X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/8c88f9f54a37bd257471d72d78fc7e211113495d..c39d40a767a1ae36171e5bcbf6f157ff3e80fb6c:/print-esp.c?ds=sidebyside diff --git a/print-esp.c b/print-esp.c index 0b3ecc91..d1ea1005 100644 --- a/print-esp.c +++ b/print-esp.c @@ -45,10 +45,14 @@ #endif #include "netdissect.h" -#include "strtoaddr.h" #include "extract.h" +#include "diag-control.h" + +#ifdef HAVE_LIBCRYPTO +#include "strtoaddr.h" #include "ascii_strcasecmp.h" +#endif #include "ip.h" #include "ip6.h" @@ -276,7 +280,7 @@ do_decrypt(netdissect_options *ndo, const char *caller, struct sa_list *sa, * dissecting anything in it and before it does any dissection of * anything in the old buffer. That will free the new buffer. */ -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo, int initiator, const u_char spii[8], @@ -332,7 +336,7 @@ int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo, return 1; } -USES_APPLE_RST +DIAG_ON_DEPRECATION static void esp_print_addsa(netdissect_options *ndo, struct sa_list *sa, int sa_def) @@ -345,7 +349,7 @@ static void esp_print_addsa(netdissect_options *ndo, nsa = (struct sa_list *)malloc(sizeof(struct sa_list)); if (nsa == NULL) (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, - "esp_print_addsa: malloc"); + "%s: malloc", __func__); *nsa = *sa; @@ -411,7 +415,7 @@ int espprint_decode_hex(netdissect_options *ndo, * decode the form: SPINUM@IP ALGONAME:0xsecret */ -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION static int espprint_decode_encalgo(netdissect_options *ndo, char *decode, struct sa_list *sa) @@ -476,7 +480,7 @@ espprint_decode_encalgo(netdissect_options *ndo, return 1; } -USES_APPLE_RST +DIAG_ON_DEPRECATION /* * for the moment, ignore the auth algorithm, just hard code the authenticator @@ -601,8 +605,8 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line, secretfile = fopen(filename, FOPEN_READ_TXT); if (secretfile == NULL) { (*ndo->ndo_error)(ndo, S_ERR_ND_OPEN_FILE, - "print_esp: can't open %s: %s\n", - filename, strerror(errno)); + "%s: can't open %s: %s\n", + __func__, filename, strerror(errno)); } while (fgets(fileline, sizeof(fileline)-1, secretfile) != NULL) { @@ -668,7 +672,7 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line, esp_print_addsa(ndo, &sa1, sa_def); } -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION static void esp_init(netdissect_options *ndo _U_) { /* @@ -681,7 +685,7 @@ static void esp_init(netdissect_options *ndo _U_) #endif EVP_add_cipher_alias(SN_des_ede3_cbc, "3des"); } -USES_APPLE_RST +DIAG_ON_DEPRECATION void esp_decodesecret_print(netdissect_options *ndo) { @@ -718,7 +722,7 @@ void esp_decodesecret_print(netdissect_options *ndo) #endif #ifdef HAVE_LIBCRYPTO -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION #endif void esp_print(netdissect_options *ndo, @@ -878,7 +882,7 @@ esp_print(netdissect_options *ndo, if (!nd_push_buffer(ndo, pt, pt, ep)) { free(pt); (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, - "esp_print: can't push buffer on buffer stack"); + "%s: can't push buffer on buffer stack", __func__); } /* @@ -901,14 +905,22 @@ esp_print(netdissect_options *ndo, ND_PRINT(": "); + /* + * Don't put padding + padding length(1 byte) + next header(1 byte) + * in the buffer because they are not part of the plaintext to decode. + */ + nd_push_snapend(ndo, ep - (padlen + 2)); + /* Now dissect the plaintext. */ - ip_print_demux(ndo, pt, payloadlen - (padlen + 2), ver, fragmented, - ttl_hl, nh, bp2); + ip_demux_print(ndo, pt, payloadlen - (padlen + 2), ver, fragmented, + ttl_hl, nh, bp2); /* Pop the buffer, freeing it. */ nd_pop_packet_info(ndo); + /* Pop the nd_push_snapend */ + nd_pop_packet_info(ndo); #endif } #ifdef HAVE_LIBCRYPTO -USES_APPLE_RST +DIAG_ON_DEPRECATION #endif