tcpdump IKE dissector: print UDP_ENCAP_*_DRAFT

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

tcpdump IKE dissector: print UDP_ENCAP_*_DRAFT

Stuart Henderson
cizcoeeee still use the IDs from the draft for nat-t, let tcpdump
print them, useful for diagnosis even if the isakmpd patches are too
messy.  OK?

Index: ike.h
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/ike.h,v
retrieving revision 1.23
diff -u -p -r1.23 ike.h
--- ike.h 7 Jun 2010 16:20:58 -0000 1.23
+++ ike.h 28 Jan 2012 09:52:30 -0000
@@ -382,10 +382,6 @@
 #define IPSEC_ATTR_DURATION_INITIALIZER \
  { "NONE", "SECONDS", "KILOBYTES", \
  }
-#define IPSEC_ATTR_ENCAP_INITIALIZER \
- { "NONE", "TUNNEL", "TRANSPORT", "UDP_ENCAP_TUNNEL", \
-  "UDP_ENCAP_TRANSPORT" \
- }
 #define IPSEC_ATTR_AUTH_INITIALIZER \
  { "NONE", "HMAC_MD5", "HMAC_SHA", "DES_MAC", "KPDK", \
   "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", \
@@ -403,6 +399,15 @@
 #define IPCOMP_INITIALIZER \
  { "NONE", "OUI", "DEFLATE", "LZS", "V42BIS", \
  }
+static struct tok ipsec_attr_encap[] = {
+ { 0, "NONE" },
+ { 1, "TUNNEL" },
+ { 2, "TRANSPORT" },
+ { 3, "UDP_ENCAP_TUNNEL" },
+ { 4, "UDP_ENCAP_TRANSPORT" },
+ { 61443, "UDP_ENCAP_TUNNEL_DRAFT" }, /* draft-ietf-ipsec-nat-t-ike */
+ { 61444, "UDP_ENCAP_TRANSPORT_DRAFT" } /* draft-ietf-ipsec-nat-t-ike */
+};
 
 /*
  * IKE mode config.
Index: print-ike.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-ike.c,v
retrieving revision 1.35
diff -u -p -r1.35 print-ike.c
--- print-ike.c 7 Jun 2010 16:20:58 -0000 1.35
+++ print-ike.c 28 Jan 2012 09:52:30 -0000
@@ -303,7 +303,6 @@ ike_attribute_print (u_int8_t *buf, u_in
  static char *attr_gtype[] = IKE_ATTR_GROUP_INITIALIZER;
  static char *attr_ltype[] = IKE_ATTR_SA_DURATION_INITIALIZER;
  static char *ipsec_attrs[] = IPSEC_ATTR_INITIALIZER;
- static char *ipsec_attr_encap[] = IPSEC_ATTR_ENCAP_INITIALIZER;
  static char *ipsec_attr_auth[] = IPSEC_ATTR_AUTH_INITIALIZER;
  static char *ipsec_attr_ltype[] = IPSEC_ATTR_DURATION_INITIALIZER;
 
@@ -357,10 +356,12 @@ ike_attribute_print (u_int8_t *buf, u_in
  else
  switch(type) {
  CASE_PRINT(IPSEC_ATTR_SA_LIFE_TYPE, ipsec_attr_ltype);
- CASE_PRINT(IPSEC_ATTR_ENCAPSULATION_MODE,
-    ipsec_attr_encap);
  CASE_PRINT(IPSEC_ATTR_AUTHENTICATION_ALGORITHM,
     ipsec_attr_auth);
+ case IPSEC_ATTR_ENCAPSULATION_MODE:
+ printf("%s", tok2str(ipsec_attr_encap,
+    "%d", val));
+ break;
  default:
  printf("%d", val);
  }

Reply | Threaded
Open this post in threaded view
|

Re: tcpdump IKE dissector: print UDP_ENCAP_*_DRAFT

Mitja Muženič
For what it's worth, I like the idea.

Mitja

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of
> Stuart Henderson
> Sent: Saturday, January 28, 2012 10:54 AM
> To: tech
> Subject: tcpdump IKE dissector: print UDP_ENCAP_*_DRAFT
>
> cizcoeeee still use the IDs from the draft for nat-t, let tcpdump
> print them, useful for diagnosis even if the isakmpd patches are too
> messy.  OK?
>
> Index: ike.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/tcpdump/ike.h,v
> retrieving revision 1.23
> diff -u -p -r1.23 ike.h
> --- ike.h 7 Jun 2010 16:20:58 -0000 1.23
> +++ ike.h 28 Jan 2012 09:52:30 -0000
> @@ -382,10 +382,6 @@
>  #define IPSEC_ATTR_DURATION_INITIALIZER \
>   { "NONE", "SECONDS", "KILOBYTES", \
>   }
> -#define IPSEC_ATTR_ENCAP_INITIALIZER \
> - { "NONE", "TUNNEL", "TRANSPORT", "UDP_ENCAP_TUNNEL", \
> -  "UDP_ENCAP_TRANSPORT" \
> - }
>  #define IPSEC_ATTR_AUTH_INITIALIZER \
>   { "NONE", "HMAC_MD5", "HMAC_SHA", "DES_MAC", "KPDK", \
>    "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", \
> @@ -403,6 +399,15 @@
>  #define IPCOMP_INITIALIZER \
>   { "NONE", "OUI", "DEFLATE", "LZS", "V42BIS", \
>   }
> +static struct tok ipsec_attr_encap[] = {
> + { 0, "NONE" },
> + { 1, "TUNNEL" },
> + { 2, "TRANSPORT" },
> + { 3, "UDP_ENCAP_TUNNEL" },
> + { 4, "UDP_ENCAP_TRANSPORT" },
> + { 61443, "UDP_ENCAP_TUNNEL_DRAFT" }, /*
draft-ietf-ipsec-nat-t-ike */
> + { 61444, "UDP_ENCAP_TRANSPORT_DRAFT" } /*
draft-ietf-ipsec-nat-t-ike */

> +};
>
>  /*
>   * IKE mode config.
> Index: print-ike.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/tcpdump/print-ike.c,v
> retrieving revision 1.35
> diff -u -p -r1.35 print-ike.c
> --- print-ike.c 7 Jun 2010 16:20:58 -0000 1.35
> +++ print-ike.c 28 Jan 2012 09:52:30 -0000
> @@ -303,7 +303,6 @@ ike_attribute_print (u_int8_t *buf, u_in
>   static char *attr_gtype[] = IKE_ATTR_GROUP_INITIALIZER;
>   static char *attr_ltype[] = IKE_ATTR_SA_DURATION_INITIALIZER;
>   static char *ipsec_attrs[] = IPSEC_ATTR_INITIALIZER;
> - static char *ipsec_attr_encap[] = IPSEC_ATTR_ENCAP_INITIALIZER;
>   static char *ipsec_attr_auth[] = IPSEC_ATTR_AUTH_INITIALIZER;
>   static char *ipsec_attr_ltype[] = IPSEC_ATTR_DURATION_INITIALIZER;
>
> @@ -357,10 +356,12 @@ ike_attribute_print (u_int8_t *buf, u_in
>   else
>   switch(type) {
>   CASE_PRINT(IPSEC_ATTR_SA_LIFE_TYPE,
ipsec_attr_ltype);

> - CASE_PRINT(IPSEC_ATTR_ENCAPSULATION_MODE,
> -    ipsec_attr_encap);
>   CASE_PRINT(IPSEC_ATTR_AUTHENTICATION_ALGORITHM,
>      ipsec_attr_auth);
> + case IPSEC_ATTR_ENCAPSULATION_MODE:
> + printf("%s", tok2str(ipsec_attr_encap,
> +    "%d", val));
> + break;
>   default:
>   printf("%d", val);
>   }