X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/585ac3db0663f474fd3417ea91953b58022cc9d9..0845bc813c1cc48b18cdefff0b387c110647463c:/print-esp.c

diff --git a/print-esp.c b/print-esp.c
index d1ed4334..fe494a39 100644
--- a/print-esp.c
+++ b/print-esp.c
@@ -25,10 +25,9 @@
 #include "config.h"
 #endif
 
-#include <string.h>
-
 #include <tcpdump-stdinc.h>
 
+#include <string.h>
 #include <stdlib.h>
 
 /* Any code in this file that depends on HAVE_LIBCRYPTO depends on
@@ -43,46 +42,15 @@
 #endif
 #endif
 
-#include <stdio.h>
-
 #include "ip.h"
 #ifdef INET6
 #include "ip6.h"
 #endif
 
 #include "netdissect.h"
-#include "addrtoname.h"
 #include "extract.h"
 
-#ifndef HAVE_SOCKADDR_STORAGE
-#ifdef INET6
-struct sockaddr_storage {
-	union {
-		struct sockaddr_in sin;
-		struct sockaddr_in6 sin6;
-	} un;
-};
-#else
-#define sockaddr_storage sockaddr
-#endif
-#endif /* HAVE_SOCKADDR_STORAGE */
-
-#ifdef HAVE_LIBCRYPTO
-struct sa_list {
-	struct sa_list	*next;
-	struct sockaddr_storage daddr;
-	u_int32_t	spi;          /* if == 0, then IKEv2 */
-	int             initiator;
-	u_char          spii[8];      /* for IKEv2 */
-	u_char          spir[8];
-	const EVP_CIPHER *evp;
-	int		ivlen;
-	int		authlen;
-	u_char          authsecret[256];
-	int             authsecret_len;
-	u_char		secret[256];  /* is that big enough for all secrets? */
-	int		secretlen;
-};
+#include "ascii_strcasecmp.h"
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -118,8 +86,8 @@ struct sa_list {
  */
 
 struct newesp {
-	u_int32_t	esp_spi;	/* ESP */
-	u_int32_t	esp_seq;	/* Sequence number */
+	uint32_t	esp_spi;	/* ESP */
+	uint32_t	esp_seq;	/* Sequence number */
 	/*variable size*/		/* (IV and) Payload data */
 	/*variable size*/		/* padding */
 	/*8bit*/			/* pad size */
@@ -128,6 +96,30 @@ struct newesp {
 	/*variable size, 32bit bound*/	/* Authentication data */
 };
 
+#ifdef HAVE_LIBCRYPTO
+union inaddr_u {
+	struct in_addr in4;
+#ifdef INET6
+	struct in6_addr in6;
+#endif
+};
+struct sa_list {
+	struct sa_list	*next;
+	u_int		daddr_version;
+	union inaddr_u	daddr;
+	uint32_t	spi;          /* if == 0, then IKEv2 */
+	int             initiator;
+	u_char          spii[8];      /* for IKEv2 */
+	u_char          spir[8];
+	const EVP_CIPHER *evp;
+	int		ivlen;
+	int		authlen;
+	u_char          authsecret[256];
+	int             authsecret_len;
+	u_char		secret[256];  /* is that big enough for all secrets? */
+	int		secretlen;
+};
+
 /*
  * this will adjust ndo_packetp and ndo_snapend to new buffer!
  */
@@ -135,10 +127,10 @@ USES_APPLE_DEPRECATED_API
 int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
 				      int initiator,
 				      u_char spii[8], u_char spir[8],
-				      u_char *buf, u_char *end)
+				      const u_char *buf, const u_char *end)
 {
 	struct sa_list *sa;
-	u_char *iv;
+	const u_char *iv;
 	int len;
 	EVP_CIPHER_CTX ctx;
 
@@ -341,8 +333,8 @@ espprint_decode_authalgo(netdissect_options *ndo,
 	}
 	*colon = '\0';
 
-	if(strcasecmp(colon,"sha1") == 0 ||
-	   strcasecmp(colon,"md5") == 0) {
+	if(ascii_strcasecmp(colon,"sha1") == 0 ||
+	   ascii_strcasecmp(colon,"md5") == 0) {
 		sa->authlen = 12;
 	}
 	return 1;
@@ -429,17 +421,18 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line,
 	if (line == NULL) {
 		decode = spikey;
 		spikey = NULL;
+		/* sa1.daddr.version = 0; */
 		/* memset(&sa1.daddr, 0, sizeof(sa1.daddr)); */
 		/* sa1.spi = 0; */
 		sa_def    = 1;
 	} else
 		decode = line;
 
-	if (spikey && strcasecmp(spikey, "file") == 0) {
+	if (spikey && ascii_strcasecmp(spikey, "file") == 0) {
 		/* open file and read it */
 		FILE *secretfile;
 		char  fileline[1024];
-		int   lineno=0;
+		int   subfile_lineno=0;
 		char  *nl;
 		char *filename = line;
 
@@ -450,7 +443,7 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line,
 		}
 
 		while (fgets(fileline, sizeof(fileline)-1, secretfile) != NULL) {
-			lineno++;
+			subfile_lineno++;
 			/* remove newline from the line */
 			nl = strchr(fileline, '\n');
 			if (nl)
@@ -458,14 +451,14 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line,
 			if (fileline[0] == '#') continue;
 			if (fileline[0] == '\0') continue;
 
-			esp_print_decode_onesecret(ndo, fileline, filename, lineno);
+			esp_print_decode_onesecret(ndo, fileline, filename, subfile_lineno);
 		}
 		fclose(secretfile);
 
 		return;
 	}
 
-	if (spikey && strcasecmp(spikey, "ikev2") == 0) {
+	if (spikey && ascii_strcasecmp(spikey, "ikev2") == 0) {
 		esp_print_decode_ikeline(ndo, line, file, lineno);
 		return;
 	}
@@ -473,11 +466,7 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line,
 	if (spikey) {
 
 		char *spistr, *foo;
-		u_int32_t spino;
-		struct sockaddr_in *sin;
-#ifdef INET6
-		struct sockaddr_in6 *sin6;
-#endif
+		uint32_t spino;
 
 		spistr = strsep(&spikey, "@");
 
@@ -489,21 +478,13 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line,
 
 		sa1.spi = spino;
 
-		sin = (struct sockaddr_in *)&sa1.daddr;
 #ifdef INET6
-		sin6 = (struct sockaddr_in6 *)&sa1.daddr;
-		if (inet_pton(AF_INET6, spikey, &sin6->sin6_addr) == 1) {
-#ifdef HAVE_SOCKADDR_SA_LEN
-			sin6->sin6_len = sizeof(struct sockaddr_in6);
-#endif
-			sin6->sin6_family = AF_INET6;
+		if (inet_pton(AF_INET6, spikey, &sa1.daddr.in6) == 1) {
+			sa1.daddr_version = 6;
 		} else
 #endif
-			if (inet_pton(AF_INET, spikey, &sin->sin_addr) == 1) {
-#ifdef HAVE_SOCKADDR_SA_LEN
-				sin->sin_len = sizeof(struct sockaddr_in);
-#endif
-				sin->sin_family = AF_INET;
+			if (inet_pton(AF_INET, spikey, &sa1.daddr.in4) == 1) {
+				sa1.daddr_version = 4;
 			} else {
 				(*ndo->ndo_warning)(ndo, "print_esp: can not decode IP# %s\n", spikey);
 				return;
@@ -584,21 +565,21 @@ esp_print(netdissect_options *ndo,
 	register const struct newesp *esp;
 	register const u_char *ep;
 #ifdef HAVE_LIBCRYPTO
-	struct ip *ip;
+	const struct ip *ip;
 	struct sa_list *sa = NULL;
 #ifdef INET6
-	struct ip6_hdr *ip6 = NULL;
+	const struct ip6_hdr *ip6 = NULL;
 #endif
 	int advance;
 	int len;
 	u_char *secret;
 	int ivlen = 0;
-	u_char *ivoff;
-	u_char *p;
+	const u_char *ivoff;
+	const u_char *p;
 	EVP_CIPHER_CTX ctx;
 #endif
 
-	esp = (struct newesp *)bp;
+	esp = (const struct newesp *)bp;
 
 #ifdef HAVE_LIBCRYPTO
 	secret = NULL;
@@ -613,13 +594,13 @@ esp_print(netdissect_options *ndo,
 	/* 'ep' points to the end of available data. */
 	ep = ndo->ndo_snapend;
 
-	if ((u_char *)(esp + 1) >= ep) {
-		fputs("[|ESP]", stdout);
+	if ((const u_char *)(esp + 1) >= ep) {
+		ND_PRINT((ndo, "[|ESP]"));
 		goto fail;
 	}
-	(*ndo->ndo_printf)(ndo, "ESP(spi=0x%08x", EXTRACT_32BITS(&esp->esp_spi));
-	(*ndo->ndo_printf)(ndo, ",seq=0x%x)", EXTRACT_32BITS(&esp->esp_seq));
-        (*ndo->ndo_printf)(ndo, ", length %u", length);
+	ND_PRINT((ndo, "ESP(spi=0x%08x", EXTRACT_32BITS(&esp->esp_spi)));
+	ND_PRINT((ndo, ",seq=0x%x)", EXTRACT_32BITS(&esp->esp_seq)));
+	ND_PRINT((ndo, ", length %u", length));
 
 #ifndef HAVE_LIBCRYPTO
 	goto fail;
@@ -635,11 +616,11 @@ esp_print(netdissect_options *ndo,
 	if (ndo->ndo_sa_list_head == NULL)
 		goto fail;
 
-	ip = (struct ip *)bp2;
+	ip = (const struct ip *)bp2;
 	switch (IP_V(ip)) {
 #ifdef INET6
 	case 6:
-		ip6 = (struct ip6_hdr *)bp2;
+		ip6 = (const struct ip6_hdr *)bp2;
 		/* we do not attempt to decrypt jumbograms */
 		if (!EXTRACT_16BITS(&ip6->ip6_plen))
 			goto fail;
@@ -648,10 +629,9 @@ esp_print(netdissect_options *ndo,
 
 		/* see if we can find the SA, and if so, decode it */
 		for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) {
-			struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&sa->daddr;
 			if (sa->spi == EXTRACT_32BITS(&esp->esp_spi) &&
-			    sin6->sin6_family == AF_INET6 &&
-			    memcmp(&sin6->sin6_addr, &ip6->ip6_dst,
+			    sa->daddr_version == 6 &&
+			    UNALIGNED_MEMCMP(&sa->daddr.in6, &ip6->ip6_dst,
 				   sizeof(struct in6_addr)) == 0) {
 				break;
 			}
@@ -666,10 +646,10 @@ esp_print(netdissect_options *ndo,
 
 		/* see if we can find the SA, and if so, decode it */
 		for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) {
-			struct sockaddr_in *sin = (struct sockaddr_in *)&sa->daddr;
 			if (sa->spi == EXTRACT_32BITS(&esp->esp_spi) &&
-			    sin->sin_family == AF_INET &&
-			    sin->sin_addr.s_addr == ip->ip_dst.s_addr) {
+			    sa->daddr_version == 4 &&
+			    UNALIGNED_MEMCMP(&sa->daddr.in4, &ip->ip_dst,
+				   sizeof(struct in_addr)) == 0) {
 				break;
 			}
 		}
@@ -696,7 +676,7 @@ esp_print(netdissect_options *ndo,
 		ep = bp2 + len;
 	}
 
-	ivoff = (u_char *)(esp + 1) + 0;
+	ivoff = (const u_char *)(esp + 1) + 0;
 	ivlen = sa->ivlen;
 	secret = sa->secret;
 	ep = ep - sa->authlen;
@@ -710,7 +690,7 @@ esp_print(netdissect_options *ndo,
 		EVP_CipherInit(&ctx, NULL, NULL, p, 0);
 		EVP_Cipher(&ctx, p + ivlen, p + ivlen, ep - (p + ivlen));
 		EVP_CIPHER_CTX_cleanup(&ctx);
-		advance = ivoff - (u_char *)esp + ivlen;
+		advance = ivoff - (const u_char *)esp + ivlen;
 	} else
 		advance = sizeof(struct newesp);
 
@@ -724,7 +704,7 @@ esp_print(netdissect_options *ndo,
 	if (nhdr)
 		*nhdr = *(ep - 1);
 
-	(ndo->ndo_printf)(ndo, ": ");
+	ND_PRINT((ndo, ": "));
 	return advance;
 #endif