📄 _isakmp.c
字号:
len -= sizeof(*p);
PRINTF (" len=%d", len);
if (2 < vflag)
{
PUTCHAR (' ');
rawprint ((caddr_t) data, len);
}
}
return (u_char *) ext + ntohs (ext->len);
}
static u_char *isakmp_hash_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto)
{
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_HASH));
PRINTF (" len=%d", ntohs (ext->len) - 4);
if (2 < vflag && 4 < ntohs (ext->len))
{
PUTCHAR (' ');
rawprint ((caddr_t) (ext + 1), ntohs (ext->len) - 4);
}
return (u_char *) ext + ntohs (ext->len);
}
static u_char *isakmp_nonce_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto)
{
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_NONCE));
PRINTF (" n len=%d", ntohs (ext->len) - 4);
if (2 < vflag && 4 < ntohs (ext->len))
{
PUTCHAR (' ');
rawprint ((caddr_t) (ext + 1), ntohs (ext->len) - 4);
}
return (u_char *) ext + ntohs (ext->len);
}
static u_char *isakmp_n_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi0, u_int32_t proto0)
{
struct isakmp_pl_n *p;
u_char *cp;
u_char *ep2;
u_int32_t doi;
u_int32_t proto;
static char *notifystr[] = {
NULL, "INVALID-PAYLOAD-TYPE",
"DOI-NOT-SUPPORTED", "SITUATION-NOT-SUPPORTED",
"INVALID-COOKIE", "INVALID-MAJOR-VERSION",
"INVALID-MINOR-VERSION", "INVALID-EXCHANGE-TYPE",
"INVALID-FLAGS", "INVALID-MESSAGE-ID",
"INVALID-PROTOCOL-ID", "INVALID-SPI",
"INVALID-TRANSFORM-ID", "ATTRIBUTES-NOT-SUPPORTED",
"NO-PROPOSAL-CHOSEN", "BAD-PROPOSAL-SYNTAX",
"PAYLOAD-MALFORMED", "INVALID-KEY-INFORMATION",
"INVALID-ID-INFORMATION", "INVALID-CERT-ENCODING",
"INVALID-CERTIFICATE", "CERT-TYPE-UNSUPPORTED",
"INVALID-CERT-AUTHORITY", "INVALID-HASH-INFORMATION",
"AUTHENTICATION-FAILED", "INVALID-SIGNATURE",
"ADDRESS-NOTIFICATION", "NOTIFY-SA-LIFETIME",
"CERTIFICATE-UNAVAILABLE", "UNSUPPORTED-EXCHANGE-TYPE",
"UNEQUAL-PAYLOAD-LENGTHS",
};
static char *ipsecnotifystr[] = {
"RESPONDER-LIFETIME",
"REPLAY-STATUS",
"INITIAL-CONTACT"
};
/* NOTE: these macro must be called with x in proper range
*/
#define NOTIFYSTR(x) \
(((x) == 16384) ? "CONNECTED" : STR_OR_ID((x), notifystr))
#define IPSECNOTIFYSTR(x) \
(((x) == 8192) ? "RESERVED" : STR_OR_ID(((x) - 24576), ipsecnotifystr))
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_N));
p = (struct isakmp_pl_n *) ext;
doi = ntohl (p->doi);
proto = p->prot_id;
if (doi != 1)
{
PRINTF (" doi=%d", doi);
PRINTF (" proto=%d", proto);
PRINTF (" type=%s", NOTIFYSTR (ntohs (p->type)));
if (p->spi_size)
{
PUTS (" spi=");
rawprint ((caddr_t) (p + 1), p->spi_size);
}
return (u_char *) (p + 1) + p->spi_size;
}
PUTS (" doi=ipsec");
PRINTF (" proto=%s", PROTOIDSTR (proto));
if (ntohs (p->type) < 8192)
PRINTF (" type=%s", NOTIFYSTR (ntohs (p->type)));
else if (ntohs (p->type) < 16384)
PRINTF (" type=%s", IPSECNOTIFYSTR (ntohs (p->type)));
else if (ntohs (p->type) < 24576)
PRINTF (" type=%s", NOTIFYSTR (ntohs (p->type)));
else if (ntohs (p->type) < 40960)
PRINTF (" type=%s", IPSECNOTIFYSTR (ntohs (p->type)));
else PRINTF (" type=%s", NOTIFYSTR (ntohs (p->type)));
if (p->spi_size)
{
PUTS (" spi=");
rawprint ((caddr_t) (p + 1), p->spi_size);
}
cp = (u_char *) (p + 1) + p->spi_size;
ep2 = (u_char *) p + ntohs (ext->len);
if (cp < ep)
{
PUTS (" orig=(");
switch (ntohs (p->type))
{
case IPSECDOI_NTYPE_RESPONDER_LIFETIME:
{
struct attrmap *map = oakley_t_map;
size_t nmap = sizeof(oakley_t_map) / sizeof(oakley_t_map[0]);
while (cp < ep && cp < ep2)
{
cp = isakmp_attrmap_print (cp, (ep < ep2) ? ep : ep2,
map, nmap);
}
break;
}
case IPSECDOI_NTYPE_REPLAY_STATUS:
PRINTF ("replay detection %sabled",
(*(u_int32_t *) cp) ? "en" : "dis");
break;
case ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN:
isakmp_sub_print (ISAKMP_NPTYPE_SA, (struct isakmp_gen*)cp,
ep, phase, doi, proto);
break;
default:
/* NULL is dummy */
isakmp_print (cp, ntohs (ext->len) - sizeof(*p) - p->spi_size, NULL);
}
PUTCHAR (')');
}
return (u_char *) ext + ntohs (ext->len);
}
static u_char *isakmp_d_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi0, u_int32_t proto0)
{
struct isakmp_pl_d *p;
u_int8_t *q;
u_int32_t doi;
u_int32_t proto;
int i;
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_D));
p = (struct isakmp_pl_d *) ext;
doi = ntohl (p->doi);
proto = p->prot_id;
if (doi != 1)
PRINTF (" doi=%u proto=%u", doi, proto);
else PRINTF (" doi=ipsec proto=%s", PROTOIDSTR (proto));
PRINTF (" spilen=%u", p->spi_size);
PRINTF (" nspi=%u", ntohs (p->num_spi));
PUTS (" spi=");
q = (u_int8_t *) (p + 1);
for (i = 0; i < ntohs (p->num_spi); i++)
{
if (i != 0)
PUTCHAR (',');
rawprint ((caddr_t) q, p->spi_size);
q += p->spi_size;
}
return q;
}
static u_char *isakmp_vid_print (struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto)
{
PRINTF ("%s:", NPSTR (ISAKMP_NPTYPE_VID));
PRINTF (" len=%d", ntohs (ext->len) - 4);
if (2 < vflag && 4 < ntohs (ext->len))
{
PUTCHAR (' ');
rawprint ((caddr_t) (ext + 1), ntohs (ext->len) - 4);
}
return (u_char *) ext + ntohs (ext->len);
}
static u_char *isakmp_sub0_print (u_char np, struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto)
{
u_char *cp = (u_char *) ext;
if (NPFUNC (np))
cp = (*NPFUNC (np)) (ext, ep, phase, doi, proto);
else
{
PUTS (NPSTR (np));
cp += ntohs (ext->len);
}
return cp;
}
static u_char *isakmp_sub_print (u_char np, struct isakmp_gen *ext, u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto)
{
static int depth = 0;
u_char *cp = (u_char *) ext;
int i;
while (np)
{
if (ep < (u_char *) ext + ntohs (ext->len))
{
PRINTF (" [|%s]", NPSTR (np));
cp = ep + 1;
break;
}
depth++;
PUTCHAR ('\n');
for (i = 0; i < depth; i++)
PUTS (" ");
PUTCHAR ('(');
cp = isakmp_sub0_print (np, ext, ep, phase, doi, proto);
PUTCHAR (')');
depth--;
np = ext->np;
ext = (struct isakmp_gen *) cp;
}
return cp;
}
static char *numstr (int x)
{
static char buf[20];
sprintf (buf, "#%d", x);
return (buf);
}
void isakmp_print (const u_char * bp, u_int length, const u_char * bp2)
{
struct isakmp *base;
u_char *ep, np;
int i, phase, major, minor;
base = (struct isakmp *) bp;
ep = (u_char *) snapend;
if ((struct isakmp *) ep < base + 1)
{
PUTS ("[|isakmp]");
return;
}
PUTS ("isakmp");
if (vflag)
{
major = (base->vers & ISAKMP_VERS_MAJOR) >> ISAKMP_VERS_MAJOR_SHIFT;
minor = (base->vers & ISAKMP_VERS_MINOR) >> ISAKMP_VERS_MINOR_SHIFT;
PRINTF (" %d.%d", major, minor);
}
if (vflag)
{
PUTS (" msgid ");
rawprint ((caddr_t) &base->msgid, sizeof(base->msgid));
}
if (1 < vflag)
{
PUTS (" cookie ");
rawprint ((caddr_t) &base->i_ck, sizeof(base->i_ck));
PUTS ("->");
rawprint ((caddr_t) &base->r_ck, sizeof(base->r_ck));
}
PUTCHAR (':');
phase = (*(u_int32_t *) base->msgid == 0) ? 1 : 2;
if (phase == 1)
PRINTF (" phase %d", phase);
else PRINTF (" phase %d/others", phase);
i = cookie_find (&base->i_ck);
if (i < 0)
{
if (iszero ((u_char *) & base->r_ck, sizeof(base->r_ck)))
{
/* the first packet */
PUTS (" I");
if (bp2)
cookie_record (&base->i_ck, bp2);
}
else
PUTS (" ?");
}
else
{
if (bp2 && cookie_isinitiator (i, bp2))
PUTS (" I");
else if (bp2 && cookie_isresponder (i, bp2))
PUTS (" R");
else
PUTS (" ?");
}
PRINTF (" %s", ETYPESTR (base->etype));
if (base->flags)
PRINTF ("[%s%s]", base->flags & ISAKMP_FLAG_E ? "E" : "",
base->flags & ISAKMP_FLAG_C ? "C" : "");
PUTCHAR (':');
{
struct isakmp_gen *ext;
int nparen;
#define CHECKLEN(p, np) \
if (ep < (u_char *)(p)) { \
PRINTF(" [|%s]", NPSTR(np)); \
goto done; \
}
/* regardless of phase...
*/
if (base->flags & ISAKMP_FLAG_E)
{
/*
* encrypted, nothing we can do right now.
* we hope to decrypt the packet in the future...
*/
PRINTF (" [|%s]", NPSTR (base->np));
goto done;
}
nparen = 0;
CHECKLEN (base + 1, base->np) np = base->np;
ext = (struct isakmp_gen *) (base + 1);
isakmp_sub_print (np, ext, ep, phase, 0, 0);
}
done:
if (vflag)
{
if (ntohl (base->len) != length)
PRINTF (" (len mismatch: isakmp %lu/ip %d)",
ntohl (base->len), length);
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -