Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/tcpdump - domain: avoid infinite loop in DNS packet...
details: https://anonhg.NetBSD.org/src/rev/8a2def46609f
branches: trunk
changeset: 485295:8a2def46609f
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Apr 24 13:01:23 2000 +0000
description:
- domain: avoid infinite loop in DNS packet printing.
- isakmp: print CERT and SIG payload. fix IPsec-AH algorithm type.
- rt6: avoid duplicated IPv6 src/dst.
sync with tcpdump.org.
XXX we need to think about future synchronization with tcpdump.org...
diffstat:
usr.sbin/tcpdump/Makefile | 4 +-
usr.sbin/tcpdump/print-domain.c | 24 +++++++-
usr.sbin/tcpdump/print-isakmp.c | 116 +++++++++++++++++++++++++++++++++------
usr.sbin/tcpdump/print-rt6.c | 94 ++++++++++++++++---------------
4 files changed, 169 insertions(+), 69 deletions(-)
diffs (truncated from 450 to 300 lines):
diff -r e5c97ed71626 -r 8a2def46609f usr.sbin/tcpdump/Makefile
--- a/usr.sbin/tcpdump/Makefile Mon Apr 24 12:59:43 2000 +0000
+++ b/usr.sbin/tcpdump/Makefile Mon Apr 24 13:01:23 2000 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.18 1999/12/10 05:45:07 itojun Exp $
+# $NetBSD: Makefile,v 1.19 2000/04/24 13:01:23 itojun Exp $
PROG= tcpdump
MAN= tcpdump.8
@@ -9,7 +9,7 @@
CPPFLAGS+=-DRETSIGTYPE=void -DRETSIGVAL= -DHAVE_SIGACTION=1
CPPFLAGS+=-DHAVE_SOCKADDR_SA_LEN=1 -DHAVE_FDDI -DHAVE_TOKEN -DLBL_ALIGN
CPPFLAGS+=-DHAVE_HDLC
-CPPFLAGS+=-DINET6 -DHAVE_LIBZ -DHAVE_ZLIB_H
+CPPFLAGS+=-DINET6 -DHAVE_LIBZ -DHAVE_ZLIB_H -DHAVE_SOCKADDR_STORAGE
LDADD+= -lpcap -ll
DPADD+= ${LIBPCAP} ${LIBL}
diff -r e5c97ed71626 -r 8a2def46609f usr.sbin/tcpdump/print-domain.c
--- a/usr.sbin/tcpdump/print-domain.c Mon Apr 24 12:59:43 2000 +0000
+++ b/usr.sbin/tcpdump/print-domain.c Mon Apr 24 13:01:23 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: print-domain.c,v 1.7 1999/07/06 13:05:14 itojun Exp $ */
+/* $NetBSD: print-domain.c,v 1.8 2000/04/24 13:01:23 itojun Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -27,7 +27,7 @@
static const char rcsid[] =
"@(#) Header: print-domain.c,v 1.39 97/06/13 12:56:28 leres Exp (LBL)";
#else
-__RCSID("$NetBSD: print-domain.c,v 1.7 1999/07/06 13:05:14 itojun Exp $");
+__RCSID("$NetBSD: print-domain.c,v 1.8 2000/04/24 13:01:23 itojun Exp $");
#endif
#endif
@@ -53,7 +53,6 @@
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
#ifdef NOERROR
#undef NOERROR /* Solaris sucks */
@@ -184,8 +183,11 @@
register u_int i;
register const u_char *rp;
register int compress;
+ int chars_processed;
+ int data_size = snapend - bp;
i = *cp++;
+ chars_processed = 1;
rp = cp + i;
if ((i & INDIR_MASK) == INDIR_MASK) {
rp = cp + 1;
@@ -197,13 +199,29 @@
if ((i & INDIR_MASK) == INDIR_MASK) {
cp = bp + (((i << 8) | *cp) & 0x3fff);
i = *cp++;
+ chars_processed++;
+
+ /*
+ * If we've looked at every character in
+ * the message, this pointer will make
+ * us look at some character again,
+ * which means we're looping.
+ */
+ if (chars_processed >= data_size) {
+ fn_printn(cp, 6, "<LOOP>");
+ if (!compress)
+ rp += i + 1;
+ return (rp);
+ }
continue;
}
if (fn_printn(cp, i, snapend))
break;
cp += i;
+ chars_processed += i;
putchar('.');
i = *cp++;
+ chars_processed++;
if (!compress)
rp += i + 1;
}
diff -r e5c97ed71626 -r 8a2def46609f usr.sbin/tcpdump/print-isakmp.c
--- a/usr.sbin/tcpdump/print-isakmp.c Mon Apr 24 12:59:43 2000 +0000
+++ b/usr.sbin/tcpdump/print-isakmp.c Mon Apr 24 13:01:23 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: print-isakmp.c,v 1.4 2000/01/02 13:15:54 itojun Exp $ */
+/* $NetBSD: print-isakmp.c,v 1.5 2000/04/24 13:01:24 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -36,7 +36,7 @@
"@(#) KAME Header: /cvsroot/kame/kame/kame/kame/tcpdump/print-isakmp.c,v 1.3 1999/12/01 01:41:25 itojun Exp";
#else
#include <sys/cdefs.h>
-__RCSID("$NetBSD: print-isakmp.c,v 1.4 2000/01/02 13:15:54 itojun Exp $");
+__RCSID("$NetBSD: print-isakmp.c,v 1.5 2000/04/24 13:01:24 itojun Exp $");
#endif
#endif
@@ -75,6 +75,10 @@
#include "addrtoname.h"
#include "extract.h" /* must come after interface.h */
+#ifndef HAVE_SOCKADDR_STORAGE
+#define sockaddr_storage sockaddr
+#endif
+
static u_char *isakmp_sa_print __P((struct isakmp_gen *, u_char *, u_int32_t,
u_int32_t, u_int32_t));
static u_char *isakmp_p_print __P((struct isakmp_gen *, u_char *, u_int32_t,
@@ -85,6 +89,10 @@
u_int32_t, u_int32_t));
static u_char *isakmp_id_print __P((struct isakmp_gen *, u_char *, u_int32_t,
u_int32_t, u_int32_t));
+static u_char *isakmp_cert_print __P((struct isakmp_gen *, u_char *, u_int32_t,
+ u_int32_t, u_int32_t));
+static u_char *isakmp_sig_print __P((struct isakmp_gen *, u_char *, u_int32_t,
+ u_int32_t, u_int32_t));
static u_char *isakmp_hash_print __P((struct isakmp_gen *, u_char *,
u_int32_t, u_int32_t, u_int32_t));
static u_char *isakmp_nonce_print __P((struct isakmp_gen *, u_char *,
@@ -129,10 +137,10 @@
isakmp_t_print,
isakmp_ke_print,
isakmp_id_print,
- NULL,
- NULL,
+ isakmp_cert_print,
+ isakmp_cert_print,
isakmp_hash_print,
- NULL,
+ isakmp_sig_print,
isakmp_nonce_print,
isakmp_n_print,
isakmp_d_print,
@@ -209,11 +217,15 @@
sizeof(cookiecache[ninitiator].raddr));
sin = (struct sockaddr_in *)&cookiecache[ninitiator].iaddr;
+#ifdef HAVE_SOCKADDR_SA_LEN
sin->sin_len = sizeof(struct sockaddr_in);
+#endif
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &ip->ip_src, sizeof(ip->ip_src));
sin = (struct sockaddr_in *)&cookiecache[ninitiator].raddr;
+#ifdef HAVE_SOCKADDR_SA_LEN
sin->sin_len = sizeof(struct sockaddr_in);
+#endif
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst));
break;
@@ -226,11 +238,15 @@
ip6 = (struct ip6_hdr *)bp2;
sin6 = (struct sockaddr_in6 *)&cookiecache[ninitiator].iaddr;
+#ifdef HAVE_SOCKADDR_SA_LEN
sin6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, &ip6->ip6_src, sizeof(ip6->ip6_src));
sin6 = (struct sockaddr_in6 *)&cookiecache[ninitiator].raddr;
+#ifdef HAVE_SOCKADDR_SA_LEN
sin6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, &ip6->ip6_dst, sizeof(ip6->ip6_dst));
break;
@@ -248,20 +264,23 @@
cookie_sidecheck(int i, const u_char *bp2, int initiator)
{
struct sockaddr_storage ss;
+ struct sockaddr *sa;
struct ip *ip;
struct sockaddr_in *sin;
#ifdef INET6
struct ip6_hdr *ip6;
struct sockaddr_in6 *sin6;
#endif
- struct sockaddr *sa1, *sa2;
+ int salen;
memset(&ss, 0, sizeof(ss));
ip = (struct ip *)bp2;
switch (ip->ip_v) {
case 4:
sin = (struct sockaddr_in *)&ss;
+#ifdef HAVE_SOCKADDR_SA_LEN
sin->sin_len = sizeof(struct sockaddr_in);
+#endif
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &ip->ip_src, sizeof(ip->ip_src));
break;
@@ -269,7 +288,9 @@
case 6:
ip6 = (struct ip6_hdr *)bp2;
sin6 = (struct sockaddr_in6 *)&ss;
+#ifdef HAVE_SOCKADDR_SA_LEN
sin6->sin6_len = sizeof(struct sockaddr_in6);
+#endif
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, &ip6->ip6_src, sizeof(ip6->ip6_src));
break;
@@ -278,20 +299,42 @@
return 0;
}
+ sa = (struct sockaddr *)&ss;
if (initiator) {
- sa1 = (struct sockaddr *)&ss;
- sa2 = (struct sockaddr *)&cookiecache[i].iaddr;
+ if (sa->sa_family != ((struct sockaddr *)&cookiecache[i].iaddr)->sa_family)
+ return 0;
+#ifdef HAVE_SOCKADDR_SA_LEN
+ salen = sa->sa_len;
+#else
+#ifdef INET6
+ if (sa->sa_family == AF_INET6)
+ salen = sizeof(struct sockaddr_in6);
+ else
+ salen = sizeof(struct sockaddr);
+#else
+ salen = sizeof(struct sockaddr);
+#endif
+#endif
+ if (memcmp(&ss, &cookiecache[i].iaddr, salen) == 0)
+ return 1;
} else {
- sa1 = (struct sockaddr *)&ss;
- sa2 = (struct sockaddr *)&cookiecache[i].raddr;
+ if (sa->sa_family != ((struct sockaddr *)&cookiecache[i].raddr)->sa_family)
+ return 0;
+#ifdef HAVE_SOCKADDR_SA_LEN
+ salen = sa->sa_len;
+#else
+#ifdef INET6
+ if (sa->sa_family == AF_INET6)
+ salen = sizeof(struct sockaddr_in6);
+ else
+ salen = sizeof(struct sockaddr);
+#else
+ salen = sizeof(struct sockaddr);
+#endif
+#endif
+ if (memcmp(&ss, &cookiecache[i].raddr, salen) == 0)
+ return 1;
}
-
- if (sa1->sa_family != sa2->sa_family)
- return 0;
- if (sa1->sa_len != sa2->sa_len)
- return 0;
- if (memcmp(sa1, sa2, sa1->sa_len) == 0)
- return 1;
return 0;
}
@@ -459,7 +502,7 @@
};
static char *ah_p_map[] = {
- NULL, "md5", "sha", "1des",
+ NULL, "(reserved)", "md5", "sha", "1des",
};
static char *esp_p_map[] = {
@@ -720,6 +763,29 @@
}
static u_char *
+isakmp_cert_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
+ u_int32_t doi0, u_int32_t proto0)
+{
+ struct isakmp_pl_cert *p;
+ static char *certstr[] = {
+ "none", "pkcs7", "pgp", "dns",
+ "x509sign", "x509ke", "kerberos", "crl",
+ "arl", "spki", "x509attr",
+ };
+
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_CERT));
+
+ p = (struct isakmp_pl_cert *)ext;
+ printf(" len=%d", ntohs(ext->len) - 4);
+ printf(" type=%s", STR_OR_ID((p->encode), certstr));
+ if (2 < vflag && 4 < ntohs(ext->len)) {
+ printf(" ");
+ rawprint((caddr_t)(ext + 1), ntohs(ext->len) - 4);
+ }
+ return (u_char *)ext + ntohs(ext->len);
+}
+
+static u_char *
isakmp_hash_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
u_int32_t doi, u_int32_t proto)
{
Home |
Main Index |
Thread Index |
Old Index