]> git.saurik.com Git - apple/network_cmds.git/blob - tcpdump.tproj/print-skip.c
projects / apple / network_cmds.git / blob
? search:


d9f505991c21a978e09d041efd919b406039fadc
[apple/network_cmds.git] / tcpdump.tproj / print-skip.c
1 /*
2 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights
7 * Reserved. This file contains Original Code and/or Modifications of
8 * Original Code as defined in and that are subject to the Apple Public
9 * Source License Version 1.0 (the 'License'). You may not use this file
10 * except in compliance with the License. Please obtain a copy of the
11 * License at http://www.apple.com/publicsource and read it before using
12 * this file.
13 *
14 * The Original Code and all software distributed under the License are
15 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
16 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
17 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
19 * License for the specific language governing rights and limitations
20 * under the License."
21 *
22 * @APPLE_LICENSE_HEADER_END@
23 */
24 /* $OpenBSD: print-skip.c,v 1.2 1996/07/13 11:01:29 mickey Exp $ */
25
26 /*
27 * Copyright (c) 1995 Sun Microsystems, Inc.
28 * All rights reserved.
29 *
30 * Permission is hereby granted, without written agreement and without
31 * license or royalty fees, to use, copy, modify, and distribute this
32 * software and its documentation for any purpose, provided that the
33 * above copyright notice and the following two paragraphs appear in
34 * all copies of this software.
35
36 * IN NO EVENT SHALL SUN MICROSYSTEMS, INC. BE LIABLE TO ANY PARTY FOR
37 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
38 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
39 * SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
40 * DAMAGE.
41
42 * SUN MICROSYSTEMS, INC. SPECIFICALLY DISCLAIMS ANY WARRANTIES,
43 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
44 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
45 * THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND SUN
46 * MICROSYSTEMS, INC. HAS NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT,
47 * UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
48 */
49
50 #include <sys/param.h>
51 #include <sys/time.h>
52 #include <sys/types.h>
53
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/ip.h>
57 #include <netinet/ip_var.h>
58 #include <netinet/tcp.h>
59 #include <netinet/tcpip.h>
60
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <unistd.h>
64
65 #include "interface.h"
66 #include "addrtoname.h"
67
68 #define MAX_ALGS (256)
69
70 int skipflag = 0;
71
72 const int skip_max_algs = MAX_ALGS;
73
74 char *old_skip_crypt_algs[MAX_ALGS] = {
75 "none", /* 0 */
76 "des_cbc", /* 1 */
77 "rc2_cbc", /* 2 */
78 "rc4(40bit)", /* 3 */
79 "rc4(128bit)", /* 4 */
80 "des_ede-2", /* 5 */
81 "des_ede-3", /* 6 */
82 "idea", /* 7 */
83 "", /* 8 */
84 "", /* 9 */
85 "simplecrypt" /* 10 */
86 };
87
88
89 char *
90 skip_alg_to_name(char *table[], int alg)
91 {
92 if (alg > skip_max_algs) {
93 return ("<invalid>");
94 }
95 if (alg < 0) {
96 return ("<invalid>");
97 }
98 if (table[alg] == NULL) {
99 return ("<unknown>");
100 }
101 if (strlen(table[alg]) == 0) {
102 return ("<unknown>");
103 }
104 return (table[alg]);
105 }
106
107 /*
108 * This is what an OLD skip encrypted-authenticated packet looks like:
109 *
110 *
111 * 0 1 2 3
112 * ---------------------------------
113 * | |
114 * / Clear IP Header /
115 * | | IP protocol = IPSP
116 * ---------------------------------
117 * | |
118 * | IPSP header |
119 * | |
120 * ---------------------------------
121 * | |
122 * / Protected IPSP Payload /
123 * / /
124 * | |
125 * ---------------------------------
126 *
127 *
128 * The format of the IPSP header for encrypted-encapsulated mode is shown below. * The fields are transmitted from left to right.
129 *
130 * 0 1 2 3
131 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
132 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
133 * | Ver. |E|A|C|S|B|R| zero |
134 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
135 * | Kij alg. | Kp alg. | reserved |
136 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
137 * | Optional boxid field |
138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
139 * | Kp encrypted in Kij... (typically 8-16 bytes)
140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+
141 * | Message Indicator (e.g IV)... (typically 8-16 bytes)
142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
143 * | Protected IPSP Payload...
144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
145 *
146 *
147 * Field values:
148 * Ver.: protocol version
149 * E: 1 if packet is encrypted, 0 otherwise
150 * A: 1 if packet is authenticated, 0 otherwise
151 * C: 1 if packet is compressed before encryption, 0 otherwise
152 * S: 1 if packet is sequenced, 0 otherwise
153 * B: 1 if packet is tunneled (header contains boxid), 0 otherwise
154 * R: reserved (should be 0 until specified)
155 *
156 */
157 /*
158 * per-algorithm encrytped key sizes...
159 */
160 unsigned char old_skip_ekp_sizes[MAX_ALGS] = {
161 8, /* plaintext */
162 8, /* DES */
163 8, /* RC2 */
164 8, /* RC4 (40 bit) */
165 16, /* RC4 (128 bit) */
166 16, /* 3DES 2 */
167 24, /* 3DES 3 */
168 16, /* IDEA */
169 0, /* */
170 0, /* */
171 8, /* simplecrypt */
172 };
173 /*
174 * per-algorithm message indicator sizes...
175 */
176 unsigned char old_skip_mid_sizes[MAX_ALGS] = {
177 8, /* plaintext */
178 8, /* DES */
179 8, /* RC2 */
180 8, /* RC4 40 bit */
181 8, /* RC4 128 bit */
182 8, /* 3DES 2 */
183 8, /* 3DES 3 */
184 8, /* IDEA */
185 0, /* */
186 0, /* */
187 8, /* simplecrypt */
188 };
189
190 void skip_print_old(register const u_char *bp, register int length,
191 const u_char *bp2)
192 {
193 struct ip *ip;
194 const u_char *end;
195 u_char *p;
196 unsigned char kij_alg, kp_alg, *c;
197 unsigned short i;
198 unsigned short len;
199 int boxid;
200 int node;
201
202 ip=(struct ip *)bp2;
203 p=(u_char *)bp;
204 end=bp+length;
205 printf("SKIP: *** OLD SKIP ***\n");
206 printf("OSKIP: %s>%s:%d",ipaddr_string(&ip->ip_src),
207 ipaddr_string(&ip->ip_dst),length);
208 if (!skipflag)
209 return;
210 printf("\nOSKIP: SAID byte 1= 0x%02x\n",*p);
211 printf("OSKIP: xxxx .... = version %d\n", (int) (*p & 0xf0) >> 4);
212 if (*p & 0x08) {
213 printf("OSKIP: .... 1... = encrypted\n");
214 } else {
215 printf("OSKIP: .... 0... = not encrypted\n");
216 }
217
218 if (*p & 0x04) {
219 printf("OSKIP: .... .1.. = authenticated\n");
220 } else {
221 printf("OSKIP: .... .0.. = not authenticated\n");
222 }
223
224 if (*p & 0x02) {
225 printf("OSKIP: .... ..1. = compressed\n");
226 } else {
227 printf("OSKIP: .... ..0. = not compressed\n");
228 }
229
230 if (*p & 0x01) {
231 printf("OSKIP: .... ...1 = sequenced\n");
232 } else {
233 printf("OSKIP: .... ...0 = not sequenced\n");
234 }
235
236 p++;
237
238 printf("OSKIP: SAID byte 2 = 0x%02x\n", *p);
239
240 if (*p & 0x80) {
241 node=1;
242 printf("OSKIP: 1... .... = Node ID present\n");
243 } else {
244 node=0;
245 printf("OSKIP: 0... .... = no Node ID present\n");
246 }
247
248 if (*p & 0x40) {
249 printf("OSKIP: .1.. .... = <reserved should be zero>\n");
250 } else {
251 printf("OSKIP: .0.. .... = <reserved should be zero>\n");
252 }
253
254 if (*p & 0x20) {
255 printf("OSKIP: ..1. .... = <reserved should be zero>\n");
256 } else {
257 printf("OSKIP: ..0. .... = <reserved should be zero>\n");
258 }
259
260 if (*p & 0x10) {
261 printf("OSKIP: ...1 .... = <reserved should be zero>\n");
262 } else {
263 printf("OSKIP: ...0 .... = <reserved should be zero>\n");
264 }
265 p++;
266 printf("OSKIP: SAID byte 3 = 0x%02x\n", *p);
267
268 p++;
269 printf("OSKIP: SAID byte 4 = 0x%02x\n", *p);
270
271 p++;
272
273 kij_alg = *p;
274 printf("OSKIP: Kij alg (key encryption algorithm) = 0x%02x (%s)\n",
275 kij_alg, skip_alg_to_name(old_skip_crypt_algs,kij_alg));
276
277 p++;
278
279 kp_alg = *p;
280 printf("OSKIP: Kp alg (traffic encryption algorithm) = 0x%02x (%s)\n",
281 kp_alg, skip_alg_to_name(old_skip_crypt_algs,kp_alg));
282
283 p++;
284
285 /*
286 * the skip reserved field
287 */
288 printf("OSKIP: reserved byte 1 = 0x%02x\n", *p++);
289 printf("OSKIP: reserved byte 2 = 0x%02x\n", *p++);
290
291 if (node) {
292 /*
293 * boxid field
294 */
295 if ((end - p) < sizeof(boxid)) {
296 return;
297 }
298 c = (unsigned char *) &boxid;
299 *c++ = *p++;
300 *c++ = *p++;
301 *c++ = *p++;
302 *c++ = *p++;
303
304 printf("OSKIP: Node ID = 0x%08x\n", ntohl(boxid));
305 }
306
307 /*
308 * encrypted kp (ekp) field
309 */
310
311 /*
312 * do this with a for-loop to avoid alignment problems and the
313 * overhead of calling bcopy()
314 */
315 len = old_skip_ekp_sizes[kp_alg];
316 if ((unsigned short) (end - p) < len) {
317 return;
318 }
319
320 printf("OSKIP: encrypted Kp: ");
321 for (i = 0; i < len; i++) {
322 printf("%02x ", (unsigned char) *p++);
323 }
324 printf("\n");
325
326 /*
327 * message indicator (mid) field
328 */
329 len = old_skip_mid_sizes[kp_alg];
330 if ((unsigned short) (end - p) < len) {
331 return;
332 }
333 printf("OSKIP: message indicator field: ");
334 for (i = 0; i < len; i++) {
335 printf("%02x ", (unsigned char) *p++);
336 }
337 printf("\n");
338 }
339
340
341
342 /*
343 * The following part is (c) by G. Caronni -- 29.11.95
344 *
345 * This code is in the public domain; do with it what you wish.
346 *
347 * NO WARRANTY, NO SUPPORT, NO NOTHING!
348 */
349
350
351 /*
352 * This is what a NEW skip encrypted-authenticated packet looks like:
353 *
354 *
355 * 0 1 2 3
356 * ---------------------------------
357 * | |
358 * / Clear IP Header /
359 * | | IP protocol = SKIP
360 * ---------------------------------
361 * | |
362 * | SKIP header |
363 * | |
364 * ---------------------------------
365 * | |
366 * | Auth Header & payload |
367 * | |
368 * ---------------------------------
369 * | |
370 * | ESP header and SPI |
371 * | |
372 * ---------------------------------
373 * | |
374 * / Protected ESP Payload /
375 * | |
376 * ---------------------------------
377 *
378 *
379 * The format of the SKIP header for encrypted-encapsulated mode is shown below. * The fields are transmitted from left to right.
380 *
381 * 0 1 2 3
382 * 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
383 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
384 * | Ver | Rsvd | Source NSID | Dest NSID | NEXT HEADER |
385 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
386 * | Counter n |
387 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
388 * | Kij Alg | Crypt Alg | MAC Alg | Comp Alg |
389 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
390 * | Kp encrypted in Kijn... (typically 8-16 bytes)
391 * +-+-+-+-+-+-+-+-+-+-+-+-+-+
392 * | Source Master Key-ID (If Source NSID is non-zero)
393 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
394 * | Destination Master Key-ID (If Dest NSID is non-zero)
395 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
396 *
397 */
398
399
400
401
402
403 /*
404 * per name space key ID sizes...
405 */
406 unsigned char skip_nsid_sizes[MAX_ALGS] = {
407 0, /* 0 none */
408 4, /* 1 IP v4 Address Space */
409 4, /* 2 POSIX/XOPEN User Ids */
410 16, /* 3 IPv6 Address Space */
411 16, /* 4 MD5 of DNS Names */
412 16, /* 5 MD5 of ISO ASN.1 DN encoding */
413 16, /* 6 MD5 of US Social Security number */
414 6, /* 7 802.x MAC Address */
415 16, /* 8 MD5 of public Value */
416 16, /* 9 MD5 of RFC822 Mailbox Address */
417 16, /* 10 MD5 of Bank Account # */
418 16, /* 11 MD5 of NIS Name */
419 };
420
421
422 /*
423 * per Kp algorithm encrypted Kp sizes... (Kij alg does not matter for now)
424 */
425 unsigned char skip_ekp_sizes[MAX_ALGS] = {
426 0, /* 0 plaintext */
427 8, /* 1 DES_CBC */
428 24, /* 2 3 key triple DES-EDE-CBC */
429 0, /* 3 */
430 0, /* 4 */
431 0, /* 5 */
432 0, /* 6 */
433 0, /* 7 */
434 0, /* 8 */
435 0, /* 9 */ /* 10 .. 249 */
436 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
437 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
438 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
439 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
440 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
441 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
442 8, /* 250 RC4-40 */
443 16, /* 251 RC4-128 */
444 8, /* 252 simple crypt */
445 16, /* 253 IDEA */
446 0, /* 254 */
447 0 /* 255 */
448 };
449
450
451 /*
452 * per-algorithm NSID names ...
453 */
454 char *skip_nsid_names[MAX_ALGS] = {
455 "none", /* 0 */
456 "IPv4", /* 1 */
457 "Posix/Xopen UID", /* 2 */
458 "IPv6", /* 3 */
459 "MD5 DNS", /* 4 */
460 "MD5 ASN.1 DN", /* 5 */
461 "MD5 U.S. Soc. #", /* 6 */
462 "802.x MAC", /* 7 */
463 "MD5 DH Public Key",/* 8 */
464 "MD5 RFC822 Mail", /* 9 */
465 "MD5 Bank Account", /* 10 */
466 "MD5 NIS Name", /* 11 */
467 };
468
469
470 /*
471 * per-algorithm Kij alg names ...
472 */
473 char *skip_kij_names[MAX_ALGS] = {
474 "none", /* 0 */
475 "DES-CBC", /* 1 */
476 "3DES3-EDE-CBC", /* 2 */
477 "IDEA-CBC", /* 3 */
478 };
479
480
481 /* for padding of ekp */
482
483 char skip_kij_sizes[MAX_ALGS] = {
484 0, /* 0 none */
485 8, /* 1 des-cbc */
486 8, /* 2 3des3-ede-cbc */
487 8, /* 3 idea-cbc */
488 };
489
490
491 /*
492 * per-algorithm Crypt alg names ...
493 */
494 char *skip_crypt_names[MAX_ALGS] = {
495 "none", /* 0 */
496 "DES-CBC", /* 1 */
497 "3 key DES-EDE-CBC", /* 2 */
498 "", /* 3 */
499 "", /* 4 */
500 "", /* 5 */
501 "", /* 6 */
502 "", /* 7 */
503 "", /* 8 */
504 "", /* 9 */ /* 10 .. 249 */
505 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
506 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
507 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
508 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
509 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
510 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
511 "RC4-40", /* 250 */
512 "RC4-128", /* 251 */
513 "simple crypt", /* 252 */
514 "IDEA CBC", /* 253 */
515 "", /* 254 */
516 "" /* 255 */
517 };
518
519
520 /*
521 * per-algorithm Auth alg names ...
522 */
523 char *skip_auth_names[MAX_ALGS] = {
524 "none", /* 0 */
525 "keyed MD5", /* 1 */
526 "DES-CBC MAC", /* 2 */
527 "Keyed SHA", /* 3 */
528 };
529
530
531 char skip_auth_sizes[MAX_ALGS] = {
532 0, /* 0 none */
533 16, /* 1 keyed MD5 */
534 8, /* 2 DES-CBC MAC */
535 20, /* 3 Keyed SHA */
536 };
537
538
539 /*
540 * per-algorithm Crypt alg IV sizes ...
541 */
542 char skip_crypt_sizes[MAX_ALGS] = {
543 0, /* 0 none */
544 8, /* 1 DES-CBC */
545 8, /* 2 3key DES-EDE-CBC */
546 0, /* 3 */
547 0, /* 4 */
548 0, /* 5 */
549 0, /* 6 */
550 0, /* 7 */
551 0, /* 8 */
552 0, /* 9 */ /* 10 .. 249 */
553 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
554 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
555 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
556 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
557 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
558 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
559 8, /* 250 RC4-40 */
560 8, /* 251 RC4-128 */
561 8, /* 252 simple crypt */
562 8, /* 253 IDEA CBC */
563 0, /* 254 */
564 0 /* 255 */
565 };
566
567
568 #ifndef IPPROTO_ESP
569 #define IPPROTO_ESP 50
570 #endif
571 #ifndef IPPROTO_AH
572 #define IPPROTO_AH 51
573 #endif
574 #ifndef IPPROTO_SKIP
575 #define IPPROTO_SKIP 57
576 #endif
577 #ifndef IPPROTO_OSKIP
578 #define IPPROTO_OSKIP 79
579 #endif
580
581 static int expected_auth_size=0;
582 static int expected_iv_size=0;
583
584 char *skip_protocol_name(int p)
585 {
586 switch(p) {
587 case IPPROTO_IP: return "IP";
588 case IPPROTO_ICMP: return "ICMP";
589 case IPPROTO_IGMP: return "IGMP";
590 case IPPROTO_ENCAP: return "ENCAP";
591 case IPPROTO_TCP: return "TCP";
592 case IPPROTO_EGP: return "EGP";
593 case IPPROTO_UDP: return "UDP";
594 case IPPROTO_ESP: return "ESP";
595 case IPPROTO_AH: return "AH";
596 case IPPROTO_SKIP: return "SKIP";
597 case IPPROTO_ND: return "ND";
598 case IPPROTO_OSKIP: return "OLD-SKIP";
599 case IPPROTO_RAW: return "RAW IP";
600 default: return "<unknown>";
601 }
602 }
603
604 void skip_print_next(u_char nxt, const u_char *p, int len, const u_char *bp2)
605 {
606 switch(nxt) {
607 case IPPROTO_IP: ip_print(p,len); break;
608 case IPPROTO_ICMP: icmp_print(p,bp2); break;
609 case IPPROTO_TCP: tcp_print(p,len,bp2); break;
610 case IPPROTO_UDP: udp_print(p,len,bp2); break;
611 case IPPROTO_ESP: esp_print(p,len,bp2); break;
612 case IPPROTO_AH: ah_print(p,len,bp2); break;
613 case IPPROTO_SKIP: skip_print(p,len,bp2); break;
614 default: break;
615 }
616 }
617
618 void skip_print(register const u_char *bp, register int length,
619 const u_char *bp2)
620 {
621 struct ip *ip;
622 const u_char *end;
623 const u_char *p;
624 unsigned char kij_alg, crypt_alg, auth_alg, snsid, dnsid, nxt;
625 unsigned short i;
626 unsigned short len;
627 u_int n;
628 time_t full_n;
629
630 ip=(struct ip *)bp2;
631 p=bp;
632 end=bp+length<snapend?bp+length:snapend;
633
634 printf("%s>%s:%d SKIP",ipaddr_string(&ip->ip_src),
635 ipaddr_string(&ip->ip_dst),length);
636 if (!skipflag)
637 return;
638
639
640 if ((unsigned short) (end - p) < 4) {
641 printf("[SKIP|] (truncated)\n");
642 return;
643 }
644
645 printf("\nSKIP: version\t\t\t%d\n", (int) (*p & 0xf0) >> 4);
646 if (*p & 0xf)
647 printf("SKIP: version byte \t\treserved,\tis now 0x%x\n",
648 (int) (*p & 0xf));
649 p++;
650
651 snsid = *p;
652 printf("SKIP: Source NSID\t\t0x%02x\t\t%s\n",
653 snsid, skip_alg_to_name(skip_nsid_names,snsid));
654 p++;
655
656 dnsid = *p;
657 printf("SKIP: Destination NSID\t\t0x%02x\t\t%s\n",
658 dnsid, skip_alg_to_name(skip_nsid_names,dnsid));
659 p++;
660
661 nxt = *p;
662 printf("SKIP: Next Protocol Field\t0x%02x\t\t%s\n", nxt,
663 skip_protocol_name(nxt));
664
665 p++;
666
667 if ((unsigned short) (end - p) < 4) {
668 printf("[SKIP|] (truncated)\n");
669 return;
670 }
671
672 n=*p++<<24;
673 n+=*p++<<16;
674 n+=*p++<<8;
675 n+=*p;
676 full_n=(((365*25+6)*24)+n)*3600;
677 printf("SKIP: Counter n Field\t\t0x%08x\t%s", n,
678 asctime(gmtime(&full_n)));
679 p++;
680
681 if ((unsigned short) (end - p) < 4) {
682 printf("[SKIP|] (truncated)\n");
683 return;
684 }
685
686 kij_alg = *p;
687 printf("SKIP: Kij alg (key encryption)\t0x%02x\t\t%s\n",
688 kij_alg, skip_alg_to_name(skip_kij_names,kij_alg));
689 p++;
690
691 crypt_alg = *p;
692 expected_iv_size=skip_crypt_sizes[crypt_alg];
693 printf("SKIP: Crypt Alg\t\t\t0x%02x\t\t%s\n",
694 crypt_alg, skip_alg_to_name(skip_crypt_names,crypt_alg));
695 p++;
696
697 auth_alg = *p;
698 expected_auth_size=skip_auth_sizes[auth_alg];
699 printf("SKIP: Auth Alg\t\t\t0x%02x\t\t%s\n",
700 auth_alg, skip_alg_to_name(skip_auth_names,auth_alg));
701 p++;
702
703 if (*p) printf("SKIP: compression\t\treserved,\tis now0x%02x\n",
704 (int) *p++);
705 else p++;
706
707 /*
708 * encrypted kp (ekp) field
709 */
710
711 if (kij_alg==0 && (crypt_alg || auth_alg)) {
712 printf("Warning: Kij Alg. undefined, but Auth. or Crypt. used!");
713 printf("Warning: Assuming empty Kp\n");
714 crypt_alg=auth_alg=0;
715 }
716 /*
717 * do this with a for-loop to avoid alignment problems and the
718 * overhead of calling bcopy()
719 */
720 len = skip_ekp_sizes[crypt_alg];
721 len = len>(int)skip_auth_sizes[auth_alg]?len:skip_auth_sizes[auth_alg];
722 if (len && skip_kij_sizes[kij_alg] && len % skip_kij_sizes[kij_alg]) {
723 len += skip_kij_sizes[kij_alg] - (len%skip_kij_sizes[kij_alg]);
724 }
725 if ((unsigned short) (end - p) < len) {
726 printf("[SKIP|] (truncated)\n");
727 return;
728 }
729
730 printf("SKIP: Encrypted Kp\t\t");
731 for (i = 0; i < len; i++) {
732 printf("%02x ", (unsigned char) *p++);
733 }
734 printf("\n");
735
736
737 if (snsid) {
738 /*
739 * Source Master Key-ID field
740 */
741 if ((end - p) < skip_nsid_sizes[snsid]) {
742 printf("[SKIP|] (truncated)\n");
743 return;
744 }
745 printf("SKIP: Source Master Key-ID\t");
746 if (snsid==1) {
747 printf("%s",ipaddr_string(p));
748 p+=skip_nsid_sizes[snsid];
749 } else {
750 for (i = 0; i < skip_nsid_sizes[snsid]; i++) {
751 printf("%02x ", (unsigned char) *p++);
752 }
753 }
754 printf("\n");
755 }
756
757 if (dnsid) {
758 /*
759 * Destination Master Key-ID field
760 */
761 if ((end - p) < skip_nsid_sizes[dnsid]) {
762 printf("[SKIP|] (truncated)\n");
763 return;
764 }
765 printf("SKIP: Dest. Master Key-ID\t");
766 if (dnsid==1) {
767 printf("%s",ipaddr_string(p));
768 p+=skip_nsid_sizes[dnsid];
769 } else {
770 for (i = 0; i < skip_nsid_sizes[dnsid]; i++) {
771 printf("%02x ", (unsigned char) *p++);
772 }
773 }
774 printf("\n");
775 }
776 if (p<end) skip_print_next(nxt,p,end-p,bp2);
777 else printf("(truncated)\n");
778 }
779
780
781
782 void ah_print(register const u_char *bp, register int length,
783 const u_char *bp2)
784 {
785 struct ip *ip;
786 const u_char *end;
787 const u_char *p;
788 u_char nxt;
789 int len, i;
790 u_int spi;
791
792 ip=(struct ip *)bp2;
793 p=bp;
794 end=bp+length<snapend?bp+length:snapend;
795
796
797 printf("SKIP-AH: %s>%s:%d",ipaddr_string(&ip->ip_src),
798 ipaddr_string(&ip->ip_dst),length);
799 if (!skipflag)
800 return;
801
802 if (end-p <4) {
803 printf("[SKIP-AH|]\n");
804 return;
805 }
806
807 nxt = *p;
808 printf("\nSKIP-AH: Next Protocol Field\t0x%02x\t\t%s\n", nxt,
809 skip_protocol_name(nxt));
810 p++;
811
812 len= 4 * (int) *p;
813 printf("SKIP-AH: length\t\t\t%d\n", len);
814
815 p++;
816
817 if (*p) printf("SKIP-AH: byte 3\t\t\treserved,\tis now0x%02x\n",
818 (int) *p++);
819 else p++;
820 if (*p) printf("SKIP-AH: byte 4\t\t\treserved,\tis now0x%02x\n",
821 (int) *p++);
822 else p++;
823
824 if (end-p <4) {
825 printf("[SKIP-AH|]\n");
826 return;
827 }
828
829 spi=*p++<<24;
830 spi+=*p++<<16;
831 spi+=*p++<<8;
832 spi+=*p;
833 printf("SKIP-AH: SPI\t\t\t0x%08x\t", spi );
834 if (spi==0) {
835 printf("NO association\n");
836 } else if (spi==1) {
837 printf("SKIP association\n");
838 if (expected_auth_size) {
839 if (expected_auth_size != len) {
840 printf("Warning: Length does not match SKIP Auth Alg!\n");
841 }
842 expected_auth_size=0;
843 }
844 } else if (spi<256) {
845 printf("UNKNOWN association\n");
846 } else {
847 printf("DYNAMIC association\n");
848 }
849
850 p++;
851
852
853 /*
854 * authentication data
855 */
856
857 if ((unsigned short) (end - p) < len) {
858 printf("[SKIP-AH|] (truncated)\n");
859 return;
860 }
861
862 printf("SKIP-AH: Authentication Data\t");
863 for (i = 0; i < len; i++) {
864 printf("%02x ", (unsigned char) *p++);
865 if (i<len-1 && (i+1)%16==0) printf("\n\t\t\t\t");
866 }
867 printf("\n");
868
869 if (p<end) skip_print_next(nxt,p,end-p,bp2);
870 else printf("(truncated)\n");
871 }
872
873
874 void esp_print(register const u_char *bp, register int length,
875 const u_char *bp2)
876 {
877 struct ip *ip;
878 const u_char *end;
879 const u_char *p;
880 int len, i;
881 u_int spi;
882
883 ip=(struct ip *)bp2;
884 p=bp;
885 end=bp+length<snapend?bp+length:snapend;
886
887
888 printf("SKIP-ESP: %s>%s:%d",ipaddr_string(&ip->ip_src),
889 ipaddr_string(&ip->ip_dst),length);
890 if (!skipflag)
891 return;
892
893 if (end-p <4) {
894 printf("[SKIP-ESP|]\n");
895 }
896
897 spi=*p++<<24;
898 spi+=*p++<<16;
899 spi+=*p++<<8;
900 spi+=*p;
901 printf("\nSKIP-ESP: SPI\t\t\t0x%08x\t", spi );
902 if (spi==0) {
903 printf("NO association\n");
904 len=0;
905 } else if (spi==1) {
906 printf("SKIP association\n");
907 len=expected_iv_size;
908 if (!expected_iv_size) {
909 printf("Warning: IV size not defined by SKIP Crypt Alg!\n");
910 } else expected_iv_size=0;
911 } else if (spi<256) {
912 printf("UNKNOWN association\n");
913 len=0;
914 } else {
915 printf("DYNAMIC association\n");
916 len=0;
917 }
918
919 p++;
920
921 /*
922 * IV data
923 */
924
925 if ((unsigned short) (end - p) < len) {
926 printf("[SKIP-ESP|] (truncated)\n");
927 return;
928 }
929
930 printf("SKIP-ESP: Initalization Vector\t");
931 if (len) {
932 for (i = 0; i < len; i++) {
933 printf("%02x ", (unsigned char) *p++);
934 if (i<len-1 && (i+1)%16==0) printf("\n\t\t\t\t");
935 }
936 } else {
937 printf("UNDEFINED (unknown algorithm)");
938 }
939 printf("\n");
940
941 /* no further analysis is possible without decrypting */
942 }
943
mirror of network_cmds