1272343Sngie/* $OpenBSD: print-enc.c,v 1.7 2002/02/19 19:39:40 millert Exp $ */ 2272343Sngie 3272343Sngie/* 4272343Sngie * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 5272343Sngie * The Regents of the University of California. All rights reserved. 6272343Sngie * 7272343Sngie * Redistribution and use in source and binary forms, with or without 8272343Sngie * modification, are permitted provided that: (1) source code distributions 9272343Sngie * retain the above copyright notice and this paragraph in its entirety, (2) 10272343Sngie * distributions including binary code include the above copyright notice and 11272343Sngie * this paragraph in its entirety in the documentation or other materials 12272343Sngie * provided with the distribution, and (3) all advertising materials mentioning 13272343Sngie * features or use of this software display the following acknowledgement: 14272343Sngie * ``This product includes software developed by the University of California, 15272343Sngie * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16272343Sngie * the University nor the names of its contributors may be used to endorse 17272343Sngie * or promote products derived from this software without specific prior 18272343Sngie * written permission. 19272343Sngie * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20272343Sngie * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21272343Sngie * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22272343Sngie */ 23272343Sngie 24272343Sngie/* \summary: OpenBSD IPsec encapsulation BPF layer printer */ 25272343Sngie 26272343Sngie#ifdef HAVE_CONFIG_H 27272343Sngie#include <config.h> 28272343Sngie#endif 29272343Sngie 30272343Sngie#include "netdissect-stdinc.h" 31272343Sngie 32272343Sngie#define ND_LONGJMP_FROM_TCHECK 33272343Sngie#include "netdissect.h" 34272343Sngie#include "extract.h" 35272343Sngie#include "af.h" 36272343Sngie 37272343Sngie/* From $OpenBSD: if_enc.h,v 1.8 2001/06/25 05:14:00 angelos Exp $ */ 38272343Sngie/* 39276478Sngie * The authors of this code are John Ioannidis (ji@tla.org), 40314817Sngie * Angelos D. Keromytis (kermit@csd.uch.gr) and 41314817Sngie * Niels Provos (provos@physnet.uni-hamburg.de). 42314817Sngie * 43314817Sngie * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 44276478Sngie * in November 1995. 45276478Sngie * 46272343Sngie * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 47272343Sngie * by Angelos D. Keromytis. 48272343Sngie * 49272343Sngie * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 50272343Sngie * and Niels Provos. 51272343Sngie * 52272343Sngie * Copyright (C) 1995, 1996, 1997, 1998 by John Ioannidis, Angelos D. Keromytis 53272343Sngie * and Niels Provos. 54272343Sngie * Copyright (c) 2001, Angelos D. Keromytis. 55272343Sngie * 56272343Sngie * Permission to use, copy, and modify this software with or without fee 57272343Sngie * is hereby granted, provided that this entire notice is included in 58272343Sngie * all copies of any software which is or includes a copy or 59272343Sngie * modification of this software. 60272343Sngie * You may use this code under the GNU public license if you so wish. Please 61272343Sngie * contribute changes back to the authors under this freer than GPL license 62272343Sngie * so that we may further the use of strong encryption without limitations to 63272343Sngie * all. 64272343Sngie * 65272343Sngie * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 66272343Sngie * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 67272343Sngie * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 68272343Sngie * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 69272343Sngie * PURPOSE. 70272343Sngie */ 71272343Sngie 72272343Sngie#define ENC_HDRLEN 12 73272343Sngie 74272343Sngie/* From $OpenBSD: mbuf.h,v 1.56 2002/01/25 15:50:23 art Exp $ */ 75272343Sngie#define M_CONF 0x0400 /* packet was encrypted (ESP-transport) */ 76272343Sngie#define M_AUTH 0x0800 /* packet was authenticated (AH) */ 77272343Sngie 78272343Sngiestruct enchdr { 79272343Sngie nd_uint32_t af; 80272343Sngie nd_uint32_t spi; 81272343Sngie nd_uint32_t flags; 82272343Sngie}; 83272343Sngie 84272343Sngie#define ENC_PRINT_TYPE(wh, xf, name) \ 85272343Sngie if ((wh) & (xf)) { \ 86272343Sngie ND_PRINT("%s%s", name, (wh) == (xf) ? "): " : ","); \ 87272343Sngie (wh) &= ~(xf); \ 88272343Sngie } 89272343Sngie 90272343Sngie/* 91272343Sngie * Byte-swap a 32-bit number. 92272343Sngie * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 93272343Sngie * big-endian platforms.) 94272343Sngie */ 95272343Sngie#define SWAPLONG(y) \ 96272343Sngie((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 97272343Sngie 98272343Sngievoid 99272343Sngieenc_if_print(netdissect_options *ndo, 100272343Sngie const struct pcap_pkthdr *h, const u_char *p) 101272343Sngie{ 102272343Sngie u_int length = h->len; 103272343Sngie u_int af, flags; 104272343Sngie const struct enchdr *hdr; 105272343Sngie 106272343Sngie ndo->ndo_protocol = "enc"; 107272343Sngie ND_TCHECK_LEN(p, ENC_HDRLEN); 108272343Sngie ndo->ndo_ll_hdr_len += ENC_HDRLEN; 109272343Sngie 110272343Sngie hdr = (const struct enchdr *)p; 111272343Sngie /* 112272343Sngie * The address family and flags fields are in the byte order 113272343Sngie * of the host that originally captured the traffic. 114272343Sngie * 115272343Sngie * To determine that, look at the address family. It's 32-bit, 116272343Sngie * it is not likely ever to be > 65535 (I doubt there will 117272343Sngie * ever be > 65535 address families and, so far, AF_ values have 118272343Sngie * not been allocated very sparsely) so it should not have the 119272343Sngie * upper 16 bits set, and it is not likely ever to be AF_UNSPEC, 120272343Sngie * i.e. it's not likely ever to be 0, so if it's byte-swapped, 121272343Sngie * it should have at least one of the upper 16 bits set. 122272343Sngie * 123272343Sngie * So if any of the upper 16 bits are set, we assume it, and 124272343Sngie * the flags field, are byte-swapped. 125272343Sngie * 126272343Sngie * The SPI field is always in network byte order, i.e. big- 127272343Sngie * endian. 128272343Sngie */ 129272343Sngie UNALIGNED_MEMCPY(&af, &hdr->af, sizeof (af)); 130272343Sngie UNALIGNED_MEMCPY(&flags, &hdr->flags, sizeof (flags)); 131272343Sngie if ((af & 0xFFFF0000) != 0) { 132272343Sngie af = SWAPLONG(af); 133272343Sngie flags = SWAPLONG(flags); 134272343Sngie } 135272343Sngie 136272343Sngie if (flags == 0) 137272343Sngie ND_PRINT("(unprotected): "); 138272343Sngie else 139272343Sngie ND_PRINT("("); 140272343Sngie ENC_PRINT_TYPE(flags, M_AUTH, "authentic"); 141272343Sngie ENC_PRINT_TYPE(flags, M_CONF, "confidential"); 142272343Sngie /* ENC_PRINT_TYPE(flags, M_TUNNEL, "tunnel"); */ 143272343Sngie ND_PRINT("SPI 0x%08x: ", GET_BE_U_4(hdr->spi)); 144272343Sngie 145272343Sngie length -= ENC_HDRLEN; 146272343Sngie p += ENC_HDRLEN; 147272343Sngie 148272343Sngie switch (af) { 149272343Sngie case BSD_AFNUM_INET: 150272343Sngie ip_print(ndo, p, length); 151272343Sngie break; 152272343Sngie case BSD_AFNUM_INET6_BSD: 153272343Sngie case BSD_AFNUM_INET6_FREEBSD: 154272343Sngie case BSD_AFNUM_INET6_DARWIN: 155272343Sngie ip6_print(ndo, p, length); 156272343Sngie break; 157272343Sngie } 158272343Sngie} 159272343Sngie