/* specification: RFC 2407, RFC 2408, RFC 5996 */
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
-
-/* The functions from print-esp.c used in this file are only defined when both
- * OpenSSL and evp.h are detected. Employ the same preprocessor device here.
- */
-#ifndef HAVE_OPENSSL_EVP_H
-#undef HAVE_LIBCRYPTO
-#endif
#include "netdissect-stdinc.h"
#define ISAKMP_FLAG_extra 0x04
/* IKEv2 */
-#define ISAKMP_FLAG_I (1 << 3) /* (I)nitiator */
-#define ISAKMP_FLAG_V (1 << 4) /* (V)ersion */
-#define ISAKMP_FLAG_R (1 << 5) /* (R)esponse */
+#define ISAKMP_FLAG_I (1 << 3) /* Initiator */
+#define ISAKMP_FLAG_V (1 << 4) /* Version */
+#define ISAKMP_FLAG_R (1 << 5) /* Response */
/* 3.2 Payload Generic Header
Certificate Types (variable length)
-- Contains a list of the types of certificates requested,
sorted in order of preference. Each individual certificate
- type is 1 octet. This field is NOT requiredo
+ type is 1 octet. This field is NOT required.
*/
/* # Certificate Authorities (1 octet) */
/* Certificate Authorities (variable length) */
? npfunc[(x)] : NULL)
static int
-iszero(const u_char *p, size_t l)
+iszero(netdissect_options *ndo, const u_char *p, size_t l)
{
while (l != 0) {
- if (*p)
+ if (GET_U_1(p))
return 0;
p++;
l--;
u_int totlen;
uint32_t t, v;
- ND_TCHECK_1(p);
if (GET_U_1(p) & 0x80)
totlen = 4;
else {
- ND_TCHECK_2(p + 2);
totlen = 4 + GET_BE_U_2(p + 2);
}
if (ep2 < p + totlen) {
return ep2 + 1;
}
- ND_TCHECK_2(p);
ND_PRINT("(");
t = GET_BE_U_2(p) & 0x7fff;
if (map && t < nmap && map[t].type)
ND_PRINT("type=#%u ", t);
if (GET_U_1(p) & 0x80) {
ND_PRINT("value=");
- ND_TCHECK_2(p + 2);
v = GET_BE_U_2(p + 2);
if (map && t < nmap && v < map[t].nvalue && map[t].value[v])
ND_PRINT("%s", map[t].value[v]);
u_int totlen;
uint32_t t;
- ND_TCHECK_1(p);
if (GET_U_1(p) & 0x80)
totlen = 4;
else {
- ND_TCHECK_2(p + 2);
totlen = 4 + GET_BE_U_2(p + 2);
}
if (ep2 < p + totlen) {
return ep2 + 1;
}
- ND_TCHECK_2(p);
ND_PRINT("(");
t = GET_BE_U_2(p) & 0x7fff;
ND_PRINT("type=#%u ", t);
np = (const u_char *)ext + sizeof(struct ikev1_pl_sa);
if (sit != 0x01) {
- ND_TCHECK_4(ext + 1);
ident = GET_BE_U_4(ext + 1);
ND_PRINT(" ident=%u", ident);
np += sizeof(ident);
ND_PRINT(" spilen=%u", spi_size);
num_spi = GET_BE_U_2(p->num_spi);
ND_PRINT(" nspi=%u", num_spi);
- ND_PRINT(" spi=");
q = (const uint8_t *)(p + 1);
- for (i = 0; i < num_spi; i++) {
- if (i != 0)
- ND_PRINT(",");
- if (!rawprint(ndo, (const uint8_t *)q, spi_size))
- goto trunc;
- q += spi_size;
+ if (spi_size) {
+ ND_PRINT(" spi=");
+ for (i = 0; i < num_spi; i++) {
+ if (i != 0)
+ ND_PRINT(",");
+ if (!rawprint(ndo, (const uint8_t *)q, spi_size))
+ goto trunc;
+ q += spi_size;
+ }
}
return q;
trunc:
const struct ikev2_auth *p;
const char *v2_auth[]={ "invalid", "rsasig",
"shared-secret", "dsssig" };
- const u_char *authdata = (const u_char*)ext + sizeof(struct ikev2_auth);
+ const u_char *authdata = (const u_char *)ext + sizeof(struct ikev2_auth);
ND_TCHECK_LEN(ext, sizeof(struct ikev2_auth));
p = (const struct ikev2_auth *)ext;
i = cookie_find(&base->i_ck);
if (i < 0) {
- if (iszero((const u_char *)&base->r_ck, sizeof(base->r_ck))) {
+ if (iszero(ndo, base->r_ck, sizeof(base->r_ck))) {
/* the first packet */
ND_PRINT(" I");
if (bp2)
const u_char *bp2, int ver, int fragmented, u_int ttl_hl)
{
ndo->ndo_protocol = "isakmp_rfc3948";
- ND_TCHECK_1(bp);
if(length == 1 && GET_U_1(bp)==0xff) {
ND_PRINT("isakmp-nat-keep-alive");
return;
if(length < 4) {
goto trunc;
}
- ND_TCHECK_1(bp + 3);
/*
* see if this is an IKE packet
trunc:
nd_print_trunc(ndo);
- return;
}
projects / tcpdump / blobdiff