📄 isakmp.c
字号:
printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); printf("Hash data: not shown\n"); bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp);}/*----------------------------------------------------------------------------**** dump_notification_payload()**** Dump a notification payload.****----------------------------------------------------------------------------*/void dump_notification_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_int8_t protocol_id, spi_size; u_int16_t message_type; u_int32_t doi; u_char *old_bp; old_bp = bp; gen = (ISAKMP_generic_hdr *) bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Notification Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); doi = EXTRACT_32BITS(bp); bp = bp + 4; printf("DOI: %d\n", doi); protocol_id = *bp; bp++; printf("Protocol ID: %d ", protocol_id); switch( protocol_id ) { case 0: printf("(reserved)"); break; case 1: printf("(protocol ISAKMP)"); break; case 2: printf("(protocol IPSEC_AH)"); break; case 3: printf("(protocol IPSEC_ESP)"); break; case 4: printf("(protocol IPCOMP)"); break; default: printf("(unknown)"); break; } printf("\n"); spi_size = *bp; bp++; printf("SPI size: %d\n", spi_size); message_type = EXTRACT_16BITS(bp); bp = bp + 2; printf("Message type: %d ", message_type); switch(message_type) { case 1: printf("(invalid payload type)"); break; case 2: printf("(DOI not supported)"); break; case 3: printf("(situation not supported)"); break; case 4: printf("(invalid cookie)"); break; case 5: printf("(invalid major version)"); break; case 6: printf("(invalid minor version)"); break; case 7: printf("(invalid exchange type)"); break; case 8: printf("(invalid flags)"); break; case 9: printf("(invalid message ID)"); break; case 10: printf("(invalid protocol ID)"); break; case 11: printf("(invalid SPI)"); break; case 12: printf("(invalid transform ID)"); break; case 13: printf("(attributes not supported)"); break; case 14: printf("(no proposal chosen)"); break; case 15: printf("(bad proposal syntax)"); break; case 16: printf("(payload malformed)"); break; case 17: printf("(invalid key information)"); break; case 18: printf("(invalid ID information)"); break; case 19: printf("(invalid cert encoding)"); break; case 20: printf("(invalid certificate)"); break; case 21: printf("(cert type unsupported)"); break; case 22: printf("(invalid cert authority)"); break; case 23: printf("(invalid hash information)"); break; case 24: printf("(authentication failed)"); break; case 25: printf("(invalid signature)"); break; case 26: printf("(address notification)"); break; case 27: printf("(notify SA lifetime)"); break; case 28: printf("(certificate unavailable)"); break; case 29: printf("(unsupported exchange type)"); break; case 16384: printf("(connected)"); break; case 24576: printf("(responder lifetime)"); break; case 24577: printf("(replay status)"); break; case 24578: printf("(initial contact)"); break; default: printf("(unknown)"); break; } printf("\n"); printf("SPI: not shown\n"); bp = bp + spi_size; /* * Here, the notification data length depends on the message type. * They really should have defined a length for this field. We * have to get a bit ugly in order to do this right... */ switch(message_type) { case 24576: break; case 24577: { u_int32_t data; data = EXTRACT_32BITS(bp); bp = bp + 4; printf("Notification data %d ", data); switch(data) { case 0: printf("(replay detection disabled)"); break; case 1: printf("(replay detection enabled)"); break; default: printf("(unknown)"); break; } printf("\n"); } break; case 24578: printf("(initial contact)"); /* no data field */ break; default: printf("(unknown)"); break; } /* * Move pointer to end of this header */ bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp);}/*----------------------------------------------------------------------------**** dump_transform_payload()**** Dump a transform payload.****----------------------------------------------------------------------------*/void dump_transform_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_int8_t trans_id, spi_size; u_int32_t trans; u_char *old_bp; old_bp = bp; gen = (ISAKMP_generic_hdr *) bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Transform Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); trans = EXTRACT_32BITS(bp); bp = bp + 4; printf("Transform Number: %d\n", trans); trans_id = *bp; bp++; printf("Transform ID: %d ", trans_id); /* NOTE: This should be conditional so that we don't print both the AH * and ESP transform IDs at the same time. Need to add IPCOMP also. */ switch( trans_id ) { case 0: printf("(reserved)"); break; case 1: printf("(AH reserved) or (ESP DES IV64)"); break; case 2: printf("(AH MD5) or (ESP DES)"); break; case 3: printf("(AH SHA1) or (ESP 3DES)"); break; case 4: printf("(AH DES)"); break; case 5: printf("(protocol IPCOMP)"); break; default: printf("(unknown)"); break; } printf("\n"); spi_size = *bp; bp++; printf("Reserved: %d\n", spi_size); /* * Move pointer to end of this header */ bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp);}/*----------------------------------------------------------------------------**** dump_keyexchange_payload()**** Dump a key exchange payload.****----------------------------------------------------------------------------*/void dump_keyexchange_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_char *old_bp; gen = (ISAKMP_generic_hdr *) bp; old_bp = bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Key Exchange Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); printf("Key exchange data: "); print_char2hex(bp, ntohs(gen->length) - 4); bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp);}/*----------------------------------------------------------------------------**** dump_identification_payload()**** Dump an identification payload.****----------------------------------------------------------------------------*/void dump_identification_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_char *old_bp; u_int8_t id_type; u_int32_t doi_data; gen = (ISAKMP_generic_hdr *) bp; old_bp = bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Identification Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); id_type = *bp; bp ++; printf("ID type: %d ", id_type); switch(id_type) { case 0: printf("(reserved)"); break; case 1: printf("(IPv4 address)"); break; case 2: printf("(FQDN)"); break; case 3: printf("(user FQDN)"); break; case 4: printf("(IPv4 address subnet)"); break; case 5: printf("(IPv6 address)"); break; case 6: printf("(IPv6 address subnet)"); break; case 7: printf("(IPv4 address range)"); break; case 8: printf("(IPv6 address range)"); break; case 9: printf("(DER coding of ASN.1 X.500 dist. name)"); break; case 10: printf("(DER coding of ASN.1 X.500 gen. name)"); break; case 11: printf("(key ID)"); break; } printf("\n"); /* * Read next 3 bytes */ doi_data = *bp; doi_data = doi_data << 8; doi_data += *(bp+1); doi_data = doi_data << 8; doi_data += *(bp+1); bp = bp + 3; printf("DOI ID data: %d\n", doi_data); switch(id_type) { case 0: break; case 1: break; case 2: printf("(FQDN)"); break; case 3: printf("(user FQDN)"); break; case 4: printf("(IPv4 address subnet)"); break; case 5: printf("(IPv6 address)"); break; case 6: printf("(IPv6 address subnet)"); break; case 7: printf("(IPv4 address range)"); break; case 8: printf("(IPv6 address range)"); break; case 9: printf("(DER coding of ASN.1 X.500 dist. name)"); break; case 10: printf("(DER coding of ASN.1 X.500 gen. name)"); break; case 11: printf("(key ID)"); break; } bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp);}/*----------------------------------------------------------------------------**** dump_nonce_payload()**** Dump a nonce payload.****----------------------------------------------------------------------------*/void dump_nonce_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_char *old_bp; gen = (ISAKMP_generic_hdr *) bp; old_bp = bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Nonce Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); printf("Nonce data: "); print_char2hex(bp, ntohs(gen->length) - 4); bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp); }/*----------------------------------------------------------------------------**** dump_signature_payload()**** Dump a signature payload.****----------------------------------------------------------------------------*/void dump_signature_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_char *old_bp; gen = (ISAKMP_generic_hdr *) bp; old_bp = bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Signature Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); printf("Signature data: "); print_char2hex(bp, ntohs(gen->length) - 4); bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp); }/*----------------------------------------------------------------------------**** dump_vendorid_payload()**** Dump a vendor ID payload.****----------------------------------------------------------------------------*/void dump_vendorid_payload(u_char *bp){ ISAKMP_generic_hdr *gen; u_char *old_bp; gen = (ISAKMP_generic_hdr *) bp; old_bp = bp; printf("-----------------------------------------------------------------\n"); printf(" ISAKMP Vendor ID Header\n"); printf("-----------------------------------------------------------------\n"); printf("Next payload: %d ", gen->next_payload); dump_next_payload(gen->next_payload); printf("Reserved: %d\n", gen->reserved); printf("Payload length %d\n", ntohs(gen->length)); bp = bp + sizeof(ISAKMP_generic_hdr); printf("Vendor ID: "); print_char2hex(bp, ntohs(gen->length) - 4); bp = old_bp + ntohs(gen->length); determine_next_payload(gen->next_payload, bp); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -