X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/64677b0d78ff168d98c3035e894c4910c021136e..f67e46a634dd3bdcefa9fc09dbef6baae1b1d1ed:/print-tcp.c diff --git a/print-tcp.c b/print-tcp.c index b3f9bc56..b727dde0 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -30,11 +30,9 @@ __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); #endif -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +#include -#include +#include "netdissect-stdinc.h" #include #include @@ -43,6 +41,8 @@ __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); #include "addrtoname.h" #include "extract.h" +#include "diag-control.h" + #include "tcp.h" #include "ip.h" @@ -68,8 +68,8 @@ static void print_tcp_fastopen_option(netdissect_options *ndo, const u_char *cp, struct tha { - struct in_addr src; - struct in_addr dst; + nd_ipv4 src; + nd_ipv4 dst; u_int port; }; @@ -81,8 +81,8 @@ struct tcp_seq_hash { }; struct tha6 { - struct in6_addr src; - struct in6_addr dst; + nd_ipv6 src; + nd_ipv6 dst; u_int port; }; @@ -95,7 +95,7 @@ struct tcp_seq_hash6 { #define TSEQ_HASHSIZE 919 -/* These tcp optinos do not have the size octet */ +/* These tcp options do not have the size octet */ #define ZEROLENOPT(o) ((o) == TCPOPT_EOL || (o) == TCPOPT_NOP) static struct tcp_seq_hash tcp_seq_hash4[TSEQ_HASHSIZE]; @@ -125,7 +125,7 @@ static const struct tok tcp_option_values[] = { { TCPOPT_TIMESTAMP, "TS" }, { TCPOPT_CC, "cc" }, { TCPOPT_CCNEW, "ccnew" }, - { TCPOPT_CCECHO, "" }, + { TCPOPT_CCECHO, "ccecho" }, { TCPOPT_SIGNATURE, "md5" }, { TCPOPT_SCPS, "scps" }, { TCPOPT_UTO, "uto" }, @@ -136,24 +136,24 @@ static const struct tok tcp_option_values[] = { { 0, NULL } }; -static int +static uint16_t tcp_cksum(netdissect_options *ndo, const struct ip *ip, const struct tcphdr *tp, u_int len) { - return nextproto4_cksum(ndo, ip, (const uint8_t *)tp, len, len, - IPPROTO_TCP); + return nextproto4_cksum(ndo, ip, (const uint8_t *)tp, len, len, + IPPROTO_TCP); } -static int +static uint16_t tcp6_cksum(netdissect_options *ndo, const struct ip6_hdr *ip6, const struct tcphdr *tp, u_int len) { - return nextproto6_cksum(ndo, ip6, (const uint8_t *)tp, len, len, - IPPROTO_TCP); + return nextproto6_cksum(ndo, ip6, (const uint8_t *)tp, len, len, + IPPROTO_TCP); } void @@ -172,7 +172,9 @@ tcp_print(netdissect_options *ndo, uint16_t magic; int rev; const struct ip6_hdr *ip6; + u_int header_len; /* Header length in bytes */ + ndo->ndo_protocol = "tcp"; tp = (const struct tcphdr *)bp; ip = (const struct ip *)bp2; if (IP_V(ip) == 6) @@ -181,36 +183,43 @@ tcp_print(netdissect_options *ndo, ip6 = NULL; ch = '\0'; if (!ND_TTEST_2(tp->th_dport)) { - ND_PRINT("%s > %s: [|tcp]", - ipaddr_string(ndo, &ip->ip_src), - ipaddr_string(ndo, &ip->ip_dst)); + if (ip6) { + ND_PRINT("%s > %s:", + GET_IP6ADDR_STRING(ip6->ip6_src), + GET_IP6ADDR_STRING(ip6->ip6_dst)); + } else { + ND_PRINT("%s > %s:", + GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); + } + nd_print_trunc(ndo); return; } - sport = EXTRACT_BE_U_2(tp->th_sport); - dport = EXTRACT_BE_U_2(tp->th_dport); + sport = GET_BE_U_2(tp->th_sport); + dport = GET_BE_U_2(tp->th_dport); if (ip6) { - if (EXTRACT_U_1(ip6->ip6_nxt) == IPPROTO_TCP) { + if (GET_U_1(ip6->ip6_nxt) == IPPROTO_TCP) { ND_PRINT("%s.%s > %s.%s: ", - ip6addr_string(ndo, &ip6->ip6_src), - tcpport_string(ndo, sport), - ip6addr_string(ndo, &ip6->ip6_dst), - tcpport_string(ndo, dport)); + GET_IP6ADDR_STRING(ip6->ip6_src), + tcpport_string(ndo, sport), + GET_IP6ADDR_STRING(ip6->ip6_dst), + tcpport_string(ndo, dport)); } else { ND_PRINT("%s > %s: ", - tcpport_string(ndo, sport), tcpport_string(ndo, dport)); + tcpport_string(ndo, sport), tcpport_string(ndo, dport)); } } else { - if (EXTRACT_U_1(ip->ip_p) == IPPROTO_TCP) { + if (GET_U_1(ip->ip_p) == IPPROTO_TCP) { ND_PRINT("%s.%s > %s.%s: ", - ipaddr_string(ndo, &ip->ip_src), - tcpport_string(ndo, sport), - ipaddr_string(ndo, &ip->ip_dst), - tcpport_string(ndo, dport)); + GET_IPADDR_STRING(ip->ip_src), + tcpport_string(ndo, sport), + GET_IPADDR_STRING(ip->ip_dst), + tcpport_string(ndo, dport)); } else { ND_PRINT("%s > %s: ", - tcpport_string(ndo, sport), tcpport_string(ndo, dport)); + tcpport_string(ndo, sport), tcpport_string(ndo, dport)); } } @@ -219,26 +228,26 @@ tcp_print(netdissect_options *ndo, hlen = TH_OFF(tp) * 4; if (hlen < sizeof(*tp)) { - ND_PRINT(" tcp %u [bad hdr length %u - too short, < %lu]", - length - hlen, hlen, (unsigned long)sizeof(*tp)); + ND_PRINT(" tcp %u [bad hdr length %u - too short, < %zu]", + length - hlen, hlen, sizeof(*tp)); return; } - seq = EXTRACT_BE_U_4(tp->th_seq); - ack = EXTRACT_BE_U_4(tp->th_ack); - win = EXTRACT_BE_U_2(tp->th_win); - urp = EXTRACT_BE_U_2(tp->th_urp); + seq = GET_BE_U_4(tp->th_seq); + ack = GET_BE_U_4(tp->th_ack); + win = GET_BE_U_2(tp->th_win); + urp = GET_BE_U_2(tp->th_urp); if (ndo->ndo_qflag) { ND_PRINT("tcp %u", length - hlen); if (hlen > length) { ND_PRINT(" [bad hdr length %u - too long, > %u]", - hlen, length); + hlen, length); } return; } - flags = EXTRACT_U_1(tp->th_flags); + flags = GET_U_1(tp->th_flags); ND_PRINT("Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags)); if (!ndo->ndo_Sflag && (flags & TH_ACK)) { @@ -256,22 +265,22 @@ tcp_print(netdissect_options *ndo, struct tha6 tha; tcp_seq_hash = tcp_seq_hash6; - src = (const void *)&ip6->ip6_src; - dst = (const void *)&ip6->ip6_dst; + src = (const void *)ip6->ip6_src; + dst = (const void *)ip6->ip6_dst; if (sport > dport) rev = 1; else if (sport == dport) { - if (UNALIGNED_MEMCMP(src, dst, sizeof ip6->ip6_dst) > 0) + if (UNALIGNED_MEMCMP(src, dst, sizeof(ip6->ip6_dst)) > 0) rev = 1; } if (rev) { - UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip6->ip6_dst); - UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip6->ip6_src); - tha.port = dport << 16 | sport; + UNALIGNED_MEMCPY(&tha.src, dst, sizeof(ip6->ip6_dst)); + UNALIGNED_MEMCPY(&tha.dst, src, sizeof(ip6->ip6_src)); + tha.port = ((u_int)dport) << 16 | sport; } else { - UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip6->ip6_dst); - UNALIGNED_MEMCPY(&tha.src, src, sizeof ip6->ip6_src); - tha.port = sport << 16 | dport; + UNALIGNED_MEMCPY(&tha.dst, dst, sizeof(ip6->ip6_dst)); + UNALIGNED_MEMCPY(&tha.src, src, sizeof(ip6->ip6_src)); + tha.port = ((u_int)sport) << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; @@ -282,12 +291,15 @@ tcp_print(netdissect_options *ndo, if (!th->nxt || (flags & TH_SYN)) { /* didn't find it or new conversation */ + /* calloc() return used by the 'tcp_seq_hash6' + hash table: do not free() */ if (th->nxt == NULL) { th->nxt = (struct tcp_seq_hash6 *) calloc(1, sizeof(*th)); if (th->nxt == NULL) (*ndo->ndo_error)(ndo, - "tcp_print: calloc"); + S_ERR_ND_MEM_ALLOC, + "%s: calloc", __func__); } th->addr = tha; if (rev) @@ -312,17 +324,21 @@ tcp_print(netdissect_options *ndo, if (sport > dport) rev = 1; else if (sport == dport) { - if (UNALIGNED_MEMCMP(&ip->ip_src, &ip->ip_dst, sizeof ip->ip_dst) > 0) + if (UNALIGNED_MEMCMP(ip->ip_src, ip->ip_dst, sizeof(ip->ip_dst)) > 0) rev = 1; } if (rev) { - UNALIGNED_MEMCPY(&tha.src, &ip->ip_dst, sizeof ip->ip_dst); - UNALIGNED_MEMCPY(&tha.dst, &ip->ip_src, sizeof ip->ip_src); - tha.port = dport << 16 | sport; + UNALIGNED_MEMCPY(&tha.src, ip->ip_dst, + sizeof(ip->ip_dst)); + UNALIGNED_MEMCPY(&tha.dst, ip->ip_src, + sizeof(ip->ip_src)); + tha.port = ((u_int)dport) << 16 | sport; } else { - UNALIGNED_MEMCPY(&tha.dst, &ip->ip_dst, sizeof ip->ip_dst); - UNALIGNED_MEMCPY(&tha.src, &ip->ip_src, sizeof ip->ip_src); - tha.port = sport << 16 | dport; + UNALIGNED_MEMCPY(&tha.dst, ip->ip_dst, + sizeof(ip->ip_dst)); + UNALIGNED_MEMCPY(&tha.src, ip->ip_src, + sizeof(ip->ip_src)); + tha.port = ((u_int)sport) << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; @@ -333,12 +349,15 @@ tcp_print(netdissect_options *ndo, if (!th->nxt || (flags & TH_SYN)) { /* didn't find it or new conversation */ + /* calloc() return used by the 'tcp_seq_hash4' + hash table: do not free() */ if (th->nxt == NULL) { th->nxt = (struct tcp_seq_hash *) calloc(1, sizeof(*th)); if (th->nxt == NULL) (*ndo->ndo_error)(ndo, - "tcp_print: calloc"); + S_ERR_ND_MEM_ALLOC, + "%s: calloc", __func__); } th->addr = tha; if (rev) @@ -361,7 +380,7 @@ tcp_print(netdissect_options *ndo, } if (hlen > length) { ND_PRINT(" [bad hdr length %u - too long, > %u]", - hlen, length); + hlen, length); return; } @@ -372,7 +391,7 @@ tcp_print(netdissect_options *ndo, if (IP_V(ip) == 4) { if (ND_TTEST_LEN(tp->th_sport, length)) { sum = tcp_cksum(ndo, ip, tp, length); - tcp_sum = EXTRACT_BE_U_2(tp->th_sum); + tcp_sum = GET_BE_U_2(tp->th_sum); ND_PRINT(", cksum 0x%04x", tcp_sum); if (sum != 0) @@ -381,10 +400,10 @@ tcp_print(netdissect_options *ndo, else ND_PRINT(" (correct)"); } - } else if (IP_V(ip) == 6 && ip6->ip6_plen) { + } else if (IP_V(ip) == 6) { if (ND_TTEST_LEN(tp->th_sport, length)) { sum = tcp6_cksum(ndo, ip6, tp, length); - tcp_sum = EXTRACT_BE_U_2(tp->th_sum); + tcp_sum = GET_BE_U_2(tp->th_sum); ND_PRINT(", cksum 0x%04x", tcp_sum); if (sum != 0) @@ -428,14 +447,12 @@ tcp_print(netdissect_options *ndo, while (hlen > 0) { if (ch != '\0') ND_PRINT("%c", ch); - ND_TCHECK_1(cp); - opt = EXTRACT_U_1(cp); + opt = GET_U_1(cp); cp++; if (ZEROLENOPT(opt)) len = 1; else { - ND_TCHECK_1(cp); - len = EXTRACT_U_1(cp); + len = GET_U_1(cp); cp++; /* total including type, len */ if (len < 2 || len > hlen) goto bad; @@ -455,13 +472,13 @@ tcp_print(netdissect_options *ndo, case TCPOPT_MAXSEG: datalen = 2; LENCHECK(datalen); - ND_PRINT(" %u", EXTRACT_BE_U_2(cp)); + ND_PRINT(" %u", GET_BE_U_2(cp)); break; case TCPOPT_WSCALE: datalen = 1; LENCHECK(datalen); - ND_PRINT(" %u", EXTRACT_U_1(cp)); + ND_PRINT(" %u", GET_U_1(cp)); break; case TCPOPT_SACK: @@ -474,9 +491,9 @@ tcp_print(netdissect_options *ndo, ND_PRINT(" %u ", datalen / 8); for (i = 0; i < datalen; i += 8) { LENCHECK(i + 4); - s = EXTRACT_BE_U_4(cp + i); + s = GET_BE_U_4(cp + i); LENCHECK(i + 8); - e = EXTRACT_BE_U_4(cp + i + 4); + e = GET_BE_U_4(cp + i + 4); if (rev) { s -= thseq; e -= thseq; @@ -501,15 +518,15 @@ tcp_print(netdissect_options *ndo, */ datalen = 4; LENCHECK(datalen); - ND_PRINT(" %u", EXTRACT_BE_U_4(cp)); + ND_PRINT(" %u", GET_BE_U_4(cp)); break; case TCPOPT_TIMESTAMP: datalen = 8; LENCHECK(datalen); ND_PRINT(" val %u ecr %u", - EXTRACT_BE_U_4(cp), - EXTRACT_BE_U_4(cp + 4)); + GET_BE_U_4(cp), + GET_BE_U_4(cp + 4)); break; case TCPOPT_SIGNATURE: @@ -525,25 +542,27 @@ tcp_print(netdissect_options *ndo, break; case SIGNATURE_INVALID: - ND_PRINT("invalid"); + nd_print_invalid(ndo); break; case CANT_CHECK_SIGNATURE: ND_PRINT("can't check - "); for (i = 0; i < TCP_SIGLEN; ++i) - ND_PRINT("%02x", EXTRACT_U_1(cp + i)); + ND_PRINT("%02x", + GET_U_1(cp + i)); break; } #else for (i = 0; i < TCP_SIGLEN; ++i) - ND_PRINT("%02x", EXTRACT_U_1(cp + i)); + ND_PRINT("%02x", GET_U_1(cp + i)); #endif break; case TCPOPT_SCPS: datalen = 2; LENCHECK(datalen); - ND_PRINT(" cap %02x id %u", EXTRACT_U_1(cp), EXTRACT_U_1(cp + 1)); + ND_PRINT(" cap %02x id %u", GET_U_1(cp), + GET_U_1(cp + 1)); break; case TCPOPT_TCPAO: @@ -554,17 +573,19 @@ tcp_print(netdissect_options *ndo, * at this point.) */ if (datalen < 2) { - ND_PRINT(" invalid"); + nd_print_invalid(ndo); } else { LENCHECK(1); - ND_PRINT(" keyid %u", EXTRACT_U_1(cp)); + ND_PRINT(" keyid %u", GET_U_1(cp)); LENCHECK(2); - ND_PRINT(" rnextkeyid %u", EXTRACT_U_1(cp + 1)); + ND_PRINT(" rnextkeyid %u", + GET_U_1(cp + 1)); if (datalen > 2) { ND_PRINT(" mac 0x"); for (i = 2; i < datalen; i++) { LENCHECK(i + 1); - ND_PRINT("%02x", EXTRACT_U_1(cp + i)); + ND_PRINT("%02x", + GET_U_1(cp + i)); } } } @@ -582,7 +603,7 @@ tcp_print(netdissect_options *ndo, case TCPOPT_UTO: datalen = 2; LENCHECK(datalen); - utoval = EXTRACT_BE_U_2(cp); + utoval = GET_BE_U_2(cp); ND_PRINT(" 0x%x", utoval); if (utoval & 0x0001) utoval = (utoval >> 1) * 60; @@ -592,11 +613,28 @@ tcp_print(netdissect_options *ndo, break; case TCPOPT_MPTCP: + { + const u_char *snapend_save; + int ret; + datalen = len - 2; LENCHECK(datalen); - if (!mptcp_print(ndo, cp-2, len, flags)) + /* Update the snapend to the end of the option + * before calling mptcp_print(). Some options + * (MPTCP or others) may be present after a + * MPTCP option. This prevents that, in + * mptcp_print(), the remaining length < the + * remaining caplen. + */ + snapend_save = ndo->ndo_snapend; + ndo->ndo_snapend = ND_MIN(cp - 2 + len, + ndo->ndo_snapend); + ret = mptcp_print(ndo, cp - 2, len, flags); + ndo->ndo_snapend = snapend_save; + if (!ret) goto bad; break; + } case TCPOPT_FASTOPEN: datalen = len - 2; @@ -611,7 +649,7 @@ tcp_print(netdissect_options *ndo, if (datalen < 2) goto bad; /* RFC6994 */ - magic = EXTRACT_BE_U_2(cp); + magic = GET_BE_U_2(cp); ND_PRINT("-"); switch(magic) { @@ -633,7 +671,7 @@ tcp_print(netdissect_options *ndo, ND_PRINT(" 0x"); for (i = 0; i < datalen; ++i) { LENCHECK(i + 1); - ND_PRINT("%02x", EXTRACT_U_1(cp + i)); + ND_PRINT("%02x", GET_U_1(cp + i)); } break; } @@ -643,9 +681,9 @@ tcp_print(netdissect_options *ndo, hlen -= datalen; /* Check specification against observed length */ - ++datalen; /* option octet */ + ++datalen; /* option octet */ if (!ZEROLENOPT(opt)) - ++datalen; /* size octet */ + ++datalen; /* size octet */ if (datalen != len) ND_PRINT("[len %u]", len); ch = ','; @@ -660,13 +698,23 @@ tcp_print(netdissect_options *ndo, */ ND_PRINT(", length %u", length); - if (length <= 0) + if (length == 0) return; /* * Decode payload if necessary. */ - bp += TH_OFF(tp) * 4; + header_len = TH_OFF(tp) * 4; + /* + * Do a bounds check before decoding the payload. + * At least the header data is required. + */ + if (!ND_TTEST_LEN(bp, header_len)) { + ND_PRINT(" [remaining caplen(%u) < header length(%u)]", + ND_BYTES_AVAILABLE_AFTER(bp), header_len); + nd_trunc_longjmp(ndo); + } + bp += header_len; if ((flags & TH_RST) && ndo->ndo_vflag) { print_tcp_rst_data(ndo, bp, length); return; @@ -680,59 +728,67 @@ tcp_print(netdissect_options *ndo, case PT_RESP: resp_print(ndo, bp, length); break; + case PT_DOMAIN: + /* over_tcp: TRUE, is_mdns: FALSE */ + domain_print(ndo, bp, length, TRUE, FALSE); + break; } return; } - if (IS_SRC_OR_DST_PORT(TELNET_PORT)) { + if (IS_SRC_OR_DST_PORT(FTP_PORT)) { + ND_PRINT(": "); + ftp_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(SSH_PORT)) { + ssh_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(TELNET_PORT)) { telnet_print(ndo, bp, length); } else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) { ND_PRINT(": "); smtp_print(ndo, bp, length); } else if (IS_SRC_OR_DST_PORT(WHOIS_PORT)) { ND_PRINT(": "); - txtproto_print(ndo, bp, length, "whois", NULL, 0); /* RFC 3912 */ - } else if (IS_SRC_OR_DST_PORT(BGP_PORT)) + whois_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(NAMESERVER_PORT)) { + /* over_tcp: TRUE, is_mdns: FALSE */ + domain_print(ndo, bp, length, TRUE, FALSE); + } else if (IS_SRC_OR_DST_PORT(HTTP_PORT)) { + ND_PRINT(": "); + http_print(ndo, bp, length); +#ifdef ENABLE_SMB + } else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) { + nbt_tcp_print(ndo, bp, length); +#endif + } else if (IS_SRC_OR_DST_PORT(BGP_PORT)) { bgp_print(ndo, bp, length); - else if (IS_SRC_OR_DST_PORT(PPTP_PORT)) + } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) { + rpki_rtr_print(ndo, bp, length); +#ifdef ENABLE_SMB + } else if (IS_SRC_OR_DST_PORT(SMB_PORT)) { + smb_tcp_print(ndo, bp, length); +#endif + } else if (IS_SRC_OR_DST_PORT(RTSP_PORT)) { + ND_PRINT(": "); + rtsp_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) { + msdp_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(LDP_PORT)) { + ldp_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(PPTP_PORT)) pptp_print(ndo, bp); else if (IS_SRC_OR_DST_PORT(REDIS_PORT)) resp_print(ndo, bp, length); -#ifdef ENABLE_SMB - else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) - nbt_tcp_print(ndo, bp, length); - else if (IS_SRC_OR_DST_PORT(SMB_PORT)) - smb_tcp_print(ndo, bp, length); -#endif else if (IS_SRC_OR_DST_PORT(BEEP_PORT)) beep_print(ndo, bp, length); - else if (IS_SRC_OR_DST_PORT(OPENFLOW_PORT_OLD) || IS_SRC_OR_DST_PORT(OPENFLOW_PORT_IANA)) + else if (IS_SRC_OR_DST_PORT(OPENFLOW_PORT_OLD) || IS_SRC_OR_DST_PORT(OPENFLOW_PORT_IANA)) { openflow_print(ndo, bp, length); - else if (IS_SRC_OR_DST_PORT(FTP_PORT)) { - ND_PRINT(": "); - ftp_print(ndo, bp, length); - } else if (IS_SRC_OR_DST_PORT(HTTP_PORT) || IS_SRC_OR_DST_PORT(HTTP_PORT_ALT)) { + } else if (IS_SRC_OR_DST_PORT(HTTP_PORT_ALT)) { ND_PRINT(": "); http_print(ndo, bp, length); - } else if (IS_SRC_OR_DST_PORT(RTSP_PORT) || IS_SRC_OR_DST_PORT(RTSP_PORT_ALT)) { + } else if (IS_SRC_OR_DST_PORT(RTSP_PORT_ALT)) { ND_PRINT(": "); rtsp_print(ndo, bp, length); - } else if (length > 2 && - (IS_SRC_OR_DST_PORT(NAMESERVER_PORT))) { - /* - * TCP DNS query has 2byte length at the head. - * XXX packet could be unaligned, it can go strange - */ - domain_print(ndo, bp + 2, length - 2, 0); - } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) { - msdp_print(ndo, bp, length); - } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) { - rpki_rtr_print(ndo, bp, length); - } - else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) { - ldp_print(ndo, bp, length); - } - else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && + } else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && length >= 4 && ND_TTEST_4(bp)) { /* * If data present, header length valid, and NFS port used, @@ -744,21 +800,21 @@ tcp_print(netdissect_options *ndo, const struct sunrpc_msg *rp; enum sunrpc_msg_type direction; - fraglen = EXTRACT_BE_U_4(bp) & 0x7FFFFFFF; + fraglen = GET_BE_U_4(bp) & 0x7FFFFFFF; if (fraglen > (length) - 4) fraglen = (length) - 4; rp = (const struct sunrpc_msg *)(bp + 4); if (ND_TTEST_4(rp->rm_direction)) { - direction = (enum sunrpc_msg_type) EXTRACT_BE_U_4(rp->rm_direction); + direction = (enum sunrpc_msg_type) GET_BE_U_4(rp->rm_direction); if (dport == NFS_PORT && direction == SUNRPC_CALL) { ND_PRINT(": NFS request xid %u ", - EXTRACT_BE_U_4(rp->rm_xid)); + GET_BE_U_4(rp->rm_xid)); nfsreq_noaddr_print(ndo, (const u_char *)rp, fraglen, (const u_char *)ip); return; } if (sport == NFS_PORT && direction == SUNRPC_REPLY) { ND_PRINT(": NFS reply xid %u ", - EXTRACT_BE_U_4(rp->rm_xid)); + GET_BE_U_4(rp->rm_xid)); nfsreply_noaddr_print(ndo, (const u_char *)rp, fraglen, (const u_char *)ip); return; } @@ -766,13 +822,13 @@ tcp_print(netdissect_options *ndo, } return; - bad: +bad: ND_PRINT("[bad opt]"); if (ch != '\0') - ND_PRINT(">"); + ND_PRINT("]"); return; - trunc: - ND_PRINT("[|tcp]"); +trunc: + nd_print_trunc(ndo); if (ch != '\0') ND_PRINT(">"); } @@ -796,7 +852,7 @@ static void print_tcp_rst_data(netdissect_options *ndo, const u_char *sp, u_int length) { - int c; + u_char c; ND_PRINT(ND_TTEST_LEN(sp, length) ? " [RST" : " [!RST"); if (length > MAX_RST_DATA_LEN) { @@ -804,10 +860,11 @@ print_tcp_rst_data(netdissect_options *ndo, ND_PRINT("+"); /* indicate we truncate */ } ND_PRINT(" "); - while (length-- && sp < ndo->ndo_snapend) { - c = EXTRACT_U_1(sp); + while (length && sp < ndo->ndo_snapend) { + c = GET_U_1(sp); sp++; - safeputchar(ndo, c); + fn_print_char(ndo, c); + length--; } ND_PRINT("]"); } @@ -827,17 +884,17 @@ print_tcp_fastopen_option(netdissect_options *ndo, const u_char *cp, } else { /* Fast Open Cookie */ if (datalen % 2 != 0 || datalen < 4 || datalen > 16) { - ND_PRINT(" invalid"); + nd_print_invalid(ndo); } else { ND_PRINT(" cookie "); for (i = 0; i < datalen; ++i) - ND_PRINT("%02x", EXTRACT_U_1(cp + i)); + ND_PRINT("%02x", GET_U_1(cp + i)); } } } #ifdef HAVE_LIBCRYPTO -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION static int tcp_verify_signature(netdissect_options *ndo, const struct ip *ip, const struct tcphdr *tp, @@ -852,15 +909,15 @@ tcp_verify_signature(netdissect_options *ndo, uint32_t len32; uint8_t nxt; - if (data + length > ndo->ndo_snapend) { - ND_PRINT("snaplen too short, "); - return (CANT_CHECK_SIGNATURE); - } + if (data + length > ndo->ndo_snapend) { + ND_PRINT("snaplen too short, "); + return (CANT_CHECK_SIGNATURE); + } tp1 = *tp; if (ndo->ndo_sigsecret == NULL) { - ND_PRINT("shared secret not supplied with -M, "); + ND_PRINT("shared secret not supplied with -M, "); return (CANT_CHECK_SIGNATURE); } @@ -873,14 +930,14 @@ tcp_verify_signature(netdissect_options *ndo, MD5_Update(&ctx, (const char *)&ip->ip_dst, sizeof(ip->ip_dst)); MD5_Update(&ctx, (const char *)&zero_proto, sizeof(zero_proto)); MD5_Update(&ctx, (const char *)&ip->ip_p, sizeof(ip->ip_p)); - tlen = EXTRACT_BE_U_2(ip->ip_len) - IP_HL(ip) * 4; + tlen = GET_BE_U_2(ip->ip_len) - IP_HL(ip) * 4; tlen = htons(tlen); MD5_Update(&ctx, (const char *)&tlen, sizeof(tlen)); } else if (IP_V(ip) == 6) { ip6 = (const struct ip6_hdr *)ip; MD5_Update(&ctx, (const char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); MD5_Update(&ctx, (const char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); - len32 = htonl(EXTRACT_BE_U_2(ip6->ip6_plen)); + len32 = htonl(GET_BE_U_2(ip6->ip6_plen)); MD5_Update(&ctx, (const char *)&len32, sizeof(len32)); nxt = 0; MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt)); @@ -889,7 +946,7 @@ tcp_verify_signature(netdissect_options *ndo, nxt = IPPROTO_TCP; MD5_Update(&ctx, (const char *)&nxt, sizeof(nxt)); } else { - ND_PRINT("IP version not 4 or 6, "); + ND_PRINT("IP version not 4 or 6, "); return (CANT_CHECK_SIGNATURE); } @@ -917,12 +974,5 @@ tcp_verify_signature(netdissect_options *ndo, else return (SIGNATURE_INVALID); } -USES_APPLE_RST +DIAG_ON_DEPRECATION #endif /* HAVE_LIBCRYPTO */ - -/* - * Local Variables: - * c-style: whitesmith - * c-basic-offset: 8 - * End: - */