X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/8f002a3cccc30aca8feb4dab323d3ebba68d95cc..refs/heads/tcpdump-3.9:/print-tcp.c diff --git a/print-tcp.c b/print-tcp.c index 852300ce..9b6c2a2f 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -2,6 +2,8 @@ * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * + * Copyright (c) 1999-2004 The tcpdump.org project + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) @@ -20,26 +22,19 @@ */ #ifndef lint -static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.80 2000-11-17 19:08:16 itojun Exp $ (LBL)"; +static const char rcsid[] _U_ = + "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.120.2.3 2005-10-16 06:05:46 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include -#include - -#include - -#include +#include #include #include #include -#include -#include #include "interface.h" #include "addrtoname.h" @@ -51,51 +46,28 @@ static const char rcsid[] = #ifdef INET6 #include "ip6.h" #endif +#include "ipproto.h" +#include "rpc_auth.h" +#include "rpc_msg.h" -static void print_tcp_rst_data(register const u_char *sp, u_int length); +#include "nameser.h" -#define MAX_RST_DATA_LEN 30 +#ifdef HAVE_LIBCRYPTO +#include -/* Compatibility */ -#ifndef TCPOPT_WSCALE -#define TCPOPT_WSCALE 3 /* window scale factor (rfc1072) */ -#endif -#ifndef TCPOPT_SACKOK -#define TCPOPT_SACKOK 4 /* selective ack ok (rfc1072) */ -#endif -#ifndef TCPOPT_SACK -#define TCPOPT_SACK 5 /* selective ack (rfc1072) */ -#endif -#ifndef TCPOPT_ECHO -#define TCPOPT_ECHO 6 /* echo (rfc1072) */ -#endif -#ifndef TCPOPT_ECHOREPLY -#define TCPOPT_ECHOREPLY 7 /* echo (rfc1072) */ -#endif -#ifndef TCPOPT_TIMESTAMP -#define TCPOPT_TIMESTAMP 8 /* timestamps (rfc1323) */ -#endif -#ifndef TCPOPT_CC -#define TCPOPT_CC 11 /* T/TCP CC options (rfc1644) */ -#endif -#ifndef TCPOPT_CCNEW -#define TCPOPT_CCNEW 12 /* T/TCP CC options (rfc1644) */ -#endif -#ifndef TCPOPT_CCECHO -#define TCPOPT_CCECHO 13 /* T/TCP CC options (rfc1644) */ -#endif +#define SIGNATURE_VALID 0 +#define SIGNATURE_INVALID 1 +#define CANT_CHECK_SIGNATURE 2 -/* - * Definitions required for ECN - * for use if the OS running tcpdump does not have ECN - */ -#ifndef TH_ECNECHO -#define TH_ECNECHO 0x40 /* ECN Echo in tcp header */ -#endif -#ifndef TH_CWR -#define TH_CWR 0x80 /* ECN Cwnd Reduced in tcp header*/ +static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, + const u_char *data, int length, const u_char *rcvsig); #endif +static void print_tcp_rst_data(register const u_char *sp, u_int length); + +#define MAX_RST_DATA_LEN 30 + + struct tha { #ifndef INET6 struct in_addr src; @@ -129,16 +101,20 @@ static struct tcp_seq_hash tcp_seq_hash[TSEQ_HASHSIZE]; #define BGP_PORT 179 #endif #define NETBIOS_SSN_PORT 139 -#define BXXP_PORT 10288 +#ifndef PPTP_PORT +#define PPTP_PORT 1723 +#endif +#define BEEP_PORT 10288 #ifndef NFS_PORT #define NFS_PORT 2049 #endif +#define MSDP_PORT 639 +#define LDP_PORT 646 static int tcp_cksum(register const struct ip *ip, register const struct tcphdr *tp, - register int len) + register u_int len) { - int i, tlen; union phu { struct phdr { u_int32_t src; @@ -149,41 +125,28 @@ static int tcp_cksum(register const struct ip *ip, } ph; u_int16_t pa[6]; } phu; - register const u_int16_t *sp; - u_int32_t sum; - tlen = ntohs(ip->ip_len) - ((const char *)tp-(const char*)ip); + const u_int16_t *sp; /* pseudo-header.. */ - phu.ph.len = htons(tlen); + phu.ph.len = htons((u_int16_t)len); phu.ph.mbz = 0; phu.ph.proto = IPPROTO_TCP; memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t)); - memcpy(&phu.ph.dst, &ip->ip_dst.s_addr, sizeof(u_int32_t)); + if (IP_HL(ip) == 5) + memcpy(&phu.ph.dst, &ip->ip_dst.s_addr, sizeof(u_int32_t)); + else + phu.ph.dst = ip_finddst(ip); sp = &phu.pa[0]; - sum = sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]; - - sp = (const u_int16_t *)tp; - - for (i=0; i<(tlen&~1); i+= 2) - sum += *sp++; - - if (tlen & 1) { - sum += htons( (*(const char *)sp) << 8); - } - - while (sum > 0xffff) - sum = (sum & 0xffff) + (sum >> 16); - sum = ~sum & 0xffff; - - return (sum); + return in_cksum((u_short *)tp, len, + sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]); } #ifdef INET6 static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp, - int len) + u_int len) { - int i, tlen; + size_t i; register const u_int16_t *sp; u_int32_t sum; union { @@ -197,14 +160,11 @@ static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp, u_int16_t pa[20]; } phu; - tlen = ntohs(ip6->ip6_plen) + sizeof(struct ip6_hdr) - - ((const char *)tp - (const char*)ip6); - /* pseudo-header */ memset(&phu, 0, sizeof(phu)); phu.ph.ph_src = ip6->ip6_src; phu.ph.ph_dst = ip6->ip6_dst; - phu.ph.ph_len = htonl(tlen); + phu.ph.ph_len = htonl(len); phu.ph.ph_nxt = IPPROTO_TCP; sum = 0; @@ -213,11 +173,11 @@ static int tcp6_cksum(const struct ip6_hdr *ip6, const struct tcphdr *tp, sp = (const u_int16_t *)tp; - for (i = 0; i < (tlen & ~1); i += 2) + for (i = 0; i < (len & ~1); i += 2) sum += *sp++; - if (tlen & 1) - sum += htons((*(const char *)sp) << 8); + if (len & 1) + sum += htons((*(const u_int8_t *)sp) << 8); while (sum > 0xffff) sum = (sum & 0xffff) + (sum >> 16); @@ -234,7 +194,7 @@ tcp_print(register const u_char *bp, register u_int length, register const struct tcphdr *tp; register const struct ip *ip; register u_char flags; - register int hlen; + register u_int hlen; register char ch; u_int16_t sport, dport, win, urp; u_int32_t seq, ack, thseq, thack; @@ -259,27 +219,27 @@ tcp_print(register const u_char *bp, register u_int length, return; } - sport = ntohs(tp->th_sport); - dport = ntohs(tp->th_dport); - + sport = EXTRACT_16BITS(&tp->th_sport); + dport = EXTRACT_16BITS(&tp->th_dport); hlen = TH_OFF(tp) * 4; /* - * If data present and NFS port used, assume NFS. + * If data present, header length valid, and NFS port used, + * assume NFS. * Pass offset of data plus 4 bytes for RPC TCP msg length * to NFS print routines. */ - if (!qflag) { - if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend && + if (!qflag && hlen >= sizeof(*tp) && hlen <= length) { + if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend && dport == NFS_PORT) { - nfsreq_print((u_char *)tp + hlen + 4, length-hlen, + nfsreq_print((u_char *)tp + hlen + 4, length - hlen, (u_char *)ip); return; - } else if ((u_char *)tp + 4 + sizeof(struct rpc_msg) + } else if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend && sport == NFS_PORT) { - nfsreply_print((u_char *)tp + hlen + 4,length-hlen, + nfsreply_print((u_char *)tp + hlen + 4, length - hlen, (u_char *)ip); return; } @@ -311,15 +271,25 @@ tcp_print(register const u_char *bp, register u_int length, } } + if (hlen < sizeof(*tp)) { + (void)printf(" tcp %d [bad hdr length %u - too short, < %lu]", + length - hlen, hlen, (unsigned long)sizeof(*tp)); + return; + } + TCHECK(*tp); - seq = (u_int32_t)ntohl(tp->th_seq); - ack = (u_int32_t)ntohl(tp->th_ack); - win = ntohs(tp->th_win); - urp = ntohs(tp->th_urp); + seq = EXTRACT_32BITS(&tp->th_seq); + ack = EXTRACT_32BITS(&tp->th_ack); + win = EXTRACT_16BITS(&tp->th_win); + urp = EXTRACT_16BITS(&tp->th_urp); if (qflag) { - (void)printf("tcp %d", length - TH_OFF(tp) * 4); + (void)printf("tcp %d", length - hlen); + if (hlen > length) { + (void)printf(" [bad hdr length %u - too long, > %u]", + hlen, length); + } return; } if ((flags = tp->th_flags) & (TH_SYN|TH_FIN|TH_RST|TH_PUSH| @@ -341,6 +311,7 @@ tcp_print(register const u_char *bp, register u_int length, if (!Sflag && (flags & TH_ACK)) { register struct tcp_seq_hash *th; + const void *src, *dst; register int rev; struct tha tha; /* @@ -353,63 +324,68 @@ tcp_print(register const u_char *bp, register u_int length, memset(&tha, 0, sizeof(tha)); rev = 0; if (ip6) { - if (sport > dport) { + src = &ip6->ip6_src; + dst = &ip6->ip6_dst; + if (sport > dport) rev = 1; - } else if (sport == dport) { - int i; - - for (i = 0; i < 4; i++) { - if (((u_int32_t *)(&ip6->ip6_src))[i] > - ((u_int32_t *)(&ip6->ip6_dst))[i]) { + else if (sport == dport) { + if (memcmp(src, dst, sizeof ip6->ip6_dst) > 0) rev = 1; - break; - } - } } if (rev) { - tha.src = ip6->ip6_dst; - tha.dst = ip6->ip6_src; + memcpy(&tha.src, dst, sizeof ip6->ip6_dst); + memcpy(&tha.dst, src, sizeof ip6->ip6_src); tha.port = dport << 16 | sport; } else { - tha.dst = ip6->ip6_dst; - tha.src = ip6->ip6_src; + memcpy(&tha.dst, dst, sizeof ip6->ip6_dst); + memcpy(&tha.src, src, sizeof ip6->ip6_src); tha.port = sport << 16 | dport; } } else { - if (sport > dport || - (sport == dport && - ip->ip_src.s_addr > ip->ip_dst.s_addr)) { + src = &ip->ip_src; + dst = &ip->ip_dst; + if (sport > dport) rev = 1; + else if (sport == dport) { + if (memcmp(src, dst, sizeof ip->ip_dst) > 0) + rev = 1; } if (rev) { - *(struct in_addr *)&tha.src = ip->ip_dst; - *(struct in_addr *)&tha.dst = ip->ip_src; + memcpy(&tha.src, dst, sizeof ip->ip_dst); + memcpy(&tha.dst, src, sizeof ip->ip_src); tha.port = dport << 16 | sport; } else { - *(struct in_addr *)&tha.dst = ip->ip_dst; - *(struct in_addr *)&tha.src = ip->ip_src; + memcpy(&tha.dst, dst, sizeof ip->ip_dst); + memcpy(&tha.src, src, sizeof ip->ip_src); tha.port = sport << 16 | dport; } } #else - if (sport < dport || - (sport == dport && - ip->ip_src.s_addr < ip->ip_dst.s_addr)) { - tha.src = ip->ip_src, tha.dst = ip->ip_dst; - tha.port = sport << 16 | dport; - rev = 0; - } else { - tha.src = ip->ip_dst, tha.dst = ip->ip_src; - tha.port = dport << 16 | sport; + rev = 0; + src = &ip->ip_src; + dst = &ip->ip_dst; + if (sport > dport) rev = 1; + else if (sport == dport) { + if (memcmp(src, dst, sizeof ip->ip_dst) > 0) + rev = 1; + } + if (rev) { + memcpy(&tha.src, dst, sizeof ip->ip_dst); + memcpy(&tha.dst, src, sizeof ip->ip_src); + tha.port = dport << 16 | sport; + } else { + memcpy(&tha.dst, dst, sizeof ip->ip_dst); + memcpy(&tha.src, src, sizeof ip->ip_src); + tha.port = sport << 16 | dport; } #endif threv = rev; for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; th->nxt; th = th->nxt) - if (!memcmp((char *)&tha, (char *)&th->addr, - sizeof(th->addr))) + if (memcmp((char *)&tha, (char *)&th->addr, + sizeof(th->addr)) == 0) break; if (!th->nxt || (flags & TH_SYN)) { @@ -425,7 +401,6 @@ tcp_print(register const u_char *bp, register u_int length, th->ack = seq, th->seq = ack - 1; else th->seq = seq, th->ack = ack - 1; - } else { if (rev) seq -= th->ack, ack -= th->seq; @@ -440,36 +415,43 @@ tcp_print(register const u_char *bp, register u_int length, thseq = thack = threv = 0; } if (hlen > length) { - (void)printf(" [bad hdr length]"); + (void)printf(" [bad hdr length %u - too long, > %u]", + hlen, length); return; } if (IP_V(ip) == 4 && vflag && !fragmented) { - int sum; + u_int16_t sum, tcp_sum; if (TTEST2(tp->th_sport, length)) { sum = tcp_cksum(ip, tp, length); - if (sum != 0) - (void)printf(" [bad tcp cksum %x!]", sum); - else - (void)printf(" [tcp sum ok]"); + + (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum)); + if (sum != 0) { + tcp_sum = EXTRACT_16BITS(&tp->th_sum); + (void)printf(" (incorrect (-> 0x%04x),",in_cksum_shouldbe(tcp_sum, sum)); + } else + (void)printf(" (correct),"); } } #ifdef INET6 if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !fragmented) { - int sum; + u_int16_t sum,tcp_sum; if (TTEST2(tp->th_sport, length)) { sum = tcp6_cksum(ip6, tp, length); - if (sum != 0) - (void)printf(" [bad tcp cksum %x!]", sum); - else - (void)printf(" [tcp sum ok]"); + (void)printf(", cksum 0x%04x",EXTRACT_16BITS(&tp->th_sum)); + if (sum != 0) { + tcp_sum = EXTRACT_16BITS(&tp->th_sum); + (void)printf(" (incorrect (-> 0x%04x),",in_cksum_shouldbe(tcp_sum, sum)); + } else + (void)printf(" (correct),"); + } } #endif length -= hlen; if (vflag > 1 || length > 0 || flags & (TH_SYN | TH_FIN | TH_RST)) - (void)printf(" %u:%u(%d)", seq, seq + length, length); + (void)printf(" %u:%u(%u)", seq, seq + length, length); if (flags & TH_ACK) (void)printf(" ack %u", ack); @@ -480,10 +462,12 @@ tcp_print(register const u_char *bp, register u_int length, /* * Handle any options. */ - if ((hlen -= sizeof(*tp)) > 0) { + if (hlen > sizeof(*tp)) { register const u_char *cp; - register int i, opt, len, datalen; + register u_int i, opt, datalen; + register u_int len; + hlen -= sizeof(*tp); cp = (const u_char *)tp + sizeof(*tp); putchar(' '); ch = '<'; @@ -536,14 +520,13 @@ tcp_print(register const u_char *bp, register u_int length, break; case TCPOPT_SACK: - (void)printf("sack"); datalen = len - 2; if (datalen % 8 != 0) { - (void)printf(" malformed sack "); + (void)printf("malformed sack"); } else { u_int32_t s, e; - (void)printf(" sack %d ", datalen / 8); + (void)printf("sack %d ", datalen / 8); for (i = 0; i < datalen; i += 8) { LENCHECK(i + 4); s = EXTRACT_32BITS(cp + i); @@ -558,7 +541,6 @@ tcp_print(register const u_char *bp, register u_int length, } (void)printf("{%u:%u}", s, e); } - (void)printf(" "); } break; @@ -606,8 +588,36 @@ tcp_print(register const u_char *bp, register u_int length, (void)printf(" %u", EXTRACT_32BITS(cp)); break; + case TCPOPT_SIGNATURE: + (void)printf("md5:"); + datalen = TCP_SIGLEN; + LENCHECK(datalen); +#ifdef HAVE_LIBCRYPTO + switch (tcp_verify_signature(ip, tp, + bp + TH_OFF(tp) * 4, length, cp)) { + + case SIGNATURE_VALID: + (void)printf("valid"); + break; + + case SIGNATURE_INVALID: + (void)printf("invalid"); + break; + + case CANT_CHECK_SIGNATURE: + (void)printf("can't check - "); + for (i = 0; i < TCP_SIGLEN; ++i) + (void)printf("%02x", cp[i]); + break; + } +#else + for (i = 0; i < TCP_SIGLEN; ++i) + (void)printf("%02x", cp[i]); +#endif + break; + default: - (void)printf("opt-%d:", opt); + (void)printf("opt-%u:", opt); datalen = len - 2; for (i = 0; i < datalen; ++i) { LENCHECK(i); @@ -649,10 +659,28 @@ tcp_print(register const u_char *bp, register u_int length, telnet_print(bp, length); } else if (sport == BGP_PORT || dport == BGP_PORT) bgp_print(bp, length); + else if (sport == PPTP_PORT || dport == PPTP_PORT) + pptp_print(bp); +#ifdef TCPDUMP_DO_SMB else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT) nbt_tcp_print(bp, length); - else if (sport == BXXP_PORT || dport == BXXP_PORT) - bxxp_print(bp, length); +#endif + else if (sport == BEEP_PORT || dport == BEEP_PORT) + beep_print(bp, length); + else if (length > 2 && + (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT || + sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) { + /* + * TCP DNS query has 2byte length at the head. + * XXX packet could be unaligned, it can go strange + */ + ns_print(bp + 2, length - 2, 0); + } else if (sport == MSDP_PORT || dport == MSDP_PORT) { + msdp_print(bp, length); + } + else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) { + ldp_print(bp, length); + } } return; bad: @@ -697,10 +725,83 @@ print_tcp_rst_data(register const u_char *sp, u_int length) putchar(' '); while (length-- && sp <= snapend) { c = *sp++; - if (isprint(c)) - putchar(c); - else - putchar('.'); + safeputchar(c); } putchar(']'); } + +#ifdef HAVE_LIBCRYPTO +static int +tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, + const u_char *data, int length, const u_char *rcvsig) +{ + struct tcphdr tp1; + u_char sig[TCP_SIGLEN]; + char zero_proto = 0; + MD5_CTX ctx; + u_int16_t savecsum, tlen; +#ifdef INET6 + struct ip6_hdr *ip6; +#endif + u_int32_t len32; + u_int8_t nxt; + + tp1 = *tp; + + if (tcpmd5secret == NULL) + return (CANT_CHECK_SIGNATURE); + + MD5_Init(&ctx); + /* + * Step 1: Update MD5 hash with IP pseudo-header. + */ + if (IP_V(ip) == 4) { + MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src)); + MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst)); + MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto)); + MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p)); + tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4; + tlen = htons(tlen); + MD5_Update(&ctx, (char *)&tlen, sizeof(tlen)); +#ifdef INET6 + } else if (IP_V(ip) == 6) { + ip6 = (struct ip6_hdr *)ip; + MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); + MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); + len32 = htonl(ntohs(ip6->ip6_plen)); + MD5_Update(&ctx, (char *)&len32, sizeof(len32)); + nxt = 0; + MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); + MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); + MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); + nxt = IPPROTO_TCP; + MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); +#endif + } else + return (CANT_CHECK_SIGNATURE); + + /* + * Step 2: Update MD5 hash with TCP header, excluding options. + * The TCP checksum must be set to zero. + */ + savecsum = tp1.th_sum; + tp1.th_sum = 0; + MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr)); + tp1.th_sum = savecsum; + /* + * Step 3: Update MD5 hash with TCP segment data, if present. + */ + if (length > 0) + MD5_Update(&ctx, data, length); + /* + * Step 4: Update MD5 hash with shared secret. + */ + MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret)); + MD5_Final(sig, &ctx); + + if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0) + return (SIGNATURE_VALID); + else + return (SIGNATURE_INVALID); +} +#endif /* HAVE_LIBCRYPTO */