📄 _isakmp.c
字号:
q = (u_short *) p;
if (p[0] & 0x80)
totlen = 4;
else totlen = 4 + ntohs (q[1]);
if (ep < p + totlen)
{
PUTS ("[|attr]");
return ep + 1;
}
PUTCHAR ('(');
t = ntohs (q[0]) & 0x7fff;
PRINTF ("type=#%d ", t);
if (p[0] & 0x80)
{
PUTS ("value=");
t = q[1];
rawprint ((caddr_t) & q[1], 2);
}
else
{
PRINTF ("len=%d value=", ntohs (q[1]));
rawprint ((caddr_t) & p[2], ntohs (q[1]));
}
PUTCHAR (')');
return p + totlen;
}
static u_char *isakmp_sa_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi0,
u_int32_t proto0)
{
struct isakmp_pl_sa *p;
u_int32_t *q;
u_int32_t doi;
u_int32_t sit;
u_char *cp;
int t;
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_SA));
p = (struct isakmp_pl_sa *) ext;
doi = ntohl (p->doi);
if (doi != 1)
{
PRINTF (" doi=%d", doi);
PRINTF (" situation=%u", (u_int32_t) ntohl (p->sit));
return (u_char *) (p + 1);
}
PUTS (" doi=ipsec");
q = (u_int32_t *) & p->sit;
PUTS (" situation=");
t = 0;
if (ntohl (*q) & 0x01)
{
PUTS ("identity");
t++;
}
if (ntohl (*q) & 0x02)
{
PRINTF ("%ssecrecy", t ? "+" : "");
t++;
}
if (ntohl (*q) & 0x04)
PRINTF ("%sintegrity", t ? "+" : "");
sit = htonl (*q++);
if (sit != 0x01)
PRINTF (" ident=%u", (u_int32_t) ntohl (*q++));
ext = (struct isakmp_gen *) q;
cp = isakmp_sub_print (ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0);
return (cp);
}
static u_char *isakmp_p_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi0,
u_int32_t proto0)
{
struct isakmp_pl_p *p;
u_char *cp;
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_P));
p = (struct isakmp_pl_p *) ext;
PRINTF (" #%d protoid=%s transform=%d",
p->p_no, PROTOIDSTR (p->prot_id), p->num_t);
if (p->spi_size)
{
PUTS (" spi=");
rawprint ((caddr_t) (p + 1), p->spi_size);
}
ext = (struct isakmp_gen *) ((u_char *) (p + 1) + p->spi_size);
cp = isakmp_sub_print (ISAKMP_NPTYPE_T, ext, ep, phase, doi0, p->prot_id);
return cp;
}
static char *isakmp_p_map[] = {
NULL, "ike",
};
static char *ah_p_map[] = {
NULL, "md5", "sha", "1des",
};
static char *esp_p_map[] = {
NULL, "1des-iv64", "1des", "3des", "rc5", "idea", "cast",
"blowfish", "3idea", "1des-iv32", "rc4", "null"
};
static char *ipcomp_p_map[] = {
NULL, "oui", "deflate", "lzs",
};
struct attrmap ipsec_t_map[] = {
{ NULL, 0, },
{ "lifetype", 3, { NULL, "sec", "kb",},},
{ "life", 0, },
{ "group desc", 5, { NULL, "modp768", "modp1024", "EC2N 2^155", "EC2N 2^185", },},
{ "enc mode", 3, { NULL, "tunnel", "transport", },},
{ "auth", 5, { NULL, "hmac-md5", "hmac-sha1", "1des-mac", "keyed",},},
{ "keylen", 0, },
{ "rounds", 0, },
{ "dictsize", 0, },
{ "privalg", 0, },
};
struct attrmap oakley_t_map[] = {
{ NULL, 0 },
{ "enc", 7, { NULL, "1des", "idea", "blowfish", "rc5",
"3des", "cast"},},
{ "hash", 4, { NULL, "md5", "sha1", "tiger",},},
{ "auth", 6, { NULL, "preshared", "dss", "rsa sig", "rsa enc",
"rsa enc revised",},},
{ "group desc", 5, { NULL, "modp768", "modp1024", "EC2N 2^155",
"EC2N 2^185",},},
{ "group type", 4, { NULL, "MODP", "ECP", "EC2N",},},
{ "group prime", 0, },
{ "group gen1", 0, },
{ "group gen2", 0, },
{ "group curve A", 0, },
{ "group curve B", 0, },
{ "lifetype", 3, { NULL, "sec", "kb",},},
{ "lifeduration", 0, },
{ "prf", 0, },
{ "keylen", 0, },
{ "field", 0, },
{ "order", 0, },
};
static u_char *isakmp_t_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi,
u_int32_t proto)
{
struct isakmp_pl_t *p;
struct attrmap *map;
u_char *cp;
char *idstr;
size_t nmap;
u_char *ep2;
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_T));
p = (struct isakmp_pl_t *) ext;
switch (proto)
{
case 1:
idstr = STR_OR_ID (p->t_id, isakmp_p_map);
map = oakley_t_map;
nmap = sizeof(oakley_t_map) / sizeof(oakley_t_map[0]);
break;
case 2:
idstr = STR_OR_ID (p->t_id, ah_p_map);
map = ipsec_t_map;
nmap = sizeof(ipsec_t_map) / sizeof(ipsec_t_map[0]);
break;
case 3:
idstr = STR_OR_ID (p->t_id, esp_p_map);
map = ipsec_t_map;
nmap = sizeof(ipsec_t_map) / sizeof(ipsec_t_map[0]);
break;
case 4:
idstr = STR_OR_ID (p->t_id, ipcomp_p_map);
map = ipsec_t_map;
nmap = sizeof(ipsec_t_map) / sizeof(ipsec_t_map[0]);
break;
default:
idstr = NULL;
map = NULL;
nmap = 0;
break;
}
if (idstr)
PRINTF (" #%d id=%s ", p->t_no, idstr);
else PRINTF (" #%d id=%d ", p->t_no, p->t_id);
cp = (u_char *) (p + 1);
ep2 = (u_char *) p + ntohs (ext->len);
while (cp < ep && cp < ep2)
{
if (map && nmap)
cp = isakmp_attrmap_print (cp, (ep < ep2) ? ep : ep2, map, nmap);
else cp = isakmp_attr_print (cp, (ep < ep2) ? ep : ep2);
}
if (ep < ep2)
PUTS ("...");
return (cp);
}
static u_char *isakmp_ke_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi,
u_int32_t proto)
{
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_KE));
PRINTF (" key len=%d", ntohs (ext->len) - 4);
if (2 < vflag && 4 < ntohs (ext->len))
{
PUTCHAR (' ');
rawprint ((caddr_t) (ext + 1), ntohs (ext->len) - 4);
}
return (u_char *) ext + ntohs (ext->len);
}
static u_char *isakmp_id_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi,
u_int32_t proto)
{
#define USE_IPSECDOI_IN_PHASE1 1
struct isakmp_pl_id *p;
static char *idtypestr[] = {
"IPv4", "IPv4net", "IPv6", "IPv6net",
};
static char *ipsecidtypestr[] = {
NULL, "IPv4", "FQDN", "user FQDN", "IPv4net", "IPv6",
"IPv6net", "IPv4range", "IPv6range", "ASN1 DN", "ASN1 GN",
"keyid",
};
int len;
u_char *data;
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_ID));
p = (struct isakmp_pl_id *) ext;
if (sizeof(*p) < ext->len)
data = (u_char*) (p + 1);
else data = NULL;
len = ntohs (ext->len) - sizeof(*p);
#if 0 /* debug */
PRINTF (" [phase=%d doi=%d proto=%d]", phase, doi, proto);
#endif
switch (phase)
{
#ifndef USE_IPSECDOI_IN_PHASE1
case 1:
#endif
default:
PRINTF (" idtype=%s", STR_OR_ID (p->d.id_type, idtypestr));
PRINTF (" doi_data=%u", (u_int32_t) (ntohl (p->d.doi_data) & 0xffffff));
break;
#ifdef USE_IPSECDOI_IN_PHASE1
case 1:
#endif
case 2:
{
struct ipsecdoi_id *p;
struct protoent *pe;
p = (struct ipsecdoi_id *) ext;
PRINTF (" idtype=%s", STR_OR_ID (p->type, ipsecidtypestr));
setprotoent (1);
pe = getprotobynumber (p->proto_id);
if (pe)
PRINTF (" protoid=%s", pe->p_name);
else PRINTF (" protoid=%s", PROTOIDSTR (p->proto_id));
endprotoent ();
PRINTF (" port=%d", ntohs (p->port));
if (!len)
break;
switch (p->type)
{
case IPSECDOI_ID_IPV4_ADDR:
PRINTF (" len=%d %s", len, ipaddr_string (data));
len = 0;
break;
case IPSECDOI_ID_FQDN:
case IPSECDOI_ID_USER_FQDN:
{
int i;
PRINTF (" len=%d ", len);
for (i = 0; i < len; i++)
{
if (isprint (data[i]))
PRINTF ("%c", data[i]);
else PRINTF ("\\%03o", data[i]);
}
len = 0;
break;
}
case IPSECDOI_ID_IPV4_ADDR_SUBNET:
{
u_char *mask;
mask = data + sizeof(struct in_addr);
PRINTF (" len=%d %s/%u.%u.%u.%u",
len, ipaddr_string (data),
mask[0], mask[1], mask[2], mask[3]);
len = 0;
break;
}
#ifdef USE_INET6
case IPSECDOI_ID_IPV6_ADDR:
PRINTF (" len=%d %s", len, ip6addr_string (data));
len = 0;
break;
case IPSECDOI_ID_IPV6_ADDR_SUBNET:
{
u_int32_t *mask = (u_int32_t*) (data + sizeof(struct in6_addr));
PRINTF (" len=%d %s/0x%08x%08x%08x%08x",
len, ip6addr_string (data),
mask[0], mask[1], mask[2], mask[3]);
len = 0;
break;
}
#endif
case IPSECDOI_ID_IPV4_ADDR_RANGE:
PRINTF (" len=%d %s-%s",
len, ipaddr_string (data),
ipaddr_string (data + sizeof(struct in_addr)));
len = 0;
break;
#ifdef USE_INET6
case IPSECDOI_ID_IPV6_ADDR_RANGE:
PRINTF (" len=%d %s-%s", len, ip6addr_string (data),
ip6addr_string (data + sizeof(struct in6_addr)));
len = 0;
break;
#endif
case IPSECDOI_ID_DER_ASN1_DN:
case IPSECDOI_ID_DER_ASN1_GN:
case IPSECDOI_ID_KEY_ID:
break;
}
break;
}
}
if (data && len)
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -