wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added support for 802.11Q VLAN frames. Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH. Fixed bad characters in sniffer README.md configure example.

Browse Source
This commit is contained in:
David Garske
2020-09-15 14:25:22 -07:00
parent ce1c1fe0a6
commit b5163bd1fa
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/sniffer.c
View File

@ -1906,7 +1906,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
/* returns 0 on success, -1 on error */ /* returns 0 on success, -1 on error */
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error) static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
{ {
int version = IP_V(iphdr); int version = IP_V(iphdr);
if (version == IPV6) if (version == IPV6)
return CheckIp6Hdr((Ip6Hdr*)iphdr, info, length, error); return CheckIp6Hdr((Ip6Hdr*)iphdr, info, length, error);
@ -3281,7 +3281,6 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
static int ProcessCertificate(const byte* input, int* sslBytes, static int ProcessCertificate(const byte* input, int* sslBytes,
SnifferSession* session, char* error) SnifferSession* session, char* error)
{ {
int ret;
const byte* certChain; const byte* certChain;
word32 certChainSz; word32 certChainSz;
word32 certSz; word32 certSz;
@ -4058,6 +4057,9 @@ int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
int length, const byte** sslFrame, int* sslBytes, char* error) int length, const byte** sslFrame, int* sslBytes, char* error)
{ {
IpHdr* iphdr = (IpHdr*)packet;
int version;
TraceHeader(); TraceHeader();
TracePacket(); TracePacket();
@ -4066,6 +4068,17 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
version = IP_V(iphdr);
if (version != IPV6 && version != IPV4) {
/* Is this VLAN IEEE 802.1Q Frame? TPID = 0x8100 */
if (packet[2] == 0x81 && packet[3] == 0x00) {
/* trim VLAN header and try again */
packet += 8;
length -= 8;
}
}
if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0) if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
return -1; return -1;

4
sslSniffer/README.md
View File

@ -43,9 +43,9 @@ All options may be enabled with the following configure command line:
```sh ```sh
./configure --enable-sniffer \ ./configure --enable-sniffer \
CPPFLAGS=-DWOLFSSL_SNIFFER_STATS -DWOLFSSL_SNIFFER_WATCH \ CPPFLAGS="-DWOLFSSL_SNIFFER_STATS -DWOLFSSL_SNIFFER_WATCH \
-DWOLFSSL_SNIFFER_STORE_DATA_CB -DWOLFSSL_SNIFFER_CHAIN_INPUT \ -DWOLFSSL_SNIFFER_STORE_DATA_CB -DWOLFSSL_SNIFFER_CHAIN_INPUT \
-DSTARTTLS_ALLOWED -DSTARTTLS_ALLOWED"
``` ```
To add some other cipher support to the sniffer, you can add options like: To add some other cipher support to the sniffer, you can add options like: