X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/cd2347d0c86c19be8be1a0436d4de25c30b4e155..31e4acb85a990c6ffe210568414bcc8e7d4f0cb0:/print-isakmp.c diff --git a/print-isakmp.c b/print-isakmp.c index 6368cf56..99f01934 100644 --- a/print-isakmp.c +++ b/print-isakmp.c @@ -30,7 +30,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.49 2004-11-04 07:49:14 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.53 2006-08-27 18:48:29 mcr Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -531,8 +531,21 @@ const struct attrmap ipsec_t_map[] = { { NULL, 0, { NULL } }, { "lifetype", 3, { NULL, "sec", "kb", }, }, { "life", 0, { NULL } }, - { "group desc", 5, { NULL, "modp768", "modp1024", "EC2N 2^155", - "EC2N 2^185", }, }, + { "group desc", 18, { NULL, "modp768", + "modp1024", /* group 2 */ + "EC2N 2^155", /* group 3 */ + "EC2N 2^185", /* group 4 */ + "modp1536", /* group 5 */ + "iana-grp06", "iana-grp07", /* reserved */ + "iana-grp08", "iana-grp09", + "iana-grp10", "iana-grp11", + "iana-grp12", "iana-grp13", + "modp2048", /* group 14 */ + "modp3072", /* group 15 */ + "modp4096", /* group 16 */ + "modp6144", /* group 17 */ + "modp8192", /* group 18 */ + }, }, { "enc mode", 3, { NULL, "tunnel", "transport", }, }, { "auth", 5, { NULL, "hmac-md5", "hmac-sha1", "1des-mac", "keyed", }, }, { "keylen", 0, { NULL } }, @@ -549,8 +562,21 @@ const struct attrmap oakley_t_map[] = { "sha2-256", "sha2-384", "sha2-512", }, }, { "auth", 6, { NULL, "preshared", "dss", "rsa sig", "rsa enc", "rsa enc revised", }, }, - { "group desc", 5, { NULL, "modp768", "modp1024", "EC2N 2^155", - "EC2N 2^185", }, }, + { "group desc", 18, { NULL, "modp768", + "modp1024", /* group 2 */ + "EC2N 2^155", /* group 3 */ + "EC2N 2^185", /* group 4 */ + "modp1536", /* group 5 */ + "iana-grp06", "iana-grp07", /* reserved */ + "iana-grp08", "iana-grp09", + "iana-grp10", "iana-grp11", + "iana-grp12", "iana-grp13", + "modp2048", /* group 14 */ + "modp3072", /* group 15 */ + "modp4096", /* group 16 */ + "modp6144", /* group 17 */ + "modp8192", /* group 18 */ + }, }, { "group type", 4, { NULL, "MODP", "ECP", "EC2N", }, }, { "group prime", 0, { NULL } }, { "group gen1", 0, { NULL } }, @@ -1096,8 +1122,9 @@ isakmp_n_print(const struct isakmp_gen *ext, u_int item_len, break; default: /* NULL is dummy */ - isakmp_print(cp, item_len - sizeof(*p) - n.spi_size, - NULL); + isakmp_print(gndo, cp, + item_len - sizeof(*p) - n.spi_size, + NULL); } printf(")"); } @@ -1273,7 +1300,9 @@ safememcpy(void *p, const void *q, size_t l) } void -isakmp_print(const u_char *bp, u_int length, const u_char *bp2) +isakmp_print(netdissect_options *ndo, + const u_char *bp, u_int length, + const u_char *bp2) { const struct isakmp *p; struct isakmp base; @@ -1284,7 +1313,7 @@ isakmp_print(const u_char *bp, u_int length, const u_char *bp2) int major, minor; p = (const struct isakmp *)bp; - ep = snapend; + ep = ndo->ndo_snapend; if ((struct isakmp *)ep < p + 1) { printf("[|isakmp]"); @@ -1383,3 +1412,64 @@ done: } } } + +void +isakmp_rfc3948_print(netdissect_options *ndo, + const u_char *bp, u_int length, + const u_char *bp2) +{ + const u_char *ep; + ep = ndo->ndo_snapend; + + if(length == 1 && bp[0]==0xff) { + ND_PRINT((ndo, "isakmp-nat-keep-alive")); + return; + } + + if(length < 4) { + goto trunc; + } + + /* + * see if this is an IKE packet + */ + if(bp[0]==0 && bp[1]==0 && bp[2]==0 && bp[3]==0) { + ND_PRINT((ndo, "NONESP-encap: ")); + isakmp_print(ndo, bp+4, length-4, bp2); + return; + } + + /* must be an ESP packet */ + { + int nh, enh, padlen; + int advance; + + ND_PRINT((ndo, "UDP-encap: ")); + + advance = esp_print(ndo, bp, length, bp2, &enh, &padlen); + if(advance <= 0) + return; + + bp += advance; + length -= advance + padlen; + nh = enh & 0xff; + + ip_print_inner(ndo, bp, length, nh, bp2); + return; + } + +trunc: + printf("[|isakmp]"); + return; +} + +/* + * Local Variables: + * c-style: whitesmith + * c-basic-offset: 8 + * End: + */ + + + +