diff options
author | Hakan Olsson <ho@cvs.openbsd.org> | 2004-06-21 16:01:57 +0000 |
---|---|---|
committer | Hakan Olsson <ho@cvs.openbsd.org> | 2004-06-21 16:01:57 +0000 |
commit | 4edb92d8b1de61569023b47a4f16203787c59f2b (patch) | |
tree | ba2282a4740143944f4f0f751ff4d8246159d370 | |
parent | d690a8cd260213ef05ef1d57968de5e922bb4b33 (diff) |
Packet capture should add the ESP-marker when NAT-T is active.
-rw-r--r-- | sbin/isakmpd/log.c | 14 | ||||
-rw-r--r-- | sbin/isakmpd/message.c | 19 |
2 files changed, 25 insertions, 8 deletions
diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c index aa019b59308..68df655ff9f 100644 --- a/sbin/isakmpd/log.c +++ b/sbin/isakmpd/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.45 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: log.c,v 1.46 2004/06/21 16:01:56 ho Exp $ */ /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */ /* @@ -498,8 +498,9 @@ log_packet_iov(struct sockaddr *src, struct sockaddr *dst, struct iovec *iov, struct isakmp_hdr *isakmphdr; struct packhdr hdr; struct udphdr udp; - int off, datalen, hdrlen, i; struct timeval tv; + int off, datalen, hdrlen, i, add_espmarker = 0; + const u_int32_t espmarker = 0; for (i = 0, datalen = 0; i < iovcnt; i++) datalen += iov[i].iov_len; @@ -524,6 +525,13 @@ log_packet_iov(struct sockaddr *src, struct sockaddr *dst, struct iovec *iov, udp.uh_sport = sockaddr_port(src); udp.uh_dport = sockaddr_port(dst); datalen += sizeof udp; +#if defined (USE_NAT_TRAVERSAL) + if (ntohs(udp.uh_sport) == 4500 || + ntohs(udp.uh_dport) == 4500) { /* XXX Quick and dirty */ + add_espmarker = 1; + datalen += sizeof espmarker; + } +#endif udp.uh_ulen = htons(datalen); /* ip */ @@ -588,6 +596,8 @@ setup_ip4: /* Write to pcap file. */ fwrite(&hdr, hdrlen, 1, packet_log); /* pcap + IP */ fwrite(&udp, sizeof(struct udphdr), 1, packet_log); /* UDP */ + if (add_espmarker) + fwrite(&espmarker, sizeof espmarker, 1, packet_log); fwrite(packet_buf, datalen, 1, packet_log); /* IKE-data */ fflush(packet_log); } diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c index 7b87d9bf4f3..af502d02f19 100644 --- a/sbin/isakmpd/message.c +++ b/sbin/isakmpd/message.c @@ -1,4 +1,4 @@ -/* $OpenBSD: message.c,v 1.83 2004/06/20 17:44:06 ho Exp $ */ +/* $OpenBSD: message.c,v 1.84 2004/06/21 16:01:56 ho Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* @@ -64,6 +64,7 @@ #include "timer.h" #include "transport.h" #include "util.h" +#include "virtual.h" #ifdef __GNUC__ #define INLINE __inline @@ -1855,21 +1856,27 @@ message_dump_raw(char *header, struct message *msg, int class) static void message_packet_log(struct message *msg) { -#ifdef USE_DEBUG +#if defined (USE_DEBUG) struct sockaddr *src, *dst; + struct transport *t = msg->transport; /* Don't log retransmissions. Redundant for incoming packets... */ if (msg->xmits > 0) return; +#if defined (USE_NAT_TRAVERSAL) + if (msg->exchange && msg->exchange->flags & EXCHANGE_FLAG_NAT_T_ENABLE) + t = ((struct virtual_transport *)msg->transport)->encap; +#endif + /* Figure out direction. */ if (msg->exchange && msg->exchange->initiator ^ (msg->exchange->step % 2)) { - msg->transport->vtbl->get_src(msg->transport, &src); - msg->transport->vtbl->get_dst(msg->transport, &dst); + t->vtbl->get_src(t, &src); + t->vtbl->get_dst(t, &dst); } else { - msg->transport->vtbl->get_src(msg->transport, &dst); - msg->transport->vtbl->get_dst(msg->transport, &src); + t->vtbl->get_src(t, &dst); + t->vtbl->get_dst(t, &src); } log_packet_iov(src, dst, msg->iov, msg->iovlen); |