handle IPSec processed packets (DLT_ENC) in libpcap, display them with

tcpdump + additional info (SPI + which type of transforms where passed).

1 files changed, 99 insertions, 0 deletions

diff --git a/usr.sbin/tcpdump/print-enc.c b/usr.sbin/tcpdump/print-enc.c
new file mode 100644
index 00000000000..89818e44a69
--- /dev/null
+++ b/usr.sbin/tcpdump/print-enc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code distributions
+ * retain the above copyright notice and this paragraph in its entirety, (2)
+ * distributions including binary code include the above copyright notice and
+ * this paragraph in its entirety in the documentation or other materials
+ * provided with the distribution, and (3) all advertising materials mentioning
+ * features or use of this software display the following acknowledgement:
+ * ``This product includes software developed by the University of California,
+ * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+ * the University nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static const char rcsid[] =
+    "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-enc.c,v 1.1 1998/06/11 00:01:25 provos Exp $ (LBL)";
+#endif
+
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+
+#ifdef __STDC__
+struct rtentry;
+#endif
+#include <net/if.h>
+#include <net/if_enc.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <ctype.h>
+#include <netdb.h>
+#include <pcap.h>
+#include <signal.h>
+#include <stdio.h>
+
+#include "interface.h"
+#include "addrtoname.h"
+
+#define ENC_PRINT_TYPE(wh, xf, nam) \
+	if ((wh) & (xf)) { \
+		printf("%s%s", nam, (wh) == (xf) ? "): " : ","); \
+		(wh) &= ~(xf); \
+	}
+
+void
+enc_if_print(u_char *user, const struct pcap_pkthdr *h,
+	     register const u_char *p)
+{
+	register u_int length = h->len;
+	register u_int caplen = h->caplen;
+	int flags;
+	const struct ip *ip;
+	const struct enchdr *hdr;
+
+	ts_print(&h->ts);
+
+	if (caplen < ENC_HDRLEN) {
+		printf("[|enc]");
+		goto out;
+	}
+
+	/*
+	 * Some printers want to get back at the link level addresses,
+	 * and/or check that they're not walking off the end of the packet.
+	 * Rather than pass them all the way down, we set these globals.
+	 */
+	packetp = p;
+	snapend = p + caplen;
+	
+	hdr = (struct enchdr *)p;
+	printf("SPI 0x%08x (", ntohl(hdr->spi));
+	flags = hdr->flags;
+	ENC_PRINT_TYPE(flags, M_AUTH, "authentic");
+	ENC_PRINT_TYPE(flags, M_CONF, "confidential");
+	ENC_PRINT_TYPE(flags, M_TUNNEL, "tunnel");
+
+	length -= ENC_HDRLEN;
+	ip = (struct ip *)(p + ENC_HDRLEN);
+	ip_print((const u_char *)ip, length);
+
+	if (xflag)
+		default_print((const u_char *)ip, caplen - ENC_HDRLEN);
+out:
+	putchar('\n');
+}