📄 isakmp.c
字号:
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
printf("Hash data: not shown\n");
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_notification_payload()
**
** Dump a notification payload.
**
**----------------------------------------------------------------------------
*/
void dump_notification_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_int8_t protocol_id, spi_size;
u_int16_t message_type;
u_int32_t doi;
u_char *old_bp;
old_bp = bp;
gen = (ISAKMP_generic_hdr *) bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Notification Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
doi = EXTRACT_32BITS(bp);
bp = bp + 4;
printf("DOI: %d\n", doi);
protocol_id = *bp;
bp++;
printf("Protocol ID: %d ", protocol_id);
switch( protocol_id )
{
case 0:
printf("(reserved)");
break;
case 1:
printf("(protocol ISAKMP)");
break;
case 2:
printf("(protocol IPSEC_AH)");
break;
case 3:
printf("(protocol IPSEC_ESP)");
break;
case 4:
printf("(protocol IPCOMP)");
break;
default:
printf("(unknown)");
break;
}
printf("\n");
spi_size = *bp;
bp++;
printf("SPI size: %d\n", spi_size);
message_type = EXTRACT_16BITS(bp);
bp = bp + 2;
printf("Message type: %d ", message_type);
switch(message_type)
{
case 1:
printf("(invalid payload type)");
break;
case 2:
printf("(DOI not supported)");
break;
case 3:
printf("(situation not supported)");
break;
case 4:
printf("(invalid cookie)");
break;
case 5:
printf("(invalid major version)");
break;
case 6:
printf("(invalid minor version)");
break;
case 7:
printf("(invalid exchange type)");
break;
case 8:
printf("(invalid flags)");
break;
case 9:
printf("(invalid message ID)");
break;
case 10:
printf("(invalid protocol ID)");
break;
case 11:
printf("(invalid SPI)");
break;
case 12:
printf("(invalid transform ID)");
break;
case 13:
printf("(attributes not supported)");
break;
case 14:
printf("(no proposal chosen)");
break;
case 15:
printf("(bad proposal syntax)");
break;
case 16:
printf("(payload malformed)");
break;
case 17:
printf("(invalid key information)");
break;
case 18:
printf("(invalid ID information)");
break;
case 19:
printf("(invalid cert encoding)");
break;
case 20:
printf("(invalid certificate)");
break;
case 21:
printf("(cert type unsupported)");
break;
case 22:
printf("(invalid cert authority)");
break;
case 23:
printf("(invalid hash information)");
break;
case 24:
printf("(authentication failed)");
break;
case 25:
printf("(invalid signature)");
break;
case 26:
printf("(address notification)");
break;
case 27:
printf("(notify SA lifetime)");
break;
case 28:
printf("(certificate unavailable)");
break;
case 29:
printf("(unsupported exchange type)");
break;
case 16384:
printf("(connected)");
break;
case 24576:
printf("(responder lifetime)");
break;
case 24577:
printf("(replay status)");
break;
case 24578:
printf("(initial contact)");
break;
default:
printf("(unknown)");
break;
}
printf("\n");
printf("SPI: not shown\n");
bp = bp + spi_size;
/*
* Here, the notification data length depends on the message type.
* They really should have defined a length for this field. We
* have to get a bit ugly in order to do this right...
*/
switch(message_type)
{
case 24576:
break;
case 24577:
{
u_int32_t data;
data = EXTRACT_32BITS(bp);
bp = bp + 4;
printf("Notification data %d ", data);
switch(data)
{
case 0:
printf("(replay detection disabled)");
break;
case 1:
printf("(replay detection enabled)");
break;
default:
printf("(unknown)");
break;
}
printf("\n");
}
break;
case 24578:
printf("(initial contact)"); /* no data field */
break;
default:
printf("(unknown)");
break;
}
/*
* Move pointer to end of this header
*/
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_transform_payload()
**
** Dump a transform payload.
**
**----------------------------------------------------------------------------
*/
void dump_transform_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_int8_t trans_id, spi_size;
u_int32_t trans;
u_char *old_bp;
old_bp = bp;
gen = (ISAKMP_generic_hdr *) bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Transform Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
trans = EXTRACT_32BITS(bp);
bp = bp + 4;
printf("Transform Number: %d\n", trans);
trans_id = *bp;
bp++;
printf("Transform ID: %d ", trans_id);
/* NOTE: This should be conditional so that we don't print both the AH
* and ESP transform IDs at the same time. Need to add IPCOMP also.
*/
switch( trans_id )
{
case 0:
printf("(reserved)");
break;
case 1:
printf("(AH reserved) or (ESP DES IV64)");
break;
case 2:
printf("(AH MD5) or (ESP DES)");
break;
case 3:
printf("(AH SHA1) or (ESP 3DES)");
break;
case 4:
printf("(AH DES)");
break;
case 5:
printf("(protocol IPCOMP)");
break;
default:
printf("(unknown)");
break;
}
printf("\n");
spi_size = *bp;
bp++;
printf("Reserved: %d\n", spi_size);
/*
* Move pointer to end of this header
*/
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_keyexchange_payload()
**
** Dump a key exchange payload.
**
**----------------------------------------------------------------------------
*/
void dump_keyexchange_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_char *old_bp;
gen = (ISAKMP_generic_hdr *) bp;
old_bp = bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Key Exchange Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
printf("Key exchange data: ");
print_char2hex(bp, ntohs(gen->length) - 4);
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_identification_payload()
**
** Dump an identification payload.
**
**----------------------------------------------------------------------------
*/
void dump_identification_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_char *old_bp;
u_int8_t id_type;
u_int32_t doi_data;
gen = (ISAKMP_generic_hdr *) bp;
old_bp = bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Identification Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
id_type = *bp;
bp ++;
printf("ID type: %d ", id_type);
switch(id_type)
{
case 0:
printf("(reserved)");
break;
case 1:
printf("(IPv4 address)");
break;
case 2:
printf("(FQDN)");
break;
case 3:
printf("(user FQDN)");
break;
case 4:
printf("(IPv4 address subnet)");
break;
case 5:
printf("(IPv6 address)");
break;
case 6:
printf("(IPv6 address subnet)");
break;
case 7:
printf("(IPv4 address range)");
break;
case 8:
printf("(IPv6 address range)");
break;
case 9:
printf("(DER coding of ASN.1 X.500 dist. name)");
break;
case 10:
printf("(DER coding of ASN.1 X.500 gen. name)");
break;
case 11:
printf("(key ID)");
break;
}
printf("\n");
/*
* Read next 3 bytes
*/
doi_data = *bp;
doi_data = doi_data << 8;
doi_data += *(bp+1);
doi_data = doi_data << 8;
doi_data += *(bp+1);
bp = bp + 3;
printf("DOI ID data: %d\n", doi_data);
switch(id_type)
{
case 0:
break;
case 1:
break;
case 2:
printf("(FQDN)");
break;
case 3:
printf("(user FQDN)");
break;
case 4:
printf("(IPv4 address subnet)");
break;
case 5:
printf("(IPv6 address)");
break;
case 6:
printf("(IPv6 address subnet)");
break;
case 7:
printf("(IPv4 address range)");
break;
case 8:
printf("(IPv6 address range)");
break;
case 9:
printf("(DER coding of ASN.1 X.500 dist. name)");
break;
case 10:
printf("(DER coding of ASN.1 X.500 gen. name)");
break;
case 11:
printf("(key ID)");
break;
}
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_nonce_payload()
**
** Dump a nonce payload.
**
**----------------------------------------------------------------------------
*/
void dump_nonce_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_char *old_bp;
gen = (ISAKMP_generic_hdr *) bp;
old_bp = bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Nonce Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
printf("Nonce data: ");
print_char2hex(bp, ntohs(gen->length) - 4);
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_signature_payload()
**
** Dump a signature payload.
**
**----------------------------------------------------------------------------
*/
void dump_signature_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_char *old_bp;
gen = (ISAKMP_generic_hdr *) bp;
old_bp = bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Signature Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
printf("Signature data: ");
print_char2hex(bp, ntohs(gen->length) - 4);
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
/*----------------------------------------------------------------------------
**
** dump_vendorid_payload()
**
** Dump a vendor ID payload.
**
**----------------------------------------------------------------------------
*/
void dump_vendorid_payload(u_char *bp)
{
ISAKMP_generic_hdr *gen;
u_char *old_bp;
gen = (ISAKMP_generic_hdr *) bp;
old_bp = bp;
printf("-----------------------------------------------------------------\n");
printf(" ISAKMP Vendor ID Header\n");
printf("-----------------------------------------------------------------\n");
printf("Next payload: %d ", gen->next_payload);
dump_next_payload(gen->next_payload);
printf("Reserved: %d\n", gen->reserved);
printf("Payload length %d\n", ntohs(gen->length));
bp = bp + sizeof(ISAKMP_generic_hdr);
printf("Vendor ID: ");
print_char2hex(bp, ntohs(gen->length) - 4);
bp = old_bp + ntohs(gen->length);
determine_next_payload(gen->next_payload, bp);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -