1 /* parsing packets: formats and tools
2 * Copyright (C) 1997 Angelos D. Keromytis.
3 * Copyright (C) 1998-2001 D. Hugh Redelmeier.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: packet.h,v 1.18 2002/01/21 03:14:20 dhr Exp $
18 /* a struct_desc describes a structure for the struct I/O routines.
19 * This requires arrays of field_desc values to describe struct fields.
22 typedef const struct struct_desc {
24 const struct field_desc *fields;
28 /* Note: if an ft_af_enum field has the ISAKMP_ATTR_AF_TV bit set,
29 * the subsequent ft_lv field will be interpreted as an immediate value.
30 * This matches how attributes are encoded.
31 * See draft-ietf-ipsec-isakmp-09.txt 3.3
35 ft_mbz, /* must be zero */
36 ft_nat, /* natural number (may be 0) */
37 ft_len, /* length of this struct and any following crud */
38 ft_lv, /* length/value field of attribute */
39 ft_enum, /* value from an enumeration */
40 ft_loose_enum, /* value from an enumeration with only some names known */
41 ft_af_enum, /* Attribute Format + value from an enumeration */
42 ft_set, /* bits representing set */
43 ft_raw, /* bytes to be left in network-order */
44 ft_end, /* end of field list */
47 typedef const struct field_desc {
48 enum field_type field_type;
49 int size; /* size, in bytes, of field */
51 const void *desc; /* enum_names for enum or char *[] for bits */
54 /* The formatting of input and output of packets is done
55 * through packet_byte_stream objects.
56 * These describe a stream of bytes in memory.
57 * Several routines are provided to manipulate these objects
58 * Actual packet transfer is done elsewhere.
60 typedef struct packet_byte_stream {
61 struct packet_byte_stream *container; /* PBS of which we are part */
63 const char *name; /* what does this PBS represent? */
66 *cur, /* current position in stream */
67 *roof; /* byte after last in PBS (actually just a limit on output) */
68 /* For an output PBS, the length field will be filled in later so
69 * we need to record its particulars. Note: it may not be aligned.
72 field_desc *lenfld_desc;
75 /* For an input PBS, pbs_offset is amount of stream processed.
76 * For an output PBS, pbs_offset is current size of stream.
77 * For an input PBS, pbs_room is size of stream.
78 * For an output PBS, pbs_room is maximum size allowed.
80 #define pbs_offset(pbs) ((size_t)((pbs)->cur - (pbs)->start))
81 #define pbs_room(pbs) ((size_t)((pbs)->roof - (pbs)->start))
82 #define pbs_left(pbs) ((size_t)((pbs)->roof - (pbs)->cur))
84 extern void init_pbs(pb_stream *pbs, u_int8_t *start, size_t len, const char *name);
86 extern bool in_struct(void *struct_ptr, struct_desc *sd,
87 pb_stream *ins, pb_stream *obj_pbs);
88 extern bool in_raw(void *bytes, size_t len, pb_stream *ins, const char *name);
90 extern bool out_struct(const void *struct_ptr, struct_desc *sd,
91 pb_stream *outs, pb_stream *obj_pbs);
92 extern bool out_generic(u_int8_t np, struct_desc *sd,
93 pb_stream *outs, pb_stream *obj_pbs);
94 extern bool out_generic_raw(u_int8_t np, struct_desc *sd,
95 pb_stream *outs, const void *bytes, size_t len, const char *name);
97 extern bool out_modify_previous_np(u_int8_t np, pb_stream *outs);
99 #define out_generic_chunk(np, sd, outs, ch, name) \
100 out_generic_raw(np, sd, outs, (ch).ptr, (ch).len, name)
101 extern bool out_zero(size_t len, pb_stream *outs, const char *name);
102 extern bool out_raw(const void *bytes, size_t len, pb_stream *outs, const char *name);
103 #define out_chunk(ch, outs, name) out_raw((ch).ptr, (ch).len, (outs), (name))
104 extern void close_output_pbs(pb_stream *pbs);
107 extern void DBG_print_struct(const char *label, const void *struct_ptr,
108 struct_desc *sd, bool len_meaningful);
111 /* ISAKMP Header: for all messages
112 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.1
114 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
115 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
118 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
121 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
122 * ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags !
123 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
125 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
127 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
128 * Although the drafts are a little unclear, there are a few
129 * places that specify that messages should be padded with 0x00
130 * octets (bytes) to make the length a multiple of something.
132 * RFC 2408 "ISAKMP" 3.6 specifies that all messages will be
133 * padded to be a multiple of 4 octets in length.
134 * ??? This looks vestigial, and we ignore this requirement.
136 * RFC 2409 "IKE" Appedix B specifies:
137 * Each message should be padded up to the nearest block size
138 * using bytes containing 0x00.
139 * ??? This does not appear to be limited to encrypted messages,
140 * but it surely must be: the block size is meant to be the encryption
141 * block size, and that is meaningless for a non-encrypted message.
143 * RFC 2409 "IKE" 5.3 specifies:
144 * Encrypted payloads are padded up to the nearest block size.
145 * All padding bytes, except for the last one, contain 0x00. The
146 * last byte of the padding contains the number of the padding
147 * bytes used, excluding the last one. Note that this means there
148 * will always be padding.
149 * ??? This is nuts since payloads are not padded, messages are.
150 * It also contradicts Appendix B. So we ignore it.
152 * Summary: we pad encrypted output messages with 0x00 to bring them
153 * up to a multiple of the encryption block size. On input, we require
154 * that any encrypted portion of a message be a multiple of the encryption
155 * block size. After any decryption, we ignore padding (any bytes after
156 * the first payload that specifies a next payload of none; we don't
157 * require them to be zero).
162 u_int8_t isa_icookie[COOKIE_SIZE];
163 u_int8_t isa_rcookie[COOKIE_SIZE];
164 u_int8_t isa_np; /* Next payload */
165 u_int8_t isa_version; /* high-order 4 bits: Major; low order 4: Minor */
166 #define ISA_MAJ_SHIFT 4
167 #define ISA_MIN_MASK (~((~0u) << ISA_MAJ_SHIFT))
168 u_int8_t isa_xchg; /* Exchange type */
170 u_int32_t isa_msgid; /* Message ID (RAW) */
171 u_int32_t isa_length; /* Length of message */
174 extern struct_desc isakmp_hdr_desc;
176 /* Generic portion of all ISAKMP payloads.
177 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.2
178 * This describes the first 32-bit chunk of all payloads.
179 * The previous next payload depends on the actual payload type.
181 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
182 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
183 * ! Next Payload ! RESERVED ! Payload Length !
184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
186 struct isakmp_generic
189 u_int8_t isag_reserved;
190 u_int16_t isag_length;
193 extern struct_desc isakmp_generic_desc;
195 /* ISAKMP Data Attribute (generic representation within payloads)
196 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.3
197 * This is not a payload type.
198 * In TLV format, this is followed by a value field.
200 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
201 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
202 * !A! Attribute Type ! AF=0 Attribute Length !
203 * !F! ! AF=1 Attribute Value !
204 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
205 * . AF=0 Attribute Value .
206 * . AF=1 Not Transmitted .
207 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
209 struct isakmp_attribute
211 /* The high order bit of isaat_af_type is the Attribute Format
212 * If it is off, the format is TLV: lv is the length of the following
214 * If it is on, the format is TV: lv is the value of the attribute.
215 * ISAKMP_ATTR_AF_MASK is the mask in host form.
217 * The low order 15 bits of isaat_af_type is the Attribute Type.
218 * ISAKMP_ATTR_RTYPE_MASK is the mask in host form.
220 u_int16_t isaat_af_type; /* high order bit: AF; lower 15: rtype */
221 u_int16_t isaat_lv; /* Length or value */
224 #define ISAKMP_ATTR_AF_MASK 0x8000
225 #define ISAKMP_ATTR_AF_TV ISAKMP_ATTR_AF_MASK /* value in lv */
226 #define ISAKMP_ATTR_AF_TLV 0 /* length in lv; value follows */
228 #define ISAKMP_ATTR_RTYPE_MASK 0x7FFF
231 isakmp_oakley_attribute_desc,
232 isakmp_ipsec_attribute_desc;
234 /* ISAKMP Security Association Payload
235 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.4
236 * A variable length Situation follows.
237 * Previous next payload: ISAKMP_NEXT_SA
239 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
240 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
241 * ! Next Payload ! RESERVED ! Payload Length !
242 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
243 * ! Domain of Interpretation (DOI) !
244 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
248 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
252 u_int8_t isasa_np; /* Next payload */
253 u_int8_t isasa_reserved;
254 u_int16_t isasa_length; /* Payload length */
255 u_int32_t isasa_doi; /* DOI */
258 extern struct_desc isakmp_sa_desc;
260 extern struct_desc ipsec_sit_desc;
262 /* ISAKMP Proposal Payload
263 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.5
264 * A variable length SPI follows.
265 * Previous next payload: ISAKMP_NEXT_P
267 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
268 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
269 * ! Next Payload ! RESERVED ! Payload Length !
270 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
271 * ! Proposal # ! Protocol-Id ! SPI Size !# of Transforms!
272 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
274 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
276 struct isakmp_proposal
279 u_int8_t isap_reserved;
280 u_int16_t isap_length;
281 u_int8_t isap_proposal;
282 u_int8_t isap_protoid;
283 u_int8_t isap_spisize;
284 u_int8_t isap_notrans; /* Number of transforms */
287 extern struct_desc isakmp_proposal_desc;
289 /* ISAKMP Transform Payload
290 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.6
291 * Variable length SA Attributes follow.
292 * Previous next payload: ISAKMP_NEXT_T
294 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
295 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
296 * ! Next Payload ! RESERVED ! Payload Length !
297 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
298 * ! Transform # ! Transform-Id ! RESERVED2 !
299 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
303 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
305 struct isakmp_transform
308 u_int8_t isat_reserved;
309 u_int16_t isat_length;
310 u_int8_t isat_transnum; /* Number of the transform */
311 u_int8_t isat_transid;
312 u_int16_t isat_reserved2;
316 isakmp_isakmp_transform_desc,
317 isakmp_ah_transform_desc,
318 isakmp_esp_transform_desc,
319 isakmp_ipcomp_transform_desc;
321 /* ISAKMP Key Exchange Payload: no fixed fields beyond the generic ones.
322 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.7
323 * Variable Key Exchange Data follow the generic fields.
324 * Previous next payload: ISAKMP_NEXT_KE
326 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
327 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
328 * ! Next Payload ! RESERVED ! Payload Length !
329 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
331 * ~ Key Exchange Data ~
333 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
335 extern struct_desc isakmp_keyex_desc;
337 /* ISAKMP Identification Payload
338 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.8
339 * See "struct identity" declared later.
340 * Variable length Identification Data follow.
341 * Previous next payload: ISAKMP_NEXT_ID
343 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
344 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
345 * ! Next Payload ! RESERVED ! Payload Length !
346 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
347 * ! ID Type ! DOI Specific ID Data !
348 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
350 * ~ Identification Data ~
352 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
357 u_int8_t isaid_reserved;
358 u_int16_t isaid_length;
359 u_int8_t isaid_idtype;
360 u_int8_t isaid_doi_specific_a;
361 u_int16_t isaid_doi_specific_b;
364 extern struct_desc isakmp_identification_desc;
366 /* IPSEC Identification Payload Content
367 * layout from draft-ietf-ipsec-ipsec-doi-08.txt section 4.6.2
368 * See struct isakmp_id declared earlier.
369 * Note: Hashing skips the ISAKMP generic payload header
370 * Variable length Identification Data follow.
372 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
373 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
374 * ! Next Payload ! RESERVED ! Payload Length !
375 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
376 * ! ID Type ! Protocol ID ! Port !
377 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
378 * ~ Identification Data ~
379 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
381 struct isakmp_ipsec_id
384 u_int8_t isaiid_reserved;
385 u_int16_t isaiid_length;
386 u_int8_t isaiid_idtype;
387 u_int8_t isaiid_protoid;
388 u_int16_t isaiid_port;
391 extern struct_desc isakmp_ipsec_identification_desc;
393 /* ISAKMP Certificate Payload: no fixed fields beyond the generic ones.
394 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.9
395 * Variable length Certificate Data follow the generic fields.
396 * Previous next payload: ISAKMP_NEXT_CERT.
398 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
399 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
400 * ! Next Payload ! RESERVED ! Payload Length !
401 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
402 * ! Cert Encoding ! !
403 * +-+-+-+-+-+-+-+-+ !
404 * ~ Certificate Data ~
406 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
411 u_int8_t isacert_reserved;
412 u_int16_t isacert_length;
413 u_int8_t isacert_type;
416 #define ISAKMP_CERT_SIZE 5
418 extern struct_desc isakmp_ipsec_certificate_desc;
420 /* ISAKMP Certificate Request Payload: no fixed fields beyond the generic ones.
421 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.10
422 * Variable length Certificate Types and Certificate Authorities follow.
423 * Previous next payload: ISAKMP_NEXT_CR.
425 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
426 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
427 * ! Next Payload ! RESERVED ! Payload Length !
428 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
430 * +-+-+-+-+-+-+-+-+ !
431 * ~ Certificate Authority ~
433 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
438 u_int8_t isacr_reserved;
439 u_int16_t isacr_length;
443 #define ISAKMP_CR_SIZE 5
445 extern struct_desc isakmp_ipsec_cert_req_desc;
447 /* ISAKMP Hash Payload: no fixed fields beyond the generic ones.
448 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.11
449 * Variable length Hash Data follow.
450 * Previous next payload: ISAKMP_NEXT_HASH.
452 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
453 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
454 * ! Next Payload ! RESERVED ! Payload Length !
455 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
459 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
461 extern struct_desc isakmp_hash_desc;
463 /* ISAKMP Signature Payload: no fixed fields beyond the generic ones.
464 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.12
465 * Variable length Signature Data follow.
466 * Previous next payload: ISAKMP_NEXT_SIG.
468 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
469 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
470 * ! Next Payload ! RESERVED ! Payload Length !
471 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
475 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
477 extern struct_desc isakmp_signature_desc;
479 /* ISAKMP Nonce Payload: no fixed fields beyond the generic ones.
480 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.13
481 * Variable length Nonce Data follow.
482 * Previous next payload: ISAKMP_NEXT_NONCE.
484 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
485 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
486 * ! Next Payload ! RESERVED ! Payload Length !
487 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
491 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
493 extern struct_desc isakmp_nonce_desc;
495 /* ISAKMP Notification Payload
496 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.14
497 * This is followed by a variable length SPI
498 * and then possibly by variable length Notification Data.
499 * Previous next payload: ISAKMP_NEXT_N
501 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
502 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
503 * ! Next Payload ! RESERVED ! Payload Length !
504 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
505 * ! Domain of Interpretation (DOI) !
506 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
507 * ! Protocol-ID ! SPI Size ! Notify Message Type !
508 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
510 * ~ Security Parameter Index (SPI) ~
512 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
514 * ~ Notification Data ~
516 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
518 struct isakmp_notification
521 u_int8_t isan_reserved;
522 u_int16_t isan_length;
524 u_int8_t isan_protoid;
525 u_int8_t isan_spisize;
529 extern struct_desc isakmp_notification_desc;
531 /* ISAKMP Delete Payload
532 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.15
533 * This is followed by a variable length SPI.
534 * Previous next payload: ISAKMP_NEXT_D
536 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
537 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
538 * ! Next Payload ! RESERVED ! Payload Length !
539 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
540 * ! Domain of Interpretation (DOI) !
541 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
542 * ! Protocol-Id ! SPI Size ! # of SPIs !
543 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
545 * ~ Security Parameter Index(es) (SPI) ~
547 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
552 u_int8_t isad_reserved;
553 u_int16_t isad_length;
555 u_int8_t isad_protoid;
556 u_int8_t isad_spisize;
557 u_int16_t isad_nospi;
560 extern struct_desc isakmp_delete_desc;
562 /* ISAKMP Vendor ID Payload
563 * layout from draft-ietf-ipsec-isakmp-09.txt section 3.15
564 * This is followed by a variable length VID.
565 * Previous next payload: ISAKMP_NEXT_VID
567 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
568 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
569 * ! Next Payload ! RESERVED ! Payload Length !
570 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
572 * ~ Vendor ID (VID) ~
574 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
576 extern struct_desc isakmp_vendor_id_desc;
582 u_int8_t isanoa_reserved_1;
583 u_int16_t isanoa_length;
584 u_int8_t isanoa_idtype;
585 u_int8_t isanoa_reserved_2;
586 u_int16_t isanoa_reserved_3;
589 extern struct_desc isakmp_nat_d;
590 extern struct_desc isakmp_nat_oa;
593 /* union of all payloads */
596 struct isakmp_generic generic;
598 struct isakmp_proposal proposal;
599 struct isakmp_transform transform;
600 struct isakmp_id id; /* Main Mode */
601 struct isakmp_cert cert;
603 struct isakmp_ipsec_id ipsec_id; /* Quick Mode */
604 struct isakmp_notification notification;
605 struct isakmp_delete delete;
607 struct isakmp_nat_oa nat_oa;
611 /* descriptor for each payload type
613 * There is a slight problem in that some payloads differ, depending
614 * on the mode. Since this is table only used for top-level payloads,
615 * Proposal and Transform payloads need not be handled.
616 * That leaves only Identification payloads as a problem.
617 * We make all these entries NULL
619 extern struct_desc *const payload_descs[ISAKMP_NEXT_ROOF];