version bump to 4.3.3
[strongswan.git] / src / pluto / vendor.c
1 /* ISAKMP VendorID
2 * Copyright (C) 2002-2005 Mathieu Lafon - Arkoon Network Security
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <stdlib.h>
17 #include <string.h>
18 #include <ctype.h>
19 #include <sys/queue.h>
20 #include <freeswan.h>
21
22 #include <library.h>
23 #include <crypto/hashers/hasher.h>
24
25 #include "constants.h"
26 #include "defs.h"
27 #include "log.h"
28 #include "connections.h"
29 #include "packet.h"
30 #include "demux.h"
31 #include "whack.h"
32 #include "vendor.h"
33 #include "kernel.h"
34 #include "nat_traversal.h"
35
36 /**
37 * Unknown/Special VID:
38 *
39 * SafeNet SoftRemote 8.0.0:
40 * 47bbe7c993f1fc13b4e6d0db565c68e5010201010201010310382e302e3020284275696c6420313029000000
41 * >> 382e302e3020284275696c6420313029 = '8.0.0 (Build 10)'
42 * da8e937880010000
43 *
44 * SafeNet SoftRemote 9.0.1
45 * 47bbe7c993f1fc13b4e6d0db565c68e5010201010201010310392e302e3120284275696c6420313229000000
46 * >> 392e302e3120284275696c6420313229 = '9.0.1 (Build 12)'
47 * da8e937880010000
48 *
49 * Netscreen:
50 * d6b45f82f24bacb288af59a978830ab7
51 * cf49908791073fb46439790fdeb6aeed981101ab0000000500000300
52 *
53 * Cisco:
54 * 1f07f70eaa6514d3b0fa96542a500300 (VPN 3000 version 3.0.0)
55 * 1f07f70eaa6514d3b0fa96542a500301 (VPN 3000 version 3.0.1)
56 * 1f07f70eaa6514d3b0fa96542a500305 (VPN 3000 version 3.0.5)
57 * 1f07f70eaa6514d3b0fa96542a500407 (VPN 3000 version 4.0.7)
58 * (Can you see the pattern?)
59 * afcad71368a1f1c96b8696fc77570100 (Non-RFC Dead Peer Detection ?)
60 * c32364b3b4f447eb17c488ab2a480a57
61 * 6d761ddc26aceca1b0ed11fabbb860c4
62 * 5946c258f99a1a57b03eb9d1759e0f24 (From a Cisco VPN 3k)
63 * ebbc5b00141d0c895e11bd395902d690 (From a Cisco VPN 3k)
64 *
65 * Microsoft L2TP (???):
66 * 47bbe7c993f1fc13b4e6d0db565c68e5010201010201010310382e312e3020284275696c6420313029000000
67 * >> 382e312e3020284275696c6420313029 = '8.1.0 (Build 10)'
68 * 3025dbd21062b9e53dc441c6aab5293600000000
69 * da8e937880010000
70 *
71 * 3COM-superstack
72 * da8e937880010000
73 * 404bf439522ca3f6
74 *
75
76 * If someone know what they mean, mail me.
77 */
78
79 #define MAX_LOG_VID_LEN 32
80
81 #define VID_KEEP 0x0000
82 #define VID_MD5HASH 0x0001
83 #define VID_STRING 0x0002
84 #define VID_FSWAN_HASH 0x0004
85
86 #define VID_SUBSTRING_DUMPHEXA 0x0100
87 #define VID_SUBSTRING_DUMPASCII 0x0200
88 #define VID_SUBSTRING_MATCH 0x0400
89 #define VID_SUBSTRING (VID_SUBSTRING_DUMPHEXA | VID_SUBSTRING_DUMPASCII | VID_SUBSTRING_MATCH)
90
91 struct vid_struct {
92 enum known_vendorid id;
93 unsigned short flags;
94 const char *data;
95 const char *descr;
96 chunk_t vid;
97 };
98
99 #define DEC_MD5_VID_D(id,str,descr) \
100 { VID_##id, VID_MD5HASH, str, descr, { NULL, 0 } },
101 #define DEC_MD5_VID(id,str) \
102 { VID_##id, VID_MD5HASH, str, NULL, { NULL, 0 } },
103
104 static struct vid_struct _vid_tab[] = {
105
106 /* Implementation names */
107
108 { VID_OPENPGP, VID_STRING, "OpenPGP10171", "OpenPGP", { NULL, 0 } },
109
110 DEC_MD5_VID(KAME_RACOON, "KAME/racoon")
111
112 { VID_MS_NT5, VID_MD5HASH | VID_SUBSTRING_DUMPHEXA,
113 "MS NT5 ISAKMPOAKLEY", NULL, { NULL, 0 } },
114
115 DEC_MD5_VID(SSH_SENTINEL, "SSH Sentinel")
116 DEC_MD5_VID(SSH_SENTINEL_1_1, "SSH Sentinel 1.1")
117 DEC_MD5_VID(SSH_SENTINEL_1_2, "SSH Sentinel 1.2")
118 DEC_MD5_VID(SSH_SENTINEL_1_3, "SSH Sentinel 1.3")
119 DEC_MD5_VID(SSH_SENTINEL_1_4, "SSH Sentinel 1.4")
120 DEC_MD5_VID(SSH_SENTINEL_1_4_1, "SSH Sentinel 1.4.1")
121
122 /* These ones come from SSH vendors.txt */
123 DEC_MD5_VID(SSH_IPSEC_1_1_0,
124 "Ssh Communications Security IPSEC Express version 1.1.0")
125 DEC_MD5_VID(SSH_IPSEC_1_1_1,
126 "Ssh Communications Security IPSEC Express version 1.1.1")
127 DEC_MD5_VID(SSH_IPSEC_1_1_2,
128 "Ssh Communications Security IPSEC Express version 1.1.2")
129 DEC_MD5_VID(SSH_IPSEC_1_2_1,
130 "Ssh Communications Security IPSEC Express version 1.2.1")
131 DEC_MD5_VID(SSH_IPSEC_1_2_2,
132 "Ssh Communications Security IPSEC Express version 1.2.2")
133 DEC_MD5_VID(SSH_IPSEC_2_0_0,
134 "SSH Communications Security IPSEC Express version 2.0.0")
135 DEC_MD5_VID(SSH_IPSEC_2_1_0,
136 "SSH Communications Security IPSEC Express version 2.1.0")
137 DEC_MD5_VID(SSH_IPSEC_2_1_1,
138 "SSH Communications Security IPSEC Express version 2.1.1")
139 DEC_MD5_VID(SSH_IPSEC_2_1_2,
140 "SSH Communications Security IPSEC Express version 2.1.2")
141 DEC_MD5_VID(SSH_IPSEC_3_0_0,
142 "SSH Communications Security IPSEC Express version 3.0.0")
143 DEC_MD5_VID(SSH_IPSEC_3_0_1,
144 "SSH Communications Security IPSEC Express version 3.0.1")
145 DEC_MD5_VID(SSH_IPSEC_4_0_0,
146 "SSH Communications Security IPSEC Express version 4.0.0")
147 DEC_MD5_VID(SSH_IPSEC_4_0_1,
148 "SSH Communications Security IPSEC Express version 4.0.1")
149 DEC_MD5_VID(SSH_IPSEC_4_1_0,
150 "SSH Communications Security IPSEC Express version 4.1.0")
151 DEC_MD5_VID(SSH_IPSEC_4_2_0,
152 "SSH Communications Security IPSEC Express version 4.2.0")
153
154 /* note: md5('CISCO-UNITY') = 12f5f28c457168a9702d9fe274cc02d4 */
155 { VID_CISCO_UNITY, VID_KEEP, NULL, "Cisco-Unity",
156 { "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00", 16 } },
157
158 { VID_CISCO3K, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "Cisco VPN 3000 Series" ,
159 { "\x1f\x07\xf7\x0e\xaa\x65\x14\xd3\xb0\xfa\x96\x54\x2a\x50", 14 } },
160
161 { VID_CISCO_IOS, VID_KEEP | VID_SUBSTRING_MATCH,
162 NULL, "Cisco IOS Device", { "\x3e\x98\x40\x48", 4 } },
163
164 /*
165 * Timestep VID seen:
166 * - 54494d455354455020312053475720313532302033313520322e303145303133
167 * = 'TIMESTEP 1 SGW 1520 315 2.01E013'
168 */
169 { VID_TIMESTEP, VID_STRING | VID_SUBSTRING_DUMPASCII, "TIMESTEP",
170 NULL, { NULL, 0 } },
171
172 /*
173 * Netscreen:
174 * 4865617274426561745f4e6f74696679386b0100 (HeartBeat_Notify + 386b0100)
175 */
176 { VID_MISC_HEARTBEAT_NOTIFY, VID_STRING | VID_SUBSTRING_DUMPHEXA,
177 "HeartBeat_Notify", "HeartBeat Notify", { NULL, 0 } },
178 /*
179 * MacOS X
180 */
181 { VID_MACOSX, VID_STRING|VID_SUBSTRING_DUMPHEXA, "Mac OSX 10.x",
182 "\x4d\xf3\x79\x28\xe9\xfc\x4f\xd1\xb3\x26\x21\x70\xd5\x15\xc6\x62", { NULL, 0 } },
183
184 /* NCP */
185 { VID_NCP_SERVER, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "NCP Server",
186 { "\xc6\xf5\x7a\xc3\x98\xf4\x93\x20\x81\x45\xb7\x58", 12 } },
187 { VID_NCP_CLIENT, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "NCP Client",
188 { "\xeb\x4c\x1b\x78\x8a\xfd\x4a\x9c\xb7\x73\x0a\x68", 12 } },
189
190 /*
191 * Windows Vista (and Windows Server 2008?)
192 */
193 DEC_MD5_VID(VISTA_AUTHIP, "MS-Negotiation Discovery Capable")
194 DEC_MD5_VID(VISTA_AUTHIP2, "IKE CGA version 1")
195 DEC_MD5_VID(VISTA_AUTHIP3, "MS-MamieExists")
196
197 /*
198 * strongSwan
199 */
200 DEC_MD5_VID(STRONGSWAN, "strongSwan 4.3.3")
201 DEC_MD5_VID(STRONGSWAN_4_3_2, "strongSwan 4.3.2")
202 DEC_MD5_VID(STRONGSWAN_4_3_1, "strongSwan 4.3.1")
203 DEC_MD5_VID(STRONGSWAN_4_3_0, "strongSwan 4.3.0")
204 DEC_MD5_VID(STRONGSWAN_4_2_16,"strongSwan 4.2.16")
205 DEC_MD5_VID(STRONGSWAN_4_2_15,"strongSwan 4.2.15")
206 DEC_MD5_VID(STRONGSWAN_4_2_14,"strongSwan 4.2.14")
207 DEC_MD5_VID(STRONGSWAN_4_2_13,"strongSwan 4.2.13")
208 DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12")
209 DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11")
210 DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10")
211 DEC_MD5_VID(STRONGSWAN_4_2_9, "strongSwan 4.2.9")
212 DEC_MD5_VID(STRONGSWAN_4_2_8, "strongSwan 4.2.8")
213 DEC_MD5_VID(STRONGSWAN_4_2_7, "strongSwan 4.2.7")
214 DEC_MD5_VID(STRONGSWAN_4_2_6, "strongSwan 4.2.6")
215 DEC_MD5_VID(STRONGSWAN_4_2_5, "strongSwan 4.2.5")
216 DEC_MD5_VID(STRONGSWAN_4_2_4, "strongSwan 4.2.4")
217 DEC_MD5_VID(STRONGSWAN_4_2_3, "strongSwan 4.2.3")
218 DEC_MD5_VID(STRONGSWAN_4_2_2, "strongSwan 4.2.2")
219 DEC_MD5_VID(STRONGSWAN_4_2_1, "strongSwan 4.2.1")
220 DEC_MD5_VID(STRONGSWAN_4_2_0, "strongSwan 4.2.0")
221 DEC_MD5_VID(STRONGSWAN_4_1_11,"strongSwan 4.1.11")
222 DEC_MD5_VID(STRONGSWAN_4_1_10,"strongSwan 4.1.10")
223 DEC_MD5_VID(STRONGSWAN_4_1_9, "strongSwan 4.1.9")
224 DEC_MD5_VID(STRONGSWAN_4_1_8, "strongSwan 4.1.8")
225 DEC_MD5_VID(STRONGSWAN_4_1_7, "strongSwan 4.1.7")
226 DEC_MD5_VID(STRONGSWAN_4_1_6, "strongSwan 4.1.6")
227 DEC_MD5_VID(STRONGSWAN_4_1_5, "strongSwan 4.1.5")
228 DEC_MD5_VID(STRONGSWAN_4_1_4, "strongSwan 4.1.4")
229 DEC_MD5_VID(STRONGSWAN_4_1_3, "strongSwan 4.1.3")
230 DEC_MD5_VID(STRONGSWAN_4_1_2, "strongSwan 4.1.2")
231 DEC_MD5_VID(STRONGSWAN_4_1_1, "strongSwan 4.1.1")
232 DEC_MD5_VID(STRONGSWAN_4_1_0, "strongSwan 4.1.0")
233 DEC_MD5_VID(STRONGSWAN_4_0_7, "strongSwan 4.0.7")
234 DEC_MD5_VID(STRONGSWAN_4_0_6, "strongSwan 4.0.6")
235 DEC_MD5_VID(STRONGSWAN_4_0_5, "strongSwan 4.0.5")
236 DEC_MD5_VID(STRONGSWAN_4_0_4, "strongSwan 4.0.4")
237 DEC_MD5_VID(STRONGSWAN_4_0_3, "strongSwan 4.0.3")
238 DEC_MD5_VID(STRONGSWAN_4_0_2, "strongSwan 4.0.2")
239 DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
240 DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
241
242 DEC_MD5_VID(STRONGSWAN_2_8_10,"strongSwan 2.8.10")
243 DEC_MD5_VID(STRONGSWAN_2_8_9, "strongSwan 2.8.9")
244 DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.8")
245 DEC_MD5_VID(STRONGSWAN_2_8_7, "strongSwan 2.8.7")
246 DEC_MD5_VID(STRONGSWAN_2_8_6, "strongSwan 2.8.6")
247 DEC_MD5_VID(STRONGSWAN_2_8_5, "strongSwan 2.8.5")
248 DEC_MD5_VID(STRONGSWAN_2_8_4, "strongSwan 2.8.4")
249 DEC_MD5_VID(STRONGSWAN_2_8_3, "strongSwan 2.8.3")
250 DEC_MD5_VID(STRONGSWAN_2_8_2, "strongSwan 2.8.2")
251 DEC_MD5_VID(STRONGSWAN_2_8_1, "strongSwan 2.8.1")
252 DEC_MD5_VID(STRONGSWAN_2_8_0, "strongSwan 2.8.0")
253 DEC_MD5_VID(STRONGSWAN_2_7_3, "strongSwan 2.7.3")
254 DEC_MD5_VID(STRONGSWAN_2_7_2, "strongSwan 2.7.2")
255 DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1")
256 DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0")
257 DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4")
258 DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3")
259 DEC_MD5_VID(STRONGSWAN_2_6_2, "strongSwan 2.6.2")
260 DEC_MD5_VID(STRONGSWAN_2_6_1, "strongSwan 2.6.1")
261 DEC_MD5_VID(STRONGSWAN_2_6_0, "strongSwan 2.6.0")
262 DEC_MD5_VID(STRONGSWAN_2_5_7, "strongSwan 2.5.7")
263 DEC_MD5_VID(STRONGSWAN_2_5_6, "strongSwan 2.5.6")
264 DEC_MD5_VID(STRONGSWAN_2_5_5, "strongSwan 2.5.5")
265 DEC_MD5_VID(STRONGSWAN_2_5_4, "strongSwan 2.5.4")
266 DEC_MD5_VID(STRONGSWAN_2_5_3, "strongSwan 2.5.3")
267 DEC_MD5_VID(STRONGSWAN_2_5_2, "strongSwan 2.5.2")
268 DEC_MD5_VID(STRONGSWAN_2_5_1, "strongSwan 2.5.1")
269 DEC_MD5_VID(STRONGSWAN_2_5_0, "strongSwan 2.5.0")
270 DEC_MD5_VID(STRONGSWAN_2_4_4, "strongSwan 2.4.4")
271 DEC_MD5_VID(STRONGSWAN_2_4_3, "strongSwan 2.4.3")
272 DEC_MD5_VID(STRONGSWAN_2_4_2, "strongSwan 2.4.2")
273 DEC_MD5_VID(STRONGSWAN_2_4_1, "strongSwan 2.4.1")
274 DEC_MD5_VID(STRONGSWAN_2_4_0, "strongSwan 2.4.0")
275 DEC_MD5_VID(STRONGSWAN_2_3_2, "strongSwan 2.3.2")
276 DEC_MD5_VID(STRONGSWAN_2_3_1, "strongSwan 2.3.1")
277 DEC_MD5_VID(STRONGSWAN_2_3_0, "strongSwan 2.3.0")
278 DEC_MD5_VID(STRONGSWAN_2_2_2, "strongSwan 2.2.2")
279 DEC_MD5_VID(STRONGSWAN_2_2_1, "strongSwan 2.2.1")
280 DEC_MD5_VID(STRONGSWAN_2_2_0, "strongSwan 2.2.0")
281
282 /* NAT-Traversal */
283
284 DEC_MD5_VID(NATT_STENBERG_01, "draft-stenberg-ipsec-nat-traversal-01")
285 DEC_MD5_VID(NATT_STENBERG_02, "draft-stenberg-ipsec-nat-traversal-02")
286 DEC_MD5_VID(NATT_HUTTUNEN, "ESPThruNAT")
287 DEC_MD5_VID(NATT_HUTTUNEN_ESPINUDP, "draft-huttunen-ipsec-esp-in-udp-00.txt")
288 DEC_MD5_VID(NATT_IETF_00, "draft-ietf-ipsec-nat-t-ike-00")
289 DEC_MD5_VID(NATT_IETF_02, "draft-ietf-ipsec-nat-t-ike-02")
290 /* hash in draft-ietf-ipsec-nat-t-ike-02 contains '\n'... Accept both */
291 DEC_MD5_VID_D(NATT_IETF_02_N, "draft-ietf-ipsec-nat-t-ike-02\n", "draft-ietf-ipsec-nat-t-ike-02_n")
292 DEC_MD5_VID(NATT_IETF_03, "draft-ietf-ipsec-nat-t-ike-03")
293 DEC_MD5_VID(NATT_RFC, "RFC 3947")
294
295 /* misc */
296
297 { VID_MISC_XAUTH, VID_KEEP, NULL, "XAUTH",
298 { "\x09\x00\x26\x89\xdf\xd6\xb7\x12", 8 } },
299
300 { VID_MISC_DPD, VID_KEEP, NULL, "Dead Peer Detection",
301 { "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00", 16 } },
302
303 DEC_MD5_VID(MISC_FRAGMENTATION, "FRAGMENTATION")
304
305 DEC_MD5_VID(INITIAL_CONTACT, "Vid-Initial-Contact")
306
307 /**
308 * Cisco VPN 3000
309 */
310 { VID_MISC_FRAGMENTATION, VID_MD5HASH | VID_SUBSTRING_DUMPHEXA,
311 "FRAGMENTATION", NULL, { NULL, 0 } },
312
313 /* -- */
314 { 0, 0, NULL, NULL, { NULL, 0 } }
315
316 };
317
318 static const char _hexdig[] = "0123456789abcdef";
319
320 static int _vid_struct_init = 0;
321
322 void init_vendorid(void)
323 {
324 hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
325 struct vid_struct *vid;
326
327 for (vid = _vid_tab; vid->id; vid++)
328 {
329 if (vid->flags & VID_STRING)
330 {
331 /** VendorID is a string **/
332 vid->vid = chunk_create((u_char *)vid->data, strlen(vid->data));
333 vid->vid = chunk_clone(vid->vid);
334 }
335 else if (vid->flags & VID_MD5HASH)
336 {
337 chunk_t vid_data = { (u_char *)vid->data, strlen(vid->data) };
338
339 /** VendorID is a string to hash with MD5 **/
340 hasher->allocate_hash(hasher, vid_data, &vid->vid);
341 }
342
343 if (vid->descr == NULL)
344 {
345 /** Find something to display **/
346 vid->descr = vid->data;
347 }
348 }
349 hasher->destroy(hasher);
350 _vid_struct_init = 1;
351 }
352
353 void free_vendorid(void)
354 {
355 struct vid_struct *vid;
356
357 for (vid = _vid_tab; vid->id; vid++)
358 {
359 if (vid->flags & (VID_STRING | VID_MD5HASH | VID_FSWAN_HASH))
360 {
361 free(vid->vid.ptr);
362 }
363 }
364 }
365
366 static void handle_known_vendorid (struct msg_digest *md, const char *vidstr,
367 size_t len, struct vid_struct *vid)
368 {
369 char vid_dump[128];
370 bool vid_useful = FALSE;
371 size_t i, j;
372
373 switch (vid->id) {
374 /* Remote side supports OpenPGP certificates */
375 case VID_OPENPGP:
376 md->openpgp = TRUE;
377 vid_useful = TRUE;
378 break;
379
380 /*
381 * Use most recent supported NAT-Traversal method and ignore the
382 * other ones (implementations will send all supported methods but
383 * only one will be used)
384 *
385 * Note: most recent == higher id in vendor.h
386 */
387 case VID_NATT_IETF_00:
388 if (!nat_traversal_support_non_ike)
389 break;
390 if ((nat_traversal_enabled) && (!md->nat_traversal_vid))
391 {
392 md->nat_traversal_vid = vid->id;
393 vid_useful = TRUE;
394 }
395 break;
396 case VID_NATT_IETF_02:
397 case VID_NATT_IETF_02_N:
398 case VID_NATT_IETF_03:
399 case VID_NATT_RFC:
400 if (nat_traversal_support_port_floating
401 && md->nat_traversal_vid < vid->id)
402 {
403 md->nat_traversal_vid = vid->id;
404 vid_useful = TRUE;
405 }
406 break;
407
408 /* Remote side would like to do DPD with us on this connection */
409 case VID_MISC_DPD:
410 md->dpd = TRUE;
411 vid_useful = TRUE;
412 break;
413 case VID_MISC_XAUTH:
414 vid_useful = TRUE;
415 break;
416 default:
417 break;
418 }
419
420 if (vid->flags & VID_SUBSTRING_DUMPHEXA)
421 {
422 /* Dump description + Hexa */
423 memset(vid_dump, 0, sizeof(vid_dump));
424 snprintf(vid_dump, sizeof(vid_dump), "%s ",
425 vid->descr ? vid->descr : "");
426 for (i = strlen(vid_dump), j = vid->vid.len;
427 j < len && i < sizeof(vid_dump) - 2;
428 i += 2, j++)
429 {
430 vid_dump[i] = _hexdig[(vidstr[j] >> 4) & 0xF];
431 vid_dump[i+1] = _hexdig[vidstr[j] & 0xF];
432 }
433 }
434 else if (vid->flags & VID_SUBSTRING_DUMPASCII)
435 {
436 /* Dump ASCII content */
437 memset(vid_dump, 0, sizeof(vid_dump));
438 for (i = 0; i < len && i < sizeof(vid_dump) - 1; i++)
439 {
440 vid_dump[i] = (isprint(vidstr[i])) ? vidstr[i] : '.';
441 }
442 }
443 else
444 {
445 /* Dump description (descr) */
446 snprintf(vid_dump, sizeof(vid_dump), "%s",
447 vid->descr ? vid->descr : "");
448 }
449
450 loglog(RC_LOG_SERIOUS, "%s Vendor ID payload [%s]",
451 vid_useful ? "received" : "ignoring", vid_dump);
452 }
453
454 void handle_vendorid (struct msg_digest *md, const char *vid, size_t len)
455 {
456 struct vid_struct *pvid;
457
458 if (!_vid_struct_init)
459 init_vendorid();
460
461 /*
462 * Find known VendorID in _vid_tab
463 */
464 for (pvid = _vid_tab; pvid->id; pvid++)
465 {
466 if (pvid->vid.ptr && vid && pvid->vid.len && len)
467 {
468 if (pvid->vid.len == len)
469 {
470 if (memeq(pvid->vid.ptr, vid, len))
471 {
472 handle_known_vendorid(md, vid, len, pvid);
473 return;
474 }
475 }
476 else if ((pvid->vid.len < len) && (pvid->flags & VID_SUBSTRING))
477 {
478 if (memeq(pvid->vid.ptr, vid, pvid->vid.len))
479 {
480 handle_known_vendorid(md, vid, len, pvid);
481 return;
482 }
483 }
484 }
485 }
486
487 /*
488 * Unknown VendorID. Log the beginning.
489 */
490 {
491 char log_vid[2*MAX_LOG_VID_LEN+1];
492 size_t i;
493
494 memset(log_vid, 0, sizeof(log_vid));
495
496 for (i = 0; i < len && i < MAX_LOG_VID_LEN; i++)
497 {
498 log_vid[2*i] = _hexdig[(vid[i] >> 4) & 0xF];
499 log_vid[2*i+1] = _hexdig[vid[i] & 0xF];
500 }
501 loglog(RC_LOG_SERIOUS, "ignoring Vendor ID payload [%s%s]",
502 log_vid, (len>MAX_LOG_VID_LEN) ? "..." : "");
503 }
504 }
505
506 /**
507 * Add a vendor id payload to the msg
508 */
509 bool out_vendorid (u_int8_t np, pb_stream *outs, enum known_vendorid vid)
510 {
511 struct vid_struct *pvid;
512
513 if (!_vid_struct_init)
514 init_vendorid();
515
516 for (pvid = _vid_tab; pvid->id && pvid->id != vid; pvid++);
517
518 if (pvid->id != vid)
519 return STF_INTERNAL_ERROR; /* not found */
520 if (!pvid->vid.ptr)
521 return STF_INTERNAL_ERROR; /* not initialized */
522
523 DBG(DBG_EMITTING,
524 DBG_log("out_vendorid(): sending [%s]", pvid->descr)
525 )
526 return out_generic_raw(np, &isakmp_vendor_id_desc, outs,
527 pvid->vid.ptr, pvid->vid.len, "V_ID");
528 }
529