X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/83b356e177deb463d4b00917303947b4ab713be2..532534b6366927708baa6dc8dcf62d8924ab5efc:/print-tcp.c?ds=inline diff --git a/print-tcp.c b/print-tcp.c index c731d949..b80a2f26 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -23,6 +23,8 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* \summary: TCP printer */ + #ifndef lint #else __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); @@ -125,8 +127,9 @@ static const struct tok tcp_option_values[] = { { TCPOPT_CCNEW, "ccnew" }, { TCPOPT_CCECHO, "" }, { TCPOPT_SIGNATURE, "md5" }, - { TCPOPT_AUTH, "enhanced auth" }, + { TCPOPT_SCPS, "scps" }, { TCPOPT_UTO, "uto" }, + { TCPOPT_TCPAO, "tcp-ao" }, { TCPOPT_MPTCP, "mptcp" }, { TCPOPT_FASTOPEN, "tfo" }, { TCPOPT_EXPERIMENT2, "exp" }, @@ -187,8 +190,6 @@ tcp_print(netdissect_options *ndo, sport = EXTRACT_16BITS(&tp->th_sport); dport = EXTRACT_16BITS(&tp->th_dport); - hlen = TH_OFF(tp) * 4; - if (ip6) { if (ip6->ip6_nxt == IPPROTO_TCP) { ND_PRINT((ndo, "%s.%s > %s.%s: ", @@ -213,14 +214,16 @@ tcp_print(netdissect_options *ndo, } } + ND_TCHECK(*tp); + + hlen = TH_OFF(tp) * 4; + if (hlen < sizeof(*tp)) { ND_PRINT((ndo, " tcp %d [bad hdr length %u - too short, < %lu]", length - hlen, hlen, (unsigned long)sizeof(*tp))); return; } - ND_TCHECK(*tp); - seq = EXTRACT_32BITS(&tp->th_seq); ack = EXTRACT_32BITS(&tp->th_ack); win = EXTRACT_16BITS(&tp->th_win); @@ -264,11 +267,11 @@ tcp_print(netdissect_options *ndo, if (rev) { UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip6->ip6_dst); UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip6->ip6_src); - tha.port = dport << 16 | sport; + tha.port = ((u_int)dport) << 16 | sport; } else { UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip6->ip6_dst); UNALIGNED_MEMCPY(&tha.src, src, sizeof ip6->ip6_src); - tha.port = sport << 16 | dport; + tha.port = ((u_int)sport) << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; @@ -315,11 +318,11 @@ tcp_print(netdissect_options *ndo, if (rev) { UNALIGNED_MEMCPY(&tha.src, &ip->ip_dst, sizeof ip->ip_dst); UNALIGNED_MEMCPY(&tha.dst, &ip->ip_src, sizeof ip->ip_src); - tha.port = dport << 16 | sport; + tha.port = ((u_int)dport) << 16 | sport; } else { UNALIGNED_MEMCPY(&tha.dst, &ip->ip_dst, sizeof ip->ip_dst); UNALIGNED_MEMCPY(&tha.src, &ip->ip_src, sizeof ip->ip_src); - tha.port = sport << 16 | dport; + tha.port = ((u_int)sport) << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; @@ -462,7 +465,7 @@ tcp_print(netdissect_options *ndo, case TCPOPT_SACK: datalen = len - 2; if (datalen % 8 != 0) { - ND_PRINT((ndo, "invalid sack")); + ND_PRINT((ndo, " invalid sack")); } else { uint32_t s, e; @@ -510,6 +513,7 @@ tcp_print(netdissect_options *ndo, case TCPOPT_SIGNATURE: datalen = TCP_SIGLEN; LENCHECK(datalen); + ND_PRINT((ndo, " ")); #ifdef HAVE_LIBCRYPTO switch (tcp_verify_signature(ndo, ip, tp, bp + TH_OFF(tp) * 4, length, cp)) { @@ -534,15 +538,35 @@ tcp_print(netdissect_options *ndo, #endif break; - case TCPOPT_AUTH: - ND_PRINT((ndo, "keyid %d", *cp++)); - datalen = len - 3; - for (i = 0; i < datalen; ++i) { - LENCHECK(i); - ND_PRINT((ndo, "%02x", cp[i])); - } + case TCPOPT_SCPS: + datalen = 2; + LENCHECK(datalen); + ND_PRINT((ndo, " cap %02x id %u", cp[0], cp[1])); break; + case TCPOPT_TCPAO: + datalen = len - 2; + /* RFC 5925 Section 2.2: + * "The Length value MUST be greater than or equal to 4." + * (This includes the Kind and Length fields already processed + * at this point.) + */ + if (datalen < 2) { + ND_PRINT((ndo, " invalid")); + } else { + LENCHECK(1); + ND_PRINT((ndo, " keyid %u", cp[0])); + LENCHECK(2); + ND_PRINT((ndo, " rnextkeyid %u", cp[1])); + if (datalen > 2) { + ND_PRINT((ndo, " mac 0x")); + for (i = 2; i < datalen; i++) { + LENCHECK(i + 1); + ND_PRINT((ndo, "%02x", cp[i])); + } + } + } + break; case TCPOPT_EOL: case TCPOPT_NOP: @@ -557,7 +581,7 @@ tcp_print(netdissect_options *ndo, datalen = 2; LENCHECK(datalen); utoval = EXTRACT_16BITS(cp); - ND_PRINT((ndo, "0x%x", utoval)); + ND_PRINT((ndo, " 0x%x", utoval)); if (utoval & 0x0001) utoval = (utoval >> 1) * 60; else @@ -575,6 +599,7 @@ tcp_print(netdissect_options *ndo, case TCPOPT_FASTOPEN: datalen = len - 2; LENCHECK(datalen); + ND_PRINT((ndo, " ")); print_tcp_fastopen_option(ndo, cp, datalen, FALSE); break; @@ -605,7 +630,7 @@ tcp_print(netdissect_options *ndo, if (datalen) ND_PRINT((ndo, " 0x")); for (i = 0; i < datalen; ++i) { - LENCHECK(i); + LENCHECK(i + 1); ND_PRINT((ndo, "%02x", cp[i])); } break; @@ -650,6 +675,9 @@ tcp_print(netdissect_options *ndo, case PT_ZMTP1: zmtp1_print(ndo, bp, length); break; + case PT_RESP: + resp_print(ndo, bp, length); + break; } return; } @@ -663,6 +691,8 @@ tcp_print(netdissect_options *ndo, bgp_print(ndo, bp, length); else if (IS_SRC_OR_DST_PORT(PPTP_PORT)) pptp_print(ndo, bp); + else if (IS_SRC_OR_DST_PORT(REDIS_PORT)) + resp_print(ndo, bp, length); #ifdef ENABLE_SMB else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) nbt_tcp_print(ndo, bp, length); @@ -684,6 +714,12 @@ tcp_print(netdissect_options *ndo, rtsp_print(ndo, bp, length); } else if (length > 2 && (IS_SRC_OR_DST_PORT(NAMESERVER_PORT))) { + /* domain_print() assumes it does not have to prepend a space before its + * own output to separate it from the output of the calling function. This + * works well with udp_print(), but requires a small prop here. + */ + ND_PRINT((ndo, " ")); + /* * TCP DNS query has 2byte length at the head. * XXX packet could be unaligned, it can go strange