Upgrade to tcpdump 4.7.4.
Bug: http://b/24902618
Change-Id: I7c3605015d90453b0a8c339b1774e285796f8775
diff --git a/print-isakmp.c b/print-isakmp.c
index 2b352e5..bef0b45 100644
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -28,11 +28,6 @@
*
*/
-#ifndef lint
-static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.61 2008-02-05 19:34:25 guy Exp $ (LBL)";
-#endif
-
#define NETDISSECT_REWORKED
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -49,11 +44,6 @@
#include <string.h>
-#include <stdio.h>
-
-#include "isakmp.h"
-#include "ipsec_doi.h"
-#include "oakley.h"
#include "interface.h"
#include "addrtoname.h"
#include "extract.h" /* must come after interface.h */
@@ -63,18 +53,537 @@
#include "ip6.h"
#endif
-#ifndef HAVE_SOCKADDR_STORAGE
-#define sockaddr_storage sockaddr
+/* refer to RFC 2408 */
+
+typedef u_char cookie_t[8];
+typedef u_char msgid_t[4];
+
+#define PORT_ISAKMP 500
+
+/* 3.1 ISAKMP Header Format (IKEv1 and IKEv2)
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Initiator !
+ ! Cookie !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Responder !
+ ! Cookie !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Message ID !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+struct isakmp {
+ cookie_t i_ck; /* Initiator Cookie */
+ cookie_t r_ck; /* Responder Cookie */
+ uint8_t np; /* Next Payload Type */
+ uint8_t vers;
+#define ISAKMP_VERS_MAJOR 0xf0
+#define ISAKMP_VERS_MAJOR_SHIFT 4
+#define ISAKMP_VERS_MINOR 0x0f
+#define ISAKMP_VERS_MINOR_SHIFT 0
+ uint8_t etype; /* Exchange Type */
+ uint8_t flags; /* Flags */
+ msgid_t msgid;
+ uint32_t len; /* Length */
+};
+
+/* Next Payload Type */
+#define ISAKMP_NPTYPE_NONE 0 /* NONE*/
+#define ISAKMP_NPTYPE_SA 1 /* Security Association */
+#define ISAKMP_NPTYPE_P 2 /* Proposal */
+#define ISAKMP_NPTYPE_T 3 /* Transform */
+#define ISAKMP_NPTYPE_KE 4 /* Key Exchange */
+#define ISAKMP_NPTYPE_ID 5 /* Identification */
+#define ISAKMP_NPTYPE_CERT 6 /* Certificate */
+#define ISAKMP_NPTYPE_CR 7 /* Certificate Request */
+#define ISAKMP_NPTYPE_HASH 8 /* Hash */
+#define ISAKMP_NPTYPE_SIG 9 /* Signature */
+#define ISAKMP_NPTYPE_NONCE 10 /* Nonce */
+#define ISAKMP_NPTYPE_N 11 /* Notification */
+#define ISAKMP_NPTYPE_D 12 /* Delete */
+#define ISAKMP_NPTYPE_VID 13 /* Vendor ID */
+#define ISAKMP_NPTYPE_v2E 46 /* v2 Encrypted payload */
+
+#define IKEv1_MAJOR_VERSION 1
+#define IKEv1_MINOR_VERSION 0
+
+#define IKEv2_MAJOR_VERSION 2
+#define IKEv2_MINOR_VERSION 0
+
+/* Flags */
+#define ISAKMP_FLAG_E 0x01 /* Encryption Bit */
+#define ISAKMP_FLAG_C 0x02 /* Commit Bit */
+#define ISAKMP_FLAG_extra 0x04
+
+/* IKEv2 */
+#define ISAKMP_FLAG_I (1 << 3) /* (I)nitiator */
+#define ISAKMP_FLAG_V (1 << 4) /* (V)ersion */
+#define ISAKMP_FLAG_R (1 << 5) /* (R)esponse */
+
+
+/* 3.2 Payload Generic Header
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload ! RESERVED ! Payload Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+struct isakmp_gen {
+ uint8_t np; /* Next Payload */
+ uint8_t critical; /* bit 7 - critical, rest is RESERVED */
+ uint16_t len; /* Payload Length */
+};
+
+/* 3.3 Data Attributes
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ !A! Attribute Type ! AF=0 Attribute Length !
+ !F! ! AF=1 Attribute Value !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ . AF=0 Attribute Value .
+ . AF=1 Not Transmitted .
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+struct isakmp_data {
+ uint16_t type; /* defined by DOI-spec, and Attribute Format */
+ uint16_t lorv; /* if f equal 1, Attribute Length */
+ /* if f equal 0, Attribute Value */
+ /* if f equal 1, Attribute Value */
+};
+
+/* 3.4 Security Association Payload */
+ /* MAY NOT be used, because of being defined in ipsec-doi. */
+ /*
+ If the current payload is the last in the message,
+ then the value of the next payload field will be 0.
+ This field MUST NOT contain the
+ values for the Proposal or Transform payloads as they are considered
+ part of the security association negotiation. For example, this
+ field would contain the value "10" (Nonce payload) in the first
+ message of a Base Exchange (see Section 4.4) and the value "0" in the
+ first message of an Identity Protect Exchange (see Section 4.5).
+ */
+struct ikev1_pl_sa {
+ struct isakmp_gen h;
+ uint32_t doi; /* Domain of Interpretation */
+ uint32_t sit; /* Situation */
+};
+
+/* 3.5 Proposal Payload */
+ /*
+ The value of the next payload field MUST only contain the value "2"
+ or "0". If there are additional Proposal payloads in the message,
+ then this field will be 2. If the current Proposal payload is the
+ last within the security association proposal, then this field will
+ be 0.
+ */
+struct ikev1_pl_p {
+ struct isakmp_gen h;
+ uint8_t p_no; /* Proposal # */
+ uint8_t prot_id; /* Protocol */
+ uint8_t spi_size; /* SPI Size */
+ uint8_t num_t; /* Number of Transforms */
+ /* SPI */
+};
+
+/* 3.6 Transform Payload */
+ /*
+ The value of the next payload field MUST only contain the value "3"
+ or "0". If there are additional Transform payloads in the proposal,
+ then this field will be 3. If the current Transform payload is the
+ last within the proposal, then this field will be 0.
+ */
+struct ikev1_pl_t {
+ struct isakmp_gen h;
+ uint8_t t_no; /* Transform # */
+ uint8_t t_id; /* Transform-Id */
+ uint16_t reserved; /* RESERVED2 */
+ /* SA Attributes */
+};
+
+/* 3.7 Key Exchange Payload */
+struct ikev1_pl_ke {
+ struct isakmp_gen h;
+ /* Key Exchange Data */
+};
+
+/* 3.8 Identification Payload */
+ /* MUST NOT to be used, because of being defined in ipsec-doi. */
+struct ikev1_pl_id {
+ struct isakmp_gen h;
+ union {
+ uint8_t id_type; /* ID Type */
+ uint32_t doi_data; /* DOI Specific ID Data */
+ } d;
+ /* Identification Data */
+};
+
+/* 3.9 Certificate Payload */
+struct ikev1_pl_cert {
+ struct isakmp_gen h;
+ uint8_t encode; /* Cert Encoding */
+ char cert; /* Certificate Data */
+ /*
+ This field indicates the type of
+ certificate or certificate-related information contained in the
+ Certificate Data field.
+ */
+};
+
+/* 3.10 Certificate Request Payload */
+struct ikev1_pl_cr {
+ struct isakmp_gen h;
+ uint8_t num_cert; /* # Cert. Types */
+ /*
+ Certificate Types (variable length)
+ -- Contains a list of the types of certificates requested,
+ sorted in order of preference. Each individual certificate
+ type is 1 octet. This field is NOT requiredo
+ */
+ /* # Certificate Authorities (1 octet) */
+ /* Certificate Authorities (variable length) */
+};
+
+/* 3.11 Hash Payload */
+ /* may not be used, because of having only data. */
+struct ikev1_pl_hash {
+ struct isakmp_gen h;
+ /* Hash Data */
+};
+
+/* 3.12 Signature Payload */
+ /* may not be used, because of having only data. */
+struct ikev1_pl_sig {
+ struct isakmp_gen h;
+ /* Signature Data */
+};
+
+/* 3.13 Nonce Payload */
+ /* may not be used, because of having only data. */
+struct ikev1_pl_nonce {
+ struct isakmp_gen h;
+ /* Nonce Data */
+};
+
+/* 3.14 Notification Payload */
+struct ikev1_pl_n {
+ struct isakmp_gen h;
+ uint32_t doi; /* Domain of Interpretation */
+ uint8_t prot_id; /* Protocol-ID */
+ uint8_t spi_size; /* SPI Size */
+ uint16_t type; /* Notify Message Type */
+ /* SPI */
+ /* Notification Data */
+};
+
+/* 3.14.1 Notify Message Types */
+/* NOTIFY MESSAGES - ERROR TYPES */
+#define ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE 1
+#define ISAKMP_NTYPE_DOI_NOT_SUPPORTED 2
+#define ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED 3
+#define ISAKMP_NTYPE_INVALID_COOKIE 4
+#define ISAKMP_NTYPE_INVALID_MAJOR_VERSION 5
+#define ISAKMP_NTYPE_INVALID_MINOR_VERSION 6
+#define ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE 7
+#define ISAKMP_NTYPE_INVALID_FLAGS 8
+#define ISAKMP_NTYPE_INVALID_MESSAGE_ID 9
+#define ISAKMP_NTYPE_INVALID_PROTOCOL_ID 10
+#define ISAKMP_NTYPE_INVALID_SPI 11
+#define ISAKMP_NTYPE_INVALID_TRANSFORM_ID 12
+#define ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13
+#define ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN 14
+#define ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX 15
+#define ISAKMP_NTYPE_PAYLOAD_MALFORMED 16
+#define ISAKMP_NTYPE_INVALID_KEY_INFORMATION 17
+#define ISAKMP_NTYPE_INVALID_ID_INFORMATION 18
+#define ISAKMP_NTYPE_INVALID_CERT_ENCODING 19
+#define ISAKMP_NTYPE_INVALID_CERTIFICATE 20
+#define ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX 21
+#define ISAKMP_NTYPE_INVALID_CERT_AUTHORITY 22
+#define ISAKMP_NTYPE_INVALID_HASH_INFORMATION 23
+#define ISAKMP_NTYPE_AUTHENTICATION_FAILED 24
+#define ISAKMP_NTYPE_INVALID_SIGNATURE 25
+#define ISAKMP_NTYPE_ADDRESS_NOTIFICATION 26
+
+/* 3.15 Delete Payload */
+struct ikev1_pl_d {
+ struct isakmp_gen h;
+ uint32_t doi; /* Domain of Interpretation */
+ uint8_t prot_id; /* Protocol-Id */
+ uint8_t spi_size; /* SPI Size */
+ uint16_t num_spi; /* # of SPIs */
+ /* SPI(es) */
+};
+
+struct ikev1_ph1tab {
+ struct ikev1_ph1 *head;
+ struct ikev1_ph1 *tail;
+ int len;
+};
+
+struct isakmp_ph2tab {
+ struct ikev1_ph2 *head;
+ struct ikev1_ph2 *tail;
+ int len;
+};
+
+/* IKEv2 (RFC4306) */
+
+/* 3.3 Security Association Payload -- generic header */
+/* 3.3.1. Proposal Substructure */
+struct ikev2_p {
+ struct isakmp_gen h;
+ uint8_t p_no; /* Proposal # */
+ uint8_t prot_id; /* Protocol */
+ uint8_t spi_size; /* SPI Size */
+ uint8_t num_t; /* Number of Transforms */
+};
+
+/* 3.3.2. Transform Substructure */
+struct ikev2_t {
+ struct isakmp_gen h;
+ uint8_t t_type; /* Transform Type (ENCR,PRF,INTEG,etc.*/
+ uint8_t res2; /* reserved byte */
+ uint16_t t_id; /* Transform ID */
+};
+
+enum ikev2_t_type {
+ IV2_T_ENCR = 1,
+ IV2_T_PRF = 2,
+ IV2_T_INTEG= 3,
+ IV2_T_DH = 4,
+ IV2_T_ESN = 5,
+};
+
+/* 3.4. Key Exchange Payload */
+struct ikev2_ke {
+ struct isakmp_gen h;
+ uint16_t ke_group;
+ uint16_t ke_res1;
+ /* KE data */
+};
+
+
+/* 3.5. Identification Payloads */
+enum ikev2_id_type {
+ ID_IPV4_ADDR=1,
+ ID_FQDN=2,
+ ID_RFC822_ADDR=3,
+ ID_IPV6_ADDR=5,
+ ID_DER_ASN1_DN=9,
+ ID_DER_ASN1_GN=10,
+ ID_KEY_ID=11,
+};
+struct ikev2_id {
+ struct isakmp_gen h;
+ uint8_t type; /* ID type */
+ uint8_t res1;
+ uint16_t res2;
+ /* SPI */
+ /* Notification Data */
+};
+
+/* 3.10 Notification Payload */
+struct ikev2_n {
+ struct isakmp_gen h;
+ uint8_t prot_id; /* Protocol-ID */
+ uint8_t spi_size; /* SPI Size */
+ uint16_t type; /* Notify Message Type */
+};
+
+enum ikev2_n_type {
+ IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD = 1,
+ IV2_NOTIFY_INVALID_IKE_SPI = 4,
+ IV2_NOTIFY_INVALID_MAJOR_VERSION = 5,
+ IV2_NOTIFY_INVALID_SYNTAX = 7,
+ IV2_NOTIFY_INVALID_MESSAGE_ID = 9,
+ IV2_NOTIFY_INVALID_SPI =11,
+ IV2_NOTIFY_NO_PROPOSAL_CHOSEN =14,
+ IV2_NOTIFY_INVALID_KE_PAYLOAD =17,
+ IV2_NOTIFY_AUTHENTICATION_FAILED =24,
+ IV2_NOTIFY_SINGLE_PAIR_REQUIRED =34,
+ IV2_NOTIFY_NO_ADDITIONAL_SAS =35,
+ IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE =36,
+ IV2_NOTIFY_FAILED_CP_REQUIRED =37,
+ IV2_NOTIFY_INVALID_SELECTORS =39,
+ IV2_NOTIFY_INITIAL_CONTACT =16384,
+ IV2_NOTIFY_SET_WINDOW_SIZE =16385,
+ IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE =16386,
+ IV2_NOTIFY_IPCOMP_SUPPORTED =16387,
+ IV2_NOTIFY_NAT_DETECTION_SOURCE_IP =16388,
+ IV2_NOTIFY_NAT_DETECTION_DESTINATION_IP =16389,
+ IV2_NOTIFY_COOKIE =16390,
+ IV2_NOTIFY_USE_TRANSPORT_MODE =16391,
+ IV2_NOTIFY_HTTP_CERT_LOOKUP_SUPPORTED =16392,
+ IV2_NOTIFY_REKEY_SA =16393,
+ IV2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED =16394,
+ IV2_NOTIFY_NON_FIRST_FRAGMENTS_ALSO =16395
+};
+
+struct notify_messages {
+ uint16_t type;
+ char *msg;
+};
+
+/* 3.8 Notification Payload */
+struct ikev2_auth {
+ struct isakmp_gen h;
+ uint8_t auth_method; /* Protocol-ID */
+ uint8_t reserved[3];
+ /* authentication data */
+};
+
+enum ikev2_auth_type {
+ IV2_RSA_SIG = 1,
+ IV2_SHARED = 2,
+ IV2_DSS_SIG = 3,
+};
+
+/* refer to RFC 2409 */
+
+#if 0
+/* isakmp sa structure */
+struct oakley_sa {
+ uint8_t proto_id; /* OAKLEY */
+ vchar_t *spi; /* spi */
+ uint8_t dhgrp; /* DH; group */
+ uint8_t auth_t; /* method of authentication */
+ uint8_t prf_t; /* type of prf */
+ uint8_t hash_t; /* type of hash */
+ uint8_t enc_t; /* type of cipher */
+ uint8_t life_t; /* type of duration of lifetime */
+ uint32_t ldur; /* life duration */
+};
#endif
+/* refer to RFC 2407 */
+
+#define IPSEC_DOI 1
+
+/* 4.2 IPSEC Situation Definition */
+#define IPSECDOI_SIT_IDENTITY_ONLY 0x00000001
+#define IPSECDOI_SIT_SECRECY 0x00000002
+#define IPSECDOI_SIT_INTEGRITY 0x00000004
+
+/* 4.4.1 IPSEC Security Protocol Identifiers */
+ /* 4.4.2 IPSEC ISAKMP Transform Values */
+#define IPSECDOI_PROTO_ISAKMP 1
+#define IPSECDOI_KEY_IKE 1
+
+/* 4.4.1 IPSEC Security Protocol Identifiers */
+#define IPSECDOI_PROTO_IPSEC_AH 2
+ /* 4.4.3 IPSEC AH Transform Values */
+#define IPSECDOI_AH_MD5 2
+#define IPSECDOI_AH_SHA 3
+#define IPSECDOI_AH_DES 4
+#define IPSECDOI_AH_SHA2_256 5
+#define IPSECDOI_AH_SHA2_384 6
+#define IPSECDOI_AH_SHA2_512 7
+
+/* 4.4.1 IPSEC Security Protocol Identifiers */
+#define IPSECDOI_PROTO_IPSEC_ESP 3
+ /* 4.4.4 IPSEC ESP Transform Identifiers */
+#define IPSECDOI_ESP_DES_IV64 1
+#define IPSECDOI_ESP_DES 2
+#define IPSECDOI_ESP_3DES 3
+#define IPSECDOI_ESP_RC5 4
+#define IPSECDOI_ESP_IDEA 5
+#define IPSECDOI_ESP_CAST 6
+#define IPSECDOI_ESP_BLOWFISH 7
+#define IPSECDOI_ESP_3IDEA 8
+#define IPSECDOI_ESP_DES_IV32 9
+#define IPSECDOI_ESP_RC4 10
+#define IPSECDOI_ESP_NULL 11
+#define IPSECDOI_ESP_RIJNDAEL 12
+#define IPSECDOI_ESP_AES 12
+
+/* 4.4.1 IPSEC Security Protocol Identifiers */
+#define IPSECDOI_PROTO_IPCOMP 4
+ /* 4.4.5 IPSEC IPCOMP Transform Identifiers */
+#define IPSECDOI_IPCOMP_OUI 1
+#define IPSECDOI_IPCOMP_DEFLATE 2
+#define IPSECDOI_IPCOMP_LZS 3
+
+/* 4.5 IPSEC Security Association Attributes */
+#define IPSECDOI_ATTR_SA_LTYPE 1 /* B */
+#define IPSECDOI_ATTR_SA_LTYPE_DEFAULT 1
+#define IPSECDOI_ATTR_SA_LTYPE_SEC 1
+#define IPSECDOI_ATTR_SA_LTYPE_KB 2
+#define IPSECDOI_ATTR_SA_LDUR 2 /* V */
+#define IPSECDOI_ATTR_SA_LDUR_DEFAULT 28800 /* 8 hours */
+#define IPSECDOI_ATTR_GRP_DESC 3 /* B */
+#define IPSECDOI_ATTR_ENC_MODE 4 /* B */
+ /* default value: host dependent */
+#define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1
+#define IPSECDOI_ATTR_ENC_MODE_TRNS 2
+#define IPSECDOI_ATTR_AUTH 5 /* B */
+ /* 0 means not to use authentication. */
+#define IPSECDOI_ATTR_AUTH_HMAC_MD5 1
+#define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2
+#define IPSECDOI_ATTR_AUTH_DES_MAC 3
+#define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/
+ /*
+ * When negotiating ESP without authentication, the Auth
+ * Algorithm attribute MUST NOT be included in the proposal.
+ * When negotiating ESP without confidentiality, the Auth
+ * Algorithm attribute MUST be included in the proposal and
+ * the ESP transform ID must be ESP_NULL.
+ */
+#define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */
+#define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */
+#define IPSECDOI_ATTR_COMP_DICT_SIZE 8 /* B */
+#define IPSECDOI_ATTR_COMP_PRIVALG 9 /* V */
+
+/* 4.6.1 Security Association Payload */
+struct ipsecdoi_sa {
+ struct isakmp_gen h;
+ uint32_t doi; /* Domain of Interpretation */
+ uint32_t sit; /* Situation */
+};
+
+struct ipsecdoi_secrecy_h {
+ uint16_t len;
+ uint16_t reserved;
+};
+
+/* 4.6.2.1 Identification Type Values */
+struct ipsecdoi_id {
+ struct isakmp_gen h;
+ uint8_t type; /* ID Type */
+ uint8_t proto_id; /* Protocol ID */
+ uint16_t port; /* Port */
+ /* Identification Data */
+};
+
+#define IPSECDOI_ID_IPV4_ADDR 1
+#define IPSECDOI_ID_FQDN 2
+#define IPSECDOI_ID_USER_FQDN 3
+#define IPSECDOI_ID_IPV4_ADDR_SUBNET 4
+#define IPSECDOI_ID_IPV6_ADDR 5
+#define IPSECDOI_ID_IPV6_ADDR_SUBNET 6
+#define IPSECDOI_ID_IPV4_ADDR_RANGE 7
+#define IPSECDOI_ID_IPV6_ADDR_RANGE 8
+#define IPSECDOI_ID_DER_ASN1_DN 9
+#define IPSECDOI_ID_DER_ASN1_GN 10
+#define IPSECDOI_ID_KEY_ID 11
+
+/* 4.6.3 IPSEC DOI Notify Message Types */
+/* Notify Messages - Status Types */
+#define IPSECDOI_NTYPE_RESPONDER_LIFETIME 24576
+#define IPSECDOI_NTYPE_REPLAY_STATUS 24577
+#define IPSECDOI_NTYPE_INITIAL_CONTACT 24578
+
#define DECLARE_PRINTER(func) static const u_char *ike##func##_print( \
netdissect_options *ndo, u_char tpay, \
const struct isakmp_gen *ext, \
u_int item_len, \
const u_char *end_pointer, \
- u_int32_t phase,\
- u_int32_t doi0, \
- u_int32_t proto0, int depth)
+ uint32_t phase,\
+ uint32_t doi0, \
+ uint32_t proto0, int depth)
DECLARE_PRINTER(v1_sa);
DECLARE_PRINTER(v1_p);
@@ -108,23 +617,23 @@
struct isakmp *base,
u_char tpay,
const struct isakmp_gen *ext,
- u_int item_len,
- const u_char *end_pointer,
- u_int32_t phase,
- u_int32_t doi0,
- u_int32_t proto0, int depth);
+ u_int item_len,
+ const u_char *end_pointer,
+ uint32_t phase,
+ uint32_t doi0,
+ uint32_t proto0, int depth);
static const u_char *ike_sub0_print(netdissect_options *ndo,u_char, const struct isakmp_gen *,
- const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+ const u_char *, uint32_t, uint32_t, uint32_t, int);
static const u_char *ikev1_sub_print(netdissect_options *ndo,u_char, const struct isakmp_gen *,
- const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
+ const u_char *, uint32_t, uint32_t, uint32_t, int);
static const u_char *ikev2_sub_print(netdissect_options *ndo,
struct isakmp *base,
u_char np, const struct isakmp_gen *ext,
- const u_char *ep, u_int32_t phase,
- u_int32_t doi, u_int32_t proto,
+ const u_char *ep, uint32_t phase,
+ uint32_t doi, uint32_t proto,
int depth);
@@ -137,10 +646,17 @@
#define MAXINITIATORS 20
int ninitiator = 0;
+union inaddr_u {
+ struct in_addr in4;
+#ifdef INET6
+ struct in6_addr in6;
+#endif
+};
struct {
cookie_t initiator;
- struct sockaddr_storage iaddr;
- struct sockaddr_storage raddr;
+ u_int version;
+ union inaddr_u iaddr;
+ union inaddr_u raddr;
} cookiecache[MAXINITIATORS];
/* protocol id */
@@ -160,17 +676,17 @@
"v2cr", "v2auth","v2nonce", "v2n", "v2d", /* 38- 42 */
"v2vid", "v2TSi", "v2TSr", "v2e", "v2cp", /* 43- 47 */
"v2eap", /* 48 */
-
+
};
/* isakmp->np */
-static const u_char *(*npfunc[])(netdissect_options *ndo, u_char tpay,
+static const u_char *(*npfunc[])(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len,
const u_char *end_pointer,
- u_int32_t phase,
- u_int32_t doi0,
- u_int32_t proto0, int depth) = {
+ uint32_t phase,
+ uint32_t doi0,
+ uint32_t proto0, int depth) = {
NULL,
ikev1_sa_print,
ikev1_p_print,
@@ -230,7 +746,7 @@
ND_PRINT((ndo," [|%s]", NPSTR(np))); \
goto done; \
}
-
+
#define NPFUNC(x) \
(((x) < sizeof(npfunc)/sizeof(npfunc[0]) && npfunc[(x)]) \
@@ -266,10 +782,8 @@
{
int i;
struct ip *ip;
- struct sockaddr_in *sin;
#ifdef INET6
struct ip6_hdr *ip6;
- struct sockaddr_in6 *sin6;
#endif
i = cookie_find(in);
@@ -281,44 +795,16 @@
ip = (struct ip *)bp2;
switch (IP_V(ip)) {
case 4:
- memset(&cookiecache[ninitiator].iaddr, 0,
- sizeof(cookiecache[ninitiator].iaddr));
- memset(&cookiecache[ninitiator].raddr, 0,
- sizeof(cookiecache[ninitiator].raddr));
-
- sin = (struct sockaddr_in *)&cookiecache[ninitiator].iaddr;
-#ifdef HAVE_SOCKADDR_SA_LEN
- sin->sin_len = sizeof(struct sockaddr_in);
-#endif
- sin->sin_family = AF_INET;
- UNALIGNED_MEMCPY(&sin->sin_addr, &ip->ip_src, sizeof(ip->ip_src));
- sin = (struct sockaddr_in *)&cookiecache[ninitiator].raddr;
-#ifdef HAVE_SOCKADDR_SA_LEN
- sin->sin_len = sizeof(struct sockaddr_in);
-#endif
- sin->sin_family = AF_INET;
- UNALIGNED_MEMCPY(&sin->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst));
+ cookiecache[ninitiator].version = 4;
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in4, &ip->ip_src, sizeof(struct in_addr));
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in4, &ip->ip_dst, sizeof(struct in_addr));
break;
#ifdef INET6
case 6:
- memset(&cookiecache[ninitiator].iaddr, 0,
- sizeof(cookiecache[ninitiator].iaddr));
- memset(&cookiecache[ninitiator].raddr, 0,
- sizeof(cookiecache[ninitiator].raddr));
-
ip6 = (struct ip6_hdr *)bp2;
- sin6 = (struct sockaddr_in6 *)&cookiecache[ninitiator].iaddr;
-#ifdef HAVE_SOCKADDR_SA_LEN
- sin6->sin6_len = sizeof(struct sockaddr_in6);
-#endif
- sin6->sin6_family = AF_INET6;
- UNALIGNED_MEMCPY(&sin6->sin6_addr, &ip6->ip6_src, sizeof(ip6->ip6_src));
- sin6 = (struct sockaddr_in6 *)&cookiecache[ninitiator].raddr;
-#ifdef HAVE_SOCKADDR_SA_LEN
- sin6->sin6_len = sizeof(struct sockaddr_in6);
-#endif
- sin6->sin6_family = AF_INET6;
- UNALIGNED_MEMCPY(&sin6->sin6_addr, &ip6->ip6_dst, sizeof(ip6->ip6_dst));
+ cookiecache[ninitiator].version = 6;
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].iaddr.in6, &ip6->ip6_src, sizeof(struct in6_addr));
+ UNALIGNED_MEMCPY(&cookiecache[ninitiator].raddr.in6, &ip6->ip6_dst, sizeof(struct in6_addr));
break;
#endif
default:
@@ -333,78 +819,42 @@
static int
cookie_sidecheck(int i, const u_char *bp2, int initiator)
{
- struct sockaddr_storage ss;
- struct sockaddr *sa;
struct ip *ip;
- struct sockaddr_in *sin;
#ifdef INET6
struct ip6_hdr *ip6;
- struct sockaddr_in6 *sin6;
#endif
- int salen;
- memset(&ss, 0, sizeof(ss));
ip = (struct ip *)bp2;
switch (IP_V(ip)) {
case 4:
- sin = (struct sockaddr_in *)&ss;
-#ifdef HAVE_SOCKADDR_SA_LEN
- sin->sin_len = sizeof(struct sockaddr_in);
-#endif
- sin->sin_family = AF_INET;
- UNALIGNED_MEMCPY(&sin->sin_addr, &ip->ip_src, sizeof(ip->ip_src));
+ if (cookiecache[i].version != 4)
+ return 0;
+ if (initiator) {
+ if (UNALIGNED_MEMCMP(&ip->ip_src, &cookiecache[i].iaddr.in4, sizeof(struct in_addr)) == 0)
+ return 1;
+ } else {
+ if (UNALIGNED_MEMCMP(&ip->ip_src, &cookiecache[i].raddr.in4, sizeof(struct in_addr)) == 0)
+ return 1;
+ }
break;
#ifdef INET6
case 6:
+ if (cookiecache[i].version != 6)
+ return 0;
ip6 = (struct ip6_hdr *)bp2;
- sin6 = (struct sockaddr_in6 *)&ss;
-#ifdef HAVE_SOCKADDR_SA_LEN
- sin6->sin6_len = sizeof(struct sockaddr_in6);
-#endif
- sin6->sin6_family = AF_INET6;
- UNALIGNED_MEMCPY(&sin6->sin6_addr, &ip6->ip6_src, sizeof(ip6->ip6_src));
+ if (initiator) {
+ if (UNALIGNED_MEMCMP(&ip6->ip6_src, &cookiecache[i].iaddr.in6, sizeof(struct in6_addr)) == 0)
+ return 1;
+ } else {
+ if (UNALIGNED_MEMCMP(&ip6->ip6_src, &cookiecache[i].raddr.in6, sizeof(struct in6_addr)) == 0)
+ return 1;
+ }
break;
-#endif
+#endif /* INET6 */
default:
- return 0;
+ break;
}
- sa = (struct sockaddr *)&ss;
- if (initiator) {
- if (sa->sa_family != ((struct sockaddr *)&cookiecache[i].iaddr)->sa_family)
- return 0;
-#ifdef HAVE_SOCKADDR_SA_LEN
- salen = sa->sa_len;
-#else
-#ifdef INET6
- if (sa->sa_family == AF_INET6)
- salen = sizeof(struct sockaddr_in6);
- else
- salen = sizeof(struct sockaddr);
-#else
- salen = sizeof(struct sockaddr);
-#endif
-#endif
- if (memcmp(&ss, &cookiecache[i].iaddr, salen) == 0)
- return 1;
- } else {
- if (sa->sa_family != ((struct sockaddr *)&cookiecache[i].raddr)->sa_family)
- return 0;
-#ifdef HAVE_SOCKADDR_SA_LEN
- salen = sa->sa_len;
-#else
-#ifdef INET6
- if (sa->sa_family == AF_INET6)
- salen = sizeof(struct sockaddr_in6);
- else
- salen = sizeof(struct sockaddr);
-#else
- salen = sizeof(struct sockaddr);
-#endif
-#endif
- if (memcmp(&ss, &cookiecache[i].raddr, salen) == 0)
- return 1;
- }
return 0;
}
@@ -434,7 +884,7 @@
/*
* returns false if we run out of data buffer
*/
-static int ike_show_somedata(struct netdissect_options *ndo,
+static int ike_show_somedata(netdissect_options *ndo,
const u_char *cp, const u_char *ep)
{
/* there is too much data, just show some of it */
@@ -444,13 +894,13 @@
if(len > 10) {
len = 10;
}
-
+
/* really shouldn't happen because of above */
if(end < cp + len) {
end = cp+len;
elen = ep - end;
}
-
+
ND_PRINT((ndo," data=("));
if(!rawprint(ndo, (caddr_t)(cp), len)) goto trunc;
ND_PRINT((ndo, "..."));
@@ -476,7 +926,7 @@
const struct attrmap *map, size_t nmap)
{
int totlen;
- u_int32_t t, v;
+ uint32_t t, v;
if (p[0] & 0x80)
totlen = 4;
@@ -512,7 +962,7 @@
ikev1_attr_print(netdissect_options *ndo, const u_char *p, const u_char *ep)
{
int totlen;
- u_int32_t t;
+ uint32_t t;
if (p[0] & 0x80)
totlen = 4;
@@ -542,12 +992,12 @@
ikev1_sa_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext,
u_int item_len _U_,
- const u_char *ep, u_int32_t phase, u_int32_t doi0 _U_,
- u_int32_t proto0, int depth)
+ const u_char *ep, uint32_t phase, uint32_t doi0 _U_,
+ uint32_t proto0, int depth)
{
const struct ikev1_pl_sa *p;
struct ikev1_pl_sa sa;
- u_int32_t doi, sit, ident;
+ uint32_t doi, sit, ident;
const u_char *cp, *np;
int t;
@@ -560,7 +1010,7 @@
sit = ntohl(sa.sit);
if (doi != 1) {
ND_PRINT((ndo," doi=%d", doi));
- ND_PRINT((ndo," situation=%u", (u_int32_t)ntohl(sa.sit)));
+ ND_PRINT((ndo," situation=%u", (uint32_t)ntohl(sa.sit)));
return (u_char *)(p + 1);
}
@@ -582,7 +1032,7 @@
if (sit != 0x01) {
ND_TCHECK2(*(ext + 1), sizeof(ident));
UNALIGNED_MEMCPY(&ident, ext + 1, sizeof(ident));
- ND_PRINT((ndo," ident=%u", (u_int32_t)ntohl(ident)));
+ ND_PRINT((ndo," ident=%u", (uint32_t)ntohl(ident)));
np += sizeof(ident);
}
@@ -601,8 +1051,8 @@
static const u_char *
ikev1_p_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep, u_int32_t phase, u_int32_t doi0,
- u_int32_t proto0 _U_, int depth)
+ const u_char *ep, uint32_t phase, uint32_t doi0,
+ uint32_t proto0 _U_, int depth)
{
const struct ikev1_pl_p *p;
struct ikev1_pl_p prop;
@@ -623,10 +1073,10 @@
ext = (struct isakmp_gen *)((u_char *)(p + 1) + prop.spi_size);
ND_TCHECK(*ext);
-
+
cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
prop.prot_id, depth);
-
+
return cp;
trunc:
ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_P)));
@@ -686,7 +1136,7 @@
NULL, "oui", "deflate", "lzs",
};
-const struct attrmap ipsec_t_map[] = {
+static const struct attrmap ipsec_t_map[] = {
{ NULL, 0, { NULL } },
{ "lifetype", 3, { NULL, "sec", "kb", }, },
{ "life", 0, { NULL } },
@@ -713,7 +1163,7 @@
{ "privalg", 0, { NULL } },
};
-const struct attrmap encr_t_map[] = {
+static const struct attrmap encr_t_map[] = {
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 0, 1 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 2, 3 */
{ NULL, 0, { NULL } }, { NULL, 0, { NULL } }, /* 4, 5 */
@@ -724,7 +1174,7 @@
{ "keylen", 14, { NULL }},
};
-const struct attrmap oakley_t_map[] = {
+static const struct attrmap oakley_t_map[] = {
{ NULL, 0, { NULL } },
{ "enc", 8, { NULL, "1des", "idea", "blowfish", "rc5",
"3des", "cast", "aes", }, },
@@ -764,8 +1214,8 @@
static const u_char *
ikev1_t_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len,
- const u_char *ep, u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto, int depth _U_)
+ const u_char *ep, uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto, int depth _U_)
{
const struct ikev1_pl_t *p;
struct ikev1_pl_t t;
@@ -833,8 +1283,8 @@
static const u_char *
ikev1_ke_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
@@ -856,9 +1306,9 @@
static const u_char *
ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,
- const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ const struct isakmp_gen *ext, u_int item_len,
+ const u_char *ep _U_, uint32_t phase, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
#define USE_IPSECDOI_IN_PHASE1 1
const struct ikev1_pl_id *p;
@@ -897,7 +1347,7 @@
default:
ND_PRINT((ndo," idtype=%s", STR_OR_ID(id.d.id_type, idtypestr)));
ND_PRINT((ndo," doi_data=%u",
- (u_int32_t)(ntohl(id.d.doi_data) & 0xffffff)));
+ (uint32_t)(ntohl(id.d.doi_data) & 0xffffff)));
break;
#ifdef USE_IPSECDOI_IN_PHASE1
@@ -913,20 +1363,12 @@
ND_TCHECK(*p);
UNALIGNED_MEMCPY(&id, ext, sizeof(id));
ND_PRINT((ndo," idtype=%s", STR_OR_ID(id.type, ipsecidtypestr)));
- if (id.proto_id) {
-#ifndef WIN32
- setprotoent(1);
-#endif /* WIN32 */
- pe = getprotobynumber(id.proto_id);
- if (pe)
- ND_PRINT((ndo," protoid=%s", pe->p_name));
-#ifndef WIN32
- endprotoent();
-#endif /* WIN32 */
- } else {
- /* it DOES NOT mean IPPROTO_IP! */
- ND_PRINT((ndo," protoid=%s", "0"));
- }
+ /* A protocol ID of 0 DOES NOT mean IPPROTO_IP! */
+ pe = id.proto_id ? getprotobynumber(id.proto_id) : NULL;
+ if (pe)
+ ND_PRINT((ndo," protoid=%s", pe->p_name));
+ else
+ ND_PRINT((ndo," protoid=%u", id.proto_id));
ND_PRINT((ndo," port=%d", ntohs(id.port)));
if (!len)
break;
@@ -938,7 +1380,7 @@
if (len < 4)
ND_PRINT((ndo," len=%d [bad: < 4]", len));
else
- ND_PRINT((ndo," len=%d %s", len, ipaddr_string(data)));
+ ND_PRINT((ndo," len=%d %s", len, ipaddr_string(ndo, data)));
len = 0;
break;
case IPSECDOI_ID_FQDN:
@@ -947,7 +1389,7 @@
int i;
ND_PRINT((ndo," len=%d ", len));
for (i = 0; i < len; i++)
- safeputchar(data[i]);
+ safeputchar(ndo, data[i]);
len = 0;
break;
}
@@ -959,7 +1401,7 @@
else {
mask = data + sizeof(struct in_addr);
ND_PRINT((ndo," len=%d %s/%u.%u.%u.%u", len,
- ipaddr_string(data),
+ ipaddr_string(ndo, data),
mask[0], mask[1], mask[2], mask[3]));
}
len = 0;
@@ -970,7 +1412,7 @@
if (len < 16)
ND_PRINT((ndo," len=%d [bad: < 16]", len));
else
- ND_PRINT((ndo," len=%d %s", len, ip6addr_string(data)));
+ ND_PRINT((ndo," len=%d %s", len, ip6addr_string(ndo, data)));
len = 0;
break;
case IPSECDOI_ID_IPV6_ADDR_SUBNET:
@@ -982,7 +1424,7 @@
mask = (u_char *)(data + sizeof(struct in6_addr));
/*XXX*/
ND_PRINT((ndo," len=%d %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", len,
- ip6addr_string(data),
+ ip6addr_string(ndo, data),
mask[0], mask[1], mask[2], mask[3],
mask[4], mask[5], mask[6], mask[7],
mask[8], mask[9], mask[10], mask[11],
@@ -997,8 +1439,8 @@
ND_PRINT((ndo," len=%d [bad: < 8]", len));
else {
ND_PRINT((ndo," len=%d %s-%s", len,
- ipaddr_string(data),
- ipaddr_string(data + sizeof(struct in_addr))));
+ ipaddr_string(ndo, data),
+ ipaddr_string(ndo, data + sizeof(struct in_addr))));
}
len = 0;
break;
@@ -1008,8 +1450,8 @@
ND_PRINT((ndo," len=%d [bad: < 32]", len));
else {
ND_PRINT((ndo," len=%d %s-%s", len,
- ip6addr_string(data),
- ip6addr_string(data + sizeof(struct in6_addr))));
+ ip6addr_string(ndo, data),
+ ip6addr_string(ndo, data + sizeof(struct in6_addr))));
}
len = 0;
break;
@@ -1039,9 +1481,9 @@
static const u_char *
ikev1_cert_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase _U_,
- u_int32_t doi0 _U_,
- u_int32_t proto0 _U_, int depth _U_)
+ const u_char *ep _U_, uint32_t phase _U_,
+ uint32_t doi0 _U_,
+ uint32_t proto0 _U_, int depth _U_)
{
const struct ikev1_pl_cert *p;
struct ikev1_pl_cert cert;
@@ -1072,8 +1514,8 @@
static const u_char *
ikev1_cr_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi0 _U_,
- u_int32_t proto0 _U_, int depth _U_)
+ const u_char *ep _U_, uint32_t phase _U_, uint32_t doi0 _U_,
+ uint32_t proto0 _U_, int depth _U_)
{
const struct ikev1_pl_cert *p;
struct ikev1_pl_cert cert;
@@ -1104,8 +1546,8 @@
static const u_char *
ikev1_hash_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
@@ -1128,8 +1570,8 @@
static const u_char *
ikev1_sig_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
@@ -1154,8 +1596,8 @@
const struct isakmp_gen *ext,
u_int item_len _U_,
const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
@@ -1182,14 +1624,14 @@
static const u_char *
ikev1_n_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len,
- const u_char *ep, u_int32_t phase, u_int32_t doi0 _U_,
- u_int32_t proto0 _U_, int depth)
+ const u_char *ep, uint32_t phase, uint32_t doi0 _U_,
+ uint32_t proto0 _U_, int depth)
{
struct ikev1_pl_n *p, n;
const u_char *cp;
u_char *ep2;
- u_int32_t doi;
- u_int32_t proto;
+ uint32_t doi;
+ uint32_t proto;
static const char *notify_error_str[] = {
NULL, "INVALID-PAYLOAD-TYPE",
"DOI-NOT-SUPPORTED", "SITUATION-NOT-SUPPORTED",
@@ -1323,14 +1765,14 @@
static const u_char *
ikev1_d_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi0 _U_,
- u_int32_t proto0 _U_, int depth _U_)
+ const u_char *ep _U_, uint32_t phase _U_, uint32_t doi0 _U_,
+ uint32_t proto0 _U_, int depth _U_)
{
const struct ikev1_pl_d *p;
struct ikev1_pl_d d;
- const u_int8_t *q;
- u_int32_t doi;
- u_int32_t proto;
+ const uint8_t *q;
+ uint32_t doi;
+ uint32_t proto;
int i;
ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_D)));
@@ -1350,7 +1792,7 @@
ND_PRINT((ndo," spilen=%u", d.spi_size));
ND_PRINT((ndo," nspi=%u", ntohs(d.num_spi)));
ND_PRINT((ndo," spi="));
- q = (u_int8_t *)(p + 1);
+ q = (uint8_t *)(p + 1);
for (i = 0; i < ntohs(d.num_spi); i++) {
if (i != 0)
ND_PRINT((ndo,","));
@@ -1368,8 +1810,8 @@
ikev1_vid_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
@@ -1426,12 +1868,12 @@
static const u_char *
ikev2_t_print(netdissect_options *ndo, u_char tpay _U_, int pcount,
const struct isakmp_gen *ext, u_int item_len,
- const u_char *ep, u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ const u_char *ep, uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
const struct ikev2_t *p;
struct ikev2_t t;
- u_int16_t t_id;
+ uint16_t t_id;
const u_char *cp;
const char *idstr;
const struct attrmap *map;
@@ -1444,7 +1886,7 @@
ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_T), t.h.critical);
t_id = ntohs(t.t_id);
-
+
map = NULL;
nmap = 0;
@@ -1504,8 +1946,8 @@
static const u_char *
ikev2_p_print(netdissect_options *ndo, u_char tpay _U_, int pcount _U_,
const struct isakmp_gen *ext, u_int item_len _U_,
- const u_char *ep, u_int32_t phase, u_int32_t doi0,
- u_int32_t proto0 _U_, int depth)
+ const u_char *ep, uint32_t phase, uint32_t doi0,
+ uint32_t proto0 _U_, int depth)
{
const struct ikev2_p *p;
struct ikev2_p prop;
@@ -1530,7 +1972,7 @@
cp = ikev2_sub_print(ndo, NULL, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
prop.prot_id, depth);
-
+
return cp;
trunc:
ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_P)));
@@ -1538,11 +1980,11 @@
}
static const u_char *
-ikev2_sa_print(netdissect_options *ndo, u_char tpay,
+ikev2_sa_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext1,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
int osa_length, sa_length;
@@ -1566,11 +2008,11 @@
}
static const u_char *
-ikev2_ke_print(netdissect_options *ndo, u_char tpay,
+ikev2_ke_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct ikev2_ke ke;
struct ikev2_ke *k;
@@ -1582,7 +2024,7 @@
ND_PRINT((ndo," len=%u group=%s", ntohs(ke.h.len) - 8,
STR_OR_ID(ntohs(ke.ke_group), dh_p_map)));
-
+
if (2 < ndo->ndo_vflag && 8 < ntohs(ke.h.len)) {
ND_PRINT((ndo," "));
if (!rawprint(ndo, (caddr_t)(k + 1), ntohs(ke.h.len) - 8))
@@ -1595,11 +2037,11 @@
}
static const u_char *
-ikev2_ID_print(netdissect_options *ndo, u_char tpay,
+ikev2_ID_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct ikev2_id id;
int id_len, idtype_len, i;
@@ -1677,31 +2119,31 @@
}
static const u_char *
-ikev2_cert_print(netdissect_options *ndo, u_char tpay,
+ikev2_cert_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
return ikev2_gen_print(ndo, tpay, ext);
}
static const u_char *
-ikev2_cr_print(netdissect_options *ndo, u_char tpay,
+ikev2_cr_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
return ikev2_gen_print(ndo, tpay, ext);
}
static const u_char *
-ikev2_auth_print(netdissect_options *ndo, u_char tpay,
+ikev2_auth_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct ikev2_auth a;
const char *v2_auth[]={ "invalid", "rsasig",
@@ -1714,7 +2156,7 @@
ikev2_pay_print(ndo, NPSTR(tpay), a.h.critical);
len = ntohs(a.h.len);
- ND_PRINT((ndo," len=%d method=%s", len-4,
+ ND_PRINT((ndo," len=%d method=%s", len-4,
STR_OR_ID(a.auth_method, v2_auth)));
if (1 < ndo->ndo_vflag && 4 < len) {
@@ -1733,11 +2175,11 @@
}
static const u_char *
-ikev2_nonce_print(netdissect_options *ndo, u_char tpay,
+ikev2_nonce_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
@@ -1763,17 +2205,17 @@
/* notify payloads */
static const u_char *
-ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
+ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct ikev2_n *p, n;
const u_char *cp;
u_char showspi, showdata, showsomedata;
const char *notify_name;
- u_int32_t type;
+ uint32_t type;
p = (struct ikev2_n *)ext;
ND_TCHECK(*p);
@@ -1851,7 +2293,7 @@
showspi = 0;
break;
- case IV2_NOTIFY_FAILED_CP_REQUIRED:
+ case IV2_NOTIFY_FAILED_CP_REQUIRED:
notify_name = "failed:cp_required";
showspi = 0;
break;
@@ -1866,7 +2308,7 @@
showspi = 0;
break;
- case IV2_NOTIFY_SET_WINDOW_SIZE:
+ case IV2_NOTIFY_SET_WINDOW_SIZE:
notify_name = "set_window_size";
showspi = 0;
break;
@@ -1876,7 +2318,7 @@
showspi = 0;
break;
- case IV2_NOTIFY_IPCOMP_SUPPORTED:
+ case IV2_NOTIFY_IPCOMP_SUPPORTED:
notify_name = "ipcomp_supported";
showspi = 0;
break;
@@ -1938,7 +2380,7 @@
if(notify_name) {
ND_PRINT((ndo," type=%u(%s)", type, notify_name));
}
-
+
if (showspi && n.spi_size) {
ND_PRINT((ndo," spi="));
@@ -1962,7 +2404,7 @@
} else if(showsomedata && cp < ep) {
if(!ike_show_somedata(ndo, cp, ep)) goto trunc;
}
-
+
return (u_char *)ext + item_len;
trunc:
ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_N)));
@@ -1970,21 +2412,21 @@
}
static const u_char *
-ikev2_d_print(netdissect_options *ndo, u_char tpay,
+ikev2_d_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
return ikev2_gen_print(ndo, tpay, ext);
}
static const u_char *
-ikev2_vid_print(netdissect_options *ndo, u_char tpay,
+ikev2_vid_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
struct isakmp_gen e;
const u_char *vid;
@@ -2014,11 +2456,11 @@
}
static const u_char *
-ikev2_TS_print(netdissect_options *ndo, u_char tpay,
+ikev2_TS_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
return ikev2_gen_print(ndo, tpay, ext);
}
@@ -2029,21 +2471,21 @@
_U_
#endif
struct isakmp *base,
- u_char tpay,
+ u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
#ifndef HAVE_LIBCRYPTO
_U_
#endif
- u_int32_t phase,
+ uint32_t phase,
#ifndef HAVE_LIBCRYPTO
_U_
#endif
- u_int32_t doi,
+ uint32_t doi,
#ifndef HAVE_LIBCRYPTO
_U_
#endif
- u_int32_t proto,
+ uint32_t proto,
#ifndef HAVE_LIBCRYPTO
_U_
#endif
@@ -2068,14 +2510,14 @@
dat = (u_char *)(ext+1);
ND_TCHECK2(*dat, dlen);
-
+
#ifdef HAVE_LIBCRYPTO
/* try to decypt it! */
if(esp_print_decrypt_buffer_by_ikev2(ndo,
base->flags & ISAKMP_FLAG_I,
base->i_ck, base->r_ck,
dat, dat+dlen)) {
-
+
ext = (const struct isakmp_gen *)ndo->ndo_packetp;
/* got it decrypted, print stuff inside. */
@@ -2083,7 +2525,7 @@
phase, doi, proto, depth+1);
}
#endif
-
+
/* always return NULL, because E must be at end, and NP refers
* to what was inside.
@@ -2095,21 +2537,21 @@
}
static const u_char *
-ikev2_cp_print(netdissect_options *ndo, u_char tpay,
+ikev2_cp_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
return ikev2_gen_print(ndo, tpay, ext);
}
static const u_char *
-ikev2_eap_print(netdissect_options *ndo, u_char tpay,
+ikev2_eap_print(netdissect_options *ndo, u_char tpay,
const struct isakmp_gen *ext,
u_int item_len _U_, const u_char *ep _U_,
- u_int32_t phase _U_, u_int32_t doi _U_,
- u_int32_t proto _U_, int depth _U_)
+ uint32_t phase _U_, uint32_t doi _U_,
+ uint32_t proto _U_, int depth _U_)
{
return ikev2_gen_print(ndo, tpay, ext);
}
@@ -2118,7 +2560,7 @@
ike_sub0_print(netdissect_options *ndo,
u_char np, const struct isakmp_gen *ext, const u_char *ep,
- u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
+ uint32_t phase, uint32_t doi, uint32_t proto, int depth)
{
const u_char *cp;
struct isakmp_gen e;
@@ -2158,7 +2600,7 @@
static const u_char *
ikev1_sub_print(netdissect_options *ndo,
u_char np, const struct isakmp_gen *ext, const u_char *ep,
- u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
+ uint32_t phase, uint32_t doi, uint32_t proto, int depth)
{
const u_char *cp;
int i;
@@ -2214,16 +2656,16 @@
u_char np;
int i;
int phase;
-
+
p = (const struct isakmp *)bp;
ep = ndo->ndo_snapend;
-
+
phase = (EXTRACT_32BITS(base->msgid) == 0) ? 1 : 2;
if (phase == 1)
ND_PRINT((ndo," phase %d", phase));
else
ND_PRINT((ndo," phase %d/others", phase));
-
+
i = cookie_find(&base->i_ck);
if (i < 0) {
if (iszero((u_char *)&base->r_ck, sizeof(base->r_ck))) {
@@ -2241,18 +2683,18 @@
else
ND_PRINT((ndo," ?"));
}
-
+
ND_PRINT((ndo," %s", ETYPESTR(base->etype)));
if (base->flags) {
ND_PRINT((ndo,"[%s%s]", base->flags & ISAKMP_FLAG_E ? "E" : "",
base->flags & ISAKMP_FLAG_C ? "C" : ""));
}
-
+
if (ndo->ndo_vflag) {
const struct isakmp_gen *ext;
-
+
ND_PRINT((ndo,":"));
-
+
/* regardless of phase... */
if (base->flags & ISAKMP_FLAG_E) {
/*
@@ -2262,18 +2704,18 @@
ND_PRINT((ndo," [encrypted %s]", NPSTR(base->np)));
goto done;
}
-
+
CHECKLEN(p + 1, base->np);
np = base->np;
ext = (struct isakmp_gen *)(p + 1);
ikev1_sub_print(ndo, np, ext, ep, phase, 0, 0, 0);
}
-
+
done:
if (ndo->ndo_vflag) {
if (ntohl(base->len) != length) {
ND_PRINT((ndo," (len mismatch: isakmp %u/ip %u)",
- (u_int32_t)ntohl(base->len), length));
+ (uint32_t)ntohl(base->len), length));
}
}
}
@@ -2282,7 +2724,7 @@
ikev2_sub0_print(netdissect_options *ndo, struct isakmp *base,
u_char np, int pcount,
const struct isakmp_gen *ext, const u_char *ep,
- u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
+ uint32_t phase, uint32_t doi, uint32_t proto, int depth)
{
const u_char *cp;
struct isakmp_gen e;
@@ -2333,7 +2775,7 @@
ikev2_sub_print(netdissect_options *ndo,
struct isakmp *base,
u_char np, const struct isakmp_gen *ext, const u_char *ep,
- u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
+ uint32_t phase, uint32_t doi, uint32_t proto, int depth)
{
const u_char *cp;
int i;
@@ -2341,7 +2783,7 @@
struct isakmp_gen e;
cp = (const u_char *)ext;
- pcount = 0;
+ pcount = 0;
while (np) {
pcount++;
ND_TCHECK(*ext);
@@ -2427,7 +2869,7 @@
if (ndo->ndo_vflag) {
if (ntohl(base->len) != length) {
ND_PRINT((ndo, " (len mismatch: isakmp %u/ip %u)",
- (u_int32_t)ntohl(base->len), length));
+ (uint32_t)ntohl(base->len), length));
}
}
}
@@ -2508,7 +2950,7 @@
if(length < 4) {
goto trunc;
}
-
+
/*
* see if this is an IKE packet
*/
@@ -2532,7 +2974,7 @@
bp += advance;
length -= advance + padlen;
nh = enh & 0xff;
-
+
ip_print_inner(ndo, bp, length, nh, bp2);
return;
}
@@ -2550,5 +2992,5 @@
*/
-
+