mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-24 02:23:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
a2cb011440
tcpdump/print-isakmp.c

1265 lines
31 KiB
C
Raw Normal View History

code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
/*
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
whitespace cleanup
2002-06-12 01:08:37 +08:00
*
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
* Redistribution and use in source and binary forms, with or without
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
whitespace cleanup
2002-06-12 01:08:37 +08:00
*
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
*
*/
Have the configure script arrange that the Makefile define _U_ appropriately, and that GNUmakefile and the MSVC++ project file define it apppriately, as we do with libpcap, rather than defining it in "interface.h". Undo the rcsid-shuffling and addition of extra #includes, as we no longer need to arrange that "interface.h" be included before using _U_ in an RCS ID or copyright.
2003-11-16 17:36:07 +08:00
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.38 2003-11-16 09:36:25 guy Exp $ (LBL)";
#endif
Switch to config.h instead of passing defines in DEFS.
1999-11-21 17:36:43 +08:00
#ifdef HAVE_CONFIG_H
#include "config.h"
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
#endif
Added support for Win32, based on WinPcap.
2002-08-01 16:52:55 +08:00
#include <tcpdump-stdinc.h>
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
Added support for Win32, based on WinPcap.
2002-08-01 16:52:55 +08:00
#include <string.h>
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
#include <stdio.h>
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
#include "isakmp.h"
#include "ipsec_doi.h"
#include "oakley.h"
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
#include "interface.h"
#include "addrtoname.h"
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
#include "extract.h" /* must come after interface.h */
Add an "ip.h" header, to declare the IP stuff needed by dissectors, and have dissectors include them rather than <netinet/ip.h> or <netinet/ip_var.h>, if they actually need that stuff. Put the declarations of the ICMP stuff directly into "print-icmp.c". Remove all unnecessary includes of <netinet/ip*.h> files. Copy the byte-order stuff from "nameser.h" into "tcp.h".
2000-09-23 16:54:24 +08:00
#include "ip.h"
put stripped-down version of ip6.h and icmp6.h into tcpdump tree. ip6.h is almost normal RFC2292 header. icmp6.h has couple of extensions (not covered by RFC2292), like MLD, ICMPv6 nodeinfo, and router renumber. XXX how to synchronize with future kame changes?
2000-10-07 13:53:09 +08:00
#ifdef INET6
#include "ip6.h"
#endif
Add an "ip.h" header, to declare the IP stuff needed by dissectors, and have dissectors include them rather than <netinet/ip.h> or <netinet/ip_var.h>, if they actually need that stuff. Put the declarations of the ICMP stuff directly into "print-icmp.c". Remove all unnecessary includes of <netinet/ip*.h> files. Copy the byte-order stuff from "nameser.h" into "tcp.h".
2000-09-23 16:54:24 +08:00
fix complation on IPv4 host (tested with plain FreeBSD228).
1999-10-30 13:30:20 +08:00
#ifndef HAVE_SOCKADDR_STORAGE
#define sockaddr_storage sockaddr
#endif
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *isakmp_sa_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_p_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_t_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_ke_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_id_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_cert_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_cr_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_sig_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_hash_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_nonce_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_n_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_d_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_vid_print(const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_sub0_print(u_char, const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
static const u_char *isakmp_sub_print(u_char, const struct isakmp_gen *,
const u_char *, u_int32_t, u_int32_t, u_int32_t, int);
tcpdump requires a C compiler that supports prototypes, as they're used throughout it; get rid of the use of the "__P()" macro, as, at least on some platforms with some compilers, that macro doesn't expand to its argument, causing the functions not to be declared with function prototypes, which then causes the compiler to warn about the prototype declaration and the function definition disagreeing.
2000-09-24 15:50:35 +08:00
static char *numstr(int);
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static void safememcpy(void *, const void *, size_t);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
#define MAXINITIATORS 20
int ninitiator = 0;
struct {
cookie_t initiator;
struct sockaddr_storage iaddr;
struct sockaddr_storage raddr;
} cookiecache[MAXINITIATORS];
/* protocol id */
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *protoidstr[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL, "isakmp", "ipsec-ah", "ipsec-esp", "ipcomp",
};
/* isakmp->np */
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *npstr[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
"none", "sa", "p", "t", "ke", "id", "cert", "cr", "hash",
"sig", "nonce", "n", "d", "vid"
};
/* isakmp->np */
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *(*npfunc[])(const struct isakmp_gen *, const u_char *,
u_int32_t, u_int32_t, u_int32_t, int) = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL,
isakmp_sa_print,
isakmp_p_print,
isakmp_t_print,
isakmp_ke_print,
isakmp_id_print,
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
isakmp_cert_print,
add a function to decode CR payload.
2000-09-23 12:43:42 +08:00
isakmp_cr_print,
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
isakmp_hash_print,
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
isakmp_sig_print,
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
isakmp_nonce_print,
isakmp_n_print,
isakmp_d_print,
isakmp_vid_print,
};
/* isakmp->etype */
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *etypestr[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
"none", "base", "ident", "auth", "agg", "inf", NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
"oakley-quick", "oakley-newgroup",
};
#define STR_OR_ID(x, tab) \
(((x) < sizeof(tab)/sizeof(tab[0]) && tab[(x)]) ? tab[(x)] : numstr(x))
#define PROTOIDSTR(x) STR_OR_ID(x, protoidstr)
#define NPSTR(x) STR_OR_ID(x, npstr)
#define ETYPESTR(x) STR_OR_ID(x, etypestr)
#define NPFUNC(x) \
(((x) < sizeof(npfunc)/sizeof(npfunc[0]) && npfunc[(x)]) \
? npfunc[(x)] : NULL)
static int
iszero(u_char *p, size_t l)
{
while (l--) {
if (*p++)
return 0;
}
return 1;
}
/* find cookie from initiator cache */
static int
cookie_find(cookie_t *in)
{
int i;
for (i = 0; i < MAXINITIATORS; i++) {
if (memcmp(in, &cookiecache[i].initiator, sizeof(*in)) == 0)
return i;
}
return -1;
}
/* record initiator */
static void
cookie_record(cookie_t *in, const u_char *bp2)
{
int i;
struct ip *ip;
struct sockaddr_in *sin;
#ifdef INET6
struct ip6_hdr *ip6;
struct sockaddr_in6 *sin6;
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
i = cookie_find(in);
if (0 <= i) {
ninitiator = (i + 1) % MAXINITIATORS;
return;
}
ip = (struct ip *)bp2;
always use u_intXX_t for protocol format declaration. char/short/int may not come with exact size. while at it, correct signedness of ip/udp header field. nuke most of the use of bitfield. TODO: bitfield in namser.h
2000-10-03 10:54:54 +08:00
switch (IP_V(ip)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
case 4:
memset(&cookiecache[ninitiator].iaddr, 0,
sizeof(cookiecache[ninitiator].iaddr));
memset(&cookiecache[ninitiator].raddr, 0,
sizeof(cookiecache[ninitiator].raddr));
sin = (struct sockaddr_in *)&cookiecache[ninitiator].iaddr;
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin->sin_len = sizeof(struct sockaddr_in);
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &ip->ip_src, sizeof(ip->ip_src));
sin = (struct sockaddr_in *)&cookiecache[ninitiator].raddr;
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin->sin_len = sizeof(struct sockaddr_in);
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst));
break;
#ifdef INET6
case 6:
memset(&cookiecache[ninitiator].iaddr, 0,
sizeof(cookiecache[ninitiator].iaddr));
memset(&cookiecache[ninitiator].raddr, 0,
sizeof(cookiecache[ninitiator].raddr));
ip6 = (struct ip6_hdr *)bp2;
sin6 = (struct sockaddr_in6 *)&cookiecache[ninitiator].iaddr;
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin6->sin6_len = sizeof(struct sockaddr_in6);
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, &ip6->ip6_src, sizeof(ip6->ip6_src));
sin6 = (struct sockaddr_in6 *)&cookiecache[ninitiator].raddr;
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin6->sin6_len = sizeof(struct sockaddr_in6);
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, &ip6->ip6_dst, sizeof(ip6->ip6_dst));
break;
#endif
default:
return;
}
memcpy(&cookiecache[ninitiator].initiator, in, sizeof(*in));
ninitiator = (ninitiator + 1) % MAXINITIATORS;
}
#define cookie_isinitiator(x, y) cookie_sidecheck((x), (y), 1)
#define cookie_isresponder(x, y) cookie_sidecheck((x), (y), 0)
static int
cookie_sidecheck(int i, const u_char *bp2, int initiator)
{
struct sockaddr_storage ss;
fix complation on IPv4 host (tested with plain FreeBSD228).
1999-10-30 13:30:20 +08:00
struct sockaddr *sa;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
struct ip *ip;
struct sockaddr_in *sin;
#ifdef INET6
struct ip6_hdr *ip6;
struct sockaddr_in6 *sin6;
#endif
avoid use of sa_len for Linux/Solaris platform. XXX not really tested
1999-10-30 13:37:35 +08:00
int salen;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
memset(&ss, 0, sizeof(ss));
ip = (struct ip *)bp2;
always use u_intXX_t for protocol format declaration. char/short/int may not come with exact size. while at it, correct signedness of ip/udp header field. nuke most of the use of bitfield. TODO: bitfield in namser.h
2000-10-03 10:54:54 +08:00
switch (IP_V(ip)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
case 4:
sin = (struct sockaddr_in *)&ss;
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin->sin_len = sizeof(struct sockaddr_in);
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, &ip->ip_src, sizeof(ip->ip_src));
break;
#ifdef INET6
case 6:
ip6 = (struct ip6_hdr *)bp2;
sin6 = (struct sockaddr_in6 *)&ss;
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin6->sin6_len = sizeof(struct sockaddr_in6);
- enable build outside of the tree - endian checks (use WORDS_BIGENDIAN) - fallback def for IPPROTO_{AH,ESP} - sa_len issues - do not use bittypes.h, respect AC_LBL_CHECK_TYPES
1999-10-30 15:36:34 +08:00
#endif
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, &ip6->ip6_src, sizeof(ip6->ip6_src));
break;
#endif
default:
return 0;
}
fix complation on IPv4 host (tested with plain FreeBSD228).
1999-10-30 13:30:20 +08:00
sa = (struct sockaddr *)&ss;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (initiator) {
fix complation on IPv4 host (tested with plain FreeBSD228).
1999-10-30 13:30:20 +08:00
if (sa->sa_family != ((struct sockaddr *)&cookiecache[i].iaddr)->sa_family)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return 0;
avoid use of sa_len for Linux/Solaris platform. XXX not really tested
1999-10-30 13:37:35 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
salen = sa->sa_len;
#else
#ifdef INET6
if (sa->sa_family == AF_INET6)
salen = sizeof(struct sockaddr_in6);
else
salen = sizeof(struct sockaddr);
#else
salen = sizeof(struct sockaddr);
#endif
#endif
if (memcmp(&ss, &cookiecache[i].iaddr, salen) == 0)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return 1;
} else {
fix complation on IPv4 host (tested with plain FreeBSD228).
1999-10-30 13:30:20 +08:00
if (sa->sa_family != ((struct sockaddr *)&cookiecache[i].raddr)->sa_family)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return 0;
avoid use of sa_len for Linux/Solaris platform. XXX not really tested
1999-10-30 13:37:35 +08:00
#ifdef HAVE_SOCKADDR_SA_LEN
salen = sa->sa_len;
#else
#ifdef INET6
if (sa->sa_family == AF_INET6)
salen = sizeof(struct sockaddr_in6);
else
salen = sizeof(struct sockaddr);
#else
salen = sizeof(struct sockaddr);
#endif
#endif
if (memcmp(&ss, &cookiecache[i].raddr, salen) == 0)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return 1;
}
return 0;
}
static void
rawprint(caddr_t loc, size_t len)
{
static u_char *p;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
size_t i;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
p = (u_char *)loc;
for (i = 0; i < len; i++)
printf("%02x", p[i] & 0xff);
}
struct attrmap {
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
const char *type;
u_int nvalue;
const char *value[30]; /*XXX*/
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
};
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_attrmap_print(const u_char *p, const u_char *ep,
const struct attrmap *map, size_t nmap)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
s/u_short/u_int16_t/ for KAME-origin source codes
2000-04-28 19:14:47 +08:00
u_int16_t *q;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
int totlen;
u_int32_t t, v;
s/u_short/u_int16_t/ for KAME-origin source codes
2000-04-28 19:14:47 +08:00
q = (u_int16_t *)p;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (p[0] & 0x80)
totlen = 4;
else
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
totlen = 4 + EXTRACT_16BITS(&q[1]);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (ep < p + totlen) {
printf("[|attr]");
return ep + 1;
}
printf("(");
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
t = EXTRACT_16BITS(&q[0]) & 0x7fff;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (map && t < nmap && map[t].type)
printf("type=%s ", map[t].type);
else
printf("type=#%d ", t);
if (p[0] & 0x80) {
printf("value=");
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
v = EXTRACT_16BITS(&q[1]);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (map && t < nmap && v < map[t].nvalue && map[t].value[v])
printf("%s", map[t].value[v]);
else
rawprint((caddr_t)&q[1], 2);
} else {
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
printf("len=%d value=", EXTRACT_16BITS(&q[1]));
rawprint((caddr_t)&p[4], EXTRACT_16BITS(&q[1]));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
printf(")");
return p + totlen;
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_attr_print(const u_char *p, const u_char *ep)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
s/u_short/u_int16_t/ for KAME-origin source codes
2000-04-28 19:14:47 +08:00
u_int16_t *q;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
int totlen;
u_int32_t t;
s/u_short/u_int16_t/ for KAME-origin source codes
2000-04-28 19:14:47 +08:00
q = (u_int16_t *)p;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (p[0] & 0x80)
totlen = 4;
else
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
totlen = 4 + EXTRACT_16BITS(&q[1]);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (ep < p + totlen) {
printf("[|attr]");
return ep + 1;
}
printf("(");
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
t = EXTRACT_16BITS(&q[0]) & 0x7fff;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("type=#%d ", t);
if (p[0] & 0x80) {
printf("value=");
t = q[1];
rawprint((caddr_t)&q[1], 2);
} else {
The "__attribute__((packed))" tag on structures causes some files not to compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
2002-12-11 15:13:49 +08:00
printf("len=%d value=", EXTRACT_16BITS(&q[1]));
rawprint((caddr_t)&p[2], EXTRACT_16BITS(&q[1]));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
printf(")");
return p + totlen;
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_sa_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
u_int32_t doi0 _U_, u_int32_t proto0, int depth)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_sa *p;
struct isakmp_pl_sa sa;
const u_int32_t *q;
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
u_int32_t doi, sit, ident;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *cp, *np;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
int t;
printf("%s:", NPSTR(ISAKMP_NPTYPE_SA));
p = (struct isakmp_pl_sa *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&sa, ext, sizeof(sa));
doi = ntohl(sa.doi);
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
sit = ntohl(sa.sit);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (doi != 1) {
printf(" doi=%d", doi);
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" situation=%u", (u_int32_t)ntohl(sa.sit));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return (u_char *)(p + 1);
}
printf(" doi=ipsec");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
q = (u_int32_t *)&sa.sit;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" situation=");
t = 0;
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
if (sit & 0x01) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("identity");
t++;
}
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
if (sit & 0x02) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%ssecrecy", t ? "+" : "");
t++;
}
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
if (sit & 0x04)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%sintegrity", t ? "+" : "");
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
np = (u_char *)ext + sizeof(sa);
if (sit != 0x01) {
safememcpy(&ident, ext + 1, sizeof(ident));
printf(" ident=%u", (u_int32_t)ntohl(ident));
np += sizeof(ident);
}
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
do not try to pass pointer to data-on-stack. broken during align-friendly fix.
2000-12-12 17:20:26 +08:00
ext = (struct isakmp_gen *)np;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
cp = isakmp_sub_print(ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0,
depth);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return cp;
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_p_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
u_int32_t doi0, u_int32_t proto0 _U_, int depth)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_p *p;
struct isakmp_pl_p prop;
const u_char *cp;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_P));
p = (struct isakmp_pl_p *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&prop, ext, sizeof(prop));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" #%d protoid=%s transform=%d",
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
prop.p_no, PROTOIDSTR(prop.prot_id), prop.num_t);
if (prop.spi_size) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" spi=");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(p + 1), prop.spi_size);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
ext = (struct isakmp_gen *)((u_char *)(p + 1) + prop.spi_size);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
cp = isakmp_sub_print(ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
prop.prot_id, depth);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return cp;
}
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *isakmp_p_map[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL, "ike",
};
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *ah_p_map[] = {
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
NULL, "(reserved)", "md5", "sha", "1des",
add AES and SHA2-*
2000-10-04 10:54:40 +08:00
"sha2-256", "sha2-384", "sha2-512",
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
};
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *esp_p_map[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL, "1des-iv64", "1des", "3des", "rc5", "idea", "cast",
add AES and SHA2-*
2000-10-04 10:54:40 +08:00
"blowfish", "3idea", "1des-iv32", "rc4", "null", "aes"
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
};
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *ipcomp_p_map[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL, "oui", "deflate", "lzs",
};
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct attrmap ipsec_t_map[] = {
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
{ NULL, 0, { NULL } },
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{ "lifetype", 3, { NULL, "sec", "kb", }, },
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
{ "life", 0, { NULL } },
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{ "group desc", 5, { NULL, "modp768", "modp1024", "EC2N 2^155",
"EC2N 2^185", }, },
{ "enc mode", 3, { NULL, "tunnel", "transport", }, },
{ "auth", 5, { NULL, "hmac-md5", "hmac-sha1", "1des-mac", "keyed", }, },
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
{ "keylen", 0, { NULL } },
{ "rounds", 0, { NULL } },
{ "dictsize", 0, { NULL } },
{ "privalg", 0, { NULL } },
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
};
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct attrmap oakley_t_map[] = {
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
{ NULL, 0, { NULL } },
add AES and SHA2-*
2000-10-04 10:54:40 +08:00
{ "enc", 8, { NULL, "1des", "idea", "blowfish", "rc5",
"3des", "cast", "aes", }, },
{ "hash", 7, { NULL, "md5", "sha1", "tiger",
"sha2-256", "sha2-384", "sha2-512", }, },
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{ "auth", 6, { NULL, "preshared", "dss", "rsa sig", "rsa enc",
"rsa enc revised", }, },
{ "group desc", 5, { NULL, "modp768", "modp1024", "EC2N 2^155",
"EC2N 2^185", }, },
{ "group type", 4, { NULL, "MODP", "ECP", "EC2N", }, },
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
{ "group prime", 0, { NULL } },
{ "group gen1", 0, { NULL } },
{ "group gen2", 0, { NULL } },
{ "group curve A", 0, { NULL } },
{ "group curve B", 0, { NULL } },
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{ "lifetype", 3, { NULL, "sec", "kb", }, },
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
{ "lifeduration", 0, { NULL } },
{ "prf", 0, { NULL } },
{ "keylen", 0, { NULL } },
{ "field", 0, { NULL } },
{ "order", 0, { NULL } },
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
};
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_t_print(const struct isakmp_gen *ext, const u_char *ep,
u_int32_t phase _U_, u_int32_t doi _U_, u_int32_t proto,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_t *p;
struct isakmp_pl_t t;
const u_char *cp;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
const char *idstr;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct attrmap *map;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
size_t nmap;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *ep2;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_T));
p = (struct isakmp_pl_t *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&t, ext, sizeof(t));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
switch (proto) {
case 1:
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
idstr = STR_OR_ID(t.t_id, isakmp_p_map);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
map = oakley_t_map;
nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
break;
case 2:
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
idstr = STR_OR_ID(t.t_id, ah_p_map);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
map = ipsec_t_map;
nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]);
break;
case 3:
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
idstr = STR_OR_ID(t.t_id, esp_p_map);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
map = ipsec_t_map;
nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]);
break;
case 4:
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
idstr = STR_OR_ID(t.t_id, ipcomp_p_map);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
map = ipsec_t_map;
nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]);
break;
default:
idstr = NULL;
map = NULL;
nmap = 0;
break;
}
if (idstr)
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" #%d id=%s ", t.t_no, idstr);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
else
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" #%d id=%d ", t.t_no, t.t_id);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
cp = (u_char *)(p + 1);
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
ep2 = (u_char *)p + ntohs(t.h.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
while (cp < ep && cp < ep2) {
if (map && nmap) {
cp = isakmp_attrmap_print(cp, (ep < ep2) ? ep : ep2,
map, nmap);
} else
cp = isakmp_attr_print(cp, (ep < ep2) ? ep : ep2);
}
if (ep < ep2)
printf("...");
return cp;
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_ke_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_, u_int32_t proto _U_,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_KE));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
printf(" key len=%d", ntohs(e.len) - 4);
if (2 < vflag && 4 < ntohs(e.len)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(e.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_id_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase, u_int32_t doi _U_, u_int32_t proto _U_,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
#define USE_IPSECDOI_IN_PHASE1 1
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_id *p;
struct isakmp_pl_id id;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *idtypestr[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
"IPv4", "IPv4net", "IPv6", "IPv6net",
};
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *ipsecidtypestr[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL, "IPv4", "FQDN", "user FQDN", "IPv4net", "IPv6",
"IPv6net", "IPv4range", "IPv6range", "ASN1 DN", "ASN1 GN",
"keyid",
};
int len;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *data;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_ID));
p = (struct isakmp_pl_id *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&id, ext, sizeof(id));
if (sizeof(*p) < id.h.len)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
data = (u_char *)(p + 1);
else
data = NULL;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
len = ntohs(id.h.len) - sizeof(*p);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
#if 0 /*debug*/
printf(" [phase=%d doi=%d proto=%d]", phase, doi, proto);
#endif
switch (phase) {
#ifndef USE_IPSECDOI_IN_PHASE1
case 1:
#endif
default:
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" idtype=%s", STR_OR_ID(id.d.id_type, idtypestr));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" doi_data=%u",
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
(u_int32_t)(ntohl(id.d.doi_data) & 0xffffff));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
break;
#ifdef USE_IPSECDOI_IN_PHASE1
case 1:
#endif
case 2:
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct ipsecdoi_id *p;
struct ipsecdoi_id id;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
struct protoent *pe;
p = (struct ipsecdoi_id *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&id, ext, sizeof(id));
printf(" idtype=%s", STR_OR_ID(id.type, ipsecidtypestr));
if (id.proto_id) {
Added support for Win32, based on WinPcap.
2002-08-01 16:52:55 +08:00
#ifndef WIN32
repair ID payload protocol # decoding. we shouln't check DOI, and 0 means ANY (not IPPROTO_IP).
2000-09-23 04:35:34 +08:00
setprotoent(1);
Added support for Win32, based on WinPcap.
2002-08-01 16:52:55 +08:00
#endif /* WIN32 */
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
pe = getprotobynumber(id.proto_id);
repair ID payload protocol # decoding. we shouln't check DOI, and 0 means ANY (not IPPROTO_IP).
2000-09-23 04:35:34 +08:00
if (pe)
printf(" protoid=%s", pe->p_name);
Added support for Win32, based on WinPcap.
2002-08-01 16:52:55 +08:00
#ifndef WIN32
repair ID payload protocol # decoding. we shouln't check DOI, and 0 means ANY (not IPPROTO_IP).
2000-09-23 04:35:34 +08:00
endprotoent();
Added support for Win32, based on WinPcap.
2002-08-01 16:52:55 +08:00
#endif /* WIN32 */
repair ID payload protocol # decoding. we shouln't check DOI, and 0 means ANY (not IPPROTO_IP).
2000-09-23 04:35:34 +08:00
} else {
/* it DOES NOT mean IPPROTO_IP! */
printf(" protoid=%s", "0");
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" port=%d", ntohs(id.port));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (!len)
break;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
switch (id.type) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
case IPSECDOI_ID_IPV4_ADDR:
printf(" len=%d %s", len, ipaddr_string(data));
len = 0;
break;
case IPSECDOI_ID_FQDN:
case IPSECDOI_ID_USER_FQDN:
{
int i;
printf(" len=%d ", len);
use safeputchar() instead of cook up on its own.
2001-01-28 16:06:06 +08:00
for (i = 0; i < len; i++)
safeputchar(data[i]);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
len = 0;
break;
}
case IPSECDOI_ID_IPV4_ADDR_SUBNET:
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *mask;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
mask = data + sizeof(struct in_addr);
printf(" len=%d %s/%u.%u.%u.%u", len,
ipaddr_string(data),
mask[0], mask[1], mask[2], mask[3]);
len = 0;
break;
}
#ifdef INET6
case IPSECDOI_ID_IPV6_ADDR:
printf(" len=%d %s", len, ip6addr_string(data));
len = 0;
break;
case IPSECDOI_ID_IPV6_ADDR_SUBNET:
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_int32_t *mask;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
mask = (u_int32_t *)(data + sizeof(struct in6_addr));
/*XXX*/
printf(" len=%d %s/0x%08x%08x%08x%08x", len,
ip6addr_string(data),
mask[0], mask[1], mask[2], mask[3]);
len = 0;
break;
}
#endif /*INET6*/
case IPSECDOI_ID_IPV4_ADDR_RANGE:
printf(" len=%d %s-%s", len, ipaddr_string(data),
ipaddr_string(data + sizeof(struct in_addr)));
len = 0;
break;
#ifdef INET6
case IPSECDOI_ID_IPV6_ADDR_RANGE:
printf(" len=%d %s-%s", len, ip6addr_string(data),
ip6addr_string(data + sizeof(struct in6_addr)));
len = 0;
break;
#endif /*INET6*/
case IPSECDOI_ID_DER_ASN1_DN:
case IPSECDOI_ID_DER_ASN1_GN:
case IPSECDOI_ID_KEY_ID:
break;
}
break;
}
}
if (data && len) {
printf(" len=%d", len);
if (2 < vflag) {
printf(" ");
rawprint((caddr_t)data, len);
}
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(id.h.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_cert_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi0 _U_, u_int32_t proto0 _U_,
int depth _U_)
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_cert *p;
struct isakmp_pl_cert cert;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *certstr[] = {
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
"none", "pkcs7", "pgp", "dns",
"x509sign", "x509ke", "kerberos", "crl",
"arl", "spki", "x509attr",
};
printf("%s:", NPSTR(ISAKMP_NPTYPE_CERT));
p = (struct isakmp_pl_cert *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&cert, ext, sizeof(cert));
printf(" len=%d", ntohs(cert.h.len) - 4);
printf(" type=%s", STR_OR_ID((cert.encode), certstr));
if (2 < vflag && 4 < ntohs(cert.h.len)) {
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(cert.h.len) - 4);
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(cert.h.len);
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_cr_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi0 _U_, u_int32_t proto0 _U_,
int depth _U_)
add a function to decode CR payload.
2000-09-23 12:43:42 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_cert *p;
struct isakmp_pl_cert cert;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *certstr[] = {
add a function to decode CR payload.
2000-09-23 12:43:42 +08:00
"none", "pkcs7", "pgp", "dns",
"x509sign", "x509ke", "kerberos", "crl",
"arl", "spki", "x509attr",
};
printf("%s:", NPSTR(ISAKMP_NPTYPE_CR));
p = (struct isakmp_pl_cert *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&cert, ext, sizeof(cert));
printf(" len=%d", ntohs(cert.h.len) - 4);
printf(" type=%s", STR_OR_ID((cert.encode), certstr));
if (2 < vflag && 4 < ntohs(cert.h.len)) {
add a function to decode CR payload.
2000-09-23 12:43:42 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(cert.h.len) - 4);
add a function to decode CR payload.
2000-09-23 12:43:42 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(cert.h.len);
add a function to decode CR payload.
2000-09-23 12:43:42 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_hash_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_, u_int32_t proto _U_,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_HASH));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
printf(" len=%d", ntohs(e.len) - 4);
if (2 < vflag && 4 < ntohs(e.len)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(e.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_sig_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_, u_int32_t proto _U_,
int depth _U_)
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
{
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_SIG));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
printf(" len=%d", ntohs(e.len) - 4);
if (2 < vflag && 4 < ntohs(e.len)) {
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(e.len);
CERT and SIG payload. fix IPsec-AH transform value. (from KAME)
2000-04-24 20:49:11 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_nonce_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_, u_int32_t proto _U_,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_NONCE));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
printf(" n len=%d", ntohs(e.len) - 4);
if (2 < vflag && 4 < ntohs(e.len)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(e.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_n_print(const struct isakmp_gen *ext, const u_char *ep, u_int32_t phase,
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
u_int32_t doi0 _U_, u_int32_t proto0 _U_, int depth)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_pl_n *p, n;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *cp;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
u_char *ep2;
u_int32_t doi;
u_int32_t proto;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *notify_error_str[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL, "INVALID-PAYLOAD-TYPE",
"DOI-NOT-SUPPORTED", "SITUATION-NOT-SUPPORTED",
"INVALID-COOKIE", "INVALID-MAJOR-VERSION",
"INVALID-MINOR-VERSION", "INVALID-EXCHANGE-TYPE",
"INVALID-FLAGS", "INVALID-MESSAGE-ID",
"INVALID-PROTOCOL-ID", "INVALID-SPI",
"INVALID-TRANSFORM-ID", "ATTRIBUTES-NOT-SUPPORTED",
"NO-PROPOSAL-CHOSEN", "BAD-PROPOSAL-SYNTAX",
"PAYLOAD-MALFORMED", "INVALID-KEY-INFORMATION",
"INVALID-ID-INFORMATION", "INVALID-CERT-ENCODING",
"INVALID-CERTIFICATE", "CERT-TYPE-UNSUPPORTED",
"INVALID-CERT-AUTHORITY", "INVALID-HASH-INFORMATION",
"AUTHENTICATION-FAILED", "INVALID-SIGNATURE",
"ADDRESS-NOTIFICATION", "NOTIFY-SA-LIFETIME",
"CERTIFICATE-UNAVAILABLE", "UNSUPPORTED-EXCHANGE-TYPE",
"UNEQUAL-PAYLOAD-LENGTHS",
};
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
static const char *ipsec_notify_error_str[] = {
"RESERVED",
};
static const char *notify_status_str[] = {
"CONNECTED",
};
static const char *ipsec_notify_status_str[] = {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
"RESPONDER-LIFETIME", "REPLAY-STATUS",
"INITIAL-CONTACT",
};
/* NOTE: these macro must be called with x in proper range */
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
/* 0 - 8191 */
#define NOTIFY_ERROR_STR(x) \
STR_OR_ID((x), notify_error_str)
/* 8192 - 16383 */
#define IPSEC_NOTIFY_ERROR_STR(x) \
STR_OR_ID((u_int)((x) - 8192), ipsec_notify_error_str)
/* 16384 - 24575 */
#define NOTIFY_STATUS_STR(x) \
STR_OR_ID((u_int)((x) - 16384), notify_status_str)
/* 24576 - 32767 */
#define IPSEC_NOTIFY_STATUS_STR(x) \
STR_OR_ID((u_int)((x) - 24576), ipsec_notify_status_str)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_N));
p = (struct isakmp_pl_n *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&n, ext, sizeof(n));
doi = ntohl(n.doi);
proto = n.prot_id;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (doi != 1) {
printf(" doi=%d", doi);
printf(" proto=%d", proto);
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
if (ntohs(n.type) < 8192)
printf(" type=%s", NOTIFY_ERROR_STR(ntohs(n.type)));
else if (ntohs(n.type) < 16384)
printf(" type=%s", numstr(ntohs(n.type)));
else if (ntohs(n.type) < 24576)
printf(" type=%s", NOTIFY_STATUS_STR(ntohs(n.type)));
else
printf(" type=%s", numstr(ntohs(n.type)));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if (n.spi_size) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" spi=");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(p + 1), n.spi_size);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)(p + 1) + n.spi_size;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
printf(" doi=ipsec");
printf(" proto=%s", PROTOIDSTR(proto));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if (ntohs(n.type) < 8192)
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
printf(" type=%s", NOTIFY_ERROR_STR(ntohs(n.type)));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
else if (ntohs(n.type) < 16384)
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
printf(" type=%s", IPSEC_NOTIFY_ERROR_STR(ntohs(n.type)));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
else if (ntohs(n.type) < 24576)
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
printf(" type=%s", NOTIFY_STATUS_STR(ntohs(n.type)));
else if (ntohs(n.type) < 32768)
printf(" type=%s", IPSEC_NOTIFY_STATUS_STR(ntohs(n.type)));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
else
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
printf(" type=%s", numstr(ntohs(n.type)));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if (n.spi_size) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" spi=");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(p + 1), n.spi_size);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
cp = (u_char *)(p + 1) + n.spi_size;
ep2 = (u_char *)p + ntohs(n.h.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (cp < ep) {
printf(" orig=(");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
switch (ntohs(n.type)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
case IPSECDOI_NTYPE_RESPONDER_LIFETIME:
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct attrmap *map = oakley_t_map;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
while (cp < ep && cp < ep2) {
cp = isakmp_attrmap_print(cp,
(ep < ep2) ? ep : ep2, map, nmap);
}
break;
}
case IPSECDOI_NTYPE_REPLAY_STATUS:
printf("replay detection %sabled",
(*(u_int32_t *)cp) ? "en" : "dis");
break;
case ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN:
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
if (isakmp_sub_print(ISAKMP_NPTYPE_SA,
(struct isakmp_gen *)cp, ep, phase, doi, proto,
depth) == NULL)
return NULL;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
break;
default:
/* NULL is dummy */
isakmp_print(cp,
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
ntohs(n.h.len) - sizeof(*p) - n.spi_size,
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
NULL);
}
printf(")");
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(n.h.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_d_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi0 _U_, u_int32_t proto0 _U_,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_pl_d *p;
struct isakmp_pl_d d;
const u_int8_t *q;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
u_int32_t doi;
u_int32_t proto;
int i;
printf("%s:", NPSTR(ISAKMP_NPTYPE_D));
p = (struct isakmp_pl_d *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&d, ext, sizeof(d));
doi = ntohl(d.doi);
proto = d.prot_id;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (doi != 1) {
printf(" doi=%u", doi);
printf(" proto=%u", proto);
} else {
printf(" doi=ipsec");
printf(" proto=%s", PROTOIDSTR(proto));
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" spilen=%u", d.spi_size);
printf(" nspi=%u", ntohs(d.num_spi));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" spi=");
q = (u_int8_t *)(p + 1);
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
for (i = 0; i < ntohs(d.num_spi); i++) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (i != 0)
printf(",");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)q, d.spi_size);
q += d.spi_size;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
return q;
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
Get rid of the "-Wno-unused" flag, and fix up most of the unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
2002-09-06 05:25:34 +08:00
isakmp_vid_print(const struct isakmp_gen *ext, const u_char *ep _U_,
u_int32_t phase _U_, u_int32_t doi _U_, u_int32_t proto _U_,
int depth _U_)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("%s:", NPSTR(ISAKMP_NPTYPE_VID));
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
printf(" len=%d", ntohs(e.len) - 4);
if (2 < vflag && 4 < ntohs(e.len)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
return (u_char *)ext + ntohs(e.len);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_sub0_print(u_char np, const struct isakmp_gen *ext, const u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *cp;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
u_int item_len;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
cp = (u_char *)ext;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (NPFUNC(np))
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
cp = (*NPFUNC(np))(ext, ep, phase, doi, proto, depth);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
else {
printf("%s", NPSTR(np));
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
item_len = ntohs(e.len);
if (item_len == 0) {
/*
* We don't want to loop forever processing this
* bogus (zero-length) item; return NULL so that
* we stop dissecting.
*/
cp = NULL;
} else
cp += item_len;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return cp;
}
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
static const u_char *
isakmp_sub_print(u_char np, const struct isakmp_gen *ext, const u_char *ep,
u_int32_t phase, u_int32_t doi, u_int32_t proto, int depth)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const u_char *cp;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
int i;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
struct isakmp_gen e;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
cp = (const u_char *)ext;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
while (np) {
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&e, ext, sizeof(e));
if (ep < (u_char *)ext + ntohs(e.len)) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" [|%s]", NPSTR(np));
cp = ep + 1;
break;
}
depth++;
printf("\n");
for (i = 0; i < depth; i++)
printf(" ");
printf("(");
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
cp = isakmp_sub0_print(np, ext, ep, phase, doi, proto, depth);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(")");
depth--;
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
if (cp == NULL) {
/* Zero-length subitem */
return NULL;
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
np = e.np;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
ext = (struct isakmp_gen *)cp;
}
return cp;
}
static char *
numstr(int x)
{
static char buf[20];
s/sprintf/snprintf/. there seem to be couple of unsafe use of strcat and strcpy - we should bring in strl{cat,cpy}.
2000-01-17 14:24:23 +08:00
snprintf(buf, sizeof(buf), "#%d", x);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
return buf;
}
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
/*
* some compiler tries to optimize memcpy(), using the alignment constraint
* on the argument pointer type. by using this function, we try to avoid the
* optimization.
*/
static void
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
safememcpy(void *p, const void *q, size_t l)
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
{
memcpy(p, q, l);
}
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
void
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
isakmp_print(const u_char *bp, u_int length, const u_char *bp2)
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp *p;
struct isakmp base;
const u_char *ep;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
u_char np;
int i;
int phase;
fix isakmp version # field handling. - previous change (attempt to avoid non-"int" bitfield) broke the structure alignment/size. we've fixed it to u_int8_t. - we nuked use of bitfield.
2000-01-07 22:09:02 +08:00
int major, minor;
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
p = (const struct isakmp *)bp;
ep = snapend;
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if ((struct isakmp *)ep < p + 1) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("[|isakmp]");
return;
}
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
safememcpy(&base, p, sizeof(base));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("isakmp");
fix isakmp version # field handling. - previous change (attempt to avoid non-"int" bitfield) broke the structure alignment/size. we've fixed it to u_int8_t. - we nuked use of bitfield.
2000-01-07 22:09:02 +08:00
if (vflag) {
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
major = (base.vers & ISAKMP_VERS_MAJOR)
fix isakmp version # field handling. - previous change (attempt to avoid non-"int" bitfield) broke the structure alignment/size. we've fixed it to u_int8_t. - we nuked use of bitfield.
2000-01-07 22:09:02 +08:00
>> ISAKMP_VERS_MAJOR_SHIFT;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
minor = (base.vers & ISAKMP_VERS_MINOR)
fix isakmp version # field handling. - previous change (attempt to avoid non-"int" bitfield) broke the structure alignment/size. we've fixed it to u_int8_t. - we nuked use of bitfield.
2000-01-07 22:09:02 +08:00
>> ISAKMP_VERS_MINOR_SHIFT;
printf(" %d.%d", major, minor);
}
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (vflag) {
printf(" msgid ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)&base.msgid, sizeof(base.msgid));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
if (1 < vflag) {
printf(" cookie ");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)&base.i_ck, sizeof(base.i_ck));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf("->");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
rawprint((caddr_t)&base.r_ck, sizeof(base.r_ck));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
printf(":");
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
phase = (*(u_int32_t *)base.msgid == 0) ? 1 : 2;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (phase == 1)
printf(" phase %d", phase);
else
printf(" phase %d/others", phase);
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
i = cookie_find(&base.i_ck);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
if (i < 0) {
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if (iszero((u_char *)&base.r_ck, sizeof(base.r_ck))) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
/* the first packet */
printf(" I");
if (bp2)
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
cookie_record(&base.i_ck, bp2);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
} else
printf(" ?");
} else {
if (bp2 && cookie_isinitiator(i, bp2))
printf(" I");
else if (bp2 && cookie_isresponder(i, bp2))
printf(" R");
else
printf(" ?");
}
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
printf(" %s", ETYPESTR(base.etype));
if (base.flags) {
printf("[%s%s]", base.flags & ISAKMP_FLAG_E ? "E" : "",
base.flags & ISAKMP_FLAG_C ? "C" : "");
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
printf(":");
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
{
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
const struct isakmp_gen *ext;
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
int nparen;
#define CHECKLEN(p, np) \
if (ep < (u_char *)(p)) { \
printf(" [|%s]", NPSTR(np)); \
goto done; \
}
/* regardless of phase... */
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if (base.flags & ISAKMP_FLAG_E) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
/*
* encrypted, nothing we can do right now.
* we hope to decrypt the packet in the future...
*/
Use [encrypted %s] instead of the truncation notation [|%s] to note that we have a packet of type %s that we can't print.
2001-02-21 02:55:14 +08:00
printf(" [encrypted %s]", NPSTR(base.np));
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
goto done;
}
nparen = 0;
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
CHECKLEN(p + 1, base.np)
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
np = base.np;
ext = (struct isakmp_gen *)(p + 1);
Constify. Check for zero-length items in "isakmp_sub0_print()", and return NULL if one is seen. Have "isakmp_sub_print()" check for that and break out of the loop and return NULL if "isakmp_sub0_print()" returns NULL, so we don't loop forever printing the same item. Have callers of "isakmp_sub_print()" check for NULL and return NULL as well. Have "isakmp_sub_print()" take the depth as an argument, rather than have it as a static variable, for cleanliness.
2002-09-05 08:43:21 +08:00
isakmp_sub_print(np, ext, ep, phase, 0, 0, 0);
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
}
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
done:
if (vflag) {
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
if (ntohl(base.len) != length) {
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
printf(" (len mismatch: isakmp %u/ip %d)",
don't try to chase unaligned pointer. XXX memcpy() can be optimized in wacky way. not sure if the use of safememcpy() is enough...
2000-10-03 13:16:38 +08:00
(u_int32_t)ntohl(base.len), length);
Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder. Hope I did not break anything. Portability on IPv4-only node needs checking, I'll do this very soon. (sorry for rather jumbo commit) XXx what is _FAVOR_BSD?
1999-10-30 13:11:06 +08:00
}
}
code for ISAKMP protocol headers (rough)
1999-10-18 05:59:12 +08:00
}
Reference in New Issue Copy Permalink