def connection_made(self, transport):
from ike.protocol import IKE
self.transport = transport
sock = self.transport.get_extra_info("socket")
address = sock.getsockname()
peer = sock.getpeername()
logger.debug("Socket created from {} to {}".format(address, peer))
self.ike = IKE(address, peer)
logger.info("Sending INIT")
self.transport.sendto(self.ike.init_send()) # no need for address
def datagram_received(self, data, address):
(host, port) = address
ike = self.clients.get(address)
if not ike:
sock = self.transport.get_extra_info("socket")
my_address = sock.getsockname()
peer = address
ike = IKE(my_address, peer)
self.clients[address] = ike
try:
# work around an iSPI check in ike library
packet = Packet(data=data)
packet.header = data[0:const.IKE_HEADER.size]
(packet.iSPI, packet.rSPI, next_payload, packet.version,
exchange_type, packet.flags, packet.message_id,
packet.length) = const.IKE_HEADER.unpack(packet.header)
if ike.iSPI != packet.iSPI:
ike.iSPI = packet.iSPI
packet = ike.parse_packet(data=data)
for payload in packet.payloads:
if not isinstance(payload, Fragment):
continue
if not hasattr(ike, 'fragments_log'):
ike.fragments_log = []
ike.fragments_log.append(payload)
if payload.length < 8:
self.alert(host, port,
[f._data for f in ike.fragments_log])
ike.fragments_log = []
if ike.state == State.STARTING and packet.exchange_type == ExchangeType.IKE_SA_INIT:
self.transport.sendto(ike.init_send(), address)
elif ike.state == State.INIT and packet.exchange_type == ExchangeType.IKE_SA_INIT:
ike.init_recv()
ike_auth = ike.auth_send()
self.transport.sendto(ike_auth, address)
elif ike.state == State.AUTH and packet.exchange_type == ExchangeType.IKE_AUTH:
ike.auth_recv()
except Exception:
logger = logging.getLogger()
logger.debug("unsupported packet")
hpfl.log('debug', 'IKE unsupported packet')
del self.clients[address]
