tcpdump IKE dissector: print UDP_ENCAP_*_DRAFT

Sat, 28 Jan 2012 02:02:13 -0800 

cizcoeeee still use the IDs from the draft for nat-t, let tcpdump
print them, useful for diagnosis even if the isakmpd patches are too
messy.  OK?

Index: ike.h
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/ike.h,v
retrieving revision 1.23
diff -u -p -r1.23 ike.h
--- ike.h       7 Jun 2010 16:20:58 -0000       1.23
+++ ike.h       28 Jan 2012 09:52:30 -0000
@@ -382,10 +382,6 @@
 #define IPSEC_ATTR_DURATION_INITIALIZER                                \
        { "NONE", "SECONDS", "KILOBYTES",                       \
        }
-#define IPSEC_ATTR_ENCAP_INITIALIZER                           \
-       { "NONE", "TUNNEL", "TRANSPORT", "UDP_ENCAP_TUNNEL",    \
-         "UDP_ENCAP_TRANSPORT"                                 \
-       }
 #define IPSEC_ATTR_AUTH_INITIALIZER                            \
        { "NONE", "HMAC_MD5", "HMAC_SHA", "DES_MAC", "KPDK",    \
          "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512",    \
@@ -403,6 +399,15 @@
 #define IPCOMP_INITIALIZER                                     \
        { "NONE", "OUI", "DEFLATE", "LZS", "V42BIS",            \
        }
+static struct tok ipsec_attr_encap[] = {
+       { 0,    "NONE" },
+       { 1,    "TUNNEL" },
+       { 2,    "TRANSPORT" },
+       { 3,    "UDP_ENCAP_TUNNEL" },
+       { 4,    "UDP_ENCAP_TRANSPORT" },
+       { 61443, "UDP_ENCAP_TUNNEL_DRAFT" },    /* draft-ietf-ipsec-nat-t-ike */
+       { 61444, "UDP_ENCAP_TRANSPORT_DRAFT" }  /* draft-ietf-ipsec-nat-t-ike */
+};
 
 /*
  * IKE mode config. 
Index: print-ike.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-ike.c,v
retrieving revision 1.35
diff -u -p -r1.35 print-ike.c
--- print-ike.c 7 Jun 2010 16:20:58 -0000       1.35
+++ print-ike.c 28 Jan 2012 09:52:30 -0000
@@ -303,7 +303,6 @@ ike_attribute_print (u_int8_t *buf, u_in
        static char *attr_gtype[] = IKE_ATTR_GROUP_INITIALIZER;
        static char *attr_ltype[] = IKE_ATTR_SA_DURATION_INITIALIZER;
        static char *ipsec_attrs[] = IPSEC_ATTR_INITIALIZER;
-       static char *ipsec_attr_encap[] = IPSEC_ATTR_ENCAP_INITIALIZER;
        static char *ipsec_attr_auth[] = IPSEC_ATTR_AUTH_INITIALIZER;
        static char *ipsec_attr_ltype[] = IPSEC_ATTR_DURATION_INITIALIZER;
 
@@ -357,10 +356,12 @@ ike_attribute_print (u_int8_t *buf, u_in
        else
                switch(type) {
                        CASE_PRINT(IPSEC_ATTR_SA_LIFE_TYPE, ipsec_attr_ltype);
-                       CASE_PRINT(IPSEC_ATTR_ENCAPSULATION_MODE,
-                           ipsec_attr_encap);
                        CASE_PRINT(IPSEC_ATTR_AUTHENTICATION_ALGORITHM,
                            ipsec_attr_auth);
+                       case IPSEC_ATTR_ENCAPSULATION_MODE:
+                               printf("%s", tok2str(ipsec_attr_encap,
+                                   "%d", val));
+                               break;
                default:
                        printf("%d", val);
                }

Reply via email to