X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/64677b0d78ff168d98c3035e894c4910c021136e..c39d40a767a1ae36171e5bcbf6f157ff3e80fb6c:/print-ah.c

diff --git a/print-ah.c b/print-ah.c
index 9fbc251e..a3d05544 100644
--- a/print-ah.c
+++ b/print-ah.c
@@ -24,10 +24,10 @@
 /* \summary: IPSEC Authentication Header printer */
 
 #ifdef HAVE_CONFIG_H
-#include "config.h"
+#include <config.h>
 #endif
 
-#include <netdissect-stdinc.h>
+#include "netdissect-stdinc.h"
 
 #include "netdissect.h"
 #include "extract.h"
@@ -38,27 +38,38 @@ int
 ah_print(netdissect_options *ndo, const u_char *bp)
 {
 	const struct ah *ah;
-	u_int sumlen;
+	uint8_t ah_len;
+	u_int ah_hdr_len;
+	uint16_t reserved;
+	const u_char *p;
 
+	ndo->ndo_protocol = "ah";
 	ah = (const struct ah *)bp;
 
-	ND_TCHECK_SIZE(ah);
-
-	sumlen = EXTRACT_U_1(ah->ah_len) << 2;
+	nd_print_protocol_caps(ndo);
+/*
+ * RFC4302
+ *
+ * 2.2.  Payload Length
+ *
+ *    This 8-bit field specifies the length of AH in 32-bit words (4-byte
+ *    units), minus "2".
+ */
+	ah_len = GET_U_1(ah->ah_len);
+	ah_hdr_len = (ah_len + 2) * 4;
 
-	ND_PRINT("AH(spi=0x%08x", EXTRACT_BE_U_4(ah->ah_spi));
+	ND_PRINT("(");
 	if (ndo->ndo_vflag)
-		ND_PRINT(",sumlen=%u", sumlen);
-	ND_TCHECK_4(ah + 1);
-	ND_PRINT(",seq=0x%x", EXTRACT_BE_U_4(ah + 1));
-	if (!ND_TTEST_LEN(bp, sizeof(struct ah) + sumlen)) {
-		ND_PRINT("[truncated]):");
-		return -1;
-	}
+		ND_PRINT("length=%u(%u-bytes),", ah_len, ah_hdr_len);
+	reserved = GET_BE_U_2(ah->ah_reserved);
+	if (reserved)
+		ND_PRINT("reserved=0x%x[MustBeZero],", reserved);
+	ND_PRINT("spi=0x%08x,", GET_BE_U_4(ah->ah_spi));
+	ND_PRINT("seq=0x%x,", GET_BE_U_4(ah->ah_seq));
+	ND_PRINT("icv=0x");
+	for (p = (const u_char *)(ah + 1); p < bp + ah_hdr_len; p++)
+		ND_PRINT("%02x", GET_U_1(p));
 	ND_PRINT("): ");
 
-	return sizeof(struct ah) + sumlen;
- trunc:
-	ND_PRINT("[|AH]");
-	return -1;
+	return ah_hdr_len;
 }