struct isakmp *base,
u_char tpay,
const struct isakmp_gen *ext,
- u_int item_len,
- const u_char *end_pointer,
+ u_int item_len,
+ const u_char *end_pointer,
u_int32_t phase,
- u_int32_t doi0,
+ u_int32_t doi0,
u_int32_t proto0, int depth);
"v2cr", "v2auth","v2nonce", "v2n", "v2d", /* 38- 42 */
"v2vid", "v2TSi", "v2TSr", "v2e", "v2cp", /* 43- 47 */
"v2eap", /* 48 */
-
+
};
/* isakmp->np */
-static const u_char *(*npfunc[])(netdissect_options *ndo, u_char tpay,
+static const u_char *(*npfunc[])(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len,
const u_char *end_pointer,
ND_PRINT((ndo," [|%s]", NPSTR(np))); \
goto done; \
}
-
+
#define NPFUNC(x) \
(((x) < sizeof(npfunc)/sizeof(npfunc[0]) && npfunc[(x)]) \
if(len > 10) {
len = 10;
}
-
+
/* really shouldn't happen because of above */
if(end < cp + len) {
end = cp+len;
elen = ep - end;
}
-
+
ND_PRINT((ndo," data=("));
if(!rawprint(ndo, (caddr_t)(cp), len)) goto trunc;
ND_PRINT((ndo, "..."));
ext = (struct isakmp_gen *)((u_char *)(p + 1) + prop.spi_size);
ND_TCHECK(*ext);
-
+
cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
prop.prot_id, depth);
-
+
return cp;
trunc:
ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_P)));
ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_T), t.h.critical);
t_id = ntohs(t.t_id);
-
+
map = NULL;
nmap = 0;
cp = ikev2_sub_print(ndo, NULL, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
prop.prot_id, depth);
-
+
return cp;
trunc:
ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_P)));
}
static const u_char *
-ikev2_sa_print(netdissect_options *ndo, u_char tpay,
+ikev2_sa_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext1,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
}
static const u_char *
-ikev2_ke_print(netdissect_options *ndo, u_char tpay,
+ikev2_ke_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
ND_PRINT((ndo," len=%u group=%s", ntohs(ke.h.len) - 8,
STR_OR_ID(ntohs(ke.ke_group), dh_p_map)));
-
+
if (2 < ndo->ndo_vflag && 8 < ntohs(ke.h.len)) {
ND_PRINT((ndo," "));
if (!rawprint(ndo, (caddr_t)(k + 1), ntohs(ke.h.len) - 8))
}
static const u_char *
-ikev2_ID_print(netdissect_options *ndo, u_char tpay,
+ikev2_ID_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
}
static const u_char *
-ikev2_cert_print(netdissect_options *ndo, u_char tpay,
+ikev2_cert_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
}
static const u_char *
-ikev2_cr_print(netdissect_options *ndo, u_char tpay,
+ikev2_cr_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
}
static const u_char *
-ikev2_auth_print(netdissect_options *ndo, u_char tpay,
+ikev2_auth_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
ikev2_pay_print(ndo, NPSTR(tpay), a.h.critical);
len = ntohs(a.h.len);
- ND_PRINT((ndo," len=%d method=%s", len-4,
+ ND_PRINT((ndo," len=%d method=%s", len-4,
STR_OR_ID(a.auth_method, v2_auth)));
if (1 < ndo->ndo_vflag && 4 < len) {
}
static const u_char *
-ikev2_nonce_print(netdissect_options *ndo, u_char tpay,
+ikev2_nonce_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
/* notify payloads */
static const u_char *
-ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
+ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
showspi = 0;
break;
- case IV2_NOTIFY_FAILED_CP_REQUIRED:
+ case IV2_NOTIFY_FAILED_CP_REQUIRED:
notify_name = "failed:cp_required";
showspi = 0;
break;
showspi = 0;
break;
- case IV2_NOTIFY_SET_WINDOW_SIZE:
+ case IV2_NOTIFY_SET_WINDOW_SIZE:
notify_name = "set_window_size";
showspi = 0;
break;
showspi = 0;
break;
- case IV2_NOTIFY_IPCOMP_SUPPORTED:
+ case IV2_NOTIFY_IPCOMP_SUPPORTED:
notify_name = "ipcomp_supported";
showspi = 0;
break;
if(notify_name) {
ND_PRINT((ndo," type=%u(%s)", type, notify_name));
}
-
+
if (showspi && n.spi_size) {
ND_PRINT((ndo," spi="));
} else if(showsomedata && cp < ep) {
if(!ike_show_somedata(ndo, cp, ep)) goto trunc;
}
-
+
return (u_char *)ext + item_len;
trunc:
ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_N)));
}
static const u_char *
-ikev2_d_print(netdissect_options *ndo, u_char tpay,
+ikev2_d_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
}
static const u_char *
-ikev2_vid_print(netdissect_options *ndo, u_char tpay,
+ikev2_vid_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
safememcpy(&e, ext, sizeof(e));
ikev2_pay_print(ndo, NPSTR(tpay), e.critical);
ND_PRINT((ndo," len=%d vid=", ntohs(e.len) - 4));
-
+
vid = (const u_char *)(ext+1);
len = ntohs(e.len) - 4;
ND_TCHECK2(*vid, len);
}
static const u_char *
-ikev2_TS_print(netdissect_options *ndo, u_char tpay,
+ikev2_TS_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
_U_
#endif
struct isakmp *base,
- u_char tpay,
+ u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
#ifndef HAVE_LIBCRYPTO
dat = (u_char *)(ext+1);
ND_TCHECK2(*dat, dlen);
-
+
#ifdef HAVE_LIBCRYPTO
/* try to decypt it! */
if(esp_print_decrypt_buffer_by_ikev2(ndo,
base->flags & ISAKMP_FLAG_I,
base->i_ck, base->r_ck,
dat, dat+dlen)) {
-
+
ext = (const struct isakmp_gen *)ndo->ndo_packetp;
/* got it decrypted, print stuff inside. */
phase, doi, proto, depth+1);
}
#endif
-
+
/* always return NULL, because E must be at end, and NP refers
* to what was inside.
}
static const u_char *
-ikev2_cp_print(netdissect_options *ndo, u_char tpay,
+ikev2_cp_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
}
static const u_char *
-ikev2_eap_print(netdissect_options *ndo, u_char tpay,
+ikev2_eap_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_,
while (np) {
ND_TCHECK(*ext);
-
+
safememcpy(&e, ext, sizeof(e));
ND_TCHECK2(*ext, ntohs(e.len));
u_char np;
int i;
int phase;
-
+
p = (const struct isakmp *)bp;
ep = ndo->ndo_snapend;
-
+
phase = (EXTRACT_32BITS(base->msgid) == 0) ? 1 : 2;
if (phase == 1)
ND_PRINT((ndo," phase %d", phase));
else
ND_PRINT((ndo," phase %d/others", phase));
-
+
i = cookie_find(&base->i_ck);
if (i < 0) {
if (iszero((u_char *)&base->r_ck, sizeof(base->r_ck))) {
else
ND_PRINT((ndo," ?"));
}
-
+
ND_PRINT((ndo," %s", ETYPESTR(base->etype)));
if (base->flags) {
ND_PRINT((ndo,"[%s%s]", base->flags & ISAKMP_FLAG_E ? "E" : "",
base->flags & ISAKMP_FLAG_C ? "C" : ""));
}
-
+
if (ndo->ndo_vflag) {
const struct isakmp_gen *ext;
-
+
ND_PRINT((ndo,":"));
-
+
/* regardless of phase... */
if (base->flags & ISAKMP_FLAG_E) {
/*
ND_PRINT((ndo," [encrypted %s]", NPSTR(base->np)));
goto done;
}
-
+
CHECKLEN(p + 1, base->np);
np = base->np;
ext = (struct isakmp_gen *)(p + 1);
ikev1_sub_print(ndo, np, ext, ep, phase, 0, 0, 0);
}
-
+
done:
if (ndo->ndo_vflag) {
if (ntohl(base->len) != length) {
struct isakmp_gen e;
cp = (const u_char *)ext;
- pcount = 0;
+ pcount = 0;
while (np) {
pcount++;
ND_TCHECK(*ext);
-
+
safememcpy(&e, ext, sizeof(e));
ND_TCHECK2(*ext, ntohs(e.len));
if(length < 4) {
goto trunc;
}
-
+
/*
* see if this is an IKE packet
*/
bp += advance;
length -= advance + padlen;
nh = enh & 0xff;
-
+
ip_print_inner(ndo, bp, length, nh, bp2);
return;
}
*/
-
+
projects / tcpdump / blobdiff