#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.33 2002-09-05 00:00:13 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.34 2002-09-05 00:43:21 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#define sockaddr_storage sockaddr
#endif
-static u_char *isakmp_sa_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_p_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_t_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_ke_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_id_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_cert_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_cr_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_sig_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_hash_print(struct isakmp_gen *, u_char *,
- u_int32_t, u_int32_t, u_int32_t);
-static u_char *isakmp_nonce_print(struct isakmp_gen *, u_char *,
- u_int32_t, u_int32_t, u_int32_t);
-static u_char *isakmp_n_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_d_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_vid_print(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t);
-static u_char *isakmp_sub0_print(u_char, struct isakmp_gen *, u_char *,
- u_int32_t, u_int32_t, u_int32_t);
-static u_char *isakmp_sub_print(u_char, struct isakmp_gen *, u_char *,
- u_int32_t, u_int32_t, u_int32_t);
+static const u_char *isakmp_sa_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_p_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_t_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_ke_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_id_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_cert_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_cr_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_sig_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_hash_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_nonce_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_n_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_d_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_vid_print(const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_sub0_print(u_char, const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+static const u_char *isakmp_sub_print(u_char, const struct isakmp_gen *,
+ const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static char *numstr(int);
-static void safememcpy(void *, void *, size_t);
+static void safememcpy(void *, const void *, size_t);
#define MAXINITIATORS 20
int ninitiator = 0;
};
/* isakmp->np */
-static u_char *(*npfunc[])(struct isakmp_gen *, u_char *, u_int32_t,
- u_int32_t, u_int32_t) = {
+static const u_char *(*npfunc[])(const struct isakmp_gen *, const u_char *,
+ u_int32_t, u_int32_t, u_int32_t, int) = {
NULL,
isakmp_sa_print,
isakmp_p_print,
const char *value[30]; /*XXX*/
};
-static u_char *
-isakmp_attrmap_print(u_char *p, u_char *ep, struct attrmap *map, size_t nmap)
+static const u_char *
+isakmp_attrmap_print(const u_char *p, const u_char *ep,
+ const struct attrmap *map, size_t nmap)
{
u_int16_t *q;
int totlen;
return p + totlen;
}
-static u_char *
-isakmp_attr_print(u_char *p, u_char *ep)
+static const u_char *
+isakmp_attr_print(const u_char *p, const u_char *ep)
{
u_int16_t *q;
int totlen;
return p + totlen;
}
-static u_char *
-isakmp_sa_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi0, u_int32_t proto0)
+static const u_char *
+isakmp_sa_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi0, u_int32_t proto0, int depth)
{
- struct isakmp_pl_sa *p, sa;
- u_int32_t *q;
+ const struct isakmp_pl_sa *p;
+ struct isakmp_pl_sa sa;
+ const u_int32_t *q;
u_int32_t doi, sit, ident;
- u_char *cp, *np;
+ const u_char *cp, *np;
int t;
printf("%s:", NPSTR(ISAKMP_NPTYPE_SA));
ext = (struct isakmp_gen *)np;
- cp = isakmp_sub_print(ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0);
+ cp = isakmp_sub_print(ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0,
+ depth);
return cp;
}
-static u_char *
-isakmp_p_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi0, u_int32_t proto0)
+static const u_char *
+isakmp_p_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi0, u_int32_t proto0, int depth)
{
- struct isakmp_pl_p *p, prop;
- u_char *cp;
+ const struct isakmp_pl_p *p;
+ struct isakmp_pl_p prop;
+ const u_char *cp;
printf("%s:", NPSTR(ISAKMP_NPTYPE_P));
ext = (struct isakmp_gen *)((u_char *)(p + 1) + prop.spi_size);
cp = isakmp_sub_print(ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
- prop.prot_id);
+ prop.prot_id, depth);
return cp;
}
NULL, "oui", "deflate", "lzs",
};
-struct attrmap ipsec_t_map[] = {
+const struct attrmap ipsec_t_map[] = {
{ NULL, 0, { NULL } },
{ "lifetype", 3, { NULL, "sec", "kb", }, },
{ "life", 0, { NULL } },
{ "privalg", 0, { NULL } },
};
-struct attrmap oakley_t_map[] = {
+const struct attrmap oakley_t_map[] = {
{ NULL, 0, { NULL } },
{ "enc", 8, { NULL, "1des", "idea", "blowfish", "rc5",
"3des", "cast", "aes", }, },
{ "order", 0, { NULL } },
};
-static u_char *
-isakmp_t_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_t_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi, u_int32_t proto, int depth)
{
- struct isakmp_pl_t *p, t;
- u_char *cp;
+ const struct isakmp_pl_t *p;
+ struct isakmp_pl_t t;
+ const u_char *cp;
const char *idstr;
- struct attrmap *map;
+ const struct attrmap *map;
size_t nmap;
- u_char *ep2;
+ const u_char *ep2;
printf("%s:", NPSTR(ISAKMP_NPTYPE_T));
return cp;
}
-static u_char *
-isakmp_ke_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_ke_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi, u_int32_t proto, int depth)
{
struct isakmp_gen e;
return (u_char *)ext + ntohs(e.len);
}
-static u_char *
-isakmp_id_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_id_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi, u_int32_t proto, int depth)
{
#define USE_IPSECDOI_IN_PHASE1 1
- struct isakmp_pl_id *p, id;
+ const struct isakmp_pl_id *p;
+ struct isakmp_pl_id id;
static const char *idtypestr[] = {
"IPv4", "IPv4net", "IPv6", "IPv6net",
};
"keyid",
};
int len;
- u_char *data;
+ const u_char *data;
printf("%s:", NPSTR(ISAKMP_NPTYPE_ID));
#endif
case 2:
{
- struct ipsecdoi_id *p, id;
+ const struct ipsecdoi_id *p;
+ struct ipsecdoi_id id;
struct protoent *pe;
p = (struct ipsecdoi_id *)ext;
}
case IPSECDOI_ID_IPV4_ADDR_SUBNET:
{
- u_char *mask;
+ const u_char *mask;
mask = data + sizeof(struct in_addr);
printf(" len=%d %s/%u.%u.%u.%u", len,
ipaddr_string(data),
break;
case IPSECDOI_ID_IPV6_ADDR_SUBNET:
{
- u_int32_t *mask;
+ const u_int32_t *mask;
mask = (u_int32_t *)(data + sizeof(struct in6_addr));
/*XXX*/
printf(" len=%d %s/0x%08x%08x%08x%08x", len,
return (u_char *)ext + ntohs(id.h.len);
}
-static u_char *
-isakmp_cert_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi0, u_int32_t proto0)
+static const u_char *
+isakmp_cert_print(const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi0, u_int32_t proto0, int depth)
{
- struct isakmp_pl_cert *p, cert;
+ const struct isakmp_pl_cert *p;
+ struct isakmp_pl_cert cert;
static const char *certstr[] = {
"none", "pkcs7", "pgp", "dns",
"x509sign", "x509ke", "kerberos", "crl",
return (u_char *)ext + ntohs(cert.h.len);
}
-static u_char *
-isakmp_cr_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi0, u_int32_t proto0)
+static const u_char *
+isakmp_cr_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi0, u_int32_t proto0, int depth)
{
- struct isakmp_pl_cert *p, cert;
+ const struct isakmp_pl_cert *p;
+ struct isakmp_pl_cert cert;
static const char *certstr[] = {
"none", "pkcs7", "pgp", "dns",
"x509sign", "x509ke", "kerberos", "crl",
return (u_char *)ext + ntohs(cert.h.len);
}
-static u_char *
-isakmp_hash_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_hash_print(const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
{
struct isakmp_gen e;
return (u_char *)ext + ntohs(e.len);
}
-static u_char *
-isakmp_sig_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_sig_print(const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
{
struct isakmp_gen e;
return (u_char *)ext + ntohs(e.len);
}
-static u_char *
-isakmp_nonce_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_nonce_print(const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
{
struct isakmp_gen e;
return (u_char *)ext + ntohs(e.len);
}
-static u_char *
-isakmp_n_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi0, u_int32_t proto0)
+static const u_char *
+isakmp_n_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi0, u_int32_t proto0, int depth)
{
struct isakmp_pl_n *p, n;
- u_char *cp;
+ const u_char *cp;
u_char *ep2;
u_int32_t doi;
u_int32_t proto;
switch (ntohs(n.type)) {
case IPSECDOI_NTYPE_RESPONDER_LIFETIME:
{
- struct attrmap *map = oakley_t_map;
+ const struct attrmap *map = oakley_t_map;
size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
while (cp < ep && cp < ep2) {
cp = isakmp_attrmap_print(cp,
(*(u_int32_t *)cp) ? "en" : "dis");
break;
case ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN:
- isakmp_sub_print(ISAKMP_NPTYPE_SA,
- (struct isakmp_gen *)cp, ep, phase, doi, proto);
+ if (isakmp_sub_print(ISAKMP_NPTYPE_SA,
+ (struct isakmp_gen *)cp, ep, phase, doi, proto,
+ depth) == NULL)
+ return NULL;
break;
default:
/* NULL is dummy */
return (u_char *)ext + ntohs(n.h.len);
}
-static u_char *
-isakmp_d_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi0, u_int32_t proto0)
+static const u_char *
+isakmp_d_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
+ u_int32_t doi0, u_int32_t proto0, int depth)
{
- struct isakmp_pl_d *p, d;
- u_int8_t *q;
+ const struct isakmp_pl_d *p;
+ struct isakmp_pl_d d;
+ const u_int8_t *q;
u_int32_t doi;
u_int32_t proto;
int i;
return q;
}
-static u_char *
-isakmp_vid_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_vid_print(const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
{
struct isakmp_gen e;
return (u_char *)ext + ntohs(e.len);
}
-static u_char *
-isakmp_sub0_print(u_char np, struct isakmp_gen *ext, u_char *ep,
- u_int32_t phase, u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_sub0_print(u_char np, const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
{
- u_char *cp;
+ const u_char *cp;
struct isakmp_gen e;
+ u_int item_len;
cp = (u_char *)ext;
safememcpy(&e, ext, sizeof(e));
if (NPFUNC(np))
- cp = (*NPFUNC(np))(ext, ep, phase, doi, proto);
+ cp = (*NPFUNC(np))(ext, ep, phase, doi, proto, depth);
else {
printf("%s", NPSTR(np));
- cp += ntohs(e.len);
+ item_len = ntohs(e.len);
+ if (item_len == 0) {
+ /*
+ * We don't want to loop forever processing this
+ * bogus (zero-length) item; return NULL so that
+ * we stop dissecting.
+ */
+ cp = NULL;
+ } else
+ cp += item_len;
}
+
return cp;
}
-static u_char *
-isakmp_sub_print(u_char np, struct isakmp_gen *ext, u_char *ep,
- u_int32_t phase, u_int32_t doi, u_int32_t proto)
+static const u_char *
+isakmp_sub_print(u_char np, const struct isakmp_gen *ext, const u_char *ep,
+ u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
{
- u_char *cp;
- static int depth = 0;
+ const u_char *cp;
int i;
struct isakmp_gen e;
- cp = (u_char *)ext;
+ cp = (const u_char *)ext;
while (np) {
safememcpy(&e, ext, sizeof(e));
for (i = 0; i < depth; i++)
printf(" ");
printf("(");
- cp = isakmp_sub0_print(np, ext, ep, phase, doi, proto);
+ cp = isakmp_sub0_print(np, ext, ep, phase, doi, proto, depth);
printf(")");
depth--;
+ if (cp == NULL) {
+ /* Zero-length subitem */
+ return NULL;
+ }
+
np = e.np;
ext = (struct isakmp_gen *)cp;
}
* optimization.
*/
static void
-safememcpy(void *p, void *q, size_t l)
+safememcpy(void *p, const void *q, size_t l)
{
memcpy(p, q, l);
}
void
isakmp_print(const u_char *bp, u_int length, const u_char *bp2)
{
- struct isakmp *p, base;
- u_char *ep;
+ const struct isakmp *p;
+ struct isakmp base;
+ const u_char *ep;
u_char np;
int i;
int phase;
int major, minor;
- p = (struct isakmp *)bp;
- ep = (u_char *)snapend;
+ p = (const struct isakmp *)bp;
+ ep = snapend;
if ((struct isakmp *)ep < p + 1) {
printf("[|isakmp]");
printf(":");
{
- struct isakmp_gen *ext;
+ const struct isakmp_gen *ext;
int nparen;
#define CHECKLEN(p, np) \
np = base.np;
ext = (struct isakmp_gen *)(p + 1);
- isakmp_sub_print(np, ext, ep, phase, 0, 0);
+ isakmp_sub_print(np, ext, ep, phase, 0, 0, 0);
}
done:
projects / tcpdump / commitdiff
