2 * Copyright (c) 2003 Markus Friedl. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <epan/packet.h>
29 void proto_register_udpencap(void);
30 void proto_reg_handoff_udpencap(void);
32 static int proto_udpencap = -1;
34 static int hf_nat_keepalive = -1;
35 static int hf_non_esp_marker = -1;
37 static gint ett_udpencap = -1;
39 static dissector_handle_t esp_handle;
40 static dissector_handle_t isakmp_handle;
43 * UDP Encapsulation of IPsec Packets
44 * draft-ietf-ipsec-udp-encaps-06.txt
47 dissect_udpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
50 proto_tree *udpencap_tree;
54 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDPENCAP");
55 col_clear(pinfo->cinfo, COL_INFO);
57 ti = proto_tree_add_item(tree, proto_udpencap, tvb, 0, -1, ENC_NA);
58 udpencap_tree = proto_item_add_subtree(ti, ett_udpencap);
60 /* 1 byte of 0xFF indicates NAT-keepalive */
61 if ((tvb_captured_length(tvb) == 1) && (tvb_get_guint8(tvb, 0) == 0xff)) {
62 col_set_str(pinfo->cinfo, COL_INFO, "NAT-keepalive");
63 proto_tree_add_item(udpencap_tree, hf_nat_keepalive, tvb, 0, 1, ENC_NA);
65 /* SPI of zero indicates IKE traffic, otherwise it's ESP */
66 spi = tvb_get_ntohl(tvb, 0);
68 col_set_str(pinfo->cinfo, COL_INFO, "ISAKMP");
69 proto_tree_add_item(udpencap_tree, hf_non_esp_marker, tvb, 0, 4, ENC_NA);
70 proto_item_set_len(ti, 4);
71 next_tvb = tvb_new_subset_remaining(tvb, 4);
72 call_dissector(isakmp_handle, next_tvb, pinfo, tree);
74 col_set_str(pinfo->cinfo, COL_INFO, "ESP");
75 proto_item_set_len(ti, 0);
76 call_dissector(esp_handle, tvb, pinfo, tree);
82 proto_register_udpencap(void)
84 static hf_register_info hf[] = {
85 { &hf_nat_keepalive, { "NAT-keepalive packet", "udpencap.nat_keepalive",
86 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
87 { &hf_non_esp_marker, { "Non-ESP Marker", "udpencap.non_esp_marker",
88 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
91 static gint *ett[] = {
95 proto_udpencap = proto_register_protocol(
96 "UDP Encapsulation of IPsec Packets", "UDPENCAP", "udpencap");
97 proto_register_field_array(proto_udpencap, hf, array_length(hf));
98 proto_register_subtree_array(ett, array_length(ett));
102 proto_reg_handoff_udpencap(void)
104 dissector_handle_t udpencap_handle;
106 esp_handle = find_dissector("esp");
107 isakmp_handle = find_dissector("isakmp");
109 udpencap_handle = create_dissector_handle(dissect_udpencap, proto_udpencap);
110 dissector_add_uint("udp.port", 4500, udpencap_handle);
114 * Editor modelines - http://www.wireshark.org/tools/modelines.html
119 * indent-tabs-mode: nil
122 * ex: set shiftwidth=2 tabstop=8 expandtab:
123 * :indentSize=2:tabSize=8:noTabs=true: