update to v0.9b2

- Support for decrypting resumed sessions.
- Fixed a core dump under certain RST conditions.
- Support for an arbitrary number of connections (previous versions had a hard limit).
- Better error reporting when you provide a bad password.
- Some performance fixes.
- Other bug fixes.
This commit is contained in:
jakob 2001-10-27 12:11:09 +00:00
parent 1873f27d04
commit 2993d809d2
3 changed files with 5 additions and 278 deletions

View File

@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.3 2001/03/24 19:55:46 jakob Exp $
# $OpenBSD: Makefile,v 1.4 2001/10/27 12:11:09 jakob Exp $
COMMENT= SSLv3/TLS network protocol analyzer
DISTNAME= ssldump-0.9b1
PKGNAME= ssldump-0.9b1p1
DISTNAME= ssldump-0.9b2
CATEGORIES= net
NEED_VERSION= 1.363

View File

@ -1,3 +1,3 @@
MD5 (ssldump-0.9b1.tar.gz) = ace8f1b4f8bfa4cd494a3e546655c5e7
RMD160 (ssldump-0.9b1.tar.gz) = 578c0b7d99c1266e46c0ec706a9061862ee240b5
SHA1 (ssldump-0.9b1.tar.gz) = f93850f9c0da6a6edb7455cb546a1edc02689926
MD5 (ssldump-0.9b2.tar.gz) = 3002d2e11283c8931deeacf1a06bd5da
RMD160 (ssldump-0.9b2.tar.gz) = ce228dbeb4ff5f9776a773146ce76d23ef09f71a
SHA1 (ssldump-0.9b2.tar.gz) = 0361a566b971d9e5baa889f36075fecadfd1ecc5

View File

@ -1,272 +0,0 @@
Index: Makefile.in
===================================================================
RCS file: /usr/local/CVS/ssldump/Makefile.in,v
retrieving revision 1.4
diff -c -r1.4 Makefile.in
*** Makefile.in 2000/11/03 06:38:04 1.4
--- Makefile.in 2000/11/13 06:01:40
***************
*** 83,88 ****
--- 83,89 ----
$(INSTALL) -m 444 ssldump.1 $(MANDIR)/man1/ssldump.1
dist:
+ perl "./version-check.pl"
- name=ssldump-`cat VERSION`; \
rm -rf ../$$name; \
mkdir ../$$name; \
***************
*** 104,106 ****
--- 105,109 ----
rm -f ssl/a.out all; \
cd ..; \
tar cf - $$name | gzip > $$name.tar.gz
+
+
Index: configure.in
===================================================================
RCS file: /usr/local/CVS/ssldump/configure.in,v
retrieving revision 1.3
diff -c -r1.3 configure.in
*** configure.in 2000/11/03 06:38:05 1.3
--- configure.in 2000/11/13 15:51:10
***************
*** 62,68 ****
AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files],
ac_pcap_inc_dir=$withval
)
! AC_ARG_WITH(pcap-lib,[--with-openssl-lib PCAP library files],
ac_pcap_lib_dir=$withval
)
--- 62,68 ----
AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files],
ac_pcap_inc_dir=$withval
)
! AC_ARG_WITH(pcap-lib,[--with-pcap-lib PCAP library files],
ac_pcap_lib_dir=$withval
)
Index: base/pcap-snoop.c
===================================================================
RCS file: /usr/local/CVS/ssldump/base/pcap-snoop.c,v
retrieving revision 1.4
diff -c -r1.4 pcap-snoop.c
*** base/pcap-snoop.c 2000/11/09 18:52:23 1.4
--- base/pcap-snoop.c 2000/12/21 03:03:45
***************
*** 76,92 ****
int usage()
{
! fprintf(stderr,"Usage: ssldump [-f dumpfile] [-i interface] \n");
! fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNd]\n");
fprintf(stderr," [filter]\n");
exit(0);
}
int print_version()
{
! printf("ssldump 0.9a1\n");
printf("Copyright (C) 1998-2000 RTFM, Inc.\n");
printf("All rights reserved.\n");
exit(0);
}
--- 76,95 ----
int usage()
{
! fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] \n");
! fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n");
fprintf(stderr," [filter]\n");
exit(0);
}
int print_version()
{
! printf("ssldump 0.9b1 patchlevel 1\n");
printf("Copyright (C) 1998-2000 RTFM, Inc.\n");
printf("All rights reserved.\n");
+ #ifdef OPENSSL
+ printf("Compiled with OpenSSL: decryption enabled\n");
+ #endif
exit(0);
}
***************
*** 150,156 ****
signal(SIGINT,sig_handler);
! while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdq"))!=EOF){
switch(c){
case 'v':
print_version();
--- 153,159 ----
signal(SIGINT,sig_handler);
! while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqe"))!=EOF){
switch(c){
case 'v':
print_version();
Index: base/tcpconn.h
===================================================================
RCS file: /usr/local/CVS/ssldump/base/tcpconn.h,v
retrieving revision 1.2
diff -c -r1.2 tcpconn.h
*** base/tcpconn.h 2000/10/17 16:09:58 1.2
--- base/tcpconn.h 2000/12/06 07:40:49
***************
*** 49,55 ****
typedef struct segment_ {
u_char *data;
! int len;
tcp_seq s_seq;
packet *p;
struct segment_ *next;
--- 49,55 ----
typedef struct segment_ {
u_char *data;
! u_int len;
tcp_seq s_seq;
packet *p;
struct segment_ *next;
Index: base/tcppack.c
===================================================================
RCS file: /usr/local/CVS/ssldump/base/tcppack.c,v
retrieving revision 1.3
diff -c -r1.3 tcppack.c
*** base/tcppack.c 2000/11/03 06:38:06 1.3
--- base/tcppack.c 2000/12/21 02:16:51
***************
*** 49,54 ****
--- 49,55 ----
#include "network.h"
#include <sys/socket.h>
#include <arpa/inet.h>
+ #include <netinet/tcp_seq.h>
#include <ctype.h>
#include "debug.h"
#include "tcpconn.h"
***************
*** 90,96 ****
DBG((0,"SYN1\n"));
if(r=new_connection(handler,p,&conn))
ABORT(r);
! conn->i2r.seq=ntohl(p->tcp->th_seq);
return(0);
}
--- 91,97 ----
DBG((0,"SYN1\n"));
if(r=new_connection(handler,p,&conn))
ABORT(r);
! conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
return(0);
}
***************
*** 102,109 ****
break;
if(p->tcp->th_flags != (TH_SYN | TH_ACK))
break;
! conn->r2i.seq=ntohl(p->tcp->th_seq);
! conn->r2i.ack=ntohl(p->tcp->th_ack);
conn->state=TCP_STATE_SYN2;
DBG((0,"SYN2\n"));
break;
--- 103,110 ----
break;
if(p->tcp->th_flags != (TH_SYN | TH_ACK))
break;
! conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
! conn->r2i.ack=ntohl(p->tcp->th_ack)+1;
conn->state=TCP_STATE_SYN2;
DBG((0,"SYN2\n"));
break;
***************
*** 113,119 ****
if(direction != DIR_I2R)
break;
DBG((0,"ACK\n"));
! conn->i2r.ack=ntohl(p->tcp->th_ack);
lookuphostname(&conn->i_addr,&sn);
lookuphostname(&conn->r_addr,&dn);
if(NET_print_flags & NET_PRINT_TYPESET)
--- 114,120 ----
if(direction != DIR_I2R)
break;
DBG((0,"ACK\n"));
! conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
lookuphostname(&conn->i_addr,&sn);
lookuphostname(&conn->r_addr,&dn);
if(NET_print_flags & NET_PRINT_TYPESET)
***************
*** 180,188 ****
#define STRIM(_seq,s) { \
int l;\
! l=(s)->s_seq - _seq; \
! (s)->data=(s)->p->data + ((s)->p->tcp->th_off*4) + (l-1) ; \
! (s)->len=(s)->p->len - (((s)->p->tcp->th_off * 4) + (l-1)); \
(s)->s_seq += (l-1); \
if((s)->next) { \
if((s)->s_seq >= (s)->next->s_seq) {\
--- 181,192 ----
#define STRIM(_seq,s) { \
int l;\
! int off;\
! l=(s)->s_seq - _seq + 1; \
! off=(s)->p->tcp->th_off*4; \
! if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\
! (s)->data=(s)->p->data + off + (l-1) ; \
! (s)->len=(s)->p->len - off + (l-1); \
(s)->s_seq += (l-1); \
if((s)->next) { \
if((s)->s_seq >= (s)->next->s_seq) {\
***************
*** 250,259 ****
DBG((0,"Stream Seq %u ",stream->seq));
/* Check to see if this packet has been processed already */
! if(!(p->tcp->th_flags & (TH_FIN | TH_RST)) &&(seq+l)<=(stream->seq+1))
return(0);
! if((stream->seq + 1) < seq){
tcp_seq left_edge;
for(seg=0;seg;seg=seg?seg->next:stream->oo_queue){
--- 254,264 ----
DBG((0,"Stream Seq %u ",stream->seq));
/* Check to see if this packet has been processed already */
! if(!(p->tcp->th_flags & (TH_FIN | TH_RST)) && SEQ_LT(seq,stream->seq))
return(0);
! if(SEQ_LT(stream->seq,seq)){
! /* Out of order segment */
tcp_seq left_edge;
for(seg=0;seg;seg=seg?seg->next:stream->oo_queue){
***************
*** 318,324 ****
stream->oo_queue=seg->next;
seg->next=0;
! stream->seq=seg->s_seq + seg->len - 1;
#if 0
for(seg=&_seg;seg;seg=seg->next){
--- 323,329 ----
stream->oo_queue=seg->next;
seg->next=0;
! stream->seq=seg->s_seq + seg->len;
#if 0
for(seg=&_seg;seg;seg=seg->next){