├── .gitignore ├── AUTHORS ├── COPYING ├── ChangeLog ├── Contributors ├── INSTALL ├── Makefile.am ├── NEWS ├── README ├── README.md ├── TODO ├── autogen.sh ├── configure.ac ├── ipdecap.1 ├── src ├── Makefile.am ├── esp.c ├── esp.h ├── gre.h ├── ipdecap.c ├── ipdecap.h ├── tags ├── utils.c └── utils.h ├── tools └── sadb2conf.awk └── unit_tests ├── 802.1q ├── 802.1q.md5 ├── 802.1q_corrupted_packet.pcapng ├── Makefile.am └── icmp_802.1q_simple_layer.cap ├── Makefile ├── README ├── esp ├── 3des-cbc_hmac-sha1 │ ├── 3des-cbc_hmac-sha1.cap │ ├── 3des-cbc_hmac-sha1.cap.conf │ └── 3des-cbc_hmac-sha1.cap.keys ├── 3des-cbc_null │ ├── 3des-cbc_null.cap │ ├── 3des-cbc_null.cap.conf │ └── 3des-cbc_null.cap.keys ├── Makefile.am ├── aes-cbc_hmac-sha1 │ ├── aes-cbc_hmac-sha1.cap │ ├── aes-cbc_hmac-sha1.cap.conf │ └── aes-cbc_hmac-sha1.cap.keys ├── aes192-cbc_hmac-sha1 │ ├── aes192-cbc_hmac-sha1.cap │ ├── aes192-cbc_hmac-sha1.cap.conf │ └── aes192-cbc_hmac-sha1.cap.keys ├── aes256-cbc_hmac-sha1 │ ├── aes256-cbc_hmac-sha1.cap │ ├── aes256-cbc_hmac-sha1.cap.conf │ └── aes256-cbc_hmac-sha1.cap.keys ├── des-cbc_hmac-md5 │ ├── des-cbc_hmac-md5.cap │ ├── des-cbc_hmac-md5.cap.conf │ └── des-cbc_hmac-md5.cap.keys ├── esp.md5 └── null_hmac-md5 │ ├── null_hmac-md5.cap │ ├── null_hmac-md5.cap.conf │ └── null_hmac-md5.cap.keys ├── gre ├── Makefile.am ├── gre.md5 └── gre_version0.cap ├── ip6in4 ├── Makefile.am ├── ip6in4.cap └── ip6in4.md5 └── ipip ├── Makefile.am ├── icmp_ipip_tunnel.cap ├── ipip.md5 └── ipip_corrupted_header_length.pcapng /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.output 3 | cachegrind.out.* 4 | callgrind.out.* 5 | src/ipdecap 6 | ipdecap-*.tar.gz 7 | .gitconfig 8 | .DS_Store 9 | 10 | # http://www.gnu.org/software/automake 11 | 12 | Makefile.in 13 | 14 | # http://www.gnu.org/software/autoconf 15 | 16 | /autom4te.cache 17 | /aclocal.m4 18 | /compile 19 | /configure 20 | /depcomp 21 | /install-sh 22 | /missing 23 | /stamp-h1 24 | /config.h 25 | /config.h.in 26 | /config.log 27 | /config.status 28 | /Makefile 29 | /src/Makefile 30 | /src/.deps/ 31 | 32 | /config.guess 33 | /config.sub 34 | /unit_tests/802.1q/Makefile 35 | /unit_tests/esp/Makefile 36 | /unit_tests/gre/Makefile 37 | /unit_tests/ip6in4/Makefile 38 | /unit_tests/ipip/Makefile 39 | 40 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Loic Pefferkorn 2 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | v0.7.2 - 2018/07/19: Loic Pefferkorn 2 | * Fix segfault on malformed 802.1q header (author: aapo, issue #4) 3 | * Fix segfault on malformed IPIP header (issue #5) 4 | * Support for OpenSSL >= 1.1.0 (author: jumrc) 5 | * Global code cleanup: Doxygen comments, source code split 6 | 7 | v0.7.1 - 2016/04/21: Loic Pefferkorn 8 | * Autotools update to ensure OS X compatibility (10.9 with MacPorts) 9 | * Warnings cleanup 10 | 11 | v0.7 - 2014/03/04: Loic Pefferkorn 12 | * Ported to FreeBSD 13 | * Better error messages 14 | * Internal clean up 15 | * Clean unit tests leftovers on make clean 16 | 17 | v0.6 - 2013/11/17: Loic Pefferkorn 18 | * Switch back to Autotools build system 19 | * Unit testing through pcap samples. 20 | * Support for 6in4 protocol (IPv6 encapsulated within IPv4) 21 | * Remove virtual lan (IEEE 802.1Q) header 22 | 23 | v0.5 - 2013/01/06: Loic Pefferkorn 24 | * First public version 25 | * Upload to GitHub 26 | -------------------------------------------------------------------------------- /Contributors: -------------------------------------------------------------------------------- 1 | Hisu Kang: 2 | - Suggestion for IEEE 802.1Q support 3 | - Preliminary patch for 6in4 support (patch adapted) 4 | 5 | William Stearns: 6 | - Tests for OS X compatibility (10.9 with MacPorts project) 7 | 8 | Aapo Rantalainen: 9 | - Segfault fix on malformed 802.1q header 10 | 11 | jurmc: 12 | - Support for OpenSSL >= 1.1.0 13 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | Installation Instructions 2 | ************************* 3 | 4 | Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, 5 | Inc. 6 | 7 | Copying and distribution of this file, with or without modification, 8 | are permitted in any medium without royalty provided the copyright 9 | notice and this notice are preserved. This file is offered as-is, 10 | without warranty of any kind. 11 | 12 | Basic Installation 13 | ================== 14 | 15 | Briefly, the shell commands `./configure; make; make install' should 16 | configure, build, and install this package. The following 17 | more-detailed instructions are generic; see the `README' file for 18 | instructions specific to this package. Some packages provide this 19 | `INSTALL' file but do not implement all of the features documented 20 | below. The lack of an optional feature in a given package is not 21 | necessarily a bug. More recommendations for GNU packages can be found 22 | in *note Makefile Conventions: (standards)Makefile Conventions. 23 | 24 | The `configure' shell script attempts to guess correct values for 25 | various system-dependent variables used during compilation. It uses 26 | those values to create a `Makefile' in each directory of the package. 27 | It may also create one or more `.h' files containing system-dependent 28 | definitions. Finally, it creates a shell script `config.status' that 29 | you can run in the future to recreate the current configuration, and a 30 | file `config.log' containing compiler output (useful mainly for 31 | debugging `configure'). 32 | 33 | It can also use an optional file (typically called `config.cache' 34 | and enabled with `--cache-file=config.cache' or simply `-C') that saves 35 | the results of its tests to speed up reconfiguring. Caching is 36 | disabled by default to prevent problems with accidental use of stale 37 | cache files. 38 | 39 | If you need to do unusual things to compile the package, please try 40 | to figure out how `configure' could check whether to do them, and mail 41 | diffs or instructions to the address given in the `README' so they can 42 | be considered for the next release. If you are using the cache, and at 43 | some point `config.cache' contains results you don't want to keep, you 44 | may remove or edit it. 45 | 46 | The file `configure.ac' (or `configure.in') is used to create 47 | `configure' by a program called `autoconf'. You need `configure.ac' if 48 | you want to change it or regenerate `configure' using a newer version 49 | of `autoconf'. 50 | 51 | The simplest way to compile this package is: 52 | 53 | 1. `cd' to the directory containing the package's source code and type 54 | `./configure' to configure the package for your system. 55 | 56 | Running `configure' might take a while. While running, it prints 57 | some messages telling which features it is checking for. 58 | 59 | 2. Type `make' to compile the package. 60 | 61 | 3. Optionally, type `make check' to run any self-tests that come with 62 | the package, generally using the just-built uninstalled binaries. 63 | 64 | 4. Type `make install' to install the programs and any data files and 65 | documentation. When installing into a prefix owned by root, it is 66 | recommended that the package be configured and built as a regular 67 | user, and only the `make install' phase executed with root 68 | privileges. 69 | 70 | 5. Optionally, type `make installcheck' to repeat any self-tests, but 71 | this time using the binaries in their final installed location. 72 | This target does not install anything. Running this target as a 73 | regular user, particularly if the prior `make install' required 74 | root privileges, verifies that the installation completed 75 | correctly. 76 | 77 | 6. You can remove the program binaries and object files from the 78 | source code directory by typing `make clean'. To also remove the 79 | files that `configure' created (so you can compile the package for 80 | a different kind of computer), type `make distclean'. There is 81 | also a `make maintainer-clean' target, but that is intended mainly 82 | for the package's developers. If you use it, you may have to get 83 | all sorts of other programs in order to regenerate files that came 84 | with the distribution. 85 | 86 | 7. Often, you can also type `make uninstall' to remove the installed 87 | files again. In practice, not all packages have tested that 88 | uninstallation works correctly, even though it is required by the 89 | GNU Coding Standards. 90 | 91 | 8. Some packages, particularly those that use Automake, provide `make 92 | distcheck', which can by used by developers to test that all other 93 | targets like `make install' and `make uninstall' work correctly. 94 | This target is generally not run by end users. 95 | 96 | Compilers and Options 97 | ===================== 98 | 99 | Some systems require unusual options for compilation or linking that 100 | the `configure' script does not know about. Run `./configure --help' 101 | for details on some of the pertinent environment variables. 102 | 103 | You can give `configure' initial values for configuration parameters 104 | by setting variables in the command line or in the environment. Here 105 | is an example: 106 | 107 | ./configure CC=c99 CFLAGS=-g LIBS=-lposix 108 | 109 | *Note Defining Variables::, for more details. 110 | 111 | Compiling For Multiple Architectures 112 | ==================================== 113 | 114 | You can compile the package for more than one kind of computer at the 115 | same time, by placing the object files for each architecture in their 116 | own directory. To do this, you can use GNU `make'. `cd' to the 117 | directory where you want the object files and executables to go and run 118 | the `configure' script. `configure' automatically checks for the 119 | source code in the directory that `configure' is in and in `..'. This 120 | is known as a "VPATH" build. 121 | 122 | With a non-GNU `make', it is safer to compile the package for one 123 | architecture at a time in the source code directory. After you have 124 | installed the package for one architecture, use `make distclean' before 125 | reconfiguring for another architecture. 126 | 127 | On MacOS X 10.5 and later systems, you can create libraries and 128 | executables that work on multiple system types--known as "fat" or 129 | "universal" binaries--by specifying multiple `-arch' options to the 130 | compiler but only a single `-arch' option to the preprocessor. Like 131 | this: 132 | 133 | ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ 134 | CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ 135 | CPP="gcc -E" CXXCPP="g++ -E" 136 | 137 | This is not guaranteed to produce working output in all cases, you 138 | may have to build one architecture at a time and combine the results 139 | using the `lipo' tool if you have problems. 140 | 141 | Installation Names 142 | ================== 143 | 144 | By default, `make install' installs the package's commands under 145 | `/usr/local/bin', include files under `/usr/local/include', etc. You 146 | can specify an installation prefix other than `/usr/local' by giving 147 | `configure' the option `--prefix=PREFIX', where PREFIX must be an 148 | absolute file name. 149 | 150 | You can specify separate installation prefixes for 151 | architecture-specific files and architecture-independent files. If you 152 | pass the option `--exec-prefix=PREFIX' to `configure', the package uses 153 | PREFIX as the prefix for installing programs and libraries. 154 | Documentation and other data files still use the regular prefix. 155 | 156 | In addition, if you use an unusual directory layout you can give 157 | options like `--bindir=DIR' to specify different values for particular 158 | kinds of files. Run `configure --help' for a list of the directories 159 | you can set and what kinds of files go in them. In general, the 160 | default for these options is expressed in terms of `${prefix}', so that 161 | specifying just `--prefix' will affect all of the other directory 162 | specifications that were not explicitly provided. 163 | 164 | The most portable way to affect installation locations is to pass the 165 | correct locations to `configure'; however, many packages provide one or 166 | both of the following shortcuts of passing variable assignments to the 167 | `make install' command line to change installation locations without 168 | having to reconfigure or recompile. 169 | 170 | The first method involves providing an override variable for each 171 | affected directory. For example, `make install 172 | prefix=/alternate/directory' will choose an alternate location for all 173 | directory configuration variables that were expressed in terms of 174 | `${prefix}'. Any directories that were specified during `configure', 175 | but not in terms of `${prefix}', must each be overridden at install 176 | time for the entire installation to be relocated. The approach of 177 | makefile variable overrides for each directory variable is required by 178 | the GNU Coding Standards, and ideally causes no recompilation. 179 | However, some platforms have known limitations with the semantics of 180 | shared libraries that end up requiring recompilation when using this 181 | method, particularly noticeable in packages that use GNU Libtool. 182 | 183 | The second method involves providing the `DESTDIR' variable. For 184 | example, `make install DESTDIR=/alternate/directory' will prepend 185 | `/alternate/directory' before all installation names. The approach of 186 | `DESTDIR' overrides is not required by the GNU Coding Standards, and 187 | does not work on platforms that have drive letters. On the other hand, 188 | it does better at avoiding recompilation issues, and works well even 189 | when some directory options were not specified in terms of `${prefix}' 190 | at `configure' time. 191 | 192 | Optional Features 193 | ================= 194 | 195 | If the package supports it, you can cause programs to be installed 196 | with an extra prefix or suffix on their names by giving `configure' the 197 | option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. 198 | 199 | Some packages pay attention to `--enable-FEATURE' options to 200 | `configure', where FEATURE indicates an optional part of the package. 201 | They may also pay attention to `--with-PACKAGE' options, where PACKAGE 202 | is something like `gnu-as' or `x' (for the X Window System). The 203 | `README' should mention any `--enable-' and `--with-' options that the 204 | package recognizes. 205 | 206 | For packages that use the X Window System, `configure' can usually 207 | find the X include and library files automatically, but if it doesn't, 208 | you can use the `configure' options `--x-includes=DIR' and 209 | `--x-libraries=DIR' to specify their locations. 210 | 211 | Some packages offer the ability to configure how verbose the 212 | execution of `make' will be. For these packages, running `./configure 213 | --enable-silent-rules' sets the default to minimal output, which can be 214 | overridden with `make V=1'; while running `./configure 215 | --disable-silent-rules' sets the default to verbose, which can be 216 | overridden with `make V=0'. 217 | 218 | Particular systems 219 | ================== 220 | 221 | On HP-UX, the default C compiler is not ANSI C compatible. If GNU 222 | CC is not installed, it is recommended to use the following options in 223 | order to use an ANSI C compiler: 224 | 225 | ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" 226 | 227 | and if that doesn't work, install pre-built binaries of GCC for HP-UX. 228 | 229 | HP-UX `make' updates targets which have the same time stamps as 230 | their prerequisites, which makes it generally unusable when shipped 231 | generated files such as `configure' are involved. Use GNU `make' 232 | instead. 233 | 234 | On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot 235 | parse its `' header file. The option `-nodtk' can be used as 236 | a workaround. If GNU CC is not installed, it is therefore recommended 237 | to try 238 | 239 | ./configure CC="cc" 240 | 241 | and if that doesn't work, try 242 | 243 | ./configure CC="cc -nodtk" 244 | 245 | On Solaris, don't put `/usr/ucb' early in your `PATH'. This 246 | directory contains several dysfunctional programs; working variants of 247 | these programs are available in `/usr/bin'. So, if you need `/usr/ucb' 248 | in your `PATH', put it _after_ `/usr/bin'. 249 | 250 | On Haiku, software installed for all users goes in `/boot/common', 251 | not `/usr/local'. It is recommended to use the following options: 252 | 253 | ./configure --prefix=/boot/common 254 | 255 | Specifying the System Type 256 | ========================== 257 | 258 | There may be some features `configure' cannot figure out 259 | automatically, but needs to determine by the type of machine the package 260 | will run on. Usually, assuming the package is built to be run on the 261 | _same_ architectures, `configure' can figure that out, but if it prints 262 | a message saying it cannot guess the machine type, give it the 263 | `--build=TYPE' option. TYPE can either be a short name for the system 264 | type, such as `sun4', or a canonical name which has the form: 265 | 266 | CPU-COMPANY-SYSTEM 267 | 268 | where SYSTEM can have one of these forms: 269 | 270 | OS 271 | KERNEL-OS 272 | 273 | See the file `config.sub' for the possible values of each field. If 274 | `config.sub' isn't included in this package, then this package doesn't 275 | need to know the machine type. 276 | 277 | If you are _building_ compiler tools for cross-compiling, you should 278 | use the option `--target=TYPE' to select the type of system they will 279 | produce code for. 280 | 281 | If you want to _use_ a cross compiler, that generates code for a 282 | platform different from the build platform, you should specify the 283 | "host" platform (i.e., that on which the generated programs will 284 | eventually be run) with `--host=TYPE'. 285 | 286 | Sharing Defaults 287 | ================ 288 | 289 | If you want to set default values for `configure' scripts to share, 290 | you can create a site shell script called `config.site' that gives 291 | default values for variables like `CC', `cache_file', and `prefix'. 292 | `configure' looks for `PREFIX/share/config.site' if it exists, then 293 | `PREFIX/etc/config.site' if it exists. Or, you can set the 294 | `CONFIG_SITE' environment variable to the location of the site script. 295 | A warning: not all `configure' scripts look for a site script. 296 | 297 | Defining Variables 298 | ================== 299 | 300 | Variables not defined in a site shell script can be set in the 301 | environment passed to `configure'. However, some packages may run 302 | configure again during the build, and the customized values of these 303 | variables may be lost. In order to avoid this problem, you should set 304 | them in the `configure' command line, using `VAR=value'. For example: 305 | 306 | ./configure CC=/usr/local2/bin/gcc 307 | 308 | causes the specified `gcc' to be used as the C compiler (unless it is 309 | overridden in the site shell script). 310 | 311 | Unfortunately, this technique does not work for `CONFIG_SHELL' due to 312 | an Autoconf limitation. Until the limitation is lifted, you can use 313 | this workaround: 314 | 315 | CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash 316 | 317 | `configure' Invocation 318 | ====================== 319 | 320 | `configure' recognizes the following options to control how it 321 | operates. 322 | 323 | `--help' 324 | `-h' 325 | Print a summary of all of the options to `configure', and exit. 326 | 327 | `--help=short' 328 | `--help=recursive' 329 | Print a summary of the options unique to this package's 330 | `configure', and exit. The `short' variant lists options used 331 | only in the top level, while the `recursive' variant lists options 332 | also present in any nested packages. 333 | 334 | `--version' 335 | `-V' 336 | Print the version of Autoconf used to generate the `configure' 337 | script, and exit. 338 | 339 | `--cache-file=FILE' 340 | Enable the cache: use and save the results of the tests in FILE, 341 | traditionally `config.cache'. FILE defaults to `/dev/null' to 342 | disable caching. 343 | 344 | `--config-cache' 345 | `-C' 346 | Alias for `--cache-file=config.cache'. 347 | 348 | `--quiet' 349 | `--silent' 350 | `-q' 351 | Do not print messages saying which checks are being made. To 352 | suppress all normal output, redirect it to `/dev/null' (any error 353 | messages will still be shown). 354 | 355 | `--srcdir=DIR' 356 | Look for the package's source code in directory DIR. Usually 357 | `configure' can determine that directory automatically. 358 | 359 | `--prefix=DIR' 360 | Use DIR as the installation prefix. *note Installation Names:: 361 | for more details, including other options available for fine-tuning 362 | the installation locations. 363 | 364 | `--no-create' 365 | `-n' 366 | Run the configure checks, but stop before creating any output 367 | files. 368 | 369 | `configure' also accepts some other, not widely useful, options. Run 370 | `configure --help' for more details. 371 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = src 2 | 3 | man1_MANS = ipdecap.1 4 | EXTRA_DIST = Contributors tools unit_tests README.md autogen.sh ipdecap.1 5 | 6 | check: all 7 | cd unit_tests && $(MAKE) $@ 8 | 9 | clean: 10 | cd src && $(MAKE) $@ 11 | cd unit_tests && $(MAKE) $@ 12 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lpefferkorn/ipdecap/45d2a7dc97a9b6e3139361dfb4d4d6103ed9889d/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | See README.md 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ipdecap 2 | ======= 3 | 4 | Decapsulate traffic encapsulated within GRE, IPIP, 6in4 and ESP (ipsec) protocols, from a pcap file. 5 | Can also remove IEEE 802.1Q (virtual lan - vlan) header. 6 | 7 | Documentation available at http://loicpefferkorn.net/ipdecap 8 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | GENERAL 2 | ------- 3 | -support IPv6 4 | -stats on processed packets: total, processed, errors, ... 5 | -openvpn protocol 6 | -tinc protocol 7 | -add more encrytion algorithms 8 | 9 | ESP 10 | --- 11 | -handle transport mode 12 | 13 | GRE 14 | --- 15 | -notes on ttl (rfc 2784) 16 | 17 | Virtual lan 18 | ----------- 19 | -no support for double-tagged frame (802.1ad) 20 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | autoreconf --install || exit 1 2 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | # -*- Autoconf -*- 2 | # Process this file with autoconf to produce a configure script. 3 | 4 | AC_PREREQ([2.69]) 5 | AC_INIT([ipdecap], [0.7.2], [loic-ipdecap@loicp.eu]) 6 | AC_CANONICAL_HOST 7 | AC_CONFIG_SRCDIR([src/ipdecap.c]) 8 | AC_CONFIG_HEADERS([config.h]) 9 | AM_INIT_AUTOMAKE 10 | 11 | # Checks for programs. 12 | AC_PROG_CC 13 | 14 | case $host in 15 | *-*-freebsd*) 16 | CPPFLAGS="${CFLAGS} -I/usr/local/include -L/usr/local/lib" 17 | ;; 18 | *-apple-darwin*) 19 | CPPFLAGS="${CFLAGS} -I/opt/local/include -L/opt/local/lib" 20 | ;; 21 | esac 22 | 23 | # Checks for libraries. 24 | AC_CHECK_LIB(pcap, pcap_offline_filter, [], 25 | AC_MSG_ERROR(pcap library not found )) 26 | AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], 27 | AC_MSG_ERROR(OpenSSL library not found)) 28 | 29 | # Checks for header files. 30 | AC_CHECK_HEADERS([string.h pcap/pcap.h pcap/vlan.h arpa/inet.h sys/types.h sys/socket.h getopt.h]) 31 | 32 | # Checks for typedefs, structures, and compiler characteristics. 33 | AC_CHECK_HEADER_STDBOOL 34 | AC_TYPE_UINT16_T 35 | AC_CHECK_TYPES([struct ip, struct ether_addr, struct ether_header]) 36 | 37 | # Checks for library functions. 38 | AC_FUNC_ERROR_AT_LINE 39 | AC_FUNC_MALLOC 40 | AC_CHECK_FUNCS([getopt_long memset strcspn strdup strtol]) 41 | 42 | # Used for unit tests 43 | AC_CHECK_PROGS([MD5SUM], [md5sum md5 gmd5sum]) 44 | if test "x$MD5SUM" = x; then 45 | AC_MSG_WARN(Cannot find a md5 checkum tool. Unit tests cannot be run) 46 | fi 47 | AC_SUBST([MD5SUM]) 48 | 49 | AC_CONFIG_FILES([Makefile src/Makefile unit_tests/ip6in4/Makefile unit_tests/gre/Makefile unit_tests/esp/Makefile unit_tests/ipip/Makefile unit_tests/802.1q/Makefile]) 50 | AC_OUTPUT 51 | -------------------------------------------------------------------------------- /ipdecap.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2012-2016 Loic Pefferkorn 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or modify 4 | .\" it under the terms of the GNU General Public License as published by 5 | .\" the Free Software Foundation; either version 2 of the License, or 6 | .\" (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 16 | .\" 17 | 18 | .TH "ipdecap" 1 19 | .SH NAME 20 | ipdecap \- Decapsulate GRE, IPIP, 6in4 and ESP (Ipsec) packets 21 | .SH SYNOPSIS 22 | .B ipdecap 23 | [-v] [-l] [-V] -i input.cap -o output.cap [-c esp.conf] [-f ] 24 | .SH DESCRIPTION 25 | Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4 and ESP (ipsec) protocols, and can also remove virtual lan (IEEE 802.1Q) header. 26 | .P 27 | It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file. 28 | .br 29 | For encrypted protocols (like ESP), a configuration (--conf) with algorithms, hosts, spi and key is mandatory. 30 | .P 31 | Integrity Check Value from AH header is not yet checked. 32 | .P 33 | A bpf filter (-f ) can be applied to limit the packets processed from the input file: 34 | .P 35 | .RS 36 | ipdecap -i esp.cap -o out.cap -f "src 192.0.2.1 and dst 192.0.2.2" 37 | .br 38 | .RE 39 | .P 40 | At the moment, the following encapsulation protocols are supported: 41 | .P 42 | .B IPIP, GRE (IPv4) 43 | .P 44 | .B 6in4 (IPv6 encapsulated within IPv4) 45 | .P 46 | .B ESP (ipsec) (IPv4) 47 | .P 48 | .RS 49 | Encryption algorithms: des-cbc 3des-cbc aes128-cbc aes128-ctr null_enc 50 | .P 51 | Authentification algorithms: hmac_sha1-96 hmac_md5-96 aes_xcbc_mac-96 null_auth any96 any128 any160 any192 any256 any384 any512 52 | .P 53 | .RE 54 | .SH OPTIONS 55 | .TP 56 | .B \-i, --input input file 57 | The pcap file to read packets from. 58 | .TP 59 | .B \-o, --output output file 60 | The pcap file to write decapsulated packets to. 61 | .TP 62 | .B \-c, --conf esp configuration file 63 | .RS 64 | A file with security associations parameters used to decrypt ESP packets, one line per flow. The line's format is: 65 | .P 66 | 67 | .P 68 | For example, to decrypt both flows from A to B and B to A you will need two lines: 69 | .P 70 | .RS 71 | 192.168.2.100 192.168.2.101 3des-cbc hmac_sha1-96 0x785778a2d4b0f36bf17a8c55d9b6cea7abcdef43f9d0d8b0 0x04022464 72 | .br 73 | 192.168.2.101 192.168.2.100 3des-cbc hmac_sha1-96 0xdeadbeeffff23a964457224d4a05121247bdbc8f0dda23fc 0x02250089 74 | .RE 75 | .P 76 | Separator is space or tabulation, if key is useless (null_enc), just put "0". Both spi and key must be in hexadecimal format. 77 | .br At the moment, the authentification part of ESP is not used. 78 | The configuration file can be generated from setkey -Da output thanks to the provided sadb2conf.awk script. 79 | .RE 80 | .TP 81 | .B -v, --verbose 82 | Print more details for each packet processed (encapsulation protocol, sucessfully decryption if IPsec, ...) 83 | .TP 84 | .B \-V, --version 85 | print version 86 | .TP 87 | .B \-l, --list 88 | List supported ESP encryption and authentication algorithms 89 | .TP 90 | 91 | .SH BUGS 92 | .P 93 | -ESP transport mode not supported 94 | .br 95 | .SH NO WARRANTIES 96 | Ipdecap is distributed in the hope that it will be useful, 97 | but WITHOUT ANY WARRANTY; without even the implied warranty of 98 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 99 | GNU General Public License for more details. 100 | .SH LICENSE 101 | Copyright 2012-2016 Loic Pefferkorn 102 | .PP 103 | This program is distributed under the terms of the GNU General Public License V3 as published by the Free Software Foundation. 104 | .SH AUTHOR 105 | .PP 106 | Loic Pefferkorn. Use to contact the developer. 107 | .PP 108 | Ipdecap homepage: https://loicpefferkorn.net/ipdecap/ 109 | 110 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | bin_PROGRAMS = ipdecap 2 | ipdecap_SOURCES = ipdecap.c ipdecap.h gre.h esp.h esp.c utils.c utils.h 3 | AM_CPPFLAGS = -Wall -Wextra -Wshadow -Wstrict-prototypes -Wunreachable-code 4 | -------------------------------------------------------------------------------- /src/esp.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2012-2018 Loïc Pefferkorn 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | #include // for inet_ntop, inet_pton 22 | #include // for err 23 | #include // for __errno_location, errno, ERANGE 24 | #include // for u_char 25 | #include // for ether_header 26 | #include // for ip 27 | #include // for printf, fclose, fgets, fopen, FILE 28 | #include // for NULL, free, strtol 29 | #include // for strtok, memcpy, strcmp, strdup, strlen 30 | #include 31 | #include 32 | #include "utils.h" // for error, member_size, global_args_t, verbose 33 | #include "esp.h" 34 | #include "ipdecap.h" // for process_nonip_packet 35 | 36 | extern global_args_t global_args; 37 | 38 | struct llflow_t *flow_head = NULL; 39 | /* rfc 4835: 40 | Requirement Encryption Algorithm (notes) 41 | ----------- -------------------------- 42 | MUST NULL [RFC2410] (1) 43 | MUST AES-CBC with 128-bit keys [RFC3602] 44 | MUST- TripleDES-CBC [RFC2451] 45 | SHOULD AES-CTR [RFC3686] 46 | SHOULD NOT DES-CBC [RFC2405] (2) 47 | 48 | 49 | Requirement Authentication Algorithm (notes) 50 | ----------- ----------------------------- 51 | MUST HMAC-SHA1-96 [RFC2404] (3) 52 | SHOULD+ AES-XCBC-MAC-96 [RFC3566] 53 | MAY NULL (1) 54 | MAY HMAC-MD5-96 [RFC2403] (4) 55 | */ 56 | 57 | /* Authentication algorithms */ 58 | 59 | auth_method_t any512 = { .name = "any512", .openssl_auth = NULL, .len = 512/8, .next = NULL }; 60 | auth_method_t any384 = { .name = "any384", .openssl_auth = NULL, .len = 384/8, .next = &any512 }; 61 | auth_method_t any256 = { .name = "any256", .openssl_auth = NULL, .len = 256/8, .next = &any384 }; 62 | auth_method_t any192 = { .name = "any192", .openssl_auth = NULL, .len = 192/8, .next = &any256 }; 63 | auth_method_t any160 = { .name = "any160", .openssl_auth = NULL, .len = 160/8, .next = &any192 }; 64 | auth_method_t any128 = { .name = "any128", .openssl_auth = NULL, .len = 96/8, .next = &any160 }; 65 | auth_method_t any96 = { .name = "any96", .openssl_auth = NULL, .len = 96/8, .next = &any128 }; 66 | auth_method_t aes_xcbc_mac_96 = { .name = "aes_xcbc_mac-96", .openssl_auth = NULL, .len = 96/8, .next = &any96 }; 67 | auth_method_t hmac_md5_96 = { .name = "hmac_md5-96", .openssl_auth = NULL, .len = 96/8, .next = &aes_xcbc_mac_96 }; 68 | auth_method_t hmac_sha_1_96 = { .name = "hmac_sha1-96", .openssl_auth = NULL, .len = 96/8, .next = &hmac_md5_96 }; 69 | auth_method_t null_auth = { .name = "null_auth", .openssl_auth = NULL, .len = 8/8, .next = &hmac_sha_1_96 }; 70 | 71 | // Linked list, point to first element 72 | auth_method_t *auth_method_list = &null_auth; 73 | 74 | /* Encryption algorithms */ 75 | 76 | crypt_method_t null_enc = { .name = "null_enc", .openssl_cipher = NULL, .next = NULL}; 77 | crypt_method_t aes_256_cbc = { .name = "aes256-cbc", .openssl_cipher = "aes-256-cbc", .next = &null_enc}; 78 | crypt_method_t aes_192_cbc = { .name = "aes192-cbc", .openssl_cipher = "aes-192-cbc", .next = &aes_256_cbc}; 79 | crypt_method_t aes_128_cbc = { .name = "aes128-cbc", .openssl_cipher = "aes-128-cbc", .next = &aes_192_cbc}; 80 | crypt_method_t aes_128_ctr = { .name = "aes128-ctr", .openssl_cipher = "aes-128-ctr", .next = &aes_128_cbc}; 81 | crypt_method_t tripledes_cbc = { .name = "3des-cbc", .openssl_cipher = "des-ede3-cbc", .next = &aes_128_ctr}; 82 | crypt_method_t des_cbc = { .name = "des-cbc", .openssl_cipher = "des-cbc", .next = &tripledes_cbc}; 83 | 84 | 85 | // Linked list, point to first element 86 | crypt_method_t *crypt_method_list = &des_cbc; 87 | 88 | /** @brief Cleanup allocated ESP flows configuration during file parsing (makes valgrind happy) 89 | */ 90 | void esp_flows_cleanup() { 91 | 92 | llflow_t *f, *tmp; 93 | f = flow_head; 94 | 95 | while (f != NULL) { 96 | tmp = f; 97 | f = f->next; 98 | free(tmp->crypt_name); 99 | free(tmp->auth_name); 100 | free(tmp->key); 101 | 102 | free(tmp); 103 | } 104 | } 105 | 106 | /** @brief Add to the linked list flow_head this ESP flow, 107 | * read from configuration file by parse_esp_conf 108 | * @param ip_src source IP 109 | * @param ip_dst destination IP 110 | * @param crypt_name name of the encryption algorithm 111 | * @param auth_name name of the authentication algorithm 112 | * @param key algorithm shared key 113 | * @param spi Security Parameters Index 114 | * 115 | */ 116 | int esp_add_flow(char *ip_src, char *ip_dst, char *crypt_name, char *auth_name, char *key, char *spi) { 117 | 118 | unsigned char *dec_key = NULL; 119 | unsigned char *dec_spi = NULL; 120 | llflow_t *flow = NULL; 121 | llflow_t *ptr = NULL; 122 | crypt_method_t *cm = NULL; 123 | auth_method_t *am = NULL; 124 | char *endptr = NULL; /* for strtol */ 125 | 126 | MALLOC(flow, 1, llflow_t); 127 | 128 | flow->next = NULL; 129 | 130 | debug_print("\tadd_flow() src:%s dst:%s crypt:%s auth:%s spi:%s\n", 131 | ip_src, ip_dst, crypt_name, auth_name, spi); 132 | 133 | if ((cm = esp_find_crypt_method(crypt_name)) == NULL) 134 | err(1, "%s: Cannot find encryption method: %s, please check supported algorithms\n", 135 | global_args.esp_config_file, crypt_name); 136 | else 137 | flow->crypt_method = cm; 138 | 139 | if ((am = esp_find_auth_method(auth_name)) == NULL) 140 | err(1, "%s: Cannot find authentification method: %s, please check supported algorithms\n", 141 | global_args.esp_config_file, auth_name); 142 | else 143 | flow->auth_method = am; 144 | 145 | /* If non NULL encryption, check key */ 146 | if (cm->openssl_cipher != NULL) { 147 | 148 | /* Check for hex format header */ 149 | if (key[0] != '0' || (key[1] != 'x' && key[1] != 'X' ) ) { 150 | error("%s: Only hex keys are supported and must begin with 0x\n", global_args.esp_config_file); 151 | } 152 | else 153 | key += 2; /* Skip '0x' */ 154 | 155 | /* Check key length */ 156 | if (strlen(key) > MY_MAX_KEY_LENGTH) { 157 | error("%s: Key is too long : %lu > %i - %s\n", 158 | global_args.esp_config_file, 159 | strlen(key), 160 | MY_MAX_KEY_LENGTH, 161 | key 162 | ); 163 | } 164 | 165 | /* Convert key to decimal format */ 166 | if ((dec_key = str2dec(key, MY_MAX_KEY_LENGTH)) == NULL) 167 | err(1, "Cannot convert key to decimal format: %s\n", key); 168 | 169 | } else { 170 | dec_key = NULL; 171 | } 172 | 173 | if (spi[0] != '0' || (spi[1] != 'x' && spi[1] != 'X' ) ) { 174 | error("%s: Only hex SPIs are supported and must begin with 0x\n", global_args.esp_config_file); 175 | } 176 | else 177 | spi += 2; /* Skip '0x' */ 178 | 179 | if ((dec_spi = str2dec(spi, ESP_SPI_LEN)) == NULL) 180 | err(1, "%s: Cannot convert spi to decimal format\n", global_args.esp_config_file); 181 | 182 | if (inet_pton(AF_INET, ip_src, &(flow->addr_src)) != 1 183 | || inet_pton(AF_INET, ip_dst, &(flow->addr_dst)) != 1) { 184 | error("%s: Cannot convert ip address\n", global_args.esp_config_file); 185 | } 186 | 187 | errno = 0; 188 | flow->spi = strtol(spi, &endptr, 16); 189 | 190 | /* Check for conversion errors */ 191 | if (errno == ERANGE) { 192 | error("%s: Cannot convert spi (strtol: %s)\n", 193 | global_args.esp_config_file, 194 | strerror(errno)); 195 | } 196 | 197 | if (endptr == spi) { 198 | error("%s: Cannot convert spi (strtol: %s)\n", 199 | global_args.esp_config_file, 200 | strerror(errno)); 201 | } 202 | 203 | flow->crypt_name = strdup(crypt_name); 204 | flow->auth_name = strdup(auth_name); 205 | flow->key = dec_key; 206 | 207 | EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); 208 | EVP_CIPHER_CTX_init(ctx); 209 | flow->ctx = ctx; 210 | 211 | /* Adding to linked list */ 212 | if (flow_head == NULL) { 213 | flow_head = flow; 214 | flow_head->next = NULL; 215 | } else { 216 | ptr = flow_head; 217 | while(ptr->next != NULL) 218 | ptr = ptr->next; 219 | ptr->next = flow; 220 | } 221 | 222 | free(dec_spi); 223 | return 0; 224 | } 225 | 226 | /** @brief Try to find an ESP configuration to decrypt the flow between ip_src and ip_dst 227 | * @param ip_src source IP 228 | * @param ip_dst destination IP 229 | * @param spi Security Parameters Index 230 | * 231 | */ 232 | struct llflow_t * esp_find_flow(char *ip_src, char *ip_dst, u_int32_t spi) { 233 | 234 | struct llflow_t *f = NULL; 235 | char src_txt[INET_ADDRSTRLEN]; 236 | char dst_txt[INET_ADDRSTRLEN]; 237 | 238 | debug_print("find_flow() need:: ip_src:%s ip_dst:%s spi:%02x\n", ip_src, ip_dst, spi); 239 | 240 | f = flow_head; 241 | 242 | while(f != NULL) { 243 | 244 | if (inet_ntop(AF_INET, &(f->addr_src), 245 | src_txt, INET_ADDRSTRLEN) == NULL) 246 | error("Cannot convert source IP adddress - inet_ntop() err"); 247 | 248 | if (inet_ntop(AF_INET, &(f->addr_dst), 249 | dst_txt, INET_ADDRSTRLEN) == NULL) 250 | error("inet_ntop() err"); 251 | 252 | if (strcmp(ip_src, src_txt) == 0) { 253 | if (strcmp(ip_dst, dst_txt) == 0) { 254 | if (f->spi == ntohl(spi)) { 255 | debug_print("find_flow() found match:: src:%s dst:%s spi:%x\n", src_txt, dst_txt, ntohl(f->spi)); 256 | return f; 257 | } 258 | } 259 | } 260 | f = f->next; 261 | } 262 | return NULL; 263 | } 264 | 265 | 266 | /** @brief Print known ESP flows, read from the ESP confguration file 267 | */ 268 | void esp_dump_flows() { 269 | 270 | char src[INET_ADDRSTRLEN]; 271 | char dst[INET_ADDRSTRLEN]; 272 | struct llflow_t *e = NULL; 273 | 274 | e = flow_head; 275 | 276 | while(e != NULL) { 277 | if (inet_ntop(AF_INET, &(e->addr_src), src, INET_ADDRSTRLEN) == NULL 278 | || inet_ntop(AF_INET, &(e->addr_dst), dst, INET_ADDRSTRLEN) == NULL) { 279 | free(e); 280 | error("Cannot convert ip"); 281 | } 282 | 283 | printf("dump_flows: src:%s dst:%s crypt:%s auth:%s spi:%lx\n", 284 | src, dst, e->crypt_name, e->auth_name, (long unsigned int) e->spi); 285 | 286 | dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(e->ctx), 0); 287 | printf("\n"); 288 | 289 | e = e->next; 290 | } 291 | } 292 | 293 | /** @brief Find the corresponding crypt_method_t from its name 294 | * @param crypt_name plaintext name of the encryption algorithm 295 | * @return matching struct crypt_method_t, NULL if none found 296 | */ 297 | struct crypt_method_t * esp_find_crypt_method(char *crypt_name) { 298 | 299 | int rc; 300 | struct crypt_method_t *cm = NULL; 301 | 302 | cm = crypt_method_list; 303 | 304 | while(cm != NULL) { 305 | rc = strcmp(crypt_name, cm->name); 306 | if (rc == 0) { 307 | return cm; 308 | } 309 | cm = cm->next; 310 | } 311 | return NULL; 312 | } 313 | 314 | /** @brief Find the corresponding auth_method_t from its name 315 | * @param auth_name plaintext name of the authentication algorithm 316 | * @return matching struct auth_method_t, NULL if none found 317 | */ 318 | struct auth_method_t * esp_find_auth_method(char *auth_name) { 319 | 320 | int rc; 321 | struct auth_method_t *am = NULL; 322 | 323 | am = auth_method_list; 324 | 325 | while(am != NULL) { 326 | rc = strcmp(auth_name, am->name); 327 | if (rc == 0) { 328 | return am; 329 | } 330 | am = am->next; 331 | } 332 | return NULL; 333 | } 334 | 335 | /** @brief Print supported ESP algorithms 336 | */ 337 | void print_algorithms() { 338 | 339 | printf("Supported ESP algorithms:\n" 340 | "\n" 341 | "\tEncryption:\n" 342 | "\n" 343 | "\t\tdes-cbc (rfc2405)\n" 344 | "\t\t3des-cbc (rfc2451)\n" 345 | "\t\taes128-cbc aes192-cbc aes256-cbc (rfc3602)\n" 346 | "\t\taes128-ctr (rfc3686)\n" 347 | "\t\tnull_enc (rfc2410)\n" 348 | "\n" 349 | "\tAuthentication (not yet checked):\n" 350 | "\n" 351 | "\t\thmac_md5-96 (rfc2403)\n" 352 | "\t\thmac_sha1-96 (rfc2404)\n" 353 | "\t\taes_xcbc_mac-96 (rfc3566)\n" 354 | "\t\tnull_auth (rfc2410)\n" 355 | "\t\tany96 any128 any160 any192 any256 any384 any512\n" 356 | "\n" 357 | ); 358 | 359 | } 360 | 361 | /** @brief Parse the ipdecap ESP configuration file 362 | * @param filename path of the file with the ESP configuration for decapsulation 363 | * @return 0 on success, 1 on failure 364 | */ 365 | int parse_esp_conf(char *filename) { 366 | 367 | const char delimiters[] = " \t"; 368 | char buffer[CONF_BUFFER_SIZE]; 369 | char *copy = NULL; 370 | char *src = NULL; 371 | char *dst = NULL; 372 | char *crypt = NULL; 373 | char *auth = NULL; 374 | char *spi = NULL; 375 | char *key = NULL; 376 | int line = 0; 377 | FILE *conf; 378 | 379 | conf = fopen(filename, "r"); 380 | if (conf == NULL ) 381 | return -1; 382 | 383 | while (fgets(buffer, CONF_BUFFER_SIZE, conf) != NULL) { 384 | 385 | line++; 386 | copy = strdup(buffer); 387 | 388 | /* Empty line */ 389 | if (strlen(copy) == 1) 390 | continue; 391 | 392 | /* Commented line */ 393 | if (copy[0] == '#') 394 | continue; 395 | 396 | /* Remove new line character */ 397 | copy[strcspn(copy, "\n")] = '\0'; 398 | 399 | if ((src = strtok(copy, delimiters)) == NULL) 400 | error("Cannot parse line %i in %s, missing column ?\n\t--> %s\n", line, filename, buffer); 401 | 402 | if ((dst = strtok(NULL, delimiters)) == NULL) 403 | error("Cannot parse line %i in %s, missing column ?\n\t--> %s\n", line, filename, buffer); 404 | 405 | if ((crypt = strtok(NULL, delimiters)) == NULL) 406 | error("Cannot parse line %i in %s, missing column ?\n\t--> %s\n", line, filename, buffer); 407 | 408 | if ((auth = strtok(NULL, delimiters)) == NULL) 409 | error("Cannot parse line %i in %s, missing column ?\n\t--> %s\n", line, filename, buffer); 410 | 411 | if ((key = strtok(NULL, delimiters)) == NULL) 412 | error("Cannot parse line %i in %s, missing column ?\n\t--> %s\n", line, filename, buffer); 413 | 414 | if ((spi = strtok(NULL, delimiters)) == NULL) 415 | error("Cannot parse line %i in %s, missing column ?\n\t--> %s\n", line, filename, buffer); 416 | 417 | debug_print("parse_esp_conf() src:%s dst:%s crypt:%s auth:%s key:%s spi:%s\n", 418 | src, dst, crypt, auth, key, spi); 419 | 420 | esp_add_flow(src, dst, crypt, auth, key, spi); 421 | free(copy); 422 | } 423 | 424 | fclose(conf); 425 | return 0; 426 | } 427 | 428 | /** @brief Decapsulate an ESP packet: 429 | * - try to find a matching ESP configuration entry (ip, spi, algorithms) 430 | * - decrypt packet with the configuration found 431 | * @param in_payload payload of input packet 432 | * @param in_payload_len length on input packet payload 433 | * @param out_pkthdr new packet header 434 | * @param out_payload new packed payload 435 | */ 436 | void process_esp_packet(u_char const *in_payload, const int in_payload_len, pcap_hdr *out_pkthdr, u_char *out_payload) { 437 | 438 | const u_char *payload_src = NULL; 439 | u_char *payload_dst = NULL; 440 | const struct ip *ip_hdr = NULL; 441 | esp_packet_t esp_packet; 442 | char ip_src[INET_ADDRSTRLEN+1]; 443 | char ip_dst[INET_ADDRSTRLEN+1]; 444 | llflow_t *flow = NULL; 445 | EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); 446 | const EVP_CIPHER *cipher = NULL; 447 | int packet_size, rc, len, remaining; 448 | int ivlen; 449 | 450 | /* TODO: memset sur new_packet_payload */ 451 | payload_src = in_payload; 452 | payload_dst = out_payload; 453 | 454 | /* Copy ethernet header */ 455 | memcpy(payload_dst, payload_src, sizeof(struct ether_header)); 456 | payload_src += sizeof(struct ether_header); 457 | payload_dst += sizeof(struct ether_header); 458 | packet_size = sizeof(struct ether_header); 459 | 460 | /* Read encapsulating IP header to find offset to ESP header */ 461 | ip_hdr = (const struct ip *) payload_src; 462 | payload_src += (ip_hdr->ip_hl *4); 463 | 464 | /* Read ESP fields */ 465 | memcpy(&esp_packet.spi, payload_src, member_size(esp_packet_t, spi)); 466 | payload_src += member_size(esp_packet_t, spi); 467 | memcpy(&esp_packet.seq, payload_src, member_size(esp_packet_t, seq)); 468 | payload_src += member_size(esp_packet_t, seq); 469 | 470 | /* Extract dst/src IP */ 471 | if (inet_ntop(AF_INET, &(ip_hdr->ip_src), 472 | ip_src, INET_ADDRSTRLEN) == NULL) 473 | error("Cannot convert source ip address for ESP packet\n"); 474 | 475 | if (inet_ntop(AF_INET, &(ip_hdr->ip_dst), 476 | ip_dst, INET_ADDRSTRLEN) == NULL) 477 | error("Cannot convert destination ip address for ESP packet\n"); 478 | 479 | /* Find encryption configuration used */ 480 | flow = esp_find_flow(ip_src, ip_dst, esp_packet.spi); 481 | 482 | if (flow == NULL) { 483 | verbose("No suitable flow configuration found for src:%s dst:%s spi: %lx copying raw packet\n", 484 | ip_src, ip_dst, esp_packet.spi); 485 | process_nonip_packet(in_payload, in_payload_len, out_pkthdr, out_payload); 486 | return; 487 | 488 | } else { 489 | debug_print("Found flow configuration src:%s dst:%s crypt:%s auth:%s spi: %lx\n", 490 | ip_src, ip_dst, flow->crypt_name, flow->auth_name, (long unsigned) flow->spi); 491 | } 492 | 493 | /* Differences between (null) encryption algorithms and others algorithms start here */ 494 | if (flow->crypt_method->openssl_cipher == NULL) { 495 | 496 | remaining = ntohs(ip_hdr->ip_len) 497 | - ip_hdr->ip_hl*4 498 | - member_size(esp_packet_t, spi) 499 | - member_size(esp_packet_t, seq); 500 | 501 | /* If non null authentication, discard authentication data */ 502 | if (flow->auth_method->openssl_auth == NULL) { 503 | remaining -= flow->auth_method->len; 504 | } 505 | 506 | u_char *pad_len = ((u_char *)payload_src + remaining -2); 507 | 508 | remaining = remaining 509 | - member_size(esp_packet_t, pad_len) 510 | - member_size(esp_packet_t, next_header) 511 | - *pad_len; 512 | 513 | packet_size += remaining; 514 | 515 | memcpy(payload_dst, payload_src, remaining); 516 | out_pkthdr->len = packet_size; 517 | 518 | } else { 519 | 520 | if ((cipher = EVP_get_cipherbyname(flow->crypt_method->openssl_cipher)) == NULL) 521 | error("Cannot find cipher %s - EVP_get_cipherbyname() err", flow->crypt_method->openssl_cipher); 522 | 523 | EVP_CIPHER_CTX_init(ctx); 524 | 525 | /* Copy initialization vector */ 526 | ivlen = EVP_CIPHER_iv_length(cipher); 527 | memset(&esp_packet.iv, 0, EVP_MAX_IV_LENGTH); 528 | memcpy(&esp_packet.iv, payload_src, ivlen); 529 | payload_src += ivlen; 530 | 531 | rc = EVP_DecryptInit_ex(ctx, cipher,NULL, flow->key, esp_packet.iv); 532 | if (rc != 1) { 533 | error("Error during the initialization of crypto system. Please report this bug with your .pcap file"); 534 | } 535 | 536 | /* ESP payload length to decrypt */ 537 | remaining = ntohs(ip_hdr->ip_len) 538 | - ip_hdr->ip_hl*4 539 | - member_size(esp_packet_t, spi) 540 | - member_size(esp_packet_t, seq) 541 | - ivlen; 542 | 543 | /* If non null authentication, discard authentication data */ 544 | if (flow->auth_method->openssl_auth == NULL) { 545 | remaining -= flow->auth_method->len; 546 | } 547 | 548 | /* Do the decryption work */ 549 | rc = EVP_DecryptUpdate(ctx, payload_dst, &len, payload_src, remaining); 550 | packet_size += len; 551 | 552 | if (rc != 1) { 553 | verbose("Warning: cannot decrypt packet with EVP_DecryptUpdate(). Corrupted ? Cipher is %s, copying raw packet...\n", 554 | flow->crypt_method->openssl_cipher); 555 | process_nonip_packet(in_payload, in_payload_len, out_pkthdr, out_payload); 556 | return; 557 | } 558 | 559 | EVP_DecryptFinal_ex(ctx, payload_dst+len, &len); 560 | packet_size += len; 561 | 562 | /* http://www.mail-archive.com/openssl-users@openssl.org/msg23435.html */ 563 | packet_size +=EVP_CIPHER_CTX_block_size(ctx); 564 | 565 | u_char *pad_len = (out_payload + packet_size -2); 566 | 567 | /* Detect obviously badly decrypted packet */ 568 | if (*pad_len >= EVP_CIPHER_CTX_block_size(ctx)) { 569 | verbose("Warning: invalid pad_len field, wrong encryption key ? copying raw packet...\n"); 570 | process_nonip_packet(in_payload, in_payload_len, out_pkthdr, out_payload); 571 | return; 572 | } 573 | 574 | /* Remove next protocol, pad len fields and padding */ 575 | packet_size = packet_size 576 | - member_size(esp_packet_t, pad_len) 577 | - member_size(esp_packet_t, next_header) 578 | - *pad_len; 579 | 580 | out_pkthdr->len = packet_size; 581 | 582 | EVP_CIPHER_CTX_cleanup(ctx); 583 | 584 | } /* flow->crypt_method->openssl_cipher == NULL */ 585 | 586 | } 587 | -------------------------------------------------------------------------------- /src/esp.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2012-2018 Loïc Pefferkorn 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | #include 22 | #include // for struct sockaddr 23 | #include // for struct sockaddr_in 24 | #include 25 | #include "utils.h" 26 | #pragma once 27 | 28 | /* I used previously OpenSSL EVP_MAX_KEY_LENGTH, 29 | * but it has changed between OpenSSL 1.0.1 and 1.1.0 versions. 30 | */ 31 | #define MY_MAX_KEY_LENGTH 64 32 | 33 | #define CONF_BUFFER_SIZE 1024 34 | 35 | 36 | int parse_esp_conf(char *filename); 37 | void process_esp_packet(const u_char *payload, const int payload_len, pcap_hdr *new_packet_hdr, u_char *new_packet_payload); 38 | int esp_add_flow(char *ip_src, char *ip_dst, char *crypt_name, char *auth_name, char *key, char *spi); 39 | void esp_dump_flows(void); 40 | void esp_flows_cleanup(void); 41 | void print_algorithms(void); 42 | struct llflow_t * esp_find_flow(char *ip_src, char *ip_dst, u_int32_t spi); 43 | struct crypt_method_t * esp_find_crypt_method(char *crypt_name); 44 | struct auth_method_t * esp_find_auth_method(char *auth_name); 45 | 46 | typedef struct sockaddr_storage sa_sto; 47 | 48 | typedef union address { 49 | struct sockaddr sa; 50 | struct sockaddr_in sa_in; 51 | struct sockaddr_in6 sa_in6; 52 | struct sockaddr_storage sa_sto; 53 | } address_t; 54 | 55 | #define ESP_SPI_LEN 8 56 | 57 | typedef struct esp_packet_t { 58 | u_int32_t spi; 59 | u_int32_t seq; 60 | u_char iv[EVP_MAX_IV_LENGTH]; 61 | u_int8_t pad_len; 62 | u_int8_t next_header; 63 | } __attribute__ ((__packed__)) esp_packet_t; 64 | 65 | // ESP encryption methods 66 | typedef struct crypt_method_t { 67 | char *name; // Name used in ESP configuration file 68 | char *openssl_cipher; // OpenSSL internal name 69 | struct crypt_method_t *next; 70 | } crypt_method_t; 71 | 72 | // ESP authentication methods 73 | typedef struct auth_method_t { 74 | char *name; // Name used in ESP configuration file 75 | char *openssl_auth; // OpenSSL internal name, not yet used (no verification made) 76 | int len; // Digest bytes length 77 | struct auth_method_t *next; 78 | } auth_method_t; 79 | 80 | // Roughly a line of the ESP configuration file, plus internals pointers 81 | typedef struct llflow_t { 82 | address_t addr_src; 83 | address_t addr_dst; 84 | EVP_CIPHER_CTX *ctx; 85 | unsigned char *key; 86 | u_int32_t spi; 87 | char *crypt_name; 88 | char *auth_name; 89 | crypt_method_t *crypt_method; 90 | auth_method_t *auth_method; 91 | struct llflow_t *next; 92 | } llflow_t; 93 | 94 | -------------------------------------------------------------------------------- /src/gre.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2012-2018 Loïc Pefferkorn 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | // http://tools.ietf.org/html/rfc1701 22 | 23 | struct grehdr { 24 | u_int16_t flags; 25 | u_int16_t next_protocol; 26 | } __attribute((packed)); 27 | 28 | 29 | #define GRE_CHECKSUM 0x8000 30 | #define GRE_ROUTING 0x4000 31 | #define GRE_KEY 0x2000 32 | #define GRE_SEQ 0x1000 33 | #define GRE_SSRCR 0x0800 34 | -------------------------------------------------------------------------------- /src/ipdecap.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2012-2018 Loïc Pefferkorn 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | #include // for warnx 22 | #include // for getopt_long, optarg, required_argument 23 | #include // for u_char, u_int16_t 24 | #include // for ether_header, ether_addr, ETHERTYPE_IP 25 | #include // for ntohs, htons, IPPROTO_ESP, IPPROTO_GRE 26 | #include // for ip 27 | #include // for EVP_cleanup, OpenSSL_add_all_algorithms 28 | #include // for bpf_program 29 | #include // for DLT_EN10MB 30 | #include // for pcap_pkthdr, pcap_dump, pcap_close, pcap_c... 31 | #include // for VLAN_TAG_LEN 32 | #include // for NULL, printf 33 | #include // for free, exit, EXIT_FAILURE, EXIT_SUCCESS 34 | #include // for memcpy, memset, strcmp 35 | #include "esp.h" // for flows_cleanup, parse_esp_conf, print_algor... 36 | #include "gre.h" // for grehdr, GRE_CHECKSUM, GRE_KEY, GRE_ROUTING 37 | #include "config.h" 38 | #include "utils.h" // for global_args_t, verbose, debug_print, pcap_hdr 39 | #include "ipdecap.h" 40 | #include // for uint16_t 41 | 42 | /* Command line parameters */ 43 | static const char *args_str = "vi:o:c:f:Vl"; 44 | 45 | static const struct option args_long[] = { 46 | { "input", required_argument, NULL, 'i'}, 47 | { "output", required_argument, NULL, 'o'}, 48 | { "esp_config", required_argument, NULL, 'c'}, 49 | { "filter", required_argument, NULL, 'f'}, 50 | { "list", no_argument, NULL, 'l'}, 51 | { "verbose", no_argument, NULL, 'v'}, 52 | { "version", no_argument, NULL, 'V'}, 53 | { NULL, 0, NULL, 0} 54 | 55 | }; 56 | 57 | /* Global variables */ 58 | pcap_dumper_t *pcap_dumper; 59 | int ignore_esp; 60 | global_args_t global_args; 61 | 62 | /** @brief Print command line usage help 63 | */ 64 | void usage(void) { 65 | printf("Ipdecap %s, decapsulate ESP, GRE, IPIP packets - Loic Pefferkorn\n", PACKAGE_VERSION); 66 | printf( 67 | "Usage\n" 68 | " ipdecap [-v] [-l] [-V] -i input.cap -o output.cap [-c esp.conf] [-f ] \n" 69 | "Options:\n" 70 | " -c, --conf configuration file for ESP parameters (IP addresses, algorithms, ... (see man ipdecap)\n" 71 | " -h, --help this help message\n" 72 | " -i, --input pcap file to process\n" 73 | " -o, --output pcap file with decapsulated data\n" 74 | " -f, --filter only process packets matching the bpf filter\n" 75 | " -l, --list list availables ESP encryption and authentication algorithms\n" 76 | " -V, --version print version\n" 77 | " -v, --verbose verbose\n" 78 | "\n"); 79 | } 80 | 81 | /** @brief Print ipdecap version 82 | */ 83 | void print_version() { 84 | printf("Ipdecap %s\n", PACKAGE_VERSION); 85 | } 86 | 87 | /** @brief Parse command line parameters 88 | */ 89 | void parse_options(int argc, char **argv) { 90 | 91 | int opt = 0; 92 | int opt_index = 0; 93 | 94 | // Init parameters to default values 95 | global_args.esp_config_file = NULL; 96 | global_args.input_file = NULL; 97 | global_args.output_file = NULL; 98 | global_args.bpf_filter = NULL; 99 | global_args.verbose = false; 100 | global_args.list_algo = false; 101 | 102 | opt = getopt_long(argc, argv, args_str, args_long, &opt_index); 103 | while(opt != -1) { 104 | switch(opt) { 105 | case 'i': 106 | global_args.input_file = optarg; 107 | break; 108 | case 'o': 109 | global_args.output_file = optarg; 110 | break; 111 | case 'c': 112 | global_args.esp_config_file = optarg; 113 | break; 114 | case 'f': 115 | global_args.bpf_filter = optarg; 116 | break; 117 | case 'l': 118 | global_args.list_algo = true; 119 | break; 120 | case 'v': 121 | global_args.verbose = true; 122 | break; 123 | case 'V': 124 | print_version(); 125 | exit(EXIT_SUCCESS); 126 | case 'h': 127 | case '?': 128 | usage(); 129 | exit(EXIT_FAILURE); 130 | break; 131 | case 0: 132 | if (strcmp("verbose", args_long[opt_index].name) == 0) { 133 | global_args.verbose = true; 134 | } 135 | break; 136 | 137 | default: 138 | break; 139 | } 140 | opt = getopt_long(argc, argv, args_str, args_long, &opt_index); 141 | } 142 | } 143 | 144 | /** @brief Remove IEEE 802.1Q header (virtual lan) 145 | * @param in_payload input packet payload 146 | * @param in_payload_len len of input packet payload 147 | * @param out_pkthdr new packet header 148 | * @param out_payload new packet payload 149 | * @return 0 on success, -1 on error 150 | */ 151 | int remove_ieee8021q_header(const u_char *in_payload, const int in_payload_len, pcap_hdr *out_pkthdr, u_char *out_payload) { 152 | 153 | u_char *payload_dst = NULL; 154 | u_char *payload_src = NULL; 155 | int how_much_to_copy = 0; 156 | 157 | /* Pointer used to shift through source packet bytes */ 158 | payload_src = (u_char *) in_payload; 159 | payload_dst = out_payload; 160 | 161 | /* Copy ethernet src and dst */ 162 | memcpy(payload_dst, payload_src, 2*sizeof(struct ether_addr)); 163 | payload_src += 2*sizeof(struct ether_addr); 164 | payload_dst += 2*sizeof(struct ether_addr); 165 | 166 | /* Skip ieee 802.1q bytes */ 167 | payload_src += VLAN_TAG_LEN; 168 | 169 | /* Check for invalid payload_len (malformed file) */ 170 | how_much_to_copy = in_payload_len - 2*sizeof(struct ether_addr) - VLAN_TAG_LEN; 171 | if (how_much_to_copy < 1) { 172 | debug_print("Invalid payload_len for ieee8021q header:(%d) expected >1\n", how_much_to_copy); 173 | return -1; 174 | } 175 | memcpy(payload_dst, payload_src, how_much_to_copy); 176 | 177 | /* TODO: Should I check for minimum frame size, even if most drivers don't supply FCS (4 bytes) ? */ 178 | out_pkthdr->len = in_payload_len - VLAN_TAG_LEN; 179 | out_pkthdr->caplen = in_payload_len - VLAN_TAG_LEN; 180 | 181 | return 0; 182 | } 183 | 184 | /** @brief Simple copy of non-IP packet 185 | * @param in_payload input packet payload 186 | * @param in_payload_len len of input packet payload 187 | * @param out_pkthdr new packet header 188 | * @param out_payload new packet payload 189 | */ 190 | void process_nonip_packet(const u_char *in_payload, const int in_payload_len, pcap_hdr *out_pkthdr, u_char *out_payload) { 191 | 192 | /* Copy full packet */ 193 | memcpy(out_payload, in_payload, in_payload_len); 194 | out_pkthdr->len = in_payload_len; 195 | } 196 | 197 | /** @brief Remove IPIP encapsulation 198 | * @param in_payload input packet payload 199 | * @param out_pkthdr new packet header 200 | * @param out_payload new packet payload 201 | * @return 0 on success, -1 on error 202 | */ 203 | int process_ipip_packet(const u_char *in_payload, pcap_hdr *out_pkthdr, u_char *out_payload) { 204 | 205 | int packet_size = 0; 206 | const u_char *payload_src = NULL; 207 | u_char *payload_dst = NULL; 208 | const struct ip *ip_hdr = NULL; 209 | int ip_hl = 0; 210 | 211 | payload_src = in_payload; 212 | payload_dst = out_payload; 213 | 214 | /* Copy ethernet header */ 215 | memcpy(payload_dst, payload_src, sizeof(struct ether_header)); 216 | payload_src += sizeof(struct ether_header); 217 | payload_dst += sizeof(struct ether_header); 218 | packet_size = sizeof(struct ether_header); 219 | 220 | /* Read encapsulating IP header to find offset to encapsulated IP packet */ 221 | ip_hdr = (const struct ip *) payload_src; 222 | 223 | debug_print("\tIPIP: outer IP - hlen:%i iplen:%02i protocol:%02x\n", 224 | (ip_hdr->ip_hl *4), ntohs(ip_hdr->ip_len), ip_hdr->ip_p); 225 | 226 | /* Check for possible corrupted IP header as in https://tools.ietf.org/html/rfc791 */ 227 | ip_hl = ip_hdr->ip_hl; 228 | if (ip_hl < 5) { 229 | debug_print("Invalid IP header length in IPIP header: got %d expected > 5\n", ip_hl); 230 | return -1; 231 | } 232 | 233 | /* Shift to encapsulated IP header, read total length */ 234 | payload_src += ip_hl *4; 235 | ip_hdr = (const struct ip *) payload_src; 236 | 237 | debug_print("\tIPIP: inner IP - hlen:%i iplen:%02i protocol:%02x\n", 238 | (ip_hdr->ip_hl *4), ntohs(ip_hdr->ip_len), ip_hdr->ip_p); 239 | 240 | memcpy(payload_dst, payload_src, ntohs(ip_hdr->ip_len)); 241 | packet_size += ntohs(ip_hdr->ip_len); 242 | 243 | out_pkthdr->len = packet_size; 244 | return 0; 245 | } 246 | 247 | /** @brief Decapsulate an IPv6 packet encapsulated into an IPv4 packet 248 | * @param in_payload input packet payload 249 | * @param in_payload_len len of input packet payload 250 | * @param out_pkthdr new packet header 251 | * @param out_payload new packet payload 252 | */ 253 | void process_ipv6_packet(const u_char *in_payload, const int in_payload_len, pcap_hdr *out_pkthdr, u_char *out_payload) { 254 | 255 | int packet_size = 0; 256 | const u_char *payload_src = NULL; 257 | u_char *payload_dst = NULL; 258 | const struct ip *ip_hdr = NULL; 259 | uint16_t ethertype; 260 | 261 | payload_src = in_payload; 262 | payload_dst = out_payload; 263 | 264 | /* Copy src and dst ether addr */ 265 | memcpy(payload_dst, payload_src, 2*sizeof(struct ether_addr)); 266 | payload_src += 2*sizeof(struct ether_addr); 267 | payload_dst += 2*sizeof(struct ether_addr); 268 | 269 | /* Set ethernet type to IPv6 */ 270 | ethertype = htons(ETHERTYPE_IPV6); 271 | memcpy(payload_dst, ðertype, member_size(struct ether_header, ether_type)); 272 | payload_src += member_size(struct ether_header, ether_type); 273 | payload_dst += member_size(struct ether_header, ether_type); 274 | 275 | /* Read encapsulating IPv4 header to find header length and offset to encapsulated IPv6 packet */ 276 | ip_hdr = (const struct ip *) payload_src; 277 | 278 | packet_size = in_payload_len - (ip_hdr->ip_hl *4); 279 | 280 | debug_print("\tIPv6: outer IP - hlen:%i iplen:%02i protocol:%02x\n", 281 | (ip_hdr->ip_hl *4), ntohs(ip_hdr->ip_len), ip_hdr->ip_p); 282 | 283 | /* Shift to encapsulated IPv6 packet, then copy */ 284 | payload_src += ip_hdr->ip_hl *4; 285 | 286 | memcpy(payload_dst, payload_src, packet_size); 287 | out_pkthdr->len = packet_size; 288 | } 289 | 290 | /** @brief Remove GRE encapsulation 291 | * @param in_payload input packet payload 292 | * @param out_pkthdr new packet header 293 | * @param out_payload new packet payload 294 | */ 295 | void process_gre_packet(const u_char *in_payload, pcap_hdr *out_pkthdr, u_char *out_payload) { 296 | 297 | /*TODO: check si version == 0, 1 non supporté car pptp) */ 298 | int packet_size = 0; 299 | u_int16_t flags; 300 | const u_char *payload_src = NULL; 301 | u_char *payload_dst = NULL; 302 | const struct ip *ip_hdr = NULL; 303 | const struct grehdr *gre_hdr = NULL; 304 | 305 | payload_src = in_payload; 306 | payload_dst = out_payload; 307 | 308 | /* Copy ethernet header */ 309 | memcpy(payload_dst, payload_src, sizeof(struct ether_header)); 310 | payload_src += sizeof(struct ether_header); 311 | payload_dst += sizeof(struct ether_header); 312 | packet_size = sizeof(struct ether_header); 313 | 314 | /* Read encapsulating IP header to find offset to GRE header */ 315 | ip_hdr = (const struct ip *) payload_src; 316 | payload_src += (ip_hdr->ip_hl *4); 317 | 318 | debug_print("\tGRE: outer IP - hlen:%i iplen:%02i protocol:%02x\n", 319 | (ip_hdr->ip_hl *4), ntohs(ip_hdr->ip_len), ip_hdr->ip_p); 320 | 321 | packet_size += ntohs(ip_hdr->ip_len) - ip_hdr->ip_hl*4; 322 | 323 | /* Read GRE header to find offset to encapsulated IP packet */ 324 | gre_hdr = (const struct grehdr *) payload_src; 325 | debug_print("\tGRE - GRE header: flags:%u protocol:%u\n", gre_hdr->flags, gre_hdr->next_protocol); 326 | 327 | packet_size -= sizeof(struct grehdr); 328 | payload_src += sizeof(struct grehdr); 329 | flags = ntohs(gre_hdr->flags); 330 | 331 | if (flags & GRE_CHECKSUM || flags & GRE_ROUTING) { 332 | payload_src += 4; /* Both checksum and offset fields are present */ 333 | packet_size -= 4; 334 | } 335 | 336 | if (flags & GRE_KEY) { 337 | payload_src += 4; 338 | packet_size -= 4; 339 | } 340 | 341 | if (flags & GRE_SEQ) { 342 | payload_src += 4; 343 | packet_size -= 4; 344 | } 345 | 346 | memcpy(payload_dst, payload_src, packet_size); 347 | out_pkthdr->len = packet_size; 348 | } 349 | 350 | /** @brief For every packet, identify its encapsulation protocol 351 | * and pass it to the corresponding process_xx_packet function 352 | * for encapsulation removal 353 | * @param bpf_filter bpf filter to select packets to be processed 354 | * @param pcap_pkthdr pcap header of the packet to be processed 355 | * @param bytes pointer to packet payload 356 | */ 357 | void handle_packets(u_char *bpf_filter, const struct pcap_pkthdr *pkthdr, const u_char *bytes) { 358 | 359 | static int packet_num = 0; 360 | const struct ether_header *eth_hdr = NULL; 361 | const struct ip *ip_hdr = NULL; 362 | struct bpf_program *bpf = NULL; 363 | struct pcap_pkthdr *in_pkthdr = NULL; 364 | struct pcap_pkthdr *out_pkthdr = NULL; 365 | u_char *in_payload = NULL; 366 | u_char *out_payload = NULL; 367 | 368 | verbose("Processing packet %i\n", packet_num); 369 | 370 | /* Check if packet match bpf filter, if given */ 371 | if (bpf_filter != NULL) { 372 | bpf = (struct bpf_program *) bpf_filter; 373 | if (pcap_offline_filter(bpf, pkthdr, bytes) == 0) { 374 | verbose("Packet %i does not match bpf filter\n", packet_num); 375 | goto exit; 376 | } 377 | } 378 | 379 | MALLOC(out_pkthdr, 1, struct pcap_pkthdr); 380 | MALLOC(out_payload, 65535, u_char); 381 | memset(out_pkthdr, 0, sizeof(struct pcap_pkthdr)); 382 | memset(out_payload, 0, 65535); 383 | 384 | /* 385 | * Pointer used to shift through source packet bytes 386 | * updated when vlan header is removed 387 | * TODO: don't modify source packet 388 | */ 389 | 390 | in_pkthdr = (struct pcap_pkthdr *) pkthdr; 391 | in_payload = (u_char *) bytes; 392 | 393 | /* Copy source pcap metadata */ 394 | out_pkthdr->ts.tv_sec = in_pkthdr->ts.tv_sec; 395 | out_pkthdr->ts.tv_usec = in_pkthdr->ts.tv_usec; 396 | out_pkthdr->caplen = in_pkthdr->caplen; 397 | 398 | eth_hdr = (const struct ether_header *) in_payload; 399 | 400 | /* If IEEE 802.1Q header, remove it before further processing */ 401 | if (ntohs(eth_hdr->ether_type) == ETHERTYPE_VLAN) { 402 | debug_print("%s\n", "\tIEEE 801.1Q header\n"); 403 | if (remove_ieee8021q_header(in_payload, in_pkthdr->caplen, out_pkthdr, out_payload) != 0) { 404 | verbose("Invalid 802.1q payload length (corrupted file?), skipping packet\n"); 405 | free(out_pkthdr); 406 | free(out_payload); 407 | return; 408 | } 409 | 410 | /* Update source packet with the new one without 802.1q header */ 411 | memcpy(in_payload, out_payload, out_pkthdr->caplen); 412 | in_pkthdr->caplen = out_pkthdr->caplen; 413 | in_pkthdr->len = out_pkthdr->len; 414 | 415 | /* Re-read new ethernet type */ 416 | eth_hdr = (const struct ether_header *) in_payload; 417 | } 418 | /* ethertype = *(pkt_in_ptr + 12) << 8 | *(pkt_in_ptr+13); */ 419 | 420 | if (ntohs(eth_hdr->ether_type) != ETHERTYPE_IP) { 421 | 422 | /* Non IP packet ? Just copy */ 423 | process_nonip_packet(in_payload, in_pkthdr->caplen, out_pkthdr, out_payload); 424 | pcap_dump((u_char *)pcap_dumper, out_pkthdr, out_payload); 425 | 426 | } else { 427 | 428 | /* Find encapsulation type */ 429 | ip_hdr = (const struct ip *) (in_payload + sizeof(struct ether_header)); 430 | 431 | //debug_print("\tIP hlen:%i iplen:%02x protocol:%02x payload_len:%i\n", 432 | //(ip_hdr->ip_hl *4), ntohs(ip_hdr->ip_len), ip_hdr->ip_p, payload_len); 433 | 434 | switch (ip_hdr->ip_p) { 435 | 436 | case IPPROTO_IPIP: 437 | debug_print("%s\n", "\tIPPROTO_IPIP"); 438 | if (process_ipip_packet(in_payload, out_pkthdr, out_payload) != 0){ 439 | verbose("Invalid IPIP packet header (corrupted file?), skipping packet\n"); 440 | free(out_pkthdr); 441 | free(out_payload); 442 | return; 443 | } 444 | pcap_dump((u_char *)pcap_dumper, out_pkthdr, out_payload); 445 | break; 446 | 447 | case IPPROTO_IPV6: 448 | debug_print("%s\n", "\tIPPROTO_IPV6"); 449 | process_ipv6_packet(in_payload, in_pkthdr->caplen, out_pkthdr, out_payload); 450 | pcap_dump((u_char *)pcap_dumper, out_pkthdr, out_payload); 451 | break; 452 | 453 | case IPPROTO_GRE: 454 | debug_print("%s\n", "\tIPPROTO_GRE\n"); 455 | process_gre_packet(in_payload, out_pkthdr, out_payload); 456 | pcap_dump((u_char *)pcap_dumper, out_pkthdr, out_payload); 457 | break; 458 | 459 | case IPPROTO_ESP: 460 | debug_print("%s\n", "\tIPPROTO_ESP\n"); 461 | 462 | if (ignore_esp == 1) { 463 | verbose("Ignoring ESP packet %i\n", packet_num); 464 | free(out_pkthdr); 465 | free(out_payload); 466 | return; 467 | } 468 | 469 | process_esp_packet(in_payload, in_pkthdr->caplen, out_pkthdr, out_payload); 470 | pcap_dump((u_char *)pcap_dumper, out_pkthdr, out_payload); 471 | break; 472 | 473 | default: 474 | /* Copy not encapsulated/unknown encapsulation protocol packets, like non_ip packets */ 475 | process_nonip_packet(in_payload, in_pkthdr->caplen, out_pkthdr, out_payload); 476 | pcap_dump((u_char *)pcap_dumper, out_pkthdr, out_payload); 477 | verbose("Copying packet %i: not encapsulated/unknown encapsulation protocol\n", packet_num); 478 | 479 | } 480 | } /* if (ntohs(eth_hdr->ether_type) != ETHERTYPE_IP) */ 481 | 482 | free(out_pkthdr); 483 | free(out_payload); 484 | 485 | exit: /* Avoid several 'return' in middle of code */ 486 | packet_num++; 487 | } 488 | 489 | 490 | int main(int argc, char **argv) { 491 | 492 | char errbuf[PCAP_ERRBUF_SIZE]; 493 | pcap_t *pcap_reader = NULL; 494 | pcap_dumper = NULL; 495 | pcap_t *p = NULL; 496 | struct bpf_program *bpf = NULL; 497 | ignore_esp = 0; 498 | int rc; 499 | 500 | parse_options(argc, argv); 501 | 502 | /* Just print list of supported ESP algorithms */ 503 | if (global_args.list_algo == true) { 504 | print_algorithms(); 505 | exit(0); 506 | } 507 | 508 | verbose("Input file :\t%s\nOutput file:\t%s\nConfig file:\t%s\nBpf filter:\t%s\n", 509 | global_args.input_file, 510 | global_args.output_file, 511 | global_args.esp_config_file, 512 | global_args.bpf_filter); 513 | 514 | if (global_args.input_file == NULL || global_args.output_file == NULL) { 515 | usage(); 516 | error("Input and outfile file parameters are mandatory\n"); 517 | } 518 | 519 | pcap_reader = pcap_open_offline(global_args.input_file, errbuf); 520 | 521 | if (pcap_reader == NULL) 522 | error("Cannot open input file %s: %s", global_args.input_file, errbuf); 523 | 524 | debug_print("snaplen:%i\n", pcap_snapshot(pcap_reader)); 525 | 526 | p = pcap_open_dead(DLT_EN10MB, MAXIMUM_SNAPLEN); 527 | 528 | /* try to compile bpf filter for input packets */ 529 | if (global_args.bpf_filter != NULL) { 530 | MALLOC(bpf, 1, struct bpf_program); 531 | verbose("Using bpf filter:%s\n", global_args.bpf_filter); 532 | if (pcap_compile(p, bpf, global_args.bpf_filter, 0, PCAP_NETMASK_UNKNOWN) == -1) { 533 | error("pcap_compile() %s\n", pcap_geterr(p)); 534 | } 535 | } 536 | /* Open new output file for packets with encapsulation removed */ 537 | pcap_dumper = pcap_dump_open(p, global_args.output_file); 538 | 539 | if (pcap_dumper == NULL) 540 | error("Cannot open output file %s : %s\n", global_args.output_file, errbuf); 541 | 542 | /* Try to read ESP configuration file */ 543 | if (global_args.esp_config_file != NULL) { 544 | rc = parse_esp_conf(global_args.esp_config_file); 545 | switch(rc) { 546 | case -1: 547 | warnx("ESP config file: cannot open %s - ignoring ESP packets\n", 548 | global_args.esp_config_file); 549 | ignore_esp = 1; 550 | break; 551 | case -2: 552 | warnx("ESP config file: %s is not parsable (missing column ?) - ignoring ESP packets\n", 553 | global_args.esp_config_file); 554 | ignore_esp = 1; 555 | break; 556 | case 0: // Processing of ESP configuraton file is OK 557 | break; 558 | } 559 | } 560 | 561 | #ifdef DEBUG 562 | /* Dump ESP configuration found */ 563 | dump_flows(); 564 | #endif 565 | 566 | OpenSSL_add_all_algorithms(); 567 | 568 | /* For every packet found in the input file, call handle_packets() */ 569 | rc = pcap_dispatch(pcap_reader, 0, handle_packets, (u_char *) bpf); 570 | if (rc == -1) { /* -2 not handled since no calls to pcap_breakloop() are made */ 571 | error("Error while reading input file: %s\n", pcap_geterr(pcap_reader)); 572 | } 573 | 574 | /* Cleanup */ 575 | pcap_close(pcap_reader); 576 | pcap_close(p); 577 | pcap_dump_close(pcap_dumper); 578 | EVP_cleanup(); 579 | esp_flows_cleanup(); 580 | 581 | return 0; 582 | } 583 | -------------------------------------------------------------------------------- /src/ipdecap.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2012-2018 Loïc Pefferkorn 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | #include 22 | 23 | #define MAXIMUM_SNAPLEN 65535 24 | #define GRE_HEADERLEN 4 25 | 26 | extern struct auth_method_t *auth_method_list; 27 | 28 | void print_version(void); 29 | void copy_n_shift(u_char *ptr, u_char *dst, u_int len); 30 | void usage(void); 31 | void handle_packets(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes); 32 | 33 | int remove_ieee8021q_header(const u_char *in_payload, const int in_payload_len, pcap_hdr *out_pkthdr, u_char *out_payload); 34 | void process_nonip_packet(const u_char *payload, const int payload_len, pcap_hdr *new_packet_hdr, u_char *new_packet_payload); 35 | int process_ipip_packet(const u_char *payload, pcap_hdr *new_packet_hdr, u_char *new_packet_payload); 36 | void process_ipv6_packet(const u_char *payload, const int payload_len, pcap_hdr *new_packet_hdr, u_char *new_packet_payload); 37 | void process_gre_packet(const u_char *payload, pcap_hdr *new_packet_hdr, u_char *new_packet_payload); 38 | 39 | void parse_options(int argc, char **argv); 40 | -------------------------------------------------------------------------------- /src/tags: -------------------------------------------------------------------------------- 1 | !_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ 2 | !_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ 3 | !_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/ 4 | !_TAG_PROGRAM_NAME Exuberant Ctags // 5 | !_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/ 6 | !_TAG_PROGRAM_VERSION 5.9~svn20110310 // 7 | ACLOCAL Makefile /^ACLOCAL = ${SHELL} \/home\/loic\/ipdecap\/missing aclocal-1.15$/;" m 8 | ACLOCAL_M4 Makefile /^ACLOCAL_M4 = $(top_srcdir)\/aclocal.m4$/;" m 9 | AMTAR Makefile /^AMTAR = $${TAR-tar}$/;" m 10 | AM_CPPFLAGS Makefile /^AM_CPPFLAGS = -Wall -Wextra -Wshadow -Wstrict-prototypes -Wunreachable-code$/;" m 11 | AM_DEFAULT_VERBOSITY Makefile /^AM_DEFAULT_VERBOSITY = 1$/;" m 12 | AM_V_CC Makefile /^AM_V_CC = $(am__v_CC_$(V))$/;" m 13 | AM_V_CCLD Makefile /^AM_V_CCLD = $(am__v_CCLD_$(V))$/;" m 14 | AM_V_GEN Makefile /^AM_V_GEN = $(am__v_GEN_$(V))$/;" m 15 | AM_V_P Makefile /^AM_V_P = $(am__v_P_$(V))$/;" m 16 | AM_V_at Makefile /^AM_V_at = $(am__v_at_$(V))$/;" m 17 | AUTOCONF Makefile /^AUTOCONF = ${SHELL} \/home\/loic\/ipdecap\/missing autoconf$/;" m 18 | AUTOHEADER Makefile /^AUTOHEADER = ${SHELL} \/home\/loic\/ipdecap\/missing autoheader$/;" m 19 | AUTOMAKE Makefile /^AUTOMAKE = ${SHELL} \/home\/loic\/ipdecap\/missing automake-1.15$/;" m 20 | AWK Makefile /^AWK = mawk$/;" m 21 | CC Makefile /^CC = gcc$/;" m 22 | CCDEPMODE Makefile /^CCDEPMODE = depmode=gcc3$/;" m 23 | CCLD Makefile /^CCLD = $(CC)$/;" m 24 | CFLAGS Makefile /^CFLAGS = -g -O2$/;" m 25 | COMPILE Makefile /^COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \\$/;" m 26 | CONFIG_CLEAN_FILES Makefile /^CONFIG_CLEAN_FILES =$/;" m 27 | CONFIG_CLEAN_VPATH_FILES Makefile /^CONFIG_CLEAN_VPATH_FILES =$/;" m 28 | CONFIG_HEADER Makefile /^CONFIG_HEADER = $(top_builddir)\/config.h$/;" m 29 | CONF_BUFFER_SIZE esp.h 31;" d 30 | CPP Makefile /^CPP = gcc -E$/;" m 31 | CPPFLAGS Makefile /^CPPFLAGS = $/;" m 32 | CTAGS Makefile /^CTAGS = ctags$/;" m 33 | CYGPATH_W Makefile /^CYGPATH_W = echo$/;" m 34 | DEBUG_FLAG utils.h 49;" d 35 | DEBUG_FLAG utils.h 51;" d 36 | DEFAULT_INCLUDES Makefile /^DEFAULT_INCLUDES = -I. -I$(top_builddir)$/;" m 37 | DEFS Makefile /^DEFS = -DHAVE_CONFIG_H$/;" m 38 | DEPDIR Makefile /^DEPDIR = .deps$/;" m 39 | DISTFILES Makefile /^DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)$/;" m 40 | DIST_COMMON Makefile /^DIST_COMMON = $(srcdir)\/Makefile.am $(am__DIST_COMMON)$/;" m 41 | DIST_SOURCES Makefile /^DIST_SOURCES = $(ipdecap_SOURCES)$/;" m 42 | ECHO_C Makefile /^ECHO_C = $/;" m 43 | ECHO_N Makefile /^ECHO_N = -n$/;" m 44 | ECHO_T Makefile /^ECHO_T = $/;" m 45 | EGREP Makefile /^EGREP = \/bin\/grep -E$/;" m 46 | ESP_SPI_LEN esp.h 53;" d 47 | ETAGS Makefile /^ETAGS = etags$/;" m 48 | EXEEXT Makefile /^EXEEXT = $/;" m 49 | GREP Makefile /^GREP = \/bin\/grep$/;" m 50 | GRE_CHECKSUM gre.h 29;" d 51 | GRE_HEADERLEN ipdecap.h 24;" d 52 | GRE_KEY gre.h 31;" d 53 | GRE_ROUTING gre.h 30;" d 54 | GRE_SEQ gre.h 32;" d 55 | GRE_SSRCR gre.h 33;" d 56 | INSTALL Makefile /^INSTALL = \/usr\/bin\/install -c$/;" m 57 | INSTALL_DATA Makefile /^INSTALL_DATA = ${INSTALL} -m 644$/;" m 58 | INSTALL_HEADER Makefile /^INSTALL_HEADER = $(INSTALL_DATA)$/;" m 59 | INSTALL_PROGRAM Makefile /^INSTALL_PROGRAM = ${INSTALL}$/;" m 60 | INSTALL_SCRIPT Makefile /^INSTALL_SCRIPT = ${INSTALL}$/;" m 61 | INSTALL_STRIP_PROGRAM Makefile /^INSTALL_STRIP_PROGRAM = $(install_sh) -c -s$/;" m 62 | LDFLAGS Makefile /^LDFLAGS = $/;" m 63 | LIBOBJS Makefile /^LIBOBJS = $/;" m 64 | LIBS Makefile /^LIBS = -lcrypto -lpcap $/;" m 65 | LINK Makefile /^LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@$/;" m 66 | LTLIBOBJS Makefile /^LTLIBOBJS = $/;" m 67 | MAKEINFO Makefile /^MAKEINFO = ${SHELL} \/home\/loic\/ipdecap\/missing makeinfo$/;" m 68 | MALLOC utils.h 57;" d 69 | MAXIMUM_SNAPLEN ipdecap.h 23;" d 70 | MD5SUM Makefile /^MD5SUM = md5sum$/;" m 71 | MKDIR_P Makefile /^MKDIR_P = \/bin\/mkdir -p$/;" m 72 | MY_MAX_KEY_LENGTH esp.h 29;" d 73 | NORMAL_INSTALL Makefile /^NORMAL_INSTALL = :$/;" m 74 | NORMAL_UNINSTALL Makefile /^NORMAL_UNINSTALL = :$/;" m 75 | OBJEXT Makefile /^OBJEXT = o$/;" m 76 | PACKAGE Makefile /^PACKAGE = ipdecap$/;" m 77 | PACKAGE_BUGREPORT Makefile /^PACKAGE_BUGREPORT = loic-ipdecap@loicp.eu$/;" m 78 | PACKAGE_NAME Makefile /^PACKAGE_NAME = ipdecap$/;" m 79 | PACKAGE_STRING Makefile /^PACKAGE_STRING = ipdecap 0.7.1$/;" m 80 | PACKAGE_TARNAME Makefile /^PACKAGE_TARNAME = ipdecap$/;" m 81 | PACKAGE_URL Makefile /^PACKAGE_URL = $/;" m 82 | PACKAGE_VERSION Makefile /^PACKAGE_VERSION = 0.7.1$/;" m 83 | PATH_SEPARATOR Makefile /^PATH_SEPARATOR = :$/;" m 84 | POST_INSTALL Makefile /^POST_INSTALL = :$/;" m 85 | POST_UNINSTALL Makefile /^POST_UNINSTALL = :$/;" m 86 | PRE_INSTALL Makefile /^PRE_INSTALL = :$/;" m 87 | PRE_UNINSTALL Makefile /^PRE_UNINSTALL = :$/;" m 88 | PROGRAMS Makefile /^PROGRAMS = $(bin_PROGRAMS)$/;" m 89 | SET_MAKE Makefile /^SET_MAKE = $/;" m 90 | SHELL Makefile /^SHELL = \/bin\/bash$/;" m 91 | SOURCES Makefile /^SOURCES = $(ipdecap_SOURCES)$/;" m 92 | STRIP Makefile /^STRIP = $/;" m 93 | VERSION Makefile /^VERSION = 0.7.1$/;" m 94 | abs_builddir Makefile /^abs_builddir = \/home\/loic\/ipdecap\/src$/;" m 95 | abs_srcdir Makefile /^abs_srcdir = \/home\/loic\/ipdecap\/src$/;" m 96 | abs_top_builddir Makefile /^abs_top_builddir = \/home\/loic\/ipdecap$/;" m 97 | abs_top_srcdir Makefile /^abs_top_srcdir = \/home\/loic\/ipdecap$/;" m 98 | ac_ct_CC Makefile /^ac_ct_CC = gcc$/;" m 99 | add_flow esp.c /^int add_flow(char *ip_src, char *ip_dst, char *crypt_name, char *auth_name, char *key, char *spi) {$/;" f 100 | addr_dst esp.h /^ address_t addr_dst;$/;" m struct:llflow_t 101 | addr_src esp.h /^ address_t addr_src;$/;" m struct:llflow_t 102 | address esp.h /^typedef union address {$/;" u 103 | address_t esp.h /^} address_t;$/;" t typeref:union:address 104 | aes_128_cbc esp.c /^crypt_method_t aes_128_cbc = { .name = "aes128-cbc", .openssl_cipher = "aes-128-cbc", .next = &aes_192_cbc};$/;" v 105 | aes_128_ctr esp.c /^crypt_method_t aes_128_ctr = { .name = "aes128-ctr", .openssl_cipher = "aes-128-ctr", .next = &aes_128_cbc};$/;" v 106 | aes_192_cbc esp.c /^crypt_method_t aes_192_cbc = { .name = "aes192-cbc", .openssl_cipher = "aes-192-cbc", .next = &aes_256_cbc};$/;" v 107 | aes_256_cbc esp.c /^crypt_method_t aes_256_cbc = { .name = "aes256-cbc", .openssl_cipher = "aes-256-cbc", .next = &null_enc};$/;" v 108 | aes_xcbc_mac_96 esp.c /^auth_method_t aes_xcbc_mac_96 = { .name = "aes_xcbc_mac-96", .openssl_auth = NULL, .len = 96\/8, .next = &any96 };$/;" v 109 | am__DIST_COMMON Makefile /^am__DIST_COMMON = $(srcdir)\/Makefile.in $(top_srcdir)\/depcomp$/;" m 110 | am__aclocal_m4_deps Makefile /^am__aclocal_m4_deps = $(top_srcdir)\/configure.ac$/;" m 111 | am__can_run_installinfo Makefile /^am__can_run_installinfo = \\$/;" m 112 | am__cd Makefile /^am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd$/;" m 113 | am__configure_deps Makefile /^am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \\$/;" m 114 | am__define_uniq_tagged_files Makefile /^am__define_uniq_tagged_files = \\$/;" m 115 | am__depfiles_maybe Makefile /^am__depfiles_maybe = depfiles$/;" m 116 | am__include Makefile /^am__include = include$/;" m 117 | am__installdirs Makefile /^am__installdirs = "$(DESTDIR)$(bindir)"$/;" m 118 | am__is_gnu_make Makefile /^am__is_gnu_make = { \\$/;" m 119 | am__leading_dot Makefile /^am__leading_dot = .$/;" m 120 | am__make_dryrun Makefile /^am__make_dryrun = (target_option=n; $(am__make_running_with_option))$/;" m 121 | am__make_keepgoing Makefile /^am__make_keepgoing = (target_option=k; $(am__make_running_with_option))$/;" m 122 | am__make_running_with_option Makefile /^am__make_running_with_option = \\$/;" m 123 | am__mv Makefile /^am__mv = mv -f$/;" m 124 | am__quote Makefile /^am__quote = $/;" m 125 | am__tagged_files Makefile /^am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)$/;" m 126 | am__tar Makefile /^am__tar = $${TAR-tar} chof - "$$tardir"$/;" m 127 | am__uniquify_input Makefile /^am__uniquify_input = $(AWK) '\\$/;" m 128 | am__untar Makefile /^am__untar = $${TAR-tar} xf -$/;" m 129 | am__v_CCLD_ Makefile /^am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))$/;" m 130 | am__v_CCLD_0 Makefile /^am__v_CCLD_0 = @echo " CCLD " $@;$/;" m 131 | am__v_CCLD_1 Makefile /^am__v_CCLD_1 = $/;" m 132 | am__v_CC_ Makefile /^am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))$/;" m 133 | am__v_CC_0 Makefile /^am__v_CC_0 = @echo " CC " $@;$/;" m 134 | am__v_CC_1 Makefile /^am__v_CC_1 = $/;" m 135 | am__v_GEN_ Makefile /^am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))$/;" m 136 | am__v_GEN_0 Makefile /^am__v_GEN_0 = @echo " GEN " $@;$/;" m 137 | am__v_GEN_1 Makefile /^am__v_GEN_1 = $/;" m 138 | am__v_P_ Makefile /^am__v_P_ = $(am__v_P_$(AM_DEFAULT_VERBOSITY))$/;" m 139 | am__v_P_0 Makefile /^am__v_P_0 = false$/;" m 140 | am__v_P_1 Makefile /^am__v_P_1 = :$/;" m 141 | am__v_at_ Makefile /^am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))$/;" m 142 | am__v_at_0 Makefile /^am__v_at_0 = @$/;" m 143 | am__v_at_1 Makefile /^am__v_at_1 = $/;" m 144 | am_ipdecap_OBJECTS Makefile /^am_ipdecap_OBJECTS = ipdecap.$(OBJEXT) esp.$(OBJEXT) utils.$(OBJEXT)$/;" m 145 | any128 esp.c /^auth_method_t any128 = { .name = "any128", .openssl_auth = NULL, .len = 96\/8, .next = &any160 };$/;" v 146 | any160 esp.c /^auth_method_t any160 = { .name = "any160", .openssl_auth = NULL, .len = 160\/8, .next = &any192 };$/;" v 147 | any192 esp.c /^auth_method_t any192 = { .name = "any192", .openssl_auth = NULL, .len = 192\/8, .next = &any256 };$/;" v 148 | any256 esp.c /^auth_method_t any256 = { .name = "any256", .openssl_auth = NULL, .len = 256\/8, .next = &any384 };$/;" v 149 | any384 esp.c /^auth_method_t any384 = { .name = "any384", .openssl_auth = NULL, .len = 384\/8, .next = &any512 };$/;" v 150 | any512 esp.c /^auth_method_t any512 = { .name = "any512", .openssl_auth = NULL, .len = 512\/8, .next = NULL };$/;" v 151 | any96 esp.c /^auth_method_t any96 = { .name = "any96", .openssl_auth = NULL, .len = 96\/8, .next = &any128 };$/;" v 152 | args_long ipdecap.c /^static const struct option args_long[] = {$/;" v typeref:struct:option file: 153 | args_str ipdecap.c /^static const char *args_str = "vi:o:c:f:Vl";$/;" v file: 154 | auth_method esp.h /^ auth_method_t *auth_method;$/;" m struct:llflow_t 155 | auth_method_list esp.c /^auth_method_t *auth_method_list = &null_auth;$/;" v 156 | auth_method_t esp.h /^typedef struct auth_method_t {$/;" s 157 | auth_method_t esp.h /^} auth_method_t;$/;" t typeref:struct:auth_method_t 158 | auth_name esp.h /^ char *auth_name;$/;" m struct:llflow_t 159 | bin_PROGRAMS Makefile /^bin_PROGRAMS = ipdecap$(EXEEXT)$/;" m 160 | bindir Makefile /^bindir = ${exec_prefix}\/bin$/;" m 161 | bpf_filter utils.h /^ char *bpf_filter; \/\/ --filter option$/;" m struct:global_args_t 162 | build Makefile /^build = x86_64-pc-linux-gnu$/;" m 163 | build_alias Makefile /^build_alias = $/;" m 164 | build_cpu Makefile /^build_cpu = x86_64$/;" m 165 | build_os Makefile /^build_os = linux-gnu$/;" m 166 | build_triplet Makefile /^build_triplet = x86_64-pc-linux-gnu$/;" m 167 | build_vendor Makefile /^build_vendor = pc$/;" m 168 | builddir Makefile /^builddir = .$/;" m 169 | crypt_method esp.h /^ crypt_method_t *crypt_method;$/;" m struct:llflow_t 170 | crypt_method_list esp.c /^crypt_method_t *crypt_method_list = &des_cbc;$/;" v 171 | crypt_method_t esp.h /^typedef struct crypt_method_t {$/;" s 172 | crypt_method_t esp.h /^} crypt_method_t;$/;" t typeref:struct:crypt_method_t 173 | crypt_name esp.h /^ char *crypt_name;$/;" m struct:llflow_t 174 | ctx esp.h /^ EVP_CIPHER_CTX *ctx;$/;" m struct:llflow_t 175 | datadir Makefile /^datadir = ${datarootdir}$/;" m 176 | datarootdir Makefile /^datarootdir = ${prefix}\/share$/;" m 177 | debug_print utils.h 54;" d 178 | depcomp Makefile /^depcomp = $(SHELL) $(top_srcdir)\/depcomp$/;" m 179 | des_cbc esp.c /^crypt_method_t des_cbc = { .name = "des-cbc", .openssl_cipher = "des-cbc", .next = &tripledes_cbc};$/;" v 180 | docdir Makefile /^docdir = ${datarootdir}\/doc\/${PACKAGE_TARNAME}$/;" m 181 | dump_flows esp.c /^void dump_flows() {$/;" f 182 | dumpmem utils.c /^void dumpmem(char *prefix, const unsigned char *ptr, int size, int space) {$/;" f 183 | dvidir Makefile /^dvidir = ${docdir}$/;" m 184 | error utils.h 64;" d 185 | error utils.h 70;" d 186 | esp_config_file utils.h /^ char *esp_config_file; \/\/ --config option$/;" m struct:global_args_t 187 | esp_packet_t esp.h /^typedef struct esp_packet_t {$/;" s 188 | esp_packet_t esp.h /^} __attribute__ ((__packed__)) esp_packet_t;$/;" t typeref:struct:esp_packet_t 189 | exec_prefix Makefile /^exec_prefix = ${prefix}$/;" m 190 | find_auth_method esp.c /^struct auth_method_t * find_auth_method(char *auth_name) {$/;" f 191 | find_crypt_method esp.c /^struct crypt_method_t * find_crypt_method(char *crypt_name) {$/;" f 192 | find_flow esp.c /^struct llflow_t * find_flow(char *ip_src, char *ip_dst, u_int32_t spi) {$/;" f 193 | flags gre.h /^ u_int16_t flags;$/;" m struct:grehdr 194 | flow_head esp.c /^struct llflow_t *flow_head = NULL;$/;" v typeref:struct:llflow_t 195 | flows_cleanup esp.c /^void flows_cleanup() {$/;" f 196 | global_args ipdecap.c /^global_args_t global_args;$/;" v 197 | global_args_t utils.h /^typedef struct global_args_t {$/;" s 198 | global_args_t utils.h /^} global_args_t;$/;" t typeref:struct:global_args_t 199 | grehdr gre.h /^struct grehdr {$/;" s 200 | handle_packets ipdecap.c /^void handle_packets(u_char *bpf_filter, const struct pcap_pkthdr *pkthdr, const u_char *bytes) {$/;" f 201 | hmac_md5_96 esp.c /^auth_method_t hmac_md5_96 = { .name = "hmac_md5-96", .openssl_auth = NULL, .len = 96\/8, .next = &aes_xcbc_mac_96 };$/;" v 202 | hmac_sha_1_96 esp.c /^auth_method_t hmac_sha_1_96 = { .name = "hmac_sha1-96", .openssl_auth = NULL, .len = 96\/8, .next = &hmac_md5_96 };$/;" v 203 | host Makefile /^host = x86_64-pc-linux-gnu$/;" m 204 | host_alias Makefile /^host_alias = $/;" m 205 | host_cpu Makefile /^host_cpu = x86_64$/;" m 206 | host_os Makefile /^host_os = linux-gnu$/;" m 207 | host_triplet Makefile /^host_triplet = x86_64-pc-linux-gnu$/;" m 208 | host_vendor Makefile /^host_vendor = pc$/;" m 209 | htmldir Makefile /^htmldir = ${docdir}$/;" m 210 | ignore_esp ipdecap.c /^int ignore_esp;$/;" v 211 | includedir Makefile /^includedir = ${prefix}\/include$/;" m 212 | infodir Makefile /^infodir = ${datarootdir}\/info$/;" m 213 | input_file utils.h /^ char *input_file; \/\/ --input option$/;" m struct:global_args_t 214 | install_sh Makefile /^install_sh = ${SHELL} \/home\/loic\/ipdecap\/install-sh$/;" m 215 | install_sh_DATA Makefile /^install_sh_DATA = $(install_sh) -c -m 644$/;" m 216 | install_sh_PROGRAM Makefile /^install_sh_PROGRAM = $(install_sh) -c$/;" m 217 | install_sh_SCRIPT Makefile /^install_sh_SCRIPT = $(install_sh) -c$/;" m 218 | ipdecap_LDADD Makefile /^ipdecap_LDADD = $(LDADD)$/;" m 219 | ipdecap_OBJECTS Makefile /^ipdecap_OBJECTS = $(am_ipdecap_OBJECTS)$/;" m 220 | ipdecap_SOURCES Makefile /^ipdecap_SOURCES = ipdecap.c ipdecap.h gre.h esp.h esp.c utils.c utils.h$/;" m 221 | iv esp.h /^ u_char iv[EVP_MAX_IV_LENGTH];$/;" m struct:esp_packet_t 222 | key esp.h /^ unsigned char *key;$/;" m struct:llflow_t 223 | len esp.h /^ int len; \/\/ Digest bytes length$/;" m struct:auth_method_t 224 | libdir Makefile /^libdir = ${exec_prefix}\/lib$/;" m 225 | libexecdir Makefile /^libexecdir = ${exec_prefix}\/libexec$/;" m 226 | list_algo utils.h /^ bool list_algo; \/\/ --list option$/;" m struct:global_args_t 227 | llflow_t esp.h /^typedef struct llflow_t {$/;" s 228 | llflow_t esp.h /^} llflow_t;$/;" t typeref:struct:llflow_t 229 | localedir Makefile /^localedir = ${datarootdir}\/locale$/;" m 230 | localstatedir Makefile /^localstatedir = ${prefix}\/var$/;" m 231 | main ipdecap.c /^int main(int argc, char **argv) {$/;" f 232 | mandir Makefile /^mandir = ${datarootdir}\/man$/;" m 233 | member_size utils.h 46;" d 234 | mkdir_p Makefile /^mkdir_p = $(MKDIR_P)$/;" m 235 | mkinstalldirs Makefile /^mkinstalldirs = $(install_sh) -d$/;" m 236 | name esp.h /^ char *name; \/\/ Name used in ESP configuration file$/;" m struct:auth_method_t 237 | name esp.h /^ char *name; \/\/ Name used in ESP configuration file$/;" m struct:crypt_method_t 238 | next esp.h /^ struct auth_method_t *next;$/;" m struct:auth_method_t typeref:struct:auth_method_t::auth_method_t 239 | next esp.h /^ struct crypt_method_t *next;$/;" m struct:crypt_method_t typeref:struct:crypt_method_t::crypt_method_t 240 | next esp.h /^ struct llflow_t *next;$/;" m struct:llflow_t typeref:struct:llflow_t::llflow_t 241 | next_header esp.h /^ u_int8_t next_header;$/;" m struct:esp_packet_t 242 | next_protocol gre.h /^ u_int16_t next_protocol;$/;" m struct:grehdr 243 | null_auth esp.c /^auth_method_t null_auth = { .name = "null_auth", .openssl_auth = NULL, .len = 8\/8, .next = &hmac_sha_1_96 };$/;" v 244 | null_enc esp.c /^crypt_method_t null_enc = { .name = "null_enc", .openssl_cipher = NULL, .next = NULL};$/;" v 245 | oldincludedir Makefile /^oldincludedir = \/usr\/include$/;" m 246 | openssl_auth esp.h /^ char *openssl_auth; \/\/ OpenSSL internal name, not yet used (no verification made)$/;" m struct:auth_method_t 247 | openssl_cipher esp.h /^ char *openssl_cipher; \/\/ OpenSSL internal name$/;" m struct:crypt_method_t 248 | output_file utils.h /^ char *output_file; \/\/ --output option$/;" m struct:global_args_t 249 | pad_len esp.h /^ u_int8_t pad_len;$/;" m struct:esp_packet_t 250 | parse_esp_conf esp.c /^int parse_esp_conf(char *filename) {$/;" f 251 | parse_options ipdecap.c /^void parse_options(int argc, char **argv) {$/;" f 252 | pcap_dumper ipdecap.c /^pcap_dumper_t *pcap_dumper;$/;" v 253 | pcap_hdr utils.h /^typedef struct pcap_pkthdr pcap_hdr;$/;" t typeref:struct:pcap_pkthdr 254 | pdfdir Makefile /^pdfdir = ${docdir}$/;" m 255 | pkgdatadir Makefile /^pkgdatadir = $(datadir)\/ipdecap$/;" m 256 | pkgincludedir Makefile /^pkgincludedir = $(includedir)\/ipdecap$/;" m 257 | pkglibdir Makefile /^pkglibdir = $(libdir)\/ipdecap$/;" m 258 | pkglibexecdir Makefile /^pkglibexecdir = $(libexecdir)\/ipdecap$/;" m 259 | prefix Makefile /^prefix = \/usr\/local$/;" m 260 | print_algorithms esp.c /^void print_algorithms() {$/;" f 261 | print_mac utils.c /^void print_mac(const unsigned char *mac_ptr) {$/;" f 262 | print_version ipdecap.c /^void print_version() {$/;" f 263 | process_esp_packet esp.c /^void process_esp_packet(u_char const *payload, const int payload_len, pcap_hdr *new_packet_hdr, u_char *new_packet_payload) {$/;" f 264 | process_gre_packet ipdecap.c /^void process_gre_packet(const u_char *payload, pcap_hdr *new_packet_hdr, u_char *new_packet_payload) {$/;" f 265 | process_ipip_packet ipdecap.c /^void process_ipip_packet(const u_char *payload, pcap_hdr *new_packet_hdr, u_char *new_packet_payload) {$/;" f 266 | process_ipv6_packet ipdecap.c /^void process_ipv6_packet(const u_char *payload, const int payload_len, pcap_hdr *new_packet_hdr, u_char *new_packet_payload) {$/;" f 267 | process_nonip_packet ipdecap.c /^void process_nonip_packet(const u_char *payload, const int payload_len, pcap_hdr *new_packet_hdr, u_char *new_packet_payload) {$/;" f 268 | program_transform_name Makefile /^program_transform_name = s,x,x,$/;" m 269 | psdir Makefile /^psdir = ${docdir}$/;" m 270 | remove_ieee8021q_header ipdecap.c /^void remove_ieee8021q_header(const u_char *in_payload, const int in_payload_len, pcap_hdr *out_pkthdr, u_char *out_payload) {$/;" f 271 | runstatedir Makefile /^runstatedir = ${localstatedir}\/run$/;" m 272 | sa esp.h /^ struct sockaddr sa;$/;" m union:address typeref:struct:address::sockaddr 273 | sa_in esp.h /^ struct sockaddr_in sa_in;$/;" m union:address typeref:struct:address::sockaddr_in 274 | sa_in6 esp.h /^ struct sockaddr_in6 sa_in6;$/;" m union:address typeref:struct:address::sockaddr_in6 275 | sa_sto esp.h /^ struct sockaddr_storage sa_sto;$/;" m union:address typeref:struct:address::sockaddr_storage 276 | sa_sto esp.h /^typedef struct sockaddr_storage sa_sto;$/;" t typeref:struct:sockaddr_storage 277 | sbindir Makefile /^sbindir = ${exec_prefix}\/sbin$/;" m 278 | seq esp.h /^ u_int32_t seq;$/;" m struct:esp_packet_t 279 | sharedstatedir Makefile /^sharedstatedir = ${prefix}\/com$/;" m 280 | spi esp.h /^ u_int32_t spi;$/;" m struct:esp_packet_t 281 | spi esp.h /^ u_int32_t spi;$/;" m struct:llflow_t 282 | srcdir Makefile /^srcdir = .$/;" m 283 | str2dec utils.c /^void *str2dec(const char *in, int maxsize) {$/;" f 284 | subdir Makefile /^subdir = src$/;" m 285 | sysconfdir Makefile /^sysconfdir = ${prefix}\/etc$/;" m 286 | target_alias Makefile /^target_alias = $/;" m 287 | top_build_prefix Makefile /^top_build_prefix = ..\/$/;" m 288 | top_builddir Makefile /^top_builddir = ..$/;" m 289 | top_srcdir Makefile /^top_srcdir = ..$/;" m 290 | transform Makefile /^transform = $(program_transform_name)$/;" m 291 | tripledes_cbc esp.c /^crypt_method_t tripledes_cbc = { .name = "3des-cbc", .openssl_cipher = "des-ede3-cbc", .next = &aes_128_ctr};$/;" v 292 | usage ipdecap.c /^void usage(void) {$/;" f 293 | verbose utils.c /^void verbose(const char *format, ...) {$/;" f 294 | verbose utils.h /^ bool verbose; \/\/ --verbose option$/;" m struct:global_args_t 295 | -------------------------------------------------------------------------------- /src/utils.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2012-2018 Loïc Pefferkorn 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | #include "utils.h" 22 | #include 23 | #include // for ETHER_ADDR_LEN 24 | #include // for va_list 25 | #include // for printf, NULL, vfprintf, stdout 26 | #include // for free 27 | #include // for strlen 28 | 29 | void *str2dec(const char *in, int maxsize) { 30 | 31 | int i, len; 32 | unsigned char c; 33 | unsigned char *out = NULL; 34 | 35 | MALLOC(out, maxsize, unsigned char); 36 | 37 | len = strlen(in); 38 | if (len > maxsize*2) { 39 | printf("str too long\n"); 40 | free(out); 41 | return NULL; 42 | } 43 | for(i=0;i= '0') && (c <= '9')) 47 | c -= '0'; 48 | else if ((c >= 'A') && (c <= 'F')) 49 | c = c-'A'+10; 50 | else if ((c >= 'a') && (c <= 'f')) 51 | c = c-'a'+10; 52 | else { 53 | printf("non hex digit: %c\n", c); 54 | free(out); 55 | return NULL; 56 | } 57 | 58 | if (i % 2 == 0) 59 | out[i/2] = (c<<4); 60 | else 61 | out[i/2] = out[i/2] | c; 62 | } 63 | return out; 64 | } 65 | 66 | /* 67 | * Friendly printed MAC address 68 | * 69 | */ 70 | void print_mac(const unsigned char *mac_ptr) { 71 | 72 | int i; 73 | for(i=0;i 3 | ipdecap [http://loicpefferkorn.net/ipdecap] 4 | 5 | This file is part of ipdecap. 6 | 7 | Ipdecap is free software: you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation, either version 3 of the License, or 10 | (at your option) any later version. 11 | 12 | Ipdecap is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with ipdecap. If not, see . 19 | */ 20 | 21 | #include 22 | #include // for stderr, fprintf, NULL 23 | #include // for EXIT_FAILURE, exit, malloc 24 | #pragma once 25 | 26 | void *str2dec(const char *in, int maxsize); 27 | 28 | typedef struct pcap_pkthdr pcap_hdr; 29 | void dumpmem(char *prefix, const unsigned char *ptr, int size, int space); 30 | void print_mac(const unsigned char *mac_ptr); 31 | void verbose(const char *format, ...); 32 | 33 | 34 | /* Command line parameters */ 35 | typedef struct global_args_t { 36 | char *input_file; // --input option 37 | char *output_file; // --output option 38 | char *esp_config_file; // --config option 39 | char *bpf_filter; // --filter option 40 | bool verbose; // --verbose option 41 | bool list_algo; // --list option 42 | } global_args_t; 43 | 44 | extern global_args_t global_args; 45 | 46 | #define member_size(type, member) sizeof(((type *)0)->member) 47 | 48 | #ifdef DEBUG 49 | #define DEBUG_FLAG 1 50 | #else 51 | #define DEBUG_FLAG 0 52 | #endif 53 | 54 | #define debug_print(fmt, ...) \ 55 | do { if (DEBUG_FLAG) fprintf(stderr, fmt, __VA_ARGS__); } while (0) 56 | 57 | #define MALLOC(ptr, count, type) { \ 58 | if ( (ptr = malloc(count * sizeof(type))) == NULL) { \ 59 | error("Cannot malloc"); \ 60 | } \ 61 | } 62 | 63 | #if DEBUG_FLAG 64 | #define error(...) { \ 65 | fprintf(stderr, "error: %s(%d) ", __FILE__, __LINE__); \ 66 | fprintf(stderr, __VA_ARGS__); \ 67 | exit(EXIT_FAILURE); \ 68 | } 69 | #else 70 | #define error(...) { \ 71 | fprintf(stderr, "error: "); \ 72 | fprintf(stderr, __VA_ARGS__); \ 73 | exit(EXIT_FAILURE); \ 74 | } 75 | #endif 76 | -------------------------------------------------------------------------------- /tools/sadb2conf.awk: -------------------------------------------------------------------------------- 1 | #!/usr/bin/awk -f 2 | 3 | 4 | # Copyright (c) 2012-2016 Loïc Pefferkorn 5 | # ipdecap [http://loicpefferkorn.net/ipdecap] 6 | # 7 | # This file is part of ipdecap. 8 | # 9 | # Ipdecap is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # Ipdecap is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with ipdecap. If not, see . 21 | 22 | 23 | # Convert setkey -Da output into an ipdecap ESP configuration file 24 | 25 | BEGIN { 26 | FS="[() ]" 27 | entry=0 28 | } 29 | 30 | # Flow start 31 | /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ [0-9]+\.[0-9]+\.[0-9]+\.[0-9]/ { 32 | src[entry]=$1 33 | dst[entry]=$2 34 | } 35 | 36 | /.*spi=/ { 37 | spi[entry]=$4 38 | } 39 | 40 | # Looking for encryption algorithm 41 | /E: [^ ]+.*/ { 42 | 43 | if ($2 == "null") 44 | crypt[entry] = "null_enc" 45 | else 46 | if ($2 == "rijndael-cbc" ) 47 | crypt[entry] = "aes128-cbc" 48 | else 49 | crypt[entry] = $2 50 | 51 | # Concat key without spaces 52 | key[entry]="0x" 53 | for (a=3;a<=NF;a++) { 54 | key[entry] = key[entry] $a 55 | } 56 | } 57 | 58 | # Looking for authentication algorithm 59 | /A: [^ ]+.*/ { 60 | 61 | if ($2 == "null") 62 | auth[entry] = "null_auth" 63 | else 64 | if ($2 == "hmac-sha1") 65 | auth[entry] = "hmac_sha1-96" 66 | else 67 | if ($2 == "hmac-md5") 68 | auth[entry] = "hmac_md5-96" 69 | else 70 | auth[entry] = $2 71 | } 72 | 73 | # Dummy, increase number of entries found 74 | /created:.*/ { 75 | entry += 1 76 | } 77 | 78 | 79 | END { 80 | # display each entry 81 | for(i=0;i