all: import netsniff-ng 0.5.8-rc0 source

We decided to get rid of the old Git history and start a new one for
several reasons:

 *) Allow / enforce only high-quality commits (which was not the case
    for many commits in the history), have a policy that is more close
    to the one from the Linux kernel. With high quality commits, we
    mean code that is logically split into commits and commit messages
    that are signed-off and have a proper subject and message body.
    We do not allow automatic Github merges anymore, since they are
    total bullshit. However, we will either cherry-pick your patches
    or pull them manually.

 *) The old archive was about ~27MB for no particular good reason.
    This basically derived from the bad decision that also some PDF
    files where stored there. From this moment onwards, no binary
    objects are allowed to be stored in this repository anymore.

The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

1 files changed, 87 insertions, 0 deletions

diff --git a/proto_ip_authentication_hdr.c b/proto_ip_authentication_hdr.c
new file mode 100644
index 0000000..2d5f57c
--- /dev/null
+++ b/proto_ip_authentication_hdr.c
@@ -0,0 +1,87 @@
+/*
+ * netsniff-ng - the packet sniffing beast
+ * Copyright 2012 Markus Amend <markus@netsniff-ng.org>, Deutsche Flugsicherung GmbH
+ * Subject to the GPL, version 2.
+ *
+ * IP Authentication Header described in RFC4302
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <netinet/in.h>    /* for ntohs() */
+
+#include "proto.h"
+#include "protos.h"
+#include "dissector_eth.h"
+#include "built_in.h"
+#include "pkt_buff.h"
+
+struct auth_hdr {
+	uint8_t h_next_header;
+	uint8_t h_payload_len;
+	uint16_t h_reserved;
+	uint32_t h_spi;
+	uint32_t h_snf;
+} __packed;
+
+static void auth_hdr(struct pkt_buff *pkt)
+{
+	ssize_t hdr_len;
+	size_t i;
+	struct auth_hdr *auth_ops;
+
+	auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops));
+	if (auth_ops == NULL)
+		return;
+	
+	hdr_len = (auth_ops->h_payload_len * 4) + 8;
+
+	tprintf(" [ Authentication Header ");
+	tprintf("NextHdr (%u), ", auth_ops->h_next_header);
+	if (hdr_len > pkt_len(pkt) || hdr_len < 0){
+		tprintf("HdrLen (%u, %zd Bytes %s), ",
+		      auth_ops->h_payload_len, hdr_len,
+		      colorize_start_full(black, red)
+		      "invalid" colorize_end());
+		      return;
+	}
+	tprintf("HdrLen (%u, %zd Bytes), ",auth_ops->h_payload_len, hdr_len);
+	tprintf("Reserved (0x%x), ", ntohs(auth_ops->h_reserved));
+	/* TODO
+	 * Upgrade for Extended (64-bit) Sequence Number
+	 * http://tools.ietf.org/html/rfc4302#section-2.5.1
+	 */
+	tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi));
+	tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf));
+	tprintf("ICV 0x");
+	for (i = sizeof(struct auth_hdr); i < hdr_len; i++)
+		tprintf("%02x", *pkt_pull(pkt, 1));
+	tprintf(" ]\n");
+
+	pkt_set_proto(pkt, &eth_lay3, auth_ops->h_next_header);
+}
+
+static void auth_hdr_less(struct pkt_buff *pkt)
+{
+  	ssize_t hdr_len;
+	struct auth_hdr *auth_ops;
+
+	auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops));
+	if (auth_ops == NULL)
+		return;
+	
+	hdr_len = (auth_ops->h_payload_len * 4) + 8;
+	if (hdr_len > pkt_len(pkt) || hdr_len < 0)
+		return;
+
+	tprintf(" AH");
+
+	pkt_pull(pkt, hdr_len - sizeof(*auth_ops));
+	pkt_set_proto(pkt, &eth_lay3, auth_ops->h_next_header);
+}
+
+struct protocol ip_auth_ops = {
+	.key = 0x33,
+	.print_full = auth_hdr,
+	.print_less = auth_hdr_less,
+};