tcpdump: convert print-ipsec to a EVP_CIPHER_CTX on the heap.

Fix and add some error checking while there.

ok deraadt

- (void)printf() -> printf(); the cast adds clutter for little value.
- fprintf(stdout, ...) -> printf()
- fputs(x, stdout) -> printf(); for consistency.
fputs is twice as fast on atom x5-Z8300@1.44G

- (void)printf() -> printf(); the cast adds clutter for little value.
- fprintf(stdout, ...) -> printf()
- fputs(x, stdout) -> printf(); for consistency.
fputs is twice as fast on atom x5-Z8300@1.44GHz but Amdahl sees a pure printf
tcpdump only 2% slower than a pure fputs (for constant strings) tcpdump
to /dev/null across a 20MB/~170k packet pcap file.

ok dlg@ for fputs and ok tedu@ krw@ deraadt@ a2k19 for the rest

show more ...

Remove #ifdef INET6

There's not reason to build without IPv6 support, `-U INET6' builds were
broken anyway.

Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.

No object change on amd

Remove #ifdef INET6

There's not reason to build without IPv6 support, `-U INET6' builds were
broken anyway.

Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.

No object change on amd64 and sparc64 with clang, gcc compiles differently
but behaviour stays the same.

OK denis deraadt

show more ...

Rework UDP parsing, particularly around IP addresses.

This originally started as trying to put a consistent space between
the UDP header information and the payload parsing, but while doing
that I n

Rework UDP parsing, particularly around IP addresses.

This originally started as trying to put a consistent space between
the UDP header information and the payload parsing, but while doing
that I noticed inconsistent IPv4 vs IPv6 handling.

Apart from the default "srcip.srcport > dstip.dstpor" output, all
the other places that IP addresses were printed assumed IPv4. It
looks like it is possible that udp_print() can be called without
an IP header, which made these blind IPv4 prints turn into NULL
derefs.

This fixes the problem above by only having a single place that
prints the addresses out, and makes sure to get the difference
between IPv4, IPv6 and no IP correct.

This changes how the checksum is calculated. It incrementally builds
the UDP checksum by feeding the IPv4 and v6 addresses in separately,
then using common code for the rest of the pseudo header and actual
payload.

Lastly, this does make printing the space between the UDP header
and its payload consistent. The UDP code is now responsible for
adding a space after itself so the payload parsers don't have to.
They got it wrong in some cases anyway, so this should be a lot
more uniform.

help and ok sthen@

show more ...

Remove remaining instances of the register keyword.

ok deraadt@

The <ctype.h> is*() interfaces expect EOF or an unsigned char; cast to
(unsigned char) as required

found by Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) w/Coccinelle

Most packets generate one line in tcpdump. For AH and RIP there
was an extra line without benefit. Remove the new-line in printf
to make parsing easier.
OK lteo@ mikeb@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_N

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

show more ...

No use for <netinet/in_systm.h> nor <netinet/tcpip.h>.

Make icmp_print() accept the length variable, which is the length of the
packet without the IP header. This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.

Relate

Make icmp_print() accept the length variable, which is the length of the
packet without the IP header. This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.

Related functions like {tcp,udp,icmp6}_print() already accept this
length variable, so this change makes icmp_print() consistent with
them as well.

This commit makes no functional change to tcpdump itself.

OK florian@

show more ...

esp/ah sequence number is unsigned and should be printed as such;
ok haesbaert, sthen, yasuoka, mpf

Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD,
cleaned up to be less gross after some suggestions from stsp.

ok stsp@

Don't leak memory in error case.
Found by parfait.

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(th

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

show more ...

Print spi in lowercase hex for consistency with print-enc.c and ipsecctl.

ok hshoexer msf

trash $Header goo which is just annoying; 5595

Fix truncation check by directly comparing both values and don't
compare the unsigned value of the subtraction against <= 0.

ok krw@ ray@

print icmpv6 inside security header (ah/esp).

enable ESP and AH dissectors over IPv6; ok mpf@ (at k2k6)

add support for ESP decryption; ok deraadt@; feedback mickey@;
many manpage fixes from jmc@

add printing of ipcomp, and while in the neighborhood, make ah/esp actually
check the length of the data

"IPSec" -> "IPsec" (jsyn@nthought.com)

Compile with -Wall. Add $OpenBSD$. (jakob@ ok)

INET6
DHCP/BOOTP
tcp & udp checksum detection
numerous bugfixes

Print AH payload data (with -v). jakob@ ok.