From 2993d809d27d1627da1a7abbcdc0dc55b986095e Mon Sep 17 00:00:00 2001 From: jakob Date: Sat, 27 Oct 2001 12:11:09 +0000 Subject: [PATCH] update to v0.9b2 - Support for decrypting resumed sessions. - Fixed a core dump under certain RST conditions. - Support for an arbitrary number of connections (previous versions had a hard limit). - Better error reporting when you provide a bad password. - Some performance fixes. - Other bug fixes. --- net/ssldump/Makefile | 5 +- net/ssldump/files/md5 | 6 +- net/ssldump/patches/patch-aa | 272 ----------------------------------- 3 files changed, 5 insertions(+), 278 deletions(-) delete mode 100644 net/ssldump/patches/patch-aa diff --git a/net/ssldump/Makefile b/net/ssldump/Makefile index 54d6c1355b9..9f4e99f2c1e 100644 --- a/net/ssldump/Makefile +++ b/net/ssldump/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.3 2001/03/24 19:55:46 jakob Exp $ +# $OpenBSD: Makefile,v 1.4 2001/10/27 12:11:09 jakob Exp $ COMMENT= SSLv3/TLS network protocol analyzer -DISTNAME= ssldump-0.9b1 -PKGNAME= ssldump-0.9b1p1 +DISTNAME= ssldump-0.9b2 CATEGORIES= net NEED_VERSION= 1.363 diff --git a/net/ssldump/files/md5 b/net/ssldump/files/md5 index fce7f03239f..6168b866ed8 100644 --- a/net/ssldump/files/md5 +++ b/net/ssldump/files/md5 @@ -1,3 +1,3 @@ -MD5 (ssldump-0.9b1.tar.gz) = ace8f1b4f8bfa4cd494a3e546655c5e7 -RMD160 (ssldump-0.9b1.tar.gz) = 578c0b7d99c1266e46c0ec706a9061862ee240b5 -SHA1 (ssldump-0.9b1.tar.gz) = f93850f9c0da6a6edb7455cb546a1edc02689926 +MD5 (ssldump-0.9b2.tar.gz) = 3002d2e11283c8931deeacf1a06bd5da +RMD160 (ssldump-0.9b2.tar.gz) = ce228dbeb4ff5f9776a773146ce76d23ef09f71a +SHA1 (ssldump-0.9b2.tar.gz) = 0361a566b971d9e5baa889f36075fecadfd1ecc5 diff --git a/net/ssldump/patches/patch-aa b/net/ssldump/patches/patch-aa deleted file mode 100644 index 92bcae2d710..00000000000 --- a/net/ssldump/patches/patch-aa +++ /dev/null @@ -1,272 +0,0 @@ -Index: Makefile.in -=================================================================== -RCS file: /usr/local/CVS/ssldump/Makefile.in,v -retrieving revision 1.4 -diff -c -r1.4 Makefile.in -*** Makefile.in 2000/11/03 06:38:04 1.4 ---- Makefile.in 2000/11/13 06:01:40 -*************** -*** 83,88 **** ---- 83,89 ---- - $(INSTALL) -m 444 ssldump.1 $(MANDIR)/man1/ssldump.1 - - dist: -+ perl "./version-check.pl" - - name=ssldump-`cat VERSION`; \ - rm -rf ../$$name; \ - mkdir ../$$name; \ -*************** -*** 104,106 **** ---- 105,109 ---- - rm -f ssl/a.out all; \ - cd ..; \ - tar cf - $$name | gzip > $$name.tar.gz -+ -+ -Index: configure.in -=================================================================== -RCS file: /usr/local/CVS/ssldump/configure.in,v -retrieving revision 1.3 -diff -c -r1.3 configure.in -*** configure.in 2000/11/03 06:38:05 1.3 ---- configure.in 2000/11/13 15:51:10 -*************** -*** 62,68 **** - AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files], - ac_pcap_inc_dir=$withval - ) -! AC_ARG_WITH(pcap-lib,[--with-openssl-lib PCAP library files], - ac_pcap_lib_dir=$withval - ) - ---- 62,68 ---- - AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files], - ac_pcap_inc_dir=$withval - ) -! AC_ARG_WITH(pcap-lib,[--with-pcap-lib PCAP library files], - ac_pcap_lib_dir=$withval - ) - -Index: base/pcap-snoop.c -=================================================================== -RCS file: /usr/local/CVS/ssldump/base/pcap-snoop.c,v -retrieving revision 1.4 -diff -c -r1.4 pcap-snoop.c -*** base/pcap-snoop.c 2000/11/09 18:52:23 1.4 ---- base/pcap-snoop.c 2000/12/21 03:03:45 -*************** -*** 76,92 **** - - int usage() - { -! fprintf(stderr,"Usage: ssldump [-f dumpfile] [-i interface] \n"); -! fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNd]\n"); - fprintf(stderr," [filter]\n"); - exit(0); - } - - int print_version() - { -! printf("ssldump 0.9a1\n"); - printf("Copyright (C) 1998-2000 RTFM, Inc.\n"); - printf("All rights reserved.\n"); - exit(0); - } - ---- 76,95 ---- - - int usage() - { -! fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] \n"); -! fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n"); - fprintf(stderr," [filter]\n"); - exit(0); - } - - int print_version() - { -! printf("ssldump 0.9b1 patchlevel 1\n"); - printf("Copyright (C) 1998-2000 RTFM, Inc.\n"); - printf("All rights reserved.\n"); -+ #ifdef OPENSSL -+ printf("Compiled with OpenSSL: decryption enabled\n"); -+ #endif - exit(0); - } - -*************** -*** 150,156 **** - - signal(SIGINT,sig_handler); - -! while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdq"))!=EOF){ - switch(c){ - case 'v': - print_version(); ---- 153,159 ---- - - signal(SIGINT,sig_handler); - -! while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqe"))!=EOF){ - switch(c){ - case 'v': - print_version(); -Index: base/tcpconn.h -=================================================================== -RCS file: /usr/local/CVS/ssldump/base/tcpconn.h,v -retrieving revision 1.2 -diff -c -r1.2 tcpconn.h -*** base/tcpconn.h 2000/10/17 16:09:58 1.2 ---- base/tcpconn.h 2000/12/06 07:40:49 -*************** -*** 49,55 **** - - typedef struct segment_ { - u_char *data; -! int len; - tcp_seq s_seq; - packet *p; - struct segment_ *next; ---- 49,55 ---- - - typedef struct segment_ { - u_char *data; -! u_int len; - tcp_seq s_seq; - packet *p; - struct segment_ *next; -Index: base/tcppack.c -=================================================================== -RCS file: /usr/local/CVS/ssldump/base/tcppack.c,v -retrieving revision 1.3 -diff -c -r1.3 tcppack.c -*** base/tcppack.c 2000/11/03 06:38:06 1.3 ---- base/tcppack.c 2000/12/21 02:16:51 -*************** -*** 49,54 **** ---- 49,55 ---- - #include "network.h" - #include - #include -+ #include - #include - #include "debug.h" - #include "tcpconn.h" -*************** -*** 90,96 **** - DBG((0,"SYN1\n")); - if(r=new_connection(handler,p,&conn)) - ABORT(r); -! conn->i2r.seq=ntohl(p->tcp->th_seq); - return(0); - } - ---- 91,97 ---- - DBG((0,"SYN1\n")); - if(r=new_connection(handler,p,&conn)) - ABORT(r); -! conn->i2r.seq=ntohl(p->tcp->th_seq)+1; - return(0); - } - -*************** -*** 102,109 **** - break; - if(p->tcp->th_flags != (TH_SYN | TH_ACK)) - break; -! conn->r2i.seq=ntohl(p->tcp->th_seq); -! conn->r2i.ack=ntohl(p->tcp->th_ack); - conn->state=TCP_STATE_SYN2; - DBG((0,"SYN2\n")); - break; ---- 103,110 ---- - break; - if(p->tcp->th_flags != (TH_SYN | TH_ACK)) - break; -! conn->r2i.seq=ntohl(p->tcp->th_seq)+1; -! conn->r2i.ack=ntohl(p->tcp->th_ack)+1; - conn->state=TCP_STATE_SYN2; - DBG((0,"SYN2\n")); - break; -*************** -*** 113,119 **** - if(direction != DIR_I2R) - break; - DBG((0,"ACK\n")); -! conn->i2r.ack=ntohl(p->tcp->th_ack); - lookuphostname(&conn->i_addr,&sn); - lookuphostname(&conn->r_addr,&dn); - if(NET_print_flags & NET_PRINT_TYPESET) ---- 114,120 ---- - if(direction != DIR_I2R) - break; - DBG((0,"ACK\n")); -! conn->i2r.ack=ntohl(p->tcp->th_ack)+1; - lookuphostname(&conn->i_addr,&sn); - lookuphostname(&conn->r_addr,&dn); - if(NET_print_flags & NET_PRINT_TYPESET) -*************** -*** 180,188 **** - - #define STRIM(_seq,s) { \ - int l;\ -! l=(s)->s_seq - _seq; \ -! (s)->data=(s)->p->data + ((s)->p->tcp->th_off*4) + (l-1) ; \ -! (s)->len=(s)->p->len - (((s)->p->tcp->th_off * 4) + (l-1)); \ - (s)->s_seq += (l-1); \ - if((s)->next) { \ - if((s)->s_seq >= (s)->next->s_seq) {\ ---- 181,192 ---- - - #define STRIM(_seq,s) { \ - int l;\ -! int off;\ -! l=(s)->s_seq - _seq + 1; \ -! off=(s)->p->tcp->th_off*4; \ -! if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\ -! (s)->data=(s)->p->data + off + (l-1) ; \ -! (s)->len=(s)->p->len - off + (l-1); \ - (s)->s_seq += (l-1); \ - if((s)->next) { \ - if((s)->s_seq >= (s)->next->s_seq) {\ -*************** -*** 250,259 **** - DBG((0,"Stream Seq %u ",stream->seq)); - - /* Check to see if this packet has been processed already */ -! if(!(p->tcp->th_flags & (TH_FIN | TH_RST)) &&(seq+l)<=(stream->seq+1)) - return(0); - -! if((stream->seq + 1) < seq){ - tcp_seq left_edge; - - for(seg=0;seg;seg=seg?seg->next:stream->oo_queue){ ---- 254,264 ---- - DBG((0,"Stream Seq %u ",stream->seq)); - - /* Check to see if this packet has been processed already */ -! if(!(p->tcp->th_flags & (TH_FIN | TH_RST)) && SEQ_LT(seq,stream->seq)) - return(0); - -! if(SEQ_LT(stream->seq,seq)){ -! /* Out of order segment */ - tcp_seq left_edge; - - for(seg=0;seg;seg=seg?seg->next:stream->oo_queue){ -*************** -*** 318,324 **** - - stream->oo_queue=seg->next; - seg->next=0; -! stream->seq=seg->s_seq + seg->len - 1; - - #if 0 - for(seg=&_seg;seg;seg=seg->next){ ---- 323,329 ---- - - stream->oo_queue=seg->next; - seg->next=0; -! stream->seq=seg->s_seq + seg->len; - - #if 0 - for(seg=&_seg;seg;seg=seg->next){