From owner-p4-projects@FreeBSD.ORG Fri Jul 15 01:26:20 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D1F0116A420; Fri, 15 Jul 2005 01:26:19 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D3AF16A41F for ; Fri, 15 Jul 2005 01:26:19 +0000 (GMT) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F07AD43D46 for ; Fri, 15 Jul 2005 01:26:18 +0000 (GMT) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j6F1QI6L048705 for ; Fri, 15 Jul 2005 01:26:18 GMT (envelope-from sam@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j6F1QIkJ048702 for perforce@freebsd.org; Fri, 15 Jul 2005 01:26:18 GMT (envelope-from sam@freebsd.org) Date: Fri, 15 Jul 2005 01:26:18 GMT Message-Id: <200507150126.j6F1QIkJ048702@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sam@freebsd.org using -f From: Sam Leffler To: Perforce Change Reviews Cc: Subject: PERFORCE change 80222 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 01:26:20 -0000 http://perforce.freebsd.org/chv.cgi?CH=80222 Change 80222 by sam@sam_ebb on 2005/07/15 01:25:18 reintegrate after cleanup Affected files ... .. //depot/projects/wifi/contrib/hostapd/ChangeLog#2 integrate .. //depot/projects/wifi/contrib/hostapd/Makefile#2 integrate .. //depot/projects/wifi/contrib/hostapd/common.h#2 integrate .. //depot/projects/wifi/contrib/hostapd/config.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/eapol_sm.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/eapol_sm.h#2 integrate .. //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/ms_funcs.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/radius_client.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/radius_server.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/tls_openssl.c#2 integrate .. //depot/projects/wifi/contrib/hostapd/version.h#2 integrate .. //depot/projects/wifi/contrib/hostapd/wpa.c#2 integrate .. //depot/projects/wifi/contrib/libpcap/pcap-dos.c#2 integrate .. //depot/projects/wifi/contrib/tcpdump/ipproto.c#2 integrate .. //depot/projects/wifi/contrib/tcpdump/pmap_prot.h#2 integrate .. //depot/projects/wifi/contrib/tcpdump/print-eigrp.c#2 integrate .. //depot/projects/wifi/contrib/tcpdump/print-juniper.c#2 integrate .. //depot/projects/wifi/contrib/tcpdump/print-lmp.c#2 integrate .. //depot/projects/wifi/contrib/tcpdump/print-lspping.c#2 integrate .. //depot/projects/wifi/contrib/tcpdump/rpc_auth.h#2 integrate .. //depot/projects/wifi/contrib/tcpdump/rpc_msg.h#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/ChangeLog#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/README#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/config.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/ctrl_iface.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/eap.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/eap_mschapv2.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/eap_peap.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/eap_tls_common.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/eap_ttls.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/eapol_sm.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/ms_funcs.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/tls_openssl.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/version.h#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/wpa.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/wpa_ctrl.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/wpa_supplicant.c#2 integrate .. //depot/projects/wifi/contrib/wpa_supplicant/wpa_supplicant_i.h#2 integrate .. //depot/projects/wifi/share/man/man4/if_bridge.4#2 integrate .. //depot/projects/wifi/sys/dev/kbd/atkbdc.c#4 delete .. //depot/projects/wifi/sys/dev/mpt/mpt_freebsd.h#4 delete .. //depot/projects/wifi/sys/i386/i386/ptrace_machdep.c#2 integrate .. //depot/projects/wifi/sys/isa/atkbdc_isa.c#3 delete .. //depot/projects/wifi/sys/net/bridgestp.c#2 integrate .. //depot/projects/wifi/sys/net/if_bridge.c#2 integrate .. //depot/projects/wifi/sys/net/if_bridgevar.h#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/hostapd/Makefile#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/hostapd/driver_freebsd.c#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/hostapd/hostapd.1#2 delete .. //depot/projects/wifi/usr.sbin/wpa/hostapd_cli/Makefile#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/hostapd_cli/hostapd_cli.1#2 delete .. //depot/projects/wifi/usr.sbin/wpa/wpa_cli/Makefile#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/wpa_cli/wpa_cli.1#2 delete .. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/Makefile#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c#2 integrate .. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.1#2 delete .. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5#2 integrate Differences ... ==== //depot/projects/wifi/contrib/hostapd/ChangeLog#2 (text+ko) ==== @@ -1,5 +1,19 @@ ChangeLog for hostapd +2005-06-10 - v0.3.9 + * fixed a bug which caused some RSN pre-authentication cases to use + freed memory and potentially crash hostapd + * fixed private key loading for cases where passphrase is not set + * fixed WPA2 to add PMKSA cache entry when using integrated EAP + authenticator + * driver_madwifi: fixed pairwise key removal to allow WPA reauth + without disassociation + * fixed RADIUS attribute Class processing to only use Access-Accept + packets to update Class; previously, other RADIUS authentication + packets could have cleared Class attribute + * fixed PMKSA caching (EAP authentication was not skipped correctly + with the new state machine changes from IEEE 802.1X draft) + 2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases) 2005-01-23 - v0.3.5 ==== //depot/projects/wifi/contrib/hostapd/Makefile#2 (text+ko) ==== @@ -228,6 +228,6 @@ $(CC) -o hostapd_cli hostapd_cli.o hostapd_ctrl.o clean: - rm -f core *~ *.o hostapd *.d driver_conf.c + rm -f core *~ *.o hostapd hostapd_cli *.d driver_conf.c -include $(OBJS:%.o=%.d) ==== //depot/projects/wifi/contrib/hostapd/common.h#2 (text+ko) ==== @@ -8,8 +8,12 @@ #ifdef __FreeBSD__ #include #include +#define __BYTE_ORDER _BYTE_ORDER +#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#define __BIG_ENDIAN _BIG_ENDIAN #define bswap_16 bswap16 #define bswap_32 bswap32 +#define bswap_64 bswap64 #endif #ifdef CONFIG_NATIVE_WINDOWS ==== //depot/projects/wifi/contrib/hostapd/config.c#2 (text+ko) ==== @@ -597,7 +597,8 @@ } if (conf->wpa && (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && - conf->wpa_psk == NULL && conf->wpa_passphrase == NULL) { + conf->wpa_psk == NULL && conf->wpa_passphrase == NULL && + conf->wpa_psk_file == NULL) { printf("WPA-PSK enabled, but PSK or passphrase is not " "configured.\n"); return -1; ==== //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#2 (text+ko) ==== @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -383,7 +384,8 @@ unlink(fname); free(fname); - if (rmdir(hapd->conf->ctrl_interface) < 0) { + if (hapd->conf->ctrl_interface && + rmdir(hapd->conf->ctrl_interface) < 0) { if (errno == ENOTEMPTY) { wpa_printf(MSG_DEBUG, "Control interface " "directory not empty - leaving it " ==== //depot/projects/wifi/contrib/hostapd/eapol_sm.c#2 (text+ko) ==== @@ -12,7 +12,7 @@ * * See README and COPYING for more details. * - * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.2 2005/06/05 22:41:14 sam Exp $ + * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.3 2005/06/13 17:07:31 sam Exp $ */ #include @@ -767,22 +767,22 @@ prev_ctrl_dir = sm->ctrl_dir.state; SM_STEP_RUN(AUTH_PAE); - if (!eapol_sm_sta_entry_alive(hapd, addr)) + if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr)) break; SM_STEP_RUN(BE_AUTH); - if (!eapol_sm_sta_entry_alive(hapd, addr)) + if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr)) break; SM_STEP_RUN(REAUTH_TIMER); - if (!eapol_sm_sta_entry_alive(hapd, addr)) + if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr)) break; SM_STEP_RUN(AUTH_KEY_TX); - if (!eapol_sm_sta_entry_alive(hapd, addr)) + if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr)) break; SM_STEP_RUN(KEY_RX); - if (!eapol_sm_sta_entry_alive(hapd, addr)) + if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr)) break; SM_STEP_RUN(CTRL_DIR); - if (!eapol_sm_sta_entry_alive(hapd, addr)) + if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr)) break; } while (prev_auth_pae != sm->auth_pae.state || prev_be_auth != sm->be_auth.state || @@ -803,12 +803,14 @@ void eapol_sm_initialize(struct eapol_state_machine *sm) { + sm->initializing = TRUE; /* Initialize the state machines by asserting initialize and then * deasserting it after one step */ sm->initialize = TRUE; eapol_sm_step(sm); sm->initialize = FALSE; eapol_sm_step(sm); + sm->initializing = FALSE; /* Start one second tick for port timers state machine */ eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm); ==== //depot/projects/wifi/contrib/hostapd/eapol_sm.h#2 (text+ko) ==== @@ -195,6 +195,8 @@ */ u8 currentId; + Boolean initializing; /* in process of initializing state machines */ + /* Somewhat nasty pointers to global hostapd and STA data to avoid * passing these to every function */ struct hostapd_data *hapd; ==== //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#2 (text+ko) ==== @@ -12,7 +12,7 @@ * * See README and COPYING for more details. * - * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.2 2005/06/05 22:41:14 sam Exp $ + * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.3 2005/06/13 17:07:31 sam Exp $ */ #include @@ -1157,6 +1157,7 @@ session_timeout_set ? session_timeout : -1); } + ieee802_1x_store_radius_class(hapd, sta, msg); break; case RADIUS_CODE_ACCESS_REJECT: sm->eapFail = TRUE; @@ -1180,7 +1181,6 @@ break; } - ieee802_1x_store_radius_class(hapd, sta, msg); ieee802_1x_decapsulate_radius(hapd, sta); if (override_eapReq) sm->be_auth.eapReq = FALSE; @@ -1669,6 +1669,7 @@ return len; } + void ieee802_1x_finished(struct hostapd_data *hapd, struct sta_info *sta, int success) { @@ -1682,4 +1683,3 @@ pmksa_cache_add(hapd, sta, key, dot11RSNAConfigPMKLifetime); } } - ==== //depot/projects/wifi/contrib/hostapd/ms_funcs.c#2 (text+ko) ==== @@ -158,12 +158,14 @@ }; const unsigned char *addr[3]; const size_t len[3] = { 16, 24, sizeof(magic1) }; + u8 hash[SHA1_MAC_LEN]; addr[0] = password_hash_hash; addr[1] = nt_response; addr[2] = magic1; - sha1_vector(3, addr, len, master_key); + sha1_vector(3, addr, len, hash); + memcpy(master_key, hash, 16); } ==== //depot/projects/wifi/contrib/hostapd/radius_client.c#2 (text+ko) ==== @@ -506,7 +506,7 @@ rconf = hapd->conf->auth_server; } - len = recv(sock, buf, sizeof(buf), 0); + len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT); if (len < 0) { perror("recv[RADIUS]"); return; ==== //depot/projects/wifi/contrib/hostapd/radius_server.c#2 (text+ko) ==== @@ -325,6 +325,7 @@ { struct radius_msg *msg; int ret = 0; + struct eap_hdr eapfail; RADIUS_DEBUG("Reject invalid request from %s:%d", inet_ntoa(from->sin_addr), ntohs(from->sin_port)); @@ -335,6 +336,16 @@ return -1; } + memset(&eapfail, 0, sizeof(eapfail)); + eapfail.code = EAP_CODE_FAILURE; + eapfail.identifier = 0; + eapfail.length = htons(sizeof(eapfail)); + + if (!radius_msg_add_eap(msg, (u8 *) &eapfail, sizeof(eapfail))) { + RADIUS_DEBUG("Failed to add EAP-Message attribute"); + } + + if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret, client->shared_secret_len, request->hdr->authenticator) < 0) { @@ -395,6 +406,7 @@ sess = radius_server_get_new_session(data, client, msg); if (sess == NULL) { RADIUS_DEBUG("Could not create a new session"); + radius_server_reject(data, client, msg, from); return -1; } } ==== //depot/projects/wifi/contrib/hostapd/tls_openssl.c#2 (text+ko) ==== @@ -489,9 +489,12 @@ if (private_key == NULL) return 0; - passwd = strdup(private_key_passwd); - if (passwd == NULL) - return -1; + if (private_key_passwd) { + passwd = strdup(private_key_passwd); + if (passwd == NULL) + return -1; + } else + passwd = NULL; SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); ==== //depot/projects/wifi/contrib/hostapd/version.h#2 (text+ko) ==== @@ -1,6 +1,6 @@ #ifndef VERSION_H #define VERSION_H -#define VERSION_STR "0.3.7" +#define VERSION_STR "0.3.9" #endif /* VERSION_H */ ==== //depot/projects/wifi/contrib/hostapd/wpa.c#2 (text+ko) ==== @@ -12,7 +12,7 @@ * * See README and COPYING for more details. * - * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.2 2005/06/05 22:41:14 sam Exp $ + * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.3 2005/06/13 17:07:31 sam Exp $ */ #include @@ -1416,6 +1416,14 @@ key = (struct wpa_eapol_key *) (hdr + 1); key_info = ntohs(key->key_info); key_data_length = ntohs(key->key_data_length); + if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) { + wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " + "key_data overflow (%d > %lu)", + key_data_length, + (unsigned long) (data_len - sizeof(*hdr) - + sizeof(*key))); + return; + } /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys * are set */ ==== //depot/projects/wifi/contrib/libpcap/pcap-dos.c#2 (text+ko) ==== @@ -5,7 +5,7 @@ * pcap-dos.c: Interface to PKTDRVR, NDIS2 and 32-bit pmode * network drivers. * - * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1 2004/12/18 08:52:10 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1.2.1 2005/05/03 18:54:35 guy Exp $ (LBL) */ #include @@ -172,6 +172,7 @@ pcap->stats_op = pcap_stats_dos; pcap->inject_op = pcap_sendpacket_dos; pcap->setfilter_op = pcap_setfilter_dos; + pcap->setdirection_op = NULL; /* Not implemented.*/ pcap->fd = ++ref_count; if (pcap->fd == 1) /* first time we're called */ ==== //depot/projects/wifi/contrib/tcpdump/ipproto.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/ipproto.c,v 1.3 2004/12/15 08:41:26 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/ipproto.c,v 1.3.2.2 2005/05/20 21:15:45 hannes Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -24,8 +24,8 @@ #include +#include "interface.h" #include "ipproto.h" -#include "interface.h" struct tok ipproto_values[] = { { IPPROTO_HOPOPTS, "Options" }, @@ -51,6 +51,7 @@ { IPPROTO_PIM, "PIM" }, { IPPROTO_IPCOMP, "Compressed IP" }, { IPPROTO_VRRP, "VRRP" }, + { IPPROTO_PGM, "PGM" }, { IPPROTO_SCTP, "SCTP" }, { IPPROTO_MOBILITY, "Mobility" }, { 0, NULL } ==== //depot/projects/wifi/contrib/tcpdump/pmap_prot.h#2 (text+ko) ==== @@ -1,4 +1,4 @@ -/* @(#) $Header: /tcpdump/master/tcpdump/pmap_prot.h,v 1.1 2004/12/27 00:41:30 guy Exp $ (LBL) */ +/* @(#) $Header: /tcpdump/master/tcpdump/pmap_prot.h,v 1.1.2.2 2005/04/27 21:44:06 guy Exp $ (LBL) */ /* * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape @@ -29,7 +29,7 @@ * * from: @(#)pmap_prot.h 1.14 88/02/08 SMI * from: @(#)pmap_prot.h 2.1 88/07/29 4.0 RPCSRC - * $FreeBSD: src/contrib/tcpdump/pmap_prot.h,v 1.1.1.1 2005/05/29 18:16:36 sam Exp $ + * $FreeBSD: src/contrib/tcpdump/pmap_prot.h,v 1.1.1.2 2005/07/11 03:53:37 sam Exp $ */ /* @@ -69,26 +69,21 @@ * The service supports remote procedure calls on udp/ip or tcp/ip socket 111. */ -#ifndef _RPC_PMAPPROT_H -#define _RPC_PMAPPROT_H +#define SUNRPC_PMAPPORT ((u_int16_t)111) +#define SUNRPC_PMAPPROG ((u_int32_t)100000) +#define SUNRPC_PMAPVERS ((u_int32_t)2) +#define SUNRPC_PMAPVERS_PROTO ((u_int32_t)2) +#define SUNRPC_PMAPVERS_ORIG ((u_int32_t)1) +#define SUNRPC_PMAPPROC_NULL ((u_int32_t)0) +#define SUNRPC_PMAPPROC_SET ((u_int32_t)1) +#define SUNRPC_PMAPPROC_UNSET ((u_int32_t)2) +#define SUNRPC_PMAPPROC_GETPORT ((u_int32_t)3) +#define SUNRPC_PMAPPROC_DUMP ((u_int32_t)4) +#define SUNRPC_PMAPPROC_CALLIT ((u_int32_t)5) -#define PMAPPORT ((u_int16_t)111) -#define PMAPPROG ((u_int32_t)100000) -#define PMAPVERS ((u_int32_t)2) -#define PMAPVERS_PROTO ((u_int32_t)2) -#define PMAPVERS_ORIG ((u_int32_t)1) -#define PMAPPROC_NULL ((u_int32_t)0) -#define PMAPPROC_SET ((u_int32_t)1) -#define PMAPPROC_UNSET ((u_int32_t)2) -#define PMAPPROC_GETPORT ((u_int32_t)3) -#define PMAPPROC_DUMP ((u_int32_t)4) -#define PMAPPROC_CALLIT ((u_int32_t)5) - -struct pmap { +struct sunrpc_pmap { u_int32_t pm_prog; u_int32_t pm_vers; u_int32_t pm_prot; u_int32_t pm_port; }; - -#endif /* !_RPC_PMAPPROT_H */ ==== //depot/projects/wifi/contrib/tcpdump/print-eigrp.c#2 (text+ko) ==== @@ -16,7 +16,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-eigrp.c,v 1.5 2004/05/12 22:22:40 hannes Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-eigrp.c,v 1.5.2.2 2005/05/06 02:53:41 guy Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -216,7 +216,7 @@ const struct eigrp_common_header *eigrp_com_header; const struct eigrp_tlv_header *eigrp_tlv_header; const u_char *tptr,*tlv_tptr; - int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen,byte_length, bit_length; + u_int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen, byte_length, bit_length; u_int8_t prefix[4]; union { @@ -271,15 +271,15 @@ while(tlen>0) { /* did we capture enough for fully decoding the object header ? */ - if (!TTEST2(*tptr, sizeof(struct eigrp_tlv_header))) - goto trunc; + TCHECK2(*tptr, sizeof(struct eigrp_tlv_header)); eigrp_tlv_header = (const struct eigrp_tlv_header *)tptr; eigrp_tlv_len=EXTRACT_16BITS(&eigrp_tlv_header->length); eigrp_tlv_type=EXTRACT_16BITS(&eigrp_tlv_header->type); - if (eigrp_tlv_len == 0 || eigrp_tlv_len > tlen) { + if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header) || + eigrp_tlv_len > tlen) { print_unknown_data(tptr+sizeof(sizeof(struct eigrp_tlv_header)),"\n\t ",tlen); return; } @@ -295,8 +295,7 @@ tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header); /* did we capture enough for fully decoding the object ? */ - if (!TTEST2(*tptr, eigrp_tlv_len)) - goto trunc; + TCHECK2(*tptr, eigrp_tlv_len); switch(eigrp_tlv_type) { @@ -326,7 +325,7 @@ tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr; bit_length = tlv_ptr.eigrp_tlv_ip_int->plen; - if (bit_length < 0 || bit_length > 32) { + if (bit_length > 32) { printf("\n\t illegal prefix length %u",bit_length); break; } @@ -340,7 +339,7 @@ if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop) == 0) printf("self"); else - printf("%s",ipaddr_string(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop))); + printf("%s",ipaddr_string(&tlv_ptr.eigrp_tlv_ip_int->nexthop)); printf("\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u", (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->delay)/100), @@ -355,7 +354,7 @@ tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr; bit_length = tlv_ptr.eigrp_tlv_ip_ext->plen; - if (bit_length < 0 || bit_length > 32) { + if (bit_length > 32) { printf("\n\t illegal prefix length %u",bit_length); break; } @@ -369,7 +368,7 @@ if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop) == 0) printf("self"); else - printf("%s",ipaddr_string(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop))); + printf("%s",ipaddr_string(&tlv_ptr.eigrp_tlv_ip_ext->nexthop)); printf("\n\t origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u", ipaddr_string(tlv_ptr.eigrp_tlv_ip_ext->origin_router), ==== //depot/projects/wifi/contrib/tcpdump/print-juniper.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-juniper.c,v 1.8 2005/04/06 21:32:41 mcr Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-juniper.c,v 1.8.2.13 2005/06/20 07:45:05 hannes Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -28,131 +28,476 @@ #include #include "interface.h" +#include "addrtoname.h" #include "extract.h" #include "ppp.h" #include "llc.h" #include "nlpid.h" +#include "ethertype.h" +#include "atm.h" #define JUNIPER_BPF_OUT 0 /* Outgoing packet */ #define JUNIPER_BPF_IN 1 /* Incoming packet */ #define JUNIPER_BPF_PKT_IN 0x1 /* Incoming packet */ #define JUNIPER_BPF_NO_L2 0x2 /* L2 header stripped */ +#define JUNIPER_MGC_NUMBER 0x4d4743 /* = "MGC" */ + +#define JUNIPER_LSQ_L3_PROTO_SHIFT 4 +#define JUNIPER_LSQ_L3_PROTO_MASK (0x17 << JUNIPER_LSQ_L3_PROTO_SHIFT) +#define JUNIPER_LSQ_L3_PROTO_IPV4 (0 << JUNIPER_LSQ_L3_PROTO_SHIFT) +#define JUNIPER_LSQ_L3_PROTO_IPV6 (1 << JUNIPER_LSQ_L3_PROTO_SHIFT) +#define JUNIPER_LSQ_L3_PROTO_MPLS (2 << JUNIPER_LSQ_L3_PROTO_SHIFT) +#define JUNIPER_LSQ_L3_PROTO_ISO (3 << JUNIPER_LSQ_L3_PROTO_SHIFT) + +#define JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE 1 +#define JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE 2 +#define JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE 3 +#define JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE 4 +#define JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE 5 + +static struct tok juniper_ipsec_type_values[] = { + { JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE, "ESP ENCR-AUTH" }, + { JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE, "ESP ENCR-AH AUTH" }, + { JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE, "ESP AUTH" }, + { JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE, "AH AUTH" }, + { JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE, "ESP ENCR" }, + { 0, NULL} +}; + +static struct tok juniper_direction_values[] = { + { JUNIPER_BPF_IN, "In"}, + { JUNIPER_BPF_OUT, "Out"}, + { 0, NULL} +}; + +struct juniper_cookie_table_t { + u_int32_t pictype; /* pic type */ + u_int8_t cookie_len; /* cookie len */ + const char *s; /* pic name */ +}; + +static struct juniper_cookie_table_t juniper_cookie_table[] = { +#ifdef DLT_JUNIPER_ATM1 + { DLT_JUNIPER_ATM1, 4, "ATM1"}, +#endif +#ifdef DLT_JUNIPER_ATM2 + { DLT_JUNIPER_ATM2, 8, "ATM2"}, +#endif +#ifdef DLT_JUNIPER_MLPPP + { DLT_JUNIPER_MLPPP, 2, "MLPPP"}, +#endif +#ifdef DLT_JUNIPER_MLFR + { DLT_JUNIPER_MLFR, 2, "MLFR"}, +#endif +#ifdef DLT_JUNIPER_MFR + { DLT_JUNIPER_MFR, 4, "MFR"}, +#endif +#ifdef DLT_JUNIPER_PPPOE + { DLT_JUNIPER_PPPOE, 0, "PPPoE"}, +#endif +#ifdef DLT_JUNIPER_PPPOE_ATM + { DLT_JUNIPER_PPPOE_ATM, 0, "PPPoE ATM"}, +#endif +#ifdef DLT_JUNIPER_GGSN + { DLT_JUNIPER_GGSN, 8, "GGSN"}, +#endif +#ifdef DLT_JUNIPER_MONITOR + { DLT_JUNIPER_MONITOR, 8, "MONITOR"}, +#endif +#ifdef DLT_JUNIPER_SERVICES + { DLT_JUNIPER_SERVICES, 8, "AS"}, +#endif +#ifdef DLT_JUNIPER_ES + { DLT_JUNIPER_ES, 0, "ES"}, +#endif + { 0, 0, NULL } +}; +struct juniper_l2info_t { + u_int32_t length; + u_int32_t caplen; + u_int32_t pictype; + u_int8_t direction; + u_int8_t header_len; + u_int8_t cookie_len; + u_int8_t cookie_type; + u_int8_t cookie[8]; + u_int8_t bundle; + u_int16_t proto; +}; + #define LS_COOKIE_ID 0x54 -#define LS_MLFR_LEN 4 -#define ML_MLFR_LEN 2 +#define AS_COOKIE_ID 0x47 +#define LS_MLFR_COOKIE_LEN 4 +#define ML_MLFR_COOKIE_LEN 2 +#define LS_MFR_COOKIE_LEN 6 +#define ATM1_COOKIE_LEN 4 +#define ATM2_COOKIE_LEN 8 #define ATM2_PKT_TYPE_MASK 0x70 #define ATM2_GAP_COUNT_MASK 0x3F +#define JUNIPER_PROTO_NULL 1 +#define JUNIPER_PROTO_IPV4 2 +#define JUNIPER_PROTO_IPV6 6 + +static struct tok juniper_protocol_values[] = { + { JUNIPER_PROTO_NULL, "Null" }, + { JUNIPER_PROTO_IPV4, "IPv4" }, + { JUNIPER_PROTO_IPV6, "IPv6" }, + { 0, NULL} +}; + int ip_heuristic_guess(register const u_char *, u_int); int juniper_ppp_heuristic_guess(register const u_char *, u_int); -static int juniper_parse_header (const u_char *, u_int8_t *, u_int); +static int juniper_parse_header (const u_char *, const struct pcap_pkthdr *, struct juniper_l2info_t *); + +#ifdef DLT_JUNIPER_GGSN +u_int +juniper_ggsn_print(const struct pcap_pkthdr *h, register const u_char *p) +{ + struct juniper_l2info_t l2info; + struct juniper_ggsn_header { + u_int8_t svc_id; + u_int8_t flags_len; + u_int8_t proto; + u_int8_t flags; + u_int8_t vlan_id[2]; + u_int8_t res[2]; + }; + const struct juniper_ggsn_header *gh; + + l2info.pictype = DLT_JUNIPER_GGSN; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; + + p+=l2info.header_len; + gh = (struct juniper_ggsn_header *)p; + + if (eflag) + printf("proto %s (%u), vlan %u: ", + tok2str(juniper_protocol_values,"Unknown",gh->proto), + gh->proto, + EXTRACT_16BITS(&gh->vlan_id[0])); + + switch (gh->proto) { + case JUNIPER_PROTO_IPV4: + ip_print(gndo, p, l2info.length); + break; +#ifdef INET6 + case JUNIPER_PROTO_IPV6: + ip6_print(p, l2info.length); + break; +#endif /* INET6 */ + default: + if (!eflag) + printf("unknown GGSN proto (%u)", gh->proto); + } + + return l2info.header_len; +} +#endif +#ifdef DLT_JUNIPER_ES u_int -juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p) +juniper_es_print(const struct pcap_pkthdr *h, register const u_char *p) { - register u_int length = h->len; - register u_int caplen = h->caplen; - u_int8_t direction,bundle,cookie_len; - u_int32_t cookie,proto; - - if(juniper_parse_header(p, &direction,length) == 0) - return 0; + struct juniper_l2info_t l2info; + struct juniper_ipsec_header { + u_int8_t sa_index[2]; + u_int8_t ttl; + u_int8_t type; + u_int8_t spi[4]; + u_int8_t src_ip[4]; + u_int8_t dst_ip[4]; + }; + u_int rewrite_len,es_type_bundle; + const struct juniper_ipsec_header *ih; + + l2info.pictype = DLT_JUNIPER_ES; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; + + p+=l2info.header_len; + ih = (struct juniper_ipsec_header *)p; + + switch (ih->type) { + case JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE: + case JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE: + rewrite_len = 0; + es_type_bundle = 1; + break; + case JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE: + case JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE: + case JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE: + rewrite_len = 16; + es_type_bundle = 0; + default: + printf("ES Invalid type %u, length %u", + ih->type, + l2info.length); + return l2info.header_len; + } - p+=4; - length-=4; - caplen-=4; + l2info.length-=rewrite_len; + p+=rewrite_len; - if (p[0] == LS_COOKIE_ID) { - cookie=EXTRACT_32BITS(p); - if (eflag) printf("LSPIC-MLPPP cookie 0x%08x, ",cookie); - cookie_len = LS_MLFR_LEN; - bundle = cookie & 0xff; - } else { - cookie=EXTRACT_16BITS(p); - if (eflag) printf("MLPIC-MLPPP cookie 0x%04x, ",cookie); - cookie_len = ML_MLFR_LEN; - bundle = (cookie >> 8) & 0xff; + if (eflag) { + if (!es_type_bundle) { + printf("ES SA, index %u, ttl %u type %s (%u), spi %u, Tunnel %s > %s, length %u\n", + EXTRACT_16BITS(&ih->sa_index), + ih->ttl, + tok2str(juniper_ipsec_type_values,"Unknown",ih->type), + ih->type, + EXTRACT_32BITS(&ih->spi), + ipaddr_string(EXTRACT_32BITS(&ih->src_ip)), + ipaddr_string(EXTRACT_32BITS(&ih->dst_ip)), + l2info.length); + } else { + printf("ES SA, index %u, ttl %u type %s (%u), length %u\n", + EXTRACT_16BITS(&ih->sa_index), + ih->ttl, + tok2str(juniper_ipsec_type_values,"Unknown",ih->type), + ih->type, + l2info.length); + } } - proto = EXTRACT_16BITS(p+cookie_len); - p += cookie_len; - length-= cookie_len; - caplen-= cookie_len; + ip_print(gndo, p, l2info.length); + return l2info.header_len; +} +#endif + +#ifdef DLT_JUNIPER_MONITOR +u_int +juniper_monitor_print(const struct pcap_pkthdr *h, register const u_char *p) +{ + struct juniper_l2info_t l2info; + struct juniper_monitor_header { + u_int8_t pkt_type; + u_int8_t padding; + u_int8_t iif[2]; + u_int8_t service_id[4]; + }; + const struct juniper_monitor_header *mh; + + l2info.pictype = DLT_JUNIPER_MONITOR; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; + + p+=l2info.header_len; + mh = (struct juniper_monitor_header *)p; + + if (eflag) + printf("service-id %u, iif %u, pkt-type %u: ", + EXTRACT_32BITS(&mh->service_id), + EXTRACT_16BITS(&mh->iif), + mh->pkt_type); + + /* no proto field - lets guess by first byte of IP header*/ + ip_heuristic_guess(p, l2info.length); + + return l2info.header_len; +} +#endif + +#ifdef DLT_JUNIPER_SERVICES +u_int +juniper_services_print(const struct pcap_pkthdr *h, register const u_char *p) +{ + struct juniper_l2info_t l2info; + struct juniper_services_header { + u_int8_t svc_id; + u_int8_t flags_len; + u_int8_t svc_set_id[2]; + u_int8_t dir_iif[4]; + }; + const struct juniper_services_header *sh; + + l2info.pictype = DLT_JUNIPER_SERVICES; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; + + p+=l2info.header_len; + sh = (struct juniper_services_header *)p; + + if (eflag) + printf("service-id %u flags 0x%02x service-set-id 0x%04x iif %u: ", + sh->svc_id, + sh->flags_len, + EXTRACT_16BITS(&sh->svc_set_id), + EXTRACT_24BITS(&sh->dir_iif[1])); + + /* no proto field - lets guess by first byte of IP header*/ + ip_heuristic_guess(p, l2info.length); + + return l2info.header_len; +} +#endif + +#ifdef DLT_JUNIPER_PPPOE +u_int +juniper_pppoe_print(const struct pcap_pkthdr *h, register const u_char *p) +{ + struct juniper_l2info_t l2info; + + l2info.pictype = DLT_JUNIPER_PPPOE; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; + + p+=l2info.header_len; + /* this DLT contains nothing but raw ethernet frames */ + ether_print(p, l2info.length, l2info.caplen); + return l2info.header_len; +} +#endif + +#ifdef DLT_JUNIPER_PPPOE_ATM +u_int +juniper_pppoe_atm_print(const struct pcap_pkthdr *h, register const u_char *p) +{ + struct juniper_l2info_t l2info; + u_int16_t extracted_ethertype; + + l2info.pictype = DLT_JUNIPER_PPPOE_ATM; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; + + p+=l2info.header_len; + + extracted_ethertype = EXTRACT_16BITS(p); + /* this DLT contains nothing but raw PPPoE frames, + * prepended with a type field*/ + if (ether_encap_print(extracted_ethertype, + p+ETHERTYPE_LEN, + l2info.length-ETHERTYPE_LEN, + l2info.caplen-ETHERTYPE_LEN, + &extracted_ethertype) == 0) + /* ether_type not known, probably it wasn't one */ + printf("unknown ethertype 0x%04x", extracted_ethertype); + + return l2info.header_len; +} +#endif + +#ifdef DLT_JUNIPER_MLPPP +u_int +juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p) +{ + struct juniper_l2info_t l2info; + + l2info.pictype = DLT_JUNIPER_MLPPP; + if(juniper_parse_header(p, h, &l2info) == 0) + return l2info.header_len; /* suppress Bundle-ID if frame was captured on a child-link - * this may be the case if the cookie looks like a proto */ + * best indicator if the cookie looks like a proto */ if (eflag && - cookie != PPP_OSI && - cookie != (PPP_ADDRESS << 8 | PPP_CONTROL)) - printf("Bundle-ID %u, ",bundle); + EXTRACT_16BITS(&l2info.cookie) != PPP_OSI && + EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL)) + printf("Bundle-ID %u: ",l2info.bundle); + + p+=l2info.header_len; + + /* first try the LSQ protos */ + switch(l2info.proto) { + case JUNIPER_LSQ_L3_PROTO_IPV4: + ip_print(gndo, p, l2info.length); >>> TRUNCATED FOR MAIL (1000 lines) <<<