PERFORCE change 80222 for review
Sam Leffler
sam at FreeBSD.org
Fri Jul 15 01:26:20 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=80222
Change 80222 by sam at sam_ebb on 2005/07/15 01:25:18
reintegrate after cleanup
Affected files ...
.. //depot/projects/wifi/contrib/hostapd/ChangeLog#2 integrate
.. //depot/projects/wifi/contrib/hostapd/Makefile#2 integrate
.. //depot/projects/wifi/contrib/hostapd/common.h#2 integrate
.. //depot/projects/wifi/contrib/hostapd/config.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/eapol_sm.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/eapol_sm.h#2 integrate
.. //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/ms_funcs.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/radius_client.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/radius_server.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/tls_openssl.c#2 integrate
.. //depot/projects/wifi/contrib/hostapd/version.h#2 integrate
.. //depot/projects/wifi/contrib/hostapd/wpa.c#2 integrate
.. //depot/projects/wifi/contrib/libpcap/pcap-dos.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/ipproto.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/pmap_prot.h#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-eigrp.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-juniper.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-lmp.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/print-lspping.c#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/rpc_auth.h#2 integrate
.. //depot/projects/wifi/contrib/tcpdump/rpc_msg.h#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/ChangeLog#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/README#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/config.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/ctrl_iface.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_mschapv2.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_peap.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_tls_common.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eap_ttls.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/eapol_sm.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/ms_funcs.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/tls_openssl.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/version.h#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa_ctrl.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa_supplicant.c#2 integrate
.. //depot/projects/wifi/contrib/wpa_supplicant/wpa_supplicant_i.h#2 integrate
.. //depot/projects/wifi/share/man/man4/if_bridge.4#2 integrate
.. //depot/projects/wifi/sys/dev/kbd/atkbdc.c#4 delete
.. //depot/projects/wifi/sys/dev/mpt/mpt_freebsd.h#4 delete
.. //depot/projects/wifi/sys/i386/i386/ptrace_machdep.c#2 integrate
.. //depot/projects/wifi/sys/isa/atkbdc_isa.c#3 delete
.. //depot/projects/wifi/sys/net/bridgestp.c#2 integrate
.. //depot/projects/wifi/sys/net/if_bridge.c#2 integrate
.. //depot/projects/wifi/sys/net/if_bridgevar.h#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd/driver_freebsd.c#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd/hostapd.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/hostapd_cli/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/hostapd_cli/hostapd_cli.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/wpa_cli/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/wpa_cli/wpa_cli.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c#2 integrate
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.1#2 delete
.. //depot/projects/wifi/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5#2 integrate
Differences ...
==== //depot/projects/wifi/contrib/hostapd/ChangeLog#2 (text+ko) ====
@@ -1,5 +1,19 @@
ChangeLog for hostapd
+2005-06-10 - v0.3.9
+ * fixed a bug which caused some RSN pre-authentication cases to use
+ freed memory and potentially crash hostapd
+ * fixed private key loading for cases where passphrase is not set
+ * fixed WPA2 to add PMKSA cache entry when using integrated EAP
+ authenticator
+ * driver_madwifi: fixed pairwise key removal to allow WPA reauth
+ without disassociation
+ * fixed RADIUS attribute Class processing to only use Access-Accept
+ packets to update Class; previously, other RADIUS authentication
+ packets could have cleared Class attribute
+ * fixed PMKSA caching (EAP authentication was not skipped correctly
+ with the new state machine changes from IEEE 802.1X draft)
+
2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
2005-01-23 - v0.3.5
==== //depot/projects/wifi/contrib/hostapd/Makefile#2 (text+ko) ====
@@ -228,6 +228,6 @@
$(CC) -o hostapd_cli hostapd_cli.o hostapd_ctrl.o
clean:
- rm -f core *~ *.o hostapd *.d driver_conf.c
+ rm -f core *~ *.o hostapd hostapd_cli *.d driver_conf.c
-include $(OBJS:%.o=%.d)
==== //depot/projects/wifi/contrib/hostapd/common.h#2 (text+ko) ====
@@ -8,8 +8,12 @@
#ifdef __FreeBSD__
#include <sys/types.h>
#include <sys/endian.h>
+#define __BYTE_ORDER _BYTE_ORDER
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#define __BIG_ENDIAN _BIG_ENDIAN
#define bswap_16 bswap16
#define bswap_32 bswap32
+#define bswap_64 bswap64
#endif
#ifdef CONFIG_NATIVE_WINDOWS
==== //depot/projects/wifi/contrib/hostapd/config.c#2 (text+ko) ====
@@ -597,7 +597,8 @@
}
if (conf->wpa && (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
- conf->wpa_psk == NULL && conf->wpa_passphrase == NULL) {
+ conf->wpa_psk == NULL && conf->wpa_passphrase == NULL &&
+ conf->wpa_psk_file == NULL) {
printf("WPA-PSK enabled, but PSK or passphrase is not "
"configured.\n");
return -1;
==== //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#2 (text+ko) ====
@@ -20,6 +20,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/uio.h>
#include <sys/stat.h>
#include <errno.h>
#include <netinet/in.h>
@@ -383,7 +384,8 @@
unlink(fname);
free(fname);
- if (rmdir(hapd->conf->ctrl_interface) < 0) {
+ if (hapd->conf->ctrl_interface &&
+ rmdir(hapd->conf->ctrl_interface) < 0) {
if (errno == ENOTEMPTY) {
wpa_printf(MSG_DEBUG, "Control interface "
"directory not empty - leaving it "
==== //depot/projects/wifi/contrib/hostapd/eapol_sm.c#2 (text+ko) ====
@@ -12,7 +12,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.3 2005/06/13 17:07:31 sam Exp $
*/
#include <stdlib.h>
@@ -767,22 +767,22 @@
prev_ctrl_dir = sm->ctrl_dir.state;
SM_STEP_RUN(AUTH_PAE);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(BE_AUTH);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(REAUTH_TIMER);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(AUTH_KEY_TX);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(KEY_RX);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(CTRL_DIR);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
} while (prev_auth_pae != sm->auth_pae.state ||
prev_be_auth != sm->be_auth.state ||
@@ -803,12 +803,14 @@
void eapol_sm_initialize(struct eapol_state_machine *sm)
{
+ sm->initializing = TRUE;
/* Initialize the state machines by asserting initialize and then
* deasserting it after one step */
sm->initialize = TRUE;
eapol_sm_step(sm);
sm->initialize = FALSE;
eapol_sm_step(sm);
+ sm->initializing = FALSE;
/* Start one second tick for port timers state machine */
eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm);
==== //depot/projects/wifi/contrib/hostapd/eapol_sm.h#2 (text+ko) ====
@@ -195,6 +195,8 @@
*/
u8 currentId;
+ Boolean initializing; /* in process of initializing state machines */
+
/* Somewhat nasty pointers to global hostapd and STA data to avoid
* passing these to every function */
struct hostapd_data *hapd;
==== //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#2 (text+ko) ====
@@ -12,7 +12,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.3 2005/06/13 17:07:31 sam Exp $
*/
#include <stdlib.h>
@@ -1157,6 +1157,7 @@
session_timeout_set ?
session_timeout : -1);
}
+ ieee802_1x_store_radius_class(hapd, sta, msg);
break;
case RADIUS_CODE_ACCESS_REJECT:
sm->eapFail = TRUE;
@@ -1180,7 +1181,6 @@
break;
}
- ieee802_1x_store_radius_class(hapd, sta, msg);
ieee802_1x_decapsulate_radius(hapd, sta);
if (override_eapReq)
sm->be_auth.eapReq = FALSE;
@@ -1669,6 +1669,7 @@
return len;
}
+
void ieee802_1x_finished(struct hostapd_data *hapd, struct sta_info *sta,
int success)
{
@@ -1682,4 +1683,3 @@
pmksa_cache_add(hapd, sta, key, dot11RSNAConfigPMKLifetime);
}
}
-
==== //depot/projects/wifi/contrib/hostapd/ms_funcs.c#2 (text+ko) ====
@@ -158,12 +158,14 @@
};
const unsigned char *addr[3];
const size_t len[3] = { 16, 24, sizeof(magic1) };
+ u8 hash[SHA1_MAC_LEN];
addr[0] = password_hash_hash;
addr[1] = nt_response;
addr[2] = magic1;
- sha1_vector(3, addr, len, master_key);
+ sha1_vector(3, addr, len, hash);
+ memcpy(master_key, hash, 16);
}
==== //depot/projects/wifi/contrib/hostapd/radius_client.c#2 (text+ko) ====
@@ -506,7 +506,7 @@
rconf = hapd->conf->auth_server;
}
- len = recv(sock, buf, sizeof(buf), 0);
+ len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT);
if (len < 0) {
perror("recv[RADIUS]");
return;
==== //depot/projects/wifi/contrib/hostapd/radius_server.c#2 (text+ko) ====
@@ -325,6 +325,7 @@
{
struct radius_msg *msg;
int ret = 0;
+ struct eap_hdr eapfail;
RADIUS_DEBUG("Reject invalid request from %s:%d",
inet_ntoa(from->sin_addr), ntohs(from->sin_port));
@@ -335,6 +336,16 @@
return -1;
}
+ memset(&eapfail, 0, sizeof(eapfail));
+ eapfail.code = EAP_CODE_FAILURE;
+ eapfail.identifier = 0;
+ eapfail.length = htons(sizeof(eapfail));
+
+ if (!radius_msg_add_eap(msg, (u8 *) &eapfail, sizeof(eapfail))) {
+ RADIUS_DEBUG("Failed to add EAP-Message attribute");
+ }
+
+
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
request->hdr->authenticator) < 0) {
@@ -395,6 +406,7 @@
sess = radius_server_get_new_session(data, client, msg);
if (sess == NULL) {
RADIUS_DEBUG("Could not create a new session");
+ radius_server_reject(data, client, msg, from);
return -1;
}
}
==== //depot/projects/wifi/contrib/hostapd/tls_openssl.c#2 (text+ko) ====
@@ -489,9 +489,12 @@
if (private_key == NULL)
return 0;
- passwd = strdup(private_key_passwd);
- if (passwd == NULL)
- return -1;
+ if (private_key_passwd) {
+ passwd = strdup(private_key_passwd);
+ if (passwd == NULL)
+ return -1;
+ } else
+ passwd = NULL;
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
==== //depot/projects/wifi/contrib/hostapd/version.h#2 (text+ko) ====
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.3.7"
+#define VERSION_STR "0.3.9"
#endif /* VERSION_H */
==== //depot/projects/wifi/contrib/hostapd/wpa.c#2 (text+ko) ====
@@ -12,7 +12,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.3 2005/06/13 17:07:31 sam Exp $
*/
#include <stdlib.h>
@@ -1416,6 +1416,14 @@
key = (struct wpa_eapol_key *) (hdr + 1);
key_info = ntohs(key->key_info);
key_data_length = ntohs(key->key_data_length);
+ if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
+ wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
+ "key_data overflow (%d > %lu)",
+ key_data_length,
+ (unsigned long) (data_len - sizeof(*hdr) -
+ sizeof(*key)));
+ return;
+ }
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
* are set */
==== //depot/projects/wifi/contrib/libpcap/pcap-dos.c#2 (text+ko) ====
@@ -5,7 +5,7 @@
* pcap-dos.c: Interface to PKTDRVR, NDIS2 and 32-bit pmode
* network drivers.
*
- * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1 2004/12/18 08:52:10 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1.2.1 2005/05/03 18:54:35 guy Exp $ (LBL)
*/
#include <stdio.h>
@@ -172,6 +172,7 @@
pcap->stats_op = pcap_stats_dos;
pcap->inject_op = pcap_sendpacket_dos;
pcap->setfilter_op = pcap_setfilter_dos;
+ pcap->setdirection_op = NULL; /* Not implemented.*/
pcap->fd = ++ref_count;
if (pcap->fd == 1) /* first time we're called */
==== //depot/projects/wifi/contrib/tcpdump/ipproto.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/ipproto.c,v 1.3 2004/12/15 08:41:26 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/ipproto.c,v 1.3.2.2 2005/05/20 21:15:45 hannes Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -24,8 +24,8 @@
#include <tcpdump-stdinc.h>
+#include "interface.h"
#include "ipproto.h"
-#include "interface.h"
struct tok ipproto_values[] = {
{ IPPROTO_HOPOPTS, "Options" },
@@ -51,6 +51,7 @@
{ IPPROTO_PIM, "PIM" },
{ IPPROTO_IPCOMP, "Compressed IP" },
{ IPPROTO_VRRP, "VRRP" },
+ { IPPROTO_PGM, "PGM" },
{ IPPROTO_SCTP, "SCTP" },
{ IPPROTO_MOBILITY, "Mobility" },
{ 0, NULL }
==== //depot/projects/wifi/contrib/tcpdump/pmap_prot.h#2 (text+ko) ====
@@ -1,4 +1,4 @@
-/* @(#) $Header: /tcpdump/master/tcpdump/pmap_prot.h,v 1.1 2004/12/27 00:41:30 guy Exp $ (LBL) */
+/* @(#) $Header: /tcpdump/master/tcpdump/pmap_prot.h,v 1.1.2.2 2005/04/27 21:44:06 guy Exp $ (LBL) */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
* unrestricted use provided that this legend is included on all tape
@@ -29,7 +29,7 @@
*
* from: @(#)pmap_prot.h 1.14 88/02/08 SMI
* from: @(#)pmap_prot.h 2.1 88/07/29 4.0 RPCSRC
- * $FreeBSD: src/contrib/tcpdump/pmap_prot.h,v 1.1.1.1 2005/05/29 18:16:36 sam Exp $
+ * $FreeBSD: src/contrib/tcpdump/pmap_prot.h,v 1.1.1.2 2005/07/11 03:53:37 sam Exp $
*/
/*
@@ -69,26 +69,21 @@
* The service supports remote procedure calls on udp/ip or tcp/ip socket 111.
*/
-#ifndef _RPC_PMAPPROT_H
-#define _RPC_PMAPPROT_H
+#define SUNRPC_PMAPPORT ((u_int16_t)111)
+#define SUNRPC_PMAPPROG ((u_int32_t)100000)
+#define SUNRPC_PMAPVERS ((u_int32_t)2)
+#define SUNRPC_PMAPVERS_PROTO ((u_int32_t)2)
+#define SUNRPC_PMAPVERS_ORIG ((u_int32_t)1)
+#define SUNRPC_PMAPPROC_NULL ((u_int32_t)0)
+#define SUNRPC_PMAPPROC_SET ((u_int32_t)1)
+#define SUNRPC_PMAPPROC_UNSET ((u_int32_t)2)
+#define SUNRPC_PMAPPROC_GETPORT ((u_int32_t)3)
+#define SUNRPC_PMAPPROC_DUMP ((u_int32_t)4)
+#define SUNRPC_PMAPPROC_CALLIT ((u_int32_t)5)
-#define PMAPPORT ((u_int16_t)111)
-#define PMAPPROG ((u_int32_t)100000)
-#define PMAPVERS ((u_int32_t)2)
-#define PMAPVERS_PROTO ((u_int32_t)2)
-#define PMAPVERS_ORIG ((u_int32_t)1)
-#define PMAPPROC_NULL ((u_int32_t)0)
-#define PMAPPROC_SET ((u_int32_t)1)
-#define PMAPPROC_UNSET ((u_int32_t)2)
-#define PMAPPROC_GETPORT ((u_int32_t)3)
-#define PMAPPROC_DUMP ((u_int32_t)4)
-#define PMAPPROC_CALLIT ((u_int32_t)5)
-
-struct pmap {
+struct sunrpc_pmap {
u_int32_t pm_prog;
u_int32_t pm_vers;
u_int32_t pm_prot;
u_int32_t pm_port;
};
-
-#endif /* !_RPC_PMAPPROT_H */
==== //depot/projects/wifi/contrib/tcpdump/print-eigrp.c#2 (text+ko) ====
@@ -16,7 +16,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-eigrp.c,v 1.5 2004/05/12 22:22:40 hannes Exp $";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-eigrp.c,v 1.5.2.2 2005/05/06 02:53:41 guy Exp $";
#endif
#ifdef HAVE_CONFIG_H
@@ -216,7 +216,7 @@
const struct eigrp_common_header *eigrp_com_header;
const struct eigrp_tlv_header *eigrp_tlv_header;
const u_char *tptr,*tlv_tptr;
- int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen,byte_length, bit_length;
+ u_int tlen,eigrp_tlv_len,eigrp_tlv_type,tlv_tlen, byte_length, bit_length;
u_int8_t prefix[4];
union {
@@ -271,15 +271,15 @@
while(tlen>0) {
/* did we capture enough for fully decoding the object header ? */
- if (!TTEST2(*tptr, sizeof(struct eigrp_tlv_header)))
- goto trunc;
+ TCHECK2(*tptr, sizeof(struct eigrp_tlv_header));
eigrp_tlv_header = (const struct eigrp_tlv_header *)tptr;
eigrp_tlv_len=EXTRACT_16BITS(&eigrp_tlv_header->length);
eigrp_tlv_type=EXTRACT_16BITS(&eigrp_tlv_header->type);
- if (eigrp_tlv_len == 0 || eigrp_tlv_len > tlen) {
+ if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header) ||
+ eigrp_tlv_len > tlen) {
print_unknown_data(tptr+sizeof(sizeof(struct eigrp_tlv_header)),"\n\t ",tlen);
return;
}
@@ -295,8 +295,7 @@
tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header);
/* did we capture enough for fully decoding the object ? */
- if (!TTEST2(*tptr, eigrp_tlv_len))
- goto trunc;
+ TCHECK2(*tptr, eigrp_tlv_len);
switch(eigrp_tlv_type) {
@@ -326,7 +325,7 @@
tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr;
bit_length = tlv_ptr.eigrp_tlv_ip_int->plen;
- if (bit_length < 0 || bit_length > 32) {
+ if (bit_length > 32) {
printf("\n\t illegal prefix length %u",bit_length);
break;
}
@@ -340,7 +339,7 @@
if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop) == 0)
printf("self");
else
- printf("%s",ipaddr_string(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->nexthop)));
+ printf("%s",ipaddr_string(&tlv_ptr.eigrp_tlv_ip_int->nexthop));
printf("\n\t delay %u ms, bandwidth %u Kbps, mtu %u, hop %u, reliability %u, load %u",
(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_int->delay)/100),
@@ -355,7 +354,7 @@
tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr;
bit_length = tlv_ptr.eigrp_tlv_ip_ext->plen;
- if (bit_length < 0 || bit_length > 32) {
+ if (bit_length > 32) {
printf("\n\t illegal prefix length %u",bit_length);
break;
}
@@ -369,7 +368,7 @@
if (EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop) == 0)
printf("self");
else
- printf("%s",ipaddr_string(EXTRACT_32BITS(&tlv_ptr.eigrp_tlv_ip_ext->nexthop)));
+ printf("%s",ipaddr_string(&tlv_ptr.eigrp_tlv_ip_ext->nexthop));
printf("\n\t origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u",
ipaddr_string(tlv_ptr.eigrp_tlv_ip_ext->origin_router),
==== //depot/projects/wifi/contrib/tcpdump/print-juniper.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-juniper.c,v 1.8 2005/04/06 21:32:41 mcr Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-juniper.c,v 1.8.2.13 2005/06/20 07:45:05 hannes Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -28,131 +28,476 @@
#include <stdio.h>
#include "interface.h"
+#include "addrtoname.h"
#include "extract.h"
#include "ppp.h"
#include "llc.h"
#include "nlpid.h"
+#include "ethertype.h"
+#include "atm.h"
#define JUNIPER_BPF_OUT 0 /* Outgoing packet */
#define JUNIPER_BPF_IN 1 /* Incoming packet */
#define JUNIPER_BPF_PKT_IN 0x1 /* Incoming packet */
#define JUNIPER_BPF_NO_L2 0x2 /* L2 header stripped */
+#define JUNIPER_MGC_NUMBER 0x4d4743 /* = "MGC" */
+
+#define JUNIPER_LSQ_L3_PROTO_SHIFT 4
+#define JUNIPER_LSQ_L3_PROTO_MASK (0x17 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_IPV4 (0 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_IPV6 (1 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_MPLS (2 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+#define JUNIPER_LSQ_L3_PROTO_ISO (3 << JUNIPER_LSQ_L3_PROTO_SHIFT)
+
+#define JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE 1
+#define JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE 2
+#define JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE 3
+#define JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE 4
+#define JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE 5
+
+static struct tok juniper_ipsec_type_values[] = {
+ { JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE, "ESP ENCR-AUTH" },
+ { JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE, "ESP ENCR-AH AUTH" },
+ { JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE, "ESP AUTH" },
+ { JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE, "AH AUTH" },
+ { JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE, "ESP ENCR" },
+ { 0, NULL}
+};
+
+static struct tok juniper_direction_values[] = {
+ { JUNIPER_BPF_IN, "In"},
+ { JUNIPER_BPF_OUT, "Out"},
+ { 0, NULL}
+};
+
+struct juniper_cookie_table_t {
+ u_int32_t pictype; /* pic type */
+ u_int8_t cookie_len; /* cookie len */
+ const char *s; /* pic name */
+};
+
+static struct juniper_cookie_table_t juniper_cookie_table[] = {
+#ifdef DLT_JUNIPER_ATM1
+ { DLT_JUNIPER_ATM1, 4, "ATM1"},
+#endif
+#ifdef DLT_JUNIPER_ATM2
+ { DLT_JUNIPER_ATM2, 8, "ATM2"},
+#endif
+#ifdef DLT_JUNIPER_MLPPP
+ { DLT_JUNIPER_MLPPP, 2, "MLPPP"},
+#endif
+#ifdef DLT_JUNIPER_MLFR
+ { DLT_JUNIPER_MLFR, 2, "MLFR"},
+#endif
+#ifdef DLT_JUNIPER_MFR
+ { DLT_JUNIPER_MFR, 4, "MFR"},
+#endif
+#ifdef DLT_JUNIPER_PPPOE
+ { DLT_JUNIPER_PPPOE, 0, "PPPoE"},
+#endif
+#ifdef DLT_JUNIPER_PPPOE_ATM
+ { DLT_JUNIPER_PPPOE_ATM, 0, "PPPoE ATM"},
+#endif
+#ifdef DLT_JUNIPER_GGSN
+ { DLT_JUNIPER_GGSN, 8, "GGSN"},
+#endif
+#ifdef DLT_JUNIPER_MONITOR
+ { DLT_JUNIPER_MONITOR, 8, "MONITOR"},
+#endif
+#ifdef DLT_JUNIPER_SERVICES
+ { DLT_JUNIPER_SERVICES, 8, "AS"},
+#endif
+#ifdef DLT_JUNIPER_ES
+ { DLT_JUNIPER_ES, 0, "ES"},
+#endif
+ { 0, 0, NULL }
+};
+struct juniper_l2info_t {
+ u_int32_t length;
+ u_int32_t caplen;
+ u_int32_t pictype;
+ u_int8_t direction;
+ u_int8_t header_len;
+ u_int8_t cookie_len;
+ u_int8_t cookie_type;
+ u_int8_t cookie[8];
+ u_int8_t bundle;
+ u_int16_t proto;
+};
+
#define LS_COOKIE_ID 0x54
-#define LS_MLFR_LEN 4
-#define ML_MLFR_LEN 2
+#define AS_COOKIE_ID 0x47
+#define LS_MLFR_COOKIE_LEN 4
+#define ML_MLFR_COOKIE_LEN 2
+#define LS_MFR_COOKIE_LEN 6
+#define ATM1_COOKIE_LEN 4
+#define ATM2_COOKIE_LEN 8
#define ATM2_PKT_TYPE_MASK 0x70
#define ATM2_GAP_COUNT_MASK 0x3F
+#define JUNIPER_PROTO_NULL 1
+#define JUNIPER_PROTO_IPV4 2
+#define JUNIPER_PROTO_IPV6 6
+
+static struct tok juniper_protocol_values[] = {
+ { JUNIPER_PROTO_NULL, "Null" },
+ { JUNIPER_PROTO_IPV4, "IPv4" },
+ { JUNIPER_PROTO_IPV6, "IPv6" },
+ { 0, NULL}
+};
+
int ip_heuristic_guess(register const u_char *, u_int);
int juniper_ppp_heuristic_guess(register const u_char *, u_int);
-static int juniper_parse_header (const u_char *, u_int8_t *, u_int);
+static int juniper_parse_header (const u_char *, const struct pcap_pkthdr *, struct juniper_l2info_t *);
+
+#ifdef DLT_JUNIPER_GGSN
+u_int
+juniper_ggsn_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+ struct juniper_l2info_t l2info;
+ struct juniper_ggsn_header {
+ u_int8_t svc_id;
+ u_int8_t flags_len;
+ u_int8_t proto;
+ u_int8_t flags;
+ u_int8_t vlan_id[2];
+ u_int8_t res[2];
+ };
+ const struct juniper_ggsn_header *gh;
+
+ l2info.pictype = DLT_JUNIPER_GGSN;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
+
+ p+=l2info.header_len;
+ gh = (struct juniper_ggsn_header *)p;
+
+ if (eflag)
+ printf("proto %s (%u), vlan %u: ",
+ tok2str(juniper_protocol_values,"Unknown",gh->proto),
+ gh->proto,
+ EXTRACT_16BITS(&gh->vlan_id[0]));
+
+ switch (gh->proto) {
+ case JUNIPER_PROTO_IPV4:
+ ip_print(gndo, p, l2info.length);
+ break;
+#ifdef INET6
+ case JUNIPER_PROTO_IPV6:
+ ip6_print(p, l2info.length);
+ break;
+#endif /* INET6 */
+ default:
+ if (!eflag)
+ printf("unknown GGSN proto (%u)", gh->proto);
+ }
+
+ return l2info.header_len;
+}
+#endif
+#ifdef DLT_JUNIPER_ES
u_int
-juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p)
+juniper_es_print(const struct pcap_pkthdr *h, register const u_char *p)
{
- register u_int length = h->len;
- register u_int caplen = h->caplen;
- u_int8_t direction,bundle,cookie_len;
- u_int32_t cookie,proto;
-
- if(juniper_parse_header(p, &direction,length) == 0)
- return 0;
+ struct juniper_l2info_t l2info;
+ struct juniper_ipsec_header {
+ u_int8_t sa_index[2];
+ u_int8_t ttl;
+ u_int8_t type;
+ u_int8_t spi[4];
+ u_int8_t src_ip[4];
+ u_int8_t dst_ip[4];
+ };
+ u_int rewrite_len,es_type_bundle;
+ const struct juniper_ipsec_header *ih;
+
+ l2info.pictype = DLT_JUNIPER_ES;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
+
+ p+=l2info.header_len;
+ ih = (struct juniper_ipsec_header *)p;
+
+ switch (ih->type) {
+ case JUNIPER_IPSEC_O_ESP_ENCRYPT_ESP_AUTHEN_TYPE:
+ case JUNIPER_IPSEC_O_ESP_ENCRYPT_AH_AUTHEN_TYPE:
+ rewrite_len = 0;
+ es_type_bundle = 1;
+ break;
+ case JUNIPER_IPSEC_O_ESP_AUTHENTICATION_TYPE:
+ case JUNIPER_IPSEC_O_AH_AUTHENTICATION_TYPE:
+ case JUNIPER_IPSEC_O_ESP_ENCRYPTION_TYPE:
+ rewrite_len = 16;
+ es_type_bundle = 0;
+ default:
+ printf("ES Invalid type %u, length %u",
+ ih->type,
+ l2info.length);
+ return l2info.header_len;
+ }
- p+=4;
- length-=4;
- caplen-=4;
+ l2info.length-=rewrite_len;
+ p+=rewrite_len;
- if (p[0] == LS_COOKIE_ID) {
- cookie=EXTRACT_32BITS(p);
- if (eflag) printf("LSPIC-MLPPP cookie 0x%08x, ",cookie);
- cookie_len = LS_MLFR_LEN;
- bundle = cookie & 0xff;
- } else {
- cookie=EXTRACT_16BITS(p);
- if (eflag) printf("MLPIC-MLPPP cookie 0x%04x, ",cookie);
- cookie_len = ML_MLFR_LEN;
- bundle = (cookie >> 8) & 0xff;
+ if (eflag) {
+ if (!es_type_bundle) {
+ printf("ES SA, index %u, ttl %u type %s (%u), spi %u, Tunnel %s > %s, length %u\n",
+ EXTRACT_16BITS(&ih->sa_index),
+ ih->ttl,
+ tok2str(juniper_ipsec_type_values,"Unknown",ih->type),
+ ih->type,
+ EXTRACT_32BITS(&ih->spi),
+ ipaddr_string(EXTRACT_32BITS(&ih->src_ip)),
+ ipaddr_string(EXTRACT_32BITS(&ih->dst_ip)),
+ l2info.length);
+ } else {
+ printf("ES SA, index %u, ttl %u type %s (%u), length %u\n",
+ EXTRACT_16BITS(&ih->sa_index),
+ ih->ttl,
+ tok2str(juniper_ipsec_type_values,"Unknown",ih->type),
+ ih->type,
+ l2info.length);
+ }
}
- proto = EXTRACT_16BITS(p+cookie_len);
- p += cookie_len;
- length-= cookie_len;
- caplen-= cookie_len;
+ ip_print(gndo, p, l2info.length);
+ return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_MONITOR
+u_int
+juniper_monitor_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+ struct juniper_l2info_t l2info;
+ struct juniper_monitor_header {
+ u_int8_t pkt_type;
+ u_int8_t padding;
+ u_int8_t iif[2];
+ u_int8_t service_id[4];
+ };
+ const struct juniper_monitor_header *mh;
+
+ l2info.pictype = DLT_JUNIPER_MONITOR;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
+
+ p+=l2info.header_len;
+ mh = (struct juniper_monitor_header *)p;
+
+ if (eflag)
+ printf("service-id %u, iif %u, pkt-type %u: ",
+ EXTRACT_32BITS(&mh->service_id),
+ EXTRACT_16BITS(&mh->iif),
+ mh->pkt_type);
+
+ /* no proto field - lets guess by first byte of IP header*/
+ ip_heuristic_guess(p, l2info.length);
+
+ return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_SERVICES
+u_int
+juniper_services_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+ struct juniper_l2info_t l2info;
+ struct juniper_services_header {
+ u_int8_t svc_id;
+ u_int8_t flags_len;
+ u_int8_t svc_set_id[2];
+ u_int8_t dir_iif[4];
+ };
+ const struct juniper_services_header *sh;
+
+ l2info.pictype = DLT_JUNIPER_SERVICES;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
+
+ p+=l2info.header_len;
+ sh = (struct juniper_services_header *)p;
+
+ if (eflag)
+ printf("service-id %u flags 0x%02x service-set-id 0x%04x iif %u: ",
+ sh->svc_id,
+ sh->flags_len,
+ EXTRACT_16BITS(&sh->svc_set_id),
+ EXTRACT_24BITS(&sh->dir_iif[1]));
+
+ /* no proto field - lets guess by first byte of IP header*/
+ ip_heuristic_guess(p, l2info.length);
+
+ return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_PPPOE
+u_int
+juniper_pppoe_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+ struct juniper_l2info_t l2info;
+
+ l2info.pictype = DLT_JUNIPER_PPPOE;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
+
+ p+=l2info.header_len;
+ /* this DLT contains nothing but raw ethernet frames */
+ ether_print(p, l2info.length, l2info.caplen);
+ return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_PPPOE_ATM
+u_int
+juniper_pppoe_atm_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+ struct juniper_l2info_t l2info;
+ u_int16_t extracted_ethertype;
+
+ l2info.pictype = DLT_JUNIPER_PPPOE_ATM;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
+
+ p+=l2info.header_len;
+
+ extracted_ethertype = EXTRACT_16BITS(p);
+ /* this DLT contains nothing but raw PPPoE frames,
+ * prepended with a type field*/
+ if (ether_encap_print(extracted_ethertype,
+ p+ETHERTYPE_LEN,
+ l2info.length-ETHERTYPE_LEN,
+ l2info.caplen-ETHERTYPE_LEN,
+ &extracted_ethertype) == 0)
+ /* ether_type not known, probably it wasn't one */
+ printf("unknown ethertype 0x%04x", extracted_ethertype);
+
+ return l2info.header_len;
+}
+#endif
+
+#ifdef DLT_JUNIPER_MLPPP
+u_int
+juniper_mlppp_print(const struct pcap_pkthdr *h, register const u_char *p)
+{
+ struct juniper_l2info_t l2info;
+
+ l2info.pictype = DLT_JUNIPER_MLPPP;
+ if(juniper_parse_header(p, h, &l2info) == 0)
+ return l2info.header_len;
/* suppress Bundle-ID if frame was captured on a child-link
- * this may be the case if the cookie looks like a proto */
+ * best indicator if the cookie looks like a proto */
if (eflag &&
- cookie != PPP_OSI &&
- cookie != (PPP_ADDRESS << 8 | PPP_CONTROL))
- printf("Bundle-ID %u, ",bundle);
+ EXTRACT_16BITS(&l2info.cookie) != PPP_OSI &&
+ EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL))
+ printf("Bundle-ID %u: ",l2info.bundle);
+
+ p+=l2info.header_len;
+
+ /* first try the LSQ protos */
+ switch(l2info.proto) {
+ case JUNIPER_LSQ_L3_PROTO_IPV4:
+ ip_print(gndo, p, l2info.length);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list