rpms/tcpdump/devel tcpdump-3.9.8-ikev2.patch, NONE, 1.1 tcpdump.spec, 1.67, 1.68 tcpdump-3.9.7-ikev2.patch, 1.1, NONE
Miroslav Lichvar (mlichvar)
fedora-extras-commits at redhat.com
Thu Dec 6 15:32:17 UTC 2007
Author: mlichvar
Update of /cvs/pkgs/rpms/tcpdump/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22593
Modified Files:
tcpdump.spec
Added Files:
tcpdump-3.9.8-ikev2.patch
Removed Files:
tcpdump-3.9.7-ikev2.patch
Log Message:
- update IKEv2 support
tcpdump-3.9.8-ikev2.patch:
--- NEW FILE tcpdump-3.9.8-ikev2.patch ---
Index: tcpdump/print-isakmp.c
===================================================================
RCS file: /tcpdump/master/tcpdump/print-isakmp.c,v
retrieving revision 1.51
retrieving revision 1.59
diff -u -r1.51 -r1.59
--- tcpdump/print-isakmp.c 7 Apr 2005 00:28:17 -0000 1.51
+++ tcpdump/print-isakmp.c 27 Nov 2007 03:57:20 -0000 1.59
@@ -30,9 +30,10 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.51 2005/04/07 00:28:17 mcr Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.59 2007/11/27 03:57:20 mcr Exp $ (LBL)";
#endif
+#define NETDISSECT_REWORKED
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
@@ -59,39 +60,75 @@
#define sockaddr_storage sockaddr
#endif
-static const u_char *isakmp_sa_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_p_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_t_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_ke_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_id_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_cert_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_cr_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_sig_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_hash_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_nonce_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_n_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_d_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_vid_print(const struct isakmp_gen *,
- u_int, const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_sub0_print(u_char, const struct isakmp_gen *,
+#define DECLARE_PRINTER(func) static const u_char *ike##func##_print( \
+ netdissect_options *ndo, u_char tpay, \
+ const struct isakmp_gen *ext, \
+ u_int item_len, \
+ const u_char *end_pointer, \
+ u_int32_t phase,\
+ u_int32_t doi0, \
+ u_int32_t proto0, int depth)
+
+DECLARE_PRINTER(v1_sa);
+DECLARE_PRINTER(v1_p);
+DECLARE_PRINTER(v1_t);
+DECLARE_PRINTER(v1_ke);
+DECLARE_PRINTER(v1_id);
+DECLARE_PRINTER(v1_cert);
+DECLARE_PRINTER(v1_cr);
+DECLARE_PRINTER(v1_sig);
+DECLARE_PRINTER(v1_hash);
+DECLARE_PRINTER(v1_nonce);
+DECLARE_PRINTER(v1_n);
+DECLARE_PRINTER(v1_d);
+DECLARE_PRINTER(v1_vid);
+
+DECLARE_PRINTER(v2_sa);
+DECLARE_PRINTER(v2_ke);
+DECLARE_PRINTER(v2_ID);
+DECLARE_PRINTER(v2_cert);
+DECLARE_PRINTER(v2_cr);
+DECLARE_PRINTER(v2_auth);
+DECLARE_PRINTER(v2_nonce);
+DECLARE_PRINTER(v2_n);
+DECLARE_PRINTER(v2_d);
+DECLARE_PRINTER(v2_vid);
+DECLARE_PRINTER(v2_TS);
+DECLARE_PRINTER(v2_cp);
+DECLARE_PRINTER(v2_eap);
+
+static const u_char *ikev2_e_print(netdissect_options *ndo,
+ struct isakmp *base,
+ u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len,
+ const u_char *end_pointer,
+ u_int32_t phase,
+ u_int32_t doi0,
+ u_int32_t proto0, int depth);
+
+
+static const u_char *ike_sub0_print(netdissect_options *ndo,u_char, const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
-static const u_char *isakmp_sub_print(u_char, const struct isakmp_gen *,
+static const u_char *ikev1_sub_print(netdissect_options *ndo,u_char, const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+
+static const u_char *ikev2_sub_print(netdissect_options *ndo,
+ struct isakmp *base,
+ u_char np, const struct isakmp_gen *ext,
+ const u_char *ep, u_int32_t phase,
+ u_int32_t doi, u_int32_t proto,
+ int depth);
+
+
static char *numstr(int);
static void safememcpy(void *, const void *, size_t);
+static void
+ikev1_print(netdissect_options *ndo,
+ const u_char *bp, u_int length,
+ const u_char *bp2, struct isakmp *base);
+
#define MAXINITIATORS 20
int ninitiator = 0;
struct {
@@ -107,36 +144,73 @@
/* isakmp->np */
static const char *npstr[] = {
- "none", "sa", "p", "t", "ke", "id", "cert", "cr", "hash",
- "sig", "nonce", "n", "d", "vid"
+ "none", "sa", "p", "t", "ke", "id", "cert", "cr", "hash", /* 0 - 8 */
+ "sig", "nonce", "n", "d", "vid", /* 9 - 13 */
+ "pay14", "pay15", "pay16", "pay17", "pay18", /* 14- 18 */
+ "pay19", "pay20", "pay21", "pay22", "pay23", /* 19- 23 */
+ "pay24", "pay25", "pay26", "pay27", "pay28", /* 24- 28 */
+ "pay29", "pay30", "pay31", "pay32", /* 29- 32 */
+ "v2sa", "v2ke", "v2IDi", "v2IDr", "v2cert",/* 33- 37 */
+ "v2cr", "v2auth","v2nonce", "v2n", "v2d", /* 38- 42 */
+ "v2vid", "v2TSi", "v2TSr", "v2e", "v2cp", /* 43- 47 */
+ "v2eap", /* 48 */
+
};
/* isakmp->np */
-static const u_char *(*npfunc[])(const struct isakmp_gen *, u_int,
- const u_char *, u_int32_t, u_int32_t, u_int32_t, int) = {
+static const u_char *(*npfunc[])(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len,
+ const u_char *end_pointer,
+ u_int32_t phase,
+ u_int32_t doi0,
+ u_int32_t proto0, int depth) = {
NULL,
- isakmp_sa_print,
- isakmp_p_print,
- isakmp_t_print,
- isakmp_ke_print,
- isakmp_id_print,
- isakmp_cert_print,
- isakmp_cr_print,
- isakmp_hash_print,
- isakmp_sig_print,
- isakmp_nonce_print,
- isakmp_n_print,
- isakmp_d_print,
- isakmp_vid_print,
+ ikev1_sa_print,
+ ikev1_p_print,
+ ikev1_t_print,
+ ikev1_ke_print,
+ ikev1_id_print,
+ ikev1_cert_print,
+ ikev1_cr_print,
+ ikev1_hash_print,
+ ikev1_sig_print,
+ ikev1_nonce_print,
+ ikev1_n_print,
+ ikev1_d_print,
+ ikev1_vid_print, /* 13 */
+ NULL, NULL, NULL, NULL, NULL, /* 14- 18 */
+ NULL, NULL, NULL, NULL, NULL, /* 19- 23 */
+ NULL, NULL, NULL, NULL, NULL, /* 24- 28 */
+ NULL, NULL, NULL, NULL, /* 29- 32 */
+ ikev2_sa_print, /* 33 */
+ ikev2_ke_print, /* 34 */
+ ikev2_ID_print, /* 35 */
+ ikev2_ID_print, /* 36 */
+ ikev2_cert_print, /* 37 */
+ ikev2_cr_print, /* 38 */
+ ikev2_auth_print, /* 39 */
+ ikev2_nonce_print, /* 40 */
+ ikev2_n_print, /* 41 */
+ ikev2_d_print, /* 42 */
+ ikev2_vid_print, /* 43 */
+ ikev2_TS_print, /* 44 */
+ ikev2_TS_print, /* 45 */
+ NULL, /* ikev2_e_print,*/ /* 46 - special */
+ ikev2_cp_print, /* 47 */
[...3136 lines suppressed...]
- (*ndo->ndo_warning)(ndo, "print_esp: can not decode IP# %s\n", spikey);
- return;
- }
+ sin->sin_family = AF_INET;
+ } else {
+ (*ndo->ndo_warning)(ndo, "print_esp: can not decode IP# %s\n", spikey);
+ return;
+ }
}
if (decode) {
- char *colon, *p;
- u_char espsecret_key[256];
- int len;
- size_t i;
- const EVP_CIPHER *evp;
- int authlen = 0;
-
/* skip any blank spaces */
while (isspace((unsigned char)*decode))
decode++;
-
- colon = strchr(decode, ':');
- if (colon == NULL) {
- (*ndo->ndo_warning)(ndo, "failed to decode espsecret: %s\n", decode);
+
+ if(!espprint_decode_encalgo(ndo, decode, &sa1)) {
return;
}
- *colon = '\0';
-
- len = colon - decode;
- if (strlen(decode) > strlen("-hmac96") &&
- !strcmp(decode + strlen(decode) - strlen("-hmac96"),
- "-hmac96")) {
- p = strstr(decode, "-hmac96");
- *p = '\0';
- authlen = 12;
- }
- if (strlen(decode) > strlen("-cbc") &&
- !strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) {
- p = strstr(decode, "-cbc");
- *p = '\0';
- }
- evp = EVP_get_cipherbyname(decode);
- if (!evp) {
- (*ndo->ndo_warning)(ndo, "failed to find cipher algo %s\n", decode);
- sa1.evp = NULL;
- sa1.authlen = 0;
- sa1.ivlen = 0;
- return;
- }
-
- sa1.evp = evp;
- sa1.authlen = authlen;
- sa1.ivlen = EVP_CIPHER_iv_length(evp);
-
- colon++;
- if (colon[0] == '0' && colon[1] == 'x') {
- /* decode some hex! */
- colon += 2;
- len = strlen(colon) / 2;
-
- if (len > 256) {
- (*ndo->ndo_warning)(ndo, "secret is too big: %d\n", len);
- return;
- }
-
- i = 0;
- while (colon[0] != '\0' && colon[1]!='\0') {
- espsecret_key[i] = hex2byte(ndo, colon);
- colon += 2;
- i++;
- }
-
- memcpy(sa1.secret, espsecret_key, i);
- sa1.secretlen = i;
- } else {
- i = strlen(colon);
-
- if (i < sizeof(sa1.secret)) {
- memcpy(sa1.secret, colon, i);
- sa1.secretlen = i;
- } else {
- memcpy(sa1.secret, colon, sizeof(sa1.secret));
- sa1.secretlen = sizeof(sa1.secret);
- }
- }
}
esp_print_addsa(ndo, &sa1, sa_def);
}
-static void esp_print_decodesecret(netdissect_options *ndo)
+static void esp_init(netdissect_options *ndo _U_)
+{
+
+ OpenSSL_add_all_algorithms();
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "3des");
+}
+
+void esp_print_decodesecret(netdissect_options *ndo)
{
char *line;
char *p;
+ static int initialized = 0;
+
+ if (!initialized) {
+ esp_init(ndo);
+ initialized = 1;
+ }
p = ndo->ndo_espsecret;
- while (ndo->ndo_espsecret && ndo->ndo_espsecret[0] != '\0') {
+ while (p && p[0] != '\0') {
/* pick out the first line or first thing until a comma */
- if ((line = strsep(&ndo->ndo_espsecret, "\n,")) == NULL) {
- line = ndo->ndo_espsecret;
- ndo->ndo_espsecret = NULL;
+ if ((line = strsep(&p, "\n,")) == NULL) {
+ line = p;
+ p = NULL;
}
- esp_print_decode_onesecret(ndo, line);
+ esp_print_decode_onesecret(ndo, line, "cmdline", 0);
}
-}
-static void esp_init(netdissect_options *ndo _U_)
-{
-
- OpenSSL_add_all_algorithms();
- EVP_add_cipher_alias(SN_des_ede3_cbc, "3des");
+ ndo->ndo_espsecret = NULL;
}
+
#endif
int
@@ -359,7 +546,6 @@
u_char *p;
EVP_CIPHER_CTX ctx;
int blocksz;
- static int initialized = 0;
#endif
esp = (struct newesp *)bp;
@@ -367,11 +553,6 @@
#ifdef HAVE_LIBCRYPTO
secret = NULL;
advance = 0;
-
- if (!initialized) {
- esp_init(ndo);
- initialized = 1;
- }
#endif
#if 0
--- tcpdump/print-esp.c.leak 2007-12-05 12:58:45.000000000 +0100
+++ tcpdump/print-esp.c 2007-12-05 12:30:47.000000000 +0100
@@ -128,6 +128,7 @@ int esp_print_decrypt_buffer_by_ikev2(ne
(*ndo->ndo_warning)(ndo, "espkey init failed");
EVP_CipherInit(&ctx, NULL, NULL, iv, 0);
EVP_Cipher(&ctx, buf, buf, len);
+ EVP_CIPHER_CTX_cleanup(&ctx);
ndo->ndo_packetp = buf;
ndo->ndo_snapend = end;
@@ -662,6 +663,7 @@ esp_print(netdissect_options *ndo,
p = ivoff;
EVP_CipherInit(&ctx, NULL, NULL, p, 0);
EVP_Cipher(&ctx, p + ivlen, p + ivlen, ep - (p + ivlen));
+ EVP_CIPHER_CTX_cleanup(&ctx);
advance = ivoff - (u_char *)esp + ivlen;
} else
advance = sizeof(struct newesp);
Index: tcpdump/interface.h
===================================================================
RCS file: /tcpdump/master/tcpdump/interface.h,v
retrieving revision 1.278
retrieving revision 1.279
diff -u -r1.278 -r1.279
--- tcpdump/interface.h 8 Aug 2007 17:20:58 -0000 1.278
+++ tcpdump/interface.h 29 Aug 2007 12:31:00 -0000 1.279
@@ -356,6 +356,7 @@
/* forward compatibility */
+#ifndef NETDISSECT_REWORKED
extern netdissect_options *gndo;
#define eflag gndo->ndo_eflag
@@ -389,3 +390,4 @@
#define snaplen gndo->ndo_snaplen
#define snapend gndo->ndo_snapend
+#endif
Index: tcpdump.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/devel/tcpdump.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- tcpdump.spec 6 Dec 2007 15:00:26 -0000 1.67
+++ tcpdump.spec 6 Dec 2007 15:31:44 -0000 1.68
@@ -2,7 +2,7 @@
Name: tcpdump
Epoch: 14
Version: 3.9.8
-Release: 2%{?dist}
+Release: 3%{?dist}
License: BSD with advertising
URL: http://www.tcpdump.org
Group: Applications/Internet
@@ -15,7 +15,7 @@
Patch1: tcpdump-3.9.7-droproot.patch
Patch2: tcpdump-3.6.1-portnumbers.patch
Patch3: tcpdump-3.9.7-crypto.patch
-Patch4: tcpdump-3.9.7-ikev2.patch
+Patch4: tcpdump-3.9.8-ikev2.patch
Patch5: tcpslice-1.2a3-time.patch
Patch6: tcpslice-CVS.20010207-bpf.patch
Patch7: tcpdump-3.9.8-gethostby.patch
@@ -63,7 +63,7 @@
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
-pushd %tcpslice_dir
+pushd %{tcpslice_dir}
install -m755 tcpslice ${RPM_BUILD_ROOT}%{_sbindir}
install -m644 tcpslice.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpslice.8
popd
@@ -93,6 +93,9 @@
%{_mandir}/man8/tcpdump.8*
%changelog
+* Thu Dec 06 2007 Miroslav Lichvar <mlichvar at redhat.com> - 14:3.9.8-3
+- update IKEv2 support
+
* Thu Dec 6 2007 Jeremy Katz <katzj at redhat.com> - 14:3.9.8-2
- rebuild for new openssl
--- tcpdump-3.9.7-ikev2.patch DELETED ---
More information about the fedora-extras-commits
mailing list