diff options
| -rw-r--r-- | usr.sbin/tcpdump/ike.h | 8 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/print-ike.c | 23 |
2 files changed, 25 insertions, 6 deletions
diff --git a/usr.sbin/tcpdump/ike.h b/usr.sbin/tcpdump/ike.h index 98e7c55bed0..53897a1900f 100644 --- a/usr.sbin/tcpdump/ike.h +++ b/usr.sbin/tcpdump/ike.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ike.h,v 1.8 2004/06/22 03:23:33 ho Exp $ */ +/* $OpenBSD: ike.h,v 1.9 2004/07/29 10:29:44 ho Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -170,7 +170,6 @@ "AGGRESSIVE", /* 4 */ \ "INFO", /* 5 */ \ "TRANSACTION", /* 6 (ikecfg) */ \ - "DPD", /* 7 */ \ /* step up to type 32 with unknowns */ \ "unknown", "unknown", "unknown", "unknown", \ "unknown", "unknown", "unknown", "unknown", \ @@ -178,6 +177,7 @@ "unknown", "unknown", "unknown", "unknown", \ "unknown", "unknown", "unknown", "unknown", \ "unknown", "unknown", "unknown", "unknown", \ + "unknown", \ "QUICK_MODE", /* 32 */ \ "NEW_GROUP_MODE", /* 33 */ \ } @@ -268,6 +268,10 @@ #define NOTIFY_IPSEC_REPLAY_STATUS 24577 #define NOTIFY_IPSEC_INITIAL_CONTACT 24578 +/* RFC 3706, Dead Peer Detection */ +#define NOTIFY_STATUS_DPD_R_U_THERE 36136 +#define NOTIFY_STATUS_DPD_R_U_THERE_ACK 36137 + #define IPSEC_ID_RESERVED 0 #define IPSEC_ID_IPV4_ADDR 1 #define IPSEC_ID_FQDN 2 diff --git a/usr.sbin/tcpdump/print-ike.c b/usr.sbin/tcpdump/print-ike.c index 1f9434575e7..93e28bf83d6 100644 --- a/usr.sbin/tcpdump/print-ike.c +++ b/usr.sbin/tcpdump/print-ike.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-ike.c,v 1.24 2004/06/22 03:23:33 ho Exp $ */ +/* $OpenBSD: print-ike.c,v 1.25 2004/07/29 10:29:44 ho Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999 @@ -29,7 +29,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ike.c,v 1.24 2004/06/22 03:23:33 ho Exp $ (XXX)"; + "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ike.c,v 1.25 2004/07/29 10:29:44 ho Exp $ (XXX)"; #endif #include <sys/param.h> @@ -617,7 +617,7 @@ ike_pl_notification_print (u_int8_t *buf, int len) { static const char *nftypes[] = IKE_NOTIFY_TYPES_INITIALIZER; struct notification_payload *np = (struct notification_payload *)buf; - u_int32_t *replay; + u_int32_t *replay, *seq; u_int8_t *attr; if (len < sizeof (struct notification_payload)) { @@ -642,7 +642,7 @@ ike_pl_notification_print (u_int8_t *buf, int len) switch (np->type) { case NOTIFY_IPSEC_RESPONDER_LIFETIME: - printf("RESPONDER LIFETIME"); + printf("RESPONDER LIFETIME "); if (np->spi_size == 16) printf("(%s)", ike_get_cookie (&np->data[0], &np->data[8])); @@ -673,6 +673,21 @@ ike_pl_notification_print (u_int8_t *buf, int len) &np->data[8])); break; + case NOTIFY_STATUS_DPD_R_U_THERE: + case NOTIFY_STATUS_DPD_R_U_THERE_ACK: + printf("STATUS_DPD_R_U_THERE%s ", + np->type == NOTIFY_STATUS_DPD_R_U_THERE ? "" : "_ACK"); + if (np->spi_size != 16 || + len < sizeof(struct notification_payload) + + sizeof(u_int32_t)) + printf("[bad notify]"); + else { + seq = (u_int32_t *)&np->data[np->spi_size]; + printf("seq %u", ntohl(*seq)); + } + break; + + default: printf("%d (unknown)", np->type); break; |