From: Guy Harris Date: Thu, 28 May 2020 00:01:23 +0000 (-0700) Subject: Merge branch 'master' into macsec X-Git-Tag: tcpdump-4.99-bp~359^2~15 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/7885cfa165458a05ef818c34ee03affc79f03725 Merge branch 'master' into macsec --- 7885cfa165458a05ef818c34ee03affc79f03725 diff --cc Makefile.in index 4bec2139,8ee0027f..85854af8 --- a/Makefile.in +++ b/Makefile.in @@@ -164,8 -173,6 +173,7 @@@ LIBNETDISSECT_SRC= print-lwapp.c \ print-lwres.c \ print-m3ua.c \ + print-macsec.c \ - print-medsa.c \ print-mobile.c \ print-mobility.c \ print-mpcp.c \ diff --cc netdissect.h index ad4182a3,1e84d5ff..88055b4a --- a/netdissect.h +++ b/netdissect.h @@@ -547,11 -628,7 +628,10 @@@ extern void lwapp_control_print(netdiss extern void lwapp_data_print(netdissect_options *, const u_char *, u_int); extern void lwres_print(netdissect_options *, const u_char *, u_int); extern void m3ua_print(netdissect_options *, const u_char *, const u_int); +extern int macsec_print(netdissect_options *, const u_char **, + u_int *, u_int *, u_int *, + u_short *); - extern void medsa_print(netdissect_options *, const u_char *, u_int, u_int, const struct lladdr_info *, const struct lladdr_info *); - extern u_int mfr_print(netdissect_options *, register const u_char *, u_int); + extern u_int mfr_print(netdissect_options *, const u_char *, u_int); extern void mobile_print(netdissect_options *, const u_char *, u_int); extern int mobility_print(netdissect_options *, const u_char *, const u_char *); extern void mpcp_print(netdissect_options *, const u_char *, u_int); diff --cc print-ether.c index 3b1ef34e,299c2013..c7ee8687 --- a/print-ether.c +++ b/print-ether.c @@@ -152,44 -157,62 +158,75 @@@ ether_common_print(netdissect_options * return (length); } - if (ndo->ndo_eflag) { - if (print_encap_header != NULL) - (*print_encap_header)(ndo, encap_header_arg); - ether_hdr_print(ndo, p, length); - } - orig_length = length; + if (print_encap_header != NULL) + (*print_encap_header)(ndo, encap_header_arg); - length -= ETHER_HDRLEN; - caplen -= ETHER_HDRLEN; - ep = (const struct ether_header *)p; - p += ETHER_HDRLEN; - hdrlen = ETHER_HDRLEN; + orig_length = length; - src.addr = ESRC(ep); + /* + * Get the source and destination addresses, skip past them, + * and print them if we're printing the link-layer header. + */ + ehp = (const struct ether_header *)p; + src.addr = ehp->ether_shost; src.addr_string = etheraddr_string; - dst.addr = EDST(ep); + dst.addr = ehp->ether_dhost; dst.addr_string = etheraddr_string; - length_type = EXTRACT_16BITS(&ep->ether_length_type); + length -= 2*MAC_ADDR_LEN; + caplen -= 2*MAC_ADDR_LEN; + p += 2*MAC_ADDR_LEN; + hdrlen = 2*MAC_ADDR_LEN; + + if (ndo->ndo_eflag) + ether_addresses_print(ndo, src.addr, dst.addr); + + /* + * Print the switch tag, if we have one, and skip past it. + */ + if (print_switch_tag != NULL) + (*print_switch_tag)(ndo, p); + + length -= switch_tag_len; + caplen -= switch_tag_len; + p += switch_tag_len; + hdrlen += switch_tag_len; + + /* + * Get the length/type field, skip past it, and print it + * if we're printing the link-layer header. + */ recurse: + length_type = GET_BE_U_2(p); + + length -= 2; + caplen -= 2; + p += 2; + hdrlen += 2; + ++ if (length_type == ETHERTYPE_MACSEC) { ++ /* ++ * MACsec, aka IEEE 802.1AE-2006 ++ * Print the header, and try to print the payload if it's not encrypted ++ */ ++ int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen, &length_type); ++ ++ if (ret == 0) ++ goto raw; ++ else if (ret > 0) ++ return ret; ++ } ++ /* - * Is it (gag) an 802.3 encapsulation? + * Process VLAN tag types. */ - if (length_type <= ETHERMTU) { - /* Try to print the LLC-layer header & higher layers */ - llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst); - if (llc_hdrlen < 0) { - /* packet type not known, print raw packet */ - if (!ndo->ndo_suppress_default_print) - ND_DEFAULTPRINT(p, caplen); - llc_hdrlen = -llc_hdrlen; - } - hdrlen += llc_hdrlen; - } else if (length_type == ETHERTYPE_8021Q || - length_type == ETHERTYPE_8021Q9100 || - length_type == ETHERTYPE_8021Q9200 || - length_type == ETHERTYPE_8021QinQ) { + printed_length = 0; + while (length_type == ETHERTYPE_8021Q || + length_type == ETHERTYPE_8021Q9100 || + length_type == ETHERTYPE_8021Q9200 || + length_type == ETHERTYPE_8021QinQ) { /* + * It has a VLAN tag. * Print VLAN information, and then go back and process * the enclosed type field. */ @@@ -246,14 -304,58 +318,59 @@@ llc_hdrlen = -llc_hdrlen; } hdrlen += llc_hdrlen; + } else if (length_type == ETHERTYPE_ARISTA) { + if (caplen < 2) { + ND_PRINT("[|arista]"); + return (hdrlen + caplen); + } + if (length < 2) { + ND_PRINT("[|arista]"); + return (hdrlen + length); + } + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); + int bytesConsumed = arista_ethertype_print(ndo, p, length); + if (bytesConsumed > 0) { + p += bytesConsumed; + length -= bytesConsumed; + caplen -= bytesConsumed; + hdrlen += bytesConsumed; + goto recurse; + } else { + /* subtype/version not known, print raw packet */ + if (!ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) { + ether_addresses_print(ndo, src.addr, dst.addr); + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); + } + if (!ndo->ndo_suppress_default_print) + ND_DEFAULTPRINT(p, caplen); + } } else { + /* + * It's a type field with some other value. + */ + if (ndo->ndo_eflag) { + ether_type_print(ndo, length_type); + if (!printed_length) + ND_PRINT(", length %u: ", orig_length); + else + ND_PRINT(", "); + } if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) { +raw: /* type not known, print raw packet */ if (!ndo->ndo_eflag) { - if (print_encap_header != NULL) - (*print_encap_header)(ndo, encap_header_arg); - ether_hdr_print(ndo, (const u_char *)ep, orig_length); + /* + * We didn't print the full link-layer + * header, as -e wasn't specified, so + * print only the source and destination + * MAC addresses and the final Ethernet + * type. + */ + ether_addresses_print(ndo, src.addr, dst.addr); + ether_type_print(ndo, length_type); + ND_PRINT(", length %u: ", orig_length); } if (!ndo->ndo_suppress_default_print) diff --cc tests/TESTLIST index 66dbb6e5,2cd4abb9..a023709d --- a/tests/TESTLIST +++ b/tests/TESTLIST @@@ -440,18 -693,100 +693,110 @@@ smb_print_trans-oobr2 smb_print_trans-o # RTP tests # fuzzed pcap - rtp-seg-fault-1 rtp-seg-fault-1.pcap rtp-seg-fault-1.out -t -v -T rtp - rtp-seg-fault-2 rtp-seg-fault-2.pcap rtp-seg-fault-2.out -t -v -T rtp + rtp-seg-fault-1 rtp-seg-fault-1.pcapng rtp-seg-fault-1.out -v -T rtp + rtp-seg-fault-2 rtp-seg-fault-2.pcapng rtp-seg-fault-2.out -v -T rtp - # NFS tests - # fuzzed pcap - nfs-seg-fault-1 nfs-seg-fault-1.pcap nfs-seg-fault-1.out -t + # SSH tests + ssh ssh.pcap ssh.out +# MACsec +macsec-encrypted macsec-encrypted.pcap macsec-encrypted.out -t -e +macsec-changed macsec-changed.pcap macsec-changed.out -t -e +macsec-integonly macsec-integonly.pcap macsec-integonly.out -t -e +macsec-snap macsec-snap.pcap macsec-snap.out -t -e +macsec-short-shorter macsec-short-shorter.pcap macsec-short-shorter.out -t -e +macsec-short-longer macsec-short-longer.pcap macsec-short-longer.out -t -e +macsec-short-valid macsec-short-valid.pcap macsec-short-valid.out -t -e ++ + # NFS tests ++# fuzzed pcap + nfs-write-verf-cookie nfs-write-verf-cookie.pcapng nfs-write-verf-cookie.out -vv + + # NFS fuzzed + nfs-seg-fault-1 nfs-seg-fault-1.pcapng nfs-seg-fault-1.out + # NFS invalid + nfs-cannot-pad-32-bit nfs-cannot-pad-32-bit.pcap nfs-cannot-pad-32-bit.out + + # DNS infinite loop tests + # + # See http://marc.info/?l=tcpdump-workers&m=95552439022555 + # + dns-zlip-1 dns-zlip-1.pcap dns-zlip-1.out + dns-zlip-2 dns-zlip-2.pcap dns-zlip-2.out + dns-zlip-3 dns-zlip-3.pcap dns-zlip-3.out + + # NTP tests + ntp ntp.pcap ntp.out + ntp-v ntp.pcap ntp-v.out -v + ntp-time ntp-time.pcap ntp-time.out + ntp-time--v ntp-time.pcap ntp-time--v.out -v + ntp-time--vv ntp-time.pcap ntp-time--vv.out -vv + ntp-time--vvv ntp-time.pcap ntp-time--vvv.out -vvv + ntp-control ntp-control.pcap ntp-control.out + ntp-control--v ntp-control.pcap ntp-control--v.out -v + ntp-control--vv ntp-control.pcap ntp-control--vv.out -vv + ntp-control--vvv ntp-control.pcap ntp-control--vvv.out -vvv + ntp-mode7 ntp-mode7.pcap ntp-mode7.out + ntp-mode7--v ntp-mode7.pcap ntp-mode7--v.out -v + ntp-mode7--vv ntp-mode7.pcap ntp-mode7--vv.out -vv + ntp-mode7--vvv ntp-mode7.pcap ntp-mode7--vvv.out -vvv + + # RX/AFS + rx afs.pcap rx.out + rx-v afs.pcap rx-v.out -v + + # Empty pcap/pcapng tests + empty-pcap empty.pcap empty.out + empty-pcapng empty.pcapng empty.out + + # DNS Extended rcode tests + dns-badcookie dns-badcookie.pcap dns-badcookie.out + dns-badvers dns-badvers.pcap dns-badvers.out + + # LLDP + lldp-app-priority lldp-app-priority.pcap lldp-app-priority.out -v + + # DNS URI RR support tests + dns-uri dns-uri.pcap dns-uri.out + + # AF_VSOCK tests + vsock-1 vsock-1.pcapng vsock-1.out + vsock-1-v vsock-1.pcapng vsock-1-v.out -v + vsock-1-vv vsock-1.pcapng vsock-1-vv.out -vv + #IP over infinband (ipoib) + ipoib ipoib.pcap ipoib.out + ipoib-e ipoib.pcap ipoib-e.out -e + + # BFD multihop and lag (RFC5883 & 7130) + bfd-multihop bfd-multihop.pcap bfd-multihop.out + bfd-multihop-v bfd-multihop.pcap bfd-multihop-v.out -v + bfd-lag bfd-lag.pcap bfd-lag.out + bfd-lag-v bfd-lag.pcap bfd-lag-v.out -v + + # Arista Vendor Specific Tests + arista-ether arista_ether.pcap arista_ether.out + arista-ether-e arista_ether.pcap arista_ether-e.out -e + arista-ether-ev arista_ether.pcap arista_ether-ev.out -ev + + # TIPC length field test + huge-tipc-messages huge-tipc-messages.pcap huge-tipc-messages.out + + # CVE-2018-10105 bad packets from Luis Rocha + sflow_print-segv sflow_print-segv.pcap sflow_print-segv.out -v + smb_data_print-oobr smb_data_print-oobr.pcapng smb_data_print-oobr.out -vv + smb_data_print-segv smb_data_print-segv.pcapng smb_data_print-segv.out -vv + #ptp tests + ptp ptp.pcap ptp.out + ptp_ethernet ptp_ethernet.pcap ptp_ethernet.out -e + + # bad packets from Jason Xiaole + ldp_tlv_print-oobr ldp_tlv_print-oobr.pcap ldp_tlv_print-oobr.out -v + + #someip tests + someip1 someip1.pcap someip1.out + someip2 someip2.pcap someip2.out + + # EDNS Options + edns-opts edns-opts.pcap edns-opts.out + edns-opts-v edns-opts.pcap edns-opts-v.out -v + edns-opts-vv edns-opts.pcap edns-opts-vv.out -vv