print-isakmp.c

来自「TCPDUMP的C语言源代码,是在数据链路层的应用」· C语言代码 · 共 2,402 行 · 第 1/4 页
2,402 行
		if (!rawprint(ndo, (caddr_t)(p + 1), prop.spi_size))			goto trunc;	}	ext = (struct isakmp_gen *)((u_char *)(p + 1) + prop.spi_size);	ND_TCHECK(*ext);		cp = ikev1_sub_print(ndo, ISAKMP_NPTYPE_T, ext, ep, phase, doi0,			     prop.prot_id, depth);		return cp;trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_P)));	return NULL;}static const char *ikev1_p_map[] = {	NULL, "ike",};static const char *ikev2_t_type_map[]={	NULL, "encr", "prf", "integ", "dh", "esn"};static const char *ah_p_map[] = {	NULL, "(reserved)", "md5", "sha", "1des",	"sha2-256", "sha2-384", "sha2-512",};static const char *prf_p_map[] = {	NULL, "hmac-md5", "hmac-sha", "hmac-tiger",	"aes128_xcbc"};static const char *integ_p_map[] = {	NULL, "hmac-md5", "hmac-sha", "dec-mac",	"kpdk-md5", "aes-xcbc"};static const char *esn_p_map[] = {	"no-esn", "esn"};static const char *dh_p_map[] = {	NULL, "modp768",	"modp1024",    /* group 2 */	"EC2N 2^155",  /* group 3 */	"EC2N 2^185",  /* group 4 */	"modp1536",    /* group 5 */	"iana-grp06", "iana-grp07", /* reserved */	"iana-grp08", "iana-grp09",	"iana-grp10", "iana-grp11",	"iana-grp12", "iana-grp13",	"modp2048",    /* group 14 */	"modp3072",    /* group 15 */	"modp4096",    /* group 16 */	"modp6144",    /* group 17 */	"modp8192",    /* group 18 */};static const char *esp_p_map[] = {	NULL, "1des-iv64", "1des", "3des", "rc5", "idea", "cast",	"blowfish", "3idea", "1des-iv32", "rc4", "null", "aes"};static const char *ipcomp_p_map[] = {	NULL, "oui", "deflate", "lzs",};const struct attrmap ipsec_t_map[] = {	{ NULL,	0, { NULL } },	{ "lifetype", 3, { NULL, "sec", "kb", }, },	{ "life", 0, { NULL } },	{ "group desc", 18,	{ NULL, "modp768",				  "modp1024",    /* group 2 */				  "EC2N 2^155",  /* group 3 */				  "EC2N 2^185",  /* group 4 */				  "modp1536",    /* group 5 */				  "iana-grp06", "iana-grp07", /* reserved */				  "iana-grp08", "iana-grp09",				  "iana-grp10", "iana-grp11",				  "iana-grp12", "iana-grp13",				  "modp2048",    /* group 14 */				  "modp3072",    /* group 15 */				  "modp4096",    /* group 16 */				  "modp6144",    /* group 17 */				  "modp8192",    /* group 18 */		}, },	{ "enc mode", 3, { NULL, "tunnel", "transport", }, },	{ "auth", 5, { NULL, "hmac-md5", "hmac-sha1", "1des-mac", "keyed", }, },	{ "keylen", 0, { NULL } },	{ "rounds", 0, { NULL } },	{ "dictsize", 0, { NULL } },	{ "privalg", 0, { NULL } },};const struct attrmap encr_t_map[] = {	{ NULL,	0, { NULL } }, 	{ NULL,	0, { NULL } },  /* 0, 1 */	{ NULL,	0, { NULL } },	{ NULL,	0, { NULL } },  /* 2, 3 */	{ NULL,	0, { NULL } },	{ NULL,	0, { NULL } },  /* 4, 5 */	{ NULL,	0, { NULL } },	{ NULL,	0, { NULL } },  /* 6, 7 */	{ NULL,	0, { NULL } },	{ NULL,	0, { NULL } },  /* 8, 9 */	{ NULL,	0, { NULL } },	{ NULL,	0, { NULL } },  /* 10,11*/	{ NULL,	0, { NULL } },	{ NULL,	0, { NULL } },  /* 12,13*/	{ "keylen", 14, { NULL }},};const struct attrmap oakley_t_map[] = {	{ NULL,	0, { NULL } },	{ "enc", 8,	{ NULL, "1des", "idea", "blowfish", "rc5",		 	  "3des", "cast", "aes", }, },	{ "hash", 7,	{ NULL, "md5", "sha1", "tiger",			  "sha2-256", "sha2-384", "sha2-512", }, },	{ "auth", 6,	{ NULL, "preshared", "dss", "rsa sig", "rsa enc",			  "rsa enc revised", }, },	{ "group desc", 18,	{ NULL, "modp768",				  "modp1024",    /* group 2 */				  "EC2N 2^155",  /* group 3 */				  "EC2N 2^185",  /* group 4 */				  "modp1536",    /* group 5 */				  "iana-grp06", "iana-grp07", /* reserved */				  "iana-grp08", "iana-grp09",				  "iana-grp10", "iana-grp11",				  "iana-grp12", "iana-grp13",				  "modp2048",    /* group 14 */				  "modp3072",    /* group 15 */				  "modp4096",    /* group 16 */				  "modp6144",    /* group 17 */				  "modp8192",    /* group 18 */		}, },	{ "group type", 4,	{ NULL, "MODP", "ECP", "EC2N", }, },	{ "group prime", 0, { NULL } },	{ "group gen1", 0, { NULL } },	{ "group gen2", 0, { NULL } },	{ "group curve A", 0, { NULL } },	{ "group curve B", 0, { NULL } },	{ "lifetype", 3,	{ NULL, "sec", "kb", }, },	{ "lifeduration", 0, { NULL } },	{ "prf", 0, { NULL } },	{ "keylen", 0, { NULL } },	{ "field", 0, { NULL } },	{ "order", 0, { NULL } },};static const u_char *ikev1_t_print(netdissect_options *ndo, u_char tpay _U_,	      const struct isakmp_gen *ext, u_int item_len,	      const u_char *ep, u_int32_t phase _U_, u_int32_t doi _U_,	      u_int32_t proto, int depth _U_){	const struct ikev1_pl_t *p;	struct ikev1_pl_t t;	const u_char *cp;	const char *idstr;	const struct attrmap *map;	size_t nmap;	const u_char *ep2;	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_T)));	p = (struct ikev1_pl_t *)ext;	ND_TCHECK(*p);	safememcpy(&t, ext, sizeof(t));	switch (proto) {	case 1:		idstr = STR_OR_ID(t.t_id, ikev1_p_map);		map = oakley_t_map;		nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);		break;	case 2:		idstr = STR_OR_ID(t.t_id, ah_p_map);		map = ipsec_t_map;		nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]);		break;	case 3:		idstr = STR_OR_ID(t.t_id, esp_p_map);		map = ipsec_t_map;		nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]);		break;	case 4:		idstr = STR_OR_ID(t.t_id, ipcomp_p_map);		map = ipsec_t_map;		nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]);		break;	default:		idstr = NULL;		map = NULL;		nmap = 0;		break;	}	if (idstr)		ND_PRINT((ndo," #%d id=%s ", t.t_no, idstr));	else		ND_PRINT((ndo," #%d id=%d ", t.t_no, t.t_id));	cp = (u_char *)(p + 1);	ep2 = (u_char *)p + item_len;	while (cp < ep && cp < ep2) {		if (map && nmap) {			cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2,				map, nmap);		} else			cp = ikev1_attr_print(ndo, cp, (ep < ep2) ? ep : ep2);	}	if (ep < ep2)		ND_PRINT((ndo,"..."));	return cp;trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_T)));	return NULL;}static const u_char *ikev1_ke_print(netdissect_options *ndo, u_char tpay _U_,	       const struct isakmp_gen *ext, u_int item_len _U_,	       const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi _U_,	       u_int32_t proto _U_, int depth _U_){	struct isakmp_gen e;	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_KE)));	ND_TCHECK(*ext);	safememcpy(&e, ext, sizeof(e));	ND_PRINT((ndo," key len=%d", ntohs(e.len) - 4));	if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {		ND_PRINT((ndo," "));		if (!rawprint(ndo, (caddr_t)(ext + 1), ntohs(e.len) - 4))			goto trunc;	}	return (u_char *)ext + ntohs(e.len);trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_KE)));	return NULL;}static const u_char *ikev1_id_print(netdissect_options *ndo, u_char tpay _U_,	       const struct isakmp_gen *ext, u_int item_len _U_,	       const u_char *ep _U_, u_int32_t phase, u_int32_t doi _U_,	       u_int32_t proto _U_, int depth _U_){#define USE_IPSECDOI_IN_PHASE1	1	const struct ikev1_pl_id *p;	struct ikev1_pl_id id;	static const char *idtypestr[] = {		"IPv4", "IPv4net", "IPv6", "IPv6net",	};	static const char *ipsecidtypestr[] = {		NULL, "IPv4", "FQDN", "user FQDN", "IPv4net", "IPv6",		"IPv6net", "IPv4range", "IPv6range", "ASN1 DN", "ASN1 GN",		"keyid",	};	int len;	const u_char *data;	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_ID)));	p = (struct ikev1_pl_id *)ext;	ND_TCHECK(*p);	safememcpy(&id, ext, sizeof(id));	if (sizeof(*p) < item_len) {		data = (u_char *)(p + 1);		len = item_len - sizeof(*p);	} else {		data = NULL;		len = 0;	}#if 0 /*debug*/	ND_PRINT((ndo," [phase=%d doi=%d proto=%d]", phase, doi, proto));#endif	switch (phase) {#ifndef USE_IPSECDOI_IN_PHASE1	case 1:#endif	default:		ND_PRINT((ndo," idtype=%s", STR_OR_ID(id.d.id_type, idtypestr)));		ND_PRINT((ndo," doi_data=%u",			  (u_int32_t)(ntohl(id.d.doi_data) & 0xffffff)));		break;#ifdef USE_IPSECDOI_IN_PHASE1	case 1:#endif	case 2:	    {		const struct ipsecdoi_id *p;		struct ipsecdoi_id id;		struct protoent *pe;		p = (struct ipsecdoi_id *)ext;		ND_TCHECK(*p);		safememcpy(&id, ext, sizeof(id));		ND_PRINT((ndo," idtype=%s", STR_OR_ID(id.type, ipsecidtypestr)));		if (id.proto_id) {#ifndef WIN32			setprotoent(1);#endif /* WIN32 */			pe = getprotobynumber(id.proto_id);			if (pe)				ND_PRINT((ndo," protoid=%s", pe->p_name));#ifndef WIN32			endprotoent();#endif /* WIN32 */		} else {			/* it DOES NOT mean IPPROTO_IP! */			ND_PRINT((ndo," protoid=%s", "0"));		}		ND_PRINT((ndo," port=%d", ntohs(id.port)));		if (!len)			break;		if (data == NULL)			goto trunc;		ND_TCHECK2(*data, len);		switch (id.type) {		case IPSECDOI_ID_IPV4_ADDR:			if (len < 4)				ND_PRINT((ndo," len=%d [bad: < 4]", len));			else				ND_PRINT((ndo," len=%d %s", len, ipaddr_string(data)));			len = 0;			break;		case IPSECDOI_ID_FQDN:		case IPSECDOI_ID_USER_FQDN:		    {			int i;			ND_PRINT((ndo," len=%d ", len));			for (i = 0; i < len; i++)				safeputchar(data[i]);			len = 0;			break;		    }		case IPSECDOI_ID_IPV4_ADDR_SUBNET:		    {			const u_char *mask;			if (len < 8)				ND_PRINT((ndo," len=%d [bad: < 8]", len));			else {				mask = data + sizeof(struct in_addr);				ND_PRINT((ndo," len=%d %s/%u.%u.%u.%u", len,					  ipaddr_string(data),					  mask[0], mask[1], mask[2], mask[3]));			}			len = 0;			break;		    }#ifdef INET6		case IPSECDOI_ID_IPV6_ADDR:			if (len < 16)				ND_PRINT((ndo," len=%d [bad: < 16]", len));			else				ND_PRINT((ndo," len=%d %s", len, ip6addr_string(data)));			len = 0;			break;		case IPSECDOI_ID_IPV6_ADDR_SUBNET:		    {			const u_int32_t *mask;			if (len < 20)				ND_PRINT((ndo," len=%d [bad: < 20]", len));			else {				mask = (u_int32_t *)(data + sizeof(struct in6_addr));				/*XXX*/				ND_PRINT((ndo," len=%d %s/0x%08x%08x%08x%08x", len,					  ip6addr_string(data),					  mask[0], mask[1], mask[2], mask[3]));			}			len = 0;			break;		    }#endif /*INET6*/		case IPSECDOI_ID_IPV4_ADDR_RANGE:			if (len < 8)				ND_PRINT((ndo," len=%d [bad: < 8]", len));			else {				ND_PRINT((ndo," len=%d %s-%s", len,					  ipaddr_string(data),					  ipaddr_string(data + sizeof(struct in_addr))));			}			len = 0;			break;#ifdef INET6		case IPSECDOI_ID_IPV6_ADDR_RANGE:			if (len < 32)				ND_PRINT((ndo," len=%d [bad: < 32]", len));			else {				ND_PRINT((ndo," len=%d %s-%s", len,					  ip6addr_string(data),					  ip6addr_string(data + sizeof(struct in6_addr))));			}			len = 0;			break;#endif /*INET6*/		case IPSECDOI_ID_DER_ASN1_DN:		case IPSECDOI_ID_DER_ASN1_GN:		case IPSECDOI_ID_KEY_ID:			break;		}		break;	    }	}	if (data && len) {		ND_PRINT((ndo," len=%d", len));		if (2 < ndo->ndo_vflag) {			ND_PRINT((ndo," "));			if (!rawprint(ndo, (caddr_t)data, len))				goto trunc;		}	}	return (u_char *)ext + item_len;trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_ID)));	return NULL;}static const u_char *ikev1_cert_print(netdissect_options *ndo, u_char tpay _U_,		 const struct isakmp_gen *ext, u_int item_len _U_,		 const u_char *ep _U_, u_int32_t phase _U_,		 u_int32_t doi0 _U_,		 u_int32_t proto0 _U_, int depth _U_){	const struct ikev1_pl_cert *p;	struct ikev1_pl_cert cert;	static const char *certstr[] = {		"none",	"pkcs7", "pgp", "dns",		"x509sign", "x509ke", "kerberos", "crl",		"arl", "spki", "x509attr",	};	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_CERT)));	p = (struct ikev1_pl_cert *)ext;	ND_TCHECK(*p);	safememcpy(&cert, ext, sizeof(cert));	ND_PRINT((ndo," len=%d", item_len - 4));	ND_PRINT((ndo," type=%s", STR_OR_ID((cert.encode), certstr)));	if (2 < ndo->ndo_vflag && 4 < item_len) {		ND_PRINT((ndo," "));		if (!rawprint(ndo, (caddr_t)(ext + 1), item_len - 4))			goto trunc;	}	return (u_char *)ext + item_len;trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_CERT)));	return NULL;}static const u_char *ikev1_cr_print(netdissect_options *ndo, u_char tpay _U_,	       const struct isakmp_gen *ext, u_int item_len _U_,	       const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi0 _U_,	       u_int32_t proto0 _U_, int depth _U_){	const struct ikev1_pl_cert *p;	struct ikev1_pl_cert cert;	static const char *certstr[] = {		"none",	"pkcs7", "pgp", "dns",		"x509sign", "x509ke", "kerberos", "crl",		"arl", "spki", "x509attr",	};	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_CR)));	p = (struct ikev1_pl_cert *)ext;	ND_TCHECK(*p);	safememcpy(&cert, ext, sizeof(cert));	ND_PRINT((ndo," len=%d", item_len - 4));	ND_PRINT((ndo," type=%s", STR_OR_ID((cert.encode), certstr)));	if (2 < ndo->ndo_vflag && 4 < item_len) {		ND_PRINT((ndo," "));		if (!rawprint(ndo, (caddr_t)(ext + 1), item_len - 4))			goto trunc;	}	return (u_char *)ext + item_len;trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_CR)));	return NULL;}static const u_char *ikev1_hash_print(netdissect_options *ndo, u_char tpay _U_,		 const struct isakmp_gen *ext, u_int item_len _U_,		 const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi _U_,		 u_int32_t proto _U_, int depth _U_){	struct isakmp_gen e;	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_HASH)));	ND_TCHECK(*ext);	safememcpy(&e, ext, sizeof(e));	ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));	if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {		ND_PRINT((ndo," "));		if (!rawprint(ndo, (caddr_t)(ext + 1), ntohs(e.len) - 4))			goto trunc;	}	return (u_char *)ext + ntohs(e.len);trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_HASH)));	return NULL;}static const u_char *ikev1_sig_print(netdissect_options *ndo, u_char tpay _U_,		const struct isakmp_gen *ext, u_int item_len _U_,		const u_char *ep _U_, u_int32_t phase _U_, u_int32_t doi _U_,		u_int32_t proto _U_, int depth _U_){	struct isakmp_gen e;	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_SIG)));	ND_TCHECK(*ext);	safememcpy(&e, ext, sizeof(e));	ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));	if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {		ND_PRINT((ndo," "));		if (!rawprint(ndo, (caddr_t)(ext + 1), ntohs(e.len) - 4))			goto trunc;	}	return (u_char *)ext + ntohs(e.len);trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_SIG)));	return NULL;}static const u_char *ikev1_nonce_print(netdissect_options *ndo, u_char tpay _U_,		  const struct isakmp_gen *ext,		  u_int item_len _U_,		  const u_char *ep _U_,		  u_int32_t phase _U_, u_int32_t doi _U_,		  u_int32_t proto _U_, int depth _U_){	struct isakmp_gen e;	ND_PRINT((ndo,"%s:", NPSTR(ISAKMP_NPTYPE_NONCE)));	ND_TCHECK(*ext);	safememcpy(&e, ext, sizeof(e));	ND_PRINT((ndo," n len=%d", ntohs(e.len) - 4));	if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {		ND_PRINT((ndo," "));		if (!rawprint(ndo, (caddr_t)(ext + 1), ntohs(e.len) - 4))			goto trunc;	} else if (1 < ndo->ndo_vflag && 4 < ntohs(e.len)) {		ND_PRINT((ndo," "));		if (!ike_show_somedata(ndo, (u_char *)(caddr_t)(ext + 1), ep))			goto trunc;	}	return (u_char *)ext + ntohs(e.len);trunc:	ND_PRINT((ndo," [|%s]", NPSTR(ISAKMP_NPTYPE_NONCE)));	return NULL;}static const u_char *ikev1_n_print(netdissect_options *ndo, u_char tpay _U_,	      const struct isakmp_gen *ext, u_int item_len,	      const u_char *ep, u_int32_t phase, u_int32_t doi0 _U_,	      u_int32_t proto0 _U_, int depth){	struct ikev1_pl_n *p, n;	const u_char *cp;	u_char *ep2;	u_int32_t doi;	u_int32_t proto;	static const char *notify_error_str[] = {		NULL,				"INVALID-PAYLOAD-TYPE",		"DOI-NOT-SUPPORTED",		"SITUATION-NOT-SUPPORTED",		"INVALID-COOKIE",		"INVALID-MAJOR-VERSION",		"INVALID-MINOR-VERSION",	"INVALID-EXCHANGE-TYPE",		"INVALID-FLAGS",		"INVALID-MESSAGE-ID",		"INVALID-PROTOCOL-ID",		"INVALID-SPI",		"INVALID-TRANSFORM-ID",		"ATTRIBUTES-NOT-SUPPORTED",		"NO-PROPOSAL-CHOSEN",		"BAD-PROPOSAL-SYNTAX",		"PAYLOAD-MALFORMED",		"INVALID-KEY-INFORMATION",		"INVALID-ID-INFORMATION",	"INVALID-CERT-ENCODING",		"INVALID-CERTIFICATE",		"CERT-TYPE-UNSUPPORTED",		"INVALID-CERT-AUTHORITY",	"INVALID-HASH-INFORMATION",		"AUTHENTICATION-FAILED",	"INVALID-SIGNATURE",		"ADDRESS-NOTIFICATION",		"NOTIFY-SA-LIFETIME",		"CERTIFICATE-UNAVAILABLE",	"UNSUPPORTED-EXCHANGE-TYPE",		"UNEQUAL-PAYLOAD-LENGTHS",	};	static const char *ipsec_notify_error_str[] = {		"RESERVED",	};	static const char *notify_status_str[] = {		"CONNECTED",	};	static const char *ipsec_notify_status_str[] = {		"RESPONDER-LIFETIME",		"REPLAY-STATUS",		"INITIAL-CONTACT",	};/* NOTE: these macro must be called with x in proper range *//* 0 - 8191 */
print-isakmp.c - 源码说明

本页面展示了「TCPDUMP的C语言源代码,是在数据链路层的应用」中的 print-isakmp.c 源码文件，采用 C语言编程语言编写，共 2,402 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫下载站收录了大量与TCPDUMP相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?