Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Jul 2005 01:26:18 GMT
From:      Sam Leffler <sam@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 80222 for review
Message-ID:  <200507150126.j6F1QIkJ048702@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=80222

Change 80222 by sam@sam_ebb on 2005/07/15 01:25:18

	reintegrate after cleanup

Affected files ...

.. //depot/projects/wifi/contrib/hostapd/ChangeLog#2 integrate
.. //depot/projects/wifi/contrib/hostapd/Makefile#2 integrate
.. //depot/projects/wifi/contrib/hostapd/common.h#2 integrate
.. //depot/projects/wifi/contrib/hostapd/config.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/eapol_sm.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/eapol_sm.h#2 integrate
.. //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/ms_funcs.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/radius_client.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/radius_server.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/tls_openssl.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/version.h#2 integrate
.. //depot/projects/wifi/contrib/hostapd/wpa.c#2 integrate
.. //depot/projects/wifi/contrib/libpcap/pcap-dos.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/ipproto.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/pmap_prot.h#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-eigrp.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-juniper.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-lmp.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-lspping.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/rpc_auth.h#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/rpc_msg.h#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/ChangeLog#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/README#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/config.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/ctrl_iface.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_mschapv2.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_peap.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_tls_common.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_ttls.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eapol_sm.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/ms_funcs.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/tls_openssl.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/version.h#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa_ctrl.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa_supplicant.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa_supplicant_i.h#2 integrate
.. //depot/projects/wifi/share/man/man4/if_bridge.4#2 integrate
.. //depot/projects/wifi/sys/dev/kbd/atkbdc.c#4 delete
.. //depot/projects/wifi/sys/dev/mpt/mpt_freebsd.h#4 delete
.. //depot/projects/wifi/sys/i386/i386/ptrace_machdep.c#2 integrate
.. //depot/projects/wifi/sys/isa/atkbdc_isa.c#3 delete
.. //depot/projects/wifi/sys/net/bridgestp.c#2 integrate
.. //depot/projects/wifi/sys/net/if_bridge.c#2 integrate
.. //depot/projects/wifi/sys/net/if_bridgevar.h#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd/driver_freebsd.c#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd/hostapd.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/hostapd_cli/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd_cli/hostapd_cli.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/wpa_cli/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/wpa_cli/wpa_cli.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5#2 integrate

Differences ...

==== //depot/projects/wifi/contrib/hostapd/ChangeLog#2 (text+ko) ====

@@ -1,5 +1,19 @@
 ChangeLog for hostapd
 
+2005-06-10 - v0.3.9
+	* fixed a bug which caused some RSN pre-authentication cases to use
+	  freed memory and potentially crash hostapd
+	* fixed private key loading for cases where passphrase is not set
+	* fixed WPA2 to add PMKSA cache entry when using integrated EAP
+	  authenticator
+	* driver_madwifi: fixed pairwise key removal to allow WPA reauth
+	  without disassociation
+	* fixed RADIUS attribute Class processing to only use Access-Accept
+	  packets to update Class; previously, other RADIUS authentication
+	  packets could have cleared Class attribute
+	* fixed PMKSA caching (EAP authentication was not skipped correctly
+	  with the new state machine changes from IEEE 802.1X draft)
+
 2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
 
 2005-01-23 - v0.3.5

==== //depot/projects/wifi/contrib/hostapd/Makefile#2 (text+ko) ====

@@ -228,6 +228,6 @@
 	$(CC) -o hostapd_cli hostapd_cli.o hostapd_ctrl.o
 
 clean:
-	rm -f core *~ *.o hostapd *.d driver_conf.c
+	rm -f core *~ *.o hostapd hostapd_cli *.d driver_conf.c
 
 -include $(OBJS:%.o=%.d)

==== //depot/projects/wifi/contrib/hostapd/common.h#2 (text+ko) ====

@@ -8,8 +8,12 @@
 #ifdef __FreeBSD__
 #include <sys/types.h>
 #include <sys/endian.h>
+#define __BYTE_ORDER	_BYTE_ORDER
+#define	__LITTLE_ENDIAN	_LITTLE_ENDIAN
+#define	__BIG_ENDIAN	_BIG_ENDIAN
 #define bswap_16 bswap16
 #define bswap_32 bswap32
+#define bswap_64 bswap64
 #endif
 
 #ifdef CONFIG_NATIVE_WINDOWS

==== //depot/projects/wifi/contrib/hostapd/config.c#2 (text+ko) ====

@@ -597,7 +597,8 @@
 	}
 
 	if (conf->wpa && (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
-	    conf->wpa_psk == NULL && conf->wpa_passphrase == NULL) {
+	    conf->wpa_psk == NULL && conf->wpa_passphrase == NULL &&
+	    conf->wpa_psk_file == NULL) {
 		printf("WPA-PSK enabled, but PSK or passphrase is not "
 		       "configured.\n");
 		return -1;

==== //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#2 (text+ko) ====

@@ -20,6 +20,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <sys/uio.h>
 #include <sys/stat.h>
 #include <errno.h>
 #include <netinet/in.h>
@@ -383,7 +384,8 @@
 			unlink(fname);
 		free(fname);
 
-		if (rmdir(hapd->conf->ctrl_interface) < 0) {
+		if (hapd->conf->ctrl_interface &&
+		    rmdir(hapd->conf->ctrl_interface) < 0) {
 			if (errno == ENOTEMPTY) {
 				wpa_printf(MSG_DEBUG, "Control interface "
 					   "directory not empty - leaving it "

==== //depot/projects/wifi/contrib/hostapd/eapol_sm.c#2 (text+ko) ====

@@ -12,7 +12,7 @@
  *
  * See README and COPYING for more details.
  *
- * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.3 2005/06/13 17:07:31 sam Exp $
  */
 
 #include <stdlib.h>
@@ -767,22 +767,22 @@
 		prev_ctrl_dir = sm->ctrl_dir.state;
 
 		SM_STEP_RUN(AUTH_PAE);
-		if (!eapol_sm_sta_entry_alive(hapd, addr))
+		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
 			break;
 		SM_STEP_RUN(BE_AUTH);
-		if (!eapol_sm_sta_entry_alive(hapd, addr))
+		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
 			break;
 		SM_STEP_RUN(REAUTH_TIMER);
-		if (!eapol_sm_sta_entry_alive(hapd, addr))
+		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
 			break;
 		SM_STEP_RUN(AUTH_KEY_TX);
-		if (!eapol_sm_sta_entry_alive(hapd, addr))
+		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
 			break;
 		SM_STEP_RUN(KEY_RX);
-		if (!eapol_sm_sta_entry_alive(hapd, addr))
+		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
 			break;
 		SM_STEP_RUN(CTRL_DIR);
-		if (!eapol_sm_sta_entry_alive(hapd, addr))
+		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
 			break;
 	} while (prev_auth_pae != sm->auth_pae.state ||
 		 prev_be_auth != sm->be_auth.state ||
@@ -803,12 +803,14 @@
 
 void eapol_sm_initialize(struct eapol_state_machine *sm)
 {
+	sm->initializing = TRUE;
 	/* Initialize the state machines by asserting initialize and then
 	 * deasserting it after one step */
 	sm->initialize = TRUE;
 	eapol_sm_step(sm);
 	sm->initialize = FALSE;
 	eapol_sm_step(sm);
+	sm->initializing = FALSE;
 
 	/* Start one second tick for port timers state machine */
 	eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm);

==== //depot/projects/wifi/contrib/hostapd/eapol_sm.h#2 (text+ko) ====

@@ -195,6 +195,8 @@
 	 */
 	u8 currentId;
 
+	Boolean initializing; /* in process of initializing state machines */
+
 	/* Somewhat nasty pointers to global hostapd and STA data to avoid
 	 * passing these to every function */
 	struct hostapd_data *hapd;

==== //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#2 (text+ko) ====

@@ -12,7 +12,7 @@
  *
  * See README and COPYING for more details.
  *
- * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.3 2005/06/13 17:07:31 sam Exp $
  */
 
 #include <stdlib.h>
@@ -1157,6 +1157,7 @@
 					session_timeout_set ?
 					session_timeout : -1);
 		}
+		ieee802_1x_store_radius_class(hapd, sta, msg);
 		break;
 	case RADIUS_CODE_ACCESS_REJECT:
 		sm->eapFail = TRUE;
@@ -1180,7 +1181,6 @@
 		break;
 	}
 
-	ieee802_1x_store_radius_class(hapd, sta, msg);
 	ieee802_1x_decapsulate_radius(hapd, sta);
 	if (override_eapReq)
 		sm->be_auth.eapReq = FALSE;
@@ -1669,6 +1669,7 @@
 	return len;
 }
 
+
 void ieee802_1x_finished(struct hostapd_data *hapd, struct sta_info *sta,
 			 int success)
 {
@@ -1682,4 +1683,3 @@
 		pmksa_cache_add(hapd, sta, key, dot11RSNAConfigPMKLifetime);
 	}
 }
-

==== //depot/projects/wifi/contrib/hostapd/ms_funcs.c#2 (text+ko) ====

@@ -158,12 +158,14 @@
 	};
 	const unsigned char *addr[3];
 	const size_t len[3] = { 16, 24, sizeof(magic1) };
+	u8 hash[SHA1_MAC_LEN];
 
 	addr[0] = password_hash_hash;
 	addr[1] = nt_response;
 	addr[2] = magic1;
 
-	sha1_vector(3, addr, len, master_key);
+	sha1_vector(3, addr, len, hash);
+	memcpy(master_key, hash, 16);
 }
 
 

==== //depot/projects/wifi/contrib/hostapd/radius_client.c#2 (text+ko) ====

@@ -506,7 +506,7 @@
 		rconf = hapd->conf->auth_server;
 	}
 
-	len = recv(sock, buf, sizeof(buf), 0);
+	len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT);
 	if (len < 0) {
 		perror("recv[RADIUS]");
 		return;

==== //depot/projects/wifi/contrib/hostapd/radius_server.c#2 (text+ko) ====

@@ -325,6 +325,7 @@
 {
 	struct radius_msg *msg;
 	int ret = 0;
+	struct eap_hdr eapfail;
 
 	RADIUS_DEBUG("Reject invalid request from %s:%d",
 		     inet_ntoa(from->sin_addr), ntohs(from->sin_port));
@@ -335,6 +336,16 @@
 		return -1;
 	}
 
+	memset(&eapfail, 0, sizeof(eapfail));
+	eapfail.code = EAP_CODE_FAILURE;
+	eapfail.identifier = 0;
+	eapfail.length = htons(sizeof(eapfail));
+
+	if (!radius_msg_add_eap(msg, (u8 *) &eapfail, sizeof(eapfail))) {
+		RADIUS_DEBUG("Failed to add EAP-Message attribute");
+	}
+
+
 	if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
 				  client->shared_secret_len,
 				  request->hdr->authenticator) < 0) {
@@ -395,6 +406,7 @@
 		sess = radius_server_get_new_session(data, client, msg);
 		if (sess == NULL) {
 			RADIUS_DEBUG("Could not create a new session");
+			radius_server_reject(data, client, msg, from);
 			return -1;
 		}
 	}

==== //depot/projects/wifi/contrib/hostapd/tls_openssl.c#2 (text+ko) ====

@@ -489,9 +489,12 @@
 	if (private_key == NULL)
 		return 0;
 
-	passwd = strdup(private_key_passwd);
-	if (passwd == NULL)
-		return -1;
+	if (private_key_passwd) {
+		passwd = strdup(private_key_passwd);
+		if (passwd == NULL)
+			return -1;
+	} else
+		passwd = NULL;
 
 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);

==== //depot/projects/wifi/contrib/hostapd/version.h#2 (text+ko) ====

@@ -1,6 +1,6 @@
 #ifndef VERSION_H
 #define VERSION_H
 
-#define VERSION_STR "0.3.7"
+#define VERSION_STR "0.3.9"
 
 #endif /* VERSION_H */

==== //depot/projects/wifi/contrib/hostapd/wpa.c#2 (text+ko) ====

@@ -12,7 +12,7 @@
  *
  * See README and COPYING for more details.
  *
- * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.3 2005/06/13 17:07:31 sam Exp $
  */
 
 #include <stdlib.h>
@@ -1416,6 +1416,14 @@
 	key = (struct wpa_eapol_key *) (hdr + 1);
 	key_info = ntohs(key->key_info);
 	key_data_length = ntohs(key->key_data_length);
+	if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
+		wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
+			   "key_data overflow (%d > %lu)",
+			   key_data_length,
+			   (unsigned long) (data_len - sizeof(*hdr) -
+					    sizeof(*key)));
+		return;
+	}
 
 	/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
 	 * are set */

==== //depot/projects/wifi/contrib/libpcap/pcap-dos.c#2 (text+ko) ====

@@ -5,7 +5,7 @@
  *  pcap-dos.c: Interface to PKTDRVR, NDIS2 and 32-bit pmode
  *              network drivers.
  *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1 2004/12/18 08:52:10 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1.2.1 2005/05/03 18:54:35 guy Exp $ (LBL)
  */
 
 #include <stdio.h>
@@ -172,6 +172,7 @@
   pcap->stats_op          = pcap_stats_dos;
   pcap->inject_op         = pcap_sendpacket_dos;
   pcap->setfilter_op      = pcap_setfilter_dos;
+	pcap->setdirection_op   = NULL; /* Not implemented.*/
   pcap->fd                = ++ref_count;
 
   if (pcap->fd == 1)  /* first time we're called */

==== //depot/projects/wifi/contrib/tcpdump/ipproto.c#2 (text+ko) ====

@@ -15,7 +15,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/ipproto.c,v 1.3 2004/12/15 08:41:26 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/ipproto.c,v 1.3.2.2 2005/05/20 21:15:45 hannes Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -24,8 +24,8 @@
 
 #include <tcpdump-stdinc.h>
 
+#include "interface.h"
 #include "ipproto.h"
-#include "interface.h"
 
 struct tok ipproto_values[] = {
     { IPPROTO_HOPOPTS, "Options" },
@@ -51,6 +51,7 @@
     { IPPROTO_PIM, "PIM" },
     { IPPROTO_IPCOMP, "Compressed IP" },
     { IPPROTO_VRRP, "VRRP" },
+    { IPPROTO_PGM, "PGM" },
     { IPPROTO_SCTP, "SCTP" },
     { IPPROTO_MOBILITY, "Mobility" },
     { 0, NULL }

==== //depot/projects/wifi/contrib/tcpdump/pmap_prot.h#2 (text+ko) ====

@@ -1,4 +1,4 @@
-/* @(#) $Header: /tcpdump/master/tcpdump/pmap_prot.h,v 1.1 2004/12/27 00:41:30 guy Exp $ (LBL) */
+/* @(#) $Header: /tcpdump/master/tcpdump/pmap_prot.h,v 1.1.2.2 2005/04/27 21:44:06 guy Exp $ (LBL) */
 /*
  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
  * unrestricted use provided that this legend is included on all tape
@@ -29,7 +29,7 @@
  *
  *	from: @(#)pmap_prot.h 1.14 88/02/08 SMI
  *	from: @(#)pmap_prot.h	2.1 88/07/29 4.0 RPCSRC
- * $FreeBSD: src/contrib/tcpdump/pmap_prot.h,v 1.1.1.1 2005/05/29 18:16:36 sam Exp $
+ * $FreeBSD: src/contrib/tcpdump/pmap_prot.h,v 1.1.1.2 2005/07/11 03:53:37 sam Exp $
  */
 
 /*
@@ -69,26 +69,21 @@
  * The service supports remote procedure calls on udp/ip or tcp/ip socket 111.
  */
 
-#ifndef _RPC_PMAPPROT_H
-#define _RPC_PMAPPROT_H
+#define SUNRPC_PMAPPORT		((u_int16_t)111)
+#define SUNRPC_PMAPPROG		((u_int32_t)100000)
+#define SUNRPC_PMAPVERS		((u_int32_t)2)
+#define SUNRPC_PMAPVERS_PROTO	((u_int32_t)2)
+#define SUNRPC_PMAPVERS_ORIG	((u_int32_t)1)
+#define SUNRPC_PMAPPROC_NULL	((u_int32_t)0)
+#define SUNRPC_PMAPPROC_SET	((u_int32_t)1)
+#define SUNRPC_PMAPPROC_UNSET	((u_int32_t)2)
+#define SUNRPC_PMAPPROC_GETPORT	((u_int32_t)3)
+#define SUNRPC_PMAPPROC_DUMP	((u_int32_t)4)
+#define SUNRPC_PMAPPROC_CALLIT	((u_int32_t)5)
 
-#define PMAPPORT		((u_int16_t)111)
-#define PMAPPROG		((u_int32_t)100000)
-#define PMAPVERS		((u_int32_t)2)
-#define PMAPVERS_PROTO		((u_int32_t)2)
-#define PMAPVERS_ORIG		((u_int32_t)1)
-#define PMAPPROC_NULL		((u_int32_t)0)
-#define PMAPPROC_SET		((u_int32_t)1)
-#define PMAPPROC_UNSET		((u_int32_t)2)
-#define PMAPPROC_GETPORT	((u_int32_t)3)
-#define PMAPPROC_DUMP		((u_int32_t)4)
-#define PMAPPROC_CALLIT		((u_int32_t)5)
-
-struct pmap {
+struct sunrpc_pmap {
 	u_int32_t pm_prog;
 	u_int32_t pm_vers;
 	u_int32_t pm_prot;
 	u_int32_t pm_port;
 };
-
-#endif /* !_RPC_PMAPPROT_H */

==== //depot/projects/wifi/contrib/tcpdump/print-eigrp.c#2 (text+ko) ====

@@ -16,7 +16,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-eigrp.c,v 1.5 2004/05/12 22:22:40 hannes Exp $";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-eigrp.c,v 1.5.2.2 2005/05/06 02:53:41 guy Exp $";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -216,7 +216,7 @@
     const struct eigrp_common_header *eigrp_com_header;
     const struct eigrp_tlv_header *eigrp_tlv_header;
     const u_char *tptr,*tlv_tptr;
-    int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen,byte_length, bit_length;
+    u_int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen, byte_length, bit_length;
     u_int8_t prefix[4];
 
     union {
@@ -271,15 +271,15 @@
 
     while(tlen>0) {
         /* did we capture enough for fully decoding the object header ? */
-        if (!TTEST2(*tptr, sizeof(struct eigrp_tlv_header)))
-            goto trunc;
+        TCHECK2(*tptr, sizeof(struct eigrp_tlv_header));
 
         eigrp_tlv_header = (const struct eigrp_tlv_header *)tptr;
         eigrp_tlv_len=EXTRACT_16BITS(&eigrp_tlv_header->length);
         eigrp_tlv_type=EXTRACT_16BITS(&eigrp_tlv_header->type);
 
 
-        if (eigrp_tlv_len == 0 || eigrp_tlv_len > tlen) {
+        if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header) ||
+            eigrp_tlv_len > tlen) {
             print_unknown_data(tptr+sizeof(sizeof(struct eigrp_tlv_header)),"\n\t    ",tlen);
             return;
         }
@@ -295,8 +295,7 @@
         tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header);
 
         /* did we capture enough for fully decoding the object ? */
-        if (!TTEST2(*tptr, eigrp_tlv_len))
-            goto trunc;
+        TCHECK2(*tptr, eigrp_tlv_len);
 
         switch(eigrp_tlv_type) {
 
@@ -326,7 +325,7 @@
             tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr;
 
             bit_length = tlv_ptr.eigrp_tlv_ip_int->plen;
-            if (bit_length < 0 || bit_length > 32) {
+            if (bit_length > 32) {
                 printf("\n\t    illegal prefix length %u",bit_length);
                 break;
             }
@@ -340,7 +339,7 @@
             if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop) == 0)
                 printf("self");
             else
-                printf("%s",ipaddr_string(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop)));
+                printf("%s",ipaddr_string(&tlv_ptr.eigrp_tlv_ip_int->nexthop));
 
             printf("\n\t      delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u",
                    (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->delay)/100),
@@ -355,7 +354,7 @@
             tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr;
 
             bit_length = tlv_ptr.eigrp_tlv_ip_ext->plen;
-            if (bit_length < 0 || bit_length > 32) {
+            if (bit_length > 32) {
                 printf("\n\t    illegal prefix length %u",bit_length);
                 break;
             }
@@ -369,7 +368,7 @@
             if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop) == 0)
                 printf("self");
             else
-                printf("%s",ipaddr_string(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop)));
+                printf("%s",ipaddr_string(&tlv_ptr.eigrp_tlv_ip_ext->nexthop));
 
             printf("\n\t      origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u",
                    ipaddr_string(tlv_ptr.eigrp_tlv_ip_ext->origin_router),

==== //depot/projects/wifi/contrib/tcpdump/print-juniper.c#2 (text+ko) ====

@@ -15,7 +15,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-juniper.c,v 1.8 2005/04/06 21:32:41 mcr Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-juniper.c,v 1.8.2.13 2005/06/20 07:45:05 hannes Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -28,131 +28,476 @@
 #include <stdio.h>
 
 #include "interface.h"
+#include "addrtoname.h"
 #include "extract.h"
 #include "ppp.h"
 #include "llc.h"
 #include "nlpid.h"
+#include "ethertype.h"
+#include "atm.h"
 
 #define JUNIPER_BPF_OUT           0       /* Outgoing packet */
 #define JUNIPER_BPF_IN            1       /* Incoming packet */
 #define JUNIPER_BPF_PKT_IN        0x1     /* Incoming packet */
 #define JUNIPER_BPF_NO_L2         0x2     /* L2 header stripped */
+#define JUNIPER_MGC_NUMBER        0x4d4743 /* = "MGC" */
+
+#define JUNIPER_LSQ_L3_PROTO_SHIFT     4
+#define JUNIPER_LSQ_L3_PROTO_MASK     (0x17 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_IPV4     (0 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_IPV6     (1 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_MPLS     (2 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_ISO      (3 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+
+#define JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE 1
+#define JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE 2
+#define JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE 3
+#define JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE 4
+#define JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE 5
+
+static struct tok juniper_ipsec_type_values[] = {
+    { JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE, "ESP ENCR-AUTH" },
+    { JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE, "ESP ENCR-AH AUTH" },
+    { JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE, "ESP AUTH" },
+    { JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE, "AH AUTH" },
+    { JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE, "ESP ENCR" },
+    { 0, NULL}
+};
+
+static struct tok juniper_direction_values[] = {
+    { JUNIPER_BPF_IN,  "In"},
+    { JUNIPER_BPF_OUT, "Out"},
+    { 0, NULL}
+};
+
+struct juniper_cookie_table_t {
+    u_int32_t pictype;		/* pic type */
+    u_int8_t  cookie_len;       /* cookie len */
+    const char *s;		/* pic name */
+};
+
+static struct juniper_cookie_table_t juniper_cookie_table[] = {
+#ifdef DLT_JUNIPER_ATM1
+    { DLT_JUNIPER_ATM1,  4, "ATM1"},
+#endif
+#ifdef DLT_JUNIPER_ATM2
+    { DLT_JUNIPER_ATM2,  8, "ATM2"},
+#endif
+#ifdef DLT_JUNIPER_MLPPP
+    { DLT_JUNIPER_MLPPP, 2, "MLPPP"},
+#endif
+#ifdef DLT_JUNIPER_MLFR
+    { DLT_JUNIPER_MLFR,  2, "MLFR"},
+#endif
+#ifdef DLT_JUNIPER_MFR
+    { DLT_JUNIPER_MFR,   4, "MFR"},
+#endif
+#ifdef DLT_JUNIPER_PPPOE
+    { DLT_JUNIPER_PPPOE, 0, "PPPoE"},
+#endif
+#ifdef DLT_JUNIPER_PPPOE_ATM
+    { DLT_JUNIPER_PPPOE_ATM, 0, "PPPoE ATM"},
+#endif
+#ifdef DLT_JUNIPER_GGSN
+    { DLT_JUNIPER_GGSN, 8, "GGSN"},
+#endif
+#ifdef DLT_JUNIPER_MONITOR
+    { DLT_JUNIPER_MONITOR, 8, "MONITOR"},
+#endif
+#ifdef DLT_JUNIPER_SERVICES
+    { DLT_JUNIPER_SERVICES, 8, "AS"},
+#endif
+#ifdef DLT_JUNIPER_ES
+    { DLT_JUNIPER_ES, 0, "ES"},
+#endif
+    { 0, 0, NULL }
+};
 
+struct juniper_l2info_t {
+    u_int32_t length;
+    u_int32_t caplen;
+    u_int32_t pictype;
+    u_int8_t direction;
+    u_int8_t header_len;
+    u_int8_t cookie_len;
+    u_int8_t cookie_type;
+    u_int8_t cookie[8];
+    u_int8_t bundle;
+    u_int16_t proto;
+};
+
 #define LS_COOKIE_ID            0x54
-#define LS_MLFR_LEN		4
-#define ML_MLFR_LEN		2
+#define AS_COOKIE_ID            0x47
+#define LS_MLFR_COOKIE_LEN	4
+#define ML_MLFR_COOKIE_LEN	2
+#define LS_MFR_COOKIE_LEN	6
+#define ATM1_COOKIE_LEN         4
+#define ATM2_COOKIE_LEN         8
 
 #define ATM2_PKT_TYPE_MASK  0x70
 #define ATM2_GAP_COUNT_MASK 0x3F
 
+#define JUNIPER_PROTO_NULL          1
+#define JUNIPER_PROTO_IPV4          2
+#define JUNIPER_PROTO_IPV6          6
+
+static struct tok juniper_protocol_values[] = {
+    { JUNIPER_PROTO_NULL, "Null" },
+    { JUNIPER_PROTO_IPV4, "IPv4" },
+    { JUNIPER_PROTO_IPV6, "IPv6" },
+    { 0, NULL}
+};
+
 int ip_heuristic_guess(register const u_char *, u_int);
 int juniper_ppp_heuristic_guess(register const u_char *, u_int);
-static int juniper_parse_header (const u_char *, u_int8_t *, u_int);
+static int juniper_parse_header (const u_char *, const struct pcap_pkthdr *, struct juniper_l2info_t *);
+
+#ifdef DLT_JUNIPER_GGSN
+u_int
+juniper_ggsn_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+        struct juniper_l2info_t l2info;
+        struct juniper_ggsn_header {
+            u_int8_t svc_id;
+            u_int8_t flags_len;
+            u_int8_t proto;
+            u_int8_t flags;
+            u_int8_t vlan_id[2];
+            u_int8_t res[2];
+        };
+        const struct juniper_ggsn_header *gh;
+
+        l2info.pictype = DLT_JUNIPER_GGSN;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
+
+        p+=l2info.header_len;
+        gh = (struct juniper_ggsn_header *)p;
+
+        if (eflag)
+            printf("proto %s (%u), vlan %u: ",
+                   tok2str(juniper_protocol_values,"Unknown",gh->proto),
+                   gh->proto,
+                   EXTRACT_16BITS(&gh->vlan_id[0]));
+
+        switch (gh->proto) {
+        case JUNIPER_PROTO_IPV4:
+            ip_print(gndo, p, l2info.length);
+            break;
+#ifdef INET6
+        case JUNIPER_PROTO_IPV6:
+            ip6_print(p, l2info.length);
+            break;
+#endif /* INET6 */
+        default:
+            if (!eflag)
+                printf("unknown GGSN proto (%u)", gh->proto);
+        }
+
+        return l2info.header_len;
+}
+#endif
 
+#ifdef DLT_JUNIPER_ES
 u_int
-juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p)
+juniper_es_print(const struct pcap_pkthdr *h, register const u_char *p)
 {
-	register u_int length = h->len;
-	register u_int caplen = h->caplen;
-        u_int8_t direction,bundle,cookie_len;
-        u_int32_t cookie,proto;
-        
-        if(juniper_parse_header(p, &direction,length) == 0)
-            return 0;
+        struct juniper_l2info_t l2info;
+        struct juniper_ipsec_header {
+            u_int8_t sa_index[2];
+            u_int8_t ttl;
+            u_int8_t type;
+            u_int8_t spi[4];
+            u_int8_t src_ip[4];
+            u_int8_t dst_ip[4];
+        };
+        u_int rewrite_len,es_type_bundle;
+        const struct juniper_ipsec_header *ih;
+
+        l2info.pictype = DLT_JUNIPER_ES;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
+
+        p+=l2info.header_len;
+        ih = (struct juniper_ipsec_header *)p;
+
+        switch (ih->type) {
+        case JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE:
+        case JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE:
+            rewrite_len = 0;
+            es_type_bundle = 1;
+            break;
+        case JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE:
+        case JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE:
+        case JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE:
+            rewrite_len = 16;
+            es_type_bundle = 0;
+        default:
+            printf("ES Invalid type %u, length %u",
+                   ih->type,
+                   l2info.length);
+            return l2info.header_len;
+        }
 
-        p+=4;
-        length-=4;
-        caplen-=4;
+        l2info.length-=rewrite_len;
+        p+=rewrite_len;
 
-        if (p[0] == LS_COOKIE_ID) {
-            cookie=EXTRACT_32BITS(p);
-            if (eflag) printf("LSPIC-MLPPP cookie 0x%08x, ",cookie);
-            cookie_len = LS_MLFR_LEN;
-            bundle = cookie & 0xff;
-        } else {
-            cookie=EXTRACT_16BITS(p);
-            if (eflag) printf("MLPIC-MLPPP cookie 0x%04x, ",cookie);
-            cookie_len = ML_MLFR_LEN;
-            bundle = (cookie >> 8) & 0xff;
+        if (eflag) {
+            if (!es_type_bundle) {
+                printf("ES SA, index %u, ttl %u type %s (%u), spi %u, Tunnel %s > %s, length %u\n", 
+                       EXTRACT_16BITS(&ih->sa_index),
+                       ih->ttl, 
+                       tok2str(juniper_ipsec_type_values,"Unknown",ih->type),
+                       ih->type,
+                       EXTRACT_32BITS(&ih->spi),
+                       ipaddr_string(EXTRACT_32BITS(&ih->src_ip)),
+                       ipaddr_string(EXTRACT_32BITS(&ih->dst_ip)),
+                       l2info.length);
+            } else {
+                printf("ES SA, index %u, ttl %u type %s (%u), length %u\n", 
+                       EXTRACT_16BITS(&ih->sa_index),
+                       ih->ttl, 
+                       tok2str(juniper_ipsec_type_values,"Unknown",ih->type),
+                       ih->type,
+                       l2info.length);
+            }
         }
 
-        proto = EXTRACT_16BITS(p+cookie_len);        
-        p += cookie_len;
-        length-= cookie_len;
-        caplen-= cookie_len;
+        ip_print(gndo, p, l2info.length);
+        return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_MONITOR
+u_int
+juniper_monitor_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+        struct juniper_l2info_t l2info;
+        struct juniper_monitor_header {
+            u_int8_t pkt_type;
+            u_int8_t padding;
+            u_int8_t iif[2];
+            u_int8_t service_id[4];
+        };
+        const struct juniper_monitor_header *mh;
+
+        l2info.pictype = DLT_JUNIPER_MONITOR;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
+
+        p+=l2info.header_len;
+        mh = (struct juniper_monitor_header *)p;
+
+        if (eflag)
+            printf("service-id %u, iif %u, pkt-type %u: ",
+                   EXTRACT_32BITS(&mh->service_id),
+                   EXTRACT_16BITS(&mh->iif),
+                   mh->pkt_type);
+
+        /* no proto field - lets guess by first byte of IP header*/
+        ip_heuristic_guess(p, l2info.length);
+
+        return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_SERVICES
+u_int
+juniper_services_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+        struct juniper_l2info_t l2info;
+        struct juniper_services_header {
+            u_int8_t svc_id;
+            u_int8_t flags_len;
+            u_int8_t svc_set_id[2];
+            u_int8_t dir_iif[4];
+        };
+        const struct juniper_services_header *sh;
+
+        l2info.pictype = DLT_JUNIPER_SERVICES;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
+
+        p+=l2info.header_len;
+        sh = (struct juniper_services_header *)p;
+
+        if (eflag)
+            printf("service-id %u flags 0x%02x service-set-id 0x%04x iif %u: ",
+                   sh->svc_id,
+                   sh->flags_len,
+                   EXTRACT_16BITS(&sh->svc_set_id),
+                   EXTRACT_24BITS(&sh->dir_iif[1]));
+
+        /* no proto field - lets guess by first byte of IP header*/
+        ip_heuristic_guess(p, l2info.length);
+
+        return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_PPPOE
+u_int
+juniper_pppoe_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+        struct juniper_l2info_t l2info;
+
+        l2info.pictype = DLT_JUNIPER_PPPOE;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
+
+        p+=l2info.header_len;
+        /* this DLT contains nothing but raw ethernet frames */
+        ether_print(p, l2info.length, l2info.caplen);
+        return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_PPPOE_ATM
+u_int
+juniper_pppoe_atm_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+        struct juniper_l2info_t l2info;
+	u_int16_t extracted_ethertype;
+
+        l2info.pictype = DLT_JUNIPER_PPPOE_ATM;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
+
+        p+=l2info.header_len;
+
+        extracted_ethertype = EXTRACT_16BITS(p);
+        /* this DLT contains nothing but raw PPPoE frames,
+         * prepended with a type field*/
+        if (ether_encap_print(extracted_ethertype,
+                              p+ETHERTYPE_LEN,
+                              l2info.length-ETHERTYPE_LEN,
+                              l2info.caplen-ETHERTYPE_LEN,
+                              &extracted_ethertype) == 0)
+            /* ether_type not known, probably it wasn't one */
+            printf("unknown ethertype 0x%04x", extracted_ethertype);
+        
+        return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_MLPPP
+u_int
+juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+        struct juniper_l2info_t l2info;
+
+        l2info.pictype = DLT_JUNIPER_MLPPP;
+        if(juniper_parse_header(p, h, &l2info) == 0)
+            return l2info.header_len;
 
         /* suppress Bundle-ID if frame was captured on a child-link
-         * this may be the case if the cookie looks like a proto */
+         * best indicator if the cookie looks like a proto */
         if (eflag &&
-            cookie != PPP_OSI &&
-            cookie !=  (PPP_ADDRESS << 8 | PPP_CONTROL))
-            printf("Bundle-ID %u, ",bundle);
+            EXTRACT_16BITS(&l2info.cookie) != PPP_OSI &&
+            EXTRACT_16BITS(&l2info.cookie) !=  (PPP_ADDRESS << 8 | PPP_CONTROL))
+            printf("Bundle-ID %u: ",l2info.bundle);
+
+        p+=l2info.header_len;
+
+        /* first try the LSQ protos */
+        switch(l2info.proto) {
+        case JUNIPER_LSQ_L3_PROTO_IPV4:
+            ip_print(gndo, p, l2info.length);

>>> TRUNCATED FOR MAIL (1000 lines) <<<



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507150126.j6F1QIkJ048702>