cizcoeeee still use the IDs from the draft for nat-t, let tcpdump print them, useful for diagnosis even if the isakmpd patches are too messy. OK?
Index: ike.h =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/ike.h,v retrieving revision 1.23 diff -u -p -r1.23 ike.h --- ike.h 7 Jun 2010 16:20:58 -0000 1.23 +++ ike.h 28 Jan 2012 09:52:30 -0000 @@ -382,10 +382,6 @@ #define IPSEC_ATTR_DURATION_INITIALIZER \ { "NONE", "SECONDS", "KILOBYTES", \ } -#define IPSEC_ATTR_ENCAP_INITIALIZER \ - { "NONE", "TUNNEL", "TRANSPORT", "UDP_ENCAP_TUNNEL", \ - "UDP_ENCAP_TRANSPORT" \ - } #define IPSEC_ATTR_AUTH_INITIALIZER \ { "NONE", "HMAC_MD5", "HMAC_SHA", "DES_MAC", "KPDK", \ "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", \ @@ -403,6 +399,15 @@ #define IPCOMP_INITIALIZER \ { "NONE", "OUI", "DEFLATE", "LZS", "V42BIS", \ } +static struct tok ipsec_attr_encap[] = { + { 0, "NONE" }, + { 1, "TUNNEL" }, + { 2, "TRANSPORT" }, + { 3, "UDP_ENCAP_TUNNEL" }, + { 4, "UDP_ENCAP_TRANSPORT" }, + { 61443, "UDP_ENCAP_TUNNEL_DRAFT" }, /* draft-ietf-ipsec-nat-t-ike */ + { 61444, "UDP_ENCAP_TRANSPORT_DRAFT" } /* draft-ietf-ipsec-nat-t-ike */ +}; /* * IKE mode config. Index: print-ike.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-ike.c,v retrieving revision 1.35 diff -u -p -r1.35 print-ike.c --- print-ike.c 7 Jun 2010 16:20:58 -0000 1.35 +++ print-ike.c 28 Jan 2012 09:52:30 -0000 @@ -303,7 +303,6 @@ ike_attribute_print (u_int8_t *buf, u_in static char *attr_gtype[] = IKE_ATTR_GROUP_INITIALIZER; static char *attr_ltype[] = IKE_ATTR_SA_DURATION_INITIALIZER; static char *ipsec_attrs[] = IPSEC_ATTR_INITIALIZER; - static char *ipsec_attr_encap[] = IPSEC_ATTR_ENCAP_INITIALIZER; static char *ipsec_attr_auth[] = IPSEC_ATTR_AUTH_INITIALIZER; static char *ipsec_attr_ltype[] = IPSEC_ATTR_DURATION_INITIALIZER; @@ -357,10 +356,12 @@ ike_attribute_print (u_int8_t *buf, u_in else switch(type) { CASE_PRINT(IPSEC_ATTR_SA_LIFE_TYPE, ipsec_attr_ltype); - CASE_PRINT(IPSEC_ATTR_ENCAPSULATION_MODE, - ipsec_attr_encap); CASE_PRINT(IPSEC_ATTR_AUTHENTICATION_ALGORITHM, ipsec_attr_auth); + case IPSEC_ATTR_ENCAPSULATION_MODE: + printf("%s", tok2str(ipsec_attr_encap, + "%d", val)); + break; default: printf("%d", val); }