#define CHECKLEN(p, np) \
if (ep < (const u_char *)(p)) { \
#define CHECKLEN(p, np) \
if (ep < (const u_char *)(p)) { \
- UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in4, &ip->ip_src, sizeof(struct in_addr));
- UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in4, &ip->ip_dst, sizeof(struct in_addr));
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in4,
+ ip->ip_src, sizeof(nd_ipv4));
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in4,
+ ip->ip_dst, sizeof(nd_ipv4));
- UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in6, &ip6->ip6_src, sizeof(struct in6_addr));
- UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in6, &ip6->ip6_dst, sizeof(struct in6_addr));
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in6,
+ ip6->ip6_src, sizeof(nd_ipv6));
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in6,
+ ip6->ip6_dst, sizeof(nd_ipv6));
-#define cookie_isinitiator(x, y) cookie_sidecheck((x), (y), 1)
-#define cookie_isresponder(x, y) cookie_sidecheck((x), (y), 0)
+#define cookie_isinitiator(ndo, x, y) cookie_sidecheck(ndo, (x), (y), 1)
+#define cookie_isresponder(ndo, x, y) cookie_sidecheck(ndo, (x), (y), 0)
-cookie_sidecheck(int i, const u_char *bp2, int initiator)
+cookie_sidecheck(netdissect_options *ndo, int i, const u_char *bp2, int initiator)
- ND_PRINT((ndo,"type=#%u ", t));
- if (EXTRACT_U_1(p) & 0x80) {
- ND_PRINT((ndo,"value="));
+ ND_PRINT("type=#%u ", t);
+ if (GET_U_1(p) & 0x80) {
+ ND_PRINT("value=");
- ND_PRINT((ndo,"("));
- t = EXTRACT_BE_U_2(p) & 0x7fff;
- ND_PRINT((ndo,"type=#%u ", t));
- if (EXTRACT_U_1(p) & 0x80) {
- ND_PRINT((ndo,"value="));
- t = EXTRACT_U_1(p + 2);
+ ND_PRINT("(");
+ t = GET_BE_U_2(p) & 0x7fff;
+ ND_PRINT("type=#%u ", t);
+ if (GET_U_1(p) & 0x80) {
+ ND_PRINT("value=");
+ t = GET_U_1(p + 2);
- ND_PRINT((ndo," doi=%u", doi));
- ND_PRINT((ndo," situation=%u", sit));
+ ND_PRINT(" doi=%u", doi);
+ ND_PRINT(" situation=%u", sit);
- ND_PRINT((ndo," doi=ipsec"));
- ND_PRINT((ndo," situation="));
+ ND_PRINT(" doi=ipsec");
+ ND_PRINT(" situation=");
- ident = EXTRACT_BE_U_4(ext + 1);
- ND_PRINT((ndo," ident=%u", ident));
+ ident = GET_BE_U_4(ext + 1);
+ ND_PRINT(" ident=%u", ident);
cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0,
depth);
return cp;
trunc:
cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0,
depth);
return cp;
trunc:
- ND_TCHECK(*p);
- ND_PRINT((ndo," #%u protoid=%s transform=%u",
- EXTRACT_U_1(p->p_no), PROTOIDSTR(EXTRACT_U_1(p->prot_id)),
- EXTRACT_U_1(p->num_t)));
- spi_size = EXTRACT_U_1(p->spi_size);
+ ND_TCHECK_SIZE(p);
+ ND_PRINT(" #%u protoid=%s transform=%u",
+ GET_U_1(p->p_no), PROTOIDSTR(GET_U_1(p->prot_id)),
+ GET_U_1(p->num_t));
+ spi_size = GET_U_1(p->spi_size);
if (!rawprint(ndo, (const uint8_t *)(p + 1), spi_size))
goto trunc;
}
ext = (const struct isakmp_gen *)((const u_char *)(p + 1) + spi_size);
if (!rawprint(ndo, (const uint8_t *)(p + 1), spi_size))
goto trunc;
}
ext = (const struct isakmp_gen *)((const u_char *)(p + 1) + spi_size);
cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
- { NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 0, 1 */
+ { NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 0, 1 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 2, 3 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 4, 5 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 6, 7 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 2, 3 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 4, 5 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 6, 7 */
static const struct attrmap oakley_t_map[] = {
{ NULL, 0, { NULL } },
{ "enc", 8, { NULL, "1des", "idea", "blowfish", "rc5",
static const struct attrmap oakley_t_map[] = {
{ NULL, 0, { NULL } },
{ "enc", 8, { NULL, "1des", "idea", "blowfish", "rc5",
- "3des", "cast", "aes", }, },
+ "3des", "cast", "aes", }, },
{ "hash", 7, { NULL, "md5", "sha1", "tiger",
"sha2-256", "sha2-384", "sha2-512", }, },
{ "auth", 6, { NULL, "preshared", "dss", "rsa sig", "rsa enc",
{ "hash", 7, { NULL, "md5", "sha1", "tiger",
"sha2-256", "sha2-384", "sha2-512", }, },
{ "auth", 6, { NULL, "preshared", "dss", "rsa sig", "rsa enc",
- ND_PRINT((ndo," #%u id=%s ", EXTRACT_U_1(p->t_no), idstr));
+ ND_PRINT(" #%u id=%s ", GET_U_1(p->t_no), idstr);
- ND_PRINT((ndo," #%u id=%u ", EXTRACT_U_1(p->t_no), EXTRACT_U_1(p->t_id)));
+ ND_PRINT(" #%u id=%u ", GET_U_1(p->t_no), GET_U_1(p->t_id));
cp = (const u_char *)(p + 1);
ep2 = (const u_char *)p + item_len;
while (cp < ep && cp < ep2) {
cp = (const u_char *)(p + 1);
ep2 = (const u_char *)p + item_len;
while (cp < ep && cp < ep2) {
const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (sizeof(*p) < item_len) {
data = (const u_char *)(p + 1);
len = item_len - sizeof(*p);
if (sizeof(*p) < item_len) {
data = (const u_char *)(p + 1);
len = item_len - sizeof(*p);
- ND_PRINT((ndo," [phase=%u doi=%u proto=%u]", phase, doi, proto));
+ ND_PRINT(" [phase=%u doi=%u proto=%u]", phase, doi, proto);
- ND_PRINT((ndo," idtype=%s", STR_OR_ID(EXTRACT_U_1(p->d.id_type), idtypestr)));
- ND_PRINT((ndo," doi_data=%u",
- EXTRACT_BE_U_4(p->d.doi_data) & 0xffffff));
+ ND_PRINT(" idtype=%s",
+ STR_OR_ID(GET_U_1(p->d.id_type), idtypestr));
+ ND_PRINT(" doi_data=%u",
+ GET_BE_U_4(p->d.doi_data) & 0xffffff);
- ND_TCHECK(*doi_p);
- type = EXTRACT_U_1(doi_p->type);
- ND_PRINT((ndo," idtype=%s", STR_OR_ID(type, ipsecidtypestr)));
+ ND_TCHECK_SIZE(doi_p);
+ type = GET_U_1(doi_p->type);
+ ND_PRINT(" idtype=%s", STR_OR_ID(type, ipsecidtypestr));
- ND_PRINT((ndo," protoid=%u", proto_id));
- ND_PRINT((ndo," port=%u", EXTRACT_BE_U_2(doi_p->port)));
+ ND_PRINT(" protoid=%u", proto_id);
+ ND_PRINT(" port=%u", GET_BE_U_2(doi_p->port));
- ND_PRINT((ndo," len=%u %s", len, ipaddr_string(ndo, data)));
+ ND_PRINT(" len=%u %s", len, ipaddr_string(ndo, data));
- mask = data + sizeof(struct in_addr);
- ND_PRINT((ndo," len=%u %s/%u.%u.%u.%u", len,
+ mask = data + sizeof(nd_ipv4);
+ ND_PRINT(" len=%u %s/%u.%u.%u.%u", len,
- EXTRACT_U_1(mask), EXTRACT_U_1(mask + 1),
- EXTRACT_U_1(mask + 2), EXTRACT_U_1(mask + 3)));
+ GET_U_1(mask), GET_U_1(mask + 1),
+ GET_U_1(mask + 2),
+ GET_U_1(mask + 3));
- ND_PRINT((ndo," len=%u %s", len, ip6addr_string(ndo, data)));
+ ND_PRINT(" len=%u %s", len, ip6addr_string(ndo, data));
- ND_PRINT((ndo," len=%u %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", len,
+ ND_PRINT(" len=%u %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", len,
- EXTRACT_U_1(mask), EXTRACT_U_1(mask + 1), EXTRACT_U_1(mask + 2), EXTRACT_U_1(mask + 3),
- EXTRACT_U_1(mask + 4), EXTRACT_U_1(mask + 5), EXTRACT_U_1(mask + 6), EXTRACT_U_1(mask + 7),
- EXTRACT_U_1(mask + 8), EXTRACT_U_1(mask + 9), EXTRACT_U_1(mask + 10), EXTRACT_U_1(mask + 11),
- EXTRACT_U_1(mask + 12), EXTRACT_U_1(mask + 13), EXTRACT_U_1(mask + 14), EXTRACT_U_1(mask + 15)));
+ GET_U_1(mask), GET_U_1(mask + 1),
+ GET_U_1(mask + 2),
+ GET_U_1(mask + 3),
+ GET_U_1(mask + 4),
+ GET_U_1(mask + 5),
+ GET_U_1(mask + 6),
+ GET_U_1(mask + 7),
+ GET_U_1(mask + 8),
+ GET_U_1(mask + 9),
+ GET_U_1(mask + 10),
+ GET_U_1(mask + 11),
+ GET_U_1(mask + 12),
+ GET_U_1(mask + 13),
+ GET_U_1(mask + 14),
+ GET_U_1(mask + 15));
if (!rawprint(ndo, (const uint8_t *)data, len))
goto trunc;
}
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)data, len))
goto trunc;
}
}
return (const u_char *)ext + item_len;
trunc:
"arl", "spki", "x509attr",
};
"arl", "spki", "x509attr",
};
- ND_PRINT((ndo," len=%u", item_len - 4));
- ND_PRINT((ndo," type=%s", STR_OR_ID(EXTRACT_U_1(p->encode), certstr)));
+ ND_PRINT(" len=%u", item_len - 4);
+ ND_PRINT(" type=%s", STR_OR_ID(GET_U_1(p->encode), certstr));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
"arl", "spki", "x509attr",
};
"arl", "spki", "x509attr",
};
- ND_PRINT((ndo," len=%u", item_len - 4));
- ND_PRINT((ndo," type=%s", STR_OR_ID(EXTRACT_U_1(p->encode), certstr)));
+ ND_PRINT(" len=%u", item_len - 4);
+ ND_PRINT(" type=%s", STR_OR_ID(GET_U_1(p->encode), certstr));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
} else if (ndo->ndo_vflag > 1) {
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
} else if (ndo->ndo_vflag > 1) {
if (!ike_show_somedata(ndo, (const u_char *)(ext + 1), ep))
goto trunc;
}
}
return (const u_char *)ext + item_len;
trunc:
if (!ike_show_somedata(ndo, (const u_char *)(ext + 1), ep))
goto trunc;
}
}
return (const u_char *)ext + item_len;
trunc:
#define IPSEC_NOTIFY_STATUS_STR(x) \
STR_OR_ID((u_int)((x) - 24576), ipsec_notify_status_str)
#define IPSEC_NOTIFY_STATUS_STR(x) \
STR_OR_ID((u_int)((x) - 24576), ipsec_notify_status_str)
- ND_PRINT((ndo," doi=%u", doi));
- ND_PRINT((ndo," proto=%u", proto));
- type = EXTRACT_BE_U_2(p->type);
+ ND_PRINT(" doi=%u", doi);
+ ND_PRINT(" proto=%u", proto);
+ type = GET_BE_U_2(p->type);
- ND_PRINT((ndo," type=%s", numstr(type)));
- spi_size = EXTRACT_U_1(p->spi_size);
+ ND_PRINT(" type=%s", numstr(type));
+ spi_size = GET_U_1(p->spi_size);
if (!rawprint(ndo, (const uint8_t *)(p + 1), spi_size))
goto trunc;
}
return (const u_char *)(p + 1) + spi_size;
}
if (!rawprint(ndo, (const uint8_t *)(p + 1), spi_size))
goto trunc;
}
return (const u_char *)(p + 1) + spi_size;
}
- ND_PRINT((ndo," doi=ipsec"));
- ND_PRINT((ndo," proto=%s", PROTOIDSTR(proto)));
- type = EXTRACT_BE_U_2(p->type);
+ ND_PRINT(" doi=ipsec");
+ ND_PRINT(" proto=%s", PROTOIDSTR(proto));
+ type = GET_BE_U_2(p->type);
- ND_PRINT((ndo," type=%s", numstr(type)));
- spi_size = EXTRACT_U_1(p->spi_size);
+ ND_PRINT(" type=%s", numstr(type));
+ spi_size = GET_U_1(p->spi_size);
{
const struct attrmap *map = oakley_t_map;
size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
{
const struct attrmap *map = oakley_t_map;
size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
while (cp < ep && cp < ep2) {
cp = ikev1_attrmap_print(ndo, cp, ep2, map, nmap);
if (cp == NULL) {
while (cp < ep && cp < ep2) {
cp = ikev1_attrmap_print(ndo, cp, ep2, map, nmap);
if (cp == NULL) {
- ND_PRINT((ndo," status=("));
- ND_PRINT((ndo,"replay detection %sabled",
- EXTRACT_BE_U_4(cp) ? "en" : "dis"));
- ND_PRINT((ndo,")"));
+ ND_PRINT(" status=(");
+ ND_PRINT("replay detection %sabled",
+ GET_BE_U_4(cp) ? "en" : "dis");
+ ND_PRINT(")");
- ND_PRINT((ndo," doi=%u", doi));
- ND_PRINT((ndo," proto=%u", proto));
+ ND_PRINT(" doi=%u", doi);
+ ND_PRINT(" proto=%u", proto);
- ND_PRINT((ndo," doi=ipsec"));
- ND_PRINT((ndo," proto=%s", PROTOIDSTR(proto)));
- }
- spi_size = EXTRACT_U_1(p->spi_size);
- ND_PRINT((ndo," spilen=%u", spi_size));
- num_spi = EXTRACT_BE_U_2(p->num_spi);
- ND_PRINT((ndo," nspi=%u", num_spi));
- ND_PRINT((ndo," spi="));
+ ND_PRINT(" doi=ipsec");
+ ND_PRINT(" proto=%s", PROTOIDSTR(proto));
+ }
+ spi_size = GET_U_1(p->spi_size);
+ ND_PRINT(" spilen=%u", spi_size);
+ num_spi = GET_BE_U_2(p->num_spi);
+ ND_PRINT(" nspi=%u", num_spi);
+ ND_PRINT(" spi=");
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
- ND_PRINT((ndo,"%s%s:", payname, critical&0x80 ? "[C]" : ""));
+ ND_PRINT("%s%s:", payname, critical&0x80 ? "[C]" : "");
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
cp = (const u_char *)(p + 1);
ep2 = (const u_char *)p + item_len;
while (cp < ep && cp < ep2) {
cp = (const u_char *)(p + 1);
ep2 = (const u_char *)p + item_len;
while (cp < ep && cp < ep2) {
- ND_PRINT((ndo," #%u protoid=%s transform=%u len=%u",
- EXTRACT_U_1(p->p_no), PROTOIDSTR(EXTRACT_U_1(p->prot_id)),
- EXTRACT_U_1(p->num_t), oprop_length));
+ ND_PRINT(" #%u protoid=%s transform=%u len=%u",
+ GET_U_1(p->p_no), PROTOIDSTR(GET_U_1(p->prot_id)),
+ GET_U_1(p->num_t), oprop_length);
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
if (np == ISAKMP_NPTYPE_T) {
cp = ikev2_t_print(ndo, tcount, ext, item_len, ep);
if (cp == NULL) {
if (np == ISAKMP_NPTYPE_T) {
cp = ikev2_t_print(ndo, tcount, ext, item_len, ep);
if (cp == NULL) {
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
if (np == ISAKMP_NPTYPE_P) {
cp = ikev2_p_print(ndo, np, pcount, ext, item_len,
ep, depth);
if (np == ISAKMP_NPTYPE_P) {
cp = ikev2_p_print(ndo, np, pcount, ext, item_len,
ep, depth);
- ND_PRINT((ndo," len=%u group=%s", item_len - 8,
- STR_OR_ID(EXTRACT_BE_U_2(k->ke_group), dh_p_map)));
+ ND_PRINT(" len=%u group=%s", item_len - 8,
+ STR_OR_ID(GET_BE_U_2(k->ke_group), dh_p_map));
if (!rawprint(ndo, (const uint8_t *)(k + 1), item_len - 8))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(k + 1), item_len - 8))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if(dumpascii) {
ND_TCHECK_LEN(typedata, idtype_len);
for(i=0; i<idtype_len; i++) {
if(dumpascii) {
ND_TCHECK_LEN(typedata, idtype_len);
for(i=0; i<idtype_len; i++) {
- if(ND_ISPRINT(EXTRACT_U_1(typedata + i))) {
- ND_PRINT((ndo, "%c", EXTRACT_U_1(typedata + i)));
+ if(ND_ISPRINT(GET_U_1(typedata + i))) {
+ ND_PRINT("%c", GET_U_1(typedata + i));
ND_TCHECK_LEN(ext, sizeof(struct ikev2_auth));
p = (const struct ikev2_auth *)ext;
ND_TCHECK_LEN(ext, sizeof(struct ikev2_auth));
p = (const struct ikev2_auth *)ext;
- ND_PRINT((ndo," len=%u method=%s", item_len-4,
- STR_OR_ID(EXTRACT_U_1(p->auth_method), v2_auth)));
+ ND_PRINT(" len=%u method=%s", item_len-4,
+ STR_OR_ID(GET_U_1(p->auth_method), v2_auth));
} else if (ndo->ndo_vflag) {
if (!ike_show_somedata(ndo, authdata, ep))
goto trunc;
} else if (ndo->ndo_vflag) {
if (!ike_show_somedata(ndo, authdata, ep))
goto trunc;
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
} else if(ndo->ndo_vflag && 4 < item_len) {
if(!ike_show_somedata(ndo, (const u_char *)(ext+1), ep)) goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
} else if(ndo->ndo_vflag && 4 < item_len) {
if(!ike_show_somedata(ndo, (const u_char *)(ext+1), ep)) goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
} else if (showsomedata) {
if (!ike_show_somedata(ndo, cp, ep))
goto trunc;
} else if (showsomedata) {
if (!ike_show_somedata(ndo, cp, ep))
goto trunc;
- if(ND_ISPRINT(EXTRACT_U_1(vid + i)))
- ND_PRINT((ndo, "%c", EXTRACT_U_1(vid + i)));
- else ND_PRINT((ndo, "."));
+ if(ND_ISPRINT(GET_U_1(vid + i)))
+ ND_PRINT("%c", GET_U_1(vid + i));
+ else ND_PRINT(".");
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
}
return (const u_char *)ext + item_len;
trunc:
/* got it decrypted, print stuff inside. */
ikev2_sub_print(ndo, base, np, ext,
ndo->ndo_snapend, phase, doi, proto, depth+1);
/* got it decrypted, print stuff inside. */
ikev2_sub_print(ndo, base, np, ext,
ndo->ndo_snapend, phase, doi, proto, depth+1);
+
+ /*
+ * esp_print_decrypt_buffer_by_ikev2 pushed information
+ * on the buffer stack; we're done with the buffer, so
+ * pop it (which frees the buffer)
+ */
+ nd_pop_packet_info(ndo);
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
*/
cp = (*npfunc[np])(ndo, np, ext, item_len, ep, phase, doi, proto, depth);
} else {
*/
cp = (*npfunc[np])(ndo, np, ext, item_len, ep, phase, doi, proto, depth);
} else {
cp = ike_sub0_print(ndo, np, ext, ep, phase, doi, proto, depth);
cp = ike_sub0_print(ndo, np, ext, ep, phase, doi, proto, depth);
- snprintf(buf, sizeof(buf), "#%u", x);
+ nd_snprintf(buf, sizeof(buf), "#%u", x);
i = cookie_find(&base->i_ck);
if (i < 0) {
if (iszero((const u_char *)&base->r_ck, sizeof(base->r_ck))) {
/* the first packet */
i = cookie_find(&base->i_ck);
if (i < 0) {
if (iszero((const u_char *)&base->r_ck, sizeof(base->r_ck))) {
/* the first packet */
- if (bp2 && cookie_isinitiator(i, bp2))
- ND_PRINT((ndo," I"));
- else if (bp2 && cookie_isresponder(i, bp2))
- ND_PRINT((ndo," R"));
+ if (bp2 && cookie_isinitiator(ndo, i, bp2))
+ ND_PRINT(" I");
+ else if (bp2 && cookie_isresponder(ndo, i, bp2))
+ ND_PRINT(" R");
- ND_PRINT((ndo," %s", ETYPESTR(EXTRACT_U_1(base->etype))));
- flags = EXTRACT_U_1(base->flags);
+ ND_PRINT(" %s", ETYPESTR(GET_U_1(base->etype)));
+ flags = GET_U_1(base->flags);
- ND_PRINT((ndo,"[%s%s]", flags & ISAKMP_FLAG_E ? "E" : "",
- flags & ISAKMP_FLAG_C ? "C" : ""));
+ ND_PRINT("[%s%s]", flags & ISAKMP_FLAG_E ? "E" : "",
+ flags & ISAKMP_FLAG_C ? "C" : "");
* encrypted, nothing we can do right now.
* we hope to decrypt the packet in the future...
*/
* encrypted, nothing we can do right now.
* we hope to decrypt the packet in the future...
*/
- if (EXTRACT_BE_U_4(base->len) != length) {
- ND_PRINT((ndo," (len mismatch: isakmp %u/ip %u)",
- EXTRACT_BE_U_4(base->len), length));
+ if (GET_BE_U_4(base->len) != length) {
+ ND_PRINT(" (len mismatch: isakmp %u/ip %u)",
+ GET_BE_U_4(base->len), length);
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
* or truncated, otherwise we could loop forever processing
* zero-length items or otherwise misdissect the packet.
*/
cp = (*npfunc[np])(ndo, np, ext, item_len,
ep, phase, doi, proto, depth);
} else {
cp = (*npfunc[np])(ndo, np, ext, item_len,
ep, phase, doi, proto, depth);
} else {
cp = ikev2_sub0_print(ndo, base, np,
ext, ep, phase, doi, proto, depth);
cp = ikev2_sub0_print(ndo, base, np,
ext, ep, phase, doi, proto, depth);
- ND_PRINT((ndo, " %s", ETYPESTR(EXTRACT_U_1(base->etype))));
- flags = EXTRACT_U_1(base->flags);
+ ND_PRINT(" %s", ETYPESTR(GET_U_1(base->etype)));
+ flags = GET_U_1(base->flags);
flags & ISAKMP_FLAG_I ? "I" : "",
flags & ISAKMP_FLAG_V ? "V" : "",
flags & ISAKMP_FLAG_I ? "I" : "",
flags & ISAKMP_FLAG_V ? "V" : "",
* encrypted, nothing we can do right now.
* we hope to decrypt the packet in the future...
*/
* encrypted, nothing we can do right now.
* we hope to decrypt the packet in the future...
*/
- if (EXTRACT_BE_U_4(base->len) != length) {
- ND_PRINT((ndo, " (len mismatch: isakmp %u/ip %u)",
- EXTRACT_BE_U_4(base->len), length));
+ if (GET_BE_U_4(base->len) != length) {
+ ND_PRINT(" (len mismatch: isakmp %u/ip %u)",
+ GET_BE_U_4(base->len), length);
hexprint(ndo, p->msgid, sizeof(p->msgid));
}
if (1 < ndo->ndo_vflag) {
hexprint(ndo, p->msgid, sizeof(p->msgid));
}
if (1 < ndo->ndo_vflag) {
void
isakmp_rfc3948_print(netdissect_options *ndo,
const u_char *bp, u_int length,
void
isakmp_rfc3948_print(netdissect_options *ndo,
const u_char *bp, u_int length,
- if(length == 1 && EXTRACT_U_1(bp)==0xff) {
- ND_PRINT((ndo, "isakmp-nat-keep-alive"));
+ if(length == 1 && GET_U_1(bp)==0xff) {
+ ND_PRINT("isakmp-nat-keep-alive");
- if (EXTRACT_U_1(bp) == 0 && EXTRACT_U_1(bp + 1) == 0 &&
- EXTRACT_U_1(bp + 2) == 0 && EXTRACT_U_1(bp + 3) == 0) {
- ND_PRINT((ndo, "NONESP-encap: "));
+ if (GET_BE_U_4(bp) == 0) {
+ ND_PRINT("NONESP-encap: ");
isakmp_print(ndo, bp+4, length-4, bp2);
return;
}
/* must be an ESP packet */
{
isakmp_print(ndo, bp+4, length-4, bp2);
return;
}
/* must be an ESP packet */
{
- u_int nh, enh, padlen;
- int advance;
-
- ND_PRINT((ndo, "UDP-encap: "));
-
- advance = esp_print(ndo, bp, length, bp2, &enh, &padlen);
- if(advance <= 0)
- return;
+ ND_PRINT("UDP-encap: ");
- bp += advance;
- length -= advance + padlen;
- nh = enh & 0xff;
+ esp_print(ndo, bp, length, bp2, ver, fragmented, ttl_hl);
- ip_print_inner(ndo, bp, length, nh, bp2);
+ /*
+ * Either this has decrypted the payload and
+ * printed it, in which case there's nothing more
+ * to do, or it hasn't, in which case there's
+ * nothing more to do.
+ */
projects / tcpdump / blobdiff