def datagram_received(self, data, address):
(host, port) = address
ike = self.clients.get(address)
if not ike:
sock = self.transport.get_extra_info("socket")
my_address = sock.getsockname()
peer = address
ike = IKE(my_address, peer)
self.clients[address] = ike
try:
# work around an iSPI check in ike library
packet = Packet(data=data)
packet.header = data[0:const.IKE_HEADER.size]
(packet.iSPI, packet.rSPI, next_payload, packet.version,
exchange_type, packet.flags, packet.message_id,
packet.length) = const.IKE_HEADER.unpack(packet.header)
if ike.iSPI != packet.iSPI:
ike.iSPI = packet.iSPI
packet = ike.parse_packet(data=data)
for payload in packet.payloads:
if not isinstance(payload, Fragment):
continue
if not hasattr(ike, 'fragments_log'):
ike.fragments_log = []
ike.fragments_log.append(payload)
if payload.length < 8:
self.alert(host, port,
[f._data for f in ike.fragments_log])
ike.fragments_log = []
if ike.state == State.STARTING and packet.exchange_type == ExchangeType.IKE_SA_INIT:
self.transport.sendto(ike.init_send(), address)
elif ike.state == State.INIT and packet.exchange_type == ExchangeType.IKE_SA_INIT:
ike.init_recv()
ike_auth = ike.auth_send()
self.transport.sendto(ike_auth, address)
elif ike.state == State.AUTH and packet.exchange_type == ExchangeType.IKE_AUTH:
ike.auth_recv()
except Exception:
logger = logging.getLogger()
logger.debug("unsupported packet")
hpfl.log('debug', 'IKE unsupported packet')
del self.clients[address]
class IKEInitiator(asyncio.DatagramProtocol):
"""
Implements an IKE initiator that attempt to negotiate a single child SA
to remote peer.
"""
def connection_made(self, transport):
from ike.protocol import IKE
self.transport = transport
sock = self.transport.get_extra_info("socket")
address = sock.getsockname()
peer = sock.getpeername()
logger.debug("Socket created from {} to {}".format(address, peer))
self.ike = IKE(address, peer)
logger.info("Sending INIT")
self.transport.sendto(self.ike.init_send()) # no need for address
def datagram_received(self, data, address):
from ike.protocol import State
from ike.const import ExchangeType
(host, port) = address
logger.info("Received %r from %s:%d" % (data, host, port))
packet = self.ike.parse_packet(data=data)
logger.info('{} message {}'.format(packet.exchange_type.name, packet.message_id))
if self.ike.state == State.INIT and packet.exchange_type == ExchangeType.IKE_SA_INIT:
self.ike.init_recv()
ike_auth = self.ike.auth_send()
logger.info("Sending AUTH")
self.transport.sendto(ike_auth)
logger.info("IKE AUTH SENT")
elif self.ike.state == State.AUTH and packet.exchange_type == ExchangeType.IKE_AUTH:
self.ike.auth_recv()
# Possibly invoked if there is no server listening on the
# address to which we are sending.
def connectionRefused(self):
logger.info("No one listening")