1 /* $NetBSD: print-tcp.c,v 1.9 2007/07/26 18:15:12 plunky Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Copyright (c) 1999-2004 The tcpdump.org project 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that: (1) source code distributions 11 * retain the above copyright notice and this paragraph in its entirety, (2) 12 * distributions including binary code include the above copyright notice and 13 * this paragraph in its entirety in the documentation or other materials 14 * provided with the distribution, and (3) all advertising materials mentioning 15 * features or use of this software display the following acknowledgement: 16 * ``This product includes software developed by the University of California, 17 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 18 * the University nor the names of its contributors may be used to endorse 19 * or promote products derived from this software without specific prior 20 * written permission. 21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 22 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 24 */ 25 26 #ifndef lint 27 static const char rcsid[] _U_ = 28 "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.135 2008-11-09 23:35:03 mcr Exp $ (LBL)"; 29 #else 30 __RCSID("$NetBSD: print-tcp.c,v 1.8 2007/07/24 11:53:48 drochner Exp $"); 31 #endif 32 33 #ifdef HAVE_CONFIG_H 34 #include "config.h" 35 #endif 36 37 #include <tcpdump-stdinc.h> 38 39 #include <stdio.h> 40 #include <stdlib.h> 41 #include <string.h> 42 43 #include "interface.h" 44 #include "addrtoname.h" 45 #include "extract.h" 46 47 #include "tcp.h" 48 49 #include "ip.h" 50 #ifdef INET6 51 #include "ip6.h" 52 #endif 53 #include "ipproto.h" 54 #include "rpc_auth.h" 55 #include "rpc_msg.h" 56 57 #include "nameser.h" 58 59 #ifdef HAVE_LIBCRYPTO 60 #include <openssl/md5.h> 61 #include <signature.h> 62 63 static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, 64 const u_char *data, int length, const u_char *rcvsig); 65 #endif 66 67 static void print_tcp_rst_data(register const u_char *sp, u_int length); 68 69 #define MAX_RST_DATA_LEN 30 70 71 72 struct tha { 73 struct in_addr src; 74 struct in_addr dst; 75 u_int port; 76 }; 77 78 struct tcp_seq_hash { 79 struct tcp_seq_hash *nxt; 80 struct tha addr; 81 tcp_seq seq; 82 tcp_seq ack; 83 }; 84 85 #ifdef INET6 86 struct tha6 { 87 struct in6_addr src; 88 struct in6_addr dst; 89 u_int port; 90 }; 91 92 struct tcp_seq_hash6 { 93 struct tcp_seq_hash6 *nxt; 94 struct tha6 addr; 95 tcp_seq seq; 96 tcp_seq ack; 97 }; 98 #endif 99 100 #define TSEQ_HASHSIZE 919 101 102 /* These tcp optinos do not have the size octet */ 103 #define ZEROLENOPT(o) ((o) == TCPOPT_EOL || (o) == TCPOPT_NOP) 104 105 static struct tcp_seq_hash tcp_seq_hash4[TSEQ_HASHSIZE]; 106 #ifdef INET6 107 static struct tcp_seq_hash6 tcp_seq_hash6[TSEQ_HASHSIZE]; 108 #endif 109 110 static const struct tok tcp_flag_values[] = { 111 { TH_FIN, "F" }, 112 { TH_SYN, "S" }, 113 { TH_RST, "R" }, 114 { TH_PUSH, "P" }, 115 { TH_ACK, "." }, 116 { TH_URG, "U" }, 117 { TH_ECNECHO, "E" }, 118 { TH_CWR, "W" }, 119 { 0, NULL } 120 }; 121 122 static const struct tok tcp_option_values[] = { 123 { TCPOPT_EOL, "eol" }, 124 { TCPOPT_NOP, "nop" }, 125 { TCPOPT_MAXSEG, "mss" }, 126 { TCPOPT_WSCALE, "wscale" }, 127 { TCPOPT_SACKOK, "sackOK" }, 128 { TCPOPT_SACK, "sack" }, 129 { TCPOPT_ECHO, "echo" }, 130 { TCPOPT_ECHOREPLY, "echoreply" }, 131 { TCPOPT_TIMESTAMP, "TS" }, 132 { TCPOPT_CC, "cc" }, 133 { TCPOPT_CCNEW, "ccnew" }, 134 { TCPOPT_CCECHO, "" }, 135 { TCPOPT_SIGNATURE, "md5" }, 136 { TCPOPT_AUTH, "enhanced auth" }, 137 { TCPOPT_UTO, "uto" }, 138 { TCPOPT_MPTCP, "mptcp" }, 139 { TCPOPT_EXPERIMENT2, "exp" }, 140 { 0, NULL } 141 }; 142 143 static int tcp_cksum(register const struct ip *ip, 144 register const struct tcphdr *tp, 145 register u_int len) 146 { 147 return (nextproto4_cksum(ip, (const u_int8_t *)tp, len, 148 IPPROTO_TCP)); 149 } 150 151 void 152 tcp_print(register const u_char *bp, register u_int length, 153 register const u_char *bp2, int fragmented) 154 { 155 register const struct tcphdr *tp; 156 register const struct ip *ip; 157 register u_char flags; 158 register u_int hlen; 159 register char ch; 160 u_int16_t sport, dport, win, urp; 161 u_int32_t seq, ack, thseq, thack; 162 u_int utoval; 163 u_int16_t magic; 164 register int rev; 165 #ifdef INET6 166 register const struct ip6_hdr *ip6; 167 #endif 168 169 tp = (struct tcphdr *)bp; 170 ip = (struct ip *)bp2; 171 #ifdef INET6 172 if (IP_V(ip) == 6) 173 ip6 = (struct ip6_hdr *)bp2; 174 else 175 ip6 = NULL; 176 #endif /*INET6*/ 177 ch = '\0'; 178 if (!TTEST(tp->th_dport)) { 179 (void)printf("%s > %s: [|tcp]", 180 ipaddr_string(&ip->ip_src), 181 ipaddr_string(&ip->ip_dst)); 182 return; 183 } 184 185 sport = EXTRACT_16BITS(&tp->th_sport); 186 dport = EXTRACT_16BITS(&tp->th_dport); 187 188 hlen = TH_OFF(tp) * 4; 189 190 #ifdef INET6 191 if (ip6) { 192 if (ip6->ip6_nxt == IPPROTO_TCP) { 193 (void)printf("%s.%s > %s.%s: ", 194 ip6addr_string(&ip6->ip6_src), 195 tcpport_string(sport), 196 ip6addr_string(&ip6->ip6_dst), 197 tcpport_string(dport)); 198 } else { 199 (void)printf("%s > %s: ", 200 tcpport_string(sport), tcpport_string(dport)); 201 } 202 } else 203 #endif /*INET6*/ 204 { 205 if (ip->ip_p == IPPROTO_TCP) { 206 (void)printf("%s.%s > %s.%s: ", 207 ipaddr_string(&ip->ip_src), 208 tcpport_string(sport), 209 ipaddr_string(&ip->ip_dst), 210 tcpport_string(dport)); 211 } else { 212 (void)printf("%s > %s: ", 213 tcpport_string(sport), tcpport_string(dport)); 214 } 215 } 216 217 if (hlen < sizeof(*tp)) { 218 (void)printf(" tcp %d [bad hdr length %u - too short, < %lu]", 219 length - hlen, hlen, (unsigned long)sizeof(*tp)); 220 return; 221 } 222 223 TCHECK(*tp); 224 225 seq = EXTRACT_32BITS(&tp->th_seq); 226 ack = EXTRACT_32BITS(&tp->th_ack); 227 win = EXTRACT_16BITS(&tp->th_win); 228 urp = EXTRACT_16BITS(&tp->th_urp); 229 230 if (qflag) { 231 (void)printf("tcp %d", length - hlen); 232 if (hlen > length) { 233 (void)printf(" [bad hdr length %u - too long, > %u]", 234 hlen, length); 235 } 236 return; 237 } 238 239 flags = tp->th_flags; 240 printf("Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags)); 241 242 if (!Sflag && (flags & TH_ACK)) { 243 /* 244 * Find (or record) the initial sequence numbers for 245 * this conversation. (we pick an arbitrary 246 * collating order so there's only one entry for 247 * both directions). 248 */ 249 rev = 0; 250 #ifdef INET6 251 if (ip6) { 252 register struct tcp_seq_hash6 *th; 253 struct tcp_seq_hash6 *tcp_seq_hash; 254 const struct in6_addr *src, *dst; 255 struct tha6 tha; 256 257 tcp_seq_hash = tcp_seq_hash6; 258 src = &ip6->ip6_src; 259 dst = &ip6->ip6_dst; 260 if (sport > dport) 261 rev = 1; 262 else if (sport == dport) { 263 if (UNALIGNED_MEMCMP(src, dst, sizeof ip6->ip6_dst) > 0) 264 rev = 1; 265 } 266 if (rev) { 267 UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip6->ip6_dst); 268 UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip6->ip6_src); 269 tha.port = dport << 16 | sport; 270 } else { 271 UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip6->ip6_dst); 272 UNALIGNED_MEMCPY(&tha.src, src, sizeof ip6->ip6_src); 273 tha.port = sport << 16 | dport; 274 } 275 276 for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; 277 th->nxt; th = th->nxt) 278 if (memcmp((char *)&tha, (char *)&th->addr, 279 sizeof(th->addr)) == 0) 280 break; 281 282 if (!th->nxt || (flags & TH_SYN)) { 283 /* didn't find it or new conversation */ 284 if (th->nxt == NULL) { 285 th->nxt = (struct tcp_seq_hash6 *) 286 calloc(1, sizeof(*th)); 287 if (th->nxt == NULL) 288 error("tcp_print: calloc"); 289 } 290 th->addr = tha; 291 if (rev) 292 th->ack = seq, th->seq = ack - 1; 293 else 294 th->seq = seq, th->ack = ack - 1; 295 } else { 296 if (rev) 297 seq -= th->ack, ack -= th->seq; 298 else 299 seq -= th->seq, ack -= th->ack; 300 } 301 302 thseq = th->seq; 303 thack = th->ack; 304 } else { 305 #else /*INET6*/ 306 { 307 #endif /*INET6*/ 308 register struct tcp_seq_hash *th; 309 struct tcp_seq_hash *tcp_seq_hash; 310 const struct in_addr *src, *dst; 311 struct tha tha; 312 313 tcp_seq_hash = tcp_seq_hash4; 314 src = &ip->ip_src; 315 dst = &ip->ip_dst; 316 if (sport > dport) 317 rev = 1; 318 else if (sport == dport) { 319 if (UNALIGNED_MEMCMP(src, dst, sizeof ip->ip_dst) > 0) 320 rev = 1; 321 } 322 if (rev) { 323 UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip->ip_dst); 324 UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip->ip_src); 325 tha.port = dport << 16 | sport; 326 } else { 327 UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip->ip_dst); 328 UNALIGNED_MEMCPY(&tha.src, src, sizeof ip->ip_src); 329 tha.port = sport << 16 | dport; 330 } 331 332 for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; 333 th->nxt; th = th->nxt) 334 if (memcmp((char *)&tha, (char *)&th->addr, 335 sizeof(th->addr)) == 0) 336 break; 337 338 if (!th->nxt || (flags & TH_SYN)) { 339 /* didn't find it or new conversation */ 340 if (th->nxt == NULL) { 341 th->nxt = (struct tcp_seq_hash *) 342 calloc(1, sizeof(*th)); 343 if (th->nxt == NULL) 344 error("tcp_print: calloc"); 345 } 346 th->addr = tha; 347 if (rev) 348 th->ack = seq, th->seq = ack - 1; 349 else 350 th->seq = seq, th->ack = ack - 1; 351 } else { 352 if (rev) 353 seq -= th->ack, ack -= th->seq; 354 else 355 seq -= th->seq, ack -= th->ack; 356 } 357 358 thseq = th->seq; 359 thack = th->ack; 360 } 361 } else { 362 /*fool gcc*/ 363 thseq = thack = rev = 0; 364 } 365 if (hlen > length) { 366 (void)printf(" [bad hdr length %u - too long, > %u]", 367 hlen, length); 368 return; 369 } 370 371 if (vflag && !Kflag && !fragmented) { 372 /* Check the checksum, if possible. */ 373 u_int16_t sum, tcp_sum; 374 375 if (IP_V(ip) == 4) { 376 if (TTEST2(tp->th_sport, length)) { 377 sum = tcp_cksum(ip, tp, length); 378 tcp_sum = EXTRACT_16BITS(&tp->th_sum); 379 380 (void)printf(", cksum 0x%04x", tcp_sum); 381 if (sum != 0) 382 (void)printf(" (incorrect -> 0x%04x)", 383 in_cksum_shouldbe(tcp_sum, sum)); 384 else 385 (void)printf(" (correct)"); 386 } 387 } 388 #ifdef INET6 389 else if (IP_V(ip) == 6 && ip6->ip6_plen) { 390 if (TTEST2(tp->th_sport, length)) { 391 sum = nextproto6_cksum(ip6, (const u_int8_t *)tp, length, IPPROTO_TCP); 392 tcp_sum = EXTRACT_16BITS(&tp->th_sum); 393 394 (void)printf(", cksum 0x%04x", tcp_sum); 395 if (sum != 0) 396 (void)printf(" (incorrect -> 0x%04x)", 397 in_cksum_shouldbe(tcp_sum, sum)); 398 else 399 (void)printf(" (correct)"); 400 401 } 402 } 403 #endif 404 } 405 406 length -= hlen; 407 if (vflag > 1 || length > 0 || flags & (TH_SYN | TH_FIN | TH_RST)) { 408 (void)printf(", seq %u", seq); 409 410 if (length > 0) { 411 (void)printf(":%u", seq + length); 412 } 413 } 414 415 if (flags & TH_ACK) { 416 (void)printf(", ack %u", ack); 417 } 418 419 (void)printf(", win %d", win); 420 421 if (flags & TH_URG) 422 (void)printf(", urg %d", urp); 423 /* 424 * Handle any options. 425 */ 426 if (hlen > sizeof(*tp)) { 427 register const u_char *cp; 428 register u_int i, opt, datalen; 429 register u_int len; 430 431 hlen -= sizeof(*tp); 432 cp = (const u_char *)tp + sizeof(*tp); 433 printf(", options ["); 434 while (hlen > 0) { 435 if (ch != '\0') 436 putchar(ch); 437 TCHECK(*cp); 438 opt = *cp++; 439 if (ZEROLENOPT(opt)) 440 len = 1; 441 else { 442 TCHECK(*cp); 443 len = *cp++; /* total including type, len */ 444 if (len < 2 || len > hlen) 445 goto bad; 446 --hlen; /* account for length byte */ 447 } 448 --hlen; /* account for type byte */ 449 datalen = 0; 450 451 /* Bail if "l" bytes of data are not left or were not captured */ 452 #define LENCHECK(l) { if ((l) > hlen) goto bad; TCHECK2(*cp, l); } 453 454 455 printf("%s", tok2str(tcp_option_values, "unknown-%u", opt)); 456 457 switch (opt) { 458 459 case TCPOPT_MAXSEG: 460 datalen = 2; 461 LENCHECK(datalen); 462 (void)printf(" %u", EXTRACT_16BITS(cp)); 463 break; 464 465 case TCPOPT_WSCALE: 466 datalen = 1; 467 LENCHECK(datalen); 468 (void)printf(" %u", *cp); 469 break; 470 471 case TCPOPT_SACK: 472 datalen = len - 2; 473 if (datalen % 8 != 0) { 474 (void)printf("malformed sack"); 475 } else { 476 u_int32_t s, e; 477 478 (void)printf(" %d ", datalen / 8); 479 for (i = 0; i < datalen; i += 8) { 480 LENCHECK(i + 4); 481 s = EXTRACT_32BITS(cp + i); 482 LENCHECK(i + 8); 483 e = EXTRACT_32BITS(cp + i + 4); 484 if (rev) { 485 s -= thseq; 486 e -= thseq; 487 } else { 488 s -= thack; 489 e -= thack; 490 } 491 (void)printf("{%u:%u}", s, e); 492 } 493 } 494 break; 495 496 case TCPOPT_CC: 497 case TCPOPT_CCNEW: 498 case TCPOPT_CCECHO: 499 case TCPOPT_ECHO: 500 case TCPOPT_ECHOREPLY: 501 502 /* 503 * those options share their semantics. 504 * fall through 505 */ 506 datalen = 4; 507 LENCHECK(datalen); 508 (void)printf(" %u", EXTRACT_32BITS(cp)); 509 break; 510 511 case TCPOPT_TIMESTAMP: 512 datalen = 8; 513 LENCHECK(datalen); 514 (void)printf(" val %u ecr %u", 515 EXTRACT_32BITS(cp), 516 EXTRACT_32BITS(cp + 4)); 517 break; 518 519 case TCPOPT_SIGNATURE: 520 datalen = TCP_SIGLEN; 521 LENCHECK(datalen); 522 #ifdef HAVE_LIBCRYPTO 523 switch (tcp_verify_signature(ip, tp, 524 bp + TH_OFF(tp) * 4, length, cp)) { 525 526 case SIGNATURE_VALID: 527 (void)printf("valid"); 528 break; 529 530 case SIGNATURE_INVALID: 531 (void)printf("invalid"); 532 break; 533 534 case CANT_CHECK_SIGNATURE: 535 (void)printf("can't check - "); 536 for (i = 0; i < TCP_SIGLEN; ++i) 537 (void)printf("%02x", cp[i]); 538 break; 539 } 540 #else 541 for (i = 0; i < TCP_SIGLEN; ++i) 542 (void)printf("%02x", cp[i]); 543 #endif 544 break; 545 546 case TCPOPT_AUTH: 547 (void)printf("keyid %d", *cp++); 548 datalen = len - 3; 549 for (i = 0; i < datalen; ++i) { 550 LENCHECK(i); 551 (void)printf("%02x", cp[i]); 552 } 553 break; 554 555 556 case TCPOPT_EOL: 557 case TCPOPT_NOP: 558 case TCPOPT_SACKOK: 559 /* 560 * Nothing interesting. 561 * fall through 562 */ 563 break; 564 565 case TCPOPT_UTO: 566 datalen = 2; 567 LENCHECK(datalen); 568 utoval = EXTRACT_16BITS(cp); 569 (void)printf("0x%x", utoval); 570 if (utoval & 0x0001) 571 utoval = (utoval >> 1) * 60; 572 else 573 utoval >>= 1; 574 (void)printf(" %u", utoval); 575 break; 576 577 case TCPOPT_MPTCP: 578 datalen = len - 2; 579 LENCHECK(datalen); 580 if (!mptcp_print(cp-2, len, flags)) 581 goto bad; 582 break; 583 584 case TCPOPT_EXPERIMENT2: 585 datalen = len - 2; 586 LENCHECK(datalen); 587 if (datalen < 2) 588 goto bad; 589 /* RFC6994 */ 590 magic = EXTRACT_16BITS(cp); 591 (void)printf("-"); 592 593 switch(magic) { 594 595 case 0xf989: 596 /* TCP Fast Open: draft-ietf-tcpm-fastopen-04 */ 597 if (datalen == 2) { 598 /* Fast Open Cookie Request */ 599 (void)printf("tfo cookiereq"); 600 } else { 601 /* Fast Open Cookie */ 602 if (datalen % 2 != 0 || datalen < 6 || datalen > 18) { 603 (void)printf("tfo malformed"); 604 } else { 605 (void)printf("tfo cookie "); 606 for (i = 2; i < datalen; ++i) 607 (void)printf("%02x", cp[i]); 608 } 609 } 610 break; 611 612 default: 613 /* Unknown magic number */ 614 (void)printf("%04x", magic); 615 break; 616 } 617 break; 618 619 default: 620 datalen = len - 2; 621 if (datalen) 622 printf(" 0x"); 623 for (i = 0; i < datalen; ++i) { 624 LENCHECK(i); 625 (void)printf("%02x", cp[i]); 626 } 627 break; 628 } 629 630 /* Account for data printed */ 631 cp += datalen; 632 hlen -= datalen; 633 634 /* Check specification against observed length */ 635 ++datalen; /* option octet */ 636 if (!ZEROLENOPT(opt)) 637 ++datalen; /* size octet */ 638 if (datalen != len) 639 (void)printf("[len %d]", len); 640 ch = ','; 641 if (opt == TCPOPT_EOL) 642 break; 643 } 644 putchar(']'); 645 } 646 647 /* 648 * Print length field before crawling down the stack. 649 */ 650 printf(", length %u", length); 651 652 if (length <= 0) 653 return; 654 655 /* 656 * Decode payload if necessary. 657 */ 658 bp += TH_OFF(tp) * 4; 659 if ((flags & TH_RST) && vflag) { 660 print_tcp_rst_data(bp, length); 661 return; 662 } 663 664 if (packettype) { 665 switch (packettype) { 666 case PT_ZMTP1: 667 zmtp1_print(bp, length); 668 break; 669 } 670 return; 671 } 672 673 if (sport == TELNET_PORT || dport == TELNET_PORT) { 674 if (!qflag && vflag) 675 telnet_print(bp, length); 676 } else if (sport == BGP_PORT || dport == BGP_PORT) 677 bgp_print(bp, length); 678 else if (sport == PPTP_PORT || dport == PPTP_PORT) 679 pptp_print(bp); 680 #ifdef TCPDUMP_DO_SMB 681 else if (sport == NETBIOS_SSN_PORT || dport == NETBIOS_SSN_PORT) 682 nbt_tcp_print(bp, length); 683 else if (sport == SMB_PORT || dport == SMB_PORT) 684 smb_tcp_print(bp, length); 685 #endif 686 else if (sport == BEEP_PORT || dport == BEEP_PORT) 687 beep_print(bp, length); 688 else if (sport == OPENFLOW_PORT || dport == OPENFLOW_PORT) 689 openflow_print(bp, length); 690 else if (length > 2 && 691 (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT || 692 sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) { 693 /* 694 * TCP DNS query has 2byte length at the head. 695 * XXX packet could be unaligned, it can go strange 696 */ 697 ns_print(bp + 2, length - 2, 0); 698 } else if (sport == MSDP_PORT || dport == MSDP_PORT) { 699 msdp_print(bp, length); 700 } else if (sport == RPKI_RTR_PORT || dport == RPKI_RTR_PORT) { 701 rpki_rtr_print(bp, length); 702 } 703 else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) { 704 ldp_print(bp, length); 705 } 706 else if ((sport == NFS_PORT || dport == NFS_PORT) && 707 length >= 4 && TTEST2(*bp, 4)) { 708 /* 709 * If data present, header length valid, and NFS port used, 710 * assume NFS. 711 * Pass offset of data plus 4 bytes for RPC TCP msg length 712 * to NFS print routines. 713 */ 714 u_int32_t fraglen; 715 register struct sunrpc_msg *rp; 716 enum sunrpc_msg_type direction; 717 718 fraglen = EXTRACT_32BITS(bp) & 0x7FFFFFFF; 719 if (fraglen > (length) - 4) 720 fraglen = (length) - 4; 721 rp = (struct sunrpc_msg *)(bp + 4); 722 if (TTEST(rp->rm_direction)) { 723 direction = (enum sunrpc_msg_type)EXTRACT_32BITS(&rp->rm_direction); 724 if (dport == NFS_PORT && direction == SUNRPC_CALL) { 725 (void)printf(": NFS request xid %u ", EXTRACT_32BITS(&rp->rm_xid)); 726 nfsreq_print_noaddr((u_char *)rp, fraglen, (u_char *)ip); 727 return; 728 } 729 if (sport == NFS_PORT && direction == SUNRPC_REPLY) { 730 (void)printf(": NFS reply xid %u ", EXTRACT_32BITS(&rp->rm_xid)); 731 nfsreply_print_noaddr((u_char *)rp, fraglen, (u_char *)ip); 732 return; 733 } 734 } 735 } 736 737 return; 738 bad: 739 fputs("[bad opt]", stdout); 740 if (ch != '\0') 741 putchar('>'); 742 return; 743 trunc: 744 fputs("[|tcp]", stdout); 745 if (ch != '\0') 746 putchar('>'); 747 } 748 749 /* 750 * RFC1122 says the following on data in RST segments: 751 * 752 * 4.2.2.12 RST Segment: RFC-793 Section 3.4 753 * 754 * A TCP SHOULD allow a received RST segment to include data. 755 * 756 * DISCUSSION 757 * It has been suggested that a RST segment could contain 758 * ASCII text that encoded and explained the cause of the 759 * RST. No standard has yet been established for such 760 * data. 761 * 762 */ 763 764 static void 765 print_tcp_rst_data(register const u_char *sp, u_int length) 766 { 767 int c; 768 769 if (TTEST2(*sp, length)) 770 printf(" [RST"); 771 else 772 printf(" [!RST"); 773 if (length > MAX_RST_DATA_LEN) { 774 length = MAX_RST_DATA_LEN; /* can use -X for longer */ 775 putchar('+'); /* indicate we truncate */ 776 } 777 putchar(' '); 778 while (length-- && sp <= snapend) { 779 c = *sp++; 780 safeputchar(c); 781 } 782 putchar(']'); 783 } 784 785 #ifdef HAVE_LIBCRYPTO 786 USES_APPLE_DEPRECATED_API 787 static int 788 tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, 789 const u_char *data, int length, const u_char *rcvsig) 790 { 791 struct tcphdr tp1; 792 u_char sig[TCP_SIGLEN]; 793 char zero_proto = 0; 794 MD5_CTX ctx; 795 u_int16_t savecsum, tlen; 796 #ifdef INET6 797 struct ip6_hdr *ip6; 798 u_int32_t len32; 799 u_int8_t nxt; 800 #endif 801 802 if (data + length > snapend) { 803 printf("snaplen too short, "); 804 return (CANT_CHECK_SIGNATURE); 805 } 806 807 tp1 = *tp; 808 809 if (sigsecret == NULL) { 810 printf("shared secret not supplied with -M, "); 811 return (CANT_CHECK_SIGNATURE); 812 } 813 814 MD5_Init(&ctx); 815 /* 816 * Step 1: Update MD5 hash with IP pseudo-header. 817 */ 818 if (IP_V(ip) == 4) { 819 MD5_Update(&ctx, (char *)&ip->ip_src, sizeof(ip->ip_src)); 820 MD5_Update(&ctx, (char *)&ip->ip_dst, sizeof(ip->ip_dst)); 821 MD5_Update(&ctx, (char *)&zero_proto, sizeof(zero_proto)); 822 MD5_Update(&ctx, (char *)&ip->ip_p, sizeof(ip->ip_p)); 823 tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4; 824 tlen = htons(tlen); 825 MD5_Update(&ctx, (char *)&tlen, sizeof(tlen)); 826 #ifdef INET6 827 } else if (IP_V(ip) == 6) { 828 ip6 = (struct ip6_hdr *)ip; 829 MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); 830 MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst)); 831 len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen)); 832 MD5_Update(&ctx, (char *)&len32, sizeof(len32)); 833 nxt = 0; 834 MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); 835 MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); 836 MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); 837 nxt = IPPROTO_TCP; 838 MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); 839 #endif 840 } else { 841 #ifdef INET6 842 printf("IP version not 4 or 6, "); 843 #else 844 printf("IP version not 4, "); 845 #endif 846 return (CANT_CHECK_SIGNATURE); 847 } 848 849 /* 850 * Step 2: Update MD5 hash with TCP header, excluding options. 851 * The TCP checksum must be set to zero. 852 */ 853 savecsum = tp1.th_sum; 854 tp1.th_sum = 0; 855 MD5_Update(&ctx, (char *)&tp1, sizeof(struct tcphdr)); 856 tp1.th_sum = savecsum; 857 /* 858 * Step 3: Update MD5 hash with TCP segment data, if present. 859 */ 860 if (length > 0) 861 MD5_Update(&ctx, data, length); 862 /* 863 * Step 4: Update MD5 hash with shared secret. 864 */ 865 MD5_Update(&ctx, sigsecret, strlen(sigsecret)); 866 MD5_Final(sig, &ctx); 867 868 if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0) 869 return (SIGNATURE_VALID); 870 else 871 return (SIGNATURE_INVALID); 872 } 873 USES_APPLE_RST 874 #endif /* HAVE_LIBCRYPTO */ 875 876 /* 877 * Local Variables: 878 * c-style: whitesmith 879 * c-basic-offset: 8 880 * End: 881 */ 882
