/* specification: RFC 2407, RFC 2408, RFC 5996 */
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
-
-/* The functions from print-esp.c used in this file are only defined when both
- * OpenSSL and evp.h are detected. Employ the same preprocessor device here.
- */
-#ifndef HAVE_OPENSSL_EVP_H
-#undef HAVE_LIBCRYPTO
-#endif
#include "netdissect-stdinc.h"
#include <string.h>
+#include "netdissect-ctype.h"
+
#include "netdissect.h"
#include "addrtoname.h"
#include "extract.h"
#include "ip.h"
#include "ip6.h"
-#include "ipproto.h"
+#include "ipproto.h" /* for netdb_protoname() */
typedef nd_byte cookie_t[8];
typedef nd_byte msgid_t[4];
#define ISAKMP_FLAG_extra 0x04
/* IKEv2 */
-#define ISAKMP_FLAG_I (1 << 3) /* (I)nitiator */
-#define ISAKMP_FLAG_V (1 << 4) /* (V)ersion */
-#define ISAKMP_FLAG_R (1 << 5) /* (R)esponse */
+#define ISAKMP_FLAG_I (1 << 3) /* Initiator */
+#define ISAKMP_FLAG_V (1 << 4) /* Version */
+#define ISAKMP_FLAG_R (1 << 5) /* Response */
/* 3.2 Payload Generic Header
Certificate Types (variable length)
-- Contains a list of the types of certificates requested,
sorted in order of preference. Each individual certificate
- type is 1 octet. This field is NOT requiredo
+ type is 1 octet. This field is NOT required.
*/
/* # Certificate Authorities (1 octet) */
/* Certificate Authorities (variable length) */
};
enum ikev2_n_type {
- IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD = 1,
- IV2_NOTIFY_INVALID_IKE_SPI = 4,
- IV2_NOTIFY_INVALID_MAJOR_VERSION = 5,
- IV2_NOTIFY_INVALID_SYNTAX = 7,
- IV2_NOTIFY_INVALID_MESSAGE_ID = 9,
- IV2_NOTIFY_INVALID_SPI =11,
- IV2_NOTIFY_NO_PROPOSAL_CHOSEN =14,
- IV2_NOTIFY_INVALID_KE_PAYLOAD =17,
- IV2_NOTIFY_AUTHENTICATION_FAILED =24,
- IV2_NOTIFY_SINGLE_PAIR_REQUIRED =34,
- IV2_NOTIFY_NO_ADDITIONAL_SAS =35,
- IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE =36,
- IV2_NOTIFY_FAILED_CP_REQUIRED =37,
- IV2_NOTIFY_INVALID_SELECTORS =39,
- IV2_NOTIFY_INITIAL_CONTACT =16384,
- IV2_NOTIFY_SET_WINDOW_SIZE =16385,
- IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE =16386,
- IV2_NOTIFY_IPCOMP_SUPPORTED =16387,
- IV2_NOTIFY_NAT_DETECTION_SOURCE_IP =16388,
- IV2_NOTIFY_NAT_DETECTION_DESTINATION_IP =16389,
- IV2_NOTIFY_COOKIE =16390,
- IV2_NOTIFY_USE_TRANSPORT_MODE =16391,
- IV2_NOTIFY_HTTP_CERT_LOOKUP_SUPPORTED =16392,
- IV2_NOTIFY_REKEY_SA =16393,
- IV2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED =16394,
- IV2_NOTIFY_NON_FIRST_FRAGMENTS_ALSO =16395
+ IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD = 1, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_IKE_SPI = 4, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_MAJOR_VERSION = 5, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_SYNTAX = 7, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_MESSAGE_ID = 9, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_SPI =11, /* [RFC7296] */
+ IV2_NOTIFY_NO_PROPOSAL_CHOSEN =14, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_KE_PAYLOAD =17, /* [RFC7296] */
+ IV2_NOTIFY_AUTHENTICATION_FAILED =24, /* [RFC7296] */
+ IV2_NOTIFY_SINGLE_PAIR_REQUIRED =34, /* [RFC7296] */
+ IV2_NOTIFY_NO_ADDITIONAL_SAS =35, /* [RFC7296] */
+ IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE =36, /* [RFC7296] */
+ IV2_NOTIFY_FAILED_CP_REQUIRED =37, /* [RFC7296] */
+ IV2_NOTIFY_TS_UNACCEPTABLE =38, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_SELECTORS =39, /* [RFC7296] */
+ IV2_NOTIFY_UNACCEPTABLE_ADDRESSES =40, /* [RFC4555] */
+ IV2_NOTIFY_UNEXPECTED_NAT_DETECTED =41, /* [RFC4555] */
+ IV2_NOTIFY_USE_ASSIGNED_HOA =42, /* [RFC5026] */
+ IV2_NOTIFY_TEMPORARY_FAILURE =43, /* [RFC7296] */
+ IV2_NOTIFY_CHILD_SA_NOT_FOUND =44, /* [RFC7296] */
+ IV2_NOTIFY_INVALID_GROUP_ID =45, /* [draft-yeung-g-ikev2] */
+ IV2_NOTIFY_AUTHORIZATION_FAILED =46, /* [draft-yeung-g-ikev2] */
+ IV2_NOTIFY_STATE_NOT_FOUND =47, /* [RFC-ietf-ipsecme-ikev2-multiple-ke-12] */
+ IV2_NOTIFY_INITIAL_CONTACT =16384, /* [RFC7296] */
+ IV2_NOTIFY_SET_WINDOW_SIZE =16385, /* [RFC7296] */
+ IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE =16386, /* [RFC7296] */
+ IV2_NOTIFY_IPCOMP_SUPPORTED =16387, /* [RFC7296] */
+ IV2_NOTIFY_NAT_DETECTION_SOURCE_IP =16388, /* [RFC7296] */
+ IV2_NOTIFY_NAT_DETECTION_DESTINATION_IP =16389, /* [RFC7296] */
+ IV2_NOTIFY_COOKIE =16390, /* [RFC7296] */
+ IV2_NOTIFY_USE_TRANSPORT_MODE =16391, /* [RFC7296] */
+ IV2_NOTIFY_HTTP_CERT_LOOKUP_SUPPORTED =16392, /* [RFC7296] */
+ IV2_NOTIFY_REKEY_SA =16393, /* [RFC7296] */
+ IV2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED =16394, /* [RFC7296] */
+ IV2_NOTIFY_NON_FIRST_FRAGMENTS_ALSO =16395, /* [RFC7296] */
+ IV2_NOTIFY_MOBIKE_SUPPORTED =16396, /* [RFC4555] */
+ IV2_NOTIFY_ADDITIONAL_IP4_ADDRESS =16397, /* [RFC4555] */
+ IV2_NOTIFY_ADDITIONAL_IP6_ADDRESS =16398, /* [RFC4555] */
+ IV2_NOTIFY_NO_ADDITIONAL_ADDRESSES =16399, /* [RFC4555] */
+ IV2_NOTIFY_UPDATE_SA_ADDRESSES =16400, /* [RFC4555] */
+ IV2_NOTIFY_COOKIE2 =16401, /* [RFC4555] */
+ IV2_NOTIFY_NO_NATS_ALLOWED =16402, /* [RFC4555] */
+ IV2_NOTIFY_AUTH_LIFETIME =16403, /* [RFC4478] */
+ IV2_NOTIFY_MULTIPLE_AUTH_SUPPORTED =16404, /* [RFC4739] */
+ IV2_NOTIFY_ANOTHER_AUTH_FOLLOWS =16405, /* [RFC4739] */
+ IV2_NOTIFY_REDIRECT_SUPPORTED =16406, /* [RFC5685] */
+ IV2_NOTIFY_REDIRECT =16407, /* [RFC5685] */
+ IV2_NOTIFY_REDIRECTED_FROM =16408, /* [RFC5685] */
+ IV2_NOTIFY_TICKET_LT_OPAQUE =16409, /* [RFC5723] */
+ IV2_NOTIFY_TICKET_REQUEST =16410, /* [RFC5723] */
+ IV2_NOTIFY_TICKET_ACK =16411, /* [RFC5723] */
+ IV2_NOTIFY_TICKET_NACK =16412, /* [RFC5723] */
+ IV2_NOTIFY_TICKET_OPAQUE =16413, /* [RFC5723] */
+ IV2_NOTIFY_LINK_ID =16414, /* [RFC5739] */
+ IV2_NOTIFY_USE_WESP_MODE =16415, /* [RFC5840] */
+ IV2_NOTIFY_ROHC_SUPPORTED =16416, /* [RFC5857] */
+ IV2_NOTIFY_EAP_ONLY_AUTHENTICATION =16417, /* [RFC5998] */
+ IV2_NOTIFY_CHILDLESS_IKEV2_SUPPORTED =16418, /* [RFC6023] */
+ IV2_NOTIFY_QUICK_CRASH_DETECTION =16419, /* [RFC6290] */
+ IV2_NOTIFY_IKEV2_MESSAGE_ID_SYNC_SUPPORTED =16420, /* [RFC6311] */
+ IV2_NOTIFY_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED =16421, /* [RFC6311] */
+ IV2_NOTIFY_IKEV2_MESSAGE_ID_SYNC =16422, /* [RFC6311] */
+ IV2_NOTIFY_IPSEC_REPLAY_COUNTER_SYNC =16423, /* [RFC6311] */
+ IV2_NOTIFY_SECURE_PASSWORD_METHODS =16424, /* [RFC6467] */
+ IV2_NOTIFY_PSK_PERSIST =16425, /* [RFC6631] */
+ IV2_NOTIFY_PSK_CONFIRM =16426, /* [RFC6631] */
+ IV2_NOTIFY_ERX_SUPPORTED =16427, /* [RFC6867] */
+ IV2_NOTIFY_IFOM_CAPABILITY =16428, /* [Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2] */
+ IV2_NOTIFY_SENDER_REQUEST_ID =16429, /* [draft-yeung-g-ikev2] */
+ IV2_NOTIFY_IKEV2_FRAGMENTATION_SUPPORTED =16430, /* [RFC7383] */
+ IV2_NOTIFY_SIGNATURE_HASH_ALGORITHMS =16431, /* [RFC7427] */
+ IV2_NOTIFY_CLONE_IKE_SA_SUPPORTED =16432, /* [RFC7791] */
+ IV2_NOTIFY_CLONE_IKE_SA =16433, /* [RFC7791] */
+ IV2_NOTIFY_PUZZLE =16434, /* [RFC8019] */
+ IV2_NOTIFY_USE_PPK =16435, /* [RFC8784] */
+ IV2_NOTIFY_PPK_IDENTITY =16436, /* [RFC8784] */
+ IV2_NOTIFY_NO_PPK_AUTH =16437, /* [RFC8784] */
+ IV2_NOTIFY_INTERMEDIATE_EXCHANGE_SUPPORTED =16438, /* [RFC9242] */
+ IV2_NOTIFY_IP4_ALLOWED =16439, /* [RFC8983] */
+ IV2_NOTIFY_IP6_ALLOWED =16440, /* [RFC8983] */
+ IV2_NOTIFY_ADDITIONAL_KEY_EXCHANGE =16441, /* [RFC-ietf-ipsecme-ikev2-multiple-ke-12] */
+ IV2_NOTIFY_USE_AGGFRAG =16442 /* [RFC9347] */
};
struct notify_messages {
static int ninitiator = 0;
union inaddr_u {
nd_ipv4 in4;
- struct in6_addr in6;
+ nd_ipv6 in6;
};
static struct {
cookie_t initiator;
? npfunc[(x)] : NULL)
static int
-iszero(const u_char *p, size_t l)
+iszero(netdissect_options *ndo, const u_char *p, size_t l)
{
while (l != 0) {
- if (*p)
+ if (GET_U_1(p))
return 0;
p++;
l--;
u_int totlen;
uint32_t t, v;
- ND_TCHECK_1(p);
if (GET_U_1(p) & 0x80)
totlen = 4;
else {
- ND_TCHECK_2(p + 2);
totlen = 4 + GET_BE_U_2(p + 2);
}
if (ep2 < p + totlen) {
return ep2 + 1;
}
- ND_TCHECK_2(p);
ND_PRINT("(");
t = GET_BE_U_2(p) & 0x7fff;
if (map && t < nmap && map[t].type)
ND_PRINT("type=#%u ", t);
if (GET_U_1(p) & 0x80) {
ND_PRINT("value=");
- ND_TCHECK_2(p + 2);
v = GET_BE_U_2(p + 2);
if (map && t < nmap && v < map[t].nvalue && map[t].value[v])
ND_PRINT("%s", map[t].value[v]);
u_int totlen;
uint32_t t;
- ND_TCHECK_1(p);
if (GET_U_1(p) & 0x80)
totlen = 4;
else {
- ND_TCHECK_2(p + 2);
totlen = 4 + GET_BE_U_2(p + 2);
}
if (ep2 < p + totlen) {
return ep2 + 1;
}
- ND_TCHECK_2(p);
ND_PRINT("(");
t = GET_BE_U_2(p) & 0x7fff;
ND_PRINT("type=#%u ", t);
np = (const u_char *)ext + sizeof(struct ikev1_pl_sa);
if (sit != 0x01) {
- ND_TCHECK_4(ext + 1);
ident = GET_BE_U_4(ext + 1);
ND_PRINT(" ident=%u", ident);
np += sizeof(ident);
if (len < 4)
ND_PRINT(" len=%u [bad: < 4]", len);
else
- ND_PRINT(" len=%u %s", len, ipaddr_string(ndo, data));
+ ND_PRINT(" len=%u %s", len, GET_IPADDR_STRING(data));
len = 0;
break;
case IPSECDOI_ID_FQDN:
case IPSECDOI_ID_USER_FQDN:
{
- u_int i;
ND_PRINT(" len=%u ", len);
- for (i = 0; i < len; i++)
- fn_print_char(ndo, GET_U_1(data + i));
+ nd_printjn(ndo, data, len);
len = 0;
break;
}
else {
mask = data + sizeof(nd_ipv4);
ND_PRINT(" len=%u %s/%u.%u.%u.%u", len,
- ipaddr_string(ndo, data),
+ GET_IPADDR_STRING(data),
GET_U_1(mask), GET_U_1(mask + 1),
GET_U_1(mask + 2),
GET_U_1(mask + 3));
if (len < 16)
ND_PRINT(" len=%u [bad: < 16]", len);
else
- ND_PRINT(" len=%u %s", len, ip6addr_string(ndo, data));
+ ND_PRINT(" len=%u %s", len, GET_IP6ADDR_STRING(data));
len = 0;
break;
case IPSECDOI_ID_IPV6_ADDR_SUBNET:
mask = (const u_char *)(data + sizeof(nd_ipv6));
/*XXX*/
ND_PRINT(" len=%u %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", len,
- ip6addr_string(ndo, data),
+ GET_IP6ADDR_STRING(data),
GET_U_1(mask), GET_U_1(mask + 1),
GET_U_1(mask + 2),
GET_U_1(mask + 3),
ND_PRINT(" len=%u [bad: < 8]", len);
else {
ND_PRINT(" len=%u %s-%s", len,
- ipaddr_string(ndo, data),
- ipaddr_string(ndo, data + sizeof(nd_ipv4)));
+ GET_IPADDR_STRING(data),
+ GET_IPADDR_STRING(data + sizeof(nd_ipv4)));
}
len = 0;
break;
ND_PRINT(" len=%u [bad: < 32]", len);
else {
ND_PRINT(" len=%u %s-%s", len,
- ip6addr_string(ndo, data),
- ip6addr_string(ndo, data + sizeof(nd_ipv6)));
+ GET_IP6ADDR_STRING(data),
+ GET_IP6ADDR_STRING(data + sizeof(nd_ipv6)));
}
len = 0;
break;
ND_PRINT(" spilen=%u", spi_size);
num_spi = GET_BE_U_2(p->num_spi);
ND_PRINT(" nspi=%u", num_spi);
- ND_PRINT(" spi=");
q = (const uint8_t *)(p + 1);
- for (i = 0; i < num_spi; i++) {
- if (i != 0)
- ND_PRINT(",");
- if (!rawprint(ndo, (const uint8_t *)q, spi_size))
- goto trunc;
- q += spi_size;
+ if (spi_size) {
+ ND_PRINT(" spi=");
+ for (i = 0; i < num_spi; i++) {
+ if (i != 0)
+ ND_PRINT(",");
+ if (!rawprint(ndo, (const uint8_t *)q, spi_size))
+ goto trunc;
+ q += spi_size;
+ }
}
return q;
trunc:
uint32_t proto _U_, int depth _U_)
{
const struct ikev2_id *idp;
- u_int idtype_len, i;
+ u_int idtype_len;
unsigned int dumpascii, dumphex;
const unsigned char *typedata;
if(dumpascii) {
ND_TCHECK_LEN(typedata, idtype_len);
- for(i=0; i<idtype_len; i++) {
- if(ND_ISPRINT(GET_U_1(typedata + i))) {
- ND_PRINT("%c", GET_U_1(typedata + i));
- } else {
- ND_PRINT(".");
- }
- }
+ nd_printjn(ndo, typedata, idtype_len);
}
if(dumphex) {
if (!rawprint(ndo, (const uint8_t *)typedata, idtype_len))
const struct ikev2_auth *p;
const char *v2_auth[]={ "invalid", "rsasig",
"shared-secret", "dsssig" };
- const u_char *authdata = (const u_char*)ext + sizeof(struct ikev2_auth);
+ const u_char *authdata = (const u_char *)ext + sizeof(struct ikev2_auth);
ND_TCHECK_LEN(ext, sizeof(struct ikev2_auth));
p = (const struct ikev2_auth *)ext;
ND_TCHECK_SIZE(p);
ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_N), GET_U_1(p->h.critical));
- showspi = 1;
+ showspi=0;
showsomedata=0;
notify_name=NULL;
switch(type) {
case IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD:
notify_name = "unsupported_critical_payload";
- showspi = 0;
break;
case IV2_NOTIFY_INVALID_IKE_SPI:
case IV2_NOTIFY_INVALID_MAJOR_VERSION:
notify_name = "invalid_major_version";
- showspi = 0;
break;
case IV2_NOTIFY_INVALID_SYNTAX:
break;
case IV2_NOTIFY_NO_PROPOSAL_CHOSEN:
- notify_name = "no_protocol_chosen";
+ notify_name = "no_proposal_chosen";
showspi = 1;
break;
case IV2_NOTIFY_NO_ADDITIONAL_SAS:
notify_name = "no_additional_sas";
- showspi = 0;
break;
case IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE:
notify_name = "internal_address_failure";
- showspi = 0;
break;
case IV2_NOTIFY_FAILED_CP_REQUIRED:
- notify_name = "failed:cp_required";
- showspi = 0;
+ notify_name = "failed_cp_required";
+ break;
+
+ case IV2_NOTIFY_TS_UNACCEPTABLE:
+ notify_name = "ts_unacceptable";
break;
case IV2_NOTIFY_INVALID_SELECTORS:
notify_name = "invalid_selectors";
- showspi = 0;
+ break;
+
+ case IV2_NOTIFY_UNACCEPTABLE_ADDRESSES:
+ notify_name = "unacceptable_addresses";
+ break;
+
+ case IV2_NOTIFY_UNEXPECTED_NAT_DETECTED:
+ notify_name = "unexpected_nat_detected";
+ break;
+
+ case IV2_NOTIFY_USE_ASSIGNED_HOA:
+ notify_name = "use_assigned_hoa";
+ break;
+
+ case IV2_NOTIFY_TEMPORARY_FAILURE:
+ notify_name = "temporary_failure";
+ break;
+
+ case IV2_NOTIFY_CHILD_SA_NOT_FOUND:
+ notify_name = "child_sa_not_found";
+ break;
+
+ case IV2_NOTIFY_INVALID_GROUP_ID:
+ notify_name = "invalid_group_id";
+ break;
+
+ case IV2_NOTIFY_AUTHORIZATION_FAILED:
+ notify_name = "authorization_failed";
+ break;
+
+ case IV2_NOTIFY_STATE_NOT_FOUND:
+ notify_name = "state_not_found";
break;
case IV2_NOTIFY_INITIAL_CONTACT:
notify_name = "initial_contact";
- showspi = 0;
break;
case IV2_NOTIFY_SET_WINDOW_SIZE:
notify_name = "set_window_size";
- showspi = 0;
break;
case IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE:
notify_name = "additional_ts_possible";
- showspi = 0;
break;
case IV2_NOTIFY_IPCOMP_SUPPORTED:
notify_name = "ipcomp_supported";
- showspi = 0;
break;
case IV2_NOTIFY_NAT_DETECTION_SOURCE_IP:
case IV2_NOTIFY_USE_TRANSPORT_MODE:
notify_name = "use_transport_mode";
- showspi = 0;
break;
case IV2_NOTIFY_HTTP_CERT_LOOKUP_SUPPORTED:
notify_name = "http_cert_lookup_supported";
- showspi = 0;
break;
case IV2_NOTIFY_REKEY_SA:
case IV2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED:
notify_name = "tfc_padding_not_supported";
- showspi = 0;
break;
case IV2_NOTIFY_NON_FIRST_FRAGMENTS_ALSO:
notify_name = "non_first_fragment_also";
- showspi = 0;
+ break;
+
+ case IV2_NOTIFY_MOBIKE_SUPPORTED:
+ notify_name = "mobike_supported";
+ break;
+
+ case IV2_NOTIFY_ADDITIONAL_IP4_ADDRESS:
+ notify_name = "additional_ip4_address";
+ break;
+
+ case IV2_NOTIFY_ADDITIONAL_IP6_ADDRESS:
+ notify_name = "additional_ip6_address";
+ break;
+
+ case IV2_NOTIFY_NO_ADDITIONAL_ADDRESSES:
+ notify_name = "no_additional_addresses";
+ break;
+
+ case IV2_NOTIFY_UPDATE_SA_ADDRESSES:
+ notify_name = "update_sa_addresses";
+ break;
+
+ case IV2_NOTIFY_COOKIE2:
+ notify_name = "cookie2";
+ break;
+
+ case IV2_NOTIFY_NO_NATS_ALLOWED:
+ notify_name = "no_nats_allowed";
+ break;
+
+ case IV2_NOTIFY_AUTH_LIFETIME:
+ notify_name = "auth_lifetime";
+ break;
+
+ case IV2_NOTIFY_MULTIPLE_AUTH_SUPPORTED:
+ notify_name = "multiple_auth_supported";
+ break;
+
+ case IV2_NOTIFY_ANOTHER_AUTH_FOLLOWS:
+ notify_name = "another_auth_follows";
+ break;
+
+ case IV2_NOTIFY_REDIRECT_SUPPORTED:
+ notify_name = "redirect_supported";
+ break;
+
+ case IV2_NOTIFY_REDIRECT:
+ notify_name = "redirect";
+ break;
+
+ case IV2_NOTIFY_REDIRECTED_FROM:
+ notify_name = "redirected_from";
+ break;
+
+ case IV2_NOTIFY_TICKET_LT_OPAQUE:
+ notify_name = "ticket_lt_opaque";
+ break;
+
+ case IV2_NOTIFY_TICKET_REQUEST:
+ notify_name = "ticket_request";
+ break;
+
+ case IV2_NOTIFY_TICKET_ACK:
+ notify_name = "ticket_ack";
+ break;
+
+ case IV2_NOTIFY_TICKET_NACK:
+ notify_name = "ticket_nack";
+ break;
+
+ case IV2_NOTIFY_TICKET_OPAQUE:
+ notify_name = "ticket_opaque";
+ break;
+
+ case IV2_NOTIFY_LINK_ID:
+ notify_name = "link_id";
+ break;
+
+ case IV2_NOTIFY_USE_WESP_MODE:
+ notify_name = "use_wesp_mode";
+ break;
+
+ case IV2_NOTIFY_ROHC_SUPPORTED:
+ notify_name = "rohc_supported";
+ break;
+
+ case IV2_NOTIFY_EAP_ONLY_AUTHENTICATION:
+ notify_name = "eap_only_authentication";
+ break;
+
+ case IV2_NOTIFY_CHILDLESS_IKEV2_SUPPORTED:
+ notify_name = "childless_ikev2_supported";
+ break;
+
+ case IV2_NOTIFY_QUICK_CRASH_DETECTION:
+ notify_name = "quick_crash_detection";
+ break;
+
+ case IV2_NOTIFY_IKEV2_MESSAGE_ID_SYNC_SUPPORTED:
+ notify_name = "ikev2_message_id_sync_supported";
+ break;
+
+ case IV2_NOTIFY_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED:
+ notify_name = "ipsec_replay_counter_sync_supported";
+ break;
+
+ case IV2_NOTIFY_IKEV2_MESSAGE_ID_SYNC:
+ notify_name = "ikev2_message_id_sync";
+ break;
+
+ case IV2_NOTIFY_IPSEC_REPLAY_COUNTER_SYNC:
+ notify_name = "ipsec_replay_counter_sync";
+ break;
+
+ case IV2_NOTIFY_SECURE_PASSWORD_METHODS:
+ notify_name = "secure_password_methods";
+ break;
+
+ case IV2_NOTIFY_PSK_PERSIST:
+ notify_name = "psk_persist";
+ break;
+
+ case IV2_NOTIFY_PSK_CONFIRM:
+ notify_name = "psk_confirm";
+ break;
+
+ case IV2_NOTIFY_ERX_SUPPORTED:
+ notify_name = "erx_supported";
+ break;
+
+ case IV2_NOTIFY_IFOM_CAPABILITY:
+ notify_name = "ifom_capability";
+ break;
+
+ case IV2_NOTIFY_SENDER_REQUEST_ID:
+ notify_name = "sender_request_id";
+ break;
+
+ case IV2_NOTIFY_IKEV2_FRAGMENTATION_SUPPORTED:
+ notify_name = "ikev2_fragmentation_supported";
+ break;
+
+ case IV2_NOTIFY_SIGNATURE_HASH_ALGORITHMS:
+ notify_name = "signature_hash_algorithms";
+ break;
+
+ case IV2_NOTIFY_CLONE_IKE_SA_SUPPORTED:
+ notify_name = "clone_ike_sa_supported";
+ break;
+
+ case IV2_NOTIFY_CLONE_IKE_SA:
+ notify_name = "clone_ike_sa";
+ break;
+
+ case IV2_NOTIFY_PUZZLE:
+ notify_name = "puzzle";
+ break;
+
+ case IV2_NOTIFY_USE_PPK:
+ notify_name = "use_ppk";
+ break;
+
+ case IV2_NOTIFY_PPK_IDENTITY:
+ notify_name = "ppk_identity";
+ break;
+
+ case IV2_NOTIFY_NO_PPK_AUTH:
+ notify_name = "no_ppk_auth";
+ break;
+
+ case IV2_NOTIFY_INTERMEDIATE_EXCHANGE_SUPPORTED:
+ notify_name = "intermediate_exchange_supported";
+ break;
+
+ case IV2_NOTIFY_IP4_ALLOWED:
+ notify_name = "ip4_allowed";
+ break;
+
+ case IV2_NOTIFY_IP6_ALLOWED:
+ notify_name = "ip6_allowed";
+ break;
+
+ case IV2_NOTIFY_ADDITIONAL_KEY_EXCHANGE:
+ notify_name = "additional_key_exchange";
+ break;
+
+ case IV2_NOTIFY_USE_AGGFRAG:
+ notify_name = "use_aggfrag";
break;
default:
+ showspi = 1;
if (type < 8192) {
notify_name="error";
} else if(type < 16384) {
uint32_t proto _U_, int depth _U_)
{
const u_char *vid;
- u_int i, len;
+ u_int len;
ND_TCHECK_SIZE(ext);
ikev2_pay_print(ndo, NPSTR(tpay), GET_U_1(ext->critical));
vid = (const u_char *)(ext+1);
len = item_len - 4;
ND_TCHECK_LEN(vid, len);
- for(i=0; i<len; i++) {
- if(ND_ISPRINT(GET_U_1(vid + i)))
- ND_PRINT("%c", GET_U_1(vid + i));
- else ND_PRINT(".");
- }
+ nd_printjn(ndo, vid, len);
if (2 < ndo->ndo_vflag && 4 < len) {
/* Print the entire payload in hex */
ND_PRINT(" ");
np = GET_U_1(ext->np);
/* try to decrypt it! */
- if(esp_print_decrypt_buffer_by_ikev2(ndo,
+ if(esp_decrypt_buffer_by_ikev2_print(ndo,
GET_U_1(base->flags) & ISAKMP_FLAG_I,
base->i_ck, base->r_ck,
dat, dat+dlen)) {
ndo->ndo_snapend, phase, doi, proto, depth+1);
/*
- * esp_print_decrypt_buffer_by_ikev2 pushed information
+ * esp_decrypt_buffer_by_ikev2_print pushed information
* on the buffer stack; we're done with the buffer, so
* pop it (which frees the buffer)
*/
numstr(u_int x)
{
static char buf[20];
- nd_snprintf(buf, sizeof(buf), "#%u", x);
+ snprintf(buf, sizeof(buf), "#%u", x);
return buf;
}
i = cookie_find(&base->i_ck);
if (i < 0) {
- if (iszero((const u_char *)&base->r_ck, sizeof(base->r_ck))) {
+ if (iszero(ndo, base->r_ck, sizeof(base->r_ck))) {
/* the first packet */
ND_PRINT(" I");
if (bp2)
/* initialize SAs */
if (ndo->ndo_sa_list_head == NULL) {
if (ndo->ndo_espsecret)
- esp_print_decodesecret(ndo);
+ esp_decodesecret_print(ndo);
}
#endif
const u_char *bp2, int ver, int fragmented, u_int ttl_hl)
{
ndo->ndo_protocol = "isakmp_rfc3948";
- ND_TCHECK_1(bp);
if(length == 1 && GET_U_1(bp)==0xff) {
ND_PRINT("isakmp-nat-keep-alive");
return;
if(length < 4) {
goto trunc;
}
- ND_TCHECK_1(bp + 3);
/*
* see if this is an IKE packet
trunc:
nd_print_trunc(ndo);
- return;
}
projects / tcpdump / blobdiff