2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
11 * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
14 * 04/2009 Added routines for decryption of IKEv2 Encrypted Payload
15 * Naoyoshi Ueda <piyomaru3141@gmail.com>
17 * 08/2016 Added decryption using AES-GCM, AES-CCM and AES-CTR
18 * and verification using AES-GCM, AES-CCM
19 * Michal Skalski <mskalski13@gmail.com>
21 * Wireshark - Network traffic analyzer
22 * By Gerald Combs <gerald@wireshark.org>
23 * Copyright 1998 Gerald Combs
25 * This program is free software; you can redistribute it and/or
26 * modify it under the terms of the GNU General Public License
27 * as published by the Free Software Foundation; either version 2
28 * of the License, or (at your option) any later version.
30 * This program is distributed in the hope that it will be useful,
31 * but WITHOUT ANY WARRANTY; without even the implied warranty of
32 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
33 * GNU General Public License for more details.
35 * You should have received a copy of the GNU General Public License
36 * along with this program; if not, write to the Free Software
37 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
40 * IKEv2 http://www.ietf.org/rfc/rfc4306.txt?number=4306
41 * IKEv2bis http://www.ietf.org/rfc/rfc5996.txt?number=5996
43 * http://www.iana.org/assignments/isakmp-registry (last updated 2011-11-07)
44 * http://www.iana.org/assignments/ipsec-registry (last updated 2011-03-14)
45 * http://www.iana.org/assignments/ikev2-parameters (last updated 2011-12-19)
50 #include <epan/packet.h>
51 #include <epan/ipproto.h>
52 #include <epan/asn1.h>
53 #include <epan/reassemble.h>
54 #include <epan/prefs.h>
55 #include <epan/expert.h>
56 #include <epan/to_str.h>
57 #include <epan/conversation.h>
58 #include <wsutil/str_util.h>
59 #include "packet-x509if.h"
60 #include "packet-x509af.h"
61 #include "packet-isakmp.h"
64 #include <wsutil/wsgcrypt.h>
65 #include <epan/proto_data.h>
66 #include <epan/strutil.h>
68 #if GCRYPT_VERSION_NUMBER >= 0x010600
69 #define HAVE_LIBGCRYPT_AEAD 1
73 void proto_register_isakmp(void);
74 void proto_reg_handoff_isakmp(void);
76 /* Struct for the byte_to_str, match_bytestr_idx, and match_bytestr functions */
78 typedef struct _byte_string {
84 typedef struct _attribute_common_fields {
90 } attribute_common_fields;
92 static int proto_isakmp = -1;
94 static int hf_isakmp_nat_keepalive = -1;
95 static int hf_isakmp_nat_hash = -1;
96 static int hf_isakmp_nat_original_address_ipv6 = -1;
97 static int hf_isakmp_nat_original_address_ipv4 = -1;
99 static int hf_isakmp_ispi = -1;
100 static int hf_isakmp_rspi = -1;
101 static int hf_isakmp_typepayload = -1;
102 static int hf_isakmp_nextpayload = -1;
103 static int hf_isakmp_criticalpayload = -1;
104 static int hf_isakmp_datapayload = -1;
105 static int hf_isakmp_extradata = -1;
106 static int hf_isakmp_version = -1;
107 static int hf_isakmp_mjver = -1;
108 static int hf_isakmp_mnver = -1;
109 static int hf_isakmp_exchangetype_v1 = -1;
110 static int hf_isakmp_exchangetype_v2 = -1;
111 static int hf_isakmp_flags = -1;
112 static int hf_isakmp_flag_e = -1;
113 static int hf_isakmp_flag_c = -1;
114 static int hf_isakmp_flag_a = -1;
115 static int hf_isakmp_flag_i = -1;
116 static int hf_isakmp_flag_v = -1;
117 static int hf_isakmp_flag_r = -1;
118 static int hf_isakmp_messageid = -1;
119 static int hf_isakmp_length = -1;
120 static int hf_isakmp_payloadlen = -1;
121 static int hf_isakmp_sa_doi = -1;
122 static int hf_isakmp_sa_situation = -1;
123 static int hf_isakmp_sa_situation_identity_only = -1;
124 static int hf_isakmp_sa_situation_secrecy = -1;
125 static int hf_isakmp_sa_situation_integrity = -1;
126 static int hf_isakmp_prop_protoid_v1 = -1;
127 static int hf_isakmp_prop_protoid_v2 = -1;
128 static int hf_isakmp_prop_number = -1;
129 static int hf_isakmp_prop_transforms = -1;
130 static int hf_isakmp_spisize = -1;
131 static int hf_isakmp_spi = -1;
132 static int hf_isakmp_trans_number = -1;
133 static int hf_isakmp_trans_id = -1;
134 static int hf_isakmp_id_type_v1 = -1;
135 static int hf_isakmp_id_type_v2 = -1;
136 static int hf_isakmp_id_protoid = -1;
137 static int hf_isakmp_id_port = -1;
138 static int hf_isakmp_id_data = -1;
139 static int hf_isakmp_id_data_ipv4_addr = -1;
140 static int hf_isakmp_id_data_fqdn = -1;
141 static int hf_isakmp_id_data_user_fqdn = -1;
142 static int hf_isakmp_id_data_ipv4_subnet = -1;
143 static int hf_isakmp_id_data_ipv4_range_start = -1;
144 static int hf_isakmp_id_data_ipv4_range_end = -1;
145 static int hf_isakmp_id_data_ipv6_addr = -1;
146 static int hf_isakmp_id_data_ipv6_subnet = -1;
147 static int hf_isakmp_id_data_ipv6_range_start = -1;
148 static int hf_isakmp_id_data_ipv6_range_end = -1;
149 static int hf_isakmp_id_data_key_id = -1;
150 static int hf_isakmp_id_data_cert = -1;
151 static int hf_isakmp_cert_encoding_v1 = -1;
152 static int hf_isakmp_cert_encoding_v2 = -1;
153 static int hf_isakmp_cert_data = -1;
154 static int hf_isakmp_cert_x509_hash = -1;
155 static int hf_isakmp_cert_x509_url = -1;
156 static int hf_isakmp_certreq_type_v1 = -1;
157 static int hf_isakmp_certreq_type_v2 = -1;
158 static int hf_isakmp_certreq_authority_v1 = -1;
159 static int hf_isakmp_certreq_authority_v2 = -1;
160 static int hf_isakmp_certreq_authority_sig = -1;
161 static int hf_isakmp_auth_meth = -1;
162 static int hf_isakmp_auth_data = -1;
163 static int hf_isakmp_notify_doi = -1;
164 static int hf_isakmp_notify_protoid_v1 = -1;
165 static int hf_isakmp_notify_protoid_v2 = -1;
166 static int hf_isakmp_notify_msgtype_v1 = -1;
167 static int hf_isakmp_notify_msgtype_v2 = -1;
168 static int hf_isakmp_notify_data = -1;
169 static int hf_isakmp_notify_data_dpd_are_you_there = -1;
170 static int hf_isakmp_notify_data_dpd_are_you_there_ack = -1;
171 static int hf_isakmp_notify_data_unity_load_balance = -1;
172 static int hf_isakmp_notify_data_ipcomp_cpi = -1;
173 static int hf_isakmp_notify_data_ipcomp_transform_id = -1;
174 static int hf_isakmp_notify_data_redirect_gw_ident_type = -1;
175 static int hf_isakmp_notify_data_redirect_gw_ident_len = -1;
176 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4 = -1;
177 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6 = -1;
178 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn = -1;
179 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident = -1;
180 static int hf_isakmp_notify_data_redirect_nonce_data = -1;
181 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4 = -1;
182 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6 = -1;
183 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident = -1;
184 static int hf_isakmp_notify_data_ticket_lifetime = -1;
185 static int hf_isakmp_notify_data_ticket_data = -1;
187 static attribute_common_fields hf_isakmp_notify_data_rohc_attr = { -1, -1, -1, -1, -1 };
188 static int hf_isakmp_notify_data_rohc_attr_max_cid = -1;
189 static int hf_isakmp_notify_data_rohc_attr_profile = -1;
190 static int hf_isakmp_notify_data_rohc_attr_integ = -1;
191 static int hf_isakmp_notify_data_rohc_attr_icv_len = -1;
192 static int hf_isakmp_notify_data_rohc_attr_mrru = -1;
193 static int hf_isakmp_notify_data_qcd_token_secret_data = -1;
194 static int hf_isakmp_notify_data_ha_nonce_data = -1;
195 static int hf_isakmp_notify_data_ha_expected_send_req_msg_id = -1;
196 static int hf_isakmp_notify_data_ha_expected_recv_req_msg_id = -1;
197 static int hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value = -1;
198 static int hf_isakmp_notify_data_secure_password_methods = -1;
199 static int hf_isakmp_delete_doi = -1;
200 static int hf_isakmp_delete_protoid_v1 = -1;
201 static int hf_isakmp_delete_protoid_v2 = -1;
202 static int hf_isakmp_delete_spi = -1;
203 static int hf_isakmp_vid_bytes = -1;
204 static int hf_isakmp_vid_string = -1;
205 static int hf_isakmp_vid_cp_product = -1;
206 static int hf_isakmp_vid_cp_version = -1;
207 static int hf_isakmp_vid_cp_timestamp = -1;
208 static int hf_isakmp_vid_cp_reserved = -1;
209 static int hf_isakmp_vid_cp_features = -1;
210 static int hf_isakmp_vid_cisco_unity_major = -1;
211 static int hf_isakmp_vid_cisco_unity_minor = -1;
212 static int hf_isakmp_vid_ms_nt5_isakmpoakley = -1;
213 static int hf_isakmp_vid_aruba_via_auth_profile = -1;
214 static int hf_isakmp_ts_number_of_ts = -1;
215 static int hf_isakmp_ts_type = -1;
216 static int hf_isakmp_ts_protoid = -1;
217 static int hf_isakmp_ts_selector_length = -1;
218 static int hf_isakmp_ts_start_port = -1;
219 static int hf_isakmp_ts_end_port = -1;
220 static int hf_isakmp_ts_start_addr_ipv4 = -1;
221 static int hf_isakmp_ts_end_addr_ipv4 = -1;
222 static int hf_isakmp_ts_start_addr_ipv6 = -1;
223 static int hf_isakmp_ts_end_addr_ipv6 = -1;
224 static int hf_isakmp_ts_start_addr_fc = -1;
225 static int hf_isakmp_ts_end_addr_fc = -1;
226 static int hf_isakmp_ts_start_r_ctl = -1;
227 static int hf_isakmp_ts_end_r_ctl = -1;
228 static int hf_isakmp_ts_start_type = -1;
229 static int hf_isakmp_ts_end_type = -1;
230 static int hf_isakmp_ts_data = -1;
231 static int hf_isakmp_num_spis = -1;
232 static int hf_isakmp_hash = -1;
233 static int hf_isakmp_sig = -1;
234 static int hf_isakmp_nonce = -1;
236 static attribute_common_fields hf_isakmp_tf_attr = { -1, -1, -1, -1, -1 };
237 static int hf_isakmp_tf_attr_life_type = -1;
238 static int hf_isakmp_tf_attr_life_duration_uint32 = -1;
239 static int hf_isakmp_tf_attr_life_duration_uint64 = -1;
240 static int hf_isakmp_tf_attr_life_duration_bytes = -1;
241 static int hf_isakmp_tf_attr_group_description = -1;
242 static int hf_isakmp_tf_attr_encap_mode = -1;
243 static int hf_isakmp_tf_attr_auth_algorithm = -1;
244 static int hf_isakmp_tf_attr_key_length = -1;
245 static int hf_isakmp_tf_attr_key_rounds = -1;
246 static int hf_isakmp_tf_attr_cmpr_dict_size = -1;
247 static int hf_isakmp_tf_attr_cmpr_algorithm = -1;
248 static int hf_isakmp_tf_attr_ecn_tunnel = -1;
249 static int hf_isakmp_tf_attr_ext_seq_nbr = -1;
250 static int hf_isakmp_tf_attr_auth_key_length = -1;
251 static int hf_isakmp_tf_attr_sig_enco_algorithm = -1;
252 static int hf_isakmp_tf_attr_addr_preservation = -1;
253 static int hf_isakmp_tf_attr_sa_direction = -1;
255 static attribute_common_fields hf_isakmp_ike_attr = { -1, -1, -1, -1, -1 };
256 static int hf_isakmp_ike_attr_encryption_algorithm = -1;
257 static int hf_isakmp_ike_attr_hash_algorithm = -1;
258 static int hf_isakmp_ike_attr_authentication_method = -1;
259 static int hf_isakmp_ike_attr_group_description = -1;
260 static int hf_isakmp_ike_attr_group_type = -1;
261 static int hf_isakmp_ike_attr_group_prime = -1;
262 static int hf_isakmp_ike_attr_group_generator_one = -1;
263 static int hf_isakmp_ike_attr_group_generator_two = -1;
264 static int hf_isakmp_ike_attr_group_curve_a = -1;
265 static int hf_isakmp_ike_attr_group_curve_b = -1;
266 static int hf_isakmp_ike_attr_life_type = -1;
267 static int hf_isakmp_ike_attr_life_duration_uint32 = -1;
268 static int hf_isakmp_ike_attr_life_duration_uint64 = -1;
269 static int hf_isakmp_ike_attr_life_duration_bytes = -1;
270 static int hf_isakmp_ike_attr_prf = -1;
271 static int hf_isakmp_ike_attr_key_length = -1;
272 static int hf_isakmp_ike_attr_field_size = -1;
273 static int hf_isakmp_ike_attr_group_order = -1;
275 static int hf_isakmp_trans_type = -1;
276 static int hf_isakmp_trans_encr = -1;
277 static int hf_isakmp_trans_prf = -1;
278 static int hf_isakmp_trans_integ = -1;
279 static int hf_isakmp_trans_dh = -1;
280 static int hf_isakmp_trans_esn = -1;
281 static int hf_isakmp_trans_id_v2 = -1;
283 static attribute_common_fields hf_isakmp_ike2_attr = { -1, -1, -1, -1, -1 };
284 static int hf_isakmp_ike2_attr_key_length = -1;
286 static int hf_isakmp_fragments = -1;
287 static int hf_isakmp_fragment = -1;
288 static int hf_isakmp_fragment_overlap = -1;
289 static int hf_isakmp_fragment_overlap_conflicts = -1;
290 static int hf_isakmp_fragment_multiple_tails = -1;
291 static int hf_isakmp_fragment_too_long_fragment = -1;
292 static int hf_isakmp_fragment_error = -1;
293 static int hf_isakmp_fragment_count = -1;
294 static int hf_isakmp_reassembled_in = -1;
295 static int hf_isakmp_reassembled_length = -1;
297 static int hf_isakmp_ike2_fragment_number = -1;
298 static int hf_isakmp_ike2_total_fragments = -1;
300 static int hf_isakmp_cisco_frag_packetid = -1;
301 static int hf_isakmp_cisco_frag_seq = -1;
302 static int hf_isakmp_cisco_frag_last = -1;
304 static int hf_isakmp_key_exch_dh_group = -1;
305 static int hf_isakmp_key_exch_data = -1;
306 static int hf_isakmp_eap_data = -1;
308 static int hf_isakmp_gspm_data = -1;
310 static int hf_isakmp_cfg_type_v1 = -1;
311 static int hf_isakmp_cfg_identifier = -1;
312 static int hf_isakmp_cfg_type_v2 = -1;
314 static attribute_common_fields hf_isakmp_cfg_attr = { -1, -1, -1, -1, -1 };
315 static int hf_isakmp_cfg_attr_type_v1 = -1;
316 static int hf_isakmp_cfg_attr_type_v2 = -1;
318 static int hf_isakmp_cfg_attr_internal_ip4_address = -1;
319 static int hf_isakmp_cfg_attr_internal_ip4_netmask = -1;
320 static int hf_isakmp_cfg_attr_internal_ip4_dns = -1;
321 static int hf_isakmp_cfg_attr_internal_ip4_nbns = -1;
322 static int hf_isakmp_cfg_attr_internal_address_expiry = -1;
323 static int hf_isakmp_cfg_attr_internal_ip4_dhcp = -1;
324 static int hf_isakmp_cfg_attr_application_version = -1;
325 static int hf_isakmp_cfg_attr_internal_ip6_address_ip = -1;
326 static int hf_isakmp_cfg_attr_internal_ip6_address_prefix = -1;
327 static int hf_isakmp_cfg_attr_internal_ip6_netmask = -1;
328 static int hf_isakmp_cfg_attr_internal_ip6_dns = -1;
329 static int hf_isakmp_cfg_attr_internal_ip6_nbns = -1;
330 static int hf_isakmp_cfg_attr_internal_ip6_dhcp = -1;
331 static int hf_isakmp_cfg_attr_internal_ip4_subnet_ip = -1;
332 static int hf_isakmp_cfg_attr_internal_ip4_subnet_netmask = -1;
333 static int hf_isakmp_cfg_attr_supported_attributes = -1;
334 static int hf_isakmp_cfg_attr_internal_ip6_subnet_ip = -1;
335 static int hf_isakmp_cfg_attr_internal_ip6_subnet_prefix = -1;
336 static int hf_isakmp_cfg_attr_internal_ip6_link_interface = -1;
337 static int hf_isakmp_cfg_attr_internal_ip6_link_id = -1;
338 static int hf_isakmp_cfg_attr_internal_ip6_prefix_ip = -1;
339 static int hf_isakmp_cfg_attr_internal_ip6_prefix_length = -1;
340 static int hf_isakmp_cfg_attr_p_cscf_ip4_address = -1;
341 static int hf_isakmp_cfg_attr_p_cscf_ip6_address = -1;
342 static int hf_isakmp_cfg_attr_xauth_type = -1;
343 static int hf_isakmp_cfg_attr_xauth_user_name = -1;
344 static int hf_isakmp_cfg_attr_xauth_user_password = -1;
345 static int hf_isakmp_cfg_attr_xauth_passcode = -1;
346 static int hf_isakmp_cfg_attr_xauth_message = -1;
347 static int hf_isakmp_cfg_attr_xauth_challenge = -1;
348 static int hf_isakmp_cfg_attr_xauth_domain = -1;
349 static int hf_isakmp_cfg_attr_xauth_status = -1;
350 static int hf_isakmp_cfg_attr_xauth_next_pin = -1;
351 static int hf_isakmp_cfg_attr_xauth_answer = -1;
352 static int hf_isakmp_cfg_attr_unity_banner = -1;
353 static int hf_isakmp_cfg_attr_unity_def_domain = -1;
355 static int hf_isakmp_enc_decrypted_data = -1;
356 static int hf_isakmp_enc_contained_data = -1;
357 static int hf_isakmp_enc_pad_length= -1;
358 static int hf_isakmp_enc_padding = -1;
359 static int hf_isakmp_enc_data = -1;
360 static int hf_isakmp_enc_iv = -1;
361 static int hf_isakmp_enc_icd = -1;
363 static gint ett_isakmp = -1;
364 static gint ett_isakmp_version = -1;
365 static gint ett_isakmp_flags = -1;
366 static gint ett_isakmp_payload = -1;
367 static gint ett_isakmp_fragment = -1;
368 static gint ett_isakmp_fragments = -1;
369 static gint ett_isakmp_sa = -1;
370 static gint ett_isakmp_attr = -1;
371 static gint ett_isakmp_id = -1;
372 #ifdef HAVE_LIBGCRYPT
373 /* For decrypted IKEv2 Encrypted payload*/
374 static gint ett_isakmp_decrypted_data = -1;
375 static gint ett_isakmp_decrypted_payloads = -1;
376 #endif /* HAVE_LIBGCRYPT */
378 static expert_field ei_isakmp_enc_iv = EI_INIT;
379 static expert_field ei_isakmp_ikev2_integrity_checksum = EI_INIT;
380 static expert_field ei_isakmp_enc_data_length_mult_block_size = EI_INIT;
381 static expert_field ei_isakmp_enc_pad_length_big = EI_INIT;
382 static expert_field ei_isakmp_attribute_value_empty = EI_INIT;
383 static expert_field ei_isakmp_payload_bad_length = EI_INIT;
384 static expert_field ei_isakmp_bad_fragment_number = EI_INIT;
386 static dissector_handle_t eap_handle = NULL;
388 static reassembly_table isakmp_cisco_reassembly_table;
389 static reassembly_table isakmp_ike2_reassembly_table;
391 static const fragment_items isakmp_frag_items = {
392 /* Fragment subtrees */
393 &ett_isakmp_fragment,
394 &ett_isakmp_fragments,
395 /* Fragment fields */
396 &hf_isakmp_fragments,
398 &hf_isakmp_fragment_overlap,
399 &hf_isakmp_fragment_overlap_conflicts,
400 &hf_isakmp_fragment_multiple_tails,
401 &hf_isakmp_fragment_too_long_fragment,
402 &hf_isakmp_fragment_error,
403 &hf_isakmp_fragment_count,
404 /* Reassembled in field */
405 &hf_isakmp_reassembled_in,
406 /* Reassembled length field */
407 &hf_isakmp_reassembled_length,
408 /* Reassembled data field */
413 /* IKE port number assigned by IANA */
414 #define UDP_PORT_ISAKMP 500
415 #define TCP_PORT_ISAKMP 500
420 * RFC3554 for ID_LIST
422 * RFC4595 for ID_FC_NAME
424 #define IKE_ID_IPV4_ADDR 1
425 #define IKE_ID_FQDN 2
426 #define IKE_ID_USER_FQDN 3
427 #define IKE_ID_IPV4_ADDR_SUBNET 4
428 #define IKE_ID_IPV6_ADDR 5
429 #define IKE_ID_IPV6_ADDR_SUBNET 6
430 #define IKE_ID_IPV4_ADDR_RANGE 7
431 #define IKE_ID_IPV6_ADDR_RANGE 8
432 #define IKE_ID_DER_ASN1_DN 9
433 #define IKE_ID_DER_ASN1_GN 10
434 #define IKE_ID_KEY_ID 11
435 #define IKE_ID_LIST 12
436 #define IKE_ID_FC_NAME 12
437 #define IKE_ID_RFC822_ADDR 3
439 * Traffic Selector Type
440 * Not in use for IKEv1
442 #define IKEV2_TS_IPV4_ADDR_RANGE 7
443 #define IKEV2_TS_IPV6_ADDR_RANGE 8
444 #define IKEV2_TS_FC_ADDR_RANGE 9
446 * Configuration Payload Attribute Types
447 * draft-ietf-ipsec-isakmp-mode-cfg-05.txt for IKEv1
448 * draft-ietf-ipsec-isakmp-xauth-06.txt and draft-beaulieu-ike-xauth-02.txt for XAUTH
450 * RFC5739 for INTERNAL_IP6_LINK and INTERNAL_IP6_PREFIX
451 * draft-gundavelli-ipsecme-3gpp-ims-options for P_CSCF_IP4_ADDRESS and P_CSCF_IP6_ADDRESS
453 #define INTERNAL_IP4_ADDRESS 1
454 #define INTERNAL_IP4_NETMASK 2
455 #define INTERNAL_IP4_DNS 3
456 #define INTERNAL_IP4_NBNS 4
457 #define INTERNAL_ADDRESS_EXPIRY 5
458 #define INTERNAL_IP4_DHCP 6
459 #define APPLICATION_VERSION 7
460 #define INTERNAL_IP6_ADDRESS 8
461 #define INTERNAL_IP6_NETMASK 9
462 #define INTERNAL_IP6_DNS 10
463 #define INTERNAL_IP6_NBNS 11
464 #define INTERNAL_IP6_DHCP 12
465 #define INTERNAL_IP4_SUBNET 13
466 #define SUPPORTED_ATTRIBUTES 14
467 #define INTERNAL_IP6_SUBNET 15
468 #define MIP6_HOME_PREFIX 16
469 #define INTERNAL_IP6_LINK 17
470 #define INTERNAL_IP6_PREFIX 18
471 #define P_CSCF_IP4_ADDRESS 20
472 #define P_CSCF_IP6_ADDRESS 21
473 /* checkpoint configuration attributes */
474 #define CHKPT_DEF_DOMAIN 16387
475 #define CHKPT_MAC_ADDRESS 16388
476 #define CHKPT_MARCIPAN_REASON_CODE 16389
477 #define CHKPT_UNKNOWN1 16400
478 #define CHKPT_UNKNOWN2 16401
479 #define CHKPT_UNKNOWN3 16402
480 /* XAUTH configuration attributes */
481 #define XAUTH_TYPE 16520
482 #define XAUTH_USER_NAME 16521
483 #define XAUTH_USER_PASSWORD 16522
484 #define XAUTH_PASSCODE 16523
485 #define XAUTH_MESSAGE 16524
486 #define XAUTH_CHALLENGE 16525
487 #define XAUTH_DOMAIN 16526
488 #define XAUTH_STATUS 16527
489 #define XAUTH_NEXT_PIN 16528
490 #define XAUTH_ANSWER 16529
491 /* unity (CISCO) configuration attributes */
492 #define UNITY_BANNER 28672
493 #define UNITY_SAVE_PASSWD 28673
494 #define UNITY_DEF_DOMAIN 28674
495 #define UNITY_SPLIT_DOMAIN 28675
496 #define UNITY_SPLIT_INCLUDE 28676
497 #define UNITY_NATT_PORT 28677
498 #define UNITY_SPLIT_EXCLUDE 28678
499 #define UNITY_PFS 28679
500 #define UNITY_FW_TYPE 28680
501 #define UNITY_BACKUP_SERVERS 28681
502 #define UNITY_DDNS_HOSTNAME 28682
505 * RFC2408 / RFC3547 for IKEv1
508 #define PLOAD_IKE_NONE 0
509 #define PLOAD_IKE_SA 1
510 #define PLOAD_IKE_P 2
511 #define PLOAD_IKE_T 3
512 #define PLOAD_IKE_KE 4
513 #define PLOAD_IKE_ID 5
514 #define PLOAD_IKE_CERT 6
515 #define PLOAD_IKE_CR 7
516 #define PLOAD_IKE_HASH 8
517 #define PLOAD_IKE_SIG 9
518 #define PLOAD_IKE_NONCE 10
519 #define PLOAD_IKE_N 11
520 #define PLOAD_IKE_D 12
521 #define PLOAD_IKE_VID 13
522 #define PLOAD_IKE_A 14
523 #define PLOAD_IKE_NAT_D48 15
524 #define PLOAD_IKE_NAT_OA58 16
525 #define PLOAD_IKE_NAT_D 20
526 #define PLOAD_IKE_NAT_OA 21
527 #define PLOAD_IKE_GAP 22
528 #define PLOAD_IKE2_SA 33
529 #define PLOAD_IKE2_KE 34
530 #define PLOAD_IKE2_IDI 35
531 #define PLOAD_IKE2_IDR 36
532 #define PLOAD_IKE2_CERT 37
533 #define PLOAD_IKE2_CERTREQ 38
534 #define PLOAD_IKE2_AUTH 39
535 #define PLOAD_IKE2_NONCE 40
536 #define PLOAD_IKE2_N 41
537 #define PLOAD_IKE2_D 42
538 #define PLOAD_IKE2_V 43
539 #define PLOAD_IKE2_TSI 44
540 #define PLOAD_IKE2_TSR 45
541 #define PLOAD_IKE2_SK 46
542 #define PLOAD_IKE2_CP 47
543 #define PLOAD_IKE2_EAP 48
544 #define PLOAD_IKE2_GSPM 49
545 #define PLOAD_IKE2_IDG 50
546 #define PLOAD_IKE2_GSA 51
547 #define PLOAD_IKE2_KD 52
548 #define PLOAD_IKE2_SKF 53
549 #define PLOAD_IKE_NAT_D13 130
550 #define PLOAD_IKE_NAT_OA14 131
551 #define PLOAD_IKE_CISCO_FRAG 132
553 * IPSEC Situation Definition (RFC2407)
555 #define SIT_IDENTITY_ONLY 0x01
556 #define SIT_SECRECY 0x02
557 #define SIT_INTEGRITY 0x04
560 static const value_string exchange_v1_type[] = {
563 { 2, "Identity Protection (Main Mode)" },
564 { 3, "Authentication Only" },
566 { 5, "Informational" },
567 { 6, "Transaction (Config Mode)" },
568 { 32, "Quick Mode" },
569 { 33, "New Group Mode" },
573 static const value_string exchange_v2_type[] = {
574 { 34, "IKE_SA_INIT" },
576 { 36, "CREATE_CHILD_SA" },
577 { 37, "INFORMATIONAL" },
578 { 38, "IKE_SESSION_RESUME" }, /* RFC5723 */
582 static const value_string frag_last_vals[] = {
583 { 0, "More fragments" },
584 { 1, "Last fragment" },
588 static const value_string protoid_v1_type[] = {
594 { 5, "GIGABEAM_RADIO" }, /* RFC4705 */
598 static const value_string protoid_v2_type[] = {
603 { 4, "FC_ESP_HEADER" },
604 { 5, "FC_CT_AUTHENTICATION" },
608 static const range_string payload_type[] = {
609 { PLOAD_IKE_NONE,PLOAD_IKE_NONE, "NONE / No Next Payload " },
610 { PLOAD_IKE_SA,PLOAD_IKE_SA, "Security Association" },
611 { PLOAD_IKE_P,PLOAD_IKE_P, "Proposal" },
612 { PLOAD_IKE_T,PLOAD_IKE_T, "Transform" },
613 { PLOAD_IKE_KE,PLOAD_IKE_KE, "Key Exchange" },
614 { PLOAD_IKE_ID,PLOAD_IKE_ID, "Identification" },
615 { PLOAD_IKE_CERT,PLOAD_IKE_CERT, "Certificate" },
616 { PLOAD_IKE_CR,PLOAD_IKE_CR, "Certificate Request" },
617 { PLOAD_IKE_HASH,PLOAD_IKE_HASH, "Hash" },
618 { PLOAD_IKE_SIG,PLOAD_IKE_SIG, "Signature" },
619 { PLOAD_IKE_NONCE,PLOAD_IKE_NONCE, "Nonce" },
620 { PLOAD_IKE_N,PLOAD_IKE_N, "Notification" },
621 { PLOAD_IKE_D,PLOAD_IKE_D, "Delete" },
622 { PLOAD_IKE_VID,PLOAD_IKE_VID, "Vendor ID" },
623 { PLOAD_IKE_A,PLOAD_IKE_A, "Attributes" }, /* draft-ietf-ipsec-isakmp-mode-cfg-05.txt */
624 { PLOAD_IKE_NAT_D48,PLOAD_IKE_NAT_D48, "NAT-Discovery" }, /* draft-ietf-ipsec-nat-t-ike-04 to 08 */
625 { PLOAD_IKE_NAT_OA58,PLOAD_IKE_NAT_OA58, "NAT-Original Address"}, /* draft-ietf-ipsec-nat-t-ike-05 to 08*/
626 { PLOAD_IKE_NAT_D,PLOAD_IKE_NAT_D, "NAT-D (RFC 3947)" },
627 { PLOAD_IKE_NAT_OA,PLOAD_IKE_NAT_OA, "NAT-OA (RFC 3947)"},
628 { PLOAD_IKE_GAP,PLOAD_IKE_GAP, "Group Associated Policy"},
629 { PLOAD_IKE2_SA,PLOAD_IKE2_SA, "Security Association"},
630 { PLOAD_IKE2_KE,PLOAD_IKE2_KE, "Key Exchange"},
631 { PLOAD_IKE2_IDI,PLOAD_IKE2_IDI, "Identification - Initiator"},
632 { PLOAD_IKE2_IDR,PLOAD_IKE2_IDR, "Identification - Responder"},
633 { PLOAD_IKE2_CERT,PLOAD_IKE2_CERT, "Certificate"},
634 { PLOAD_IKE2_CERTREQ,PLOAD_IKE2_CERTREQ, "Certificate Request"},
635 { PLOAD_IKE2_AUTH,PLOAD_IKE2_AUTH, "Authentication"},
636 { PLOAD_IKE2_NONCE,PLOAD_IKE2_NONCE, "Nonce"},
637 { PLOAD_IKE2_N,PLOAD_IKE2_N, "Notify"},
638 { PLOAD_IKE2_D,PLOAD_IKE2_D, "Delete"},
639 { PLOAD_IKE2_V,PLOAD_IKE2_V, "Vendor ID"},
640 { PLOAD_IKE2_TSI,PLOAD_IKE2_TSI, "Traffic Selector - Initiator"},
641 { PLOAD_IKE2_TSR,PLOAD_IKE2_TSR, "Traffic Selector - Responder"},
642 { PLOAD_IKE2_SK,PLOAD_IKE2_SK, "Encrypted and Authenticated"},
643 { PLOAD_IKE2_CP,PLOAD_IKE2_CP, "Configuration"},
644 { PLOAD_IKE2_EAP,PLOAD_IKE2_EAP, "Extensible Authentication"},
645 { PLOAD_IKE2_GSPM,PLOAD_IKE2_GSPM, "Generic Secure Password Method"},
646 { PLOAD_IKE2_IDG,PLOAD_IKE2_IDG, "Group Identification"},
647 { PLOAD_IKE2_GSA,PLOAD_IKE2_GSA, "Group Security Association"},
648 { PLOAD_IKE2_KD,PLOAD_IKE2_KD, "Key Download"},
649 { PLOAD_IKE2_SKF,PLOAD_IKE2_SKF, "Encrypted and Authenticated Fragment"},
650 { 54,127, "Unassigned" },
651 { 128,129, "Private Use" },
652 { PLOAD_IKE_NAT_D13,PLOAD_IKE_NAT_D13, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
653 { PLOAD_IKE_NAT_OA14,PLOAD_IKE_NAT_OA14, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
654 { PLOAD_IKE_CISCO_FRAG,PLOAD_IKE_CISCO_FRAG, "Cisco-Fragmentation"},
655 { 133,256, "Private Use" },
660 * ISAKMP Domain of Interpretation (DOI)
665 static const value_string doi_type[] = {
674 #define ISAKMP_ATTR_LIFE_TYPE 1
675 #define ISAKMP_ATTR_LIFE_DURATION 2
676 #define ISAKMP_ATTR_GROUP_DESC 3
677 #define ISAKMP_ATTR_ENCAP_MODE 4
678 #define ISAKMP_ATTR_AUTH_ALGORITHM 5
679 #define ISAKMP_ATTR_KEY_LENGTH 6
680 #define ISAKMP_ATTR_KEY_ROUNDS 7
681 #define ISAKMP_ATTR_CMPR_DICT_SIZE 8
682 #define ISAKMP_ATTR_CMPR_ALGORITHM 9
683 #define ISAKMP_ATTR_ECN_TUNNEL 10 /* [RFC3168] */
684 #define ISAKMP_ATTR_EXT_SEQ_NBR 11 /* [RFC4304] */
685 #define ISAKMP_ATTR_AUTH_KEY_LENGTH 12 /* [RFC4359] */
686 #define ISAKMP_ATTR_SIG_ENCO_ALGORITHM 13 /* [RFC4359] */
687 #define ISAKMP_ATTR_ADDR_PRESERVATION 14 /* [RFC6407] */
688 #define ISAKMP_ATTR_SA_DIRECTION 15 /* [RFC6407] */
690 static const range_string transform_isakmp_attr_type[] = {
691 { 1,1, "SA-Life-Type" },
692 { 2,2, "SA-Life-Duration" },
693 { 3,3, "Group-Description" },
694 { 4,4, "Encapsulation-Mode" },
695 { 5,5, "Authentication-Algorithm" },
696 { 6,6, "Key-Length" },
697 { 7,7, "Key-Rounds" },
698 { 8,8, "Compress-Dictionary-Size" },
699 { 9,9, "Compress-Private-Algorithm" },
700 { 10,10, "ECN Tunnel" },
701 { 11,11, "Extended (64-bit) Sequence Number" },
702 { 12,12, "Authentication Key Length" },
703 { 13,13, "Signature Encoding Algorithm" },
704 { 14,14, "Address Preservation" },
705 { 15,15, "SA Direction" },
706 { 16,32000, "Unassigned (Future use)" },
707 { 32001,32767, "Private use" },
711 /* Transform IKE Type */
712 #define IKE_ATTR_ENCRYPTION_ALGORITHM 1
713 #define IKE_ATTR_HASH_ALGORITHM 2
714 #define IKE_ATTR_AUTHENTICATION_METHOD 3
715 #define IKE_ATTR_GROUP_DESCRIPTION 4
716 #define IKE_ATTR_GROUP_TYPE 5
717 #define IKE_ATTR_GROUP_PRIME 6
718 #define IKE_ATTR_GROUP_GENERATOR_ONE 7
719 #define IKE_ATTR_GROUP_GENERATOR_TWO 8
720 #define IKE_ATTR_GROUP_CURVE_A 9
721 #define IKE_ATTR_GROUP_CURVE_B 10
722 #define IKE_ATTR_LIFE_TYPE 11
723 #define IKE_ATTR_LIFE_DURATION 12
724 #define IKE_ATTR_PRF 13
725 #define IKE_ATTR_KEY_LENGTH 14
726 #define IKE_ATTR_FIELD_SIZE 15
727 #define IKE_ATTR_GROUP_ORDER 16
731 static const range_string transform_ike_attr_type[] = {
732 { 1,1, "Encryption-Algorithm" },
733 { 2,2, "Hash-Algorithm" },
734 { 3,3, "Authentication-Method" },
735 { 4,4, "Group-Description" },
736 { 5,5, "Group-Type" },
737 { 6,6, "Group-Prime" },
738 { 7,7, "Group-Generator-One" },
739 { 8,8, "Group-Generator-Two" },
740 { 9,9, "Group-Curve-A" },
741 { 10,10, "Group-Curve-B" },
742 { 11,11, "Life-Type" },
743 { 12,12, "Life-Duration" },
745 { 14,14, "Key-Length" },
746 { 15,15, "Field-Size" },
747 { 16,16, "Group-Order" },
748 { 17,16383, "Unassigned (Future use)" },
749 { 16384,32767, "Private use" },
754 static const value_string vs_v2_sttr[] = {
755 { 1, "SA-Life-Type" },
756 { 2, "SA-Life-Duration" },
757 { 3, "Group-Description" },
758 { 4, "Encapsulation-Mode" },
759 { 5, "Authentication-Algorithm" },
762 { 8, "Compress-Dictionary-Size" },
763 { 9, "Compress-Private-Algorithm" },
764 { 10, "ECN Tunnel" },
769 static const value_string vs_v1_trans_isakmp[] = {
775 static const value_string vs_v1_trans_ah[] = {
787 static const value_string vs_v1_trans_esp[] = {
804 static const value_string transform_id_ipcomp[] = {
812 static const value_string redirect_gateway_identity_type[] = {
813 { 1, "IPv4 address" },
814 { 2, "IPv6 address" },
818 static const value_string transform_attr_sa_life_type[] = {
825 static const value_string transform_attr_encap_type[] = {
829 { 3, "UDP-Encapsulated-Tunnel" }, /* RFC3947 */
830 { 4, "UDP-Encapsulated-Transport" }, /* RFC3947 */
831 { 61440, "Check Point IPSec UDP Encapsulation" },
832 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
833 { 61444, "UDP-Encapsulated-Transport (draft)" },
837 static const value_string transform_attr_auth_type[] = {
843 { 5, "HMAC-SHA2-256" },
844 { 6, "HMAC-SHA2-384" },
845 { 7, "HMAC-SHA2-512" },
846 { 8, "HMAC-RIPEMD" }, /* [RFC2857] */
847 { 9, "AES-XCBC-MAC" }, /* [RFC3566] */
848 { 10, "SIG-RSA" }, /* [RFC4359] */
849 { 11, "AES-128-GMAC" }, /* [RFC4543][Errata1821] */
850 { 12, "AES-192-GMAC" }, /* [RFC4543][Errata1821] */
851 { 13, "AES-256-GMAC" }, /* [RFC4543][Errata1821] */
854 Values 11-61439 are reserved to IANA. Values 61440-65535 are
860 #define ENC_DES_CBC 1
861 #define ENC_IDEA_CBC 2
862 #define ENC_BLOWFISH_CBC 3
863 #define ENC_RC5_R16_B64_CBC 4
864 #define ENC_3DES_CBC 5
865 #define ENC_CAST_CBC 6
866 #define ENC_AES_CBC 7
867 #define ENC_CAMELLIA_CBC 8
869 static const value_string transform_attr_enc_type[] = {
871 { ENC_DES_CBC, "DES-CBC" },
872 { ENC_IDEA_CBC, "IDEA-CBC" },
873 { ENC_BLOWFISH_CBC, "BLOWFISH-CBC" },
874 { ENC_RC5_R16_B64_CBC, "RC5-R16-B64-CBC" },
875 { ENC_3DES_CBC, "3DES-CBC" },
876 { ENC_CAST_CBC, "CAST-CBC" },
877 { ENC_AES_CBC, "AES-CBC" },
878 { ENC_CAMELLIA_CBC, "CAMELLIA-CBC" },
885 #define HMAC_SHA2_256 4
886 #define HMAC_SHA2_384 5
887 #define HMAC_SHA2_512 6
889 static const value_string transform_attr_hash_type[] = {
893 { HMAC_TIGER, "TIGER" },
894 { HMAC_SHA2_256, "SHA2-256" },
895 { HMAC_SHA2_384, "SHA2-384" },
896 { HMAC_SHA2_512, "SHA2-512" },
900 static const value_string transform_attr_ecn_type[] = {
907 static const value_string transform_attr_ext_seq_nbr_type[] = {
909 { 1, "64-bit Sequence Number" },
914 static const value_string transform_attr_sig_enco_algo_type[] = {
916 { 1, "RSASSA-PKCS1-v1_5" },
922 static const value_string transform_attr_addr_preservation_type[] = {
925 { 2, "Source-Only" },
926 { 3, "Destination-Only" },
927 { 4, "Source-and-Destination" },
931 static const value_string transform_attr_sa_direction_type[] = {
933 { 1, "Sender-Only" },
934 { 2, "Receiver-Only" },
939 static const value_string transform_attr_authmeth_type[] = {
945 { 5, "RSA-Revised-ENC" },
946 { 6, "Encryption with El-Gamal" },
947 { 7, "Revised encryption with El-Gamal" },
948 { 8, "ECDSA signatures" },
949 { 9, "AES-XCBC-MAC" },
950 { 64221, "HybridInitRSA" },
951 { 64222, "HybridRespRSA" },
952 { 64223, "HybridInitDSS" },
953 { 64224, "HybridRespDSS" },
954 { 65001, "XAUTHInitPreShared" },
955 { 65002, "XAUTHRespPreShared" },
956 { 65003, "XAUTHInitDSS" },
957 { 65004, "XAUTHRespDSS" },
958 { 65005, "XAUTHInitRSA" },
959 { 65006, "XAUTHRespRSA" },
960 { 65007, "XAUTHInitRSAEncryption" },
961 { 65008, "XAUTHRespRSAEncryption" },
962 { 65009, "XAUTHInitRSARevisedEncryption" },
963 { 65010, "XAUTHRespRSARevisedEncryption" },
968 static const value_string transform_dh_group_type[] = {
969 { 0, "UNDEFINED - 0" },
970 { 1, "Default 768-bit MODP group" },
971 { 2, "Alternate 1024-bit MODP group" },
972 { 3, "EC2N group on GP[2^155] group" },
973 { 4, "EC2N group on GP[2^185] group" },
974 { 5, "1536 bit MODP group" },
975 { 6, "EC2N group over GF[2^163]" },
976 { 7, "EC2N group over GF[2^163]" },
977 { 8, "EC2N group over GF[2^283]" },
978 { 9, "EC2N group over GF[2^283]" },
979 { 10, "EC2N group over GF[2^409]" },
980 { 11, "EC2N group over GF[2^409]" },
981 { 12, "EC2N group over GF[2^571]" },
982 { 13, "EC2N group over GF[2^571]" },
983 { 14, "2048 bit MODP group" },
984 { 15, "3072 bit MODP group" },
985 { 16, "4096 bit MODP group" },
986 { 17, "6144 bit MODP group" },
987 { 18, "8192 bit MODP group" },
988 { 19, "256-bit random ECP group" },
989 { 20, "384-bit random ECP group" },
990 { 21, "521-bit random ECP group" },
991 { 22, "1024-bit MODP Group with 160-bit Prime Order Subgroup" },
992 { 23, "2048-bit MODP Group with 224-bit Prime Order Subgroup" },
993 { 24, "2048-bit MODP Group with 256-bit Prime Order Subgroup" },
994 { 25, "192-bit Random ECP Group" },
995 { 26, "224-bit Random ECP Group" },
996 { 27, "224-bit Brainpool ECP group" },
997 { 28, "256-bit Brainpool ECP group" },
998 { 29, "384-bit Brainpool ECP group" },
999 { 30, "512-bit Brainpool ECP group" },
1003 static const value_string transform_attr_grp_type[] = {
1004 { 0, "UNDEFINED - 0" },
1011 #define TF_IKE2_ENCR 1
1012 #define TF_IKE2_PRF 2
1013 #define TF_IKE2_INTEG 3
1014 #define TF_IKE2_DH 4
1015 #define TF_IKE2_ESN 5
1016 static const range_string transform_ike2_type[] = {
1017 { 0,0, "RESERVED" },
1018 { TF_IKE2_ENCR,TF_IKE2_ENCR, "Encryption Algorithm (ENCR)" },
1019 { TF_IKE2_PRF,TF_IKE2_PRF, "Pseudo-random Function (PRF)"},
1020 { TF_IKE2_INTEG,TF_IKE2_INTEG,"Integrity Algorithm (INTEG)"},
1021 { TF_IKE2_DH,TF_IKE2_DH, "Diffie-Hellman Group (D-H)"},
1022 { TF_IKE2_ESN,TF_IKE2_ESN, "Extended Sequence Numbers (ESN)"},
1023 { 6,240, "Reserved to IANA"},
1024 { 241,255, "Private Use"},
1027 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
1028 static const value_string transform_ike2_encr_type[] = {
1030 { 1, "ENCR_DES_IV64" },
1036 { 7, "ENCR_BLOWFISH" },
1037 { 8, "ENCR_3IDEA" },
1038 { 9, "ENCR_DES_IV32" },
1040 { 11, "ENCR_NULL" },
1041 { 12, "ENCR_AES_CBC" },
1042 { 13, "ENCR_AES_CTR" }, /* [RFC3686] */
1043 { 14, "ENCR_AES-CCM_8" }, /* [RFC4309] */
1044 { 15, "ENCR-AES-CCM_12" }, /* [RFC4309] */
1045 { 16, "ENCR-AES-CCM_16" }, /* [RFC4309] */
1046 { 17, "UNASSIGNED" },
1047 { 18, "AES-GCM with a 8 octet ICV" }, /* [RFC4106] */
1048 { 19, "AES-GCM with a 12 octet ICV" }, /* [RFC4106] */
1049 { 20, "AES-GCM with a 16 octet ICV" }, /* [RFC4106] */
1050 { 21, "ENCR_NULL_AUTH_AES_GMAC" }, /* [RFC4543] */
1051 { 22, "Reserved for IEEE P1619 XTS-AES" }, /* [Ball] */
1052 { 23, "ENCR_CAMELLIA_CBC" }, /* [RFC5529] */
1053 { 24, "ENCR_CAMELLIA_CTR" }, /* [RFC5529] */
1054 { 25, "ENCR_CAMELLIA_CCM with an 8-octet ICV" }, /* [RFC5529] */
1055 { 26, "ENCR_CAMELLIA_CCM with a 12-octet ICV" }, /* [RFC5529] */
1056 { 27, "ENCR_CAMELLIA_CCM with a 16-octet ICV" }, /* [RFC5529] */
1057 { 28, "ENCR_CHACHA20_POLY1305" }, /* [RFC7634] */
1059 * 29-1023 RESERVED TO IANA [RFC4306]
1060 * 1024-65535 PRIVATE USE [RFC4306]
1065 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
1066 static const value_string transform_ike2_prf_type[] = {
1068 { 1, "PRF_HMAC_MD5" },
1069 { 2, "PRF_HMAC_SHA1" },
1070 { 3, "PRF_HMAC_TIGER" },
1071 { 4, "PRF_AES128_CBC" },
1072 { 5, "PRF_HMAC_SHA2_256" }, /* [RFC4868] */
1073 { 6, "PRF_HMAC_SHA2_384" }, /* [RFC4868] */
1074 { 7, "PRF_HMAC_SHA2_512" }, /* [RFC4868] */
1075 { 8, "PRF_AES128_CMAC6" }, /* [RFC4615] */
1077 9-1023 RESERVED TO IANA [RFC4306]
1078 1024-65535 PRIVATE USE [RFC4306]
1083 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
1084 static const value_string transform_ike2_integ_type[] = {
1086 { 1, "AUTH_HMAC_MD5_96" },
1087 { 2, "AUTH_HMAC_SHA1_96" },
1088 { 3, "AUTH_DES_MAC" },
1089 { 4, "AUTH_KPDK_MD5" },
1090 { 5, "AUTH_AES_XCBC_96" },
1091 { 6, "AUTH_HMAC_MD5_128" }, /* [RFC4595] */
1092 { 7, "AUTH_HMAC_SHA1_160" }, /* [RFC4595] */
1093 { 8, "AUTH_AES_CMAC_96" }, /* [RFC4494] */
1094 { 9, "AUTH_AES_128_GMAC" }, /* [RFC4543] */
1095 { 10, "AUTH_AES_192_GMAC" }, /* [RFC4543] */
1096 { 11, "AUTH_AES_256_GMAC" }, /* [RFC4543] */
1097 { 12, "AUTH_HMAC_SHA2_256_128" }, /* [RFC4868] */
1098 { 13, "AUTH_HMAC_SHA2_384_192" }, /* [RFC4868] */
1099 { 14, "AUTH_HMAC_SHA2_512_256" }, /* [RFC4868] */
1101 15-1023 RESERVED TO IANA [RFC4306]
1102 1024-65535 PRIVATE USE [RFC4306]
1106 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
1107 static const value_string transform_ike2_esn_type[] = {
1108 { 0, "No Extended Sequence Numbers" },
1109 { 1, "Extended Sequence Numbers" },
1112 /* Transform IKE2 Type */
1113 #define IKE2_ATTR_KEY_LENGTH 14
1115 static const range_string transform_ike2_attr_type[] = {
1116 { 0,13, "Reserved" },
1117 { 14,14, "Key Length" },
1118 { 15,17, "Reserved" },
1119 { 18,16383, "Unassigned (Future use)" },
1120 { 16384,32767, "Private use" },
1124 static const range_string cert_v1_type[] = {
1126 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1127 { 2,2, "PGP Certificate" },
1128 { 3,3, "DNS Signed Key" },
1129 { 4,4, "X.509 Certificate - Signature" },
1130 { 5,5, "X.509 Certificate - Key Exchange" },
1131 { 6,6, "Kerberos Tokens" },
1132 { 7,7, "Certificate Revocation List (CRL)" },
1133 { 8,8, "Authority Revocation List (ARL)" },
1134 { 9,9, "SPKI Certificate" },
1135 { 10,10, "X.509 Certificate - Attribute" },
1136 { 11,255, "RESERVED" },
1140 static const range_string cert_v2_type[] = {
1141 { 0,0, "RESERVED" },
1142 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1143 { 2,2, "PGP Certificate" },
1144 { 3,3, "DNS Signed Key" },
1145 { 4,4, "X.509 Certificate - Signature" },
1146 { 5,5, "*undefined by any document*" },
1147 { 6,6, "Kerberos Tokens" },
1148 { 7,7, "Certificate Revocation List (CRL)" },
1149 { 8,8, "Authority Revocation List (ARL)" },
1150 { 9,9, "SPKI Certificate" },
1151 { 10,10, "X.509 Certificate - Attribute" },
1152 { 11,11, "Raw RSA Key" },
1153 { 12,12, "Hash and URL of X.509 certificate" },
1154 { 13,13, "Hash and URL of X.509 bundle" },
1155 { 14,14, "OCSP Content" }, /* [RFC4806] */
1156 { 15,200, "RESERVED to IANA" },
1157 { 201,255, "PRIVATE USE" },
1161 static const range_string authmeth_v2_type[] = {
1162 { 0,0, "RESERVED TO IANA" },
1163 { 1,1, "RSA Digital Signature" },
1164 { 2,2, "Shared Key Message Integrity Code" },
1165 { 3,3, "DSS Digital Signature" },
1166 { 4,8, "RESERVED TO IANA" },
1167 { 9,9, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1168 { 10,10, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1169 { 11,11, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1170 { 12,12, "Generic Secure Password Authentication Method" }, /* RFC6467 */
1171 { 13,200, "RESERVED TO IANA" },
1172 { 201,255, "PRIVATE USE" },
1176 static const range_string notifmsg_v1_type[] = {
1177 { 0,0, "<UNKNOWN>" },
1178 { 1,1, "INVALID-PAYLOAD-TYPE" },
1179 { 2,2, "DOI-NOT-SUPPORTED" },
1180 { 3,3, "SITUATION-NOT-SUPPORTED" },
1181 { 4,4, "INVALID-COOKIE" },
1182 { 5,5, "INVALID-MAJOR-VERSION" },
1183 { 6,6, "INVALID-MINOR-VERSION" },
1184 { 7,7, "INVALID-EXCHANGE-TYPE" },
1185 { 8,8, "INVALID-FLAGS" },
1186 { 9,9, "INVALID-MESSAGE-ID" },
1187 { 10,10, "INVALID-PROTOCOL-ID" },
1188 { 11,11, "INVALID-SPI" },
1189 { 12,12, "INVALID-TRANSFORM-ID" },
1190 { 13,13, "ATTRIBUTES-NOT-SUPPORTED" },
1191 { 14,14, "NO-PROPOSAL-CHOSEN" },
1192 { 15,15, "BAD-PROPOSAL-SYNTAX" },
1193 { 16,16, "PAYLOAD-MALFORMED" },
1194 { 17,17, "INVALID-KEY-INFORMATION" },
1195 { 18,18, "INVALID-ID-INFORMATION" },
1196 { 19,19, "INVALID-CERT-ENCODING" },
1197 { 20,20, "INVALID-CERTIFICATE" },
1198 { 21,21, "CERT-TYPE-UNSUPPORTED" },
1199 { 22,22, "INVALID-CERT-AUTHORITY" },
1200 { 23,23, "INVALID-HASH-INFORMATION" },
1201 { 24,24, "AUTHENTICATION-FAILED" },
1202 { 25,25, "INVALID-SIGNATURE" },
1203 { 26,26, "ADDRESS-NOTIFICATION" },
1204 { 27,27, "NOTIFY-SA-LIFETIME" },
1205 { 28,28, "CERTIFICATE-UNAVAILABLE" },
1206 { 29,29, "UNSUPPORTED-EXCHANGE-TYPE" },
1207 { 30,30, "UNEQUAL-PAYLOAD-LENGTHS" },
1208 { 31,8191, "RESERVED (Future Use)" },
1209 { 8192,16383, "Private Use" },
1210 { 16384,16384,"CONNECTED" },
1211 { 16385,24575,"RESERVED (Future Use)" },
1212 { 24576,24576,"RESPONDER-LIFETIME" },
1213 { 24577,24577,"REPLAY-STATUS" },
1214 { 24578,24578,"INITIAL-CONTACT" },
1215 { 24579,32767,"DOI-specific codes" },
1216 { 32768,36135,"Private Use" },
1217 { 36136,36136,"R-U-THERE" },
1218 { 36137,36137,"R-U-THERE-ACK" },
1219 { 36138,40500,"Private Use" },
1220 { 40501,40501,"UNITY-LOAD-BALANCE" },
1221 { 40502,40502,"UNITY-UNKNOWN" },
1222 { 40503,40503,"UNITY-GROUP-HASH" },
1223 { 40503,40959,"Private Use" },
1224 { 40960,65535,"RESERVED (Future Use)" },
1228 static const range_string notifmsg_v2_type[] = {
1229 { 0,0, "RESERVED" },
1230 { 1,1, "UNSUPPORTED_CRITICAL_PAYLOAD" },
1231 { 2,3, "RESERVED" },
1232 { 4,4, "INVALID_IKE_SPI" },
1233 { 5,5, "INVALID_MAJOR_VERSION" },
1234 { 6,6, "RESERVED" },
1235 { 7,7, "INVALID_SYNTAX" },
1236 { 8,8, "RESERVED" },
1237 { 9,9, "INVALID_MESSAGE_ID" },
1238 { 10,10, "RESERVED" },
1239 { 11,11, "INVALID_SPI" },
1240 { 12,13, "RESERVED" },
1241 { 14,14, "NO_PROPOSAL_CHOSEN" },
1242 { 15,16, "RESERVED" },
1243 { 17,17, "INVALID_KE_PAYLOAD" },
1244 { 15,16, "RESERVED" },
1245 { 24,24, "AUTHENTICATION_FAILED" },
1246 { 25,33, "RESERVED" },
1247 { 34,34, "SINGLE_PAIR_REQUIRED" },
1248 { 35,35, "NO_ADDITIONAL_SAS" },
1249 { 36,36, "INTERNAL_ADDRESS_FAILURE" },
1250 { 37,37, "FAILED_CP_REQUIRED" },
1251 { 38,38, "TS_UNACCEPTABLE" },
1252 { 39,39, "INVALID_SELECTORS" },
1253 { 40,40, "UNACCEPTABLE_ADDRESSES" }, /* RFC4555 */
1254 { 41,41, "UNEXPECTED_NAT_DETECTED" }, /* RFC4555 */
1255 { 42,42, "USE_ASSIGNED_HoA" }, /* RFC5026 */
1256 { 43,43, "TEMPORARY_FAILURE" }, /* RFC5996 */
1257 { 44,44, "CHILD_SA_NOT_FOUND" }, /* RFC5996 */
1258 { 45,8191, "RESERVED TO IANA - Error types" },
1259 { 8192,16383, "Private Use - Errors" },
1260 { 16384,16384, "INITIAL_CONTACT" },
1261 { 16385,16385, "SET_WINDOW_SIZE" },
1262 { 16386,16386, "ADDITIONAL_TS_POSSIBLE" },
1263 { 16387,16387, "IPCOMP_SUPPORTED" },
1264 { 16388,16388, "NAT_DETECTION_SOURCE_IP" },
1265 { 16389,16389, "NAT_DETECTION_DESTINATION_IP" },
1266 { 16390,16390, "COOKIE" },
1267 { 16391,16391, "USE_TRANSPORT_MODE" },
1268 { 16392,16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
1269 { 16393,16393, "REKEY_SA" },
1270 { 16394,16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
1271 { 16395,16395, "NON_FIRST_FRAGMENTS_ALSO" },
1272 { 16396,16396, "MOBIKE_SUPPORTED" }, /* RFC4555 */
1273 { 16397,16397, "ADDITIONAL_IP4_ADDRESS" }, /* RFC4555 */
1274 { 16398,16398, "ADDITIONAL_IP6_ADDRESS" }, /* RFC4555 */
1275 { 16399,16399, "NO_ADDITIONAL_ADDRESSES" }, /* RFC4555 */
1276 { 16400,16400, "UPDATE_SA_ADDRESSES" }, /* RFC4555 */
1277 { 16401,16401, "COOKIE2" }, /* RFC4555 */
1278 { 16402,16402, "NO_NATS_ALLOWED" }, /* RFC4555 */
1279 { 16403,16403, "AUTH_LIFETIME" }, /* RFC4478 */
1280 { 16404,16404, "MULTIPLE_AUTH_SUPPORTED" }, /* RFC4739 */
1281 { 16405,16405, "ANOTHER_AUTH_FOLLOWS" }, /* RFC4739 */
1282 { 16406,16406, "REDIRECT_SUPPORTED" }, /* RFC5685 */
1283 { 16407,16407, "REDIRECT" }, /* RFC5685 */
1284 { 16408,16408, "REDIRECTED_FROM" }, /* RFC5685 */
1285 { 16409,16409, "TICKET_LT_OPAQUE" }, /* RFC5723 */
1286 { 16410,16410, "TICKET_REQUEST" }, /* RFC5723 */
1287 { 16411,16411, "TICKET_ACK" }, /* RFC5723 */
1288 { 16412,16412, "TICKET_NACK" }, /* RFC5723 */
1289 { 16413,16413, "TICKET_OPAQUE" }, /* RFC5723 */
1290 { 16414,16414, "LINK_ID" }, /* RFC5739 */
1291 { 16415,16415, "USE_WESP_MODE" }, /* RFC5840 */
1292 { 16416,16416, "ROHC_SUPPORTED" }, /* RFC5857 */
1293 { 16417,16417, "EAP_ONLY_AUTHENTICATION" }, /* RFC5998 */
1294 { 16418,16418, "CHILDLESS_IKEV2_SUPPORTED" }, /* RFC6023 */
1295 { 16419,16419, "QUICK_CRASH_DETECTION" }, /* RFC6290 */
1296 { 16420,16420, "IKEV2_MESSAGE_ID_SYNC_SUPPORTED" }, /* RFC6311 */
1297 { 16421,16421, "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED" },/* RFC6311 */
1298 { 16422,16422, "IKEV2_MESSAGE_ID_SYNC" }, /* RFC6311 */
1299 { 16423,16423, "IPSEC_REPLAY_COUNTER_SYNC" }, /* RFC6311 */
1300 { 16424,16424, "SECURE_PASSWORD_METHODS" }, /* RFC6467 */
1301 { 16425,16425, "PSK_PERSIST" }, /* RFC6631 */
1302 { 16426,16426, "PSK_CONFIRM" }, /* RFC6631 */
1303 { 16427,16427, "ERX_SUPPORTED" }, /* RFC6867 */
1304 { 16428,16428, "IFOM_CAPABILITY" }, /* [Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2] */
1305 { 16429,16429, "SENDER_REQUEST_ID" }, /* [draft-yeung-g-ikev2] */
1306 { 16430,16430, "IKEV2_FRAGMENTATION_SUPPORTED" }, /* RFC7383 */
1307 { 16431,16431, "SIGNATURE_HASH_ALGORITHMS" }, /* RFC7427 */
1308 { 16432,40959, "RESERVED TO IANA - STATUS TYPES" },
1309 { 40960,65535, "Private Use - STATUS TYPES" },
1313 static const range_string vs_v1_cfgtype[] = {
1314 { 0,0, "Reserved" },
1315 { 1,1, "ISAKMP_CFG_REQUEST" },
1316 { 2,2, "ISAKMP_CFG_REPLY" },
1317 { 3,3, "ISAKMP_CFG_SET" },
1318 { 4,4, "ISAKMP_CFG_ACK" },
1319 { 5,127, "Future use" },
1320 { 128,256, "Private Use" },
1325 static const range_string vs_v2_cfgtype[] = {
1326 { 0,0, "RESERVED" },
1327 { 1,1, "CFG_REQUEST" },
1328 { 2,2, "CFG_REPLY" },
1331 { 5,127, "Future use" },
1332 { 128,256, "Private Use" },
1336 static const range_string vs_v1_cfgattr[] = {
1337 { 0,0, "RESERVED" },
1338 { 1,1, "INTERNAL_IP4_ADDRESS" },
1339 { 2,2, "INTERNAL_IP4_NETMASK" },
1340 { 3,3, "INTERNAL_IP4_DNS" },
1341 { 4,4, "INTERNAL_IP4_NBNS" },
1342 { 5,5, "INTERNAL_ADDRESS_EXPIREY" },
1343 { 6,6, "INTERNAL_IP4_DHCP" },
1344 { 7,7, "APPLICATION_VERSION" },
1345 { 8,8, "INTERNAL_IP6_ADDRESS" },
1346 { 9,9, "INTERNAL_IP6_NETMASK" },
1347 { 10,10, "INTERNAL_IP6_DNS" },
1348 { 11,11, "INTERNAL_IP6_NBNS" },
1349 { 12,12, "INTERNAL_IP6_DHCP" },
1350 { 13,13, "INTERNAL_IP4_SUBNET" },
1351 { 14,14, "SUPPORTED_ATTRIBUTES" },
1352 { 15,16383, "FUTURE USE"},
1353 { 16384,16386, "PRIVATE USE"},
1354 { 16387,16387, "CHKPT_DEF_DOMAIN" },
1355 { 16388,16388, "CHKPT_MAC_ADDRESS" },
1356 { 16389,16389, "CHKPT_MARCIPAN_REASON_CODE" },
1357 { 16400,16400, "CHKPT_UNKNOWN1" },
1358 { 16401,16401, "CHKPT_UNKNOWN2" },
1359 { 16402,16402, "CHKPT_UNKNOWN3" },
1360 { 16403,16519, "PRIVATE USE"},
1361 { 16520,16520, "XAUTH_TYPE" },
1362 { 16521,16521, "XAUTH_USER_NAME" },
1363 { 16522,16522, "XAUTH_USER_PASSWORD" },
1364 { 16523,16523, "XAUTH_PASSCODE" },
1365 { 16524,16524, "XAUTH_MESSAGE" },
1366 { 16525,16525, "XAUTH_CHALLANGE" },
1367 { 16526,16526, "XAUTH_DOMAIN" },
1368 { 16527,16527, "XAUTH_STATUS" },
1369 { 16528,16528, "XAUTH_NEXT_PIN" },
1370 { 16529,16529, "XAUTH_ANSWER" },
1371 { 16530,28671, "PRIVATE USE"},
1372 { 28672,28672, "UNITY_BANNER" },
1373 { 28673,28673, "UNITY_SAVE_PASSWD" },
1374 { 28674,28674, "UNITY_DEF_DOMAIN" },
1375 { 28675,28675, "UNITY_SPLIT_DOMAIN" },
1376 { 28676,28676, "UNITY_SPLIT_INCLUDE" },
1377 { 28677,28677, "UNITY_NATT_PORT" },
1378 { 28678,28678, "UNITY_SPLIT_EXCLUDE" },
1379 { 28679,28679, "UNITY_PFS" },
1380 { 28680,28680, "UNITY_FW_TYPE" },
1381 { 28681,28681, "UNITY_BACKUP_SERVERS" },
1382 { 28682,28682, "UNITY_DDNS_HOSTNAME" },
1383 { 28683,32767, "PRIVATE USE"},
1387 static const range_string vs_v2_cfgattr[] = {
1388 { 0,0, "RESERVED" },
1389 { 1,1, "INTERNAL_IP4_ADDRESS" },
1390 { 2,2, "INTERNAL_IP4_NETMASK" },
1391 { 3,3, "INTERNAL_IP4_DNS" },
1392 { 4,4, "INTERNAL_IP4_NBNS" },
1393 { 5,5, "INTERNAL_ADDRESS_EXPIREY" }, /* OBSO */
1394 { 6,6, "INTERNAL_IP4_DHCP" },
1395 { 7,7, "APPLICATION_VERSION" },
1396 { 8,8, "INTERNAL_IP6_ADDRESS" },
1397 { 9,9, "RESERVED" },
1398 { 10,10, "INTERNAL_IP6_DNS" },
1399 { 11,11, "INTERNAL_IP6_NBNS" }, /* OBSO */
1400 { 12,12, "INTERNAL_IP6_DHCP" },
1401 { 13,13, "INTERNAL_IP4_SUBNET" },
1402 { 14,14, "SUPPORTED_ATTRIBUTES" },
1403 { 15,15, "INTERNAL_IP6_SUBNET" },
1404 { 16,16, "MIP6_HOME_PREFIX" },
1405 { 17,17, "INTERNAL_IP6_LINK" },
1406 { 18,18, "INTERNAL_IP6_PREFIX" },
1407 { 19,19, "HOME_AGENT_ADDRESS" }, /* 3GPP TS 24.302 http://www.3gpp.org/ftp/Specs/html-info/24302.htm */
1408 { 20,20, "P_CSCF_IP4_ADDRESS" }, /* 3GPP IMS Option for IKEv2 https://datatracker.ietf.org/doc/draft-gundavelli-ipsecme-3gpp-ims-options/ */
1409 { 21,21, "P_CSCF_IP6_ADDRESS" },
1410 { 22,22, "FTT_KAT" },
1411 { 23,16383, "RESERVED TO IANA"},
1412 { 16384,32767, "PRIVATE USE"},
1416 static const range_string cfgattr_xauth_type[] = {
1418 { 1,1, "RADIUS-CHAP" },
1421 { 4,32767, "Future use" },
1422 { 32768,65535, "Private use" },
1427 static const value_string cfgattr_xauth_status[] = {
1433 static const value_string cp_product[] = {
1434 { 1, "Firewall-1" },
1435 { 2, "SecuRemote/SecureClient" },
1439 static const value_string cp_version[] = {
1442 { 4002,"4.1 (SP-2 or above)" },
1444 { 5001,"NG Feature Pack 1" },
1445 { 5002,"NG Feature Pack 2" },
1446 { 5003,"NG Feature Pack 3" },
1447 { 5004,"NG with Application Intelligence" },
1448 { 5005,"NG with Application Intelligence R55" },
1449 { 5006,"NG with Application Intelligence R56" },
1452 static const range_string traffic_selector_type[] = {
1453 { 0,6, "Reserved" },
1454 { 7,7, "TS_IPV4_ADDR_RANGE" },
1455 { 8,8, "TS_IPV6_ADDR_RANGE" },
1456 { 9,9, "TS_FC_ADDR_RANGE" },
1457 { 10,240, "Future use" },
1458 { 241,255, "Private use" },
1461 static const value_string ms_nt5_isakmpoakley_type[] = {
1462 { 2, "Windows 2000" },
1463 { 3, "Windows XP SP1" },
1464 { 4, "Windows 2003 and Windows XP SP2" },
1465 { 5, "Windows Vista" },
1468 static const range_string vs_v1_id_type[] = {
1469 { 0,0, "RESERVED" },
1470 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1471 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1472 { IKE_ID_USER_FQDN,IKE_ID_USER_FQDN, "USER_FQDN" },
1473 { IKE_ID_IPV4_ADDR_SUBNET,IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
1474 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1475 { IKE_ID_IPV6_ADDR_SUBNET,IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
1476 { IKE_ID_IPV4_ADDR_RANGE,IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
1477 { IKE_ID_IPV6_ADDR_RANGE,IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
1478 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1479 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1480 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1481 { IKE_ID_LIST,IKE_ID_LIST, "KEY_LIST" },
1482 { 13,248, "Future use" },
1483 { 249,255, "Private Use" },
1486 static const range_string vs_v2_id_type[] = {
1487 { 0,0, "RESERVED" },
1488 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1489 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1490 { IKE_ID_RFC822_ADDR,IKE_ID_RFC822_ADDR, "ID_RFC822_ADDR" },
1491 { 4,4, "Unassigned" },
1492 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1493 { 6,8, "Unassigned" },
1494 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1495 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1496 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1497 { IKE_ID_FC_NAME,IKE_ID_FC_NAME, "KEY_LIST" },
1498 { 13,200, "Future use" },
1499 { 201,255, "Private Use" },
1502 #define COOKIE_SIZE 8
1504 typedef struct isakmp_hdr {
1505 guint8 next_payload;
1519 static const true_false_string criticalpayload = {
1523 static const true_false_string attribute_format = {
1525 "Type/Length/Value (TLV)"
1527 static const true_false_string flag_e = {
1531 static const true_false_string flag_c = {
1535 static const true_false_string flag_a = {
1539 static const true_false_string flag_i = {
1543 static const true_false_string flag_v = {
1544 "A higher version enabled",
1547 static const true_false_string flag_r = {
1552 /* ROHC Attribute Type RFC5857 */
1554 #define ROHC_MAX_CID 1
1555 #define ROHC_PROFILE 2
1556 #define ROHC_INTEG 3
1557 #define ROHC_ICV_LEN 4
1560 static const range_string rohc_attr_type[] = {
1561 { 1,1, "Maximum Context Identifier (MAX_CID)" },
1562 { 2,2, "ROHC Profile (ROHC_PROFILE)" },
1563 { 3,3, "ROHC Integrity Algorithm (ROHC_INTEG)" },
1564 { 4,4, "ROHC ICV Length in bytes (ROHC_ICV_LEN)" },
1565 { 5,5, "Maximum Reconstructed Reception Unit (MRRU)" },
1566 { 6,16383, "Unassigned (Future use)" },
1567 { 16384,32767, "Private use" },
1571 #define ISAKMP_HDR_SIZE ((int)sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE))
1574 #ifdef HAVE_LIBGCRYPT
1576 #define MAX_KEY_SIZE 256
1577 #define MAX_DIGEST_SIZE 64
1578 #define MAX_OAKLEY_KEY_LEN 32
1580 #define PINFO_CBC_IV 1
1582 #define DECR_PARAMS_INIT 0
1583 #define DECR_PARAMS_READY 1
1584 #define DECR_PARAMS_FAIL 2
1586 typedef struct _ikev1_uat_data_key {
1591 } ikev1_uat_data_key_t;
1593 typedef struct decrypt_data {
1597 guint ike_encr_keylen;
1600 gsize cipher_keylen;
1601 gsize cipher_blklen;
1609 guchar secret[MAX_KEY_SIZE];
1611 GHashTable *iv_hash;
1615 /* IKEv1: Lookup from Initiator-SPI -> decrypt_data_t* */
1616 static GHashTable *isakmp_hash = NULL;
1618 static ikev1_uat_data_key_t* ikev1_uat_data = NULL;
1619 static uat_t * ikev1_uat = NULL;
1620 static guint num_ikev1_uat_data = 0;
1622 /* Specifications of encryption algorithms for IKEv2 decryption */
1623 typedef struct _ikev2_encr_alg_spec {
1625 /* Length of encryption key */
1627 /* Block size of the cipher */
1629 /* Length of initialization vector */
1631 /* Encryption algorithm ID to be passed to gcry_cipher_open() */
1633 /* Cipher mode to be passed to gcry_cipher_open() */
1636 /* Salt length used in AEAD (GCM/CCM) mode. Salt value is last salt_len bytes of encr_key.
1637 * IV for decryption is the result of concatenating salt value and iv_len bytes of iv.
1638 * For non-AED ciphers salt_len 0 */
1640 /* Authenticated Encryption TAG length (ICV) - length of data taken from end of encrypted output
1641 * used for integrity checksum, computed during decryption (for AEAD ciphers)*/
1644 } ikev2_encr_alg_spec_t;
1646 #define IKEV2_ENCR_NULL 1
1647 #define IKEV2_ENCR_3DES 2
1648 #define IKEV2_ENCR_AES_CBC_128 3
1649 #define IKEV2_ENCR_AES_CBC_192 4
1650 #define IKEV2_ENCR_AES_CBC_256 5
1652 #define IKEV2_ENCR_AES_CTR_128 6
1653 #define IKEV2_ENCR_AES_CTR_192 7
1654 #define IKEV2_ENCR_AES_CTR_256 8
1656 /* AEAD algorithms. Require gcrypt_version >= 1.6.0 if integrity verification shall be performed */
1657 #define IKEV2_ENCR_AES_GCM_128_16 101
1658 #define IKEV2_ENCR_AES_GCM_192_16 102
1659 #define IKEV2_ENCR_AES_GCM_256_16 103
1661 #define IKEV2_ENCR_AES_GCM_128_8 104
1662 #define IKEV2_ENCR_AES_GCM_192_8 105
1663 #define IKEV2_ENCR_AES_GCM_256_8 106
1665 #define IKEV2_ENCR_AES_GCM_128_12 107
1666 #define IKEV2_ENCR_AES_GCM_192_12 108
1667 #define IKEV2_ENCR_AES_GCM_256_12 109
1669 #define IKEV2_ENCR_AES_CCM_128_16 111
1670 #define IKEV2_ENCR_AES_CCM_192_16 112
1671 #define IKEV2_ENCR_AES_CCM_256_16 113
1673 #define IKEV2_ENCR_AES_CCM_128_8 114
1674 #define IKEV2_ENCR_AES_CCM_192_8 115
1675 #define IKEV2_ENCR_AES_CCM_256_8 116
1677 #define IKEV2_ENCR_AES_CCM_128_12 117
1678 #define IKEV2_ENCR_AES_CCM_192_12 118
1679 #define IKEV2_ENCR_AES_CCM_256_12 119
1682 static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
1683 {IKEV2_ENCR_NULL, 0, 1, 0, GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0, 0},
1684 {IKEV2_ENCR_3DES, 24, 8, 8, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0, 0},
1685 {IKEV2_ENCR_AES_CBC_128, 16, 16, 16, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0, 0},
1686 {IKEV2_ENCR_AES_CBC_192, 24, 16, 16, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 0, 0},
1687 {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0, 0},
1689 {IKEV2_ENCR_AES_CTR_128, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 0},
1690 {IKEV2_ENCR_AES_CTR_192, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 0},
1691 {IKEV2_ENCR_AES_CTR_256, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 0},
1693 #ifdef HAVE_LIBGCRYPT_AEAD
1694 /* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
1695 {IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 16},
1696 {IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 16},
1697 {IKEV2_ENCR_AES_GCM_256_16, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 16},
1699 {IKEV2_ENCR_AES_GCM_128_8, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 8},
1700 {IKEV2_ENCR_AES_GCM_192_8, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 8},
1701 {IKEV2_ENCR_AES_GCM_256_8, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 8},
1703 {IKEV2_ENCR_AES_GCM_128_12, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 12},
1704 {IKEV2_ENCR_AES_GCM_192_12, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 12},
1705 {IKEV2_ENCR_AES_GCM_256_12, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 12},
1707 /* CCM algorithms: key length: aes-length + 3 bytes of salt, iv - 8 bytes */
1708 {IKEV2_ENCR_AES_CCM_128_16, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 16},
1709 {IKEV2_ENCR_AES_CCM_192_16, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 16},
1710 {IKEV2_ENCR_AES_CCM_256_16, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 16},
1712 {IKEV2_ENCR_AES_CCM_128_8, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 8},
1713 {IKEV2_ENCR_AES_CCM_192_8, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 8},
1714 {IKEV2_ENCR_AES_CCM_256_8, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 8},
1716 {IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 12},
1717 {IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 12},
1718 {IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 12},
1720 /* decrypt using plain ctr mode - special handling for GCM mode of counter initial value 2 inside dis_enc()*/
1721 /* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
1722 {IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 16},
1723 {IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 16},
1724 {IKEV2_ENCR_AES_GCM_256_16, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 16},
1726 {IKEV2_ENCR_AES_GCM_128_8, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 8},
1727 {IKEV2_ENCR_AES_GCM_192_8, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 8},
1728 {IKEV2_ENCR_AES_GCM_256_8, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 8},
1730 {IKEV2_ENCR_AES_GCM_128_12, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 12},
1731 {IKEV2_ENCR_AES_GCM_192_12, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 12},
1732 {IKEV2_ENCR_AES_GCM_256_12, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 12},
1734 /* CCM algorithms: key length: aes-length + 3 bytes of salt, iv - 8 bytes.
1735 * Special handling of setting first byte of iv to length of 14 - noncelen inside dis_enc() */
1736 {IKEV2_ENCR_AES_CCM_128_16, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 16},
1737 {IKEV2_ENCR_AES_CCM_192_16, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 16},
1738 {IKEV2_ENCR_AES_CCM_256_16, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 16},
1740 {IKEV2_ENCR_AES_CCM_128_8, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 8},
1741 {IKEV2_ENCR_AES_CCM_192_8, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 8},
1742 {IKEV2_ENCR_AES_CCM_256_8, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 8},
1744 {IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 12},
1745 {IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 12},
1746 {IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 12},
1750 {0, 0, 0, 0, 0, 0, 0, 0}
1754 * Specifications of authentication algorithms for
1755 * decryption and/or ICD (Integrity Checksum Data) checking of IKEv2
1757 typedef struct _ikev2_auth_alg_spec {
1759 /* Output length of the hash algorithm */
1761 /* Length of the hash key */
1763 /* Actual ICD length after truncation */
1765 /* Hash algorithm ID to be passed to gcry_md_open() */
1767 /* Flags to be passed to gcry_md_open() */
1769 } ikev2_auth_alg_spec_t;
1771 #define IKEV2_AUTH_NONE 1
1772 #define IKEV2_AUTH_HMAC_MD5_96 2
1773 #define IKEV2_AUTH_HMAC_SHA1_96 3
1774 #define IKEV2_AUTH_HMAC_SHA2_256_96 4
1775 #define IKEV2_AUTH_HMAC_SHA2_256_128 5
1776 #define IKEV2_AUTH_HMAC_SHA2_384_192 6
1777 #define IKEV2_AUTH_HMAC_SHA2_512_256 7
1778 #define IKEV2_AUTH_ANY_96BITS 8
1779 #define IKEV2_AUTH_ANY_128BITS 9
1780 #define IKEV2_AUTH_ANY_160BITS 10
1781 #define IKEV2_AUTH_ANY_192BITS 11
1782 #define IKEV2_AUTH_ANY_256BITS 12
1783 #define IKEV2_AUTH_ANY_64BITS 13
1784 #define IKEV2_AUTH_HMAC_MD5_128 14
1785 #define IKEV2_AUTH_HMAC_SHA1_160 15
1787 static ikev2_auth_alg_spec_t ikev2_auth_algs[] = {
1788 /*{number, output_len, key_len, trunc_len, gcry_alg, gcry_flag}*/
1789 {IKEV2_AUTH_NONE, 0, 0, 0, GCRY_MD_NONE, 0},
1790 {IKEV2_AUTH_HMAC_MD5_96, 16, 16, 12, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
1791 {IKEV2_AUTH_HMAC_SHA1_96, 20, 20, 12, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
1792 {IKEV2_AUTH_HMAC_MD5_128, 16, 16, 16, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
1793 {IKEV2_AUTH_HMAC_SHA1_160, 20, 20, 20, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
1794 {IKEV2_AUTH_HMAC_SHA2_256_96, 32, 32, 12, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
1795 {IKEV2_AUTH_HMAC_SHA2_256_128, 32, 32, 16, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
1796 {IKEV2_AUTH_HMAC_SHA2_384_192, 48, 48, 24, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC},
1797 {IKEV2_AUTH_HMAC_SHA2_512_256, 64, 64, 32, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC},
1798 {IKEV2_AUTH_ANY_96BITS, 0, 0, 12, 0, 0},
1799 {IKEV2_AUTH_ANY_128BITS, 0, 0, 16, 0, 0},
1800 {IKEV2_AUTH_ANY_160BITS, 0, 0, 20, 0, 0},
1801 {IKEV2_AUTH_ANY_192BITS, 0, 0, 24, 0, 0},
1802 {IKEV2_AUTH_ANY_256BITS, 0, 0, 32, 0, 0},
1803 {IKEV2_AUTH_ANY_64BITS, 0, 0, 8, 0, 0},
1808 typedef struct _ikev2_decrypt_data {
1811 ikev2_encr_alg_spec_t *encr_spec;
1812 ikev2_auth_alg_spec_t *auth_spec;
1813 } ikev2_decrypt_data_t;
1815 typedef struct _ikev2_uat_data_key {
1820 } ikev2_uat_data_key_t;
1822 typedef struct _ikev2_uat_data {
1823 ikev2_uat_data_key_t key;
1834 ikev2_encr_alg_spec_t *encr_spec;
1835 ikev2_auth_alg_spec_t *auth_spec;
1838 static ikev2_uat_data_t* ikev2_uat_data = NULL;
1839 static guint num_ikev2_uat_data = 0;
1840 static uat_t* ikev2_uat;
1842 /* IKEv2: (I-SPI, R-SPI) -> ikev2_uat_data_t* */
1843 static GHashTable *ikev2_key_hash = NULL;
1845 #define IKEV2_ENCR_3DES_STR "3DES [RFC2451]"
1846 static const value_string vs_ikev2_encr_algs[] = {
1847 {IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR},
1848 {IKEV2_ENCR_AES_CBC_128, "AES-CBC-128 [RFC3602]"},
1849 {IKEV2_ENCR_AES_CBC_192, "AES-CBC-192 [RFC3602]"},
1850 {IKEV2_ENCR_AES_CBC_256, "AES-CBC-256 [RFC3602]"},
1851 {IKEV2_ENCR_NULL, "NULL [RFC2410]"},
1853 {IKEV2_ENCR_AES_CTR_128, "AES-CTR-128 [RFC5930]"},
1854 {IKEV2_ENCR_AES_CTR_192, "AES-CTR-192 [RFC5930]"},
1855 {IKEV2_ENCR_AES_CTR_256, "AES-CTR-256 [RFC5930]"},
1857 {IKEV2_ENCR_AES_GCM_128_16, "AES-GCM-128 with 16 octet ICV [RFC5282]"},
1858 {IKEV2_ENCR_AES_GCM_192_16, "AES-GCM-192 with 16 octet ICV [RFC5282]"},
1859 {IKEV2_ENCR_AES_GCM_256_16, "AES-GCM-256 with 16 octet ICV [RFC5282]"},
1861 {IKEV2_ENCR_AES_GCM_128_8, "AES-GCM-128 with 8 octet ICV [RFC5282]"},
1862 {IKEV2_ENCR_AES_GCM_192_8, "AES-GCM-192 with 8 octet ICV [RFC5282]"},
1863 {IKEV2_ENCR_AES_GCM_256_8, "AES-GCM-256 with 8 octet ICV [RFC5282]"},
1865 {IKEV2_ENCR_AES_GCM_128_12, "AES-GCM-128 with 12 octet ICV [RFC5282]"},
1866 {IKEV2_ENCR_AES_GCM_192_12, "AES-GCM-192 with 12 octet ICV [RFC5282]"},
1867 {IKEV2_ENCR_AES_GCM_256_12, "AES-GCM-256 with 12 octet ICV [RFC5282]"},
1869 {IKEV2_ENCR_AES_CCM_128_16, "AES-CCM-128 with 16 octet ICV [RFC5282]"},
1870 {IKEV2_ENCR_AES_CCM_192_16, "AES-CCM-192 with 16 octet ICV [RFC5282]"},
1871 {IKEV2_ENCR_AES_CCM_256_16, "AES-CCM-256 with 16 octet ICV [RFC5282]"},
1873 {IKEV2_ENCR_AES_CCM_128_8, "AES-CCM-128 with 8 octet ICV [RFC5282]"},
1874 {IKEV2_ENCR_AES_CCM_192_8, "AES-CCM-192 with 8 octet ICV [RFC5282]"},
1875 {IKEV2_ENCR_AES_CCM_256_8, "AES-CCM-256 with 8 octet ICV [RFC5282]"},
1877 {IKEV2_ENCR_AES_CCM_128_12, "AES-CCM-128 with 12 octet ICV [RFC5282]"},
1878 {IKEV2_ENCR_AES_CCM_192_12, "AES-CCM-192 with 12 octet ICV [RFC5282]"},
1879 {IKEV2_ENCR_AES_CCM_256_12, "AES-CCM-256 with 12 octet ICV [RFC5282]"},
1884 #define IKEV2_AUTH_HMAC_SHA1_96_STR "HMAC_SHA1_96 [RFC2404]"
1885 static const value_string vs_ikev2_auth_algs[] = {
1886 {IKEV2_AUTH_HMAC_MD5_96, "HMAC_MD5_96 [RFC2403]"},
1887 {IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR},
1888 {IKEV2_AUTH_HMAC_MD5_128, "HMAC_MD5_128 [RFC4595]"},
1889 {IKEV2_AUTH_HMAC_SHA1_160, "HMAC_SHA1_160 [RFC4595]"},
1890 {IKEV2_AUTH_HMAC_SHA2_256_96, "HMAC_SHA2_256_96 [draft-ietf-ipsec-ciph-sha-256-00]"},
1891 {IKEV2_AUTH_HMAC_SHA2_256_128, "HMAC_SHA2_256_128 [RFC4868]"},
1892 {IKEV2_AUTH_HMAC_SHA2_384_192, "HMAC_SHA2_384_192 [RFC4868]"},
1893 {IKEV2_AUTH_HMAC_SHA2_512_256, "HMAC_SHA2_512_256 [RFC4868]"},
1894 {IKEV2_AUTH_NONE, "NONE [RFC4306]"},
1895 {IKEV2_AUTH_ANY_64BITS, "ANY 64-bits of Authentication [No Checking]"},
1896 {IKEV2_AUTH_ANY_96BITS, "ANY 96-bits of Authentication [No Checking]"},
1897 {IKEV2_AUTH_ANY_128BITS, "ANY 128-bits of Authentication [No Checking]"},
1898 {IKEV2_AUTH_ANY_160BITS, "ANY 160-bits of Authentication [No Checking]"},
1899 {IKEV2_AUTH_ANY_192BITS, "ANY 192-bits of Authentication [No Checking]"},
1900 {IKEV2_AUTH_ANY_256BITS, "ANY 256-bits of Authentication [No Checking]"},
1904 static ikev2_encr_alg_spec_t* ikev2_decrypt_find_encr_spec(guint num) {
1905 ikev2_encr_alg_spec_t *e;
1907 for (e = ikev2_encr_algs; e->number != 0; e++) {
1908 if (e->number == num) {
1915 static ikev2_auth_alg_spec_t* ikev2_decrypt_find_auth_spec(guint num) {
1916 ikev2_auth_alg_spec_t *a;
1918 for (a = ikev2_auth_algs; a->number != 0; a++) {
1919 if (a->number == num) {
1926 static gint ikev1_find_gcry_cipher_algo(guint ike_cipher, guint ike_keylen) {
1927 switch(ike_cipher) {
1929 return GCRY_CIPHER_3DES;
1932 return GCRY_CIPHER_DES;
1935 switch (ike_keylen) {
1937 return GCRY_CIPHER_AES128;
1939 return GCRY_CIPHER_AES192;
1941 return GCRY_CIPHER_AES256;
1943 return GCRY_CIPHER_NONE;
1945 return GCRY_CIPHER_NONE;
1948 static gint ikev1_find_gcry_md_algo(guint ike_hash) {
1953 return GCRY_MD_SHA1;
1955 return GCRY_MD_SHA256;
1957 return GCRY_MD_SHA384;
1959 return GCRY_MD_SHA512;
1961 return GCRY_MD_NONE;
1965 generate_iv(const gpointer b1, gsize b1_len,
1966 const gpointer b2, gsize b2_len,
1967 gint md_algo, gsize iv_len) {
1969 gcry_md_hd_t md_ctx;
1972 if (gcry_md_open(&md_ctx, md_algo, 0) != GPG_ERR_NO_ERROR)
1975 gcry_md_write(md_ctx, b1, b1_len);
1976 gcry_md_write(md_ctx, b2, b2_len);
1978 iv = wmem_alloc(wmem_file_scope(), iv_len);
1979 memcpy(iv, gcry_md_read(md_ctx, md_algo), iv_len);
1980 gcry_md_close(md_ctx);
1985 /* Get the IV previously stored for the current message ID,
1986 * or create a new IV if the message ID was not seen before.
1987 * The caller owns the result and does not need to copy it.
1988 * This function may return NULL.
1991 get_iv(guint32 message_id, decrypt_data_t *decr) {
1993 gsize cipher_blklen;
1998 cipher_blklen = decr->cipher_blklen;
2000 /* Get the current IV for the given message ID,
2001 * and remove it from the hash table without destroying it. */
2002 msgid_key = GINT_TO_POINTER(message_id);
2003 found = g_hash_table_lookup_extended(decr->iv_hash, msgid_key, NULL, &iv);
2005 g_hash_table_steal(decr->iv_hash, msgid_key);
2009 /* No IV for this message ID was found; a new phase has started.
2010 * Generate the first IV for it from its message ID and the current
2011 * phase 1 IV. The phase 1 IV always exists in the hash table
2014 iv1 = g_hash_table_lookup(decr->iv_hash, GINT_TO_POINTER(0));
2015 msgid_net = g_htonl(message_id);
2016 iv = generate_iv(iv1, cipher_blklen,
2017 &msgid_net, sizeof(msgid_net),
2018 decr->digest_algo, cipher_blklen);
2022 /* Fill in the next IV from the final ciphertext block. */
2024 set_next_iv(const guint8 *buf, guint buf_len, guint32 message_id, decrypt_data_t *decr) {
2026 gsize cipher_blklen;
2029 cipher_blklen = decr->cipher_blklen;
2031 if (buf_len < cipher_blklen) {
2034 iv = wmem_alloc(wmem_file_scope(), cipher_blklen);
2035 memcpy(iv, buf + buf_len - cipher_blklen, cipher_blklen);
2038 msgid_key = GINT_TO_POINTER(message_id);
2039 g_hash_table_insert(decr->iv_hash, msgid_key, iv);
2043 update_ivs(packet_info *pinfo, const guint8 *buf, guint buf_len, guint32 message_id, decrypt_data_t *decr) {
2046 /* Get the current IV and store it as per-packet data. */
2047 iv = get_iv(message_id, decr);
2048 p_add_proto_data(wmem_file_scope(), pinfo, proto_isakmp, PINFO_CBC_IV, iv);
2050 set_next_iv(buf, buf_len, message_id, decr);
2054 prepare_decrypt_params(decrypt_data_t *decr) {
2055 decr->cipher_algo = ikev1_find_gcry_cipher_algo(decr->ike_encr_alg,
2056 decr->ike_encr_keylen);
2057 decr->digest_algo = ikev1_find_gcry_md_algo(decr->ike_hash_alg);
2059 if (decr->cipher_algo == GCRY_CIPHER_NONE ||
2060 decr->digest_algo == GCRY_MD_NONE)
2063 decr->cipher_keylen = gcry_cipher_get_algo_keylen(decr->cipher_algo);
2064 decr->cipher_blklen = gcry_cipher_get_algo_blklen(decr->cipher_algo);
2065 decr->digest_len = gcry_md_get_algo_dlen(decr->digest_algo);
2067 if (decr->secret_len < decr->cipher_keylen ||
2068 decr->digest_len < decr->cipher_blklen)
2071 if (decr->gi_len == 0 || decr->gr_len == 0)
2077 /* Generate phase 1 IV from DH values
2078 * and store it into the IV hash table. */
2080 prepare_phase1_iv(decrypt_data_t *decr) {
2083 iv = generate_iv(decr->gi, decr->gi_len,
2084 decr->gr, decr->gr_len,
2085 decr->digest_algo, decr->cipher_blklen);
2089 g_hash_table_insert(decr->iv_hash, GINT_TO_POINTER(0), iv);
2094 prepare_decrypt(decrypt_data_t *decr) {
2100 if (decr->state == DECR_PARAMS_INIT) {
2101 /* Short-circuit evaluation is intended. */
2102 result = prepare_decrypt_params(decr) &&
2103 prepare_phase1_iv(decr);
2104 decr->state = result ? DECR_PARAMS_READY : DECR_PARAMS_FAIL;
2107 return (decr->state == DECR_PARAMS_READY);
2110 static decrypt_data_t *
2111 create_decrypt_data(void) {
2112 decrypt_data_t *decr;
2114 decr = (decrypt_data_t *)g_slice_alloc(sizeof(decrypt_data_t));
2115 memset(decr, 0, sizeof(decrypt_data_t));
2116 decr->iv_hash = g_hash_table_new(NULL, NULL);
2117 clear_address(&decr->initiator);
2123 decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_len, decrypt_data_t *decr) {
2124 guint8 *decrypted_data;
2125 gcry_cipher_hd_t decr_ctx;
2130 if (buf_len < decr->cipher_blklen)
2133 iv = p_get_proto_data(wmem_file_scope(), pinfo, proto_isakmp, PINFO_CBC_IV);
2137 if (gcry_cipher_open(&decr_ctx, decr->cipher_algo, GCRY_CIPHER_MODE_CBC, 0) != GPG_ERR_NO_ERROR)
2140 decrypted_data = (guint8 *)wmem_alloc(pinfo->pool, buf_len);
2142 /* Short-circuit evaluation is intended. */
2143 error = gcry_cipher_setiv(decr_ctx, iv, decr->cipher_blklen) ||
2144 gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len) ||
2145 gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len);
2147 gcry_cipher_close(decr_ctx);
2151 encr_tvb = tvb_new_child_real_data(tvb, decrypted_data, buf_len, buf_len);
2153 /* Add the decrypted data to the data source list. */
2154 add_new_data_source(pinfo, encr_tvb, "Decrypted IKE");
2159 #endif /* HAVE_LIBGCRYPT */
2161 static proto_tree *dissect_payload_header(tvbuff_t *, packet_info *, int, int, int, guint8,
2162 guint8 *, guint16 *, proto_tree *);
2164 static void dissect_sa(tvbuff_t *, int, int, proto_tree *, int, packet_info *, gboolean, void*);
2165 static void dissect_proposal(tvbuff_t *, packet_info *, int, int, proto_tree *, int, void*);
2166 static void dissect_transform(tvbuff_t *, packet_info *, int, int, proto_tree *, int, int, void*);
2167 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *, int, packet_info *, void*);
2168 static void dissect_id(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2169 static void dissect_cert(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2170 static void dissect_certreq(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2171 static void dissect_auth(tvbuff_t *, int, int, proto_tree *);
2172 static void dissect_hash(tvbuff_t *, int, int, proto_tree *);
2173 static void dissect_sig(tvbuff_t *, int, int, proto_tree *);
2174 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *);
2175 static void dissect_notif(tvbuff_t *, packet_info *, int, int, proto_tree *, int);
2176 static void dissect_delete(tvbuff_t *, int, int, proto_tree *, int);
2177 static int dissect_vid(tvbuff_t *, int, int, proto_tree *);
2178 static void dissect_config(tvbuff_t *, packet_info *, int, int, proto_tree *, int, gboolean);
2179 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree * );
2180 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *, int );
2181 static void dissect_ts(tvbuff_t *, int, int, proto_tree *);
2182 static tvbuff_t * dissect_enc(tvbuff_t *, int, int, proto_tree *, packet_info *, guint8, gboolean, void*, gboolean);
2183 static void dissect_eap(tvbuff_t *, int, int, proto_tree *, packet_info *);
2184 static void dissect_gspm(tvbuff_t *, int, int, proto_tree *);
2185 static void dissect_cisco_fragmentation(tvbuff_t *, int, int, proto_tree *, packet_info *);
2187 /* State of current fragmentation within a conversation */
2188 typedef struct ikev2_fragmentation_state_t {
2190 guint8 next_payload;
2191 } ikev2_fragmentation_state_t;
2193 #ifdef HAVE_LIBGCRYPT
2194 /* frame_number -> next_payload. The key will be the frame that completes the original message */
2195 static GHashTable *defrag_next_payload_hash = NULL;
2198 static void dissect_ikev2_fragmentation(tvbuff_t *, int, proto_tree *, packet_info *, guint32 message_id, guint8 next_payload,
2199 gboolean is_request, void* decr_info);
2201 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_0[] = { /* Ssh Communications Security IPSEC Express version 1.1.0 */
2202 0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA,
2203 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23
2206 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_1[] = { /* Ssh Communications Security IPSEC Express version 1.1.1 */
2207 0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46,
2208 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30
2211 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_2[] = { /* Ssh Communications Security IPSEC Express version 1.1.2 */
2212 0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C,
2213 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5
2216 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_1[] = { /* Ssh Communications Security IPSEC Express version 1.2.1 */
2217 0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D,
2218 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB
2221 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_2[] = { /* Ssh Communications Security IPSEC Express version 1.2.2 */
2222 0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58,
2223 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E
2226 static const guint8 VID_SSH_IPSEC_EXPRESS_2_0_0[] = { /* SSH Communications Security IPSEC Express version 2.0.0 */
2227 0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0,
2228 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84
2231 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_0[] = { /* SSH Communications Security IPSEC Express version 2.1.0 */
2232 0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E,
2233 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC
2236 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_1[] = { /* SSH Communications Security IPSEC Express version 2.1.1 */
2237 0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B,
2238 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5
2241 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_2[] = { /* SSH Communications Security IPSEC Express version 2.1.2 */
2242 0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C,
2243 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20
2246 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_0[] = { /* SSH Communications Security IPSEC Express version 3.0.0 */
2247 0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00,
2248 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB
2251 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_1[] = { /* SSH Communications Security IPSEC Express version 3.0.1 */
2252 0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43,
2253 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F
2256 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_0[] = { /* SSH Communications Security IPSEC Express version 4.0.0 */
2257 0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA,
2258 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0
2261 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_1[] = { /* SSH Communications Security IPSEC Express version 4.0.1 */
2262 0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9,
2263 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C
2266 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_0[] = { /* SSH Communications Security IPSEC Express version 4.1.0 */
2267 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2268 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14
2271 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_1[] = { /* SSH Communications Security IPSEC Express version 4.1.1 */
2272 0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A,
2273 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F
2276 static const guint8 VID_SSH_IPSEC_EXPRESS_4_2_0[] = { /* SSH Communications Security IPSEC Express version 4.2.0 */
2277 0x68, 0x80, 0xC7, 0xD0, 0x26, 0x09, 0x91, 0x14,
2278 0xE4, 0x86, 0xC5, 0x54, 0x30, 0xE7, 0xAB, 0xEE
2281 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0[] = { /* SSH Communications Security IPSEC Express version 5.0 */
2282 0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57,
2283 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C
2286 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0_0[] = { /* SSH Communications Security IPSEC Express version 5.0.0 */
2287 0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93,
2288 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0
2291 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_0[] = { /* SSH Communications Security IPSEC Express version 5.1.0 */
2292 0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C,
2293 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B
2296 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_1[] = { /* SSH Communications Security IPSEC Express version 5.1.1 */
2297 0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78,
2298 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51
2301 static const guint8 VID_SSH_SENTINEL[] = { /* SSH Sentinel */
2302 0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06,
2303 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82
2306 static const guint8 VID_SSH_SENTINEL_1_1[] = { /* SSH Sentinel 1.1 */
2307 0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5,
2308 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8
2311 static const guint8 VID_SSH_SENTINEL_1_2[] = { /* SSH Sentinel 1.2 */
2312 0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6,
2313 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58
2316 static const guint8 VID_SSH_SENTINEL_1_3[] = { /* SSH Sentinel 1.3 */
2317 0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59,
2318 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52
2321 static const guint8 VID_SSH_SENTINEL_1_4[] = { /* SSH Sentinel 1.4 */
2322 0x63, 0xD9, 0xA1, 0xA7, 0x00, 0x94, 0x91, 0xB5,
2323 0xA0, 0xA6, 0xFD, 0xEB, 0x2A, 0x82, 0x84, 0xF0
2326 static const guint8 VID_SSH_SENTINEL_1_4_1[] = { /* SSH Sentinel 1.4.1 */
2327 0xEB, 0x4B, 0x0D, 0x96, 0x27, 0x6B, 0x4E, 0x22,
2328 0x0A, 0xD1, 0x62, 0x21, 0xA7, 0xB2, 0xA5, 0xE6
2331 static const guint8 VID_SSH_QUICKSEC_0_9_0[] = { /* SSH Communications Security QuickSec 0.9.0 */
2332 0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7,
2333 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A
2336 static const guint8 VID_SSH_QUICKSEC_1_1_0[] = { /* SSH Communications Security QuickSec 1.1.0 */
2337 0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96,
2338 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9
2341 static const guint8 VID_SSH_QUICKSEC_1_1_1[] = { /* SSH Communications Security QuickSec 1.1.1 */
2342 0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD,
2343 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94
2346 static const guint8 VID_SSH_QUICKSEC_1_1_2[] = { /* SSH Communications Security QuickSec 1.1.2 */
2347 0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5,
2348 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91
2351 static const guint8 VID_SSH_QUICKSEC_1_1_3[] = { /* SSH Communications Security QuickSec 1.1.3 */
2352 0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3,
2353 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87
2356 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_00[] = { /* draft-huttunen-ipsec-esp-in-udp-00.txt */
2357 0x6A, 0x74, 0x34, 0xC1, 0x9D, 0x7E, 0x36, 0x34,
2358 0x80, 0x90, 0xA0, 0x23, 0x34, 0xC9, 0xC8, 0x05
2361 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_01[] = { /* draft-huttunen-ipsec-esp-in-udp-01.txt */
2362 0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5,
2363 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83
2366 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_01[] = { /* draft-stenberg-ipsec-nat-traversal-01 */
2367 0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60,
2368 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0
2371 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_02[]= { /* draft-stenberg-ipsec-nat-traversal-02 */
2372 0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4,
2373 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD
2376 static const guint8 VID_draft_ietf_ipsec_nat_t_ike[]= { /* draft-ietf-ipsec-nat-t-ike */
2377 0x4D, 0xF3, 0x79, 0x28, 0xE9, 0xFC, 0x4F, 0xD1,
2378 0xB3, 0x26, 0x21, 0x70, 0xD5, 0x15, 0xC6, 0x62
2381 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_00[]= { /* draft-ietf-ipsec-nat-t-ike-00 */
2382 0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD,
2383 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC
2386 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_01[]= { /* "draft-ietf-ipsec-nat-t-ike-01" */
2387 0x16, 0xF6, 0xCA, 0x16, 0xE4, 0xA4, 0x06, 0x6D,
2388 0x83, 0x82, 0x1A, 0x0F, 0x0A, 0xEA, 0xA8, 0x62
2391 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02[]= { /* draft-ietf-ipsec-nat-t-ike-02 */
2392 0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8,
2393 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48
2396 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02n[]= { /* draft-ietf-ipsec-nat-t-ike-02\n */
2397 0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
2398 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
2401 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_03[] = { /* draft-ietf-ipsec-nat-t-ike-03 */
2402 0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F,
2403 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56
2406 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_04[] = { /* draft-ietf-ipsec-nat-t-ike-04 */
2407 0x99, 0x09, 0xb6, 0x4e, 0xed, 0x93, 0x7c, 0x65,
2408 0x73, 0xde, 0x52, 0xac, 0xe9, 0x52, 0xfa, 0x6b
2410 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_05[] = { /* draft-ietf-ipsec-nat-t-ike-05 */
2411 0x80, 0xd0, 0xbb, 0x3d, 0xef, 0x54, 0x56, 0x5e,
2412 0xe8, 0x46, 0x45, 0xd4, 0xc8, 0x5c, 0xe3, 0xee
2414 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_06[] = { /* draft-ietf-ipsec-nat-t-ike-06 */
2415 0x4d, 0x1e, 0x0e, 0x13, 0x6d, 0xea, 0xfa, 0x34,
2416 0xc4, 0xf3, 0xea, 0x9f, 0x02, 0xec, 0x72, 0x85
2418 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_07[] = { /* draft-ietf-ipsec-nat-t-ike-07 */
2419 0x43, 0x9b, 0x59, 0xf8, 0xba, 0x67, 0x6c, 0x4c,
2420 0x77, 0x37, 0xae, 0x22, 0xea, 0xb8, 0xf5, 0x82
2422 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_08[] = { /* draft-ietf-ipsec-nat-t-ike-08 */
2423 0x8f, 0x8d, 0x83, 0x82, 0x6d, 0x24, 0x6b, 0x6f,
2424 0xc7, 0xa8, 0xa6, 0xa4, 0x28, 0xc1, 0x1d, 0xe8
2426 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_09[] = { /* draft-ietf-ipsec-nat-t-ike-09 */
2427 0x42, 0xea, 0x5b, 0x6f, 0x89, 0x8d, 0x97, 0x73,
2428 0xa5, 0x75, 0xdf, 0x26, 0xe7, 0xdd, 0x19, 0xe1
2430 static const guint8 VID_testing_nat_t_rfc[] = { /* Testing NAT-T RFC */
2431 0xc4, 0x0f, 0xee, 0x00, 0xd5, 0xd3, 0x9d, 0xdb,
2432 0x1f, 0xc7, 0x62, 0xe0, 0x9b, 0x7c, 0xfe, 0xa7
2435 static const guint8 VID_rfc3947_nat_t[] = { /* RFC 3947 Negotiation of NAT-Traversal in the IKE */
2436 0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45,
2437 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f
2439 static const guint8 VID_draft_beaulieu_ike_xauth_02[]= { /* draft-beaulieu-ike-xauth-02.txt 02 or 06 ??*/
2440 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12,
2441 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5
2444 static const guint8 VID_xauth[]= { /* XAUTH (truncated MD5 hash of "draft-ietf-ipsra-isakmp-xauth-06.txt") */
2445 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12
2448 static const guint8 VID_rfc3706_dpd[]= { /* RFC 3706 */
2449 0xAF, 0xCA, 0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9,
2450 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00
2452 static const guint8 VID_draft_ietf_ipsec_antireplay_00[]= { /* draft-ietf-ipsec-antireplay-00.txt */
2453 0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD
2456 static const guint8 VID_draft_ietf_ipsec_heartbeats_00[]= { /* draft-ietf-ipsec-heartbeats-00.txt */
2457 0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60
2459 static const guint8 VID_IKE_CHALLENGE_RESPONSE_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2460 0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5,
2461 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9
2464 static const guint8 VID_IKE_CHALLENGE_RESPONSE_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2465 0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E,
2466 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12
2469 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2471 0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52,
2472 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D
2475 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2476 0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9,
2477 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B
2480 static const guint8 VID_CISCO_FRAG2[]= { /* Cisco Fragmentation - md5("FRAGMENTATION") */
2481 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2482 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3
2485 static const guint8 VID_MS_VID_INITIAL_CONTACT[]= { /* Microsoft Vid-Initial-Contact */
2486 0x26, 0x24, 0x4d, 0x38, 0xed, 0xdb, 0x61, 0xb3,
2487 0x17, 0x2a, 0x36, 0xe3, 0xd0, 0xcf, 0xb8, 0x19
2490 static const guint8 VID_GSS_API_1[]= { /* A GSS-API Authentication Method for IKE */
2491 0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2,
2492 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA
2495 static const guint8 VID_GSS_API_2[]= { /* A GSS-API Authentication Method for IKE */
2496 0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83,
2497 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55
2500 static const guint8 VID_GSSAPI[]= { /* GSSAPI */
2501 0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1,
2502 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE
2505 static const guint8 VID_MS_NT5_ISAKMPOAKLEY[]= { /* MS NT5 ISAKMPOAKLEY */
2506 0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D,
2507 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61
2510 static const guint8 VID_CISCO_UNITY[]= { /* CISCO-UNITY */
2511 0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9,
2512 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC
2516 static const guint8 VID_CISCO_CONCENTRATOR[]= { /* CISCO-CONCENTRATOR */
2517 0x1F, 0x07, 0xF7, 0x0E, 0xAA, 0x65, 0x14, 0xD3,
2518 0xB0, 0xFA, 0x96, 0x54, 0x2A, 0x50, 0x01, 0x00
2520 static const guint8 VID_CISCO_FRAG[] = { /* Cisco Fragmentation */
2521 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2522 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3,
2523 0x80, 0x00, 0x00, 0x00
2526 static const guint8 VID_CISCO_FLEXVPN_SUPPORTED[] = { /* "FLEXVPN-SUPPORTED" */
2527 0x46, 0x4c, 0x45, 0x58, 0x56, 0x50, 0x4e, 0x2d,
2528 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45,
2532 static const guint8 VID_CISCO_DELETE_REASON[] = { /* CISCO-DELETE-REASON */
2533 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x44, 0x45,
2534 0x4c, 0x45, 0x54, 0x45, 0x2d, 0x52, 0x45, 0x41,
2538 /* CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc. */
2539 static const guint8 VID_CISCO_COPYRIGHT[] = { /* Cisco Copyright */
2540 0x43, 0x49, 0x53, 0x43, 0x4f, 0x28, 0x43, 0x4f,
2541 0x50, 0x59, 0x52, 0x49, 0x47, 0x48, 0x54, 0x29,
2542 0x26, 0x43, 0x6f, 0x70, 0x79, 0x72, 0x69, 0x67,
2543 0x68, 0x74, 0x20, 0x28, 0x63, 0x29, 0x20, 0x32,
2544 0x30, 0x30, 0x39, 0x20, 0x43, 0x69, 0x73, 0x63,
2545 0x6f, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
2546 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e
2549 static const guint8 VID_CISCO_GRE_MODE[] = { /* CISCO-GRE-MODE */
2550 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x47, 0x52,
2551 0x45, 0x2d, 0x4d, 0x4f, 0x44, 0x45
2554 static const guint8 VID_CP_01_R65[] = { /* CryptoPro/GOST 0.1 / Check Point R65 */
2555 0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51,
2556 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28,
2557 0x7, 0xB4, 0x38, 0x1F
2560 static const guint8 VID_CP_10_R71[] = { /* CryptoPro/GOST 1.0 / Check Point R71 */
2561 0x03, 0x10, 0x17, 0xE0, 0x7F, 0x7A, 0x82, 0xE3,
2562 0xAA, 0x69, 0x50, 0xC9, 0x99, 0x99, 0x01, 0x00
2565 static const guint8 VID_CP_11[] = { /* CryptoPro/GOST 1.1 */
2566 0x03, 0x10, 0x17, 0xE0, 0x7F, 0x7A, 0x82, 0xE3,
2567 0xAA, 0x69, 0x50, 0xC9, 0x99, 0x99, 0x01, 0x01
2570 static const guint8 VID_CYBERGUARD[] = { /* CyberGuard */
2571 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2572 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC0, 0xF2, 0x14
2575 static const guint8 VID_SHREWSOFT[] = { /* Shrew Soft */
2576 0xf1, 0x4b, 0x94, 0xb7, 0xbf, 0xf1, 0xfe, 0xf0,
2577 0x27, 0x73, 0xb8, 0xc4, 0x9f, 0xed, 0xed, 0x26
2579 static const guint8 VID_STRONGSWAN[] = { /* strongSwan */
2580 0x88, 0x2f, 0xe5, 0x6d, 0x6f, 0xd2, 0x0d, 0xbc,
2581 0x22, 0x51, 0x61, 0x3b, 0x2e, 0xbe, 0x5b, 0xeb
2583 static const guint8 VID_KAME_RACOON[] = { /* KAME/racoon */
2584 0x70, 0x03, 0xcb, 0xc1, 0x09, 0x7d, 0xbe, 0x9c,
2585 0x26, 0x00, 0xba, 0x69, 0x83, 0xbc, 0x8b, 0x35
2588 static const guint8 VID_IPSEC_TOOLS[] = { /* IPsec-Tools */
2589 0x20, 0xa3, 0x62, 0x2c, 0x1c, 0xea, 0x7c, 0xe3,
2590 0x7b, 0xee, 0x3c, 0xa4, 0x84, 0x42, 0x52, 0x76
2593 static const guint8 VID_NETSCREEN_1[] = { /* Netscreen-1 */
2594 0x29, 0x9e, 0xe8, 0x28, 0x9f, 0x40, 0xa8, 0x97,
2595 0x3b, 0xc7, 0x86, 0x87, 0xe2, 0xe7, 0x22, 0x6b,
2596 0x53, 0x2c, 0x3b, 0x76
2599 static const guint8 VID_NETSCREEN_2[] = { /* Netscreen-2 */
2600 0x3a, 0x15, 0xe1, 0xf3, 0xcf, 0x2a, 0x63, 0x58,
2601 0x2e, 0x3a, 0xc8, 0x2d, 0x1c, 0x64, 0xcb, 0xe3,
2602 0xb6, 0xd7, 0x79, 0xe7
2605 static const guint8 VID_NETSCREEN_3[] = { /* Netscreen-3 */
2606 0x47, 0xd2, 0xb1, 0x26, 0xbf, 0xcd, 0x83, 0x48,
2607 0x97, 0x60, 0xe2, 0xcf, 0x8c, 0x5d, 0x4d, 0x5a,
2608 0x03, 0x49, 0x7c, 0x15
2611 static const guint8 VID_NETSCREEN_4[] = { /* Netscreen-4 */
2612 0x4a, 0x43, 0x40, 0xb5, 0x43, 0xe0, 0x2b, 0x84,
2613 0xc8, 0x8a, 0x8b, 0x96, 0xa8, 0xaf, 0x9e, 0xbe,
2614 0x77, 0xd9, 0xac, 0xcc
2617 static const guint8 VID_NETSCREEN_5[] = { /* Netscreen-5 */
2618 0x64, 0x40, 0x5f, 0x46, 0xf0, 0x3b, 0x76, 0x60,
2619 0xa2, 0x3b, 0xe1, 0x16, 0xa1, 0x97, 0x50, 0x58,
2620 0xe6, 0x9e, 0x83, 0x87
2623 static const guint8 VID_NETSCREEN_6[] = { /* Netscreen-6 */
2624 0x69, 0x93, 0x69, 0x22, 0x87, 0x41, 0xc6, 0xd4,
2625 0xca, 0x09, 0x4c, 0x93, 0xe2, 0x42, 0xc9, 0xde,
2626 0x19, 0xe7, 0xb7, 0xc6
2629 static const guint8 VID_NETSCREEN_7[] = { /* Netscreen-7 */
2630 0x8c, 0x0d, 0xc6, 0xcf, 0x62, 0xa0, 0xef, 0x1b,
2631 0x5c, 0x6e, 0xab, 0xd1, 0xb6, 0x7b, 0xa6, 0x98,
2632 0x66, 0xad, 0xf1, 0x6a
2635 static const guint8 VID_NETSCREEN_8[] = { /* Netscreen-8 */
2636 0x92, 0xd2, 0x7a, 0x9e, 0xcb, 0x31, 0xd9, 0x92,
2637 0x46, 0x98, 0x6d, 0x34, 0x53, 0xd0, 0xc3, 0xd5,
2638 0x7a, 0x22, 0x2a, 0x61
2641 static const guint8 VID_NETSCREEN_9[] = { /* Netscreen-9 */
2642 0x9b, 0x09, 0x6d, 0x9a, 0xc3, 0x27, 0x5a, 0x7d,
2643 0x6f, 0xe8, 0xb9, 0x1c, 0x58, 0x31, 0x11, 0xb0,
2644 0x9e, 0xfe, 0xd1, 0xa0
2647 static const guint8 VID_NETSCREEN_10[] = { /* Netscreen-10 */
2648 0xbf, 0x03, 0x74, 0x61, 0x08, 0xd7, 0x46, 0xc9,
2649 0x04, 0xf1, 0xf3, 0x54, 0x7d, 0xe2, 0x4f, 0x78,
2650 0x47, 0x9f, 0xed, 0x12
2653 static const guint8 VID_NETSCREEN_11[] = { /* Netscreen-11 */
2654 0xc2, 0xe8, 0x05, 0x00, 0xf4, 0xcc, 0x5f, 0xbf,
2655 0x5d, 0xaa, 0xee, 0xd3, 0xbb, 0x59, 0xab, 0xae,
2656 0xee, 0x56, 0xc6, 0x52
2659 static const guint8 VID_NETSCREEN_12[] = { /* Netscreen-12 */
2660 0xc8, 0x66, 0x0a, 0x62, 0xb0, 0x3b, 0x1b, 0x61,
2661 0x30, 0xbf, 0x78, 0x16, 0x08, 0xd3, 0x2a, 0x6a,
2662 0x8d, 0x0f, 0xb8, 0x9f
2665 static const guint8 VID_NETSCREEN_13[] = { /* Netscreen-13 */
2666 0xf8, 0x85, 0xda, 0x40, 0xb1, 0xe7, 0xa9, 0xab,
2667 0xd1, 0x76, 0x55, 0xec, 0x5b, 0xbe, 0xc0, 0xf2,
2668 0x1f, 0x0e, 0xd5, 0x2e
2671 static const guint8 VID_NETSCREEN_14[] = { /* Netscreen-14 */
2672 0x2a, 0x2b, 0xca, 0xc1, 0x9b, 0x8e, 0x91, 0xb4,
2673 0x26, 0x10, 0x78, 0x07, 0xe0, 0x2e, 0x72, 0x49,
2674 0x56, 0x9d, 0x6f, 0xd3
2676 static const guint8 VID_NETSCREEN_15[] = { /* Netscreen-15 */
2677 0x16, 0x6f, 0x93, 0x2d, 0x55, 0xeb, 0x64, 0xd8,
2678 0xe4, 0xdf, 0x4f, 0xd3, 0x7e, 0x23, 0x13, 0xf0,
2679 0xd0, 0xfd, 0x84, 0x51
2682 static const guint8 VID_NETSCREEN_16[] = { /* Netscreen-16 */
2683 0xa3, 0x5b, 0xfd, 0x05, 0xca, 0x1a, 0xc0, 0xb3,
2684 0xd2, 0xf2, 0x4e, 0x9e, 0x82, 0xbf, 0xcb, 0xff,
2685 0x9c, 0x9e, 0x52, 0xb5
2688 static const guint8 VID_ZYWALL[] = { /* ZYWALL */
2689 0x62, 0x50, 0x27, 0x74, 0x9d, 0x5a, 0xb9, 0x7f,
2690 0x56, 0x16, 0xc1, 0x60, 0x27, 0x65, 0xcf, 0x48,
2691 0x0a, 0x3b, 0x7d, 0x0b
2694 static const guint8 VID_SIDEWINDER[] = { /* SIDEWINDER */
2695 0x84, 0x04, 0xad, 0xf9, 0xcd, 0xa0, 0x57, 0x60,
2696 0xb2, 0xca, 0x29, 0x2e, 0x4b, 0xff, 0x53, 0x7b
2699 static const guint8 VID_SONICWALL[] = { /* SonicWALL */
2700 0x40, 0x4B, 0xF4, 0x39, 0x52, 0x2C, 0xA3, 0xF6
2703 static const guint8 VID_HEARTBEAT_NOTIFY[] = { /* Heartbeat Notify */
2704 0x48 ,0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61,
2705 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79
2708 static const guint8 VID_DWR[] = { /* DWR: Delete with reason */
2709 0x2D, 0x79, 0x22, 0xC6, 0xB3, 0x01, 0xD9, 0xB0,
2710 0xE1, 0x34, 0x27, 0x39, 0xE9, 0xCF, 0xBB, 0xD5
2713 static const guint8 VID_ARUBA_RAP[] = { /* Remote AP (Aruba Networks) */
2714 0xca, 0x3e, 0x2b, 0x85, 0x4b, 0xa8, 0x03, 0x00,
2715 0x17, 0xdc, 0x10, 0x23, 0xa4, 0xfd, 0xe2, 0x04,
2716 0x1f, 0x9f, 0x74, 0x63
2719 static const guint8 VID_ARUBA_CONTROLLER[] = { /* Controller (Aruba Networks) */
2720 0x3c, 0x8e, 0x70, 0xbd, 0xf9, 0xc7, 0xd7, 0x4a,
2721 0xdd, 0x53, 0xe4, 0x10, 0x09, 0x15, 0xdc, 0x2e,
2722 0x4b, 0xb5, 0x12, 0x74
2725 static const guint8 VID_ARUBA_VIA_CLIENT[] = { /* VIA Client (Aruba Networks) */
2726 0x88, 0xf0, 0xe3, 0x14, 0x9b, 0x3f, 0xa4, 0x8b,
2727 0x05, 0xaa, 0x7f, 0x68, 0x5f, 0x0b, 0x76, 0x6b,
2728 0xe1, 0x86, 0xcc, 0xb8
2731 static const guint8 VID_ARUBA_VIA_AUTH_PROFILE[] = { /* VIA Auth Profile (Aruba Networks) */
2732 0x56, 0x49, 0x41, 0x20, 0x41, 0x75, 0x74, 0x68,
2733 0x20, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
2738 * MS-IKEE Internet Key Exchange Protocol Extensions (v20080212).pdf
2739 * Windows Vista and Windows Server 2008
2741 static const guint8 VID_MS_IKEE_20080212_CGA1[] = { /* IKE CGA Version 1 */
2742 0xe3, 0xa5, 0x96, 0x6a, 0x76, 0x37, 0x9f, 0xe7,
2743 0x07, 0x22, 0x82, 0x31, 0xe5, 0xce, 0x86, 0x52
2746 static const guint8 VID_MS_IKEE_20080212_MS_NDC[] = { /* MS-Negotiation Discovery Capable */
2747 0xfb, 0x1d, 0xe3, 0xcd, 0xf3, 0x41, 0xb7, 0xea,
2748 0x16, 0xb7, 0xe5, 0xbe, 0x08, 0x55, 0xf1, 0x20
2751 /* Based from value_string.c/h */
2752 static const byte_string vendor_id[] = {
2753 { VID_SSH_IPSEC_EXPRESS_1_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_0), "Ssh Communications Security IPSEC Express version 1.1.0" },
2754 { VID_SSH_IPSEC_EXPRESS_1_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_1), "Ssh Communications Security IPSEC Express version 1.1.1" },
2755 { VID_SSH_IPSEC_EXPRESS_1_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_2), "Ssh Communications Security IPSEC Express version 1.1.2" },
2756 { VID_SSH_IPSEC_EXPRESS_1_2_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_1), "Ssh Communications Security IPSEC Express version 1.2.1" },
2757 { VID_SSH_IPSEC_EXPRESS_1_2_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_2), "Ssh Communications Security IPSEC Express version 1.2.2" },
2758 { VID_SSH_IPSEC_EXPRESS_2_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_0_0), "SSH Communications Security IPSEC Express version 2.0.0" },
2759 { VID_SSH_IPSEC_EXPRESS_2_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_0), "SSH Communications Security IPSEC Express version 2.1.0" },
2760 { VID_SSH_IPSEC_EXPRESS_2_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_1), "SSH Communications Security IPSEC Express version 2.1.1" },
2761 { VID_SSH_IPSEC_EXPRESS_2_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_2), "SSH Communications Security IPSEC Express version 2.1.2" },
2762 { VID_SSH_IPSEC_EXPRESS_3_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_0), "SSH Communications Security IPSEC Express version 3.0.0" },
2763 { VID_SSH_IPSEC_EXPRESS_3_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_1), "SSH Communications Security IPSEC Express version 3.0.1" },
2764 { VID_SSH_IPSEC_EXPRESS_4_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_0), "SSH Communications Security IPSEC Express version 4.0.0" },
2765 { VID_SSH_IPSEC_EXPRESS_4_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_1), "SSH Communications Security IPSEC Express version 4.0.1" },
2766 { VID_SSH_IPSEC_EXPRESS_4_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_0), "SSH Communications Security IPSEC Express version 4.1.0" },
2767 { VID_SSH_IPSEC_EXPRESS_4_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_1), "SSH Communications Security IPSEC Express version 4.1.1" },
2768 { VID_SSH_IPSEC_EXPRESS_4_2_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_2_0), "SSH Communications Security IPSEC Express version 4.2.0" },
2769 { VID_SSH_IPSEC_EXPRESS_5_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0), "SSH Communications Security IPSEC Express version 5.0" },
2770 { VID_SSH_IPSEC_EXPRESS_5_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0_0), "SSH Communications Security IPSEC Express version 5.0.0" },
2771 { VID_SSH_IPSEC_EXPRESS_5_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_0), "SSH Communications Security IPSEC Express version 5.1.0" },
2772 { VID_SSH_IPSEC_EXPRESS_5_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_1), "SSH Communications Security IPSEC Express version 5.1.1" },
2773 { VID_SSH_SENTINEL, sizeof(VID_SSH_SENTINEL), "SSH Sentinel" },
2774 { VID_SSH_SENTINEL_1_1, sizeof(VID_SSH_SENTINEL_1_1), "SSH Sentinel 1.1" },
2775 { VID_SSH_SENTINEL_1_2, sizeof(VID_SSH_SENTINEL_1_2), "SSH Sentinel 1.2" },
2776 { VID_SSH_SENTINEL_1_3, sizeof(VID_SSH_SENTINEL_1_3), "SSH Sentinel 1.3" },
2777 { VID_SSH_SENTINEL_1_4, sizeof(VID_SSH_SENTINEL_1_4), "SSH Sentinel 1.4" },
2778 { VID_SSH_SENTINEL_1_4_1, sizeof(VID_SSH_SENTINEL_1_4_1), "SSH Sentinel 1.4.1" },
2779 { VID_SSH_QUICKSEC_0_9_0, sizeof(VID_SSH_QUICKSEC_0_9_0), "SSH Communications Security QuickSec 0.9.0" },
2780 { VID_SSH_QUICKSEC_1_1_0, sizeof(VID_SSH_QUICKSEC_1_1_0), "SSH Communications Security QuickSec 1.1.0" },
2781 { VID_SSH_QUICKSEC_1_1_1, sizeof(VID_SSH_QUICKSEC_1_1_1), "SSH Communications Security QuickSec 1.1.1" },
2782 { VID_SSH_QUICKSEC_1_1_2, sizeof(VID_SSH_QUICKSEC_1_1_2), "SSH Communications Security QuickSec 1.1.2" },
2783 { VID_SSH_QUICKSEC_1_1_3, sizeof(VID_SSH_QUICKSEC_1_1_3), "SSH Communications Security QuickSec 1.1.3" },
2784 { VID_draft_huttunen_ipsec_esp_in_udp_00, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_00), "draft-huttunen-ipsec-esp-in-udp-00.txt" },
2785 { VID_draft_huttunen_ipsec_esp_in_udp_01, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_01), "draft-huttunen-ipsec-esp-in-udp-01.txt (ESPThruNAT)" },
2786 { VID_draft_stenberg_ipsec_nat_traversal_01, sizeof(VID_draft_stenberg_ipsec_nat_traversal_01), "draft-stenberg-ipsec-nat-traversal-01" },
2787 { VID_draft_stenberg_ipsec_nat_traversal_02, sizeof(VID_draft_stenberg_ipsec_nat_traversal_02), "draft-stenberg-ipsec-nat-traversal-02" },
2788 { VID_draft_ietf_ipsec_nat_t_ike, sizeof(VID_draft_ietf_ipsec_nat_t_ike), "draft-ietf-ipsec-nat-t-ike" },
2789 { VID_draft_ietf_ipsec_nat_t_ike_00, sizeof(VID_draft_ietf_ipsec_nat_t_ike_00), "draft-ietf-ipsec-nat-t-ike-00" },
2790 { VID_draft_ietf_ipsec_nat_t_ike_01, sizeof(VID_draft_ietf_ipsec_nat_t_ike_01), "draft-ietf-ipsec-nat-t-ike-01" },
2791 { VID_draft_ietf_ipsec_nat_t_ike_02, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02), "draft-ietf-ipsec-nat-t-ike-02" },
2792 { VID_draft_ietf_ipsec_nat_t_ike_02n, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02n), "draft-ietf-ipsec-nat-t-ike-02\\n" },
2793 { VID_draft_ietf_ipsec_nat_t_ike_03, sizeof(VID_draft_ietf_ipsec_nat_t_ike_03), "draft-ietf-ipsec-nat-t-ike-03" },
2794 { VID_draft_ietf_ipsec_nat_t_ike_04, sizeof(VID_draft_ietf_ipsec_nat_t_ike_04), "draft-ietf-ipsec-nat-t-ike-04" },
2795 { VID_draft_ietf_ipsec_nat_t_ike_05, sizeof(VID_draft_ietf_ipsec_nat_t_ike_05), "draft-ietf-ipsec-nat-t-ike-05" },
2796 { VID_draft_ietf_ipsec_nat_t_ike_06, sizeof(VID_draft_ietf_ipsec_nat_t_ike_06), "draft-ietf-ipsec-nat-t-ike-06" },
2797 { VID_draft_ietf_ipsec_nat_t_ike_07, sizeof(VID_draft_ietf_ipsec_nat_t_ike_07), "draft-ietf-ipsec-nat-t-ike-07" },
2798 { VID_draft_ietf_ipsec_nat_t_ike_08, sizeof(VID_draft_ietf_ipsec_nat_t_ike_08), "draft-ietf-ipsec-nat-t-ike-08" },
2799 { VID_draft_ietf_ipsec_nat_t_ike_09, sizeof(VID_draft_ietf_ipsec_nat_t_ike_09), "draft-ietf-ipsec-nat-t-ike-09" },
2800 { VID_testing_nat_t_rfc, sizeof(VID_testing_nat_t_rfc), "Testing NAT-T RFC" },
2801 { VID_rfc3947_nat_t, sizeof(VID_rfc3947_nat_t), "RFC 3947 Negotiation of NAT-Traversal in the IKE" },
2802 { VID_draft_beaulieu_ike_xauth_02, sizeof(VID_draft_beaulieu_ike_xauth_02), "draft-beaulieu-ike-xauth-02.txt" },
2803 { VID_xauth, sizeof(VID_xauth), "XAUTH" },
2804 { VID_rfc3706_dpd, sizeof(VID_rfc3706_dpd), "RFC 3706 DPD (Dead Peer Detection)" },
2805 { VID_draft_ietf_ipsec_antireplay_00, sizeof(VID_draft_ietf_ipsec_antireplay_00), "draft-ietf-ipsec-antireplay-00.txt" },
2806 { VID_draft_ietf_ipsec_heartbeats_00, sizeof(VID_draft_ietf_ipsec_heartbeats_00), "draft-ietf-ipsec-heartbeats-00.txt" },
2807 { VID_IKE_CHALLENGE_RESPONSE_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_1), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
2808 { VID_IKE_CHALLENGE_RESPONSE_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_2), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
2809 { VID_IKE_CHALLENGE_RESPONSE_REV_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_1), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
2810 { VID_IKE_CHALLENGE_RESPONSE_REV_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_2), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
2811 { VID_CISCO_FRAG2, sizeof(VID_CISCO_FRAG2), "Cisco Fragmentation" },
2812 { VID_CISCO_FLEXVPN_SUPPORTED, sizeof(VID_CISCO_FLEXVPN_SUPPORTED), "Cisco FlexVPN Supported" },
2813 { VID_CISCO_DELETE_REASON, sizeof(VID_CISCO_DELETE_REASON), "Cisco Delete Reason Supported"},
2814 { VID_CISCO_COPYRIGHT, sizeof(VID_CISCO_COPYRIGHT), "Cisco Copyright"},
2815 { VID_CISCO_GRE_MODE, sizeof(VID_CISCO_GRE_MODE), "Cisco GRE Mode Supported"},
2816 { VID_MS_VID_INITIAL_CONTACT, sizeof(VID_MS_VID_INITIAL_CONTACT), "Microsoft Vid-Initial-Contact" },
2817 { VID_GSS_API_1, sizeof(VID_GSS_API_1), "A GSS-API Authentication Method for IKE" },
2818 { VID_GSS_API_2, sizeof(VID_GSS_API_2), "A GSS-API Authentication Method for IKE" },
2819 { VID_GSSAPI, sizeof(VID_GSSAPI), "GSSAPI" },
2820 { VID_MS_NT5_ISAKMPOAKLEY, sizeof(VID_MS_NT5_ISAKMPOAKLEY), "MS NT5 ISAKMPOAKLEY" },
2821 { VID_CISCO_UNITY, sizeof(VID_CISCO_UNITY), "CISCO-UNITY" },
2822 { VID_CISCO_CONCENTRATOR, sizeof(VID_CISCO_CONCENTRATOR), "CISCO-CONCENTRATOR" },
2823 { VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" },
2824 { VID_CP_01_R65, sizeof(VID_CP_01_R65), "CryptoPro/GOST 0.1 / Check Point R65" },
2825 { VID_CP_10_R71, sizeof(VID_CP_10_R71), "CryptoPro/GOST 1.0 / Check Point R71" },
2826 { VID_CP_11, sizeof(VID_CP_11), "CryptoPro/GOST 1.1" },
2827 { VID_CYBERGUARD, sizeof(VID_CYBERGUARD), "CyberGuard" },
2828 { VID_SHREWSOFT, sizeof(VID_SHREWSOFT), "Shrew Soft" },
2829 { VID_STRONGSWAN, sizeof(VID_STRONGSWAN), "strongSwan" },
2830 { VID_KAME_RACOON, sizeof(VID_KAME_RACOON), "KAME/racoon" },
2831 { VID_IPSEC_TOOLS, sizeof(VID_IPSEC_TOOLS), "IPSec-Tools" },
2832 { VID_NETSCREEN_1, sizeof(VID_NETSCREEN_1), "Netscreen-1" },
2833 { VID_NETSCREEN_2, sizeof(VID_NETSCREEN_2), "Netscreen-2" },
2834 { VID_NETSCREEN_3, sizeof(VID_NETSCREEN_3), "Netscreen-3" },
2835 { VID_NETSCREEN_4, sizeof(VID_NETSCREEN_4), "Netscreen-4" },
2836 { VID_NETSCREEN_5, sizeof(VID_NETSCREEN_5), "Netscreen-5" },
2837 { VID_NETSCREEN_6, sizeof(VID_NETSCREEN_6), "Netscreen-6" },
2838 { VID_NETSCREEN_7, sizeof(VID_NETSCREEN_7), "Netscreen-7" },
2839 { VID_NETSCREEN_8, sizeof(VID_NETSCREEN_8), "Netscreen-8" },
2840 { VID_NETSCREEN_9, sizeof(VID_NETSCREEN_9), "Netscreen-9" },
2841 { VID_NETSCREEN_10, sizeof(VID_NETSCREEN_10), "Netscreen-10" },
2842 { VID_NETSCREEN_11, sizeof(VID_NETSCREEN_11), "Netscreen-11" },
2843 { VID_NETSCREEN_12, sizeof(VID_NETSCREEN_12), "Netscreen-12" },
2844 { VID_NETSCREEN_13, sizeof(VID_NETSCREEN_13), "Netscreen-13" },
2845 { VID_NETSCREEN_14, sizeof(VID_NETSCREEN_14), "Netscreen-14" },
2846 { VID_NETSCREEN_15, sizeof(VID_NETSCREEN_15), "Netscreen-15" },
2847 { VID_NETSCREEN_16, sizeof(VID_NETSCREEN_16), "Netscreen-16" },
2848 { VID_ZYWALL, sizeof(VID_ZYWALL), "ZYWALL" },
2849 { VID_SIDEWINDER, sizeof(VID_SIDEWINDER), "SIDEWINDER" },
2850 { VID_SONICWALL, sizeof(VID_SONICWALL), "SonicWALL" },
2851 { VID_HEARTBEAT_NOTIFY, sizeof(VID_HEARTBEAT_NOTIFY), "Heartbeat Notify" },
2852 { VID_DWR, sizeof(VID_DWR), "DWR: Delete with reason" },
2853 { VID_ARUBA_RAP, sizeof(VID_ARUBA_RAP), "Remote AP (Aruba Networks)" },
2854 { VID_ARUBA_CONTROLLER, sizeof(VID_ARUBA_CONTROLLER), "Controller (Aruba Networks)" },
2855 { VID_ARUBA_VIA_CLIENT, sizeof(VID_ARUBA_VIA_CLIENT), "VIA Client (Aruba Networks)" },
2856 { VID_ARUBA_VIA_AUTH_PROFILE, sizeof(VID_ARUBA_VIA_AUTH_PROFILE), "VIA Auth Profile (Aruba Networks)" },
2857 { VID_MS_IKEE_20080212_CGA1, sizeof(VID_MS_IKEE_20080212_CGA1), "IKE CGA Version 1" },
2858 { VID_MS_IKEE_20080212_MS_NDC, sizeof(VID_MS_IKEE_20080212_MS_NDC), "MS-Negotiation Discovery Capable" },
2863 /* Tries to match val against each element in the value_string array vs.
2864 Returns the associated string ptr, and sets "*idx" to the index in
2865 that table, on a match, and returns NULL, and sets "*idx" to -1,
2868 match_strbyte_idx(const guint8 *val, const gint val_len, const byte_string *vs, gint *idx) {
2872 while (vs[i].strptr) {
2873 if (val_len >= vs[i].len && !memcmp(vs[i].value, val, vs[i].len)) {
2875 return(vs[i].strptr);
2884 /* Like match_strbyte_idx(), but doesn't return the index. */
2886 match_strbyte(const guint8 *val,const gint val_len, const byte_string *vs) {
2888 return match_strbyte_idx(val, val_len, vs, &ignore_me);
2891 /* Tries to match val against each element in the value_string array vs.
2892 Returns the associated string ptr on a match.
2893 Formats val with fmt, and returns the resulting string, on failure. */
2895 byte_to_str(const guint8 *val,const gint val_len, const byte_string *vs, const char *fmt) {
2898 DISSECTOR_ASSERT(fmt != NULL);
2899 ret = match_strbyte(val, val_len, vs);
2903 return wmem_strdup_printf(wmem_packet_scope(), fmt, val);
2909 dissect_payloads(tvbuff_t *tvb, proto_tree *tree,
2910 int isakmp_version, guint8 initial_payload, int offset, int length,
2911 packet_info *pinfo, guint32 message_id, gboolean is_request, void* decr_data)
2913 guint8 payload, next_payload;
2914 guint16 payload_length;
2917 for (payload = initial_payload; length > 0; payload = next_payload) {
2918 if (payload == PLOAD_IKE_NONE) {
2920 * What? There's more stuff in this chunk of data, but the
2921 * previous payload had a "next payload" type of None?
2923 proto_tree_add_item(tree, hf_isakmp_extradata, tvb, offset, length, ENC_NA);
2927 ntree = dissect_payload_header(tvb, pinfo, offset, length, isakmp_version, payload, &next_payload, &payload_length, tree);
2928 if (payload_length >= 4) { /* XXX = > 4? */
2929 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
2933 dissect_sa(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo, is_request, decr_data);
2936 dissect_proposal(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, decr_data );
2940 dissect_key_exch(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo, decr_data );
2943 case PLOAD_IKE2_IDI:
2944 case PLOAD_IKE2_IDR:
2945 dissect_id(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2947 case PLOAD_IKE_CERT:
2948 case PLOAD_IKE2_CERT:
2949 dissect_cert(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2952 case PLOAD_IKE2_CERTREQ:
2953 dissect_certreq(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2955 case PLOAD_IKE_HASH:
2956 dissect_hash(tvb, offset + 4, payload_length - 4, ntree);
2959 dissect_sig(tvb, offset + 4, payload_length - 4, ntree);
2961 case PLOAD_IKE_NONCE:
2962 case PLOAD_IKE2_NONCE:
2963 dissect_nonce(tvb, offset + 4, payload_length - 4, ntree);
2967 dissect_notif(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version);
2971 dissect_delete(tvb, offset + 4, payload_length - 4, ntree, isakmp_version);
2975 dissect_vid(tvb, offset + 4, payload_length - 4, ntree);
2979 dissect_config(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, is_request);
2981 case PLOAD_IKE2_AUTH:
2982 dissect_auth(tvb, offset + 4, payload_length - 4, ntree);
2984 case PLOAD_IKE2_TSI:
2985 case PLOAD_IKE2_TSR:
2986 dissect_ts(tvb, offset + 4, payload_length - 4, ntree);
2989 if(isakmp_version == 2)
2990 dissect_enc(tvb, offset + 4, payload_length - 4, ntree, pinfo, next_payload, is_request, decr_data, TRUE);
2992 case PLOAD_IKE2_EAP:
2993 dissect_eap(tvb, offset + 4, payload_length - 4, ntree, pinfo );
2995 case PLOAD_IKE2_GSPM:
2996 dissect_gspm(tvb, offset + 4, payload_length - 4, ntree);
2998 case PLOAD_IKE_NAT_D:
2999 case PLOAD_IKE_NAT_D13:
3000 case PLOAD_IKE_NAT_D48:
3001 dissect_nat_discovery(tvb, offset + 4, payload_length - 4, ntree );
3003 case PLOAD_IKE_NAT_OA:
3004 case PLOAD_IKE_NAT_OA14:
3005 case PLOAD_IKE_NAT_OA58:
3006 dissect_nat_original_address(tvb, offset + 4, payload_length - 4, ntree, isakmp_version );
3008 case PLOAD_IKE_CISCO_FRAG:
3009 dissect_cisco_fragmentation(tvb, offset + 4, payload_length - 4, ntree, pinfo );
3011 case PLOAD_IKE2_SKF:
3012 if (isakmp_version == 2) {
3013 /* N.B. not passing in length as must be the last payload in the message */
3014 dissect_ikev2_fragmentation(tvb, offset + 4, ntree, pinfo, message_id, next_payload, is_request, decr_data );
3018 proto_tree_add_item(ntree, hf_isakmp_datapayload, tvb, offset + 4, payload_length-4, ENC_NA);
3022 else if (payload_length > length) {
3023 proto_tree_add_expert_format(ntree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
3024 "Payload (bogus, length is %u, greater than remaining length %d",
3025 payload_length, length);
3029 proto_tree_add_expert_format(ntree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
3030 "Payload (bogus, length is %u, must be at least 4)",
3035 offset += payload_length;
3036 length -= payload_length;
3041 isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
3042 guint8 initial_payload, int offset, int length,
3045 dissect_payloads(tvb, tree, isakmp_version, initial_payload, offset, length,
3046 pinfo, 0, FALSE, NULL);
3050 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
3052 int offset = 0, len;
3054 proto_item *ti, *vers_item;
3055 proto_tree *isakmp_tree = NULL, *vers_tree;
3057 void* decr_data = NULL;
3059 #ifdef HAVE_LIBGCRYPT
3060 guint8 i_cookie[COOKIE_SIZE], *ic_key;
3061 decrypt_data_t *decr = NULL;
3063 proto_tree *decr_tree;
3065 #endif /* HAVE_LIBGCRYPT */
3067 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
3068 col_clear(pinfo->cinfo, COL_INFO);
3070 /* Some simple heuristics to catch non-isakmp packets */
3071 if (tvb_reported_length(tvb)== 1 && tvb_get_guint8(tvb, offset) !=0xff)
3073 else if (tvb_reported_length(tvb) < ISAKMP_HDR_SIZE)
3075 else if (tvb_get_ntohl(tvb, ISAKMP_HDR_SIZE-4) < ISAKMP_HDR_SIZE)
3078 ti = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, ENC_NA);
3079 isakmp_tree = proto_item_add_subtree(ti, ett_isakmp);
3081 /* RFC3948 2.3 NAT Keepalive packet:
3082 * 1 byte payload with the value 0xff.
3084 if ( (tvb_reported_length(tvb)== 1) && (tvb_get_guint8(tvb, offset) == 0xff) ){
3085 col_set_str(pinfo->cinfo, COL_INFO, "NAT Keepalive");
3086 proto_tree_add_item(isakmp_tree, hf_isakmp_nat_keepalive, tvb, offset, 1, ENC_NA);
3090 hdr.length = tvb_get_ntohl(tvb, offset + ISAKMP_HDR_SIZE - 4);
3091 hdr.exch_type = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1);
3092 hdr.version = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1);
3093 isakmp_version = hi_nibble(hdr.version); /* save the version */
3094 hdr.flags = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1 + 1);
3096 #ifdef HAVE_LIBGCRYPT
3097 if (isakmp_version == 1) {
3098 clear_address(&null_addr);
3100 tvb_memcpy(tvb, i_cookie, offset, COOKIE_SIZE);
3101 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
3104 ic_key = (guint8 *)g_slice_alloc(COOKIE_SIZE);
3105 memcpy(ic_key, i_cookie, COOKIE_SIZE);
3106 decr = create_decrypt_data();
3107 g_hash_table_insert(isakmp_hash, ic_key, decr);
3110 if (addresses_equal(&decr->initiator, &null_addr)) {
3111 /* XXX - We assume that we're seeing the second packet in an exchange here.
3112 * Is there a way to verify this? */
3113 copy_address_wmem(wmem_file_scope(), &decr->initiator, &pinfo->src);
3117 } else if (isakmp_version == 2) {
3118 ikev2_uat_data_key_t hash_key;
3119 ikev2_uat_data_t *ike_sa_data;
3120 ikev2_decrypt_data_t *ikev2_dec_data;
3121 guchar spii[COOKIE_SIZE], spir[COOKIE_SIZE];
3123 tvb_memcpy(tvb, spii, offset, COOKIE_SIZE);
3124 tvb_memcpy(tvb, spir, offset + COOKIE_SIZE, COOKIE_SIZE);
3125 hash_key.spii = spii;
3126 hash_key.spir = spir;
3127 hash_key.spii_len = COOKIE_SIZE;
3128 hash_key.spir_len = COOKIE_SIZE;
3130 ike_sa_data = (ikev2_uat_data_t *)g_hash_table_lookup(ikev2_key_hash, &hash_key);
3132 guint8 initiator_flag;
3133 initiator_flag = hdr.flags & I_FLAG;
3134 ikev2_dec_data = wmem_new(wmem_packet_scope(), ikev2_decrypt_data_t);
3135 ikev2_dec_data->encr_key = initiator_flag ? ike_sa_data->sk_ei : ike_sa_data->sk_er;
3136 ikev2_dec_data->auth_key = initiator_flag ? ike_sa_data->sk_ai : ike_sa_data->sk_ar;
3137 ikev2_dec_data->encr_spec = ike_sa_data->encr_spec;
3138 ikev2_dec_data->auth_spec = ike_sa_data->auth_spec;
3140 decr_data = ikev2_dec_data;
3143 #endif /* HAVE_LIBGCRYPT */
3146 proto_tree_add_item(isakmp_tree, hf_isakmp_ispi, tvb, offset, COOKIE_SIZE, ENC_NA);
3147 offset += COOKIE_SIZE;
3149 proto_tree_add_item(isakmp_tree, hf_isakmp_rspi, tvb, offset, COOKIE_SIZE, ENC_NA);
3150 offset += COOKIE_SIZE;
3152 hdr.next_payload = tvb_get_guint8(tvb, offset);
3153 proto_tree_add_item(isakmp_tree, hf_isakmp_nextpayload, tvb, offset, 1, ENC_BIG_ENDIAN);
3157 vers_item = proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_version, tvb, offset,
3158 1, hdr.version, "%u.%u",
3159 hi_nibble(hdr.version), lo_nibble(hdr.version));
3160 vers_tree = proto_item_add_subtree(vers_item, ett_isakmp_version);
3161 proto_tree_add_item(vers_tree, hf_isakmp_mjver, tvb, offset, 1, ENC_BIG_ENDIAN);
3162 proto_tree_add_item(vers_tree, hf_isakmp_mnver, tvb, offset, 1, ENC_BIG_ENDIAN);
3165 if(isakmp_version == 1) {
3166 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3167 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v1_type, "Unknown %d"));
3168 } else if (isakmp_version == 2){
3169 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3170 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v2_type, "Unknown %d"));
3178 fti = proto_tree_add_item(isakmp_tree, hf_isakmp_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
3179 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
3180 flags = tvb_get_guint8(tvb, offset);
3182 if (isakmp_version == 1) {
3183 proto_tree_add_item(ftree, hf_isakmp_flag_e, tvb, offset, 1, ENC_BIG_ENDIAN);
3185 proto_tree_add_item(ftree, hf_isakmp_flag_c, tvb, offset, 1, ENC_BIG_ENDIAN);
3187 proto_tree_add_item(ftree, hf_isakmp_flag_a, tvb, offset, 1, ENC_BIG_ENDIAN);
3189 } else if (isakmp_version == 2) {
3190 proto_tree_add_item(ftree, hf_isakmp_flag_i, tvb, offset, 1, ENC_BIG_ENDIAN);
3191 proto_tree_add_item(ftree, hf_isakmp_flag_v, tvb, offset, 1, ENC_BIG_ENDIAN);
3192 proto_tree_add_item(ftree, hf_isakmp_flag_r, tvb, offset, 1, ENC_BIG_ENDIAN);
3194 proto_item_append_text(fti, " (%s, %s, %s)",
3195 (flags & I_FLAG) ? flag_i.true_string : flag_i.false_string,
3196 (flags & V_FLAG) ? flag_v.true_string : flag_v.false_string,
3197 (flags & R_FLAG) ? flag_r.true_string : flag_r.false_string);
3202 hdr.message_id = tvb_get_ntohl(tvb, offset);
3203 proto_tree_add_item(isakmp_tree, hf_isakmp_messageid, tvb, offset, 4, ENC_BIG_ENDIAN);
3206 /* Add some summary to the Info column */
3207 if (isakmp_version == 2) {
3208 col_append_fstr(pinfo->cinfo, COL_INFO, " MID=%02u %s %s",
3210 (flags & I_FLAG) ? flag_i.true_string : flag_i.false_string,
3211 (flags & R_FLAG) ? flag_r.true_string : flag_r.false_string);
3214 if (hdr.length < ISAKMP_HDR_SIZE) {
3215 proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
3216 hdr.length, "(bogus, length is %u, should be at least %lu)",
3217 hdr.length, (unsigned long)ISAKMP_HDR_SIZE);
3218 return tvb_captured_length(tvb);
3221 len = hdr.length - ISAKMP_HDR_SIZE;
3224 proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
3225 hdr.length, "(bogus, length is %u, which is too large)",
3227 return tvb_captured_length(tvb);
3229 tvb_ensure_bytes_exist(tvb, offset, len);
3230 proto_tree_add_item(isakmp_tree, hf_isakmp_length, tvb, offset, 4, ENC_BIG_ENDIAN);
3233 if (isakmp_version == 1 && (hdr.flags & E_FLAG)) {
3234 /* Encrypted flag set (v1 only), so decrypt before dissecting payloads */
3236 ti = proto_tree_add_item(isakmp_tree, hf_isakmp_enc_data, tvb, offset, len, ENC_NA);
3237 proto_item_append_text(ti, " (%d byte%s)", len, plurality(len, "", "s"));
3239 #ifdef HAVE_LIBGCRYPT
3240 /* Collect initialization vectors during first pass. */
3241 if (!PINFO_FD_VISITED(pinfo))
3242 if (prepare_decrypt(decr))
3243 update_ivs(pinfo, tvb_get_ptr(tvb, offset, len), len, hdr.message_id, decr);
3244 decr_tvb = decrypt_payload(tvb, pinfo, tvb_get_ptr(tvb, offset, len), len, decr);
3246 decr_tree = proto_item_add_subtree(ti, ett_isakmp);
3247 dissect_payloads(decr_tvb, decr_tree, isakmp_version,
3248 hdr.next_payload, 0, tvb_reported_length(decr_tvb), pinfo, hdr.message_id, !(flags & R_FLAG), decr_data);
3250 #endif /* HAVE_LIBGCRYPT */
3253 dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload,
3254 offset, len, pinfo, hdr.message_id, !(flags & R_FLAG), decr_data);
3258 return tvb_captured_length(tvb);
3263 dissect_payload_header(tvbuff_t *tvb, packet_info *pinfo, int offset, int length,
3264 int isakmp_version, guint8 payload _U_, guint8 *next_payload_p,
3265 guint16 *payload_length_p, proto_tree *tree)
3267 guint8 next_payload;
3268 guint16 payload_length;
3273 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset, length,
3274 "Not enough room in payload for all transforms");
3275 *next_payload_p = 0;
3276 *payload_length_p = 0;
3279 next_payload = tvb_get_guint8(tvb, offset);
3280 payload_length = tvb_get_ntohs(tvb, offset + 2);
3282 ti = proto_tree_add_uint(tree, hf_isakmp_typepayload, tvb, offset, payload_length, payload);
3284 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
3286 proto_tree_add_item(ntree, hf_isakmp_nextpayload, tvb, offset, 1, ENC_BIG_ENDIAN);
3288 if (isakmp_version == 2) {
3289 proto_tree_add_item(ntree, hf_isakmp_criticalpayload, tvb, offset+1, 1, ENC_BIG_ENDIAN);
3291 proto_tree_add_item(ntree, hf_isakmp_payloadlen, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
3293 *next_payload_p = next_payload;
3294 *payload_length_p = payload_length;
3299 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo, gboolean is_request, void* decr_data)
3305 if (isakmp_version == 1) {
3306 doi = tvb_get_ntohl(tvb, offset);
3308 proto_tree_add_item(tree, hf_isakmp_sa_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
3316 proto_tree_add_bytes_format_value(tree, hf_isakmp_sa_situation, tvb, offset, length,
3318 "%s (length is %u, should be >= 4)",
3319 tvb_bytes_to_str(wmem_packet_scope(), tvb, offset, length), length);
3322 sti = proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, 4, ENC_NA);
3323 stree = proto_item_add_subtree(sti, ett_isakmp_sa);
3325 proto_tree_add_item(stree, hf_isakmp_sa_situation_identity_only, tvb, offset, 4, ENC_BIG_ENDIAN);
3326 proto_tree_add_item(stree, hf_isakmp_sa_situation_secrecy, tvb, offset, 4, ENC_BIG_ENDIAN);
3327 proto_tree_add_item(stree, hf_isakmp_sa_situation_integrity, tvb, offset, 4, ENC_BIG_ENDIAN);
3332 dissect_payloads(tvb, tree, isakmp_version, PLOAD_IKE_P, offset,
3333 length, pinfo, 0, is_request, decr_data);
3336 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, length, ENC_NA);
3338 } else if (isakmp_version == 2) {
3339 dissect_payloads(tvb, tree, isakmp_version, PLOAD_IKE_P, offset,
3340 length, pinfo, 0, is_request, decr_data);
3345 dissect_proposal(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, void* decr_data)
3349 guint8 num_transforms;
3350 guint8 next_payload;
3351 guint16 payload_length;
3353 guint8 proposal_num;
3355 proposal_num = tvb_get_guint8(tvb, offset);
3357 proto_item_append_text(tree, " # %d", proposal_num);
3359 proto_tree_add_item(tree, hf_isakmp_prop_number, tvb, offset, 1, ENC_BIG_ENDIAN);
3363 protocol_id = tvb_get_guint8(tvb, offset);
3365 if (isakmp_version == 1)
3367 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3368 }else if (isakmp_version == 2)
3370 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3375 spi_size = tvb_get_guint8(tvb, offset);
3376 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
3380 num_transforms = tvb_get_guint8(tvb, offset);
3381 proto_tree_add_item(tree, hf_isakmp_prop_transforms, tvb, offset, 1, ENC_BIG_ENDIAN);
3386 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, ENC_NA);
3392 while (num_transforms > 0) {
3393 ntree = dissect_payload_header(tvb, pinfo, offset, length, isakmp_version,
3394 PLOAD_IKE_T, &next_payload, &payload_length, tree);
3395 if (length < payload_length) {
3396 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset + 4, length,
3397 "Payload (bogus, length is %u, greater than remaining length %d", payload_length, length);
3399 } else if (payload_length < 4) {
3400 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset + 4, length,
3401 "Payload (bogus, length is %u, must be at least 4)", payload_length);
3404 dissect_transform(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, protocol_id, decr_data);
3406 offset += payload_length;
3407 length -= payload_length;
3413 /** Dissect an attribute header, which is common to all attributes.
3415 * @param [in] tvb The tv buffer of the current data.
3416 * @param [in] tree The tree to append the attribute subtree to.
3417 * @param [in] offset The start of the data in tvb.
3418 * @param [in] hf_attr A struct of indices pointing to attribute header field descriptions.
3419 * @param [in] attr_typenames The table for translation of the attribute type id to a name.
3420 * @param [out] headerlen The length of the attribute header, excluding the value.
3421 * @param [out] value_len The length of the attribute value.
3422 * @param [out] attr_type The attribute type, as read from the attribute header.
3423 * @param [out] attr_item The root item created for this attribute.
3424 * @param [out] subtree The subtree created for this attribute.
3427 dissect_attribute_header(tvbuff_t *tvb, proto_tree *tree, int offset,
3428 attribute_common_fields hf_attr, const range_string *attr_typenames,
3429 guint *headerlen, guint *value_len, guint *attr_type,
3430 proto_item **attr_item, proto_tree **subtree)
3432 guint attr_type_format;
3434 const gchar *attr_typename;
3436 attr_type_format = tvb_get_ntohs(tvb, offset);
3437 has_len = !(attr_type_format & 0x8000);
3438 *attr_type = attr_type_format & 0x7fff;
3441 /* Type/Length/Value format */
3443 *value_len = tvb_get_ntohs(tvb, offset + 2);
3445 /* Type/Value format */
3450 *attr_item = proto_tree_add_item(tree, hf_attr.all, tvb, offset, *headerlen + *value_len, ENC_NA);
3451 attr_typename = rval_to_str(*attr_type, attr_typenames, "Unknown Attribute Type (%02d)");
3452 proto_item_append_text(*attr_item, " (t=%d,l=%d): %s", *attr_type, *value_len, attr_typename);
3454 *subtree = proto_item_add_subtree(*attr_item, ett_isakmp_attr);
3455 proto_tree_add_item(*subtree, hf_attr.format, tvb, offset, 2, ENC_BIG_ENDIAN);
3456 proto_tree_add_uint(*subtree, hf_attr.type, tvb, offset, 2, *attr_type);
3459 proto_tree_add_item(*subtree, hf_attr.length, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
3462 proto_tree_add_item(*subtree, hf_attr.value, tvb, offset + *headerlen, *value_len, ENC_NA);
3465 /* Returns the number of bytes consumed by this option. */
3467 dissect_rohc_supported(tvbuff_t *tvb, packet_info *pinfo, proto_tree *rohc_tree, int offset)
3469 guint headerlen, optlen, rohc;
3470 proto_item *rohc_item;
3471 proto_tree *sub_rohc_tree;
3473 dissect_attribute_header(tvb, rohc_tree, offset,
3474 hf_isakmp_notify_data_rohc_attr, rohc_attr_type,
3475 &headerlen, &optlen, &rohc,
3476 &rohc_item, &sub_rohc_tree);
3478 offset += headerlen;
3482 expert_add_info(pinfo, rohc_item, &ei_isakmp_attribute_value_empty);
3488 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_max_cid, tvb, offset, optlen, ENC_BIG_ENDIAN);
3491 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_profile, tvb, offset, optlen, ENC_BIG_ENDIAN);
3494 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_integ, tvb, offset, optlen, ENC_BIG_ENDIAN);
3497 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_icv_len, tvb, offset, optlen, ENC_BIG_ENDIAN);
3500 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_mrru, tvb, offset, optlen, ENC_BIG_ENDIAN);
3504 /* No Default Action */
3508 return headerlen + optlen;
3511 /* Dissect life duration, which is variable-length. Note that this function
3512 * handles both/either the security association life duration as defined in
3513 * section 4.5 of RFC2407 (http://tools.ietf.org/html/rfc2407), as well as the
3514 * life duration according to the attribute classes table in Appendix A of
3515 * RFC2409: http://tools.ietf.org/html/rfc2409#page-33 */
3517 dissect_life_duration(tvbuff_t *tvb, proto_tree *tree, proto_item *ti, int hf_uint32, int hf_uint64, int hf_bytes, int offset, guint len)
3524 val = tvb_get_guint8(tvb, offset);
3526 proto_tree_add_uint_format_value(tree, hf_uint32, tvb, offset, len, val, "%u", val);
3527 proto_item_append_text(ti, " : %u", val);
3532 val = tvb_get_ntohs(tvb, offset);
3534 proto_tree_add_uint_format_value(tree, hf_uint32, tvb, offset, len, val, "%u", val);
3535 proto_item_append_text(ti, " : %u", val);
3540 val = tvb_get_ntoh24(tvb, offset);
3542 proto_tree_add_uint_format_value(tree, hf_uint32, tvb, offset, len, val, "%u", val);
3543 proto_item_append_text(ti, " : %u", val);
3548 val = tvb_get_ntohl(tvb, offset);
3550 proto_tree_add_uint_format_value(tree, hf_uint32, tvb, offset, len, val, "%u", val);
3551 proto_item_append_text(ti, " : %u", val);
3556 val = tvb_get_ntoh40(tvb, offset);
3558 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" G_GINT64_MODIFIER "u", val);
3559 proto_item_append_text(ti, " : %" G_GINT64_MODIFIER "u", val);
3564 val = tvb_get_ntoh48(tvb, offset);
3566 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" G_GINT64_MODIFIER "u", val);
3567 proto_item_append_text(ti, " : %" G_GINT64_MODIFIER "u", val);
3572 val = tvb_get_ntoh56(tvb, offset);
3574 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" G_GINT64_MODIFIER "u", val);
3575 proto_item_append_text(ti, " : %" G_GINT64_MODIFIER "u", val);
3580 val = tvb_get_ntoh64(tvb, offset);
3582 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" G_GINT64_MODIFIER "u", val);
3583 proto_item_append_text(ti, " : %" G_GINT64_MODIFIER "u", val);
3587 proto_tree_add_item(tree, hf_bytes, tvb, offset, len, ENC_NA);
3588 proto_item_append_text(ti, " : %" G_GINT64_MODIFIER "x ...", tvb_get_ntoh64(tvb, offset));
3593 /* Returns the number of bytes consumed by this option. */
3595 dissect_transform_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *transform_attr_type_tree, int offset)
3597 guint headerlen, optlen, transform_attr_type;
3598 proto_item *transform_attr_type_item;
3599 proto_tree *sub_transform_attr_type_tree;
3601 dissect_attribute_header(tvb, transform_attr_type_tree, offset,
3602 hf_isakmp_tf_attr, transform_isakmp_attr_type,
3603 &headerlen, &optlen, &transform_attr_type,
3604 &transform_attr_type_item, &sub_transform_attr_type_tree);
3606 offset += headerlen;
3610 expert_add_info(pinfo, transform_attr_type_item, &ei_isakmp_attribute_value_empty);
3614 switch(transform_attr_type) {
3615 case ISAKMP_ATTR_LIFE_TYPE:
3616 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_life_type, tvb, offset, optlen, ENC_BIG_ENDIAN);
3617 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_sa_life_type, "Unknown %d"));
3619 case ISAKMP_ATTR_LIFE_DURATION:
3620 dissect_life_duration(tvb, sub_transform_attr_type_tree, transform_attr_type_item, hf_isakmp_tf_attr_life_duration_uint32, hf_isakmp_tf_attr_life_duration_uint64, hf_isakmp_tf_attr_life_duration_bytes , offset, optlen);
3622 case ISAKMP_ATTR_GROUP_DESC:
3623 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_group_description, tvb, offset, optlen, ENC_BIG_ENDIAN);
3624 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_dh_group_type, "Unknown %d"));
3626 case ISAKMP_ATTR_ENCAP_MODE:
3627 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_encap_mode, tvb, offset, optlen, ENC_BIG_ENDIAN);
3628 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_encap_type, "Unknown %d"));
3630 case ISAKMP_ATTR_AUTH_ALGORITHM:
3631 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_auth_algorithm, tvb, offset, optlen, ENC_BIG_ENDIAN);
3632 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_auth_type, "Unknown %d"));
3634 case ISAKMP_ATTR_KEY_LENGTH:
3635 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_key_length, tvb, offset, optlen, ENC_BIG_ENDIAN);
3636 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3638 case ISAKMP_ATTR_KEY_ROUNDS:
3639 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_key_rounds, tvb, offset, optlen, ENC_BIG_ENDIAN);
3640 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3642 case ISAKMP_ATTR_CMPR_DICT_SIZE:
3643 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_cmpr_dict_size, tvb, offset, optlen, ENC_BIG_ENDIAN);
3645 case ISAKMP_ATTR_CMPR_ALGORITHM:
3646 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_cmpr_algorithm, tvb, offset, optlen, ENC_NA);
3648 case ISAKMP_ATTR_ECN_TUNNEL:
3649 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_ecn_tunnel, tvb, offset, optlen, ENC_BIG_ENDIAN);
3650 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_ecn_type, "Unknown %d"));
3652 case ISAKMP_ATTR_EXT_SEQ_NBR:
3653 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_ext_seq_nbr, tvb, offset, optlen, ENC_BIG_ENDIAN);
3654 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_ext_seq_nbr_type, "Unknown %d"));
3656 case ISAKMP_ATTR_AUTH_KEY_LENGTH:
3657 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_auth_key_length, tvb, offset, optlen, ENC_BIG_ENDIAN);
3658 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3660 case ISAKMP_ATTR_SIG_ENCO_ALGORITHM:
3661 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_sig_enco_algorithm, tvb, offset, optlen, ENC_NA);
3664 case ISAKMP_ATTR_ADDR_PRESERVATION:
3665 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_addr_preservation, tvb, offset, optlen, ENC_BIG_ENDIAN);
3666 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_addr_preservation_type, "Unknown %d"));
3669 case ISAKMP_ATTR_SA_DIRECTION:
3670 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_sa_direction, tvb, offset, optlen, ENC_BIG_ENDIAN);
3671 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_sa_direction_type, "Unknown %d"));
3673 /* No Default Action */
3677 return headerlen + optlen;
3680 /* Returns the number of bytes consumed by this option. */
3682 dissect_transform_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *transform_attr_type_tree, int offset
3683 #ifdef HAVE_LIBGCRYPT
3684 , decrypt_data_t *decr
3688 guint headerlen, optlen, transform_attr_type;
3689 proto_item *transform_attr_type_item;
3690 proto_tree *sub_transform_attr_type_tree;
3692 dissect_attribute_header(tvb, transform_attr_type_tree, offset,
3693 hf_isakmp_ike_attr, transform_ike_attr_type,
3694 &headerlen, &optlen, &transform_attr_type,
3695 &transform_attr_type_item, &sub_transform_attr_type_tree);
3697 offset += headerlen;
3701 expert_add_info(pinfo, transform_attr_type_item, &ei_isakmp_attribute_value_empty);
3705 switch(transform_attr_type) {
3706 case IKE_ATTR_ENCRYPTION_ALGORITHM:
3707 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, optlen, ENC_BIG_ENDIAN);
3708 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_enc_type, "Unknown %d"));
3709 #ifdef HAVE_LIBGCRYPT
3710 decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
3713 case IKE_ATTR_HASH_ALGORITHM:
3714 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, optlen, ENC_BIG_ENDIAN);
3715 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_hash_type, "Unknown %d"));
3716 #ifdef HAVE_LIBGCRYPT
3717 decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
3720 case IKE_ATTR_AUTHENTICATION_METHOD:
3721 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, optlen, ENC_BIG_ENDIAN);
3722 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_authmeth_type, "Unknown %d"));
3723 #ifdef HAVE_LIBGCRYPT
3724 decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
3727 case IKE_ATTR_GROUP_DESCRIPTION:
3728 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_description, tvb, offset, optlen, ENC_BIG_ENDIAN);
3729 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_dh_group_type, "Unknown %d"));
3730 #ifdef HAVE_LIBGCRYPT
3731 decr->group = tvb_get_ntohs(tvb, offset);
3734 case IKE_ATTR_GROUP_TYPE:
3735 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_type, tvb, offset, optlen, ENC_BIG_ENDIAN);
3736 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_grp_type, "Unknown %d"));
3738 case IKE_ATTR_GROUP_PRIME:
3739 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_prime, tvb, offset, optlen, ENC_NA);
3741 case IKE_ATTR_GROUP_GENERATOR_ONE:
3742 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_generator_one, tvb, offset, optlen, ENC_NA);
3744 case IKE_ATTR_GROUP_GENERATOR_TWO:
3745 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_generator_two, tvb, offset, optlen, ENC_NA);
3747 case IKE_ATTR_GROUP_CURVE_A:
3748 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_curve_a, tvb, offset, optlen, ENC_NA);
3750 case IKE_ATTR_GROUP_CURVE_B:
3751 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_curve_b, tvb, offset, optlen, ENC_NA);
3753 case IKE_ATTR_LIFE_TYPE:
3754 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_life_type, tvb, offset, optlen, ENC_BIG_ENDIAN);
3755 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_sa_life_type, "Unknown %d"));
3757 case IKE_ATTR_LIFE_DURATION:
3758 dissect_life_duration(tvb, sub_transform_attr_type_tree, transform_attr_type_item, hf_isakmp_ike_attr_life_duration_uint32, hf_isakmp_ike_attr_life_duration_uint64, hf_isakmp_ike_attr_life_duration_bytes, offset, optlen);
3761 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_prf, tvb, offset, optlen, ENC_NA);
3763 case IKE_ATTR_KEY_LENGTH:
3764 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_key_length, tvb, offset, optlen, ENC_BIG_ENDIAN);
3765 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3766 #ifdef HAVE_LIBGCRYPT
3767 decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
3770 case IKE_ATTR_FIELD_SIZE:
3771 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_field_size, tvb, offset, optlen, ENC_NA);
3773 case IKE_ATTR_GROUP_ORDER:
3774 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_order, tvb, offset, optlen, ENC_NA);
3777 /* No Default Action */
3781 return headerlen + optlen;
3784 /* Returns the number of bytes consumed by this option. */
3786 dissect_transform_ike2_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *transform_attr_type_tree, int offset)
3788 guint headerlen, optlen, transform_attr_type;
3789 proto_item *transform_attr_type_item;
3790 proto_tree *sub_transform_attr_type_tree;
3792 dissect_attribute_header(tvb, transform_attr_type_tree, offset,
3793 hf_isakmp_ike2_attr, transform_ike2_attr_type,
3794 &headerlen, &optlen, &transform_attr_type,
3795 &transform_attr_type_item, &sub_transform_attr_type_tree);
3797 offset += headerlen;
3801 expert_add_info(pinfo, transform_attr_type_item, &ei_isakmp_attribute_value_empty);
3805 switch(transform_attr_type) {
3806 case IKE2_ATTR_KEY_LENGTH:
3807 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike2_attr_key_length, tvb, offset, optlen, ENC_BIG_ENDIAN);
3808 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3811 /* No Default Action */
3815 return headerlen + optlen;
3819 dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data
3820 #ifndef HAVE_LIBGCRYPT
3825 if (isakmp_version == 1)
3827 guint8 transform_id;
3828 guint8 transform_num;
3829 #ifdef HAVE_LIBGCRYPT
3830 decrypt_data_t *decr = (decrypt_data_t *)decr_data;
3831 #endif /* HAVE_LIBGCRYPT */
3833 offset_end = offset + length;
3835 transform_num = tvb_get_guint8(tvb, offset);
3836 proto_item_append_text(tree," # %d",transform_num);
3838 proto_tree_add_item(tree, hf_isakmp_trans_number, tvb, offset, 1, ENC_BIG_ENDIAN);
3841 transform_id = tvb_get_guint8(tvb, offset);
3842 switch (protocol_id) {
3843 case 1: /* ISAKMP */
3844 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
3845 transform_id, "%s (%u)",
3846 val_to_str_const(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
3849 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
3850 transform_id, "%s (%u)",
3851 val_to_str_const(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
3854 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
3855 transform_id, "%s (%u)",
3856 val_to_str_const(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
3858 case 4: /* IPCOMP */
3859 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
3860 transform_id, "%s (%u)",
3861 val_to_str_const(transform_id, transform_id_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
3864 proto_tree_add_item(tree, hf_isakmp_trans_id, tvb, offset, 1, ENC_BIG_ENDIAN);
3869 if (protocol_id == 1 && transform_id == 1) {
3870 #ifdef HAVE_LIBGCRYPT
3871 /* Allow detection of missing IKE transform attributes:
3872 * Make sure their values are not carried over from another transform
3873 * dissected previously. */
3874 decr->ike_encr_alg = 0;
3875 decr->ike_encr_keylen = 0;
3876 decr->ike_hash_alg = 0;
3878 while (offset < offset_end) {
3879 offset += dissect_transform_ike_attribute(tvb, pinfo, tree, offset
3880 #ifdef HAVE_LIBGCRYPT
3887 while (offset < offset_end) {
3888 offset += dissect_transform_attribute(tvb, pinfo, tree, offset);
3892 else if(isakmp_version == 2)
3894 guint8 transform_type;
3896 offset_end = offset + length;
3898 transform_type = tvb_get_guint8(tvb, offset);
3899 proto_tree_add_item(tree, hf_isakmp_trans_type, tvb, offset, 1, ENC_BIG_ENDIAN);
3902 offset += 1; /* Reserved */
3904 switch(transform_type){
3906 proto_tree_add_item(tree, hf_isakmp_trans_encr, tvb, offset, 2, ENC_BIG_ENDIAN);
3909 proto_tree_add_item(tree, hf_isakmp_trans_prf, tvb, offset, 2, ENC_BIG_ENDIAN);
3912 proto_tree_add_item(tree, hf_isakmp_trans_integ, tvb, offset, 2, ENC_BIG_ENDIAN);
3915 proto_tree_add_item(tree, hf_isakmp_trans_dh, tvb, offset, 2, ENC_BIG_ENDIAN);
3918 proto_tree_add_item(tree, hf_isakmp_trans_esn, tvb, offset, 2, ENC_BIG_ENDIAN);
3921 proto_tree_add_item(tree, hf_isakmp_trans_id_v2, tvb, offset, 2, ENC_BIG_ENDIAN);
3926 while (offset < offset_end) {
3927 offset += dissect_transform_ike2_attribute(tvb, pinfo, tree, offset);
3933 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version,
3934 #ifdef HAVE_LIBGCRYPT
3938 packet_info* pinfo _U_,
3943 if (isakmp_version == 2) {
3944 proto_tree_add_item(tree, hf_isakmp_key_exch_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN);
3949 proto_tree_add_item(tree, hf_isakmp_key_exch_data, tvb, offset, length, ENC_NA);
3951 #ifdef HAVE_LIBGCRYPT
3952 if (isakmp_version == 1 && decr_data) {
3953 decrypt_data_t *decr = (decrypt_data_t *)decr_data;
3955 if (decr->gi_len == 0 && addresses_equal(&decr->initiator, &pinfo->src)) {
3956 decr->gi = (gchar *)g_malloc(length);
3957 tvb_memcpy(tvb, decr->gi, offset, length);
3958 decr->gi_len = length;
3959 } else if (decr->gr_len == 0 && !addresses_equal(&decr->initiator, &pinfo->src)) {
3960 decr->gr = (gchar *)g_malloc(length);
3961 tvb_memcpy(tvb, decr->gr, offset, length);
3962 decr->gr_len = length;
3965 #endif /* HAVE_LIBGCRYPT */
3969 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
3977 asn1_ctx_t asn1_ctx;
3978 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3980 id_type = tvb_get_guint8(tvb, offset);
3981 if (isakmp_version == 1)
3983 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3984 }else if (isakmp_version == 2)
3986 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3991 protocol_id= tvb_get_guint8(tvb, offset);
3992 if (protocol_id == 0)
3993 proto_tree_add_uint_format_value(tree, hf_isakmp_id_protoid, tvb, offset,1,
3994 protocol_id, "Unused");
3996 proto_tree_add_item(tree, hf_isakmp_id_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
4001 port = tvb_get_ntohs(tvb, offset);
4003 proto_tree_add_uint_format_value(tree, hf_isakmp_id_port, tvb, offset, 2,
4006 proto_tree_add_item(tree, hf_isakmp_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
4013 * It shows strings of all types though some of types are not
4014 * supported in IKEv2 specification actually.
4016 idit = proto_tree_add_item(tree, hf_isakmp_id_data, tvb, offset, length, ENC_NA);
4017 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
4019 case IKE_ID_IPV4_ADDR:
4020 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
4021 proto_item_append_text(idit, "%s", tvb_ip_to_str(tvb, offset));
4024 proto_tree_add_item_ret_string(idtree, hf_isakmp_id_data_fqdn, tvb, offset, length, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4025 proto_item_append_text(idit, "%s", str);
4027 case IKE_ID_USER_FQDN:
4028 proto_tree_add_item_ret_string(idtree, hf_isakmp_id_data_user_fqdn, tvb, offset, length, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4029 proto_item_append_text(idit, "%s", str);
4031 case IKE_ID_IPV4_ADDR_SUBNET:
4032 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
4033 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_subnet, tvb, offset+4, 4, ENC_BIG_ENDIAN);
4034 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(tvb, offset), tvb_ip_to_str(tvb, offset+4));
4036 case IKE_ID_IPV4_ADDR_RANGE:
4037 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_start, tvb, offset, 4, ENC_BIG_ENDIAN);
4038 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_end, tvb, offset+4, 4, ENC_BIG_ENDIAN);
4039 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(tvb, offset), tvb_ip_to_str(tvb, offset+4));
4041 case IKE_ID_IPV6_ADDR:
4042 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, ENC_NA);
4043 proto_item_append_text(idit, "%s", tvb_ip6_to_str(tvb, offset));
4045 case IKE_ID_IPV6_ADDR_SUBNET:
4046 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, ENC_NA);
4047 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_subnet, tvb, offset+16, 16, ENC_NA);
4048 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(tvb, offset), tvb_ip6_to_str(tvb, offset+16));
4050 case IKE_ID_IPV6_ADDR_RANGE:
4051 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_start, tvb, offset, 16, ENC_NA);
4052 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_end, tvb, offset+16, 16, ENC_NA);
4053 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(tvb, offset), tvb_ip6_to_str(tvb, offset+16));
4056 proto_tree_add_item(idtree, hf_isakmp_id_data_key_id, tvb, offset, length, ENC_NA);
4058 case IKE_ID_DER_ASN1_DN:
4059 dissect_x509if_Name(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_id_data_cert);
4062 proto_item_append_text(idit, "%s", tvb_bytes_to_str(wmem_packet_scope(), tvb,offset,length));
4068 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4071 asn1_ctx_t asn1_ctx;
4072 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
4073 cert_type = tvb_get_guint8(tvb, offset);
4075 if (isakmp_version == 1)
4077 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4078 }else if (isakmp_version == 2)
4080 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4086 if (isakmp_version == 1)
4088 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
4089 }else if (isakmp_version == 2)
4095 proto_tree_add_item(tree, hf_isakmp_cert_x509_hash, tvb, offset, 20, ENC_NA);
4099 ti_url = proto_tree_add_item(tree, hf_isakmp_cert_x509_url, tvb, offset, length, ENC_ASCII|ENC_NA);
4100 PROTO_ITEM_SET_URL(ti_url);
4104 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
4112 dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4115 asn1_ctx_t asn1_ctx;
4116 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
4117 cert_type = tvb_get_guint8(tvb, offset);
4119 if (isakmp_version == 1)
4121 proto_tree_add_item(tree, hf_isakmp_certreq_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4122 }else if (isakmp_version == 2)
4124 proto_tree_add_item(tree, hf_isakmp_certreq_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4130 if (isakmp_version == 1)
4137 dissect_x509if_Name(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_certreq_authority_sig);
4140 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v1, tvb, offset, length, ENC_NA);
4143 }else if (isakmp_version == 2)
4145 /* this is a list of 20 byte SHA-1 hashes */
4146 while (length > 0) {
4147 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v2, tvb, offset, 20, ENC_NA);
4157 dissect_auth(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
4160 proto_tree_add_item(tree, hf_isakmp_auth_meth, tvb, offset, 1, ENC_BIG_ENDIAN);
4165 proto_tree_add_item(tree, hf_isakmp_auth_data, tvb, offset, length, ENC_NA);
4170 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4172 proto_tree_add_item(ntree, hf_isakmp_hash, tvb, offset, length, ENC_NA);
4176 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4178 proto_tree_add_item(ntree, hf_isakmp_sig, tvb, offset, length, ENC_NA);
4182 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4184 proto_tree_add_item(ntree, hf_isakmp_nonce, tvb, offset, length, ENC_NA);
4188 dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
4190 guint8 seq; /* Packet sequence number, starting from 1 */
4193 ptree = proto_tree_get_parent(tree);
4197 proto_tree_add_item(tree, hf_isakmp_cisco_frag_packetid, tvb, offset, 2, ENC_BIG_ENDIAN);
4199 seq = tvb_get_guint8(tvb, offset);
4200 proto_tree_add_item(tree, hf_isakmp_cisco_frag_seq, tvb, offset, 1, ENC_BIG_ENDIAN);
4202 last = tvb_get_guint8(tvb, offset);
4203 proto_tree_add_item(tree, hf_isakmp_cisco_frag_last, tvb, offset, 1, ENC_BIG_ENDIAN);
4207 /* Start Reassembly stuff for Cisco IKE fragmentation */
4209 gboolean save_fragmented;
4210 tvbuff_t *defrag_isakmp_tvb;
4211 fragment_head *frag_msg;
4213 save_fragmented = pinfo->fragmented;
4214 pinfo->fragmented = TRUE;
4215 frag_msg = fragment_add_seq_check(&isakmp_cisco_reassembly_table, tvb, offset,
4217 12345, /*FIXME: Fragmented packet id, guint16, somehow get CKY here */
4219 seq-1, /* fragment sequence number, starting from 0 */
4220 tvb_reported_length_remaining(tvb, offset), /* fragment length - to the end */
4221 !last); /* More fragments? */
4222 defrag_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
4223 "Reassembled ISAKMP", frag_msg,
4224 &isakmp_frag_items, /* groups and items, using same as Cisco */
4227 if (last && defrag_isakmp_tvb) { /* take it all */
4228 dissect_isakmp(defrag_isakmp_tvb, pinfo, ptree, NULL);
4230 col_append_fstr(pinfo->cinfo, COL_INFO,
4231 " (%sMessage fragment %u%s)",
4232 (last && frag_msg ? "Reassembled + " : ""),
4233 seq, (last ? " - last" : ""));
4234 pinfo->fragmented = save_fragmented;
4236 /* End Reassembly stuff for Cisco IKE fragmentation */
4240 /* This is RFC7383 reassembly. */
4242 dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree,
4243 #ifdef HAVE_LIBGCRYPT
4244 packet_info *pinfo, guint message_id, guint8 next_payload, gboolean is_request, void* decr_info)
4246 packet_info *pinfo, guint message_id, guint8 next_payload, gboolean is_request _U_, void* decr_info _U_)
4249 guint16 fragment_number, total_fragments;
4250 #ifdef HAVE_LIBGCRYPT
4251 gboolean message_next_payload_set = FALSE;
4252 guint8 message_next_payload = 0;
4253 gint iv_len, icd_len;
4256 ikev2_decrypt_data_t *key_info;
4259 /* Fragment Number */
4260 fragment_number = tvb_get_ntohs(tvb, offset);
4261 total_fragments = tvb_get_ntohs(tvb, offset+2);
4262 proto_tree_add_item(tree, hf_isakmp_ike2_fragment_number, tvb, offset, 2, ENC_BIG_ENDIAN);
4264 if (fragment_number == 0) {
4265 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4266 "Fragment number must not be zero");
4268 else if (fragment_number > total_fragments) {
4269 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4270 "Fragment number (%u) must not be greater than total fragments (%u)",
4271 fragment_number, total_fragments);
4274 /* During the first pass, store in the conversation the next_payload */
4275 if (!pinfo->fd->flags.visited && (fragment_number == 1)) {
4276 /* Create/update conversation with message_id -> next_payload */
4277 conversation_t* p_conv = find_or_create_conversation(pinfo);
4278 ikev2_fragmentation_state_t *p_state = wmem_new0(wmem_file_scope(), ikev2_fragmentation_state_t);
4279 p_state->message_id = message_id;
4280 p_state->next_payload = next_payload;
4282 /* Store the state with the conversation */
4283 conversation_add_proto_data(p_conv, proto_isakmp, (void*)p_state);
4286 /* Total fragments */
4287 proto_tree_add_item(tree, hf_isakmp_ike2_total_fragments, tvb, offset, 2, ENC_BIG_ENDIAN);
4288 if (total_fragments == 0) {
4289 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4290 "Total fragments must not be zero");
4293 /* Show fragment summary in Info column */
4294 col_append_fstr(pinfo->cinfo, COL_INFO, " (fragment %u/%u)", fragment_number, total_fragments);
4296 #ifdef HAVE_LIBGCRYPT
4299 /* If this is the last fragment, need to know what the payload type for the reassembled message is,
4300 which was included in the first fragment */
4301 if (fragment_number == total_fragments) {
4302 if (!pinfo->fd->flags.visited) {
4303 /* On first pass, get it from the conversation info */
4304 conversation_t *p_conv = find_conversation(pinfo->num, &pinfo->src, &pinfo->dst,
4305 pinfo->ptype, pinfo->srcport,
4306 pinfo->destport, 0);
4307 if (p_conv != NULL) {
4308 ikev2_fragmentation_state_t *p_state = (ikev2_fragmentation_state_t*)conversation_get_proto_data(p_conv, proto_isakmp);
4309 if (p_state != NULL) {
4310 if (p_state->message_id == message_id) {
4311 message_next_payload = p_state->next_payload;
4312 message_next_payload_set = TRUE;
4314 /* Store in table for this frame for future passes */
4315 g_hash_table_insert(defrag_next_payload_hash, GUINT_TO_POINTER(pinfo->num), GUINT_TO_POINTER((guint)message_next_payload));
4321 /* On later passes, look up in hash table by frame number */
4322 message_next_payload = (guint8)GPOINTER_TO_UINT(g_hash_table_lookup(defrag_next_payload_hash, GUINT_TO_POINTER(pinfo->num)));
4323 if (message_next_payload != 0) {
4324 message_next_payload_set = TRUE;
4329 /* Can only know lengths of following fields if we have the key information */
4331 key_info = (ikev2_decrypt_data_t*)(decr_info);
4332 iv_len = key_info->encr_spec->iv_len;
4333 icd_len = key_info->auth_spec->trunc_len;
4336 /* Can't show any more info. */
4340 /* Initialization Vector */
4342 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, ENC_NA);
4345 icd_offset = offset + tvb_reported_length_remaining(tvb, offset) - icd_len;
4347 /* Encryption data */
4348 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, icd_offset-offset, ENC_NA);
4350 /* Can only check how much padding there is after decrypting... */
4352 /* Start Reassembly stuff for IKE2 fragmentation */
4354 gboolean save_fragmented;
4355 tvbuff_t *defrag_decrypted_isakmp_tvb;
4356 tvbuff_t *isakmp_decrypted_fragment_tvb;
4357 fragment_head *frag_msg;
4358 guint8 padding_length;
4359 guint16 fragment_length;
4361 /* Decrypt but don't dissect this encrypted payload. */
4362 isakmp_decrypted_fragment_tvb = dissect_enc(tvb, iv_offset, tvb_reported_length_remaining(tvb, iv_offset), tree, pinfo,
4363 0, /* Payload type won't be used in this call, and may not know yet */
4366 FALSE /* Don't dissect decrypted tvb as not a completed payload */
4369 /* Save pinfo->fragmented, will later restore it */
4370 save_fragmented = pinfo->fragmented;
4371 pinfo->fragmented = TRUE;
4373 /* Remove padding length + any padding bytes from reassembled payload */
4374 padding_length = tvb_get_guint8(isakmp_decrypted_fragment_tvb, tvb_reported_length(isakmp_decrypted_fragment_tvb)-1);
4375 fragment_length = tvb_reported_length(isakmp_decrypted_fragment_tvb) - 1 - padding_length;
4377 /* Adding decrypted tvb into reassembly table here */
4378 frag_msg = fragment_add_seq_check(&isakmp_ike2_reassembly_table,
4379 isakmp_decrypted_fragment_tvb,
4382 message_id, /* message_id from top-level header */
4384 fragment_number-1, /* fragment sequence number, starting from 0 */
4385 fragment_length, /* fragment - (padding_length + padding) */
4386 fragment_number < total_fragments); /* More fragments? */
4388 defrag_decrypted_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
4389 "Reassembled IKE2 ISAKMP",
4391 &isakmp_frag_items, /* Tree IDs & items - using same ones as Cisco. */
4394 if (defrag_decrypted_isakmp_tvb && key_info && message_next_payload_set) {
4395 /* Completely reassembled - already decrypted - dissect reassembled payload if know next payload type */
4396 col_append_fstr(pinfo->cinfo, COL_INFO, " (reassembled)");
4397 dissect_payloads(defrag_decrypted_isakmp_tvb, tree,
4398 2, /* Could store with next_payload, but wouldn't be here otherwise.. */
4399 message_next_payload,
4400 0, tvb_reported_length(defrag_decrypted_isakmp_tvb),
4401 pinfo, message_id, is_request, decr_info);
4403 /* Restore this flag */
4404 pinfo->fragmented = save_fragmented;
4406 /* End Reassembly stuff for IKE2 fragmentation */
4412 dissect_notif(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version)
4417 offset_end = offset + length;
4419 if (isakmp_version == 1) {
4420 proto_tree_add_item(tree, hf_isakmp_notify_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
4425 if (isakmp_version == 1)
4427 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4428 }else if (isakmp_version == 2)
4430 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4435 spi_size = tvb_get_guint8(tvb, offset);
4436 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
4440 msgtype = tvb_get_ntohs(tvb, offset);
4442 if (isakmp_version == 1)
4444 proto_tree_add_item(tree, hf_isakmp_notify_msgtype_v1, tvb, offset, 2, ENC_BIG_ENDIAN);
4445 }else if (isakmp_version == 2)
4447 proto_tree_add_item(tree, hf_isakmp_notify_msgtype_v2, tvb, offset, 2, ENC_BIG_ENDIAN);
4448 proto_item_append_text(tree, " - %s",
4449 rval_to_str_const(tvb_get_ntohs(tvb, offset),
4457 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, ENC_NA);
4462 /* Notification Data */
4464 proto_tree_add_item(tree, hf_isakmp_notify_data, tvb, offset, length, ENC_NA);
4466 if (isakmp_version == 1)
4469 case 36136: /* DPD ARE YOU THERE */
4470 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there, tvb, offset, length, ENC_BIG_ENDIAN);
4472 case 36137: /* DPD ARE YOU THERE ACK */
4473 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there_ack, tvb, offset, length, ENC_BIG_ENDIAN);
4475 case 40501: /* UNITY Load Balance */
4476 proto_tree_add_item(tree, hf_isakmp_notify_data_unity_load_balance, tvb, offset, length, ENC_BIG_ENDIAN);
4479 /* No Default Action */
4483 } else if (isakmp_version == 2)
4486 case 16387: /* IPCOMP_SUPPORTED */
4487 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_cpi, tvb, offset, 2, ENC_BIG_ENDIAN);
4488 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_transform_id, tvb, offset+2, 1, ENC_BIG_ENDIAN);
4490 case 16407: /* REDIRECT */
4491 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4492 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, ENC_BIG_ENDIAN);
4493 switch(tvb_get_guint8(tvb, offset)){ /* Ident Type ? */
4495 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4, tvb, offset+2, 4, ENC_BIG_ENDIAN);
4498 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6, tvb, offset+2, 16, ENC_NA);
4501 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn, tvb, offset+2, tvb_get_guint8(tvb,offset+1), ENC_ASCII|ENC_NA);
4504 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident, tvb, offset+2, tvb_get_guint8(tvb,offset+1), ENC_NA);
4507 length -= tvb_get_guint8(tvb, offset+1) + 2;
4508 offset += tvb_get_guint8(tvb, offset+1) + 2;
4511 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_nonce_data, tvb, offset, length, ENC_NA);
4514 case 16408: /* REDIRECT_FROM */
4515 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4516 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, ENC_BIG_ENDIAN);
4517 switch(tvb_get_guint8(tvb, offset)){ /* Ident Type ? */
4519 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4, tvb, offset+2, 4, ENC_BIG_ENDIAN);
4522 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6, tvb, offset+2, 16, ENC_NA);
4525 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident, tvb, offset+2, tvb_get_guint8(tvb,offset+1), ENC_NA);
4529 case 16409: /* TICKET_LT_OPAQUE */
4530 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN);
4533 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, ENC_NA);
4535 case 16413: /* TICKET_OPAQUE */
4536 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, ENC_NA);
4538 case 16416: /* ROHC_SUPPORTED */
4539 while (offset < offset_end) {
4540 offset += dissect_rohc_supported(tvb, pinfo, tree, offset);
4543 case 16419: /* QUICK_CRASH_DETECTION */
4544 proto_tree_add_item(tree, hf_isakmp_notify_data_qcd_token_secret_data, tvb, offset, length, ENC_NA);
4546 case 16422: /* IKEV2_MESSAGE_ID_SYNC */
4547 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_nonce_data, tvb, offset, 4, ENC_BIG_ENDIAN);
4549 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_expected_send_req_msg_id, tvb, offset, 4, ENC_BIG_ENDIAN);
4551 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_expected_recv_req_msg_id, tvb, offset, 4, ENC_BIG_ENDIAN);
4553 case 16423: /* IPSEC_REPLAY_COUNTER_SYNC */
4554 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value, tvb, offset, length, ENC_NA);
4556 case 16424: /* SECURE_PASSWORD_METHODS */
4557 proto_tree_add_item(tree, hf_isakmp_notify_data_secure_password_methods, tvb, offset, length, ENC_NA);
4560 /* No Default Action */
4567 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
4571 if (isakmp_version == 1) {
4572 proto_tree_add_item(tree, hf_isakmp_delete_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
4578 if (isakmp_version == 1)
4580 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4581 }else if (isakmp_version == 2)
4583 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4589 spi_size = tvb_get_guint8(tvb, offset);
4590 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
4594 proto_tree_add_item(tree, hf_isakmp_num_spis, tvb, offset, 2, ENC_BIG_ENDIAN);
4599 while (length > 0) {
4600 proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, ENC_NA);
4609 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
4611 const guint8 * pVID;
4612 const char * vendorstring;
4614 pVID = tvb_get_ptr(tvb, offset, length);
4616 vendorstring = byte_to_str(pVID, (gint)length, vendor_id, "Unknown Vendor ID");
4617 proto_tree_add_item(tree, hf_isakmp_vid_bytes, tvb, offset, length, ENC_NA);
4618 proto_tree_add_string(tree, hf_isakmp_vid_string, tvb, offset, length, vendorstring);
4619 proto_item_append_text(tree," : %s", vendorstring);
4621 /* very old CryptPro/GOST (Check Point R65) VID */
4622 if (length >= 24 && memcmp(pVID, VID_CP_01_R65, 20) == 0)
4625 proto_tree_add_item(tree, hf_isakmp_vid_cp_product, tvb, offset, 4, ENC_BIG_ENDIAN);
4627 proto_tree_add_item(tree, hf_isakmp_vid_cp_version, tvb, offset, 4, ENC_BIG_ENDIAN);
4629 proto_tree_add_item(tree, hf_isakmp_vid_cp_timestamp, tvb, offset, 4, ENC_BIG_ENDIAN);
4631 proto_tree_add_item(tree, hf_isakmp_vid_cp_reserved, tvb, offset, 4, ENC_BIG_ENDIAN);
4633 proto_tree_add_item(tree, hf_isakmp_vid_cp_features, tvb, offset, 4, ENC_BIG_ENDIAN);
4637 /* Cisco Unity VID */
4638 if (length >= 14 && memcmp(pVID, VID_CISCO_UNITY, 14) == 0)
4641 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_major, tvb, offset, 1, ENC_BIG_ENDIAN);
4642 proto_item_append_text(tree, " %u", tvb_get_guint8(tvb,offset));
4644 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_minor, tvb, offset, 1, ENC_BIG_ENDIAN);
4645 proto_item_append_text(tree, ".%u", tvb_get_guint8(tvb,offset));
4649 /* VID_MS_NT5_ISAKMPOAKLEY */
4650 if (length >= 16 && memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, 16) == 0)
4653 proto_tree_add_item(tree, hf_isakmp_vid_ms_nt5_isakmpoakley, tvb, offset, 4, ENC_BIG_ENDIAN);
4657 /* VID_ARUBA_VIA_AUTH_PROFILE */
4658 if (length >= 19 && memcmp(pVID, VID_ARUBA_VIA_AUTH_PROFILE, 19) == 0)
4661 proto_tree_add_item(tree, hf_isakmp_vid_aruba_via_auth_profile, tvb, offset, length-19, ENC_ASCII|ENC_NA);
4667 /* Returns the number of bytes consumed by this option. */
4669 dissect_config_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *cfg_attr_type_tree, int offset, int isakmp_version, gboolean is_request)
4671 const range_string *vs_cfgattr;
4672 guint headerlen, optlen, cfg_attr_type;
4673 proto_item *cfg_attr_type_item;
4674 proto_tree *sub_cfg_attr_type_tree;
4678 if (isakmp_version == 1) {
4679 vs_cfgattr = vs_v1_cfgattr;
4680 hf_isakmp_cfg_attr.type = hf_isakmp_cfg_attr_type_v1;
4681 } else if (isakmp_version == 2) {
4682 vs_cfgattr = vs_v2_cfgattr;
4683 hf_isakmp_cfg_attr.type = hf_isakmp_cfg_attr_type_v2;
4685 /* Fail gracefully in case of an unsupported isakmp_version. */
4689 dissect_attribute_header(tvb, cfg_attr_type_tree, offset,
4690 hf_isakmp_cfg_attr, vs_cfgattr,
4691 &headerlen, &optlen, &cfg_attr_type,
4692 &cfg_attr_type_item, &sub_cfg_attr_type_tree);
4694 offset += headerlen;
4698 /* Don't complain about zero length if part of a config request - values will be assigned and included in the response message */
4700 expert_add_info(pinfo, cfg_attr_type_item, &ei_isakmp_attribute_value_empty);
4705 switch (cfg_attr_type) {
4706 case INTERNAL_IP4_ADDRESS: /* 1 */
4709 for (i = 0; i < optlen/4; i++)
4711 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_address, tvb, offset, 4, ENC_BIG_ENDIAN);
4716 case INTERNAL_IP4_NETMASK: /* 2 */
4717 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_netmask, tvb, offset, 4, ENC_BIG_ENDIAN);
4719 case INTERNAL_IP4_DNS: /* 3 */
4722 for (i = 0; i < optlen/4; i++)
4724 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_dns, tvb, offset, 4, ENC_BIG_ENDIAN);
4729 case INTERNAL_IP4_NBNS: /* 4 */
4732 for (i = 0; i < optlen/4; i++)
4734 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_nbns, tvb, offset, 4, ENC_BIG_ENDIAN);
4739 case INTERNAL_ADDRESS_EXPIRY: /* 5 */
4740 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_address_expiry, tvb, offset, 4, ENC_BIG_ENDIAN);
4742 case INTERNAL_IP4_DHCP: /* 6 */
4745 for (i = 0; i < optlen/4; i++)
4747 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_dhcp, tvb, offset, 4, ENC_BIG_ENDIAN);
4752 case APPLICATION_VERSION: /* 7 */
4753 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_application_version, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4754 proto_item_append_text(cfg_attr_type_item," : %s", str);
4756 case INTERNAL_IP6_ADDRESS: /* 8 */
4759 for (i = 0; i < optlen/17; i++)
4761 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_address_ip, tvb, offset, 16, ENC_NA);
4763 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_address_prefix, tvb, offset, 1, ENC_BIG_ENDIAN);
4768 case INTERNAL_IP6_NETMASK: /* 9 Only in IKEv1 */
4769 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_netmask, tvb, offset, 18, ENC_NA);
4771 case INTERNAL_IP6_DNS: /* 10 */
4774 for (i = 0; i < optlen/16; i++)
4776 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_dns, tvb, offset, 16, ENC_NA);
4781 case INTERNAL_IP6_NBNS: /* 11 */
4784 for (i = 0; i < optlen/16; i++)
4786 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_nbns, tvb, offset, 16, ENC_NA);
4791 case INTERNAL_IP6_DHCP: /* 12 */
4794 for (i = 0; i < optlen/16; i++)
4796 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_dhcp, tvb, offset, 16, ENC_NA);
4801 case INTERNAL_IP4_SUBNET: /* 13 */
4804 for (i = 0; i < optlen/8; i++)
4806 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
4807 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_netmask, tvb, offset, 4, ENC_BIG_ENDIAN);
4812 case SUPPORTED_ATTRIBUTES: /* 14 */
4815 for (i = 0; i < optlen/2; i++)
4817 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_supported_attributes, tvb, offset, 2, ENC_BIG_ENDIAN);
4822 case INTERNAL_IP6_SUBNET: /* 15 */
4825 for (i = 0; i < optlen/17; i++)
4827 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_ip, tvb, offset, 16, ENC_NA);
4829 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_prefix, tvb, offset, 1, ENC_BIG_ENDIAN);
4834 case INTERNAL_IP6_LINK: /* 17 */
4835 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_link_interface, tvb, offset, 8, ENC_BIG_ENDIAN);
4837 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_link_id, tvb, offset, optlen-8, ENC_NA);
4839 case INTERNAL_IP6_PREFIX: /* 18 */
4842 for (i = 0; i < optlen/17; i++)
4844 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_ip, tvb, offset, 16, ENC_NA);
4846 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_length, tvb, offset, 1, ENC_BIG_ENDIAN);
4851 case P_CSCF_IP4_ADDRESS: /* 20 */
4854 for (i = 0; i < optlen/4; i++)
4856 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_p_cscf_ip4_address, tvb, offset, 4, ENC_BIG_ENDIAN);
4861 case P_CSCF_IP6_ADDRESS: /* 21 */
4864 for (i = 0; i < optlen/16; i++)
4866 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_p_cscf_ip6_address, tvb, offset, 16, ENC_NA);
4871 case XAUTH_TYPE: /* 16520 */
4872 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_type, tvb, offset, optlen, ENC_BIG_ENDIAN);
4873 proto_item_append_text(cfg_attr_type_item," : %s", rval_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_type, "Unknown %d"));
4875 case XAUTH_USER_NAME: /* 16521 */
4876 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_user_name, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4877 proto_item_append_text(cfg_attr_type_item," : %s", str);
4879 case XAUTH_USER_PASSWORD: /* 16522 */
4880 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_user_password, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4881 proto_item_append_text(cfg_attr_type_item," : %s", str);
4883 case XAUTH_PASSCODE: /* 16523 */
4884 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_passcode, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4885 proto_item_append_text(cfg_attr_type_item," : %s", str);
4887 case XAUTH_MESSAGE: /* 16524 */
4888 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_message, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4889 proto_item_append_text(cfg_attr_type_item," : %s", str);
4891 case XAUTH_CHALLENGE: /* 16525 */
4892 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_challenge, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4893 proto_item_append_text(cfg_attr_type_item," : %s", str);
4895 case XAUTH_DOMAIN: /* 16526 */
4896 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_domain, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4897 proto_item_append_text(cfg_attr_type_item," : %s", str);
4899 case XAUTH_STATUS: /* 16527 */
4900 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_status, tvb, offset, optlen, ENC_BIG_ENDIAN);
4901 proto_item_append_text(cfg_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_status, "Unknown %d"));
4903 case XAUTH_NEXT_PIN: /* 16528 */
4904 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_next_pin, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4905 proto_item_append_text(cfg_attr_type_item," : %s", str);
4907 case XAUTH_ANSWER: /* 16527 */
4908 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_answer, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4909 proto_item_append_text(cfg_attr_type_item," : %s", str);
4912 case UNITY_BANNER: /* 28672 */
4913 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_unity_banner, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4914 proto_item_append_text(cfg_attr_type_item," : %s", str);
4916 case UNITY_DEF_DOMAIN: /* 28674 */
4917 proto_tree_add_item_ret_string(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_unity_def_domain, tvb, offset, optlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
4918 proto_item_append_text(cfg_attr_type_item," : %s", str);
4920 /* TODO: Support other UNITY Attributes ! */
4922 /* No Default Action */
4926 return headerlen + optlen;
4930 dissect_config(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, gboolean is_request)
4933 offset_end = offset + length;
4934 if (isakmp_version == 1) {
4936 proto_tree_add_item(tree, hf_isakmp_cfg_type_v1,tvb, offset, 1, ENC_BIG_ENDIAN);
4939 proto_tree_add_item(tree, hf_isakmp_cfg_identifier,tvb, offset, 1, ENC_BIG_ENDIAN);
4942 } else if (isakmp_version == 2) {
4944 proto_tree_add_item(tree, hf_isakmp_cfg_type_v2,tvb, offset, 1, ENC_BIG_ENDIAN);
4948 /* Skip attribute dissection for unknown IKE versions. */
4952 while (offset < offset_end) {
4953 offset += dissect_config_attribute(tvb, pinfo, tree, offset, isakmp_version, is_request);
4958 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree )
4960 proto_tree_add_item(tree, hf_isakmp_nat_hash, tvb, offset, length, ENC_NA);
4964 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length _U_, proto_tree *tree, int isakmp_version)
4968 id_type = tvb_get_guint8(tvb, offset);
4969 if (isakmp_version == 1)
4971 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4972 }else if (isakmp_version == 2)
4974 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4978 offset += 3; /* reserved */
4982 case IKE_ID_IPV4_ADDR:
4983 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
4986 case IKE_ID_IPV6_ADDR:
4987 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv6, tvb, offset, 16, ENC_NA);
4996 dissect_ts(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
4998 guint8 num, tstype, protocol_id;
5000 num = tvb_get_guint8(tvb, offset);
5001 proto_item_append_text(tree," # %d", num);
5002 proto_tree_add_item(tree, hf_isakmp_ts_number_of_ts, tvb, offset, 1, ENC_BIG_ENDIAN);
5007 offset += 3; /* Reserved */
5010 while (length > 0) {
5011 tstype = tvb_get_guint8(tvb, offset);
5012 proto_tree_add_item(tree, hf_isakmp_ts_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5017 case IKEV2_TS_IPV4_ADDR_RANGE:
5018 protocol_id = tvb_get_guint8(tvb, offset);
5019 if (protocol_id == 0)
5020 proto_tree_add_uint_format_value(tree, hf_isakmp_ts_protoid, tvb, offset,1,
5021 protocol_id, "Unused");
5023 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
5027 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5031 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5035 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5039 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5042 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5046 case IKEV2_TS_IPV6_ADDR_RANGE:
5047 protocol_id = tvb_get_guint8(tvb, offset);
5048 if (protocol_id == 0)
5049 proto_tree_add_uint_format_value(tree, hf_isakmp_ts_protoid, tvb, offset,1,
5050 protocol_id, "Unused");
5052 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
5056 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5060 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5064 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5068 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv6, tvb, offset, 16, ENC_NA);
5072 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv6, tvb, offset, 16, ENC_NA);
5077 case IKEV2_TS_FC_ADDR_RANGE:
5078 offset += 1; /* Reserved */
5081 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5085 offset += 1; /* Reserved */
5088 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_fc, tvb, offset, 3, ENC_BIG_ENDIAN);
5092 offset += 1; /* Reserved */
5095 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_fc, tvb, offset, 3, ENC_BIG_ENDIAN);
5099 proto_tree_add_item(tree, hf_isakmp_ts_start_r_ctl, tvb, offset, 1, ENC_BIG_ENDIAN);
5103 proto_tree_add_item(tree, hf_isakmp_ts_end_r_ctl, tvb, offset, 1, ENC_BIG_ENDIAN);
5107 proto_tree_add_item(tree, hf_isakmp_ts_start_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5111 proto_tree_add_item(tree, hf_isakmp_ts_end_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5116 proto_tree_add_item(tree, hf_isakmp_ts_data, tvb, offset, length, ENC_NA);
5124 /* For IKEv2, decrypt payload if necessary and dissect using inner_payload */
5125 /* For RFC 7383 reassembly, only need decrypted payload, so don't set dissect_payload_now .*/
5128 dissect_enc(tvbuff_t *tvb,
5132 #ifdef HAVE_LIBGCRYPT
5134 guint8 inner_payload,
5135 gboolean is_request,
5137 gboolean dissect_payload_now)
5139 packet_info *pinfo _U_,
5140 guint8 inner_payload _U_,
5141 gboolean is_request _U_,
5142 void* decr_info _U_,
5143 gboolean dissect_payload_now _U_)
5146 #ifdef HAVE_LIBGCRYPT
5147 ikev2_decrypt_data_t *key_info = NULL;
5148 gint iv_len, encr_data_len, icd_len, decr_data_len, md_len, icv_len, encr_key_len, encr_iv_len;
5150 guchar *iv = NULL, *encr_data = NULL, *decr_data = NULL, *entire_message = NULL, *md = NULL, *encr_iv = NULL;
5151 gcry_cipher_hd_t cipher_hd;
5153 gcry_error_t err = 0;
5154 proto_item *item = NULL, *icd_item = NULL, *encr_data_item = NULL, *padlen_item = NULL, *iv_item = NULL;
5155 tvbuff_t *decr_tvb = NULL;
5157 proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
5158 #ifdef HAVE_LIBGCRYPT_AEAD
5159 guchar *aa_data = NULL, *icv_data = NULL;
5164 /* Need decryption details to know field lengths. */
5165 key_info = (ikev2_decrypt_data_t*)(decr_info);
5167 /* Check if encr/auth specs are set properly (if for some case not, wireshark would crash) */
5168 if (!key_info->encr_spec || !key_info->auth_spec) {
5169 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5170 "IKEv2: decryption/integrity specs not set-up properly: encr_spec: %p, auth_spec: %p",
5171 (void *)key_info->auth_spec, (void*)key_info->auth_spec));
5174 iv_len = key_info->encr_spec->iv_len;
5175 icv_len = key_info->encr_spec->icv_len;
5176 icd_len = icv_len ? icv_len : (gint)key_info->auth_spec->trunc_len;
5177 encr_data_len = length - iv_len - icd_len;
5178 encr_key_len = key_info->encr_spec->key_len;
5179 encr_iv_len = iv_len;
5182 * Zero or negative length of encrypted data shows that the user specified
5183 * wrong encryption algorithm and/or authentication algorithm.
5185 if (encr_data_len <= 0) {
5186 proto_tree_add_expert(tree, pinfo, &ei_isakmp_enc_iv, tvb, offset, length);
5191 * Add the IV to the tree and store it in a packet scope buffer for later decryption
5192 * if the specified encryption algorithm uses IV.
5195 if (dissect_payload_now) {
5196 iv_item = proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, ENC_NA);
5197 proto_item_append_text(iv_item, " (%d bytes)", iv_len);
5199 iv = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, iv_len);
5206 * Add the encrypted portion to the tree and store it in a packet scope buffer for later decryption.
5208 if (dissect_payload_now) {
5209 encr_data_item = proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, encr_data_len, ENC_NA);
5210 proto_item_append_text(encr_data_item, " (%d bytes)",encr_data_len);
5211 proto_item_append_text(encr_data_item, " <%s>", val_to_str(key_info->encr_spec->number, vs_ikev2_encr_algs, "Unknown cipher: %d"));
5213 encr_data = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, encr_data_len);
5214 offset += encr_data_len;
5217 * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
5218 * the ICD be displayed even if the decryption fails.
5221 icd_item = proto_tree_add_item(tree, hf_isakmp_enc_icd, tvb, offset, icd_len, ENC_NA);
5222 proto_item_append_text(icd_item, " (%d bytes)",icd_len);
5225 * Recalculate ICD value if the specified authentication algorithm allows it.
5227 #ifdef HAVE_LIBGCRYPT_AEAD
5229 /* For GCM/CCM algorithms ICD is computed during decryption.
5230 Must save offset and length of authenticated additional data (whole ISAKMP header
5231 without iv and encrypted data) and ICV for later verification */
5232 aad_len = offset - iv_len - encr_data_len;
5233 aa_data = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, 0, aad_len);
5234 icv_data = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, icv_len);
5237 if (key_info->auth_spec->gcry_alg) {
5238 proto_item_append_text(icd_item, " <%s>", val_to_str(key_info->auth_spec->number, vs_ikev2_auth_algs, "Unknown mac algo: %d"));
5239 err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
5241 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5242 "IKEv2 hashing error: algorithm %d: gcry_md_open failed: %s",
5243 key_info->auth_spec->gcry_alg, gcry_strerror(err)));
5245 err = gcry_md_setkey(md_hd, key_info->auth_key, key_info->auth_spec->key_len);
5247 gcry_md_close(md_hd);
5248 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5249 "IKEv2 hashing error: algorithm %s, key length %u: gcry_md_setkey failed: %s",
5250 gcry_md_algo_name(key_info->auth_spec->gcry_alg), key_info->auth_spec->key_len, gcry_strerror(err)));
5253 /* Calculate hash over the bytes from the beginning of the ISAKMP header to the right before the ICD. */
5254 entire_message = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, 0, offset);
5255 gcry_md_write(md_hd, entire_message, offset);
5256 md = gcry_md_read(md_hd, 0);
5257 md_len = gcry_md_get_algo_dlen(key_info->auth_spec->gcry_alg);
5258 if (md_len < icd_len) {
5259 gcry_md_close(md_hd);
5260 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5261 "IKEv2 hashing error: algorithm %s: gcry_md_get_algo_dlen returned %d which is smaller than icd length %d",
5262 gcry_md_algo_name(key_info->auth_spec->gcry_alg), md_len, icd_len));
5264 if (tvb_memeql(tvb, offset, md, icd_len) == 0) {
5265 proto_item_append_text(icd_item, "[correct]");
5267 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(wmem_packet_scope(), md, icd_len));
5268 expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
5270 gcry_md_close(md_hd);
5272 proto_item_append_text(icd_item, "[not validated]");
5277 * Confirm encrypted data length is multiple of block size.
5279 if (encr_data_len % key_info->encr_spec->block_len != 0) {
5280 proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]",
5281 key_info->encr_spec->block_len);
5282 expert_add_info(pinfo, encr_data_item, &ei_isakmp_enc_data_length_mult_block_size);
5287 * Allocate buffer for decrypted data.
5289 decr_data = (guchar*)wmem_alloc(pinfo->pool, encr_data_len);
5290 decr_data_len = encr_data_len;
5293 * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
5294 * And otherwise perform decryption with libgcrypt.
5296 if (key_info->encr_spec->number == IKEV2_ENCR_NULL) {
5297 memcpy(decr_data, encr_data, decr_data_len);
5299 err = gcry_cipher_open(&cipher_hd, key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, 0);
5301 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5302 "IKEv2 decryption error: algorithm %d, mode %d: gcry_cipher_open failed: %s",
5303 key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, gcry_strerror(err)));
5306 /* Handling CTR mode and AEAD ciphers */
5307 if( key_info->encr_spec->salt_len ) {
5308 int encr_iv_offset = 0;
5309 encr_key_len = key_info->encr_spec->key_len - key_info->encr_spec->salt_len;
5310 encr_iv_len = key_info->encr_spec->salt_len + iv_len;
5311 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR) {
5312 encr_iv_len = (int)gcry_cipher_get_algo_blklen(key_info->encr_spec->gcry_alg);
5313 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_CCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_CCM_256_12))
5317 if (encr_key_len < 0 || encr_iv_len < encr_iv_offset + (int)key_info->encr_spec->salt_len + iv_len) {
5318 gcry_cipher_close(cipher_hd);
5319 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5320 "IKEv2 decryption error: algorithm %d, key length %d, salt length %d, input iv length %d, cipher iv length: %d: invalid length(s) of cipher parameters",
5321 key_info->encr_spec->gcry_alg, encr_key_len, key_info->encr_spec->salt_len, iv_len, encr_iv_len));
5324 encr_iv = (guchar *)wmem_alloc0(wmem_packet_scope(), encr_iv_len);
5325 memcpy( encr_iv + encr_iv_offset, key_info->encr_key + encr_key_len, key_info->encr_spec->salt_len );
5326 memcpy( encr_iv + encr_iv_offset + key_info->encr_spec->salt_len, iv, iv_len );
5327 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR) {
5328 encr_iv[encr_iv_len-1] = 1;
5329 /* fallback for gcrypt not having AEAD ciphers */
5330 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_GCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_GCM_256_12))
5331 encr_iv[encr_iv_len-1]++;
5332 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_CCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_CCM_256_12))
5333 encr_iv[0] = (guchar)(encr_iv_len - 2 - key_info->encr_spec->salt_len - iv_len);
5337 err = gcry_cipher_setkey(cipher_hd, key_info->encr_key, encr_key_len);
5339 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5340 "IKEv2 decryption error: algorithm %d, key length %d: gcry_cipher_setkey failed: %s",
5341 key_info->encr_spec->gcry_alg, encr_key_len, gcry_strerror(err)));
5343 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR)
5344 err = gcry_cipher_setctr(cipher_hd, encr_iv, encr_iv_len);
5346 err = gcry_cipher_setiv(cipher_hd, encr_iv, encr_iv_len);
5348 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5349 "IKEv2 decryption error: algorithm %d, iv length %d: gcry_cipher_setiv/gcry_cipher_setctr failed: %s",
5350 key_info->encr_spec->gcry_alg, encr_iv_len, gcry_strerror(err)));
5353 #ifdef HAVE_LIBGCRYPT_AEAD
5354 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CCM) {
5355 guint64 ccm_lengths[3];
5356 ccm_lengths[0] = encr_data_len;
5357 ccm_lengths[1] = aad_len;
5358 ccm_lengths[2] = icv_len;
5360 err = gcry_cipher_ctl(cipher_hd, GCRYCTL_SET_CCM_LENGTHS, ccm_lengths, sizeof(ccm_lengths));
5362 gcry_cipher_close(cipher_hd);
5363 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5364 "IKEv2 decryption error: algorithm %d: gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS) failed: %s",
5365 key_info->encr_spec->gcry_alg, gcry_strerror(err)));
5370 err = gcry_cipher_authenticate(cipher_hd, aa_data, aad_len);
5372 gcry_cipher_close(cipher_hd);
5373 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5374 "IKEv2 decryption error: algorithm %d: gcry_cipher_authenticate failed: %s",
5375 key_info->encr_spec->gcry_alg, gcry_strerror(err)));
5380 err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
5382 gcry_cipher_close(cipher_hd);
5383 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5384 "IKEv2 decryption error: algorithm %d: gcry_cipher_decrypt failed: %s",
5385 key_info->encr_spec->gcry_alg, gcry_strerror(err)));
5388 #ifdef HAVE_LIBGCRYPT_AEAD
5390 /* gcry_cipher_checktag() doesn't work on 1.6.x version well - requires all of 16 bytes
5391 * of ICV, so it won't work with 12 and 8 bytes of ICV.
5392 * For 1.7.x version of libgcrypt we could use it safely. But for libgcrypt-1.6.x
5393 * we need to read tag from library and compare manually. Using that way we can also show
5394 * correct value if it is not valid.
5395 * CCM mode is not affected, but requires to pass icv_len to cry_cipher_gettag().
5397 * Unfortunately gcrypt_cipher_gettag() have nothing similar to gcry_md_read(),
5398 * so we need copy data to buffer here.
5399 * Here, depending on cgrypt version gcm length shall be given differently:
5400 * - in 1.7.x length can be of any aproved length (4,8,12,13,14,15,16 bytes),
5401 * - in 1.6.x length must be equal of cipher block length. Aaargh... :-(
5402 * We use accepted for both versions length of block size for GCM (16 bytes).
5403 * For CCM length given must be the same as given to gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS)
5406 gint tag_len = icv_len;
5407 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_GCM)
5408 tag_len = (int)gcry_cipher_get_algo_blklen(key_info->encr_spec->gcry_alg);
5410 if (tag_len < icv_len) {
5411 gcry_cipher_close(cipher_hd);
5412 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5413 "IKEv2 decryption error: algorithm %d: gcry_cipher_get_algo_blklen returned %d which is smaller than icv length %d",
5414 key_info->encr_spec->gcry_alg, tag_len, icv_len));
5417 tag = (guchar *)wmem_alloc(wmem_packet_scope(), tag_len);
5418 err = gcry_cipher_gettag(cipher_hd, tag, tag_len);
5420 gcry_cipher_close(cipher_hd);
5421 REPORT_DISSECTOR_BUG(wmem_strdup_printf(wmem_packet_scope(),
5422 "IKEv2 decryption error: algorithm %d: gcry_cipher_gettag failed: %s",
5423 key_info->encr_spec->gcry_alg, gcry_strerror(err)));
5425 else if (memcmp(tag, icv_data, icv_len) == 0)
5426 proto_item_append_text(icd_item, "[correct]");
5428 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(wmem_packet_scope(), tag, icv_len));
5429 expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
5434 gcry_cipher_close(cipher_hd);
5437 decr_tvb = tvb_new_child_real_data(tvb, decr_data, decr_data_len, decr_data_len);
5438 add_new_data_source(pinfo, decr_tvb, "Decrypted Data");
5439 item = proto_tree_add_item(tree, hf_isakmp_enc_decrypted_data, decr_tvb, 0, decr_data_len, ENC_NA);
5440 proto_item_append_text(item, " (%d byte%s)", decr_data_len, plurality(decr_data_len, "", "s"));
5442 /* Move the ICD item to the bottom of the tree. */
5444 proto_tree_move_item(tree, item, icd_item);
5446 decr_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_data);
5448 pad_len = tvb_get_guint8(decr_tvb, decr_data_len - 1);
5449 payloads_len = decr_data_len - 1 - pad_len;
5451 if (payloads_len > 0) {
5452 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_contained_data, decr_tvb, 0, payloads_len, ENC_NA);
5453 proto_item_append_text(item, " (%d byte%s)", payloads_len, plurality(payloads_len, "", "s"));
5454 decr_payloads_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_payloads);
5457 padlen_item = proto_tree_add_item(decr_tree, hf_isakmp_enc_pad_length, decr_tvb, payloads_len + pad_len, 1, ENC_BIG_ENDIAN);
5459 if (payloads_len < 0) {
5460 proto_item_append_text(padlen_item, " [too long]");
5461 expert_add_info(pinfo, padlen_item, &ei_isakmp_enc_pad_length_big);
5463 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_padding, decr_tvb, payloads_len, pad_len, ENC_NA);
5464 proto_item_append_text(item, " (%d byte%s)", pad_len, plurality(pad_len, "", "s"));
5465 proto_tree_move_item(decr_tree, item, padlen_item);
5470 * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
5471 * even if the dissection fails. This may occur when the user specify wrong encryption key.
5473 if (dissect_payload_now && decr_payloads_tree) {
5474 dissect_payloads(decr_tvb, decr_payloads_tree, 2, inner_payload, 0, payloads_len, pinfo, 0, is_request, decr_info);
5477 #endif /* HAVE_LIBGCRYPT */
5478 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, 4, ENC_NA);
5479 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset+4 , length, ENC_NA);
5480 #ifdef HAVE_LIBGCRYPT
5483 #else /* HAVE_LIBGCRYPT */
5489 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
5493 eap_tvb = tvb_new_subset_length(tvb, offset, length);
5494 if ((eap_tvb != NULL)&& eap_handle != NULL){
5495 call_dissector(eap_handle, eap_tvb, pinfo, tree);
5497 proto_tree_add_item(tree, hf_isakmp_eap_data, tvb, offset, length, ENC_NA);
5502 dissect_gspm(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
5504 proto_tree_add_item(tree, hf_isakmp_gspm_data, tvb, offset, length, ENC_NA);
5509 * Protocol initialization
5512 #ifdef HAVE_LIBGCRYPT
5514 isakmp_hash_func(gconstpointer c) {
5515 const guint8 *i_cookie = (const guint8 *) c;
5516 guint val = 0, keychunk, i;
5518 /* XOR our icookie down to the size of a guint */
5519 for (i = 0; i < COOKIE_SIZE - (COOKIE_SIZE % (guint)sizeof(keychunk)); i += (guint)sizeof(keychunk)) {
5520 memcpy(&keychunk, &i_cookie[i], sizeof(keychunk));
5528 isakmp_equal_func(gconstpointer ic1, gconstpointer ic2) {
5530 if (memcmp(ic1, ic2, COOKIE_SIZE) == 0)
5536 static guint ikev2_key_hash_func(gconstpointer k) {
5537 const ikev2_uat_data_key_t *key = (const ikev2_uat_data_key_t*)k;
5538 guint hash, *key_segs;
5539 size_t key_segcount, i;
5544 * XOR our icookie down to the size of a guint.
5546 * The cast to guint suppresses a warning 64-bit-to-32-bit narrowing
5547 * from some buggy C compilers (I'm looking at *you*,
5548 * i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1
5549 * (Based on Apple Inc. build 5658) (LLVM build 2336.11.00).)
5551 key_segcount = key->spii_len / (guint)sizeof(guint);
5552 key_segs = (guint *)key->spii;
5553 for (i = 0; i < key_segcount; i++) {
5554 hash ^= key_segs[i];
5556 key_segcount = key->spir_len / (guint)sizeof(guint);
5557 key_segs = (guint *)key->spir;
5558 for (i = 0; i < key_segcount; i++) {
5559 hash ^= key_segs[i];
5565 static gint ikev2_key_equal_func(gconstpointer k1, gconstpointer k2) {
5566 const ikev2_uat_data_key_t *key1 = (const ikev2_uat_data_key_t *)k1;
5567 const ikev2_uat_data_key_t *key2 = (const ikev2_uat_data_key_t *)k2;
5568 if (key1->spii_len != key2->spii_len) return 0;
5569 if (key1->spir_len != key2->spir_len) return 0;
5570 if (memcmp(key1->spii, key2->spii, key1->spii_len) != 0) return 0;
5571 if (memcmp(key1->spir, key2->spir, key1->spir_len) != 0) return 0;
5575 #endif /* HAVE_LIBGCRYPT */
5577 #ifdef HAVE_LIBGCRYPT
5579 free_cookie_key(gpointer key_arg)
5581 guint8 *ic_key = (guint8 *)key_arg;
5583 g_slice_free1(COOKIE_SIZE, ic_key);
5587 free_cookie_value(gpointer value)
5589 decrypt_data_t *decr = (decrypt_data_t *)value;
5591 g_hash_table_destroy(decr->iv_hash);
5592 g_slice_free1(sizeof(decrypt_data_t), decr);
5597 isakmp_init_protocol(void) {
5598 #ifdef HAVE_LIBGCRYPT
5600 decrypt_data_t *decr;
5602 #endif /* HAVE_LIBGCRYPT */
5603 reassembly_table_init(&isakmp_cisco_reassembly_table,
5604 &addresses_reassembly_table_functions);
5605 reassembly_table_init(&isakmp_ike2_reassembly_table,
5606 &addresses_reassembly_table_functions);
5608 #ifdef HAVE_LIBGCRYPT
5609 isakmp_hash = g_hash_table_new_full(isakmp_hash_func, isakmp_equal_func,
5610 free_cookie_key, free_cookie_value);
5612 for (i = 0; i < num_ikev1_uat_data; i++) {
5613 ic_key = (guint8 *)g_slice_alloc(COOKIE_SIZE);
5614 memcpy(ic_key, ikev1_uat_data[i].icookie, COOKIE_SIZE);
5616 decr = create_decrypt_data();
5617 memcpy(decr->secret, ikev1_uat_data[i].key, ikev1_uat_data[i].key_len);
5618 decr->secret_len = ikev1_uat_data[i].key_len;
5620 g_hash_table_insert(isakmp_hash, ic_key, decr);
5622 ikev2_key_hash = g_hash_table_new(ikev2_key_hash_func, ikev2_key_equal_func);
5623 for (i = 0; i < num_ikev2_uat_data; i++) {
5624 g_hash_table_insert(ikev2_key_hash, &(ikev2_uat_data[i].key), &(ikev2_uat_data[i]));
5625 /* Need find references to algorithms (as UAT table editing looses data not stored in file) */
5626 ikev2_uat_data[i].encr_spec = ikev2_decrypt_find_encr_spec(ikev2_uat_data[i].encr_alg);
5627 ikev2_uat_data[i].auth_spec = ikev2_decrypt_find_auth_spec(ikev2_uat_data[i].auth_alg);
5629 defrag_next_payload_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
5630 #endif /* HAVE_LIBGCRYPT */
5634 isakmp_cleanup_protocol(void) {
5635 reassembly_table_destroy(&isakmp_cisco_reassembly_table);
5636 reassembly_table_destroy(&isakmp_ike2_reassembly_table);
5637 #ifdef HAVE_LIBGCRYPT
5638 g_hash_table_destroy(isakmp_hash);
5639 g_hash_table_destroy(ikev2_key_hash);
5640 g_hash_table_destroy(defrag_next_payload_hash);
5641 #endif /* HAVE_LIBGCRYPT */
5644 #ifdef HAVE_LIBGCRYPT
5646 UAT_BUFFER_CB_DEF(ikev1_users, icookie, ikev1_uat_data_key_t, icookie, icookie_len)
5647 UAT_BUFFER_CB_DEF(ikev1_users, key, ikev1_uat_data_key_t, key, key_len)
5649 static gboolean ikev1_uat_data_update_cb(void* p, char** err) {
5650 ikev1_uat_data_key_t *ud = (ikev1_uat_data_key_t *)p;
5652 if (ud->icookie_len != COOKIE_SIZE) {
5653 *err = g_strdup_printf("Length of Initiator's COOKIE must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
5657 if (ud->key_len == 0) {
5658 *err = g_strdup("Must have Encryption key.");
5662 if (ud->key_len > MAX_KEY_SIZE) {
5663 *err = g_strdup_printf("Length of Encryption key limited to %d octets (%d hex characters).", MAX_KEY_SIZE, MAX_KEY_SIZE * 2);
5670 UAT_BUFFER_CB_DEF(ikev2_users, spii, ikev2_uat_data_t, key.spii, key.spii_len)
5671 UAT_BUFFER_CB_DEF(ikev2_users, spir, ikev2_uat_data_t, key.spir, key.spir_len)
5672 UAT_BUFFER_CB_DEF(ikev2_users, sk_ei, ikev2_uat_data_t, sk_ei, sk_ei_len)
5673 UAT_BUFFER_CB_DEF(ikev2_users, sk_er, ikev2_uat_data_t, sk_er, sk_er_len)
5674 UAT_VS_DEF(ikev2_users, encr_alg, ikev2_uat_data_t, guint, IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR)
5675 UAT_BUFFER_CB_DEF(ikev2_users, sk_ai, ikev2_uat_data_t, sk_ai, sk_ai_len)
5676 UAT_BUFFER_CB_DEF(ikev2_users, sk_ar, ikev2_uat_data_t, sk_ar, sk_ar_len)
5677 UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, guint, IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR)
5679 static gboolean ikev2_uat_data_update_cb(void* p, char** err) {
5680 ikev2_uat_data_t *ud = (ikev2_uat_data_t *)p;
5682 if (ud->key.spii_len != COOKIE_SIZE) {
5683 *err = g_strdup_printf("Length of Initiator's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
5687 if (ud->key.spir_len != COOKIE_SIZE) {
5688 *err = g_strdup_printf("Length of Responder's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
5692 if ((ud->encr_spec = ikev2_decrypt_find_encr_spec(ud->encr_alg)) == NULL) {
5693 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 encryption algorithm spec.");
5696 if ((ud->auth_spec = ikev2_decrypt_find_auth_spec(ud->auth_alg)) == NULL) {
5697 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 authentication algorithm spec.");
5700 if (ud->encr_spec->icv_len && ud->auth_spec->number != IKEV2_AUTH_NONE) {
5701 *err = g_strdup_printf("Selected encryption_algorithm %s requires selecting NONE integrity algorithm.",
5702 val_to_str(ud->encr_spec->number, vs_ikev2_encr_algs, "other-%d"));
5706 if (ud->sk_ei_len != ud->encr_spec->key_len) {
5707 *err = g_strdup_printf("Length of SK_ei (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
5708 ud->sk_ei_len, ud->encr_spec->key_len);
5712 if (ud->sk_er_len != ud->encr_spec->key_len) {
5713 *err = g_strdup_printf("Length of SK_er (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
5714 ud->sk_er_len, ud->encr_spec->key_len);
5718 if (ud->sk_ai_len != ud->auth_spec->key_len) {
5719 *err = g_strdup_printf("Length of SK_ai (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
5720 ud->sk_ai_len, ud->auth_spec->key_len);
5724 if (ud->sk_ar_len != ud->auth_spec->key_len) {
5725 *err = g_strdup_printf("Length of SK_ar (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
5726 ud->sk_ar_len, ud->auth_spec->key_len);
5732 #endif /* HAVE_LIBGCRYPT */
5735 proto_register_isakmp(void)
5737 #ifdef HAVE_LIBGCRYPT
5738 module_t *isakmp_module;
5740 static hf_register_info hf[] = {
5742 { "Initiator SPI", "isakmp.ispi",
5743 FT_BYTES, BASE_NONE, NULL, 0x0,
5744 "ISAKMP Initiator SPI", HFILL }},
5746 { "Responder SPI", "isakmp.rspi",
5747 FT_BYTES, BASE_NONE, NULL, 0x0,
5748 "ISAKMP Responder SPI", HFILL }},
5749 { &hf_isakmp_typepayload,
5750 { "Type Payload", "isakmp.typepayload",
5751 FT_UINT8,BASE_RANGE_STRING | BASE_DEC, RVALS(payload_type), 0x0,
5752 "ISAKMP Type Payload", HFILL }},
5753 { &hf_isakmp_nextpayload,
5754 { "Next payload", "isakmp.nextpayload",
5755 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(payload_type), 0x0,
5756 "ISAKMP Next Payload", HFILL }},
5757 { &hf_isakmp_criticalpayload,
5758 { "Critical Bit", "isakmp.criticalpayload",
5759 FT_BOOLEAN, 8,TFS(&criticalpayload), 0x80,
5760 "ISAKMP (v2) Critical Payload", HFILL }},
5761 { &hf_isakmp_extradata,
5762 { "Extra data", "isakmp.extradata",
5763 FT_BYTES, BASE_NONE, NULL, 0x0,
5764 "Extra data ??????", HFILL }},
5765 { &hf_isakmp_datapayload,
5766 { "Data Payload", "isakmp.datapayload",
5767 FT_BYTES, BASE_NONE, NULL, 0x0,
5768 "Data Payload (not dissect)", HFILL }},
5769 { &hf_isakmp_version,
5770 { "Version", "isakmp.version",
5771 FT_UINT8, BASE_HEX, NULL, 0x0,
5772 "ISAKMP Version (major + minor)", HFILL }},
5774 { "MjVer", "isakmp.mjver",
5775 FT_UINT8, BASE_HEX, NULL, 0xF0,
5776 "ISAKMP MjVer", HFILL }},
5778 { "MnVer", "isakmp.mnver",
5779 FT_UINT8, BASE_HEX, NULL, 0x0F,
5780 "ISAKMP MnVer", HFILL }},
5781 { &hf_isakmp_exchangetype_v1,
5782 { "Exchange type", "isakmp.exchangetype",
5783 FT_UINT8, BASE_DEC, VALS(exchange_v1_type), 0x0,
5784 "ISAKMP Exchange Type", HFILL }},
5785 { &hf_isakmp_exchangetype_v2,
5786 { "Exchange type", "isakmp.exchangetype",
5787 FT_UINT8, BASE_DEC, VALS(exchange_v2_type), 0x0,
5788 "ISAKMP Exchange Type", HFILL }},
5790 { "Flags", "isakmp.flags",
5791 FT_UINT8, BASE_HEX, NULL, 0x0,
5792 "ISAKMP Flags", HFILL }},
5793 { &hf_isakmp_flag_e,
5794 { "Encryption", "isakmp.flag_e",
5795 FT_BOOLEAN, 8, TFS(&flag_e), E_FLAG,
5796 "Encryption Bit", HFILL }},
5797 { &hf_isakmp_flag_c,
5798 { "Commit", "isakmp.flag_c",
5799 FT_BOOLEAN, 8, TFS(&flag_c), C_FLAG,
5800 "Commit Bit", HFILL }},
5801 { &hf_isakmp_flag_a,
5802 { "Authentication", "isakmp.flag_a",
5803 FT_BOOLEAN, 8, TFS(&flag_a), A_FLAG,
5804 "Authentication Bit", HFILL }},
5805 { &hf_isakmp_flag_i,
5806 { "Initiator", "isakmp.flag_i",
5807 FT_BOOLEAN, 8, TFS(&flag_i), I_FLAG,
5808 "Initiator Bit", HFILL }},
5809 { &hf_isakmp_flag_v,
5810 { "Version", "isakmp.flag_v",
5811 FT_BOOLEAN, 8, TFS(&flag_v), V_FLAG,
5812 "Version Bit", HFILL }},
5813 { &hf_isakmp_flag_r,
5814 { "Response", "isakmp.flag_r",
5815 FT_BOOLEAN, 8, TFS(&flag_r), R_FLAG,
5816 "Response Bit", HFILL }},
5817 { &hf_isakmp_messageid,
5818 { "Message ID", "isakmp.messageid",
5819 FT_UINT32, BASE_HEX, NULL, 0x0,
5820 "ISAKMP Message ID", HFILL }},
5821 { &hf_isakmp_length,
5822 { "Length", "isakmp.length",
5823 FT_UINT32, BASE_DEC, NULL, 0x0,
5824 "ISAKMP Length", HFILL }},
5825 { &hf_isakmp_payloadlen,
5826 { "Payload length", "isakmp.payloadlength",
5827 FT_UINT16, BASE_DEC, NULL, 0x0,
5828 "ISAKMP Payload Length", HFILL }},
5829 { &hf_isakmp_sa_doi,
5830 { "Domain of interpretation", "isakmp.sa.doi",
5831 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
5832 "ISAKMP Domain of Interpretation", HFILL }},
5833 { &hf_isakmp_sa_situation,
5834 { "Situation", "isakmp.sa.situation",
5835 FT_BYTES, BASE_NONE, NULL, 0x0,
5836 "ISAKMP SA Situation", HFILL }},
5837 { &hf_isakmp_sa_situation_identity_only,
5838 { "Identity Only", "isakmp.sa.situation.identity_only",
5839 FT_BOOLEAN, 32, NULL, SIT_IDENTITY_ONLY,
5840 "The type specifies that the SA will be identified by source identity information present in an associated Identification Payload", HFILL }},
5841 { &hf_isakmp_sa_situation_secrecy,
5842 { "Secrecy", "isakmp.sa.situation.secrecy",
5843 FT_BOOLEAN, 32, NULL, SIT_SECRECY,
5844 "The type specifies that the SA is being negotiated in an environment that requires labeled secrecy.", HFILL }},
5845 { &hf_isakmp_sa_situation_integrity,
5846 { "Integrity", "isakmp.sa.situation.integrity",
5847 FT_BOOLEAN, 32, NULL, SIT_INTEGRITY,
5848 "The type specifies that the SA is being negotiated in an environment that requires labeled integrity", HFILL }},
5849 { &hf_isakmp_prop_protoid_v1,
5850 { "Protocol ID", "isakmp.prop.protoid",
5851 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
5852 "ISAKMP Proposal Protocol ID", HFILL }},
5853 { &hf_isakmp_prop_protoid_v2,
5854 { "Protocol ID", "isakmp.prop.protoid",
5855 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
5856 "IKEv2 Proposal Protocol ID", HFILL }},
5857 { &hf_isakmp_prop_number,
5858 { "Proposal number", "isakmp.prop.number",
5859 FT_UINT8, BASE_DEC, NULL, 0x0,
5860 "ISAKMP Proposal Number", HFILL }},
5861 { &hf_isakmp_spisize,
5862 { "SPI Size", "isakmp.spisize",
5863 FT_UINT8, BASE_DEC, NULL, 0x0,
5866 { "SPI", "isakmp.spi",
5867 FT_BYTES, BASE_NONE, NULL, 0x0,
5869 { &hf_isakmp_prop_transforms,
5870 { "Proposal transforms", "isakmp.prop.transforms",
5871 FT_UINT8, BASE_DEC, NULL, 0x0,
5872 "ISAKMP Proposal Transforms", HFILL }},
5873 { &hf_isakmp_trans_number,
5874 { "Transform number", "isakmp.trans.number",
5875 FT_UINT8, BASE_DEC, NULL, 0x0,
5876 "ISAKMP Transform Number", HFILL }},
5877 { &hf_isakmp_trans_id,
5878 { "Transform ID", "isakmp.trans.id",
5879 FT_UINT8, BASE_DEC, NULL, 0x0,
5880 "ISAKMP Transform ID", HFILL }},
5881 { &hf_isakmp_id_type_v1,
5882 { "ID type", "isakmp.id.type",
5883 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
5884 "ISAKMP (v1) ID Type", HFILL }},
5885 { &hf_isakmp_id_type_v2,
5886 { "ID type", "isakmp.id.type",
5887 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_id_type), 0x0,
5888 "ISAKMP (v2) ID Type", HFILL }},
5889 { &hf_isakmp_id_protoid,
5890 { "Protocol ID", "isakmp.id.protoid",
5891 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
5892 "ISAKMP ID Protocol ID", HFILL }},
5893 { &hf_isakmp_id_port,
5894 { "Port", "isakmp.id.port",
5895 FT_UINT16, BASE_DEC, NULL, 0x0,
5896 "ISAKMP ID Port", HFILL }},
5897 { &hf_isakmp_id_data,
5898 { "Identification Data:", "isakmp.id.data",
5899 FT_NONE, BASE_NONE, NULL, 0x0,
5900 "ISAKMP ID Data", HFILL }},
5901 { &hf_isakmp_id_data_ipv4_addr,
5902 { "ID_IPV4_ADDR", "isakmp.id.data.ipv4_addr",
5903 FT_IPv4, BASE_NONE, NULL, 0x0,
5904 "The type specifies a single four (4) octet IPv4 address", HFILL }},
5905 { &hf_isakmp_id_data_fqdn,
5906 { "ID_FQDN", "isakmp.id.data.fqdn",
5907 FT_STRING, BASE_NONE, NULL, 0x0,
5908 "The type specifies a fully-qualified domain name string", HFILL }},
5909 { &hf_isakmp_id_data_user_fqdn,
5910 { "ID_FQDN", "isakmp.id.data.user_fqdn",
5911 FT_STRING, BASE_NONE, NULL, 0x0,
5912 "The type specifies a fully-qualified username string", HFILL }},
5913 { &hf_isakmp_id_data_ipv4_subnet,
5914 { "ID_IPV4_SUBNET", "isakmp.id.data.ipv4_subnet",
5915 FT_IPv4, BASE_NONE, NULL, 0x0,
5916 "The second is an IPv4 network mask", HFILL }},
5917 { &hf_isakmp_id_data_ipv4_range_start,
5918 { "ID_IPV4_SUBNET", "isakmp.id.data.ipv4_range_start",
5919 FT_IPv4, BASE_NONE, NULL, 0x0,
5920 "The first value is the beginning IPv4 address (inclusive)", HFILL }},
5921 { &hf_isakmp_id_data_ipv4_range_end,
5922 { "ID_IPV4_RANGE (End)", "isakmp.id.data.ipv4_range_end",
5923 FT_IPv4, BASE_NONE, NULL, 0x0,
5924 "The second value is the ending IPv4 address (inclusive)", HFILL }},
5925 { &hf_isakmp_id_data_ipv6_addr,
5926 { "ID_IPV6_ADDR", "isakmp.id.data.ipv6_addr",
5927 FT_IPv6, BASE_NONE, NULL, 0x0,
5928 "The type specifies a single sixteen (16) octet IPv6 address", HFILL }},
5929 { &hf_isakmp_id_data_ipv6_subnet,
5930 { "ID_IPV6A_ADDR_SUBNET", "isakmp.id.data.ipv6_subnet",
5931 FT_IPv6, BASE_NONE, NULL, 0x0,
5932 "The type specifies a range of IPv6 addresses represented by two sixteen (16) octet values", HFILL }},
5933 { &hf_isakmp_id_data_ipv6_range_start,
5934 { "ID_IPV6_ADDR_RANGE (Start)", "isakmp.id.data.ipv6_range_start",
5935 FT_IPv6, BASE_NONE, NULL, 0x0,
5936 "The first value is the beginning IPv6 address (inclusive)", HFILL }},
5937 { &hf_isakmp_id_data_ipv6_range_end,
5938 { "ID_IPV6_ADDR_RANGE (End)", "isakmp.id.data.ipv6_range_end",
5939 FT_IPv6, BASE_NONE, NULL, 0x0,
5940 "the second value is the ending IPv6 address (inclusive)", HFILL }},
5941 { &hf_isakmp_id_data_key_id,
5942 { "ID_KEY_ID", "isakmp.id.data.key_id",
5943 FT_BYTES, BASE_NONE, NULL, 0x0,
5944 "The type specifies an opaque byte stream which may be used to pass vendor-specific information necessary to identify which pre-hared key should be used to authenticate Aggressive mode negotiations", HFILL }},
5945 { &hf_isakmp_id_data_cert,
5946 { "ID_DER_ASN1_DN", "isakmp.id.data.der_asn1_dn",
5947 FT_UINT32, BASE_DEC, NULL, 0x0,
5949 { &hf_isakmp_cert_encoding_v1,
5950 { "Certificate Encoding", "isakmp.cert.encoding",
5951 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v1_type), 0x0,
5952 "ISAKMP Certificate Encoding", HFILL }},
5953 { &hf_isakmp_cert_encoding_v2,
5954 { "Certificate Encoding", "isakmp.cert.encoding",
5955 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v2_type), 0x0,
5956 "IKEv2 Certificate Encoding", HFILL }},
5957 { &hf_isakmp_cert_data,
5958 { "Certificate Data", "isakmp.cert.data",
5959 FT_NONE, BASE_NONE, NULL, 0x0,
5960 "ISAKMP Certificate Data", HFILL }},
5961 { &hf_isakmp_cert_x509_hash,
5962 { "Hash", "isakmp.cert.x509.hash",
5963 FT_BYTES, BASE_NONE, NULL, 0x0,
5965 { &hf_isakmp_cert_x509_url,
5966 { "URL", "isakmp.cert.x509.url",
5967 FT_STRING, BASE_NONE, NULL, 0x0,
5969 { &hf_isakmp_certreq_type_v1,
5970 { "Certificate Type", "isakmp.certreq.type",
5971 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v1_type), 0x0,
5972 "ISAKMP Certificate Type", HFILL }},
5973 { &hf_isakmp_certreq_type_v2,
5974 { "Certificate Type", "isakmp.certreq.type",
5975 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v2_type), 0x0,
5976 "IKEv2 Certificate Type", HFILL }},
5977 { &hf_isakmp_auth_meth,
5978 { "Authentication Method", "isakmp.auth.method",
5979 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(authmeth_v2_type), 0x0,
5980 "IKEv2 Authentication Method", HFILL }},
5981 { &hf_isakmp_auth_data,
5982 { "Authentication Data", "isakmp.auth.data",
5983 FT_BYTES, BASE_NONE, NULL, 0x0,
5984 "IKEv2 Authentication Data", HFILL }},
5985 { &hf_isakmp_notify_doi,
5986 { "Domain of interpretation", "isakmp.notify.doi",
5987 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
5988 "ISAKMP Notify Domain of Interpretation", HFILL }},
5989 { &hf_isakmp_notify_protoid_v1,
5990 { "Protocol ID", "isakmp.notify.protoid",
5991 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
5992 "ISAKMP Notify Protocol ID", HFILL }},
5993 { &hf_isakmp_notify_protoid_v2,
5994 { "Protocol ID", "isakmp.notify.protoid",
5995 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
5996 "IKEv2 Notify Protocol ID", HFILL }},
5997 { &hf_isakmp_notify_msgtype_v1,
5998 { "Notify Message Type", "isakmp.notify.msgtype",
5999 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v1_type), 0x0,
6000 "ISAKMP Notify Message Type", HFILL }},
6001 { &hf_isakmp_notify_msgtype_v2,
6002 { "Notify Message Type", "isakmp.notify.msgtype",
6003 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v2_type), 0x0,
6004 "ISAKMP Notify Message Type", HFILL }},
6005 { &hf_isakmp_notify_data,
6006 { "Notification DATA", "isakmp.notify.data",
6007 FT_BYTES, BASE_NONE, NULL, 0x0,
6009 { &hf_isakmp_notify_data_dpd_are_you_there,
6010 { "DPD ARE-YOU-THERE sequence", "isakmp.notify.data.dpd.are_you_there",
6011 FT_UINT32, BASE_DEC, NULL, 0x0,
6013 { &hf_isakmp_notify_data_dpd_are_you_there_ack,
6014 { "DPD ARE-YOU-THERE-ACK sequence", "isakmp.notify.data.dpd.are_you_there_ack",
6015 FT_UINT32, BASE_DEC, NULL, 0x0,
6017 { &hf_isakmp_notify_data_unity_load_balance,
6018 { "UNITY LOAD BALANCE", "isakmp.notify.data.unity.load_balance",
6019 FT_IPv4, BASE_NONE, NULL, 0x0,
6021 { &hf_isakmp_notify_data_ipcomp_cpi,
6022 { "IPCOMP CPI", "isakmp.notify.data.ipcomp.cpi",
6023 FT_UINT16, BASE_DEC, NULL, 0x0,
6025 { &hf_isakmp_notify_data_ipcomp_transform_id,
6026 { "IPCOMP Transform ID", "isakmp.notify.data.ipcomp.transform_id",
6027 FT_UINT8, BASE_DEC, VALS(transform_id_ipcomp), 0x0,
6029 { &hf_isakmp_notify_data_redirect_gw_ident_type,
6030 { "Gateway Identity Type", "isakmp.notify.data.redirect.gw_ident.type",
6031 FT_UINT8, BASE_DEC, VALS(redirect_gateway_identity_type), 0x0,
6033 { &hf_isakmp_notify_data_redirect_gw_ident_len,
6034 { "Gateway Identity Length", "isakmp.notify.data.redirect.gw_ident.len",
6035 FT_UINT8, BASE_DEC, NULL, 0x0,
6037 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4,
6038 { "New Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv4",
6039 FT_IPv4, BASE_NONE, NULL, 0x0,
6041 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6,
6042 { "New Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv6",
6043 FT_IPv6, BASE_NONE, NULL, 0x0,
6045 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn,
6046 { "New Responder Gateway Identity (FQDN)", "isakmp.notify.data.redirect.new_resp_gw_ident.fqdn",
6047 FT_STRING, BASE_NONE, NULL, 0x0,
6049 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident,
6050 { "New Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.new_resp_gw_ident.data",
6051 FT_BYTES, BASE_NONE, NULL, 0x0,
6053 { &hf_isakmp_notify_data_redirect_nonce_data,
6054 { "Redirect Nonce Data", "isakmp.notify.data.redirect.nonce_data",
6055 FT_BYTES, BASE_NONE, NULL, 0x0,
6057 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4,
6058 { "Original Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv4",
6059 FT_IPv4, BASE_NONE, NULL, 0x0,
6061 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6,
6062 { "Original Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv6",
6063 FT_IPv6, BASE_NONE, NULL, 0x0,
6065 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident,
6066 { "Original Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.org_resp_gw_ident.data",
6067 FT_BYTES, BASE_NONE, NULL, 0x0,
6070 { &hf_isakmp_notify_data_ticket_lifetime,
6071 { "TICKET OPAQUE Lifetime", "isakmp.notify.data.ticket_opaque.lifetime",
6072 FT_UINT32, BASE_DEC, NULL, 0x0,
6073 "The Lifetime field contains a relative time value, the number of seconds until the ticket expires (encoded as an unsigned integer).", HFILL }},
6074 { &hf_isakmp_notify_data_ticket_data,
6075 { "TICKET OPAQUE Data", "isakmp.notify.data.ticket_opaque.data",
6076 FT_BYTES, BASE_NONE, NULL, 0x0,
6079 /* ROHC Attributes Type */
6080 { &hf_isakmp_notify_data_rohc_attr.all,
6081 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr",
6082 FT_NONE, BASE_NONE, NULL, 0x00,
6084 { &hf_isakmp_notify_data_rohc_attr.type,
6085 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr.type",
6086 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, VALS(rohc_attr_type), 0x00,
6088 { &hf_isakmp_notify_data_rohc_attr.format,
6089 { "ROHC Format", "isakmp.notify.data.rohc.attr.format",
6090 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6092 { &hf_isakmp_notify_data_rohc_attr.length,
6093 { "Length", "isakmp.notify.data.rohc.attr.length",
6094 FT_UINT16, BASE_DEC, NULL, 0x00,
6096 { &hf_isakmp_notify_data_rohc_attr.value,
6097 { "Value", "isakmp.notify.data.rohc.attr.value",
6098 FT_BYTES, BASE_NONE, NULL, 0x00,
6100 { &hf_isakmp_notify_data_rohc_attr_max_cid,
6101 { "Maximum Context Identifier", "isakmp.notify.data.rohc.attr.max_cid",
6102 FT_UINT16, BASE_DEC, NULL, 0x00,
6104 { &hf_isakmp_notify_data_rohc_attr_profile,
6105 { "ROHC Profile", "isakmp.notify.data.rohc.attr.profile",
6106 FT_UINT16, BASE_DEC, NULL, 0x00,
6108 { &hf_isakmp_notify_data_rohc_attr_integ,
6109 { "ROHC Integrity Algorithm", "isakmp.notify.data.rohc.attr.integ",
6110 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
6112 { &hf_isakmp_notify_data_rohc_attr_icv_len,
6113 { "ROHC ICV Length in bytes", "isakmp.notify.data.rohc.attr.icv_len",
6114 FT_UINT16, BASE_DEC, NULL, 0x00,
6115 "In bytes", HFILL }},
6116 { &hf_isakmp_notify_data_rohc_attr_mrru,
6117 { "MRRU", "isakmp.notify.data.rohc.attr.mrru",
6118 FT_UINT16, BASE_DEC, NULL, 0x00,
6121 { &hf_isakmp_notify_data_qcd_token_secret_data,
6122 { "Token Secret Data", "isakmp.notify.data.qcd.token_secret_data",
6123 FT_BYTES, BASE_NONE, NULL, 0x0,
6126 { &hf_isakmp_notify_data_ha_nonce_data,
6127 { "Nonce Data", "isakmp.notify.data.ha.nonce_data",
6128 FT_UINT32, BASE_HEX, NULL, 0x0,
6129 "Random nonce data, the data should be identical in the synchronization request and response", HFILL }},
6130 { &hf_isakmp_notify_data_ha_expected_send_req_msg_id,
6131 { "EXPECTED SEND REQ MESSAGE ID", "isakmp.notify.data.ha.expected_send_req_message_id",
6132 FT_UINT32, BASE_HEX, NULL, 0x0,
6133 "Indicate the Message ID it will use in the next request that it will send to the other protocol peer", HFILL }},
6134 { &hf_isakmp_notify_data_ha_expected_recv_req_msg_id,
6135 { "EXPECTED RECV REQ MESSAGE ID", "isakmp.notify.data.ha.expected_recv_req_message_id",
6136 FT_UINT32, BASE_HEX, NULL, 0x0,
6137 "Indicate the Message ID it is expecting in the next request to be received from the other protocol peer", HFILL }},
6138 { &hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value,
6139 { "Incoming IPsec SA delta value", "isakmp.notify.data.ha.incoming_ipsec_sa_delta_value",
6140 FT_BYTES, BASE_NONE, NULL, 0x0,
6141 "The sender requests that the peer should increment all the Child SA Replay Counters for the sender's incomingtraffic by this value", HFILL }},
6142 { &hf_isakmp_notify_data_secure_password_methods,
6143 { "Secure Password Methods", "isakmp.notify.data.secure_password_methods",
6144 FT_BYTES, BASE_NONE, NULL, 0x0,
6147 { &hf_isakmp_delete_doi,
6148 { "Domain of interpretation", "isakmp.delete.doi",
6149 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
6150 "ISAKMP Delete Domain of Interpretation", HFILL }},
6151 { &hf_isakmp_delete_protoid_v1,
6152 { "Protocol ID", "isakmp.delete.protoid",
6153 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
6154 "ISAKMP Delete Protocol ID", HFILL }},
6155 { &hf_isakmp_delete_protoid_v2,
6156 { "Protocol ID", "isakmp.delete.protoid",
6157 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
6158 "IKEv2 Delete Protocol ID", HFILL }},
6159 { &hf_isakmp_delete_spi,
6160 { "Delete SPI", "isakmp.delete.spi",
6161 FT_BYTES, BASE_NONE, NULL, 0x0,
6162 "Identifies the specific security association(s) to delete", HFILL }},
6163 { &hf_isakmp_vid_bytes,
6164 { "Vendor ID", "isakmp.vid_bytes",
6165 FT_BYTES, BASE_NONE, NULL, 0x0,
6167 { &hf_isakmp_vid_string,
6168 { "Vendor ID", "isakmp.vid_string",
6169 FT_STRING, BASE_NONE, NULL, 0x0,
6171 { &hf_isakmp_vid_cp_product,
6172 { "Checkpoint Product", "isakmp.vid.cp.product",
6173 FT_UINT32, BASE_DEC, VALS(cp_product), 0x0,
6175 { &hf_isakmp_vid_cp_version,
6176 { "Checkpoint Version", "isakmp.vid.cp.version",
6177 FT_UINT32, BASE_DEC, VALS(cp_version), 0x0,
6178 "Encoded Version number", HFILL }},
6179 { &hf_isakmp_vid_cp_timestamp,
6180 { "Checkpoint Timestamp", "isakmp.vid.cp.timestamp",
6181 FT_UINT32, BASE_DEC, NULL, 0x0,
6182 "Timestamp (NGX only; always zero in 4.1 or NG)", HFILL }},
6183 { &hf_isakmp_vid_cp_reserved,
6184 { "Checkpoint Reserved", "isakmp.vid.cp.reserved",
6185 FT_UINT32, BASE_HEX, NULL, 0x0,
6187 { &hf_isakmp_vid_cp_features,
6188 { "Checkpoint Features", "isakmp.vid.cp.features",
6189 FT_UINT32, BASE_HEX, NULL, 0x0,
6192 { &hf_isakmp_vid_cisco_unity_major,
6193 { "CISCO-UNITY Major version", "isakmp.vid.cisco_unity.major",
6194 FT_UINT8, BASE_DEC, NULL, 0x0,
6196 { &hf_isakmp_vid_cisco_unity_minor,
6197 { "CISCO-UNITY Minor version", "isakmp.vid.cisco_unity.minor",
6198 FT_UINT8, BASE_DEC, NULL, 0x0,
6201 { &hf_isakmp_vid_ms_nt5_isakmpoakley,
6202 { "MS NT5 ISAKMPOAKLEY", "isakmp.vid.ms_nt5_isakmpoakley",
6203 FT_UINT32, BASE_DEC, VALS(ms_nt5_isakmpoakley_type), 0x0,
6206 { &hf_isakmp_vid_aruba_via_auth_profile,
6207 { "Auth Profile", "isakmp.vid.aruba_via_auth_profile",
6208 FT_STRING, BASE_NONE, NULL, 0x0,
6209 "Aruba Networks Auth Profile for VIA Client", HFILL }},
6211 { &hf_isakmp_ts_number_of_ts,
6212 { "Number of Traffic Selector", "isakmp.ts.number",
6213 FT_UINT8, BASE_DEC, NULL, 0x0,
6215 { &hf_isakmp_ts_type,
6216 { "Traffic Selector Type", "isakmp.ts.type",
6217 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(traffic_selector_type), 0x0,
6219 { &hf_isakmp_ts_protoid,
6220 { "Protocol ID", "isakmp.ts.protoid",
6221 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
6222 "IKEv2 Traffic Selector Protocol ID", HFILL }},
6223 { &hf_isakmp_ts_selector_length,
6224 { "Selector Length", "isakmp.ts.selector_length",
6225 FT_UINT16, BASE_DEC, NULL, 0x0,
6227 { &hf_isakmp_ts_start_port,
6228 { "Start Port", "isakmp.ts.start_port",
6229 FT_UINT16, BASE_DEC, NULL, 0x0,
6231 { &hf_isakmp_ts_end_port,
6232 { "End Port", "isakmp.ts.end_port",
6233 FT_UINT16, BASE_DEC, NULL, 0x0,
6235 { &hf_isakmp_ts_start_addr_ipv4,
6236 { "Starting Addr", "isakmp.ts.start_ipv4",
6237 FT_IPv4, BASE_NONE, NULL, 0x0,
6239 { &hf_isakmp_ts_end_addr_ipv4,
6240 { "Ending Addr", "isakmp.ts.end_ipv4",
6241 FT_IPv4, BASE_NONE, NULL, 0x0,
6243 { &hf_isakmp_ts_start_addr_ipv6,
6244 { "Starting Addr", "isakmp.ts.start_ipv6",
6245 FT_IPv6, BASE_NONE, NULL, 0x0,
6247 { &hf_isakmp_ts_end_addr_ipv6,
6248 { "Ending Addr", "isakmp.ts.end_ipv6",
6249 FT_IPv6, BASE_NONE, NULL, 0x0,
6251 { &hf_isakmp_ts_start_addr_fc,
6252 { "Starting Addr", "isakmp.ts.start_fc",
6253 FT_UINT32, BASE_DEC, NULL, 0x0,
6255 { &hf_isakmp_ts_end_addr_fc,
6256 { "Ending Addr", "isakmp.ts.end_fc",
6257 FT_UINT32, BASE_DEC, NULL, 0x0,
6259 { &hf_isakmp_ts_start_r_ctl,
6260 { "Starting R_CTL", "isakmp.ts.start_r_ctl",
6261 FT_UINT8, BASE_DEC, NULL, 0x0,
6263 { &hf_isakmp_ts_end_r_ctl,
6264 { "Ending R_CTL", "isakmp.ts.end_r_ctl",
6265 FT_UINT8, BASE_DEC, NULL, 0x0,
6267 { &hf_isakmp_ts_start_type,
6268 { "Starting Type", "isakmp.ts.start_type",
6269 FT_UINT8, BASE_DEC, NULL, 0x0,
6271 { &hf_isakmp_ts_end_type,
6272 { "Ending Type", "isakmp.ts.end_type",
6273 FT_UINT8, BASE_DEC, NULL, 0x0,
6275 { &hf_isakmp_ts_data,
6276 { "Traffic Selector Data", "isakmp.ts.data",
6277 FT_BYTES, BASE_NONE, NULL, 0x0,
6280 { &hf_isakmp_num_spis,
6281 { "Number of SPIs", "isakmp.spinum",
6282 FT_UINT16, BASE_DEC, NULL, 0x0,
6283 "ISAKMP Number of SPIs", HFILL }},
6285 { "Hash DATA", "isakmp.hash",
6286 FT_BYTES, BASE_NONE, NULL, 0x0,
6289 { "Signature DATA", "isakmp.sig",
6290 FT_BYTES, BASE_NONE, NULL, 0x0,
6293 { "Nonce DATA", "isakmp.nonce",
6294 FT_BYTES, BASE_NONE, NULL, 0x0,
6297 { &hf_isakmp_ike2_fragment_number,
6298 { "Fragment Number", "isakmp.frag.number",
6299 FT_UINT16, BASE_DEC, NULL, 0x0,
6300 "ISAKMP fragment number", HFILL }},
6301 { &hf_isakmp_ike2_total_fragments,
6302 { "Total Fragments", "isakmp.frag.total",
6303 FT_UINT16, BASE_DEC, NULL, 0x0,
6304 "ISAKMP total number of fragments", HFILL }},
6306 { &hf_isakmp_cisco_frag_packetid,
6307 { "Frag ID", "isakmp.frag.packetid",
6308 FT_UINT16, BASE_HEX, NULL, 0x0,
6309 "ISAKMP fragment packet-id", HFILL }},
6310 { &hf_isakmp_cisco_frag_seq,
6311 { "Frag seq", "isakmp.frag.seq",
6312 FT_UINT8, BASE_DEC, NULL, 0x0,
6313 "ISAKMP fragment number", HFILL }},
6314 { &hf_isakmp_cisco_frag_last,
6315 { "Frag last", "isakmp.frag.last",
6316 FT_UINT8, BASE_DEC, VALS(frag_last_vals), 0x0,
6317 "ISAKMP last fragment", HFILL }},
6318 { &hf_isakmp_fragments,
6319 {"Message fragments", "isakmp.fragments",
6320 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
6321 { &hf_isakmp_fragment,
6322 {"Message fragment", "isakmp.fragment",
6323 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
6324 { &hf_isakmp_fragment_overlap,
6325 {"Message fragment overlap", "isakmp.fragment.overlap",
6326 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
6327 { &hf_isakmp_fragment_overlap_conflicts,
6328 {"Message fragment overlapping with conflicting data",
6329 "isakmp.fragment.overlap.conflicts",
6330 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
6331 { &hf_isakmp_fragment_multiple_tails,
6332 {"Message has multiple tail fragments",
6333 "isakmp.fragment.multiple_tails",
6334 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
6335 { &hf_isakmp_fragment_too_long_fragment,
6336 {"Message fragment too long", "isakmp.fragment.too_long_fragment",
6337 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
6338 { &hf_isakmp_fragment_error,
6339 {"Message defragmentation error", "isakmp.fragment.error",
6340 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
6341 { &hf_isakmp_fragment_count,
6342 {"Message fragment count", "isakmp.fragment.count",
6343 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
6344 { &hf_isakmp_reassembled_in,
6345 {"Reassembled in", "isakmp.reassembled.in",
6346 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
6347 { &hf_isakmp_reassembled_length,
6348 {"Reassembled ISAKMP length", "isakmp.reassembled.length",
6349 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
6350 { &hf_isakmp_certreq_authority_sig,
6351 { "Certificate Authority Signature", "isakmp.ike.certreq.authority.sig",
6352 FT_UINT32, BASE_DEC, NULL, 0x0,
6354 { &hf_isakmp_certreq_authority_v1,
6355 { "Certificate Authority Data", "isakmp.ike.certreq.authority",
6356 FT_BYTES, BASE_NONE, NULL, 0x0,
6358 { &hf_isakmp_certreq_authority_v2,
6359 { "Certificate Authority Data", "isakmp.ike.certreq.authority",
6360 FT_BYTES, BASE_NONE, NULL, 0x0,
6361 "SHA-1 hash of the Certificate Authority", HFILL } },
6362 { &hf_isakmp_nat_keepalive,
6363 { "NAT Keepalive", "isakmp.ike.nat_keepalive",
6364 FT_NONE, BASE_NONE, NULL, 0x0, "NAT Keepalive packet", HFILL } },
6365 { &hf_isakmp_nat_hash,
6366 { "HASH of the address and port", "isakmp.ike.nat_hash",
6367 FT_BYTES, BASE_NONE, NULL, 0x00,
6369 { &hf_isakmp_nat_original_address_ipv4,
6370 { "NAT Original IPv4 Address", "isakmp.ike.nat_original_address_ipv4",
6371 FT_IPv4, BASE_NONE, NULL, 0x00,
6373 { &hf_isakmp_nat_original_address_ipv6,
6374 { "NAT Original IPv6 Address", "isakmp.ike.nat_original_address_ipv6",
6375 FT_IPv6, BASE_NONE, NULL, 0x00,
6378 /* Transform Attributes Type */
6379 { &hf_isakmp_tf_attr.all,
6380 { "Transform Attribute Type", "isakmp.tf.attr",
6381 FT_NONE, BASE_NONE, NULL, 0x00,
6382 "ISAKMP Transform Attribute", HFILL }},
6383 { &hf_isakmp_tf_attr.type,
6384 { "Transform Attribute Type", "isakmp.tf.attr.type_v1",
6385 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, VALS(transform_isakmp_attr_type), 0x00,
6386 "ISAKMP (v1) Transform Attribute type", HFILL }},
6387 { &hf_isakmp_tf_attr.format,
6388 { "Transform Format", "isakmp.tf.attr.format",
6389 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6390 "ISAKMP Transform Attribute Format", HFILL }},
6391 { &hf_isakmp_tf_attr.length,
6392 { "Length", "isakmp.tf.attr.length",
6393 FT_UINT16, BASE_DEC, NULL, 0x00,
6394 "ISAKMP Tranform Attribute length", HFILL }},
6395 { &hf_isakmp_tf_attr.value,
6396 { "Value", "isakmp.tf.attr.value",
6397 FT_BYTES, BASE_NONE, NULL, 0x00,
6398 "ISAKMP Transform Attribute value", HFILL }},
6399 { &hf_isakmp_tf_attr_life_type,
6400 { "Life Type", "isakmp.tf.attr.life_type",
6401 FT_UINT16, BASE_DEC, VALS(transform_attr_sa_life_type), 0x00,
6403 { &hf_isakmp_tf_attr_life_duration_uint32,
6404 { "Life Duration", "isakmp.tf.attr.life_duration",
6405 FT_UINT32, BASE_DEC, NULL, 0x00,
6407 { &hf_isakmp_tf_attr_life_duration_uint64,
6408 { "Life Duration", "isakmp.tf.attr.life_duration64",
6409 FT_UINT64, BASE_DEC, NULL, 0x00,
6411 { &hf_isakmp_tf_attr_life_duration_bytes,
6412 { "Life Duration", "isakmp.tf.attr.life_duration_bytes",
6413 FT_BYTES, BASE_NONE, NULL, 0x00,
6415 { &hf_isakmp_tf_attr_group_description,
6416 { "Group Description", "isakmp.tf.attr.group_description",
6417 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
6419 { &hf_isakmp_tf_attr_encap_mode,
6420 { "Encapsulation Mode", "isakmp.tf.attr.encap_mode",
6421 FT_UINT16, BASE_DEC, VALS(transform_attr_encap_type), 0x00,
6423 { &hf_isakmp_tf_attr_auth_algorithm,
6424 { "Authentication Algorithm", "isakmp.tf.attr.auth_algorithm",
6425 FT_UINT16, BASE_DEC, VALS(transform_attr_auth_type), 0x00,
6427 { &hf_isakmp_tf_attr_key_length,
6428 { "Key Length", "isakmp.tf.attr.key_length",
6429 FT_UINT16, BASE_DEC, NULL, 0x00,
6431 { &hf_isakmp_tf_attr_key_rounds,
6432 { "Key Rounds", "isakmp.tf.attr.key_rounds",
6433 FT_UINT16, BASE_DEC, NULL, 0x00,
6435 { &hf_isakmp_tf_attr_cmpr_dict_size,
6436 { "Compress Dictionary Size", "isakmp.tf.attr.cmpr_dict_size",
6437 FT_UINT16, BASE_DEC, NULL, 0x00,
6439 { &hf_isakmp_tf_attr_cmpr_algorithm,
6440 { "Compress Private Algorithm", "isakmp.tf.attr.cmpr_algorithm",
6441 FT_BYTES, BASE_NONE, NULL, 0x00,
6443 { &hf_isakmp_tf_attr_ecn_tunnel,
6444 { "ECN Tunnel", "isakmp.tf.attr.ecn_tunnel",
6445 FT_UINT16, BASE_DEC, VALS(transform_attr_ecn_type), 0x00,
6447 { &hf_isakmp_tf_attr_ext_seq_nbr,
6448 { "Extended (64-bit) Sequence Number", "isakmp.tf.attr.ext_seq_nbr",
6449 FT_UINT16, BASE_DEC, VALS(transform_attr_ext_seq_nbr_type), 0x00,
6451 { &hf_isakmp_tf_attr_auth_key_length,
6452 { "Authentication Key Length", "isakmp.tf.attr.auth_key_length",
6453 FT_UINT16, BASE_DEC, NULL, 0x00,
6455 { &hf_isakmp_tf_attr_sig_enco_algorithm,
6456 { "Signature Encoding Algorithm", "isakmp.tf.attr.sig_enco_algorithm",
6457 FT_BYTES, BASE_NONE, NULL, 0x00,
6459 { &hf_isakmp_tf_attr_addr_preservation,
6460 { "Address Preservation", "isakmp.tf.attr.addr_preservation",
6461 FT_UINT16, BASE_DEC, VALS(transform_attr_addr_preservation_type), 0x00,
6463 { &hf_isakmp_tf_attr_sa_direction,
6464 { "SA Direction", "isakmp.tf.attr.sa_direction",
6465 FT_UINT16, BASE_DEC, VALS(transform_attr_sa_direction_type), 0x00,
6468 { &hf_isakmp_ike_attr.all,
6469 { "Transform IKE Attribute Type", "isakmp.ike.attr",
6470 FT_NONE, BASE_NONE, NULL, 0x00,
6471 "IKE Transform Attribute", HFILL }},
6472 { &hf_isakmp_ike_attr.type,
6473 { "Transform IKE Attribute Type", "isakmp.ike.attr.type",
6474 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, VALS(transform_ike_attr_type), 0x00,
6475 "IKE Transform Attribute type", HFILL }},
6476 { &hf_isakmp_ike_attr.format,
6477 { "Transform IKE Format", "isakmp.ike.attr.format",
6478 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6479 "IKE Transform Attribute Format", HFILL }},
6480 { &hf_isakmp_ike_attr.length,
6481 { "Length", "isakmp.ike.attr.length",
6482 FT_UINT16, BASE_DEC, NULL, 0x00,
6483 "IKE Tranform Attribute length", HFILL }},
6484 { &hf_isakmp_ike_attr.value,
6485 { "Value", "isakmp.ike.attr.value",
6486 FT_BYTES, BASE_NONE, NULL, 0x00,
6487 "IKE Transform Attribute value", HFILL }},
6489 { &hf_isakmp_ike_attr_encryption_algorithm,
6490 { "Encryption Algorithm", "isakmp.ike.attr.encryption_algorithm",
6491 FT_UINT16, BASE_DEC, VALS(transform_attr_enc_type), 0x00,
6493 { &hf_isakmp_ike_attr_hash_algorithm,
6494 { "HASH Algorithm", "isakmp.ike.attr.hash_algorithm",
6495 FT_UINT16, BASE_DEC, VALS(transform_attr_hash_type), 0x00,
6497 { &hf_isakmp_ike_attr_authentication_method,
6498 { "Authentication Method", "isakmp.ike.attr.authentication_method",
6499 FT_UINT16, BASE_DEC, VALS(transform_attr_authmeth_type), 0x00,
6501 { &hf_isakmp_ike_attr_group_description,
6502 { "Group Description", "isakmp.ike.attr.group_description",
6503 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
6505 { &hf_isakmp_ike_attr_group_type,
6506 { "Groupe Type", "isakmp.ike.attr.group_type",
6507 FT_UINT16, BASE_DEC, VALS(transform_attr_grp_type), 0x00,
6509 { &hf_isakmp_ike_attr_group_prime,
6510 { "Groupe Prime", "isakmp.ike.attr.group_prime",
6511 FT_BYTES, BASE_NONE, NULL, 0x00,
6513 { &hf_isakmp_ike_attr_group_generator_one,
6514 { "Groupe Generator One", "isakmp.ike.attr.group_generator_one",
6515 FT_BYTES, BASE_NONE, NULL, 0x00,
6517 { &hf_isakmp_ike_attr_group_generator_two,
6518 { "Groupe Generator Two", "isakmp.ike.attr.group_generator_two",
6519 FT_BYTES, BASE_NONE, NULL, 0x00,
6521 { &hf_isakmp_ike_attr_group_curve_a,
6522 { "Groupe Curve A", "isakmp.ike.attr.group_curve_a",
6523 FT_BYTES, BASE_NONE, NULL, 0x00,
6525 { &hf_isakmp_ike_attr_group_curve_b,
6526 { "Groupe Curve B", "isakmp.ike.attr.group_curve_b",
6527 FT_BYTES, BASE_NONE, NULL, 0x00,
6529 { &hf_isakmp_ike_attr_life_type,
6530 { "Life Type", "isakmp.ike.attr.life_type",
6531 FT_UINT16, BASE_DEC, VALS(transform_attr_sa_life_type), 0x00,
6533 { &hf_isakmp_ike_attr_life_duration_uint32,
6534 { "Life Duration", "isakmp.ike.attr.life_duration",
6535 FT_UINT32, BASE_DEC, NULL, 0x00,
6537 { &hf_isakmp_ike_attr_life_duration_uint64,
6538 { "Life Duration", "isakmp.ike.attr.life_duration64",
6539 FT_UINT64, BASE_DEC, NULL, 0x00,
6541 { &hf_isakmp_ike_attr_life_duration_bytes,
6542 { "Life Duration", "isakmp.ike.attr.life_duration_bytes",
6543 FT_BYTES, BASE_NONE, NULL, 0x00,
6545 { &hf_isakmp_ike_attr_prf,
6546 { "PRF", "isakmp.ike.attr.prf",
6547 FT_BYTES, BASE_NONE, NULL, 0x00,
6549 { &hf_isakmp_ike_attr_key_length,
6550 { "Key Length", "isakmp.ike.attr.key_length",
6551 FT_UINT16, BASE_DEC, NULL, 0x00,
6553 { &hf_isakmp_ike_attr_field_size,
6554 { "Field Size", "isakmp.ike.attr.field_size",
6555 FT_BYTES, BASE_NONE, NULL, 0x00,
6557 { &hf_isakmp_ike_attr_group_order,
6558 { "Key Length", "isakmp.ike.attr.group_order",
6559 FT_BYTES, BASE_NONE, NULL, 0x00,
6562 { &hf_isakmp_trans_type,
6563 { "Transform Type", "isakmp.tf.type",
6564 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(transform_ike2_type), 0x00,
6567 { &hf_isakmp_trans_encr,
6568 { "Transform ID (ENCR)", "isakmp.tf.id.encr",
6569 FT_UINT16, BASE_DEC, VALS(transform_ike2_encr_type), 0x00,
6571 { &hf_isakmp_trans_prf,
6572 { "Transform ID (PRF)", "isakmp.tf.id.prf",
6573 FT_UINT16, BASE_DEC, VALS(transform_ike2_prf_type), 0x00,
6575 { &hf_isakmp_trans_integ,
6576 { "Transform ID (INTEG)", "isakmp.tf.id.integ",
6577 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
6579 { &hf_isakmp_trans_dh,
6580 { "Transform ID (D-H)", "isakmp.tf.id.dh",
6581 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
6583 { &hf_isakmp_trans_esn,
6584 { "Transform ID (ESN)", "isakmp.tf.id.esn",
6585 FT_UINT16, BASE_DEC, VALS(transform_ike2_esn_type), 0x00,
6587 { &hf_isakmp_trans_id_v2,
6588 { "Transform ID", "isakmp.tf.id",
6589 FT_UINT16, BASE_DEC, NULL, 0x00,
6591 { &hf_isakmp_ike2_attr.all,
6592 { "Transform IKE2 Attribute Type", "isakmp.ike2.attr",
6593 FT_NONE, BASE_NONE, NULL, 0x00,
6594 "IKE2 Transform Attribute", HFILL }},
6595 { &hf_isakmp_ike2_attr.type,
6596 { "Transform IKE2 Attribute Type", "isakmp.ike2.attr.type",
6597 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, VALS(transform_ike2_attr_type), 0x00,
6598 "IKE2 Transform Attribute type", HFILL }},
6599 { &hf_isakmp_ike2_attr.format,
6600 { "Transform IKE2 Format", "isakmp.ike2.attr.format",
6601 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6602 "IKE2 Transform Attribute Format", HFILL }},
6603 { &hf_isakmp_ike2_attr.length,
6604 { "Length", "isakmp.ike2.attr.length",
6605 FT_UINT16, BASE_DEC, NULL, 0x00,
6606 "IKE2 Tranform Attribute length", HFILL }},
6607 { &hf_isakmp_ike2_attr.value,
6608 { "Value", "isakmp.ike2.attr.value",
6609 FT_BYTES, BASE_NONE, NULL, 0x00,
6610 "IKE2 Transform Attribute value", HFILL }},
6611 { &hf_isakmp_ike2_attr_key_length,
6612 { "Key Length", "isakmp.ike2.attr.key_length",
6613 FT_UINT16, BASE_DEC, NULL, 0x00,
6617 { &hf_isakmp_key_exch_dh_group,
6618 { "DH Group #", "isakmp.key_exchange.dh_group",
6619 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
6621 { &hf_isakmp_key_exch_data,
6622 { "Key Exchange Data", "isakmp.key_exchange.data",
6623 FT_BYTES, BASE_NONE, NULL, 0x00,
6625 { &hf_isakmp_eap_data,
6626 { "EAP Message", "isakmp.eap.data",
6627 FT_BYTES, BASE_NONE, NULL, 0x00,
6630 { &hf_isakmp_gspm_data,
6631 { "GSPM", "isakmp.gspm.data",
6632 FT_BYTES, BASE_NONE, NULL, 0x00,
6633 "Generic Secure Password Method", HFILL }},
6635 { &hf_isakmp_cfg_type_v1,
6636 { "Type", "isakmp.cfg.type",
6637 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_cfgtype), 0x0,
6638 "ISAKMP (v1) Config Type", HFILL }},
6639 { &hf_isakmp_cfg_identifier,
6640 { "Identifier", "isakmp.cfg.identifier",
6641 FT_UINT16, BASE_DEC, NULL, 0x0,
6642 "ISAKMP (v1) Config Identifier", HFILL }},
6643 { &hf_isakmp_cfg_type_v2,
6644 { "Type", "isakmp.cfg.type",
6645 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_cfgtype), 0x0,
6646 "ISAKMP (v2) Config Type", HFILL }},
6647 /* Config Attributes Type */
6648 { &hf_isakmp_cfg_attr.all,
6649 { "Config Attribute Type", "isakmp.cfg.attr",
6650 FT_NONE, BASE_NONE, NULL, 0x00,
6651 "ISAKMP Config Attribute", HFILL }},
6652 { &hf_isakmp_cfg_attr_type_v1,
6653 { "Type", "isakmp.cfg.attr.type",
6654 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_cfgattr), 0x00,
6655 "ISAKMP (v1) Config Attribute type", HFILL }},
6656 { &hf_isakmp_cfg_attr_type_v2,
6657 { "Type", "isakmp.cfg.attr.type",
6658 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_cfgattr), 0x00,
6659 "ISAKMP (v2) Config Attribute type", HFILL }},
6660 { &hf_isakmp_cfg_attr.format,
6661 { "Config Attribute Format", "isakmp.cfg.attr.format",
6662 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6663 "ISAKMP Config Attribute Format", HFILL }},
6664 { &hf_isakmp_cfg_attr.length,
6665 { "Length", "isakmp.cfg.attr.length",
6666 FT_UINT16, BASE_DEC, NULL, 0x00,
6667 "ISAKMP Config Attribute length", HFILL }},
6668 { &hf_isakmp_cfg_attr.value,
6669 { "Value", "isakmp.cfg.attr.value",
6670 FT_BYTES, BASE_NONE, NULL, 0x00,
6671 "ISAKMP Config Attribute value", HFILL }},
6672 { &hf_isakmp_cfg_attr_internal_ip4_address,
6673 { "INTERNAL IP4 ADDRESS", "isakmp.cfg.attr.internal_ip4_address",
6674 FT_IPv4, BASE_NONE, NULL, 0x00,
6675 "An IPv4 address on the internal network", HFILL }},
6676 { &hf_isakmp_cfg_attr_internal_ip4_netmask,
6677 { "INTERNAL IP4 NETMASK", "isakmp.cfg.attr.internal_ip4_netmask",
6678 FT_IPv4, BASE_NETMASK, NULL, 0x00,
6679 "The internal network's netmask", HFILL }},
6680 { &hf_isakmp_cfg_attr_internal_ip4_dns,
6681 { "INTERNAL IP4 DNS", "isakmp.cfg.attr.internal_ip4_dns",
6682 FT_IPv4, BASE_NONE, NULL, 0x00,
6683 "An IPv4 address of a DNS server within the network", HFILL }},
6684 { &hf_isakmp_cfg_attr_internal_ip4_nbns,
6685 { "INTERNAL IP4 NBNS", "isakmp.cfg.attr.internal_ip4_nbns",
6686 FT_IPv4, BASE_NONE, NULL, 0x00,
6687 "An IPv4 address of a NetBios Name Server (WINS) within the network", HFILL }},
6688 { &hf_isakmp_cfg_attr_internal_address_expiry,
6689 { "INTERNAL ADDRESS EXPIRY (Secs)", "isakmp.cfg.attr.internal_address_expiry",
6690 FT_UINT32, BASE_DEC, NULL, 0x00,
6691 "Specifies the number of seconds that the host can use the internal IP address", HFILL }},
6692 { &hf_isakmp_cfg_attr_internal_ip4_dhcp,
6693 { "INTERNAL IP4 DHCP", "isakmp.cfg.attr.internal_ip4_dhcp",
6694 FT_IPv4, BASE_NONE, NULL, 0x00,
6695 "the host to send any internal DHCP requests to the address", HFILL }},
6696 { &hf_isakmp_cfg_attr_application_version,
6697 { "APPLICATION VERSION", "isakmp.cfg.attr.application_version",
6698 FT_STRING, BASE_NONE, NULL, 0x00,
6699 "The version or application information of the IPsec host", HFILL }},
6700 { &hf_isakmp_cfg_attr_internal_ip6_address_ip,
6701 { "INTERNAL IP6 ADDRESS", "isakmp.cfg.attr.internal_ip6_address",
6702 FT_IPv6, BASE_NONE, NULL, 0x00,
6703 "An IPv6 address on the internal network", HFILL }},
6704 { &hf_isakmp_cfg_attr_internal_ip6_address_prefix,
6705 { "INTERNAL IP6 ADDRESS (PREFIX)", "isakmp.cfg.attr.internal_ip6_address.prefix",
6706 FT_UINT8, BASE_DEC, NULL, 0x00,
6708 { &hf_isakmp_cfg_attr_internal_ip6_netmask,
6709 { "INTERNAL IP4 NETMASK", "isakmp.cfg.attr.internal_ip6_netmask",
6710 FT_IPv6, BASE_NONE, NULL, 0x00,
6711 "The internal network's netmask", HFILL }},
6712 { &hf_isakmp_cfg_attr_internal_ip6_dns,
6713 { "INTERNAL IP6 DNS", "isakmp.cfg.attr.internal_ip6_dns",
6714 FT_IPv6, BASE_NONE, NULL, 0x00,
6715 "An IPv6 address of a DNS server within the network", HFILL }},
6716 { &hf_isakmp_cfg_attr_internal_ip6_nbns,
6717 { "INTERNAL IP6 NBNS", "isakmp.cfg.attr.internal_ip6_nbns",
6718 FT_IPv6, BASE_NONE, NULL, 0x00,
6719 "An IPv6 address of a NetBios Name Server (WINS) within the network", HFILL }},
6720 { &hf_isakmp_cfg_attr_internal_ip6_dhcp,
6721 { "INTERNAL IP6 DHCP", "isakmp.cfg.attr.internal_ip6_dhcp",
6722 FT_IPv6, BASE_NONE, NULL, 0x00,
6723 "The host to send any internal DHCP requests to the address", HFILL }},
6724 { &hf_isakmp_cfg_attr_internal_ip4_subnet_ip,
6725 { "INTERNAL IP4 SUBNET (IP)", "isakmp.cfg.attr.internal_ip4_subnet_ip",
6726 FT_IPv4, BASE_NONE, NULL, 0x00,
6727 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
6728 { &hf_isakmp_cfg_attr_internal_ip4_subnet_netmask,
6729 { "INTERNAL IP4 SUBNET (NETMASK)", "isakmp.cfg.attr.internal_ip4_subnet_netmask",
6730 FT_IPv4, BASE_NETMASK, NULL, 0x00,
6731 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
6732 { &hf_isakmp_cfg_attr_supported_attributes,
6733 { "SUPPORTED ATTRIBUTES", "isakmp.cfg.attr.supported_attributes",
6734 FT_UINT16, BASE_DEC, NULL, 0x00,
6736 { &hf_isakmp_cfg_attr_internal_ip6_subnet_ip,
6737 { "INTERNAL_IP6_SUBNET (IP)", "isakmp.cfg.attr.internal_ip6_subnet_ip",
6738 FT_IPv6, BASE_NONE, NULL, 0x00,
6740 { &hf_isakmp_cfg_attr_internal_ip6_subnet_prefix,
6741 { "INTERNAL_IP6_SUBNET (PREFIX)", "isakmp.cfg.attr.internal_ip6_subnet_prefix",
6742 FT_UINT8, BASE_DEC, NULL, 0x00,
6744 { &hf_isakmp_cfg_attr_internal_ip6_link_interface,
6745 { "INTERNAL_IP6_LINK (Link-Local Interface ID)", "isakmp.cfg.attr.internal_ip6_link_interface",
6746 FT_UINT64, BASE_DEC, NULL, 0x00,
6747 "The Interface ID used for link-local address (by the party that sent this attribute)", HFILL }},
6748 { &hf_isakmp_cfg_attr_internal_ip6_link_id,
6749 { "INTERNAL_IP6_LINK (IKEv2 Link ID)", "isakmp.cfg.attr.internal_ip6_link_id",
6750 FT_BYTES, BASE_NONE, NULL, 0x00,
6751 "The Link ID is selected by the VPN gateway and is treated as an opaque octet string by the client.", HFILL }},
6752 { &hf_isakmp_cfg_attr_internal_ip6_prefix_ip,
6753 { "INTERNAL_IP6_PREFIX (IP)", "isakmp.cfg.attr.internal_ip6_prefix_ip",
6754 FT_IPv6, BASE_NONE, NULL, 0x00,
6755 "An IPv6 prefix assigned to the virtual link", HFILL }},
6756 { &hf_isakmp_cfg_attr_internal_ip6_prefix_length,
6757 { "INTERNAL_IP6_PREFIX (Length)", "isakmp.cfg.attr.internal_ip6_prefix_length",
6758 FT_UINT8, BASE_DEC, NULL, 0x00,
6759 "The length of the prefix in bits (usually 64)", HFILL }},
6760 { &hf_isakmp_cfg_attr_p_cscf_ip4_address,
6761 { "P_CSCF_IP4_ADDRESS (IP)", "isakmp.cfg.attr.p_cscf_ip4_address",
6762 FT_IPv4, BASE_NONE, NULL, 0x00,
6763 "An IPv4 address of the P-CSCF server", HFILL }},
6764 { &hf_isakmp_cfg_attr_p_cscf_ip6_address,
6765 { "P_CSCF_IP6_ADDRESS (IP)", "isakmp.cfg.attr.p_cscf_ip6_address",
6766 FT_IPv6, BASE_NONE, NULL, 0x00,
6767 "An IPv6 address of the P-CSCF server", HFILL }},
6769 { &hf_isakmp_cfg_attr_xauth_type,
6770 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.type",
6771 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(cfgattr_xauth_type), 0x00,
6772 "The type of extended authentication requested", HFILL }},
6773 { &hf_isakmp_cfg_attr_xauth_user_name,
6774 { "XAUTH USER NAME", "isakmp.cfg.attr.xauth.user_name",
6775 FT_STRING, BASE_NONE, NULL, 0x00,
6776 "The user name", HFILL }},
6777 { &hf_isakmp_cfg_attr_xauth_user_password,
6778 { "XAUTH USER PASSWORD", "isakmp.cfg.attr.xauth.user_password",
6779 FT_STRING, BASE_NONE, NULL, 0x00,
6780 "The user's password", HFILL }},
6781 { &hf_isakmp_cfg_attr_xauth_passcode,
6782 { "XAUTH PASSCODE", "isakmp.cfg.attr.xauth.passcode",
6783 FT_STRING, BASE_NONE, NULL, 0x00,
6784 "A token card's passcode", HFILL }},
6785 { &hf_isakmp_cfg_attr_xauth_message,
6786 { "XAUTH MESSAGE", "isakmp.cfg.attr.xauth.message",
6787 FT_STRING, BASE_NONE, NULL, 0x00,
6788 "A textual message from an edge device to an IPSec host", HFILL }},
6789 { &hf_isakmp_cfg_attr_xauth_challenge,
6790 { "XAUTH CHALLENGE", "isakmp.cfg.attr.xauth.challenge",
6791 FT_STRING, BASE_NONE, NULL, 0x00,
6792 "A challenge string sent from the edge device to the IPSec host for it to include in its calculation of a password", HFILL }},
6793 { &hf_isakmp_cfg_attr_xauth_domain,
6794 { "XAUTH DOMAIN", "isakmp.cfg.attr.xauth.domain",
6795 FT_STRING, BASE_NONE, NULL, 0x00,
6796 "The domain to be authenticated in", HFILL }},
6797 { &hf_isakmp_cfg_attr_xauth_status,
6798 { "XAUTH STATUS", "isakmp.cfg.attr.xauth.status",
6799 FT_UINT16, BASE_DEC, VALS(cfgattr_xauth_status), 0x00,
6800 "A variable that is used to denote authentication success or failure", HFILL }},
6801 { &hf_isakmp_cfg_attr_xauth_next_pin,
6802 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.next_pin",
6803 FT_STRING, BASE_NONE, NULL, 0x00,
6804 "A variable which is used when the edge device is requesting that the user choose a new pin number", HFILL }},
6805 { &hf_isakmp_cfg_attr_xauth_answer,
6806 { "XAUTH ANSWER", "isakmp.cfg.attr.xauth.answer",
6807 FT_STRING, BASE_NONE, NULL, 0x00,
6808 "A variable length ASCII string used to send input to the edge device", HFILL }},
6809 { &hf_isakmp_cfg_attr_unity_banner,
6810 { "UNITY BANNER", "isakmp.cfg.attr.unity.banner",
6811 FT_STRING, BASE_NONE, NULL, 0x00,
6813 { &hf_isakmp_cfg_attr_unity_def_domain,
6814 { "UNITY DEF DOMAIN", "isakmp.cfg.attr.unity.def_domain",
6815 FT_STRING, BASE_NONE, NULL, 0x00,
6818 { &hf_isakmp_enc_decrypted_data,
6819 { "Decrypted Data", "isakmp.enc.decrypted",
6820 FT_NONE, BASE_NONE, NULL, 0x0,
6822 { &hf_isakmp_enc_contained_data,
6823 { "Contained Data", "isakmp.enc.contained",
6824 FT_NONE, BASE_NONE, NULL, 0x0,
6826 { &hf_isakmp_enc_padding,
6827 { "Padding", "isakmp.enc.padding",
6828 FT_NONE, BASE_NONE, NULL, 0x0,
6830 { &hf_isakmp_enc_pad_length,
6831 { "Pad Length", "isakmp.enc.pad_length",
6832 FT_UINT16, BASE_DEC, NULL, 0x0,
6834 { &hf_isakmp_enc_data,
6835 { "Encrypted Data", "isakmp.enc.data",
6836 FT_NONE, BASE_NONE, NULL, 0x0,
6838 { &hf_isakmp_enc_iv,
6839 { "Initialization Vector", "isakmp.enc.iv",
6840 FT_BYTES, BASE_NONE, NULL, 0x0,
6842 { &hf_isakmp_enc_icd,
6843 { "Integrity Checksum Data", "isakmp.enc.icd",
6844 FT_BYTES, BASE_NONE, NULL, 0x0,
6849 static gint *ett[] = {
6851 &ett_isakmp_version,
6853 &ett_isakmp_payload,
6854 &ett_isakmp_fragment,
6855 &ett_isakmp_fragments,
6859 #ifdef HAVE_LIBGCRYPT
6860 &ett_isakmp_decrypted_data,
6861 &ett_isakmp_decrypted_payloads
6862 #endif /* HAVE_LIBGCRYPT */
6865 static ei_register_info ei[] = {
6866 { &ei_isakmp_enc_iv, { "isakmp.enc.iv.not_enough_data", PI_MALFORMED, PI_WARN, "Not enough data in IKEv2 Encrypted payload", EXPFILL }},
6867 { &ei_isakmp_ikev2_integrity_checksum, { "isakmp.ikev2.integrity_checksum", PI_CHECKSUM, PI_WARN, "IKEv2 Integrity Checksum Data is incorrect", EXPFILL }},
6868 { &ei_isakmp_enc_data_length_mult_block_size, { "isakmp.enc_data_length_mult_block_size", PI_MALFORMED, PI_WARN, "Encrypted data length isn't a multiple of block size", EXPFILL }},
6869 { &ei_isakmp_enc_pad_length_big, { "isakmp.enc.pad_length.big", PI_MALFORMED, PI_WARN, "Pad length is too big", EXPFILL }},
6870 { &ei_isakmp_attribute_value_empty, { "isakmp.attribute_value_empty", PI_PROTOCOL, PI_NOTE, "Attribute value is empty", EXPFILL }},
6871 { &ei_isakmp_payload_bad_length, { "isakmp.payloadlength.invalid", PI_MALFORMED, PI_ERROR, "Invalid payload length", EXPFILL }},
6872 { &ei_isakmp_bad_fragment_number, { "isakmp.fragment_number.invalid", PI_MALFORMED, PI_ERROR, "Invalid fragment numbering", EXPFILL }},
6875 expert_module_t* expert_isakmp;
6877 #ifdef HAVE_LIBGCRYPT
6878 static uat_field_t ikev1_uat_flds[] = {
6879 UAT_FLD_BUFFER(ikev1_users, icookie, "Initiator's COOKIE", "Initiator's COOKIE"),
6880 UAT_FLD_BUFFER(ikev1_users, key, "Encryption Key", "Encryption Key"),
6884 static uat_field_t ikev2_uat_flds[] = {
6885 UAT_FLD_BUFFER(ikev2_users, spii, "Initiator's SPI", "Initiator's SPI value of the IKE_SA"),
6886 UAT_FLD_BUFFER(ikev2_users, spir, "Responder's SPI", "Responder's SPI value of the IKE_SA"),
6887 UAT_FLD_BUFFER(ikev2_users, sk_ei, "SK_ei", "Key used to encrypt/decrypt IKEv2 packets from initiator to responder"),
6888 UAT_FLD_BUFFER(ikev2_users, sk_er, "SK_er", "Key used to encrypt/decrypt IKEv2 packets from responder to initiator"),
6889 UAT_FLD_VS(ikev2_users, encr_alg, "Encryption algorithm", vs_ikev2_encr_algs, "Encryption algorithm of IKE_SA"),
6890 UAT_FLD_BUFFER(ikev2_users, sk_ai, "SK_ai", "Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator to responder"),
6891 UAT_FLD_BUFFER(ikev2_users, sk_ar, "SK_ar", "Key used to calculate Integrity Checksum Data for IKEv2 packets from responder to initiator"),
6892 UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"),
6895 #endif /* HAVE_LIBGCRYPT */
6896 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
6897 "ISAKMP", "isakmp");
6898 proto_register_field_array(proto_isakmp, hf, array_length(hf));
6899 proto_register_subtree_array(ett, array_length(ett));
6900 expert_isakmp = expert_register_protocol(proto_isakmp);
6901 expert_register_field_array(expert_isakmp, ei, array_length(ei));
6902 register_init_routine(&isakmp_init_protocol);
6903 register_cleanup_routine(&isakmp_cleanup_protocol);
6905 register_dissector("isakmp", dissect_isakmp, proto_isakmp);
6907 #ifdef HAVE_LIBGCRYPT
6908 isakmp_module = prefs_register_protocol(proto_isakmp, NULL);
6909 ikev1_uat = uat_new("IKEv1 Decryption Table",
6910 sizeof(ikev1_uat_data_key_t),
6911 "ikev1_decryption_table",
6914 &num_ikev1_uat_data,
6915 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
6916 "ChIKEv1DecryptionSection",
6918 ikev1_uat_data_update_cb,
6923 prefs_register_uat_preference(isakmp_module,
6924 "ikev1_decryption_table",
6925 "IKEv1 Decryption Table",
6926 "Table of IKE_SA security parameters for decryption of IKEv1 packets",
6929 ikev2_uat = uat_new("IKEv2 Decryption Table",
6930 sizeof(ikev2_uat_data_t),
6931 "ikev2_decryption_table",
6934 &num_ikev2_uat_data,
6935 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
6936 "ChIKEv2DecryptionSection",
6938 ikev2_uat_data_update_cb,
6943 prefs_register_uat_preference(isakmp_module,
6944 "ikev2_decryption_table",
6945 "IKEv2 Decryption Table",
6946 "Table of IKE_SA security parameters for decryption of IKEv2 packets",
6949 #endif /* HAVE_LIBGCRYPT */
6953 proto_reg_handoff_isakmp(void)
6955 dissector_handle_t isakmp_handle;
6957 isakmp_handle = find_dissector("isakmp");
6958 eap_handle = find_dissector_add_dependency("eap", proto_isakmp);
6959 dissector_add_uint("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
6960 dissector_add_uint("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);
6964 * Editor modelines - http://www.wireshark.org/tools/modelines.html
6969 * indent-tabs-mode: nil
6972 * vi: set shiftwidth=2 tabstop=8 expandtab:
6973 * :indentSize=2:tabSize=8:noTabs=true: