1 /* parsing packets: formats and tools
2 * Copyright (C) 1997 Angelos D. Keromytis.
3 * Copyright (C) 1998-2001 D. Hugh Redelmeier.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: packet.h,v 1.5 2005/01/06 22:10:15 as Exp $
21 /* a struct_desc describes a structure for the struct I/O routines.
22 * This requires arrays of field_desc values to describe struct fields.
25 typedef const struct struct_desc
{
27 const struct field_desc
*fields
;
31 /* Note: if an ft_af_enum field has the ISAKMP_ATTR_AF_TV bit set,
32 * the subsequent ft_lv field will be interpreted as an immediate value.
33 * This matches how attributes are encoded.
34 * See RFC 2408 "ISAKMP" 3.3
38 ft_mbz
, /* must be zero */
39 ft_nat
, /* natural number (may be 0) */
40 ft_len
, /* length of this struct and any following crud */
41 ft_lv
, /* length/value field of attribute */
42 ft_enum
, /* value from an enumeration */
43 ft_loose_enum
, /* value from an enumeration with only some names known */
44 ft_af_loose_enum
, /* Attribute Format + enumeration, some names known */
45 ft_af_enum
, /* Attribute Format + value from an enumeration */
46 ft_set
, /* bits representing set */
47 ft_raw
, /* bytes to be left in network-order */
48 ft_end
, /* end of field list */
51 typedef const struct field_desc
{
52 enum field_type field_type
;
53 int size
; /* size, in bytes, of field */
55 const void *desc
; /* enum_names for enum or char *[] for bits */
58 /* The formatting of input and output of packets is done
59 * through packet_byte_stream objects.
60 * These describe a stream of bytes in memory.
61 * Several routines are provided to manipulate these objects
62 * Actual packet transfer is done elsewhere.
64 typedef struct packet_byte_stream
{
65 struct packet_byte_stream
*container
; /* PBS of which we are part */
67 const char *name
; /* what does this PBS represent? */
70 *cur
, /* current position in stream */
71 *roof
; /* byte after last in PBS (actually just a limit on output) */
72 /* For an output PBS, the length field will be filled in later so
73 * we need to record its particulars. Note: it may not be aligned.
76 field_desc
*lenfld_desc
;
79 /* For an input PBS, pbs_offset is amount of stream processed.
80 * For an output PBS, pbs_offset is current size of stream.
81 * For an input PBS, pbs_room is size of stream.
82 * For an output PBS, pbs_room is maximum size allowed.
84 #define pbs_offset(pbs) ((size_t)((pbs)->cur - (pbs)->start))
85 #define pbs_room(pbs) ((size_t)((pbs)->roof - (pbs)->start))
86 #define pbs_left(pbs) ((size_t)((pbs)->roof - (pbs)->cur))
88 extern void init_pbs(pb_stream
*pbs
, u_int8_t
*start
, size_t len
, const char *name
);
90 extern bool in_struct(void *struct_ptr
, struct_desc
*sd
,
91 pb_stream
*ins
, pb_stream
*obj_pbs
);
92 extern bool in_raw(void *bytes
, size_t len
, pb_stream
*ins
, const char *name
);
94 extern bool out_struct(const void *struct_ptr
, struct_desc
*sd
,
95 pb_stream
*outs
, pb_stream
*obj_pbs
);
96 extern bool out_generic(u_int8_t np
, struct_desc
*sd
,
97 pb_stream
*outs
, pb_stream
*obj_pbs
);
98 extern bool out_generic_raw(u_int8_t np
, struct_desc
*sd
,
99 pb_stream
*outs
, const void *bytes
, size_t len
, const char *name
);
100 #define out_generic_chunk(np, sd, outs, ch, name) \
101 out_generic_raw(np, sd, outs, (ch).ptr, (ch).len, name)
102 extern bool out_zero(size_t len
, pb_stream
*outs
, const char *name
);
103 extern bool out_raw(const void *bytes
, size_t len
, pb_stream
*outs
, const char *name
);
104 #define out_chunk(ch, outs, name) out_raw((ch).ptr, (ch).len, (outs), (name))
105 extern void close_output_pbs(pb_stream
*pbs
);
108 extern void DBG_print_struct(const char *label
, const void *struct_ptr
,
109 struct_desc
*sd
, bool len_meaningful
);
112 /* ISAKMP Header: for all messages
113 * layout from RFC 2408 "ISAKMP" section 3.1
115 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
116 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
119 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
122 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
123 * ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags !
124 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
126 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
128 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
129 * Although the drafts are a little unclear, there are a few
130 * places that specify that messages should be padded with 0x00
131 * octets (bytes) to make the length a multiple of something.
133 * RFC 2408 "ISAKMP" 3.6 specifies that all messages will be
134 * padded to be a multiple of 4 octets in length.
135 * ??? This looks vestigial, and we ignore this requirement.
137 * RFC 2409 "IKE" Appedix B specifies:
138 * Each message should be padded up to the nearest block size
139 * using bytes containing 0x00.
140 * ??? This does not appear to be limited to encrypted messages,
141 * but it surely must be: the block size is meant to be the encryption
142 * block size, and that is meaningless for a non-encrypted message.
144 * RFC 2409 "IKE" 5.3 specifies:
145 * Encrypted payloads are padded up to the nearest block size.
146 * All padding bytes, except for the last one, contain 0x00. The
147 * last byte of the padding contains the number of the padding
148 * bytes used, excluding the last one. Note that this means there
149 * will always be padding.
150 * ??? This is nuts since payloads are not padded, messages are.
151 * It also contradicts Appendix B. So we ignore it.
153 * Summary: we pad encrypted output messages with 0x00 to bring them
154 * up to a multiple of the encryption block size. On input, we require
155 * that any encrypted portion of a message be a multiple of the encryption
156 * block size. After any decryption, we ignore padding (any bytes after
157 * the first payload that specifies a next payload of none; we don't
158 * require them to be zero).
163 u_int8_t isa_icookie
[COOKIE_SIZE
];
164 u_int8_t isa_rcookie
[COOKIE_SIZE
];
165 u_int8_t isa_np
; /* Next payload */
166 u_int8_t isa_version
; /* high-order 4 bits: Major; low order 4: Minor */
167 #define ISA_MAJ_SHIFT 4
168 #define ISA_MIN_MASK (~((~0u) << ISA_MAJ_SHIFT))
169 u_int8_t isa_xchg
; /* Exchange type */
171 u_int32_t isa_msgid
; /* Message ID (RAW) */
172 u_int32_t isa_length
; /* Length of message */
175 extern struct_desc isakmp_hdr_desc
;
177 /* Generic portion of all ISAKMP payloads.
178 * layout from RFC 2408 "ISAKMP" section 3.2
179 * This describes the first 32-bit chunk of all payloads.
180 * The previous next payload depends on the actual payload type.
182 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
184 * ! Next Payload ! RESERVED ! Payload Length !
185 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
187 struct isakmp_generic
190 u_int8_t isag_reserved
;
191 u_int16_t isag_length
;
194 extern struct_desc isakmp_generic_desc
;
196 /* ISAKMP Data Attribute (generic representation within payloads)
197 * layout from RFC 2408 "ISAKMP" section 3.3
198 * This is not a payload type.
199 * In TLV format, this is followed by a value field.
201 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
203 * !A! Attribute Type ! AF=0 Attribute Length !
204 * !F! ! AF=1 Attribute Value !
205 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
206 * . AF=0 Attribute Value .
207 * . AF=1 Not Transmitted .
208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
210 struct isakmp_attribute
212 /* The high order bit of isaat_af_type is the Attribute Format
213 * If it is off, the format is TLV: lv is the length of the following
215 * If it is on, the format is TV: lv is the value of the attribute.
216 * ISAKMP_ATTR_AF_MASK is the mask in host form.
218 * The low order 15 bits of isaat_af_type is the Attribute Type.
219 * ISAKMP_ATTR_RTYPE_MASK is the mask in host form.
221 u_int16_t isaat_af_type
; /* high order bit: AF; lower 15: rtype */
222 u_int16_t isaat_lv
; /* Length or value */
225 #define ISAKMP_ATTR_AF_MASK 0x8000
226 #define ISAKMP_ATTR_AF_TV ISAKMP_ATTR_AF_MASK /* value in lv */
227 #define ISAKMP_ATTR_AF_TLV 0 /* length in lv; value follows */
229 #define ISAKMP_ATTR_RTYPE_MASK 0x7FFF
232 isakmp_oakley_attribute_desc
,
233 isakmp_ipsec_attribute_desc
;
235 /* ISAKMP Security Association Payload
236 * layout from RFC 2408 "ISAKMP" section 3.4
237 * A variable length Situation follows.
238 * Previous next payload: ISAKMP_NEXT_SA
240 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
241 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
242 * ! Next Payload ! RESERVED ! Payload Length !
243 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
244 * ! Domain of Interpretation (DOI) !
245 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
249 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
253 u_int8_t isasa_np
; /* Next payload */
254 u_int8_t isasa_reserved
;
255 u_int16_t isasa_length
; /* Payload length */
256 u_int32_t isasa_doi
; /* DOI */
259 extern struct_desc isakmp_sa_desc
;
261 extern struct_desc ipsec_sit_desc
;
263 /* ISAKMP Proposal Payload
264 * layout from RFC 2408 "ISAKMP" section 3.5
265 * A variable length SPI follows.
266 * Previous next payload: ISAKMP_NEXT_P
268 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
269 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 * ! Next Payload ! RESERVED ! Payload Length !
271 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
272 * ! Proposal # ! Protocol-Id ! SPI Size !# of Transforms!
273 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
275 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
277 struct isakmp_proposal
280 u_int8_t isap_reserved
;
281 u_int16_t isap_length
;
282 u_int8_t isap_proposal
;
283 u_int8_t isap_protoid
;
284 u_int8_t isap_spisize
;
285 u_int8_t isap_notrans
; /* Number of transforms */
288 extern struct_desc isakmp_proposal_desc
;
290 /* ISAKMP Transform Payload
291 * layout from RFC 2408 "ISAKMP" section 3.6
292 * Variable length SA Attributes follow.
293 * Previous next payload: ISAKMP_NEXT_T
295 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
296 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
297 * ! Next Payload ! RESERVED ! Payload Length !
298 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
299 * ! Transform # ! Transform-Id ! RESERVED2 !
300 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
304 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
306 struct isakmp_transform
309 u_int8_t isat_reserved
;
310 u_int16_t isat_length
;
311 u_int8_t isat_transnum
; /* Number of the transform */
312 u_int8_t isat_transid
;
313 u_int16_t isat_reserved2
;
317 isakmp_isakmp_transform_desc
,
318 isakmp_ah_transform_desc
,
319 isakmp_esp_transform_desc
,
320 isakmp_ipcomp_transform_desc
;
322 /* ISAKMP Key Exchange Payload: no fixed fields beyond the generic ones.
323 * layout from RFC 2408 "ISAKMP" section 3.7
324 * Variable Key Exchange Data follow the generic fields.
325 * Previous next payload: ISAKMP_NEXT_KE
327 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
328 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
329 * ! Next Payload ! RESERVED ! Payload Length !
330 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
332 * ~ Key Exchange Data ~
334 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
336 extern struct_desc isakmp_keyex_desc
;
338 /* ISAKMP Identification Payload
339 * layout from RFC 2408 "ISAKMP" section 3.8
340 * See "struct identity" declared later.
341 * Variable length Identification Data follow.
342 * Previous next payload: ISAKMP_NEXT_ID
344 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
345 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
346 * ! Next Payload ! RESERVED ! Payload Length !
347 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
348 * ! ID Type ! DOI Specific ID Data !
349 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
351 * ~ Identification Data ~
353 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
358 u_int8_t isaid_reserved
;
359 u_int16_t isaid_length
;
360 u_int8_t isaid_idtype
;
361 u_int8_t isaid_doi_specific_a
;
362 u_int16_t isaid_doi_specific_b
;
365 extern struct_desc isakmp_identification_desc
;
367 /* IPSEC Identification Payload Content
368 * layout from RFC 2407 "IPsec DOI" section 4.6.2
369 * See struct isakmp_id declared earlier.
370 * Note: Hashing skips the ISAKMP generic payload header
371 * Variable length Identification Data follow.
373 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
374 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
375 * ! Next Payload ! RESERVED ! Payload Length !
376 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
377 * ! ID Type ! Protocol ID ! Port !
378 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
379 * ~ Identification Data ~
380 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
382 struct isakmp_ipsec_id
385 u_int8_t isaiid_reserved
;
386 u_int16_t isaiid_length
;
387 u_int8_t isaiid_idtype
;
388 u_int8_t isaiid_protoid
;
389 u_int16_t isaiid_port
;
392 extern struct_desc isakmp_ipsec_identification_desc
;
394 /* ISAKMP Certificate Payload: no fixed fields beyond the generic ones.
395 * layout from RFC 2408 "ISAKMP" section 3.9
396 * Variable length Certificate Data follow the generic fields.
397 * Previous next payload: ISAKMP_NEXT_CERT.
399 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
400 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
401 * ! Next Payload ! RESERVED ! Payload Length !
402 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
403 * ! Cert Encoding ! !
404 * +-+-+-+-+-+-+-+-+ !
405 * ~ Certificate Data ~
407 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
412 u_int8_t isacert_reserved
;
413 u_int16_t isacert_length
;
414 u_int8_t isacert_type
;
417 /* NOTE: this packet type has a fixed portion that is not a
418 * multiple of 4 octets. This means that sizeof(struct isakmp_cert)
419 * yields the wrong value for the length.
421 #define ISAKMP_CERT_SIZE 5
423 extern struct_desc isakmp_ipsec_certificate_desc
;
425 /* ISAKMP Certificate Request Payload: no fixed fields beyond the generic ones.
426 * layout from RFC 2408 "ISAKMP" section 3.10
427 * Variable length Certificate Types and Certificate Authorities follow.
428 * Previous next payload: ISAKMP_NEXT_CR.
430 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
431 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
432 * ! Next Payload ! RESERVED ! Payload Length !
433 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
435 * +-+-+-+-+-+-+-+-+ !
436 * ~ Certificate Authority ~
438 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
443 u_int8_t isacr_reserved
;
444 u_int16_t isacr_length
;
448 /* NOTE: this packet type has a fixed portion that is not a
449 * multiple of 4 octets. This means that sizeof(struct isakmp_cr)
450 * yields the wrong value for the length.
452 #define ISAKMP_CR_SIZE 5
454 extern struct_desc isakmp_ipsec_cert_req_desc
;
456 /* ISAKMP Hash Payload: no fixed fields beyond the generic ones.
457 * layout from RFC 2408 "ISAKMP" section 3.11
458 * Variable length Hash Data follow.
459 * Previous next payload: ISAKMP_NEXT_HASH.
461 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
462 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
463 * ! Next Payload ! RESERVED ! Payload Length !
464 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
468 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
470 extern struct_desc isakmp_hash_desc
;
472 /* ISAKMP Signature Payload: no fixed fields beyond the generic ones.
473 * layout from RFC 2408 "ISAKMP" section 3.12
474 * Variable length Signature Data follow.
475 * Previous next payload: ISAKMP_NEXT_SIG.
477 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
478 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
479 * ! Next Payload ! RESERVED ! Payload Length !
480 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
484 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
486 extern struct_desc isakmp_signature_desc
;
488 /* ISAKMP Nonce Payload: no fixed fields beyond the generic ones.
489 * layout from RFC 2408 "ISAKMP" section 3.13
490 * Variable length Nonce Data follow.
491 * Previous next payload: ISAKMP_NEXT_NONCE.
493 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
494 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
495 * ! Next Payload ! RESERVED ! Payload Length !
496 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
500 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
502 extern struct_desc isakmp_nonce_desc
;
504 /* ISAKMP Notification Payload
505 * layout from RFC 2408 "ISAKMP" section 3.14
506 * This is followed by a variable length SPI
507 * and then possibly by variable length Notification Data.
508 * Previous next payload: ISAKMP_NEXT_N
510 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
511 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
512 * ! Next Payload ! RESERVED ! Payload Length !
513 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
514 * ! Domain of Interpretation (DOI) !
515 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
516 * ! Protocol-ID ! SPI Size ! Notify Message Type !
517 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
519 * ~ Security Parameter Index (SPI) ~
521 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
523 * ~ Notification Data ~
525 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
527 struct isakmp_notification
530 u_int8_t isan_reserved
;
531 u_int16_t isan_length
;
533 u_int8_t isan_protoid
;
534 u_int8_t isan_spisize
;
538 extern struct_desc isakmp_notification_desc
;
540 /* ISAKMP Delete Payload
541 * layout from RFC 2408 "ISAKMP" section 3.15
542 * This is followed by a variable length SPI.
543 * Previous next payload: ISAKMP_NEXT_D
545 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
546 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
547 * ! Next Payload ! RESERVED ! Payload Length !
548 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
549 * ! Domain of Interpretation (DOI) !
550 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
551 * ! Protocol-Id ! SPI Size ! # of SPIs !
552 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
554 * ~ Security Parameter Index(es) (SPI) ~
556 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
561 u_int8_t isad_reserved
;
562 u_int16_t isad_length
;
564 u_int8_t isad_protoid
;
565 u_int8_t isad_spisize
;
566 u_int16_t isad_nospi
;
569 extern struct_desc isakmp_delete_desc
;
571 /* From draft-dukes-ike-mode-cfg
572 3.2. Attribute Payload
574 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
575 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
576 ! Next Payload ! RESERVED ! Payload Length !
577 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
578 ! Type ! RESERVED ! Identifier !
579 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
584 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
586 struct isakmp_mode_attr
589 u_int8_t isama_reserved
;
590 u_int16_t isama_length
;
592 u_int8_t isama_reserved2
;
593 u_int16_t isama_identifier
;
596 extern struct_desc isakmp_attr_desc
;
597 extern struct_desc isakmp_modecfg_attribute_desc
;
599 /* ISAKMP Vendor ID Payload
600 * layout from RFC 2408 "ISAKMP" section 3.15
601 * This is followed by a variable length VID.
602 * Previous next payload: ISAKMP_NEXT_VID
604 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
606 * ! Next Payload ! RESERVED ! Payload Length !
607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
609 * ~ Vendor ID (VID) ~
611 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
613 extern struct_desc isakmp_vendor_id_desc
;
618 u_int8_t isanoa_reserved_1
;
619 u_int16_t isanoa_length
;
620 u_int8_t isanoa_idtype
;
621 u_int8_t isanoa_reserved_2
;
622 u_int16_t isanoa_reserved_3
;
625 extern struct_desc isakmp_nat_d
;
626 extern struct_desc isakmp_nat_oa
;
628 /* union of all payloads */
631 struct isakmp_generic generic
;
633 struct isakmp_proposal proposal
;
634 struct isakmp_transform transform
;
635 struct isakmp_id id
; /* Main Mode */
636 struct isakmp_cert cert
;
638 struct isakmp_ipsec_id ipsec_id
; /* Quick Mode */
639 struct isakmp_notification notification
;
640 struct isakmp_delete
delete;
641 struct isakmp_nat_oa nat_oa
;
642 struct isakmp_mode_attr attribute
;
645 /* descriptor for each payload type
647 * There is a slight problem in that some payloads differ, depending
648 * on the mode. Since this is table only used for top-level payloads,
649 * Proposal and Transform payloads need not be handled.
650 * That leaves only Identification payloads as a problem.
651 * We make all these entries NULL
653 extern struct_desc
*const payload_descs
[ISAKMP_NEXT_ROOF
];
655 #endif /* _PACKET_H */