen, sizeof(tlen)); + MD5_Update(&ctx, (const char *)&tlen, sizeof(tlen)); #ifdef INET6 } else if (IP_V(ip) == 6) { - ip6 = (struct ip6_hdr *)ip; - MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); - MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); + ip6 = (const struct ip6_hdr *)ip; + MD5_Update(&ctx, (const char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); + MD5_Update(&ctx, (const char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen)); - MD5_Update(&ctx, (char *)&len32, sizeof(len32)); + MD5_Update(&ctx, (const char *)&len32, sizeof(len32)); nxt = 0; - MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); - MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); - MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); + MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt)); + MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt)); + MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt)); nxt = IPPROTO_TCP; - MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); + MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt)); #endif } else { #ifdef INET6 @@ -867,7 +887,7 @@ tcp_verify_signature(netdissect_options *ndo, */ savecsum = tp1.th_sum; tp1.th_sum = 0; - MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr)); + MD5_Update(&ctx, (const char *)&tp1, sizeof(struct tcphdr)); tp1.th_sum = savecsum; /* * Step 3: Update MD5 hash with TCP segment data, if present.