summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2004-06-21 16:01:57 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2004-06-21 16:01:57 +0000
commit4edb92d8b1de61569023b47a4f16203787c59f2b (patch)
treeba2282a4740143944f4f0f751ff4d8246159d370 /sbin
parentd690a8cd260213ef05ef1d57968de5e922bb4b33 (diff)
Packet capture should add the ESP-marker when NAT-T is active.
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/log.c14
-rw-r--r--sbin/isakmpd/message.c19
2 files changed, 25 insertions, 8 deletions
diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c
index aa019b59308..68df655ff9f 100644
--- a/sbin/isakmpd/log.c
+++ b/sbin/isakmpd/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.45 2004/06/14 09:55:41 ho Exp $ */
+/* $OpenBSD: log.c,v 1.46 2004/06/21 16:01:56 ho Exp $ */
/* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */
/*
@@ -498,8 +498,9 @@ log_packet_iov(struct sockaddr *src, struct sockaddr *dst, struct iovec *iov,
struct isakmp_hdr *isakmphdr;
struct packhdr hdr;
struct udphdr udp;
- int off, datalen, hdrlen, i;
struct timeval tv;
+ int off, datalen, hdrlen, i, add_espmarker = 0;
+ const u_int32_t espmarker = 0;
for (i = 0, datalen = 0; i < iovcnt; i++)
datalen += iov[i].iov_len;
@@ -524,6 +525,13 @@ log_packet_iov(struct sockaddr *src, struct sockaddr *dst, struct iovec *iov,
udp.uh_sport = sockaddr_port(src);
udp.uh_dport = sockaddr_port(dst);
datalen += sizeof udp;
+#if defined (USE_NAT_TRAVERSAL)
+ if (ntohs(udp.uh_sport) == 4500 ||
+ ntohs(udp.uh_dport) == 4500) { /* XXX Quick and dirty */
+ add_espmarker = 1;
+ datalen += sizeof espmarker;
+ }
+#endif
udp.uh_ulen = htons(datalen);
/* ip */
@@ -588,6 +596,8 @@ setup_ip4:
/* Write to pcap file. */
fwrite(&hdr, hdrlen, 1, packet_log); /* pcap + IP */
fwrite(&udp, sizeof(struct udphdr), 1, packet_log); /* UDP */
+ if (add_espmarker)
+ fwrite(&espmarker, sizeof espmarker, 1, packet_log);
fwrite(packet_buf, datalen, 1, packet_log); /* IKE-data */
fflush(packet_log);
}
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index 7b87d9bf4f3..af502d02f19 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.83 2004/06/20 17:44:06 ho Exp $ */
+/* $OpenBSD: message.c,v 1.84 2004/06/21 16:01:56 ho Exp $ */
/* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */
/*
@@ -64,6 +64,7 @@
#include "timer.h"
#include "transport.h"
#include "util.h"
+#include "virtual.h"
#ifdef __GNUC__
#define INLINE __inline
@@ -1855,21 +1856,27 @@ message_dump_raw(char *header, struct message *msg, int class)
static void
message_packet_log(struct message *msg)
{
-#ifdef USE_DEBUG
+#if defined (USE_DEBUG)
struct sockaddr *src, *dst;
+ struct transport *t = msg->transport;
/* Don't log retransmissions. Redundant for incoming packets... */
if (msg->xmits > 0)
return;
+#if defined (USE_NAT_TRAVERSAL)
+ if (msg->exchange && msg->exchange->flags & EXCHANGE_FLAG_NAT_T_ENABLE)
+ t = ((struct virtual_transport *)msg->transport)->encap;
+#endif
+
/* Figure out direction. */
if (msg->exchange &&
msg->exchange->initiator ^ (msg->exchange->step % 2)) {
- msg->transport->vtbl->get_src(msg->transport, &src);
- msg->transport->vtbl->get_dst(msg->transport, &dst);
+ t->vtbl->get_src(t, &src);
+ t->vtbl->get_dst(t, &dst);
} else {
- msg->transport->vtbl->get_src(msg->transport, &dst);
- msg->transport->vtbl->get_dst(msg->transport, &src);
+ t->vtbl->get_src(t, &dst);
+ t->vtbl->get_dst(t, &src);
}
log_packet_iov(src, dst, msg->iov, msg->iovlen);