+ int osa_length, sa_length;
+
+ ND_TCHECK(*ext1);
+ safememcpy(&e, ext1, sizeof(e));
+ ikev2_pay_print(ndo, "sa", e.critical);
+
+ osa_length= ntohs(e.len);
+ sa_length = osa_length - 4;
+ ND_PRINT((ndo," len=%d", sa_length));
+
+ ikev2_sub_print(ndo, NULL, ISAKMP_NPTYPE_P,
+ ext1+1, ep,
+ 0, 0, 0, depth);
+
+ return (u_char *)ext1 + osa_length;
+trunc:
+ ND_PRINT((ndo," [|%s]", NPSTR(tpay)));
+ return NULL;
+}
+
+static const u_char *
+ikev2_ke_print(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ struct ikev2_ke ke;
+ struct ikev2_ke *k;
+
+ k = (struct ikev2_ke *)ext;
+ ND_TCHECK(*ext);
+ safememcpy(&ke, ext, sizeof(ke));
+ ikev2_pay_print(ndo, NPSTR(tpay), ke.h.critical);
+
+ ND_PRINT((ndo," len=%u group=%s", ntohs(ke.h.len) - 8,
+ STR_OR_ID(ntohs(ke.ke_group), dh_p_map)));
+
+ if (2 < ndo->ndo_vflag && 8 < ntohs(ke.h.len)) {
+ ND_PRINT((ndo," "));
+ if (!rawprint(ndo, (caddr_t)(k + 1), ntohs(ke.h.len) - 8))
+ goto trunc;
+ }
+ return (u_char *)ext + ntohs(ke.h.len);
+trunc:
+ ND_PRINT((ndo," [|%s]", NPSTR(tpay)));
+ return NULL;
+}
+
+static const u_char *
+ikev2_ID_print(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ struct ikev2_id id;
+ int id_len, idtype_len, i;
+ unsigned int dumpascii, dumphex;
+ unsigned char *typedata;
+
+ ND_TCHECK(*ext);
+ safememcpy(&id, ext, sizeof(id));
+ ikev2_pay_print(ndo, NPSTR(tpay), id.h.critical);
+
+ id_len = ntohs(id.h.len);
+
+ ND_PRINT((ndo," len=%d", id_len - 4));
+ if (2 < ndo->ndo_vflag && 4 < id_len) {
+ ND_PRINT((ndo," "));
+ if (!rawprint(ndo, (caddr_t)(ext + 1), id_len - 4))
+ goto trunc;
+ }
+
+ idtype_len =id_len - sizeof(struct ikev2_id);
+ dumpascii = 0;
+ dumphex = 0;
+ typedata = (unsigned char *)(ext)+sizeof(struct ikev2_id);
+
+ switch(id.type) {
+ case ID_IPV4_ADDR:
+ ND_PRINT((ndo, " ipv4:"));
+ dumphex=1;
+ break;
+ case ID_FQDN:
+ ND_PRINT((ndo, " fqdn:"));
+ dumpascii=1;
+ break;
+ case ID_RFC822_ADDR:
+ ND_PRINT((ndo, " rfc822:"));
+ dumpascii=1;
+ break;
+ case ID_IPV6_ADDR:
+ ND_PRINT((ndo, " ipv6:"));
+ dumphex=1;
+ break;
+ case ID_DER_ASN1_DN:
+ ND_PRINT((ndo, " dn:"));
+ dumphex=1;
+ break;
+ case ID_DER_ASN1_GN:
+ ND_PRINT((ndo, " gn:"));
+ dumphex=1;
+ break;
+ case ID_KEY_ID:
+ ND_PRINT((ndo, " keyid:"));
+ dumphex=1;
+ break;
+ }
+
+ if(dumpascii) {
+ ND_TCHECK2(*typedata, idtype_len);
+ for(i=0; i<idtype_len; i++) {
+ if(isprint(typedata[i])) {
+ ND_PRINT((ndo, "%c", typedata[i]));
+ } else {
+ ND_PRINT((ndo, "."));
+ }
+ }
+ }
+ if(dumphex) {
+ if (!rawprint(ndo, (caddr_t)typedata, idtype_len))
+ goto trunc;
+ }
+
+ return (u_char *)ext + id_len;
+trunc:
+ ND_PRINT((ndo," [|%s]", NPSTR(tpay)));
+ return NULL;
+}
+
+static const u_char *
+ikev2_cert_print(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ return ikev2_gen_print(ndo, tpay, ext);
+}
+
+static const u_char *
+ikev2_cr_print(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ return ikev2_gen_print(ndo, tpay, ext);
+}
+
+static const u_char *
+ikev2_auth_print(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ struct ikev2_auth a;
+ const char *v2_auth[]={ "invalid", "rsasig",
+ "shared-secret", "dsssig" };
+ u_char *authdata = (u_char*)ext + sizeof(a);
+ unsigned int len;
+
+ ND_TCHECK(*ext);
+ safememcpy(&a, ext, sizeof(a));
+ ikev2_pay_print(ndo, NPSTR(tpay), a.h.critical);
+ len = ntohs(a.h.len);
+
+ ND_PRINT((ndo," len=%d method=%s", len-4,
+ STR_OR_ID(a.auth_method, v2_auth)));
+
+ if (1 < ndo->ndo_vflag && 4 < len) {
+ ND_PRINT((ndo," authdata=("));
+ if (!rawprint(ndo, (caddr_t)authdata, len - sizeof(a)))
+ goto trunc;
+ ND_PRINT((ndo,") "));
+ } else if(ndo->ndo_vflag && 4 < len) {
+ if(!ike_show_somedata(ndo, authdata, ep)) goto trunc;
+ }
+
+ return (u_char *)ext + len;
+trunc:
+ ND_PRINT((ndo," [|%s]", NPSTR(tpay)));
+ return NULL;
+}
+
+static const u_char *
+ikev2_nonce_print(netdissect_options *ndo, u_char tpay,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ struct isakmp_gen e;
+
+ ND_TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+ ikev2_pay_print(ndo, "nonce", e.critical);
+
+ ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));
+ if (1 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ ND_PRINT((ndo," nonce=("));
+ if (!rawprint(ndo, (caddr_t)(ext + 1), ntohs(e.len) - 4))
+ goto trunc;
+ ND_PRINT((ndo,") "));
+ } else if(ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ if(!ike_show_somedata(ndo, (const u_char *)(ext+1), ep)) goto trunc;
+ }
+
+ return (u_char *)ext + ntohs(e.len);
+trunc:
+ ND_PRINT((ndo," [|%s]", NPSTR(tpay)));
+ return NULL;
+}
+
+/* notify payloads */
+static const u_char *
+ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
+ const struct isakmp_gen *ext,
+ u_int item_len _U_, const u_char *ep _U_,
+ u_int32_t phase _U_, u_int32_t doi _U_,
+ u_int32_t proto _U_, int depth _U_)
+{
+ struct ikev2_n *p, n;
+ const u_char *cp;
+ u_char *ep2;
+ u_char showspi, showdata, showsomedata;
+ const char *notify_name;
+ u_int32_t type;
+
+ p = (struct ikev2_n *)ext;
+ ND_TCHECK(*p);
+ safememcpy(&n, ext, sizeof(n));
+ ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_N), n.h.critical);
+
+ showspi = 1;
+ showdata = 0;
+ showsomedata=0;
+ notify_name=NULL;
+
+ ND_PRINT((ndo," prot_id=%s", PROTOIDSTR(n.prot_id)));
+
+ type = ntohs(n.type);
+
+ /* notify space is annoying sparse */
+ switch(type) {
+ case IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD:
+ notify_name = "unsupported_critical_payload";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_INVALID_IKE_SPI:
+ notify_name = "invalid_ike_spi";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_INVALID_MAJOR_VERSION:
+ notify_name = "invalid_major_version";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_INVALID_SYNTAX:
+ notify_name = "invalid_syntax";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_INVALID_MESSAGE_ID:
+ notify_name = "invalid_message_id";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_INVALID_SPI:
+ notify_name = "invalid_spi";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_NO_PROPOSAL_CHOSEN:
+ notify_name = "no_protocol_chosen";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_INVALID_KE_PAYLOAD:
+ notify_name = "invalid_ke_payload";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_AUTHENTICATION_FAILED:
+ notify_name = "authentication_failed";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_SINGLE_PAIR_REQUIRED:
+ notify_name = "single_pair_required";
+ showspi = 1;
+ break;
+
+ case IV2_NOTIFY_NO_ADDITIONAL_SAS:
+ notify_name = "no_additional_sas";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE:
+ notify_name = "internal_address_failure";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_FAILED_CP_REQUIRED:
+ notify_name = "failed:cp_required";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_INVALID_SELECTORS:
+ notify_name = "invalid_selectors";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_INITIAL_CONTACT:
+ notify_name = "initial_contact";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_SET_WINDOW_SIZE:
+ notify_name = "set_window_size";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE:
+ notify_name = "additional_ts_possible";
+ showspi = 0;
+ break;
+
+ case IV2_NOTIFY_IPCOMP_SUPPORTED:
+ notify_name = "ipcomp_supported";
+ showspi = 0;
+ break;
projects / tcpdump / blobdiff