2 * Routines for the Internet Security Association and Key Management Protocol (ISAKMP)
3 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
5 * $Id: packet-isakmp.c,v 1.5 1999/07/08 06:03:21 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
36 #include <netinet/in.h>
40 #ifdef NEED_SNPRINTF_H
46 # include "snprintf.h"
49 #define NUM_PROTO_TYPES 5
50 #define proto2str(t) \
51 ((t < NUM_PROTO_TYPES) ? prototypestr[t] : "UNKNOWN-PROTO-TYPE")
53 static const char *prototypestr[NUM_PROTO_TYPES] = {
61 #define NUM_ATT_TYPES 13
62 #define atttype2str(t) \
63 ((t < NUM_ATT_TYPES) ? atttypestr[t] : "UNKNOWN-ATTRIBUTE-TYPE")
65 static const char *atttypestr[NUM_ATT_TYPES] = {
66 "UNKNOWN-ATTRIBUTE-TYPE",
71 "Authentication-Algorithm",
74 "Compress-Dictinary-Size",
75 "Compress-Private-Algorithm"
76 "UNKNOWN-ATTRIBUTE-TYPE",
79 "Oakley-Life-Duration"
82 #define NUM_TRANS_TYPES 2
83 #define trans2str(t) \
84 ((t < NUM_TRANS_TYPES) ? transtypestr[t] : "UNKNOWN-TRANS-TYPE")
86 static const char *transtypestr[NUM_TRANS_TYPES] = {
91 #define NUM_ID_TYPES 12
93 ((t < NUM_ID_TYPES) ? idtypestr[t] : "UNKNOWN-ID-TYPE")
95 static const char *idtypestr[NUM_ID_TYPES] = {
132 struct proposal_hdr {
139 guint8 num_transforms;
146 guint8 transform_num;
151 #define TRANS_LEN(p) (pntohs(&((struct trans_hdr *)(p))->length))
226 static void dissect_none(const u_char *, int, frame_data *, proto_tree *);
227 static void dissect_sa(const u_char *, int, frame_data *, proto_tree *);
228 static void dissect_proposal(const u_char *, int, frame_data *, proto_tree *);
229 static void dissect_transform(const u_char *, int, frame_data *, proto_tree *);
230 static void dissect_key_exch(const u_char *, int, frame_data *, proto_tree *);
231 static void dissect_id(const u_char *, int, frame_data *, proto_tree *);
232 static void dissect_cert(const u_char *, int, frame_data *, proto_tree *);
233 static void dissect_certreq(const u_char *, int, frame_data *, proto_tree *);
234 static void dissect_hash(const u_char *, int, frame_data *, proto_tree *);
235 static void dissect_sig(const u_char *, int, frame_data *, proto_tree *);
236 static void dissect_nonce(const u_char *, int, frame_data *, proto_tree *);
237 static void dissect_notif(const u_char *, int, frame_data *, proto_tree *);
238 static void dissect_delete(const u_char *, int, frame_data *, proto_tree *);
239 static void dissect_vid(const u_char *, int, frame_data *, proto_tree *);
241 static const char *payloadtype2str(guint8);
242 static const char *exchtype2str(guint8);
243 static const char *doitype2str(guint32);
244 static const char *msgtype2str(guint16);
245 static const char *situation2str(guint32);
246 static const char *value2str(guint16, guint16);
247 static const char *num2str(const guint8 *, guint16);
249 #define NUM_LOAD_TYPES 14
250 #define loadtype2str(t) \
251 ((t < NUM_LOAD_TYPES) ? strfuncs[t].str : "Unknown payload type")
253 static struct strfunc {
255 void (*func)(const u_char *, int, frame_data *, proto_tree *);
256 } strfuncs[NUM_LOAD_TYPES] = {
257 {"NONE", dissect_none },
258 {"Security Association", dissect_sa },
259 {"Proposal", dissect_proposal },
260 {"Transform", dissect_transform },
261 {"Key Exchange", dissect_key_exch },
262 {"Identification", dissect_id },
263 {"Certificate", dissect_cert },
264 {"Certificate Request", dissect_certreq },
265 {"Hash", dissect_hash },
266 {"Signature", dissect_sig },
267 {"Nonce", dissect_nonce },
268 {"Notification", dissect_notif },
269 {"Delete", dissect_delete },
270 {"Vendor ID", dissect_vid }
273 void dissect_isakmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
275 struct isakmp_hdr * hdr = (struct isakmp_hdr *)(pd + offset);
278 if (check_col(fd, COL_PROTOCOL))
279 col_add_str(fd, COL_PROTOCOL, "ISAKMP");
281 len = pntohl(&hdr->length);
283 if (check_col(fd, COL_INFO))
284 col_add_fstr(fd, COL_INFO, "%s", exchtype2str(hdr->exch_type));
286 if (fd->cap_len > offset && tree) {
288 proto_tree * isakmp_tree;
290 ti = proto_tree_add_text(tree, offset, len,
291 "Internet Security Association and Key Management Protocol");
292 isakmp_tree = proto_item_add_subtree(ti, ETT_ISAKMP);
294 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->icookie),
296 offset += sizeof(hdr->icookie);
298 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->rcookie),
300 offset += sizeof(hdr->rcookie);
302 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->next_payload),
303 "Next payload: %s (%u)",
304 payloadtype2str(hdr->next_payload), hdr->next_payload);
305 offset += sizeof(hdr->next_payload);
307 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->version),
309 hi_nibble(hdr->version), lo_nibble(hdr->version));
310 offset += sizeof(hdr->version);
312 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->exch_type),
313 "Exchange type: %s (%u)",
314 exchtype2str(hdr->exch_type), hdr->exch_type);
315 offset += sizeof(hdr->exch_type);
321 fti = proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->flags), "Flags");
322 ftree = proto_item_add_subtree(fti, ETT_ISAKMP_FLAGS);
324 proto_tree_add_text(ftree, offset, 1, "%s",
325 decode_boolean_bitfield(hdr->flags, E_FLAG, sizeof(hdr->flags)*8,
326 "Encryption", "No encryption"));
327 proto_tree_add_text(ftree, offset, 1, "%s",
328 decode_boolean_bitfield(hdr->flags, C_FLAG, sizeof(hdr->flags)*8,
329 "Commit", "No commit"));
330 proto_tree_add_text(ftree, offset, 1, "%s",
331 decode_boolean_bitfield(hdr->flags, A_FLAG, sizeof(hdr->flags)*8,
332 "Authentication", "No authentication"));
333 offset += sizeof(hdr->flags);
336 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->message_id), "Message ID");
337 offset += sizeof(hdr->message_id);
339 proto_tree_add_text(isakmp_tree, offset, sizeof(hdr->length),
341 offset += sizeof(hdr->length);
343 if (hdr->next_payload < NUM_LOAD_TYPES)
344 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, isakmp_tree);
346 dissect_data(pd, offset, fd, isakmp_tree);
351 dissect_none(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
355 dissect_sa(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
357 struct sa_hdr * hdr = (struct sa_hdr *)(pd + offset);
358 guint16 length = pntohs(&hdr->length);
359 guint32 doi = pntohl(&hdr->doi);
360 guint32 situation = pntohl(&hdr->situation);
361 proto_item * ti = proto_tree_add_text(tree, offset, length, "Security Association payload");
364 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
366 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
367 "Next payload: %s (%u)",
368 payloadtype2str(hdr->next_payload), hdr->next_payload);
369 offset += sizeof(hdr->next_payload) * 2;
371 proto_tree_add_text(ntree, offset, sizeof(length),
372 "Length: %u", length);
373 offset += sizeof(length);
375 proto_tree_add_text(ntree, offset, sizeof(doi),
376 "Domain of interpretation: %s (%u)",
377 doitype2str(doi), doi);
378 offset += sizeof(doi);
380 proto_tree_add_text(ntree, offset, sizeof(situation),
381 "Situation: %s (%u)",
382 situation2str(situation), situation);
383 offset += sizeof(situation);
385 dissect_proposal(pd, offset, fd, ntree);
386 offset += (length - sizeof(*hdr));
388 if (hdr->next_payload < NUM_LOAD_TYPES)
389 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
391 dissect_data(pd, offset, fd, tree);
395 dissect_proposal(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
397 struct proposal_hdr * hdr = (struct proposal_hdr *)(pd + offset);
398 guint16 length = pntohs(&hdr->length);
399 proto_item * ti = proto_tree_add_text(tree, offset, length, "Proposal payload");
403 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
405 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
406 "Next payload: %s (%u)",
407 payloadtype2str(hdr->next_payload), hdr->next_payload);
408 offset += sizeof(hdr->next_payload) * 2;
410 proto_tree_add_text(ntree, offset, sizeof(length),
411 "Length: %u", length);
412 offset += sizeof(length);
414 proto_tree_add_text(ntree, offset, sizeof(hdr->proposal_num),
415 "Proposal number: %u", hdr->proposal_num);
416 offset += sizeof(hdr->proposal_num);
418 proto_tree_add_text(ntree, offset, sizeof(hdr->protocol_id),
419 "Protocol ID: %s (%u)",
420 proto2str(hdr->protocol_id), hdr->protocol_id);
421 offset += sizeof(hdr->protocol_id);
423 proto_tree_add_text(ntree, offset, sizeof(hdr->spi_size),
424 "SPI size: %u", hdr->spi_size);
425 offset += sizeof(hdr->spi_size);
428 proto_tree_add_text(ntree, offset, hdr->spi_size, "SPI");
429 offset += hdr->spi_size;
432 proto_tree_add_text(ntree, offset, sizeof(hdr->num_transforms),
433 "Number of transforms: %u", hdr->num_transforms);
434 offset += sizeof(hdr->num_transforms);
436 for (i = 0; i < hdr->num_transforms; ++i) {
437 dissect_transform(pd, offset, fd, ntree);
438 offset += TRANS_LEN(pd+offset);
441 if (hdr->next_payload < NUM_LOAD_TYPES)
442 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
444 dissect_data(pd, offset, fd, tree);
448 dissect_transform(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
450 struct trans_hdr * hdr = (struct trans_hdr *)(pd + offset);
451 guint16 length = pntohs(&hdr->length);
452 proto_item * ti = proto_tree_add_text(tree, offset, length, "Transform payload");
455 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
457 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
458 "Next payload: %s (%u)",
459 payloadtype2str(hdr->next_payload), hdr->next_payload);
460 offset += sizeof(hdr->next_payload) * 2;
462 proto_tree_add_text(ntree, offset, sizeof(length),
463 "Length: %u", length);
464 offset += sizeof(length);
466 proto_tree_add_text(ntree, offset, sizeof(hdr->transform_num),
467 "Transform number: %u", hdr->transform_num);
468 offset += sizeof(hdr->transform_num);
470 proto_tree_add_text(ntree, offset, sizeof(hdr->transform_id),
471 "Transform ID: %s (%u)",
472 trans2str(hdr->transform_id), hdr->transform_id);
473 offset += sizeof(hdr->transform_id) + sizeof(hdr->reserved2);
475 length -= sizeof(*hdr);
477 guint16 type = pntohs(pd + offset) & 0x7fff;
478 guint16 val_len = pntohs(pd + offset + 2);
480 if (pd[offset] & 0xf0) {
481 proto_tree_add_text(ntree, offset, 4,
483 atttype2str(type), type,
484 value2str(type, val_len), val_len);
489 guint16 pack_len = 4 + val_len;
491 proto_tree_add_text(ntree, offset, pack_len,
493 atttype2str(type), type,
494 num2str(pd + offset + 4, val_len));
500 if (hdr->next_payload < NUM_LOAD_TYPES)
501 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
503 dissect_data(pd, offset, fd, tree);
507 dissect_key_exch(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
509 struct ke_hdr * hdr = (struct ke_hdr *)(pd + offset);
510 guint16 length = pntohs(&hdr->length);
511 proto_item * ti = proto_tree_add_text(tree, offset, length, "Key Exchange payload");
514 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
516 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
517 "Next payload: %s (%u)",
518 payloadtype2str(hdr->next_payload), hdr->next_payload);
519 offset += sizeof(hdr->next_payload) * 2;
521 proto_tree_add_text(ntree, offset, sizeof(length),
522 "Length: %u", length);
523 offset += sizeof(length);
525 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Key Exchange Data");
526 offset += (length - sizeof(*hdr));
528 if (hdr->next_payload < NUM_LOAD_TYPES)
529 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
531 dissect_data(pd, offset, fd, tree);
535 dissect_id(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
537 struct id_hdr * hdr = (struct id_hdr *)(pd + offset);
538 guint16 length = pntohs(&hdr->length);
539 proto_item * ti = proto_tree_add_text(tree, offset, length, "Identification payload");
542 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
544 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
545 "Next payload: %s (%u)",
546 payloadtype2str(hdr->next_payload), hdr->next_payload);
547 offset += sizeof(hdr->next_payload) * 2;
549 proto_tree_add_text(ntree, offset, sizeof(length),
550 "Length: %u", length);
551 offset += sizeof(length);
553 proto_tree_add_text(ntree, offset, sizeof(hdr->id_type),
554 "ID type: %s (%u)", id2str(hdr->id_type), hdr->id_type);
555 offset += sizeof(hdr->id_type);
557 proto_tree_add_text(ntree, offset, sizeof(hdr->protocol_id),
558 "Protocol ID: %u", hdr->protocol_id);
559 offset += sizeof(hdr->protocol_id);
561 proto_tree_add_text(ntree, offset, sizeof(hdr->port),
562 "Port: %u", pntohs(&hdr->port));
563 offset += sizeof(hdr->port);
565 switch (hdr->id_type) {
568 proto_tree_add_text(ntree, offset, length-sizeof(*hdr),
569 "Identification data: %s", ip_to_str(pd+offset));
573 proto_tree_add_text(ntree, offset, length-sizeof(*hdr),
574 "Identification data: %s", (char *)(pd+offset));
577 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Identification Data");
579 offset += (length - sizeof(*hdr));
581 if (hdr->next_payload < NUM_LOAD_TYPES)
582 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
584 dissect_data(pd, offset, fd, tree);
588 dissect_cert(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
590 struct cert_hdr * hdr = (struct cert_hdr *)(pd + offset);
591 guint16 length = pntohs(&hdr->length);
592 proto_item * ti = proto_tree_add_text(tree, offset, length, "Certificate payload");
595 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
597 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
598 "Next payload: %s (%u)",
599 payloadtype2str(hdr->next_payload), hdr->next_payload);
600 offset += sizeof(hdr->next_payload) * 2;
602 proto_tree_add_text(ntree, offset, sizeof(length),
603 "Length: %u", length);
604 offset += sizeof(length);
606 proto_tree_add_text(ntree, offset, sizeof(hdr->cert_enc),
607 "Certificate encoding: %u", hdr->cert_enc);
608 offset += sizeof(hdr->cert_enc);
610 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Certificate Data");
611 offset += (length - sizeof(*hdr));
613 if (hdr->next_payload < NUM_LOAD_TYPES)
614 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
616 dissect_data(pd, offset, fd, tree);
620 dissect_certreq(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
622 struct certreq_hdr * hdr = (struct certreq_hdr *)(pd + offset);
623 guint16 length = pntohs(&hdr->length);
624 proto_item * ti = proto_tree_add_text(tree, offset, length, "Certificate Request payload");
627 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
629 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
630 "Next payload: %s (%u)",
631 payloadtype2str(hdr->next_payload), hdr->next_payload);
632 offset += sizeof(hdr->next_payload) * 2;
634 proto_tree_add_text(ntree, offset, sizeof(length),
635 "Length: %u", length);
636 offset += sizeof(length);
638 proto_tree_add_text(ntree, offset, sizeof(hdr->cert_type),
639 "Certificate type: %u", hdr->cert_type);
640 offset += sizeof(hdr->cert_type);
642 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Certificate Authority");
643 offset += (length - sizeof(*hdr));
645 if (hdr->next_payload < NUM_LOAD_TYPES)
646 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
648 dissect_data(pd, offset, fd, tree);
652 dissect_hash(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
654 struct hash_hdr * hdr = (struct hash_hdr *)(pd + offset);
655 guint16 length = pntohs(&hdr->length);
656 proto_item * ti = proto_tree_add_text(tree, offset, length, "Hash payload");
659 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
661 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
662 "Next payload: %s (%u)",
663 payloadtype2str(hdr->next_payload), hdr->next_payload);
664 offset += sizeof(hdr->next_payload) * 2;
666 proto_tree_add_text(ntree, offset, sizeof(length),
667 "Length: %u", length);
668 offset += sizeof(length);
670 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Hash Data");
671 offset += (length - sizeof(*hdr));
673 if (hdr->next_payload < NUM_LOAD_TYPES)
674 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
676 dissect_data(pd, offset, fd, tree);
680 dissect_sig(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
682 struct sig_hdr * hdr = (struct sig_hdr *)(pd + offset);
683 guint16 length = pntohs(&hdr->length);
684 proto_item * ti = proto_tree_add_text(tree, offset, length, "Signature payload");
687 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
689 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
690 "Next payload: %s (%u)",
691 payloadtype2str(hdr->next_payload), hdr->next_payload);
692 offset += sizeof(hdr->next_payload) * 2;
694 proto_tree_add_text(ntree, offset, sizeof(length),
695 "Length: %u", length);
696 offset += sizeof(length);
698 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Signature Data");
699 offset += (length - sizeof(*hdr));
701 if (hdr->next_payload < NUM_LOAD_TYPES)
702 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
704 dissect_data(pd, offset, fd, tree);
708 dissect_nonce(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
710 struct nonce_hdr * hdr = (struct nonce_hdr *)(pd + offset);
711 guint16 length = pntohs(&hdr->length);
712 proto_item * ti = proto_tree_add_text(tree, offset, length, "Nonce payload");
715 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
717 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
718 "Next payload: %s (%u)",
719 payloadtype2str(hdr->next_payload), hdr->next_payload);
720 offset += sizeof(hdr->next_payload) * 2;
722 proto_tree_add_text(ntree, offset, sizeof(length),
723 "Length: %u", length);
724 offset += sizeof(length);
726 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Nonce Data");
727 offset += (length - sizeof(*hdr));
729 if (hdr->next_payload < NUM_LOAD_TYPES)
730 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
732 dissect_data(pd, offset, fd, tree);
736 dissect_notif(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
738 struct notif_hdr * hdr = (struct notif_hdr *)(pd + offset);
739 guint16 length = pntohs(&hdr->length);
740 guint32 doi = pntohl(&hdr->doi);
741 guint16 msgtype = pntohs(&hdr->msgtype);
742 proto_item * ti = proto_tree_add_text(tree, offset, length, "Notification payload");
745 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
747 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
748 "Next payload: %s (%u)",
749 payloadtype2str(hdr->next_payload), hdr->next_payload);
750 offset += sizeof(hdr->next_payload) * 2;
752 proto_tree_add_text(ntree, offset, sizeof(length),
753 "Length: %u", length);
754 offset += sizeof(length);
756 proto_tree_add_text(ntree, offset, sizeof(doi),
757 "Domain of Interpretation: %s (%u)", doitype2str(doi), doi);
758 offset += sizeof(doi);
760 proto_tree_add_text(ntree, offset, sizeof(hdr->protocol_id),
761 "Protocol ID: %s (%u)",
762 proto2str(hdr->protocol_id), hdr->protocol_id);
763 offset += sizeof(hdr->protocol_id);
765 proto_tree_add_text(ntree, offset, sizeof(hdr->spi_size),
766 "SPI size: %u", hdr->spi_size);
767 offset += sizeof(hdr->spi_size);
769 proto_tree_add_text(ntree, offset, sizeof(msgtype),
770 "Message type: %s (%u)", msgtype2str(msgtype), msgtype);
771 offset += sizeof(msgtype);
774 proto_tree_add_text(ntree, offset, hdr->spi_size, "Security Parameter Index");
775 offset += hdr->spi_size;
778 if (length - sizeof(*hdr)) {
779 proto_tree_add_text(ntree, offset, length - sizeof(*hdr) - hdr->spi_size,
780 "Notification Data");
781 offset += (length - sizeof(*hdr) - hdr->spi_size);
784 if (hdr->next_payload < NUM_LOAD_TYPES)
785 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
787 dissect_data(pd, offset, fd, tree);
791 dissect_delete(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
793 struct delete_hdr * hdr = (struct delete_hdr *)(pd + offset);
794 guint16 length = pntohs(&hdr->length);
795 guint32 doi = pntohl(&hdr->doi);
796 guint16 num_spis = pntohs(&hdr->num_spis);
797 proto_item * ti = proto_tree_add_text(tree, offset, length, "Delete payload");
801 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
803 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
804 "Next payload: %s (%u)",
805 payloadtype2str(hdr->next_payload), hdr->next_payload);
806 offset += sizeof(hdr->next_payload) * 2;
808 proto_tree_add_text(ntree, offset, sizeof(length),
809 "Length: %u", length);
810 offset += sizeof(length);
812 proto_tree_add_text(ntree, offset, sizeof(doi),
813 "Domain of Interpretation: %s (%u)", doitype2str(doi), doi);
814 offset += sizeof(doi);
816 proto_tree_add_text(ntree, offset, sizeof(hdr->protocol_id),
817 "Protocol ID: %s (%u)",
818 proto2str(hdr->protocol_id), hdr->protocol_id);
819 offset += sizeof(hdr->protocol_id);
821 proto_tree_add_text(ntree, offset, sizeof(hdr->spi_size),
822 "SPI size: %u", hdr->spi_size);
823 offset += sizeof(hdr->spi_size);
825 proto_tree_add_text(ntree, offset, num_spis,
826 "Number of SPIs: %u", num_spis);
827 offset += sizeof(hdr->num_spis);
829 for (i = 0; i < num_spis; ++i) {
830 proto_tree_add_text(ntree, offset, hdr->spi_size,
832 offset += hdr->spi_size;
835 if (hdr->next_payload < NUM_LOAD_TYPES)
836 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
838 dissect_data(pd, offset, fd, tree);
842 dissect_vid(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
844 struct vid_hdr * hdr = (struct vid_hdr *)(pd + offset);
845 guint16 length = pntohs(&hdr->length);
846 proto_item * ti = proto_tree_add_text(tree, offset, length, "Vendor ID payload");
849 ntree = proto_item_add_subtree(ti, ETT_ISAKMP_PAYLOAD);
851 proto_tree_add_text(ntree, offset, sizeof(hdr->next_payload),
852 "Next payload: %s (%u)",
853 payloadtype2str(hdr->next_payload), hdr->next_payload);
854 offset += sizeof(hdr->next_payload) * 2;
856 proto_tree_add_text(ntree, offset, sizeof(length),
857 "Length: %u", length);
858 offset += sizeof(length);
860 proto_tree_add_text(ntree, offset, length - sizeof(*hdr), "Vendor ID");
861 offset += (length - sizeof(*hdr));
863 if (hdr->next_payload < NUM_LOAD_TYPES)
864 (*strfuncs[hdr->next_payload].func)(pd, offset, fd, tree);
866 dissect_data(pd, offset, fd, tree);
870 payloadtype2str(guint8 type) {
872 if (type < NUM_LOAD_TYPES) return strfuncs[type].str;
873 if (type < 128) return "RESERVED";
874 if (type < 256) return "Private USE";
876 return "Huh? You should never see this! Shame on you!";
880 exchtype2str(guint8 type) {
882 #define NUM_EXCHSTRS 6
883 static const char * exchstrs[NUM_EXCHSTRS] = {
886 "Identity Protection",
887 "Authentication Only",
892 if (type < NUM_EXCHSTRS) return exchstrs[type];
893 if (type < 32) return "ISAKMP Future Use";
894 if (type < 240) return "DOI Specific Use";
895 if (type < 256) return "Private Use";
897 return "Huh? You should never see this! Shame on you!";
901 doitype2str(guint32 type) {
902 if (type == 1) return "IPSEC";
903 return "Unknown DOI Type";
907 msgtype2str(guint16 type) {
909 #define NUM_PREDEFINED 31
910 static const char *msgs[NUM_PREDEFINED] = {
912 "INVALID-PAYLOAD-TYPE",
914 "SITUATION-NOT-SUPPORTED",
916 "INVALID-MAJOR-VERSION",
917 "INVALID-MINOR-VERSION",
918 "INVALID-EXCHANGE-TYPE",
920 "INVALID-MESSAGE-ID",
921 "INVALID-PROTOCOL-ID",
923 "INVALID-TRANSFORM-ID",
924 "ATTRIBUTES-NOT-SUPPORTED",
925 "NO-PROPOSAL-CHOSEN",
926 "BAD-PROPOSAL-SYNTAX",
928 "INVALID-KEY-INFORMATION",
929 "INVALID-ID-INFORMATION",
930 "INVALID-CERT-ENCODING",
931 "INVALID-CERTIFICATE",
932 "CERT-TYPE-UNSUPPORTED",
933 "INVALID-CERT-AUTHORITY",
934 "INVALID-HASH-INFORMATION",
935 "AUTHENTICATION-FAILED",
937 "ADDRESS-NOTIFICATION",
938 "NOTIFY-SA-LIFETIME",
939 "CERTIFICATE-UNAVAILABLE",
940 "UNSUPPORTED-EXCHANGE-TYPE",
941 "UNEQUAL-PAYLOAD-LENGTHS"
944 if (type < NUM_PREDEFINED) return msgs[type];
945 if (type < 8192) return "RESERVED (Future Use)";
946 if (type < 16384) return "Private Use";
947 if (type < 16385) return "CONNECTED";
948 if (type < 24576) return "RESERVED (Future Use) - status";
949 if (type < 24577) return "RESPONDER-LIFETIME";
950 if (type < 24578) return "REPLAY-STATUS";
951 if (type < 24579) return "INITIAL-CONTACT";
952 if (type < 32768) return "DOI-specific codes";
953 if (type < 40960) return "Private Use - status";
954 if (type < 65535) return "RESERVED (Future Use) - status (2)";
956 return "Huh? You should never see this! Shame on you!";
960 situation2str(guint32 type) {
962 #define SIT_MSG_NUM 1024
963 #define SIT_IDENTITY 0x01
964 #define SIT_SECRECY 0x02
965 #define SIT_INTEGRITY 0x04
967 static char msg[SIT_MSG_NUM];
971 if (type & SIT_IDENTITY) {
972 n += snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
975 if (type & SIT_SECRECY) {
976 n += snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
979 if (type & SIT_INTEGRITY) {
980 n += snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
988 value2str(guint16 att_type, guint16 value) {
990 if (value == 0) return "RESERVED";
996 case 1: return "Seconds";
997 case 2: return "Kilobytes";
998 default: return "UNKNOWN-SA-VALUE";
1001 return "Group-Value";
1004 case 1: return "Tunnel";
1005 case 2: return "Transport";
1006 default: return "UNKNOWN-ENCAPSULATION-VALUE";
1010 case 1: return "HMAC-MD5";
1011 case 2: return "HMAC-SHA";
1012 case 3: return "DES-MAC";
1013 case 4: return "KPDK";
1014 default: return "UNKNOWN-AUTHENTICATION-VALUE";
1018 default: return "UNKNOWN-ATTRIBUTE-TYPE";
1023 num2str(const guint8 *pd, guint16 len) {
1025 #define NUMSTR_LEN 1024
1026 static char numstr[NUMSTR_LEN];
1030 snprintf(numstr, NUMSTR_LEN, "%u", *pd);
1033 snprintf(numstr, NUMSTR_LEN, "%u", pntohs(pd));
1036 snprintf(numstr, NUMSTR_LEN, "%u", pntohl(pd) & 0x0fff);
1039 snprintf(numstr, NUMSTR_LEN, "%u", pntohl(pd));
1042 snprintf(numstr, NUMSTR_LEN, "<too big>");