X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/8234cdad9b3f82b4fadd2fd882f8b7280d412b1b..de609332672cfed86d5562d3d9a89212a5fc9f39:/print-tcp.c

diff --git a/print-tcp.c b/print-tcp.c
index 6cce9e21..d3462063 100644
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.111 2004-03-23 07:15:36 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.115 2004-05-27 21:20:50 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -53,7 +53,7 @@ static const char rcsid[] _U_ =
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/md5.h>
 
-static int tcp_verify_signature(const struct ip *ip, struct tcphdr *tp,
+static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
     const u_char *data, int length, const u_char *rcvsig);
 #endif
 
@@ -406,23 +406,27 @@ tcp_print(register const u_char *bp, register u_int length,
 		u_int16_t sum, tcp_sum;
 		if (TTEST2(tp->th_sport, length)) {
 			sum = tcp_cksum(ip, tp, length);
+
+                        (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum));
 			if (sum != 0) {
 				tcp_sum = EXTRACT_16BITS(&tp->th_sum);
-				(void)printf(" [bad tcp cksum %x (->%x)!]",
-				    tcp_sum, in_cksum_shouldbe(tcp_sum, sum));
+				(void)printf(" (incorrect (-> 0x%04x),",in_cksum_shouldbe(tcp_sum, sum));
 			} else
-				(void)printf(" [tcp sum ok]");
+				(void)printf(" (correct),");
 		}
 	}
 #ifdef INET6
 	if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !fragmented) {
-		int sum;
+		u_int16_t sum,tcp_sum;
 		if (TTEST2(tp->th_sport, length)) {
 			sum = tcp6_cksum(ip6, tp, length);
-			if (sum != 0)
-				(void)printf(" [bad tcp cksum %x!]", sum);
-			else
-				(void)printf(" [tcp sum ok]");
+                        (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum));
+			if (sum != 0) {
+				tcp_sum = EXTRACT_16BITS(&tp->th_sum);
+				(void)printf(" (incorrect (-> 0x%04x),",in_cksum_shouldbe(tcp_sum, sum));
+			} else
+				(void)printf(" (correct),");
+
 		}
 	}
 #endif
@@ -570,10 +574,6 @@ tcp_print(register const u_char *bp, register u_int length,
 
 			case TCPOPT_SIGNATURE:
 				(void)printf("md5:");
-				if (IP_V(ip) != 4) {
-					(void)printf("!ipv4");
-					break;
-				}
 				datalen = TCP_SIGLEN;
 				LENCHECK(datalen);
 #ifdef HAVE_LIBCRYPTO
@@ -650,8 +650,9 @@ tcp_print(register const u_char *bp, register u_int length,
 		} else if (sport == MSDP_PORT || dport == MSDP_PORT) {
 			msdp_print(bp, length);
 		}
-                else if (sport == LDP_PORT || dport == LDP_PORT)
-                        printf(": LDP, length: %u", length);
+                else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) {
+                        ldp_print(bp, length);
+		}
 	}
 	return;
 bad:
@@ -703,13 +704,19 @@ print_tcp_rst_data(register const u_char *sp, u_int length)
 
 #ifdef HAVE_LIBCRYPTO
 static int
-tcp_verify_signature(const struct ip *ip, struct tcphdr *tp,
+tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
     const u_char *data, int length, const u_char *rcvsig)
 {
+        struct tcphdr tp1;
 	char sig[TCP_SIGLEN];
 	char zero_proto = 0;
 	MD5_CTX ctx;
-	u_short savecsum, tlen;
+	u_int16_t savecsum, tlen;
+	struct ip6_hdr *ip6;
+	u_int32_t len32;
+	u_int8_t nxt;
+
+	tp1 = *tp;
 
 	if (tcpmd5secret == NULL)
 		return (-1);
@@ -718,21 +725,37 @@ tcp_verify_signature(const struct ip *ip, struct tcphdr *tp,
 	/*
 	 * Step 1: Update MD5 hash with IP pseudo-header.
 	 */
-	MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src));
-	MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst));
-	MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto));
-	MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p));
-	tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
-	tlen = htons(tlen);
-	MD5_Update(&ctx, (char *)&tlen, sizeof(tlen));
+	if (IP_V(ip) == 4) {
+		MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src));
+		MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst));
+		MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto));
+		MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p));
+		tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
+		tlen = htons(tlen);
+		MD5_Update(&ctx, (char *)&tlen, sizeof(tlen));
+	} else if (IP_V(ip) == 6) {
+		ip6 = (struct ip6_hdr *)ip;
+		MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
+		MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst));
+		len32 = htonl(ntohs(ip6->ip6_plen));
+		MD5_Update(&ctx, (char *)&len32, sizeof(len32));
+		nxt = 0;
+		MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+		MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+		MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+		nxt = IPPROTO_TCP;
+		MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+	} else
+		return (-1);
+
 	/*
 	 * Step 2: Update MD5 hash with TCP header, excluding options.
 	 * The TCP checksum must be set to zero.
 	 */
-	savecsum = tp->th_sum;
-	tp->th_sum = 0;
-	MD5_Update(&ctx, (char *)tp, sizeof(struct tcphdr));
-	tp->th_sum = savecsum;
+	savecsum = tp1.th_sum;
+	tp1.th_sum = 0;
+	MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr));
+	tp1.th_sum = savecsum;
 	/*
 	 * Step 3: Update MD5 hash with TCP segment data, if present.
 	 */