X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/69cb46af9119e8b5554bcc4bf1bf36f39cb82131..c4744fc29aefea62ab751d50d5e4743c3065ef5f:/print-isakmp.c diff --git a/print-isakmp.c b/print-isakmp.c index 96e89c3d..b11e22d4 100644 --- a/print-isakmp.c +++ b/print-isakmp.c @@ -28,6 +28,8 @@ * */ +/* \summary: Internet Security Association and Key Management Protocol (ISAKMP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -39,18 +41,16 @@ #undef HAVE_LIBCRYPTO #endif -#include +#include #include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" -#include "extract.h" /* must come after interface.h */ +#include "extract.h" #include "ip.h" -#ifdef INET6 #include "ip6.h" -#endif /* refer to RFC 2408 */ @@ -354,7 +354,7 @@ enum ikev2_t_type { IV2_T_PRF = 2, IV2_T_INTEG= 3, IV2_T_DH = 4, - IV2_T_ESN = 5, + IV2_T_ESN = 5 }; /* 3.4. Key Exchange Payload */ @@ -374,7 +374,7 @@ enum ikev2_id_type { ID_IPV6_ADDR=5, ID_DER_ASN1_DN=9, ID_DER_ASN1_GN=10, - ID_KEY_ID=11, + ID_KEY_ID=11 }; struct ikev2_id { struct isakmp_gen h; @@ -438,7 +438,7 @@ struct ikev2_auth { enum ikev2_auth_type { IV2_RSA_SIG = 1, IV2_SHARED = 2, - IV2_DSS_SIG = 3, + IV2_DSS_SIG = 3 }; /* refer to RFC 2409 */ @@ -644,14 +644,12 @@ ikev1_print(netdissect_options *ndo, const u_char *bp2, struct isakmp *base); #define MAXINITIATORS 20 -int ninitiator = 0; +static int ninitiator = 0; union inaddr_u { struct in_addr in4; -#ifdef INET6 struct in6_addr in6; -#endif }; -struct { +static struct { cookie_t initiator; u_int version; union inaddr_u iaddr; @@ -781,9 +779,7 @@ cookie_record(cookie_t *in, const u_char *bp2) { int i; const struct ip *ip; -#ifdef INET6 const struct ip6_hdr *ip6; -#endif i = cookie_find(in); if (0 <= i) { @@ -798,14 +794,12 @@ cookie_record(cookie_t *in, const u_char *bp2) UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in4, &ip->ip_src, sizeof(struct in_addr)); UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in4, &ip->ip_dst, sizeof(struct in_addr)); break; -#ifdef INET6 case 6: ip6 = (const struct ip6_hdr *)bp2; cookiecache[ninitiator].version = 6; UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in6, &ip6->ip6_src, sizeof(struct in6_addr)); UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in6, &ip6->ip6_dst, sizeof(struct in6_addr)); break; -#endif default: return; } @@ -819,9 +813,7 @@ static int cookie_sidecheck(int i, const u_char *bp2, int initiator) { const struct ip *ip; -#ifdef INET6 const struct ip6_hdr *ip6; -#endif ip = (const struct ip *)bp2; switch (IP_V(ip)) { @@ -836,7 +828,6 @@ cookie_sidecheck(int i, const u_char *bp2, int initiator) return 1; } break; -#ifdef INET6 case 6: if (cookiecache[i].version != 6) return 0; @@ -849,7 +840,6 @@ cookie_sidecheck(int i, const u_char *bp2, int initiator) return 1; } break; -#endif /* INET6 */ default: break; } @@ -1354,27 +1344,27 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_, #endif case 2: { - const struct ipsecdoi_id *p; - struct ipsecdoi_id id; + const struct ipsecdoi_id *doi_p; + struct ipsecdoi_id doi_id; struct protoent *pe; - p = (const struct ipsecdoi_id *)ext; - ND_TCHECK(*p); - UNALIGNED_MEMCPY(&id, ext, sizeof(id)); - ND_PRINT((ndo," idtype=%s", STR_OR_ID(id.type, ipsecidtypestr))); + doi_p = (const struct ipsecdoi_id *)ext; + ND_TCHECK(*doi_p); + UNALIGNED_MEMCPY(&doi_id, ext, sizeof(doi_id)); + ND_PRINT((ndo," idtype=%s", STR_OR_ID(doi_id.type, ipsecidtypestr))); /* A protocol ID of 0 DOES NOT mean IPPROTO_IP! */ - pe = id.proto_id ? getprotobynumber(id.proto_id) : NULL; + pe = doi_id.proto_id ? getprotobynumber(doi_id.proto_id) : NULL; if (pe) ND_PRINT((ndo," protoid=%s", pe->p_name)); else - ND_PRINT((ndo," protoid=%u", id.proto_id)); - ND_PRINT((ndo," port=%d", ntohs(id.port))); + ND_PRINT((ndo," protoid=%u", doi_id.proto_id)); + ND_PRINT((ndo," port=%d", ntohs(doi_id.port))); if (!len) break; if (data == NULL) goto trunc; ND_TCHECK2(*data, len); - switch (id.type) { + switch (doi_id.type) { case IPSECDOI_ID_IPV4_ADDR: if (len < 4) ND_PRINT((ndo," len=%d [bad: < 4]", len)); @@ -1406,7 +1396,6 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_, len = 0; break; } -#ifdef INET6 case IPSECDOI_ID_IPV6_ADDR: if (len < 16) ND_PRINT((ndo," len=%d [bad: < 16]", len)); @@ -1432,7 +1421,6 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_, len = 0; break; } -#endif /*INET6*/ case IPSECDOI_ID_IPV4_ADDR_RANGE: if (len < 8) ND_PRINT((ndo," len=%d [bad: < 8]", len)); @@ -1443,7 +1431,6 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_, } len = 0; break; -#ifdef INET6 case IPSECDOI_ID_IPV6_ADDR_RANGE: if (len < 32) ND_PRINT((ndo," len=%d [bad: < 32]", len)); @@ -1454,7 +1441,6 @@ ikev1_id_print(netdissect_options *ndo, u_char tpay _U_, } len = 0; break; -#endif /*INET6*/ case IPSECDOI_ID_DER_ASN1_DN: case IPSECDOI_ID_DER_ASN1_GN: case IPSECDOI_ID_KEY_ID: @@ -1479,7 +1465,7 @@ trunc: static const u_char * ikev1_cert_print(netdissect_options *ndo, u_char tpay _U_, - const struct isakmp_gen *ext, u_int item_len _U_, + const struct isakmp_gen *ext, u_int item_len, const u_char *ep _U_, uint32_t phase _U_, uint32_t doi0 _U_, uint32_t proto0 _U_, int depth _U_) @@ -1512,7 +1498,7 @@ trunc: static const u_char * ikev1_cr_print(netdissect_options *ndo, u_char tpay _U_, - const struct isakmp_gen *ext, u_int item_len _U_, + const struct isakmp_gen *ext, u_int item_len, const u_char *ep _U_, uint32_t phase _U_, uint32_t doi0 _U_, uint32_t proto0 _U_, int depth _U_) { @@ -1594,7 +1580,7 @@ static const u_char * ikev1_nonce_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len _U_, - const u_char *ep _U_, + const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { @@ -1982,9 +1968,9 @@ trunc: static const u_char * ikev2_sa_print(netdissect_options *ndo, u_char tpay, const struct isakmp_gen *ext1, - u_int item_len _U_, const u_char *ep _U_, + u_int item_len _U_, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, - uint32_t proto _U_, int depth _U_) + uint32_t proto _U_, int depth) { struct isakmp_gen e; int osa_length, sa_length; @@ -2141,7 +2127,7 @@ ikev2_cr_print(netdissect_options *ndo, u_char tpay, static const u_char * ikev2_auth_print(netdissect_options *ndo, u_char tpay, const struct isakmp_gen *ext, - u_int item_len _U_, const u_char *ep _U_, + u_int item_len _U_, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { @@ -2177,7 +2163,7 @@ trunc: static const u_char * ikev2_nonce_print(netdissect_options *ndo, u_char tpay, const struct isakmp_gen *ext, - u_int item_len _U_, const u_char *ep _U_, + u_int item_len _U_, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { @@ -2207,7 +2193,7 @@ trunc: static const u_char * ikev2_n_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, - u_int item_len _U_, const u_char *ep _U_, + u_int item_len, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { @@ -2218,7 +2204,7 @@ ikev2_n_print(netdissect_options *ndo, u_char tpay _U_, const char *notify_name; uint32_t type; - p = (const const struct ikev2_n *)ext; + p = (const struct ikev2_n *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&n, ext, sizeof(n)); ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_N), n.h.critical);